<DOC> [108 Senate Hearings] [From the U.S. Government Printing Office via GPO Access] [DOCID: f:95254.wais] S. Hrg. 108-579 THE FAIR CREDIT REPORTING ACT AND ISSUES PRESENTED BY REAUTHORIZATION OF THE EXPIRING PREEMPTION PROVISIONS ======================================================================= HEARINGS before the COMMITTEE ON BANKING,HOUSING,AND URBAN AFFAIRS UNITED STATES SENATE ONE HUNDRED EIGHTH CONGRESS FIRST SESSION ON THE HISTORY, PURPOSE, AND FUNCTION OF THE FAIR CREDIT REPORTING ACT AND PROVISIONS SUBJECT TO THE EXPIRING PREEMPTION PROVISIONS SPECIFICALLY; THE GROWING PROBLEM OF IDENTITY THEFT; AFFILIATE SHARING PRACTICES; ACCURACY OF CREDIT REPORT INFORMATION; CONSUMER AWARENESS AND UNDERSTANDING THE CREDIT GRANTING PROCESS AND ADDRESSING MEASURES TO ENHANCE THE ACT ---------- MAY 20, JUNE 19, 26, JULY 10, 29, AND 31, 2003 ---------- Printed for the use of the Committee on Banking, Housing, and Urban Affairs S. Hrg. 108-579 THE FAIR CREDIT REPORTING ACT AND ISSUES PRESENTED BY REAUTHORIZATION OF THE EXPIRING PREEMPTION PROVISIONS ======================================================================= HEARINGS before the COMMITTEE ON BANKING,HOUSING,AND URBAN AFFAIRS UNITED STATES SENATE ONE HUNDRED EIGHTH CONGRESS FIRST SESSION ON THE HISTORY, PURPOSE, AND FUNCTION OF THE FAIR CREDIT REPORTING ACT AND PROVISIONS SUBJECT TO THE EXPIRING PREEMPTION PROVISIONS SPECIFICALLY; THE GROWING PROBLEM OF IDENTITY THEFT; AFFILIATE SHARING PRACTICES; ACCURACY OF CREDIT REPORT INFORMATION; CONSUMER AWARENESS AND UNDERSTANDING THE CREDIT GRANTING PROCESS AND ADDRESSING MEASURES TO ENHANCE THE ACT __________ MAY 20, JUNE 19, 26, JULY 10, 29, AND 31, 2003 __________ Printed for the use of the Committee on Banking, Housing, and Urban Affairs U.S. GOVERNMENT PRINTING OFFICE 95-254 WASHINGTON : DC ____________________________________________________________________________ For Sale by the Superintendent of Documents, U.S. Government Printing Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; (202) 512ÿ091800 Fax: (202) 512ÿ092250 Mail: Stop SSOP, Washington, DC 20402ÿ090001 COMMITTEE ON BANKING, HOUSING, AND URBAN AFFAIRS RICHARD C. SHELBY, Alabama, Chairman ROBERT F. BENNETT, Utah PAUL S. SARBANES, Maryland WAYNE ALLARD, Colorado CHRISTOPHER J. DODD, Connecticut MICHAEL B. ENZI, Wyoming TIM JOHNSON, South Dakota CHUCK HAGEL, Nebraska JACK REED, Rhode Island RICK SANTORUM, Pennsylvania CHARLES E. SCHUMER, New York JIM BUNNING, Kentucky EVAN BAYH, Indiana MIKE CRAPO, Idaho ZELL MILLER, Georgia JOHN E. SUNUNU, New Hampshire THOMAS R. CARPER, Delaware ELIZABETH DOLE, North Carolina DEBBIE STABENOW, Michigan LINCOLN D. CHAFEE, Rhode Island JON S. CORZINE, New Jersey Kathleen L. Casey, Staff Director and Counsel Steven B. Harris, Democratic Staff Director and Chief Counsel Peggy R. Kuhn, Senior Financial Economist Mark A. Calabria, Senior Professional Staff Dean V. Shahinian, Democratic Counsel Lynsey N. Graham, Democratic Counsel Joseph R. Kolinski, Chief Clerk and Computer Systems Administrator George E. Whittle, Editor (ii) C O N T E N T S ---------- TUESDAY, MAY 20, 2003 Page Opening statement of Chairman Shelby............................. 1 Opening statements, comments, or prepared statements of: Senator Crapo................................................ 2 Senator Dole................................................. 7 Prepared statement....................................... 44 Senator Carper............................................... 10 Senator Johnson.............................................. 13 Prepared statement....................................... 44 Senator Bunning.............................................. 15 Prepared statement....................................... 45 Senator Sarbanes............................................. 17 Senator Bennett.............................................. 19 Senator Miller............................................... 22 Senator Dodd................................................. 22 Senator Stabenow............................................. 25 Prepared statement....................................... 46 Senator Schumer.............................................. 34 WITNESSES J. Howard Beales, III, Director, Bureau of Consumer Protection, U.S. Federal Trade Commission, Washington, DC.................. 3 Prepared statement........................................... 46 Response to written questions of: Senator Crapo............................................ 59 Senator Sarbanes......................................... 61 Senator Bennett.......................................... 65 Senator Miller........................................... 67 ---------- THURSDAY, JUNE 19, 2003 Opening statement of Chairman Shelby............................. 69 Opening statements, comments, or prepared statements of: Senator Johnson.............................................. 70 Senator Dole................................................. 71 Senator Corzine.............................................. 72 Senator Crapo................................................ 73 Senator Dodd................................................. 74 Senator Allard............................................... 76 Senator Schumer.............................................. 77 Senator Bunning.............................................. 78 Senator Sarbanes............................................. 79 Senator Bennett.............................................. 80 Senator Miller............................................... 81 Senator Enzi................................................. 125 WITNESSES J. Howard Beales, III, Director, Bureau of Consumer Protection, U.S. Federal Trade Commission, Washington, DC............................... 81 Prepared statement........................................... 125 Response to written questions of: Senator Dole............................................. 207 Senator Miller........................................... 207 Timothy Caddigan, Special Agent in Charge, Criminal Investigative Division, U.S. Secret Service.................................. 83 Prepared statement........................................... 133 Response to written question of Senator Miller............... 207 Michael D. Cunningham, Senior Vice President, Credit and Fraud Operations, Chase Cardmembers Services......................... 99 Prepared statement........................................... 138 Response to written questions of: Senator Dole............................................. 208 Senator Miller........................................... 208 John M. Harrison, Captain, U.S. Army (Retired), Rocky Hill, Connecticut.................................................... 101 Prepared statement........................................... 157 Respsonse to written questions of: Senator Dole............................................. 208 Senator Miller........................................... 210 Stuart K. Pratt, President and Chief Executive Officer, Consumer Data Industry Association...................................... 104 Prepared statement........................................... 160 Linda Foley, Executive Director, Identity Theft Resource Center.. 108 Prepared statement........................................... 171 Response to written question of Senator Miller............... 211 William Hough, Vice President of Credit Services, The Neiman Marcus Group, on behalf of the National Retail Federation............. 111 Prepared statement........................................... 187 Response to written question of Senator Miller............... 214 Michael W. Naylor, Director of Advocacy, AARP.................... 113 Prepared statement........................................... 189 Response to written question of Senator Miller............... 214 ---------- THURSDAY, JUNE 26, 2003 Opening statement of Chairman Shelby............................. 217 Opening statements, comments, or prepared statements of: Senator Johnson.............................................. 218 Senator Bennett.............................................. 219 Senator Sarbanes............................................. 220 Senator Allard............................................... 221 Senator Carper............................................... 222 Senator Dole................................................. 222 Senator Bunning.............................................. 247 WITNESSES Joel R. Reidenberg, Professor of Law, Fordham University School of Law......................................................... 223 Prepared statement........................................... 247 Ronald A. Prill, former President, Target Financial Services, on behalf of the National Retail Federation................................. 227 Prepared statement........................................... 256 Terry Baloun, Regional President and Group Head, Wells Fargo Bank 229 Prepared statement........................................... 260 Response to written questions of: Senator Shelby........................................... 314 Senator Bunning.......................................... 317 Senator Sarbanes......................................... 319 Senator Dole............................................. 321 Senator Johnson.......................................... 322 Julie Brill, Assistant Attorney General, the State of Vermont.... 230 Prepared statement........................................... 263 Martin Wong, General Counsel, Global Consumer Group, Citigroup... 233 Prepared statement........................................... 291 Response to written question of: Senator Shelby........................................... 326 Senator Bunning.......................................... 331 Senator Johnson.......................................... 334 Senator Dole............................................. 338 Edmund Mierzwinski, Consumer Program Director, U.S. Public Interest Research Group................................................. 235 Prepared statement........................................... 294 Angela L. Maynard, Chief Privacy Executive and Counsel, KeyCorp, on behalf of the Financial Services Roundtable........................... 237 Prepared statement........................................... 308 Additional Material Supplied for the Record Letter to Chairman Shelby and Ranking Member Sarbanes from Chris Jay Hoofnagle, Deputy Counsel, Electronic Privacy Information Center, dated June 24, 2003.................................... 340 ---------- THURSDAY, JULY 10, 2003 Opening statement of Chairman Shelby............................. 349 Prepared statement........................................... 399 Opening statements, comments, or prepared statements of: Senator Sarbanes............................................. 350 Senator Dole................................................. 352 Senator Johnson.............................................. 352 Senator Enzi................................................. 353 Senator Carper............................................... 355 Senator Bennett.............................................. 355 Senator Dodd................................................. 357 Prepared statement....................................... 402 Senator Crapo................................................ 358 Senator Stabenow............................................. 358 Prepared statement....................................... 402 Senator Allard............................................... 359 Prepared statement....................................... 403 Senator Corzine.............................................. 360 Senator Schumer.............................................. 360 WITNESSES Timothy J. Muris, Chairman, U.S. Federal Trade Commission........ 361 Prepared statement........................................... 404 Response to written questions of Senator Sununu.............. 506 Stephen Brobeck, Executive Director, Consumer Federation of America........................................................ 381 Prepared statement........................................... 422 Stuart K. Pratt, President and CEO, Consumer Data Industry Association.................................................... 383 Prepared statement........................................... 437 Richard F. LeFabvre, President and CEO, AAA American Credit Bureau, Inc.................................................... 385 Prepared statement........................................... 459 David A. Jokinen, Sugar Land, Texas.............................. 387 Prepared statement........................................... 477 Evan Hendricks, Editor and Publisher, Privacy Times.............. 390 Prepared statement........................................... 481 Additional Material Supplied for the Record Letter to David A. Jokinen from the Social Security Administration................................................. 507 ---------- TUESDAY, JULY 29, 2003 Opening statement of Chairman Shelby............................. 509 Opening statements, comments, or prepared statements of: Senator Sarbanes............................................. 510 Senator Bennett.............................................. 511 Senator Stabenow............................................. 512 Senator Enzi................................................. 512 Prepared statement....................................... 549 Senator Miller............................................... 532 Senator Allard............................................... 539 Prepared statement....................................... 549 WITNESSES Dolores S. Smith, Director, Division of Consumer and Community Affairs, Board of Governors of the Federal Reserve System............... 514 Prepared statement........................................... 549 Response to written question of Senator Sarbanes............. 585 Donna Gambrell, Deputy Director for Compliance and Consumer Protection, Division of Supervision and Consumer Protection, Federal Deposit Insurance Corporation.......................................... 515 Prepared statement........................................... 554 Joel Winston, Associate Director, Financial Practices Division, Bureau of Consumer Protection, U.S. Federal Trade Commission... 517 Prepared statement........................................... 558 Travis B. Plunkett, Legislative Director, Consumer Federation of America........................................................ 518 Prepared statement........................................... 560 Stacey D. Stewart, President and Chief Executive Officer, Fannie Mae Foundation..................................................... 520 Cheri St. John, Vice President of Global Scoring Solutions, Fair Isaac Corporation.................................................... 522 Prepared statement........................................... 566 Scott Hildebrand, Vice President, Direct Marketing Services, Capital One Financial Corporation.............................. 524 Prepared statement........................................... 579 ---------- THURSDAY, JULY 31, 2003 Page Opening statement of Chairman Shelby............................. 587 Opening statements, comments, or prepared statements of: Senator Sarbanes............................................. 592 Senator Bennett.............................................. 594 Senator Johnson.............................................. 596 Senator Crapo................................................ 597 Senator Carper............................................... 599 Senator Dole................................................. 601 Prepared statement....................................... 627 Senator Corzine.............................................. 602 Senator Bunning.............................................. 603 WITNESSES John W. Snow, Secretary, U.S. Department of the Treasury......... 588 Prepared statement........................................... 627 Response written questions of Senator Dole................... 653 Michael F. McEneney, Partner, Sidley Austin Brown & Wood LLP; on behalf of the U.S. Chamber of Commerce................................ 611 Prepared statement........................................... 630 Edmund Mierzwinski, Consumer Program Director, U.S. Public Interest Research Group; on behalf of: ACORN, Center for Community Change, Consumer Action, Consumer Federation of America, Consumers Union, Electronic Privacy Information Center, Identity Theft Resource Center, Privacy Rights Clearinghouse, Privacy Times, and U.S. Public Interest Research Group....... 614 Prepared statement........................................... 634 Additional Material Supplied for the Record Letter from Senator Jim Bunning to John W. Snow, Secretary, U.S. Department of the Treasury, dated August 6, 2003............... 654 Consumer Credit: Limited Information Exists on Extent of Credit Report Errors and Their Implications for Consumers, by Richard J. Hillman, Director, Financial Markets and Community Investment, U.S. General Accounting Office..................... 655 The Development and Regulation of Consumer Credit Reporting in America by Robert M. Hunt, Senior Economist, Federal Reserve Bank of Philadelphia, dated November 2002...................... 675 THE FAIR CREDIT REPORTING ACT AND ISSUES PRESENTED BY REAUTHORIZATION OF THE EXPIRING PREEMPTION PROVISIONS ---------- TUESDAY, MAY 20, 2003 U.S. Senate, Committee on Banking, Housing, and Urban Affairs, Washington, DC. The Committee met at 2 p.m., in room SD-538 of the Dirksen Senate Office Building, Senator Richard C. Shelby (Chairman of the Committee) presiding. OPENING STATEMENT OF CHAIRMAN RICHARD C. SHELBY Chairman Shelby. The Committee will come to order. I would just like to thank everyone for being here today. At the end of this year, the State law preemption provisions of the Fair Credit Reporting Act expire. This Committee has the responsibility of reviewing these provisions and making a determination as to whether they should be extended, altered, or be allowed to lapse. The task before us is no small endeavor. The preemption provisions are a part of a much larger, highly complex law, a law that governs crucial aspects of the consumer credit system. This national system is huge, involving trillions of dollars and millions of people, and is at the heart of the economic well-being of this country. This system is also fundamentally dependent on the collection and dissemination of data that involves some of our most sensitive personal information. We do want to point out, however, that balancing these various interests is not a new challenge for Congress. At enactment, when it was significantly amended in 1996, and now, the calculus behind the FCRA has always required consideration of the broad issues relating to the operation of the credit markets and consumer privacy. The statement of purpose of the Act bears this point out. It highlights the banking system's dependence upon fair and accurate credit reporting, the vital function consumer reporting agencies perform in supplying this information, and the need to ensure that reporting agencies exercise the grave responsibilities with fairness, impartiality, and respect for the consumer's right to privacy. As we review the expiring preemption provisions of the law, it is my hope that the provisions are considered in the context of the law's purpose. To this end, we have already held numerous staff briefings covering many of the key topics associated with the Fair Credit Reporting Act. Additionally, and more importantly, while working within the limited timeframe we have available, it is my intention to develop a comprehensive hearing record to inform the Committee's debate. We are now moving to the hearing phase and are beginning at what I feel is the best point of departure--consideration of the fundamental issue implicated in the debate--operation of the consumer credit system and the Fair Credit Reporting Act's role in that system. We do this by first hearing from the Federal Trade Commission, the Agency with the most responsibility for enforcement of the Fair Credit Reporting Act. Our first witness is Howard Beales, Director of the Federal Trade Commission's Division of Consumer Affairs. From Mr. Beales, we should obtain more information about the history, the purpose, and function of this important law. I look forward to his testimony. As we move forward, I plan to use these hearings to provide content that will enable the Committee to focus its consideration on the discrete issues and particular applications of the law. It is my hope and intent that, at the end of this process, we will have obtained a full sense of the value of our national system and we will be able to balance the various issues presented by contemporary information use practices. Our overarching goal should then be to ensure that the law produces the most effective, efficient, balanced and fair system that is achievable. Senator Crapo. STATEMENT OF SENATOR MIKE CRAPO Senator Crapo. Thank you very much, Mr. Chairman. I appreciate your comments and share them, and I appreciate the attention you are giving to this critical issue. As you indicated, we have a short timeframe within which to address the reauthorization of the Fair Credit Reporting Act's preemption authority. And I believe that there is an increasingly strong consensus in terms of that need. The other issues that surround this issue as well are those which we need to have a solid record developed on and which I appreciate your encouragement and support in developing that record. I intend to work with you and the other Members who are interested in this issue to prepare solutions to those issues, such as the privacy issues, the identity theft issues, and other related issues that are involved, not only in FCRA, but also in the application of the Gramm-Leach-Bliley legislation and our entire approach to how credit and the information surrounding credit is basically collected and utilized in our society. We want to make sure that the protections are in place to protect privacy, but at the same time, we want to make sure that our system of credit in the United States, which has been such a strength to our economy and to our people, is not interfered with. And I think that that task is one that is achievable and I look forward to working with you on it. Thank you. Chairman Shelby. I just want to make an announcement. Concurrent with this hearing today, when we get a quorum, the Committee will conduct a vote on a lot of nominations: Nicholas Gregory Mankiw, of Massachusetts, to be a Member of the Council of Economic Advisors, the Executive Office of the President; Steven B. Nesmith, of Pennsylvania, to be Assistant Secretary for Congressional and Intergovernmental Relations, U.S. Department of Housing and Urban Development; Jose Teran, of Florida, to be a Member of the Board of Directors, the National Institute of Building Sciences; James Broaddus, of Texas, to be a Member of the Board of Directors, the National Institute of Building Sciences; Lane Carson, of Louisiana, to be a Member of the Board of Directors of the National Institute of Building Sciences; and Morgan Edwards, of North Carolina, to be a Member of the Board of Directors of the National Institute of Building Sciences. I just wanted to make that announcement at the beginning. Mr. Beales, we welcome you to the Committee. Your written statement in its entirety has been reviewed and it will be made part of the Senate Banking Committee's record. You proceed as you wish. As I told you, we are going to get a vote on the floor about 2:20 p.m., or whenever we get it, and I will recess the Committee for the vote at the proper time. You proceed as you wish. STATEMENT OF J. HOWARD BEALES, III DIRECTOR, BUREAU OF CONSUMER PROTECTION U.S. FEDERAL TRADE COMMISSION Mr. Beales. Thank you very much, Mr. Chairman and Members of the Committee. I am pleased to have this opportunity to provide background on the Fair Credit Reporting Act. Although the views expressed in the written statement represent the views of the Commission, my oral presentation and my responses to questions are my own and do not necessarily reflect the views of the Commission or any individual Commissioner. The Commission has played a central role in interpreting and enforcing the FCRA since the law was enacted in 1970. I really appreciate the opportunity to discuss the Act and its role in regulating credit report information. After World War II, the American population grew and became vastly more mobile. A national consumer reporting system developed in response to this new mobility. Since that time, consumer credit outstanding has grown exponentially. Indeed, consumer spending accounts for over two-thirds of U.S. gross domestic product and consumer credit markets drive U.S. economic growth. Early on, credit reporting was local or regional and, the amount of information collected was limited and not standardized. The credit bureaus, also known as consumer reporting agencies, manually recorded consumer information on index cards, updated the information irregularly, and often retained it indefinitely. Over time, however, small credit bureaus grew to become large repositories of consumer information, relying on sophisticated computer systems to store, process and transit large amounts of data. Today, the credit reporting system, consists primarily of three nationwide credit bureau repositories, containing data on as many as 1.5 billion credit accounts held by approximately 190 million individuals. Creditors and other so-called furnishers provide information to credit bureaus voluntarily. There is no direct payment to furnishers for providing this data, but the cooperative database enables credit grantors to make more expeditious and accurate credit decisions. Quick credit decisions are important to many consumers who are in the market for new credit. A recent Federal Reserve Board study found that one in five active credit accounts was opened within the last year. Because of the national credit reporting system we have, the credit application process has evolved from a relatively time-consuming individualized procedure that relied on loan officers' case-by-case estimates, to a more sophisticated and partial system that relies on consistent assessment of credit history information. Because of the prevalence of credit reports, consumers today can use the Internet to comparison-shop for a wide array of credit products and get a virtually instantaneous offer. Or they can get a five-figure loan from a car dealer they have never seen before and drive a car out of the showroom the same day. Let me briefly review some of the key elements of the FCRA as it stands today, 33 years after its original passage. It is important to keep in mind that notwithstanding its title, the Fair Credit Reporting Act has always covered more than what are conventionally termed ``credit reports.'' It applies to any information that is collected and used for the purpose of evaluating consumers' eligibility for products and services they want. Thus, the FCRA has always applied to insurance, employment, and other noncredit consumer transactions. My focus today will be on credit reporting, but the same basic regulatory structure applies to all consumer reports. The FCRA provides consumer protections in two vital areas-- privacy and accuracy. The Act is designed to protect privacy in a number of ways. Primarily, it limits distribution of credit reports to those with specific ``permissible purposes.'' Generally, reports may be provided for the purposes of making decisions involving credit, insurance, or employment, and certain other consumer-initiated transactions. Also, Congress has given consumers the right to opt out of the use of their credit information for prescreening and opt out of the sharing of certain information, including credit reports among affiliated companies. In addition to privacy, credit report accuracy is a core goal of the FCRA. Accurate reports benefit not only consumers, but also credit grantors who need accurate information to make optimal decisions. The FCRA uses two major avenues to achieve the goal of optimal accuracy. First, it provides that the consumer reporting agencies must follow ``reasonable procedures to assure maximum possible accuracy of the information'' they report. Second, the FCRA gives consumers the right to know what information the credit bureau maintains on them and the right to dispute errors, facilitated by the Act's adverse action notice requirements. Since 1970, the FCRA has required that when credit is denied based, even in part, on a consumer report, the creditor must notify the consumer of the identity of the credit bureau from which the report was obtained, of the right to obtain a free copy of the report, and the right to dispute the accuracy of the information in the report. A consumer can initiate a dispute by notifying a credit bureau of incomplete or inaccurate information in his or her credit report. The credit bureau and creditor who furnished the information must reinvestigate the dispute, generally within 30 days, record the current status of the information and delete it if it is found to be inaccurate or unverifiable. The credit bureau must report the results of the investigation to the consumer. The self-help mechanism embodied in the FCRA's scheme of adverse action notices and the right to dispute is a critical component in the effort to maximize the accuracy of consumer reports, and the Commission has given high priority to assuring compliance with these provisions. Let me briefly discuss the Commission's efforts to administer and enforce the FCRA since 1970. When Congress first passed the Act, it provided that the Commission would be the principal agency to enforce the statute. The Commission brought a number of formal actions to enforce the FCRA, including cases to assure compliance with the adverse action notice requirements on the part of creditors and employers, to assure compliance with privacy and accuracy requirements by the major nationwide credit bureaus, and to assure compliance by resellers of consumer reports, which are agencies that purchase consumer reports from the major bureaus and then resell them. The Commission's enforcement efforts since 1996 have focused on the new requirements added by the amendments in that year. For example, the Commission settled cases against the three major repositories charging that they failed to have adequate personnel available to answer FCRA-mandated toll-free telephone numbers. The Commission has also settled cases against furnishers of information to consumer reporting agencies alleging that they falsely reported delinquency dates, causing adverse information to remain on credit reports past the 7-year limit provided by the Act. Recently, the Commission settled an action against an Internet mortgage lender that failed to give adverse action notices to consumers who did not qualify for online pre- approval because of information in their credit reports. The Commission is also engaged in extensive consumer and business education, including the Commission's 1990 commentary on the FCRA. After the 1996 Amendments, our informal guidance expanded to meet the interpretive needs that were prompted by the amendments. We are now focused on a revision of the 1990 commentary which has been rendered partly obsolete by the passage of time and the amendments. The Commission will continue to use a combination of education initiatives and vigorous enforcement to foster compliance with the FCRA. We see several ongoing developments in the consumer reporting marketplace that may have significant impact on consumers. First, more types of businesses are using credit reports to make decisions in consumer transactions. For example, telephone service providers routinely use consumer reports to make decisions on whether to provide service and what deposit requirements, if any, to impose. Insurance companies are increasingly using the information from consumers' credit histories when underwriting homeowners and auto insurance policies. Second, we are seeing new types of consumer credit providers and products in the marketplace. For example, the growing use of prescreened offers for the marketing of credit cards has led to the development of credit card banks that rely almost entirely on prescreening to sell their cards. Prescreening has also led to the widespread availability of credit cards with no annual fee and other attractive benefits, and has enhanced competition. Third, businesses increasingly are using consumer reports to undertake risk-based pricing of products or services. Many creditors and other businesses no longer merely approve or deny applications, but, rather, they use credit report data to finely calibrate the terms of their offer. Consumers benefit from the more efficient consumer credit market that is made possible by these developments. Any reference to the consumer reporting system should recognize the problem of identity theft. The range, accuracy, and timeliness of information in consumer reporting data bases makes them unique resources. They are, therefore, simultaneously a target for identity thieves and a valuable resources for combatting identity theft. Identity theft threatens the fair and efficient functioning of consumer credit markets by undermining the accuracy and credibility of the information flow that supports these markets. As I recently detailed before the House Financial Services Committee, the Commission is working actively to combat identity theft in a number of areas. We will continue to explore avenues for combatting identity theft and assisting victims. In conclusion, the 33 years since passage of the Act have fully demonstrated the wisdom of Congress in enacting the FCRA. The FCRA makes possible the vitality of modern consumer credit markets. The consumer reporting industry, furnishers, and users can all rely on the uniform framework of the FCRA in what has become a complex, nationwide business of making consumer credit available to a diverse and mobile American public. The 1970 Act, along with the 1996 Amendments, provided a carefully balanced framework, making possible the benefits that result from the free, fair, and accurate flow of consumer data. All of these benefits depend on the consumer reporting system functioning as intended. That is why the FTC continues to emphasize the importance of educating consumers and businesses, and of enforcing the law to assure compliance by all who have a role in making the system work. Thank you for this opportunity to present the Commission's views, and I would be happy to respond to your questions. Chairman Shelby. Thank you. I believe at this point would be a good time--Senator Dole, we are having a vote at 2:20 p.m., unless it has been vitiated. Does anybody know? It hasn't hit yet. [Pause.] I believe I will recess the hearing--Senator Dole, do you have an opening statement or any comments? COMMENTS OF SENATOR ELIZABETH DOLE Senator Dole. No. In the interest of time, I will submit my statement for the record. Chairman Shelby. It will be made a part of the record in its entirety. Senator Dole. But I welcome you. As a former Member of the Federal Trade Commission, I am delighted to have your testimony today and look forward to the questions. Chairman Shelby. Thank you, Senator Dole. Your opening statement will be made a part of the record. Senator Dole. Thank you, Mr. Chairman. Chairman Shelby. We will recess the Committee until we get back from the vote. [Recess.] Chairman Shelby. The Committee will come to order. Mr. Beales, starting at the most basic level, just for the record--this is our first hearing regarding the Fair Credit Reporting Act, as you know--I want to establish for the record what is covered by the Fair Credit Reporting Act. The law identifies certain kinds of personal information and it establishes how and by whom such information can be collected, transferred, and used. Is that correct? Mr. Beales. Yes, sir. Chairman Shelby. What would be an example of the kind of information that is covered under the statutory scheme? Mr. Beales. It could be any information if it bears on eligibility for credit or employment. That is the basic definitional constraint. Chairman Shelby. Give us an example. Mr. Beales. The typical example is how well you repay your bills, so your repayment history. Chairman Shelby. Sure. It certainly does has probative value, doesn't it? Mr. Beales. It certainly does. It is ultimately what the creditor is interested in. Chairman Shelby. Right. And should be. Mr. Beales. Right. It may also include, and typically does, public record information, like mortgages and liens against your property. Chairman Shelby. Tax liens, if any. Mr. Beales. Tax liens, any other kind of information, bankruptcy information. Chairman Shelby. Lawsuits? Mr. Beales. Lawsuits that may be picked up from public records, yes, any of that might be there. Chairman Shelby. The law restricts, as I understand it, who can access and use the contents of a consumer report. In other words, not just anyone can use it for any reason. Could you elaborate on that, about how use of such information or report is restricted, for the record? Mr. Beales. The fundamental restriction is that you have to have a permissible purpose under the statute to access the report. Chairman Shelby. Is permissible purpose defined in the statute? Mr. Beales. There is a definition. A permissible purpose would be to assess your eligibility for credit. Chairman Shelby. Okay. Mr. Beales. Or for insurance purposes. Or for employment. Probably the broadest of the permissible purposes is in connection with a business transaction initiated by the consumer. Any of those would be permissible purposes under the statute. Chairman Shelby. Not a fishing expedition. Mr. Beales. Not a fishing expedition. Not idle curiosity. Chairman Shelby. That is prohibited, is it not? Mr. Beales. That is prohibited. From the beginning, it has been prohibited for a credit reporting agency to provide information to somebody without a permissible purpose. The 1996 Amendments also prohibited obtaining, the act of obtaining a report without a permissible purpose. Chairman Shelby. So that begs the question--why do you think access to credit reports was limited to those with permissible purposes? Mr. Beales. I think this is sensitive information. Chairman Shelby. Sensitive information. Basically, private information. Mr. Beales. Basically, private information. And in order to protect the consumer's privacy interests, and to balance the consumer's privacy interests against the legitimate needs of creditors in trying to assess whether or not to grant credit, Congress made the decision to enumerate the kinds of purposes for which this was a worthwhile use and an acceptable invasion of privacy, and eliminate the kinds of uses where there is less benefit, but the same invasion of privacy. Chairman Shelby. Is target marketing generally considered a permissible use? And if so, why? Mr. Beales. The only circumstance in which target marketing is a permissible use is prescreened offers of credit or insurance. Other than that, target marketing is not a permissible use. Chairman Shelby. The structure of the Fair Credit Reporting Act reflects decisions of earlier Congresses what weighed and balanced--tried to balance--various factors, such as privacy, accuracy, and commercial need for credit information. Could you revisit the portions of your testimony where you identified these considerations and discuss them just for the record a bit further? Privacy, accuracy, and the commercial need for credit information. Mr. Beales. The fundamental restriction to protect privacy is to restrict the use of information to people who have a permissible purpose. Without a permissible purpose, you cannot get access to information in credit reports because of the concern about privacy. To preserve accuracy of the information, the Act has two basic provisions, two basic mechanisms. One that requires the credit reporting agency to use reasonable procedures to assure maximum possible accuracy. And two, and maybe more important, it has a notification mechanism to consumers. If an adverse decision is based on information in a credit report, the consumer, who is in the best position to know whether that information is accurate or not, is given a notice and is given the opportunity to get access to their report in order to determine whether or not there are errors that need to be corrected. Chairman Shelby. In your written testimony, you cite a 1996 D.C. Circuit Court case where the court held that a major purpose of the Fair Credit Reporting Act, and I will quote: ``Is the privacy of a consumer's credit-related data.'' Do you believe that this is an accurate characterization? Is privacy a critical concern underlying the Fair Credit Reporting Act? Mr. Beales. Absolutely. Chairman Shelby. Okay. Mr. Beales. To balance the privacy interests against the legitimate needs for credit reporting and to assure that the information is accurate. Chairman Shelby. In your written testimony, you point out that the 1996 Amendments that you alluded to earlier permitted greater sharing of consumer report information by affiliated companies. To what degree was information-sharing occurring before the amendments were passed? And why were the 1996 affiliate-sharing amendments needed? If you go back prior to 1996, and then after, post-1996. Mr. Beales. I think around 1996, and I do not know precisely what is before or what is after---- Chairman Shelby. Okay. Mr. Beales. --but it seems to me that the structure of the financial services industry was undergoing a lot of change and a lot more change was anticipated. Those changes in structure led to a lot more affiliation relationships where there is common ownership or control of different parts of the same, but separate, corporation. Chairman Shelby. Also, national in scope, too, wouldn't it be? Mr. Beales. Absolutely. A lot more national in scope and a lot more combinations of what had previously been unrelated businesses or businesses that were separated by regulatory requirements. I think it was that greater combination that led to more sharing among affiliates because, from one perspective, there is no distinction between being an affiliate and being different divisions of the same company. In the different divisions case, there is no restriction on sharing. Chairman Shelby. A legal distinction? Mr. Beales. Excuse me? Chairman Shelby. A legal distinction? Mr. Beales. Sure. There is a legal and organizational distinction and it is useful for regulatory purposes like confining risks from a particular kind of business or limiting the scope of deposit insurance, for example, to the deposit base in a bank. It is very useful for that purpose. Chairman Shelby. What new powers did affiliates obtain under the 1996 Amendments that did not exist previous to the 1996 Amendments? Just off the top of your head. Mr. Beales. Previous to the 1996 Amendments, if you shared information among affiliates, and the information was enough to amount to a credit report, then the affiliate that was the source would itself be a credit reporting agency and would have to comply with the full panoply of requirements of the statute. So if the banking arm shared an application with the subprime lending arm of the same company, it would itself be a consumer reporting agency and subject to all of the other requirements of the FCRA. After the 1996 Amendments, that kind of information sharing was exempted as long as the consumer has the right to say no and prevent the information sharing. It was exempted from the definition of a consumer report. Chairman Shelby. How does that work? You say the consumer, as long as the consumer has the right to say no to the sharing. Is that at the outset or is it when something comes up? Mr. Beales. It could be at either point. What the statutory requirement is, is that the consumer be given the right to opt out and that opt out or that giving of the right either occur up front at the time the relationship is initiated, or it could occur at any subsequent point. What has happened with Gramm-Leach-Bliley, since Gramm- Leach-Bliley, is that many companies have provided the notice and the opt out for the Fair Credit Reporting Act as part of the annual Gramm-Leach-Bliley notice. Chairman Shelby. I will get back in another round. Senator Carper. STATEMENT OF SENATOR THOMAS R. CARPER Senator Carper. Thank you, Mr. Chairman. And to our witness--do you pronounce your name ``beals''? Mr. Beales. Yes, sir. Senator Carper. Welcome aboard. As you know, probably better than us, when the FCRA was passed by Congress, there was a sunset provision that causes us to come back and to revisit the issue. That sunset gives us the opportunity to do so. I missed your testimony. And I am just going to ask, if you will, just to take maybe one minute and say, if there is nothing else that you walk out of here remembering that I have said, this would be the one or two or three things. Can you start with that? Mr. Beales. I think this is an important decision. I think the way the credit reporting system functions is really vital to the functioning of credit markets. And that, in turn, is vital to the functioning of the American economy. Consumer spending is a huge chunk of the economy. I think that this is an important statute that struck a very reasonable and time-tested balance between the conflicting interests of consumer privacy and the legitimate needs of businesses for information. I think it is a balance that has stood the test of time since the statute was originally enacted. I think the accuracy provisions of the statute are a key component. That has been a crucial aspect of our---- Senator Carper. Could you talk a little bit about that, please? Mr. Beales, could you hold the microphone--usually, we ask people to bring it closer. I am going to ask you to bring it further away. Thank you. You have a booming voice. [Laughter.] You could probably get by here without that mic. [Laughter.] Mr. Beales. Too much time in a classroom. [Laughter.] Yes, there is two key provisions about accuracy, two key mechanisms for providing accuracy. The credit reporting agencies themselves are required to have reasonable procedures to assure maximum possible accuracy. And that is one of the key requirements, to make sure that information is correct. Maybe more important is the requirement for adverse action notices to consumers when a decision is based on information in a credit report. That lets the consumer know the source of the information was a credit report, where that credit report is, and it gives the consumer access to that credit report to examine it and see if there is any mistakes. And it is the consumer, after all, who is in the best position to know and has absolutely the right incentives to try to make sure that the information is accurate and reflects their credit history appropriately. Once the consumer indicates that there is a problem, or disputes an item, credit bureaus have to reinvestigate, furnishers have to reinvestigate, and unless the information can be verified as accurate, it has to be deleted. But I think that those are the two key mechanisms that address accuracy. Senator Carper. Let me ask your thoughts on whether or not--if we permit December 31 to come and go and we do not restore the preemption provisions, what do you think are the downsides to our failure to act, and what, if any, are the upsides? Mr. Beales. The Commission hasn't taken a position on what you should do. I think that the failure to renew the preemptions runs the risk that what is now a national system begins to fragment, that it does so in ways that make it harder to share information across state lines and within what are increasingly national credit markets. I believe the potential benefit of allowing the preemption to expire, would be letting States innovate with different approaches and try out different schemes to try to protect consumers or to try to balance these conflicting interests in slightly different ways. And as I say, the downside of that is we may not like some of those experiments and they may interfere with the uniformity that we currently enjoy in credit markets. Senator Carper. Looking back, I was not here when the preemption language was adopted. But why was it adopted? Mr. Beales. I was not involved in that debate, either, and I do not know. Why was it adopted? I think it was in order to assure the uniformity of some key aspects of the system. And it certainly has accomplished that. Senator Carper. Is the rationale for taking that action any less relevant or correct today? Mr. Beales. I think that remains the benefit of extending preemption, is that you assure the continued uniformity of the system. That, however, limits the ability of States to try other approaches and experiment with other approaches that may teach us something. Senator Carper. All right. My time is expired. Mr. Chairman will there be another round? Chairman Shelby. Sure. Senator Carper. Thank you. Chairman Shelby. Senator Dole. I think she was here first. Senator Dole. Thank you. The average American moves, I am told, every 6 years. That is more than two-thirds higher than any other country. I think you would agree that our national uniform credit system plays a significant role in increasing the mobility of labor and the ability of consumers to move, while they preserve the opportunity to get cheap credit through the portable credit system. But tell me how important do you think this is to our economy? Mr. Beales. It is hard to know, and actually, we are very much looking forward to some research that is in the works on what the consequences would be of losing some kinds of information out of the credit reporting system. And I think that will be very interesting to see, and we will be able to have a much firmer assessment once that research is concluded. But I think it clearly makes it easier to be able to move to a new town and it doesn't matter that there is no one there who knows you and can vouch for you, that there is access to a credit report from elsewhere with a system that creditors know they can depend on to provide accurate and complete information upon which to base a decision. If you had to go to a separate State or systems, it would be far more difficult and far more uncertain for the creditor, which in turn would likely get reflected in worse terms offered to the consumer. Senator Dole. Now, I have heard the case made that other modern economies throughout the world, in Europe, in Latin America, and Asia, do not have credit reporting systems like ours, and that some countries are considering right now adapting our system, our credit reporting system, the preemptions. Can you provide the Committee with some details of how our credit reporting information or information-sharing system would contrast with other countries', in the G8, for example? Mr. Beales. Just speaking generally, and not about any particular country, probably, there is two kinds of differences between the U.S. system and various foreign systems. One, our system is voluntary. In some countries, credit reporting is essentially a public utility or provided by the government, even in some instances. Our system is voluntary, market-driven. It depends on what information furnishers are willing to provide to credit bureaus and what information credit bureaus think it is important to try to get and provide to their customers. Second, ours is a system of full-file reporting. Both positive and negative information about the consumer is reported. A number of other countries only have negative information reported. What is important about full-file reporting is there is a real difference between someone who has no negative information because they have never had credit before, and someone who has no negative information because they have had credit extensively, they have used numerous different accounts, and they have always paid them off. Those two people aren't the same. But in a system that only reports negative information, you cannot tell them apart. So the full-file reporting is a really useful feature of the American system. Senator Dole. And finally, could you just give us a run- through of what credit card pricing might look like without prescreening? Say prior to 1990, compared to today. Mr. Beales. It is difficult to attribute causality to any of the changes that have happened since 1990. But what credit card pricing looked like in 1990 was essentially everybody offered an interest rate that was at the legal usury ceiling. Cards generally had relatively high annual fees. There were no, or virtually no, ancillary benefits. You did not get airline miles. You did not get discounts. You did not get free insurance. What you see today is a wide variety of rates, of credit limits, numerous cards with no annual fees, a lot of different benefits, whether it is contributions to your favorite charity or the ability to display the logo of your school or even cash discounts in some cases. And interest rates that reflect much more closely the risk that a particular consumer creates or poses for the creditor. I think prescreening has been an important part of that shift. It has been an important competitive weapon, as people have entered credit card markets with different kinds of terms. But there is also obviously a lot of other changes that have happened that have likely influenced those developments as well. Senator Dole. Okay. Thank you, Mr. Chairman. I think my time is expired. Chairman Shelby. Thank you. Senator Johnson. COMMENTS OF SENATOR TIM JOHNSON Senator Johnson. Thank you, Mr. Chairman. I have a full statement that I would like to submit for the record. Chairman Shelby. It will be made a part of the record, without objection. Senator Johnson. I want to thank the Chairman for holding this hearing. Thank you, Mr. Beales, although I have to express disappointment that the Administration has, so far, been unwilling to exert greater effort at pushing for passage of legislation to extend the preemption. My own view is that a failure to act on the preemption by January 1, 2004, will be utterly disastrous for the economy of this country and for consumers all over America. A uniform reporting system that could break into as many as 50 reporting systems, all with different standards, different requirements, different procedures, and a credit reporting system which in many ways has become a model for the world, would be degraded significantly. I think that while there are those who want to utilize this necessary legislation as a vehicle for taking up other issues, and I respect that, I would hope that the Senate will keep a close eye on the notion that what is at stake here is access to credit. And that is the principal reason why we are having this debate, and the uniform system, in fact, in full-file reporting has enhanced citizens' ability to secure credit, has enhanced the ability of financial institutions to make intelligent decisions relative to lending. Now, Mr. Beales, can you tell us whether this evolution of the credit reporting industry and the FCRA has resulted in personal credit histories being more portable? In other words, if someone applies for credit out of State, or moves a residence and applies for credit in their new home State, does that create any problems related to credit histories or obtaining reliable credit report information under what we have now--a uniform, full-file reporting system? Mr. Beales. No. I think the current system clearly facilitates exactly that kind of transaction. It facilitates a bank in California competing for the business of a consumer in Florida or Maine, and having reliable information about whether that consumer is a good risk or a bad risk. It facilitates the ability of that consumer to move from Florida or Maine to California and reestablish credit with new accounts, with merchants that have never heard of them before, because there is a uniform system that provides reliable information and creditors know that they can rely on that information to make an accurate risk assessment. Senator Johnson. So this system, better than a 50 different standards system, best facilitates dealing with the problems of a very mobile society. Would you say that that is a fair statement? Mr. Beales. Yes. I mean, I think the uniformity really facilitates mobility. I think that is probably right. And that is the benefit side of having a uniform system. Senator Johnson. And you note in your testimony that a Federal Reserve study of credit bureau files found that nearly 20 percent of currently reported active accounts have been open for fewer than 12 months. And you concluded that this number illustrates how a national credit system enables creditors to make better credit-granting decisions. Could you explain that conclusion a bit more and elaborate a bit on why those statistics and that uniformity is so key for credit-granting decisionmaking? Mr. Beales. What we have heard, and I think the point we are trying to make was simply this--what we have heard in the context of identity theft debates in particular is maybe credit shouldn't be so easy. I think the point of that statistic is that for a large fraction of the population, because they are opening new accounts all the time, easy access to credit is an important issue, that you do not want to make access to credit more difficult, given how many people are opening accounts on an ongoing basis. Senator Johnson. Do you think there has been enough done to investigate and prosecute identity theft crimes? And what are some of the impediments to investigating and prosecuting identity theft crimes? Mr. Beales. We are continuously working to do more to provide information to assist law enforcement in prosecuting identity theft. We are also active in trying to educate consumers as to how they can reduce the risks and how they can reduce the consequences, and I think that is an important part of it. And we are very involved in assisting businesses to try to reduce the risks, both from a business education perspective, to try to reduce the risks that information that is entrusted to them would be used to compromise somebody's identity. We have also gone after businesses on security grounds, where we thought that there was not sufficient security in place to protect sensitive information about the consumer. And that, too, has implications for identity theft. And we have an ongoing program of training law enforcement officials in order to help them better bring identity theft kinds of cases. Senator Johnson. I notice my time is expired, Mr. Chairman I have some other things that I am interested in in terms of prescreening and credit cards and how a national system facilitates that. Chairman Shelby. We will have other rounds. Senator Johnson. But I will wait for a later time, and I yield back. Chairman Shelby. Senator Bunning. STATEMENT OF SENATOR JIM BUNNING Senator Bunning. Thank you, Mr. Chairman. I have an opening statement that I would like to submit for the record. Chairman Shelby. It will be made part of the record in its entirety, without objection. Senator Bunning. Thank you. Since FCRA enactment in 1996, did the same number of complaints on FCRA-related issues to the FTC increase, decrease, or stay the same? Mr. Beales. Our reporting system has changed so much over that time period, that I am not sure you could draw comparisons from that. I do not know, but we would be happy to supply that information for the record of what the numbers of complaints have been like. Senator Bunning. Okay. Mr. Beales. But I do want to note that the changes in our information system have really made it harder to make those comparisons over time. Senator Bunning. Do you believe nonpassage of FCRA will lead to a Balkanization of privacy laws? Mr. Beales. I think it depends on what the States do. One can imagine a scenario in which there is no preemption and no State action and nothing changes. I think it is crucially dependent on what the States do as to what the likely impact of not having preemption would be. Senator Bunning. In other words, each individual State could do their own thing, then. Mr. Beales. Right. In the absence of preemption---- Senator Bunning. Yes. Mr. Beales. --each individual State could do their own thing. But each individual State could also choose to maintain the status quo. And that is the sense in which the consequence of not having preemption depends on what kinds of changes States try to make, are interested in making, and actually do make. Senator Bunning. Would you like to venture a guess---- [Laughter.] --about States and preemption? Mr. Beales. I think the likelihood is that they would try to do various things. Some more sensible than others. Senator Bunning. Thank you. [Laughter.] Do you receive prescreening complaints? If so, did you receive more before FCRA enactment, or after? Mr. Beales. Prescreening--we do get prescreening complaints. My recollection is that we do not get very many of them. Prescreening is something that, although it was codified in 1996, under FTC interpretations going back to 1973, prescreening was permissible under the Fair Credit Reporting Act. So there really wasn't any change or wasn't much of a change to give rise to a before and after. In fact, what the 1996 Amendments did was to codify the ability to prescreen and to make it a little bit less restrictive in terms of how firm the offer had to be than the FTC's staff opinions had been. Senator Bunning. Okay. A follow-up--do you believe prescreening has helped or hurt the consumer in regards to the credit card market? Mr. Beales. I think that prescreening has facilitated more competitive credit markets, and that that has been very good for consumers. Senator Bunning. Do you think that it is helped? Mr. Beales. Yes, I do. Senator Bunning. And you offer as fact, what? Mr. Beales. The changes that have occurred in the nature of credit card offers---- Senator Bunning. If you could stop them from coming once a day, I would really appreciate it. [Laughter.] Mr. Beales. You can do that because there is an opt out number that will let you opt out of prescreening offers. Senator Bunning. That is done statewide, though. Mr. Beales. It is done nationwide. Senator Bunning. It is done nationwide now? Mr. Beales. It is done nationwide. That was part of the deal for the codification of the ability to prescreen, was every one of those prescreening offers, if you read all the fine print in it, tells you that you can opt out and lists the numbers. It is 888-5-OPTOUT. Senator Bunning. 888---- Mr. Beales. 5-OPTOUT. Senator Bunning. --5-OPTOUT. Mr. Beales. And that will get you out of all prescreened offers. Senator Bunning. Thank you. [Laughter.] Mr. Beales. Glad to be of assistance. [Laughter.] Senator Bunning. I really appreciate that because once a day is too often. [Laughter.] Thank you, Mr. Chairman. Chairman Shelby. Senator Sarbanes. STATEMENT OF SENATOR PAUL S. SARBANES Senator Sarbanes. Thank you very much, Mr. Chairman. First of all, I want to commend you for holding this hearing. I know you are planning to hold a comprehensive series of hearings on this subject and invite a wide variety of interested parties to testify and I look forward to hearing from them. But I think it is important to comprehensively review this important issue. I also should express thanks to the thorough approach at the staff level. There have been a number of staff briefings in preparation for examining these issues. Of course, the preemption provisions of the Fair Credit Reporting Act, not the Act itself, just the preemption provisions, sunset on January 1, 2004. The Fair Credit Reporting Act itself serves an important purpose. It helps to ensure privacy of consumer financial data, accuracy of credit report information, and fair practices in the collection and use of credit information and in credit granting. This, of course, affects millions of Americans as they purchase homes, obtain insurance, seek new lines of credit, even apply for some types of jobs. Actually, the Fair Credit Reporting Act itself, at its core, is a consumer protection statute. Obviously, that is why I think it comes under the jurisdiction of the Bureau of Consumer Protection of the Federal Trade Commission, which Mr. Beales heads up. It protects the consumers by regulating the activities of credit reporting agencies, defining the responsibilities of both the users of consumer reports and those who furnish consumer information to credit reporting agencies. And of course, it provides important rights to consumers affected by such reports. The preemption provisions, of course, cover a number of areas and as a consequence, some important issues that I anticipate we will be addressing during these hearings and throughout the reauthorization process, will be the protection of consumers' financial privacy, accuracy of credit reports, marketing practices of creditors, credit scoring and the use of credit scores, fraud and identity theft, and of course, the availability and cost of credit. Mr. Chairman, I look forward to working with you as we embark on this comprehensive set of hearings. Now I would like to ask just a couple of questions of the witness. I am going to ask some very elemental questions. You are the professional. I want you to take us through the process. I want to get a copy of my credit report and my credit score. How do I do it? Mr. Beales. To get your credit report, you call one or more of the national credit reporting agencies and ask for a copy. There is a verification procedure to go through. In some cases, it may be easier if you write. And under Federal law, you can obtain that report for a fixed price that is set by regulation of the Federal Trade Commission, and they will send it to you. Senator Sarbanes. What is that price? Mr. Beales. Nine dollars---- Senator Sarbanes. Nine dollars. Mr. Beales. --is the Federal requirement. Now in some States, that report is free. But in other States, the Federal law sets the price at $9. Senator Sarbanes. And would you counsel me to get a copy of my credit report from each of the credit-rating agencies? Mr. Beales. If you are facing a major financial decision where the quality of your credit is going to be important--if you are going to refinance, if you are going to buy a home for the first time--I certainly would. It is well worthwhile to look at all three credit reports and make sure that the information in there is accurate. On a routine basis, it depends on whether--absent some impending transaction where you know this is going to matter, it depends on--it is up to you. It depends on how risk-adverse you are and how much you want to worry about how you want to balance the difficulty of going through the report and the hassle of getting it, against the risks of some inaccurate information that might be there. If you get notified unexpectedly that there was an adverse action, then surely, it is worth your while to look at that report. Then it is free. And make sure the information is accurate. Senator Sarbanes. And how do I get my credit score? Mr. Beales. Your credit score may or may not be disclosed. It depends on the practices of the credit reporting agency. Your credit score, although we talk about it that way, may be actually any one of a variety of different proprietary products with different lenders, different creditors having their own scoring systems that they think work better for them. Senator Sarbanes. When I get this instantaneous credit that people refer to, that keep the wheels of commerce moving, is it the credit score that the creditor relies upon? Mr. Beales. The credit score is likely a key part of that. Senator Sarbanes. Because it is all--you know, they tell you that it is done right away. You are there. You want to make this purchase. You want to get a car, so you tell the guy and they check it out and the next thing you know, they come back and they say, okay, you can go ahead. But they must just be working off the credit score in a situation like that, aren't they? Or not? Mr. Beales. Not necessarily. The way the system works, essentially, in all probability, the whole credit report goes-- it is clearly an automated process that the creditor is using to decide on the spur of the moment whether to approve or not. But that may be an automated system based on the credit score. Or it may be a system that is based on a computer program that looks at all the information in the file and says, yes or no. That can happen pretty quickly as well. Senator Sarbanes. Mr. Chairman, I see my time has expired. Chairman Shelby. If we can suspend for a minute. I told you earlier that we are going to proceed with marking up the nominations. We have a quorum. We have before the Committee now some nominations. The Committee will meet in Executive Session to consider and hopefully vote on a number of nominations pending before the Committee. The nominees are: Nicholas Mankiw, to be Member of the Council of Economic Advisors; Steven B. Nesmith, to be Assistant Secretary for Congressional and Intergovernmental Relations, U.S. Department of Housing and Urban Development; Jose Teran, James Broaddus, Lane Carson and Morgan Edwards, to be Members of the Board of Directors of the National Institute of Building Sciences. Each of the nominees appeared before the Committee on May 13. Is there any comment or debate about the nominations? [No response.] If not, I ask unanimous consent that the nominations be considered en bloc. [No response.] Hearing no objection, so ordered. All those in favor of the nominations, say aye. [A chorus of ayes.] Those opposed, no. [No response.] The ayes appear to have it and the nominations will be favorably reported to the full Senate. Thank you for your indulgence. Senator Sarbanes. Mr. Chairman, my time has expired. Chairman Shelby. Senator Crapo, do you have any questions? Senator Crapo. Thank you, Mr. Chairman. I will pass. Chairman Shelby. Senator Bennett. STATEMENT OF SENATOR ROBERT F. BENNETT Senator Bennett. Thank you, Mr. Chairman. And thank you for holding this hearing. I do not know of many issues quite like this one where a number of people whose judgment I respect have come to me and said, if we do not extend the preemption section of the Fair Credit Reporting Act, there will be serious, serious economic consequences. Some have said to me, failure to do that will throw the economy back into a recession. No one has been to lobby me on the other side, which I find kind of interesting. And so, if indeed it is that serious, and Chairman Greenspan has indicated that he thinks it might be that serious, although he stopped short of predicting a recession-- Chairman Greenspan always stops short of predicting anything that specific one way or the other. My first question, then, Mr. Beales, is we have had this Act in place for 30 years, it was updated 7 years ago in 1996, is there any problem that has come up, particularly since 1996 forward, since that is the most recent change that cries out for mediation or that says we have had all of these difficulties and it is absolutely essential that we let this thing lapse in order to avoid these difficulties? Have the last 7 years of history told us that we have a challenge here? Mr. Beales. I do not see anything in the last 7 years that would indicate a significant problem or a compelling reason to change, except that the clock has run and the statutory provision is expiring. There is certainly thing that I would point to to say, based on this experience, there is something that you need to do differently. There may well be places where the balance that the Act strikes between privacy and the needs of commerce could be struck differently or fine-tuned in various ways. At this point, the Commission hasn't made any recommendations for changes. But there are certainly things that I see that would lead me to say that there is a pressing need for change. Senator Bennett. When I first came to the Banking Committee, one of the issues that we spent a good deal of time on was the challenge of making more credit available, particularly to minorities. We had experts who came in here who had organized banks that loaned almost exclusively to minorities. We have had many somewhat heated discussions in this Committee about CRA and its role in making credit available to minorities. If indeed we got the Balkanization you were discussing with Senator Bunning, and which many people think would happen, wouldn't one side effect of that be to reduce the availability of credit to minorities? Mr. Beales. If you got significant Balkanization, I think it would likely reduce the availability of credit. How selective that would be, whether there would be a differential impact on minorities versus everybody else, is harder to assess, and I think it would ultimately depend on the kinds of actions States took and the kinds of restrictions that were put in place. I am sure there are some restrictions that likely would differentially affect minorities or lower-income people and their access to credit. There is probably other restrictions that States might adopt that would have differential effects the other way. Senator Bennett. My own sense of things based on all of the previous discussion that I referred to is that this probably would, in fact, have a chilling effect on credit being available to minorities. I have a chart here which you cannot discern that far away, if for no other reason than that the difference between the light gray and the dark gray is absolutely indistinguishable more than 10 inches away from the chart. So, I have a hard time seeing it myself. Senator Sarbanes. That is a very helpful chart. Senator Bennett. Yes, very helpful. [Laughter.] You can see the top bars going up and that is the total amount of household credit. And in 1960, it was just under 60 percent. Now it is over 100 percent. However, the lighter area underneath shows the amount of consumer credit. The darker part of the bar is mortgage credit. And the consumer credit has remained relatively stable in that period. In 1960, it was at the lowest percentage of household income. Looking at this, I would say it was probably at about 16 percent. It went up maybe to 17 or 18 percent in 1970 and stayed there all the way through. But now, it has gone up in 2002, a 12-year period, from 1990 to 2002, to just over 20 percent. But mortgage, which is the top part of the bar, has gone up very dramatically. In 1960, mortgage credit as a percentage of disposable income was less than 40 percent and now it is more than 80 percent. So the mortgage portion of household credit has gone up enormously. Now, I am not suggesting there is a cause-and-effect relationship here with the Fair Credit Reporting Act just because this is done during that period. We get into trouble with that around here because we put up charts that show cause- and-effect relationship depending upon what point we want to make on the floor. However, the final question I would ask you is whether or not the ability to get a mortgage in a timely fashion would be affected adversely if we did not renew the preemption part of this bill? Mr. Beales. I think it depends. It depends in part on what states do. It depends, in part, on the kind of a consumer you are. If you have never moved and you have lived in one area your whole life, then even a completely State-specific system is not necessarily going to make much difference to you. If you have lived in 20 different places in the last 20 years, and your credit history is scattered all over across lots of different States, and is not accessible across State lines because of different State restrictions, it is going to have a much more dramatic impact in that circumstance. I think what may be the most important part of the statute in terms of how it is impacted minority credit in particular, or credit at lower incomes, is prescreening that lets creditors identify consumers who are good risks and compete for that business. Senator Bennett. I see my time is expired. But I had exactly the experience that Mr. Beales is discussing, Mr. Chairman. I bought a house in California, having lived in California previously, and it was approved virtually in an afternoon. Then I had reason to move to the State of Utah, and it took me close to 60 days to get this thing approved in the State of Utah. And I finally had to have my father go down and wave his credit record, which was sterling compared to mine, and cosign the loan before we got it taken care of. That was before we had the legislation that we are all living under. So, I have had personal experience with how difficult this can be. Senator Sarbanes. They are very careful there in Utah. [Laughter.] Chairman Shelby. Very careful. Senator Bennett. Well, they were. [Laughter.] Chairman Shelby. Senator Miller. STATEMENT SENATOR OF ZELL MILLER Senator Miller. Thank you, Mr. Chairman. Thank you, Mr. Beales. This is something that I should know, but I do not. There is a lot of things like that. [Laughter.] But this is one. And I may be the only one in this room that doesn't. What I am asking is, what exactly is the jurisdiction that the FTC--I know what it stands for, Federal Trade Commission-- but what jurisdiction do you have over the Fair Credit Reporting Act? I know people can call up and get answers to questions and that you provide education on the FCRA. I know that you can give guidance and advice. I assume that somewhere in there, there is also some enforcement jurisdiction. Is that correct? Mr. Beales. That is correct. Senator Miller. And if so, talk to me a little bit about that. Mr. Beales. We are, I would say, the principal enforcement agency under the Fair Credit Reporting Act. The credit reporting agencies themselves are subject to our jurisdiction. Banks that are regulated by other agencies are regulated under the Fair Credit Report by those other agencies. But for other creditors, we are the chief enforcement agency and the chief regulatory agency. Senator Miller. And I think you answered this question a while ago. You say that you have no legislative remedy that you would recommend to the Senate Banking Committee when it comes to looking at the FCRA bill. Mr. Beales. The Commission has not made any recommendations at this point. That is correct. Senator Miller. Thank you. Chairman Shelby. Senator Dodd. STATEMENT OF SENATOR CHRISTOPHER J. DODD Senator Dodd. Thank you, Mr. Chairman. And thank you for holding this hearing. And I support the notion that Senator Sarbanes raised and we are going to hear some more later on. But I think this is very helpful. And I want to commend Mr. Beales, too. Your testimony is very, very good, very helpful as well. And I am quite confident that we can craft a good piece of legislation. On balance, Mr. Chairman, the FCRA has done much to improve a formerly fragmented situation that was basically a regional system, but now, of course, a national system of credit reporting. But like several of my colleagues, we have some concerns about how consumers are treated under this regime. And at least I hope that the Committee will closely examine how to better protect consumers as part of this and any discussion of reauthorization. I am going to send around to my colleagues, the major newspaper in my State, the Hartford Courant, has just run a series of articles, Mr. Chairman, on the whole credit question. I do not know if you have seen these or not at all. Have you seen them? Mr. Beales. I have, yes. Senator Dodd. They are rather good articles, I thought. I would be interested, at some point, in your response to the suggestions in them, the comments in them. They are rather comprehensive. Two reporters spent months looking at the issue of fair credit reporting, a 4-month investigation, culminating in the series I mentioned, which detailed the day-to-day problems that consumers face with the current system. I am going to send around a package of these articles for my colleagues to look at. Chairman Shelby. Good. Senator Dodd. The articles focus on the devastating effects that inaccurate information in credit reports can have on the lives of millions of people. Individuals are finding that it can take years of time and money to clear the mistakes that credit reporting agencies are making. And after finally improving the inaccuracy of their reports, many consumers are then left footing the bill in recovering from the damages caused from their records. As America's financial consumers have more credit options available to them, and as the mass of improvements in technology have occurred, I am concerned that the credit reporting system and the regulations that govern it may not have kept pace to ensure a corresponding level of accuracy. I think we can do a better job ensuring the consumer's financial picture is more accurately kept and that the process to correct mistakes is faster and easier for consumers. Additionally, I think that we can improve the current privacy protections available to consumers. Consumers are concerned that no significant changes will be made to the current system. According to the same article that I mentioned, cracks in the system continue to put millions at risk. We need to fill those cracks. I think we all want to do that, with the national credit reporting system, and shore up its foundation. I thank the Chairman again for holding the hearing. Let me ask, if I can, a couple of things. One is, in response to Senator Miller and I guess previous questions, you have indicated that you do not believe there is any greater statutory needs that you would have to address the inaccuracy issue. Is that correct? Mr. Beales. I think the fundamental accuracy mechanisms in the statute have, by and large, worked pretty well. I think it is just in the processes, as many transactions as the credit reporting system does, is almost inevitably going to sometimes make mistakes. And what is really important is to have a mechanism to correct those mistakes when they occur. I think the mechanism that is there, by and large, works pretty well, although, it doesn't work perfectly in every instance. Senator Dodd. How many complaints does the FTC get a month, roughly, of this kind? Mr. Beales. I do not have a specific number. We get probably--well, this is probably annual. We probably get several thousand complaints about each of the three credit bureaus. Senator Dodd. On a monthly basis? Mr. Beales. That is probably annual. Senator Dodd. Several thousand. Mr. Beales. Yes. Senator Dodd. What categories do they fall into, roughly speaking? Identity theft? Credit card? Inaccuracies? Mr. Beales. Those are accuracy complaints. What you have to understand in thinking about the accuracy complaints that we get, and we do not have any independent assessment of whether the information is really accurate about who's right in this dispute. We know there is a dispute. And we do know because we get complaints from them, that there are some consumers who do not understand the way the system works. They think that if they were behind on their payments and that was reported, but they are now current, that the fact that they were behind should go away. But that is not inaccurate. They were, in fact, behind. That information is part of the credit report, and stays there, but it sometimes leads to disputes because consumers do not understand that that is the way the system works, and is designed to work. Senator Dodd. Is there a breakdown between credit furnishers and the reporting agencies themselves? Do you see any evidence of that? Mr. Beales. We have been very interested in what the furnishers are doing. We have brought the first furnisher cases that are based on furnisher liability, in order to assure that furnishers are providing accurate information. Where we, frankly, have seen the most difficulties is with the information reported by debt collectors, rather than the information reported by other kinds of creditors. But we are quite interested in furnisher issues across the board as an enforcement priority. Senator Dodd. And you say that you have had a chance to look at those articles in the Hartford Courant. What is your reaction to them? Mr. Beales. The potential consequences of mistakes in credit reports are very severe. I think that is why this statute is important and why the set of statutory protections to correct mistakes is very important. It is why we have made the enforcement of those mechanisms, both furnisher liability and of the adverse action notices, why we have made those key priorities in our FCRA enforcement efforts. I think that is the main point, that the accuracy is really a critical issues. Senator Dodd. I appreciate that. I might, Mr. Chairman ask if maybe we could get some numbers, if you could. I would just be curious about the number of complaints you get and if you could give a little more accurate breakdown of what categories they'd fall, it might be helpful to the Committee. Mr. Beales. Sure. We would be happy to do that. Chairman Shelby. I think that is an excellent suggestion. Senator Dodd. Thank you. Thank you very much, Mr. Chairman. Chairman Shelby. Senator Stabenow. STATEMENT OF SENATOR DEBBIE STABENOW Senator Stabenow. Thank you, Mr. Chairman. First, I do have an opening statement that I would appreciate be made a part of the record. Chairman Shelby. It will be made a part of the record in its entirety, without objection. Senator Stabenow. Thank you very much for holding this hearing. And thank you, Mr. Beales. It is an important topic. I wonder if I might just follow up on the questions as it relates to consumers. Earlier, Senator Bunning was asking you for the toll-free number. I am wondering, that really leads me to a question concerning the opt out provisions. And we know, for every prescreened credit offer, there has to be a notice of the consumer's right to opt out. Could you speak a little bit about how that is working? Do people understand it? Do others, other than Senators, not know the toll-free number? I did not know it, either. But, also, do they understand how to do it correctly? How is this working, overall? Mr. Beales. We do not have any systematic assessment of how many consumers know or do not know. Or how much they know about exactly how to go about it. There are disclosures that are supposed to be provided with every prescreened offer that you get of how to do it and what number to call. But there is a lot of information there, and a lot of other information about the offer and the terms of the offer that probably makes it hard to find in a great many circumstances. It is not something where we get a lot of complaints, I do not believe. From that perspective, the system seems to be working. But I am sure there are consumers who do not know that they can opt out, some of whom may prefer to opt out. Senator Stabenow. And what percentage of consumers are opting out? Mr. Beales. That I do not know. Senator Stabenow. So, you do not have any way of tracking this point, how many opt out, what percentage? Mr. Beales. The system is maintained by the three credit bureaus and they would be able to tell you how many people have in fact opted out, I mean, how many people are on the list. But we do not have that information. Senator Stabenow. Okay. And would you make any changes from your perspective in how that is working, that whole process for consumers? Mr. Beales. As I say, the Commission doesn't have legislative recommendations at this time. I do not think we have seen anything that has seemed to us to be a particular problem in that area, that really needs to be fixed. Senator Stabenow. Okay. Thank you very much. Chairman Shelby. Thank you, Senator. I want to go back to the issue of credit report accuracy. Is there an acceptable tolerance level for errors, and what is that, if there is? In a risk-based system, there has to be some tolerance, but what is the threshold? Mr. Beales. The statutory standard focuses on procedures, reasonable procedures to assure the maximum possible accuracy. It doesn't set a numerical threshold. Even if the error rate is very low, if it is cheap to fix, you should fix it. But if it is really difficult to fix or really expensive to fix, if there is no reasonable way to correct it, or no reasonable procedure that would prevent it, then that would be acceptable under the statutory standard. But it is not a numerical threshold. It is a balance of---- Chairman Shelby. How would you--excuse me a minute. You said if there is no reasonable way to fix it. But what if it were so prevalent, it called for fixing? I am not saying it is, but you said if there is no reasonable way to fix it. First of all, assuming that the number of errors are small, we understand that. Mr. Beales. Let me back up because I think what I should have said is, there is no reasonable way to prevent it. Chairman Shelby. Okay. Mr. Beales. Because if there is an error and it is called to your attention, you have to fix it. Period. End of story. Chairman Shelby. That is correct. Because accuracy is important. Mr. Beales. Because accuracy is important. Absolutely. Chairman Shelby. Right. Mr. Beales. But the reasonable procedures focus on what kinds of steps can you put in place to keep that from happening in the first place? Chairman Shelby. Is there any way to gauge what is or should be an acceptable error rate? You said that they do not do it statistically. In other words, you do not do it numerically. You do not say that the error rate is--I am just throwing this out there-- 3 percent or 5 percent or one-half of 1 percent or one- hundredth of 1 percent. Is that what you were saying a minute ago, that you do not gauge that? Mr. Beales. There is no bright-line standard in the statute of what is acceptable. Even if the error rate was a hundredth of a percent, if you could avoid that for free, then under the statute, you have to do that. It is a question of what kinds of costs do you have to incur, what is reasonable to do to avoid that particular error. Chairman Shelby. I think Senator Dodd asked you the question of, something to the effect, how many complaints did you have at the Federal Trade Commission a year? And you said, around 2,000, more or less, on a yearly basis. Mr. Beales. Per credit bureau. Chairman Shelby. Per credit bureau. Six thousand? Three credit bureaus? Mr. Beales. I think it is probably a bigger number than that. Chairman Shelby. A larger number. Mr. Beales. Let us get you the precise number. Chairman Shelby. Can you furnish that for the record because we are building on it. Mr. Beales. Yes, sir. Chairman Shelby. What are the considerations or trade-offs involved in the calculation of an acceptable rate of error? For example, maintaining as much participation as possible within a voluntary furnisher system versus accurate record of consumer credit history, and ultimately, the appropriate pricing of credit. Accuracy goes to the very heart of all of this. And it would seem to me that not only would the credit bureau, or whatever, but also the credit-checker, would want their reports to be accurate. The user of that information--let's say it is a mortgage company or a bank or something--they would certainly want it to be accurate, wouldn't they? Mr. Beales. They certainly would. I think everybody in the system, consumers, users, credit bureaus, benefits from accuracy. I think that is absolutely right. Chairman Shelby. Benefits from accuracy, starting with the consumer on. Risk-based credit pricing--I think Senator Sarbanes alluded to that earlier. I think that we all recognize the many positive, and there are many, developments associated with technological advancement. Technology has made our credit markets remarkably responsive to consumer demand, as Senator Bennett would have shown us with a bigger chart, right? [Laughter.] Senator Bennett. Right. Colored chart. Chairman Shelby. Yes, a larger chart. That said, just to get a handle on just where technology has taken our credit markets, could you explain or expand a little on the use of risk-based pricing and how much more prevalent its use today versus 1996 and 1971, if you could? Mr. Beales. I cannot do it in a quantitative way, but clearly, qualitatively, there has been substantial change. I think particularly in 1970, at the time the statute was first passed, the dominant model and the way most credit decisions were made was you applied for credit that was available on a fixed set of terms and you were either approved or denied on that same fixed set of terms. I think probably the predominant model today is you apply for credit. The terms--sometimes you are accepted or rejected. But with growing frequency, the terms you are offered, whether it is the interest rate or the credit limit or some other aspect of the credit arrangement, depend on the risk that that individual borrower presents. And the higher the risk, the worse the terms. Chairman Shelby. Sure. Mr. Beales. That is a much more common model today than it was. Certainly in 1970, the information-processing technology and the information-sharing technology simply wasn't in place to support that kind of system on any very large scale. Now it is. Now it is done. It is much more differentiated pricing of credit and insurance products based on the risks that a particular consumer may pose. Chairman Shelby. I think the use of risk-based pricing offers numerous benefits to consumers. You alluded to that. Credit is now offered to many people who were previously deemed unqualified. Hence, his chart a minute ago, I think. And credit pricing is much more tailored now to each individual, more so than it used to be. Would that be a fair assessment. Mr. Beales. I think that is correct, yes. Chairman Shelby. But the use of risk-based pricing also raises issues about the continued effectiveness of some aspects of the Fair Credit Reporting Act. You mentioned, if you want to refer to your written testimony, how accuracy, and I will quote:``Was, and remains a core goal of the Fair Credit Reporting Act.'' You then indicate and I will quote:``Adverse action notices. . .are a key mechanism for maintaining accuracy.'' With the use of risk-based scoring, however, a consumer may qualify for credit, but not at the best terms. By not making an outright rejection, creditors as I understand the system--do not have to send an adverse action notice and credit applicants may then never become aware of the need to examine their credit reports. Does this cause you any concern about the continuing relevance of the adverse action process? For example--let me see if I understand it. Let's say they check my credit and I do not have A number one credit like Senator Bennett's father or like he would have liked to have had. Right? And they come back and instead of telling me that, they say, we will offer you something based on the risk. Is that the way they do that? The credit risk as they perceive my credit, rather than an outright rejection. Mr. Beales. Yes. And that is a counter-offer. Chairman Shelby. Yes, it is a counter-offer. Explain how that works. That avoids the necessity of the adverse---- Mr. Beales. It depends on what you do with it at that point. Chairman Shelby. Sure. Mr. Beales. If you reject the counter-offer, then that is adverse action. Chairman Shelby. That is right. Mr. Beales. And if it is based, in part, on a credit report, they have to tell you. Chairman Shelby. Sure. Mr. Beales. If you accept the counter-offer, then, because adverse action is tied to the definition of adverse action under the Equal Credit Opportunity Act, then there is no adverse action because you got the credit that you wanted. Chairman Shelby. You got the credit maybe not that you initially wanted, but you got a deal and took it. Right? Mr. Beales. That is right. I think that raises a difficult trade-off. We are thinking about the issue, but we do not have a recommendation. Chairman Shelby. Tell us how you are thinking about it. Mr. Beales. Yes, sir. Chairman Shelby. Just for the record. Mr. Beales. On one hand, if you are not getting the best terms, and that is based on the credit report, you need to get notice. Chairman Shelby. Maybe I wouldn't deserve the best terms. Mr. Beales. That is right. You may not get the best terms based on accurate information rather than inaccurate information. But if it is based on inaccurate information, you need the notice to trigger your right to look at the file. But in a pure, risk-based system, where the best person out there gets the best price, and everybody else gets somewhat worse terms--if you think of it at that extreme---- Chairman Shelby. But everything's a risk. It should be based--if it is based on risk, somebody's more creditworthy and has worked hard, diligently to pay their bills, as opposed to, say I hadn't, they should be rewarded, should they not? Mr. Beales. They should. I agree with that completely. Chairman Shelby. Because they are less of a risk, say, than I would be. Mr. Beales. I agree with that completely. But if you say, well, giving less than the best terms is in some sense an adverse action, and we have said that about insurance where there is not the linkage--if you get insurance on less than the best terms, we have said that is adverse action and you have to give notice. But in a completely risk-based system, that means everybody gets notice all the time, except the best risk. And that degrades the notice because it no longer serves the function of saying, there may be something unusual here, which it does now, and it does under the present system. And there is a balance between giving notice when people need it and not overwhelming people with notices that say there might be something in your credit report, because you could say that to everybody all the time. Chairman Shelby. Sure. But going back to what I mentioned, and you mentioned in your testimony earlier, risk must be gauged accurately, as best we can. Mr. Beales. Certainly. Chairman Shelby. That is what the system is about, is not it? Mr. Beales. Certainly. Chairman Shelby. Is gauging the risk as accurately--and you gauge it accurately based on the information that you pull up, do not you? Mr. Beales. That is right. Chairman Shelby. Or should. Mr. Beales. That is why the availability of information is important and it is why the accuracy of the information that is provided is important, because it gives you a better gauge of what the risk really is. Chairman Shelby. Are there more or less adverse action notices now than before? In other words, are there more counter-offers? Mr. Beales. there is offsetting influences. I think there is more counter-offers that are accepted and that would push it down. But there is more credit, and that would mean more denials. Chairman Shelby. Can you furnish that information for the record to the Committee? Mr. Beales. I doubt if we have it. But if we know, we will be happy to furnish it for the record. We will see if we have it. Senator Bennett. Than before what? Chairman Shelby. We are talking about before, let's say, 1971. Let's say 1996, the 1996 Amendments. The timeframe. Before the 1996. Senator Bennett. No. I want to see the benchmark. Chairman Shelby. I amended my question. Before 1996 and after 1996. Mr. Beales. Okay. My suspicion is that we do not have any information to answer that question. But we will look, and if we do, we will certainly provide it. Chairman Shelby. The use of risk-based pricing is what we are getting at. Technology has made it much easier to transfer, as we all know, massive amounts of information and data, thereby increasing the capability of credit reporting systems in many ways. We benefit from that. Can you comment on whether or not technology has enhanced the overall accuracy of credit reports? And do you have anything at the FTC--have you done a study on that? Mr. Beales. We have not done a study on that. Chairman Shelby. It should be more accurate, shouldn't it? Mr. Beales. I think technology has clearly enhanced the speed of the reinvestigation process. It is made it possible to reinvestigate, I mean, just the automated information exchange. Chairman Shelby. It is the reaction to something. Mr. Beales. Yes, yes. But the technology has made possible automated information exchange both to get the information, to report back to the furnisher that there is a dispute, and then for the furnisher to report back the truth. That can all happen much quicker than it used to. We do not know of any objective measure of how accurate the information is in credit reports that would be available over time to say firmly whether it is more or less accurate, what is actually been the trend in accuracy. Chairman Shelby. Senator Sarbanes. Senator Sarbanes. I will be very brief. I just want to make sure that I understand the statutory framework that we are dealing with here. As I understand it, under FCRA, most State credit reporting laws are not preempted unless there is a specific inconsistency between the FCRA and the State law. And that we have also enumerated certain exceptions in which there is a preemption of any State law differing with the Federal provision. Is that correct? Mr. Beales. Yes, sir. Senator Sarbanes. Okay. Now, if the preemption were allowed to expire, you testified earlier that you might anticipate that States might act in one or another of these areas in which they heretofore have been preempted. Presumably, if you were asked, you could indicate the areas that you thought were most likely in which State action might take place if they weren't blocked out from doing so because of the preemption requirements. Would that be the case? Mr. Beales. One could look--there is an analysis like this that has been done that I am not familiar with the details of. One could look at the kinds of proposals that have been made in State legislatures and get some sense of where the States might be active and where they might not. Senator Sarbanes. Who did that analysis to which you made reference? Mr. Beales. It was done by the Information Policy Institute. This is the study that is ongoing on the effects of losing different kinds of information from the credit reporting system. Senator Sarbanes. Could you provide that study to us? Mr. Beales. It is not complete yet. I believe their intention is to provide it to you as soon as it is complete. Senator Sarbanes. And one could take this list of what might be anticipated if there were not preemption and look it over and make some judgment as to which of those possible actions seem to be worthy in terms of protecting the consumer interest. And those standards could be incorporated into the Federal law, could they not? Mr. Beales. Certainly. Certainly. Senator Sarbanes. That would maintain a national uniform system with respect to credit, so you would not have this fractionating that people are talking about, but would, in effect, constitute a reexamination of the preemption areas in terms of making a judgment whether we were fully keeping ahead of what needed to be done to provide reasonable consumer protection. Could we not engage in such a process? Mr. Beales. You certainly could. Senator Sarbanes. Does the FTC have any plans to do so? Mr. Beales. We have had an ongoing process of trying to look at what kinds of changes might make sense, where balances might be struck differently. And at this point, the staff has not made any recommendations to the Commission and the Commission doesn't have any recommendations. But it is something that we are very interested in. It certainly is an alternative to change nothing, is to strike a slightly different but still uniform national balance between the conflicting interests. Senator Sarbanes. This supposed conflict between the consumer protection, particularly responding to new and changed circum- stances, and a uniform national market, need not be any conflict at all if the consumer protection is provided to a national standard. Would that be correct? Mr. Beales. I think if it is done uniformly by Congress, and preemptively, so that it is not subject to another round of changes that States would make subsequently, then, clearly, that would preserve the uniform market and the question would be, is that particular change a good change or not? Senator Sarbanes. Yes, the reasonableness of the change. Mr. Beales. Right. Senator Sarbanes. But that would get you away from this, it seems to me, some effort that is being made as though we only have a Hobson's choice here. Chairman Shelby. Right. Exactly. Senator Sarbanes. Between fractionating the uniform market or addressing some of the problems that consumers are encountering, which, upon a reasonable examination, one could conclude something needs to be done about them. And that would be a way of doing something about them and sustaining the uniform national market. Is that not the case? Mr. Beales. That is the case. For Congress to make a different but uniform change would certainly do that. Senator Sarbanes. Thank you very much, Mr. Chairman. Chairman Shelby. Senator Bennett. Senator Bennett. Thank you. Mr. Beales, I do not quite understand the market for the services of the three providers. There are now only three credit bureaus that you go to? Mr. Beales. There are three large repositories. There are hundreds of credit bureaus. Most of them are small credit bureaus for purposes of the Act. Most of them are small and local or specialized in some particular market in some way. But there are three that qualify under the Act as, ``national credit bureaus.'' Senator Bennett. So as far as we are concerned, there are really only three. Mr. Beales. For most purposes, that is right. Senator Bennett. You do not oversee the others. Mr. Beales. We do. Senator Bennett. Oh, you do. Mr. Beales. We do. And we have brought cases involving some of the others. Resellers, for example, are regulated as credit bureaus. I think, in thinking about the statute, it is important to remember that there are all the others because sometimes things that would make sense for the big three wouldn't work at all for some of the other people. And that is why they are important. Senator Bennett. That is very helpful. And I hadn't understood that before. Can you provide us for the record with a breakdown of volume between the big three, if we can call them that, and then all of these others? What percentage of the volume of credit reporting is involved with the others, if you have it off the top of your head? If not, you can provide it. Mr. Beales. I do not. We will look and see if we can provide it. If it we can provide it, it will be from industry data and not from anything we know. Senator Bennett. Okay. Mr. Beales. But we would be happy to look and see whether-- -- Senator Bennett. What would you be surprised if it were more than? Mr. Beales. I do not know if there is a more than that would surprise me. [Laughter.] In terms of volume, it clearly is dominated by the big three. Senator Bennett. Okay. Mr. Beales. The others are specialized and important in their own way, but they are small players in the overall market. Senator Bennett. Okay. Let's deal with those three, then. All right. I am a retailer. In addition to taking Visa cards and MasterCard and Discover card and all of these others who have taken a lot of the burden of my credit operation away from me, I nonetheless maintain an in-house credit operation. I offer credit to my customers. On what basis would I make a choice between the three? Is there, indeed, viable competition between them? And does that competition--to tell you where I am going--does that competition drive them, each one, to be more accurate than the other two, more responsive than the other two, prettier reports, fancier colors? What is the competition between the three of them? Mr. Beales. I think the competition is mostly about the breadth and depth of the information that they can provide, that it is based on--and different bureaus have made different choices about where they try hardest to build relationships with furnishers, who are ultimately the source of data. One bureau may have stronger relationships in one geographic area than in another and a different bureau may have adopted a different competitive strategy. Senator Bennett. Is there any evidence of users switching from one to the other, deciding that the services from credit reporting agency A somehow do not meet my needs as well? Are there salesmen calling on users to say, switch to my brand? Again, what I am driving toward is that if there is, indeed, a market competition here, it is going to drive each one to be as accurate as possible because the worst thing you could do, it would seem to me, would be to be in the business of reporting credit information and be wrong and thus lose customers. Now, do, in fact, customers shift and move from one to the other? Mr. Beales. I think customers do shift and move. I think there is competition in this market in a very effective way. I think there are market incentives for accuracy and the competitive pressures are part of it. However, I also think creditors care much more about some kinds of mistakes than others. They really do not want to miss bad information because, if they do, then they are going to get burned with losses. It matters less to the creditors who are buying the reports if they are missing good information about you because they are not going to suffer losses in the same magnitude. So, I think there is a role for Federal oversight, for regulatory oversight of accuracy. But I think there are also important market incentives to keep the information as accurate as possible. Senator Bennett. Okay. Thank you very much. I am a great believer in the market and the power of the market. And I think that may be a greater policeman--I am going to lose this user if I do not do a good job--than, gee, I have to check with my lawyer to make sure that I am complying with every one of the regulations out of the FTC. Chairman Shelby. Senator Schumer. STATEMENT OF SENATOR CHARLES E. SCHUMER Senator Schumer. Thank you, Mr. Chairman. I want to thank you for holding these hearings. You have been involved in this issue a long time. Back in 1995, I guess, you and Senator Bond, the bill that you sponsored, set the stage for all of this. And I thank you for that. This area seems dull to people. But the bottom line is that probably the credit markets have more effect on people than the equity markets, even though we spend a lot more time on the equity markets around here. So, I think it is an important hearing and we have to be really careful about it. Just to make a point, I think it would be really bad to fractionalize these markets. We all know that. There should be a national market. My view, an attempt to make it better, that risks fractionalizing them, and you have to be real careful. But that doesn't mean that, as you keep the markets national, you cannot improve a bit of regulation. I do not think we have that much variation here, although I would warn my colleagues, in an attempt to open up, to move into new areas, if we risk not keeping this Act intact, we run a real danger. I take it that you would agree with that. Mr. Beales. The Commission hasn't taken a position on preemption or not. I think the risks of fractionalization are very real. Senator Schumer. What would outweigh them in a national credit market, other than the fact that the Commission hasn't taken a position? [Laughter.] Mr. Beales. I think there are benefits from State experimentation, if you will, in different approaches that may work better in some particulars. And I think that is the trade- off. And as I say, the staff hasn't made a recommendation. The Commission hasn't taken a position on how we think that balance should be struck at this point. Senator Schumer. And do you think the two are irreconcilable, that you cannot have a national law and still allow some State experimentation? Mr. Beales. no, I do not think they are irreconcilable. And I think the existing statute allows State experimentation in many areas. But not in some. Senator Schumer. And are there any that come to mind where we should allow experimentation where we do not now? Mr. Beales. Among the existing preemptions? Senator Schumer. Yes. Mr. Beales. No, there is none in particular I would single out. Senator Schumer. Good. You also, I guess, and this relates to the question I was asking--I think you would agree--well, let's quote Chairman Greenspan, somebody I have a lot of respect for. He says: Limits on the flow of information among financial market participants or increased costs resulting from restrictions that differ based on geography, may lead to an increase in price or a reduction in the availability of credit, as well as a reduction in the optimal sharing of risk and reward. As a result, I would support making permanent the provision currently in the Fair Credit Reporting Act that provides for uniform Federal rules governing various matters covered by the FCRA and would not support allowing different State laws in this area. Now, as a careful student of Greenspan-speak, on that one, there is not a lot of Paul Volcker cigar smoke floating around. [Laughter.] He's pretty clear. Do you--again, I am not asking you to the outcome here, given the constraints of the Commission. But do you share his concern that limits on information flow could, ``Lead to an increase in price or a reduction in the availability of credit?'' Mr. Beales. That is certainly the risk. The Commission's testimony quotes Chairman Greenspan saying essentially that, minus the conclusion. I think we agree that that is the risk. That is what is at stake here. Senator Schumer. Okay. Let me ask you about two specific issues that I care about, that we might, as we look forward on FCRA, want to involve ourselves with. I, at least, will be careful about the admonition that we do not want to let this whole deal lapse. Identity theft. On this one, I have been very concerned with identity theft. We have had a lot of problems in my State with it. But you can look at the glass being half full or half empty in terms of FCRA as it relates to identity theft. Some would say that our credit reporting system makes it easy to steal identities. And others would say that the system makes it easier to detect, catch, and remedy identity theft. Do you have a view on that? Mr. Beales. I think there is important senses in which they are both right. I think the regulatory approach that the FCRA strikes is, I think, exactly the right approach that we need to take to think about identity theft. We need to be able to share this information. It is important in many areas. But we need to try to restrict the uses to which that information is put. The problem of identity theft is the wrong people get information and use it for the wrong purposes. But, I think that the need to share that information for legitimate purposes, including to prevent and detect identity theft, is crucial. Senator Schumer. Okay. And what about on making more transparent the credit score? Senator Allard and I, in the last Congress, introduced legislation to do this. It was supported by lots of the lenders, and we are planning to do it again. So that if a mistake is made on your credit score or something is wrong with it, that you get to see it, can get to challenge it, like we do in so many other areas. What is your view on that kind of improving, in my judgment, that would improve legislation to allow people to see what goes into their credit score? Right now, they have no way of even knowing if there is a mistake. It befuddles lots of people, and lots of lenders. Mr. Beales. I think the key is the accuracy of the underlying information because the algorithm that converts the information in your file into a score is essentially a little bit of computer code that does what it is going to do and weighs the different information appropriately. Senator Schumer. Sure. Mr. Beales. And consumers can look at the information that is the basis for that and correct the inaccuracies at that level. And that, in fact, is ultimately what they have to do. Whether they know the score or not, whether or not they know the algorithm or not, the only way to fix it is to correct the mistake in the underlying information that gave rise to the erroneous score. I think what is hard about more information about scores is scores are different. You may have different scores for different creditors and provided in different ways. Senator Schumer. Different scores sometimes for the same creditor, too. Mr. Beales. Perhaps. Senator Schumer. For different groups. Mr. Beales. For different models or different groups, absolutely. Senator Schumer. But the system really is not working well now, I do not think. Do you think it is? Do you think consumers right now, under the present system, really have the ability to correct errors, unless they spend a whole lot of time and effort on it and it is beyond their ken? Mr. Beales. I believe there is some difficulty in correcting errors. It is not the easiest thing in the world to do. I think that is right. I think it is a system that, as best we can tell, mostly works. It doesn't work perfectly all the time. The mechanisms to provide and assure accuracy we think are really important. And we have worked very hard on the enforcement side to try to make sure that they are in place and followed. Senator Schumer. Okay. I had one more question, Mr. Chairman I am trying to find it here. [Pause.] Oh, yes. One of the great debates we have always had in this Committee is privacy rights, which again is a lot easier to talk about in the abstract. And when you get into the specifics and see the push and pull, I do not think it is as clear and as easy. But it has been a great concern, I know, to the Chairman and to me. We had this debate on Gramm-Leach-Bliley. And so, my final question to you is, should we, do you think, address larger issues in a reauthorization of FCRA, like identity theft, which I mentioned, but privacy in particular? Or should we not? You know, we could say, Gramm-Leach-Bliley is new. We struck a balance there. Let's not go into other areas or let's not change what we have done. Mr. Beales. We have always thought that the FCRA is fundamentally a privacy statute. And in that sense, you cannot avoid addressing those parts of privacy because that is what the FCRA is all about. That is one of its key objectives. I think, frankly, that that part of privacy is complicated enough, that it will likely keep you very busy in trying to figure out what is the best answer here. There are some parts and some of the identity theft issues may be like this, that are so intimately related to the FCRA, that they should be part of that process. But from my own perspective, the more it can be kept confined, the easier it is to deal with. And it is hard enough to deal with as it is. Senator Schumer. Do you know if the Administration has a view on this? This is a key national issue and it is hard to figure out what they think in terms of FCRA and privacy. Mr. Beales. I do not believe that the Administration has taken a position as yet. Senator Schumer. Do you think they ever will? Mr. Beales. Yes, I think they will. Senator Schumer. Okay. Good. Thank you, Mr. Chairman. Chairman Shelby. Thank you. What is your sense as to the general level of public awareness with regard to things like the content of credit reports? This is picking up a little on what Senator Schumer was into. In other words, you are the average person in America. What is your general awareness regarding the content of their credit report? Mr. Beales. I think it is something that most people probably never think about. I think if you ask them questions, most people would have a reasonable sense of some of the core elements, that their payment history is in there. Chairman Shelby. If they do not, they should. Mr. Beales. If they do not, they should. We have a wide variety of consumer educational materials to try to enhance consumers' understanding of what is there and why it matters. But we do not have any measures of what they actually know. Chairman Shelby. How can you disseminate information to the consumer--that is all of us, not just in this room, but all of us--to let us understand what credit scores are and how they are used? You have a computer model out there to rate all of this. This is risk-based credit-scoring, in a way. Right? Mr. Beales. Yes, it is. Chairman Shelby. You have a risk-based system. And the more the consumer knows about how they are being rated, even if it is complicated, the better off they'd be, wouldn't they, in the long run? The more information a consumer knows about things that are rated that affects their lives, their credit and so forth. Mr. Beales. In general, I certainly think that is right. I mean, I think the complication in credit-scoring kinds of models in particular is--you do not want consumers to be able to play games with the system. Chairman Shelby. Absolutely. Mr. Beales. That would affect the validity of the underlying model. Chairman Shelby. I am not talking about playing games. I am talking about just being aware. Senator Schumer. Mr. Chairman. Chairman Shelby. Yes, sir. Senator Schumer. I just want to back him up. From what I am told, some credit scores, if you have 10 credit cards, even though you paid each one, you will end up with a different credit score than if you have two. Why shouldn't the consumer know that and let it go in? Yes, when you ask consumers or even the people representing them, why they got the following credit score, nobody has any idea. Sure, you can get all your data about everything, but you do not know what went into it or where there might be a mistake and where there is not. I am glad you brought it up, Mr. Chairman. Chairman Shelby. The scoring, Senator Schumer, as you well know, affects millions and millions of Americans' credit. Senator Schumer. Yes. Chairman Shelby. And I would say the average American, for lack of better information on my part, has no clue as to how their credit is rated, based on this computer model. Senator Schumer. And they cannot get it. Chairman Shelby. And they cannot get it. Senator Schumer. That is the bill that Senator Allard and I are trying---- Chairman Shelby. That is what we are both talking about. Mr. Beales. Yes, I understand that. And I think there have been a variety of changes in the industry to try to provide consumers with more information about what goes into that score in a big-picture sense and how it is computed and why it matters. We certainly have consumer education that tries to do the same thing. But I think, as you point out, the specifics of what goes into a score depends on which score you are talking about because different people use different models. Chairman Shelby. That is exactly the point he was making. Mr. Beales. That look at different information. Chairman Shelby. Do the three credit, the big credit houses, do they score--do they have a different model to score? Mr. Beales. There is an industry leader, Fair Issacs, that produces the FICO score. That is probably what most people think of as credit scores. Both users and I believe, I am not sure to what extent, but both users and some credit bureaus have their own proprietary scoring models that do things a little differently that they think give a better perspective on risk. Chairman Shelby. But it depends. If a consumer depends on what credit house that evaluated their credit, depends on how their credit is rated, perhaps, based on the model of assessing their risk? Mr. Beales. people differ--I mean, creditors differ. And the extent to which they use just the score, there are creditors who build their business around what they think is their ability to differentiate the risks they face and the risks that customers pose more finely than the standard scoring model. Chairman Shelby. That is underwriting, is not it, to a certain extent. You are evaluating this risk here based on the credit, based on, say if there is a property or something, a mortgage, location of the property, everything that goes with it, the appraisal of the property. Mr. Beales. In a sense, it is underwriting. It is also the initial credit decision. Chairman Shelby. Yes. Mr. Beales. And to take a group of consumers--and there are powerful competitive incentives to do this--but to take a group of consumers who may have the same credit score and to try and spread them out in terms of those consumers, which ones are the higher risk and which ones are the lower risk. So it is really difficult to talk about. Your payment history at this store over this period of time is an objective fact that doesn't change. And we can make sure that that is accurate in the credit report, and we can. But your credit score depends on the model, depends on the creditor, and it depends on the underlying information. I agree consumers should understand much more about how it is done. But it is much more complicated to try to explain and to try to verify than the straightforward fact about a particular piece of paper. Chairman Shelby. Should we have some type of uniform model adopted in the industry or industry-wide, rather than two or three different ones that bring different results? Mr. Beales. I think not. I mean that would, in essence, be regulating the degree of credit risk that different lenders can take on. Senator Schumer. But---- Chairman Shelby. Go ahead, Senator. Senator Schumer. Thank you. I would agree with you that we shouldn't say what model. That is competition. But I do not see why it shouldn't be transparent how the score came out. My experience is, and you have said something a little contradictory, so maybe I do not understand it well enough. I apply for a mortgage. My neighbor applies for a mortgage. And I just happen to know that I did not get it because my credit score wasn't good enough, and he did. We live on the same street in, let's say, Levittown, identical house. And I go over my mistakes in my credit history and I ask him, and it seems the same. And there is no way to really find out why I got lower than him and what I could do to correct it. And I go a step further. I also think that if a mistake was made, like they say I missed a payment, but it was Jon Smith, not John Smith, that there is virtually no way that I can figure that out unless I have more information than the law allows me to. Am I wrong about that? Mr. Beales. I think you can figure out the payment because you know, and presumably, can verify from your own records, hey, wait a minute. I wasn't late. I made my mortgage payment on time, or I made that payment on time. Senator Schumer. The credit company, if they are using the last 5 years of mortgage payments and not the last ten, will tell me? At least my experience with this is it is a little more complicated than you are making it out. Yes, I know I did not miss a payment in 1992. But I do not know if that is part of the formula and my credit score thinks I did. Mr. Beales. Okay. Senator Schumer. Follow me? Mr. Beales. I guess what I am saying is, if you have the payment history right, if the payment history shows up in the credit report correctly, and that information is all accurate and you know whether that information is accurate or not, then I do not think we have ever heard of a case where the numerical calculation to convert that information to a score had an error in it. Computers are pretty good at arithmetic. Senator Schumer. No, no, that is not what I am saying. Mr. Beales. The problems are the accuracy of the underlying data. Senator Schumer. Yes, and there is no way of you knowing whether that underlying data is correct or not right now. Isn't that true? Mr. Beales. No. The underlying data is your credit report. And that information, you can know whether it is correct or not. Senator Schumer. But I don't know what exactly is going into it. Mr. Beales. You do not know exactly which pieces matter. That is certainly correct. But if all of the information there is accurate, then it is not going to affect your credit score. The other thing, in the credit denial, if you get denied, under the Equal Credit Opportunity Act, you get an adverse action notice for that purpose as well. And it will identify the top four reasons for that denial, the four things that most contributed to your credit score being too low. Senator Schumer. And then if I find one of them is inaccurate and I wrote the credit company, they will correct it? Mr. Beales. When you notify the credit reporting agency, that triggers the reinvestigation requirement. They have to go back to whoever furnished that information. The furnisher either has to verify the information or delete it. Senator Schumer. And does that happen? Mr. Beales. Yes, sir, it does. Senator Schumer. Are there times when it doesn't? Mr. Beales. Undoubtedly. Senator Schumer. Which is more? [Laughter.] Mr. Beales. We think it happens far more often than it doesn't. Senator Schumer. Do we have data on that to know? I am sorry, Mr. Chairman. Chairman Shelby. No. I think what you are getting into is very important. Mr. Beales. I have seen data--there is an enormous number of corrections that get made, of changes that get made. Senator Schumer. I just find when you talk to your typical mortgagor, when you talk to his real estate broker, his bank, her bank, there is huge dissatisfaction with the mystery of this system. And it is not just some theoretical need to know, that it creates--everyone scratches their head and cannot figure out a whole lot of the outcomes here. Am I wrong about that? The realtors made this one of their big issues. They weren't doing it because everything is working right. Mr. Beales. I think what has tended to happen in response to participants in the process being frustrated by not understanding as much as they wanted to, is that more information has been provided over time. Whether that frustration is still there or not, I do not know. That is not something that we experience on an ongoing basis. But I think the fundamental answer of trying to explain this system to consumers better, is exactly the right one. And that is what we try to do in our consumer education materials. Senator Schumer. Thank you, Mr. Chairman. Chairman Shelby. Could we say, as far as scores go, there is pervasive use and limited consumer understanding? Obviously, I bet there is not two people in this room, maybe five, that would explain--maybe the credit bureau people here--but that could explain that scoring. Senator Schumer. Maybe one of them brought the little black box. Chairman Shelby. Yes, the little black box. [Laughter.] So, I think the case has been made for very limited, at least at this period--we will have more hearings--but for limited consumer understanding of how they are scored. Mr. Beales. I think they certainly do not understand the details of how their scores are calculated. What credit scoring replaced was a system that was essentially judgmental, which I think was, if anything, less transparent to consumers. Chairman Shelby. This is judgmental, too. It is just done by computer. Right? It is based on a model of so and so. Mr. Beales. It is based on objective data, as opposed to being based on my personal assessment of you and whether you are a good credit risk or not. Chairman Shelby. I did not say it was good or bad. It may be a big improvement. I am just saying it is still a judgment is made. Mr. Beales. Yes, I think that is right. Chairman Shelby. By an individual or by a computer. Mr. Beales. The judgment is made based on actual experience analyzed in a statistically rigorous fashion. Chairman Shelby. And no human flesh. Mr. Beales. Right, as opposed to my opinion based on whatever it might be based on. Chairman Shelby. Senator Sarbanes mentioned earlier that we balance all interest legislatively, or try to balance. That is part of the legislative process. We have talked about preemption, the merits of it, the problems with it, and so forth. But he asked you, as I understood it, could this be balanced? Could the case be made--I am talking up here and later--for preemption which would benefit the creditors, benefit the consumers, ultimately, our national system, and at the same time, a standard for the consumers, you know, improve the standard for the consumers on notice and a lot of other things. Identity theft concerns and so forth. Mr. Beales. I think, certainly, that that can be done. Chairman Shelby. Balancing the interest, is it not? Mr. Beales. It is a balancing of the interests. And we have tried on an ongoing basis to assess whether there are problems, where there may be the possibility for improvements that would make the system work better. That, presumably, if you did not extend preemption, presumably, that is the process that individual States would go through. But you can do that here, too. Chairman Shelby. And the possibility of Balkanization, doesn't it? Mr. Beales. Yes, it does. You can do it here and have it uniform and an improvement as well, if in fact the particular change is an improvement. Chairman Shelby. Your testimony is made part of the record and then some of your oral testimony here, is full of references to the dynamic nature of the credit markets. How do you make sure that the FCRA, the Fair Credit Reporting Act, legal regime and the interests that it is supposed to balance and protect, stays abreast, stays up with the real-world developments in these markets? And what are your views as to the adequacy of the current regulatory structure? Is the Commission that you work with, the enforcement authority enough, or is there a need to expand your role to provide you with rulemaking authority? Are there other ways that we should consider to build in greater flexibility to help you do your job? Mr. Beales. The Commission has not taken a position at this point about rulemaking authority for the Commission. I think, generically, it is a good practice for regulators and it is good practice for the Congress to periodically review how regulations and regulatory schemes fit with the real world and whether they need to be adapted in light of underlying changes. Chairman Shelby. Okay. We appreciate your appearance here today. We look forward to working with you, and we thank you. Mr. Beales. We thank you. Chairman Shelby. The hearing is adjourned. [Whereupon, at 4:35 p.m., the hearing was adjourned.] [Prepared statements, response to written questions, and additional material supplied for the record follow:] PREPARED STATEMENT OF SENATOR ELIZABETH DOLE I would like to thank both you and Ranking Member Sarbanes for agreeing to hold this hearing on the issues raised by the reauthorization of the Fair Credit Reporting Act. Enacted in 1970, the Fair Credit Reporting Act has served an important role in this Nation. In the time since its first passage it is astounding to consider the fundamental changes which have occurred in our credit system. In 1970, credit card charges over $20 required the store owner to call the creditor and have a staffer go through a card catalog system to approve the transaction. Today, it takes just seconds, even when you are on the other side of the world. While we take this innovation for granted it demonstrates how fundamentally our system of payments has changed. In addition, the benefits of the Fair Credit Reporting Act have also been responsible for many of the advancements in how we choose financial products which best meet our needs. A system of fairly and rapidly assessing an individuals financial responsibility ensures that people can have quick access to competitive offers for credit, insurance, or other financial products. Clearly, our current credit system has been one of our Nation's best assets to benefiting individuals at every level of the economic ladder. This unprecedented access to credit combined with the low cost for credit realized through the efficiencies produced by law have created new opportunities for people who have never had access to credit before. No longer is collateral essential in qualifying for a loan, people can now raise themselves on the ladder of economic success simply by proving that they can responsibly handle their financial affairs. Given this opportunity to reauthorize the Fair Credit Reporting Act, we must ensure that our actions do not result in increases in the cost of credit and lower access to credit. To do so could have harmful effects on our recovering economy. At the same time we must ensure that the law applies to everyone fairly and that the system to protect consumers against questionable material on credit reports operates efficiently and effectively. I look forward to hearing the thoughts and observations of our witness and to working with all of my colleagues on the Committee as we reauthorize this very important law this year. Thank you. ---------- PREPARED STATEMENT OF SENATOR TIM JOHNSON Chairman Shelby, thank you for holding today's hearing on the Fair Credit Reporting Act. While FCRA is not exactly a household name, our Nation's credit-granting system is one of the bright points in our otherwise lackluster economy. Outstanding consumer credit has grown from $556 billion in 1970 when FCRA was enacted to $7 trillion today, accounting for over two-thirds of U.S. gross domestic product. Which is why today's hearing is so timely. Unless we act by the end of the year to reauthorize FCRA's preemption provisions, we risk striking a terrible blow to our economy by our inaction. As today's witness has noted in his very thoughtful written testimony, ``the consumer reporting industry, furnishers, and users can all rely on the uniform framework of the FCRA in what has become a complex, nationwide business of making consumer credit available to a diverse, mobile American public.'' Yet if we fail to act by January 1, 2004, this uniform reporting system could break into as many as 50 credit reporting systems, all with different standards, different requirements, and different procedures. Most people do not know much about our credit reporting system because it works so well. It does not occur to people to learn about what goes into a credit report until they get turned down for credit. And under the FCRA, those who do get turned down receive all the protections that come with a so-called ``adverse action.'' They have the right to a free credit report; they have the right to dispute what information is contained in that report; they have the right to a quick investigation of the information; and they have the right to a timely correction. And those rights apply to everyone, regardless of whether they live in South Dakota or Alabama. Full-file credit reports are unique to the United States. Unlike other countries, where only consumers with negative credit history have any kind of record, our system encourages data furnishers to report both negative and positive credit history, all on a voluntary basis. This information allows lenders to make informed decisions about a given consumer's credit risk and to make better lending decisions. These decisions are good for consumers in a variety of ways. For some, full-file reporting may allow a lender to take a chance on a consumer whose positive credit history may offset a past credit impairment. For others, more complete information may help a lender to decide not to extend more credit than a consumer can handle. By the same token, full-file reporting helps lenders make sensible decisions that keep our financial institutions safe and sound. Poor lending decisions affect all of us through institutional instability and an increased cost of credit. Other elements of FCRA are also critical to our credit-granting system. For example, in the modern economy, it's important to maintain a nationwide standard under which corporate affiliates may share information. Experts such as Chairman Greenspan have emphasized the need for national businesses, which serve customers in all 50 States, to have uniform standards across those 50 States. Failure to maintain this uniformity would jeopardize many of the efficiencies gained through information technology and wider consumer choice. Mr. Chairman, I believe that a uniform national credit reporting system must be maintained, which is why I introduced the Economic Opportunity Protection Act of 2003, S. 660, which would extend the preemption provisions currently contained in FCRA. At the same time, I commend you for holding the first in what I hope will be a series of hearings on the FCRA. As Congress noted when it created the FCRA, consumer credit ``is dependent upon fair and accurate credit reporting.'' Therefore, it is appropriate for Congress to look at whether the statute is working properly and whether any of the provisions need to be amended to reflect changes in the marketplace. I understand many on this Committee and in the Administration have a particular interest in identity theft, and I share this concern. In fact, I believe that a uniform national credit reporting system, if used properly, can be one of our most effective weapons to combat this growing problem. I hope as part of this year's discussion about FCRA, we can work together to develop solutions to what is a relatively new, yet extremely damaging, crime. That said, I am disappointed that the Administration has yet to develop a position on this critical issue. It appears the Federal Trade Commission is also unwilling to tell this Committee its position on whether it is important to maintain a uniform national standard for our credit reporting system. I would urge the Administration over the coming weeks to devote more attention to the imminent expiration of FCRA preemption provisions and to develop a recommendation that can inform Congress' deliberation on this issue. Mr. Chairman, I look forward to today's testimony. ---------- PREPARED STATEMENT OF SENATOR JIM BUNNING I would like to thank you, Mr. Chairman, for holding this very important hearing and I would like to thank our witness for testifying today. Today, we have the first of a number of hearings on the Fair Credit Reauthorization Act. As we all know, FCRA is a huge issue for the financial industry and consumer groups. There are some who think we need to pass a clean FCRA, some who think we should pass FCRA but with additional privacy and identity theft protections and some who think privacy decisions would be left to the States. I believe these hearings will be a great help to Members in deciding which is the best course of action to take. I have been involved in the privacy debate for a number of years. During the early 1990's, I worked with the Kentucky General Assembly to remove the Social Security number for Kentucky drivers' licenses. In the House, as Chairman of the Social Security Subcommittee of the Ways and Means Committee, I led the effort to stop the Social Security Administration from posting SSA earnings online. And of course, all of us who were on this Committee in 1999 were deeply involved in privacy issues during Gramm-Leach-Bliley. I certainly believe more can be done to prevent identity theft. I would like to see more restricted use of the Social Security number. I would like to see those who have had the privacy stolen to have better means to get their credit problems fixed. And I, like everyone else, would like to stop getting flooded with mail and getting solicitation calls during dinner. But I have another concern. I am very concerned about this economy. I am very worried about the possibility of a double-dip recession. I know that puts me at odds with more optimistic economic experts, like Chairman Greenspan, but we have disagreed before. We are not growing like we can, and we are not creating jobs. There are many reasons for this. I believe Chairman Greenspan acted way to slow to cut rates back in early 2001. He should have cut them in the fall of 2000. The corporate governance scandals have hurt trust in the markets. Sarbanes- Oxley and other actions have helped, but it will take a long time for corporate America to rebuild that trust. September 11, had a devastating effect on our economy. The two wars we have had since then have also not helped. The reason why most of these events have been so harmful to this economy is because they have created uncertainty in our markets. If there is one thing that shakes the markets, it is uncertainty. I am afraid that talk of not renewing FCRA is creating a lot of uncertainty in the financial markets. If we have 50 different privacy standards, it will be difficult for financial companies to sell their products nationwide. If counties and municipalities get in the act, and some already have, it will be even more difficult. I think it is crucial that we pass an FCRA extension this year. We must bring some certainty back to the markets if we are ever going to grow this economy and prevent a double-dip. Again, Mr. Chairman, thank you for holding this important oversight hearing. ---------- PREPARED STATEMENT OF SENATOR DEBBIE STABENOW Thank you, Mr. Chairman. I will be brief because I want to get quickly to our witness today. I appreciate your calling this hearing and I hope that we, as a Committee, will move quickly to address the expiring provisions of the Fair Credit Reporting Act. This session of Congress is going to move quickly and with just over 14 actual work weeks left before our target adjournment, the sooner we can began to move, the greater chances of having a thorough debate and passing the must-do legislation behind today's hearing. The FCRA has served our country well over the past 33 years. Indeed, as a result of the statue, the improved access to consumers' previous credit-related behavior has allowed creditors all over the country to extend credit more quickly and priced on appropriate risk. People with low-credit risks as a result of FCRA can now get lower rates and those with higher risks can now get credit with higher rates when previously they would have probably just been denied any credit at all. In addition, we no longer have to wait days and days or even weeks to get credit decisions. We can get them instantaneously. Furthermore, credit scoring models have taken much of the arbitrariness and guess work out of extending credit. All of this makes our economy more efficient saving time and allowing us to allocate the costs of borrowing appropriately. Mr. Chairman, I believe we should do everything we can to bolster the system we have in place today. I hope as we reexamine the FCRA we will be careful to take no actions that would undermine or limit the effective and appropriate sharing of credit information. I also hope that we would make sure that consumers have full information about and absolute control over their personal credit information. We should also ensure that there are appropriate privacy safeguards under our law. I commend you for your leadership on this issue, Mr. Chairman, as well as others on our Committee such as Senator Tim Johnson who has taken an active interest and has his own legislation dealing with FCRA. I look forward to working with all of my colleagues as we take up the reauthorization of the expiring provisions of the FCRA and I look forward to our FTC witness, before us today. Thank you. ---------- PREPARED STATEMENT OF J. HOWARD BEALES, III Director, Bureau of Consumer Protection, U.S. Federal Trade Commision May 15, 2003 Introduction Mr. Chairman and Members of the Committee, my name is Howard Beales, and I am Director of the Bureau of Consumer Protection of the Federal Trade Commission (Commission or FTC). I am pleased to have this opportunity to provide background on the Fair Credit Reporting Act (FCRA).\1\ The Commission has played a central role in interpreting and enforcing the FCRA since the law was enacted in 1970. I appreciate the opportunity to discuss the FCRA and its role in regulating credit report information. --------------------------------------------------------------------------- \1\ While the views expressed in this statement represent the views of the Commission, my oral presentation and responses to questions are my own and do not necessarily reflect the views of the Commission or any individual Commissioner. --------------------------------------------------------------------------- Consumer Credit Reporting The development of consumer credit was a phenomenon of the post- World War II years. Prior to that time, consumer credit relationships were largely personal because many consumers lived in one place all their lives and dealt only with local merchants and banks. After World War II, the American population grew and became vastly more mobile. Consumer credit also exploded for many reasons, including pent-up demand for consumer goods and services and fading of the cash-only Depression psychology. At the same time there was an increased demand for homeownership. In response, the Government supported the growth of a long-term consumer credit market. For all these reasons, the amount of consumer credit outstanding has grown exponentially.\2\ Indeed, consumer spending accounts for over two-thirds of U.S. gross domestic product and consumer credit markets drive U.S. economic growth.\3\ --------------------------------------------------------------------------- \2\ In 1946, the beginning of the post-war period, total outstanding consumer credit stood at $55 billion; by 1970, the time of enactment of the FCRA, it had grown to $556 billion. [Figures adjusted for inflation.] Today it is $7 trillion. See Fred H. Cate, Robert E. Litan, Michael Staten, and Peter Wallison, ``Financial Privacy, Consumer Prosperity, and the Public Good: Maintaining the Balance,'' AEI-Brookings Joint Center for Regulatory Studies, March 2003, at 1. \3\ Id. at 8. --------------------------------------------------------------------------- The credit reporting industry developed in tandem with the burgeoning of consumer credit. Early on, credit reporting was local or regional and relatively unsophisticated; the amount of information collected was limited and not standardized. Credit bureaus (consumer reporting agencies) \4\ manually recorded consumer information on index cards, updated irregularly, and often retained indefinitely. Over time, however, small credit bureaus grew to become large repositories of information on consumers.\5\ --------------------------------------------------------------------------- \4\ ``Consumer reporting agency'' is the term used in the FCRA, and reflects the fact that consumer information is collected and reported for a variety of purposes in addition to credit transactions. In common terminology, however, the agencies are known as ``credit bureaus'' or ``credit reporting agencies.'' (Similarly, ``credit report'' and ``credit history'' are commonly used nontechnical terms for ``consumer report.'') The term ``repository'' is most often reserved for the large, national bureaus that collect and store information on over 190 million consumers. The ``repository'' agencies, in turn, are sometimes referred to as the ``big three,'' in recognition of the three major companies that have predominated for several years--Equifax, Experian, and TransUnion. A fourth company, Innovis Data Services (an affiliate of CBC Companies), also maintains ``a national database of consumers with unfavorable current or past credit histories.'' See http:// www.innovis-cbc.com/products.htm. \5\ For a more complete recitation of the early history of the consumer reporting industry, see Retail Credit Co., 92 F.T.C. 1 at 134- 36 (1978). --------------------------------------------------------------------------- Today, the credit reporting system, consisting primarily of three main credit bureau repositories, contains data on as many as 1.5 billion credit accounts held by approximately 190 million individuals.\6\ Creditors and others voluntarily submit this information to centralized, nationwide repositories. Lenders analyze this data and other information to develop sophisticated predictive models to assess risk, as reflected in the consumer's credit score.\7\ The flow of information enables credit grantors to make more expeditious and accurate credit decisions, which benefits consumers as a whole. These benefits are illustrated by a study of credit bureau files that found that nearly 20 percent of the currently reported active accounts had been open for less than 12 months.\8\ --------------------------------------------------------------------------- \6\ See ``An Overview of Consumer Data and Credit Reporting,'' Federal Reserve Bulletin, February 2003, at 49. \7\ Scoring products are based on analyses of historical consumer credit data, which allow creditors to develop models that help them predict the risk of default of a particular consumer. (The products are thus sometimes referred to as ``risk scores'' or ``credit scores.'') When the consumer applies for credit or other goods or services, the scoring programs that are developed from the complex analysis of past data compare the scoring factors to the individual information of the particular consumer, with the result reflected in a score that is generated for that application. \8\ See ``An Overview of Consumer Data and Credit Reporting,'' Federal Reserve Bulletin, February 2003, at 52, table 2 (``All credit accounts and balances. . .''). --------------------------------------------------------------------------- The modernization of credit reporting has played a key role in providing American consumers rapid access to consumer credit. It was not that many years ago that applying for credit required a personal visit to a loan officer. The loan officer, if he did not know you personally, contacted your references, including other creditors, before making a decision on your application. If you were new to the community or applying for credit for the first time, you might get turned down or be approved for only a small, entry-level loan. The decision would often take days and would be based solely on the judgment of the loan officer. By contrast, consumers today can use the Internet from the comfort of their home to comparison shop for a wide array of credit products and get a virtually instantaneous offer, including rate and other terms. Or, they can obtain a five-figure loan from an auto dealer they have never been to before and drive a car away from the showroom the same day. In each instance, their eligibility for the lowest rate or most favorable terms depends on a sophisticated credit scoring system that produces rapid, reliable scores based on information from a consumer report. Chairman Greenspan of the Board of Governors of the Federal Reserve System put it well when he recently testified that ``. . .there is just no question that unless we have some major sophisticated system of credit evaluation continuously updated, we will have very great difficulty in maintaining the level of consumer credit currently available because clearly, without the information that comes from various credit bureaus and other sources, lenders would have to impose an additional risk premium because of the uncertainty before they make such loans or may, indeed, choose not to make those loans at all. So it is clearly in the interests of consumers to have information continuously flowing into these markets. It keeps credit available to everybody, including the most marginal buyers. It keeps interest rates lower than they would otherwise be because the uncertainties which would be required otherwise will not be there.'' \9\ --------------------------------------------------------------------------- \9\ Remarks following testimony by Alan Greenspan, Chairman of the Board of Governors of the Federal Reserve System, April 30, 2003, House Financial Services Committee, at 12. --------------------------------------------------------------------------- Before describing some of the primary elements of the FCRA, let me describe briefly how the consumer reporting system works in this country today. Creditors voluntarily report account histories to consumer reporting agencies.\10\ Typically, creditors report full account payment information, both ``positive'' information that the account is current, as well as ``negative'' information, such as delinquencies and collection accounts.\11\ This contrasts with practices in some other countries (and, indeed, with some credit bureaus in the early years of their development in this country) where only negative payment history is reported.\12\ --------------------------------------------------------------------------- \10\ Each of the three national credit reporting companies receives more than 2 billion items of information each month. See ``An Overview of Consumer Data and Credit Reporting,'' Federal Reserve Bulletin, February 2003, at 49. \11\ Although the majority of creditors report full account information, some types of accounts are typically reported only when the payment history turns negative, most often when the debt is transferred to a debt collector. Accounts related to medical debts, telecommunications, and power companies are the most common examples. See ``An Overview of Consumer Data and Credit Reporting,'' Federal Reserve Bulletin, February 2003, at 50, 68. To the extent that consumers have positive payment history only from nontraditional credit such as rent and utilities, this may limit their access to credit. \12\ See, e.g., The World Bank, ``World Development Report 2002,'' at 95 (2002); John M. Barron and Michael Staten, ``The Value of Comprehensive Credit Reports: Lessons from the U.S. Experience,'' at 14, available online at http://www.privacyalliance.org/resources/ staten.pdf (2000) (comparing the United States comprehensive credit reporting system to the Australian negative-information-only system). --------------------------------------------------------------------------- Although the credit reporting industry has developed uniform reporting formats and methods,\13\ not all creditors necessarily report to all major repositories. Moreover, credit reporting agencies have different schedules and procedures to augment individual consumer files with updated data from creditors. Consumer reporting agencies also obtain information from other sources, such as public record data. For all of these reasons, at any given point in time, each of the credit reports on an individual as supplied by the three major repositories may contain somewhat different information.\14\ As a result, in the residential mortgage market, for example, creditors use credit reports produced by resellers who consolidate the data available from the three major repositories. --------------------------------------------------------------------------- \13\ See http://www.cdiaonline.org/data.cfm for information on the uniform reporting format utilized by most creditors and other furnishers of information to consumer reporting agencies. \14\ See ``An Overview of Consumer Data and Credit Reporting,'' Federal Reserve Bulletin, February 2003, at 50-51, 70-71. --------------------------------------------------------------------------- When a consumer applies for credit, lenders obtain consumer reports by providing identifying information on the consumer to the credit bureau. The credit bureau provides a full report listing all accounts and payment histories and/or a credit score, which is a numerical classification based on information in the consumer report.\15\ The credit agencies also handle other functions (including those required by the FCRA, such as responding to consumer disputes) through uniform industry processes.\16\ The importance of these additional functions has grown along with concerns about identity theft,\17\ because credit reporting agencies play a major role in limiting the damage and correcting the fraudulent records that identity thieves leave behind. --------------------------------------------------------------------------- \15\ Between 2 and 3 million consumer reports are issued by credit bureaus each day. See http://www.cdiaonline.org/about.cfm. For a brief description of scores, see Note 7, supra. \16\ The Consumer Data Industry Association (CDIA) is a trade association for major consumer reporting agencies. Among other steps to promote standardized automated procedures between and among consumer reporting agencies and furnishers of information to agencies, CDIA oversees a system for credit bureaus to forward consumer disputes to furnishers for investigation. Disputes are forwarded on standardized Automated Consumer Dispute Verification (ACDV) forms. The system now has a web-based component, E-OSCAR, that is intended to further enhance the flow of consumer disputes, update information, and other data. The automated dispute system not only provides a uniform format for conveying the disputes, it also serves an implicit authenticating function--a creditor who receives a consumer dispute via the system knows that the forwarding entity has been approved by CDIA for use of the system. \17\ Identity theft occurs when someone commits fraud by using another person's identifying information, such as date of birth, Social Security number, or credit account numbers. The fraud could include applying for or using credit in another's name, obtaining bank loans, employment, utility services (including cell phones), or similar illegal conduct in the ``true name'' identity of the consumer whose information was misappropriated. --------------------------------------------------------------------------- FCRA Overview Background Along with the growth of consumer credit, and the parallel development of consumer reporting agencies, concerns began to surface about the treatment of consumer information in credit reporting. The credit reporting industry had evolved piecemeal, and there was little consistency in methods of data collection or, before the FCRA, standards of retention or accuracy. For example, there were no Federal legal restrictions on access to consumer credit data, so reporting agencies were free to share a wide range of information with credit grantors and others, without regard to the purpose for which the information was sought. Consumer awareness of credit reports was low due, in part, to the fact that users of reports were contractually prohibited by credit bureaus from disclosing the reports to consumers.\18\ Even if a consumer could learn what was in his or her credit report, there was no way for the consumer to challenge erroneous information. --------------------------------------------------------------------------- \18\ Congress was especially concerned about this lack of awareness in the context of ``investigative consumer reports''--reports on a consumer's character, general reputation, personal characteristics, or mode of living, obtained through personal interviews with neighbors, friends, or associates of the consumer--and thus provided special notice and disclosure requirements, together with other provisions, for investigative reports. Section 606 of the FCRA; 15 U.S.C. Sec. 1681d. --------------------------------------------------------------------------- In response to rising concerns about the consumer reporting system, and recognizing its importance to business and consumers, Congress held hearings that resulted in passage of the FCRA to provide a framework for the industry and to secure protections for consumers. In enacting the FCRA, Congress specifically recognized that consumer credit ``is dependent upon fair and accurate credit reporting.'' \19\ --------------------------------------------------------------------------- \19\ Section 602(a)(1), the Congressional findings and statement of purpose for the FCRA. 15 U.S.C. Sec. 1681(a)(1). --------------------------------------------------------------------------- The 1970 FCRA imposed duties primarily on consumer reporting agencies, with very limited requirements on those that use credit reports, and no provisions aimed at those who furnished information to the reporting agencies. The consumer reporting industry and the consumer credit economy changed tremendously in the decades following the enactment of the FCRA. The computerization of credit histories into vast databases accelerated markedly. The industry further consolidated, eventually comprising three major credit bureau repositories that maintain large, automated databases of consumer information, and a limited number of other agencies.\20\ Logistical challenges associated with increased computerization and further changes in the industry led to an increase in complaints about mixed files--inclusion in a single file of information belonging to two or more different individuals--and other consumer report inaccuracies. More generally, the American public has become increasingly aware of privacy issues related to personal information. --------------------------------------------------------------------------- \20\ At present, the three largest bureaus are TransUnion, Experian (formerly owned by TRW), and Equifax. Although some local bureaus still remain, most are affiliated in some fashion with one of the ``big three'' repositories. The industry has also witnessed the emergence of companies that collect and report specialized information such as check writing histories, rental records, and employment applications. The 1990's saw the growth of ``resellers,'' consumer reporting agencies that purchase consumer information from one or more of the major repositories and then resell it, usually after reformatting, categorizing, or otherwise treating the information. All of these entities are covered by the FCRA. --------------------------------------------------------------------------- In 1996, after several years of legislative consideration, Congress passed significant amendments to the FCRA. The amendments built on the core elements of the original FCRA and provided added protections to consumers in several key areas. The amendments also permitted greater sharing of consumer report information by affiliated companies under certain conditions,\21\ and granted more flexibility to creditors and insurers in making prescreened offers, for example, obtaining lists of consumers based on consumer report information, in order to make offers of credit or insurance to consumers who the offeror deems qualified.\22\ Let me briefly review some of the important elements of the FCRA as it stands today, 33 years after its original passage. --------------------------------------------------------------------------- \21\ Section 603(d)(2)(A)(iii) exempts from the FCRA communication of information among affiliates, if it is clearly and conspicuously disclosed to the consumer that the information may be communicated and the consumer is given the opportunity to opt out of such information sharing. 15 U.S.C. Sec. 1681a(d)(2)(A)(iii). \22\ Prescreened offers, which are discussed in more detail below, are unsolicited ``firm offers'' of credit or insurance that are based on information from consumer reports. Generally they take the form of lists of consumers to whom credit grantors make offers of credit--the most obvious example is mailed promotions of credit cards. These lists are assembled by credit bureaus based on criteria set by the credit grantor; the bureau screens its consumer files (except those that have opted out of prescreened offers) for all consumers who meet the creditor's criteria. Generally speaking, the FCRA requires that all consumers who survive the prescreen must receive a ``firm offer'' of credit. Prescreened lists are thus an exception to the general rule that credit reports can be furnished only when a consumer initiates a transaction or has a preexisting relationship with the creditor seeking a copy of the report. See H. Rep. 103-486, 103rd Cong., 2nd Sess., 32- 33 (1994). --------------------------------------------------------------------------- Key FCRA Provisions As I discussed earlier, the FCRA establishes a framework that enables businesses to engage in the information exchanges necessary for the proper functioning of the credit markets. At the same time, it provides corresponding consumer protections in two vital areas--privacy and accuracy. It is important to keep in mind that, notwithstanding its title, the Fair Credit Reporting Act has always covered more than what are conventionally termed ``credit reports.'' It applies generally to any information collected and used for the purpose of evaluating consumers' eligibility for products and services that they want. Thus, the FCRA has always applied to insurance, employment, and other noncredit consumer transactions.\23\ The focus here will be on credit reporting, but the same basic regulatory structure applies to all consumer reports. --------------------------------------------------------------------------- \23\ ``It is the purpose of this title to require that consumer reporting agencies adopt reasonable procedures for meeting the needs of commerce for consumer credit, personnel, insurance, and other information. . .'' Section 602(b) of the FCRA; 15 U.S.C. Sec. 1681(b). --------------------------------------------------------------------------- Privacy As recognized by Congress in its initial passage of the FCRA, the confidentiality of consumer report information is a fundamental principle underlying the statute.\24\ --------------------------------------------------------------------------- \24\ The Congressional findings note the ``. . .need to insure that consumer reporting agencies exercise their grave responsibilities with fairness, impartiality, and a respect for the consumer's right to privacy.'' Section 602(a)(4); 15 U.S.C. Sec. 1681(a)(4). Under the ``reasonable procedures'' portion of the statement of purpose for the FCRA, Congress noted the importance of the ``confidentiality'' of consumer report information. Section 602(b); 15 U.S.C. Sec. 1681(b). --------------------------------------------------------------------------- Permissible purposes. The FCRA is designed to protect consumer privacy in a number of ways. Primarily, it limits distribution of credit reports to those with specific, statutorily defined ``permissible purposes.'' \25\ Generally, reports may be provided for the purposes of making decisions involving credit, insurance, or employment.\26\ Consumer reporting agencies may also provide reports to persons who have a ``legitimate business need'' for the information.\27\ Under the FCRA, Government agencies are treated like other parties--that is, they must have a permissible purpose to obtain a credit report.\28\ The written instructions of the consumer may also provide a permissible purpose for a consumer reporting agency to furnish a credit report.\29\ Under the FCRA, target marketing--making unsolicited mailings or telephone calls to consumers based on information from a credit report--is generally not a permissible purpose.\30\ In a 1992 Commission action to enforce the FCRA against a consumer reporting agency that sold target marketing lists assembled using consumer report information, the court of appeals held that ``. . .a major purpose of the Act is the privacy of a consumer's credit-related data.'' \31\ If consumer information is ``so sensitive as to rise to the level of a consumer report,'' then it must ``. . .be kept private except under circumstances in which the consumer could be expected to wish otherwise or, by entering into some relationship with a business, could be said to implicitly waive the Act's privacy to help further that relationship.'' \32\ --------------------------------------------------------------------------- \25\ What constitutes a ``consumer report'' is a matter of statutory definition (Section 603(d); 15 U.S.C. Sec. 1681a(d)) and case law. Among other considerations, to constitute a consumer report, information must be collected or used for ``eligibility'' purposes. That is, the data must not only ``bear on'' a characteristic of the consumer (such as credit worthiness, credit capacity, character, general reputation, or mode of living), it must also be used in determinations to grant or deny credit, issue insurance, make employment decisions, or make other determinations regarding permissible purposes. TransUnion Corp. v. FTC, 81 F.3d 228, 234 (D.C. Cir. 1996). \26\ Section 604(a)(3); 15 U.S.C. Sec. 1681b(a)(3). Credit reports may also be furnished for certain on-going account-monitoring and collection purposes. \27\ 15 U.S.C. Sec. 1681b(a)(3)(F). See also Note 33, infra, and text accompanying. \28\ Under Section 608 of the FCRA, Government entities may obtain limited identifying information (name, address, employer) without a ``permissible purpose.'' 15 U.S.C. Sec. 1681f. The FCRA, additionally, now contains express provisions on Government use of consumer reports for counterintelligence and counter-terrorism. Sections 625 and 626, respectively; 15 U.S.C. Sec. Sec. 1681u, 1681v. \29\ Other permissible purposes specified in the FCRA include (1) in response to an order of a court or a Federal grand jury subpoena; (2) in connection with a determination of the consumer's eligibility for a license or other benefit granted by a governmental instrumentality required by law to consider an applicant's financial responsibility or status; and (3) in response to a request by the head of a State or local child support enforcement agency if the person making the request certifies to the credit bureau that certain conditions are met (and in certain other child support circumstances). Section 604(a); 15 U.S.C. Sec. 1681b(a). \30\ Prescreening, discussed more fully below at notes 35-41 and accompanying text, is a form of target marketing for firm offers of credit or insurance, for which the FCRA now provides an explicit permissible purpose keyed to adherence to statutory procedures, including affording consumers the opportunity to opt out of future prescreened solicitations. See also Note 22, supra. \31\ TransUnion Corp. v. FTC, 81 F.3d 228, 234 (D.C. Cir. 1996). The TransUnion case has a long history. The Commission issued an administrative complaint in 1992, and a Commission administrative law judge (ALJ) granted summary judgment to complaint counsel, and was affirmed by the full Commission. 118 F.T.C. 821 (1994). On appeal, the case was remanded back to the ALJ for a trial. TransUnion Corp. v. FTC, 81 F.3d 228 (D.C. Cir. 1996). After a trial, the ALJ issued another decision in the Commission's favor, which was affirmed by the full Commission.____F.T.C.____ (2000). This decision was affirmed by the U.S. Court of Appeals for the D.C. Circuit, and certiorari was denied by the Supreme Court. TransUnion Corp. v. FTC, 245 F.3d 809, reh. denied 267 F.3d 1138 (D.C. Cir. 2001), cert. denied, 122 S. Ct. 2386 (June 10, 2002). \32\ Id. --------------------------------------------------------------------------- The 1996 Amendments added provisions that reflected Congress' awareness of increased public concern about the privacy of personal information. For example, Congress added, for the first time, an express provision stating that the ``legitimate business need'' permissible purpose requires that the transaction be ``initiated by the consumer.'' \33\ Congress also added express language prohibiting any person from obtaining a consumer report without a permissible purpose.\34\ --------------------------------------------------------------------------- \33\ Section 604(a)(3)(F)(i); 15 U.S.C. 1681b(a)(3)(F)(i). The review of an account ``to determine whether the consumer continues to meet the terms of the account'' supplies the other ``legitimate business need'' of this permissible purpose. Section 604(a)(3)(F)(ii); 15 U.S.C. 1681b(a)(3)(F)(ii). \34\ The 1970 FCRA prohibited consumer reporting agencies from furnishing consumer reports to those who do not have a permissible purpose, but there was no analogous provision aimed at those who obtained consumer reports (with the exception of a criminal provision imposed on those who obtained information on a consumer ``under false pretenses.'' Section 619, 15 U.S.C. Sec. 1681q). --------------------------------------------------------------------------- Consumer right to opt out of prescreening. The 1996 Amendments also added an express permissible purpose for prescreening. As noted above, prescreened offers are unsolicited offers of credit or insurance that are made (typically in mass mailings) to consumers who were selected for the offer based on information in their credit reports. Prior to the 1996 Amendments, the FCRA did not specifically address the use of consumer reports for such unsolicited offers. The Commission, however, had issued an interpretation of the FCRA in 1973 that permitted the use of consumer reports by creditors for unsolicited offers of credit if creditors followed guidelines set forth in the Commission's interpretation.\35\ Those guidelines required every consumer on any list resulting from the use of consumer reports to receive a firm offer of credit--for example, the offer must be unconditional; all the consumer had to do to receive the credit was to accept the offer. --------------------------------------------------------------------------- \35\ 16 CFR Sec. 600.5 (withdrawn in 1990 when the Commission Commentary was published; see notes 52-53, infra). The Commission's rationale for permitting prescreening was that the minimal invasion of consumer privacy involved in prescreening was offset by the fact that every consumer received an offer of credit. The four banking regulatory agencies also interpreted the FCRA to sanction prescreening for the entities under their jurisdiction. --------------------------------------------------------------------------- In the 1996 Amendments, Congress added a number of provisions to the FCRA to provide an explicit statutory framework for prescreening.\36\ The legislative process leading to the 1996 Amendments included an extensive consideration of prescreening issues. Congress ultimately chose to permit prescreening for both credit and insurance purposes, and to permit certain postscreening \37\ to protect the safety and soundness of the financial industry. --------------------------------------------------------------------------- \36\ Sections 603(l); 604(c) and (e); and 615(d); 15 U.S.C. Sec. Sec. 1681a(l), 1681b(c) and (e), and 1681m(d), respectively. ``Firm offer of credit or insurance,'' the term used by Congress for what is commonly known as ``prescreening,'' is defined in Section 603(l), which also contains much of the operable language governing prescreening. The permissible purpose is set out in Section 604(c) and the opt out scheme is contained in Section 604(e). Section 615(d) recites the disclosures required of those who use consumer reports to make prescreened offers. See H. Rep. 103-486, 103rd Cong., 2nd Sess., 32 (1994)(``The bill permits a consumer reporting agency to furnish limited information, commonly referred to as a prescreened list, in connection with such transactions only if the transaction consists of a `firm offer of credit,' the consumer reporting agency has established a notification system whereby consumers can opt out to have their names excluded from consideration from such offers of credit, and the consumer has not elected to be so excluded. Under the bill, a prescreened list, furnished by a consumer reporting agency in connection with a credit transaction that is not initiated by the consumer, may contain only certain types of information.''). \37\ Section 603(l) limits permissible postscreening to verifying that consumers continue to meet the criteria used in the prescreening and to verify any application information (such as income or employment) that is used in the process of granting credit or insurance. Credit grantors are also permitted to require that consumers furnish collateral so long as the collateral requirement is established before the prescreening is conducted and is disclosed to the consumer in the solicitation that results from the prescreening. 15 U.S.C. Sec. 1681a(l). See also H. Rep. 103-486, 103rd Cong., 2nd Sess., 33 (1994)(``The Committee recognizes that the furnishing of consumer reports for such credit solicitation is an exception to the general rule in Section 604(a)(3)(A) that consumer reports may be furnished by consumer reporting agencies only for credit transactions that are initiated by the consumer. Consequently, the Committee has established a special rule which permits the furnishing of consumer reports by a consumer reporting agency for credit transactions not initiated by the consumer, but only if the agency complies with strict limitations to ensure privacy protections for consumers. This special rule is a liberalization of an FTC interpretation of the FCRA.''). --------------------------------------------------------------------------- At the same time, Congress provided an important mechanism for consumers to safeguard their privacy. Every written prescreened offer must provide notice of the consumer's right to ``opt out'' of future prescreen lists.\38\ Credit bureaus must have a system, including a toll-free telephone number, that consumers can use to opt out,\39\ and they cannot include consumers who opt out on any subsequent prescreened list.\40\ The FCRA requires nationwide bureaus to maintain an opt out notification system, so that a notification by a consumer to one bureau is sufficient to have the consumer excluded from prescreened offers at all of the bureaus.\41\ --------------------------------------------------------------------------- \38\ Section 615(d) requires that written prescreen offers make a clear and conspicuous statement that (i) information in the consumer's credit report was used in the prescreen; (ii) the consumer was selected because the consumer met criteria for credit worthiness or insurability; (iii) the credit or insurance may not be extended if, after the consumer responds to the offer, the consumer does not continue to meet the criteria used to select the consumer for the offer; (iv) the consumer has the right to opt out of further unsolicited offers; and (v) the methods by which the consumer can notify the credit bureau of a decision to opt out. 15 U.S.C. Sec. 1681m(d). \39\ Section 604(e)(5); 15 U.S.C. Sec. 1681b(e)(5). \40\ Section 604(c)(1)(B)(iii); 15 U.S.C. Sec. 1681b(c)(1)(B)(iii). \41\ Section 604(d)(6); 15 U.S.C. Sec. 1681b(d)(6). The opt out is effective for 2 years if conveyed by telephone, or permanently (unless revoked) if conveyed in writing. Section 604(d)(4)(B); 15 U.S.C. Sec. 1681b(d)(4)(B). --------------------------------------------------------------------------- Accuracy Credit report accuracy was, and remains, a core goal of the FCRA. Because even small differences in a consumer's credit score can influence the cost or other terms of the credit offer, or even make the difference between getting approved or denied, accuracy of the information underlying the score calculation is paramount. Accurate reports benefit not only consumers but also credit grantors, who need accurate information to make optimal decisions. These considerations provide significant incentives for all parties to maintain a high level of accuracy in consumer credit files. Congress recognized, however, that decisions based on inaccurate information can impose potentially severe consequences to individual consumers. Consequently, Congress enacted the FCRA accuracy protections.\42\ --------------------------------------------------------------------------- \42\ Section 602(a)(1) of the FCRA, Congressional findings and statement of purpose, notes that ``Inaccurate credit reports directly impair the efficiency of the banking system. . ..'' 15 U.S.C. Sec. 1681(a)(1). --------------------------------------------------------------------------- The FCRA uses two major avenues to achieve the goal of optimal accuracy. First, it provides that consumer reporting agencies must follow ``reasonable procedures to assure maximum possible accuracy of the information'' they report.\43\ Second, the FCRA establishes mechanisms for consumers to learn about possible errors in their credit reports and have them corrected. The statute gives consumers both the right to know what information the credit bureau maintains on them, and the right to dispute errors. --------------------------------------------------------------------------- \43\ By its terms therefore (``reasonable procedures. . .maximum possible accuracy''), the statute itself recognizes that absolute accuracy is impossible. Section 607(b); 15 U.S.C. Sec. 1681e(b). Pragmatic consideration of the large volume of data that credit bureaus must store and process also bears on this issue. See Notes 2, 5, 6, 10 and 15, supra, and text accompanying. --------------------------------------------------------------------------- Consumer right to know. Under Section 609 of the FCRA, consumers have a right to know all information in their files (except risk scores) upon request and proper identification. They also have the right to learn the identity of all recipients of their report for the last year (2 years in employment cases).\44\ In addition, the consumer's right to learn about and dispute inaccuracies is facilitated by the FCRA's ``adverse action'' notice requirements. Adverse action notices--sometimes called ``Section 615 notices''--are a key mechanism for maintaining accuracy. Since 1970, the FCRA has required that when credit is denied based, even in part, on a consumer report (or, in some cases, when the consumer is offered less-advantageous terms than would be the case in the absence of the consumer report information), the creditor must notify the consumer and provide certain key information, including (1) the identity of the consumer reporting agency from which the creditor obtained the report; (2) the right to obtain a free copy of the report; and (3) the right to dispute the accuracy of information in the report.\45\ --------------------------------------------------------------------------- \44\ 15 U.S.C. Sec. 1681g. \45\ Section 612 provides that consumer reporting agencies must make free disclosure if a consumer makes a request within 60 days of receipt of an adverse action notice, and may charge a maximum of $8 in other cases. 15 U.S.C. Sec. 1681j. The Commission is charged in the FCRA with modifying the maximum amount, based proportionally on changes in the Consumer Price Index. The latest annual finding on the matter raised the maximum allowable charge to $9. 67 Fed. Reg. 77282 (Dec. 17, 2002); see also http://www.ftc.gov/opa/2002/12/fyi0265.htm. --------------------------------------------------------------------------- Under the 1970 FCRA, adverse action notices were required only when consumer reports were used for credit, insurance, or certain employment purposes. In the 1996 Amendments, Congress broadened the circumstances under which adverse action notices are required in connection with insurance and employment decisions. It also required notices of adverse action when consumer reports are used in other situations, such as opening savings or checking accounts, apartment rentals, and retail purchases by check.\46\ --------------------------------------------------------------------------- \46\ In the original FCRA, adverse action notices were required only when ``credit or insurance. . .or employment. . .is denied or the charge for such credit or insurance is increased. . ..'' After changes enacted in the 1996 Amendments, adverse action for purposes of credit transactions is tied to the interpretation of ``adverse action'' in the Equal Credit Opportunity Act. For use of consumer reports in insurance, the scope of ``adverse action'' was expanded to include ``a denial or cancellation of, an increase in any charge for, or a reduction or other adverse or unfavorable change in the terms of coverage or amount of, any insurance, existing or applied for. . ..'' Similar expansion of the scope of ``adverse action'' was enacted for employment purposes (``a denial of employment or any other decision for employment purposes that adversely affects any current or prospective employee'') and other permissible purposes. See Section 603(k); 15 U.S.C. 1681a(k). --------------------------------------------------------------------------- The Commission believes that the ``self-help'' mechanism embodied in the FCRA's scheme of adverse action notices and the right to dispute is a critical component in the effort to maximize the accuracy of consumer reports. Consumers are most likely to recognize the errors in their credit history and are more highly motivated to raise their concerns once they know that an adverse action was based on their credit report. The Commission has given high priority to assuring compliance with this provision.\47\ --------------------------------------------------------------------------- \47\ See, e.g., Quicken Loans Inc., D-9304 (April 8, 2003) at Note 67, infra, and text accompanying. --------------------------------------------------------------------------- Consumer dispute rights. The consumer initiates a dispute by notifying the consumer reporting agency of an error in the completeness or accuracy of any item of information contained in the file. The consumer reporting agency must reinvestigate the dispute, generally within 30 days, record the current status of the information and delete it if it is found to be inaccurate or unverifiable. The consumer reporting agency is required to provide ``all relevant information'' to the original furnisher of the disputed information, to help ensure that the furnisher fully investigates the dispute. The agency must report the results of the investigation to the consumer. If the investigation does not resolve the dispute, the consumer may file a statement with his or her version of the facts, which must then be furnished with the credit report. For the first time, the 1996 Amendments imposed certain accuracy and reinvestigation duties on furnishers of information to credit bureaus. These requirements recognize that furnishers--the original source of the information--have a critical role to play in the overall accuracy of consumer report information. The 1996 Amendments also sought to address the problem of recurring errors by prohibiting consumer reporting agencies from reinserting into a consumer's credit file previously deleted information without first obtaining a certification from the furnisher that the information is complete and accurate, and then notifying the consumer of the reinsertion. Other important FCRA provisions. Under the FCRA, adverse items of information may, with certain exceptions, be reported for only 7 years. The 1996 Amendments clarified the date from which the 7 years should be calculated. The 1996 Amendments expanded the obligations of certain users of consumer reports. In the employment context, these changes were quite significant; they include requirements that an employer obtain the consent of a job applicant or current employee before obtaining a consumer report and, before taking adverse action based on the report, provide a copy of it to the individual.\48\ --------------------------------------------------------------------------- \48\ Because the new employer obligations imposed by the 1996 Amendments apply also to investigative consumer reports and Congress removed a prior exemption for use of investigative reports in certain employment circumstances, employers may encounter difficulties when using outside entities to assist by preparing reports based on interviews in investigations of alleged workplace misconduct. Concerns arose because such investigations might be hampered by FCRA obligations, such as the requirement that an employer obtain the authorization of an employee before obtaining a consumer report, and the requirement that the employee be provided a copy of the report before the employer can take adverse action. Several Congressional proposals to amend the FCRA to meet the workplace investigation concerns have been introduced. In 2000, the Commission commented (see http://www.ftc.gov/os/2000/03/ltrpitofskysessions.htm) and testified with respect to one such proposal (see http://www.ftc.gov/os/2000/05/ fcratest imony.htm). The Commission remains of the opinion that a legislative remedy of the type endorsed by the Commission in 2000 is the most appropriate response to these concerns. --------------------------------------------------------------------------- The 1996 Amendments also made changes in the relationship between the FCRA and State laws. As originally enacted in 1970, the FCRA provided that the Federal statute did not exempt persons from complying with State laws ``with respect to the collection, distribution, or use of any information on consumers, except to the extent that those laws are inconsistent'' with the FCRA. The 1996 Amendments retained this language, but significantly modified the provision to preempt State laws in certain specified areas covered by the amended FCRA.\49\ --------------------------------------------------------------------------- \49\ Thus, both before and after the 1996 preemptions, States were free to legislate in areas covered by the FCRA but not specifically preempted. See, e.g., Colo. Rev. Stat. Sec. 12-14.3-104 (providing for free annual credit reports). --------------------------------------------------------------------------- Section 624 of the FCRA (``Relation to State Laws'') now provides that no State laws may be imposed in the areas of (i) prescreening (including the definition of the term ``firm offer of credit or insurance'' and the disclosures which must be made in connection with prescreened offers), (ii) the time within which a consumer reporting agency must complete its investigation of disputed information, (iii) the adverse action notice requirements of Section 615, (iv) the obsolescence limitations and other provisions of Section 605, (v) furnisher obligations under Section 623, (vi) the consumer summary of rights required by Section 609(c) to be provided by consumer- reporting agencies to consumers who obtain disclosure of their files, and (vii) information sharing by affiliates.\50\ The specific preemptions are qualified in a number of respects, including specifying particular preexisting State enactments to which the preemptions do not apply.\51\ The primary proviso with respect to the preempted provisions, however, is that after January 1, 2004, States may enact laws that (i) are specifically intended to supplement the FCRA, and (ii) give greater protection to consumers than is provided under the FCRA. --------------------------------------------------------------------------- \50\ Section 624(b); 15 U.S.C. Sec. 1681t(b). \51\ Section 624(d); 15 U.S.C. Sec. 1681t(d). There is, moreover, a blanket ``grandfathering'' of State laws relating to the obsolescence limits of Section 605. Section 624(b)(1)(E); 15 U.S.C. Sec. 1681t(b)(1)(E). An example is N.Y. Gen. Bus. L. Sec. 380- j(f)(1)(ii)(paid judgments may not be reported for more than 5 years). --------------------------------------------------------------------------- Finally, other significant additions of the 1996 Amendments include authorizing States to enforce the FCRA, and adding civil penalty authority for the Federal Trade Commission. FTC Interpretive Guidance and Enforcement When it enacted the FCRA in 1970, Congress provided that the Commission would be the principal agency to enforce the statute. To help foster understanding and ensure compliance with the law, the Commission engaged in extensive business education and guidance, including, in the first two decades, publishing over 350 staff opinion letters, a staff guidance handbook, and six formal Commission interpretations.\52\ All of this material was then brought together in the Commission's 1990 Commentary on the FCRA.\53\ The Commentary was well received and has served as a valuable explanatory and enforcement guide to industry and other affected parties. It also has assisted the staffs of the Commission and other regulatory agencies in interpreting the Act efficiently and consistently. --------------------------------------------------------------------------- \52\ The interpretations were published at 16 CFR Sec. 600 and were withdrawn when the Commission published the 1990 Commentary. \53\ 55 Fed. Reg. 18804 (May 4, 1990). The 1990 Commentary was the culmination of a proposal published in August 1988 and the Commission's review of over 100 submissions it received in response to its request for public comments on that proposal. 53 Fed. Reg. 29696 (August 8, 1988). --------------------------------------------------------------------------- After the 1996 Amendments, the Commission intensified its long- standing program of consumer and industry education.\54\ In view of the extension of enforcement authority to the States, the Commission conducted a nationwide series of training sessions on the FCRA for State officials. The Commission's informal guidance expanded to meet the interpretive needs prompted by the amendments. As one result of that effort, the Commission staff published an additional 85 opinion letters. The letters can be found on the Commission's website, which also features easy access to other useful FCRA information for both business and consumers.\55\ The Commission and its staff maintain active participation in many industry and consumer outreach efforts and respond daily to callers with FCRA questions.\56\ --------------------------------------------------------------------------- \54\ The Commission also drafted and published language for the three notices required by the 1996 Amendments to be distributed by credit bureaus: (1) a notice to consumer report users of their FCRA responsibilities; (2) a notice to furnishers explaining their new obligations; and (3) a notice to consumers, describing their FCRA rights, which must be included with any credit report requested by the consumer. The Commission believes that Congress' aim in requiring these notices has been achieved--the notices seem to be effective in conveying to consumers and businesses their rights and obligations under the Act. \55\ See, e.g., the Commission's FCRA ``home page,'' http:// www.ftc.gov/os/statutes/fcrajump.htm, and plain-English consumer information, http://www.ftc.gov/bcp/conline/edcams/fcra/index.html. \56\ To achieve compliance, the Commission has also periodically worked with industry and self-regulatory groups where appropriate. --------------------------------------------------------------------------- Current interpretive efforts at the Commission are focused on a revision to the 1990 Commentary.\57\ The passage of time generally, and the 1996 Amendments specifically, have rendered the 1990 Commentary partly obsolete. The new Commentary will draw on the staff opinion letters that post-dated the 1990 effort, as well as other Commission enforcement and interpretive experience. --------------------------------------------------------------------------- \57\ See Commission press release at http://www.ftc.gov/opa/2003/ 01/fyi0302.htm, and ``Notice of intent to request public comments'' at http://www.ftc.gov/os/2003/01/16cfr1frn.htm. --------------------------------------------------------------------------- Over the entire period of the FCRA, the Commission has engaged in extensive consumer education.\58\ The Commission continues to regard consumer education as particularly vital to the FCRA because the statute contains self-enforcing elements, such as the right to dispute inaccurate or incomplete information. --------------------------------------------------------------------------- \58\ Over the past 7 years, 3.9 million of the five most popular FCRA brochures were distributed by the Commission. The information is duplicated on the Commission's web site, where the same brochures have registered over 1.6 million visits during the past 5 years. FCRA brochures such as ``Building a Better Credit Record,'' ``How to Dispute Credit Report Errors,'' and ``Fair Credit Reporting'' have each been distributed in numbers exceeding 100,000 per year over the past 5 years. --------------------------------------------------------------------------- The Commission has also brought a number of formal actions to enforce the FCRA. These actions have included cases to ensure (1) compliance with the adverse action notice requirements on the part of creditors \59\ and employers; \60\ (2) compliance with privacy and accuracy requirements by the major nationwide credit bureaus; \61\ (3) compliance by resellers of consumer reports (agencies that purchase consumer reports from the major bureaus and resell them); \62\ as well as cases addressing a number of other FCRA issues.