CBA Highlights Importance of Credit Header Data Use to Prevent Consumer Identity Theft, Fraud

September 7, 2023

In a new letter sent to the Consumer Financial Protection Bureau (CFPB or Bureau), the Consumer Bankers Association (CBA) highlighted the important use of information – that the Bureau may define as ‘credit header data’ – by banks for identity verification and fraud prevention. The letter also details the ways in which these consumer protection measures by banks may be impacted by defining this information as ‘credit header data’ and subjecting it to the Fair Credit Reporting Act (FCRA).

This letter comes as the CFPB works on a rule related to data brokers under the FCRA and Regulation V, with the release of a Small Business Enforcement and Fairness Act (SBREFA) outline anticipated this fall. The impetus for the letter is to help inform the Bureau about consumer protective bank uses of this data as they go forward with the rulemaking process.

Consumer Identity Protection

Banks stringently adhere to laws and procedures intended to protect consumers against identity theft and the fraudulent use of their identity to open accounts or commit crimes. One tool banks utilize to verify consumer identities is information from companies that specialize in providing consumer identification data. As the letter states, subjecting these practices to FCRA may yield significant unintended consequences:

“Subjecting these routine – and statutorily required - consumer identity verification practices to the FCRA would substantially increase a bank’s compliance obligations and potentially create consumer confusion ... This associated increase in compliance burden and costs could increase the price of credit or the cost for consumers to open an account.”

Fraud Prevention

For years, banks have been on the front lines fighting fraud and continue to do so in response to increasingly prevalent and sophisticated financial scams. Banks are continuously implementing new fraud protections for consumers, including transaction monitoring and consumer authentication tools.

Now more than ever, it is critical for policymakers to work in tandem with banks on efforts to protect consumers from fraud and identity theft. Subjecting information used to investigate fraudulent activity to the FCRA could create compliance challenges and hurdles for banks where time is of the essence to stop the fraudulent activity and protect their customers, for example:

“… increased liability for potential consumer disputes, the requirement to issue adverse action notices which must indicate how “credit header data” was used (which may tip off fraudsters to bank prevention practices), and timing delays inherent in having to proactively identify a “permissible purpose” prior to accessing the data. Fraudsters could also dispute credit header data as a means to circumvent fraud prevention.”

As CBA concludes in the letter, the CFPB must consider how to empower banks to carry out these vital functions without substantially increasing compliance burden and costs:

“We urge the Bureau to consider the ways that banks use “credit header data” when crafting the scope of the forthcoming FCRA rulemaking - including possibly excluding the use of credit header data by banks for identity verification and fraud prevention from coverage under FCRA - to ensure that CBA’s member banks can continue to use consumer information in lawful and responsible ways to protect their consumers and serve their communities.”