Identity Theft Red Flags, Credit Report Address Discrepancies, and Records Disposal

Develop and implement written identity theft prevention programs under the Red Flags Rules, which implement part of the Fair and Accurate Credit Transactions Act of 2003 (FACTA). Under these rules, financial institutions and creditors with covered accounts must have identity theft prevention programs in place to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft.

Note: For federal credit unions, the red flags rules appear in NCUA regulations part 717, subpart J, Identity Theft Red Flags, and part 717, Appendix J, Interagency Guidelines on Identity Theft Detection, Prevention, and Mitigation.

FACTA also requires users of credit reports to implement reasonable policies and procedures to use when the user receives a notice of address discrepancy from a credit reporting agency. Additionally, credit unions and other financial institutions are required to adopt measures for properly disposing of consumer information derived from credit reports.

Note: For federal credit unions, the credit report address discrepancies and disposal of consumer information rules appear in NCUA regulations part 717, subpart I, Duties of Users of Consumer Reports Regarding Address Discrepancies and Records Disposal.

Last updated on March 30, 2026