\63\ --------------------------------------------------------------------------- \59\ Hospital & Health Services Credit Union, 104 F.T.C. 589 (1984); Associated Dry Goods, 105 F.T.C. 310 (1985); Wright-Patt Credit Union, 106 F.T.C. 354 (1985); Federated Department Stores, 106 F.T.C. 615 (1985); Winkleman Stores, Civ. No. C 85-2214 (N.D. Ohio 1985); Strawbridge and Clothier, Civ. No. 85-6855 (E.D. Pa. 1985); Green Tree Acceptance, Civ. No. CA 4 86 469 K (M.D. Tex. 1988); Quicken Loans Inc., D-9304 (April 8, 2003). See also, Aristar, Civ. No. C-83-0719 (S. D. Fla. 1983); Allied Finance, Civ. No. CA3-85-1933F (N.D. Texas 1985); Norwest Financial, Civ. No. 87 06025R (C.D. Cal. 1987); City Finance, Civ. No. 1:90-cv-246-MHS (N.D. Ga. 1990); Tower Loan of Mississippi, Civ. No. J90-0447 (J) (S.D. Miss. 1990); Barclay American Corp., Civ. No. C-C-91-0014-MU (N.C. 1991); Academic International, Civ. No. 91-CV- 2738 (N.D. Ga. 1991); Bonlar, Civ. No. 97C 7274 (N.D. Ill. 1997); Capital City Mortgage, Civ. No. 1:98CV00237 (D.D.C. 1998). \60\ Electronic Data Systems, 114 F.T.C. 524 (1991); Kobacker, 115 F.T.C. 13 (1992); Keystone Carbon, 115 F.T.C. 22 (1992); McDonnell Douglas Corp., 115 F.T.C. 33 (1992); Macy's, 115 F.T.C. 43 (1992); Marshall-Field, 116 F.T.C. 777 (1993); Bruno's, Inc., 124 F.T.C. 126 (1997); Aldi's, 124 F.T.C. 1354 (1997); Altmeyer Home Stores, Inc., 125 F.T.C. 1295 (1998). \61\ TransUnion Corp., 102 F.T.C. 1109 (1983); FTC v. TRW Inc., 784 F. Supp. 362 (N.D. Tex. 1991); TransUnion Corp. 116 F.T.C. 1357 (1993)(consent settlement of prescreening issues only in 1992 target marketing complaint; see also TransUnion Corp. v. FTC, 81 F.3d 228 (D.C. Cir. 1996) ); Equifax Credit Information Services, Inc., 130 F.T.C. 577 (1995). Each of these ``omnibus'' orders differed in detail, but generally covered a variety of FCRA issues including accuracy, disclosure, permissible purposes, and prescreening. \62\ See I.R.S.C., 116 F.T.C. 266 (1993); CDB Infotek, 116 F.T.C. 280 (1993); Inter-Fact, Inc., 116 F.T.C. 294 (1993); W.D.I.A., 117 F.T.C.___(1994)(consents against resellers settling allegations of failure to adequately ensure that users had permissible purposes to obtain the reports). See also First American Real Estate Solutions, LLC, C-3849, January 27, 1999, 1999 FTC LEXIS 137 (consent with a reseller concerning the dispute obligations of consumer reporting agencies). \63\ Howard Enterprises 93 F.T.C. 909 (1979)(bad check lists); Equifax, Inc. (formerly Retail Credit Company), 96 F.T.C. 844 (1980)(investigative consumer reports);. MIB, Inc., d/b/a Medical Information Bureau, 101 F.T.C. 415 (1983)(prohibits a nonprofit medical reporting agency from conditioning the release of information to a consumer on his/her execution of a waiver of claims against the firm; requiring timely reinvestigations of disputed information; contact, when possible, the source(s) of disputed information or other persons identified by the consumer who may possess information relevant to the challenged data and modify its files accordingly). --------------------------------------------------------------------------- The Commission's enforcement efforts since 1996 have focused on the new requirements added by the amendments. For example, the amendments added a requirement that the nationwide credit bureaus have ``personnel accessible'' at toll-free numbers printed on a consumer's credit report.\64\ The Commission settled cases against the three major repositories charging that they failed to have adequate personnel available to answer FCRA-mandated toll-free telephone numbers. The orders required the repositories to (1) maintain adequate personnel; (2) establish auditing requirements to ensure future compliance, and (3) pay a total $2.5 million in civil penalties.\65\ The Commission also has settled cases against furnishers of information to consumer reporting agencies alleging that they reported inaccurate dates for when consumers' delinquencies had begun, with the result that adverse information remained on the consumers' reports past the 7-year limit provided by the FCRA.\66\ --------------------------------------------------------------------------- \64\ Section 609(c)(1) of the FCRA, 15 U.S.C. Sec. 1681g(c)(1), requires a consumer reporting agency that compiles and maintains files on consumers on a nationwide basis to establish a toll-free telephone number, at which personnel are accessible to consumers during normal business hours. This telephone number must be provided with each written disclosure of information in the consumer's file, by the consumer reporting agency to the consumer. \65\ Equifax, No. 1:00-CV-0087 (N.D. Ga. 2000); Experian, No. 3- 00CV0056-L (N.D. Tex. 2000); TransUnion, 00C 0235 (N.D. Ill. 2000). \66\ DC Credit Services, Inc., No. 02-5115 (C.D. Cal. 2002)(furnishing information to a consumer reporting agency knowing or consciously avoiding knowing that the information is inaccurate, failure to notify consumer reporting agencies when previously reported information is found to be inaccurate and to provide corrections, failure to provide accurate delinquency dates, failure to report accounts as ``disputed'' to consumer reporting agencies; $300,000 civil penalty); Performance Capital Management, Inc., 2:01cv1047 (C.D. Cal. 2000)(providing inaccurate delinquency dates, failure to properly investigate disputes, failure to report accounts as ``disputed'' to consumer reporting agencies; $2 million civil penalty). --------------------------------------------------------------------------- Recently, the Commission settled an action against an Internet mortgage lender that failed to give adverse action notices to consumers who did not qualify for online preapproval because of information in their credit reports.\67\ --------------------------------------------------------------------------- \67\ Quicken Loans Inc., Docket No. D-9304 (April 8, 2003); see also http://www.ftc.gov/opa/2002/12/quicken.htm. --------------------------------------------------------------------------- The Commission staff recently conducted an investigation of fifteen landlords in five cities across the United States. The staff found a high level of compliance with the adverse action requirements of the FCRA.\68\ To a significant degree, landlords do notify applicants when they turn them down for rentals based on information from a consumer report. The Commission will continue this type of compliance review in other industries, and bring law enforcement actions as appropriate. The Commission will continue to use this combination of education initiatives and vigorous enforcement to foster compliance with the FCRA. --------------------------------------------------------------------------- \68\ The Commission's January 15, 2002 press release on the investigation and resulting business education brochure can be found at http://www.ftc.gov/opa/2002/01/fcraguide.htm. --------------------------------------------------------------------------- Current Issues: The FCRA and the Expanded Use of Consumer Reports Based on the Commission's experience interpreting and enforcing the FCRA, we see several ongoing developments in the consumer reporting marketplace that may have significant impact on consumers. First, more types of businesses are using credit reports to make decisions in consumer transactions. For example, telephone service providers routinely use consumer reports to make decisions on whether to provide service and what deposit requirements (if any) to impose. Insurance companies have long considered consumer reports when underwriting homeowners and auto insurance policies. While insurers once looked primarily at consumers' claims history to determine risk of loss, it appears that they are increasingly using information from consumers' credit histories to make underwriting decisions.\69\ --------------------------------------------------------------------------- \69\ See, e.g., Sabrina Jones and Sandra Fleishman, ``One Claim Too Many? Insurance's New Policy: Use It and Lose It,'' The Washington Post, November 10, 2002, at H01; Dan Oldenburg, ``Car Insurers Take Credit Into Account,'' The Washington Post, October 15, 2002, at C10; Albert Crenshaw, ``Bad Credit, Big Premiums; Insurers Using Bill- Payment History to Help Set Rates,'' The Washington Post, June 18, 2002, at E01. --------------------------------------------------------------------------- Second, we are seeing new types of consumer credit providers and products in the marketplace. For example, the growing use of prescreened offers for marketing credit cards has led to the development of credit card banks that rely almost entirely on prescreened offers to market their cards.\70\ Prescreening, in combination with other direct marketing and advertising, has led to the widespread availability of credit cards with no annual fee and other attractive benefits, and has enhanced competition.\71\ Of course, some consumers may object to what may seem like a flood of prescreened offers in their mail boxes, or have concerns about the increased risk of identity theft that may occur in the same context. The 1996 Amendments to the FCRA allow these consumers to opt out of future offers. --------------------------------------------------------------------------- \70\ See Fred H. Cate, Robert E. Litan, Michael Staten, and Peter Wallison, ``Financial Privacy, Consumer Prosperity, and the Public Good: Maintaining the Balance,'' AEI-Brookings Joint Center for Regulatory Studies, March 2003, at 11. \71\ See ``An Overview of Consumer Data and Credit Reporting,'' Federal Reserve Bulletin, February 2003, at 72-73. See also Note 8 supra, and text accompanying. --------------------------------------------------------------------------- Third, businesses increasingly are using consumer report data to undertake risk-based pricing of products or services.\72\ In many areas, the decisionmaking of creditors and other businesses has moved away from a simple approval or denial model, and toward using consumer report data in a more finely calibrated evaluation of what terms to offer.\73\ Consumers whose credit histories warrant more favorable treatment benefit from access to products and terms that are more tailored by risk evaluations based on their actual performance. Consumers with poorer credit histories who in the past might have been turned down, may now qualify for credit, but on less favorable terms commensurate with the risk. Consumers benefit from a more efficient and competitive consumer credit market.\74\ --------------------------------------------------------------------------- \72\ Id. See also Fred H. Cate, Robert E. Litan, Michael Staten, and Peter Wallison, ``Financial Privacy, Consumer Prosperity, and the Public Good: Maintaining the Balance,'' AEI-Brookings Joint Center for Regulatory Studies, March 2003, at 12. \73\ See, e.g., ``An Overview of Consumer Data and Credit Reporting,'' Federal Reserve Bulletin, February 2003, at 70 (``[consumer report] data and the credit-scoring models derived from them have substantially improved the overall quality of credit decisions and have reduced the costs of such decisionmaking''), citing Gates, Perry and Zorn, ``Automated Underwriting in Mortgage Lending: Good News for the Underserved?'' Housing Policy Debate, vol. 13, issue 2, 2002, pp. 369-91; and Barron and Staten, ``The Value of Comprehensive Credit Reports: Lessons from the U.S. Experience,'' Credit Research Center, Georgetown University, 2002. \74\ Some commentators suggest that using credit score cards built with data supplied by credit bureaus results in delinquency rates 20-30 percent lower than lending decisions based solely on judgmental evaluation of applications for credit. See Peter McCorkell, ``The Impact of Credit Scoring and Automated Underwriting on Credit Availability,'' in Thomas A. Durkin and Michael E. Staten, eds., The Impact of Public Policy on Consumer Credit (2002). --------------------------------------------------------------------------- Credit report scoring products are used in a variety of other contexts, including on-going monitoring and servicing of consumer accounts that can result in adjustments in terms, such as credit limits and finance changes. Rapid access to credit scores also permits retailers and others to offer ``instant credit'' to consumers. Overall, developments in the consumer credit marketplace have increased consumer choice and provided financial benefits to consumers.\75\ The Commission believes that the growth of the consumer credit market has also increased public awareness and interest in credit reports and credit scores, and that the FCRA made this information more timely, accurate, and accessible. The consumer reporting system, and the obligations and protections of the FCRA, make it possible for creditors and other businesses to have access to timely, accurate consumer data. --------------------------------------------------------------------------- \75\ See, e.g., ``An Overview of Consumer Data and Credit Reporting,'' Federal Reserve Bulletin, February 2003, at 70; Fred H. Cate, Robert E. Litan, Michael Staten, and Peter Wallison, ``Financial Privacy, Consumer Prosperity, and the Public Good: Maintaining the Balance,'' AEI-Brookings Joint Center for Regulatory Studies, March 2003, passim. --------------------------------------------------------------------------- Any reference to the consumer reporting system should also recognize the increasing problem of identity theft. The range, accuracy, and timeliness of information in consumer reporting databases make them unique resources. They are therefore simultaneously a target for identity thieves and a valuable resource for combating identity theft. Identity theft threatens the fair and efficient functioning of consumer credit markets by undermining the accuracy and credibility of the information flow that supports the markets. As I detailed recently before the House Financial Services Committee, the Commission is working actively to combat identity theft in a number of areas.\76\ As awareness of the FTC's role in identity theft has grown, businesses and organizations who have suffered compromises of personal information have begun to contact the FTC for assistance. For example, in the cases of TriWest \77\ and Ford/ Experian,\78\ in which massive numbers of individuals' personal information was taken, the Commission provided advice on notifying those individuals and what steps they should take to protect themselves. From these experiences, the FTC developed a business record theft response kit that will be posted shortly on the identity theft website. The kit includes the steps to take in responding to an information compromise and a form letter for notifying the individuals whose information was taken. The kit provides advice on the type of law enforcement agency to contact, depending on the type of compromise, business contact information for the three major credit reporting agencies, suggestions for setting up an internal communication protocol, information about contacting the FTC for assistance, and a detailed explanation of what information individuals need to know. Organizations are encouraged to print and include copies of Identity Theft: When Bad Things Happen to Your Good Name with the letter to individuals. --------------------------------------------------------------------------- \76\ See http://financialservices.house.gov/media/pdf/040303hb.pdf. \77\ Adam Clymer, Officials Say Troops Risk Identity Theft After Burglary, The New York Times, Jan. 12, 2003, Sec. 1 (Late Edition), at 12. \78\ Kathy M. Kristof and John J. Goldman, 3 Charged in Identity Theft Case, The Los Angeles Times, Nov. 6, 2002, Main News, Part 1 (Home Edition), at 1. --------------------------------------------------------------------------- Conclusion In 1970, Congress recognized that ``consumer reporting agencies have assumed a vital role in assembling and evaluating consumer credit and other information on consumers.'' \79\ While Congress in 1970 may not have envisioned the specific ways in which consumer report information would facilitate the development of products and services that ultimately benefit the American consumer, the 33 years since passage of the Act have fully demonstrated the wisdom of Congress in enacting the FCRA. --------------------------------------------------------------------------- \79\ Section 602(a)(3) of the FCRA. --------------------------------------------------------------------------- The FCRA helps make possible the vitality of modern consumer credit markets. The consumer reporting industry, furnishers, and users can all rely on the uniform framework of the FCRA in what has become a complex, nationwide business of making consumer credit available to a diverse, mobile American public. The 1970 Act, along with the 1996 Amendments, provide a carefully balanced framework, making possible the benefits that result from the free, fair, and accurate flow of consumer data. All of these benefits depend on the consumer reporting system functioning as intended. That is why the Federal Trade Commission continues to emphasize the importance of educating consumers and businesses, and of enforcing the law to ensure compliance by all who have a role in making the system work. RESPONSE TO WRITTEN QUESTIONS OF SENATOR CRAPO FROM J. HOWARD BEALES, III Q.1. Can you please describe whether prescreening increases consumers choice and lowers the cost of credit in traditionally underserved markets, such as rural areas that may have only one or two banks with a physical presence? A.1. Although I am aware of no hard data with respect specifically to benefits of prescreening for rural areas, there is evidence that greater competition in consumer credit (which includes the competitive benefits attributable to prescreening) has benefitted other underserved markets. For example, the percentage of minority families with bank-type credit cards has more than doubled over the past 20 years, growing from 26 percent in 1983 to more than 54 percent in 2001.\1\ Certainly, given the overall increases in availability of consumer credit and competitiveness in the market, it stands to reason that consumers who have more limited access to competing credit sources, whether it be in rural areas or even thinly served urban and suburban areas, would benefit from prescreened offers and other marketing innovations (such as Internet applications) that reduce the importance of convenient physical access in establishing a credit relationship. --------------------------------------------------------------------------- \1\ See statement by Michael A. Turner before the House Committee on Financial Services, Subcommittee on Financial Institutions and Consumer Credit, May 8, 2003, http://financial services.house.gov/media/pdf/050803mt.pdf, at 4. Q.2. How fair is the current system of consumer credit reporting? Is there evidence to suggest that any demographic segments have been subject to exclusion, predation, excessive costs, or other indicators of bias as a result of the pervasive use of credit scores and automated underwriting by consumer --------------------------------------------------------------------------- credit lenders? A.2. In the burgeoning of consumer credit during the mid-20th century, there was persistent evidence that judgmental credit systems--that is, processes that depended upon individuals reviewing and deciding consumer applications for credit-- resulted in discrimination against protected classes.\2\ Credit scoring and automated underwriting work in significant ways to minimize the bias--intentional or incidental--that can be introduced into credit decisions in a judgmental system, because credit scoring models and automated underwriting systems are based on actual performance data, not assumptions about potential risk.\3\ There are significant market incentives to create risk models that are the most predictive possible using available performance and other data. Because these data are objective and neutral, we believe that the current scoring systems treat consumers more fairly. The significant expansion in credit availability to minorities that has been associated with the growth of credit scoring suggest scoring indeed has reduced bias. --------------------------------------------------------------------------- \2\ See, e.g., U.S. General Accounting Office Report, ``Fair Lending'' (August 1996); United States v. Shawmut Mortgage Company, Civ. No. 3:93CV-2453 AVC (D. Ct. 1993). \3\ Development of scoring models has shown, for example, that criteria often relied upon in judgmental systems--the most frequently cited example is income--are not, in fact, predictive of future repayment risk. Q.3. Is there evidence that explains the major sources and causes of identity theft? Does this evidence point to the consumer credit information system? Do you have any data suggesting that prescreening is a major factor of identity theft: What about the point that FCRA and the smooth flow of information-sharing it provides, helps financial institutions --------------------------------------------------------------------------- prevent and combat identity theft? A.3. From information provided by law enforcement, victim complaints, and news reports, we know a great deal about how identity theft happens and we can stay current with evolving methods. What we do not have is a statistical breakout showing which methods contribute the most to identity theft. Because consumers' information is accessible in a wide variety of situations, identity thieves can usually obtain it in a way that makes it difficult for victims to make a direct causal link. Thus, we have found that most victims do not know how their information was obtained. Law enforcement agencies, as the investigators of the crimes, are often in a better position to know how the information was stolen in particular instances. The consumer credit information system has undoubtedly been used as a source of information for identity theft; the Ford/ Experian case appears be the prime example.\4\ But, consumers' personal information is also used in universities, the health care system, all employment situations, and in a wide variety of Government programs from the Federal to the local level, and any survey of news articles in the last year can bring up examples of theft in all of these situations. As a result, the FTC places a premium on the importance of information security so that organizations that hold consumer information take appropriate steps to prevent this information from falling into the wrong hands.\5\ --------------------------------------------------------------------------- \4\ Kathy M. Kristof and John J. Goldman, 3 Charged in Identity Theft Case, The Los Angeles Times, Nov. 6, 2002, Main News, Part 1 (Home Edition), at 1. \5\ For example, last month the Commission's settled charges with Guess?, Inc., and Guess.com, Inc. that the companies exposed consumers' personal information, including credit card numbers, to commonly known attacks by hackers, contrary to the companies' promises. See http:// www.ftc.gov/os/2003/06/guessagree.htm. --------------------------------------------------------------------------- To the extent that information does get into the wrong hands, the next opportunity to thwart identity thieves is at the point of commission of the fraud. Good authentication of credit applicants by credit issuers is the key. To that end, it is important that credit issuers know more about the real consumer than the identity thief. Information sharing is the means of providing credit issuers with this knowledge. However, this use of information only underscores again the importance of information security, to prevent identity thieves from accessing this same information in order to perfect their false identities. We have little evidence as to any links between prescreening and identity theft. To the extent that hard data exist, they suggest identity theft growing out of prescreened offers is somewhat lower than identity theft associated with conventionally opened accounts.\6\ --------------------------------------------------------------------------- \6\ See, e.g., statement by Michael A. Turner before the House Committee on Financial Services, Subcommittee on Financial Institutions and Consumer Credit, May 8, 2003, http://financial services.house.gov/media/pdf/050803mt.pdf, at 9-10. Q.4. In explaining the reasoning behind the broad preemptive language ultimately reflected in the 1996 Amendments to the FCRA, the Senate report on the matter states that ``[t]his section recognizes the fact that credit reporting and credit granting are, in many respects, national in scope, and that a single set of Federal rules promotes operational efficiency for industry, and competitive prices for consumers.'' Please identify and address any developments since 1996 rendering the --------------------------------------------------------------------------- statement by the Senate less relevant. A.4. I am not aware of any developments that would make these considerations less relevant today. Indeed, as the consumer credit system has become more national in scope, and given the continued mobility of the American consumer, these observations have continuing validity. RESPONSE TO WRITTEN QUESTIONS OF SENATOR SARBANES FROM J. HOWARD BEALES, III Q.1. What are the typical consumer complaints regarding FCRA issues that the FTC receives on an everyday basis? What are the issues that arise most frequently? A.1. The FTC receives complaints directly from consumers through our toll-free hotline (877-FTC-HELP), our online complaint form (www.ftc.gov), or by mail sent directly to the Commission. The following statistics regarding FCRA complaints are drawn from the Federal Trade Commission's Consumer Information System (CIS) database, an aggregation of consumer complaints received by the Commission. FTC contractors enter the complaint data into the CIS, and provide the callers with information and educational material that will help them to resolve their complaint. Commission lawyers and investigators use the complaint database to identify trends and targets for law enforcement action. The statistics are derived solely from self-reported complaints, and have not been verified. All complaints are coded according to the information provided by the consumer, under the appropriate categories. FTC data analysts sort the data according to product/service codes, which are generic categories for the complaints. The searches can be further defined by the statute or rule that is alleged to have been violated, for example the Fair Credit Reporting Act (FCRA). Finally, the complaint can be further coded for the specific law violation, such as the failure to reinvestigate disputed information under the FCRA. Not all complaints are coded in all categories. For example, a complaint may be coded with a rule or statute, but not have a product/service code associated with it. Thus, complaints designated generally as FCRA complaints may include complaints about credit reporting agencies, credit report users, and information furnishers. The precision of the coding depends on the information provided by the consumer and the ability of the phone counselor or the consumer to enter that information precisely. In calendar year 2002, the total number of complaints reported directly to the FTC and entered into the CIS was 376,301. Of those, 23,740 related to the FCRA (coded according to statute at issue in the complaint). The five top categories of complaints, among those coded as involving the FCRA, were ``Provides Inaccurate Information'' (13,188 complaints); ``Fails to Reinvestigate Disputed Information'' (3,030 complaints); ``Knowingly Supplies Inaccurate Information to Credit Bureau'' (2,486 complaints); ``Provides Inadequate Phone Help'' (1,614 complaints); and ``Discloses Incomplete/Improper Credit File to Consumer'' (1,414 complaints). The complete report of FCRA complaints for 2002 is attached as Appendix A. In assessing the number and type of consumer complaints, it is also important to keep in mind several additional factors. First, there is no ``typical'' consumer complaint. There is a wide range of issues about which consumers contact the FTC. That said, the data consistently reflect accuracy and accuracy- related issues as a leading area of complaint about credit bureaus. Not all complaints necessarily establish an FCRA violation. For example, some consumers, in an effort to ``repair'' their credit, file with credit bureaus multiple, repeated disputes of accurate information, and will sometimes complain to the Commission that the bureaus are rejecting their disputes. In fact, the bureaus are authorized under the FCRA to reject such ``frivolous'' disputes, and Commission staff likewise does not consider these complaints to reflect FCRA violations. Other consumers file complaints because they have a mistaken belief that once a delinquency is brought up to date (a lien satisfied, collection account paid, etc.) the preceding record of past payment history is no longer reported; when they see it on their report, they dispute it as ``inaccurate.'' In this circumstance, however, the FCRA requires that the consumer report be ``complete''--that is, up to date, showing current status correctly--but does not require the deletion of the preceding payment history. Although the Commission generally cannot make an independent judgment about whether each complaint (asserting inaccuracies, for example) is valid, we are concerned that complaints about accuracy continue to figure prominently. Accordingly, as discussed in the Commission's testimony, the Commission's FCRA enforcement efforts have included a number of actions related to accuracy issues.\7\ --------------------------------------------------------------------------- \7\ See TransUnion Corp., 102 FTC 1109 (1983); FTC v. TRW Inc., 784 F. Supp. 362 (N.D. Tex. 1991); Equifax Credit Information Services, Inc., 130 FTC 577 (1995). Each of these ``omnibus'' orders differed in detail, but generally covered a variety of FCRA issues including accuracy, disclosure, permissible purposes, and prescreening. Within the last 5 years, we have brought cases concerning the failure of CRA's to investigate consumer complaints, see First American Real Estate Solutions, LLC, C-3849 (January 27, 1999); the failure of lenders to provide adverse action notices, see Quicken Loans Inc., D- 9304 (April 8, 2003) and U.S. v. Unicor Funding, Inc., Civ. No. 99-1228 (C.D. Cal. 1999); and the failure of furnishers to report accurate information to CRA's, see U.S. v. DC Credit Services, Inc., Civ. No. 02-5115 (C.D. Cal. 2002) and U.S. v. Performance Capital Management, Inc., No. 01-1047 (C.D. Cal. 2001). We also have sued the three major national credit bureaus for failing to answer their toll-free telephones to take consumer disputes, see U.S. v. Equifax, No. 1:00-CV- 0087 (N.D. Ga. 2000); U.S. v. Experian, No. 3-OOCV0056-L (N.D. Tex. 2000); U.S. v. TransUnion, OOC 0235 (N.D. 111. 2000), and just recently, the Commission settled allegations that Equifax violated the consent decree the Commission obtained in 2000, see Commission press release of July 30, 2003, available at www.ftc.gov/opa/2003/07/ equifax.htm. All of these cases are directed at credit report accuracy: the adverse action notice and the consumer dispute right are key mechanisms enhancing credit report accuracy, and furnishers' obligations to report accurate data to CRA's also serve to make credit reports more accurate. Q.2. Are there any marketing abuses that fall within the subject matter of the FCRA that have been brought to your attention? Please include specific descriptions of any such --------------------------------------------------------------------------- abuses. A.2. I am currently aware of relatively few abuses associated with impermissible use of consumer reports for marketing. In the 1990's, the Commission undertook enforcement efforts against major consumer reporting agencies to prohibit the use of consumer reports for target marketing.\8\ More recently, in FTC v. Citigroup Inc., et al., 1:01-CV-00606- JTC (N.D. Ga. Mar. 6, 2001), the Commission alleged that a mortgage lender used consumer reports imper- missibly to target market new or different types of loans. We are also aware of complaints about some companies selling credit reports or credit monitoring services. These complaints allege inadequate disclosure of the consumer's negative-option right to cancel the service. --------------------------------------------------------------------------- \8\ FTC v. TRW, Inc., No. 3-31-CV266-H (N.D. Tex. Jan. 14, 1993); TransUnion Corp. v. FTC, 81 F.3d 228, 234 (D.C. Cir. 1996). See also, TransUnion Corp. v. FTC, 245 F.3d 809, reh. denied 267 F.3d 1138 (D.C. Cir. 2001), cert. denied, 122 S. Ct. 2386 (June 10, 2002). Q.3. Many consumers complain about invasion of their privacy caused by unsolicited calls from telemarketers. Clearly, consumers have not gotten the message about the ways in which to terminate such unwanted solicitations. What does a consumer need to do to prevent such solicitations? How can that information be conveyed more effectively to consumers? Please include specific recommendations as to how this information --------------------------------------------------------------------------- could best be conveyed. A.3. The Commission has amended the Telemarketing Sales Rule to give consumers a choice about whether they want to receive most telemarketing calls.\9\ Consumers can now put their telephone numbers on a national ``Do Not Call'' registry. Consumers can register for free either online or by telephone. Telemarketers must access the national registry beginning September 11, and beginning October 1, it will be illegal for most telemarketers to call a number listed on the registry. --------------------------------------------------------------------------- \9\ Concurrent with the Federal Trade Commission rule, the Federal Communications Commission issued its own rule that requires banks, common carriers, and others to comply with DNC requirements, including using the FTC's national registry. See http://hraunfoss.fcc.gov/ edocs_public/attachmatch/DOC-235841A1.doc. --------------------------------------------------------------------------- Since the National ``Do Not Call'' registry opened on June 27 it has been immensely popular; nearly thirty million consumers have already signed on. The Commission is presently engaged in a vigorous consumer education effort to further publicize the availability of the registry.\10\ More generally, the Commission has undertaken comprehensive consumer education efforts in the privacy arena.\11\ --------------------------------------------------------------------------- \10\ See, e.g., http://www.ftc.gov/bcp/conline/edcams/donotcall/ index.html. \11\ See, e.g., http://www.ftc.gov/bcp/conline/pubs/credit/ privchoices.htm#yourright. --------------------------------------------------------------------------- The FCRA is relevant to telemarketing only to the degree that telemarketers obtain consumer names and telephone numbers from consumer reporting agencies for prescreened offers of credit or insurance.\12\ When telemarketing lists are derived from FCRA-approved prescreening, telephone solicitors are not required to give consumers notification of their right to opt out of future prescreened solicitations because Congress limited the FCRA requirement that consumers be notified of their opt out right to written prescreen offers.\13\ --------------------------------------------------------------------------- \12\ The vast majority of prescreened solicitations are by mail. \13\ Section 615(d)(1) of the FCRA requires that written solicitations include a ``clear and conspicuous'' statement of certain information, including that the consumer's credit report was used in the prescreen, various limitations on the offer, and disclosure of the consumer's right to opt out of future prescreen solicitations. 15 U.S.C. Sec. 1681m(d)(1). The Commission engaged in an enforcement action to assure that consumers are given disclosure of their opt out rights. In Unicor Funding, Inc. (October 1999), the Commission obtained a $100,000 civil penalty from Unicor for failing to provide required notices to consumers receiving ``prescreened'' offers [Sec. 615(d)], and failing to provide adverse action notices [Sec. 615(a)]. I am also aware of complaints that raise a question whether disclosure notices are sufficiently ``clear and conspicuous.'' The Commission has therefore endorsed Administration recommendations that the Commission and bank regulators be authorized to clarify and strengthen the opt out notice requirements. --------------------------------------------------------------------------- Whether they have received the written opt out disclosure or not, consumers can opt out of receiving prescreened offers by calling 1-888-567-8688. Once a consumer has opted out, his or her name cannot be supplied in a prescreened list for future offers, whether those offers are made in writing or by telephone. Q.4. If a consumer elects to opt out of such unwanted solicitations by contacting the credit reporting agencies by telephone, why is that opt out effective for only 2 years, whereas it is effective permanently, unless revoked, if done in writing? A.4. Congress created this distinction in the 1996 Amendments to the FCRA. For consumers who exercise their opt out rights under the FCRA, the 1996 Amendments provide that an opt out conveyed through the telephone notification system required by Section 604(e)(5) should be effective for a 2-year period after notification.\14\ The 1996 Amendments further provided that, for a consumer who submits a signed notice of election to opt out in a form issued by the consumer reporting agency under Section 604(e)(2), the exclusion from prescreened lists shall be effective until revoked by the consumer.\15\ --------------------------------------------------------------------------- \14\ Section 604(e)(4)(B)(i); 15 U.S.C. Sec. 1681b(e)(4)(B)(i). \15\ Section 604(e)(4)(B)(ii); 15 U.S.C. Sec. 1681b(e)(4)(B)(ii). Q.5. Free credit reports are made available to consumers in several States, including Colorado, Georgia, Maryland, Massachusetts, New Jersey, and Vermont. What have been the results of this provision with respect to the availability of credit in these States? Has the provision of free credit reports had an adverse impact on the credit system in these --------------------------------------------------------------------------- States? A.5. The FTC's information to date on the comparative number of reports supplied to consumers is inconsistent. Some information indicates a mere marginal increase; other information indicates that the number of reports supplied to consumers nearly doubles. I am unaware of any data that demonstrate any impact from free availability either on the availability of credit or on the credit systems of these States. Q.6. Very few consumers understand the prescreening process. Should the FTC establish standards within the FCRA that clearly delineate the prescreening process? A.6. The FCRA itself delineates the prescreening process in some detail. \16\ The Commission lacks rulemaking authority under the FCRA, and thus cannot establish standards delineating the prescreening process. --------------------------------------------------------------------------- \16\ Sections 603(l), 604(c), 604(e), and 615(d) of the FCRA codify procedures that must be followed by creditors and insurers when using (and by CRA's when providing) consumer reports to make unsolicited offers of credit or insurance to consumers, a process known as ``pre- screening.'' Section 604(c) provides a limited permissible purpose for consumer reporting agencies to furnish consumer report information for prescreening. Section 603(l) defines a ``firm offer of credit or insurance'' as an offer that will be honored if a consumer meets the consumer report criteria used to create the list of consumers to receive the offer. Section 603(l)(1) permits a business to use information in a consumer's application (such as the consumer's income) to determine whether a consumer meets specific application criteria bearing on credit worthiness or insurability so long as the criteria were established before the prescreened list was created. Section 603(l)(2) permits businesses to verify that a consumer continues to meet the credit worthiness or insurability criteria that were used in the prescreening to select the consumer to receive the solicitation, and permits businesses to also verify the application information provided by the consumer and used in any Section 603(l)(1) postscreening. Finally, Section 603(l)(3) permits credit grantors and insurers to require that consumers furnish collateral so long as any required collateral is established before the prescreening is conducted and is disclosed to the consumer in the solicitation that results from the prescreening. Section 604(e) sets forth consumers' rights to opt out of prescreening, and CRAs' duties to honor such opt outs. Section 615(d) sets forth duties of credit grantors and insurers when making prescreened offers. Q.7. What additional statutory or regulatory authority does the --------------------------------------------------------------------------- FTC need to effectively implement the FCRA? A.7. The Commission's testimony on Thursday, July 10, set forth specific recommendations for additional FTC authority. RESPONSE TO WRITTEN QUESTIONS OF SENATOR BENNETT FROM J. HOWARD BEALES, III Q.1. Is credit prescreening simply a tool that makes it easier to market loan products to consumers? Some say that it serves other goals such as helping lenders reduce risk, increasing the availability of consumer credit, or fostering competition among lenders. Please comment. A.1. I believe that prescreening, in combination with other direct marketing and advertising, has enhanced competition and led to the widespread availability of credit cards with no annual fee and other attractive benefits.\17\ For example, the use of prescreened offers for marketing credit cards has led to the development of credit card banks that rely almost entirely on prescreened offers to market their cards.\18\ There is also some evidence that prescreened offers help lenders manage risk, and do not contribute to identity theft--indeed, may even help prevent identity theft to some degree.\19\ --------------------------------------------------------------------------- \17\ See also statement by Michael A. Turner before the House Committee on Financial Services, Subcommittee on Financial Institutions and Consumer Credit, May 8, 2003, http://financial services.house.gov/media/pdf/050803mt.pdf, at 7-9. \18\ See http://www.senate.gov/banking/_ files/beales1.pdf at notes 70-71 and accompanying text. \19\ Id. at 9-10. Q.2. Expiration of the FCRA's prescreening preemption language would allow States to prohibit prescreening, or require consumer reporting agencies or lenders to obtain the prior consent of the customer before their credit file could be accessed for prescreening. How would such requirements impact --------------------------------------------------------------------------- consumers? A.2. As explained above, prescreening benefits consumers by enhancing competition. State restrictions on prescreening would interfere with these benefits. Q.3. Is there a linkage between prescreening and identity theft? Some say that prescreening increases consumers' exposure by making it easier for lenders to flood consumers with preapproved applications that can be stolen and submitted by identity thieves. Lenders say that prescreening reduces opportunities for identity theft, because it allows them to make smaller numbers of targeted offers rather than mail volumes of applications. They also claim that because preapproved offers are preprinted with the consumer's address and other information, it becomes easier to foil identity thieves when would-be identity thieves change the preprinted information before submitting the application, changes that alert the lender to suspicious activity. What is the FTC's experience? A.3. There is scant evidence of a linkage, one way or the other. To the extent that hard data exist, they suggest that identity theft growing out of prescreened offers is somewhat lower than identity theft associated with conventionally opened accounts.\20\ --------------------------------------------------------------------------- \20\ Id. Q.4. What has the Commission's experience been with regard to consumer complaints about prescreening? Describe the volume and --------------------------------------------------------------------------- subject matter of these complaints. A.4. The FTC's consumer complaint database and the limitations of the information it provides is described above in response to Senator Sarbanes. With respect to this inquiry, out of the 376,301 complaints received directly by the FTC in 2002, 39 concerned prescreening. Twenty-two of these stated that the prescreening bureau failed to honor the consumer's request for removal from their list. Ten complaints concerned the failure of a prescreening service to provide notice of the opt out procedure. Four complaints concerned a prescreening service that failed to make a firm offer of credit, and three complaints alleged a false representation that an offer was preapproved. Q.5. Have State officials used their authority under the FCRA to enforce the FCRA's prescreening provisions? What is the volume and nature of consumer complaints about credit prescreening that state officials have handled? A.5. Section 621(c)(2) of the FCRA requires States to serve prior written notice upon the Commission of intended State actions to enforce the FCRA. The Commission has received only one such notification from any State, and the case did not involve pre- screening.\21\ We know of no other case where a State has exercised its enforcement authority under the FCRA. Similarly, we have no information concerning consumer complaints at the State level, if any, about prescreening. --------------------------------------------------------------------------- \21\ The Attorney General's Office of the State of Minnesota charged US Bank with false advertising, deception, and other violations of Minnesota law, as well as FCRA counts. See Hatch v. US Bank Nat'l Ass'n, No. 99-872 (D. Minn. filed June 8, 1999). Q.6. Does the FTC believe that changes are needed in the FCRA's prescreening rules? Would consumers be affected differently if changes identified by the FTC or others are made by Congress, --------------------------------------------------------------------------- rather than by state or local officials? A.6. The Commission addressed these issues directly in its testimony on July 10. The Commission recommended that the preemption of State action on prescreening be made permanent and that the Commission and bank regulators be granted rulemaking authority to address the prominence and understandability of disclosures to consumers of their right to opt out of prescreen offers. The Commission has not taken any position with respect to changes or amendments to the prescreening provisions of the FCRA. Any needed revisions to this or other sections of the FCRA that are subject to preemption should be made by Congress and should apply uniformly. RESPONSE TO WRITTEN QUESTIONS OF SENATOR MILLER FROM J. HOWARD BEALES, III Q.1. Mr. Beales, what is the FTC's jurisdiction over the Fair Credit Reporting Act? Is it mainly education and guidance? Enforcement? Answering callers with FCRA questions or all of the above? A.1. The FTC has a role to play in each of these areas. The Commission's jurisdiction under the FCRA reaches firms other than those expressly assigned to another Federal regulator, such as banks and savings associations.\22\ Unlike the banking regulators, the Commission lacks rulemaking authority.\23\ Within those limits, the Commission has been active in all of the areas you identified. My testimony described many of the Agency's efforts in consumer and industry education and guidance.\24\ The FTC continues aggressively to pursue ongoing consumer and business education initiatives.\25\ The Agency continues to advance compliance with the FCRA, both through investigations of possible law violations and through informal means such as workshops, participation in public programs, and liaison with industry and other interested parties. The Agency has an active program to respond to telephone inquiries, through our Consumer Response Center described above and other avenues. --------------------------------------------------------------------------- \22\ Section 621 of the FCRA, 15 U.S.C. Sec. 1681s. \23\ Section 621(e) of the FCRA, 15 U.S.C. Sec. 1681s(e). \24\ See http://www.senate.gov/banking/_ files/beales1.pdf at notes 52-58 and text accompanying. \25\ See, e.g., the Commission's recently posted alert regarding an email campaign containing false and misleading information about the use of consumers' personal information, posted at http://www.ftc.gov/ bcp/conline/pubs/alerts/optalrt.htm, and linked prominently on the Commission's Internet home page, http://www.ftc.gov. Q.2. Based upon the daily callers with FCRA questions, what kinds of problems are they mostly asking about as it relates to the FCRA? Is there a trend? A.2. The FTC's consumer complaint database and the limitations of the information it provides are described above in response to Senator Sarbanes. As noted there, the FTC received 376,301 complaints in 2002. The five top categories of complaints related to the FCRA were ``Provides Inaccurate Information'' (13,188 complaints);'' Tails to Reinvestigate Disputed Information'' (3,030 complaints); ``Knowingly Supplies Inaccurate Information to Credit Bureau'' (2,486 complaints); ``Provides Inadequate Phone Help'' (1614 complaints); and ``Discloses Incomplete/Improper Credit File to Consumer.'' (1,414 complaints) The complete report of FCRA complaints is attached as Appendix A. Appendix B lists the number of FCRA complaints received by the FTC for the past 6 years. These data do not allow us to detect trends in FCRA issues. First, 1997 was the first year we began a systematic approach to complaint handling. With each passing year, we have improved our ability to collect and enter the data. For example, our phone counselors are more highly trained, and we are able to use technology to better handle and process calls. Thus, our complaint volume has increased. Similarly, over the course of this time, we have pursued an aggressive outreach program, which has resulted in higher awareness of the FTC's consumer assistance program. Put another way, we receive more complaints because more people know about our consumer program. For example, in 1997, the FTC received a total of 13,362 consumer complaints. By 2002, as noted above, that number had grown to 376,301. Thus, while the data show a dramatic increase in the number of FCRA complaints over the past 6 years, there has also been a dramatic increase in the overall number of complaints received by the FTC during the same time period. As a fraction of total complaints we receive, FCRA complaints fell from 11.1 percent in 1997 to 3.5 percent in 2002. Finally, as discussed earlier, because this data is self- reported we cannot conclude that they reflect either the actual or a projectable incidence of FCRA violations. Despite the various considerations that preclude explicit conclusions from the numbers and types of complaints alone, the most common subject areas of consumer complaints (accuracy, reappearance of previously deleted items) have typically led the list of subject areas complained of over the years. Q.3. Will your updated Commentary that you are working on reflect the more recent problems raised by callers? A.3. The Commentary is intended to give guidance to all parties who are subject to the requirements of the FCRA. The Commentary will reflect a wide range of Commission experience in enforcing the FCRA. Additionally, the Commission staff undertook an informal outreach effort prior to drafting the updated Commentary. The staff received views from a variety of sources, including consumer groups, consumer advocates, trade groups, and industry and public interest lawyers. Q.4. Of the seven 1996 preemption amendments to the FCRA, which ones have callers raised the most issues with? Have there been any problems with the treatment of affiliate information sharing? A.4. Consumers have not typically complained about areas subject to the preemptions in ways that implicate any issue relevant to preemption itself. We are aware of no complaints regarding the treatment of information sharing by affiliates. THE GROWING PROBLEM OF IDENTITY THEFT AND ITS RELATIONSHIP TO THE FAIR CREDIT REPORTING ACT ---------- THURSDAY, JUNE 19, 2003 U.S. Senate, Committee on Banking, Housing, and Urban Affairs, Washington, DC. The Committee met at 10:02 a.m., in room SD-538, Dirksen Senate Office Building, Senator Richard C. Shelby (Chairman of the Committee) presiding. OPENING STATEMENT OF CHAIRMAN RICHARD C. SHELBY Chairman Shelby. The Committee will come to order. Today, the Committee returns to considering the expiring preemption provisions of the Fair Credit Reporting Act. As part of this process, I believe it is essential that we undertake a thorough review of the larger context in which the Act operates. And, in this regard, the first thing worth noting is the truly dynamic nature of the credit markets in our economy. In just the 6 years since the Fair Credit Reporting Act was last amended, significant changes have occurred. There are new participants, new technologies, new information use practices, and new products. Indeed, there is more that has changed than has remained the same in the operation of the credit markets since the last time Congress considered the Fair Credit Reporting Act. While many of these changes introduced positive features, such as more credit and an expedited process for obtaining credit, not every new development has been positive. Unfortunately, as our economy has grown more automated, allowing more and more depersonalized transactions to occur, and, as the transfer of personally identifiable information has become much more frequent, a new type of crime that takes advantage of these circumstances has emerged--identity theft. Identity theft involves a person using someone else's personal information without their knowledge to commit fraud or theft. Practically speaking, the crime involves misappropriation of such personal information as a victim's name, date of birth, and Social Security number. Identity thieves then use this information to open new credit card accounts, to divert current accounts from victims to themselves, and to open bank accounts in victims' names, among other things. The bad charges and the hot checks usually happen while the victims, banks, credit card companies, and other firms are unaware that something is amiss. After all the activity and the skipped payments, businesses usually take action to get compen- sated and ultimately cut the thief off. In most instances, this is when the victims first become aware of the fact that they have been targeted. It is also when they begin to experience the negative consequences--dealing with law enforcement and collection agencies. Soon thereafter, when the criminals' handiwork shows up on their credit reports, they face the considerable task of restoring their good name and credit. Plainly, this crime has many victims. Firms lose profits. Individuals lose time, money, and peace of mind when their good name and reputation are tarnished. In light of the serious nature of the consequences of identity theft, this issue would merit attention even if there were only a limited number of victims. Unfortunately, there are thousands of victims whose numbers are growing at an increasingly faster pace. Indeed, it has been asserted that identity theft is the fastest growing crime in America. This issue tracks across credit reporting in so many ways that it is essential that we consider it in the context of the reauthorization of the preemption provisions of the Fair Credit Reporting Act. Identity theft prevention, restoration of accurate reports, and victim assistance, among many other areas, are things that were not on the radar screen when the 1996 Amendments were passed into law. These are things we need to be thinking about as we go forward, things we must be considering if we are going to meet our goal of ensuring that the law produces the most effective, efficient, balanced, and fair system possible. I want to thank the witnesses for appearing this morning andwe look forward to hearing from them. Senator Johnson. STATEMENT OF SENATOR TIM JOHNSON Senator Johnson. Thank you, Chairman Shelby, for convening this hearing on identity theft. Identity theft is a growing problem and yet one that is not well understood. While most people know where to go in the case of more traditional crimes, victims of identity theft are particularly hard-pressed to know where to turn. A call to the local police department, unfortunately, rarely points the consumer in the right direction. Clearly, we need to create a framework to address identity theft. Back in 1995, when Sandra Bullock starred in ``The Net,'' a feature film about identity theft, the movie was classified as science fiction. After reading the testimony of the witnesses before us today, I think it is clear that we must confront the reality of this crime. Today's hearing is on the relationship between identity theft and the Fair Credit Reporting Act, and, Mr. Chairman, I believe this is an important hearing. As we know, our credit reporting system has created a national credit marketplace, and I think that we are all familiar with the enormous benefits that come from increased credit opportunities. However, a national marketplace has created new opportunities for remote economic crimes where the thief can be thousands of miles away from the location of the victim. A couple of days ago, Assistant Secretary of the Treasury Wayne A. Abernathy, who is well-known to many of us here for his long service as Committee Staff Director under Senator Phil Gramm, said something in a speech that struck a chord with me. He noted that identity theft is not a problem of too much information. It is a problem of too little information. And by this, he meant that identity theft happens when creditors lack the necessary information to assess the credibility of an applicant. It is often argued that a uniform national credit system is our best tool in the fight against identity theft, and in some sense, Mr. Harrison, who will testify before the panel today, confirms this by describing the additional problems he encountered in trying to sort out fraud related to his checking account where no centralized system similar to the Big Three credit bureaus is in place. On the other hand, I am deeply troubled by the apparent conflict between Mr. Harrison's written testimony and the claims that the credit bureaus and national credit system are the answer to identity theft. He appears to have done absolutely everything right, followed all the rules, contacted the right organizations, and the results have, nevertheless, been devastating. I am also troubled by reports that even when a consumer takes the time to put a fraud alert on his or her account, those alerts may sometimes be ignored. So, I want to make it perfectly clear that I continue to believe that a single national system provides a critical opportunity to address identity theft. And yet we have a responsibility to the hundreds of thousands of victims of identity theft to make sure that we fine-tune our system so that it does not take years to correct a credit record. That is wrong, and that is not what Congress intended. What I think is most important, though, is that we do not make FCRA the straw man for identity theft. The worst thing we can do is jeopardize millions of Americans' access to credit so we can claim to have done something about this terrible crime. So, Mr. Chairman, I look forward to hearing today's witnesses, and I thank you once again for holding this hearing. Chairman Shelby. Thank you, Senator Johnson. Senator Dole. STATEMENT OF SENATOR ELIZABETH DOLE Senator Dole. Mr. Chairman, I want to thank you for holding this hearing today on identity theft and its relationship to the Fair Credit Reporting Act. Identity theft, as you mentioned, is frequently cited as the fastest growing crime in the Nation. However, precise statistics are not available to properly gauge the full extent of the problem since an estimated 40 percent of identity theft cases are believed to involve friends or family members and are never reported. Identity theft is a problem that has grown increasingly more prevalent in the past few years. According to the Federal Trade Commission, my alma mater, identity theft was the top consumer complaint received last year, with the rate of complaints and inquiries increasing at an alarming rate with the widespread use of Internet technology. There are currently over 1,700 cases of stolen identity per week that are being reported. Fighting fraud and protecting the security of personal information is a topic that unites financial institutions and consumers. Each group is harmed by fraudulent use of personal information. Financial institutions are the victims of fraud because the financial institution is usually liable for any losses suffered as a result of the fraud. Consumers obviously suffer unnecessary inconvenience and insecurity as a result of fraud, and they can be exposed to additional crimes such as identity theft. Furthermore, at least a portion of financial institutions' fraud losses can be expected to be passed on to consumers in the form of higher prices. There can be no doubt that when fraud is committed, everyone loses. With the December 31 expiration of important provisions of the Fair Credit Reporting Act, we have the responsibility to examine problems within the system that have been harming both consumers and financial institutions. It is my hope that in addition to reauthorizing the Fair Credit Reporting Act, we can take strong steps toward combatting and preventing identity theft. I certainly want to thank our witnesses for joining us here today. I look forward to working with my colleagues to address the problem of identity theft in our work to reauthorize the Fair Credit Reporting Act this year. Thank you. Chairman Shelby. Thank you, Senator Dole. Senator Corzine. STATEMENT OF SENATOR JON S. CORZINE Senator Corzine. Thank you, Mr. Chairman, and I commend you for holding this hearing. I welcome our witnesses and look forward to hearing their testimony and responses to questions. This is an important juxtaposition, the Fair Credit Reporting Act and identity theft, which is one of the many issues that we need to address here. Identity theft, I think, plays a central role, if not vital part, in this reauthorization, which I fully support. I think this problem has been acknowledged by just about everyone--consumers and most financial institutions and others who look at it from a law enforcement standpoint--that there is a real stake that we need to address inside the concept of FCRA. And I think everyone acknowledges that identity theft is one of the single largest sources of consumer-related problems that the FTC deals with on a regular basis. The numbers bear that out. According to the FTC, reported instances of identity theft rose phenomenally, 88 percent in 2002, to 380,000 from 220,000 in 2001. And almost everyone acknowledges those numbers understate the reality of the problem that exists. The costs are staggering. Out-of-pocket costs for victims of identity theft skyrocketed from $160 million in 2001 to $343 million last year. Those are numbers that are based on reported elements. I can tell you that in New Jersey there have been multiple instances of organized crime-related elements involved in identity theft as well as the individual consumer being put at risk, several rings that worked up and down the East Coast, and it is actually quite a recognized concern of consumers in my community. Simply put, our consumers are losing the battle against identity thieves, and when they lose, I think we all lose in our economy. And I think all of us know that about 70 percent of our economy is driven by consumers. While Congress has taken some important steps in this area, most notably by making it a Federal crime in 1998, some individuals in financial services have taken voluntary initiatives--the truncating of credit card numbers, for instance, which I commend. I think there is more that can be done. Next week, I plan on introducing legislation to address the problem of identity theft. The Identity Theft Notification and Credit Restoration Act is based on three key principles-- disclosure, prevention, and credit restoration. By the way, I hope to be able to work with others in refining this and making it meet the needs of what, I think, is a major problem in our Nation. First, it requires financial institutions to make timely disclosures to individuals, credit reporting agencies, and law enforcement when their information has been breached, either computerized or paper records, and compromises that personal information of those financial institutions' customers. Second, the bill requires credit reporting agencies, upon notification of the breach, to place ``fraud alerts'' in the credit files of affected individuals. This red flag will alert issuers of credit to undertake enhanced preauthorization procedures prior to issuing credit in the name of the individual who has a fraud alert on their credit file. Finally, the bill provides victims of identity theft with access to four credit reports the year following the theft of their identity to ensure that inaccurate and credit damaging information resulting from the identity theft does not end up on their credit file, ruining their ability to operate in our economic system. The bill improves the ability of all consumers to monitor the content and accuracy of the information contained in their individual credit file by providing them with access to one free credit report per year. Mr. Chairman, many, including some of the witnesses here, have articulated that one of the best ways to fight identity theft is by empowering consumers with more information and greater awareness of the risks and that this problem is growing. I think the bill that I am suggesting will do just that. I look forward to working with you and the other Members of the Committee with regard to this very important issue. Chairman Shelby. Thank you, Senator Corzine. Senator Crapo. STATEMENT OF SENATOR MIKE CRAPO Senator Crapo. Thank