Can credit repair really raise your score

Can credit repair really raise your score?

Credit repair firms make promises they can't keep

In a recent Consumer Federation of America survey, more than half of all respondents thought credit repair firms were a legitimate way to improve a credit score. In reality, nothing could be further from the truth.

What these firms typically do -- and this was very common last decade -- is use a technique to temporarily raise your score by a significant number of points for just a few weeks before it plummets back down again. But the credit bureaus have gotten wise to this technique over the years.

Anyone who says they can magically eliminate bad items on your credit report is telling you a big lie. Keep your money in your own pocket and don't give it to them for their supposed "services"! Better yet, use it to pay the debts you owe and that will improve your credit score on its own.

Know that there is no magic wand for credit repair. If you need help, get in touch with the National Foundation for Credit Counseling. But if you understand these basics and put them into practice in your life, your credit score will rise slowly but surely.

Raise your credit score with this knowledge

If you're suffering from poor credit, there are several surefire ways to get your credit healthy again. Follow these tips and you'll be well on your way:

• Always pay your bills on time and pay down the total amount you owe.
  (accounts for 35 percent of your score)
  If you forget all else after reading this, remember this one! This is the single most important rule for having a good credit score.


•  Keep a low credit utilization rate.
  (accounts for 30 percent of your score)
  Let's say you have a credit card with a $10,000 limit. If you're carrying a balance month-to-month of $3,000, you're only using 30 percent of the total limit. But if your credit limit is suddenly dropped to $3,000, then suddenly you're using 100 percent of what's available to you. That's yet another reason to always pay down credit card debt as quickly as possible. You always want to stay at credit utilization of 30 percent or less.


• When you pay off a credit card, don't close the account.
  (accounts for 15 percent of your score)
  Doing so only reduces your available credit and drives your score down. You want to have between four to six lines of credit. Be sure to use them twice a year -- even if it's just for a dollar store purchase -- and pay them off right away. That will keep them active in your credit mix.

If you're facing a huge new annual fee on a card that has a zero balance, try "leapfrogging." That's my term for using the 45-day window you have before any new terms of service go into effect to shop around. So once you get notice about a new annual fee, start looking around for other no-fee credit cards. Submit your application and once you get your new no-fee card, then go ahead and shut down the original one that wanted to spring a fee on you.

The remaining 20% of your credit score is comprised of what types of credit make up your credit mix (10%) and how much new credit you have in your life and how quickly you took it on (10%).

Tips for boosting your credit score

Tips for boosting your credit score

If you're thinking about buying a house or a car, your credit score is a very important number.

The interest rate you'll pay for the money you borrow will be determined, in large part, by this three-digit number that's generated from the information in your credit report.

Most lenders have carved-in-stone rules about handing out the best terms, and those rules almost always place a major emphasis on your credit score. If their best rates are offered to borrowers with a score of 700 or higher and yours is a 698, those two points could cost you thousands of dollars.

According to MyFICO.com, the consumer website of popular scoring model FICO, the interest rate difference between those two scores is about one-third of a percentage point.

On a $165,000 30-year fixed-rate mortgage, that difference could cost you more than $13,378 in interest charges, assuming a 4.5 percent interest rate with a 700 credit score and a 4.875 percent rate on a 698 score. Fall below a 660 and the rate goes up even more, if you can even get approved for a mortgage at all.

Keep in mind that these are averages. Most lenders today practice tiered pricing, with interest rates rising as scores go down. Each lender chooses its own "break points" between tiers. Lender A may bump up the interest rate if a score falls below 700, while Lender B doesn't charge higher rates until the score is 690 or below. So if you stick with one lender, and that lender's break point is 700, raising your score from 698 to 701 can be vital.

This underscores the importance of not only doing all you can to improve your score, but shopping thoroughly when looking for a mortgage. From the perspective of a mortgage broker, who can choose among a sea of many lenders, there are no sharp break points. Consumers should do what a good broker does -- look for a lender that offers the best rate for a specific score.

But that's jumping ahead of ourselves. First things first: You can take steps to improve your credit score. The number of variables that play into an individual score make it impossible to say that one particular action will increase a given score by a certain number of points. But there are some good guidelines.

"The key to having the best FICO score possible is following three rules," says Jeffrey Scott, spokesman for FICO. "Pay all your bills on time, every time, keep your credit card balances low and only open new credit when you need it."

Speedy upgrade

That's good advice, to be sure, but these actions take a long time. What if you're house hunting and you just need a few extra points to bump you over the line to the great rates?

Start by pulling your credit report and your FICO score to see where you are. To get an estimate of your credit score, check out our Credit Score Estimator. If your score is above a 760, you're golden. Improving your score from 760 to 800 won't get you better terms

Here is How to Repair Your Bad Credit Report

Here is How to Repair Your Bad Credit Report

 

Bad credit reports comes with nightmares that nobody admires. If you choose to stick your head in sand and ignore your wake up call, it is totally fine and if you choose to overcome your fears and reclaim your credit standing, congratulations and here are a few tips for you.

I would say start with checking your credit standing but since you are reading this article, I am sure you´ve done your homework and assessed it and the results are not that amusing. So, let’s get to business

Step One: Request reports from several credit bureaus & companies

If you are in the United States, the Fair and Accurate Credit Transactions Act (FACTA) entitles you to a free credit report from leading credit bureaus in the country. It is also worthwhile to pick copies from the credit reporting companies. This is important because you do not know what has been submitted out there.

The basis of collecting reports from several companies is to have the different versions of the story.

Step Two: Carefully analyze your reports

Keep in mind that credit reports are not auto generated but are written and submitted by humans. This should give you the benefit of doubt that whatever is in that report is true or completely accurate.

Carefully go through your credit reports to make sure that the information in it is accurate and up to date. You should check out for address, types of accounts whether revolving, installment or join, collections, financial obligations records, consumer statements and credit inquiries.

These are the areas you should pay close attention too when examining your credit reports. It is often advisable that you audit your own credit report but I understand this can be boring to some people so if you feel you will not be able to read your credit reports to the end, I suggest you find somebody who can demystify the info into notable points you can easily suggest. Either way, ensure you are familiar with the content of your report.

Review your payments

Payments cover a larger percentage of your credit report since credit is all about borrowing and paying and since you only borrow for limited number of times, only repaying your debt remains to be everybody´s interest.

If there are missing payments, make sure to lodge a complaint with your credit company since a single missing payment can cause serious setback on your credit score.

However, be sure to talk to your lender before throwing turn trams. Sometimes the report must have just been hurried off or you may have made a payment too soon and you expect it to reflect on your report.

 Depth of credit

This is the length of time you´ve been using credit.

Older credit accounts are helpful when arguing your case out to correct your credit especially if it the older account was good or excellent.

You should carefully review your old credit account before closing it because it is your biggest bargaining chip

Recent credit accounts

New credit accounts are considered risk and they can lower your credit score in the first place. However, the consistent payment in the accounts will indicate responsibility and build your creditors confidence

Ensure that your recent credit accounts appear on your report- Although they may bear some degree of negative impact, the ultimate goal is to fix your credit and it will help a great deal.

Amount of Credit

It is hard for a credit company to post an inaccurate credit amount on your report. However, for revolving credits accounts, the amount carried forward may be inaccurate especially if you make irregular payments.

Step Three: Dispute all conflicting data

After carefully auditing your reports and noted down all conflicting data, it is time to lodge complains, the idea that complains may hurt your credit score is a misconception. Companies against any items of your credit report are never score and there is no way it will impact your score. If there is anything that will impact your credit score is failing to complain.

There are a number of ways to file complaints regarding your credit reports. One, you can call the number listed on your credit report and file your complain and two, you can file your complain online by visiting credit bureaus website.

It is not necessary to file complains with all credit bureaus as only one is enough. The credit reference bureau will forward your complain to your credit company and they will be required to reply within 30 days of the complaint. If they respond with corrections, the credit company is required to post the corrections to all bureaus they submitted the inaccurate report.

If you and your credit provider cannot resolve a dispute say have failed to reconcile a missing payment, you are allowed to attach a statement against the item on your report. For example, you may indicate ´I never missed any payment with company X´. This statement will be available for 2 years and is accessible to anybody who accessed your credit report-

Reference bureaus allow 30 days for credit companies to respond to complaints. If after 30 days not response id heard from your provider, the reference bureau will delete the inaccurate record and inform you and other bureaus. If after the correction you still feel some information is missing or inaccurate, you may have to visit your credit company in person and settle the deal personally.

For late payments, you may consider visiting your credit provider and explain yourself. These guys are humans like you and me and will consider going easy on you if you take the initiative to explain why you missed a payment or submitted your payment late.

Step Four: New report

Be sure to wait for 2 to 3 weeks before requesting for a new credit report after the corrections have been posted. In other cases, credit companies will acknowledge that the data is accurate but request more time to fix the discrepancy.

Purchasing credit score is also another option of seeing that your credit score improves. I hope these four steps to improving your credit score works with you. Remember, the best way to correct bad credit is avoiding one in the first place.

- See more at: http://www.elitepersonalfinance.com/here-is-how-to-repair-your-bad-credit-report/#sthash.KcC0bPsz.dpuf

Behind the Scenes at a Business Credit Bureau

Behind the Scenes at a Business Credit Bureau

You may have a mental image of how credit reports are created: from an orderly exchange of clean, tidy data flowing seamlessly through some kind of standard method, untouched by human hands and delivered straight to your web browser.  But that would be wrong.  As with any well-executed professional endeavor, it only looks that effortless.

I entered the world of credit data in the late 1990s as part of the team that delivered one of the first business credit reporting platforms on the internet.  Back then, I thought a lot like you.  I assumed that credit data comes from nimble-fingered accountants and therefore would be inherently orderly.  I assumed that the bigger the company sharing trade experiences with us, the more exacting and precise the data was likely to be.

At least now I no longer have a 9-track computer tape reader in my office; all of our data is transmitted digitally and we don’t have to wait for FedEx to deliver physical media.  Other than that, not much has changed.

Consider the lowly data entry clerk who manually inputs much of the information into these systems.  They often aren’t paid enough to think or care deeply about what they are doing, and in many cases, they don’t have the time to notice, much less correct, misspellings like COMAPNY.  So let’s imagine three different creditors sharing their trade experiences about a customer who I will give the name of Walt’s Cigar Rentals.  We might get the name and address information in the three following ways:

WALT’S CIGAR RENTAL

123 WALT AVE

WALTVILLE, VT 01342

WALTS CIGAR RENTALS COPMANY

123 WALT

WALTVILLE VT

WALT’S CIGARRNTL CO

123 WALT STRET

MALTVILLE, VERMONT 1342

And this is a simple example.  Don’t get me started about non-US addresses, often entered into US-made software that doesn’t understand, for instance, that many countries have four or six digit postal codes, rather than five like ours – Canada’s is not even all numeric.  And while we’re on the subject of Canada:  Many addresses in Canada could be expressed in either English or French and we still have to recognize them as the same!

Now comes a user searching for this company, and they might enter the name in yet different ways.  If they search for WALT’S with an apostrophe, they won’t find the second version.  If they narrow the search to MALTVILLE, then the misspelled version, WALTVILLE, will be omitted.  When you consider that we can get trade experiences on any one company from hundreds of creditors, and that the search terms entered by thousands of users may vary in their own right, you’ve encountered the fundamental challenge of processing all this data:  How does a computer, which is famously simple-minded and literal about matching, recognize hundreds of variants as the very same company?

Even if the computer recognizes all the different variations, who wants their business credit report cluttered with all of them?  The debtor should appear once, with the name and address correctly rendered, so that users can make quick credit decisions with confidence.  Nothing inspires doubt like obvious mistakes in the representation of company names and addresses.

This is where data hygiene enters the picture.  If that evokes images of data elves scrubbing data with (industrial-strength) soap and water, that is not, metaphorically speaking, far from the truth!  But to digest data in real time and avoid falling behind, this process must be automated.  We must patiently teach computers to correct random errors introduced by humans.  It is this requirement that keeps people like me awake nights.

Thankfully, we’ve had nearly two decades to fine-tune the process, and it’s getting better all the time.  Using a combination of postal standardization software, tools for us to capture intelligence over time about common misspellings and odd abbreviations, and an extensive layer of proprietary software, the three sample addresses above would be recognized and reported by our system in a standardized way:

WALTS CIGAR RENTALS CO

123 WALT ST

WALTVILLE VT 01342

Of course there’s far more to it.  I haven’t discussed other interesting issues such as how accounts receivable can be aged differently by different companies, how the methods of expressing data points like high credit and days-to-pay can vary or just be plain incorrect, and the fact that the export and transmission of trade experience data is not always 100-percent automated by the creditor, resulting in constant small changes in the data layout and even the file format.  Our system handles roughly 80 percent of the data sent to us automatically in spite of this, and human intervention for the rest is often a matter of minutes.  It takes a long time and a lot of experience to achieve such levels of automation with such unruly data.

Nor have I mentioned the need to remove non-objective comments stashed into data fields not meant for such things.  It would not do for our business credit reports to include some clerk’s notation appended to a company name that THIS CUSTOMER IS A PAIN!  In addition, we deal with cryptic notations or acronyms that have meaning only within the collection department of a company – or within an industry.  So we have to recognize when MACYS EAST COAST ACCOUNTS should really just be MACYS INC, or that MACYS INC EDI just means that the bills are paid by “electronic data interchange” and so the EDI can be removed as superfluous for credit reporting purposes.

We have a large stable of internal “sanity checks,” too.  They help to ensure that, for instance, a creditor didn’t accidentally send us the same file they sent last month, or the same month last year.  Or that the total portfolio balance doesn’t vary by a suspicious amount month-to-month, indicating a possible malfunction in the creditor’s data export.  We have staff to contact creditors and verify suspicious changes or request corrected replacement files.

Finally, we have mechanisms to guard against credit fraud.  It’s rare, but not unheard of, for someone to set up one or more fake companies that share contrived trade experiences just to inflate the credit scores of certain slow-paying or non-paying debtors.  Surprisingly, there are telltale signs in such data that we look for regularly.

