Today's Trends in Credit Regulation

What if Your Permission to Pull a Credit Report Comes from an Imposter?
By Thomas B. Hudson

If you don't maintain a file where you store away little nuggets of information that could come in handy some day, you should create one. And the first thing you should stick in that file is a copy of this article.

With identity theft on the rise, lenders and consumers alike are more attuned to situations in which imposters pose as legitimate credit customers in an effort to bilk consumers, the businesses with which they deal, or both. Lenders are supposed to have a "Red Flags Policy" to help detect such situations, and consumers whose identities are stolen are quick to seek redress.

So what happens when an imposter shows up at your company posing as Joe Customer and applying for credit in Joe's name? The first thing that happens is that you'll pull a credit report on Joe Customer.

But wait a minute. You don't have Joe Customer's permission to pull that report. Does that expose you to liability to Joe for having done so? A recent, very instructive case provides some answers.

A woman who identified herself as Gregina Dickley attempted to open a Dish Network account through American Satellite using the social security number of Gregory Bickley. American Satellite entered Dickley's name and Bickley's social security number into an interface that connects to three credit reporting agencies and received a "Declined No Hit" response as well as a Decision Detail Report.

American Satellite then declined Dickley's attempt to open an account. Several weeks later, Bickley received his credit report indicating that Dish had made an inquiry under his name, and Dish contacted Bickley and informed him that someone attempted to open an account in his name.

Evidently Bickley wasn't so grateful to Dish for fending off the imposter because, a year later, Bickley sued Dish for violating the Fair Credit Reporting Act by requesting and using his credit report without a permissible purpose. The trial court granted summary judgment for Dish, and the U.S. Court of Appeals for the Sixth Circuit affirmed.

After determining that there was sufficient evidence that Dish used or obtained a consumer report, the appellate court agreed with the trial court that Dish did not use the report without a permissible purpose. The appellate court found that Dish had a legitimate business need for the information in order to verify the identity and qualification of the caller requesting its satellite television service.

In perhaps a surprising bit of analysis, the appellate court found that the consumer report was in connection with a business transaction initiated by Bickley because a consumer initiated the transaction, and Dish believed in good faith that Bickley was that consumer. Moreover, the court noted that Dish should not be held liable for conduct that prevented Bickley from becoming the victim of identity theft.

One of the "urban myths" in the finance business is that the federal Fair Credit Reporting Act requires that a potential creditor obtain the written permission of a credit applicant before the creditor pulls a credit report on the applicant. That is not the case. The creditor needs only a "permissible purpose" to pull the credit report, and a permissible purpose does not necessarily require the applicant's signature. Getting the applicant's signature before pulling a credit report is a best practice, to be sure, and lenders need to make sure there isn't a state law requirement that imposes a written authorization requirement. But the FCRA itself doesn't impose that requirement.

There's no assurance that every court addressing this set of facts would rule the way this court did. Still, it's comforting to see that at least this court is unwilling to punish a creditor that requests a credit report as part of its identity theft prevention program.

So, clip or print this article and drop it into your new file. You just might need it one day.

Bickley v. Dish Network, LLC, 2014 U.S. App. LEXIS 8883 (6th Cir. (W.D. Ky.) May 13, 2014).

Thomas B. Hudson is a Partner in the Maryland office of Hudson Cook, LLP. Tom can be reached at 410-865-5411 or by email at

Article Archive

2024   2023   2022   2021   2020   2019   2018   2017   2016   2015   2014   2013   2012   2011   2010   2009  

Copyright © 2024, LLC. All rights reserved.