WASHINGTON (11/4/08) -- The Fair and Accurate Credit Transaction Act (FACTA) identity theft red flag regulations require credit and debit card issuers to validate an address whenever they receive a request for a replacement or additional card. Is this true or false, asks the Credit Union National Association’s (CUNA’s) Compliance Challenge
. It’s false. The FACTA ID theft red flag regulations only require validation of an address when a card issuer has also received a notification of a change of address. The mandatory compliance date was Nov. 1 for both state- and federally chartered credit unions. The Federal Trade Commission's 6-month enforcement delay for the ID theft red flags rule does not extend to the rule regarding address discrepancies applicable to users of consumer reports, or to the rule regarding changes of address applicable to card issuers. The Challenge
advises that the regulations require credit and debit card issuers to assess the validity of change of address requests when a card issuer receives a change-of-address notice and then, within a short period of time afterwards--at least 30 days--receives a request for an additional or replacement card. The credit union is prohibited from issuing a new card unless it takes steps to assess whether the change of address is valid, such as:
* Notifying the cardholder at the old address; * Notifying the cardholder through some other means of communication that the cardholder has previously agreed to; or * Using another method of assessing the validity of the change of address that the issuer has included in its red flag program.
In any case, CUNA notes, credit unions can always opt to validate addresses when issuing new cards, even when no change-of-address is involved. This is a good idea if the credit union has experienced incidences of identity theft related to requests for new credit/debit cards. Use the resource links below for more FACTA information.