The Fair and Accurate Credit Transaction Act, known as “FACTA,” was passed by Congress and signed into law on December 4, 2003, and became fully effective on December 4, 2006. The purpose of FACTA is to reduce the amount of personal confidential financial information that is generated and thereby reduce the incidence of identity theft and credit card fraud. To help with this endeavor, 15 USC 1681c(g)(1) mandates that receipt-issuing merchants truncate all but the last four or five digits of the customer’s credit card number and cut the whole expiration date out.
Unfortunately, and despite the fact that FACTA was widely discussed before and after its passage, many merchants simply have ignored these aspects of FACTA, apparently based upon their belief that expiration dates are unimportant to a criminal. They are wrong. Credit card expiration dates are a very practical tool for identity thieves. Consider the following:
• Expiration dates are one of the inputs needed to calculate the 3-digit security code (CVV2 or CVC 2) on the back of a credit card.
• Expiration dates are required for some, but not all, online purchases, as clearly demonstrated by my recent online test purchase at Wal-Mart, the world’s largest retailer.
• Expiration dates can also be used to make a criminal sound more credible if he or she calls while pretending to be a bank employee.
• Expiration dates are solicited by criminals in many e-mail phishing scams.
• Expiration dates make up some of the core secret informational items that identity theives traffic.
• Expiration dates are described by Visa as a “special security feature.”
• Expiration dates are one of the items contained in the magnetic stripe of a credit card, so it is useful to a criminal when creating a phony duplicate card.
• Expiration dates can be ommitted with no hassle and little cost, even for a large retail operation with tons of cashiers.
• Expiration dates are required to be excluded from printed receipts, according to Visa’s Rules for Merchants, which predates FACTA.
• Expiration dates are required to be excluded from printed receipts, according to MasterCard International’s Rules, which predates FACTA.
• Expiration dates are required to be excluded from printed receipts given to individuals, according to laws passed or introduced in at least thirty-four states.
• Expiration dates must not be printed when a customer gets a receipt, according to FACTA.
The costs for a merchant to implement FACTA are small, but the potential losses to individuals from identity theft and credit card fraud are great. It is very tough to see how any merchant coudl expose their customers to such identity protection risk by blatantly ignoring requirements from Visa, MasterCard, and now FACTA.
The author of this article is an experienced banking expert witness consultant who has worked on 337 cases nationwide and testified 91 times. He has worked as a banker and a banking regulator, is published in numerous places, and is often quoted in the news. He is available to discuss FACTA and other banking, finance, economic and credit damages, fraud and embezzlement, real estate, business valuation, and related cases with attorneys. Find him and others like him through Consolidated Consultants, an expert witness referral service.
Leave a Reply