Why Your Business Credit Reports Need Transparency

Why Your Business Credit Reports Need Transparency

Transparency is one of the most important components of a reliable and accurate business credit report.

What is transparency in the terms of credit reports? In short, it means that the business credit bureau isn’t padding their reports to make it appear that their data is better than it really is. For example, a transparent business credit report is very clear about how current the credit data it contains is.

When you review a company's credit report you should have no question that the information it contains is up to date, be able to tell how the company pays specific industries and see a month by month breakdown of the data.

3 Components of a Transparent Business Credit Report

Does the report provide the most current information? 

A business’s cash flow situations can change overnight so it’s important that you’re looking at the freshest data available. For example, if a business recently lost a major customer, they’ll likely start having difficulty paying their bills. If the credit data you’re using is not current, you’re making a decision based off of information that may no longer be relevant.

It is vital that your business credit bureau shows how current their data is. Without this transparency, there’s no way for you to know whether the credit information is 2 months or 2 years old.

The bestway to know whether or not the information you’re looking at is current is to know what month the information was reported to the bureau. This is most easily seen in a month by month breakdown, where the number of contributors reporting that month is shown. See the first two columns below (Month and # of Co’s):

If your current business credit reports show aggregated data, or don’t show when the data was reported, how can you know whether or not the information is current or outdated?

How does the company pay my industry?

There are always some products and services that a business cannot function without. Since these vendors provide something that is essential to the operations of the business, the company will usually pay them first.

For example, a trucking company will likely pay its fuel provider before anyone else. How can they move their trucks without fuel? A restaurant will probably pay the food distributor before they pay anyone else. How can they feed their customers without food?

There are many industries that payment for a certain good or service demands a higher priority than others. Knowing how a company pays specific industries is therefore vital.

Imagine you’re an electrical manufacturer who produces commercial lighting. If you’re considering extending credit to a trucking company, would you rather know how they pay fuel companies or other electrical manufacturers?

A transparent credit report will always show you an industry breakdown. In this, you should be able to see how many companies, within that industry, are reporting and how they’re being paid.

Without this information, it is almost impossible to know how a company prioritizes their payments.

Is it a single trade line or a month by month breakdown?

It is extremely important to see how a company pays their bills month over month.

With a month by month breakdown, you’re able to predict their future payment trends. For example, if you look at a company’s credit report and see that over the past 4 months, their days to pay have gone from 31 to 33 to 36 to 41, you can likely deduce that for whatever reason, they are having trouble paying their bills on time. Such a payment trend should factor into your decision of extending the company credit.

Take a look at the graph below. Over the past 6 months, the company's days to pay haveconsistently increased (from roughly 40 days to pay to 70). If you saw the trend in the graph below, would you extend credit to this company?

In addition, many companies experience some seasonality and these seasonal changes can cause drastic ebbs and flows in their revenue. They may pay their bills on time when they're busy and fall behind when they’re not. By reviewing their monthly payment history, you’ll be able to determine if they experience any seasonality.

A reliable and transparent business credit report can greatly increase your chances of getting paid. Be sure that your reports have current, industry specific and consistent data.

Reading a Business Credit Report

Each business credit bureau has their own way to represent the credit information they collect. While the layout might vary, or the names for different sections change, the principles outlined below are the same.

If you would like a free sample business credit report to follow along with, click here.

Step 1) Read the Company Profile

First thing first! Check the company profile to get an overview of the company you are looking at.

 

The company profile will contain information like:

• Company name


• Address


• Telephone and fax numbers


• Information on company principals

Don't spend too much time here. The most important thing is to be sure that the report you pulled is on the correct company. Match the company name and address to what you have on file. This is especially important if the company you are considering extending credit to has a generic name (like Smith Enterprises).

Step 2) Translate the Business Credit Scores & Credit Alerts

Towards the top of each business credit report, you will find an overview of how the company pays their bills.

Each business credit bureau has their own way to represent this overview but it will usually contain three important criteria: a credit rating, a business credit score, and a list of credit alerts.

Credit Rating

We're back to dreaded 74K-38. So what the heck does it mean?

74K = $74,000 - This is Company XYZ's average monthly balance over the past 6 months.

38 = 38 days to pay - Over the past 6 months, they pay on average, in 38 days.

To put this all together, a rating of 74K-38 would mean over the past 6 months, Company XYZ has had an average monthly outstanding balance of $74,000 and pays their bills in roughly 38 days.

Business Credit Score

Business credit scores give you an idea of a company's risk potential. They range from 0-100; the higher the better.

A sophisticated mathematical model calculates the scores based off multiple factors in each of these four areas:

1. Payment history


2. Current level of indebtedness


3. Current level of delinquencies


4. Length of credit history

Our business credit scores are grouped into three categories of risk:

Low Risk           > 87

Medium Risk     70 - 87

High Risk          < 70

Credit Alerts

A credit alert is an adverse piece of information. We show our credit alerts in bright red, hoping to literally alert credit professionals of their existence. Examples of credit alerts are:

• Collection accounts


• Judgment filed


• Fraud account


• Credit hold


• Returned check


• Phone disconnected

Alerts are never something you want to see when considering extending credit to a company. If you encounter a company with a credit alert on their report, proceed with caution.

Credit alerts, ratings and scores are useful in making a credit decision, but the majority of your time should be dedicated to the next two steps.

Step 3) Understand Month by Month Payment History

How is a company currently paying their bills? Are they slowing down on payments?

This is the start of the meat of a business credit report. Here you will see actual payment history that has been reported by businesses who are working with Company XYZ. This data is usually shown in the standard accounts receivable aging buckets (as seen below).

 

Click to View Larger Image

Using January of 2014 as an example, 28 companies reported their credit experience with Company XYZ. Those 28 companies were paid by Company XYZ in roughly 43 days.

There are a few basic things to remember when analyzing this section:

1. The more money that is in the 1-30 day aging bucket the better.


2. The past 12 months of payment history are the most important. I am much more interested in how a company pays their bills now vs how they were paying 2-3 years ago.


3. You should be able to see how many companies have reported to your business credit bureau each month. If you do not have this transparency, there is no way to know whether the information you're viewing was reported 3 months ago or 3 years ago.

Step 4) Determine How Your Industry is Paid vs How All Industries are Paid

This is an extremely important section. Here you will see how Company XYZ pays different industries.

Click to View Larger Image

When looking at industry specific payment history, there are two key considerations:

1. How is your industry being paid?  This is the best indication of how you will be paid.


2. How are all other industries being paid? An often overlooked area, but vital in determining credit worthiness.

Use the same logic as you did with numbers 1-3 in Step 3 above - majority of the bills in the 1-30 day aging bucket, information from the past 12 months, transparent data.

Step 5) Check the Number of Credit Inquiries

Similar to your personal credit report, business credit bureaus track the number of times a company's credit report has been pulled.

Click to View Larger Image

A business credit report having multiple inquiries is not always cause for concern. In many instances, it can even be a postive sign. Here are a few examples:

Positive: a business is growing and is seeking new creditors.

Negative: a business has reached their credit limits and is seeking new creditors.

To determine whether inquiries are good or bad, review the company's days to pay. If these have been steadily increasing over the past few months, it could mean that they are having trouble paying their bills.

Step 6) Put it All Together

Consider all that you have learned about Company XYZ's credit worthiness. Does their credit report contain any red flags? How quickly can you expect to be paid? Can you wait that long?

A strong business credit report is one of the best weapons in a credit professional's arsenal. Understanding the information they contain will dramatically increase the likelihood of payment.

3 Quick Business Credit Report Red Flags to Avoid Bad Debt

3 Quick Business Credit Report Red Flags to Avoid Bad Debt

Extending credit is a requirement of doing business today. This necessity unfortunately opens you up to credit risk and the potential for bad debt.

While you may not avoid all credit risk, credit managers are able to greatly reduce their likelihood of a collection account or bad debt by pulling a business credit report.

Good credit managers are able to read a credit report to understand how a company has historically paid their bills. Great credit managers are able to use a company's credit report to predict how they can expect to be paid.

Within the report, are red flags that these great credit managers look for to avoid bad debt.

The 3 Bad Debt Red Flags on a Business Credit Report

Knowing how to read a business credit report is a requirement of any good business credit professional. It is the great ones that are able to use a report to avoid the likelihood of bad debt.

Here are 3 red flags that they look for to reduce their credit risk.

1) Low Business Credit Score

Business credit scores give you an idea of a company's risk potential. Each business credit bureau has their own scoring system, but the scores are usually calculated based on factors in the following four areas:

1. Payment history


2. Current level of indebtedness


3. Current level of delinquencies


4. Length of credit history

Each bureau will tell you what range of scores they consider high risk. On an Ansonia Business Credit Report, a risk score of 70 or lower is considered high risk.

A low score is not cause to deny a company credit on its own; use your judgment here. If the company has a low business credit score and other adverse information on their report (such as flags #2 and #3 below), you are probably better off working with them on cash terms.

2) Credit Alerts

Credit alerts are never a good sign. Ansonia's are displayed in bright red, hoping to literally "alert" our customers of the adverse information.

The severity of the credit alert can range greatly, from a bankruptcy to a slow pay.

While this is not a hard and fast rule, alerts can be grouped into two categories: approach with caution and approach with EXTREME caution (creative right?)

Approach with caution

• On cash terms


• Slow pay


• Phone disconnected


• Returned check

These are often early warning signs. For example, if a company is starting to have cash flow issues, you might see a "slow pay" or "on cash terms".

It is important to note that alerts in this category can sometimes be explained:

Slow pay - possibly a billing error

Phone disconnected - the company just moved offices

Regardless, approach these with caution; an alert is still an alert.

Approach with EXTREME caution

• Bankruptcy filed


• Fraud account


• Credit revoked


• Judgment filed


• Write-off


• Collection Account

Can you imagine if your company had one of the above alerts posted on your company credit report? These are big, bright, flashing red flags. They almost always indicate that a company is in trouble.

If one of the above alerts is present, cash terms are recommended over extending a credit line.

Credit alerts are never good. Regardless of its severity, an alert is always cause for further investigation. They are the cause of a lot of bad debt and write offs. When you see one, be careful.

See a full list of Ansonia's credit alerts here.

3) Increasing Days to Pay and an Abnormal Number of Credit Inquiries

One of the best early warning signs on a company's credit report is an increasing number in a company's days to pay. This increase is especially worrisome if it is coupled with an abnormal number of credit inquiries (the number of times a business credit report has been pulled).

What is an abnormal number? Look for a trend here. For example, a company has consistently had 4 inquiries on their credit report, and in the most recent two months has had 12 inquiries.

The combination can often signify that the company is in trouble. It often means that they are having trouble paying their current creditors (increase in days to pay) and are out looking for new creditors (abnormal number of credit inquiries).

Pulling a business credit report before extending a credit line can drastically decrease your credit risk. There are many things to consider on a report and these three are some of the worst in terms of risk potential. Avoid them and you can greatly reduce your chances of taking on bad debt.

Argument for a Risk Monitoring Policy

Argument for a Risk Monitoring Policy

Reviewing the credit report of new customers is a basic business practice that's essential to limit your company's risk of bad debt and write-offs.

If that's the extent of your credit department's risk management, however, your business is still vulnerable to preventable losses, and you may be missing out on revenue-generating opportunities as well.

A risk monitoring policy can help you identify customers who require credit reviews on a frequent basis so you can both protect your bottom line and grow your business.

Why Every Business Needs a Credit Risk Monitoring Policy

Vetting new customers and setting terms is only part the equation when it comes to mitigating risk. Performing regular reviews of customer payment history and reevaluating the credit terms you've extended is equally important.

In the day-to-day operations of a business, changes that can impact creditworthiness take place continuously. A well-developed risk management strategy not only protects and creates value; it also addresses and relieves uncertainty and allows your business to continually improve.

The Aim of a Risk Monitoring Policy

A well-defined risk monitoring policy should outline the steps necessary to assess which customers should be reviewed more often.

To provide you with the framework to spot changes in customer behavior that warrant a change in review status, your risk monitoring policy should be integrated into all of your credit management processes, and it must be tailored to your company's unique requirements.

A systematic, timely, inclusive and transparent risk monitoring policy will accurately evaluate customer stability, as well as a customer's ability to pay for the goods or services you provide.

A well-designed policy that's both iterative and dynamic takes human and cultural factors into account. In order to allow you to identify those customers who need more frequent reviews, it must be based on fresh, reliable credit data and intelligence.

How to Develop a Risk Monitoring Policy

To be effective, risk monitoring needs to zero in on both negative and positive changes. If positive changes in a customer's financial situation aren't noticed, your business can miss out on opportunities to improve your relationship or increase sales.

If negative changes in a customer's behavior or circumstances are overlooked, your risk of not receiving payment for the goods or services you're supplying increases.

In order to determine when to perform customer credit reviews and how in depth they need to be, divide your A/R accounts into groups based on history and perceived risk. For example, your A/R portfolio could be divided up into groups of:

• Larger accounts that potentially represent the greatest financial loss and need to be monitored closely year-round


• Long-term customers who've always paid on time and have a spotless business credit report who only need an annual review


• New customers who are reviewed quarterly until they've shown they're reliable payers


• Customers with any history of late payments who are evaluated monthly or even weekly


• Customers who you've put on prepayments or C.O.D. terms who are reviewed monthly or quarterly to determine if they qualify for terms

The assessment policy you develop should allow ample flexibility so groups can evolve to meet the changing needs of your business.

Reliable Credit Information Plays a Crucial Role in Risk Monitoring

Up-to-date credit intelligence and analysis tools are critical for successfully implementing a risk monitoring strategy.

When you're looking for a resource to supply credit information, consider the following factors:

• Integrity of the data - Is it validated?


• Breadth and depth of the data - Does it come from a variety of sources?


• Technology - Does the provider use the latest technology and tools?

