Browse Definitions :

FACTA (Fair and Accurate Credit Transactions Act)

What is FACTA (Fair and Accurate Credit Transactions Act)?

FACTA (Fair and Accurate Credit Transactions Act) is a federal law and amendment to the FCRA (Fair Credit Reporting Act). It was added to primarily protect consumers from identity theft. The act stipulates requirements for information privacy, accuracy and disposal; it limits the ways consumer information can be shared.

Asides from protecting individuals (also referred to as consumers) from identity theft, FACTA also allows U.S. citizens access to fair and accurate consumer credit reporting. One free credit report is allowed once per year.

prevent identity theft
FACTA was added to the FCRA to primarily protect consumers from identity theft

Here are more prominent details of FACTA:

  • The three major credit reporting agencies are required to provide consumer credit reports without charge.
  • Consumers can place an alert message on their files if they suspect they have been victims of fraud.
  • Systems that print payment card receipts must employ PAN truncation (personal account number truncation) so that the consumer's full account number is not viewable on the slip.

FACTA was passed by the U.S. Congress in 2003.

What are FACTA provisions?

The Fair and Accurate Credit Transactions Act includes multiple provisions that protect against identity theft and provides further consumer protections:

  • Identity theft prevention and restoration of credit histories. These are provisions that focus on preventing identity theft. This provision creates a regulation for "fraud alerts" and "active duty alerts," limitations for the printing of credit card numbers on receipts, and regulations for detecting identity theft by financial institutions and creditors.
  • Fraud alerts. This provision requires reporting agencies to create a fraud alert on a consumer's file upon the consumer's request. Consumers can request this if they believe they are or will be a victim of fraud. The fraud alert must last for at least 90 days. Reporting agencies must also notify other consumer reporting agencies of the fraud alert.
  • The Red Flag rule. The Red Flag rule requires federal banking agencies, the National Credit Union Administration and the Federal Trade Commission (FTC) to create regulations that clarify how to enact theft prevention and notify consumers on how they should respond to address any changes.
  • Shortening of credit and debit card numbers. This provision stops businesses from printing more than five digits on an individual's card number. The provision excludes handwritten and imprinted receipts.
  • The providing of a summary of rights to victims of identity theft. This provision requires the FTC to create summaries of the procedures that consumers can take to rectify the effects of fraud or identity theft. The FTC can also work with federal banking agencies and the National Credit Union Agency to do so.
  • The blocking of reporting credit as a result of identity theft. This provision requires reporting agencies to block reporting of information in a consumer's file if the individual can provide proof that the information originated from identity theft. Agencies must block the information within four days of when evidence was provided as well as deliver a copy of the identity theft report and a statement from the individual about information from their transactions.
  • The holding of identity theft complaint investigations. This provision requires that all consumer reporting agencies create a way to communicate with each other about fraud, identity theft and fraud alerts. It also requires each consumer reporting agency to release a report each year to the FTC that contains fraud alert requests and reports of fraud or identity theft.
  • The proper disposal of identifying information. This provision requires the proper disposal of any paperwork with personally identifiable information. Key information, such as credit card numbers, must also be properly obscured.
sources of customer personal data
FACTA requires the disposal of identifying information, including the proper discarding of any paperwork with personally identifiable information.

How the Fair and Accurate Transactions Act Works

The FTC states that every U.S. citizen or resident has the right to one free credit report every 12 months. One free credit report is available from each of the major credit reporting agencies, such as Equifax, Experian or TransUnion. Consumers can check their credit report at

The Fair and Accurate Credit Transactions Act also enables credit scores and information about how credit scores are calculated to be purchasable from credit bureaus. Factors affecting the individual's credit score, the business that provided the score and the date of the score should also be provided.

If a consumer becomes the victim of fraud, that individual must notify one credit bureau of the fraud alert. The alerted bureau is then responsible for notifying other credit bureaus.

The Red Flag rule is supported by a program named the Identity Theft Prevention Program, which creates policies and procedures that aid in detecting and preventing identity theft.

Consumers can also request extensions to fraud alerts, which extends fraud alerts from one year to seven years. Extended alerts also mean the reporting agency must exclude the consumer from any lists that are distributed to third parties. The Red Flag rule also requires consumer report users to respond to notices of address discrepancies and requires debit or credit card issuers to assess the validity of a reported change of address.

Measures under the Fair and Accurate Credit Transactions Act (FACTA)

Some measures implemented by the Fair and Accurate Credit Transactions Act include the following:

  • Enforcement agencies must act upon violations of the Red Flag Rule. This rule applies to businesses and financial service providers.
  • Mortgage lenders must disclose credit scores. Credit scores and other factors like risk-based pricing that may influence a mortgage request must be provided. They must also disclose specific issues that may appear on a credit report.
  • Consumers also have the right to be made aware of and opt out of prescreened lists. Prescreened lists of consumers might sometimes be sold from credit bureaus to banks or insurance companies. Credit reporting agencies are also prevented by FACTA from sharing medical information unless the individual first gives permission.

Who enforces Fair and Accurate Credit Transactions Act?

The FTC enforces FACTA. In the event of a complaint, the FTC is responsible for performing compliance audits of credit bureaus and financial institutions. If a credit bureau or institution is out of compliance with FACTA, a warning or penalty may be given.

A common violation of FACTA, for example, is if a business that prints more than five digits of a credit card number on a receipt. Another example is if the expiration date is printed on the receipt.

Possible financial penalties for not following FACTA include the following:

  • A federal penalty of $2,500 per violation.
  • A state penalty of $1,000 per violation.
  • After a regulatory warning, fines of $11,000 per violation.

Learn how to balance fraud compliance and prevention with these tips and how the credit reporting agency Equifax paid big in data breach settlement 

This was last updated in March 2023

Continue Reading About FACTA (Fair and Accurate Credit Transactions Act)

  • client-server

    Client-server is a relationship in which one program, the client, requests a service or resource from another program, the server.

  • voice over LTE (VoLTE)

    Voice over LTE (VoLTE) is a digital packet technology that uses 4G LTE networks to route voice traffic and transmit data.

  • ONOS (Open Network Operating System)

    Open Network Operating System (ONOS) is an OS designed to help network service providers build carrier-grade software-defined ...

  • three-factor authentication (3FA)

    Three-factor authentication (3FA) is the use of identity-confirming credentials from three separate categories of authentication ...

  • cyber espionage

    Cyber espionage (cyberespionage) is a type of cyber attack that malicious hackers carry out against a business or government ...

  • role-based access control (RBAC)

    Role-based access control (RBAC) is a method of restricting network access based on the roles of individual users within an ...

  • project charter

    A project charter is a formal short document that states a project exists and provides project managers with written authority to...

  • leadership

    Leadership is the ability of an individual or a group of people to influence and guide followers or members of an organization, ...

  • transaction

    In computing, a transaction is a set of related tasks treated as a single action.

  • employee engagement

    Employee engagement is the emotional and professional connection an employee feels toward their organization, colleagues and work.

  • talent pool

    A talent pool is a database of job candidates who have the potential to meet an organization's immediate and long-term needs.

  • diversity, equity and inclusion (DEI)

    Diversity, equity and inclusion is a term used to describe policies and programs that promote the representation and ...

Customer Experience
  • sales development representative (SDR)

    A sales development representative (SDR) is an individual who focuses on prospecting, moving and qualifying leads through the ...

  • service level indicator

    A service level indicator (SLI) is a metric that indicates what measure of performance a customer is receiving at a given time.

  • customer data platform (CDP)

    A customer data platform (CDP) is a type of software application that provides a unified platform of customer information that ...