Browse Definitions :

FACTA (Fair and Accurate Credit Transactions Act)

What is FACTA (Fair and Accurate Credit Transactions Act)?

FACTA (Fair and Accurate Credit Transactions Act) is a federal law and amendment to the FCRA (Fair Credit Reporting Act). It was added to primarily protect consumers from identity theft. The act stipulates requirements for information privacy, accuracy and disposal; it limits the ways consumer information can be shared.

Asides from protecting individuals (also referred to as consumers) from identity theft, FACTA also allows U.S. citizens access to fair and accurate consumer credit reporting. One free credit report is allowed once per year.

prevent identity theft
FACTA was added to the FCRA to primarily protect consumers from identity theft

Here are more prominent details of FACTA:

  • The three major credit reporting agencies are required to provide consumer credit reports without charge.
  • Consumers can place an alert message on their files if they suspect they have been victims of fraud.
  • Systems that print payment card receipts must employ PAN truncation (personal account number truncation) so that the consumer's full account number is not viewable on the slip.

FACTA was passed by the U.S. Congress in 2003.

What are FACTA provisions?

The Fair and Accurate Credit Transactions Act includes multiple provisions that protect against identity theft and provides further consumer protections:

  • Identity theft prevention and restoration of credit histories. These are provisions that focus on preventing identity theft. This provision creates a regulation for "fraud alerts" and "active duty alerts," limitations for the printing of credit card numbers on receipts, and regulations for detecting identity theft by financial institutions and creditors.
  • Fraud alerts. This provision requires reporting agencies to create a fraud alert on a consumer's file upon the consumer's request. Consumers can request this if they believe they are or will be a victim of fraud. The fraud alert must last for at least 90 days. Reporting agencies must also notify other consumer reporting agencies of the fraud alert.
  • The Red Flag rule. The Red Flag rule requires federal banking agencies, the National Credit Union Administration and the Federal Trade Commission (FTC) to create regulations that clarify how to enact theft prevention and notify consumers on how they should respond to address any changes.
  • Shortening of credit and debit card numbers. This provision stops businesses from printing more than five digits on an individual's card number. The provision excludes handwritten and imprinted receipts.
  • The providing of a summary of rights to victims of identity theft. This provision requires the FTC to create summaries of the procedures that consumers can take to rectify the effects of fraud or identity theft. The FTC can also work with federal banking agencies and the National Credit Union Agency to do so.
  • The blocking of reporting credit as a result of identity theft. This provision requires reporting agencies to block reporting of information in a consumer's file if the individual can provide proof that the information originated from identity theft. Agencies must block the information within four days of when evidence was provided as well as deliver a copy of the identity theft report and a statement from the individual about information from their transactions.
  • The holding of identity theft complaint investigations. This provision requires that all consumer reporting agencies create a way to communicate with each other about fraud, identity theft and fraud alerts. It also requires each consumer reporting agency to release a report each year to the FTC that contains fraud alert requests and reports of fraud or identity theft.
  • The proper disposal of identifying information. This provision requires the proper disposal of any paperwork with personally identifiable information. Key information, such as credit card numbers, must also be properly obscured.
sources of customer personal data
FACTA requires the disposal of identifying information, including the proper discarding of any paperwork with personally identifiable information.

How the Fair and Accurate Transactions Act Works

The FTC states that every U.S. citizen or resident has the right to one free credit report every 12 months. One free credit report is available from each of the major credit reporting agencies, such as Equifax, Experian or TransUnion. Consumers can check their credit report at

The Fair and Accurate Credit Transactions Act also enables credit scores and information about how credit scores are calculated to be purchasable from credit bureaus. Factors affecting the individual's credit score, the business that provided the score and the date of the score should also be provided.

If a consumer becomes the victim of fraud, that individual must notify one credit bureau of the fraud alert. The alerted bureau is then responsible for notifying other credit bureaus.

The Red Flag rule is supported by a program named the Identity Theft Prevention Program, which creates policies and procedures that aid in detecting and preventing identity theft.

Consumers can also request extensions to fraud alerts, which extends fraud alerts from one year to seven years. Extended alerts also mean the reporting agency must exclude the consumer from any lists that are distributed to third parties. The Red Flag rule also requires consumer report users to respond to notices of address discrepancies and requires debit or credit card issuers to assess the validity of a reported change of address.

Measures under the Fair and Accurate Credit Transactions Act (FACTA)

Some measures implemented by the Fair and Accurate Credit Transactions Act include the following:

  • Enforcement agencies must act upon violations of the Red Flag Rule. This rule applies to businesses and financial service providers.
  • Mortgage lenders must disclose credit scores. Credit scores and other factors like risk-based pricing that may influence a mortgage request must be provided. They must also disclose specific issues that may appear on a credit report.
  • Consumers also have the right to be made aware of and opt out of prescreened lists. Prescreened lists of consumers might sometimes be sold from credit bureaus to banks or insurance companies. Credit reporting agencies are also prevented by FACTA from sharing medical information unless the individual first gives permission.

Who enforces Fair and Accurate Credit Transactions Act?

The FTC enforces FACTA. In the event of a complaint, the FTC is responsible for performing compliance audits of credit bureaus and financial institutions. If a credit bureau or institution is out of compliance with FACTA, a warning or penalty may be given.

A common violation of FACTA, for example, is if a business that prints more than five digits of a credit card number on a receipt. Another example is if the expiration date is printed on the receipt.

Possible financial penalties for not following FACTA include the following:

  • A federal penalty of $2,500 per violation.
  • A state penalty of $1,000 per violation.
  • After a regulatory warning, fines of $11,000 per violation.

Learn how to balance fraud compliance and prevention with these tips and how the credit reporting agency Equifax paid big in data breach settlement 

This was last updated in March 2023

Continue Reading About FACTA (Fair and Accurate Credit Transactions Act)

  • firewall as a service (FWaaS)

    Firewall as a service (FWaaS), also known as a cloud firewall, is a service that provides cloud-based network traffic analysis ...

  • private 5G

    Private 5G is a wireless network technology that delivers 5G cellular connectivity for private network use cases.

  • NFVi (network functions virtualization infrastructure)

    NFVi (network functions virtualization infrastructure) encompasses all of the networking hardware and software needed to support ...

  • phishing

    Phishing is a fraudulent practice in which an attacker masquerades as a reputable entity or person in an email or other form of ...

  • computer forensics (cyber forensics)

    Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular ...

  • cybersecurity

    Cybersecurity is the practice of protecting internet-connected systems such as hardware, software and data from cyberthreats.

  • OKRs (Objectives and Key Results)

    OKRs (Objectives and Key Results) encourage companies to set, communicate and monitor organizational goals and results in an ...

  • cognitive diversity

    Cognitive diversity is the inclusion of people who have different styles of problem-solving and can offer unique perspectives ...

  • reference checking software

    Reference checking software is programming that automates the process of contacting and questioning the references of job ...

Customer Experience
  • martech (marketing technology)

    Martech (marketing technology) refers to the integration of software tools, platforms, and applications designed to streamline ...

  • transactional marketing

    Transactional marketing is a business strategy that focuses on single, point-of-sale transactions.

  • customer profiling

    Customer profiling is the detailed and systematic process of constructing a clear portrait of a company's ideal customer by ...