<DOC>
[106th Congress House Hearings]
[From the U.S. Government Printing Office via GPO Access]
[DOCID: f:56605.wais]
IDENTITY THEFT: IS THERE ANOTHER YOU?
=======================================================================
JOINT HEARING
before the
SUBCOMMITTEE ON TELECOMMUNICATIONS,
TRADE, AND CONSUMER PROTECTION
and the
SUBCOMMITTEE ON FINANCE AND HAZARDOUS MATERIALS
of the
COMMITTEE ON COMMERCE
HOUSE OF REPRESENTATIVES
ONE HUNDRED SIXTH CONGRESS
FIRST SESSION
__________
APRIL 22, 1999
__________
Serial No. 106-16
__________
Printed for the use of the Committee on Commerce
<snowflake>
U.S. GOVERNMENT PRINTING OFFICE
56-605 CC WASHINGTON : 1999
------------------------------------------------------------------------------
For sale by the U.S. Government Printing Office
Superintendent of Documents, Congressional Sales Office, Washington, DC 20402
------------------------------
COMMITTEE ON COMMERCE
TOM BLILEY, Virginia, Chairman
W.J. ``BILLY'' TAUZIN, Louisiana JOHN D. DINGELL, Michigan
MICHAEL G. OXLEY, Ohio HENRY A. WAXMAN, California
MICHAEL BILIRAKIS, Florida EDWARD J. MARKEY, Massachusetts
JOE BARTON, Texas RALPH M. HALL, Texas
FRED UPTON, Michigan RICK BOUCHER, Virginia
CLIFF STEARNS, Florida EDOLPHUS TOWNS, New York
PAUL E. GILLMOR, Ohio FRANK PALLONE, Jr., New Jersey
Vice Chairman SHERROD BROWN, Ohio
JAMES C. GREENWOOD, Pennsylvania BART GORDON, Tennessee
CHRISTOPHER COX, California PETER DEUTSCH, Florida
NATHAN DEAL, Georgia BOBBY L. RUSH, Illinois
STEVE LARGENT, Oklahoma ANNA G. ESHOO, California
RICHARD BURR, North Carolina RON KLINK, Pennsylvania
BRIAN P. BILBRAY, California BART STUPAK, Michigan
ED WHITFIELD, Kentucky ELIOT L. ENGEL, New York
GREG GANSKE, Iowa THOMAS C. SAWYER, Ohio
CHARLIE NORWOOD, Georgia ALBERT R. WYNN, Maryland
TOM A. COBURN, Oklahoma GENE GREEN, Texas
RICK LAZIO, New York KAREN McCARTHY, Missouri
BARBARA CUBIN, Wyoming TED STRICKLAND, Ohio
JAMES E. ROGAN, California DIANA DeGETTE, Colorado
JOHN SHIMKUS, Illinois THOMAS M. BARRETT, Wisconsin
HEATHER WILSON, New Mexico BILL LUTHER, Minnesota
JOHN B. SHADEGG, Arizona LOIS CAPPS, California
CHARLES W. ``CHIP'' PICKERING,
Mississippi
VITO FOSSELLA, New York
ROY BLUNT, Missouri
ED BRYANT, Tennessee
ROBERT L. EHRLICH, Jr., Maryland
James E. Derderian, Chief of Staff
James D. Barnette, General Counsel
Reid P.F. Stuntz, Minority Staff Director and Chief Counsel
______
Subcommittee on Telecommunications, Trade, and Consumer Protection
W.J. ``BILLY'' TAUZIN, Louisiana, Chairman
MICHAEL G. OXLEY, Ohio, EDWARD J. MARKEY, Massachusetts
Vice Chairman RICK BOUCHER, Virginia
CLIFF STEARNS, Florida BART GORDON, Tennessee
PAUL E. GILLMOR, Ohio BOBBY L. RUSH, Illinois
CHRISTOPHER COX, California ANNA G. ESHOO, California
NATHAN DEAL, Georgia ELIOT L. ENGEL, New York
STEVE LARGENT, Oklahoma ALBERT R. WYNN, Maryland
BARBARA CUBIN, Wyoming BILL LUTHER, Minnesota
JAMES E. ROGAN, California RON KLINK, Pennsylvania
JOHN SHIMKUS, Illinois THOMAS C. SAWYER, Ohio
HEATHER WILSON, New Mexico GENE GREEN, Texas
CHARLES W. ``CHIP'' PICKERING, KAREN McCARTHY, Missouri
Mississippi JOHN D. DINGELL, Michigan,
VITO FOSSELLA, New York (Ex Officio)
ROY BLUNT, Missouri
ROBERT L. EHRLICH, Jr., Maryland
TOM BLILEY, Virginia,
(Ex Officio)
(ii)
Subcommittee on Finance and Hazardous Materials
MICHAEL G. OXLEY, Ohio, Chairman
W.J. ``BILLY'' TAUZIN, Louisiana EDOLPHUS TOWNS, New York
Vice Chairman PETER DEUTSCH, Florida
PAUL E. GILLMOR, Ohio BART STUPAK, Michigan
JAMES C. GREENWOOD, Pennsylvania ELIOT L. ENGEL, New York
CHRISTOPHER COX, California DIANA DeGETTE, Colorado
STEVE LARGENT, Oklahoma THOMAS M. BARRETT, Wisconsin
BRIAN P. BILBRAY, California BILL LUTHER, Minnesota
GREG GANSKE, Iowa LOIS CAPPS, California
RICK LAZIO, New York EDWARD J. MARKEY, Massachusetts
JOHN SHIMKUS, Illinois RALPH M. HALL, Texas
HEATHER WILSON, New Mexico FRANK PALLONE, Jr., New Jersey
JOHN B. SHADEGG, Arizona BOBBY L. RUSH, Illinois
VITO FOSSELLA, New York JOHN D. DINGELL, Michigan,
ROY BLUNT, Missouri (Ex Officio)
ROBERT L. EHRLICH, Jr., Maryland
TOM BLILEY, Virginia,
(Ex Officio)
(iii)
C O N T E N T S
__________
Page
Testimony of:
Albright, Charles A., Chief Credit Officer, Household
International, Inc......................................... 23
Anderson, Robert, Mineral, Virginia.......................... 11
Bernstein, Joan Z., Director, Bureau of Consumer Protection,
Federal Trade Commission................................... 16
Connelly, D. Barry, President, Associated Credit Bureaus, Inc 27
Material submitted for the record by:
(v)
IDENTITY THEFT: IS THERE ANOTHER YOU?
----------
THURSDAY, APRIL 22, 1999
House of Representatives,
Committee on Commerce,
Subcommittee on Telecommunications,
Trade, and Consumer Protection, joint with
Subcommittee on Finance and Hazardous Materials,
Washington, D.C.
The subcommittee met, pursuant to notice, at 10 a.m., in
room 2123, Rayburn House Office Building, Hon. W.J. ``Billy''
Tauzin (chairman) presiding.
Members present from the Subcommittee on Telecommuncations,
Trade and Consumer Protection: Representatives Tauzin, Oxley,
Deal, Shimkus, Wilson, Fossella, Blunt, Bliley (ex officio),
Markey, Luther and Sawyer.
Members present from Subcommittee on Finance and Hazardous
Materials: Representatives Oxley, Tauzin, Ganske, Shimkus,
Wilson, Shadegg, Fossella, Blunt, Bliley (ex officio), DeGette,
Barrett, Luther and Markey.
Staff present: Linda Rich, majority counsel; Robert Gordon,
majority counsel; Brian McCullough, professional staff member;
Robert Simison, legislative clerk; Consuela Washington,
minority counsel; and Bruce Gwinn, minority professional staff.
Mr. Tauzin. The committee will please come to order.
Good morning. Today's hearing is on identity theft--how it
occurs, whether the anti-fraud laws are being enforced
properly, and what can we do to help innocent people clean up
their credit records after they have been victimized by an
identity theft criminal.
While we are sitting here today, each one of us may
unknowingly be the victim of identity theft. Some person might
be searching through our mailbox or hacking our consumer
accounts over the Internet to obtain the names, addresses and
Social Security numbers of ourselves or our families. The thief
then uses that information to open up lines of credit and go on
a spending spree perhaps, all under someone else's identity.
As victims, we might not find out about this identity theft
until several months later when the collection agencies start
calling and we get turned down for a mortgage or credit loan,
and then the real consumer nightmare begins.
Repairing your credit record, like trying to get rid of IRS
liens, after you have been victimized by identity theft can
take years of constant phone calls and letters trying to
establish your innocence to creditors you have never heard of.
How can we end this kind of devastation and protect innocent
victims?
Today we are fortunate to have with us the Director of
Consumer Protection of the Federal Trade Commission, Jodie
Bernstein, who will talk to us about the prosecution of
identity theft and what sort of safeguards victims have under
current law. Last year, Congress enacted the Identity Theft and
Assumption Act to make identity theft a Federal crime and to
empower the FTC to help victims repair their credit records.
But we have over 500,000 credit fraud victims every year, and
only a small fraction are ever actually prosecuted. I will be
interested in hearing how the Federal Trade Commission is
implementing this new law and how far their efforts will take
us in helping innocent victims.
One such victim of identity theft is Bob Anderson, who is
with us today from Mineral, Virginia. He was unable to
refinance his mortgage because an identity thief stole his
Social Security number and used that information to charge up
bills on his account. Five years later, Mr. Anderson, believe
it or not, is still trying to get his name cleared and his
identity back.
Mr. Anderson's experience raises the critical question of
how we should allocate the responsibility for fixing the
damaged credit card and the credit record of an innocent
victim. For example, what responsibility should be shared by
the companies which granted the improper credit, especially to
notify the appropriate organizations of potential fraud and
suspend any payment claims? What responsibility should credit
bureaus have to verify identity theft and to help clean up a
credit report, notify all of the creditors? What sort of
timeframe can we create to ensure that innocent victims like
Mr. Anderson don't have to suffer through a nightmare that
lasts for 5 long years and it is still not over?
Mr. Connelly and Mr. Albright will enlighten us as to the
special problems facing credit bureaus and finance companies,
and hopefully they can offer us some guidance on how we can
better help victims like Mr. Anderson in the future, a future
that will be punctuated with more and more electronic commerce
and more and more opportunities for people to steal someone's
identity and improperly take their credit and their good name
with them.
We need better enforcement and prosecution of our anti-
fraud laws. We need a system that helps, not ignores, the
victims of identity theft; and today we will begin how, with
the absolute minimum of Federal intrusion, we can still make a
system work to protect the victims of identity theft, help them
clear up their records in a timely fashion.
Additionally, I would like to thank my good friend, Mr.
Oxley, for co-chairing this important event and look forward to
working with him on this important issue. This is an issue that
crosses the jurisdiction of our two committees in which we both
work together as chairman and co-chairman, and so I am pleased
to have Mr. Oxley join me in this hearing and will yield to him
and then welcome the chairman of our full committee in just a
second.
Mr. Oxley.
Mr. Oxley. Thank you. As the gentleman from Louisiana
indicated, both subcommittees are looking into this; and I have
to say that the title of our hearing probably says it best:
Identity Theft: Is There Another You?
I was looking at the information from the Better Business
Bureau that was just released, and it is headlined, San Diego,
a man who knows baseball star Tony Gwynn's bank account, Social
Security and driver's license numbers and his mother's maiden
name recently cashed a $950 check at Anaheim. Also, someone has
used Gwynn's name to test drive a Ford Escort and has yet to
return the car. It says, anybody, even Tony Gwynn, can become a
victim of identity fraud. And this person that tried to steal
Tony Gwynn's identity couldn't steal his batting stroke; but it
does show, I think, the ever-increasing dangers behind the
identity theft problem. It is a phenomenon that has developed
in concert with the growth of pin numbers and credit cards and
other conveniences that improve the way that people and
businesses engage in everyday transactions.
Identity theft occurs primarily in the area of financial
services because, when someone is stealing another's identity,
it is generally to get at their bank account or investment
account or credit card account.
Identity theft, thanks to our colleague on the committee,
Mr. Shadegg, is now a crime. There have been countless stories
of people whose lives were ruined as a result of a thief who
destroyed their credit, making it impossible for the victim to
get a mortgage for a home, open a bank account or even get or
keep a job. Indeed, we have one such victim testifying today
who will help us understand just how damaging identity theft
can be.
The Identity Theft and Assumption Deterrence Act of 1998,
which Mr. Shadegg introduced and was signed into law last
Congress, is an important step toward putting a stop to this
crime. Law enforcement now has a tool to go after identity
thieves for stealing a person's identity for the purpose of
engaging in fraudulent activities.
The act also directed the FTC to take steps to help
consumers who are victims of identity theft, including helping
them repair their fraudulently damaged credit records. It is
simply unconscionable that victims of identity theft have to
suffer not only the personal damage done to them by the thieves
but also from the frustration of being unable to promptly
correct credit records that reflect bad debts run up, not by
them, but by a criminal.
Under the Fair Credit Reporting Act, credit reporting
agencies are responsible for correcting inaccurate information
in credit reports. Based on the testimony of Mr. Anderson, as
well as numerous stories of identity theft victims who have
found it difficult, if not impossible, to correct credit
reports that have been damaged by an identity thief, it seems
that something is not working the way that it should.
A victim of identity theft should not have to battle with
credit card issuers or credit reporting agencies to clear up
his or her record if there is adequate evidence that a fraud
has been committed. Unfortunately, that has been the experience
of our first witness today, Mr. Anderson, who spent nearly 5
years working to clear up the damage done to his credit by an
identity thief.
Thank you for coming today, Mr. Anderson, and sharing your
experiences with the subcommittees; and I hope we can develop a
way to remedy this problem so others don't continue to face the
same problems that you did.
The Federal Trade Commission, which has responsibility for
administering the Fair Credit Reporting Act as well as the
Identity Theft and Assumption Deterrence Act, among other
statutes relating to this problem, has undertaken several
initiatives to help educate and protect consumers from identity
theft. I look forward to learning from the Federal Trade
Commission what they are doing to ensure that victims are able
to clear up their credit records once a fraud has been
discovered.
Mr. Connelly, the President of the Associated Credit
Bureaus, will indicate what steps credit bureaus are taking to
facilitate and expedite the clearing up of fraudulently damaged
credit records.
Today we will learn how a finance company that is a credit
card issuer tackles the thorny issue of identity theft. After
all, the card issuer generally absorbs the lion's share of the
bad charges run up by an identity thief. The issuer has a
strong incentive to put measures into place to prevent the
fraud from happening in the first place.
I thank all of our witnesses for joining us today and look
forward to both subcommittees learning more about this ever-
growing problem, and I yield back.
Mr. Tauzin. I thank my friend, the chairman of the Finance
Committee, for his opening statement.
Bill, with your forbearance, I will now recognize the
chairman of the full committee.
When the chairman of the full committee shows up at a
subcommittee hearing, it means that we are doing something
pretty important, so I want to recognize him and thank him for
coming.
By the way, Mr. Chairman, this hearing reminds me of the
old story of the lady in Washington who woke up in the middle
of the night and said to her husband, wake up, honey; I think
there is a thief in the house. He said, oh, go back to sleep;
there are at least a dozen of them in the Senate.
The Chairman of the full Committee on Commerce, Tom Bliley.
Chairman Bliley. Thank you, Mr. Chairman.
The Subcommittees on Telecommunications, Trade and Consumer
Protection and on Finance and Hazardous Materials will be
examining an issue of enormous significance to every American
consumer and business. The issue is the growing problem of
identity theft. This crime not only results in significant
losses to businesses as a result of bills incurred by identity
thieves who never intend to pay those debts, but also exacts
terrible tolls on the victim's personal life before he or she
even knows it is happening. We will hear today that victims of
identity theft often do not discover this fraud until he or she
can least afford it, when applying for credit or for a loan.
That is a time when a victim of identity theft is informed of
bad debts that do not belong to them.
The victims of identity theft suffer substantially. Not
only is their credit hurt but all of the problems associated
with a crime fall on their shoulders through no fault of their
own. Long after the damage is done, the victim is burdened with
continual problems of repairing his credit record, in fighting
claims against him by the businesses the perpetrator has
bilked. All because a thief was able to acquire personal
identification such as a Social Security number or credit card
number and assume the victim's identity.
Fortunately, our colleague from Arizona, Mr. Shadegg, took
it upon himself to move legislation to address this problem.
While there were several statutes that prohibit fraud and
relate to identity theft prior to the enactment of the Identity
Theft and Assumption Act of 1998, there was no Federal law that
criminalized the act of stealing another's identity. This lapse
made it extremely difficult for victims of identity theft to
have any recourse against the thieves who caused them such
great personal expense.
The new law makes it a Federal crime to steal someone's
identity and increases the penalties for the criminals.
Additionally, the law requires the Federal Trade Commission to
take actions to help the victims of these terrible crimes.
I welcome our witnesses today and look forward to hearing
how the new act and other laws administered by the FTC are
working--or not--to protect consumers and businesses from the
damage done by identity thieves.
I would like to extend a special welcome to my fellow
Virginian, Bob Anderson, who has suffered a great deal as a
result of having been a victim of this crime.
I also thank our witnesses from the Federal Trade
Commission, the Associated Credit Bureaus and Household
International for joining us today to educate the subcommittees
and the public on this important issue.
I look forward to learning today how we can improve
enforcement of the statutes on the books and what else we in
Congress as well as private industry and consumers can do to
stop identity theft and the damage it has already done to
consumers and businesses across America.
Thank you, Mr. Chairman.
Mr. Tauzin. Thank you very much, Mr. Chairman.
I wanted to acknowledge that the ranking minority member,
Mr. Markey, of our subcommittee is in an electricity hearing
upstairs and has sent word that he apologizes for not being
here. It does not mean that he is not deeply committed to
resolving some of these problems with us here.
And the chair now recognizes any member who would like to
make an opening statement.
Mr. Luther of Minnesota.
Mr. Luther. Thank you, Mr. Chairman.
Just briefly, I think most of us are very concerned about
this issue and particularly the length of time that it takes to
straighten out the record once the identity theft occurs.
Obviously, we are all interested in seeing what can be done to
shorten that period of time so people can get on with their
lives. So anyone who has suggestions and recommendations along
those lines, I hope you will share them.
Thank you, Mr. Chairman, for the hearing. It is a very
important subject, and I appreciate your calling it.
Mr. Tauzin. Thank you very much, Bill.
Mr. Towns will be coming. He is the ranking minority member
of the subcommittee chaired by Mr. Oxley. He will be coming a
little later. He is at a previous commitment.
Anyone on this side?
The author of the legislation that we will be discussing
today, Mr. Shadegg.
Mr. Shadegg. Thank you, Mr. Chairman; and I thank Mr. Oxley
as well for holding this very important hearing today to
discuss both an issue which is critically important to me,
identity theft, and more important to me is the implementation
of the legislation that we enacted last year, the Identity
Theft and Assumption Deterrence Act which creates the basis for
this hearing.
I am very pleased that you would schedule this hearing. I
want to talk a little bit about the problem and then a little
bit about what we discovered in trying to get the law enforced
and implemented.
The issue of identity theft was brought to my attention by
two of my constituents who were victims of identity theft. Bob
Hartle and his wife experienced the devastation of identity
theft firsthand when a convicted felon stole Mr. Hartle's
identity and, using that stolen personal identification
information, made purchases totaling $110,000. Using Mr.
Hartle's identity, this individual obtained a Social Security
card, a driver's license, bank accounts, credit cards and even
life insurance in Mr. Hartle's name. He bought trucks,
motorcycles, a mobile home, furniture and appliances.
Incredibly, he even obtained a security pass to a
restricted area of Sky Harbor International and took advantage
of Mr. Hartle's clean record to get around the Brady law and
purchase handguns.
Mr. and Mrs. Hartle have had to spend a great deal of money
to correct their credit ratings, indeed $15,000 to try to set
the record straight. Because at the time these events occurred
there were no criminal penalties for idebtity theft, the
Hartles were left with virtually no remedy whatsoever. The
individual was prosecuted for making false statements to
purchase a handgun, and was sentenced to prison in 1995 and
released earlier this year. But because there was no law at the
time, he was not required to and did not make any restitution
to the Hartles, the victims of the crime.
Today, as I think everyone in this room knows, identity
theft has become the fastest-growing financial crime in America
and indeed probably the fastest-growing crime of any kind in
our society.
Arizona, in 1996, became the first State in the Nation to
enact criminal penalties for identity theft. Since then, it has
been joined by California, Colorado, Georgia, Kansas,
Mississippi, Wisconsin and West Virginia. Other States,
including New York, are similarly working to pass laws of this
type.
The key to identity theft is that it prohibits the
obtaining and the transfer of personal identification
information. It used to be that you could prosecute people for
credit card fraud or bank fraud or for bad checks, but that was
all after the fact. What this law does, both the Arizona law
and the laws enacted in other States and the law we were able
to pass last year, is empower Federal law enforcement agencies
to investigate the crime, apprehend the individual, and
prosecute the individual before they cause the damage.
My colleague on the other side referred to the serious
problem that is caused when someone's credit rating is
destroyed because the crime has been effectuated. This law
allows law enforcement agencies to prevent the crime by
stopping it before all of those consequences, all of the theft,
all of the fraud occurs and someone's credit rating is
completely destroyed.
I think that is the key to the law, and it is why this
hearing is so important. The Federal Trade Commission, under
the legislation we passed last year, was directed within 1 year
of its enactment to establish a centralized complaint and
consumer education service for the victims of identity theft,
and I am sure that we will hear testimony about their efforts
today. They are also required to log complaints from identity
theft victims, to provide information materials to those
victims and refer complaints to consumer reporting and law
enforcement agencies.
I want to talk a little bit about what is happening now in
the enforcement of the law and the problems that we are
finding.
The two greatest obstacles that we are finding is, one, a
lack of information amongst the public about the fact that this
conduct is criminal and that they can report it as soon as it
occurs.
Second, and this is more important and I hope our witnesses
will discuss the issue, is confusion regarding jurisdiction.
Many law enforcement agencies think, well, you have called me
about an identity theft where your identity has been stolen,
but we only handle bank fraud so we only handle the bad checks.
No bad check has cleared yet. Then they turn that person away.
Or someone comes in and says, have you had a credit card fraud?
We are in charge of credit cards. We will handle it once you
have some credit cards stolen.
The Arizona Attorney General's Office went out to a local
law enforcement agency in Phoenix and, while waiting for an
appointment, two individuals came to the window and complained
and said, I want to complain about an identity theft which has
occurred to me. In both instances, the policeman taking the
complaint said they stole your identity and you are not the
victim. Because, until this legislation passed, the theft was
considered to have been committed against the credit card
company or against the bank that wrote the check or against the
individual who extended the credit, not the victim.
I am sure that we will hear from our victims that they
really are the victim of the crime, but our laws prior to the
passage of this legislation and the similar legislation in
various States did not make the individual the victim. That
illustrates one problem.
The second problem is the lack of awareness. The law
enforcement officers, in this instance, the Arizona law had
been in effect since 1996, the Federal law has been in effect
for 6 months now, and this law enforcement agent said to the
individual, you are not the victim. Obviously, they were the
victim.
In an effort to educate the public about this crime and
assist law enforcement in Arizona, I formed an Identity Theft
Task Force, because victims kept coming to my office saying law
enforcement is not helping us with this problem. Thirty-five
members have shown up for the most recent meetings of this task
force, and they include representatives from local police,
County Attorney's Offices, the State Attorney General's Office
and, I am very pleased to say, representatives in Phoenix from
the FTC, FBI, the INS, the Secret Service, Postal Service,
Social Security Administration and the U.S. Attorney's Office
along with representatives of the banking industry, the credit
bureau industry and a number of private industry groups.
As a result of this task force, we have worked very hard to
do two things. One is compile a list of the kinds of crimes
that can be and are committed once somebody's identity has been
stolen; second, to write a protocol so that law enforcement
agencies will know how to handle these complaints when they
come in. That protocol is in its final draft form. The Arizona
Attorney General's Office and Maricopa County Attorney's
Offices have worked on it, and I am very pleased to say that it
is moving forward.
In the absence of that protocol what is happening in the
enforcement of this law is confusion. Agencies don't know which
agency has jurisdiction.
And just to give you a quick anecdote. During the last task
force meeting, they explained that someone comes in to the
Phoenix Police Department and they say, my identity has been
stolen. They then begin to list the credit cards that may have
been created and the bank accounts that may have been opened
and the other credit which may have been established all across
the country, a credit card issued in Delaware or a bank account
established in perhaps Minnesota. The law enforcement agencies
in Arizona say, how in the world do we have jurisdiction over
this crime and how can we get the resources to enforce this
crime?
Because the nature of the crime is the theft of an
individual's identity, I argue that at least legal jurisdiction
for prosecution of that crime is wherever that person lives.
That creates a huge resource problem for the local law
enforcement agencies.
I do believe that the Federal Trade Commission can do a
great deal of good in this area. I commend them for their
efforts. And, again, I commend both chairmen of these
subcommittees for holding this hearing so we can move forward
on enforcement of this important law.
Mr. Tauzin. Thank you. Both of us were commenting on how
much of an effort you have been responsible for and how much
the victims across America should be indebted to your
dedication and work in this area.
Mr. Shadegg. Thank you.
[The prepared statement of Hon. John Shadegg follows:]
Prepared Statement of Hon. John B. Shadegg, a Representative in
Congress from the State of Arizona
Thank you Mr. Chairman. I am pleased that the Subcommittees on
Finance and Hazardous Materials and Telecommunications, Trade and
Consumer Protection have combined efforts today to discuss an issue
that is very important to me--identity theft.
Identity theft occurs when stolen personal information is used to
establish false credit, open checking accounts, apply for loans, file
for bankruptcy, and run up thousands of dollars in debt by someone
other than the individual whose identity was stolen. Victims are left
to clean up the mess, settle thousands of dollars in debt, and
reestablish their credit.
This problem was first brought to my attention by two of my
constituents, Bob and JoAnn Hartle of Phoenix, Arizona, who, being
victims of identity theft, were instrumental in passing the first state
law in the nation making identity theft a crime and assisted me in
passing H.R. 4151, the Identity Theft and Assumption Deterrence Act.
Mr. and Mrs. Hartle experienced the devastation of identity theft
first hand when a convicted felon stole Mr. Hartle's identity and,
using this stolen personal identification information, made purchases
totaling more that $110,000. With Mr. Hartle's identity, this
individual obtained a Social Security card, driver's license, bank
accounts, credit cards, and life insurance in Mr. Hartle's name. He
bought trucks, motorcycles, a mobile home, furniture, and appliances.
Incredibly, he even used Mr. Hartle's identity to obtain Federal
Aviation Administration security clearance to Sky Harbor International
Airport in Phoenix. He used Mr. Hartle's military service in Vietnam to
get a federal home loan and even took advantage of Mr. Hartle's clean
record to get around the Brady Law and purchase handguns.
Mr. and Mrs. Hartle have spent over $15,000 of their own money--and
over four years of their lives--re-establishing their good credit and
reclaiming Bob's identity. Because at the time these events took place
there were no criminal penalties for identity theft, the Hartles were
left with virtually no remedy. The criminal who victimized them was
prosecuted for making false statements to procure firearms. He was
sentenced to prison in 1995 and released earlier this year. Most
importantly though, he was not required to, and therefore did not make
any restitution to the innocent victims of his outrageous conduct, the
Hartles.
Tragically, the Hartles' story is far from unique. Today, identity
theft has become the fastest growing financial crime in America and one
of the fastest growing crimes of any kind in our society. Thousands of
people are victimized every day. A single national credit bureau
reported that over two-thirds of the complaints it received in 1997
involved identity theft--a total of 300,000 complaints in just one
year. Cost to individual victims, financial institutions and taxpayers
from identity theft have skyrocketed in recent years to almost $2
billion dollars annually.
In 1996, my state of Arizona became the first state in the nation
to enact criminal penalties for identity theft. Since then, California,
Colorado, Georgia, Kansas, Mississippi, Wisconsin and West Virginia
have enacted similar laws making this conduct criminal. Several other
states, including New York, are currently working to pass state
identity theft laws.
In response to the Hartle's story and the growing number of
identity thefts across the country, I introduced H.R. 4151, the
Identity Theft and Assumption Deterrence Act, in the 105th Congress to
make identity theft a federal crime. And, after introducing this
legislation last year, literally hundreds of constituents came forward
to tell Members of Congress their stories of victimization, including
dozens of congressional staff members here on Capitol Hill.
H.R. 4151 passed the House of Representatives by voice vote on
October 7, 1998, and subsequently received unanimous consent from the
Senate and was signed into law on October 30, 1998.
This new federal identity theft law prohibits the transfer and use
of personal identification information--such as a person's name,
address, or social security number--to acquire an individual's
identity. This empowers federal law enforcement agencies to
investigate, apprehend and prosecute criminals before they can use an
individual's stolen identity to acquire credit cards, checking
accounts, home loans, purchase vehicles, furniture, appliances or
handguns or otherwise cause irreparable damage to victims.
Identity thefts range from individual instances involving small and
large amounts of money, like the Hartle's, to organized, professional
crime rings operating in multiple states and stealing hundreds of
thousands of dollars. One such crime ring, using a fictitious home
improvement business as a front, established a credit bureau account
and used its computer link to download roughly 500 credit reports. With
this personal financial information, the crime ring stole more than
$250,000.
The identity theft law imposes penalties of up to 15 years
imprisonment for federal identity theft crimes and increases penalties
to 20 years for identity theft crimes associated with drug trafficking
offenses or any violent crime. Because H.R. 4151 created a new crime
under the federal fraud statute, victims of identity theft can now seek
restitution for expenses incurred to reestablish their credit as well
as compensation for legal and court fees.
Finally, H.R. 4151 directed the Federal Trade Commission (FTC),
within one year of enactment, to establish a Centralized Complaint and
Consumer Education Service for victims of identity theft. Specifically,
the FTC is required to log complaints from identity theft victims,
provide informational material to victims, and refer complaints to the
appropriate consumer reporting and law enforcement agencies.
The FTC is currently working to establish a toll free number for
identity theft victims, to create a separate consumer complaint
database for identity thefts and to develop consumer educational
materials. In an attempt to streamline the information included in
these educational materials, the FTC is drawing from existing materials
provided by a variety of federal agencies as well as new information
regarding identity theft to create a more thorough and up-to-date set
of materials.
In the interim, the FTC has taken steps to assist identity theft
victims right now, including training current consumer complaint phone
counselors to facilitate identity theft inquiries. In addition,
modifications have been made to the existing database to log identity
theft complaints until a permanent database is in place and current
educational materials available to consumers have been expanded to
address identity theft. Finally, the FTC anticipates that in the coming
weeks, the consumer complaint website (located at www.consumer.gov)
will have an identity theft page added to provide information and links
to other federal law enforcement agencies.
It has come to my attention that the two greatest obstacles to
enforcing the laws in this area and deter identity theft are a lack of
awareness and confusion regarding jurisdiction. Victims are unsure of
their options for repairing their damaged credit ratings and
eliminating the accrued debt. Likewise, law enforcement is often
unfamiliar with existing state, and now federal laws that provide them
with the ability to actively investigate and prosecute identity thefts.
Although Arizona's identity theft law has been in place since 1996, and
now has the backing of the federal law, both victims and law
enforcement agencies from around the state are still experiencing
difficulty and confusion in how to handle complaints of identity
thefts.
In an attempt to further educate the public about this crime and
assist law enforcement, earlier this year I formed an Identity Theft
Task Force. This thirty-five member task force includes representatives
from local police, county attorney's and state attorney general's
offices. In addition, staff members from the local FTC, FBI, INS,
Secret Service, Postal Inspectors, Social Security and U.S. Attorney's
Office, along with banking and private industry groups participate in
the task force.
As a result of this effort, the Task Force has compiled a list of
the different types of crimes that can be committed once someone's
identity is stolen and a protocol for handling identity theft
complaints is being written. This will assist law enforcement in
determining the appropriate jurisdiction for crimes associated with
identity theft. The Arizona Attorney General's Office, the Maricopa
County Attorney's Office and the Secret Service are currently working
to compile an educational booklet for consumers and agencies.
In the absence of a protocol for handling identity theft
complaints, victims are being turned away by law enforcement because
the agencies do not understand the law or how to process complaints.
The Identity Theft Task Force is continuing to meet regularly and I am
confidant that opening the lines of communication between consumers,
law enforcement and private industry is the most effective method to
fully enforce the state and federal identity theft laws and assist
victims with reestablishing their credit and their good name.
I commend Chairman Oxley and Chairman Tauzin for holding this
hearing to inform both Members of Congress and the public about the
pervasiveness of identity theft and the efforts underway by federal and
state agencies and industry to combat this crime. Furthermore, I hope
the witnesses can elaborate on the obstacles that still exist which
effectively prevent the prosecution of instances of identity thefts. I
would like to thank both the Associated Credit Bureaus and the Federal
Trade Commission for their efforts to implement the new federal
identity theft law and acknowledge their initiatives. I look forward to
hearing their testimony on the progress of this program and their
thoughts on the frequency of identity theft based on consumer
complaints to date.
Thank you and I yield back the balance of my time.
Mr. Tauzin. Any other members wish to make an opening
statement?
Dr. Ganske, you are recognized.
Mr. Ganske. Mr. Chairman, I am interested in learning about
identity theft and what the FTC is doing about it. My
understanding is that we will hear some personal examples today
of this problem, and I think it is commendable that you are
holding a hearing on this to draw public attention to this
problem, and I thank you.
Mr. Tauzin. Thank you, Mr. Ganske.
Anyone else for an opening statement?
Then the Chair is pleased to yield to Chairman Oxley to
introduce the panel. As he introduces you, if you will come
forward and take your seats.
Mr. Oxley.
Mr. Oxley [presiding]. Thank you, Mr. Chairman.
Let me first introduce Mr. Robert Anderson from Mineral,
Virginia; and Ms. Jodie Bernstein, the Director of the Bureau
of Consumer Protection at the Federal Trade Commission; Mr.
Charles A. Albright, Chief Credit Officer from Household
International; and Mr. D. Barry Connelly, President of the
Associated Credit Bureaus here in Washington.
Thank you, all of you, for appearing.
Mr. Anderson, we will begin with you.
STATEMENTS OF ROBERT ANDERSON, MINERAL, VIRGINIA; JOAN Z.
BERNSTEIN, DIRECTOR, BUREAU OF CONSUMER PROTECTION, FEDERAL
TRADE COMMISSION; CHARLES A. ALBRIGHT, CHIEF CREDIT OFFICER,
HOUSEHOLD INTERNATIONAL, INC.; AND D. BARRY CONNELLY,
PRESIDENT, ASSOCIATED CREDIT BUREAUS, INC.
Mr. Anderson. I thank you for the opportunity to share my
story with you. I have heard some of these kinds of stories
before, particularly with credit card and bank account theft;
and I think mine is just a little bit different, as you will
see, in that the perpetrator hasn't stolen anything tangible
from me other than my credit rating. All of the thefts have
been from other places, businesses primarily.
Basically everything I have to say is based on my own
documentation, which is extensive; and I am glad that early on
I started documenting, because it would probably be 15 years
instead of 5 years if I had not.
I don't know statistically how identity theft normally
begins, but in my case it was not lost credit cards, it wasn't
a lost or stolen driver's license, and it was not something
stolen from a checking account or a mailbox. Rather, it was a
number from a supposedly very protected system of records, my
Social Security account number.
At the beginning, the person responsible for this found a
way, and I don't know to this date just how, to go into five
different Social Security offices in California and get my
number and I believe in each case probably not only the number,
but little bits and pieces of identity to go with it. It wasn't
immediately obvious that anything was happening. Except that in
1994 I got called into a Social Security office regarding a
disability claim for somebody with a name very similar to mine,
but not me. When I visited the office, they said, yes, it
appears there has been an enumeration problem; and we are going
to correct it. At that point, I thought the problem was solved.
Well, several months later, getting into 1995, I found
strange things happening with my credit reports. Just really
casual applications for credit cards or lower balance credit
cards, whatever, were turned down. And in almost every case, I
would receive a notice from the bank involved that I had
collections and foreclosures on my credit report. Of course,
since I have never had a collection or foreclosure in my life,
I immediately tried to find out what that was all about.
When I pulled the reports, and that was an effort in
itself, it took three attempts before one of the credit
reporting agencies even responded to me, and even then I had a
lot to learn. I had to learn to play the game in that the
format of whether I needed to send $8, whether I needed to
write it on yellow paper or green paper, what have you.
Once I learned to play the game, I was able to pull my
reports from all three of the credit reporting agencies. When I
did, lo and behold, there were collections and foreclosures at
that point in time based on telephone service, cellular and
interstate telephone service from a cellular company and
Pacific Bell.
Well, I immediately contacted the provider of that
derogatory information and their collection agency and
explained to them that I had a Social Security number fraud
problem and that the accounts didn't belong to me, that I never
had telephone service in California, that I had never had a
cellular phone in California.
I was given assurance that it would be taken care of. At
that point, it was TRW that I was dealing with; and nothing
happened. So when I saw that nothing was happening, 6 or 8
weeks later I decided I better do something about it.
And, just thinking it through, that I had witnessed a theft
of interstate telephone communications, I wrote a letter to the
FBI in California. I was contacted subsequently by the Special
Agent in Charge who said, yes, this sounded like it was a
problem, but it didn't rise to the level of things that they
could investigate.
Basically, I was told by the FBI that, in California at
least, they really couldn't get into cases like this or I guess
any kind of a personal theft thing unless it rose to the level
of $250,000. In my case we are talking about thousands of
dollars, not anything like that.
So armed with that information, I started with Social
Security. I contacted the Office of Inspector General and their
hot line, and I advised them of what was happening and of the
information that I had from the Social Security Administration
and they put me in the queue. After months and months of some
conversation but nothing happening, I got pretty adamant with
the Inspector General's Office, and I found out that basically,
was that they could not do anything because of the burden of
the backlog of beneficiary theft, that is, checks actually
taken out of mailboxes were keeping them too busy and that they
didn't quite know what to do with me.
At that point I decided I probably better get after the
credit reporting agencies and start focusing on the things that
I could do with the Fair Credit Reporting Act.