At safe consulting services, our goal is to provide accurate, real-time business credit data and cutting-edge tools that make it easy to assess and monitor risk. Contact us today to learn more about our innovative products.

How to Audit and Rebuild a Dated Credit Risk Policy

How to Audit and Rebuild a Dated Credit Risk Policy

A credit risk policy sets forth standards, procedures, and definitions that guide the credit decisions made by a company, with the overall goal of mitigating credit risks.

As market conditions evolve and the financial situations of credit customers change, your existing credit policies may become out of date and inapplicable to evaluating new credit customers and modifying the terms governing existing ones.

By using reliable credit indicators, such as business credit reports and other financial data, you can revise and rebuild a credit risk policy to maintain low risk for your company while providing customers with the credit terms they need. Here are some ways to ensure a dated credit risk policy is up to date.

If you believe that a current credit risk policy is no longer valid, a careful audit of the policy will give you a foundation from which to make changes and revisions. With the assistance of credit managers and financial experts, plus data from business credit reports and other sources, assistance is available to assess how current credit risk policies are affecting your company.

If you believe that you are taking on too much credit risk, or that the evaluation procedures are not accurately identifying both good and bad credit customers, you can proceed to a detailed evaluation of your credit risk policy.

Look at elements of your credit risk policy and how you currently handle factors such as:

• Application requirements.


• Credit review policies and sources.


• Approval procedures.


• Credit limits.


• Prefunding, collateral, or down payment requirements.


• Characteristics of responsible parties.


• Financial and market conditions, both general and in specific industries.


• The role of business credit reports, references from other companies, or other credit data in your decisions.


• Signs of increasing or deteriorating credit worthiness.


• Procedures for increasing or decreasing credit limits.

When you have this information available, you can use it to rebuild your out-of-date credit policy. For example, if you know that a specific industry or business segment is experiencing difficulties, you may need to impose more stringent credit requirements for companies in that industry.

If your current sources for credit data and business credit reports are insufficient, you will know that you need to expand your acquisition of credit data to other credit reporting agencies and financial companies.

You may use a procedure such as the following for reevaluating and reestablishing a customer's credit standing (dollar amounts listed are for example only; your specific dollar limits may be higher or lower):

• Establish a threshold dollar amount for reevaluation of customer cre dit. For example, you may set an AR threshold of $200,000 for each customer.


• For customers with an AR threshold above $200,000, you may want to reevaluate their credit terms every month without taking action. Contact them every three months. Set new credit limits every four months based on the date you've collected over that same period.


• For customers with an AR below $200,000, you may feel comfortable establishing longer periods for reevaluation and resetting of limits. For example, you may reevaluate credit terms every four months and contact them every six months. New credit terms could be set up every eight months, as needed.

When you assess a customer's current credit worthiness, pay particular attention to factors such as:

• Credit history: Past credit behavior that indicates level of ability and willingness to repay.


• Company financial status: Customer company's debt burden, income, assets, and other indicators of financial stability.


• Credit limit: How much credit you are willing to extend to the customer.


• Frequency of credit use: How often, and to what extent, a customer uses credit.

Ansonia Credit Data's in-depth business credit reports and associated data give credit managers the data they need to make informed credit decisions and establish workable, mutually beneficial credit risk policies. Contact safe consulting services today for more information on our detailed, reasonably priced business credit reports and how they can help you when making financial decisions for your company.

Health Insurance Portability and Accountability Act

Health Insurance Portability and Accountability Act

Introduction

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 Public Law 104-191 104th Congress An Act AUG. 21, 1996 To amend the Internal Revenue Code of 1986 to improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery, to promote the use of medical savings accounts, to improve access to long-term care services and coverage, to simplify the administration of health insurance, and for other purposes. Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled.

SECTION 1. SHORT TITLE; TABLE OF CONTENTS.

(a) SHORT TITLE.–This Act may be cited as the “Health Insurance Portability and Accountability Act of 1996″. (b) TABLE OF CONTENTS.–The table of contents of this Act is as follows: Sec. 1. Short title; table of contents. TITLE I–HEALTH CARE ACCESS, PORTABILITY, AND RENEWABILITY … TITLE II–PREVENTING HEALTH CARE FRAUD AND ABUSE; ADMINISTRATIVE SIMPLIFICATION; MEDICAL LIABILITY REFORM … Subtitle F–Administrative Simplification Sec. 261. Purpose. Sec. 262. Administrative simplification. Part C–Administrative Simplification Sec. 1171. Definitions. Sec. 1172. General requirements for adoption of standards. Sec. 1173. Standards for information transactions and data elements. Sec. 1174. Timetables for adoption of standards. Sec. 1175. Requirements. Sec. 1176. General penalty for failure to comply with requirements and standards. Sec. 1177. Wrongful disclosure of individually identifiable health information. Sec. 1178. Effect on State law. Sec. 1179. Processing payment transactions.”. Sec. 263. Changes in membership and duties of National Committee on Vital and Health Statistics. Sec. 264. Recommendations with respect to privacy of certain health information.

SEC. 261. PURPOSE.

Subtitle F–Administrative Simplification It is the purpose of this subtitle to improve the Medicare program under title XVIII of the Social Security Act, the medicaid program under title XIX of such Act, and the efficiency and effectiveness of the health care system, by encouraging the development of a health information system through the establishment of standards and requirements for the electronic transmission of certain health information.

SEC. 262. ADMINISTRATIVE SIMPLIFICATION.

(a) IN GENERAL.–Title XI (42 U.S.C. 1301 et seq.) is amended by adding at the end the following: PART C–ADMINISTRATIVE SIMPLIFICATION DEFINITIONS SEC. 1171. For purposes of this part: (1) CODE SET.–The term ‘code set’ means any set of codes used for encoding data elements, such as tables of terms, medical concepts, medical diagnostic codes, or medical procedure codes. (2) HEALTH CARE CLEARINGHOUSE.–The term ‘health care clearinghouse’ means a public or private entity that processes or facilitates the processing of nonstandard data elements of health information into standard data elements. (3) HEALTH CARE PROVIDER.–The term ‘health care provider’ includes a provider of services (as defined in section 1861(u)), a provider of medical or other health services (as defined in section 1861(s)), and any other person furnishing health care services or supplies. (4) HEALTH INFORMATION.–The term ‘health information’ means any information, whether oral or recorded in any form or medium, that– (A) is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and (B) relates to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual. (5) HEALTH PLAN.–The term ‘health plan’ means an individual or group plan that provides, or pays the cost of, medical care (as such term is defined in section 2791 of the Public Health Service Act). Such term includes the following, and any combination thereof: (A) A group health plan (as defined in section 2791(a) of the Public Health Service Act), but only if the plan– (i) has 50 or more participants (as defined in section 3(7) of the Employee Retirement Income Security Act of 1974); or (ii) is administered by an entity other than the employer who established and maintains the plan. (B) A health insurance issuer (as defined in section 2791(b) of the Public Health Service Act). (C) A health maintenance organization (as defined in section 2791(b) of the Public Health Service Act). (D) Part A or part B of the Medicare program under title XVIII. (E) The medicaid program under title XIX. (F) A Medicare supplemental policy (as defined in section 1882(g)(1)). (G) A long-term care policy, including a nursing home fixed indemnity policy (unless the Secretary determines that such a policy does not provide sufficiently comprehensive coverage of a benefit so that the policy should be treated as a health plan). (H) An employee welfare benefit plan or any other arrangement which is established or maintained for the purpose of offering or providing health benefits to the employees of 2 or more employers. (I) The health care program for active military personnel under title 10, United States Code. (J) The veterans health care program under chapter 17 of title 38, United States Code. (K) The Civilian Health and Medical Program of the Uniformed Services (CHAMPUS), as defined in section 1072(4) of title 10, United States Code. (L) The Indian health service program under the Indian Health Care Improvement Act (25 U.S.C. 1601 et seq.). (M) The Federal Employees Health Benefit Plan under chapter 89 of title 5, United States Code. (6) INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION.–The term ‘individually identifiable health information’ means any information, including demographic information collected from an individual, that– (A) is created or received by a health care provider, health plan, employer, or health care clearinghouse; and (B) relates to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual, and– (i) identifies the individual; or (ii) with respect to which there is a reasonable basis to believe that the information can be used to identify the individual. (7) STANDARD.–The term ‘standard’, when used with reference to a data element of health information or a transaction referred to in section 1173(a)(1), means any such data element or transaction that meets each of the standards and implementation specifications adopted or established by the Secretary with respect to the data element or transaction under sections 1172 through 1174. (8) STANDARD SETTING ORGANIZATION.–The term ‘standard setting organization’ means a standard setting organization accredited by the American National Standards Institute, including the National Council for Prescription Drug Programs, that develops standards for information transactions, data elements, or any other standard that is necessary to, or will facilitate, the implementation of this part. GENERAL REQUIREMENTS FOR ADOPTION OF STANDARDS

Sec. 1171. DEFINITIONS.

DEFINITIONS SEC. 1171. For purposes of this part: (1) CODE SET.–The term ‘code set’ means any set of codes used for encoding data elements, such as tables of terms, medical concepts, medical diagnostic codes, or medical procedure codes. (2) HEALTH CARE CLEARINGHOUSE.–The term ‘health care clearinghouse’ means a public or private entity that processes or facilitates the processing of nonstandard data elements of health information into standard data elements. (3) HEALTH CARE PROVIDER.–The term ‘health care provider’ includes a provider of services (as defined in section 1861(u)), a provider of medical or other health services (as defined in section 1861(s)), and any other person furnishing health care services or supplies. (4) HEALTH INFORMATION.–The term ‘health information’ means any information, whether oral or recorded in any form or medium, that– (A) is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and (B) relates to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual. (5) HEALTH PLAN.–The term ‘health plan’ means an individual or group plan that provides, or pays the cost of, medical care (as such term is defined in section 2791 of the Public Health Service Act). Such term includes the following, and any combination thereof: (A) A group health plan (as defined in section 2791(a) of the Public Health Service Act), but only if the plan– (i) has 50 or more participants (as defined in section 3(7) of the Employee Retirement Income Security Act of 1974); or (ii) is administered by an entity other than the employer who established and maintains the plan. (B) A health insurance issuer (as defined in section 2791(b) of the Public Health Service Act). (C) A health maintenance organization (as defined in section 2791(b) of the Public Health Service Act). (D) Part A or part B of the Medicare program under title XVIII. (E) The medicaid program under title XIX. (F) A Medicare supplemental policy (as defined in section 1882(g)(1)). (G) A long-term care policy, including a nursing home fixed indemnity policy (unless the Secretary determines that such a policy does not provide sufficiently comprehensive coverage of a benefit so that the policy should be treated as a health plan). (H) An employee welfare benefit plan or any other arrangement which is established or maintained for the purpose of offering or providing health benefits to the employees of 2 or more employers. (I) The health care program for active military personnel under title 10, United States Code. (J) The veterans health care program under chapter 17 of title 38, United States Code. (K) The Civilian Health and Medical Program of the Uniformed Services (CHAMPUS), as defined in section 1072(4) of title 10, United States Code. (L) The Indian health service program under the Indian Health Care Improvement Act (25 U.S.C. 1601 et seq.). (M) The Federal Employees Health Benefit Plan under chapter 89 of title 5, United States Code. (6) INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION.–The term ‘individually identifiable health information’ means any information, including demographic information collected from an individual, that– (A) is created or received by a health care provider, health plan, employer, or health care clearinghouse; and (B) relates to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual, and– (i) identifies the individual; or (ii) with respect to which there is a reasonable basis to believe that the information can be used to identify the individual. (7) STANDARD.–The term ‘standard’, when used with reference to a data element of health information or a transaction referred to in section 1173(a)(1), means any such data element or transaction that meets each of the standards and implementation specifications adopted or established by the Secretary with respect to the data element or transaction under sections 1172 through 1174. (8) STANDARD SETTING ORGANIZATION.–The term ‘standard setting organization’ means a standard setting organization accredited by the American National Standards Institute, including the National Council for Prescription Drug Programs, that develops standards for information transactions, data elements, or any other standard that is necessary to, or will facilitate, the implementation of this part. GENERAL REQUIREMENTS FOR ADOPTION OF STANDARDS

SEC. 1172. GENERAL REQUIREMENTS FOR ADOPTION OF STANDARDS

(a) APPLICABILITY.–Any standard adopted under this part shall apply, in whole or in part, to the following persons: (1) A health plan. (2) A health care clearinghouse. (3) A health care provider who transmits any health information in electronic form in connection with a transaction referred to in section 1173(a)(1). (b) REDUCTION OF COSTS.–Any standard adopted under this part shall be consistent with the objective of reducing the administrative costs of providing and paying for health care. (c) ROLE OF STANDARD SETTING ORGANIZATIONS.– (1) IN GENERAL.–Except as provided in paragraph (2), any standard adopted under this part shall be a standard that has been developed, adopted, or modified by a standard setting organization. (2) SPECIAL RULES.– (A) DIFFERENT STANDARDS.–The Secretary may adopt a standard that is different from any standard developed, adopted, or modified by a standard setting organization, if– (i) the different standard will substantially reduce administrative costs to health care providers and health plans compared to the alternatives; and “(ii) the standard is promulgated in accordance with the rulemaking procedures of subchapter III of chapter 5 of title 5, United States Code. “(B) NO STANDARD BY STANDARD SETTING ORGANIZATION.–If no standard setting organization has developed, adopted, or modified any standard relating to a standard that the Secretary is authorized or required to adopt under this part– “(i) paragraph (1) shall not apply; and “(ii) subsection (f) shall apply. (3) CONSULTATION REQUIREMENT.– (A) IN GENERAL.–A standard may not be adopted under this part unless– (i) in the case of a standard that has been developed, adopted, or modified by a standard setting organization, the organization consulted with each of the organizations described in subparagraph (B) in the course of such development, adoption, or modification; and (ii) in the case of any other standard, the Secretary, in complying with the requirements of subsection (f), consulted with each of the organizations described in subparagraph (B) before adopting the standard. (B) ORGANIZATIONS DESCRIBED.–The organizations referred to in subparagraph (A) are the following: (i) The National Uniform Billing Committee. (ii) The National Uniform Claim Committee. (iii) The Workgroup for Electronic Data Interchange. (iv) The American Dental Association. (d) IMPLEMENTATION SPECIFICATIONS.–The Secretary shall establish specifications for implementing each of the standards adopted under this part. (e) PROTECTION OF TRADE SECRETS.–Except as otherwise required by law, a standard adopted under this part shall not require disclosure of trade secrets or confidential commercial information by a person required to comply with this part. (f) ASSISTANCE TO THE SECRETARY.–In complying with the requirements of this part, the Secretary shall rely on the recommendations of the National Committee on Vital and Health Statistics established under section 306(k) of the Public Health Service Act (42 U.S.C. 242k(k)), and shall consult with appropriate Federal and State agencies and private organizations. The Secretary shall publish in the Federal Register any recommendation of the National Committee on Vital and Health Statistics regarding the adoption of a standard under this part. (g) APPLICATION TO MODIFICATIONS OF STANDARDS.–This section shall apply to a modification to a standard (including an addition to a standard) adopted under section 1174(b) in the same manner as it applies to an initial standard adopted under section 1174(a).

