CBA weighs in on the CFPB’s proposed expansion of what constitutes a credit report

Elanor Mulhern
Ballard Spahr LLP
Contact
LinkedIn
Facebook
X
Send
Embed

Ballard Spahr LLP

The Consumer Bankers Association (“CBA”) recently published a letter it sent to the CFPB describing the information that banks typically use for identity verification and fraud prevention and addressing the impact of subjecting such information to the requirements of the Fair Credit Reporting Act (“FCRA”).

The letter is a response to CFPB Director Chopra’s recent remarks detailing proposed changes to the FCRA. Specifically, the remarks single out so-called “credit header data” – name, date of birth, and Social Security number – for future inclusion in the FCRA’s definition of what constitutes a “credit report.” The CBA’s letter is in response to Director Chopra’s request during those remarks for input and aid from industry participants in crafting the proposed rule changes.

As it is now, the FCRA establishes requirements for how a creditor or other furnisher of information to a credit bureau must respond to direct and indirect disputes involving credit report information appearing on an individual’s credit report. The FCRA also requires that any attempt to access a consumer’s credit report be made with a “permissible purpose.” By broadening the definition of credit report to include such “credit header data” the CBA warns that the CFPB could create substantial confusion as to a bank’s compliance obligations and call into question certain customary procedures. As the CBA letter describes, credit header information is routinely used by banks to verify a consumer’s identity in order to complete any number of transactions as well as to determine whether certain account-level information can be legally shared with an individual purporting to be the consumer. Furthermore, this credit header data is integral to most banks’ current methods of fraud prevention.

The CBA raises concerns that by subjecting such routine information to the FCRA’s requirements, the CFPB could substantially hinder banks’ routine identity verification and fraud prevention practices. Indeed, subjecting credit header data to the FCRA could have the unintended consequence of aiding would-be identity thieves. As the CBA notes, if – during the time sensitive initial investigations into whether a consumer is the victim of identity theft – a bank must “proactively identity a ‘permissible purpose’” before accessing an individual’s credit header data, the fraudster could have additional time to successfully complete any fraudulent transaction.

Ultimately, the CBA suggests that, as credit header data is already protected and regulated under the Gramm-Leach-Bliley Act (“GLBA”) and Regulation P, expanding the FCRA to cover such information is unnecessary. If it is ultimately included in the statutory definition of “credit report,” the CBA requests that the CFPB consider excluding the use of credit header data by banks for the purposes of identity verification and fraud prevention from coverage under the FCRA.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Ballard Spahr LLP | Attorney Advertising

Written by:

Ballard Spahr LLP
Ballard Spahr LLP
Contact
more
less

Ballard Spahr LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide