Businesses Must Provide Victims and Law Enforcement with Transaction Records Relating to Identity Theft
The Fair Credit Reporting Act (FCRA) spells out rights for victims of identity theft, as well as responsibilities for businesses. Identity theft victims are entitled to ask businesses for a copy of transaction records — such as applications for credit — relating to the theft of their identity.Indeed, victims can authorize law enforcement officers to get the records or ask that the business send a copy of the records directly to a law enforcement officer. The businesses covered by the law must provide copies of these records, free of charge, within 30 days of receiving the request for them in writing. This means that the law enforcement officials who ask for these records in writing may get them from your business without a subpoena, as long as they have the victim’s authorization.
The Federal Trade Commission (FTC), the nation’s consumer protection agency, enforces the FCRA including this requirement, which is known as Section 609(e). Here is some additional information to help your business comply with this provision of the law:
Q. Who must comply with Section 609(e) of the FCRA?
A. The law applies to a business that has provided credit, goods, or services to, accepted payment from, or otherwise entered into a transaction with someone who is believed to have fraudulently used another person’s identification. For example, if your business opened a cell phone account in the victim’s name or extended credit to someone misusing the victim’s identity, you may be required to provide the records relating to the transaction to the identity theft victim or the law enforcement officer acting on that victim’s behalf.
Q. What documents must my business provide?
A. Your business must provide applications and business transactions records, maintained either by your business or by another entity on your behalf, that support any transaction alleged to be a result of identity theft. Records like invoices, credit applications, or account statements may help victims document the fraudulent transaction and provide useful evidence about the identity thief.
Q. What are the procedures for requesting these materials?
A. Requests for documents must be submitted in writing. Your business may specify an address to receive these requests. You may ask the victim to provide relevant information, like the transaction date or account number, if they know it. You also can require that victims provide:
1. proof of identity, like a government-issued ID card, the same type of information the identity thief used to open the account, or the type of information you are currently requesting from applicants; and
2. a police report and completed affidavit. Victims can use the FTC’s ID Theft Affidavit, available at ftc.gov/idtheft, or another affidavit you accept.
Q. Is it ever appropriate not to provide documents?
A. You can refuse to provide the records if you determine in good faith that:
- you cannot verify the true identity of the person asking for the information;
- the request for the information is based on a misrepresentation; or
- the information requested is Internet navigational data or similar information about a person’s visit to a website or online service.
Q. Are there recordkeeping requirements of Section 609(e)?
A. Section 609(e) does not require any new recordkeeping procedures for your business.
Richard Figley
Independent Associate
614.395.2313
www.ID-TheftProtection.com
www.richardfigley.com
No comments:
Post a Comment