SEC. 1173. STANDARDS FOR INFORMATION TRANSACTIONS AND DATA ELEMENTS

(a) STANDARDS TO ENABLE ELECTRONIC EXCHANGE.– (1) IN GENERAL.–The Secretary shall adopt standards for transactions, and data elements for such transactions, to enable health information to be exchanged electronically, that are appropriate for– (A) the financial and administrative transactions described in paragraph (2); and (B) other financial and administrative transactions determined appropriate by the Secretary, consistent with the goals of improving the operation of the health care system and reducing administrative costs. (2) TRANSACTIONS.–The transactions referred to in paragraph (1)(A) are transactions with respect to the following: (A) Health claims or equivalent encounter information. (B) Health claims attachments. (C) Enrollment and disenrollment in a health plan. (D) Eligibility for a health plan. (E) Health care payment and remittance advice. (F) Health plan premium payments. (G) First report of injury. (H) Health claim status. (I) Referral certification and authorization. (3) ACCOMMODATION OF SPECIFIC PROVIDERS.–The standards adopted by the Secretary under paragraph (1) shall accommodate the needs of different types of health care providers. (b) UNIQUE HEALTH IDENTIFIERS.– (1) IN GENERAL.–The Secretary shall adopt standards providing for a standard unique health identifier for each individual, employer, health plan, and health care provider for use in the health care system. In carrying out the preceding sentence for each health plan and health care provider, the Secretary shall take into account multiple uses for identifiers and multiple locations and specialty classifications for health care providers. (2) USE OF IDENTIFIERS.–The standards adopted under paragraph (1) shall specify the purposes for which a unique health identifier may be used. (c) CODE SETS.– (1) IN GENERAL.–The Secretary shall adopt standards that– (A) select code sets for appropriate data elements for the transactions referred to in subsection (a)(1) from among the code sets that have been developed by private and public entities; or (B) establish code sets for such data elements if no code sets for the data elements have been developed. (2) DISTRIBUTION.–The Secretary shall establish efficient and low-cost procedures for distribution (including electronic distribution) of code sets and modifications made to such code sets under section 1174(b). (d) SECURITY STANDARDS FOR HEALTH INFORMATION.– (1) SECURITY STANDARDS.–The Secretary shall adopt security standards that– (A) take into account– (i) the technical capabilities of record systems used to maintain health information; (ii) the costs of security measures; (iii) the need for training persons who have access to health information; (iv) the value of audit trails in computerized record systems; and (v) the needs and capabilities of small health care providers and rural health care providers (as such providers are defined by the Secretary); and (B) ensure that a health care clearinghouse, if it is part of a larger organization, has policies and security procedures which isolate the activities of the health care clearinghouse with respect to processing information in a manner that prevents unauthorized access to such information by such larger organization.” (2) SAFEGUARDS.–Each person described in section 1172(a) who maintains or transmits health information shall maintain reasonable and appropriate administrative, technical, and physical safeguards– (A) to ensure the integrity and confidentiality of the information; (B) to protect against any reasonably anticipated– (i) threats or hazards to the security or integrity of the information; and (ii) unauthorized uses or disclosures of the information; and (C) otherwise to ensure compliance with this part by the officers and employees of such person. (e) ELECTRONIC SIGNATURE.– (1) STANDARDS.–The Secretary, in coordination with the Secretary of Commerce, shall adopt standards specifying procedures for the electronic transmission and authentication of signatures with respect to the transactions referred to in subsection (a)(1). (2) EFFECT OF COMPLIANCE.–Compliance with the standards adopted under paragraph (1) shall be deemed to satisfy Federal and State statutory requirements for written signatures with respect to the transactions referred to in subsection (a)(1). (f) TRANSFER OF INFORMATION AMONG HEALTH PLANS.–The Secretary shall adopt standards for transferring among health plans appropriate standard data elements needed for the coordination of benefits, the sequential processing of claims, and other data elements for individuals who have more than one health plan.

SEC. 1174. TIMETABLES FOR ADOPTION OF STANDARDS

(a) INITIAL STANDARDS.–The Secretary shall carry out section 1173 not later than 18 months after the date of the enactment of the Health Insurance Portability and Accountability Act of 1996, except that standards relating to claims attachments shall be adopted not later than 30 months after such date. (b) ADDITIONS AND MODIFICATIONS TO STANDARDS.– (1) IN GENERAL.–Except as provided in paragraph (2), the Secretary shall review the standards adopted under section 1173, and shall adopt modifications to the standards (including additions to the standards), as determined appropriate, but not more frequently than once every 12 months. Any addition or modification to a standard shall be completed in a manner which minimizes the disruption and cost of compliance. (2) SPECIAL RULES.– (A) FIRST 12-MONTH PERIOD.–Except with respect to additions and modifications to code sets under subparagraph (B), the Secretary may not adopt any modification to a standard adopted under this part during the 12-month period beginning on the date the standard is initially adopted, unless the Secretary determines that the modification is necessary in order to permit compliance with the standard.” (B) ADDITIONS AND MODIFICATIONS TO CODE SETS.– (i) IN GENERAL.–The Secretary shall ensure that procedures exist for the routine maintenance, testing, enhancement, and expansion of code sets. (ii) Additional rules.–If a code set is modified under this subsection, the modified code set shall include instructions on how data elements of health information that were encoded prior to the modification may be converted or translated so as to preserve the informational value of the data elements that existed before the modification. Any modification to a code set under this subsection shall be implemented in a manner that minimizes the disruption and cost of complying with such modification.

SEC. 1175. REQUIREMENTS

(a) CONDUCT OF TRANSACTIONS BY PLANS.– (1) IN GENERAL.–If a person desires to conduct a transaction referred to in section 1173(a)(1) with a health plan as a standard transaction– (A) the health plan may not refuse to conduct such transaction as a standard transaction; (B) the insurance plan may not delay such transaction, or otherwise adversely affect, or attempt to adversely affect, the person or the transaction on the ground that the transaction is a standard transaction; and (C) the information transmitted and received in connection with the transaction shall be in the form of standard data elements of health information. (2) SATISFACTION OF REQUIREMENTS.–A health plan may satisfy the requirements under paragraph (1) by– (A) directly transmitting and receiving standard data elements of health information; or (B) submitting nonstandard data elements to a health care clearinghouse for processing into standard data elements and transmission by the health care clearinghouse, and receiving standard data elements through the health care clearinghouse. (3) TIMETABLE FOR COMPLIANCE.–Paragraph (1) shall not be construed to require a health plan to comply with any standard, implementation specification, or modification to a standard or specification adopted or established by the Secretary under sections 1172 through 1174 at any time prior to the date on which the plan is required to comply with the standard or specification under subsection (b). (b) COMPLIANCE WITH STANDARDS.– (1) INITIAL COMPLIANCE.– (A) IN GENERAL.–Not later than 24 months after the date on which an initial standard or implementation specification is adopted or established under sections 1172 and 1173, each person to whom the standard or implementation specification applies shall comply with the standard or specification. (B) SPECIAL RULE FOR SMALL HEALTH PLANS.–In the case of a small health plan, paragraph (1) shall be applied by substituting ’36 months’ for ’24 months’. For purposes of this subsection, the Secretary shall determine the plans that qualify as small health plans. (2) COMPLIANCE WITH MODIFIED STANDARDS.–If the Secretary adopts a modification to a standard or implementation specification under this part, each person to whom the standard or implementation specification applies shall comply with the modified standard or implementation specification at such time as the Secretary determines appropriate, taking into account the time needed to comply due to the nature and extent of the modification. The time determined appropriate under the preceding sentence may not be earlier than the last day of the 180-day period beginning on the date such modification is adopted. The Secretary may extend the time for compliance for small health plans, if the Secretary determines that such extension is appropriate. (3) CONSTRUCTION.–Nothing in this subsection shall be construed to prohibit any person from complying with a standard or specification by– (A) submitting nonstandard data elements to a health care clearinghouse for processing into standard data elements and transmission by the health care clearinghouse; or (B) receiving standard data elements through a health care clearinghouse.

SEC. 1176. GENERAL PENALTY FOR FAILURE TO COMPLY WITH REQUIREMENTS AND STANDARDS

(a) GENERAL PENALTY.– (1) IN GENERAL.–Except as provided in subsection (b), the Secretary shall impose on any person who violates a provision of this part a penalty of not more than $100 for each such violation, except that the total amount imposed on the person for all violations of an identical requirement or prohibition during a calendar year may not exceed $25,000. (2) PROCEDURES.–The provisions of section 1128A (other than subsections (a) and (b) and the second sentence of subsection (f)) shall apply to the imposition of a civil money penalty under this subsection in the same manner as such provisions apply to the imposition of a penalty under such section 1128A. (b) LIMITATIONS.– (1) OFFENSES OTHERWISE PUNISHABLE.–A penalty may not be imposed under subsection (a) with respect to an act if the act constitutes an offense punishable under section 1177. (2) NONCOMPLIANCE NOT DISCOVERED.–A penalty may not be imposed under subsection (a) with respect to a provision of this part if it is established to the satisfaction of the Secretary that the person liable for the penalty did not know, and by exercising reasonable diligence would not have known, that such person violated the provision. (3) FAILURES DUE TO REASONABLE CAUSE.– (A) IN GENERAL.–Except as provided in subparagraph (B), a penalty may not be imposed under subsection (a) if– (i) the failure to comply was due to reasonable cause and not to willful neglect; and (ii) the failure to comply is corrected during the 30-day period beginning on the first date the person liable for the penalty knew, or by exercising reasonable diligence would have known, that the failure to comply occurred. (B) EXTENSION OF PERIOD.– (i) NO PENALTY.–The period referred to in subparagraph (A)(ii) may be extended as determined appropriate by the Secretary based on the nature and extent of the failure to comply. (ii) ASSISTANCE.–If the Secretary determines that a person failed to comply because the person was unable to comply, the Secretary may provide technical assistance to the person during the period described in subparagraph (A)(ii). Such assistance shall be provided in any manner determined appropriate by the Secretary. (4) REDUCTION.–In the case of a failure to comply which is due to reasonable cause and not to willful neglect, any penalty under subsection (a) that is not entirely waived under paragraph (3) may be waived to the extent that the payment of such penalty would be excessive relative to the compliance failure involved.

SEC. 1177. WRONGFUL DISCLOSURE OF INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION

(a) OFFENSE.–A person who knowingly and in violation of this part– (1) uses or causes to be used a unique health identifier;” (2) obtains individually identifiable health information relating to an individual; or (3) discloses individually identifiable health information to another person, shall be punished as provided in subsection (b). (b) PENALTIES.–A person described in subsection (a) shall– (1) be fined not more than $50,000, imprisoned not more than 1 year, or both; (2) if the offense is committed under false pretenses, be fined not more than $100,000, imprisoned not more than 5 years, or both; and (3) if the offense is committed with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm, be fined not more than $250,000, imprisoned not more than 10 years, or both.

SEC. 1178. EFFECT ON STATE LAW

(a) GENERAL EFFECT.– (1) GENERAL RULE.–Except as provided in paragraph (2), a provision or requirement under this part, or a standard or implementation specification adopted or established under sections 1172 through 1174, shall supersede any contrary provision of State law, including a provision of State law that requires medical or health plan records (including billing information) to be maintained or transmitted in written rather than electronic form. (2) EXCEPTIONS.–A provision or requirement under this part, or a standard or implementation specification adopted or established under sections 1172 through 1174, shall not supersede a contrary provision of State law, if the provision of State law– (A) is a provision the Secretary determines– (i) is necessary– (I) to prevent fraud and abuse; (II) to ensure appropriate State regulation of insurance and health plans; (III) for State reporting on health care delivery or costs; or (IV) for other purposes; or (ii) addresses controlled substances; or (B) subject to section 264(c)(2) of the Health Insurance Portability and Accountability Act of 1996, relates to the privacy of individually identifiable health information. (b) PUBLIC HEALTH.–Nothing in this part shall be construed to invalidate or limit the authority, power, or procedures established under any law providing for the reporting of disease or injury, child abuse, birth, or death, public health surveillance, or public health investigation or intervention. (c) STATE REGULATORY REPORTING.–Nothing in this part shall limit the ability of a State to require a health plan to report, or to provide access to, information for management audits, financial audits, program monitoring and evaluation, facility licensure or certification, or individual licensure or certification.

