Privacy Times - Nov 3,2004 - The Federal Trade Commission has issued final rules on identity theft that define the crime as a fraud that is committed or attempted, using a person's identifying data without authority. The FTC received extensive comments, but only made minor changes from it original proposals.
To place an extended fraud alert on their credit file and to block information resulting from identity theft from appearing in their credit files, a consumer must file an "identity theft report" with a consumer reporting agency (CRA), such as Equifax, Experian or Trans Union.
The rules, which take effect December 1, defines an identity theft report as one filed by the consumer with "a Federal, State, or local law enforcement agency, including the U.S. Postal Inspection Service," that subjects people to criminal penalties for filing a false report.
"To prevent misuse of identity theft reports for credit repair scams, the FTC's rule requires that consumers allege the identity theft with as much specificity as possible and enables credit bureaus or creditors to request, with certain limitations, reasonable additional information to help them determine if identity theft actually occurred," the FTC said in a press release.
In a change from its proposal, the commission extended from five business days to 15 calendar days the amount of time that CRAs and furnishers "to ensure that an investigation commences promptly" when a consumer submits an identity theft report as part of requesting a fraud alert. Moreover, the FTC rules give CRAs and furnishers an additional 15 days to request documentation from consumers, and additional five days to consider the extra data, for a total of 35 days.
Gail Hillebrand, a senior attorney with Consumers Union's San Francisco office, said the period of up to 35 days undermines the very purpose of blocking, because the time period is so long that it will be difficult for the consumer to block information about a thief's activity in time to qualify for the best rate on a home loan or a car loan.
The rules require CRAs to develop "reasonable requirements" to ensure that consumers are matched with their files. The FTC's rule recommends that the "requirements" for a file match include the consumer's full name, current or recent full address, full Social Security number, and/or date of birth; and for additional proof of identity, copies of government-issued identification documents, utility bills, and other authentication methods such as answering questions only the consumer would know. The rule also states that "identifying information" should have the same meaning as "means of identification" in the federal criminal statute defining identity theft.
"A few commenters requested clarification that the Commission's rule did not require that a consumer reporting agency be able to match consumer-provided information with their file information to a perfect degree," the FTC said in an accompanying memo.
"This rule is not intended to reach the question of whether a consumer reporting agency should match information completely, but rather to set forth the type of information that would allow the agency to accurately find the right consumer's file in its database, and as necessary, determine that the requester is in fact the consumer," the FTC wrote.
The rule allows for one-year active duty alerts for military personel, and for annual extentions.
For further information: www.ftc.gov/opa/2004/10/facataidtheft.htm www.ftc.gov/os/2004/10/041029idtheftdefsfrn.pdf
ACCESS Comments
The FTC again failed to be in the real world when it comes to ID theft. Time is of the essence on ID theft, the CRAs should block the complete credit report immediately and then investigate to see if the block was unwarrented.
The FTC should of allowed for consumers to merely notify one, which in turn would notify all. We don't care FTC, choose one.
The FTC should of recognized the horrific cost and lost to both consumer & businesses when id theft occurs and developed policies to minimize the damages.
The FTC talks of credit repair scams, to overcome that statement, the FTC could of said that "upon ID Theft or fraud notification, your credit report will be frozen until investigation is completed by the CRA."
We believe that any individual that has ID theft occurring would welcome that kind of assistance.
Shame on the FTC.
|