Fair Credit Reporting Act (FCRA)

In guidance released last week, the New York State Office of the Attorney General urged businesses to incorporate safeguards to detect and prevent credential-stuffing attacks in their data security programs.  The guidance stemmed from the AG’s finding that 1.1 million customer accounts at “well-known” companies appeared to have been compromised in credential-stuffing attacks.

Credential stuffing

The FTC announced today that Certegy Check Services, Inc. will pay $3.5 million to settle allegations that Certegy violated the Fair Credit Reporting Act (FCRA) by failing to follow proper dispute procedures and failing to use reasonable procedures to maximize the accuracy of consumer report information. Certegy is one of the nation’s largest check authorization

Today the Federal Trade Commission (“FTC”), Consumer Financial Protection Bureau (“CFPB”), and Department of Justice (“DOJ”) filed a brief supporting the constitutionality of the Fair Credit Reporting Act (“FCRA”).  FCRA limits the use of credit report information, protecting the privacy of the information, and establishes procedures for correcting mistakes in credit reports.  The brief addresses

Earlier this week, the Federal Trade Commission (“FTC”) and the Federal Reserve Board issued proposed amendments to the Risk-Based Pricing Rule (“Rule”) that would require creditors to disclose credit score information when a credit score is used to set or adjust credit terms. The proposed changes would implement provisions of the Dodd-Frank Wall Street Reform

FTC Commissioner Julie Brill spoke about the new Consumer Financial Protection Bureau (“CFPB”) during a keynote address she delivered at the International Association of Privacy Professionals Second Annual Conference on December 7th. While describing how Congress enacted the Fair Credit Reporting Act (“FCRA”) to protect consumers’ personal information, Brill stated that the FTC and CFPB

In Andrews v. Equifax Information Services LLC, No.: C-08-0817, 2010 U.S. Dist. Lexis 38020 (W.D. Wash. Mar. 30, 2010), plaintiff filed suit against Equifax after it allegedly “mixed up” her information with that of another individual of the same name and disseminated that information to third parties. Plaintiff alleges that this “mix up” was caused by Equifax’s failure to follow reasonable procedures to ensure maximum possible accuracy of the information it reported as well as its failure to re-investigate her disputes, both of which are required by FCRA.

FCRA requires claims to be brought within two years after the plaintiff discovers the violation or within five years after the date the violation occurs. Invoking the former provision, Equifax argued that it was entitled to dismissal because the plaintiff had discovered the alleged violations more than two-years before she filed suit in May 2008. Equifax cited record evidence that plaintiff had called in 2004 and 2005 to dispute information in her credit file that she believed was inaccurate. Equifax contended further that it sent plaintiff the results of its investigation into her disputes on three occasions, the last of which was in late November 2005. According to Equifax, because these results contained the inaccurate information forming the basis of her FCRA allegations, plaintiff had discovered the violation more than two years before filing suit.

The Western District of Washington denied the motion, rejecting the argument that plaintiff’s knowledge of inaccurate information in her credit report put her on notice of Equifax’s alleged FCRA violation. “FCRA is not a strict liability statute,” said the court. Indeed, a credit reporting agency can escape liability under FCRA for an inaccurate credit report as long as it shows it followed reasonable procedures in generating it. Therefore, inaccurate information in a credit report, standing alone, cannot violate FCRA. According to the court, to obtain dismissal, Equifax had to show something more. Specifically, it had to produce sufficient evidence tying the investigation reports it provided to the plaintiff with plaintiff’s discovery of the precise violations alleged in the lawsuit. This, according to the court, it failed to do.

Continue Reading FCRA Claims Against Major Credit Reporting Agency Survive Statute of Limitations Challenge

Businesses have until July 1, 2010 to comply with the new rules and guidelines under the Fair and Accurate Credit Transactions Act (“FACTA”), which amended the Fair Credit Reporting Act (“FCRA”), adopted by the Federal Trade Commission nearly a year ago relating to information provided to credit reporting agencies. Many know FACTA as the statute

Recently, Federal Trade Commission Chairman Jon Leibowitz released the FTC’s 2010 Annual Report, which focused largely on the FTC’s endeavors to defend financially distressed consumers and to spur competition during these tough economic times.

For example, the FTC, among other things, emphasized that while the past year’s economic downturn prompted companies to offer new

As of January 1, 2009, and in contrast to federal law, California Civil Code Section 1747.09 requires that no more than the last five digits of a credit or debit card number be printed on both the electronically-printed card receipt retained by the business as well as the receipt provided to customers. See CAL. CIVIL

Which among the following businesses are potentially subject to consumer financial services laws, rules, and regulations?

A. a retail clothing chain
B. a bank or mortgage company
C. an internet retailer
D. a fast food franchisor
E. all of the above

If you answered E, “All of the above,” you are CORRECT. However, many companies do not