EC. 1179. PROCESSING PAYMENT TRANSACTIONS BY FINANCIAL INSTITUTIONS

To the extent that an entity is engaged in activities of a financial institution (as defined in section 1101 of the Right to Financial Privacy Act of 1978), or is engaged in authorizing, processing, clearing, settling, billing, transferring, reconciling, or collecting payments, for a financial institution, this part, and any standard adopted under this part, shall not apply to the entity with respect to such activities, including the following: (1) The use or disclosure of information by the entity for authorizing, processing, clearing, settling, billing, transferring, reconciling or collecting, a payment for, or related to, health plan premiums or health care, where such payment is made by any means, including a credit, debit, or other payment card, an account, check, or electronic funds transfer. (2) The request for, or the use or disclosure of, information by the entity with respect to a payment described in paragraph (1)– (A) for transferring receivables; (B) for auditing; (C) in connection with– (i) a customer dispute; or (ii) an inquiry from, or to, a customer; (D) in a communication to a customer of the entity regarding the customer’s transactions, payment card, account, check, or electronic funds transfer; (E) for reporting to consumer reporting agencies; or (F) for complying with– (i) a civil or criminal subpoena; or (ii) a Federal or State law regulating the entity.”. (b) CONFORMING AMENDMENTS.– (1) REQUIREMENT FOR MEDICARE PROVIDERS.–Section 1866(a)(1) (42 U.S.C. 1395cc(a)(1)) is amended– (A) by striking “and” at the end of subparagraph (P); (B) by striking the period at the end of subparagraph (Q) and inserting “; and”; and (C) by inserting immediately after subparagraph (Q) the following new subparagraph: (R) to contract only with a health care clearinghouse (as defined in section 1171) that meets each standard and implementation specification adopted or established under part C of title XI on or after the date on which the health care clearinghouse is required to comply with the standard or specification.”. (2) TITLE HEADING.–Title XI (42 U.S.C. 1301 et seq.) is amended by striking the title heading and inserting the following: “TITLE XI–GENERAL PROVISIONS, PEER REVIEW, AND ADMINISTRATIVE SIMPLIFICATION”.

SEC. 263. CHANGES IN MEMBERSHIP AND DUTIES OF NATIONAL COMMITTEE ON VITAL AND HEALTH STATISTICS.

Section 306(k) of the Public Health Service Act (42 U.S.C. 242k(k)) is amended– (1) in paragraph (1), by striking “16″ and inserting “18″; (2) by amending paragraph (2) to read as follows: (2) The members of the Committee shall be appointed from among persons who have distinguished themselves in the fields of health statistics, electronic interchange of health care information, privacy and security of electronic information, population-based public health, purchasing or financing health care services, integrated computerized health information systems, health services research, consumer interests in health information, health data standards, epidemiology, and the provision of health services. Members of the Committee shall be appointed for terms of 4 years.”; (3) by redesignating paragraphs (3) through (5) as paragraphs (4) through (6), respectively, and inserting after paragraph (2) the following: (3) Of the members of the Committee– (A) 1 shall be appointed, not later than 60 days after the date of the enactment of the Health Insurance Portability and Accountability Act of 1996, by the Speaker of the House of Representatives after consultation with the Minority Leader of the House of Representatives; (B) 1 shall be appointed, not later than 60 days after the date of the enactment of the Health Insurance Portability and Accountability Act of 1996, by the President pro tempore of the Senate after consultation with the Minority Leader of the Senate; and (C) 16 shall be appointed by the Secretary.”; (4) by amending paragraph (5) (as so redesignated) to read as follows: (5) The Committee– (A) shall assist and advise the Secretary– (i) to delineate statistical problems bearing on health and health services which are of national or international interest; (ii) to stimulate studies of such problems by other organizations and agencies whenever possible or to make investigations of such problems through subcommittees; (iii) to determine, approve, and revise the terms, definitions, classifications, and guidelines for assessing health status and health services, their distribution and costs, for use (I) within the Department of Health and Human Services, (II) by all programs administered or funded by the Secretary, including the Federal-State-local cooperative health statistics system referred to in subsection (e), and (III) to the extent possible as determined by the head of the agency involved, by the Department of Veterans Affairs, the Department of Defense, and other Federal agencies concerned with health and health services; (iv) with respect to the design of and approval of health statistical and health information systems concerned with the collection, processing, and tabulation of health statistics within the Department of Health and Human Services, with respect to the Cooperative Health Statistics System established under subsection (e), and with respect to the standardized means for the collection of health information and statistics to be established by the Secretary under subsection (j)(1); (v) to review and comment on findings and proposals developed by other organizations and agencies and to make recommendations for their adoption or implementation by local, State, national, or international agencies; (vi) to cooperate with national committees of other countries and with the World Health Organization and other national agencies in the studies of problems of mutual interest; (vii) to issue an annual report on the state of the Nation’s health, its health services, their costs and distributions, and to make proposals for improvement of the Nation’s health statistics and health information systems; and (viii) in complying with the requirements imposed on the Secretary under part C of title XI of the Social Security Act; (B) shall study the issues related to the adoption of uniform data standards for patient medical record information and the electronic exchange of such information; (C) shall report to the Secretary not later than 4 years after the date of the enactment of the Health Insurance Portability and Accountability Act of 1996 recommendations and legislative proposals for such standards and electronic exchange; and (D) shall be responsible generally for advising the Secretary and the Congress on the status of the implementation of part C of title XI of the Social Security Act.”; and (5) by adding at the end the following: (7) Not later than 1 year after the date of the enactment of the Health Insurance Portability and Accountability Act of 1996, and annually thereafter, the Committee shall submit to the Congress, and make public, a report regarding the implementation of part C of title XI of the Social Security Act. Such report shall address the following subjects, to the extent that the Committee determines appropriate: (A) The extent to which persons required to comply with part C of title XI of the Social Security Act are cooperating in implementing the standards adopted under such part. (B) The extent to which such entities are meeting the security standards adopted under such part and the types of penalties assessed for noncompliance with such standards. (C) Whether the Federal and State Governments are receiving information of sufficient quality to meet their responsibilities under such part. (D) Any problems that exist with respect to implementation of such part. (E) The extent to which timetables under such part are being met.”.

SEC. 264. RECOMMENDATIONS WITH RESPECT TO PRIVACY OF CERTAIN HEALTH INFORMATION.

(a) IN GENERAL.–Not later than the date that is 12 months after the date of the enactment of this Act, the Secretary of Health and Human Services shall submit to the Committee on Labor and Human Resources and the Committee on Finance of the Senate and the Committee on Commerce and the Committee on Ways and Means of the House of Representatives detailed recommendations on standards with respect to the privacy of individually identifiable health information. (b) SUBJECTS FOR RECOMMENDATIONS.–The recommendations under subsection (a) shall address at least the following: (1) The rights that an individual who is a subject of individually identifiable health information should have. (2) The procedures that should be established for the exercise of such rights. (3) The uses and disclosures of such information that should be authorized or required. (c) REGULATIONS.– (1) IN GENERAL.–If legislation governing standards with respect to the privacy of individually identifiable health information transmitted in connection with the transactions described in section 1173(a) of the Social Security Act (as added by section 262) is not enacted by the date that is 36 months after the date of the enactment of this Act, the Secretary of Health and Human Services shall promulgate final regulations containing such standards not later than the date that is 42 months after the date of the enactment of this Act. Such regulations shall address at least the subjects described in subsection (b). (2) PREEMPTION.–A regulation promulgated under paragraph (1) shall not supercede a contrary provision of State law, if the provision of State law imposes requirements, standards, or implementation specifications that are more stringent than the requirements, standards, or implementation specifications imposed under the regulation. (d) CONSULTATION.–In carrying out this section, the Secretary of Health and Human Services shall consult with– (1) the National Committee on Vital and Health Statistics established under section 306(k) of the Public Health Service Act (42 U.S.C. 242k(k)); and (2) the Attorney General.

Fair Credit Reporting Act

Fair Credit Reporting Act

Introduction

An Act To amend the Fair Credit Reporting Act, to prevent identity theft, improve resolution of consumer disputes, improve the accuracy of consumer records, make improvements in the use of, and consumer access to, credit information, and for other purposes. Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled.

SECTION 1. SHORT TITLE; TABLE OF CONTENTS.

SECTION 1. SHORT TITLE; TABLE OF CONTENTS. (a) SHORT TITLE- This Act may be cited as the `Fair and Accurate Credit Transactions Act of 2003′. (b) TABLE OF CONTENTS- The table of contents for this Act is as follows: Sec. 1. Short title; table of contents. Sec. 2. Definitions. Sec. 3. Effective dates. TITLE I–IDENTITY THEFT PREVENTION AND CREDIT HISTORY RESTORATION Subtitle A–Identity Theft Prevention Sec. 111. Amendment to definitions. Sec. 112. Fraud alerts and active duty alerts. Sec. 113. Truncation of credit card and debit card account numbers. Sec. 114. Establishment of procedures for the identification of possible instances of identity theft. Sec. 115. Authority to truncate social security numbers. Subtitle B–Protection and Restoration of Identity Theft Victim Credit History Sec. 151. Summary of rights of identity theft victims. Sec. 152. Blocking of information resulting from identity theft. Sec. 153. Coordination of identity theft complaint investigations. Sec. 154. Prevention of repollution of consumer reports. Sec. 155. Notice by debt collectors with respect to fraudulent information. Sec. 156. Statute of limitations. Sec. 157. Study on the use of technology to combat identity theft. TITLE II–IMPROVEMENTS IN USE OF AND CONSUMER ACCESS TO CREDIT INFORMATION Sec. 211. Free consumer reports. Sec. 212. Disclosure of credit scores. Sec. 213. Enhanced disclosure of the means available to opt out of prescreened lists. Sec. 214. Affiliate sharing. Sec. 215. Study of effects of credit scores and credit-based insurance scores on availability and affordability of financial products. Sec. 216. Disposal of consumer report information and records. Sec. 217. Requirement to disclose communications to a consumer reporting agency. TITLE III–ENHANCING THE ACCURACY OF CONSUMER REPORT INFORMATION Sec. 311. Risk-based pricing notice. Sec. 312. Procedures to enhance the accuracy and integrity of information furnished to consumer reporting agencies. Sec. 313. FTC and consumer reporting agency action concerning complaints. Sec. 314. Improved disclosure of the results of reinvestigation. Sec. 315. Reconciling addresses. Sec. 316. Notice of dispute through reseller. Sec. 317. Reasonable reinvestigation required. Sec. 318. FTC study of issues relating to the Fair Credit Reporting Act. Sec. 319. FTC study of the accuracy of consumer reports. TITLE IV–LIMITING THE USE AND SHARING OF MEDICAL INFORMATION IN THE FINANCIAL SYSTEM Sec. 411. Protection of medical information in the financial system. Sec. 412. Confidentiality of medical contact information in consumer reports. TITLE V–FINANCIAL LITERACY AND EDUCATION IMPROVEMENT Sec. 511. Short title. Sec. 512. Definitions. Sec. 513. Establishment of Financial Literacy and Education Commission. Sec. 514. Duties of the Commission. Sec. 515. Powers of the Commission. Sec. 516. Commission personnel matters. Sec. 517. Studies by the Comptroller General. Sec. 518. The national public service multimedia campaign to enhance the state of financial literacy. Sec. 519. Authorization of appropriations. TITLE VI–PROTECTING EMPLOYEE MISCONDUCT INVESTIGATIONS Sec. 611. Certain employee investigation communications excluded from definition of consumer report. TITLE VII–RELATION TO STATE LAWS Sec. 711. Relation to State laws. TITLE VIII–MISCELLANEOUS Sec. 811. Clerical amendments. SEC. 2. DEFINITIONS. As used in this Act– (1) the term `Board’ means the Board of Governors of the Federal Reserve System; (2) the term `Commission’, other than as used in title V, means the Federal Trade Commission; (3) the terms `consumer’, `consumer report’, `consumer reporting agency’, `creditor’, `Federal banking agencies’, and `financial institution’ have the same meanings as in section 603 of the Fair Credit Reporting Act, as amended by this Act; and (4) the term `affiliates’ means persons that are related by common ownership or affiliated by corporate control. SEC. 3. EFFECTIVE DATES. Except as otherwise specifically provided in this Act and the amendments made by this Act– (1) before the end of the 2-month period beginning on the date of enactment of this Act, the Board and the Commission shall jointly prescribe regulations in final form establishing effective dates for each provision of this Act; and (2) the regulations prescribed under paragraph (1) shall establish effective dates that are as early as possible, while allowing a reasonable time for the implementation of the provisions of this Act, but in no case shall any such effective date be later than 10 months after the date of issuance of such regulations in final form.

TITLE I–IDENTITY THEFT PREVENTION AND CREDIT HISTORY RESTORATION

Subtitle A–Identity Theft Prevention Sec. 111. Amendment to definitions. Sec. 112. Fraud alerts and active duty alerts. Sec. 113. Truncation of credit card and debit card account numbers. Sec. 114. Establishment of procedures for the identification of possible instances of identity theft. Sec. 115. Authority to truncate social security numbers. Subtitle B–Protection and Restoration of Identity Theft Victim Credit History Sec. 151. Summary of rights of identity theft victims. Sec. 152. Blocking of information resulting from identity theft. Sec. 153. Coordination of identity theft complaint investigations. Sec. 154. Prevention of repollution of consumer reports. Sec. 155. Notice by debt collectors with respect to fraudulent information. Sec. 156. Statute of limitations. Sec. 157. Study on the use of technology to combat identity theft.

SEC. 111. AMENDMENT TO DEFINITIONS.