I again pulled my credit reports. Now there was even more
substantial bad derogatory credit information, and it was clear
that the person doing this had obtained a little more of my
identity. I don't know how. I have to suspect since one credit
report was totally merged, that is, I know this person's
workplaces, I know this person's addresses, so on and so forth,
I have to assume that that person probably knows the same thing
about me if he pulled the same credit report. I have to assume
that risk.
I pulled over 20 credit reports from the crediting agencies
over the past 3 years, and I have disputed virtually every one
of them. I guess only recently, and I will explain why a little
bit more, the person got into use of medical services; and that
actually helped me.
But, after disputes, I was able to pretty well clear up one
of the three credit reporting agencies. The other one still had
these computer problems with this merged report. And although
they took out the addresses and some things of the other
person, they put the same computer numbers, Los Angeles file
numbers and things on my report and put my name and address on
the cover of it; and that is where that stands today. So the
other person is indeed off that credit report, but the
information is not.
The third one generally refused to do anything. They said
that they had contacted the likes of the telephone companies in
California, and department stores were a favorite of this
person. And that they had been advised, because a valid Social
Security number had been presented, they could not do much for
me.
Now this was after I had sent these people copies of a
letter that I had from Social Security advising them that I was
a fraud victim. This is after I had them place statements on my
credit reports over 3 years that I didn't want any credit to be
granted to anybody because I was a fraud victim and I was to be
contacted, et cetera, if that was the case. Yet the third CRA
still wouldn't do anything and to this day still won't do
anything about the disputed and disputed and disputed
information that clearly emanates from California, that clearly
fits the mold of the fraud that occurred, and it is frustrating
I guess is the best way to state that.
A major breakthrough in starting to get something going was
that the person started using hospitals and medical facilities.
Just about every night at dinner time we would get a call and
it would be from a collection agency wanting to know when I was
going to pay them for the surgery that was done and the likes
of this. It was appalling to me then and still is that a
hospital or a doctor could perform surgery on somebody and not
even know who they were operating on, and that seems to be the
case.
Similarly, with the department stores, that fit the same
category. These are the kinds of things that would happen.
There is a Mervyns store out in California. The person would
walk in, open an account, charge right away $500 or $600 worth
of merchandise; and 2 or 3 months later I would get the call at
dinner time. The person has never tried, as far as I know, to
get into my bank accounts, has never tried to steal money from
myself, but it has always been consumer, department store, or
medical fraud.
In my opinion, the laws seem pretty clear. I have read the
Fair Credit Reporting Act. I am somewhat familiar with the
Criminal Code. There are a number of laws that seem to be out
there, and I really do welcome the one criminalizing the one
with the use of identity with the smaller dollar amount that
came out last year, but the problem is finding somebody that
thinks that the theft of your identity is worth a quarter of a
million dollars or whatever standard they have set to do
something about it. If there is anything that can be done with
setting standards, I think it could be very helpful to people
such as myself.
In the case of the victim, I will be quite honest with you,
I think I could have solved this real quickly if I was wealthy.
Basically, the attorneys that I talked to told me to get a
high-profile attorney. I guess that means if you are a victim
of identity theft and you can afford the likes of an F. Lee
Bailey or a Johnny Cochran, you can probably solve the problem.
But I found it extremely difficult to find attorneys that were
subject matter knowledgeable and that were willing to take the
case on a modest fee or some other basis, particularly in my
case when the actual damages that would go into the lawsuit are
not huge, $50,000 would be my guess at this point. The whole
thing in my case is going to be punitive damages.
And what is my identity worth? I don't know. I think that
is one of the major things that can be done to help victims, is
to set some standard that this is worth as much as a diamond or
$250,000 or whatever, so that the people that are responsible
for prosecuting and enforcing the laws can do something about
it.
As far as the credit reporting agencies go, I don't know. I
think the FCRA is a real good document. I think this covers all
of the bases. But what I have seen in terms of foot dragging,
requiring notification time after time after time again of a
moving target which, by the way, by the time they correct has
moved to another place and you have another problem, that is
hard to deal with.
I am advised by attorneys that the legal process is no
better. That going into court, first of all, will probably,
this is under 15 U.S. Code now, probably results in a modest
award. It has in the past in some cases, but that award is
going to be appealed by a throng of lawyers, and the reality is
that the case is going to be in court for years. I don't know
what to do about that one. I don't know where we set a
standard.
And I have probably run up my 5 minutes right there. That
is about the story. I am looking for any help I can get, and I
welcome the opportunity to sit here and tell you the story.
[The prepared statement of Robert Anderson follows:]
Prepared Statement of Robert Anderson
In Mid 1994 I became aware of a problem with my Social Security
Number and also experienced denial of very routine credit due to
reported ``collections and foreclosures.'' I have never had a
collection nor foreclosure against myself.
In August of 1994 I visited a Social Security District Office in
Baltimore, Maryland, and was advised that SSA records showed my SSN as
belonging to a person with a similar name, but not myself. I was told
that the problem would be corrected.
During the same period I began to experience unusual reactions from
creditors, and was advised several times that this was due to
``Collections and foreclosures.''
Virtually all of my investments were in Real Estate. Since I was
now a widower and an early retiree, I decided to sell my primary
residence, reduce and eliminate real estate debt, and move to another
property I already owned. In the process I applied for mortgage
refinance credit and found that I now had credit problems. My credit
reports in December 1995, showed collections and foreclosures on
telephone service in California occurring from late 1994 through 1995.
This derogatory information delayed and made my Real Estate
transactions either very difficult or impossible thus depriving me of
significant financial leverage.
I obtained some information regarding the Fair Credit Reporting
Act, and requested copies of my consumer credit report from all three
of the major Credit Reporting Agencies (CRA'S). I was advised that I
needed to get the individual collection agencies to contact the CRA in
order to remove the derogatory information and was given contact
information. The agencies involved and particularly, Pacific Bell
Telephone would not delete the harmful information from my reports
since it had been verified by someone using my SSN.
My mortgage processor advised me to contact Social Security and
obtain a statement that my SSN was being used fraudulently. I did so,
and received a letter from the SSA District Office stating that my SSN
had been issued to another person on five different occasions. All SSN
issuance's were in the Pomona/Glendora area of California, and I was
even provided with a local address in California, reported as belonging
to myself.
When I moved and applied for a driver's license (which uses SSN), I
was delayed and questioned by a motor vehicle inspector as to whether I
had ever lived in, or had a record in California. Recognizing that this
had become a serious problem requiring resolution I escalated my
efforts.
At this point, I had a name, address and other information about
the person in California, and decided that I must attempt to stop their
damaging actions.
Telephone calls to local law enforcement agencies in California did
no good. I was told that since I live in another State, I must file a
complaint with my local authorities. The State Police told me that this
appeared to be a Federal matter and that I should contact FBI. I wrote
to the FBI in California and advised that identity fraud had occurred
involving interstate telephone services. The special agent in charge
called me and advised that unless the dollar amount of the fraud
exceeded $250,000, they could do nothing. I contacted the Social
Security Office of Inspector General Hotline and attempted to file a
complaint in order to obtain some sort of police report number. I was
initially told that SSA had such a backlog of beneficiary theft
(checks) that they could do nothing. After three years of telephone
calls and endless letter writing, I still have not reached resolution
with SSA. Only after Congressional intervention did I receive
indications of help from SSA.
Thus began a four year long nightmare of credit problems. The
perpetrator was apparently knowledgeable enough not to apply for credit
cards, commit postal fraud, nor directly attack my personal accounts.
Instead, he began victimizing Department stores by applying for
revolving credit, immediately purchasing to the limit, and
disappearing. I would receive a call from some collection agency and
would recite my story of Social Security Number theft and identity
fraud. In some cases, such as Montgomery Wards, research performed
indicated the existence of someone in California and the matter was
removed from my credit report. In other cases, such as Target, and
Mervyns, the information was never corrected; and I still receive calls
from collections agencies. Both Target and Mervyns were advised of the
SSN problem and fraud, yet chose to ignore that information.
The California fraud now began to use Medical facilities in
California, using my SSN for billing. I received phone calls, letters
of collection, and collection agency actions from two Hospital groups,
an ambulance service and radiology centers. One surgeon sent me a
statement that he performed surgery upon myself (I have never had
surgery). It was clear that the Medical facilities did not know who
they were treating. I obtained legal counsel and one of the hospitals
corrected and wrote off at least $6,000 in charges, but only after
threat of lawsuit. The others remain a problem and still appear on some
of my credit reports. I have been unable until just recently to reduce
the interest rates of my credit accounts due to the fraud. My children
are routinely offered credit at 6% while I have been saddled with 18%
credit for three years.
The CRA's were another story. I notified all that was I was a fraud
victim, and disputed the erroneous information on their reports. I
asked that statements be put on my report to advise creditors of the
fraud and not to grant credit without my permission. The CRA's
responded variously, but I found that as soon as I could correct and
dispute one item, frequently more bad credit information would be
added. At one point a credit report completely merged my personal and
credit information with that of someone in California, thus providing
me with addresses, places of work, credit history and other
information. When I disputed the information, the report was corrected
to reflect only my name and address but still contained all information
on two different persons, including the CRA coding information. I
requested and disputed my credit reports every 90-180 days and disputed
in writing all erroneous information. Although this is finally
beginning to result in an accurate report, one of the major CRA's still
willfully refuses to remove damaging erroneous information. That CRA
has been provided multiple copies of letters from SSA which document
myself as a fraud victim.
There seem to be more than adequate Federal laws in existence to
cover my situation. Title 15, USC 1681, the Fair Credit Reporting Act,
provides both for theft and fraudulent use of SSN's and for willful
failure of credit reporting agencies to protect consumers by correcting
fraudulent information. The Federal Criminal Code, Title 18, USC 1028,
also appears to make the SSN use a federal offense. I expect there are
other related laws.
The problem I have experienced is the tremendous difficulty in
causing someone to prosecute and/or enforce the laws unless there is a
large amount of money involved. This raises the questions in my mind:
What is the value of one's identity? What is the value of ones credit
worthiness? What is the price to be paid for the stress, suffering and
personal damage to a victim? This applies not only to law enforcement
agencies, but to attorneys as well. My experience has been that where
an Attorney can choose between a personal injury automobile accident
case, and an identity theft case, the personal injury case wins hands
down. I am advised that should one lose a Federal Civil case against a
CRA, the CRA may charge all legal fees to the plaintiff. I also am told
that the CRA will most certainly appeal should a judgement against them
be rendered, and that the history of existing cases indicates years of
litigation in each case. After two aborted attempts to pursue
litigation against a CRA have been sidetracked due to the complexities
of my case, I still pursue Federal Civil Court action.
Mr. Tauzin. Mr. Anderson, we deeply appreciate it.
Actually, we did not put a timer on you. We thought after
all these years, you ought to be able to say whatever you
wanted to say for as long as you wanted to say it. Thank you,
Mr. Anderson.
Ms. Bernstein.
STATEMENT OF JOAN Z. BERNSTEIN
Ms. Bernstein. Thank you very much, Mr. Chairman, all three
chairmen. Thank you very much for the opportunity to be with
you today at this very important hearing on this subject that
the Commission cares very deeply about.
Before I start, as your practices are, I think, Mr.
Chairman, our full statement will be accepted for the record;
and I will just summarize briefly for you this morning the
steps that the Commission has already undertaken, what our
plans are for the future.
I would like to thank Mr. Shadegg particularly for his
leadership in this area in recognizing the capacity of the FTC
that has been working in the area of handling consumer
complaints over the last couple of years especially.
Our hope is, in welcoming the authority that the committee
and the Congress gave us, is that it will result in a better
system for people like Bob Anderson who have suffered such
grave damage to their reputations and to the loss of their
identity. Hopefully, as we finish the implementation of this
and the Fair Credit Reporting Act amendments, it will result in
a better system.
Just to focus on the statute itself, the Identity Theft
Assumption and Deterrence Act, and as you pointed out in your
statement, the act requires the FTC to establish procedures to
do three things: to log the receipt of complaints by victims of
identity theft; to provide victims of identity theft with
informational materials; and, three, to refer complaints to
appropriate entities, including major national credit bureaus
and law enforcement agencies.
We intend to meet your deadline of October 1 to have these
procedures in place. They are already under way.
So the way we view our role, it is largely as a
coordinator, to serve as a central point of contact and the
source of information for victims and to manage that
information to be shared with the various agencies in its
support of law enforcement.
So what we have done specifically is we have a plan to
establish an 800 number. It is already under way. We have
already reserved a number which is a pretty good one, 877-I-D-
theft--it has been reserved, but it has not been implemented
just yet--in order to take complaints from consumers and
provide them with information as to what to do about it. I
think that is a critical role for us.
We are also planning, and it is also under way, a data
base. It is built on the other data bases that the Commission
has already established so that the information can be
available across the country out of the data base. It will help
law enforcement, particularly. If I haven't stressed that
enough, the coordinating function between us as a repository of
information and criminal law enforcement across the country in
the Federal agencies will be critical.
And perhaps as important as the other functions are the
education or informational function. We have started on that,
and we issued a consumer alert in April that is on identity
crisis, what to do if your identity is stolen. And the first
thing to do is to give specific information as to where to
report initially an episode of identity theft. These are
available. Copies are available with me here today.
This back page, Chart Your Course of Action; and it is
helpful in identifying what you ought to do initially if you
have been a victim of identity theft. It is to help victims
begin to cope with this problem.
What have we done in addition to these steps? We have
trained our consumer response center counselors, and we have
them in place to handle other consumer problems, and we have
added a number to that staff to recognize ID complaints and
assist victims right away if and when they call up. We already
have numbers in place for that.
We have modified our existing data base to track basic
information on the ID theft calls that we are already
receiving. As I said, we have issued consumer information
already. We are publicizing it as broadly as we can, this
consumer information, and through media coverage of the
consumer information.
Within a couple of weeks we are about ready to launch a web
page that will be dedicated entirely to identity theft, and it
will be built on www.consumer.gov, which is a page that we took
the initiative on and has 61 Federal agencies coordinating. I
am proud of it because, for the first time, a consumer can get
information from the Federal Government without knowing what
the acronym is for the agency, and I think that is a real
breakthrough. So we will be building on that experience.
Just this week we held a conference with 16 Federal
agencies to begin to get them to be aware of the need to
coordinate this information and to foster law enforcement as
best we can. The National Association of Attorneys General also
attended that. We want them to coordinate with us as we begin
to develop the tools for consumers so that we are getting from
consumers the information that they need, that law enforcement
needs in order to bring rapid enforcement in this area.
On a related subject, I would add one more point, because
this is important. It was stated in the written testimony of
the Commission, this week the Commission--just yesterday, they
authorized us to file a complaint in Federal court that for the
first time attacked the process known as pretexting. Pretexting
is people who, I guess in lay language, lie about who they are
to obtain very sensitive financial information to be used by
third parties without the authorization of you, the consumer,
whose material it is.
We filed a case in Colorado yesterday naming Touchtone
Information, a company which we believe plays a significant
role in this business, to attack under section 5 of the FTC act
the Commission's existing authority to attack deceptive and
unfair practices for two things, the lying and the passing on
of the information.
We will be happy to keep the committee advised as to the
course of that litigation. I have with me today copies of the
complaint as well as the majority and dissenting statements of
the Commission for your information.
I do want to say that others here at the table have been
very helpful and cooperative in terms of our consumer education
efforts. We will need the private sector as well as the
government agencies to carry out the task.
Again, I thank the committee for the opportunity to be with
you today.
[The prepared statement of Joan Z. Bernstein follows:]
Prepared Statement of Joan M. Bernstein, Director, Bureau of Consumer
Protection, Federal Trade Commission
Mr. Chairman Tauzin, Mr. Chairman Oxley, and members of the
Subcommittees, I am Jodie Bernstein, Director of the Bureau of Consumer
Protection, Federal Trade Commission (``FTC'' or
``Commission'').<SUP>1</SUP> I appreciate the opportunity to present
the Commission's views on the important issue of financial identity
theft.
---------------------------------------------------------------------------
\1\ This written statement represents the views of the Federal
Trade Commission. My oral presentation and response to questions are my
own, and do not necessarily represent the views of the Commission or
any Commissioner.
---------------------------------------------------------------------------
In my remarks today, I will discuss the increasingly common problem
of identity theft, the role of the FTC in addressing this problem under
the recently enacted Identity Theft and Assumption Deterrence Act
<SUP>2</SUP>, and the steps the Commission is taking to aid consumers
who become identity theft victims. I will also briefly address one of
the notable ways in which identity theft can occur in the financial
services industry--``pretexting,'' i.e., obtaining private financial
information from banks and others under false pretenses.
---------------------------------------------------------------------------
\2\ Pub. L. No. 105-318, 112 Stat. 3007 (1998).
---------------------------------------------------------------------------
i. identity theft: the problem
Identity theft occurs when someone uses the identifying information
of another person--name, social security number, mother's maiden name,
or other personal information--to commit fraud or engage in other
unlawful activities. For example, an identity thief may open up a new
credit card account under someone else's name. When the identity thief
fails to pay the bills, the bad debt is reported on the victim's credit
report. Other common forms of identity theft include taking over an
existing credit card account and making unauthorized charges on it
(typically, the identity thief forestalls discovery by the victims by
contacting the credit card issuer and changing the billing address on
the account); taking out loans in another person's name; writing
fraudulent checks using another person's name and/or account number;
and using personal information to access, and transfer money out of,
another person's bank or brokerage account. In extreme cases, the
identity thief may completely take over his or her victim's identity--
opening a bank account, getting multiple credit cards, buying a car,
getting a home mortgage and even working under the victim's
name.<SUP>3</SUP>
---------------------------------------------------------------------------
\3\ In at least one case, an identity thief reportedly even died
using the victim's name, and the victim had to get the death
certificate corrected. Michael Higgins, Identity Thieves, ABA Journal,
October 1998, at 42, 47.
---------------------------------------------------------------------------
Identity theft almost always involves a financial services
institution in some way--as a lender, holder of a bank account, or
credit card or debit card issuer--because, as the bank robber Willie
Sutton observed, that is where the money is. Identity theft involving
financial services institutions, furthermore, is accomplished through a
wide variety of means. Historically, identity thieves have been able to
get the personal information they need to operate through simple,
``low-tech'' methods: intercepting orders of new checks in the mail,
for example, or rifling through the trash to get discarded bank account
statements or pre-approved credit card offers. Sometimes, identity
thieves will try to trick others into giving up this information. As
discussed in more detail below, one way in which identity thieves do
this is by ``pretexting,'' or calling on false pretenses, such as by
telephoning banks and posing as the account holder. In other cases, the
identity thief may contact the victim directly. In one recent scheme,
fraud artists have reportedly been preying on consumers' fears about
Year 2000 computer bugs; a caller, for example, represents that he or
she is from the consumer's bank and tells the consumer that the caller
needs certain information about the consumer's account (or needs to
transfer money to a special account) in order to ensure the bank can
comply with Year 2000 requirements.<SUP>4</SUP>
---------------------------------------------------------------------------
\4\ Federal Trade Commission, Y2K? Y2 Care: Protecting Your
Finances from Year 2000 Scam Artists (Consumer Alert, March 1999).
