Thank you for sharing!

Your article was successfully shared with the contacts you provided.
Any day now, President Bush is expected to sign into law an extension and permanent renewal of national, uniform standards for consumer credit information. The National Consumer Credit Reporting Improvement Act of 2003 — the updated version of the Fair Credit Reporting Act of 1996 — comes at a time of growing consumer privacy concerns and a staggering increase in identity theft. Despite various efforts by federal legislators to deter and punish identity predators with tougher penalties, the nation’s identity theft crisis continues — according to a September 2003 study by the Federal Trade Commission, approximately 10 million consumers fell victim to some form of identity theft within the past year. AN ENABLING CRIME What makes identity theft uniquely dangerous is that it is an enabling crime — one that permits criminals to commit other crimes. Identity predators have used the names of their victims to rent apartments, obtain employment, subscribe to online services, purchase firearms, file fraudulent tax returns, obtain government benefits, open bank accounts, connect telephone services, undergo surgery, file for bankruptcy, and even bear children. Victims are almost always left to suffer alone: angry, aggravated, and helpless. The problem, consumer advocates say, stems from the lax information sharing practices of financial institutions, merchants, credit bureaus, universities, student loan administrators, and even government agencies that keep vast databases with sensitive consumer information. Many private and public institutions insist on using Social Security numbers to identify individuals when other identifiers would suffice. Yet, when information security systems are breached, few institutions notify consumers or help them through the process of cleaning up the mess. Highlighting just how vulnerable consumers are, a consumer advocacy group in October skywrote the first five digits of the Social Security number of Charles Prince, Citibank’s chief executive officer, in New York City. The same group also purchased the Social Security numbers of John Ashcroft, CIA director Goerge Tenet, and FTC chairman Timothy Muris on the Internet for just $30 each. To ease the public’s concern, federal lawmakers included a number of changes to the FCRA aimed at reducing identity theft incidents, improving the resolution of consumer disputes with financial institutions, and modifying the use of and access to consumer credit information. The final product is a statute that has some protections for consumers, but still leaves a number of gaps unsealed. THE ACT Among the improvements, the new law requires credit reporting agencies to provide free annual reports to consumers, block information resulting from identity theft, and offer “active duty alerts” on credit reports belonging to active military personnel. Credit reporting agencies must also “reconvey” fraud alerts placed by consumers to those entities seeking a consumer’s credit report, and take steps to reconcile address discrepancies, if the address on record “substantially differs” from the one submitted by the credit report requester. Unfortunately, the statute does not define the term “substantially differs,” so this well-meaning provision may, in practice, amount to little if broadly interpreted. The new law also imposes new requirements on members of the financial services industry and other entities that furnish consumer credit information. Among them, the new statute prohibits the “repollution” of consumer reports. This means that a furnisher of consumer credit information cannot submit information to a credit reporting agency if the consumer has provided a police report showing that the charges were caused by identity thieves. But the statute is silent about the consequences to creditors who fail to comply with this provision. Next, financial institutions will be required to truncate credit and debit card account numbers in all electronic transactions. This provision will prohibit merchants from printing the expiration date or more than the last five digits of the consumer’s card number at the point of sale or transaction. Finally, limitations on affiliate sharing is also part of the effort at reform. Specifically, consumers must be afforded the “opportunity to prohibit all solicitations for marketing purposes, and may allow the consumer to choose from different options when electing to prohibit the sending of solicitations, including options regarding the types of entities and information covered, and which methods of delivering solicitations the consumer elects to prohibit.” Still, this section will not apply to entities that have a pre-existing relationship with a consumer or their corporate affiliates. ROOM FOR IMPROVEMENT Despite its improvements, the new law may function as an impediment rather than an aid to preventing identity theft. For one, the new law will pre-empt all state legislation allowing consumers to prohibit financial institutions from sharing or selling personal information to corporate affiliates. This means federal law will act as a ceiling — instead of a floor — on state privacy protection initiatives already in place. In this sense, Californians stand to lose the most protection, since their state had the toughest financial privacy law in the U.S. Essentially, California required financial institutions to get consumers’ consent before sharing sensitive financial information with most third parties. Critics of the existing credit reporting system also argue that credit reporting agencies — which are currently liable only when they fail to follow “reasonable” procedures to assure maximum possible accuracy — should be made strictly liable for attributing the transactions of identity thieves to their innocent victims. Additionally, creditors should be liable for reporting the transactions of imposters as the transactions of victims. Right now, creditors are liable under the FCRA only for misreporting information in one of two situations: when they provide to credit reporting agency knowing, or consciously avoiding knowing, that the information is inaccurate; or when they have been notified by the consumer of the incorrect information, and the information is in fact inaccurate. But even when creditors violate these FCRA provisions, consumers do not have a private claim against them. Finally, the new statute fails to address the promiscuous use of consumers’ Social Security numbers. Given the alarming trends in identity theft schemes through SSN misuse, government officials, like Social Security Administration inspector general James Huse urged federal lawmakers to pass laws prohibiting private companies from denying goods or services to anyone unwilling to furnish their SSN, and prohibit public and private entities — like public and private universities or student loan administrators — from using the SSN as their primary account number. Overall, consumers stand to benefit from the new protections included in the new federal credit reporting statute, but there is still plenty of room for improvement. Information accuracy and identity theft prevention are vital elements to improving our current state of affairs. To quote Treasury Secretary John Snow, “Secure, reliable information is the lifeblood of all financial services, among which consumer credit is fundamental. It is not an overstatement to suggest that preserving the integrity and availability of consumer credit in this economy is preserving prosperity itself.” Harry A. Valetk is an attorney with the U.S. Department of Justice, and adjunct faculty member of Bernard M. Baruch College, Zicklin School of Business, in New York City. He writes regularly on identity theft and other consumer safety issues. The opinions expressed in this article are solely those of the author’s, not necessarily those of the U.S. government. Email: [email protected]

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]

Reprints & Licensing
Mentioned in a Law.com story?

License our industry-leading legal content to extend your thought leadership and build your brand.


ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.