Section 603 of the Fair Credit Reporting Act (15 U.S.C. 1681a) is amended by adding at the end the following: (q) DEFINITIONS RELATING TO FRAUD ALERTS- (1) ACTIVE DUTY MILITARY CONSUMER- The term `active duty military consumer’ means a consumer in military service who– (A) is on active duty (as defined in section 101(d)(1) of title 10, United States Code) or is a reservist performing duty under a call or order to active duty under a provision of law referred to in section 101(a)(13) of title 10, United States Code; and (B) is assigned to service away from the usual duty station of the consumer. (2) FRAUD ALERT; ACTIVE DUTY ALERT- The terms `fraud alert’ and `active duty alert’ mean a statement in the file of a consumer that– (A) notifies all prospective users of a consumer report relating to the consumer that the consumer may be a victim of fraud, including identity theft, or is an active duty military consumer, as applicable; and (B) is presented in a manner that facilitates a clear and conspicuous view of the statement described in subparagraph (A) by any person requesting such consumer report. (3) IDENTITY THEFT- The term `identity theft’ means a fraud committed using the identifying information of another person, subject to such further definition as the Commission may prescribe, by regulation. (4) IDENTITY THEFT REPORT- The term `identity theft report’ has the meaning given that term by rule of the Commission, and means, at a minimum, a report– (A) that alleges an identity theft; (B) that is a copy of an official, valid report filed by a consumer with an appropriate Federal, State, or local law enforcement agency, including the United States Postal Inspection Service, or such other government agency deemed appropriate by the Commission; and (C) the filing of which subjects the person filing the report to criminal penalties relating to the filing of false information if, in fact, the information in the report is false. (5) NEW CREDIT PLAN- The term `new credit plan’ means a new account under an open end credit plan (as defined in section 103(i) of the Truth in Lending Act) or a new credit transaction not under an open end credit plan. (r) Credit and Debit Related Terms– (1) CARD ISSUER- The term `card issuer’ means– (A) a credit card issuer, in the case of a credit card; and (B) a debit card issuer, in the case of a debit card. (2) CREDIT CARD- The term `credit card’ has the same meaning as in section 103 of the Truth in Lending Act. (3) DEBIT CARD- The term `debit card’ means any card issued by a financial institution to a consumer for use in initiating an electronic fund transfer from the account of the consumer at such financial institution, for the purpose of transferring money between accounts or obtaining money, property, labor, or services. (4) ACCOUNT AND ELECTRONIC FUND TRANSFER- The terms `account’ and `electronic fund transfer’ have the same meanings as in section 903 of the Electronic Fund Transfer Act. (5) CREDIT AND CREDITOR- The terms `credit’ and `creditor’ have the same meanings as in section 702 of the Equal Credit Opportunity Act. (s) FEDERAL BANKING AGENCY- The term `Federal banking agency’ has the same meaning as in section 3 of the Federal Deposit Insurance Act. (t) FINANCIAL INSTITUTION- The term `financial institution’ means a State or National bank, a State or Federal savings and loan association, a mutual savings bank, a State or Federal credit union, or any other person that, directly or indirectly, holds a transaction account (as defined in section 19(b) of the Federal Reserve Act) belonging to a consumer. (u) RESELLER- The term `reseller’ means a consumer reporting agency that– (1) assembles and merges information contained in the database of another consumer reporting agency or multiple consumer reporting agencies concerning any consumer for purposes of furnishing such information to any third party, to the extent of such activities; and (2) does not maintain a database of the assembled or merged information from which new consumer reports are produced. (v) COMMISSION- The term `Commission’ means the Federal Trade Commission. (w) NATIONWIDE SPECIALTY CONSUMER REPORTING AGENCY- The term `nationwide specialty consumer reporting agency’ means a consumer reporting agency that compiles and maintains files on consumers on a nationwide basis relating to– (1) medical records or payments; (2) residential or tenant history; (3) check writing history; (4) employment history; or (5) insurance claims.’.

SEC. 112. FRAUD ALERTS AND ACTIVE DUTY ALERTS.

(a) FRAUD ALERTS- The Fair Credit Reporting Act (15 U.S.C. 1681 et seq.) is amended by inserting after section 605 the following: Sec. 605A. Identity theft prevention; fraud alerts and active duty alerts (a) ONE-CALL FRAUD ALERTS- (1) INITIAL ALERTS- Upon the direct request of a consumer, or an individual acting on behalf of or as a personal representative of a consumer, who asserts in good faith a suspicion that the consumer has been or is about to become a victim of fraud or related crime, including identity theft, a consumer reporting agency described in section 603(p) that maintains a file on the consumer and has received appropriate proof of the identity of the requester shall– (A) include a fraud alert in the file of that consumer, and also provide that alert along with any credit score generated in using that file, for a period of not less than 90 days, beginning on the date of such request, unless the consumer or such representative requests that such fraud alert be removed before the end of such period, and the agency has received appropriate proof of the identity of the requester for such purpose; and (B) refer the information regarding the fraud alert under this paragraph to each of the other consumer reporting agencies described in section 603(p), in accordance with procedures developed under section 621(f). (2) ACCESS TO FREE REPORTS- In any case in which a consumer reporting agency includes a fraud alert in the file of a consumer pursuant to this subsection, the consumer reporting agency shall– (A) disclose to the consumer that the consumer may request a free copy of the file of the consumer pursuant to section 612(d); and (B) provide to the consumer all disclosures required to be made under section 609, without charge to the consumer, not later than 3 business days after any request described in subparagraph (A). (b) EXTENDED ALERTS- (1) IN GENERAL- Upon the direct request of a consumer, or an individual acting on behalf of or as a personal representative of a consumer, who submits an identity theft report to a consumer reporting agency described in section 603(p) that maintains a file on the consumer, if the agency has received appropriate proof of the identity of the requester, the agency shall– (A) include a fraud alert in the file of that consumer, and also provide that alert along with any credit score generated in using that file, during the 7-year period beginning on the date of such request, unless the consumer or such representative requests that such fraud alert be removed before the end of such period and the agency has received appropriate proof of the identity of the requester for such purpose; (B) during the 5-year period beginning on the date of such request, exclude the consumer from any list of consumers prepared by the consumer reporting agency and provided to any third party to offer credit or insurance to the consumer as part of a transaction that was not initiated by the consumer, unless the consumer or such representative requests that such exclusion be rescinded before the end of such period; and (C) refer the information regarding the extended fraud alert under this paragraph to each of the other consumer reporting agencies described in section 603(p), in accordance with procedures developed under section 621(f). (2) ACCESS TO FREE REPORTS- In any case in which a consumer reporting agency includes a fraud alert in the file of a consumer pursuant to this subsection, the consumer reporting agency shall– (A) disclose to the consumer that the consumer may request 2 free copies of the file of the consumer pursuant to section 612(d) during the 12-month period beginning on the date on which the fraud alert was included in the file; and (B) provide to the consumer all disclosures required to be made under section 609, without charge to the consumer, not later than 3 business days after any request described in subparagraph (A). (c) ACTIVE DUTY ALERTS- Upon the direct request of an active duty military consumer, or an individual acting on behalf of or as a personal representative of an active duty military consumer, a consumer reporting agency described in section 603(p) that maintains a file on the active duty military consumer and has received appropriate proof of the identity of the requester shall– (1) include an active duty alert in the file of that active duty military consumer, and also provide that alert along with any credit score generated in using that file, during a period of not less than 12 months, or such longer period as the Commission shall determine, by regulation, beginning on the date of the request, unless the active duty military consumer or such representative requests that such fraud alert be removed before the end of such period, and the agency has received appropriate proof of the identity of the requester for such purpose; (2) during the 2-year period beginning on the date of such request, exclude the active duty military consumer from any list of consumers prepared by the consumer reporting agency and provided to any third party to offer credit or insurance to the consumer as part of a transaction that was not initiated by the consumer, unless the consumer requests that such exclusion be rescinded before the end of such period; and (3) refer the information regarding the active duty alert to each of the other consumer reporting agencies described in section 603(p), in accordance with procedures developed under section 621(f). (d) PROCEDURES- Each consumer reporting agency described in section 603(p) shall establish policies and procedures to comply with this section, including procedures that inform consumers of the availability of initial, extended, and active duty alerts and procedures that allow consumers and active duty military consumers to request initial, extended, or active duty alerts (as applicable) in a simple and easy manner, including by telephone. (e) REFERRALS OF ALERTS- Each consumer reporting agency described in section 603(p) that receives a referral of a fraud alert or active duty alert from another consumer reporting agency pursuant to this section shall, as though the agency received the request from the consumer directly, follow the procedures required under– (1) paragraphs (1)(A) and (2) of subsection (a), in the case of a referral under subsection (a)(1)(B); (2) paragraphs (1)(A), (1)(B), and (2) of subsection (b), in the case of a referral under subsection (b)(1)(C); and (3) paragraphs (1) and (2) of subsection (c), in the case of a referral under subsection (c)(3). (f) DUTY OF RESELLER TO RECONVEY ALERT- A reseller shall include in its report any fraud alert or active duty alert placed in the file of a consumer pursuant to this section by another consumer reporting agency. (g) DUTY OF OTHER CONSUMER REPORTING AGENCIES TO PROVIDE CONTACT INFORMATION- If a consumer contacts any consumer reporting agency that is not described in section 603(p) to communicate a suspicion that the consumer has been or is about to become a victim of fraud or related crime, including identity theft, the agency shall provide information to the consumer on how to contact the Commission and the consumer reporting agencies described in section 603(p) to obtain more detailed information and request alerts under this section. (h) LIMITATIONS ON USE OF INFORMATION FOR CREDIT EXTENSIONS- (1) REQUIREMENTS FOR INITIAL AND ACTIVE DUTY ALERTS- (A) NOTIFICATION- Each initial fraud alert and active duty alert under this section shall include information that notifies all prospective users of a consumer report on the consumer to which the alert relates that the consumer does not authorize the establishment of any new credit plan or extension of credit, other than under an open-end credit plan (as defined in section 103(i)), in the name of the consumer, or issuance of an additional card on an existing credit account requested by a consumer, or any increase in credit limit on an existing credit account requested by a consumer, except in accordance with subparagraph (B). (B) LIMITATION ON USERS- (i) IN GENERAL- No prospective user of a consumer report that includes an initial fraud alert or an active duty alert in accordance with this section may establish a new credit plan or extension of credit, other than under an open-end credit plan (as defined in section 103(i)), in the name of the consumer, or issue an additional card on an existing credit account requested by a consumer, or grant any increase in credit limit on an existing credit account requested by a consumer, unless the user utilizes reasonable policies and procedures to form a reasonable belief that the user knows the identity of the person making the request. (ii) VERIFICATION- If a consumer requesting the alert has specified a telephone number to be used for identity verification purposes, before authorizing any new credit plan or extension described in clause (i) in the name of such consumer, a user of such consumer report shall contact the consumer using that telephone number or take reasonable steps to verify the consumer’s identity and confirm that the application for a new credit plan is not the result of identity theft. (2) REQUIREMENTS FOR EXTENDED ALERTS- (A) NOTIFICATION- Each extended alert under this section shall include information that provides all prospective users of a consumer report relating to a consumer with– (i) notification that the consumer does not authorize the establishment of any new credit plan or extension of credit described in clause (i), other than under an open-end credit plan (as defined in section 103(i)), in the name of the consumer, or issuance of an additional card on an existing credit account requested by a consumer, or any increase in credit limit on an existing credit account requested by a consumer, except in accordance with subparagraph (B); and (ii) a telephone number or other reasonable contact method designated by the consumer. (B) LIMITATION ON USERS- No prospective user of a consumer report or of a credit score generated using the information in the file of a consumer that includes an extended fraud alert in accordance with this section may establish a new credit plan or extension of credit, other than under an open-end credit plan (as defined in section 103(i)), in the name of the consumer, or issue an additional card on an existing credit account requested by a consumer, or any increase in credit limit on an existing credit account requested by a consumer, unless the user contacts the consumer in person or using the contact method described in subparagraph (A)(ii) to confirm that the application for a new credit plan or increase in credit limit, or request for an additional card is not the result of identity theft.’. (b) RULEMAKING- The Commission shall prescribe regulations to define what constitutes appropriate proof of identity for purposes of sections 605A, 605B, and 609(a)(1) of the Fair Credit Reporting Act, as amended by this Act.

SEC. 113. TRUNCATION OF CREDIT CARD AND DEBIT CARD ACCOUNT NUMBERS.

Section 605 of the Fair Credit Reporting Act (15 U.S.C. 1681c) is amended by adding at the end the following: (g) TRUNCATION OF CREDIT CARD AND DEBIT CARD NUMBERS- (1) IN GENERAL- Except as otherwise provided in this subsection, no person that accepts credit cards or debit cards for the transaction of business shall print more than the last 5 digits of the card number or the expiration date upon any receipt provided to the cardholder at the point of the sale or transaction. (2) LIMITATION- This subsection shall apply only to receipts that are electronically printed, and shall not apply to transactions in which the sole means of recording a credit card or debit card account number is by handwriting or by an imprint or copy of the card. (3) EFFECTIVE DATE- This subsection shall become effective– (A) 3 years after the date of enactment of this subsection, with respect to any cash register or other machine or device that electronically prints receipts for credit card or debit card transactions that is in use before January 1, 2005; and (B) 1 year after the date of enactment of this subsection, with respect to any cash register or other machine or device that electronically prints receipts for credit card or debit card transactions that is first put into use on or after January 1, 2005.’.

SEC. 114. ESTABLISHMENT OF PROCEDURES FOR THE IDENTIFICATION OF POSSIBLE INSTANCES OF IDENTITY THEFT.