you, Mr. Chairman. I, too, want to thank you for holding this hearing. As I am sure everyone here knows, the Fair Credit Reporting Act and the issues that surround it are going to be very central to the activity of this Committee this year and critical to our efforts to make sure that the proper protection of our credit system in this country is accomplished. And part of that is going to be addressing the question of identity theft. I suspect that that may be one of the easier parts that we address because it may be one where we find the most consensus among us as to whether there is an issue and how to approach it. But, nonetheless, it will be one of the more important aspects of what we do. This last weekend, I happened to be in a hotel, and late at night I was flipping through channels, and it is interesting that Senator Johnson mentioned Sandra Bullock in ``The Net'' because, lo and behold, there it was on television. And at the time, I wondered, if the media is picking up on the issue of identity theft by either noticing what we are doing in Congress and following our lead, or whether we are following their lead and they are bringing the public's attention to it. Then I wondered perhaps it was just a coincidence, but I doubt it. The fact is that across this country, whether it is here in Congress, among the consuming public, or in financial institutions, identity theft is becoming an increasingly large issue. I think as we approach the issue, we want to make certain that we do it in the context of recognizing the value of our system of credit in this country today, and not blaming our system of credit but recognizing that the strength of the Fair Credit Reporting Act and what we have in America in terms of the way we approach and manage credit is a strong part of our system that needs to be protected and that can be used as the system by which we achieve the objectives to protect against identity theft. It seems to me that the Fair Credit Reporting Act and our credit system in this country is a big part of the solution, not a part of the problem that we are facing here. And I look forward to working with the other Members of the Committee on this issue. I, too, am putting together an approach to this issue legislatively, and I look forward to working with Senator Corzine and others who are going to be addressing this because it will be one piece of a very big part of our approach to the credit system of our country this year that is critical to consumers, financial institutions, and, frankly, to the strength of our economy. Thank you. Chairman Shelby. Thank you, Senator Crapo. Senator Dodd. STATEMENT OF SENATOR CHRISTOPHER J. DODD Senator Dodd. Thank you very much, Mr. Chairman, not only for holding this hearing, but also for your leadership on this issue. I have enjoyed working with the distinguished Chairman of this Committee on issues involving privacy for a long time, and I am grateful, along with others here. But the people who may be most grateful are the ones who are not sitting on this panel but others out there, and you are going to hear from some of them today. Some witnesses have been through almost Kafka- esque situations in terms of their credit problems and the like. You are going to hear from a constituent of mine, Captain John Harrison, retired from the U.S. Army, a story that will be hard for you even to imagine what he has gone through, but rather remarkable what has happened to him and others. So, I thank you very, very much. Just to share a couple of thoughts, identity theft is a matter, obviously, of great concern to consumers across the country, and it is clear to me that we have to do more to help consumers safeguard their financial and personal identities. Being financially secure used to mean, in the United States, that you had enough money in the bank to see you through a rainy day. Unfortunately, today being financially secure has another meaning as well. It means that you have the ability to stop the improper use of your financial records, and you have the power to prevent misuse of your name, your financial history, and your good reputation. I understand that there are more than 1,300 identity theft victims in my State alone, a small State, 3.5 million people each year. As the story you will hear from Captain Harrison will attest, identity theft can have devastating consequences on the personal and professional lives of its victims. For those who have been caught in the tangled web of other people's lies, the need for reforming the financial system so that it can better respond to identity fraud is perfectly clear. I want to publicly thank Captain Harrison. It is not easy. It is hard enough to go through what he has been through, but now to come to a public place and talk about what happened to you requires a certain amount of courage. And I admire people who are willing to do that, to stand before us and tell us what has happened to them. I also want to thank Mike Naylor, Mr. Chairman, and thank you for asking him to be a witness here today. Mike works with AARP and has done some excellent work in identifying possible solutions to the current identity fraud problem. And for truth in advertising, Mike Naylor is my former Legislative Director, many, many years ago. He has been in the private sector for a lot of years and just recently joined AARP. But I think you will find his testimony worthwhile. In my view, consumers should be able to seek financial services without fear. Consumers should be able to rest assured that their private financial information will be responsibly maintained by those who have been entrusted with that information. Companies that collect consumer financial information must be able to responsibly handle that information, and such information should not be negligently published or even intentionally shared without consumers' consent. Furthermore, consumers should not only have the right to know how their personal financial information is being used, but should also have the right to say no to sharing that information. In recent years, we have taken steps to empower consumers with control over their own financial information. The Financial Services Modernization Act, also known as Gramm- Leach-Bliley, for example, enhanced consumer protections and for the very first time made financial institutions accountable for notifying consumers about their right to opt out of sharing nonpublic, personally identifiable information with nonaffiliated third parties. The Gramm-Leach-Bliley Act requires financial institutions to notify consumers of their privacy policies and any plans to share personal information with another party. And while these safeguards are an important step toward ensuring consumers' financial security, I believe much more must be done to afford consumers greater control over their own financial privacy. Let me also underscore the point that our colleague from Idaho, Senator Crapo, has made. I think it is also the balanced side of this thing. The credit system has worked tremendously well to ensure us a strong economy in this country, and striking the balance here is not easy to do, but it must be done. And I think we can do that. It is going to be a challenge for this Committee. Mr. Chairman, thank you immensely for holding these hearings. Chairman Shelby. Thank you. Senator Allard. STATEMENT OF SENATOR WAYNE ALLARD Senator Allard. Mr. Chairman, I, like many of my colleagues on this Committee, want to thank you for your diligence on this particular issue, both for holding today's hearing as well as your support for improvement of the Fair Credit Reporting Act. While national statistics tend to focus on crimes such as homicides and burglaries and robberies, the crime of stealing one's identity is a serious and widespread crime that too often goes overlooked. Identity theft takes advantage of hard-working citizens in a situation they simply cannot prevent. Many of these hard-working citizens, Mr. Chairman, will not even realize that they have been a victim of identity theft until they go to apply for a car loan or a loan for their home. Then suddenly they discover that for some reason or another, they do not qualify. This is almost a subject for another hearing, but part of the problem is that on credit scores, for example, a lot of consumers do not even realize that there is a system out there that has an impact on their credit ratings. This system is based on how frequently a credit card is used; how many credit cards one has; how many inquiries there are on your name. All of these actions have an impact on one's credit. So why should we worry about it? Well, it has an impact on the interest rate that you might pay on a loan, so there is a hidden cost associated with this system. If you talk to victims, there are also issues as far as legal jurisdiction, and which law enforcement agency is responsible for enforcing certain laws pertaining to identity theft. This may need to be covered in another committee, but it is something this Committee should think about. The other important question that comes up: Are our penalties tough enough? When you look at what happens to a victim of something like this, I think the question that we need to ask is: Are the penalties tough enough for the perpetrators? And so, Mr. President--Mr. Chairman, I hope that you continue to hold hearings on this important issue. Chairman Shelby. I support President Bush. Senator Allard. Yes, sorry about that, Mr. Chairman. [Laughter.] Senator Allard. I think we need to look at a number of different cases to fully understand this problem. The bottom line is that of the more than one million inquiries that the Federal Trade Commission received in 2001, 86,680 of them were identity fraud complaints. This presents a grave situation for unsuspecting Americans and a challenge for all financial institutions and businesses in the United States. While there is an apparent need to protect sensitive personal information from getting into the wrong hands, there is also a need for a certain degree of transparency in order for the U.S. financial and business systems to function. I would like to thank the witnesses for agreeing to testify today on this important issue, and I look forward to all of your testimony. Chairman Shelby. Thank you, Senator Allard. Senator Schumer. STATEMENT OF SENATOR CHARLES E. SCHUMER Senator Schumer. Thank you, Mr. Chairman, and thank you for holding this hearing. Again, this is a really important issue. I have been concerned and involved in it for over a year, and there is nothing worse than when your identity is stolen through no fault of your own and then it takes you years and years to restore your credit rating. It is an impossible situation. And it used to be a small situation. You know, this was not done en masse before the days of computers. Somebody might reach into a garbage can and find somebody's credit card number and do it. But we have had instances in New York where whole databases were stolen by employees selling for 30 bucks an identity or something like that and making huge amounts of money. Our U.S. Attorney, Mr. Comey, had a major indictment of this. So, I certainly agree with what some of my colleagues have said, I think Mike Crapo, that our credit system and this new digital age have brought huge benefits. It also brings some liabilities, and it is our job to focus on those liabilities, and I think FCRA is an appropriate place to do it. As I mentioned, Mr. Chairman, this issue is of specific concern to New York. The city where I live, my hometown, has the unfortunate distinction of being the identity theft capital of the United States. We suffer more identity theft than any other place. My State, New York, has the second highest amount. And this is mushrooming. Last year, the FTC nationally received twice as many complaints about identity theft as in 2001. Many people predict that by 2006 there are going to be half a million to 700,000 Americans victimized. And this is not just a casual thing. It changes your life. You cannot get credit. Some people hound you. It is a huge mess. So, I think we have to move, and we have to move quickly. When you destroy a person's credit rating, you not only jeopardize an honest person's ability to get a credit card, receive approval for a loan, obviously, but also to get a job, or to buy a house. Those are ones that go to the core of who each of us are and what matters to us in our lives. We should do a number of things, and like some others here, I have a proposal that I have been floating and circulating. Before I do that, I do want to mention a couple of other people who have had--Senator Cantwell has a bill that I have cosponsored that makes it easier to restore your rating once it has been stolen. And in the Judiciary Committee, we are working together with Senator Feinstein in terms of toughening up the penalties. But there are five or six things I would recommend to this Committee to look at. One is to make sure that the credit databases are much more secure. You do that in a few ways. You make sure that the people who have access to those credit databases are bona fide people; make sure they do not have a criminal record; make sure they have had no other bad histories in the past. All too many companies do not do that now. Two, let people go into those-- even the employees go into those credit databases on a need-to- know basis. Most of the companies we found, including the big case in New York which affected people throughout the country, any employee could just punch in and get the whole database, whether they needed it for their job or not. And so the credit companies should do this on a need-to-know basis. Let the employees go in there on a need-to-know basis. So those two things are important. At the core of the proposal I have made is credit account notification. Credit reporting agencies should notify a consumer when a new credit account is opened in his or her name because we know what happens. They take your name, they take your birth date, they take your Social Security number, and they just put in a different address. If the minute, you know, Chuck Schumer, 05--I should not use my Social Security number-- Chuck Schumer, Social Security number, 123-45-6789, birth date, January 1, 2001--make myself a little younger. But the minute that happens, and someone opens up a credit card at a new address, they should immediately send a notification to my old address where I really live, and I would say, hey, I did not move to Evanston, Illinois. And you could stop a whole lot of identity theft with that simple notification provision. I think we should do that. And two other things, Mr. Chairman. I am sorry. I appreciate the indulgence. We should truncate credit card receipts. Some companies do this. In other words, the receipt, the part you discard, does not show the whole number on there so people cannot go into the garbage can, pick it up, and duplicate your credit card number. That is easy to do, and some companies have it and some do not. Finally, as I mentioned earlier--Senator Cantwell has worked on this--make it easier if once it is proven bona fide that you are a victim of identity theft, make it easier to get your financial life back because that is a real hard thing to do. So, I would like to work with you, Mr. Chairman, and others on this Committee and try to get these changes and maybe put them in the Fair Credit Reporting Act. I really thank you for having a hearing on a very much needed topic. Chairman Shelby. Thank you, Senator Schumer. It is obvious, I think, here today that there is great interest on the Republican and Democratic side to do something about this issue, do something for the consumer, and I believe we can do it working together. Senator Bunning. STATEMENT OF SENATOR JIM BUNNING Senator Bunning. Thank you, Mr. Chairman, and I want to thank all our witnesses who are about to testify. It is a very important hearing and a very important issue. The technology boom has made most Americans live easier. With the Internet, we can get information that a few years ago it would have taken hours to research in just a matter of seconds. Workers are more efficient. It provides multiple entertainment options, and people can shop from home. Unfortunately, the technology boom has also provided many opportunities for another class of Americans: criminals. We have all heard the horror stories of identity theft, all of us. We will hear much more about it today. It is a problem, and we have to deal with it. Many have had their lives destroyed, and it has taken years for them to recover. We must make it harder for the criminal to steal. We must make the punishment fit the crime. And we must help victims recover quicker. I think we can accomplish all of these goals. Fighting identity theft is not a partisan issue, and in the tradition of this Committee, I am sure we will tackle it in a bipartisan manner. I am also pleased to note that the Administration has been working extensively on this problem. I look forward to working with them and all of the Members of this Committee so that we can get a good bill that we can all support and that will help solve this growing problem. I am very impressed with the diversity of opinion we have before us today. Once again, we have the FTC and others who are about to testify. We have the Secret Service to tell us how to recognize how identity theft works and how they investigate it. We have witnesses from the finance and retail industries to let us know what they are trying to do to prevent identity fraud. And we have consumer groups here to let us know how the average consumer is affected and what victims can do. This is a very important subject, and I applaud the Chairman for holding this hearing. Once again, thank you, Mr. Chairman, and all of our witnesses for testifying. Chairman Shelby. Thank you, Senator Bunning. Senator Sarbanes. STATEMENT OF SENATOR PAUL S. SARBANES Senator Sarbanes. Mr. Chairman, I want to commend you for holding this hearing. I think identity theft is a very serious national problem. It is an issue of great concern, obviously, on both sides of the aisle. Here in the Senate, a number of Senators actually have already in one way or another indicated their interest in seeking legislative improvements in this area. Senator Bennett actually held a hearing 5 or 6 years ago on the subject of financial instrument fraud. I know that Senators Bunning, Crapo, Kyl, Cantwell, Daschle, Corzine, Leahy, Feinstein and many, many others have offered and supported legislation. I could go on and on. So there is obviously very keen interest in it. It is obvious why. Identity theft has become an increasingly growing problem in recent years. Business Week recently stated in an article entitled ``To Catch an Identity Thief,'' ``Identity theft is one of the fastest-growing crimes in the United States'' The Federal Trade Commission reported that in 2002, they received over 380,000 consumer fraud complaints, of which about 162,000, or 43 percent, were about identity theft. Identity theft complaints far exceeded complaints about other types of consumer fraud at the FTC. The number of complaints about identity theft--and many of these are not reported incidentally, so this is only to some extent the tip of the iceberg--was 88 percent more in 2002 than in 2001. Obviously, Americans have strong concerns about protecting their confidential information. This is an area, Mr. Chairman, in which you have shown a great deal of concern and leadership. Honest citizens who are victims of identity theft incur a high cost in money, time, anxiety, and efforts to correct and restore their spoiled credit histories and their good credit name. I look forward to hearing the testimony of the witnesses today about ongoing enforcement efforts and what additional measures can be taken to bring identity theft under control. I am very frank to tell you that I do think that, in the context of working on the Fair Credit Reporting Act, this is an opportunity to encompass within that initiative serious and effective measures to come to grips with this problem of identity theft. It is reaching epidemic proportions out there. It is devastating honest, hard-working, law-abiding people who become the victims of these, in many instances, very ingenious schemes, and in some instances brutally simple schemes. And, I think, as we address the FCRA issue, this is the right opportunity to address this identity theft question as well. Chairman Shelby. Thank you, Senator Sarbanes. Senator Bennett. STATEMENT OF SENATOR ROBERT F. BENNETT Senator Bennett. Thank you, Mr. Chairman, and as Senator Sarbanes has noted so graciously, we did hold a hearing on this subject back in the days when Senator D'Amato was the Chairman of the Committee and I had a Subcommittee focusing on financial services and high technology. I discovered that, at least at that time, it was not high technology that was the principal source of identity theft. People would steal mail, and upon stealing mail they would hope they would get lucky and get some piece of information that could then be useful to them. And, of course, the real bonanza would be if they could find a credit card in the mail. So, I will be very interested to hear what has happened in the time since then, and I agree with Senator Sarbanes that it is very appropriate that these hearings be held in the context of reviewing the Fair Credit Reporting Act. The Fair Credit Reporting Act has been attacked by some as being a challenge to the privacy of individuals, and ironically, the system that has been created under the Fair Credit Reporting Act in the past also provides the greatest bulwark against identity theft, because if you have sound information in a number of different places, you have the building blocks with which you can rebuild your credit background and history. And without that information, without the flow that comes between the various credit reporting agencies, you have a much more difficult time reclaiming your true identity. There was once a movie called ``The Net'' where the heroine of the movie had her entire identity stolen, and there was no place she could go to prove who she was because, given the magic of Hollywood, they were even able to ascribe her fingerprints to somebody else. Being Hollywood, of course, they figured it out before the last reel, and she emerged triumphant. But if there were someplace where she could go to say this is the sound information about me that has been accumulated that I can tap into, it would have killed the premise for the movie in the beginning, which is probably why nobody went to it. But it is something we should consider as we are addressing the Fair Credit Reporting Act. I am very strongly in favor of reauthorizing the Fair Credit Reporting Act so that we do not get an interruption in the progress that we have made in the years that it has been established. But I think a hearing like today's, where we are brought up to date on the extent of identity theft, the technological challenge of fighting it, and the various progress that has been made is a very salutary thing to do. Chairman Shelby. Thank you, Senator Bennett. Senator Miller. COMMENTS OF SENATOR ZELL MILLER Senator Miller. Thank you for holding this hearing. It is very timely, Mr. Chairman, and I thank our witnesses for being here, and I have no opening statement. Chairman Shelby. Thank you. On our first panel today we have Mr. Howard Beales, Director of the Consumer Protection Bureau, Federal Trade Commission; and Mr. Timothy Caddigan, Special Agent in Charge, Criminal Investigative Division, U.S. Secret Service. Gentlemen, we welcome you both here. Your written statements will be made part of the record in their entirety. Mr. Beales, we will call on your first. Proceed as you wish. STATEMENT OF J. HOWARD BEALES, III DIRECTOR, BUREAU OF CONSUMER PROTECTION U.S. FEDERAL TRADE COMMISSION Mr. Beales. Thank you, Mr. Chairman and Members of the Committee. My name is Howard Beales, and I am the Director of the Bureau of Consumer Protection at the Federal Trade Commission. I am pleased to have this opportunity to discuss identity theft and its relationship to the Fair Credit Reporting Act. The views expressed in the written statement represent the views of the Commission, but my oral presentation and responses to questions are my own and do not necessarily reflect the views of the Commission or any individual Commissioner. Identity theft can be devastating to consumers' reputations, to their financial well-being, and to their sense of security. At the FTC, we are fighting identity theft on many fronts. We are training local law enforces on how they can fight identity theft, and we are providing local law enforcers with case referrals from our Identity Theft Data Clearinghouse. We are also working to keep consumers' financial data safe through our new safeguards rule, which took effect at the end of May, and our enforcement actions against companies that fail to keep their security promises to consumers. Just yesterday, we announced a settlement with online retailer Guess.com for failing to protect consumer data as promised. We also released a tip sheet for businesses on steps they should take to assure the security of their online systems. Through workshops, educational campaigns, and our identity theft hotline, we are counseling consumers and businesses on how to prevent identity theft. We are also providing consumers with tools such as the uniform identity fraud affidavit to help them recover more quickly and easily from identity theft when it occurs. Today, you have asked for testimony about identity theft and the Fair Credit Reporting Act. In addition to harming consumers, identity theft also threatens the fair and efficient functioning of consumer credit markets. It undermines the accuracy and the credibility of the information flows that support those markets. Credit bureaus are simultaneously a target for identity thieves and a valuable resource for combatting identity theft. The credit reporting system can play an important role in helping to detect identity theft, in limiting the damage from identity theft when it occurs, and in helping identity theft victims clean up the mess that the thieves leave behind. The Fair Credit Reporting Act helps consumers detect identity theft by providing consumers access to credit reports when they need them most. A credit report digests in one timely document all accounts opened in a consumer's name, and it is the best way to discover those accounts that may have been opened by an impostor. Under the FCRA, a consumer who believes that he may have fraudulent information in his or her file is entitled to a free credit report. Moreover, the Fair Credit Reporting Act requires that a consumer who is denied credit based on his credit report be notified of the adverse action and given the opportunity for a free copy of his credit report. This adverse action notice can alert consumers that they may have bad marks on their credit record that they do not know about, and the free credit report helps them to pinpoint the fraudulent accounts. Adverse action notices provide consumers with a critical safeguard, and we are vigorously enforcing the statute's adverse action provisions. In addition to helping victims detect identity theft, the credit reporting system helps limit the damage that identity thieves can cause. It allows for the placement of a security alert in a victim's credit file. Currently, the three major credit bureaus include a standardized format security alert in the credit reports of identity theft victims. This alert puts potential creditors on notice that they should proceed with caution when granting credit in the victim's name. Finally, the credit reporting system can help identity theft victims clean up the bad marks caused by an identity thief. A common problem of victims is that they find it difficult to get credit, insurance, or employment in the wake of an identity theft incident because the impostor has damaged their credit history. The Big Three credit bureaus now allow victims to block fraudulent information on their credit report with a valid police report of the identity theft incident. We are also working with the three credit bureaus to develop other victim assistance programs. For example, this spring, the Big Three credit bureaus implemented their joint fraud alert initiative whereby victims need only make a call to one credit bureau to get a security alert and a free credit report from all three. There is always more we can do, and we are always looking for new opportunities and new ways that we can make recovery easier for victims when this crime occurs. I thank you very much for the opportunity to appear today, and I will be happy to respond to your questions. Chairman Shelby. Thank you, Mr. Beales. Mr. Caddigan. STATEMENT OF TIMOTHY CADDIGAN SPECIAL AGENT IN CHARGE CRIMINAL INVESTIGATIVE DIVISION U.S. SECRET SERVICE Mr. Caddigan. Thank you, Mr. Chairman and Senator Sarbanes. Thank you for inviting me to be part of this hearing today, and the opportunity to address the Committee regarding the Secret Service's efforts to combat identity crime and protect our Nation's financial infrastructure. For over two decades, the Secret Service has been the leading Federal law enforcement agency for the investigation of access device fraud, including credit and debit card fraud. We also continue to share jurisdiction with other law enforcement agencies in identity crime cases. The explosive growth of these crimes has resulted in the evolution of the Secret Service into an agency that is recognized worldwide for its expertise in the investigation of all types of financial crimes. Our efforts to detect, investigate, and prevent financial crimes are aggressive, innovative, and comprehensive. The burgeoning use of the Internet and advanced technology, coupled with increased investment and expansion, has intensified competition within the financial sector. Although this provides benefit to the consumer through readily available credit and consumer-oriented financial services, it also creates a target-rich environment for today's sophisticated criminals, many of whom are organized and operate across international borders. Simply stated, identity crime is the theft or misuse of an individual's personal or financial identifiers in order to gain something of value or to facilitate other criminal activity. Types of identity crime include identity theft, credit card fraud, bank fraud, check fraud, false identification fraud, and passport /visa fraud. Identity crimes are almost always associated with other crimes such as narcotics and weapons trafficking, organized crime activity, mail theft and fraud, money laundering, immigration fraud, and terrorism. Identity crime is not targeted at any particular demographic; instead, it affects all types of Americans, regardless of age, gender, nationality, or race. Victims include everyone from restaurant workers, telephone repair technicians, and even police officers, to corporate and Government executives, celebrities, and high-ranking military officers. What victims do have in common is the difficult, time- consuming, and potentially expensive task of repairing the damage that has been done to their credit, their savings, and their reputation. According to the General Accounting Office, GAO, the average victim spends over 175 hours attempting to repair the damage inflicted by identity criminals. Identity crimes originate when another person obtains your personal or financial identifiers. The methods of acquiring such information can range from so-called ``dumpster diving,'' where the criminal searches through your garbage for billing statements or other documents that may include personal identifiers, to insiders who purge information from their own company's database and place it for sale on the Internet. The events of September 11 have altered the priorities and actions of law enforcement throughout the world, including the Secret Service. As part of the new Department of Homeland Security, the Secret Service will continue to be involved in collaborative efforts to analyze the potential for identity crime to be used in conjunction with terrorist activities through our liaison efforts with the Bureau of Immigration and Customs Enforcement, Operation Direct Action, FinCEN, the Diplomatic Security Service, and the Terrorist Financing Operations Section of the FBI. Since our inception in 1865, the twin pillars of the Secret Service have been prevention and partnership building. We simply could not fulfill our dual mission of protecting our Nation's elected leaders and safeguarding our financial infrastructure without two essential elements: Incorporating preventive strategies and training, and building cooperative, trusted relationships with our local, State, and Federal law enforcement partners. A central component of the Secret Service's preventive and investigative efforts has been to increase the awareness of issues related to financial crimes investigations in general, and of identity crimes specifically, both in the law enforcement community and the general public. The Secret Service has worked to educate consumers and provide training and resources to law enforcement personnel through a variety of partnerships and initiatives. The Secret Service has already undertaken a number of unique initiatives aimed at increasing awareness and providing the training necessary to combat identity crime and to assist victims in rectifying damage done to their credit. This includes the development of a number of training tools designed to assist our local law enforcement partners. Mr. Chairman, I cannot emphasize enough the importance of sharing our expertise with our local and State police partners and empowering them with the ability to respond on the local level to identity crimes. In a Nation of thousands and thousands of communities and a population exceeding 280 million, providing the first responder--in this case, the local police officer--with the tools and resources they need to investigate an identity crime and provide victim assistance is imperative. So, in partnership with the International Association of Chiefs of Police, the Secret Service produces the ``Best Practices Guide to Searching and Seizing Electronic Evidence.'' The pocket-size guide instructs law enforcement officers in the seizure of evidence from personal computers, wireless telephones, to digital cameras. We have also worked with this group and our private sector partners to produce the interactive, computer-based program known as ``Forward Edge,'' which takes the next step in training officers to conduct electronic crimes investigations. The ``Forward Edge'' CD-ROM incorporates virtual reality features as it presents different investigative scenarios to the trainee as well as provide investigative options and technical support to develop the case. Thus far, we have distributed, free of charge, over 300,000 ``Best Practices Guides'' and over 20,000 ``Forward Edge'' CD's to local and Federal law enforcement. In addition, we are nearing the completion of the Identity Crime Video and CD-ROM which will contain over 50 investigative and victim assistance resources that local and State law enforcement officers can use when combatting identity crime. This CD-ROM also contains a short identity crime video that can be shown to police officers at their roll call meetings, which discusses why identity crime is important, what other departments are doing to combat identity crime, and what tools and resources are available to those officers. Next week, we will be sending an Identity Crime CD-ROM to every law enforcement agency in the United States. Departments can make as many copies as they wish and distribute the resources to their officers to use in investigations. Over 25,000 CD-ROM's are being prepared for distribution. In short, any police department in the country, regardless of size or resources, now has access to state-of-the-art training as well as multiple investigative and victim assistance resources to help them combat identity crime. As part of a joint effort with the Department of Justice, the U.S. Postal Inspection Service, and the Federal Trade Commission, as well as the International Association of Chiefs of Police, we have been hosting Identity Crime Training Seminars for law enforcement officers. In the last year and a half, we have held such training seminars in Chicago, Dallas, Las Vegas, Des Moines, Iowa, and Washington, DC. In the coming months, we have training seminars scheduled in New York, the State of Washington, and Texas. These training seminars are focused on providing local and State law enforcement officers with the tools and resources that they can immediately put into use in their investigations of identity crime. For law enforcement to properly prevent and combat identity crime, steps must be taken to ensure that local, State, and Federal agencies are addressing victim concerns in addition to actively investigating identity crime. All levels of law enforcement should have access to the resources used to combat identity crime and to assist victims in rectifying the damage inflicted. It is essential that law enforcement recognize that identity crimes must be combatted on all fronts, from the officer who receives a victim's complaint, to the detective or the Special Agent investigating an organized identity crime ring. The U.S. Secret Service is prepared to assist this Committee in protecting and assisting the people of the United States, with respect to the prevention, identification, and prosecution of identity criminals. Mr. Chairman, that concludes my prepared remarks, and I will be happy to answer any questions that you or the Members of the Committee may have. Chairman Shelby. Thank you very much. Mr. Beales, one of the outstanding issues in this debate is determining the actual scope of the identity theft problem. In a report issued last year, the GAO indicated that, ``It is difficult to fully or accurately quantify the prevalence of identity theft. Nevertheless, the prevalence and cost of identity theft seems to be increasing, according to the data we reviewed and the many officials of the public and private sector entities we contacted.'' Do you agree with that sentiment? Is that an understatement? Mr. Beales. I think there is no question it is a serious problem. I think there is also no question that we do not have a good fix right now on exactly how big a problem it is. We have been conducting a survey in a random sample of people to try to find out how many victims there really are. We are in the process of analyzing that data now and expect to be able to release it at some point next month. And then we should have, I think for the first time, a good, solid estimate of what really is the incidence of identity theft. Chairman Shelby. Are you working, in that regard, with the FBI, the Secret Service, and local people to get all that information? Mr. Beales. On the survey, no. This was a consumer survey to figure out how many people have been victims. It is akin to the victim surveys that are sometimes done in other criminal areas. And that is what we are doing here. Chairman Shelby. What is the total number of staffers that you have involved at the Federal Trade Commission in this effort? And if identity theft is getting worse, as we all seem to believe, are you dedicating more and more staff resources to this area? Or are you standing pat or what? Mr. Beales. We have a somewhat unusual role in identity theft because we do not have a direct enforcement role because it is a criminal problem and we are not a criminal agency. Where we have substantially increased resources is in handling the calls. As the call volume has grown, then the resources that we have to devote to it have grown correspondingly. And we have really made a significant increase in the resources that we have devoted to security enforcement to try to protect data that businesses keep that could become the source of identity theft. So it is a law enforcement effort that is really focused on preventing access to the kinds of data that identity thieves need. Chairman Shelby. That is your role at the FTC? Mr. Beales. Yes, sir. Chairman Shelby. Mr. Caddigan, or Special Agent Caddigan, excuse me, what is your view as to the level of sophistication of identity thieves and identity theft practices? In other words, is there any indication that the thieves are becoming more organized? I know a lot of them are very sophisticated. Mr. Caddigan. Yes, sir, they have. I think a simple analogy would be: I do not need to go to the business to rob it anymore, I do not need to be in the same town, I do not need to be in the same State, and, quite frankly, I do not need to be in the same country. So when you look at it, that the access to the information that makes up the predicate offenses of identity crime can be obtained globally, they move globally---- Chairman Shelby. They can rob without a gun. Mr. Caddigan. That is correct, sir. And the anonymity that the access to the Internet provides makes the enforcement effort that much more difficult. We do see an increase in organized groups, for example, gang-related. We do see typical street crimes that would have been committed by groups that are now using a computer or the Internet or access to the Internet to get the same kind of profit return. Chairman Shelby. Are the identity thieves generally sophisticated enough to determine weaknesses in the system, in other words, do the thieves evolve? Mr. Caddigan. They do evolve, sir. We find that the organized hacking groups that hack systems, whether it be business, public, or private, they hack for the thrill of the hacking. It is a personal challenge. But the rewards are the database files that they can get out of a business or an enterprise that are readily sellable on the Internet market. Chairman Shelby. Kind of high value to the thieves. Mr. Caddigan. Yes, sir. Chairman Shelby. Help us understand what an identity thief could do, for example, if he or she obtained, a name, a Social Security number, and a mother's maiden name; the full contents of a credit report. I know you can speak to all of it. Mr. Caddigan. With that information, you can pretty much have--well, assuming a good name that you have collected---- Chairman Shelby. You can ruin somebody, can't you? Mr. Caddigan. You can definitely ruin somebody, and there are many case examples of where that has occurred. Chairman Shelby. How do thieves routinely go about obtaining these pieces of information? I know that they do not all go to the dumpster. Mr. Caddigan. They all do not. That would be, obviously, the low-tech aspect. Chairman Shelby. But some do. Mr. Caddigan. The low-tech aspect are just thieves, and thieves steal mail and information and anything they can get their hands on. The higher-tech, then we get into the hacking groups that work internationally, and there is a trade in the product. The end user typically would buy--it is very simple to buy that information over the Internet. Chairman Shelby. Are the older people in America, people like me, 39 and older, are they generally a lot of the victims? Mr. Caddigan. You know, I do not know that we find that to be the case. I think the demographics---- Chairman Shelby. Cuts across everything? Mr. Caddigan. Cuts across the whole spectrum. Chairman Shelby. With what you know about criminal activity, do you have any ideas that you can share today about the steps that all of us as consumers can take to protect ourselves? And, also, how can the industry protect itself ? Because, you know, we are interested in both. Mr. Caddigan. There is a tremendous need to identify you as a consumer to a business, and that is readily recognized. So that information is necessary to affect trade. Where you can safeguard yourself is simple things at home. If you receive the preapproved credit applications in the mail, do not just throw them in the trash. Shred them. Your bank statements, shred them. That sounds a little drastic, but, again, the dumpster diving does occur. It not only occurs at your curb; but also it occurs at the facilities that trash companies use and the dumps that they go to. So the more you can safeguard the information at your level, the better. The other thing, be very wary of anyone that might call or reach out to you, Internet, telephone, e-mail, or otherwise, asking for your identifiers. If you have not solicited that information or that service, you should not be giving anyone anything. Also, be very wary of companies that use spam. We have many examples on the Internet to where an Internet provider has been victimized because someone has accessed their system, provided a questionnaire under the head of that Internet provider, and people readily give it thinking it is valid. So there are a lot of good anecdotal data that the less you give out, the better protected you are. Chairman Shelby. Thank you. Senator Corzine. Senator Corzine. Thank you, Mr. Chairman. I think the scope of questions that you raised are highly valuable so that we understand the nature of the problem. But when we are speaking about understanding it, one of the disciplines of financial markets is the information that people have about their own information that is involved in the system. That gets at a question that I think was asked to Mr. Beales in the House Financial Services Subcommittee. Do financial institutions have any requirement to notify a consumer if there is a security breach? Is that a weakness or a strength of our system? Mr. Beales. There is not at the present time, as far as I know, a requirement to notify consumers if the information has been breached. We think in many circumstances that notice to consumers clearly makes sense. There may be some circumstances where you are fairly sure about how the information was lost, where there is not much of a risk and not much benefit to notifying the consumer. But we think in most cases certainly the best practice is to notify consumers when the information has been compromised in a way that puts them at risk. Senator Corzine. It is hard for me to imagine circumstances where personal information is breached without authorization that it would be a positive. Maybe it is a neutral, but I certainly can imagine situations where breaching poses a risk and certainly limits the individual's ability to clean up their credit history. Is there a voluntary program on the part of the credit reporting agencies or credit-monitoring agencies, the Big Three, or any of the financial institutions? Has there been a survey taken about how much notification of consumers is actually taking place with regard to breaches? Mr. Beales. We know of notification in a number of incidents. We do not know systematically as to how frequently that happens or what fraction of all incidents it occurs. It clearly happens in many cases, but we do not know what fraction. Senator Corzine. And do you have any sense of the proportion or the awareness or how quickly even in those instances where institutions do notify, how quickly individuals know that so that damage is not done? This is, by the way, costly both to the industry and to the individual, I presume, if someone has stolen an identity. Is there any sense or timing with respect to how people become aware? Since there is no requirement, I guess there is no deadline on that process. Mr. Beales. No, and there is no systematic monitoring of how long it takes. I think the big question is how long does it take to discover the breach. In many cases, that is maybe the main determinant of how much consumers are at risk is how much time went by before the breach was discovered at all. I think one thing that is really important in those circumstances is for the financial institution or whoever it was that was the source of the information to make contact with the credit bureau, because that is in many ways the promptest way to get the information into the right places, to give it directly to the credit bureau that these accounts may have been compromised. Senator Corzine. So the primacy of the credit bureau to the individual? Mr. Beales. What the individual has to do in order to reduce the risk is to call the credit bureau, and by making contact with the credit bureau in the first place, A, the credit bureau knows that they are going to get a lot of calls and what is going on and can be ready to handle that volume without being disrupted; and, B, in some circumstances, the fraud alert can be placed quicker and the risk reduced quicker rather than waiting for a letter to go to the consumer and the consumer to respond to the letter and place the fraud alert. Senator Corzine. They could do that simultaneously, I presume, both the individual and the credit bureau. Mr. Beales. Sure. There is no reason for contacting a credit bureau to delay a notice to the individual, but it is an important part of the process. Senator Corzine. Access to credit reports--and I apologize for running over here--conceptually, do you believe that this is an important element in being able to have an individual maintain certainty about their credit status and ability to manage their credit profile in this complex but important and well-functioning system in many ways? Mr. Beales. I think it is a critical part of the system, and the way the system functions now with notice when there is an adverse decision based on a credit report or when there is fraud, in either of those circumstances the consumer is entitled to a free credit report that will let them identify the problems and start the process of correcting them. And I think that is a crucial component for maintaining the accuracy of the data that is in credit reports. Senator Corzine. Thank you. Chairman Shelby. Senator Dole. Senator Dole. Mr. Beales, I would like to ask you about the affiliate-sharing preemption in the Act. In efforts to prevent identity theft and to detect it, is this preemption helpful or does it harm efforts? Mr. Beales. I think information sharing is really a key in the fight against identity theft. I think it is important for the creditor to know more about the real you than the thief knows, and that way the creditor can ask you a question that only the real you can answer and the thief cannot answer. Some of that information comes from affiliates, and some of it may come from databases from outsiders, and some of it may come from credit reporting agencies. All of those sources are important to the overall sharing of information that makes it possible to detect that the identity thief is, in fact, a thief. Senator Dole. Let me just ask you the same question about the prescreening preemption. Mr. Caddigan. I think information---- Senator Dole. How do you see--go ahead. Mr. Caddigan. I would concur with Mr. Beales. Anytime there is information sharing that you can more quickly identify fraud or the potential for fraud, the easier it is to eliminate the problem as an individual. And I think as a total problem, the education and information sharing is critical from the enforcement perspective. Senator Dole. What about the prescreening preemption? Mr. Beales. We do not think that, based on the data we have seen, there are clearly instances where prescreening may lead to identity theft in that particular case. In the data we have seen, though, the overall losses to identity theft seem to be lower on prescreened accounts than they are on just general applications for credit. So, we do not think that prescreening in any systematic way contributes to identity theft or contributes to the problem. Senator Dole. And with regard to the widely reported cases of credit reports being stolen, I would like to ask both of you: Do you think the problem is primarily due to a lack of security in the system? Or is it just a cost of doing business, a fact of business in this technological age? Which would you say is primarily responsible? Mr. Caddigan. I think on the user end of the consumer information. If you talk about the credit bureaus, speaking again from the enforcement perspective, we have very sound relationships with them, and we have worked extensively over the years. They take great measures in safeguarding their information. So when a person is violated, it is usually at the user end, and that is part of the education process that I think not only law enforcement does, but also I know the FTC does with businesses, is to teach them better safeguards with regard to their IT systems that control access to these credit reports. There are many examples of someone who legitimately has access to report files who, for whatever reason, left his computer on when he walked away or granted access to others not knowing that they then could have access. So there are safeguards that are evolving, but we still find instances where they are not safeguarded. Senator Dole. Mr. Beales. Mr. Beales. Our safeguards rule that went into effect at the end of May really views security as a process. It asks companies to identify the risks they face and then look for the steps that they can take to reduce those particular risks. I think one thing that is clear about security, though, is that the threats evolve, and that as you put in place a mechanism to deal with the last problem, identity thieves and other thieves will try to find ways around that. So businesses need to be constantly alert to adjust the precautions that they take in order to deal with new and emerging threats and adjust their plans accordingly. When we see a breach, and particularly if it is a credit bureau, it is something we are very interested in as to whether there may have been a law violation in that particular case or a violation of our rule. We work with other law enforcement authorities and determine, you know, who can best take appropriate action in any particular case. Senator Dole. Agent Caddigan, could you just give us an idea of the percentage of identity theft cases that are perpetrated from outside the country over the Internet? Mr. Caddigan. I don't know that I can give an accurate percentage. I can say that we see more and more case examples of where we have traced the origin of the crime to overseas sources, all four corners. I cannot pick a country or a sector. But we do see a tremendous rise in Internet hacking activity that leads us overseas. Senator Dole. Thank you. I believe that my time has expired, Mr. Chairman. Chairman Shelby. Senator Sarbanes. Senator Sarbanes. Gentlemen, we are pleased to have you here. I really want to get beyond where we are, telling about the problem and how it is expanding and all that, and find out what we can do about it. It seems to me the burden is on the two of you and your respective agencies to give us a list of things. I am going to ask you for that in a moment, but I want to run through some questions with you first. Do you think a consumer getting their credit report is helpful in checking identity theft? Is that a helpful, preventive technique? Mr. Caddigan. Yes, sir, I do. Senator Sarbanes. Some States now require that the consumer get a free report, right? Mr. Caddigan. Yes, sir. Senator Sarbanes. What would be the problem if the Federal law required everyone would be able to get a free report if they requested it? Mr. Caddigan. From an enforcement perspective, I do not see a problem. Senator Sarbanes. Wouldn't that be a pretty common-sense thing to do? Mr. Caddigan. Correct. Senator Sarbanes. Now it puts a little extra burden on the agencies, but it seems to me if we are going to be serious about doing something like this, that is a common-sense thing to do. Georgia actually, I think, is the one State that requires that you can get two free reports in a year. In a number of other States, including my own, you can get one every year. But we have left it to the States to do it. They want preemption from State law on the Federal credit reporting which we are now considering. We need some standards if we are going to preempt from the Federal level. It seems to me an obvious standard, just as a starter, would be a free credit report. Do you disagree with that? Mr. Caddigan. I do not, no, sir. Senator Sarbanes. Mr. Beales. Mr. Beales. The Commission has not taken a position on free credit reports. Senator Sarbanes. Why not? Mr. Beales. The staff is continuing to analyze that and a variety of other suggestions that---- Senator Sarbanes. We are going to push the staff hard to get some suggestions up here. Now, let me ask another question---- Chairman Shelby. Senator Sarbanes, our staff will not need to be pushed. Senator Sarbanes. No, not our staff. Their staff. Chairman Shelby. That is what I meant. [Laughter.] Our staff will be helping us with the legislation. Senator Sarbanes. All right. Now some have suggested that the practice of mailing out preapproved credit card solicitations may increase the incidence of identity theft, and also sending out these unsolicited credit card convenience checks. Does that increase the risk of identity theft? Mr. Caddigan. I think over the years we have seen a change in those type of mailings, where it used to be basically an application was sent to you completed, you signed it and sent it back. So the mail theft or the dumpster diving or that type of activity made vulnerable to identity theft. The later documents that we see, name and address, and the focal point would be if you signed it and sent it back and changed your address, that is an automatic decline. The product itself, if handled appropriately at both ends, does not lead to potential identity crime. I think the misuse of it or the mishandling of it has potential for identity crime. Senator Sarbanes. We are going to have to look at that because we are sympathetic to expanding commerce and so forth and so on, but it may be at some point this expansion opens up vulnerabilities. And then you have to trade off the question between curtailing the vulnerabilities and perhaps losing some expansion of commerce. Now, I know that is going to raise a problem to those who send out these preapproved credit card solicitations or these unsolicited credit card convenience checks. But we need to look at that and see how much it is contributing to the problem, whether this is something that can be checked. There is a notion here that any technique can be used to kind of draw the consumer in, and then if they become a victim of identity theft, it is kind of, well, it is too bad for the consumer and maybe some way we will catch up with it or somehow or other and things will get corrected. But we may need to take steps up front to reduce the exposure to the identity theft happening. Now let me ask you this question. A May 2003 survey conducted by the Harris Interactive Service Bureau of employees and managers with access to sensitive customer information-- this raises a problem that I think is very difficult to deal with--shows that 66 percent say their coworkers, not hackers, pose the greatest risk to consumer privacy. The Washington Post had an article, ``Identity Theft More Often an Inside Job,'' and they are raising the question that it comes from insiders. What is your view of that? Mr. Caddigan. I would agree wholeheartedly. The insider is the greatest threat to business today. One of the things that the Secret Service has undertaken over the last year, year and a half, is an insider threat study. We have gone to businesses, we have gone to financial institutions, we have gone to victims of that type activity in order to determine whether we can develop indicators to try to prevent that. At the same time, we are working with those private sector enterprises and helping them design safeguards to their system that can better secure against the insider threat. So, I would agree wholeheartedly that that is a major problem in business today, the safeguard of that personal information from business to business, and there are no standards. Senator Sarbanes. Do you have proposals or suggestions that you make to businesses of measures they could take to guard against this. Is that right? Mr. Caddigan. That is correct. Senator Sarbanes. And you seek their cooperation to do that on a voluntary basis. Mr. Caddigan. That is correct. Senator Sarbanes. Is that right? Mr. Caddigan. Yes, sir. Senator Sarbanes. If the measures have been carefully vetted and thought through, and if it is the judgment of law enforcement and other objective people that these measures would be effective, should not thought be given to requiring that these measures be taken? Mr. Beales. Senator, if the business is a financial institution, under Gramm-Leach-Bliley there is a requirement that they take security steps, either under FTC rules or under the corre- sponding---- Senator Sarbanes. Do you have rules that would implement what Mr. Caddigan just told me he is trying to get them to do voluntarily on this issue? Mr. Beales. Our rule requires a process rather than specific approaches. The rule requires businesses to identify the risks they face and take appropriate steps to reduce those risks. The risks are different for different companies and in different circumstances. Senator Sarbanes. We have to get at this problem. Mr. Beales. I agree completely. Senator Sarbanes. We have to get at this problem. We cannot continue to pussyfoot around with it. And there is an opportunity here, as we shape this legislation, I think at least, to do something about this identity theft--this is ruining the lives of a fair number of people across the country. And it is a matter of growing concern in the public's mind. You are on the battlefront. We need to hear from you. Let's go beyond the great divide and hear from you about things that you think should be done, requirements that we can put into the law. Otherwise, one of the pressures that will come up from the State level and the consumers not to extend this legislation and the preemption will be the argument that this issue is not being addressed, and if you would just let us get at it, we will take measures to deal with this. Now if you want the national system--and there are economic arguments for it that I recognize, then you have to give some thought to some national standards that bring this problem under control. And we need from you a list of possibilities. Maybe it is in your dream world, you never thought it would be possible. All of a sudden here you are, you have some Senators asking you to give us the list. So, Mr. Chairman, I hope they will go away from here today and come back to us with some detailed suggestions in this regard. Chairman Shelby. Senator Sarbanes, I think you are absolutely right. But I think rather than possible, I think it is probable. Senator Sarbanes. Yes. Chairman Shelby. Senator Miller, I am going to recognize you. We would be interested in what Georgia does. Senator Miller. Senator Sarbanes has already stated it, and we have had that for some time. I think I am asking the same question Senator Sarbanes was getting at, but I would phrase it this way. This is to Mr. Beales. Do you think any new legislation is needed on identity theft, or can it be handled with the current rules and regulations? Mr. Beales. The one piece of legislation that the Commission has taken a position on is the penalty enhancements. I think that would be appropriate and useful in attacking this problem. We are looking, as I said, at a variety of possible proposals, and we will come back at some point with a list of possibilities that we think are good. But we are not ready to do that yet. Senator Miller. You are going to have to get in a hurry to get in front of this Committee. You realize that, don't you? Mr. Beales. Yes, sir. [Laughter.] We actually left people behind to work on it, sir. Senator Miller. That is all I have. Chairman Shelby. Senator Sarbanes. Senator Sarbanes. I just want to make one comment about the penalty enhancement. The Commission has to get moving. The penalty enhancement is important but it is not enough, and I know there is--but I am reminded of John Coffee's statement when we were working on the securities issues, he is a Professor of Securities Law at Columbia University School of Law. And they asked him, ``What about all these penalty enhancements that the Congress is doing?'' He said, ``Well, they are fine, but they need to do other things, preventive things in terms of the system that prevent it from happening in the first place.'' The penalty enhancement, the damage has been done. You are just coming along trying to punish the person and create a deterrent, and there is a certain effect from that, obviously. I do not deny, although Coffee told the story, that in 18th Century London the penalty for pickpocketing was hanging. That was the penalty. And, of course, the hangings were public in the public square, and huge crowds would assemble to see the hanging. They caught this pickpocket, they tried him, they convicted him, and they sentenced him to hanging. So the day of the hanging, thousands of people gathered to see the hanging of the pickpocket. And working the crowd of thousands of people were hundreds of pickpockets. Chairman Shelby. That is exactly right. [Laughter.] Senator Sarbanes. So, I want to prevent it from happening in the first place. Chairman Shelby. Senator Sarbanes, I think you are very much on track, you and, I believe, people on both sides of the aisle here. One or two of the main objects here in the renewal of this legislation or to make it permanent, one is preemption, second is affiliate sharing. I agree with Senator Sarbanes. I think we would be derelict in our duty if we did not address the consumer problems in this bill, especially today, how to prevent and tighten up on identity theft. And I believe this Committee has already sent a message on both sides of the aisle that we are going to do this. Mr. Beales, you mentioned the benefit of adverse action notices in making consumers aware of problems with their credit reports and possibly detecting identity theft. In light of the movement of our credit system to an automated risk-based pricing system, do consumers, all of us, still receive adverse action notices when there is negative information on their credit report? Or do they simply receive a counter-offer at a higher price of credit? Mr. Beales. In many instances, in the credit area, they receive a counter-offer at a higher price. Under the law, if the consumer accepts that counter-offer, there is no adverse action because the FCRA definition is coupled to the definition under the Equal Credit Opportunity Act. If the consumer rejects that counter-offer, then there is adverse action and the adverse action notice goes. Chairman Shelby. Okay. Do adverse action notices still effectively serve this purpose if creditors do not reject credit applicants but simply offer them credit at a