Click to return to BOL home page
Banker Store Read A Reg BOL Insiders Career Connect Learning Connect Bankers Information Network

ID Theft Red Flags and
Address Discrepancy Regulations


Part 222 -- FAIR CREDIT REPORTING (Regulation V)
Subpart I -- Duties of Users of Consumer Reports Regarding Identity Theft


§ 222.82 -- Duties of users regarding address discrepancies

(a) Scope. This section applies to a user of consumer reports (user) that receives a notice of address discrepancy from a consumer reporting agency, and that is a member bank of the Federal Reserve System (other than a national bank) and its respective operating subsidiaries, a branch or agency of a foreign bank (other than a Federal branch, Federal agency, or insured State branch of a foreign bank), commercial lending company owned or controlled by a foreign bank, and an organization operating under section 25 or 25A of the Federal Reserve Act (12 U.S.C. 601 et seq., and 611 et seq.).

(b) Definition. For purposes of this section, a notice of address discrepancy means a notice sent to a user by a consumer reporting agency pursuant to 15 U.S.C. 1681c(h)(1), that informs the user of a substantial difference between the address for the consumer that the user provided to request the consumer report and the address(es) in the agency's file for the consumer.

(c) Reasonable belief. (1) Requirement to form a reasonable belief. A user must develop and implement reasonable policies and procedures designed to enable the user to form a reasonable belief that a consumer report relates to the consumer about whom it has requested the report, when the user receives a notice of address discrepancy.
   (2) Examples of reasonable policies and procedures. (i) Comparing the information in the consumer report provided by the consumer reporting agency with information the user:
         (A) Obtains and uses to verify the consumer's identity in accordance with the requirements of the Customer Information Program (CIP) rules implementing 31 U.S.C. 5318(l) (31 CFR 103.121);
         (B) Maintains in its own records, such as applications, change of address notifications, other customer account records, or retained CIP documentation; or
         (C) Obtains from third-party sources; or
      (ii) Verifying the information in the consumer report provided by the consumer reporting agency with the consumer.

(d) Consumer's address. (1) Requirement to furnish consumer's address to a consumer reporting agency. A user must develop and implement reasonable policies and procedures for furnishing an address for the consumer that the user has reasonably confirmed is accurate to the consumer reporting agency from whom it received the notice of address discrepancy when the user:
      (i) Can form a reasonable belief that the consumer report relates to the consumer about whom the user requested the report;
      (ii) Establishes a continuing relationship with the consumer; and
      (iii) Regularly and in the ordinary course of business furnishes information to the consumer reporting agency from which the notice of address discrepancy relating to the consumer was obtained.
   (2) Examples of confirmation methods. The user may reasonably confirm an address is accurate by:
      (i) Verifying the address with the consumer about whom it has requested the report;
      (ii) Reviewing its own records to verify the address of the consumer;
      (iii) Verifying the address through third-party sources; or
      (iv) Using other reasonable means.
   (3) Timing. The policies and procedures developed in accordance with paragraph (d)(1) of this section must provide that the user will furnish the consumer's address that the user has reasonably confirmed is accurate to the consumer reporting agency as part of the information it regularly furnishes for the reporting period in which it establishes a relationship with the consumer.



RESOURCES

Red Flags Examples
  • Examples of Red Flags
     PDF   HTML

    Law
  • FACT Act in PDF

    Discussions
  • FCRA/FACT Act Forum
  • Selected ID Theft Red Flags Threads

    Final Red Flags and Address Discrepancy Rules
  • Federal Register Notice PDF  TXT
    (includes prefatory comments)

    Articles
  • Compilation of articles on Red Flags and ID Theft

    ID Theft Red Flag Tools
  • Red Flag Account Warnings
  • FCRA - Identity Theft Protection Provider Worksheet

    Other FACT Act Links
  • BOL's Launch Pad
  • BOL's Tracking FACT Act Developments page

    Regulatory Guidance
  • Interagency FAQ: Identity Theft Red Flags and Address Discrepancies (6/11/09)
  • Interagency Guidance: Response Programs for Data Breaches (12/1/05)
  • Fraudulent Regulatory Agency Issuances OCC Alert on phishing attempts, 7/31/07
  • Internet Banking Fraud FDIC FIL on phishing scams, 9/13/04
  • FDIC Warns About Fraudulent Info Requests, 9/10/04
  • FDIC Guidance: Safeguarding Customers Against E-Mail and Internet Scams, 3/15/04
  • Customer ID Theft: E-Mail Scams OCC, 9/12/03
  • ID Theft and Pretext Calling FRB, 4/26/01
  • Identity Theft and Assumption Deterrence Act of 1998 FDIC FIL-100-99, 10/29/99

    Government Websites
  • FTC FCRA page
  • Justice Department ID Theft page



  • First published on BankersOnline.com 8/4/2008



    Privacy Policy    Disclaimer   Recommend This Site !   Contact Us


    BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.