Credit Card Expiration Dates and FACTA
Important Legislation that Affects Every Business that Accepts Credit Cards.
The Fair and Accurate Credit Transactions Act (“FACTA”) was passed by Congress and signed into law on December 4, 2003, and became fully effective on December 4, 2006. The purpose of FACTA is to reduce the amount of personal confidential financial information that is generated and thereby reduce the incidence of identity theft and credit card fraud. In keeping with this goal, 15 USC 1681c(g)(1) requires that merchants that issue receipts to individuals truncate all but the last four or five digits of the customer’s credit card account number and truncate the entire expiration date.
Unfortunately, and despite the fact that FACTA was widely discussed before and after its passage, many merchants simply have ignored these aspects of FACTA, apparently based upon their belief that expiration dates are unimportant to a criminal. They are wrong. Credit card expiration dates are very important and useful to criminals. Consider the following:
● Expiration dates are one of the inputs needed to calculate the 3-digit security code (CVV2 or CVC 2) on the back of a credit card.
● Expiration dates are required for some, but not all, online purchases, as clearly demonstrated by my recent online test purchase at Wal-Mart, the world’s largest retailer.
● Expiration dates combined with the last four or five digits of an account number can be used to bolster the credibility of a criminal who is making pretext calls to a card holder in order to learn other personal confidential financial information.
● Expiration dates are solicited by criminals in many e-mail phishing scams.
● Expiration dates are one of the personal confidential financial information items trafficked in by criminals.
● Expiration dates are described by Visa as a “special security feature.”
● Expiration dates are one of the items contained in the magnetic stripe of a credit card, so it is useful to a criminal when creating a phony duplicate card.
● Expiration dates are easy to exclude from receipts and involve minimal expense, even for a major retailer with hundreds of stores and cash registers.
● Expiration dates are required to be excluded from printed receipts, according to Visa’s Rules for Merchants, which predates FACTA.
● Expiration dates are required to be excluded from printed receipts, according to MasterCard International’s Rules, which predates FACTA.
● Expiration dates are required to be excluded from printed receipts given to individuals, according to laws passed or introduced in at least thirty-four states.
● Expiration dates are required to be excluded from printed receipts given to individuals, according to FACTA.
The costs for a merchant to implement FACTA are small, but the potential losses to individuals from identity theft and credit card fraud are great. Accordingly, it is difficult to see how any merchant could fail to see the risk of harm to which they willfully are exposing their customers by not truncating expiration dates as required by FACTA as well as Visa and MasterCard International merchant rules as well as many state laws.
ABOUT THE AUTHOR: Don Coker
Don Coker is an experienced banking expert witness consultant who has worked on over 400 cases nationwide and testified over 100 times. He is a former banker and banking regulator, widely published, and often quoted in the media. He is available to discuss FACTA and other banking, finance, economic and credit damages, fraud and embezzlement, real estate, business valuation, and related cases with attorneys. Mr. Coker is located in Atlanta, GA.
Copyright Don Coker
Disclaimer: While every effort has been made to ensure the accuracy of this publication, it is not intended to provide legal advice as individual situations will differ and should be discussed with an expert and/or lawyer.For specific technical or legal advice on the information provided and related topics, please contact the author.