Anything App

What § 623 actually requires

FCRA § 623, codified at 15 U.S.C. § 1681s-2, imposes two kinds of duties on furnishers:

§ 1681s-2(a) — accuracy and notice duties. Furnishers must not knowingly report information they have reason to believe is inaccurate. If a consumer notifies a furnisher directly of a dispute, the furnisher must investigate — though there is no private cause of action for most § 1681s-2(a) violations.
§ 1681s-2(b) — reinvestigation duty after a CRA forwards a dispute. When a CRA notifies a furnisher of a consumer dispute (via the e-OSCAR/ACDV pipeline), the furnisher must:
- • Conduct its own reasonable investigation;
- • Review all relevant information sent by the CRA;
- • Report the results back to the CRA;
- • If the data is found inaccurate, modify, delete, or block it at every CRA.

Section 1681s-2(b) is the consumer's private cause of action against a furnisher.

Why furnisher liability matters in identity-theft cases

The original fraud account exists somewhere on a furnisher's books. That furnisher decides whether to keep reporting it after being told it is fraud. Many large furnishers respond to ACDV codes with the same one-byte "verified" reply they would give to a routine billing dispute — without ever pulling the application, reviewing the signature, or checking against the fraud database they themselves maintain. That conduct is a textbook § 1681s-2(b) violation.

The ACDV Problem: What Furnishers Actually See

According to the National Consumer Law Center's Automated Injustice Redux (2019), the e-OSCAR system creates a fundamental breakdown in the investigation process:

•Codes instead of context. Furnishers receive a two- or three-digit code describing the dispute — not the consumer's detailed letter explaining why an account is fraudulent, not the police report, not the FTC Identity Theft Report.
•No documents forwarded. Even when consumers submit extensive evidence, furnishers typically receive only the coded ACDV form. They "investigate" by checking their own records — the same records that contain the fraudulent account.
•Seconds, not investigation. The response can be generated almost instantly because there's nothing meaningful to review. A detailed, documented identity-theft dispute receives the same automated treatment as a routine question about a payment date.

— National Consumer Law Center, Automated Injustice Redux (2019)

Which furnishers cause the most identity-theft problems

•Debt buyers and collection agencies — they buy the bad data, run light validation, and often re-age old debts.
•Large national banks and card issuers — new-account fraud, charge-offs, and post-resolution re-reporting.
•Mortgage servicers — loan-transfer reporting errors and chronic failure to update after disputes.
•Auto lenders / subprime auto — signed-with-stolen-ID accounts.
•Telecom carriers — fraud accounts that surface as utility collections.

How to dispute with the furnisher

Routine path: dispute through the CRA. The CRA forwards via ACDV. The furnisher's § 1681s-2(b) duty kicks in.

Belt-and-suspenders path: also send a separate certified letter to the furnisher's designated FCRA dispute address. Tell them the account is the result of identity theft, attach the FTC Identity Theft Report, and demand (1) closure of the account, (2) cessation of furnishing, and (3) free copies of the fraudulent application and account records under FCRA § 609(e) within 30 days.

Liability check

A furnisher is liable to you under § 1681s-2(b) when (1) the data it furnished was inaccurate, (2) you disputed it through a CRA, (3) the CRA forwarded the dispute to the furnisher, and (4) the furnisher failed to conduct a reasonable investigation, failed to review the relevant information, or failed to correct the data. The damages model is the same as for the CRAs: actual damages, statutory damages of $100–$1,000 per willful violation, punitive damages, attorney's fees and costs.