---------------------------------------------------------------------------
Other methods of identity theft may involve more sophisticated
techniques. In a practice known as ``skimming,'' identity thieves use
computers to read and store the information encoded on the magnetic
strip of an ATM or credit card when that card is inserted through
either a specialized card reader or a legitimate payment mechanism
(e.g., the card reader used to pay for gas at the pump in a gas
station). Once stored, that information can be re-encoded onto any
other card with a magnetic strip, instantly transforming a blank card
into a machine-readable ATM or credit card identical to that of the
victim. In addition, the increased availability of information on the
Internet can facilitate identity theft.<SUP>5</SUP>
---------------------------------------------------------------------------
\5\ See, e.g., Federal Trade Commission, Individual Reference
Services: A Report to Congress (December 1997) (examining computerized
databases or ``look-up services'' that disseminate personally
identifiable information on individuals, often through on-line access).
With the FTC's encouragement, members of the individual reference
services industry have adopted voluntary guidelines, effective December
31, 1998, limiting the availability of certain types of personal
information.
---------------------------------------------------------------------------
For individuals who are victims of identity theft, the costs can be
significant and long-lasting. Identity thieves can run up debts in the
tens of thousands of dollars under their victims' names. Even where the
individual consumer is not legally liable for these debts,<SUP>6</SUP>
the consequences to the consumer are often considerable. A consumer's
credit history is frequently scarred, and he or she typically must
spend numerous hours sometimes over the course of months or even years
contesting bills and straightening out credit reporting errors. In the
interim, the consumer victim may be denied loans, mortgages, and
employment; a bad credit report may even prevent him or her from
something as simple as opening up a new bank account at a time when
other accounts are tainted and a new account is essential. Moreover,
even after the initial fraudulent bills are resolved, new fraudulent
charges may continue to appear, requiring ongoing vigilance and effort
by the victimized consumer.
---------------------------------------------------------------------------
\6\ The Fair Credit Billing Act, 15 U.S.C. Sec. 1601 et seq. and
the Electronic Fund Transfer Act, 15 U.S.C. Sec. 1693 et seq. limit
consumers' liability for fraudulent transactions in connection with
credit and debit cards, respectively.
---------------------------------------------------------------------------
Although comprehensive statistics on the prevalence of identity
theft are not currently available, the available data suggest that the
incidence of identity theft has been increasing in recent years. The
General Accounting Office, for example, reports that consumer inquiries
to the Trans Union credit bureau's Fraud Victim Assistance Department
increased from 35,235 in 1992 to 522,922 in 1997, <SUP>7</SUP> and that
the Social Security Administration's Office of the Inspector General
conducted 1153 social security number misuse investigations in 1997
compared with 305 in 1996.<SUP>8</SUP>
---------------------------------------------------------------------------
\7\ Calls to this department included ``precautionary'' phone
calls, as well as calls from actual fraud or identity theft victims.
\8\ U.S. General Accounting Office, Identity Fraud: Information on
Prevalence, Cost, and Internet Impact is Limited (May 1998). The Social
Security Administration attributed the increase in investigations, in
part, to the hiring of additional investigators.
---------------------------------------------------------------------------
ii. the federal trade commission's authority
A. Overview
The FTC's mission is to promote the efficient functioning of the
marketplace by protecting consumers from unfair or deceptive acts or
practices and increasing consumer choice by promoting vigorous
competition. The Commission's primary legislative mandate is to enforce
the Federal Trade Commission Act (``FTC Act''), which prohibits unfair
methods of competition and unfair or deceptive acts or practices in or
affecting commerce.<SUP>9</SUP> With certain exceptions, the FTC Act
provides the Commission with broad civil law enforcement authority over
entities engaged in or whose business affects commerce, <SUP>10</SUP>
and provides the authority to gather information about such
entities.<SUP>11</SUP> The Commission also has responsibility under
approximately forty additional statutes governing specific industries
and practices.<SUP>12</SUP>
---------------------------------------------------------------------------
\9\ 15 U.S.C. Sec. 45(a).
\10\ Certain entities such as banks, savings and loan associations,
and common carriers as well as the business of insurance are wholly or
partially exempt from Commission jurisdiction. See Section 5(a)(2) of
the FTC Act, 15 U.S.C. Sec. 45(a)(2), and the McCarran-Ferguson Act, 15
U.S.C. Sec. 1012(b).
\11\ 15 U.S.C. Sec. 46(a).
\12\ In addition to the credit laws discussed in the text, the
Commission also enforces over 30 rules governing specific industries
and practices, e.g., the Used Car Rule, 16 C.F.R. Part 455, which
requires used car dealers to disclose warranty terms via a window
sticker; the Franchise Rule, 16 C.F.R. Part 436, which requires the
provision of information to prospective franchisees; and the
Telemarketing Sales Rule, 16 C.F.R. Part 310, which defines and
prohibits deceptive telemarketing practices and other abusive
telemarketing practices.
---------------------------------------------------------------------------
Among the Commission's statutory mandates of particular relevance
here are the Fair Credit Billing Act and Fair Credit Reporting Act,
which provide important protections for consumers who may be trying to
clear their credit records after having their identities stolen. The
Fair Credit Billing Act, which amended the Truth in Lending Act,
provides for the correction of billing errors on credit accounts and
limits consumer liability for unauthorized credit card
use.<SUP>13</SUP> The Fair Credit Reporting Act (``FCRA'') regulates
credit reporting agencies and places on them the responsibility for
correcting inaccurate information in credit reports.<SUP>14</SUP> In
addition, the FCRA limits the disclosure of consumer credit reports
only to entities with specified ``permissible purposes'' (such as
evaluating individuals for credit, insurance, employment or similar
purposes) and under specified conditions (such as certifications from
the user of the report).<SUP>15</SUP>
---------------------------------------------------------------------------
\13\ 15 U.S.C. Sec. Sec. 1601 et seq.
\14\ 15 U.S.C. Sec. Sec. 1681e, 1681i .
\15\ 15 U.S.C. Sec. 1681-1681u.
---------------------------------------------------------------------------
B. The FTC's Activities With Respect to the Financial Services Industry
and Financial Privacy
The Commission has extensive experience in addressing consumer
protection issues that arise in the financial services industry,
involving, for example, the use of credit cards, lending practices, and
debt collection.<SUP>16</SUP> The Commission also provides consultation
to Congress and to the federal banking agencies about consumer
protection issues involving financial services. The Commission
periodically provides comments to the Federal Reserve Board regarding
the Fair Credit Reporting Act, and the implementing regulations for the
Truth in Lending Act, the Consumer Leasing Act, the Electronic Funds
Transfer Act, and the Equal Credit Opportunity Act.<SUP>17</SUP>
---------------------------------------------------------------------------
\16\ For example, in 1992, Citicorp Credit Services, Inc., a
subsidiary of Citicorp, agreed to settle charges that it aided and
abetted a merchant engaged in unfair and deceptive activities. Citicorp
Credit Services, Inc., 116 F.T.C. 87 (1993). In 1993, the Shawmut
Mortgage Company, an affiliate of Shawmut Bank Connecticut, N.A., and
Shawmut Bank, agreed to pay almost one million dollars in consumer
redress to settle allegations that it had discriminated based on race
and national origin in mortgage lending. United States v. Shawmut
Mortgage Co., 3:93CV-2453AVC (D. Conn. Dec. 13, 1993). The Commission
brought the Shawmut case jointly with the United States Department of
Justice. In 1996, the J.C. Penney Company entered into a consent decree
and paid a civil penalty to resolve allegations that the company failed
to provide required notices of adverse actions to credit applicants.
United States v. J.C. Penney Co., CV964696 (E.D.N.Y. Oct. 8, 1996). In
1998, in conjunction with the law enforcement efforts of several state
attorneys general, the Commission finalized a settlement agreement with
Sears, Roebuck and Company that safeguards at least $100 million in
consumer redress based on allegations that the company engaged in
unfair and deceptive practices in its collection of credit card debts
after the filing of consumer bankruptcy. Sears, Roebuck and Co., C-
3786, 1998 FTC LEXIS 21 (Feb. 27, 1998). The Commission also worked
with state attorneys general in resolving allegations against other
companies that involved practices in the collection of credit card
debts after the debtors had filed for bankruptcy. Montgomery Ward
Corp., C-3839 (Dec. 11, 1998); May Department Stores Co., File No. 972-
3189, 1998 FTC LEXIS 117 (Nov. 2, 1998).
\17\ Commission staff participates in numerous task forces and
groups concerned with, for example, fair lending, leasing, subprime
lending, electronic commerce, and fraud on the Internet, all of which
have an impact on the financial services industry.
---------------------------------------------------------------------------
In addition, The FTC has taken an active role in addressing a range
of issues involving consumer privacy, including the privacy of personal
financial information. Thus, for example, the Commission has recently
reported to or testified before Congress and/or held public workshops
on online privacy, individual reference services, pretexting, financial
privacy, and the implications of electronic payment systems for
individual privacy.
C. The FTC's Role in Addressing Identity Theft
As an outgrowth of its broader concern about financial privacy, the
Commission has been involved in the issue of identity theft for some
time. In 1996, the Commission convened two public meetings in an effort
to learn more about identity theft, its growth consequences, and
possible responses. At an open forum held in August 1996, consumers who
had been victims of this type of fraud, representatives of local police
organizations and other federal law enforcement agencies, members of
the credit industry, and consumer and privacy advocates discussed the
impact of identity theft on industry and on consumer victims.
Subsequent press coverage helped to educate the public about the growth
of consumer identity theft and the problems it creates. In November
1996, industry and consumer representatives reconvened in working
groups to explore solutions and ways to bolster efforts to combat
identity theft.
Having thereby developed a substantial base of knowledge about
identity theft, the Commission testified before the Senate Judiciary
Committee in May 1998 in support of the Identity Theft and Assumption
Deterrence Act.
iii. the identity theft and assumption deterrence act of 1998
Last fall, Congress passed the Identity Theft and Assumption
Deterrence Act of 1998 (``Identity Theft Act'' or
``Act'').<SUP>18</SUP> The Act addresses identity theft in two
significant ways. First, the Act strengthens the criminal laws
governing identity theft. Specifically, the Act amends 18 U.S.C.
Sec. 1028 (``Fraud and related activity in connection with
identification documents'') to make it a federal crime to:
---------------------------------------------------------------------------
\18\ Pub. L. No. 105-318, 112 Stat. 3007 (1998).
---------------------------------------------------------------------------
knowingly transfer[] or use[], without lawful authority, a
means of identification of another person with the intent to
commit, or to aid or abet, any unlawful activity that
constitutes a violation of Federal law, or that constitutes a
felony under any applicable State or local law.<SUP>19</SUP>
---------------------------------------------------------------------------
\19\ 18 U.S.C. Sec. 1028(a)(7). The statute further defines ``means
of identification'' to include ``any name or number that may be used,
alone or in conjunction with any other information, to identify a
specific individual,'' including, among other things, name, address,
social security number, driver's license number, biometric data, access
devices (i.e., credit cards), electronic identification number or
routing code, and telecommunication identifying information.
---------------------------------------------------------------------------
Previously, 18 U.S.C. Sec. 1028 addressed only the fraudulent creation,
use, or transfer of identification documents, and not theft or criminal
use of the underlying personal information. Thus, the Act criminalizes
fraud in connection with unlawful theft and misuse of personal
identifying information itself, regardless of whether it appears or is
used in documents. Furthermore, one who violates this prohibition and
thereby obtains anything of value aggregating to $1000 or more during
any one-year period, is subject to a fine and imprisonment of up 15
years.<SUP>20</SUP> These criminal provisions of the Act are enforced
by the U.S. Department of Justice, working with investigatory agencies
including the U.S. Secret Service, the Federal Bureau of Investigation,
and the U.S. Postal Inspection Service.
---------------------------------------------------------------------------
\20\ If the $1000 threshold is not met, the maximum penalty is
three years imprisonment. The maximum penalty is increased to 20 years
imprisonment if the identity theft offense is committed to facilitate a
drug trafficking crime or in connection with a crime of violence, and
25 years if the offense is committed to facilitate an act of
international terrorism.
---------------------------------------------------------------------------
The second way in which the Act addresses the problem of identity
theft is by improving assistance to victims.<SUP>21</SUP> In
particular, the Act provides for a centralized complaint and consumer
education service for victims of identity theft, and gives the
responsibility of developing this service to the Federal Trade
Commission. The Act directs that the Commission establish procedures
to: (1) log the receipt of complaints by victims of identity theft; (2)
provide identity theft victims with informational materials; and (3)
refer complaints to appropriate entities, including the major national
consumer reporting agencies and law enforcement agencies.<SUP>22</SUP>
---------------------------------------------------------------------------
\21\ Because individual consumers' financial liability is often
limited, prior to the passage of the Act, financial institutions,
rather than individuals, tended to be viewed as the primary victims of
identity theft. Setting up an assistance process for consumer victims
is consistent with one of the Act's stated goals, to recognize the
individual victims of identity theft. See S. Rep. No. 105-274, at 4
(1998).
\22\ Pub. L. No. 105-318 Sec. 5, 112 Stat. 3010 (1998).
---------------------------------------------------------------------------
iv. current efforts: the ftc's consumer assistance program
In enacting the Identity Theft Act, Congress recognized that
coordinated efforts in this area are essential to best serve identity
theft victims. Accordingly, the FTC's role under the Act is primarily
one of managing information sharing among public and private entities
in support of criminal law enforcement efforts, <SUP>23</SUP> and
aiding victims by serving as a central, Federal source of information.
In order to fulfill the purposes of the Act, the Commission has
developed and begun implementing a plan that centers on three principal
components <SUP>24</SUP>:
---------------------------------------------------------------------------
\23\ Most identity theft cases are best addressed through criminal
prosecution. The FTC itself has no direct criminal law enforcement
authority. Under its civil law enforcement authority provided by
section 5 of the FTC Act, the Commission may, in appropriate cases,
bring actions to stop practices that involve or facilitate identity
theft. The practices the Commission expects to focus its law
enforcement resources on are those where the effect is widespread and
where civil remedies are likely to be effective. See, e.g., FTC v. J.K.
Publications, Inc., et al, Docket No. CV 99-00044 ABC (AJWx) (C.D.
Cal., filed January 5, 1999) (Alleging that defendants obtained
consumers' credit card numbers without their knowledge and billed
consumers' accounts for unordered or fictitious Internet services).
\24\ In the Identity Theft Act, Congress authorized the
appropriation of such sums as may be necessary to carry out the FTC's
obligations under the Act. Pub. L. No. 105-318 Sec. 5(b), 112 Stat. 310
(1998). These plans are, of course, contingent on the actual
appropriation of such funds. Should the volume of calls received from
consumers approach the levels reported by Trans Union to the General
Accounting Office, the appropriation required to respond to these calls
may be substantial.
---------------------------------------------------------------------------
(1) Toll-free telephone line. The Commission plans to establish a
toll-free telephone number that consumers can call to report identity
theft and to receive information and referrals to help them to resolve
the problems that may have resulted. The identity theft toll-free
number will build on the success of the Commission's two-year-old
Consumer Response Center, a general purpose hotline for consumer
information and complaints.
(2) Identity theft complaint database. The Commission is developing
a database to track the identity theft complaints received by the FTC
and other public and private entities. This database will allow the
Commission to monitor better the extent and nature of identity theft.
Moreover, the Commission expects that the database will enable the many
agencies involved in combating identity theft to share and manage data
so as to more effectively track down identity thieves and assist
consumers.<SUP>25</SUP> For example, criminal law enforcement agencies
could take advantage of a central repository of complaints to spot
patterns that might not otherwise be apparent from isolated reports. In
addition, a consumer with a concern that his or her social security
number has been misused would not--and should not--need to call all the
many federal agencies that could possibly be involved to ensure that
the complaint was directed to the appropriate people. Under the planned
system, the consumer could make a single phone call to one central
number (the FTC's or that of any other agency sharing data with the
Commission), to report the offense, have it referred to the appropriate
agency, and receive additional information and assistance.
---------------------------------------------------------------------------
\25\ The Commission has successfully undertaken a similar effort
with respect to telemarketing fraud. The FTC's Consumer Sentinel
network is a bi-national database of telemarketing, direct mail, and
Internet complaints used by law enforcement officials throughout the
U.S. and Canada.
---------------------------------------------------------------------------
(3) Consumer Education Materials. A number of public and private
organizations have published or begun developing materials that provide
information on particular aspects of identity theft. The FTC is
coordinating with others, both within and outside the government, to
develop unified, comprehensive consumer education materials for victims
of identity theft, and those concerned with preventing identity theft,
and to make this information widely available.
Commission staff has been working hard to implement these plans.
Phone counselors in our Consumer Response Center have been trained to
handle identity theft complaints, and our general complaint database
has been modified so as to permit entry of at least basic information
about the identity theft complaints we already receive. In addition, we
have recently issued a Consumer Alert that provides an overview of the
steps consumers should take if they become victims of identity theft.
We are also working with other government agencies to launch a web page
in the near future devoted to identity theft information. The web page,
which will include links to information from a number of government
agencies, will be located on www.consumer.gov, the federal government's
central site for consumer information.<SUP>26</SUP>
---------------------------------------------------------------------------
\26\ Www.consumer.gov is a multi-agency effort, with technical
maintenance provided by the FTC. It contains a wide array of consumer
information and currently has links to information from 61 federal
agencies.
---------------------------------------------------------------------------
The Commission, in fact, has been working closely with other
agencies in a number of ways in our effort to help consumers. For
example, FTC staff has been working with the identity theft
subcommittee of the Attorney General's Council on White Collar Crime to
provide interim guidance to law enforcement field offices on how best
to assist identity theft victims, and with the Social Security
Administration's Inspector General to coordinate the handling of social
security number misuse complaints. Most recently, Commission staff
hosted a meeting on April 20, 1999, with representatives of
approximately a dozen federal agencies as well as the National
Association of Attorneys General. The meeting brought together
individuals involved in diverse aspects of identity theft to discuss
the implementation of the consumer assistance provisions of the
Identity Theft Act. In particular, Commission staff sought input from
others in the design of the identity theft complaint database, to
ensure that the FTC captures the information most useful to other
agencies in both assisting consumers and catching identity thieves. In
addition, this meeting was the first step in the FTC's efforts to
develop a single set of consumer education materials. The Commission
expects that a number of agencies will be working jointly with the
Commission on this project to ensure that consumers have the best
information possible on preventing and recovering from identity theft.
v. pretexting
Related to identity theft is a practice known in the information
broker industry as ``pretexting.'' Pretexting involves obtaining
confidential consumer information under false pretenses, e.g., by lying
and pretending to be the consumer. This tactic appears to be gaining
popularity in response to the booming market for comprehensive personal
information relating to consumers. Today, many information brokers tout
their ability to obtain sensitive financial information--including
current bank or brokerage account numbers and balances, which are not
publicly available--without the subject ever knowing.<SUP>27</SUP>
Pretexting is the method they use to obtain this information.
---------------------------------------------------------------------------
\27\ Id. At last summer's hearings before the House Banking and
Financial Services Committee, former and current information brokers
described the recent explosion in the number--from a handful to
hundreds--of information brokers offering confidential financial
information, and noted that there are currently hundreds of Web pages
available on the Internet advertising the ability of information
brokers to obtain such information. See Obtaining Confidential
Financial Information by Pretexting: Hearings Before the House Comm. on
Banking and Financial Services, 105th Cong. (1998) (statements of Al
Schweitzer, Robert Douglas).
---------------------------------------------------------------------------
Pretexting may harm consumers in two related ways. First, there may
be a significant invasion of the consumer's privacy resulting from the
disclosure of private financial information through pretexting. Second,
pretexting also may increase the risk of identity theft, resulting in
serious economic harm. For example, using account balances and numbers
obtained from a pretexter, an identity thief could deplete a bank
account or liquidate a stock portfolio. The Commission just voted to
file a complaint in federal district court against alleged pretexters.
I will be prepared to discuss it at the hearing and the Commission will
provide the Committee with a copy of its complaint and the concurring
and dissenting statements of the Commissioners as soon as possible.
vi. conclusion
Financial identity theft clearly continues to present a significant
threat to consumers. The FTC looks forward to working with the
Committee to find ways to prevent this crime and to assist its victims.
Mr. Oxley. Thank you, Ms. Bernstein.
Mr. Albright.
STATEMENT OF CHARLES A. ALBRIGHT
Mr. Albright. Chairman Oxley, Chairman Tauzin, members of
the committee, thank you for this opportunity to testify on
behalf of the issue of identity theft.
My name is Charles Albright, and I am Chief Credit Officer
of Household International. Household is a leading provider of
consumer financial services and credit card products in the
United States, Canada and the United Kingdom. I am here to
offer a twofold perspective on this critical issue. First, from
my personal experience as a victim of identity theft; and,
second, from my professional experience at Household
International in this area.
As you all know, identity theft occurs when a perpetrator
gains access to another person's information and uses this
information to commit financial fraud. Unfortunately, it is
extremely easy to get access to some of this information in the
marketplace today. This can be done by stealing someone's mail,
going through their trash or even perpetration of employees at
credit operation throughout the country. As an aside, it is not
at all uncommon for a family member to commit identity theft
upon another family member. In our experience at Household, we
find that 50 percent of all incidences of identity theft are
committed by another family member.
Armed with this information, the perpetrator will then open
new accounts in the victim's name and access the victim's
existing accounts. After running up significant debts, the
perpetrator will likely fail to pay the charges, and ultimately
the delinquency or bad debts will be reported on victim's
credit report.
This is essentially what happened to me several years ago
when, unbeknownst to me, someone obtained my personal
information, including my Social Security number, and then
proceeded to open several credit card and retail credit
accounts in my name. The perpetrator had my address changed to
a location in Philadelphia. For these accounts I received no
statements or other information about the accounts. After
opening these fraudulent accounts, the perpetrator proceeded to
incur debts in tens of thousands of dollars. Believe me, I am
very sympathetic with Mr. Anderson's comments today.
I would like to say, even though I have been in the
consumer credit business for over 30 years, I intentionally
worked through the entire process of trying to correct my
personal situation myself; and I did not let anyone know in the
credit reporting industry or even in the companies where I knew
the senior executives that were carrying the balances on my
accounts that this had happened. So I approached this strictly
as a consumer, someone who reads USA Today and someone who
hears about these stories.
I was unaware of any of this activity until 1 day when my
wife received a telephone call at home from a collection agency
after the debts had been delinquent for 60 days. It was at this
time that I realized the scope of problem and began the lengthy
and painstaking process of repairing my credit record. I spent
countless hours dealing with credit grantors and credit bureaus
sorting out this problem. I would like to state that in my case
there was particular difficulty due to lack of response from
two specific credit grantors.
While I was ultimately able to successfully resolve the
situation after 18 months, I am nonetheless keenly aware of the
problems related to identity theft and the difficulty in
combating them. I believe it is fair to state that, since my
experience, both the credit bureaus and creditors have become
more sensitized and effective in dealing with this problem.
Household takes the issue of identity theft very seriously.
We understand that dealing with the issue requires us to
delicately balance the needs of our customers' expectations for
expeditious credit decisions and efficiencies in granting
credit, while taking prudent steps to adequately deal with the
issues of fraud and identity theft as well as credit quality.
Toward that end, Household has a team of over 200 dedicated
professionals throughout the company who deal exclusively with
the issues of consumer fraud. All employees undergo a thorough
background check, including fingerprinting and criminal record
investigations, to ensure that internal fraud is not
perpetrated; and, unfortunately, this is not always the case.
Sometimes, this does happen.
In addition, Household offers extensive employee training
in this area, with an emphasis on customer service and
counseling for those Household customers who have been
victimized for true-name fraud.
In 1998, Household had more than 18,000 incidences of true-
name fraud, with claims in excess of $35 million. The average
size of an identity fraud case is approximately $1,600 to
$2,000, depending on the business unit involved. It is
important to note that the losses incurred are borne by the
credit granting community, and in our case these losses go
largely uncollected. In 30 percent of the cases, the customers
either do not follow through on their claims of identity fraud
or are found to have filed false claims.
When Household is contacted by a consumer who believes that
they have been a victim of true-name fraud, we go through a
series of steps to inform consumers of their rights and to
assist in their efforts to rectify the situation. Household
operates under the assumption that our customers have the
benefit of the doubt in cases of identity theft and other types
of fraud.
Once we have determined that there is a credible claim, we
immediately put the customer's account in dispute, which means
that the customer will not receive any calls from our
collection department or that the account will be reported to
the various credit bureaus as in dispute. This suppresses all
balance and status information of the account to protect the
consumer. From that point, we work with the consumer to
complete the necessary affidavits and gather other
documentation to assist in our efforts to process the claim.
Household dedicates a tremendous amount of resources to
prevent such fraud from occurring throughout the entire credit
granting process. We utilize sophisticated fraud modeling as
well as a series of other steps to root out fraud and identity
theft from the system. While credit grantors will never fully
be able to stop instances of identity theft from occurring, we
are making great progress in deterring such fraud through
state-of-the-art technology and other prevention programs.
One problem we see in the credit granting community is that
identity theft crimes are rarely prosecuted. Household also
advocates that greater criminal penalties be placed on those
who perpetrate such crimes, and we applaud those States that
have recently acted in this area. Household also applauds
Congress for enacting the Identity Theft and Assumption
Deterrence Act of 1998, as it goes to the heart of the problem
in dealing with combating identity theft.
Other problems in addressing this problem are that a number
of different enforcement authorities have some jurisdictional
problem and that identity fraud can surface in an array of
financial crimes. Household concurs with the findings of the
General Accounting Office in its report of May, 1998, detailing
the jurisdictional challenges facing law enforcement entities
as well as the limited statistics that exist in identifying the
scope of this issue.
In closing, Household is committed to addressing this
critical issue and has dedicated significant resources to
combat this problem. I, for one, realize the devastating effect
identity theft can have on an individual, having personally
experienced it. Working together with Congress, I am confident
we can shed light on this difficult problem and implement
strategies to deter criminals from perpetrating fraud on honest
individuals.
Thank you for the opportunity to testify today. I will be
happy to answer any questions you may have.
[The prepared statement of Charles A. Albright follows:]
Prepared Statement of Charles A. Albright, Chief Credit Officer,
Household International, Inc.
Chairman Oxley, Chairman Tauzin, members of the Subcommittees on
Telecommunications, Trade & Consumer Protection, and Finance &
Hazardous Materials, thank you for the opportunity to testify on the
issue of identity theft. My name is Charles A. Albright and I am the
Chief Credit Officer for Household International, Inc.<SUP>1</SUP>
Household is a leading provider of consumer financial services and
credit card products in the United States, Canada and the United
Kingdom. I am here to offer a two-fold perspective on this critical
issue, first from my personal experience as a victim of identity theft
and the second from my professional experience at Household
International, Inc. in this area.
---------------------------------------------------------------------------
\1\ Household International, Inc., headquartered in Illinois with
major facilities in California, Nevada, New Jersey, Delaware, Florida,
and Virginia, is a leading provider of consumer financial services and
credit card products in the United States, Canada and the United
Kingdom. Household has total assets in excess of $63 billion, employs
over 25,000 people and provides financial services to more than 40
million customers. Household Finance Corporation (HFC), which recently
completed its acquisition of Beneficial Corporation, is one of the
oldest providers of consumer financial services in the United States,
having been founded in 1878. Household's consumer finance business
operates under the HFC and Beneficial brands, two of the oldest and
best-known names in the consumer finance industry. HFC and Beneficial
have over 1400 retail offices in 46 states as well as Canada and the
United Kingdom. Household Credit Services and Household Retail Services
are two of the nation's largest issuers of general purpose and private-
label credit cards, including the GM Card and the AFL-CIO's Union
Privilege card.
---------------------------------------------------------------------------
As you all know, identity theft occurs when a perpetrator gains
access to another person's information and uses this information to
commit financial fraud. I would note that it is extremely easy for
someone who seeks to commit fraud to obtain a person's private
financial information. This can be done by stealing someone's mail, or
going through their trash to find such information. As an aside, it is
not at all uncommon for a family member to commit identity theft upon
another family member, and in Household's experience, we find that 50%
of all incidences of identify theft are committed by another family
member.
Armed with this information, the perpetrator will then open up new
accounts in the victim's name or access the victim's existing accounts.
After running up significant debts, the perpetrator will likely fail to
pay the charges, and ultimately the delinquency or bad debts will be
reported on the victim's credit report. This is essentially what
happened to me several years ago when, unbeknownst to me, someone
fraudulently obtained my personal information, including my social
security number, and then proceeded to open several credit card and
retail credit accounts in my name. The perpetrator had my address
changed to a location in Philadelphia, PA for these accounts so I
received no statements or other information about the accounts. After
opening these fraudulent accounts, the perpetrator proceeded to incur
debts in the tens of thousands of dollars.
I was unaware of any of this activity until one day my wife
received a telephone call at home from a collection agency after the
debts had been delinquent for sixty days. It was at this time that I
realized the scope of the problem and began the lengthy and painstaking
process of repairing my credit record. I spent countless hours dealing
with credit grantors and credit bureau agencies sorting out this
problem. I would like to state that in my case there was particular
difficulty due to the lack of response from two specific credit
grantors. While I ultimately was able to successfully resolve this
situation after many months, I am nonetheless keenly aware of the
problems related with identity theft and the difficulty in combating
them. I believe it is fair to state that since my experience, both the
credit bureaus and creditors have become more sensitized and effective
in dealing with this problem.
Household takes the issue of identity theft very seriously. We
understand that dealing with the issue requires us to delicately
balance the needs of our consumers' expectation for expeditious
decisions and efficiencies in granting credit, while taking prudent
steps to adequately deal with the issues of fraud and identity theft as
well as credit quality. Toward that end, Household has a team of over
200 dedicated professionals throughout the company who deal exclusively
with issues of fraud. All employees undergo thorough background checks
to ensure that internal fraud is not perpetrated. In addition,
Household offers extensive employee training in this area, with an
emphasis on customer service and counseling for those Household
customers who have been victimized by true-name fraud.
In 1998, Household had more than 18,000 incidences of true-name
fraud with claims in excess of $35 million. The average size of an
identity fraud case is approximately $2000 for our consumer finance and
retail services businesses and $1600 for our bank card business. It is
important to note that the losses incurred are borne by the credit
granting community, and in our case these losses go largely
uncollected. In 30% of cases, customers either do not follow through on
their claims of identity fraud or are found to have filed false claims.
When Household is contacted by a consumer who believes that they
have been a victim of true-name fraud, we go through a series of steps
designed to inform consumers of their rights and to assist in their
efforts to rectify the situation. Household operates under the
assumption that our customers have the benefit of doubt in cases of
identity theft and other types of fraud. Once we have determined that
there is a credible claim, we immediately put the customer's account in
dispute, which means that the customer will not receive any calls from
our collection department and that the account will be reported to the
various credit bureaus as in dispute. This suppresses balance and
status information of the account to protect the consumer. From that
point, we work with the consumer to complete the necessary affidavits
and gather other documentation to assist in our efforts to process the
claim.
Household dedicates a tremendous amount of resources to prevent
such fraud from occurring throughout the entire credit granting
process. We utilize sophisticated fraud modeling, as well as a series
of other steps to root out fraud and identity theft from the system.
While credit grantors will never fully be able to stop instances of
identity theft from occurring, we are making great progress in
deterring such fraud through state of the art technology and other
prevention programs. One problem we see in the credit granting
community is that identity theft crimes are rarely prosecuted.
Household also advocates that greater criminal penalties be placed on
those who perpetrate such crimes, and we applaud those states who have
recently acted in this area. Household also applauds Congress for
enacting the ``Identity Theft and Assumption Deterrence Act of 1998,''
as it goes to the heart of the problems in dealing with, and combating
identity theft. Other difficulties in addressing this problem are that
a number of different enforcement authorities have some jurisdiction
over the problem and that identity fraud can surface in an array of
financial crimes. Household concurs with the findings of the General
Accounting Office in its report of May, 1998 detailing the
jurisdictional challenges facing law enforcement entities as well the
limited statistics that exist in identifying the scope of this
issue.<SUP>2</SUP>
---------------------------------------------------------------------------
\2\ ``Identity Fraud: Information on Prevalence, Cost, and Internet
Impact is Limited,'' United States General Accounting Office, May,
1998.
---------------------------------------------------------------------------
In closing, Household is committed to addressing this critical
issue and has dedicated significant resources to combat this problem.
I, for one, realize the devastating effect identity theft can have on
an individual, having personally experienced such an ordeal. Working
together with the Congress, I am confident we can shed light on this
difficult problem and implement strategies to deter criminals from
perpetrating fraud on honest individuals. Thank you for the opportunity
to testify today. I would be happy to answer any questions you may
have.
Mr. Oxley. Thank you.
Mr. Connelly.
STATEMENT OF D. BARRY CONNELLY
Mr. Connelly. My name is Barry Connelly, and I am the
President of Associated Credit Bureaus. ACB is the
international trade association representing over 600 consumer
credit and mortgage reporting companies operating here in the
United States and internationally.
We commend you for choosing to hold this oversight hearing
on the crime of identity theft. Identity theft is an equal
opportunity crime that affects everyone represented at this
witness table. It is a particularly invasive form of fraud
where consumers, consumer reporting agencies and creditors must
untangle the snarl of fraudulent accounts and information
resulting from a criminal's actions. This task is often
frustrating and time-consuming for all concerned.
I would like to join the others in acknowledging
Congressman Shadegg's assistance and leadership in passing the
Identity Theft and Assumption Deterrence Act. We think that the
crime bill is a clear victory for all U.S. citizens.
Mr. Chairman, it is appropriate for me to depart from my
prepared text and express to Mr. Anderson, on behalf of our
association, my sincere regret for the difficulty that you have
experienced. Naturally, I hope that it is the exception rather
than the rule, and I don't have all of the facts from the
companies you dealt with, but I would promise you, sir, I will
do whatever I can to assist you in clarifying your situation,
and I am sorry that it happened.
Mr. Chairman, consumer reporting agencies maintain
information on individual consumer payment patterns associated
with various types of credit obligations. The data compiled by
these agencies is used by creditors and other as permitted
under the strict rules of Fair Credit Reporting Act.
Consumer credit histories are derived from the voluntary
provision of information about consumer payments on various
types of credit accounts or other debts from thousands of data
furnishers such as credit grantors, student loan accounts,
child support enforcement agencies; and, in some cases, public
record items do appear such as bankruptcy judgments and liens.
For purposes of data accuracy and proper identification,
generally our members maintain information such as full name,
current and previous addresses, Social Security number, and
places of employment. This data is put into the system on a
regular basis to ensure the completeness and accuracy of the
data.
As important as knowing what we have in our files, it is
also important to know what types of information our members do
not maintain in their files. Our members do not know what
consumers have purchased, and they do not know where they used
a particular bank account card. They also don't have a record
of when consumers have been declined credit or another benefit
on the use of a consumer report. Medical treatment data is not
a part of the consumer credit file.
Enacted in 1970, the Fair Credit Reporting Act was
significantly amended in the 104th Congress with the passage of
the Credit Reporting Reform Act. The Fair Credit Reporting Act
serves as an example of successfully balancing the rights of
the individual with the economic benefits of maintaining a
competitive consumer reporting system so necessary to a market-
oriented economy.
The Fair Credit Reporting Act protects the consumer by
narrowly limiting the appropriate uses of a consumer report.
Some of the more common uses of a consumer's file are in the
issuance of credit, subsequent account review and collection
processess. Reports are also permitted to be used by child
support enforcement agencies when establishing levels of
support.
A question that we hear with some frequency relates to how
data found in a consumer's credit report may be used other than
for credit reporting. Let me first point out that any data
defined as a consumer report under the FCRA may not be used for
any purpose other than for those outlined in section 604.
It is a fact that some of our members do use consumer
identification information to develop other high-value
information-based products. Some of our members also develop
direct marketing lists in order to stay competitive in the
information marketplace. Again, note that the data used for
direct marketing purposes is not the credit history information
defined as a consumer report under the FCRA.
Identity theft is a crime that affects everyone. Our
industry has a history of bringing forward initiatives to
address fraud, and these efforts focus on use of new
technologies and better procedures and education to reduce
fraud. My written testimony lists a number of these
initiatives, and I urge you to review them.
But in January, 1998, the ACB Board of Directors created a
task force to insure our industry's focus on the issues of
identity theft. The task force consists of the senior-most
executives in our largest members.
The task force has progressed with a number of initiatives.
Let me tell you that ACB has retained former Vermont Attorney
General Jerry Diamond, who has an aggressive consumer
protection record and who is former president of the National
Association of Attorneys General. We hired him to act as an
independent adviser to our industry on the specific issue of
identity theft. Mr. Diamond's work helps our task force
consider a broad range of concerns and ideas from external
constituencies.
His work has included personal visits to each of the
company fraud units. It has included interviews of the Secret
Service, the Attorneys General and the FTC. He has talked with
consumer advocates, he has interviewed victims of credit fraud
crime, and he is opening up channels of communication with the
National Association of Attorneys General.
In addition, the association created an Operations Working
Group consisting of industry experts in fraud to explore the
best practices and exchange ideas. We also formed a policy
working group. This working groups seeks to keep the task force
members informed on the types of issues and questions being
raised by legislators and law enforcement.
The result of our work will be a series of initiatives and
best practices which will focus on assisting victims to ensure
that the consumer has a consistent experience in working with
ACB members. It will attempt to be limiting the possible
recurrence of identity theft, and it will develop and sponsor
more consistent consumer information for victims and for crime
prevention.
ACB and the FTC are currently exploring ways, as Mrs.
Bernstein said, in which we can work cooperatively and
effectively to implement the Identity Theft and Assumption
Deterrence Act, but there are a few cautionary thoughts that I
would like to leave with you.
It is difficult for laws to prescribe procedures and
practices that prevent crime. Crime is a moving target, and,
thus, our fraud prevention strategies must be as agile as the
tactics of the criminals.
Information is a key economic growth factor in this
country. Laws that limit information are most likely to merely
take fraud prevention tools out of the hands of legitimate
industry. Ironically, to prevent fraud, we must be able to
cross-check information. Absent this authentication of
identifying information, we will be less able to prevent the
very crime we are discussing here today.
Thank you for the opportunity to appear and answer
questions.
[The prepared statement of D. Barry Connelly follows:]
Prepared Statement of D. Barry Connelly, President, Associated Credit
Bureaus, Inc.
Mr. Chairmen and members of the Subcommittees, my name is Barry
Connelly and I am president of Associated Credit Bureaus, headquartered
here in Washington, D.C. ACB, as we are commonly known, is the
international trade association representing over 600 consumer credit
and mortgage reporting companies operating here in the United States
and around the world. Over 400 of our members are also in the
collection service business.
We want to commend you for choosing to hold this oversight hearing
on the crime of identity theft. Identity theft is an equal-opportunity
crime that affects everyone represented at this witness table. It is a
particularly invasive form of fraud where consumers, consumer reporting
agencies and creditors must untangle the snarl of fraudulent accounts
and information resulting from a criminal's actions. This task is often
frustrating and time-consuming for all concerned.
Let me pause here to acknowledge that the leadership of one of your
own committee members, Congressman John Shadegg, has helped us take an
important step forward with regard to identity theft. His efforts
resulted in the successful passage of the Identity Theft and Assumption
Deterrence Act of 1998. This crime bill was a clear victory for every
U.S. citizen, and our industry appreciates his attention to this
important issue.
Before I discuss our concerns and industry efforts regarding
identity theft, I have always found it helpful to first provide a short
review of what a consumer reporting agency is, what is contained in a
consumer report, and the law that governs our industry.
consumer reporting agencies and consumer reports
Consumer reporting agencies maintain information on individual
consumer payment patterns associated with various types of credit
obligations.\1\ The data compiled by these agencies is used by
creditors and others permitted under the strict prescription of the
Fair Credit Reporting Act (15 U.S.C. 1681 et seq.) to review the
consumer's file.
---------------------------------------------------------------------------
\1\ Our members estimate that there are approximately 180 million
credit active consumers. Since our members operate in competition with
each other, these consumers are likely to have more than one credit
history maintained.
---------------------------------------------------------------------------
Consumer credit histories are derived from, among other sources,
the voluntary provision of information about consumer payments on
various types of credit accounts or other debts from thousands of data
furnishers such as credit grantors, student loan guarantee and child
support enforcement agencies. A consumer's file may also include public
record items such as a bankruptcy filing, judgment or lien.
For purposes of data accuracy and proper identification, generally
our members maintain information such as a consumer's full name,
current and previous addresses, Social Security Number (when
voluntarily provided by consumers) and places of employment. This data
is loaded into the system on a regular basis to ensure the completeness
and accuracy of data.\2\
---------------------------------------------------------------------------
\2\ Note that there are in fact a number of major credit reporting
systems in this country. Within ACB's membership the three most often
recognized systems would be Equifax, Atlanta, GA; Experian, Orange, CA;
and Trans Union, Chicago, IL. These systems not only manage their own
data, but provide data processing services for the over 400 local
independently-owned automated credit bureaus in the Association's
membership.
---------------------------------------------------------------------------
It is interesting to note that the vast majority of data in our
members' systems simply confirms what most of you would expect; that
consumers pay their bills on time and are responsible, good credit
risks. This contrasts with the majority of systems maintained in other
countries, such as Japan or Italy, which store only negative data and
do not give consumers recognition for the responsible management of
their finances.
As important as knowing what we have in our files is also knowing
what types of information our members do not maintain in files used to
produce consumer reports. Our members do not know what consumers have
purchased using credit (e.g., a refrigerator, clothing, etc.) or where
they used a particular bank card (e.g., which stores a consumer
frequents). They also don't have a record of when consumers have been
declined for credit or another benefit based on the use of a consumer
report. Medical treatment data isn't a part of the databases and no
bank account information is available in a consumer report.
the fair credit reporting act (fcra)
In addition to our general discussion of the industry, we believe
it is important for your Subcommittees to have a baseline understanding
of the law which regulates our industry. Enacted in 1970, the Fair
Credit Reporting Act was significantly amended in the 104th Congress
with the passage of the Credit Reporting Reform Act.\3\
---------------------------------------------------------------------------
\3\ Public Law 104-208, Subtitle D, Chapter 1.
---------------------------------------------------------------------------
Congress, our Association's members, creditors and consumer groups
spent over six years working through the modernization of what was the
first privacy law enacted in this country (1970). This amendatory
process resulted in a complete, current and forwarding-looking statute.
The FCRA serves as an example of successfully balancing the rights of
the individual with the economic benefits of maintaining a competitive
consumer reporting system so necessary to a market-oriented economy.
The FCRA is an effective privacy statute, which protects the
consumer by narrowly limiting the appropriate uses of a consumer report
(often we call this a credit report) under Section 604 (15 U.S.C.
1681b), entitled ``Permissible Purposes of Reports.''
Some of the more common uses of a consumer's file are in the
issuance of credit, subsequent account review and collection processes.
Reports are also, for example, permitted to be used by child support
enforcement agencies when establishing levels of support. A complete
list of permissible purposes can be found under Appendix A of this
testimony.
A question that we hear with some frequency relates to how data
found in a consumer's credit report may be used other than for credit
reporting. Let me first point out that any data defined as a ``consumer
report'' under the FCRA may not be used for any purpose other than for
those outlined under Section 604.
However it is a fact that some of our members do use consumer
identification information to develop high-value information-based
products such as fraud prevention and authentication products; risk
management systems; and locator services, just to name a few. Some of
our members also develop direct marketing lists in order to stay
competitive in the information marketplace. Note that the data used for
direct marketing purposes is not the credit history information defined
as a ``consumer report'' under the FCRA.
Beyond protecting the privacy of the information contained in
consumer reports, the FCRA also provides consumers with certain rights
such as the right of access; the right to dispute any inaccurate
information and have it corrected or removed; and the right to
prosecute any person who accesses their information for an
impermissible purpose. The law also includes a shared liability for
data accuracy between consumer reporting agencies and furnishers of
information to the system. Attached, as Appendix B is a text version of
ACB's Brochure, ``Credit Reports, Consumer Reporting Agencies and the
Fair Credit Reporting Act--The Everything-You-Need-To-Know Guide to
Consumer Rights in Consumer Credit Reporting''.
identity theft
Let me now turn to the issue at hand--identity theft. As I said at
the beginning, it is a crime that affects everyone. Our industry has a
history of bringing forward initiatives to address fraud. These efforts
focus on use of new technologies, and better procedures and education
to reduce fraud.
Consider the following initiatives undertaken during this decade:
<bullet> ACB formed a Fraud and Security Task Force in 1993
<bullet> A ``membership alert form'' was developed to be used in
notifying other ACB members of a customer, which was committing
fraud through the misuse of data. Implemented in 1994.
<bullet> A ``Universal Fraud Information Form'' was developed for use
by creditors when communicating the incidence of fraud to
national consumer reporting systems.
<bullet> A generic credit reporting industry presentation on ACB fraud
and security initiatives was developed and presented to
customer segments during 1995.
<bullet> Minimum standards for data access equipment and software were
announced to industry suppliers in March 1995.
<bullet> ACB members implement company-specific limitations on the
availability of account numbers, and truncation of Social
Security Numbers on consumer reports sold to certain customer
segments.
<bullet> Experian, Equifax and Trans Union voluntarily formed special
fraud units with 800 number service and consumer relations
personnel specially trained to work with fraud victims.
<bullet> A hardware and software certification program is created by
the industry and administered by a third-party certification
authority for those access products, which have implemented
minimum industry security standards.
<bullet> Over 150,000 copies of a new customer educational brochure
entitled ``We Need Everyone's Help to Protect Consumer Privacy
and Reduce Fraud'' have been distributed since its first
printing in the last Q.1997.
<bullet> An education program was also developed for use by ACB members
in presenting the information found in the brochure. 2nd Q.
1998.
acb true name fraud task force
In January of 1998, the ACB Board of Directors created a Task Force
to ensure our industry's focus on the issues of identity theft. Its
mission is to explore how our industry can continue to assist consumers
and customers, which have been victimized by the crime of identity
theft. The Task Force consists of the senior-most executives in our
largest members.
Since its formation, the Task Force has progressed with a number of
initiatives including:
(A) ACB has retained former Vermont Attorney General Jerry Diamond
who has an aggressive consumer protection record, and who is a former
president of the National Association of Attorneys General, to act as
an independent advisor to our industry on the specific issue of
identity theft. Diamond's work helps our Task Force consider a broad
range of concerns and ideas from various external constituencies.
Diamond's work has included:
1. Visits to the fraud units of the three national consumer reporting
systems. These visits were opportunities for exploration of
ideas and to learn from frontline operators, what consumers
need and what challenges they face in assisting consumers.
2. Interviews with the Secret Service, Attorneys General, and the
Federal Trade Commission.
3. Interviews with consumer advocates.
4. Interviews with victims of the crime.
5. Opening up channels of communication with the National Association
of Attorneys General.
B. The Association created an Operations Working Group--the working
group consists of industry experts in fraud to explore best practices,
exchange ideas and ultimately to recommend a series of voluntary
initiatives for our membership.
C. We also formed a Policy Working Group--this working group seeks
to keep the Task Force members informed on the types of issues and
questions being raised by legislators, regulators and law enforcement.
The results of our work will be a series of initiatives and best
practices, which will focus on:
<bullet> Adopting best practices for assisting victims to ensure that
the consumer has a consistent experience in working with ACB
members.
<bullet> Adopting best practices for limiting the possible recurrence
of identity fraud.
<bullet> Developing and sponsoring better and more consistent consumer
information for victims and for crime prevention.
conclusion
You can see on a number of fronts there is progress, and admittedly
more to do.
We have better law, both in the states and at the federal level,
which targets the crime and vigorous enforcement will be a key to
effective deterrence. ACB and the FTC are currently exploring ways in
which we can work cooperatively and effectively on fraud victim
assistance. This dialogue is, in part, a positive result of the
Identity Theft and Assumption Deterrence Act of 1998.
We have a very substantive industry-sponsored process going forward
to develop initiatives that will be brought to completion later this
year.
But there are a few cautionary thoughts that I would like to leave
with each of you. It is difficult for laws to prescribe procedures and
practices that prevent crime. Crime is a moving target and thus, our
fraud prevention strategies must be as agile as the tactics of the
criminals.
Information is a key economic growth factor in this country. Laws
that limit information are most likely to merely take fraud prevention
tools out of the hands of legitimate industry. Ironically, to prevent
fraud you must be able to crosscheck information. Absent this
authentication of identifying information, we will be less able to
prevent the very crime we are discussing here today.
Thank you for this opportunity to testify.
Mr. Tauzin. Thank you very much.
Mr. Oxley has gone to make the vote, and he will be
returning to continue the hearing, and then I will leave to
vote. Let me recognize myself for 5 minutes.
First of all, Mr. Anderson, I am a little confused. Did the
Social Security Administration itself make an error in giving
this man a Social Security card with your number on it or did
he somehow participate in a fraud to get your number from the
Social Security office?
Mr. Anderson. Well, because of the silence from Social
Security, I have to go by the documentation that I have.
Mr. Tauzin. Which is what?
Mr. Anderson. I have a letter which lists the offices, the
person's name and their last given address in Cucamonga,
California, as going into the offices in Glendora, Pomona, et
cetera, California, and getting my number on five occasions.
Mr. Tauzin. So the person, the perpetrator, went into the
Social Security offices and got your number, but how did he get
a card with your number on it?
Mr. Anderson. I don't know.
Mr. Tauzin. Social Security has never explained that to
you?
Mr. Anderson. They did not.
Mr. Tauzin. But Social Security did issue him a card with
your number on it?
Mr. Anderson. That is correct.
Mr. Tauzin. Maybe Social Security has some answering to do
here.
In your case, Mr. Albright, your Social Security number was
obtained?
Mr. Albright. I will tell you how I believe it was
obtained. My resolution was never complete. I believe it was
one of two major credit grantors where they had an internal
employee which had access because I was a customer and had a
credit relationship, where they had access to my personal
financial information.
Mr. Tauzin. In Virginia the Social Security number is your
driver's license number. Every public official I know on this
panel has filed documents with the SSN on it, either tax
returns which have been made public or other documents under
some sort of financial reporting requirements. Every student I
know in most universities has the Social Security number as
their ID number. I am told that some put it on tests. Every
test has the Social Security number on it. I guess what I am
saying is that it is pretty easy in our society to take your
number and use it, isn't that correct?
Mr. Albright. In this case, it was obviously an intent to
create a crime.
Mr. Tauzin. I am assuming that somebody has a bad intent.
It is pretty easy to get the number?
Mr. Albright. Yes. If I might finish, I would argue also
the fact that that information is extremely valuable to a
credit grantor to assist consumers.
Mr. Tauzin. I accept that. I understand that.
But let's take it a step at a time. So somebody has got
your number. In fact, Social Security gave him a card with your
number which allowed him to use your credibility with a Social
Security issued card with your number. So he goes out and he
makes all of these charges and defrauds some companies out of
money. And, as Mr. Shadegg said, you are not considered a
victim because it was companies that were defrauded.
How about every customer in America who has to pay higher
retail prices because the cost of business has increased? We
have a lot of victims out there to deal with. You yourself, Mr.
Anderson, finally, with Mr. Shadegg's legislation, is
identified as a victim.
Knowing the number is fairly easy to obtain and knowing
that there are people out there willing to do this, how do we
protect people without compromising the availability of useful
information? At the same time, how do we also make a lesson, an
object lesson, of people who would do this?
Let me ask you, Mr. Anderson. You know the guy's name and
address and where he lives in California. Have you ever been
tempted to go out and egg his house?
Mr. Anderson. I have thought about it.
Mr. Tauzin. Why haven't the enforcement authorities
arrested the guy?
Mr. Anderson. We heard about that earlier. Basically, I
started with the local law enforcement authorities in that
county in California. They referred me to the Virginia State
Police.
Mr. Tauzin. You have been bounced around. Nobody has ever
prosecuted this guy.
Mr. Anderson. I wound up after two trips to the FBI with
Social Security. Only after intervention by Congressman Bliley
a few months ago have I started to see any substantive action.
Mr. Tauzin. I congratulate you on going to a good source.
But does every member of our society have to know a congressman
to get some help? Is that the only way you are going to get
help?
Mr. Anderson. That is what it took.
Mr. Tauzin. Isn't that awful? We have some work to do.
We have five reference points here. We have a perpetrator
of fraud. We have a retailer, provider of goods and services.
Neither one is going to be responsible for cleaning up this
mess. The retailer is a victim. The perpetrator is the
perpetrator. He is not going to clean it up.
You have three other people. You have the owner of the
number, the owner of the credit who has been victimized. You
have the credit reporting authority that now has a bad record
and is reporting to other people about bad credit. And you have
the issuer of the credit, the financier, the credit card.
I am going to have to run and go vote. Mr. Oxley will take
over.
You have three points of reference now of responsibility.
How much is the consumer responsible to clean up his own mess?
How much is the finance company, the issuer of the credit card
responsible for cleaning up the mess when the numbers that they
have issued have been used improperly to create bad credit and
defraud people? And how much is a credit reporting agency,
whose job it is to collect and send out good information to
people that won't damage people and will help people, how much
is it your responsibility to clean up this mess? And if we
haven't figured it out, can we figure it out today?
Think about it. I am coming back.
Mr. Oxley.
Mr. Oxley [presiding]. I will let Mr. Tauzin come back and
finish up that line of questioning.
Let me ask you about the growth of identity theft,
particularly Mr. Albright and Ms. Bernstein. It is obvious that
identity theft is growing in recent years. In your experience,
both of you, what are the causes? Why is there an explosion of
this? Why is it happening now? What technology is available
perhaps that wasn't available then?
Mr. Albright, let me begin with you.
Mr. Albright. Thank you.
In our case, it has been rather explosive. I don't have the
information in front of me going back in historical years. I
know that it has increased exponentially for the last couple of
years.
At our company last year we processed in excess of 30,000
claims of people who came to us and said that they were victims
of credit card fraud or some type of identity fraud. Thirty
percent of those people, when we sent out the appropriate forms
and started asking the questions, we never heard from again, so
that number now comes down to 70 percent. Of the 70 percent of
the people left over, 80 percent were some type of identity
fraud type situation. So that number just continues also to
increase year after year after year.
Mr. Oxley. Ms. Bernstein?
Ms. Bernstein. Yes, thank you, Mr. Oxley.
We, too, have tried to gather some statistics on the extent
of it; and the most recent data is from GAO that reports that
consumer inquiries to the credit bureaus increased from 35,000
in 1992 to 522,000 in 1997, similar data from the Social
Security Administration.
In response to why now, I think you alluded to some of the
things that we are seeing happening. The techniques for
perpetrating identity fraud used to be low-tech, getting
information out of garbage cans or picking up a piece of mail
with some identifier on it.
More recently, we have seen a more sophisticated technique
in a practice known as skimming. Identity thieves use computers
to read and store the information on a magnetic strip of an ATM
or credit card. When that card is inserted either in a
specialized card reader or legitimate payment mechanism and
once it is stored, the information can be re-encoded on any
other card with a magnetic strip, instantly transforming a
blank card into an ATM or credit card identical to the victim.
There are undoubtedly technological mechanisms that have
come into use now that are facilitating any thief who is
engaged in those practices. So it has been, I believe, for a
couple of reasons but because it is easier to do it in more
ways.
Mr. Oxley. So technology is our friend and our enemy?
Ms. Bernstein. Exactly right. We are trying to stop it, so
we are hopefully as smart as they are.
Mr. Connelly. Mr. Oxley, can I comment?
The 550,000 calls used in the GAO study came from one of my
members, and it deserves some explanation because it is
misleading.
That was the total number of calls that the fraud division
of that company received in 1 year. In fact, the fraud division
does not categorize them by specific categories, each call,
such as a proactive call or questions about fraud, things like
Mr. Albright described, people who call and maybe have lost
their wallet and never had a fraud. I am not trying to minimize
the seriousness of the number of instances but bring it into
perspective, that it wasn't 550,000 theft fraud calls. Thank
you for that opportunity.
Mr. Oxley. Mr. Anderson, first of all, do you know whether
the criminal who stole your identity has ever been prosecuted,
to your knowledge?
Mr. Anderson. I have every reason to believe they have not.
Mr. Oxley. When you had your discussion with the Special
Agent in Charge from San Francisco, the FBI----
Mr. Anderson. Yes.
Mr. Oxley. [continuing] Was it your understanding that the
bureau had said that they didn't have the statutory authority
to investigate identity theft at that time?
Mr. Anderson. No. It was my understanding that, with most
law enforcement of that type, there seems to be a dollar
threshold on what will or will not be accepted for prosecution
and that--if I understood what the special agent was telling me
correctly, he was telling me that my problem didn't rise to the
level that the U.S. Attorney would take the case.
Mr. Oxley. This was before Mr. Shadegg's bill became law;
is that correct? Before the law was passed in the last
Congress?
Mr. Anderson. Yes, it was. That was several years ago.
Mr. Oxley. So it may have been that the only opportunity
the Bureau had to investigate was under the major thefts
statute; is that correct?
Mr. Anderson. That is correct. When the new law came out,
since I was now dealing with Social Security Inspector General.
I wrote to them and I said, here is a violation of 18 U.S.
Code. What are you going to do about it?
Mr. Oxley. But the initial statute that the Bureau had to
act under was major theft, which does set a monetary amount,
maybe $250,000. I can't remember now what the statute says, but
that was the case.
Let me ask Ms. Bernstein, has any credit rating agency been
found to have illegally sold or transferred data to another
party?