higher rate? In other words, how would a consumer know to look at their credit report without the adverse action notice? They would not know, would they? Mr. Beales. They would not know that that was the source of the information that it was based on. I think that is right. Chairman Shelby. That is a flaw here, is it not? Mr. Beales. It is a concern. Chairman Shelby. Wait a minute. It is a concern. It is something that should be correct, isn't it? Mr. Beales. Well, the difficulty--the balance of the adverse action notices---- Chairman Shelby. We will deal with the difficulties. Just say is it a concern, is it a concern, it is something that needs to be corrected? Mr. Beales. It is a problem, but like all problems, it has costs to fix it. And that is what the balance is. Chairman Shelby. We are not talking about that. We are talking about trying to prevent identity theft, trying to protect the consumer here. And you have been waffling here all morning. Mr. Beales. As I said, the Commission has not taken a position. I think that there is--adverse action notices have narrowed as we have moved to risk-based pricing. But, on the other hand, if you give notices too widely and in too many circumstances, then it no longer--I mean, it becomes something that people ignore. The adverse action notice, as it was originally envisioned, fit well in the set of circumstances where consumers needed to pay attention to the credit report and did not raise a lot of false alarms. I think how to preserve that balance of doing both jobs is definitely an issue and one that we are looking at. Chairman Shelby. Senator Sarbanes, do you have anything? Senator Sarbanes. I think Senator Bennett---- Chairman Shelby. Senator Bennett, do you have any questions? Senator Sarbanes. I do not think he had a turn yet. Senator Bennett. Yes, my constituents come to see me, and important as you are, the voters in Utah who need to get their pictures taken sometimes have a higher sense of urgency. As I deal with this issue over time, I have a reaction that I would like to share with you. First, let me say, going back to that first hearing that we held in my Subcommittee some years ago, I am very heartened at the progress that has been made. We were basically in this room looking at each other throwing up our hands and saying, ``What can we do?'' And the hearing highlighted a whole series of problems and very, very few, if any, strategies with which to deal with the problem. So, I am heartened by the degree of involvement both of the Secret Service and the FTC. We have come a long way, and I think we should not lose sight of that fact. There seems to me to be a very interesting paradox here. The more information we can get in the hands of what I would call the good guys--that is, people who want the information for legitimate purposes, they want to improve their service to the customer, they want to be more efficient in offering products that the customer might use, and they use the information, therefore, for benign purposes--the better off we are. At the same time, the more information that we get in the hands of a wider number of people, by definition, the more vulnerable we are. And there is the paradox. We want affiliates sharing information, your response to Senator Dole. We want people at a wide range to have the information so they can check against each other when something seems to be going wrong. And at the same time, we do not want anybody to see this, for fear they might steal it. And that, I think, is the challenge that is facing the Congress, how to see to it that we take steps to prevent people from stealing information, but do it in a way that does not harm the beneficial effect of having this information in the hands of a fairly large number of good guys, people who will use it for benign purposes rather than evil purposes. Is that a fair characterization of the challenge we face here? Mr. Beales. I think it is. I think that is exactly the nature of the problem. I believe the challenge is to try to control access in a way that keeps information from getting to the bad guys but makes as much information as possible available to the good guys. There are inherent risks that remain of the information being there, but if you hide the information, then you can pretend to be anybody. Senator Bennett. So paradoxically, if I am understanding exactly what you are saying, you could make identity theft easier if you restricted too tightly the use of this information on the part of the good guys? Mr. Beales. Yes, sir, I think that is right. In fact, one claim that has been made to me in my discussions of this issue is that one of the reasons for identity theft is that now you have to make up a real person because the information sharing system means you cannot just make up a name and an address because that will not work. The information sharing system will let us tell that there is no such person. So the name and address has to be a real somebody in order to apply for credit under a false identity. Senator Bennett. In an attempted to block identity theft, it seems to me the privacy advocates and the users of information are really on the same side. That is, the people who use the information to make marketing decisions and credit decisions do not want the information to leak because that will destroy their opportunity to serve a customer whom they hope will become a repeat customer. And the privacy advocates also do not want the information to leak. I make that point because I feel, at least in the press, which loves to create controversy, the standard of the schools of journalism is you fight about it, we will write about it. And if you are not fighting, I have discovered since I got into politics, they will precipitate the fight and create antagonisms that they can write about even if those antagonisms do not exist. So in the press, there is an antagonism between the business community that says we need this information, and the privacy advocates who say no it is bad if you get that information. In fact, the real alliance should be the business committee and the privacy people together saying it is good for there to be a widespread background of information, as long as it is protected properly. Because if there is a leak, that reservoir of data becomes very helpful in reconstructing the real identity of the individual and fighting the evil effects of having that leak out there. Once again, is that a fair summary of what the real world is or am I reaching too hard for something? Mr. Beales. No, I think there should be some commonality on the identity theft issues of looking for sensible restrictions to prevent access by the wrong people. Identity theft is a problem that happens where information is used for ways that nobody ever contemplated, nobody ever intended, where in a great many instances the information is simply stolen and it is in everybody's interest to try to control that problem. Senator Bennett. Thank you, Mr. Chairman. Chairman Shelby. Senator Sarbanes, any questions? Senator Sarbanes. I do not, but I want to follow up on what Senator Bennett has said, the line he has just been pursuing, because I have some concern about it and I do it with reference to Mr. Caddigan's statement. You say, ``The burgeoning use of the Internet and advanced technology, coupled with increased investment and expansion, has intensified competition within the financial sector. With lower costs of information- processing, legitimate companies have found it profitable to specialize in data mining, data warehousing, and information brokerage. Information collection has become a common by- product of newly emerging e-commerce.'' Only you go on to say, ``This has led to a new measure of growth within the direct marketing industry that promotes the buying and selling of personal information. In today's market, consumers routinely provide personal and financial identifiers to companies engaged in business on the Internet. They may not realize that the information they provide in credit card applications, loan applications, or with merchants they patronize are valuable commodities in this new age of information trading. Consumers may be even less aware of the illegitimate uses to which this information can be put. This wealth of available personal information creates a target-rich environment for today's sophisticated criminals, many of whom are organized and operate across international borders.'' One of the questions, it seems to me, we have to face is whether this information gathering and warehousing and databanks that are created for marketing strategies are extending or enhancing the availability of information which opens it up even more to identity theft. That is a purpose that is probably beyond the consumers horizon of why he or she is providing the information in the first-place, and goes beyond the purpose they sought to achieve. I am with Senator Bennett up to a point. In other words, you are providing this information. You need checks on it and so forth, and you provide it in order to let us say get a credit card. And then you use the credit card. The question is whether that information is taken and merchandised for other purposes and whether the merchandising of it for other purposes creates a vulnerability which can then be exploited for identity theft. Whereas if it had been more limited, although you need the exchange of information within the limitation, but if it had been more limited, you would not have had the same exposure. Do you see the question I am asking? Mr. Caddigan. Yes, sir, I do and I agree wholeheartedly. I think the information, when it is used in a check and balance situation, actually does prevent fraud. The institutions that work in this arena can site example and statistics to that effect. I think once that information is passed on again, every time it is resent or reprovided, you increase the risk of identity theft greatly. So from a law-enforcement perspective, I concur exactly. The dividing line is the issue. Where should it be used and where is it marketed to where it becomes vulnerable, accessible to organized groups, and thus causes a problem. Senator Sarbanes. Thank you, Mr. Chairman. Chairman Shelby. Senator Dole, do you have other questions? Senator Dole. No. Senator Bennett. Mr. Chairman, can I follow up with just one quick question? Chairman Shelby. Yes, Senator Bennett. Senator Bennett. I will not prolong this. As I hear your answer, Mr. Caddigan, I just in my own mind, just to get it on the record, see a difference between selling the information to some outside group whose purposes you really do not understand or know anything about, and using the information within your own organization. We are back to Senator Dole's question about an affiliate sharing. Would you agree that there is a difference between sharing that information within the umbrella of say a large financial services organization, from one affiliate to the other? That that would be a lesser degree of vulnerability than say selling it to somebody whose business purposes you really do not understand? Mr. Caddigan. Yes, sir, I would agree with that. Chairman Shelby. Senator Sarbanes. Senator Sarbanes. Let me just continue here for a moment. It was noted here at one hearing that Citicorp has hundreds of affiliates, just to leave that point with you, hundreds, maybe thousands. Chairman Shelby. Several thousand. Senator Sarbanes. Was it several thousand affiliates of Citicorp? Chairman Shelby. Yes. Senator Sarbanes. Thank you. Chairman Shelby. Senator Miller. Senator Miller. No questions. Chairman Shelby. Thank you, gentlemen, for your appearance today. We appreciate you testifying. Senator Sarbanes. Mr. Beales, we are going to keep after the FTC here. I don't know. You keep telling us they have not decided, they have not decided. They have to start deciding pretty soon. Chairman Shelby. They are going to be behind the Committee. Senator Sarbanes. That is a sorry state of affairs. Chairman Shelby. Thank you. Our second panel will be composed of Michael D. Cunningham, Senior Vice President, Chase Cardmember Services; Captain John M. Harrison, U.S. Army Retired, consumer witness; Stuart K. Pratt, President and CEO, Consumer Data Industry Association; Linda Foley, Executive Director, Identity Theft Resource Center; William Hough, Vice President of Credit Services, The Neiman Marcus Group; and Michael W. Naylor, Director of Advocacy, AARP. We appreciate all of you appearing here today, if you will take your seats as soon as you can. In the meantime, I will announce again that your written statements, which will be made a part of the record in their entirety without objection, and these hearings are well attended, as you know, and very interesting. There are a lot of consequences, so you see the interest here. If you could sum up, just briefly, your top points because we have your written testimony, as I have just indicated, we would appreciate it in the interest of time. Mr. Cunningham, we will start with you. STATEMENT OF MICHAEL D. CUNNINGHAM SENIOR VICE PRESIDENT, CREDIT AND FRAUD OPERATIONS CHASE CARDMEMBER SERVICES Mr. Cunningham. Thank you, Mr. Chairman, Members of the Committee. My name is Michael D. Cunningham and on behalf of J.P. Morgan Chase & Co., we greatly appreciate this opportunity to appear before the Committee and share our experience with the issue of identity theft. I ask that my written statement be placed in the record. Chairman Shelby. It has been. Mr. Cunningham. I serve as the Senior Vice President for Credit and Fraud Operations for Chase Cardmember Services. Protecting our customers from identity theft and fraud is a major priority for our company. We utilize both leading-edge technology and hands-on intervention by over 750 specially trained Chase employees. And we detect over 70 percent of all fraud before the customer even knows it has occurred, and we continue to improve on that number every year. While identity theft and what we call credit card fraud both constitute fraud, we would like to distinguish the two for policy purposes. We place identity theft into two basic categories: Fraudulent applications and account takeovers. Together these types of identity theft account for 4 percent of our total fraud cases. Fraudulent applications constitute 3 percent of our total fraud cases. This involves the unlawful acquisition and use of another person's identifying information to obtain credit, or the use of that information to create a fictitious identity to establish an account. This requires that the perpetrator possess a great deal of detailed information about a person and their credit history. This is why more than 40 percent of the identity theft cases that we see are committed by someone familiar to the victim, frequently a family member or someone in a position of intimacy or trust. Account takeovers constitute 1 percent of our total fraud cases. This occurs when someone unlawfully uses another persons's identifying information to take ownership of an existing account. This would typically occur by making an unauthorized change of address followed by a request for what we call a new product, such as a card, a check, or a PIN number. Non-identity theft fraud constitutes the other 96 percent of our total fraud cases. This type of fraud would include such events as lost or stolen cards, intercepted cards in the mail, or counterfeited cards. During the course of the debate on identity theft and fraud, critics have alleged that the process known as prescreening is somehow a major contributor to identity theft and other types of fraud. This is not the case. In fact, prescreening is a major underwriting tool that accomplishes just the opposite. Prescreened offers have a very low incidence of fraud, especially when compared with other forms of new account generation. At Chase, we have 17 million active accounts. During 2002, prescreened accounts subject to identity theft involved approximately 600 accounts. Total fraud cases of all types in 2002 numbered about 75,000, which includes the 600 prescreening cases I just mentioned. Last year, prescreening resulted in 1.6 million new accounts to us out of a total of 4 million new accounts, or about 40 percent of all of our new accounts. Why do prescreened cards result in less identity theft? Prescreened offers of credit come from a pool of consumers selected from credit bureau files that have already undergone a verification process. Prescreened credit card offers do not contain any personal information other than name and address, and contain none of the other personal information necessary to apply for credit. Identity thieves do not find prescreened offers of credit very useful because even if they intercept one, they have to submit a change of address, which under our system would trigger an alert and subsequent analysis. Finally, Mr. Chairman, we recognize that consumers may need help once they learn of the identity theft or fraud. Once a problem is identified, this sets in motion a series of consumer education and assistance as detailed in the two appendices in my written statement. And I also have with me a list of recommendations that we take great pride in. This is an identity theft kit that we mail to all consumers as well as customers that we determined are victims of identity theft. Also in the written statement is a list of recommendations to assist in combating identity theft and assisting victims. Thank you for considering our views on this issue, and I look forward to your questions. Chairman Shelby. Captain Harrison. STATEMENT OF JOHN M. HARRISON CAPTAIN, U.S. ARMY (RETIRED) ROCKY HILL, CONNECTICUT Mr. Harrison. Thank you very much. Mr. Chairman, Ranking Member Sarbanes, and Members of the Committee, I appreciate this opportunity to appear before you this morning to talk about my experiences as an identity theft victim. My name is John Harrison. I am 42 years old, a retired U.S. Army Captain, and I have resided in Rocky Hill, Connecticut, since my retirement in December 1999. I was, until recently, employed as a corrugated salesperson in Connecticut. My introduction to the crime of identity theft began on November 5, 2001. That is the day I learned that someone had stolen my identity and had already used my name and Social Security number to open numerous accounts. I immediately began taking those steps recommended by the FTC. On December 12, 2001, Jerry Wayne Phillips was arrested in Burke County, North Carolina. He was indicted on Federal charges in Texas. He pled guilty to one count of identity theft, and is currently serving 41 months in a Federal prison in Minnesota. What I learned after that was that Jerry Wayne Phillips had gained control of my identity when Army officials at Fort Bragg, North Carolina, issued him an active duty military identity card in my name and Social Security number. That happened about a year-and-a-half after my retirement. With that identity, and at the time I had very good credit, he was able to open what I have discovered was $260,000 worth of accounts. There are 61 of them at this point that were opened in my name. They are accounts of all different types. There are personal and auto loans, regular credit accounts with credit card companies, and also stores, checking and savings accounts, and utility accounts. He bought two trucks through Ford Credit for $85,000. He bought a motorcycle from Harley-Davidson for $25,000. He rented a house in Virginia and bought a time-share in Hilton Head, South Carolina. It has been 20 months since I found out I was a victim. Chairman Shelby. How did you find out? Mr. Harrison. I was called by a police officer in Beaumont, Texas, who was investigating the Harley-Davidson motorcycle for Harley-Davidson. He tracked me down through my credit reports and he could already tell that I was a victim of identity theft. And when he called me, he told me and he set me on the right track. He sent me to the FTC's webpage, told me to contact the repositories, and he was the one that got me started on the track to recovery. As I said, it has been 20 months since I found out about it. My imposter has been in jail 19 of those months, and there have been no new accounts opened since he was incarcerated. So everything that I am dealing with still, to this day, are accounts that were opened between July and December 2001. I still have new accounts coming in. The latest was May, last month. I had a new account that I learned of. From the first day, I have been very aggressive about restoring the damage done in my name. I have sought out the fraudulent accounts, and in most cases I have gotten hold of them before they were able to get hold of me. I have encountered a great many difficulties. Two of the repositories have done what I consider to be a fair job in assisting me and allowing me to dispute the accounts with them. One of them, Equifax, quite frankly, almost failed to meet any of the requirements of the Fair Credit Reporting Act. It took me 11 months and three dispute letters to get my second report from the Equifax. And when I did get that report, it was a different report to what they were sending out to all my creditors. There are fraudulent accounts on both reports and there are good accounts on both reports. Some are the same and some are different. So, I cannot even begin to dispute accounts until I get the report that has the accounts on it. That has been a difficulty. Senator Sarbanes. I want to be clear. You asked for your credit report and they sent you a report that differed from the credit report they were sending to your creditors? Mr. Harrison. Completely different, yes, sir. I had an inkling of that because I had been declined credit from my bank. I was getting married and I was trying to get a home equity loan, and I declined was I called my bank and the loan officer talked to me about some of the accounts that were on the report. And I was like I am not seeing those. I thought those accounts were gone. But it turned out that there was a second report that they have that was different from the one that I had. Chairman Shelby. But they did not share that with you? Mr. Harrison. No, sir. I have since gotten it. Actually, I was able to get it because one of the things that happens when an imposter steals your identity and starts using different addresses and different birth dates, is all that information on your credit reports changes, because the creditors are the ones who control your personal information, not you. So because all that information was different, I look like the fraudster to Equifax. When I was asking for my credit report, I was asking for it from Connecticut. What was on my credit report at the time was an address in North Carolina or South Carolina. He used 17 different addresses, all of them made it through my credit reports at one time or another. There was six different phone numbers. And like I said, even my date of birth changed on the personal information on my credit report. I did want to mention the emotional impact. The emotional impact from identity theft is embarrassing to me because I have always been a very strong person. The 20 years that I spent in the military, it was always noted that I was a person that worked better under stress. But what you go through as a victim in trying to clear this up, I mean the repetitiveness of telling companies over and over again, explaining your story, sending out all your documentation, having accounts come back. It would drive anybody nuts. It really will. In my particular case, about 11 months into this, in September, I started having some anxiety problems and sleeping problems. So, I went to my doctor and I got some medicine. And that seemed to help me out for a few months. In January 2003, I had a lot of bad things happen. Besides the identity theft, I had the military trying to garnish my retirement pay because of one of the debts. And at the same time, I had my own credit card companies taking adverse actions against me because of what was in my credit reports. I guess it just overwhelmed me and it became a real distraction for work. I went to my boss, explained it to him. I started doing therapy. The doctor told me I had Post Traumatic Stress Disorder because my flight or fight got stuck on fight, which made a lot of sense to me because that is pretty much the way I felt, like fighting everything. That eventually led to my termination in April. I was fired from my job. I was a salesperson. Identity theft almost conflicts 100 percent with our job as a salesperson because you have to make phone calls, you have to write letters. You have to deal with rejection. And it was affecting my performance and I think my bosses felt they had to let me go because of it. I have two recommendations that I have made in my written statement and I would like to bring those up. Especially now, since I was listening to Mr. Beales and what he was talking about with the information sharing. The thing that I would say, one of my recommendations is, if I want to order my credit report I have to provide my name, my date of birth, my Social Security number, my current address, my previous address. And if that is not enough, if there may be a problem, then they start going through accounts on me and I have to verify some of the accounts that are on my credit report. That is what I have to do. What a creditor has to do is give the Social Security number of the person that is standing in front of them. The information, there is information there for them to use, they just are not using it. They have an application and obviously they have asked this person to give their address and their telephone number, their date of birth. But all they are doing is putting in a Social Security number and they are getting back a FICO score, probably in a lot of cases not even the credit report to see the fraud alert. They are just seeing a high number and they are making a deal. I really think that if creditors were held to the same standards we were, if they had to input four or five different pieces of personal information into the credit bureaus, and if that information was wrong they got the same message I would get, that we cannot identify this person and you are not going to see the credit file, everything in my situation would not have happened. The person did not know where I lived. He did not know how old I was. He did not know anything about me. He just had my name and Social Security number and a military identity card. So that would have prevented all of my situation. The second recommendation that I made in my written statement, and I am not doing this to get back at the credit bureaus, but I think that it is a good idea if the credit bureaus were rated for their proficiency, especially when it comes to accuracy of credit reports. My personal opinion is that the credit bureaus, while publicly they say identity theft is a bad thing, I think they are making a lot of money. In my situation alone there are over 100 inquiries on my credit reports from these fraudulent accounts. It is money they would not have made if someone had not stolen my identity. Also, the credit monitoring systems, as identity theft gets more and more out there, I do not think that there is a lot of monetary incentive to be aggressive about fixing this problem. If there was a rating system that was released, I think that accurate credit reports are as important to the creditors and soon to be insurance companies. And I think that the competition would help the industry repair itself. Chairman Shelby. Thank you. Mr. Pratt. STATEMENT OF STUART K. PRATT PRESIDENT AND CHIEF EXECUTIVE OFFICER CONSUMER DATA INDUSTRY ASSOCIATION Mr. Pratt. Chairman Shelby, Senator Sarbanes, Members of the Committee, thank you very much for this opportunity to appear before you today. For the record, I am Stuart Pratt, President and CEO of the Consumer Data Industry Association. And we commend you all for holding this hearing on the crime of identity theft and its relationship to the Fair Credit Reporting Act. Identity theft is an equal opportunity crime that can affect any of us individually. This crime is particularly invasive where consumers, consumer reporting agencies, and creditors are all tasked with untangling the snarl of fraudulent accounts and information that results from the criminal's actions. This task can be frustrating, and as we have heard, time consuming for all concerned. The Committee has asked us to comment on the crime itself and on its relationship to the FCRA. In this regard, let me focus briefly on three points: The first of which is the FCRA does provide the basic framework of rights and duties that consumers need in order to be able to work with their credit histories, in order to have confidence in the credit reporting system, in order to ensure the data is accurate, and so on. Second, our members have been at the forefront, however, of efforts to understand the nature of the crime, and have established a range of victim assistance procedures, which go beyond the requirements of any law because there does need to be some customization, some tailoring of procedures for victims of identity theft that are different than what you or I might go through as an average consumer. Third, consumer education remains, I think, a mainstay, something that is essential in dealing with identity theft. It is not the silver bullet that stops the crime, but it is essential in terms of how we as consumers both try to prevent the crime from occurring in the first place, and it is also obviously very important to how we as victims would then deal with the crime subsequent to being made aware of the fact that you are, in fact, a victim. The FCRA is, as I said, an essential framework. It provides, for example, that consumers are made aware of the fact that their information was used in an adverse decision. This, in many cases, will allow the consumer to then call the toll-free number, order a copy of their file free of charge, work their way through the process. And in a large percentage of cases this is easily done, this is quickly done, and this is done within the prescriptive 30-day period that the FCRA establishes for consumer reporting agencies. That is our task, our mission. And that is what we have to do under the law when it comes to resolving a consumer's dispute. Consumers obviously expect their information to be accurate. We are tasked with that chore, not only because of what consumers expect, and that is important to us, but also because that is what our customers expect. They expect accurate information. In fact, the law itself expects us to be accurate and we must employ reasonable procedures to assure the maximum possible accuracy in the file. Consumers, when they do dispute information on the file, obviously expect to be notified of the results of the reinvestigation. They expect to have that opportunity to comment further on the results of that reinvestigation. And those are rights that they have under the law today. We think that framework is in place. I think the goal here today, certainly for us, is to continue that process of discussing how this framework works for victims of identity theft. And to provide a little more context for that, let me just talk about some of the initiatives that we have undertaken, because there certainly are instances where the basic framework is not sufficient. Identity theft is a longitudinal crime that occurs over a period of time. It is quite a bit different than burglary or other forms of crimes where I walk up and I see the empty parking lot, so I know my car is gone. Or I walk up to my home and I can see my home is burglarized. So, we have standardized security alerts to make sure that downstream crime does not occur when an alert is on your file. And we have standardized the three steps we take for consumers when they contact us initially. This year we announced a single call point of entry, so a consumer has an easier time of notifying all consumer reporting agencies. The one phone call to any one of the national agencies results in that same data being transferred to all of the consumer reporting agencies. Each agency takes the first three steps for that consumer getting the file disclosure to the consumer, opting them out of prescreened offers of credit, putting an alert on the file for the consumer. We have also used police reports to try to expedite removal of information from credit reports and we do think that is an essential step for consumers. They want information off the file quickly. They would like to have it done once and for all, I am sure the first time through, no doubt about it. My time is running out, and what I would like to do is---- Chairman Shelby. I will not let your time run out yet, but Mr. Harrison brought up some very serious questions that he experienced himself. I was out of the room for a minute. Can you address those questions? Mr. Pratt. Yes, sir, I would be happy to. Chairman Shelby. He went through a horrible experience. Mr. Pratt. What I will have to do, Mr. Chairman, is of course, I suspect, talk with Mr. Harrison a little bit more to learn more about the details. What I have heard is that the creditor had different information than the information that he had in his hands through the file disclosure. I have to better understand what that means, or what the circumstances were around that. Here is what the law says, and here is what should have happened. The law says we are obligated to disclose all information about that consumer at the time the consumer makes the request. That was actually an amendment to the law in 1996, to make it absolutely clear that we must disclose everything so that Mr. Harrison does, in fact, have the same information that a lender would have, so that Mr. Harrison would understand precisely what was in the file and the lender would have the very same information. So, I cannot explain it further than that, but that is what the law requires. That is what the law always requires, and it makes sense to all of us in the industry that that is what the law should require. In terms of the experiences he has had individually, I have two reactions to it. I took a lot of notes, because every time I come to a hearing and hear about an experience, or spend time visiting with Linda or others, we do learn sometimes about practices that are not perfect in our industry. One, industries are big and sometimes they do not get it right with every single consumer. I do believe Mr. Harrison's experience is the aberration rather than the norm because of the incredible effective criminal that perpetrated the crime against him. This is not as common in identity theft. But where it does occur, it does take more time, it is more frustrating, it is harder to pull it all back. Lenders certainly have the same challenge that we have and, of course, concurrent with servicing the consumer who is a victim, we have to make sure that we are not closing down accounts that are not otherwise valid accounts, because a consumer just did not want to pay a bill. So it is a wheat and chaff process. You are trying to make sure you deal effectively with every legitimate claim, and at the same time try to deal effectively with the illegitimate claims. Thirty-five percent of the consumer relations process that we deal with through credit bureaus today is tied to something called credit repair. Credit repair is the process by which a consumer is either advised or somebody on their behalf simply disputes every item of information in the file that they would like to have removed. They do this, in some cases, every 15 days in order to try to beat down an accurate credit report. And so one of our challenges is to try to make sure that we are always identifying Mr. Harrison properly, and at the same time trying to identify where we have a circumstance that might be credit repair related. It is not an excuse. I want you to understand the dynamic-- -- Chairman Shelby. But you are not there yet. You have not solved all that, have you? Mr. Pratt. We have not solved all of those problems, no, sir. We are progressively, when you look at our testimony, we have outlined a whole series of steps we have taken which I think indicate that we recognize that you cannot look at your law and say well, the law said this and so we are done. That is it. We are finished with this. Our job is done if we did it the way the law required. We found a lot of things that we needed to change over time, the most recent of which is this one-call service because consumers said I do not even know necessarily what all the credit bureaus are that are out there. It would sure be nice if I could just call one and know that everybody does the same thing for me. So that was a new service that we launched for consumers who are victims of identity theft at the beginning of this year. Is that the final word? No, sir, I suspect that is not the final word. That is the best word I can give you right now, in terms of where we are. If I could just outline some things that I think would help us, one of which is the FTC needs the support to continue developing the sentinel system. Law enforcement uses the sentinel system to investigate and to bring together those cases that can then be worked at the local, municipal, and the State levels by enforcement agencies at those levels. The sentinel system is a compilation of data about identity theft crimes from all over the country. So the FTC needs that support, and we believe very strongly that is an essential ongoing element. I think the FTC needs to receive a lot of support in terms of continuing to educate consumers. Mr. Harrison received information that I hope was helpful to him. Obviously, it was not helpful enough to solve the entirety of the problem for him, but it was hopefully a good enough stopping-off point. Groups like Ms. Foley's certainly cannot always address everything in the marketplace on their own, and the FTC does a great job of educating consumers. We need to work toward resolving the multi-jurisdictional problems we have with this crime. We cannot get consumers to get police reports everywhere in this country. If we could, we could expedite a lot of data removal from files because we could use the police report to remove data from files today. That is our initiative today. That is our voluntary standard today. We would like to get the fraudulent data off the file once and for all. We would like to get it off just as much as the consumer does, and candidly just as much as our lending customers would, as well, so they are making good lending decisions and they are saying yes rather than no. And we would like to ensure that there are national standards for our reinvestigation processes. It is one of those provisions of the uniform standards that we are now discussing here in the larger context. We believe that those national standards do help us to build databases and build systems that allow us to effectively serve the consumer wherever they are in the country. With that, I will close my remarks. Thank you, Mr. Chairman. Chairman Shelby. Ms. Foley. STATEMENT OF LINDA FOLEY EXECUTIVE DIRECTOR IDENTITY THEFT RESOURCE CENTER Ms. Foley. Thank you very much, Mr. Chairman. My name is Linda Foley, and I am the Founder and Executive Director of the Identity Theft Resource Center. We are a nonprofit, national- based organization. We work with a national clientele and are based in San Diego. Sitting behind me, and you might have seen him passing me a couple of notes already, is our Co-Executive Director, Jay Foley, who also happens to be my husband. I found out about identity theft when I became the victim of identity theft. In the last few years, our program has grown, unfortunately, due to experiences like John Harrison. And through learning from John Harrison and many, many other victims of identity theft. This chair is actually filled with the 700,000 victims of identity theft this year that we abstractly represent, that is the number we use--so we have learned a lot about this crime. I have provided testimony for the Members. I am not going to repeat any of it. I trust you will all read it when you have time. What I would like to address is some of the things that I have been hearing today. If anyone in this room thinks they are immune to identity theft, especially any of the Senators, let me please point out that you have a book downstairs in the gift shop called the Capitol Guide. It is a little long book--you even get a $5 phone card in it now--which lists your birth date and your place of birth. Depending on whether you have an open or closed access State, I could get your birth certificate without much effort. From that it is a hop to calling the Social Security Administration and getting your Social Security number. Basically, they ask a few questions based on your birth certificate information. I now have your Social Security number. With this I now have access to your credit and to your lives. I can open up credit cards in your names. I happen to know what States you are from. It probably would not take much effort to find out an address. With that I can also commit criminal identity theft in your name. No one is immune from identity theft from birth, since we now give Social Security numbers to infants, to beyond death. In our testimony you will find 20 case histories from our records that I have itemized, including cases of child identity theft. It includes a 6-year-old who owes over $60,000, including almost $5,000 in child arrears to himself, by the way, and has three DUI's. He cannot even see over the steering wheel yet. Daddy dearest is an illegal immigrant who, now divorced from his American wife, must use his child's identity in order to somehow figure out a way to stay legally here in the United States. Last year you all probably read in the New Jersey Star Ledger, the article of the woman who was contacted by an insurance company. They wanted information about her husband's auto accident. Interesting. Her husband had died 10 months earlier on September 11, on the 80th floor. Those are some of the more poignant stories. One of the remarks made today is that John is not the norm. We get about 40,000 visitors to our website per month. Those are numbers of people who come and read information, gather information, and hopefully have enough to go on and work on their own. ITRC gets about 100 to 150 telephone calls or e-mail letters each week from people like John who we call extreme cases. His is typical of our extreme cases. This is not an aberration. In fact, we have cases much worse than John's, unfortunately, that we deal with. Family identity. Senator Dole, you mentioned that, 40 percent are family oriented. Those are the ones I get. No one in the office wants to take them because they have to deal with, ``what do I do?'' Do I turn my mother over to the police? Would I be a bad child to do that? Am I a bad daughter? Am I a bad parent if I turn my child over to the police? How do I deal with this within the family? How do I convince the credit reporting agencies? How do I convince credit issuers I did not open up these accounts if I am not willing to file a police report? We have a problem in that in many jurisdictions throughout the United States, the police are still reluctant to take police reports. California has a law, Penal Code 530.6, which says that a police report must be taken in the jurisdiction where the victim lives. That is not true in many cases, and these victims get bounced from place to place. They live in Alabama and the crime is occurring in Kentucky. Who is going to take the police report? Alabama is not going to send someone to go investigate. And I will go back to one other thing. A lot of times victims need these police reports to help clear up the credit issue. The reality is when I speak with victims, I am trying to explain to them you may never see an arrest out of this case. In fact, very few are. We have talked about penalties several times. Increasing penalties is important, but we are basically increasing penalties for all those people who are never arrested, which could be in excess of 90 percent. Chairman Shelby. Ms. Foley, the question Senator Sarbanes has proposed, how do we prevent it, right? Ms. Foley. Correct. Chairman Shelby. How do we tighten down on it? Ms. Foley. I think it comes down to three areas. We need to stop letting criminals get information by better business handling. I just finished writing a book on that and we are talking about it with businesses. Not everything needs to be legislated. I think a lot of it is common sense. Why are businesses throwing information in dumpsters behind their stores that has personal identifying information? Do we really need to legislate against it? I know we have in Georgia. We have in California. We have shredding laws now in both of these States. But must we really tell a business, do not carelessly throw away a piece of paper that has someone's Social Security number on it. You would not want that done to you. It is called the Golden Rule. I think we need to understand this crime links to other crimes. We need to consider that if they are going to get the information, we need to prevent them from being able to use it as readily as they do. I have provided for Senator Sarbanes' benefit as well as all of yours, almost 20 recommendations for laws that I think are necessary and that we need to see. I would like to see them on a national basis. We have seen more flurry of activity and talk at the Federal level in the last few months since we have been talking about FCRA than we have in the last 6 years since I have been a victim of identity theft. Yet, I see very few laws being passed. Senator Feinstein has a bill, S. 1399, which has been around since 2000. It is a mandatory observation of fraud alerts. The credit reporting agencies do allow us to put a fraud alert on their credit reports. There is no law that says that a credit grantor must honor it, however. We have victim after victim who says, ``I put a fraud alert on my credit report. I even sent a letter in to them asking for the 7-year alert,'' because they have been gracious enough to do this without being Federally mandated to do so. But the credit issuers are not observing them. Someone mentioned the movie ``The Net.'' I happen to be partial to the movie ``Class Action,'' an old Gene Hackman movie. It is more financially beneficial to these companies to ignore those fraud alerts and to quickly get the money, to open up the line of credit within 30 seconds--our microwave society--than it is to take the time to call and verify that application. We just recently got cell phones. We have fraud alerts, both of us. That fraud alert took an extra 10 minutes for us to get that cell phone. That is all it took, one phone call. My husband, he got it--and if we had had our cell phones already we could have had them just call the cell phone and I would have waved at the car dealer across the table from me and said, hi, this is me. Yes, go ahead and approve the application. It is as simple as that. You asked about our position regarding FCRA and the preemptions and the sunsetting. I think I would like to summarize it in a couple of ways. Yes, there is a need for strong national laws. There is no question about it. However, the framers of our Constitution said this is a framework. The FCRA was devised as a framework for privacy as well as ways information is being handled. It was never supposed to deal with every single issue. If you are asking us to say, shall we go ahead and renew the preemptions, without having the laws already in place that are going to resolve all of the problems that you are all talking about already, how can we do that without knowing whether it is going to take care of the problem? Will we need to rely on the States, who are more responsive at this moment and have passed more laws, and have been dealing with the issue on a continual basis in many cases? We do come from California. Unfortunately, we do have the most number of victims. But we have also passed a great number of laws. We also have high population groups which attract these criminals. We are going to take a position right now which is--we want to see what these laws are that you are going to pass, and that are going to get signed and put into action. To discuss preemptions in FCRA--we are not talking about renewing the whole FCRA but just those seven areas of preemption right now-- is premature. How can we say that we do not want affiliate sharing? How can we talk about any of these other areas when we do not know how the laws are going to deal with it? We have another problem. If we have a Federal law about identity theft, then why did we have to pass laws in every State? It is because local law enforcement, local jurisdictions need some latitude for them to be able to prosecute as well. So if we are going to create national laws, we need to also keep in mind that we have to be able to enable local law enforcement and local district attorneys to be able to work with the Federal system. Otherwise you are going to have every U.S. Marshal, every U.S. Attorney, and probably half the Army, the Navy, and the Marine Corps working to investigate identity theft and prosecute. We do not have the staff to do it all on the Federal level. We have to expand that all. I do have a couple of questions, first Stuart, please. I know that you have the one-call shop now. I also know that we have a problem because each of the credit reporting agencies have different standards of information that they ask for on their automated systems or through their live person, in one case. How have you resolved that? Have you finally come to an agreement on what data is going to be needed, or if I call Equifax are they going to ask for one set of information and then Experian may contact me later on and ask me for a couple more pieces of information before they send my credit report? Chairman Shelby. We generally do not let our panelists ask questions. [Laughter.] Ms. Foley. Sorry. Chairman Shelby. Except that was a good question. Ms. Foley. It is a problem we are hearing about. Chairman Shelby. Why don't we finish the panel before we-- -- Ms. Foley. I would appreciate that. Chairman Shelby. We are going to go to Mr. Hough. STATEMENT OF WILLIAM HOUGH VICE PRESIDENT OF CREDIT SERVICES THE NEIMAN MARCUS GROUP ON BEHALF OF THE NATIONAL RETAIL FEDERATION Mr. Hough. Thank you, Mr. Chairman. Good afternoon. My name is Bill Hough and I am Vice President of Credit Services for The Neiman Marcus Group. I am testifying today on behalf of the National Retail Federation. I would like to thank Chairman Shelby and Ranking Member Sarbanes for providing me with the opportunity to testify about the growing problem of identity theft and the steps that Neiman Marcus, like so many other members of the retail community, is taking to curb our losses and protect our customers from these crimes. By way of background, The Neiman Marcus Group is head- quartered in Dallas, Texas, and it is comprised of two operating segments, Special Retail, which includes the Neiman Marcus stores and the Bergdorf Goodman stores, and Direct Marketing, which includes the catalogue and online operations of our Neiman Marcus, Horshow, and Chef 's brands. We issue our proprietary credit cards under the Neiman Marcus and Bergdorf Goodman names. In fiscal 2001, Neiman's reached the high-water mark for identity theft related losses with over 520 cases representing a total expense of $1.3 million. In the past 2 years, we have experienced a decline of 70 percent in the number of identify fraud cases with less than 150 cases projected for the current year. It is important to note that other fraud related cases such as lost or stolen credit cards have remained constant over the last couple years. Mr. Chairman, instant credit applications represent about 85 percent of all accounts open at Neiman Marcus. These are handled at the point of sale. In order to cut down on fraud and identity theft during the application process, Neiman's developed a custom fraud detection model that analyzes certain specific attributes of every credit application. This system isolates certain variables on an application and double-checks them against information found on the applicant's credit report. Where discrepancies and inconsistencies occur, the model sends the application to our credit department for review. Clearly, the model has worked well for us over the last couple years. This year we know we have prevented about 800 fraudulent accounts from being opened. Occasionally, we are able to definitively detect an attempted fraud and arrest an identity thief in the store. This usually occurs if our credit office, after being alerted during the application process, can quickly get in touch with the victim. We will then ask them if they want to pursue an arrest of the person attempting to open the account in their name. If they agree, we will detain the suspect and contact the police. We have had 33 such arrests this year and 80 last year. Currently, Neiman Marcus Direct, our catalogue division, and our stores send out 15,000 packages a day delivering items to customers. By using customer information-sharing, we were able to develop an address delivery cross-check within our Delivery Manifest system. What that does is it double-checks against any negative addresses that may be out there to detect possible bad deliveries. Additionally, we have edits in place to identify unusual buying patterns that may be forwarding merchandise to certain addresses multiple times. These controls have stopped about 500 fraudulent shipments in the last year. Neiman's also does special edits to focus on the hottest selling merchandise. In fact, a savvy salesclerk in our Neiman Marcus White Plains store helped expose one of the largest identity theft rings in U.S. history involving a former employee of Teledata and over 30,000 stolen credit reports from the three major bureaus. The incident began when a woman called in an order for $6,000 in trendy shoes to the White Plains store. She told the salesclerk she did not care what size the shoes were and where they were to be shipped. The salesclerk realized this was suspicious, notified our Loss Prevention department. They, in turn, set up a controlled delivery with local law enforcement and the postal authorities. Mr. Chairman, I would like to be able to tell you that Neiman's has prevented 100 percent of all fraudulent credit applications this year, but I cannot. Successful identity thieves still slip by our systems at the rate of 7 for every 10,000 applications processed--less than one-tenth of 1 percent. This, in my view, is not the result of a flawed system, but the result of determined criminals with sophisticated tools like computers and the Internet. The most successful identity thieves know how to replicate an individual's identity perfectly. They also know how to get a hold of what I would call perfectly identifiable pieces of information which may be a driver's license or a counterfeit credit card. For these types of criminals there is very little else we can do to detect and prevent the crime, and retailers, like other businesses, are looking to the States and the Federal Government to begin producing the most secure identity documents possible. The need for tougher law enforcement statutes is also critical. While we will arrest approximately 250 perpetrators of fraud this year, many of these criminals are out on the street the next day with a slap on the wrist. Identity thieves are treated as a harmless pickpocket instead of a serious criminal who has created havoc for an innocent victim. These people, especially those that become multiple offenders, must face stiffer sentences if we are going to stop this type of crime. Further, identity thieves thrive on anonymity and rely on the assumption that large retailers such as Neiman's cannot put a name and face together in order to prevent fraud. This is why it is so important for retailers to know their customers, and why it is so important that we have to do this by the efficient use of information. Information flows between Credit Services and the bureaus, or between Retail Divisions and Marketing Divisions, combined with sophisticated technology and scoring models, cut down on fraud and allow us to offer better customer service. In conclusion, if there was one thing I want to point out as I leave, it is oftentimes our efforts to provide customer service have led to new mechanisms by which we do stop fraud. Identity theft is a crime with at least two victims: The individual whose identity was stolen and the business from which money and merchandise was stolen. Clearly, it is the individual victim that is most directly hurt. But if identity theft crimes continue to rise at the rate reported by the FTC, all consumers will ultimately pay as much of these business losses are passed back to the consumer. Mr. Chairman, I ask that Congress think carefully before blocking information flows or constraining businesses to specific prevention techniques or responses. We, in business, must continue to have the leeway to innovate to respond to constantly changing variables. Criminals always find a way and we need to maintain the ability to find a response. I thank you for your time. Chairman Shelby. Mr. Naylor. STATEMENT OF MICHAEL W. NAYLOR DIRECTOR OF ADVOCACY, AARP Mr. Naylor. Thank you, Mr. Chairman, Senator Sarbanes, and other Members of the Committee. I am the last batter in the bottom of the ninth and I can feel the palpable hope in this room that I will pop up on the first pitch. So let met at least---- Senator Sarbanes. Or hit a home run. Chairman Shelby. The bases are loaded. [Laughter.] Mr. Naylor. Let me just, in a fragmentary way, touch the high points here. First of all, I am new to the position at AARP and I hope that if there is anything we can do on this issue, or any other issue, to help you with your important responsibilities, you will not hesitate to call on us. Second, I enjoyed Senator Bennett's asides with regard to some of the popular culture forays in Hollywood and others into this issue. You might want to add to that, Senator, the New Yorker cartoon from about 2 months ago where a man is disconsolately telling his friend, my wife ran away with the guy who stole my identity, which is maybe a problem that has not surfaced yet. At AARP, we suspect that our members may be more prone to be victimized by these crimes than others. They control more of the Nation's wealth. They have a longer credit history, which permits more forms of access. Many of them are in the position where caretakers, custodians, or family members could take advantage of them. It is difficult for us to confirm that though from existing files. The best database is maintained by the FTC, the complainants database, which shows us no more likely, our members no more likely than others. But there are some problems with that. Number one, to get into that database you have to be a complainant. Our long experience is that older Americans are less likely to complain to a Federal agency than others. Number two, you have to offer your name. About 30 percent of complainants--not name, age. About 30 percent of complainants do not offer their age. Both from our experience and the lighthearted remarks by the Chairman and by Senator Schumer earlier would confirm that it is the case that once you get into AARP territory you are less likely to volunteer your age as well. So, we are trying to address that issue. Despite those biases, or omissions which under-report the experience of senior Americans as victims, still that database shows us that there are six specific identity theft crimes where older Americans are statistically more likely to be the victim of a crime. Number one, these are, the use of a victim's existing credit card account. Number two, the establishment of a new credit card account in the victim's name. Number three, the opening of a wireless telephone account in the victim's name. Number four, the use of a victim's information to commit credit fraud. Number five, the taking out of a personal or business loan in the victim's name. And number six, the theft of a victim's identifying information and then the use of it in attempts to commit fraud. There were some questions about solutions. Frankly, so far the AARP has spent more time in terms of trying to make its members aware of what is going on, and provide them practical information about how to avoid identity theft, and how to deal with it when it occurs. But we are beginning to inventory some possible solutions. While I cannot endorse them fully, I think there are things that we will continue to explore and we hope that the Committee will take that into account. Some of them include, Senator Sarbanes, first, the ability to get a free credit report once a year. That is something that we will support, and my enthusiasm for it grew with every question you asked Mr. Beales, so we would like to press ahead on that count. Second, I do not know if we are in favor of hanging either pickpockets or identity thieves, but looking at the statute of limitations in this regard I think is important. It may not fall under the jurisdiction of this Committee, but it is essentially 2 years. The way the courts have interpreted it, that statute starts ticking from the date of the event. Now maybe that makes sense where someone walks up to you, sticks a gun in your ribs and relieves you of your wallet. As Mr. Harrison's case explains, it could take weeks, months, even years in many cases before you know that the crime has occurred. So having the statute of limitations start ticking from the discovery of the purported crime as opposed to the date of the alleged crime would make a lot more sense in this regard. Third, Mr. Harrison's commentary did it a lot more graphically than I can, but we are also very sensitive to the notion that, in general, it is much harder for almost anyone other than you yourself to get a copy of your credit report. You have to provide much more information to find out your credit report than almost anyone else, and it generally costs you more to get it. Something that addresses that issue I think is well within the realm of things this Committee could do. I do not know, maybe that was a scratch single, but the inning is over and thank you very much. Chairman Shelby. Thank you very much, Mr. Naylor. I will try to be as quick as I can. Captain Harrison, we heard your story here and I think it is compelling. Things still worked out terribly. Would you say that, at a minimum, Congress has a responsibility to take steps to help future victims like yourself ? Mr. Harrison. Absolutely, sir. I do. Chairman Shelby. Ms. Foley, I am going to let him answer your question on somebody else's time. Ms. Foley. He does it all the time. Chairman Shelby. Ms. Foley, we have heard testimony that the credit card companies employ numerous antifraud measures. I think this is definitely positive. However, the larger question does not bear on how much they do, it relates to how successful they are in this undertaking. Who is ahead of whom here, the people who commit fraud or the credit card companies, in your judgment? Ms. Foley. The criminals are always ahead. This is an evolving, changing crime. They are, at least, several years ahead of us on the learning curve. There is no question about that. I think that if credit issuers would start to accept some of the business solutions that are out there as far as verification of the application, applications can be verified in 30 seconds. We are, again, that microwave society. People want it done quickly. But I have seen credit applications where only half the information is filled in. I know part of the problem Stuart is having and some of what you were talking about is--we have all done it. We have filled out an application halfway because we wanted the free gift that they were giving. What do the credit reporting agencies do with that information? It doesn't quite match anybody's real credit report. They do the best match possible. That is where some of what we call those suppressed files come from, which is where there is some inaccurate information that they do not know where to put it. Does it go to your credit report, my credit report, Senator Sarbanes' credit report. They do not know. Chairman Shelby. Mr. Pratt and Mr. Cunningham, I will direct this question to you. How does someone open 61 accounts in light of the precautions that the credit card companies and the credit bureaus take? Mr. Pratt, how do they do it? Mr. Pratt. Apparently they are good criminals in terms of what they do. I do not mean that flippantly---- Chairman Shelby. I know that. Mr. Pratt. --but there are some who are very good at it. Chairman Shelby. It is a very serious question. Mr. Pratt. Precisely. I think the short answer is, we do not know how often that criminal--and Ms. Foley references something that is a challenge. When data comes into the credit reporting system, we cannot cross-check a Social Security number against a name, against the Social Security Administration's database. There are lots of good reasons why the private sector does not have access to that database. But that data comes in, so there may be a credit report under a different name but the same Social and a different address. There may be actually accounts opening up on several different reports, so they are actually not being opened up solely on a single report. Chairman Shelby. Shouldn't that trigger something, maybe a watch or caution, a little yellow light there? Mr. Pratt. Only if there is something connected together in all of that would there be some caution flag, if you will, that would come up in all of that for a lender, for example. But today, to give you some idea of the scale of change in the database, 40 million consumers are moving every year so it is difficult to say an address change alone is enough. We have 3 million marriages and divorces, a majority of those end up with a change in your last name. We have about 6 million consumers with a second home in this country. That again results in a second address on your file. We have tens of millions of consumers in this country that use one of their credit cards for billing purposes at work, so they have a work address associated with their personal information. Managing 200 million files and 2 billion data elements---- Chairman Shelby. You are not saying that is impossible, are you? You are in the business. Mr. Pratt. I suppose with enough time and money, anything is possible, Senator. But I just wanted to set the context here because sometimes we react viscerally to this and we go, how could you not have seen that? The answer is, in some cases, because we are managing an extraordinarily large volume of data, so the pattern that you and I see here today, this seems very obvious something was happening, is not nearly as obvious in the large-scale sense when you are building a nationwide system. Chairman Shelby. Ms. Foley wants to respond. Ms. Foley. My understanding is that the repositories are not in the business of looking for these alerts. They are not sitting there looking to see, have 61 applications come through in the last month. That is the job of the lenders. Unfortunately, the lenders do not see the full credit reports in most cases. They get a score. They say, gee, this person seems to have a good credit status. Let's go ahead and give them a credit card. Or in John's case, his score went down. It varies from credit report to credit by 150 points. Chairman Shelby. Mr. Pratt, I do not want proprietary information, but your people get a lot of money to manage this information. Mr. Pratt. It is a successful business, yes, sir. Chairman Shelby. It is a successful business. We know that. Captain Harrison, again, of the 61 fraudulent accounts that were opened on your file, how many creditors sought to pursue criminal sanctions against Mr. Phillips? Mr. Harrison. The only one I know of is Harley-Davidson. A lot of them that I talked to, especially after he was caught, I let them know who the guy was, what his name was, what jail he was in. Even the timeshare in South Carolina, which was $21,000 said, we are not going to go after the guy. It does not make sense for us to press any charges against him. Chairman Shelby. We have some very patient Senators here but I want to get in one more question if I can. This would be to Mr. Pratt, Mr. Cunningham, and Mr. Hough. Do you think consumers should be able to take steps to protect themselves against identity theft? It is what we are talking about. If they want to take measures but those measures may have consequences that bear on the availability of credit, who do you think is best able to gauge those consequences, the companies you represent or the consumers themselves? Go ahead. You all first and then Ms. Foley. Mr. Pratt. Our reaction is, of course, we all should know how best to protect ourselves, and I think there are a lot of different ways to do that. Some are voluntary. If you believe you have been a victim of a crime and you are concerned, we will put a security alert on your file. That is a protective measure. It will work downstream to alert subsequent users of the fact that something has happened to the file. So in that case, yes, sir, we think that is a good step. But there is a consequence to that. I have actually had consumers complain to me that the alerts worked too well. That is the flip side of it as well, I guess. Chairman Shelby. I do not believe they are working too well. Mr. Pratt. I can respond to that, actually, if I may. That is, we have looked at 5,500 credit reports recently with security alerts on them because of the concerns that have been raised about how ineffective they may be or how often there might be a problem. We looked at those files in terms of how many of those files had, after the alert was added, additional activity, meaning new accounts, how many did not, and then how many went through a reinvestigation, which would be our best indication that a consumer had said, I have to pick up the phone, I have to dispute something, something is wrong with that file. Less than one-half of 1 percent of all of those 5,500 files had a subsequent reinvestigation after the alert was added to the file. So that was our first look at this question because we were concerned about alerts on the file and whether or not they worked properly. That gives us one barometer which is, there is a very, very low rate of dispute, even when the alert has been on the file as much as 12 months, and even when a file with an alert has had credit activity subsequent to the alert being placed. Chairman Shelby. Ms. Foley, do you want to respond? Ms. Foley. There should not be any activity once an alert has been placed, at all. If I say, I want to be called every time an application is submitted in my name, I should have that right. That prevents me from having to purchase a credit monitoring service for $79.95. It also prevents me from having to reorder credit reports over again at a cost of $8 each in order to do that, and to see what is going on. And I do not have to wait 12 to 15 months to find out if I am a victim yet again. There is a trade-off with a fraud alert. I did it with the exact knowledge that this was going to slow down the issuance procedures and process. I am a victim of identity theft. Take 2 or 3 days, or take a week to grant me credit, please. Just do not grant it to my imposter again. Mr. Pratt. To be clear, Mr. Chairman, I think that the file activity that we see with new accounts is, in fact, tied to the fact that some consumers who are victims continue to have a need for credit and apply for credit, and they go through the process and the verification takes place, including the kind of reverification--and in other cases consumers are inactive, and they do remain inactive and that is their choice in the marketplace, and that is why some files have activity and some do not. In all of those cases, less than one-half of 1 percent ever had an additional reinvestigation, even as long as 12 months after the initial alert was placed on the file. Chairman Shelby. Senator, thank you for your indulgence. Senator Sarbanes. Thank you. Mr. Chairman. I will be brief. I just want to try to clear away a few things that may appear somewhat minor, but let me see if I can get it settled. Is there any one at the table who would be opposed to a requirement that people be able to get their credit report free at least once a year? Ms. Foley. I have no objection. In fact, I would encourage it. Mr. Hough. I do not know what the overall expense or impact it would be to the credit bureaus, but I think the information is valuable if the person can get to it. Senator Sarbanes. Everyone is supportive. Mr. Pratt. No, sir, we are not. Senator Sarbanes. You are not supportive. Why not? Mr. Pratt. We are supportive of access. The 1996 Amendments provided what we thought was the right balance for access. Consumers who suspect fraud can get access to a free file. If you are unemployed and seeking employment, if you are on public assistance and you wish to have your file, or if you have been declined credit, if you are potentially going to have adverse action taken under employment circumstances, you have access. The 1996 Amendments created a much larger set of what we thought were discrete populations of consumers with a higher level of need where you would not want the price to be an impediment. Senator Sarbanes. So, you do not think that I should be able to get a credit report free once a year? Mr. Pratt. We think your right of access is unquestioned. The fee that we are getting right now is not to create a revenue stream for us but just to offset the administrative expense. Senator Sarbanes. Now, Maryland requires you to give me a free credit report every year, correct? Mr. Pratt. Yes, sir, absolutely. Senator Sarbanes. So, I can get it. Mr. Pratt. Yes, sir. Chairman Shelby. I cannot. Senator Sarbanes. Would you be in favor of dropping the preemption requirements in this statute? Mr. Pratt. We hope that that is not what we are moving toward here in the deliberative debate, but I would be happy to share with you the one risk that---- Senator Sarbanes. It is related to the substantive standards of protection for the consumer, is it not? Mr. Pratt. We believe access is certainly related to the substantive standards. May I have a minute to just try and lay out at least one of the reasons for our concern, sir? That would be, for example, we have talked a little bit about security breaches. Credit bureaus right now are much more exposed--one of our reasons for concerns with free files has to do not so much with a principle of cost, if you will, but with a reality in the business world. That is, for example, when TriWest had its hard drives stolen in Arizona, which was a medical provider for the military, at least a health care service provider, TriWest sent out a letter to the 500,000 families. Of the 500,000 families, at least 365,000 of them responded, calling the credit bureaus asking for various services, which the credit bureaus provided 100 percent free of charge for every one of those security breach victims. The same thing happened with 200,000 in California. There was a DPI case recently with 8 million potential breaches of account numbers; 50,000 consumers at the University of Texas. Our concern is that in some ways credit bureaus are now being asked to bear the burden of someone else's failure to protect their information in the marketplace. That really is the issue of unfairness that concerns us most. It makes it almost impossible for us to manage our consumer relations process for all the average consumers who are calling us every day. In fact with the TriWest case, each of the credit bureaus incurred approximately $1.5 million worth of cost even though they had no involvement, even though it was not credit bureau data, and even though the TriWest company is not, in fact, even a customer of the credit bureaus. So our concern with that is that it is exposing us to a different level of risk in the marketplace. Senator Sarbanes. Mr. Pratt, do you favor changing the statute of limitations? The statute of limitations now is that a victim must bring legal action under the existing statute of limitations from 2 years after occurrence of the fraud. Do you support that standard or would you be in favor of changing it as has been suggested here this morning? Mr. Pratt. We have been involved, certainly in the last Congress and I suspect heading into this Congress as well, in a constructive discussion with Senator Cantwell's staff. You will see in that bill a proposal which is much closer to one we feel we could work with. Senator Sarbanes. Which is what? Mr. Pratt. Well, it establishes a different time mechanism for an identity theft victim versus the average consumer in the marketplace because there may be unique circumstances for identity theft victims. Senator Sarbanes. What is your time frame for the identity theft victim? Mr. Pratt. The time frame that Senator Cantwell was proposing was, I think it was a 3- or 4-year standard rather than a 2-year standard. Senator Sarbanes. From when? Mr. Pratt. From the date the event occurred. I would like to clarify, however, that unlike many other-- -- Senator Sarbanes. On the one hand, you will not let me get a free credit report, and on the other hand you put me into a statute of limitations framework which is when the event occurred, not when I found out about the event. Mr. Pratt. Could I clarify that, Mr. Chairman? Actually, the triggering of your liability for a credit report is when you are harmed, not when I put the data in the file. I could have data in the file that is inaccurate for 3 years, but the date of the event that gave rise to your harm is the date that the credit report was produced and you were declined or otherwise harmed. So, you often learn about the event, meaning your harm, through the adverse action notice. Senator Sarbanes. Do you always learn about it? Mr. Pratt. The world is not perfect, sir, but our belief is that because of the way the consumer---- Senator Sarbanes. Who should the burden be upon to make the world more perfect in this regard--the lonely consumer or the business network that is engaged in these practices? Mr. Pratt. In our review of case law, a very small percentage ever deal with the statute of limitations. Consumers appear to be successful in bringing cases. They do bring cases every year, and certainly litigation has ensued since the 1996 Amendments. Senator Sarbanes. I take it one of the AARP's lead recommendations is on the statute of limitations. Is that correct, Mr. Naylor? Mr. Naylor. That is correct, Senator. Senator Sarbanes. Mr. Cunningham, what is your view on this free report once a year? Mr. Cunningham. I believe that it is a question that should be answered by the credit bureaus more than by myself. I am not necessarily in a position to say whether or not it is the right thing to do economically or not. Senator Sarbanes. Mr. Chairman, I have another question. Chairman Shelby. You go ahead. Senator Sarbanes. Just a week ago in the American Banker there was an article, ``Setting New Policies To Catch Identify Thieves.'' It reports that starting July 1 all businesses in California will have to tell customers when the security of their personal information has been breached. If a bank suspects that someone could have stolen a Social Security number, a driver's license, or bank account numbers, it must inform the customer. Is there anyone at the table who feels it is undesirable to enact such a law nationally? Ms. Foley. We supported, Senator, a piece in that bill. But I would like to see it expand, and not that it just be limited to computer information but any information breach because of the dumpster diving issue as well. Senator Sarbanes. Anyone else who might oppose that? Mr. Pratt. Maybe there is just a policy question and that is to make sure that if a law like that were to be considered you would want to make sure that you did not have a cry wolf event. You would want to make sure that there were measurements in place to ensure that there was a real breach and that there was a real extraction of data because otherwise consumers will be flooded with notices because of the requirement of the law and that might be ineffective as well. So the key would be that you would need to balance the requirements such that breach notices would occur when there appears to be a real substantive material reason to have that breach notice delivered. I think that is just reasonable in terms of how a law like that would operate. Ms. Foley. That was built into the law when it was passed. Chairman Shelby. Senator Bennett. Senator Sarbanes. Thank you, Mr. Chairman. Senator Bennett. One of the things we live with in this world are pop-ups and advertisements on the Internet all the time. One that, at least shows up on my computer a lot, is click here for a free credit report. Can we reconcile that with this conversation? What do I get if I click that? I have never done it. Frankly, I have an irrational fear that doing so would somehow compromise my identity and that somebody is after me. So, I never click there for a free credit report. What do you get when you do that? Ms. Foley. You will be charged $79.95 after a 3-month trial period of a credit monitoring service. Senator Bennett. But I would get a free credit report and then I would, after 3 months, be able to say, I do not want to spend the $79.95? Ms. Foley. Correct. But they are also working on the idea that most of us do look at these free offers. We go for our free 3 months of trial and then we forget to discontinue. Senator Bennett. In other words, a free report can be supplied pretty quickly if somebody asks for it. Now there is an economic reason to say, we will give it to you as a teaser to get you to sign up for something else, and I will not discuss whether the something else is wise or not wise, whether it is good business or bad business, or an improper offering to a customer. I think the customer should make that decision. Ms. Foley. Excuse me, Senator Bennett, here is one other problem with that free pop-up. We do not know if it is a legitimate offer or if it is a scam fraud or it is trying to mine information from you. Senator Bennett. I understand that. That is why I do not click on them because I do not want to see my credit report because everything is going fine. Now, I have been, I will not say a victim of identity theft by any means on the scale that Captain Harrison has suffered, but I have had some really tough conversations with some lenders that told me that I had filed for bankruptcy and I had had default on major property, none of which I had owned, and all of the rest of this. And it was not fun to try to get it straightened out. They finally figured out there was another Robert Bennett and it was not me. My daughter has had a fairly serious experience with identity theft. Again, nowhere near the level that Captain Harrison has, but I am sympathetic with this statute of limitation thing because years later she keeps running into problems even after she long since had thought she had gotten it all cleaned up. Every once in awhile something pops up and, gee, I have to deal with this. It has been 3 years since my wallet was stolen. Captain Harrison, do you have any idea how they got your military identity card? That is the breach that caused this whole thing. It was not dumpster dipping or the stealing of mail. They went to a military installation and here is a fellow who has received an honorable discharge and years after you have left the military they walk away with your identity card. How did they do that? Mr. Harrison. He had my name and Social Security number. I do not know exactly how he got it because I cannot get access to the investigation under the Freedom of Information Act unless I get his permission, the imposter, to release that information. But it is not difficult to get a name and a Social Security number from someone in the military. Those two things are on almost every piece of paper I have ever filled out in the military, because your Social Security number is also your service number. Senator Bennett. The Senate identity card I carry has my Social Security number on it, and my driver's license has my Social Security number on it. When I was running a business and we would assign customer numbers, the fellow who ran our IT program came to me after a little while and he said, we have to stop using the company-generated customer numbers. I said, why, and he said, they are far too cumbersome. Let's go to industry standard and ask everybody for their Social Security number, and we did. People would open an account with us and we would say, name, Social Security number. They would give us the Social Security number, and that was the whole database of the company. Whether we like it or not, the Social Security number has become the national identity number that is in so many databases right now that I shudder to think of what it would cost if suddenly everybody had to come up with a new number. So yes, your Social Security number was your service number. I remember I had to memorize it when I was in the Army in the 1950's. I cannot tell it to you now but I can tell you my Social Security number. The control in the military is so lax that they would give out to somebody a military identity card for somebody who has retired? I think we should hold a hearing with the Armed Services and say, what are you doing here when you are this lax with something of that kind. Mr. Harrison. I believe that the person that issued the card was in on it. I believe that. I spoke with the Secret Service agent that did this and no one else was arrested. But my name and my Social Security number was used. They changed my date of birth on the identity card. They changed the color of my eyes, my hair, my height, and my weight. Senator Bennett. That makes sense. Mr. Cunningham. You cannot do that unless---- Senator Bennett. That makes sense if the fellow or young lady who delivered the military identity was part of the conspiracy. That is beyond the jurisdiction of this Committee, but that might be another criminal activity that might be considered. Yes, the fellow who bought the Harley-Davidson went to jail, but the person who aided and abetted probably should in some manner be considered a co-conspirator and just as liable. You talk about family identity theft. Internal to the military or whatever, that is a form of family theft. We should take a long look at spreading the pain around if somebody aids and abets, and it is not just the criminal that goes to jail. Thank you very much for the hearing, Mr. Chairman. I think this has been very helpful. Chairman Shelby. Thank you, Senator Bennett. Ms. Foley, out of fairness, you did ask him a question. Everybody has had their time, so quickly, what was the question, and quickly I hope he will answer it. Ms. Foley. We have the one-stop-shop now. Have we resolved the problem that the three different repositories want different types of information in order to get your credit reports, and that, in some cases, I can get it out of two but not the third because each one of them has different information and maybe the third one has the imposter's address instead of my address and now the computer system would not tilt. Mr. Pratt. The data exchange has a standard set of data and they all agreed on what data elements would have to be provided so it could go to each company and each company would use the same data elements to pull the file. That is the data exchange part of it. There is no doubt each company still has an individual obligation to make sure the data matches with a file so they can release a file and they can comply with the law and properly identify the consumer. So, yes, there might be an instance where the data cannot be matched properly within an individual company, but the data is standard and the data standard is transferred between each of the companies. Chairman Shelby. Captain Harrison, you are the victim here, and a horrible victim. What is your last word to us? Mr. Harrison. I guess I will make my last word about the Fair Credit Reporting Act. I said this before when I was before the State legislature in Connecticut. I think the intent of the Fair Credit Reporting Act is very good and I understand it, and I think that everybody that put it together understands it. It makes a lot of sense. Chairman Shelby. It works well in a lot of ways. Mr. Harrison. It works well in a lot of ways. I think the problem that I have encountered is that a lot of people are not obeying the intent. They are only obeying the word. Everything that says may might as well say, do not do it. That is why this thing is so difficult. People are not understanding the intent. I really think that has to be firmed up. Less of the intent taken out and more of the, you have to do this put in it. Chairman Shelby. Thank you very much. I thank all of you. It has been a long morning. The hearing is adjourned. [Whereupon, at 1:04 p.m., the hearing was adjourned.] [Prepared statements and responses to written questions supplied for the record follow:] PREPARED STATEMENT OF SENATOR MICHAEL B. ENZI Thank you Mr. Chairman for holding this hearing. Identity theft is a very serious issue that affects not only individuals, but also our economy as a whole. As the fastest growing crime in America, it is not neatly confined to one State or county. And that is the problem with identity theft. People from every corner of the country can and do become victims of this invasive crime. Even small States like Wyoming are adversely affected. Although there are only 493,000 people in Wyoming, we have the same rate of identity theft per capita as anywhere else in the country. That is why we have to approach this issue from a holistic perspective. We have to look at prevention, enforcement, and assistance to victims who are recovering from identity theft. Last year, I cosponsored a bill with Senator Cantwell that focused on the recovery part of the issue. Our bill would have made it easier for victims to get the information they need to clear their good name. Senator Gramm and I worked with Senator Cantwell for months to find a balance between the needs of consumers and the needs of small businesses, banks, and other credit agencies. Our bill included key provisions that would have allowed victims to work with businesses to obtain false records and block false information on credit reports. This is critical for somebody who is trying to put his or her life back together after the trauma of identity theft. I am encouraged by the interest my colleagues have shown here today. There are a number of bills out there that I think we need to consider in Congress before this crime hurts the hundreds of thousands of working people and families that are expected to become victims this year. I am confident we can make headway on this issue during the debate on reauthorization of the Fair Credit Reporting Act and I thank the Chairman for addressing this issue today. ---------- PREPARED STATEMENT OF J. HOWARD BEALES, III Director, Bureau of Consumer Protection, U.S. Federal Trade Commission June 19, 2003 Introduction Mr. Chairman and Members of the Committee, I am Howard Beales, Director of the Bureau of Consumer Protection, Federal Trade Commission (FTC or Commission).\1\ I appreciate the opportunity to present the Commission's views on the impact of identity theft on consumers and the importance of information security in preventing identity theft. --------------------------------------------------------------------------- \1\ The views expressed in this statement represent the views of the Commission. My oral presentation and responses to questions are my own and do not necessarily represent the views of the Commission or any Commissioner. --------------------------------------------------------------------------- The Federal Trade Commission has a broad mandate to protect consumers, and controlling identity theft is an important issue of concern to all consumers. The FTC's primary role in combating identity theft derives from the 1998 Identity Theft Assumption and Deterrence Act (Identity Theft Act or Act).\2\ The Act directed the Federal Trade Commission to establish the Federal Government's central repository for identity theft complaints and to provide victim assistance and consumer education. The Commission also works extensively with industry on ways to improve victim assistance, including providing direct advice and assistance in cases when information has been compromised. The Commission can take enforcement action when companies fail to take adequate security precautions to protect consumers' personal information. --------------------------------------------------------------------------- \2\ Pub. L. No. 105-318, 112 Stat. 3007 (1998) (codified at 18 U.S.C. Sec. 1028). --------------------------------------------------------------------------- The Federal Trade Commission's Role in Combating Identity Theft The Identity Theft Act strengthened the criminal laws governing identity theft \3\ and focused on consumers as victims.\4\ Congress also recognized that coordinated efforts are essential to best serve the needs of identity theft victims because these fraud victims often need assistance both from government agencies at the national and State or local level and from businesses. As a result, the FTC's role under the Act is primarily one of facilitating information sharing among public and private entities.\5\ Specifically, Congress directed the Commission to establish procedures to: (1) log the receipt of complaints by victims of identity theft; (2) provide identity theft victims with informational materials; and (3) refer complaints to appropriate entities, including the major national consumer reporting agencies and law enforcement agencies.\6\ To fulfill the Act's mandate, the Commission has implemented a plan that focuses on three principal components: (1) a toll-free telephone hotline; (2) the Identity Theft Data Clearinghouse (Clearinghouse), a centralized database used to aid law enforcement; and (3) outreach and education to consumers, law enforcement, and private industry. --------------------------------------------------------------------------- \3\ 18 U.S.C. Sec. 1028(a)(7). The statute broadly defines ``means of identification'' to include ``any name or number that may be used, alone or in conjunction with any other information, to identify a specific individual,'' including, among other things, name, address, Social Security number, driver's license number, biometric data, access devices (i.e., credit cards), electronic identification number or routing code, and telecommunication identifying information. \4\ Because individual consumers' financial liability is often limited, prior to the passage of the Act, financial institutions, rather than individuals, tended to be viewed as the primary victims of identity theft. Setting up an assistance process for consumer victims is consistent with one of the Act's stated goals: To recognize the individual victims of identity theft. See S. Rep. No. 105-274, at 4 (1998). \5\ Most identity theft cases are best addressed through criminal prosecution. The FTC itself has no direct criminal law enforcement authority. Under its civil law enforcement authority provided by Section 5 of the FTC Act, the Commission may, in appropiate cases, bring actions to stop practices that involve or facilitate identity theft. See, e.g., FTC v. Assail, Inc., W03 CA 007 (W.D. Tex. Feb. 4, 2003) (order granting preliminary injunction) (defendants alleged to have debited consumers' bank accounts without authorization for ``upsells'' related to bogus credit card package) and FTC v. Corporate Marketing Solutions, Inc., CIV- 02 1256 PHX RCB (D. Ariz. Feb. 3, 2003) (final order) (defendants ``pretexted'' personal information from consumers and engaged in unauthorized billing of consumers' credit cards). In addition, the FTC brought six complaints against marketers for purporting to sell international driver's permits that could be used to facilitate identity theft. Press Release, Federal Trade Commission, FTC Targets Sellers Who Deceptively Marketed International Driver's Permits over the Internet and via Spam (Jan. 16, 2003) (at http://www.ftc.gov/opa/2003/01/idpfinal.htm). \6\ Pub. L. No. 105-318, Sec. 5, 112 Stat. 3010 (1998). --------------------------------------------------------------------------- Assisting Identity Theft Victim The most immediate way in which the FTC assists victims is by collecting complaints and providing advice on recovery through a telephone hotline and a dedicated website. On November 1, 1999, the Commission began collecting complaints from consumers via a toll-free telephone number, 1-877-ID-THEFT (438-4338). Every year since has seen an increase in complaints. In 2002, hotline counselors added almost 219,000 consumer complaints to the Clearinghouse, up from more than 117,000 in 2001. Of the 219,000 reports, almost 162,000 (74 percent) were complaints from identity theft victims, and almost 57,000 (26 percent) were general inquiries about identity theft. Despite this dramatic growth in reports of identity theft, the FTC is cautious in attributing it entirely to a commensurate growth in the prevalence of identity theft. The FTC believes that the increase is, at least in part, an indication of successful outreach in informing the public of its program and the availability of assistance. Callers to the hotline receive telephone counseling from specially trained personnel who provide general information about identity theft and help guide victims through the steps needed to resolve the problems resulting from the misuse of their identities. Victims are advised to: (1) Contact each of the three national consumer reporting agencies to obtain copies of their credit reports and request that a fraud alert be placed on their credit reports; \7\ (2) contact each of the creditors or service providers where the identity thief has established or accessed an account, to request that the account be closed and to dispute any associated charges; and (3) report the identity theft to the police and get a police report, which is very helpful in demonstrating to would-be creditors and debt collectors that the consumers are genuine victims of identity theft. --------------------------------------------------------------------------- \7\ These fraud alerts indicate that the consumer is to be contacted before new credit is issued in that consumer's name. See Section II.B.(3)(a) infra for a discussion of the credit reporting agencies new ``joint fraud alert'' initiative. --------------------------------------------------------------------------- Counselors also advise victims having particular problems about their rights under relevant consumer credit laws including the Fair Credit Reporting Act,\8\ the Fair Credit Billing Act,\9\ the Truth in Lending Act,\10\ and the Fair Debt Collection Practices Act.\11\ If the investigation and resolution of the identity theft falls under the jurisdiction of another regulatory agency that has a program in place to assist consumers, callers also are referred to those agencies. --------------------------------------------------------------------------- \8\ 15 U.S.C. Sec. 1681 et seq. \9\ Id. Sec. 1666. The Fair Credit Billing Act generally applies to ``open end'' credit accounts, such as credit cards, revolving charge accounts, and overdraft checking accounts. It does not cover installment contracts, such as loans or extensions of credit that are repaid on a fixed schedule. \10\ Id. Sec. 1601 et seq. \11\ Id. Sec. 1692 et seq. --------------------------------------------------------------------------- The FTC's identity theft website, located at www.consumer.gov/ idtheft, provides equivalent service for those who prefer the immediacy of an online interaction. The site contains a secure complaint form, which allows victims to enter their identity theft information for input into the Clearinghouse. Victims also can read and download all of the resources necessary for reclaiming their credit record and good name. One resource in particular is the FTC's tremendously successful consumer education booklet, Identity Theft: When Bad Things Happen to Your Good Name. The 26-page booklet, now in its fourth edition, comprehensively covers a range of topics, including the first steps to take for victims, how to correct credit-related and other problems that may result from identity theft, tips for those having trouble getting a police report taken, and advice on ways to protect personal information. It also describes Federal and State resources that are available to victims who may be having particular problems as a result of the identity theft. The FTC alone has distributed more than 1.2 million copies of the booklet since its release in February 2000.\12\ Last year, the FTC released a Spanish language version of the identity theft booklet, Robo de Identidad: Algo malo puede pasarle a su buen nombre. --------------------------------------------------------------------------- \12\ Other Government agencies, including the Social Security Administration, the SEC, and the FDIC also have printed and distributed copies of Identity Theft: When Bad Things Happen to Your Good Name. --------------------------------------------------------------------------- Outreach and Education The Identity Theft Act also directed the FTC to provide information to consumers about identity theft. Recognizing that law enforcement and private industry play an important part in the ability of consumers both to minimize their risk and to recover from identity theft, the FTC expanded its mission of outreach and education to include these sectors. Consumers The FTC has taken the lead in coordinating with other Government agencies and organizations in the development and dissemination of comprehensive consumer education materials for victims of identity theft and those concerned with preventing this crime. The FTC's extensive consumer and business education campaign includes print materials, media mailings, and radio and television interviews. The FTC also maintains the identity theft website, which includes the publications and links to testimony, reports, press releases, identity theft-related State laws, and other resources. To increase identity theft awareness for the average consumer, the FTC recently developed a new primer on identity theft, Identity Theft: What's It All About? This publication discusses the common methods of identity thieves, how consumers can best minimize their risk of being victimized, how to identify the signs of victimization, and the basic first steps for victims. Taken together with the detailed victim recovery guide, Identity Theft: When Bad Things Happen to Your Good Name, the two publications help to fully educate consumers. Law Enforcement Because law enforcement at the State and local level can provide significant practical assistance to victims, the FTC places a premium on outreach to such agencies. In addition to the training described below (see infra Section II.C.), the staff joined with North Carolina's Attorney General Roy Cooper to send letters to every other attorney general letting him or her know about the FTC's identity theft program and how each Attorney General could use the resources of the program to better assist residents of his or her State. The letter encourages the Attorney General to link to the consumer information and complaint form on the FTC's website and to let residents know about the hotline, stresses the importance of the Clearinghouse as a central database, and describes all of the educational materials that the attorney general can distribute to residents. North Carolina took the lead in availing itself of the Commission's resources in putting together for its resident victims a package of assistance that includes the Identity Theft Affidavit (see Section II.B.(3)(a)), links to the FTC website and www.consumer.gov/idtheft. Through this initiative, the FTC hopes to make the most efficient use of Federal resources by allowing States to take advantage of the work the FTC has already accomplished and at the same time continuing to expand the centralized database of victim complaints and increase its use by law enforcement nationwide. Other outreach initiatives include: (1) Participation in a ``Roll Call'' video produced by the Secret Service, which will be sent to thousands of law enforcement departments across the country to instruct officers on identity theft, investigative resources, and assisting victims; and (2) redesigning of the FTC's website to include a section for law enforcement with tips on how to help victims, as well as resources for investigations. The FTC will launch the new website this summer. Industry (a) Victim Assistance: Identity theft victims spend significant time and effort restoring their good name and financial records. As a result, the FTC devotes significant resources to conducting outreach with the private sector on ways to improve victim assistance procedures. One such initiative arose from the burdensome requirement that victims complete a different fraud affidavit for each different creditor with whom the identity thief had opened an account.\13\ To reduce that burden, the FTC worked with industry and consumer advocates to create a standard form for victims to use in resolving identity theft debts. From its release in August 2001 through April 2003, the FTC has distributed more than 293,000 print copies of the Identity Theft Affidavit. There have also been more than 356,000 hits to the web version. The affidavit is available in both English and Spanish. --------------------------------------------------------------------------- \13\ See Identity Theft: When Bad Things Happen to Your Good Name. Hearing Before the Subcommittee on Technology, Terrorism, and Government Information of the Senate Judiciary Committee, 106th Congress (2000) (statement of Mrs. Maureen Mitchell, Identity Theft Victim). --------------------------------------------------------------------------- The three major credit reporting agencies (CRA's) recently launched a new initiative, the ``joint fraud alert.'' After receiving a request from an identity theft victim for the placement of a fraud alert on his or her consumer report and for a copy of that report, each CRA now shares that request with the other two CRA's, thereby eliminating the requirement that the victim contact each of the three major CRA's separately. (b) Information Security Breaches: Additionally, the FTC is working with institutions that maintain personal information to identify ways to help keep that information safe from identity theft. Last year, the FTC invited representatives from financial institutions, credit issuers, universities, and retailers to an informal roundtable discussion of how to prevent unauthorized access to personal information in employee and customer records. The FTC will soon publish a self-assessment guide to make businesses and organizations of all sizes more aware of how they manage personal information and to aid them in assessing their security protocols. As awareness of the FTC's role in identity theft has grown, the businesses and organizations that have suffered compromises of personal information have begun to contact the FTC for assistance. For example, in the cases of TriWest \14\ and Ford/Experian,\15\ in which tens of thousands of consumers' files were compromised, the Commission advised how to notify those individuals and how to protect the data in the future. To provide better assistance in these types of cases, the FTC developed a kit, Responding to a Theft of Customer or Employee Information, that will be posted on the identity theft website in the coming weeks. The kit provides advice on which law enforcement agency to contact, depending on the type of compromise, business contact information for the three major credit reporting agencies, with suggestions for establishing an internal communication protocol, information about contacting the FTC for assistance, and a detailed explanation of what information individuals need to know. The kit also includes a form letter for notifying the individuals whose information was taken. Organizations are encouraged to print and include copies of Identity Theft: When Bad Things Happen to Your Good Name with the letter to individuals. --------------------------------------------------------------------------- \14\ Adam Clymer, Official Say Troops Risk Identity Theft After Burglary, The New York Times, Nov. 6, 2002, Main News, Part 1 (Home Edition), at 12. \15\ Kathy M. Kristof and John J. Goldman, 3 Charged in Identity Theft Case, Los Angeles Times, Nov. 6, 2002, Main News, Part 1 (Home Edition), at 1. --------------------------------------------------------------------------- The FTC particularly stresses the importance of notifying individuals as soon as possible when information has been taken that may put them at risk for identity theft. They can then begin to take steps to limit the potential damage to themselves. Individuals who place a fraud alert promptly have a good chance of preventing, or at least reducing, the likelihood that the release of their information will turn into actual misuse. The prompt notification also alerts these individuals to review their credit reports and to watch for the signs of identity theft. In the event that they should become victims, they can quickly take action to clear their records before any long-term damage is done. Besides providing Responding to a Theft of Customer or Employee Information, FTC staff can provide individual assistance and advice, including a review of consumer information materials for the organization and coordination of searches of the Clearinghouse for complaints with the law enforcement officer working the case. Identity Theft Data Clearinghouse The final mandate for the FTC under the Identity Theft Act was to log the complaints from victims of identity theft and to refer those complaints to appropriate entities such as law enforcement agencies. Before launching this complaint system, the Commission took a number of steps to ensure that it would meet the needs of criminal law enforcement, including meeting with a host of law enforcement and regulatory agencies to obtain feedback on what the database should contain. Access to the Clearinghouse via the FTC's secure website became available in July 2000. To ensure that the database operates as a national clearinghouse for complaints, the FTC has solicited complaints from other sources. For example, in February 2001, the Social Security Administration-Office of Inspector General (SSA-OIG) began providing the FTC with complaints from its fraud hotline, significantly enriching the FTC's database. The Clearinghouse provides a much fuller picture of the nature, prevalence, and trends of identity theft than was previously available.\16\ The FTC data analysts aggregate the data to develop statistics about the nature and frequency of identity theft. For instance, the Commission publishes charts showing the prevalence of identity theft by States and by cities. Law enforcement and policymakers at all levels of government use these reports to better understand the challenges identity theft presents. --------------------------------------------------------------------------- \16\ Charts that summarized 2002 data from the Clearinghouse can be found at www.consumer. gov/idtheft and www.consumer.gov/sentinel. --------------------------------------------------------------------------- Since the inception of the Clearinghouse, 62 Federal agencies and 574 State and local agencies have signed up for access to the database. Within those agencies, over 4,200 individual investigators have the ability to access the system from their desktop computers 24 hours a day, 7 days a week. The Commission actively encourages even greater participation. One of the goals of the Clearinghouse and the FTC's identity theft program is to provide support for identity theft prosecutions nationwide.\17\ Last year, in an effort to further expand the use of the Clearinghouse among law enforcement, the FTC, in cooperation with the Department of Justice and the U.S. Secret Service, initiated a full day identity theft training seminar for State and local law enforcement officers. Sessions were held in Washington, DC, Des Moines, Chicago, San Francisco, Las Vegas, Dallas, and Phoenix. The Phoenix program was held May 22. More than 730 officers have attended these seminars, representing more than 170 different agencies. Additional training seminars will occur later this year in Seattle, New York, and Houston-- cities the FTC has identified as having high rates of identity theft. Also, the FTC is a member of an identity theft task force in Kansas City and is helping coordinate a training seminar there later this summer. --------------------------------------------------------------------------- \17\ The Commission testified last year in support of S. 2541, the Identity Theft Penalty Enhancement Act of 2002, which would increase penalties and streamline proof requirements for prosecution of many of the most harmful forms of identity theft. See Testimony of Bureau Director J. Howard Beales, III, Senate Judiciary Committee, Subcommittee on Terrorism, Technology, and Government Information (July 11, 2002). S. 2541 has been reintroduced in the 108th Congress as S. 153. --------------------------------------------------------------------------- The FTC staff also helps develop case leads. Now in its second year, the Commission runs an identity theft case referral program in coordination with the U.S. Secret Service. The Secret Service has assigned a special agent on a full-time basis to the Commission to assist with identity theft issues and has provided the services of its Criminal Research Specialists.\18\ Together, the FTC and Secret Service staff develop preliminary investigative reports by examining significant patterns of identity theft activity in the database and refining the data through the use of additional investigative resources. Thereupon, the staff refer the investigative reports to appropriate Financial Crimes Task Forces and other law enforcers located throughout the country for further investigation and potential prosecution. --------------------------------------------------------------------------- \18\ The referral program complements the regular use of the database by all law enforcers from their desktop computers. --------------------------------------------------------------------------- The Federal Trade Commission's Role in Information Security In addition to providing assistance to victims of identity theft, the Commission also examines security precautions involving consumers' personal information to determine whether law enforcement may be appropriate. If so, the Commission has two valuable legal tools to work with: Section 5 of the FTC Act,\19\ which prohibits unfair and deceptive acts or practices, and the Commission's Gramm-Leach-Bliley Safeguards Rule (the Safeguards Rule or the Rule).\20\ --------------------------------------------------------------------------- \19\ 15 U.S.C. Sec. 45. \20\ 16 CFR Part 314, available online at http://www.ftc.gov/os/ 2002/05/67fr36585.pdf. --------------------------------------------------------------------------- Law Enforcement Under Section 5 One of the mainstays of the Commission's privacy program is the enforcement of promises that companies make to consumers about privacy, including, the precautions they take to ensure the security of consumers' personal information. The Commission enforces such promises both online and offline. One area of particular concern involves breaches of sensitive information because they put consumers at the greatest risk of identity theft and other harms. Last August, the Commission announced a settlement with Microsoft regarding misleading claims made by the company about the information collected from consumers through its Passport services--Passport, Passport Wallet, and Kids Passport. \21\ Passport is a service that collects information from consumers and then allows them to sign in at any participating site using a single name and password. Passport Wallet collects and stores consumers' credit card numbers, and billing and shipping addresses, so that consumers do not have to input this information every time they make a purchase from a site. Kids Passport was promoted as a way for parents to create accounts for their children that limited the information that could be collected from them. --------------------------------------------------------------------------- \21\ The Commission's final decision and order in the Microsoft case is available at http://www.ftc.gov/os/2002/12/ microsoftdecision.pdf. The Commission's complaint is available at http://www.ftc.gov/os/2002/12/microsoftcomplaint.pdf. --------------------------------------------------------------------------- The Commission's complaint alleged that Microsoft misrepresented the privacy afforded by these services, including the extent to which Microsoft kept the information secure. For example, in various online statements, Microsoft said that the Passport service ``achieves a high level of web security by using technologies and systems designed to prevent unauthorized access to your personal information.'' The Commission alleged that Microsoft, in fact, failed to employ reasonable and appropriate measures to protect the personal information collected in connection with these services because it failed to: (1) implement procedures needed to prevent or detect unauthorized access; (2) monitor the system for potential vulnerabilities; and (3) perform appropriate security audits or investigations. The Commission's order against Microsoft contains strong relief that will provide significant protections for consumer information. First, it prohibits any misrepresentations about the use of and protection for personal information. Second, it requires Microsoft to implement a comprehensive information security program similar to the program required under the FTC's Gramm-Leach-Bliley Safeguards Rule, which is discussed below. Finally, to provide additional assurances that the information security program complies with the consent order, every 2 years Microsoft must have its program certified by an independent professional that it meets or exceeds the standards in the order. The provisions of the order will continue for 20 years and the Commission is systematically monitoring compliance. Microsoft is an important case because the settlement required that the company adhere to its security promises even in the absence of a known breach of the system. The Commission found even the potential for injury actionable when sensitive information and security promises were involved, and when the potential for injury was significant. This determination is an extremely important principle. It is not enough to make promises about protecting personal information, and then just hope that nothing bad happens or, if it does, that nobody finds out. Fulfilling privacy promises requires affirmative steps to ensure that personal information is appropriately protected from identity theft and other risks to consumers' personal information. The Microsoft case followed a similar case the Commission settled earlier last year against Eli Lilly.\22\ The Lilly case also involved alleged misrepresentations regarding the security provided for sensitive consumer information--in this instance, consumers' health information. Like Microsoft, Lilly made claims that it had security measures in place to protect the information collected from consumers on its website. As in Microsoft, the Commission charged Lilly with failing to have reasonable measures in place to protect the information. --------------------------------------------------------------------------- \22\ The Commission's final decision and order against Eli Lilly is available at http://www.ftc. gov/os/2002/05/elilillydo.htm. The complaint is available at http:// ww.ftc.gov/os/2002/elilillycmp.htm. --------------------------------------------------------------------------- Specifically, in sending an e-mail to Prozac users who subscribed to a service on the site, Lilly put all of the consumers' e-mail addresses in the ``To:'' line of the e-mail, essentially disclosing to all users the identities of all of the other Prozac users. The Commission's complaint alleged that this happened because Lilly failed, among other things, to provide appropriate training and oversight for the employee who sent the e-mail and to implement appropriate checks on the process of using sensitive customer data. The order in the Lilly case prohibits the misrepresentations and, as in Microsoft, requires Lilly to implement a comprehensive information security program. Just this week, the Commission settled alleged violations of Section 5 in connection with statements made by Guess, Inc. concerning the security provided for sensitive consumer information collected through its website www.guess.com. According to the Commission's complaint, by conducting a ``web-based application'' attack on the Guess, Inc. website, an attacker gained access to a database containing 191,000 credit card numbers. The complaint alleged that, despite specific claims that it provided security for the information collected from consumers through its website, Guess did not: (1) employ commonly known, relatively low-cost methods to block web-application attacks, which are well-known in the technology industry; (2) adopt policies and procedures to identify these and other vulnerabilities; or (3) test its website and databases for known application vulnerabilities, which would have alerted it that the website and associated databases were at risk of attack. Essentially, the company allegedly had no system in place to test for known application vulnerabilities, or to detect or to block attacks once they occurred. In addition, the complaint alleged, Guess misrepresented that the personal information it obtained from consumers through www.guess.com was stored in an unreadable, encrypted format at all times; but in fact, after launching the attack, the attacker could read the personal information, including credit card numbers, stored on www.guess.com in clear, unencrypted text. The order prohibits misrepresentations about the security and confidentiality of any information collected from or about consumers online and, as in Microsoft and Lilly, requires Guess to implement a comprehensive information security program. This case highlights a crucial but often neglected aspect of information security: The security of web-based applications and the databases associated with them. Databases frequently house sensitive data such as credit card numbers, and web-based applications are often, as with Guess, the ``front door'' to these databases. It is critical that online companies take reasonable steps to secure these aspects of their systems, especially when they have made promises about the security they provide for consumer information. It is important to note that the Commission is not simply saying ``gotcha'' for security breaches. While a breach may indicate a problem with a company's security, breaches can happen even when a company has taken every reasonable precaution. In such instances, the breach will not violate the laws the FTC enforces. Instead, the Commission recognizes that security is an ongoing process of using reasonable and appropriate measures in light of the circumstances. That is the approach the Commission took in these cases and in its Gramm-Leach- Bliley Safeguards Rule, and the approach it will continue to take. GLB Safeguards Rule In May 2002, the Commission finalized its Gramm-Leach-Bliley Safeguards Rule, which requires that financial institutions under the FTC's jurisdiction to develop and implement appropriate physical, technical, and procedural safeguards to protect customer information. The Rule became effective on May 23 of this year, and the Commission expects that it will quickly become an important tool to ensure greater security for consumers' sensitive financial information. Whereas Section 5 authority derives from misstatements particular companies make about security, the Rule requires a wide variety of financial institutions to implement comprehensive protections for customer information--many of them for the first time. The Rule could go a long way to reduce risks to this information, including identity theft. The Safeguards Rule requires financial institutions to develop a written information security plan that describes their program to protect customer information. Due to the wide variety of different entities covered, the Rule requires a plan that takes into account each entity's particular circumstances--its size and its complexity, the nature and scope of its activities, and the sensitivity of the customer information it handles. As part of its plan, each financial institution must: (1) designate one or more employees to coordinate the safeguards; (2) identify and assess the risks to customer information in each relevant area of the company's operation, and evaluates the effectiveness of the current safeguards for controlling these risks; (3) design and implement a safeguards program, and regularly monitor and test it; (4) hire the appropriate service providers and contract with them to implement safeguards; and (5) evaluate and adjust the program in light of relevant circumstances, including changes in the firm's business arrangements or operations, or the results of testing and monitoring of safeguards. The Safeguards Rule requires businesses to consider all areas of their operation, but identifies three areas that are particularly important to information security: employee management and training; information systems; and management of system failures. The Commission has already issued guidance to businesses covered by the Safeguards Rule to help them understand the Rule's requirements.\23\ Commission staff have met with a variety of trade associations and companies to learn about industry's experience in coming into compliance with the Rule, to discuss areas in which additional FTC guidance might be appropriate, and to gain a better understanding of how the Rule is affecting particular industry segments. Now that the Rule is effective, the Commission plans to conduct sweeps to assess compliance within various covered industry segments. --------------------------------------------------------------------------- \23\ Financial Institutions and Customer Data: Complying with the Safeguards Rule, available at http://www.ftc.gov/bcp/conline/pubs/ buspubs/safeguards.htm. --------------------------------------------------------------------------- Education and Workshops Finally, the Commission recently hosted two workshops focusing on the role that technology plays in protecting personal information.\24\ At the first workshop, which focused on the technologies available to consumers, we heard that many of these technologies have failed because they were too difficult to use; also, consumers did not want to pay separately for a ``fix'' many assumed was already integrated into the computers and applications they purchased. Panelists generally agreed that, to succeed in the marketplace, these technologies must be easy to use and built into the basic hardware and software consumers purchase. --------------------------------------------------------------------------- \24\ Additional information about the workshops are available at http://www.ftc.gov/bcp/workshops/technology/index.htm. --------------------------------------------------------------------------- At the second workshop, which focused on the technologies available to businesses, we learned that businesses, like consumers, need technology that is easy to use and compatible with their other systems. We also heard that technology should be viewed as just one part of an overall information management system that also relies heavily on people and the use of appropriate processes and procedures. Unfortunately, we also heard that too many technologies are sold before undergoing adequate testing and quality control, frustrating progress in this area. On June 18, the Commission hosted a public workshop to examine the costs and benefits to consumers and businesses of the collection and use of consumer information. Five CEO's made presentations about how their companies use and value data. Two case studies related to credit transactions and targeting marketing provided specific examples.