Section 615 of the Fair Credit Reporting Act (15 U.S.C. 1681m) is amended– (1) by striking `(e)’ at the end; and (2) by adding at the end the following: (e) RED FLAG GUIDELINES AND REGULATIONS REQUIRED- (1) GUIDELINES- The Federal banking agencies, the National Credit Union Administration, and the Commission shall jointly, with respect to the entities that are subject to their respective enforcement authority under section 621– (A) establish and maintain guidelines for use by each financial institution and each creditor regarding identity theft with respect to account holders at, or customers of, such entities, and update such guidelines as often as necessary; (B) prescribe regulations requiring each financial institution and each creditor to establish reasonable policies and procedures for implementing the guidelines established pursuant to subparagraph (A), to identify possible risks to account holders or customers or to the safety and soundness of the institution or customers; and (C) prescribe regulations applicable to card issuers to ensure that, if a card issuer receives notification of a change of address for an existing account, and within a short period of time (during at least the first 30 days after such notification is received) receives a request for an additional or replacement card for the same account, the card issuer may not issue the additional or replacement card, unless the card issuer, in accordance with reasonable policies and procedures– (i) notifies the cardholder of the request at the former address of the cardholder and provides to the cardholder a means of promptly reporting incorrect address changes; (ii) notifies the cardholder of the request by such other means of communication as the cardholder and the card issuer previously agreed to; or (iii) uses other means of assessing the validity of the change of address, in accordance with reasonable policies and procedures established by the card issuer in accordance with the regulations prescribed under subparagraph (B). (2) CRITERIA- (A) IN GENERAL- In developing the guidelines required by paragraph (1)(A), the agencies described in paragraph (1) shall identify patterns, practices, and specific forms of activity that indicate the possible existence of identity theft. (B) INACTIVE ACCOUNTS- In developing the guidelines required by paragraph (1)(A), the agencies described in paragraph (1) shall consider including reasonable guidelines providing that when a transaction occurs with respect to a credit or deposit account that has been inactive for more than 2 years, the creditor or financial institution shall follow reasonable policies and procedures that provide for notice to be given to a consumer in a manner reasonably designed to reduce the likelihood of identity theft with respect to such account. (3) CONSISTENCY WITH VERIFICATION REQUIREMENTS- Guidelines established pursuant to paragraph (1) shall not be inconsistent with the policies and procedures required under section 5318(l) of title 31, United States Code.’.

SEC. 115. AUTHORITY TO TRUNCATE SOCIAL SECURITY NUMBERS.

Section 609(a)(1) of the Fair Credit Reporting Act (15 U.S.C. 1681g(a)(1)) is amended by striking `except that nothing’ and inserting the following: `except that– (A) if the consumer to whom the file relates requests that the first 5 digits of the social security number (or similar identification number) of the consumer not be included in the disclosure and the consumer reporting agency has received appropriate proof of the identity of the requester, the consumer reporting agency shall so truncate such number in such disclosure; and (B) nothing’. Subtitle B–Protection and Restoration of Identity Theft Victim Credit History

SEC. 151. SUMMARY OF RIGHTS OF IDENTITY THEFT VICTIMS.

Subtitle B–Protection and Restoration of Identity Theft Victim Credit History (a) IN GENERAL- (1) SUMMARY- Section 609 of the Fair Credit Reporting Act (15 U.S.C. 1681g) is amended by adding at the end the following: (d) SUMMARY OF RIGHTS OF IDENTITY THEFT VICTIMS- (1) IN GENERAL- The Commission, in consultation with the Federal banking agencies and the National Credit Union Administration, shall prepare a model summary of the rights of consumers under this title with respect to the procedures for remedying the effects of fraud or identity theft involving credit, an electronic fund transfer, or an account or transaction at or with a financial institution or other creditor. (2) SUMMARY OF RIGHTS AND CONTACT INFORMATION- Beginning 60 days after the date on which the model summary of rights is prescribed in final form by the Commission pursuant to paragraph (1), if any consumer contacts a consumer reporting agency and expresses a belief that the consumer is a victim of fraud or identity theft involving credit, an electronic fund transfer, or an account or transaction at or with a financial institution or other creditor, the consumer reporting agency shall, in addition to any other action that the agency may take, provide the consumer with a summary of rights that contains all of the information required by the Commission under paragraph (1), and information on how to contact the Commission to obtain more detailed information. (e) INFORMATION AVAILABLE TO VICTIMS- (1) IN GENERAL- For the purpose of documenting fraudulent transactions resulting from identity theft, not later than 30 days after the date of receipt of a request from a victim in accordance with paragraph (3), and subject to verification of the identity of the victim and the claim of identity theft in accordance with paragraph (2), a business entity that has provided credit to, provided for consideration products, goods, or services to, accepted payment from, or otherwise entered into a commercial transaction for consideration with, a person who has allegedly made unauthorized use of the means of identification of the victim, shall provide a copy of application and business transaction records in the control of the business entity, whether maintained by the business entity or by another person on behalf of the business entity, evidencing any transaction alleged to be a result of identity theft to– (A) the victim; (B) any Federal, State, or local government law enforcement agency or officer specified by the victim in such a request; or (C) any law enforcement agency investigating the identity theft and authorized by the victim to take receipt of records provided under this subsection. (2) VERIFICATION OF IDENTITY AND CLAIM- Before a business entity provides any information under paragraph (1), unless the business entity, at its discretion, otherwise has a high degree of confidence that it knows the identity of the victim making a request under paragraph (1), the victim shall provide to the business entity– (A) as proof of positive identification of the victim, at the election of the business entity– (i) the presentation of a government-issued identification card; (ii) personally identifying information of the same type as was provided to the business entity by the unauthorized person; or (iii) personally identifying information that the business entity typically requests from new applicants or for new transactions, at the time of the victim’s request for information, including any documentation described in clauses (i) and (ii); and (B) as proof of a claim of identity theft, at the election of the business entity– (i) a copy of a police report evidencing the claim of the victim of identity theft; and (ii) a properly completed– (I) copy of a standardized affidavit of identity theft developed and made available by the Commission; or (II) an affidavit of fact that is acceptable to the business entity for that purpose. (3) PROCEDURES- The request of a victim under paragraph (1) shall– (A) be in writing; (B) be mailed to an address specified by the business entity, if any; and (C) if asked by the business entity, include relevant information about any transaction alleged to be a result of identity theft to facilitate compliance with this section including– (i) if known by the victim (or if readily obtainable by the victim), the date of the application or transaction; and (ii) if known by the victim (or if readily obtainable by the victim), any other identifying information such as an account or transaction number. (4) NO CHARGE TO VICTIM- Information required to be provided under paragraph (1) shall be so provided without charge. (5) AUTHORITY TO DECLINE TO PROVIDE INFORMATION- A business entity may decline to provide information under paragraph (1) if, in the exercise of good faith, the business entity determines that– (A) this subsection does not require disclosure of the information; (B) after reviewing the information provided pursuant to paragraph (2), the business entity does not have a high degree of confidence in knowing the true identity of the individual requesting the information; (C) the request for the information is based on a misrepresentation of fact by the individual requesting the information relevant to the request for information; or (D) the information requested is Internet navigational data or similar information about a person’s visit to a website or online service. (6) LIMITATION ON LIABILITY- Except as provided in section 621, sections 616 and 617 do not apply to any violation of this subsection. (7) LIMITATION ON CIVIL LIABILITY- No business entity may be held civilly liable under any provision of Federal, State, or other law for disclosure, made in good faith pursuant to this subsection. (8) NO NEW RECORDKEEPING OBLIGATION- Nothing in this subsection creates an obligation on the part of a business entity to obtain, retain, or maintain information or records that are not otherwise required to be obtained, retained, or maintained in the ordinary course of its business or under other applicable law. (9) RULE OF CONSTRUCTION- (A) IN GENERAL- No provision of subtitle A of title V of Public Law 106-102, prohibiting the disclosure of financial information by a business entity to third parties shall be used to deny disclosure of information to the victim under this subsection. (B) LIMITATION- Except as provided in subparagraph (A), nothing in this subsection permits a business entity to disclose information, including information to law enforcement under subparagraphs (B) and (C) of paragraph (1), that the business entity is otherwise prohibited from disclosing under any other applicable provision of Federal or State law. (10) AFFIRMATIVE DEFENSE- In any civil action brought to enforce this subsection, it is an affirmative defense (which the defendant must establish by a preponderance of the evidence) for a business entity to file an affidavit or answer stating that– (A) the business entity has made a reasonably diligent search of its available business records; and (B) the records requested under this subsection do not exist or are not reasonably available. (11) DEFINITION OF VICTIM- For purposes of this subsection, the term `victim’ means a consumer whose means of identification or financial information has been used or transferred (or has been alleged to have been used or transferred) without the authority of that consumer, with the intent to commit, or to aid or abet, an identity theft or a similar crime. (12) EFFECTIVE DATE- This subsection shall become effective 180 days after the date of enactment of this subsection. (13) EFFECTIVENESS STUDY- Not later than 18 months after the date of enactment of this subsection, the Comptroller General of the United States shall submit a report to Congress assessing the effectiveness of this provision.’. (2) RELATION TO STATE LAWS- Section 625(b)(1) of the Fair Credit Reporting Act (15 U.S.C. 1681t(b)(1), as so redesignated) is amended by adding at the end the following new subparagraph: (G) section 609(e), relating to information available to victims under section 609(e);’. (b) PUBLIC CAMPAIGN TO PREVENT IDENTITY THEFT- Not later than 2 years after the date of enactment of this Act, the Commission shall establish and implement a media and distribution campaign to teach the public how to prevent identity theft. Such campaign shall include existing Commission education materials, as well as radio, television, and print public service announcements, video cassettes, interactive digital video discs (DVD’s) or compact audio discs (CD’s), and Internet resources.

SEC. 152. BLOCKING OF INFORMATION RESULTING FROM IDENTITY THEFT.

(a) IN GENERAL- The Fair Credit Reporting Act (15 U.S.C. 1681 et seq.) is amended by inserting after section 605A, as added by this Act, the following: Sec. 605B. Block of information resulting from identity theft (a) BLOCK- Except as otherwise provided in this section, a consumer reporting agency shall block the reporting of any information in the file of a consumer that the consumer identifies as information that resulted from an alleged identity theft, not later than 4 business days after the date of receipt by such agency of– (1) appropriate proof of the identity of the consumer; (2) a copy of an identity theft report; (3) the identification of such information by the consumer; and (4) a statement by the consumer that the information is not information relating to any transaction by the consumer. (b) NOTIFICATION- A consumer reporting agency shall promptly notify the furnisher of information identified by the consumer under subsection (a)– (1) that the information may be a result of identity theft; (2) that an identity theft report has been filed; (3) that a block has been requested under this section; and (4) of the effective dates of the block. (c) AUTHORITY TO DECLINE OR RESCIND- (1) IN GENERAL- A consumer reporting agency may decline to block, or may rescind any block, of information relating to a consumer under this section, if the consumer reporting agency reasonably determines that– (A) the information was blocked in error or a block was requested by the consumer in error; (B) the information was blocked, or a block was requested by the consumer, on the basis of a material misrepresentation of fact by the consumer relevant to the request to block; or (C) the consumer obtained possession of goods, services, or money as a result of the blocked transaction or transactions. (2) NOTIFICATION TO CONSUMER- If a block of information is declined or rescinded under this subsection, the affected consumer shall be notified promptly, in the same manner as consumers are notified of the reinsertion of information under section 611(a)(5)(B). (3) SIGNIFICANCE OF BLOCK- For purposes of this subsection, if a consumer reporting agency rescinds a block, the presence of information in the file of a consumer prior to the blocking of such information is not evidence of whether the consumer knew or should have known that the consumer obtained possession of any goods, services, or money as a result of the block. (d) EXCEPTION FOR RESELLERS- (1) NO RESELLER FILE- This section shall not apply to a consumer reporting agency, if the consumer reporting agency– (A) is a reseller; (B) is not, at the time of the request of the consumer under subsection (a), otherwise furnishing or reselling a consumer report concerning the information identified by the consumer; and (C) informs the consumer, by any means, that the consumer may report the identity theft to the Commission to obtain consumer information regarding identity theft. (2) RESELLER WITH FILE- The sole obligation of the consumer reporting agency under this section, with regard to any request of a consumer under this section, shall be to block the consumer report maintained by the consumer reporting agency from any subsequent use, if– (A) the consumer, in accordance with the provisions of subsection (a), identifies, to a consumer reporting agency, information in the file of the consumer that resulted from identity theft; and (B) the consumer reporting agency is a reseller of the identified information. (3) NOTICE- In carrying out its obligation under paragraph (2), the reseller shall promptly provide a notice to the consumer of the decision to block the file. Such notice shall contain the name, address, and telephone number of each consumer reporting agency from which the consumer information was obtained for resale. (e) EXCEPTION FOR VERIFICATION COMPANIES- The provisions of this section do not apply to a check services company, acting as such, which issues authorizations for the purpose of approving or processing negotiable instruments, electronic fund transfers, or similar methods of payments, except that, beginning 4 business days after receipt of information described in paragraphs (1) through (3) of subsection (a), a check services company shall not report to a national consumer reporting agency described in section 603(p), any information identified in the subject identity theft report as resulting from identity theft. (f) ACCESS TO BLOCKED INFORMATION BY LAW ENFORCEMENT AGENCIES- No provision of this section shall be construed as requiring a consumer reporting agency to prevent a Federal, State, or local law enforcement agency from accessing blocked information in a consumer file to which the agency could otherwise obtain access under this title.’. (b) CLERICAL AMENDMENT- The table of sections for the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.) is amended by inserting after the item relating to section 605 the following new items: 605A. Identity theft prevention; fraud alerts and active duty alerts. 605B. Block of information resulting from identity theft.’.

SEC. 153. COORDINATION OF IDENTITY THEFT COMPLAINT INVESTIGATIONS.

Section 621 of the Fair Credit Reporting Act (15 U.S.C. 1681s) is amended by adding at the end the following: (f) COORDINATION OF CONSUMER COMPLAINT INVESTIGATIONS- (1) IN GENERAL- Each consumer reporting agency described in section 603(p) shall develop and maintain procedures for the referral to each other such agency of any consumer complaint received by the agency alleging identity theft, or requesting a fraud alert under section 605A or a block under section 605B. (2) MODEL FORM AND PROCEDURE FOR REPORTING IDENTITY THEFT- The Commission, in consultation with the Federal banking agencies and the National Credit Union Administration, shall develop a model form and model procedures to be used by consumers who are victims of identity theft for contacting and informing creditors and consumer reporting agencies of the fraud. (3) ANNUAL SUMMARY REPORTS- Each consumer reporting agency described in section 603(p) shall submit an annual summary report to the Commission on consumer complaints received by the agency on identity theft or fraud alerts.’.

SEC. 154. PREVENTION OF REPOLLUTION OF CONSUMER REPORTS.

(a) PREVENTION OF REINSERTION OF ERRONEOUS INFORMATION- Section 623(a) of the Fair Credit Reporting Act (15 U.S.C. 1681s-2(a)) is amended by adding at the end the following: (6) DUTIES OF FURNISHERS UPON NOTICE OF IDENTITY THEFT-RELATED INFORMATION- (A) REASONABLE PROCEDURES- A person that furnishes information to any consumer reporting agency shall have in place reasonable procedures to respond to any notification that it receives from a consumer reporting agency under section 605B relating to information resulting from identity theft, to prevent that person from refurnishing such blocked information. (B) INFORMATION ALLEGED TO RESULT FROM IDENTITY THEFT- If a consumer submits an identity theft report to a person who furnishes information to a consumer reporting agency at the address specified by that person for receiving such reports stating that information maintained by such person that purports to relate to the consumer resulted from identity theft, the person may not furnish such information that purports to relate to the consumer to any consumer reporting agency, unless the person subsequently knows or is informed by the consumer that the information is correct.’. (b) PROHIBITION ON SALE OR TRANSFER OF DEBT CAUSED BY IDENTITY THEFT- Section 615 of the Fair Credit Reporting Act (15 U.S.C. 1681m), as amended by this Act, is amended by adding at the end the following: (f) PROHIBITION ON SALE OR TRANSFER OF DEBT CAUSED BY IDENTITY THEFT- (1) IN GENERAL- No person shall sell, transfer for consideration, or place for collection a debt that such person has been notified under section 605B has resulted from identity theft. (2) APPLICABILITY- The prohibitions of this subsection shall apply to all persons collecting a debt described in paragraph (1) after the date of a notification under paragraph (1). (3) RULE OF CONSTRUCTION- Nothing in this subsection shall be construed to prohibit– (A) the repurchase of a debt in any case in which the assignee of the debt requires such repurchase because the debt has resulted from identity theft; (B) the securitization of a debt or the pledging of a portfolio of debt as collateral in connection with a borrowing; or (C) the transfer of debt as a result of a merger, acquisition, purchase and assumption transaction, or transfer of substantially all of the assets of an entity.’.

SEC. 155. NOTICE BY DEBT COLLECTORS WITH RESPECT TO FRAUDULENT INFORMATION.

Section 615 of the Fair Credit Reporting Act (15 U.S.C. 1681m), as amended by this Act, is amended by adding at the end the following: (g) DEBT COLLECTOR COMMUNICATIONS CONCERNING IDENTITY THEFT- If a person acting as a debt collector (as that term is defined in title VIII) on behalf of a third party that is a creditor or other user of a consumer report is notified that any information relating to a debt that the person is attempting to collect may be fraudulent or may be the result of identity theft, that person shall– (1) notify the third party that the information may be fraudulent or may be the result of identity theft; and (2) upon request of the consumer to whom the debt purportedly relates, provide to the consumer all information to which the consumer would otherwise be entitled if the consumer were not a victim of identity theft, but wished to dispute the debt under provisions of law applicable to that person.’.

SEC. 156. STATUTE OF LIMITATIONS.

Section 618 of the Fair Credit Reporting Act (15 U.S.C. 1681p) is amended to read as follows: Sec. 618. Jurisdiction of courts; limitation of actions An action to enforce any liability created under this title may be brought in any appropriate United States district court, without regard to the amount in controversy, or in any other court of competent jurisdiction, not later than the earlier of– (1) 2 years after the date of discovery by the plaintiff of the violation that is the basis for such liability; or (2) 5 years after the date on which the violation that is the basis for such liability occurs.’.

SEC. 157. STUDY ON THE USE OF TECHNOLOGY TO COMBAT IDENTITY THEFT.

(a) STUDY REQUIRED- The Secretary of the Treasury shall conduct a study of the use of biometrics and other similar technologies to reduce the incidence and costs to society of identity theft by providing convincing evidence of who actually performed a given financial transaction. (b) CONSULTATION- The Secretary of the Treasury shall consult with Federal banking agencies, the Commission, and representatives of financial institutions, consumer reporting agencies, Federal, State, and local government agencies that issue official forms or means of identification, State prosecutors, law enforcement agencies, the biometric industry, and the general public in formulating and conducting the study required by subsection (a). (c) AUTHORIZATION OF APPROPRIATIONS- There are authorized to be appropriated to the Secretary of the Treasury for fiscal year 2004, such sums as may be necessary to carry out the provisions of this section. (d) REPORT REQUIRED- Before the end of the 180-day period beginning on the date of enactment of this Act, the Secretary shall submit a report to Congress containing the findings and conclusions of the study required under subsection (a), together with such recommendations for legislative or administrative actions as may be appropriate.

TITLE II–IMPROVEMENTS IN USE OF AND CONSUMER ACCESS TO CREDIT INFORMATION

Sec. 211. Free consumer reports. Sec. 212. Disclosure of credit scores. Sec. 213. Enhanced disclosure of the means available to opt out of prescreened lists. Sec. 214. Affiliate sharing. Sec. 215. Study of effects of credit scores and credit-based insurance scores on availability and affordability of financial products. Sec. 216. Disposal of consumer report information and records. Sec. 217. Requirement to disclose communications to a consumer reporting agency.

SEC. 211. FREE CONSUMER REPORTS.

(a) IN GENERAL- Section 612 of the Fair Credit Reporting Act (15 U.S.C. 1681j) is amended– (1) by redesignating subsection (a) as subsection (f), and transferring it to the end of the section; (2) by inserting before subsection (b) the following: (a) FREE ANNUAL DISCLOSURE- (1) NATIONWIDE CONSUMER REPORTING AGENCIES- (A) IN GENERAL- All consumer reporting agencies described in subsections (p) and (w) of section 603 shall make all disclosures pursuant to section 609 once during any 12-month period upon request of the consumer and without charge to the consumer. (B) CENTRALIZED SOURCE- Subparagraph (A) shall apply with respect to a consumer reporting agency described in section 603(p) only if the request from the consumer is made using the centralized source established for such purpose in accordance with section 211(c) of the Fair and Accurate Credit Transactions Act of 2003. (C) NATIONWIDE SPECIALTY CONSUMER REPORTING AGENCY- (i) IN GENERAL- The Commission shall prescribe regulations applicable to each consumer reporting agency described in section 603(w) to require the establishment of a streamlined process for consumers to request consumer reports under subparagraph (A), which shall include, at a minimum, the establishment by each such agency of a toll-free telephone number for such requests. (ii) CONSIDERATIONS- In prescribing regulations under clause (i), the Commission shall consider– (I) the significant demands that may be placed on consumer reporting agencies in providing such consumer reports; (II) appropriate means to ensure that consumer reporting agencies can satisfactorily meet those demands, including the efficacy of a system of staggering the availability to consumers of such consumer reports; and (III) the ease by which consumers should be able to contact consumer reporting agencies with respect to access to such consumer reports. (iii) DATE OF ISSUANCE- The Commission shall issue the regulations required by this subparagraph in final form not later than 6 months after the date of enactment of the Fair and Accurate Credit Transactions Act of 2003. (iv) CONSIDERATION OF ABILITY TO COMPLY- The regulations of the Commission under this subparagraph shall establish an effective date by which each nationwide specialty consumer reporting agency (as defined in section 603(w)) shall be required to comply with subsection (a), which effective date– (I) shall be established after consideration of the ability of each nationwide specialty consumer reporting agency to comply with subsection (a); and (II) shall be not later than 6 months after the date on which such regulations are issued in final form (or such additional period not to exceed 3 months, as the Commission determines appropriate). (2) TIMING- A consumer reporting agency shall provide a consumer report under paragraph (1) not later than 15 days after the date on which the request is received under paragraph (1). (3) REINVESTIGATIONS- Notwithstanding the time periods specified in section 611(a)(1), a reinvestigation under that section by a consumer reporting agency upon a request of a consumer that is made after receiving a consumer report under this subsection shall be completed not later than 45 days after the date on which the request is received. (4) EXCEPTION FOR FIRST 12 MONTHS OF OPERATION- This subsection shall not apply to a consumer reporting agency that has not been furnishing consumer reports to third parties on a continuing basis during the 12-month period preceding a request under paragraph (1), with respect to consumers residing nationwide.’; (3) by redesignating subsection (d) as subsection (e); (4) by inserting before subsection (e), as redesignated, the following: (d) FREE DISCLOSURES IN CONNECTION WITH FRAUD ALERTS- Upon the request of a consumer, a consumer reporting agency described in section 603(p) shall make all disclosures pursuant to section 609 without charge to the consumer, as provided in subsections (a)(2) and (b)(2) of section 605A, as applicable.’; (5) in subsection (e), as redesignated, by striking `subsection (a)’ and inserting `subsection (f)’; and (6) in subsection (f), as redesignated, by striking `Except as provided in subsections (b), (c), and (d), a’ and inserting `In the case of a request from a consumer other than a request that is covered by any of subsections (a) through (d), a’. (b) CIRCUMVENTION PROHIBITED- The Fair Credit Reporting Act (15 U.S.C. 1681 et seq.) is amended by adding after section 628, as added by section 216 of this Act, the following new section: Sec. 629. Corporate and technological circumvention prohibited The Commission shall prescribe regulations, to become effective not later than 90 days after the date of enactment of this section, to prevent a consumer reporting agency from circumventing or evading treatment as a consumer reporting agency described in section 603(p) for purposes of this title, including– (1) by means of a corporate reorganization or restructuring, including a merger, acquisition, dissolution, divestiture, or asset sale of a consumer reporting agency; or (2) by maintaining or merging public record and credit account information in a manner that is substantially equivalent to that described in paragraphs (1) and (2) of section 603(p), in the manner described in section 603(p).’. (c) SUMMARY OF RIGHTS TO OBTAIN AND DISPUTE INFORMATION IN CONSUMER REPORTS AND TO OBTAIN CREDIT SCORES- Section 609(c) of the Fair Credit Reporting Act (15 U.S.C. 1681g) is amended to read as follows: (c) SUMMARY OF RIGHTS TO OBTAIN AND DISPUTE INFORMATION IN CONSUMER REPORTS AND TO OBTAIN CREDIT SCORES- (1) COMMISSION SUMMARY OF RIGHTS REQUIRED- (A) IN GENERAL- The Commission shall prepare a model summary of the rights of consumers under this title. (B) CONTENT OF SUMMARY- The summary of rights prepared under subparagraph (A) shall include a description of– (i) the right of a consumer to obtain a copy of a consumer report under subsection (a) from each consumer reporting agency; (ii) the frequency and circumstances under which a consumer is entitled to receive a consumer report without charge under section 612; (iii) the right of a consumer to dispute information in the file of the consumer under section 611; (iv) the right of a consumer to obtain a credit score from a consumer reporting agency, and a description of how to obtain a credit score; (v) the method by which a consumer can contact, and obtain a consumer report from, a consumer reporting agency without charge, as provided in the regulations of the Commission prescribed under section 211(c) of the Fair and Accurate Credit Transactions Act of 2003; and (vi) the method by which a consumer can contact, and obtain a consumer report from, a consumer reporting agency described in section 603(w), as provided in the regulations of the Co

TITLE III–ENHANCING THE ACCURACY OF CONSUMER REPORT INFORMATION

Sec. 311. Risk-based pricing notice. Sec. 312. Procedures to enhance the accuracy and integrity of information furnished to consumer reporting agencies. Sec. 313. FTC and consumer reporting agency action concerning complaints. Sec. 314. Improved disclosure of the results of reinvestigation. Sec. 315. Reconciling addresses. Sec. 316. Notice of dispute through reseller. Sec. 317. Reasonable reinvestigation required. Sec. 318. FTC study of issues relating to the Fair Credit Reporting Act. Sec. 319. FTC study of the accuracy of consumer reports.

TITLE IV–LIMITING THE USE AND SHARING OF MEDICAL INFORMATION IN THE FINANCIAL SYSTEM

Sec. 411. Protection of medical information in the financial system. Sec. 412. Confidentiality of medical contact information in consumer reports.

TITLE V–FINANCIAL LITERACY AND EDUCATION IMPROVEMENT

Sec. 511. Short title. Sec. 512. Definitions. Sec. 513. Establishment of Financial Literacy and Education Commission. Sec. 514. Duties of the Commission. Sec. 515. Powers of the Commission. Sec. 516. Commission personnel matters. Sec. 517. Studies by the Comptroller General. Sec. 518. The national public service multimedia campaign to enhance the state of financial literacy. Sec. 519. Authorization of appropriations.

TITLE VI–PROTECTING EMPLOYEE MISCONDUCT INVESTIGATIONS

Sec. 611. Certain employee investigation communications excluded from definition of consumer report.

TITLE VII–RELATION TO STATE LAWS

Sec. 711. Relation to State laws.

TITLE VIII–MISCELLANEOUS

Sec. 811. Clerical amendments. SEC. 2. DEFINITIONS. As used in this Act– (1) the term `Board’ means the Board of Governors of the Federal Reserve System; (2) the term `Commission’, other than as used in title V, means the Federal Trade Commission; (3) the terms `consumer’, `consumer report’, `consumer reporting agency’, `creditor’, `Federal banking agencies’, and `financial institution’ have the same meanings as in section 603 of the Fair Credit Reporting Act, as amended by this Act; and (4) the term `affiliates’ means persons that are related by common ownership or affiliated by corporate control. SEC. 3. EFFECTIVE DATES. Except as otherwise specifically provided in this Act and the amendments made by this Act– (1) before the end of the 2-month period beginning on the date of enactment of this Act, the Board and the Commission shall jointly prescribe regulations in final form establishing effective dates for each provision of this Act; and (2) the regulations prescribed under paragraph (1) shall establish effective dates that are as early as possible, while allowing a reasonable time for the implementation of the provisions of this Act, but in no case shall any such effective date be later than 10 months after the date of issuance of such regulations in final form.