The Fair and Accurate Credit Transaction Act, known as “FACTA,” was passed by Congress and signed into law on December 4, 2003, and became fully effective on December 4, 2006. The purpose of FACTA is to reduce the amount of personal confidential financial information that is generated and thereby reduce the incidence of identity theft and credit card fraud. In keeping with this goal, 15 USC 1681c(g)(1) requires that merchants that issue receipts to individuals truncate all but the last four or five digits of the customer’s credit card account number and truncate the entire expiration date.
Unfortunately, and despite the fact that FACTA was widely discussed before and after its passage, many merchants simply have ignored these aspects of FACTA, apparently based upon their belief that expiration dates are unimportant to a criminal. They are wrong. There is much a criminal can do with expiration dates. Consider the following:
• Expiration dates are one of the inputs needed to calculate the 3-digit security code (CVV2 or CVC 2) on the back of a credit card.
Expiration dates are required for most online purchases, including the enormous retailer Wal-Mart.
• Expiration dates can also be used to make a criminal sound more credible if he or she calls while pretending to be a bank employee.
• Expiration dates are solicited by criminals in many e-mail phishing scams.
• Expiration dates make up some of the core secret informational items that identity theives traffic.
• Expiration dates are described by Visa as a “special security feature.”
• Expiration dates are one of the items contained in the magnetic stripe of a credit card, so it is useful to a criminal when creating a phony duplicate card.
• Expiration dates can be ommitted with no hassle and little cost, even for a large retail operation with tons of cashiers.
• Expiration dates are required to be excluded from printed receipts, according to Visa’s Rules for Merchants, which predates FACTA.
• Expiration dates are required to be excluded from printed receipts, according to MasterCard International’s Rules, which predates FACTA.
• Experation dates, according to laws passed in most of the country, cannot appear in any printed customer receipts.
• Expiration dates are required to be excluded from printed receipts given to individuals, according to FACTA.
The expenses from a merchant implementing FACTA are tiny, but the amount a customer can lose from fraud and identity theft are enormous. Accordingly, it is difficult to see how any merchant could fail to see the risk of harm to which they willfully are exposing their customers by not truncating expiration dates as required by FACTA as well as Visa and MasterCard International merchant rules as well as many state laws.
The author of this article is an experienced banking expert witness consultant who has worked on 337 cases nationwide and testified 91 times. He is a former banker and banking regulator, widely published, and often quoted in the media. He is available to discuss FACTA and other banking, finance, economic and credit damages, fraud and embezzlement, real estate, business valuation, and related cases with attorneys. Find him and others like him through Consolidated Consultants, an expert witness referral service.
