Credit Card Expiration Dates and FACTA

 Written by: Banking, Management, Economic and Valuation Expert Witness
 
Expert Witness No. 74

 The Fair and Accurate Credit Transaction Act ("FACTA") was passed by Congress and signed into law on December 4, 2003, and became fully effective on December 4, 2006. The purpose of FACTA is to reduce the amount of personal confidential financial information that is generated and thereby reduce the incidence of identity theft and credit card fraud. In keeping with this goal, 15 USC 1681c(g)(1) requires that merchants that issue receipts to individuals truncate all but the last four or five digits of the customer´s credit card account number and truncate the entire expiration date.

Unfortunately, and despite the fact that FACTA was widely discussed before and after its passage, many merchants simply have ignored these aspects of FACTA, apparently based upon their belief that expiration dates are unimportant to a criminal. They are wrong. Credit card expiration dates are very important and useful to criminals. Consider the following:

-Expiration dates are one of the inputs needed to calculate the 3-digit security code (CVV2 or CVC 2) on the back of a credit card.

-Expiration dates are required for some, but not all, online purchases, as clearly demonstrated by my recent online test purchase at Wal-Mart, the world´s largest retailer.

-Expiration dates combined with the last four or five digits of an account number can be used to bolster the credibility of a criminal who is making pretext calls to a card holder in order to learn other personal confidential financial information.

-Expiration dates are solicited by criminals in many e-mail phishing scams.

-Expiration dates are one of the personal confidential financial information items trafficked in by criminals.

-Expiration dates are described by Visa as a "special security feature."

-Expiration dates are one of the items contained in the magnetic stripe of a credit card, so it is useful to a criminal when creating a phony duplicate card.

-Expiration dates are easy to exclude from receipts and involve minimal expense, even for a major retailer with hundreds of stores and cash registers.

-Expiration dates are required to be excluded from printed receipts, according to Visa´s Rules for Merchants, which predates FACTA.

-Expiration dates are required to be excluded from printed receipts, according to MasterCard International´s Rules, which predates FACTA.

-Expiration dates are required to be excluded from printed receipts given to individuals, according to laws passed or introduced in at least thirty-four states.

-Expiration dates are required to be excluded from printed receipts given to individuals, according to FACTA.

The costs for a merchant to implement FACTA are small, but the potential losses to individuals from identity theft and credit card fraud are great. Accordingly, it is difficult to see how any merchant could fail to see the risk of harm to which they willfully are exposing their customers by not truncating expiration dates as required by FACTA as well as Visa and MasterCard International merchant rules as well as many state laws.

Expert Witness No. 74 is an experienced banking expert witness consultant who has worked on 337 cases nationwide and testified 91 times. He is a former banker and banking regulator, widely published, and often quoted in the media. He is available to discuss FACTA and other banking, finance, economic and credit damages, fraud and embezzlement, real estate, business valuation, and related cases with attorneys.

View CV of Expert Witness No. 74
View PDF version of Banking, Management, Economic and Valuations Expert Witness Newsletter Article
Return to Spring 2008 Newsletter