Ms. Bernstein. I'm sorry, I didn't understand your
question.
Mr. Oxley. Has any credit rating agency been found to have
illegally sold or transferred data to another party?
Ms. Bernstein. Not to my knowledge.
Mr. Oxley. Within the scope of your jurisdiction, you don't
know.
Mr. Connelly, do you know?
Mr. Connelly. No, not the way that the question is phrased.
Mr. Oxley. What about any charges to that effect?
Mr. Connelly. Frankly, more to the contrary. There have
been circumstances where an individual may have obtained
information impermissibly from a consumer reporting agency.
Mr. Oxley. Has any credit reporting agency ever violated
the statute as it relates to providing data in your----
Mr. Connelly. Since 1971, since the law went into effect,
there is certainly a body of case law in effect. Some consumers
have succeeded in winning cases against consumer reporting
agencies. Usually, it would be more a matter of the jury
finding that the bureau exceeded the reasonable procedures and
did make an error beyond the limit of reasonable procedures.
Mr. Oxley. That is civil action?
Mr. Connelly. Those are civil actions, yes. I, frankly,
don't know of any criminal actions. Again, the FTC, of course,
in enforcing has brought some consent decrees, but again I
don't know of any criminal situations where a consumer
reporting agency has violated.
Ms. Bernstein. The FTC's authority is all civil, and we
have brought many enforcement cases over the years to enforce
the provisions of the FCRA.
Mr. Oxley. Many credit thieves send in a change of address
to creditors to avoid detection for a longer period of time. Is
there any way, working with the Postal Service, that credit
bureaus can cross-check or send a notice to the old address
when a new address is received and the credit history is
updated? Mr. Connelly, is that something that we could----
Mr. Connelly. That certainly is something that our members
would want to have access to be able to do.
Usually, I think Mr. Albright will speak to that, when they
get a new address from consumers, they have methodologies at
the credit grantors' point of information where they will
attempt to reverify, and I don't think you will send a credit
card to a new address without reverifying it. We get our
address from the credit grantor who has submitted the data to
us or from a consumer.
Mr. Oxley. Mr. Albright?
Mr. Albright. If I might just take a moment to explain, my
situation was pretty straightforward, I believe.
Someone penetrated my personal data. They then had a
Pennsylvania driver's license issued in my name with a new
address in Philadelphia, Pennsylvania. They then took that
piece of information, went in to these various retail stores
and opened up an account under the Philadelphia address. They
would have also had my previous address in Arlington Heights,
Illinois, and they would complete the application.
They go into the credit bureau data base, and the data base
looks, we do not have Charlie Albright with this Social
Security number at this address, but we have him at the
previous address in Chicago. They would presume Charlie
Albright has relocated.
And this was not a real estate mortgage. These were $1,000
transactions, not $10,000 transactions. They would presume that
Charlie Albright relocated and go through whatever algorithm
required, and the credit file would be clear, and probably in a
matter of seconds the account number was issued and the account
was approved.
So credit information was a resident in Arlington Heights,
Illinois. New address, a very transient society, we all have a
tendency to move around. No reason to think that I was a
criminal. They thought I took a new position in Philadelphia,
and the criminals were off and running.
Mr. Oxley. Which makes the enforcement and tracking and all
of that just more difficult.
Mr. Albright. When you get to enforcement also, in our
case, at the end of day you are dealing with tens of millions
of dollars. On a case-by-case business situation in our
business you are talking about 1,600 to 2,000 transactions, and
you just have one company. These things are not all bunched
together, so you are not going to pursue them legally. No. 1,
no one is going to listen to you, and, No. 2, the economics
would not warrant it.
Mr. Oxley. What about a situation where someone got your
Social Security number, Mr. Anderson? That is how the whole
thing started?
Mr. Anderson. That is right.
Mr. Oxley. Shouldn't there be some ability of the Social
Security Administration to check to see whether a particular
Social Security number has already been obtained? In other
words, had that individual applied for a SSN under your name, I
would assume in Social Security they have the wherewithal to
verify the fact that your name and your Social Security number
are on file there so when somebody else went in to obtain that
number it would come up that you already have a number and it
is already matched with your name?
Mr. Anderson. Well, I would think so.
According to correspondence I have from Social Security,
they have a process that they call reconciliation, and it is
supposed to detect situations where a person is working under
the same name and SSN. But, remember, before I started having
the credit problems, I went face to face into a Social Security
office in Baltimore, and they told me that they knew that there
was a problem. The name that was on the document that they
called me in was the same as mine with a different middle name,
and it is the name of the alleged perpetrator that was given to
me in the letter from Social Security.
So I think it is clear that they know who the person is, or
they at least know an alias of the person. There is somebody
there. I think they are well aware of that. They have a system
in place called reconciliation. Why they didn't do something
about this is a mystery to me, and it has only been in the last
few months I have been able to get any momentum to push them at
all. It has taken years.
Mr. Oxley. Yes, Mr. Albright.
Mr. Albright. It appears to me, in Mr. Anderson's case, you
have a surgeon who has operated on a patient who used this
information who clearly knows who this person is and where he
lives. That doesn't happen very often.
Mr. Oxley. So the middle name was different.
Mr. Anderson. That is what I understand, yes.
Mr. Oxley. You don't know that for a fact?
Mr. Anderson. I just know what I have in documents, and the
middle name has always been different until the medical visits
that I told you about. The person was apparently hospitalized
and went to two hospitals, and the hospitals, of course, called
me with collections. After that, I had to verify who I was to
the hospitals. I had to tell them my real middle name, and they
asked me for my mother's maiden name and so on. After I
provided that information to the hospitals to protect myself,
this person started using better information. So somehow
through the information I gave the hospitals in California,
this person got additional information.
Mr. Oxley. So we are talking about a pretty sophisticated
individual?
Mr. Anderson. The person has been very selective. Every
couple of months the person walks into a department store, rips
them off and disappears. Until the medical business came, for
whatever reason, there was not a really good trail. My letter
to Social Security IG simply said, with medical records, I
think it should be pretty simple to identify somebody, under
the new law particularly. That is where I am with Social
Security at this point.
Mr. Oxley. Thank you.
The gentleman from Missouri, Mr. Blunt.
Mr. Blunt. Thank you, Mr. Chairman; and thank you for
having this hearing on implementation of the law that we passed
last year.
We had a person in my district in southwest Missouri,
Angela Williams, who really for 2 years was spending a
substantial amount of her time just trying to restore her
credit because of this very problem. And, of course, this as a
civil matter was handled differently than I hope it will be in
the future.
Mr. Anderson, what do you think could be done to help clean
up the credit record more quickly once it has been determined
that you are a victim?
Mr. Anderson. Well, I have thought about that. If this were
a hockey game, I think I would like the credit reporting
agencies to be the victims of a red light and a penalty box.
When I go through all of the necessary procedures to notify
both them and the provider of the information which I am
disputing that I am a victim of bona fide Social Security
fraud, that they go into the penalty box at that point and
things stop and get corrected. That doesn't happen. It seems
like we just shift into another round of the game. Maybe
something gets corrected, maybe it doesn't. Maybe it gets
partially corrected, and I am right back a month later writing
the same letters, filing the same disputes and contacting the
same providers of bad credit information.
Mr. Blunt. Ms. Bernstein, there is a California law that
was enacted last year that requires the credit reporting
agencies to block reporting any information that the victim of
identity theft alleges appeared improperly on their credit
report as long as the victim submits a copy of a valid police
report. Is that something that could be done nationwide and, if
so, could you do it and what would we have to do?
Ms. Bernstein. The FTC would have to be authorized,
Congressman, in order to do that. There are already some
efforts, and they would be more effective if they would be
required by law to put a fraud flag on the credit report as
soon as Mr. Anderson's report was made, and that would in part
do the same thing the California act is doing. Then nobody
could rely on the information that has already been flagged in
order to issue additional credit.
Mr. Blunt. It would still be on the report?
Ms. Bernstein. Yes. It would be on the report.
Mr. Blunt. In the California case, they don't put the
information out after the person has effectively filed the
police report and done whatever else is necessary?
Ms. Bernstein. That would seem to be--I am not familiar
with the particular California law, but it would seem to be a
very effective device.
Mr. Blunt. Mr. Albright, from a credit officer's point of
view, what are the problems with that? Do you have any
information on how that is being implemented and what do you
see as the problems? And what sort of responsibilities should
the creditor have to stop sending out reports of debts incurred
after they have been told that this is a person who is the
victim of identity fraud?
Mr. Albright. I am sure this has happened in our company,
and I know everybody would be ashamed of it if we didn't
respond, and let me tell you how our process works. Early on in
the process, as I indicated in my opening testimony, I alluded
to what I call a flag on the system. What that flag on the
system does is it sends back a message electronically to a
credit grantor that there is a fraud situation with this
account. What we do in our company then is we force that
account to be manually reviewed.
In that also there is a statement that says, I believe, to
call the customer; there has been some fraudulent activity on
this account. So in my case they would have called me or
whatever.
Clearly, I believe that the creditor has a moral and
business obligation when they are convinced that there has been
an identity fraud situation to, No. 1, to put a flag on that
account. I believe it has worked very, very well. Household has
installed an automated process to make that go very quickly
from us to the other credit grantors.
In addition to that, we remove the trade line entirely from
the credit file. I believe the mechanics are there today.
My personal situation is that I was treated as a criminal
by the credit grantors. One of my charges was at a store in
Wilkes-Barre, Pennsylvania, for $1,800 for automobile repair. I
don't own that type of car, and I was told on the telephone
that I was lying and I made that type of repair. This is a
very, very large organization, and they really got my attention
when they called me a liar. I am a credit grantor but also a
consumer. But, in any event, in my case no one believed that I
was telling the truth. Even when you go through all of the
documentation.
Finally, how I got it resolved is I knew the general
counsel personally of the company that was involved. After 18
months I called him on the phone; and I said, look, I have a
file here that is about 6 inches thick. I have return receipts
and certified letters. I have not been harmed personally
because I have not applied for credit. I know what my credit
bureau file looks like. I said, I am ready to start litigation.
What would happen if a senior credit executive were to sue your
company for this performance?
He came back to me and he said, if you have what you say
you have and you are right, we will write you a check today for
$2 to $3 million to go away. This case is so ugly, we don't
want this to go any ways. I indicated I wanted it fixed, and it
was fixed by the time the sun went down that night.
What that tells you, the mechanics are in places--training,
education, and sensitivity. Credit grantors have that
obligation to employees. Make sure that we are hiring the right
people.
At Household, we have internal employees in our bank card
operation that have perpetrated fraud, where they have
confiscated information from our card holders and done the same
thing to innocent people that was done to me. If we catch them,
we prosecute them, and we try to take them to the extreme
extent of the law. A lot of laws are there today. It is a
matter of people utilizing the system.
Mr. Blunt. Mr. Connelly, I cosponsored Mr. Shadegg's bill
last year. I understand why we needed to make this a crime. I
know that it is a tough job, and you have lots of vulnerability
out there with the information you give out being accurate. Why
hasn't the industry solved this problem like the California law
or other States are now trying to require it be solved? Why
hasn't this been done?
The industry would have done this better than government
would have if they would have done it, and I am asking you why
they didn't do it and how far along you are on a national
standard that accomplishes these kinds of things once you are
convinced there was a legitimate problem.
Mr. Connelly. Thank you for asking that question, and in my
prepared testimony I hope that I made clear to the committee
that indeed Associated Credit Bureaus and our members do
recognize it as a problem, and we are trying to do it
individually or without government assistance other than things
like making it a criminal activity.
Each of our companies, the three major companies, have
dedicated fraud units to handle the cases like Mr. Anderson's.
And I can't tell you what happened, where his went awry; and I
commented on that before.
But, as Mr. Albright said, as soon as one of our companies
is notified of a possible fraud, even the potentiality of a
fraud, a call from a consumer, that file is flagged. So, if it
didn't happen in Mr. Anderson's case, I can't give you the
information why without going into the specifics. As a policy,
that happens each time.
So you heard Mr. Albright explain that in his company they
see the flag, they take the flag seriously on an application
for credit. If a company, a credit grantor, does not take that
flag seriously, the flag is worthless. It is like a red light
that is out there, and someone goes through the red light, and
that is going to perpetuate the crime. So a flag is not the
only answer.
Mr. Blunt. Is this such a big problem that you can't do
more than just flag the file?
Mr. Connelly. That is one thing.
Let me speak to the California case that you just
described.
Yes, in California if a consumer presents a police report,
I am going to call it the individual trade line, the individual
item that is disputed as being a victim of fraud is deleted or
blocked from the credit history. And that is fine. We would all
agree with that.
The trouble is, let me tell you what is happening. What we
are seeing now is an increased number of credit repair clinics,
additional con artists who are using this legitimate tool as a
tool to eliminate and strike from the file legitimate adverse
credit history from other consumers. So then the Albrights of
the world and the Households and the rest of the credit
grantors get stuck for not being able to get true information
on truly adverse paying customers.
So, yes, that is one thing. I am showing you another side
to it that makes it not a perfect solution.
Mr. Blunt. Thank you, Mr. Chairman.
Mr. Tauzin [presiding]. The gentleman----
Mr. Albright. I did not answer the last part of your
comment about the California situation. I was told two things
specifically as I queried all of our business units, knowing
that I was going to be coming here.
No. 1, Charlie, be very careful about the California
situation in terms of police reports because, in many
jurisdictions, I have been told, it is not very complicated to
get a police report, and it could perpetuate the crimes if the
wrong people get onto that.
No. 2, try to get the message across that there needs
attention to this whole situation of law enforcement agencies
because, working with them today, we cannot get them to be
interested, and that gets back to the heart of the discussion
we have been talking back.
Mr. Blunt. I would not mind to have Mr. Anderson's comment.
Mr. Anderson. I honestly believe in virtually every case of
successful theft from department stores and hospitals, that had
the people granting the credit done a positive ID, somehow
positively identified the person that they were dealing with
other than just asking for a Social Security number, there
would not be a problem. I think that the creditors are lax in
identifying and knowing who they are doing business with.
Ms. Bernstein. That has been our experience as well. There
has been really insufficient attention of credit grantors to
whom they are granting credit and ignoring the flags that are
on the credit bureau reports as well.
Mr. Blunt. By ignoring the flags, do you mean that they
don't understand the flags and they assume that this person is
in trouble, or they just ignore the whole report?
Ms. Bernstein. It is a mixed bag, I believe, to the best of
our knowledge.
Mr. Tauzin. The Chair is going to ask the agreement of Mr.
Shadegg, and we will turn the time over to him in just a
second. I am being called to the Appropriations Committee.
I just wanted to get an answer to the question that I
posed. And the question is, among the three reference points,
excluding government, which should be the enforcer in the end,
but among the three reference points, the consumer, the credit
bureau or reporting agency, and the person handling the
financing, issuing the credit cards, extending the credit,
among those three players, who has a responsibility for
cleaning up the record and making sure that Mr. Anderson
doesn't have to wait 5 years?
Let me pose it quickly maybe a different way.
If Mr. Anderson supplies your member company, Mr. Connelly,
with information that he has been defrauded, is it your
responsibility to make sure all of the companies get proper
information that he is not, in fact, a bad credit risk? Is it
your responsibility today and do you assume that
responsibility? Does it need to be clarified in law or
regulation?
Mr. Albright, in terms of the issue of the credit card, how
much responsibility does the issuer of the credit card or the
financing, the extension of credit, have in terms of helping
Mr. Anderson clear up his record?
It is to your benefit to give him that credit card. I get
them in the mail all the time unrequested. There must be some
real value in having me as a credit card holder.
He has now been damaged. How much responsibility do you
have to help insure that his records are cleared up? Somebody
has some responsibility. He may have some to properly document
the problem. I think he has taken 5 years to do it. You
yourself, Mr. Albright, mentioned the time it took you.
But once you have documented, which one of you are most
responsible or what do you share in responsibility in cleaning
this up so he doesn't have to go to Mr. Bliley and say,
Congressman, it doesn't work out there, and I need you to
intercede with somebody. Which one of you is most responsible
or how do you share that responsibility? Please respond.
Mr. Albright. I believe Household in this case has a very
clear responsibility once we start the investigation of fraud
to, No. 1, flag the account as being under investigation.
Again, there is no guilt or innocence here, because the case is
not resolved, the fact that we have been contacted. We code the
account, put the flag out there.
Mr. Tauzin. Is it your responsibility to notify?
Mr. Albright. It is my responsibility to notify him.
Mr. Tauzin. It is your responsibility to notify him that
his number has been compromised and it ain't his fault? He has
done nothing wrong.
Mr. Albright. He has notified me.
Mr. Tauzin. Notified you timely. You have corrected the
records. You may have taken a loss yourself in the process, but
now your job is to notify Mr. Connelly's member. What is your
member's responsibility?
Mr. Connelly. Our responsibility in the instant case you
just described is to delete the information and not let it
reappear on the file.
Mr. Tauzin. Why has that not happened for Mr. Anderson?
Does anybody know? Mr. Anderson, do you know why it hasn't
happened?
Mr. Anderson. No, but I think somebody named Glen King
does.
Mr. Tauzin. Who is Glen King?
Mr. Anderson. The one that sends most of the letters
ignoring what I am doing from Equifax.
Mr. Tauzin. So Glen King is a guy in this credit reporting
agency?
Mr. Anderson. For years.
Mr. Tauzin. So you have a problem with one of your members.
Is that credit agency a member of your association?
Mr. Connelly. Yes, they are, sir.
Mr. Tauzin. Do you have self-policing structures within
your organization?
Mr. Connelly. The Fair Credit Reporting Act, as amended,
speaks very strongly to that. We do not have Mr. King's side of
the story.
I think you will allow me to just make the point that what
occurs in the instance that we just discussed, Mr. Albright
received the example of a fraud notice at his company. Mr.
Albright, who is a regular contributor of data to us, notifies
us that that information is wrong, and it is not to be reported
again. We have to stop reporting it, absolutely.
Mr. Tauzin. What is wrong with this guy King?
Mr. Connelly. There are other circumstances.
Mr. Tauzin. What are the other circumstances?
Mr. Connelly. Maybe Mr. Anderson came directly to the
consumer reporting agency and said, the item on your report
from Household, we will use you as an example, is a fraud
account. In this case, the consumer reporting agency member of
ours, under the laws of the Fair Credit Reporting Act, is
required within 30 days to go back to the credit grantor and
reverify the information. If they cannot reverify it, it must
be deleted.
I am going to make an assumption here that Mr. King is
getting back a reverified piece of data from whoever he is
going to, and, therefore, he keeps reporting the data based on
the reverification from the furnisher of the data.
Mr. Tauzin. So what you are saying, in Mr. Anderson's case,
the credit supplier is still reporting to the credit bureau----
Mr. Connelly. Yes, sir.
Mr. Tauzin. [continuing] that Mr. Anderson is a bad guy and
not paying his bills?
Mr. Connelly. They are reconfirming the data that the
credit bureau has.
Mr. Tauzin. Mr. Albright, it sounds like your guys are not
doing their job here. Is that the case?
Mr. Albright. If my guys are the credit grantors, it sounds
like that to me, yes, they are not. I picked up a comment very
early in Mr. Anderson's testimony that he kept going back to
the credit grantor, and they kept saying that they had the
Social Security number, and there wasn't anything that they
could do, and it was a legitimate Social Security number and
whatever.
Mr. Tauzin. Here is where we are going to leave it. I am
going to turn it over to the guy who knows more about this than
anyone on the committee, John Shadegg.
What I am pointing out is that a guy like Mr. Anderson just
gets bounced around. Not only does he get bounced around by the
three corners of this triangle but also by the enforcement
agencies that don't necessarily take him seriously or prosecute
people. So he is left with the frustration that says maybe I am
going to go egg the guy's house, and now I have to file a
lawsuit and go after that $2 million claim. Maybe I ought to be
one of those special people who knows his congressman well
enough to get him excited, like Mr. Bliley. Are we going to
leave it like this, where everybody in America has to know
somebody in Washington to get some help?
Mr. Shadegg, take it.
Mr. Shadegg. Thank you, Mr. Chairman. I think we had a
great illustration of the exact problem that exists and the
frustration that occurs. I appreciate your efforts, Mr.
Chairman. It really is true.
I think what we just described is that Mr. Anderson calls
and says, I am not the guy that did the bad thing, but the
creditor does not necessarily accept his word. There is a
dispute, and the credit bureau continues to hear from the
creditor that this person with this name and Social Security
number is the bad credit risk, and Mr. Anderson keeps fighting
the fight.
Mr. Anderson, let me start with you. Your statement was
eloquent in making the points that need to be made; and it
might even suggest, Mr. Chairman, that we ought to go to a new
system. On the front of Mr. Anderson's statement he puts a
little synopsis that says major points. You did a marvelous job
of putting forth the major points, and our normal witnesses
don't do that. I want to pick a couple of those points.
One point that I discovered is very true. It may have been
more true when you incurred this problem. You say, very little
assistance forthcoming from Federal agencies. I will tell you
very little assistance is forthcoming for victims of this crime
from either Federal agencies or State agencies. Because, even
in the States where we have it, I have discovered through the
task force that we set up this year in Arizona to try to make
sure that the State law is being implemented and the Federal
law which I got passed last year is being implemented, in point
of fact, agencies are not providing assistance. I hope to get
more heat on those agencies to provide assistance, because
someone has got to get in there and solve the problem.
As an aside on that point, one thing I would like to offer
to do is to work with you in trying to get Virginia, the State
of Virginia, to pass a law like the State of Arizona did to
deal with this problem. Because, in addition to having a
Federal law, I think we need a State law. Because we need to
bring to bear all of the law enforcement agencies that are
possible.
The second point I want to make is you said you contacted
the FBI and the Social Security Administration. Were there any
other law enforcement agencies that you contacted to say, hey,
I am the victim of a crime or I am being defrauded? Or were
those the two that you principally worked through?
Mr. Anderson. Yes. In my review I started with the local
authorities in California. I thought that was appropriate.
Mr. Shadegg. State authorities?
Mr. Anderson. County, actually, because it was clear where
this was happening.
Mr. Shadegg. What was your experience?
Mr. Anderson. They referred me to the Virginia State
Police. I talked to the Virginia State Police and explained to
them what was going on; and they said, this is a Federal
matter. You need to talk to the Feds.
So I looked at the choices with the Feds, and I found out,
well, it wasn't postal fraud, not a credit card, so it is not
Secret Service. The only thing I could come up with was that it
might be Social Security, and it might be interstate telephone
fraud, and that is why I contacted the agencies that I did.
But let me say this. I tend to be a stubborn person, and I
can throw out a possibility here. If I had not done a thing,
let us assume for a minute that I don't need credit, that I
don't care about my credit report. If I had not done a thing in
this case and I had not notified anybody, the only thing that
would have happened is the department stores in California
would be losing more money and the hospitals in California
would be losing more money treating somebody that they don't
know, that they don't even understand the identity of. That is
what would have happened had I done nothing.
Mr. Shadegg. I would argue that you are still a victim of
the crime. Many people don't discover this until they pull a
credit report.
When we introduced the bill last year, we held a press
conference here in the Capitol; and many Capitol Hill staffers
related that they had been victims of the crime. But one of the
fascinating stories, a woman who lived in Northern Virginia,
and I will tell the story, she said she went home 1 day and a
friend of hers called her. The friend lived out of town and
said, gee, I have been having a hard time getting ahold of you.
I would like to see you when I am in town.
Why are you having a hard time getting ahold of me?
Your number is unlisted.
This woman said, no, my number is not unlisted.
And the woman said, yes, it is. I finally got it from a
mutual friend of ours.
That afternoon the woman calls the phone company and said,
is my phone unlisted?
They say, yes.
How did it get unlisted?
Well, your husband called and unlisted it.
So that night at the dinner table she turns to her husband,
honey, why did you unlist our phone number?
He says, what do you mean? I didn't unlist our phone
number.
What had happened was that the perpetrator of the crime who
was going out in Northern Virginia and applying for credit did
not want the credit issuers to be able to contact the real
people, so the perpetrator of the crime had called the phone
company and had their home phone number unlisted unbeknownst to
them. The permutations of this crime are fascinating.
I guess the second point I want to make and that you make
in your statement is that identity theft violations may not
rise to the necessary dollar level to cause Federal law
enforcement agency actions.
In the bill last year, we reduced the jurisdictional legal
limit from $25,000 down to under $1,000 to enable them to deal
with this problem; and I personally think your credit
reputation is worth more than a thousand dollars, as is any
American's. But the real problem then becomes a resource
problem, and that is something that I want to talk with the
other gentlemen about.
But before I do, Mrs. Bernstein, I want to ask you just
very quickly, the law that we passed last year gives you three
specific functions, and I understand that you are working on
all three of them and expect to meet the 1-year statutory
deadline. My question is on funding. Has the FTC sought in the
appropriation process the funding for these functions and are
you receiving it?
Ms. Bernstein. We have sought them. We have asked for $2.6
million over 3 years, which will provide us with probably not
the maximum amount to take the maximum number of calls and
carry out these duties, but we think it will allow us to be
successful in carrying out the first phases of this program.
Mr. Shadegg. Well, I guess the only point I would want to
make is, if you are not successful or if you are having
difficulty, please come and see me.
Ms. Bernstein. I would not hesitate for a minute.
Mr. Shadegg. I want to now turn my questions to Mr.
Albright and Mr. Connelly.
Mr. Albright, in your testimony you, I think, hit the nail
on the head, or at least one of the nails, in that you say one
problem is that identity theft crimes are rarely prosecuted. We
have just heard Mr. Anderson describe it. When you contacted
the FBI, Mr. Anderson, and the Social Security Administration,
that was before the effective date of last year's legislation?
It was before last October?
Mr. Anderson. It was indeed. And the first letter that I
wrote after I saw that change to the 18 U.S. Code was to the
Inspector General of the Social Security Administration, and I
asked point blank if they were going to enforce the criminal
law.
Mr. Shadegg. If you did not get their attention, in
addition to perhaps using Mr. Bliley's office to get their
attention, I would be happy to help.
Mr. Albright, the firsthand experience I had with this
aspect of the problem was when we convened the task force; and
I literally sat there with law enforcement agencies on one side
of the room and prosecutors' offices on the other side and
alphabet soup from FBI to FTC in the room. You saw everybody do
this. We cannot prosecute this. This occurred in Virginia. The
Virginia Police say this occurred in California. I think that
is where we have to go to get to the heart of this problem, and
I am not convinced that criminal law enforcement agencies are
the answer.
You go on to say that greater criminal penalties should be
placed on those who perpetrate such crimes. On the one hand, I
see the criminal law as the proper method because a civil
remedy may not be effectual because these people have no
resources. So perhaps a criminal penalty is the right penalty.
But then the question is, how do we motivate law
enforcement agencies to go after a criminal penalty where what
you have is small dollar crimes like a $300 charge on a cell
phone? The agency says look, we have $200,000 frauds to deal
with. We can't devote any resources to go after this.
On the one hand, I see criminal penalties being
appropriate. On the other hand, I see Mr. Anderson as the
greatest victim and my own constituents, Mr. and Mrs. Hartle,
as the victims. It is clear that the people that you represent
in this discussion, the creditors, are the direct victims; and
the credit reporting agencies are becoming victims because
people are becoming angrier and angrier at credit reporting
agencies for their involvement.
Has any thought been given to something along the line of a
RICO-type enforcement or something along the line of empowering
creditors to collectively go after these people to stop their
activity?
Or maybe even, turning to you, Mr. Connelly, maybe even a
joint effort where the credit industry and the credit reporting
industry go together and not just do the things that you talked
about, Mr. Connelly, but actually fund efforts by the private
sector to go after these people. Because while Mr. Anderson is
the victim emotionally and his credit is destroyed, and I
personally know what that means when you try to get credit and
your credit is not in good shape, that can be a serious
problem.
What is the remedy? I am asking both Mr. Albright and Mr.
Connelly to comment on what other things can we do? Perhaps
make it a RICO predicate or something in that nature, something
that gives us the aggregate authority to go after these people?
Because while Mr. Anderson is in part the victim, and I
worry about him, the money that is being lost is coming from
you, Mr. Albright. And, quite frankly, I think it is ultimately
coming from us because, to the degree that they defraud you,
your stores, the people who you represent have to build into
the prices of the goods I buy the cost of the goods to cover
for the people who don't pay for the goods that they are
stealing.
Do either one of you have a response to that?
Mr. Albright. No. 1, in my particular case, I don't think
it was ever discovered who to go after in the first place. I
think that probably happens a larger percentage of time, is you
really don't know because the statements in Philadelphia were
going to an empty lot and everyone was, I am sure, long gone.
The only thing I ever saw was a copy of the driver's license
that was used and some of the documentation.
Mr. Shadegg. Let me ask, isn't it possible if you were
sufficiently on top of this and if a law enforcement agency was
sufficiently on top of this, if someone walks in and applies
for credit and they use a Social Security number or some other
personally identifying information which you have already
established has been used elsewhere to get fraudulent credit,
could they be told, could you just wait here for a moment, and
a law enforcement person could show up and arrest that person
on the site?
Mr. Albright. At times, that happens. Everything has to
come together exactly.
Mr. Shadegg. That would require greater awareness and
effort by the credit-extending institution and the law
enforcement agency.
Mr. Albright. Years ago, when I worked in the retail
environment for retail stores, where you have point of sale
credit, which is really what we are dealing with here, I know
even back in the 1970's and in the 1980's it was not unusual
for us to call the Detroit Police Department or the Cleveland
Police Department and ask them to go to such a location of a
store and arrest a person.
Another issue comes to mind and anecdotal from what I hear,
I believe the court systems are really overburdened, and there
is tremendous case backlogs. That is one issue.
I think that, if possible, we are sort of getting into an
area that I don't feel real comfortable telling you how to fix
it. I don't know how to fix it. If I could discuss this with
internal security people who deal with this all the time and
send you back a letter with my thoughts, I would feel more
comfortable, because I honestly don't know what the solution
is. It is such a difficult issue to get our arms around.
I do know that our people have continuously told me, even
if they have a situation, they can't get law enforcement's
attention on it because of the size and the volume.
Mr. Shadegg. Well, just to interrupt you for a moment, I
certainly want to let you know I want to figure out how to get
law enforcement's attention. Because it does no good to pass a
law to help Mr. Anderson if law enforcement says they are
penny-ante crimes and I am not going to do anything about it. I
assure you, every victim feels it is a significant crime.
Mr. Connelly. Mr. Shadegg, I think I can safely say people
like Mr. Albright, Household, and my members would entertain
any ideas, like a RICO statute. I am not a good spokesperson on
criminal prosecution, so I wouldn't want to go beyond that,
other than to guarantee you that we would be open to entertain
any suggestion like that.
I might, by example, show you another possible approach. It
doesn't have the big hammer, but we were very frustrated after
about 25 years, from 1971 until just recently, during the
existence of the original Fair Credit Reporting Act, because
there is a section in there that makes it an impermissible
purpose for you to obtain my credit report fraudulently for a
wrong purpose, and our members were getting hit with the
reputation of letting anybody obtain the credit report of a
consumer, which was not the case. We would go to local
authorities to try to prosecute against the perpetrator who has
obtained a copy of the report. The experience was the same. No
enforcement.
When it came time to amend the Fair Credit Reporting Act
that went into effect in 1997, the Federal Trade Commission
supported us in this effort and everybody else did in making it
a civil offense for you to obtain my report for an
impermissible purpose. And, therefore, I can, as a consumer,
sue you if you have anything to sue for, and also the consumer
reporting agency can sue you for violating the Fair Credit
Reporting Act.
There is a possibility that there is something to be said
about Mr. Anderson having the ability to sue if he can find the
person who perpetrated the crime and the credit grantors being
able to bring a civil action against the consumer. I think you
and I both know that the biggest deterrent here is the
potential that that might happen. The potential that I might
get sued for obtaining a consumer report for an impermissible
purpose is more of a deterrent. It is a mild approach, but it
is an approach.
Mr. Shadegg. It is an interesting idea.
Let me ask the three of you not here in the role of
victims, do all three of you agree that a part of this problem
is caused by creditors extending credit without sufficiently
verifying the identity of individual?
Ms. Bernstein, do you agree with that?
Ms. Bernstein. I do agree with that. I very much agree with
that and think that more attention really should be paid to
that aspect.
If I may add, in connection with your prior question, Mr.
Shadegg, it has been our experience that the credit card
companies have developed investigative capacity and have
developed things like a profile so that the kinds of things Mr.
Anderson was mentioning--two addresses, for example, for a
person--would immediately get the attention before credit is
granted.
So before I am too negative on credit grantors, which I
don't intend to be, they have in some instances given us
information so we can use it in our civil enforcement of the
Fair Credit Reporting Act, such as where they have an early
indication before we do that something is going on they notify
us so we can investigate further.
Mr. Shadegg. Do you agree that part of the problem is
caused by creditors?
Mr. Albright. Not totally. In my situation, it was a
driver's license with a picture presented. There was an
address. There was probably a Social Security card, pretty
standard type of information to identify a real person there.
All of the information was recorded on the application. So, you
know, we were dealing with some relatively sophisticated people
who knew how to get this information.
In our particular situation, we have multiple traps in the
bank card operation which we are a pretty large player in, to
try to catch certain red flags.
For example, if a consumer changes an address on the
response coupon, that will be kicked out for someone to
actually look at. If there is some type of a mismatch with the
Social Security number, where a digit is off or the address is
off by a digit, that is kicked off for a human type of
intervention. At that point in time, Mr. Congressman, we don't
open up the account until we talk with a customer and ascertain
that we are dealing with the consumer.
Particularly in the bank card area, this is pretty
sophisticated. Fraud is a very large item on all of our income
statements. We are really trying to focus on making sure it is
not eyeball to eyeball, and it never will be, but that we are
dealing with who we think we are dealing with in the situation.
So I am sure there are some people out there who are lax,
but for those credit grantors who are doing most of the
business, they are really focused on trying to make sure that
the right customer is being served.
Mr. Shadegg. Mr. Connelly, do you think that it is part of
the problem?
Mr. Connelly. I don't think that there is any credit
grantor that is intentionally letting something occur in order
to have a fraudulent account show up on their books.
I might say that, and I think Mr. Albright would agree with
me, that the competitive atmosphere for issuing of credit cards
has been such that perhaps it has invited or let in people who
you might otherwise not have had as a victim.
Mr. Shadegg. Mr. Anderson, do you think that is a part of
the problem? Did you feel that those creditors in California
who extended credit to this individual that is now using your
name were too lax in extending credit to him or her?
Mr. Anderson. In the case of the department stores, I can
certainly understand the need to do business and the
competitiveness. They didn't know who they were doing business
with in this case. In the case of the hospitals that performed
surgery on the person, I think it is absurd. The whole litany
of medical things that are on my report now, many are cleared
up, I don't understand how you can perform medical services on
somebody and not verify who the person is. The department
stores, maybe not. I don't know.
Mr. Shadegg. I am clearing exploring for a way to solve
this problem. And it seems to me that, with some reservation,
if, in fact, a part of the problem is that credit is extended
too casually without taking sufficient steps to verify who the
individual is, one remedy, which I am not saying that I would
want necessarily to go to, would be to give Mr. Anderson a
specific remedy and perhaps enhanced penalties to go after
anybody involved in this from a negligence standpoint, the
Social Security Administration, which should not have given out
this card; or to go after a credit-issuing agency, Mervyns
department store, for example, in your testimony, and give him
a right to recover against them from the wrongful extension of
credit to someone who wasn't him.
Commerce will say that is a terrible thing to have happen.
But, by the same token, something has to be done to incent
those involved in this to bring a halt to it.
My legislation tries to do this by making Mr. Anderson and
Mr. Hartle victims so they don't have to actually suffer
financial loss.
Mr. Anderson pointed out he never suffered any direct
financial loss, but something has to be done, and I am trying
to figure out a way to do it. It is true that the conduct of
the Social Security Administration, in allowing his number to
get out, and the conduct of those other agencies, the
department stores in your testimony and, for that matter, the
hospitals, we think of hospitals as different, but they are in
there to make money just like everybody else. They perhaps
could, I don't know, perhaps could have done a more thorough
job of verifying the identity of that particular victim and not
allowing you to be victimized.
Mr. Albright. I would like to make one more comment.
I asked them specifically, Mr. Congressman, that question.
How will we fix this problem? That is the obvious question to
ask. While technology is not there today, as a consumer I hate
to think about it, one thing that they kept coming back to me
with is biometrics, fingerprints on credit cards, eyeball
scans, and all types of things like that. And eventually in
this society we may move, unfortunately, to that type of
security to make sure that consumers are being protected.
Mr. Shadegg. Yes. Retina scanners have been debated on the
floor of the House in other contexts, welfare and otherwise, as
perhaps one of the next steps that we need to go to.
And, you know, somebody in their testimony made the point
that crimes of this nature--this is the crime today, but it
will move forward just like less sophisticated crimes of 5, 10
years ago. And it may be that, as a result of this law and as a
result of other incentives imposed by Congress and, hopefully,
rather than that as a result of your own initiative, we take
steps which do not hamper commerce but in fact do stop people
from doing to Mr. Anderson and my constituents what has
happened to them.
I have used more than my 5 minutes. I yield back the
balance of my time I don't have.
Mr. Shimkus [presiding]. I am not going to ask additional
questions. I am going to reiterate what my colleague from
Arizona stated.
I have been a member for 3 years, and I think it is safe to
say that the congressional majority would rather have the
private sector solve these problems. You do not want us
imposing new burdensome laws and regulations and regress
through the courts, but we will do that if we don't see a
change in some of these activities.
I see three things. I see approval, then immediately
stopping the undue harassment after the problem has been
identified, and then eventually the prosecution arena.
We have some Federal agencies that do a great job. The SEC
works with the industry to police itself. They work very
closely. I would just encourage those who are in the industry
and with the help of the Federal Government to sit down rapidly
and talk since you all are doing the work. You all know better
than we do, and I would suggest working with obviously the No.
1 champion here on the House side, Mr. Shadegg, working with
him to address this before we do it with the heavy hand of
government, work with us to find a pro-business approach to
solve these dilemmas, and I would be happy to help in any way
that I can.
With that, I am going to adjourn this hearing. Thank you
very much.
[Whereupon, at 12:25 p.m., the subcommittee was adjourned.]