\25\ In addition, we considered the possible methodologies for further measuring and analyzing the costs and benefits to consumers of these information practices. --------------------------------------------------------------------------- \25\ Additional information about the workshop is available at http://www.ftc.gov/bcp/workshops/infoflows/index.html. --------------------------------------------------------------------------- Conclusion Identity theft and large scale security breaches place substantial costs on individuals and on businesses. The Commission, through its education and its enforcement capabilities, is committed to reducing these breaches as much as possible. The Commission will continue its efforts to assist criminal law enforcement with their investigations. Prosecuting perpetrators sends the message that identity theft is not cost-free. Finally, the Commission knows that as with any crime, identity theft can never be completely eradicated. Thus, the Commission's program to assist victims and work with the private sector on ways to facilitate the process for regaining victims' good names will always remain a priority. PREPARED STATEMENT OF TIMOTHY CADDIGAN Special Agent in Charge, Criminal Investigative Division U.S. Secret Service June 19, 2003 Mr. Chairman, Senator Sarbanes, and Members of the Committee, thank you for inviting me to be part of this hearing today, and the opportunity to address the Committee regarding the Secret Service's efforts to combat identity crime and protect our Nation's financial infrastructure. The Secret Service was originally established within the Department of the Treasury in 1865 to combat the counterfeiting of U.S. currency. Since that time, this Agency has been tasked with the investigation of financial crimes, as well as the protection of our Nation's leaders, visiting foreign dignitaries and events of national significance. Although, we have moved to the Department of Homeland Security, the Secret Service has maintained historic relationships with the Department of the Treasury in our ongoing efforts to ensure a secure financial services infrastructure. With the passage of new Federal laws in 1982 and 1984, the Secret Service was provided primary authority for the investigation of access device fraud, including credit card and debit card fraud, and parallel authority with other law enforcement agencies in identity crime cases. The explosive growth of these crimes has resulted in the evolution of the Secret Service into an agency that is recognized worldwide for its expertise in the investigation of all types of financial crimes. Our efforts to detect, investigate, and prevent financial crimes are aggressive, innovative, and comprehensive. The burgeoning use of the Internet and advanced technology, coupled with increased investment and expansion, has intensified competition within the financial sector. With lower costs of information- processing, legitimate companies have found it profitable to specialize in data mining, data warehousing, and information brokerage. Information collection has become a common byproduct of newly emerging e-commerce. Internet purchases, credit card sales, and other forms of electronic transactions are being captured, stored, and analyzed by businesses seeking to find the best customers for their products. This has led to a new measure of growth within the direct marketing industry that promotes the buying and selling of personal information. In today's markets, consumers routinely provide personal and financial identifiers to companies engaged in business on the Internet. They may not realize that the information they provide in credit card applications, loan applications, or with merchants they patronize are valuable commodities in this new age of information trading. Consumers may be even less aware of the illegitimate uses to which this information can be put. This wealth of available personal information creates a target-rich environment for today's sophisticated criminals, many of whom are organized and operate across international borders. But legitimate business can provide a first line of defense against identity crime by safeguarding the information it collects. Such efforts can significantly limit the opportunities for identity crime, even while not eliminating its occurrence altogether. Simply stated, identity crime is the theft or the misuse of an individual's personal or financial identifiers in order to gain something of value or to facilitate other criminal activity. Types of identity crime include identity theft, credit card fraud, bank fraud, check fraud, false identification fraud, and passport /visa fraud. Identity crimes are almost always associated with other crimes such as narcotics and weapons trafficking, organized crime, mail theft and fraud, money laundering, immigration fraud, and terrorism. According to statistics compiled by the FTC for the year 2002, 22 percent of the 161,819 victim complaints reported involved more than one type of identity crime. The complaints were broken down as follows (note that some complaints involved more than one of the listed activities): <bullet> 42 percent of complaints involved credit card fraud--for example, someone either opened up a credit card account in the victim's name or ``took over'' their existing credit card account; <bullet> 22 percent of complaints involved the activation of telephone, cellular, or other utility service in the victim's name; <bullet> 17 percent of complaints involved bank accounts that had been opened in the victim's name, and /or fraudulent checks had been negotiated in the victim's name; <bullet> 9 percent of complaints involved employment-related fraud; <bullet> 8 percent of complaints involved Government documents / benefits fraud; <bullet> 6 percent of complaints involved consumer loans or mortgages that were obtained in the victim's name; and <bullet> 16 percent of complaints involved some type of miscellaneous fraud, such as medical, bankruptcy, and securities fraud. Identity crime is not targeted against any particular demographic; instead, it affects all types of Americans, regardless of age, gender, nationality, or race. Victims include everyone from restaurant workers, telephone repair technicians, and police officers, to corporate and Government executives, celebrities, and high-ranking military officers. What victims do have in common is the difficult, time-consuming, and the potentially expensive task of repairing the damage that has been done to their credit, their savings, and their reputation. According to a report by the General Accounting Office, the average victim spends over 175 hours attempting to repair the damage done by identity criminals. In past years, victims of financial crimes such as bank fraud or credit card fraud were identified by statute as the person, business, or financial institution that incurred a financial loss. All too often the individuals whose credit was ruined through identity theft were not even recognized as victims. As a result of the passage of the Identity Theft and Assumption Deterrence Act in 1998, this is no longer the case. This legislation represented the first comprehensive effort to rewrite the Federal criminal code to address the insidious affects of identity theft on private citizens. This new law amended Section 1028 of Title 18 of the United States Code to provide enhanced investigative authority to combat the growing problem of identity theft. These protections included: <bullet> The establishment of the Federal Trade Commission (FTC) as the central clearinghouse for victims to report incidents of identity theft. This centralization of all identity theft cases allows for the identification of systemic weaknesses and provides law enforcement with the ability to retrieve investigative data at one central location. It further allows the FTC to provide victims with the information and the assistance that they need in order to take the steps necessary to correct their credit records. <bullet> The enhancement of asset forfeiture provisions to allow for the repatriation of funds to victims. <bullet> The closing of a significant gap in then-existing statutes. Previously, only the production or possession of false identification documents was unlawful. However, with advances in technology such as e-commerce and the Internet, criminals did not need actual, physical identification documents to assume an identity. This statutory change made it illegal to steal another person's personal identification information with the intent to commit a violation, regardless of actual possession of identity documents. We believe that the passage of this legislation was the catalyst needed to bring together both the Federal and State government resources in a focused and unified response to the identity crime problem. Today, law enforcement, regulatory, and community assistance organizations have joined forces through a variety of working groups, task forces, and information sharing initiatives to assist victims of identity crime. As you know, Mr. Chairman, the Senate recently passed the Identity Theft Penalty Enhancement Act of 2002. The intent of this Act is to establish increased penalties for aggravated identity theft--for example, identity theft committed during and in relation to certain specified felonies. This Act, in part, provides for 2 years imprisonment for the identity crime, in addition to the punishment associated with the related felony and 5 years imprisonment if the related felony is associated with terrorism. Additionally, the Act prohibits the imposition of probation and allows for consecutive sentences. While this particular legislation cannot be expected to completely suppress identity theft, it does recognize the impact identity theft has on consumers and the need to punish those engaging in criminal activity for personal or financial gain. The Secret Service supports these ideas and believes that they represent additional tools that law enforcement can utilize to the fullest extent in protecting the American people. Identity crime violations are investigated by Federal law enforcement agencies, including the Secret Service, the U.S. Postal Inspection Service, the Social Security Administration (Office of the Inspector General), and the Federal Bureau of Investigation. Schemes to commit identity crime may also involve violations of other statutes, such as computer crime, mail theft and fraud, wire fraud, or Social Security fraud, as well as violations of State law. Because most identity crimes fall under the jurisdiction of the Secret Service, we have taken an aggressive stance and continue to be a leading agency for the investigation and the prosecution of such criminal activity. Although financial crimes are often referred to as ``white collar'' by some, this characterization can be misleading. The perpetrators of such crimes are increasingly diverse and today include both domestic and international organized criminal groups, street gangs, convicted felons, and terrorists. The personal identifiers most often sought by criminals are those generally required to obtain goods and services on credit. These are primarily Social Security numbers, names, and dates of birth. Identity crimes also involve the theft or misuse of an individual's financial identifiers such as credit card numbers, bank account numbers, and personal identification numbers. The methods of identity criminals vary. It has been determined that many ``low tech'' identity criminals obtain personal and financial identifiers by going through commercial and residential trash, a practice known as ``dumpster diving.'' The theft of both incoming and outgoing mail is a widespread practice employed by both individuals and organized groups, along with thefts of wallets and purses. With the proliferation of computers and increased use of the Internet, many identity criminals have used the information obtained from company databases and websites. A case investigated by the Secret Services that illustrates this method involved an identity criminal accessing public documents to obtain the Social Security numbers of military officers. In some cases, the information obtained is in the public domain while in others it is proprietary and is obtained by means of a computer intrusion. The method that may be most difficult to prevent is theft by a collusive employee. The Secret Service has discovered that individuals or groups who wish to obtain personal or financial identifiers for a large-scale fraud ring will often pay or extort an employee who has access to this information through their employment at workplaces such as a financial institution, medical office, or Government agency. In most of the cases that our Agency has investigated involving identity theft, criminals have used an individual's personal identifiers to apply for credit cards or consumer loans. Additionally, these identifiers were also used to establish bank accounts, leading to the laundering of stolen or counterfeit checks or were used in a check- kiting scheme. The majority of identity crime cases investigated by the Secret Service are initiated on the local law enforcement level. In most cases, the local police department is the first responder to the victims once they become aware that their personal or financial identifiers are being used unlawfully. Credit card issuers as well as financial institutions will also contact a local Secret Service field office to report possible criminal activity. The events of September 11, 2001, have altered the priorities and actions of law enforcement throughout the world, including the Secret Service. Immediately following the attacks, Secret Service assisted the FBI with their terrorism investigation through the leveraging of our established relationships, especially within the financial sector, in an attempt to gather information as expeditiously as possible. As part of the new Department of Homeland Security, the Secret Service will continue to be involved in a collaborative effort with the intention of analyzing the potential for identity crime to be used in conjunction with terrorist activities through our liaison efforts with the Bureau of Immigration and Customs Enforcement, Operation Direct Action, the FinCEN, the Diplomatic Security Service, and the Terrorist Financing Operations Section of the FBI. The Secret Service continues to attack identity crime by aggressively pursuing our core Title 18 investigative violations, including access and telecommunications device fraud, financial institution fraud, computer fraud, and counterfeiting. Many of these schemes are interconnected and depend upon stealing and misusing the personal and financial identifiers of innocent victims. Our own investigations have frequently involved the targeting of organized criminal groups that are engaged in financial crimes on both a national and international scale. Many of these groups are prolific in their use of stolen financial and personal identifiers to further their other criminal activity. It has been our experience that the criminal groups involved in these types of crimes routinely operate in a multi-jurisdictional environment. This has created some problems for local law enforcement agencies that generally act as the first responders to their criminal activities. By working closely with other Federal, State, and local law enforcement, as well as international police agencies, we are able to provide a comprehensive network of intelligence sharing, resource sharing, and technical expertise that bridges jurisdictional boundaries. This partnership approach to law enforcement is exemplified by our financial and electronic crime task forces located throughout the country, pursuant to our Section 1030 computer crime authority. These task forces primarily target suspects and organized criminal enterprises engaged in financial and electronic criminal activity that falls within the investigative jurisdiction of the Secret Service. Members of these task forces, who include representatives from local and State law enforcement, prosecutors offices, private industry and academia, pool their resources and expertise in a collaborative effort to detect and prevent electronic crimes. The value of this crime fighting and crime prevention model has been recognized by Congress, which has authorized the Secret Service (pursuant to the USA PATRIOT Act of 2001) to expand our electronic crime task forces to cities and regions across the country. Recently, four new Electronic Crimes Task Forces were established in Dallas, Houston, Columbia (SC), and Cleveland bringing the total number of ECTF's to 13. While our task forces do not focus exclusively on identity crime, we recognize that stolen identifiers are often a central component of other electronic or financial crimes. Consequently, our task forces devote considerable time and resources to the issue of identity crime. Another important component of the Secret Service's preventative and investigative efforts has been to increase awareness of issues related to financial crime investigations in general, and of identity crime specifically, both in the law enforcement community and the general public. The Secret Service has tried to educate consumers and provide training to law enforcement personnel through a variety of partnerships and initiatives. For example, criminals increasingly employ technology as a means of communication, a tool for theft and extortion, and a repository for incriminating information. As a result, the investigation of all types of criminal activity, including identity crime, now routinely involves the seizure and analysis of electronic evidence. In fact, so critical was the need for basic training in this regard that the Secret Service joined forces with the International Association of Chiefs of Police and the National Institute for Justice to create the ``Best Practices Guide to Searching and Seizing Electronic Evidence,'' which is designed for the first responder, line officer, and the detective alike. This guide assists law enforcement officers in recognizing, protecting, seizing, and searching electronic devices in accordance with applicable statutes and policies. We have also worked with these same partners in producing the interactive, computer-based training program known as ``Forward Edge,'' which takes the next step in training officers to conduct electronic crime investigations. Forward Edge is a CD-ROM that incorporates virtual reality features as it presents three different investigative scenarios to the trainee. It also provides investigative options and technical support to develop the case. Copies of State computer crime laws for each of the fifty States, as well as corresponding sample affidavits are also part of the training program and are immediately accessible for instant implementation. Thus far, we have distributed over 300,000 ``Best Practices Guides'' to local and Federal law enforcement officers and have distributed, free of charge, over 20,000 Forward Edge training CD's. In April 2001, the Secret Service assisted the FTC in the design of an identity theft brochure, containing information to assist victims on how to restore their ``good name,'' as well as how to prevent their information and identities from becoming compromised. In addition, we have just completed the Identity Crime Video/CD-ROM which contains over 50 investigative and victim assistance resources that local and State law enforcement officers can use when combating identity crime. This CD-ROM also contains a short identity crime video that can be shown to police officers at their roll call meetings which discusses why identity crime is important, what other departments are doing to combat identity crime, and what tools and resources are available to officers. The Identity Crime CD-ROM is an interactive resource guide that was made in collaboration with the U.S. Postal Inspection Service, the Federal Trade Commission, and the International Association of Chiefs of Police. Next week, we will be sending an Identity Crime CD-ROM to every law enforcement agency in the United States. Departments can make as many copies of the CD-ROM as they wish and can distribute this resource to their officers to use in identity crime investigations. Over 25,000 Identity Crime CD-ROM's have been produced and are being prepared for distribution. The Secret Service is also actively involved with a number of Government-sponsored initiatives. At the request of the Attorney General, the Secret Service joined an interagency identity theft subcommittee that was established by the Department of Justice. This group, which is comprised of Federal, State, and local law enforcement agencies, regulatory agencies, and professional agencies meets regularly to discuss and coordinate investigative and prosecutive strategies, as well as consumer education programs. In a joint effort with the Department of Justice, the U.S. Postal Inspection Service, the Federal Trade Commission, and the International Association of Chiefs of Police, we are hosting Identity Crime Training Seminars for law enforcement officers. In the last year and a half, we have held seminars for officers in Chicago, Dallas, Las Vegas, Iowa, Washington, DC, and Phoenix. In the coming months, we have training seminars scheduled in New York, Seattle, and Texas. These training seminars are focused on providing local and State law enforcement officers with tools and resources that they can immediately put into use in their investigations of identity crime. Additionally, officers are provided resources that they can pass on to members of their community who are victims of identity crime. The Secret Service's Criminal Investigative Division assigned a special agent to the Federal Trade Commission (FTC) as a liaison to support all the aspects of their program to encourage the use of the Identity Theft Data Clearinghouse as a law enforcement tool. The FTC has done an excellent job of providing people with the information and assistance they need in order to take the steps necessary to correct their credit records, as well as undertaking a variety of ``consumer awareness'' initiatives regarding identity theft. It is important to recognize that public education efforts can only go so far in combating the growth of identity crime. Because Social Security numbers, in conjunction with other personal and financial identifiers, are used for such a wide variety of record keeping and credit related applications, even a consumer who takes the appropriate precautions to safeguard such information is not immune from becoming a victim. The Secret Service recommends that consumers take the following steps to protect themselves from identity crime: <bullet> Maintain a list of all credit card accounts and corresponding phone numbers. Keep this list in a place other than your wallet or purse so that immediate notification can occur if any cards are lost or stolen; <bullet> Avoid carrying any more credit cards in a wallet or purse than is actually needed; <bullet> Cancel any accounts that are not in use; <bullet> Be conscious of when billing statements should be received, and if they are not received during that window, contact the sender; <bullet> Check credit card bills against receipts before paying them; <bullet> Avoid using a date of birth, Social Security number, name, or similar information as a password or PIN code, and change passwords at least once a year; <bullet> Shred or burn preapproved credit card applications, credit card receipts, bills, and other financial information that you do not want to save; <bullet> Secure your incoming and outgoing mail; <bullet> Establish passwords where possible with credit card companies or financial institutions that you have accounts with in order to avoid unauthorized change of address, transfer of funds, or orders of additional cards; <bullet> Order a credit report once a year from each of the three major credit bureaus to check for inaccuracies and fraudulent use of accounts; and <bullet> Avoid providing any personal information over the telephone unless you initiated the call, and be aware that individuals and business contacted via the Internet may misrepresent themselves. Should an individual become the victim of identity theft, the Secret Service recommends the following steps: <bullet> Report the crime to the police immediately and get a copy of the police report; <bullet> Immediately notify your credit card issuers and request replacement cards with new account numbers. Also request that the old account be processed as ``account closed at consumers' request'' for credit record purposes. Ask that a password be used before any inquiries or changes can be made on the new account. Follow up the telephone conversation with a letter summarizing your requests; <bullet> Call the fraud units of the three credit reporting bureaus, and report the theft of your credit cards and/or numbers. Ask that your accounts be flagged, and add a victim's statement to your report that requests that they contact you to verify future credit applications. Order copies of your credit reports so that you can review them to make sure no additional fraudulent accounts have been opened in your name; <bullet> File a complaint with the Federal Trade Commission (FTC) by calling 1-877-ID-THEFT or writing to them at Consumer Response Center, Federal Trade Commission, 600 Pennsylvania Ave., NW, Washington, DC 20580. Complaints can also be filed via their website at www.ftc.gov/ftc/complaint.htm; and <bullet> Follow up with the credit bureaus every 3 months for at least a year and order new copies of your reports so that you can verify that corrections have been made, and to make sure that no new fraudulent accounts have been established. Conclusion For law enforcement to properly prevent and combat identity crime, steps must be taken to ensure that the local, State, and Federal agencies are addressing victim concerns in a consistent manner. All levels of law enforcement should be familiar with the resources available to combat identity crime and to assist victims in rectifying damage inflicted on their credit. It is essential that law enforcement recognize that identity crimes must be combated on all fronts, from the officer who receives a victim's complaint, to the detective or special agent investigating an organized identity crime ring. The Secret Service has already launched a number of initiatives aimed at increasing awareness and providing the training necessary to address these issues, but those of us in the law enforcement and consumer protection communities need to continue to reach out to an even larger audience. We need to continue to approach these investigations with a coordinated effort--this is central to providing a consistent level of vigilance and addressing investigations that are multi-jurisdictional while avoiding duplication of effort. The Secret Service is prepared to assist this Committee in protecting and assisting the people of the United States, with respect to the prevention, identification, and prosecution of identity criminals. Mr. Chairman, that concludes my prepared remarks and I would be happy to answer any questions that you or other Members of the Committee may have. ---------- PREPARED STATEMENT OF MICHAEL D. CUNNINGHAM Senior Vice President, Credit and Fraud Operations Chase Cardmember Services June 19, 2003 Mr. Chairman, Members of the Committee, my name is Michael D. Cunningham and on behalf of J.P. Morgan Chase & Co., we greatly appreciate this opportunity to appear before the Committee and share our experience with the issue of identity theft. I serve as Senior Vice President for Credit and Fraud Operations for Chase Cardmember Services. Protecting our customers from identity theft and fraud is a major priority for our entire company. We have devoted the resources necessary to play a leading role for the industry by utilizing leading edge technology and hands on intervention by over 750 specially trained Chase employees. The personal security and well-being of our customers is a top priority at Chase. Below, please find a discussion of the problem, the nuts and bolts of what we at Chase do about it, followed by some ideas for changes and improvements for all parties involved. Elements of Identity Theft and Credit Card Fraud Identity Theft While identity theft and what we call credit card fraud are both pernicious crimes, and both constitute fraud, we would like to distinguish the two for policy purposes. We place identity theft into two basic categories: Fraudulent Applications--Three Percent of Our Total Fraud Cases This involves the unlawful acquisition and the use of another person's identifying information to obtain credit, or the use of that information to create a fictitious identity to establish an account. In order to commit identity theft by means of fraudulent application, the perpetrator needs to acquire not just a name, address, or credit card number but unique identifiers such as the mother's maiden name, Social Security number, and detailed information about a person's credit history such as the amount of their most recent mortgage payment. This is why more than 40 percent of the identity theft cases that we see are committed by someone familiar to the victim, frequently a family member or by someone in a position of intimacy or trust. This variety of identity theft represents 3 percent of our total fraud cases. Account Takeover--One Percent of Our Total Fraud Cases This occurs when someone unlawfully uses another person's identifying information to take ownership of an account. This would typically occur by making an unauthorized change of address followed by a request for a new product such as a card or check, or perhaps a PIN number. This variety of identity theft represents less than 1 percent of our total fraud cases. Non-Identity Theft Fraud--The Other 96 Percent of Our Total Fraud Cases This type of fraud constitutes the vast majority of occurrences and falls under four basic headings: (1) Lost or Stolen Cards: The card is actually in possession of the customer and is subsequently lost or stolen. (2) Non-Receipt: The card is never received by the customer and is intercepted by the perpetrator prior to or during mail delivery. (3) Counterfeiting: The card is in possession of an actual customer and a fraudulent one is subsequently created by a variety of forgery or counterfeiting techniques. The customer does not know that the theft has occurred. (4) Fraudulent Mail or Telephone Order: The card is in possession of the customer and the account number and expiration date is compromised permitting purchases by phone, mail, or Internet. Who Bears the Liability for Fraud? By law, the liability of the consumer who has suffered credit card fraud is limited to a maximum of $50 up to the time of notification to the creditor, after which it is zero. As a practical matter, with the advent of the Internet and other mediums, to promote consumer confidence, MasterCard and Visa simply accept full liability for the fraud, as do many individual card issuers. The Role of Credit Delivery Systems in Fraud Variation in Fraud Rates by Application Channel Table 14: Cost of Credit Card Fraud\1\ ------------------------------------------------------------------------ Percent Year 2000 of Percent Type Cost Credit of (Millions) Card Sales Fraud Volume ------------------------------------------------------------------------ False Applications........................ $46.1 4.5 0.004 Other Fraud............................... $976.1 95.5 0.078 Total................................. $1,013.2 100.0 0.082 ------------------------------------------------------------------------ During the course of the debate on identity theft and fraud, critics have alleged that the process known as ``prescreening'' or ``prescreened offers of credit'' somehow are major contributors to identity theft and other types of fraud. This is not the case. In fact, prescreening is a major underwriting tool integral to safety and soundness and the lower cost of credit. --------------------------------------------------------------------------- \1\ The Fair Credit Reporting Act: Efficiency & Opportunity, The Econonic Importance of Fair Credit Reauthorization, Information Policy Institute, June 2003, p. 60. --------------------------------------------------------------------------- Prescreening Greatly Enhances the Ability of Credit Grantors to Accurately Assess Risk and Avoid Losses and Lower Costs Prescreened offers have a very low incidence of fraud, and especially so when compared with other forms of new account generation. At Chase, for 2002, prescreened accounts subject to identity theft involved approximately 600 accounts measured against 17 million total active accounts. Total fraud cases of all types for 2002 amounted to about 75,000, including the 600 prescreening cases. Last year, prescreening resulted in 1.6 million new accounts out of a total of 4 million new accounts, or 40 percent of all new accounts. Again, the majority of fraud arising from prescreened accounts is committed by someone familiar to the victim. One of our competitors, Capital One, a large user of prescreening, recently testified before the House Committee that they had similar experience, reporting rates of identity theft that are ``5 to 15 times lower for credit generated through prescreening than from credit generated through other channels (that is, the Internet, in-store ``take ones'').'' Why do prescreened cards result in less identity theft? Prescreened offers of credit come from a pool of consumers selected from credit bureau files that have already undergone a substantial verification and underwriting process. An identity thief or fraudster that is not a family member always chooses the most anonymous method of application such as the Internet, or an in-store ``take one'' application. Choosing a prescreened credit card application is the most difficult route by far for the thief. Prescreened credit card offers do not contain any personal information other than name and address, and contain none of the other personal information necessary to apply for credit. Identity thieves do not find prescreened offers of credit very useful because even if they intercept one, they have to submit a change of address, which under Chase's system (and others that we know of ) would trigger an alert and subsequent analysis. The reduced risk of identity theft and other types of fraud has benefits far beyond enhancing the personal security of our customers. This enhancement to the underwriting process lowers the cost of capital and hence the cost of credit and permits more credit to be extended. Without prescreening and other techniques for accurately assessing risk, the costs to credit grantors of raising capital in the secondary financial markets would be increased. In order to minimize their costs of capital, major credit card issuers and other credit grantors (for example, auto lenders) sell a large percentage of their receivables to secondary bond market investors. Many issuers sell up to one half of their receivables to investors in the secondary markets. The models used to price these securities are largely based on the assessment of credit risk. Without the credit enhancements of prescreening (and other national credit standards), these models would almost certainly have to be changed to factor in additional risks of default, resulting in an increase in costs to the issuers of these securities. The Role of the Credit Card Industry as the Early Warning System for Identity Theft and Fraud--Detection, Prevention, and Resolution Industry Practices in General The recently released report by the Information Policy Institute contains an excellent description of industry practices in general: \2\ --------------------------------------------------------------------------- \2\ Ibid p. 60 -61. Credit card issuers also have authentication procedures in place at many stages of the process to limit the ability of criminals to open fraudulent credit card accounts. The vast majority of credit card issuers (if not all of them) review the application, using a variety of automated tools (Appendix F) based upon credit file data to authenticate the identity of the applicant. In some cases, if the lender has any degree of uncertainty about the applicant's identity, additional documentation (such as a State-issued driver's license or a utility bill) is requested before approval is granted. Even after the card has been physically delivered to the applicant, the account is not activated until the applicant again verifies his or her identity, usually by calling from his or her home phone. Issuers undertake these procedures because they are generally liable for the cost of fraudulent charges. MasterCard and Visa, for example, have zero liability policies that significantly limit the consumer's responsibility for fraudulent charges. Issuers will soon legally be required to authenticate identity when opening accounts as well. Given the cost to issuers, it is no surprise that losses from fraudulent applications account for significantly less than one-hundredth of 1 percent of credit card sales volume and less than 5 percent of all credit card fraud. The vast majority of credit card issuers further review the application using a variety of sophisticated automated tools. These authentication tools check the applications for inconsistencies, compare information from the application to that in credit files and other national databases, and check applications against databases on known fraud. If inconsistencies are detected, or if the application is identified as being high risk for fraud, the tools instruct the issuer to decline the application or perform a thorough manual review. For example, if the applicant attempts to change the address and the new address is different than in these databases, the products indicate the possibility that the application is fraudulent and that an identity thief is trying to open an account and divert mail away from the victim's address to avoid being detected. These products are very successful, identifying the majority, from 60 to 80 percent, of fraudulent applications before the accounts are ever opened. The success of these tools also serves as a powerful deterrent to potential identity thieves. Prevention and Detection at Chase Cardmember Services Chase uses a multilayered system of technology, manual analysis, and consumer education and assistance to prevent, detect, and resolve all types of fraud. In fact, we detect approximately 70 percent of all fraud before the customer even knows it has occurred, and we continue to improve every year. The first step in this effort is to assess the risk at the application level. Below are some examples of high-risk attributes for an application: 1. Discrepancies between credit bureau and application data. For example, we compare, Social Security number, address, name, and date of birth--discrepancies cause rerouting to our manual system. 2. Credit bureau fraud alerts and victims' statements. 3. Internal fraud file matches, which entail matches against key personal identification data in a file that contains prior victims of identity theft. 4. Issuer's Clearinghouse Services (ICS) alerts. The ICS is a shared issuer database of reported identity theft victims. Low-risk applications are automatically approved and monitored for suspicious activity by a specialized unit. High-risk applications are subject to manual verification. This includes: 1. Address validation using a variety of databases. 2. Direct contact with the true person whose name is being used to apply for credit at the location verified for that person. 3. Authentication using ``out of wallet'' information such as a person's most recent mortgage payment or similar types of information that typically is not found in a person's wallet and that only the true customer would know. 4. Request for documentation from the applicant in situations where we are unable to verify the applicant's identity. In addition to the above, we have also developed an address change model that utilizes demographic techniques and a file of known fraudulent addresses. Additionally, we have a security verification methodology for special cases such as when an applicant has no home phone number. Utilizing all of these technologies and human resources, Chase frequently provides the first notice to the consumer of identity theft or fraud. Below is an excerpt from a letter from one of our customers: I would like to take this opportunity to praise the performance of (Chase employee) . . . Over 6 months ago, Mr. X called me at home because he noticed a discrepancy in a credit application that had my name and Social Security number. He gave me valuable information that minimized the damage to my credit and ultimately led to the arrest of a ring of identity thieves. Consumer Assistance and Education At Chase, we recognize that consumers may need help once they learn of the identity theft or fraud. Once a problem is identified, Chase provides consumer education and assistance programs, as detailed in the two documents in the appendices to this statement. As you can see, we try to be as proactive as possible in dealing with consumers who are victims of identity theft or fraud. We also actively work with law enforcement to try and apprehend the perpetrators. We employ our own investigators who provide a summary report to law enforcement officials. We then file a ``Suspicious Activity Report'' (SAR) in accordance with Federal regulations, and we provide testimony to aid in the prosecution of specific cases. Technological Tools To Prevent Identity Theft In addition to the detection and prevention methodologies outlined above, we employ three important technical tools for prevention of identity theft. First, we use Falcon, a so-called neural network technology, which calculates a ``fraud score'' for transactions based on data from a consortium of creditors and customer/merchant profiles. Based on this system, we have adopted strategies to approve, decline, or refer a transaction for further analysis. Some of the events that may trigger further scrutiny of a transaction or an account include new accounts showing cash advance and jewelry type transactions or a recent address change accompanied by a high dollar cash or mail/phone order activity, just to name two examples. Second, we also employ a system that we call ``link analysis'' that utilizes known fraud information to stop subsequent occurrences. This is composed of a caller identity database combined with addresses, home and business phone numbers, Social Security numbers, and a variety of other relevant information to stop identity theft before the perpetrator can assume the identity of an innocent consumer. The third technology that we apply is a fraud application-scoring model that relies on patterns and other criteria to generate a fraud score for a particular transaction. No one approach is a cure-all, but taken together, these applications have enabled a continual improvement in our performance. Recommendations To Enhance Consumer Protection from Identity Theft and Fraud In conclusion, despite everything that Chase and others in the industry are doing to combat these types of fraud, we have identified some areas that would benefit from legislative changes. Please find below an outline of technical changes to the law by category that we feel would assist everyone concerned in the fight against these crimes. Prevention (Applicable to Financial Institutions) <bullet> Financial institutions must establish risk-based policies and procedures to verify customer identification information. <bullet> Such policies and procedures used to comply with the requirements imposed under Section 326 of the USA PATRIOT Act shall suffice for purposes of account opening. <bullet> Such policies and procedures must include the evaluation of a ``fraud alert'' obtained in connection with a consumer report. <bullet> Such policies and procedures must include the address change verifications, as appropriate. <bullet> To the extent not already permitted or authorized, authorize financial institutions and associations of financial institutions to share information with other financial institutions, or associations of financial institutions, regarding individuals, entities, organizations, or transactions that may involve identity theft or possible identity theft. A financial institution or association that transmits, receives, or shares such information for the purposes of identifying and reporting identity theft activities shall not be liable to any person under any law, regulation, or agreement. Extend the same flexibility and the protections to other businesses affected by identity theft, such as retailers. <bullet> Require disclosure (at same time as ``initial'' TILA disclosures) to inform consumers that the financial institution may report information to a consumer reporting agency regarding the consumer's behavior on the account. Disclosure must also provide contact information to consumer reporting agencies that operate on a nationwide basis. <bullet> Allow access to Social Security Administration database in order to verify Social Security numbers on applications. Prevention (Applicable to Consumer Reporting Agencies) <bullet> Nationwide consumer reporting agencies must establish a method of recording and reporting ``fraud alert'' data. <bullet> Consumer reporting agencies may truncate an individual's Social Security number on copies of the individual's credit report provided to the individual so long as the Social Security number provided by the individual to obtain the credit report matches the Social Security number included in the credit report. Other Prevention Related Measures <bullet> To the extent not already permitted under the FCRA, include fraud prevention and identity theft prevention as a permissible purpose to obtain a consumer report under the FCRA. <bullet> Ensure continued availability of consumer reports as envisioned under the FCRA. <bullet> Prohibit display or sale of an individual's Social Security number to the general public. Such prohibition shall not interfere with legitimate business-to-business or business-to-government transfers of Social Security numbers, or public record information. <bullet> Prohibit merchants from printing more than the last four digits and the expiration date of a credit card number on a receipt. <bullet> Prohibit States from printing Social Security numbers on driver's licenses and other government-issued form of identification. Apprehension <bullet> Have postal service hire additional postal inspectors for purposes of identity theft and related investigations. <bullet> Increase penalties and prosecution for identity theft crimes. <bullet> Require the Department of Justice to develop a training program for State and local law enforcement with respect to identity theft crimes. <bullet> Require the Department of Justice to develop model definitions, reporting forms, and affidavits for use by State and local law enforcement in connection with identity theft investigations. <bullet> Improve civil forfeiture provisions related to identity theft. Mitigation <bullet> Require consumer reporting agencies to block tradelines allegedly the result of identity theft if the consumer provides a valid police report regarding the identity theft [or other valid indicia of the crime] and provides appropriate identification. <bullet> Require a business to provide information to a consumer pertaining to an alleged identity theft if consumer provides a valid police report regarding the identity theft [or other valid indicia of the crime] and provides appropriate identification. This provision must be crafted to ensure it does not create additional opportunities for identity theft, and businesses may not be held liable for complying with this provision. Victims Assistance <bullet> Develop a simplified standardized document, for example, Uniform Affidavit for consumers' initiation of investigations of claims related to identity theft. <bullet> Simplify the way consumers can contact their financial institution to make a claim of identity theft, that is, call a toll free number on their account statement. <bullet> Be responsive to identity theft claims in a timely fashion. <bullet> Require local law enforcement to accept the simplified standardized form and to assist the consumer and to produce a police report. <GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT> PREPARED STATEMENT OF JOHN M. HARRISON Captain, U.S. Army (Retired), Rocky Hill, Connecticut June 19, 2003 Mr. Chairman, Ranking Member Sarbanes, and Members of the Committee, I appreciate this opportunity to appear before your Committee to share my experiences as an identity theft victim. My name is John Harrison. I am 42 years old, a retired Army Captain and have resided in Rocky Hill, Connecticut, since my retirement in December 1999. Until recently, I have been working as a corrugated salesperson since leaving the military. Background My introduction to the crime of identity theft began on November 5, 2001. On that day, I was contacted by a detective from Beaumont, Texas, who was investigating a Harley-Davidson motorcycle which had been purchased in my name and Social Security number. He tracked me down through my credit report. From that same credit report, the detective realized I was a victim of identity theft and he explained to me that someone had been using my name and Social Security number to open credit accounts and he pointed me in the right direction. On that very same day, I reported my identity stolen to the FTC through their website. I also contacted all three repositories, ordered my credit reports, initiated fraud alerts, and began contacting creditors immediately. Once I received my credit reports, I filed a police report with the Army's Criminal Investigation Division which luckily had a branch near Hartford, Connecticut. Just 1 month later, on December 12, 2001, Jerry Wayne Phillips was arrested in Burke County, North Carolina during a traffic stop. He was riding the Harley-Davidson motorcycle the police officer in Texas was investigating. Phillips was indicted on Federal charges in Texas, pled guilty to one count of identity theft, and is currently serving a 41-month sentence at a Federal prison in Minnesota. What I have learned since November 5, 2001 is that Phillips gained control of my identity on July 27, 2001 when Army officials at Fort Bragg, North Carolina issued him an active duty military identity card in my name and Social Security number. In a taped interview, Phillips claimed the identity was easy to get. That occurred about 1\1/2\ years after my retirement as an Army Captain. Damages The military identity card combined with my once excellent credit history allowed Phillips to go on an unhindered spending spree lasting just 4 months. From July to December 2001, Phillips had acquired goods, services, and cash in my name valued at over $260,000. None of the accounts were opened in my home State of Connecticut. He opened accounts as far south as Florida, as far north as Virginia, and as far west as Texas. I have identified more than 60 fraudulent accounts of all types: Credit accounts; personal and auto loans; checking and savings accounts; and utility accounts. He purchased two trucks through Ford Credit valued at over $85,000. A Harley-Davidson motorcycle for $25,000. He rented a house in Virginia and purchased a time-share in Hilton Head, South Carolina. One of the accounts opened by Phillips was with the Army & Air Force Exchange Service (AAFES). He also wrote bad checks in these exchanges. I originally disputed this account in March 2002 when AAFES attempted to garnish my military retirement pay. I was able to stop the garnishment by providing supporting documentation to AAFES. They made a second attempt to garnish my retirement in January 2003 for the same debt. Unfortunately, my letter to AAFES went ignored the second time and the garnishment began the end of January. Eventually and with the assistance of Congressman Larson's office, the garnishment was stopped in March 2003 and AAFES refunded the money that had been taken from my retirement pay. I have always been somewhat distressed at the military's involvement in the theft of my identity. They issued the fraudulent identity card that allowed Phillips to open all these accounts and quite obviously, someone was very negligent in their duties. The garnishment greatly added to that distress. FCRA Relationship While Phillips made creditors, banks, and willing merchants the monetary victims of this crime, it has been those same creditors and credit reporting agencies that made me a victim. I have struggled with the repositories, creditors, and debt collectors for 20 straight months now and still have many accounts and debts incorrectly reported in my name and Social Security number. My imposter has been in jail for 19 of those 20 months and no accounts have been opened in my name since his incarceration at the end of 2001. I have overwhelming documentation to verify I did not open any of these accounts and I have willingly provided those documents to all creditors I have found, as well as the credit bureaus. I have discovered it is more cost effective for creditors to write the debt off in the victim's name than go after the real criminal, even after you tell them who and where the real criminal is. The credit bureaus hide behind the fact that they are only reporting what creditors tell them while at the same time, victims are repeatedly sending affidavits, police reports, and detailed dispute letters proving the creditors are wrong. That is why it takes identity theft victims years instead of months to recover from this crime. From that first day in November 2001, I have been very aggressive about restoring the damage done in my name. I have sought out the fraudulent accounts and in most cases; I have contacted them before they have contacted me. I have dispute all accounts directly with the creditors following that up by disputing the accounts through the repositories. I have encountered a great many difficulties. While two of the repositories have done what I consider to be a fair job assisting me and responding to my disputes, one of them, Equifax, has failed to meet nearly all the provisions of the FCRA. It took 11 months and three dispute letters to get a second report from Equifax. Further, I found the report they sent to me was not the same report they were sending to creditors. Both reports that Equifax has in their system still contain as many as fifteen fraudulent accounts. I also found that when I disputed accounts to any of the repositories, whether the results of the reinvestigation come back with deleted or verified accounts, the accounts were rarely resolved. Creditors were either not accepting my dispute through the repositories or the dispute was not being sent to them. In either event, the majority of creditors continue to seek me out directly or through a debt collector. In some instances, I have had accounts deleted from one repository only to have it show up with another one. I have also encountered creditors that after I have initiated contact with them to dispute an account, sold the debt to or hired debt collectors that seek me out at a later time. I have also had difficulties with accounts that return months after I have successfully disputed them, like AAFES. Finally, there have also been accounts that I have contacted and could find no record of a debt in my name and then months later their debt collectors are calling my home or showing up on my credit reports. It has been and continues to be a nightmare. I have accounted for over 100 bad checks drafted from four different fraudulent checking accounts. Phillips wrote bad checks in eight different States and they account for nearly $60,000 of the total debt. Unfortunately, the checking accounts have created significantly more complications for me than the credit accounts. While creditors have just three reporting agencies to choose from, banks and vendors that accept checks have a multitude of reporting agencies. Additionally, the majority of those reporting agencies, which maintain both positive and negative information on consumers, do not provide consumer reports nor are there systems in place to dispute negative information. I have spent a great deal of time trying to understand the checking situation to learn how to properly dispute each bad check that was written. My conclusion is, there is no system in place to assist an identity theft victim when banking accounts are opened in your name and Social Security number, but are completely removed and unrelated to your own banking accounts. This industry is well behind the progress that has been made in the credit industry. Personal Impact There is still a misconception by some that creditors, merchants, banks, and others that sustain monetary losses are the only victims of identity theft. So often when speaking to someone about my situation, the comment is made, ``At least you are not responsible to pay these fraudulent debts.'' Somehow, that makes my situation seem less tenuous. I have invested over 1,100 hours of my time defending myself and working to restore my credit and banking histories. I have filled eight notebooks with over 1,500 pages of documentation. I can account for about $1,500 in out of pocket expenses directly related to my identity theft. Higher interest rates have cost me over $4,000. I have been unknowingly sued by at least one of the creditors. I have had my military retirement garnished. I am not creditworthy enough to open any new accounts and bad checks reported in my name prevent me from opening any deposit accounts with banks. It was also during January 2003, that my own creditors began taking adverse actions against me as a result of the negative information contained in my credit reports. I lost $25,000 in available credit as my creditors closed accounts with zero balances or lowered my credit limit to existing balances. I had been with some of those creditors over 10 years, but my history of always paying on time did not influence their decisions. Emotional Impact I have always considered myself to be a very strong individual. During the 20 years that I spent in the military, I was often singled out as someone that worked extremely well under stress. The length of time it takes to resolve a stolen identity, the frustration in dealing with companies that do not understand the crime or its impact and do not take the correct actions, repeatedly having to clear up the same accounts, the constant phone calls and letters from debt collectors is enough to cause anyone emotional distress. In September 2002, 11 months into my struggle, I began to have difficulties with anxiety and insomnia and my physician prescribed a mild antidepressant. In January 2003, the problems with my identity were causing serious distractions for my work as a salesperson. I spoke with my supervisor about the problems and began weekly therapy in February 2003 through our Employee Assistance Program. I was diagnosed with Post Traumatic Stress Disorder. As the doctor put it, my fight or flight instincts were stuck on ``fight.'' Those problems eventually led to my termination at the end of April 2003. I was given no notice of the termination nor was there a severance offered. I simply had the rug pulled from underneath me. At present, I find myself unemployed for the first time since I was 14 years old, being treated for what now has become depression, in the worst job market in 9 years, and stilling dealing with the same situation that got me here in the first place. Sadly, even as I look back over the last 20 months and retrace my steps, I cannot identify a single thing I could have done differently that may have prevented the situation I am currently in. Recommendations I have two suggestions that I feel would greatly impact the number of identity theft victims. First, I believe that we need to focus on those sections of the consumer reports titled Personal Identification Information. Currently, if I need to order a copy of my report, I have to accurately provide my name, Social Security number, address, date of birth, and sometimes several account numbers from my credit report. If I do not provide the correct information; I am not allowed to have my credit report. Creditors, however, are not held to this same standard. Merely by providing a Social Security number, they can access the consumer's credit score and/or credit report. Additionally, it is the creditors that control what is reported in the personal information section; not the consumer. I found seventeen different addresses on my various credit reports that were used by my imposter. Six different phone numbers. Even my date of birth was changed on my credit reports as a result of information provided by the creditors that allowed these fraudulent accounts to be opened. I believe the consumer is the best source for personal and identifying information; not creditors. We should identify essential elements of personal information such as name, Social Security number, current address, phone number, sex, current employer, and date of birth. A creditor making an inquiry in regards to an application should have to correctly provide key and essential identifying information in order to complete the inquiry; not just a Social Security number. If incorrect data is provided, the creditor should be returned a message from the credit bureau that the customer cannot be identified and the inquiry cannot be completed. Had this system been in place when my identity was stolen, not a single account could have been opened in my name. Second, I believe a system should be put in place to annually evaluate the credit bureaus. While I am not expert enough on the credit bureaus to identify all criteria for such an evaluation, I am certain that credit report accuracy should be one of them. I do not want to make unfounded accusations, but it is my belief through common sense that credit bureaus do not lose money as a result of identity theft, they make money. Over a hundred inquiries have been made to my credit reports as a result of fraudulent accounts. These are inquiries the repositories are paid for that would not otherwise have been made. Additionally, with the public becoming more informed about the seriousness and growth of identity theft, I am certain that sales of credit monitoring systems are doing quite well also. Monetarily speaking, there is not much incentive for the repositories to be aggressive about preventing identity theft or correcting inaccurate reports resulting from identity theft. An evaluation system would provide that incentive. Accurate reports are as important to the creditors that use them as they are to the consumers they belong to. A repository that was not doing an adequate job would be penalized through fair competition and my feeling is those penalties would invoke positive changes in order to stay competitive. The burden of prevention and correction has been placed squarely on the consumers' shoulders and yet we have very little control over either. We cannot prevent our identities from being bought and sold both legally and illegally by the thousands. We cannot prevent the sales manager who is excited by a high FICO score from opening an account in our name without verifying the identity. Once the mistakes have been made and the fraudulent accounts opened, the consumer victim is caught between the credit bureaus and creditors. It is a life changing experience. Again, I want to thank you for your time and this opportunity to share my story with your Committee. I hope in some way by sharing my experiences here today, we can bring about the needed changes in combating the crime of identity theft. ---------- PREPARED STATEMENT OF STUART K. PRATT President and Chief Executive Officer Consumer Data Industry Association June 19, 2003 Chairman Shelby, Senator Sarbanes, and Members of the Committee, thank you for this opportunity to appear before the Committee on Banking, Housing, and Urban Affairs. For the record, I am Stuart Pratt, President and CEO for the Consumer Data Industry Association. CDIA, as we are commonly known, is an international trade association repre- senting approximately 500 consumer information companies that are the Nation's leading institutions in credit and mortgage reporting services, fraud prevention and risk management technologies, tenant and employment screening services, check fraud prevention and verification products, and collection services. We commend you for holding this hearing on the crime of identity fraud and its relationship to the Fair Credit Reporting Act (15 U.S.C. Sec. 1681 et seq.). Identity fraud is an equal-opportunity crime that can affect any of us. This crime is a particularly invasive form of fraud where consumers, consumer reporting agencies, and creditors must untangle the snarl of fraudulent accounts and information resulting from a criminal's actions. The task can be frustrating, and, in severe cases, time-consuming for all concerned. The Committee has asked us to comment on the crime itself and on its relationship to the FCRA. In this regard, let me focus on three points: <bullet> The FCRA provides the essential framework of duties for consumer reporting agencies and data furnishers and key rights of which all consumers can avail themselves, including victims of identity theft. <bullet> CDIA members have been at the forefront of efforts to understand the nature of this crime for years and they have established victim assistance procedures, which go beyond the requirements of any law. <bullet> Consumer education is a mainstay of any successful campaign to reduce the incidence of identity fraud. Though preliminary, some data indicate that industry and governmental efforts to reach consumers is working. The FCRA as an Essential Framework of Duties and Rights Amended materially in 1996, the FCRA now has a well-balanced set of rights and protections for consumers. In particular, the 1996 Amendments focused on reinvestigations and service to consumers. For example, the amendments included codification of time frames for the completion of a consumer's dispute, which apply to both data furnishers and to consumer reporting agencies. The law now ``defaults'' in favor of the consumer where a furnisher of information is unable to respond to a dispute by requiring the consumer reporting agency to delete the disputed information at the close of the 30-day reinvestigation period. Following is a summary of many key provisions of the FCRA that benefit consumers and victims of identity theft. Can anyone see a consumer's report? No. Consumer reports may be provided and used for only the following permissible purposes: Credit transactions involving the extension of credit or collection of an existing account; account reviews (for safety and soundness); employment purposes; insurance underwriting; license eligibility; child support and limited judicial inquiries. Users of consumer reports are required to identify themselves, certify the purposes for which the report is sought, and certify that it will be used for no other purposes. Criminal sanctions result from fraud and misuse. Consumers can opt out of prescreened offers of credit with just a toll-free call. The FCRA codified the practice of direct mail offers of credit and insurance in the 1996 Amendments. However, recognizing consumers' privacy interests, the Act provides consumers a single toll- free number for all nationwide credit reporting systems to opt out of all prescreened offers of credit or insurance for either 2 years or permanently (888-5opt-out or 888-567-8688). How is data accuracy ensured? Credit reporting agencies are subject to liability unless they follow reasonable procedures to assure the maximum possible accuracy of the information regarding the consumer. Also, competitive marketplace forces among the consumer reporting agencies provide a strong institutional incentive to maximize accuracy. Consumers always have a right to their file. At any time, a consumer may obtain a copy of his or her entire credit file from an agency. The report must be provided at a low cost capped by the FCRA (at time of enactment, $8.00, currently, based upon CPI indexing, $9.00). The agency must include in such a disclosure a summary of the extensive consumer's rights under the FCRA. Consumers also always have a right to be notified of all persons who have requested a copy of their files. Note that consumers who are victims of fraud and suspect that fraudulent data is on their file are entitled to a free disclosure. What happens when a user of a report takes an adverse action based on the report? If any adverse action is taken with respect to a consumer based upon a consumer report (for example, a denial of credit or employment), the person taking the action must notify the consumer and identify the name, address and toll-free telephone number of the agency that issued the report. If there is an adverse action, the consumer is entitled, upon request, to a free consumer report from the agency that issued the report. What happens when a consumer feels information in a report is inaccurate? Any time a consumer disputes the accuracy of any information contained in the agency's file, the agency must within 30 days either reinvestigate the information free of charge and note the dispute in the file or delete the information from the file. The agency must give the consumer notice of the results of the investigation within 5 days of its conclusion. If the agency finds that the information is either inaccurate or not verifiable after the reinvestigation, it must delete the information from the file. Who has enforcement authority over the FCRA? The provisions of the FCRA are enforced vigorously by the Federal Trade Commission, Federal banking regulators and the State attorneys general. Additionally, consumers have private rights of action against users, data furnishers, and consumer reporting agencies for noncompliance with the Act (see below). Consumers have private rights of action against users, data furnishers, and consumer reporting agencies. A consumer has a right to sue users, furnishers, and reporting agencies under the FCRA for noncompliance with the Act if reinvestigation procedures are violated. While a plaintiff can recover actual damages (including noneconomic damages), as well as attorneys' fees, he or she need not prove actual damages because the FCRA provides for liquidated damages in cases where there has been a violation. CDIA Voluntary Victim Assistance Programs While the FCRA provides a robust framework of protections for all consumers, including victims of identity theft, our members have long recognized that the crime presented unique problems for victims and to this end we have been actively pursuing progressive voluntary initiatives to ensure that victims of identity theft can recover from the crime and get on with their lives. Attached to this testimony is an appendix, which provides a short timeline of our efforts and which also includes the news release discussing our most recent initiative announced this past April 2003. Following is a discussion of some of our efforts: In March 2000, the CDIA issued a news release (included with this testimony), which outlined the credit reporting industry's six-point victim assistance program. Ours was the first industry to step forward and not merely educate its members about the problems consumers experienced, but to seek specific changes in business practices. These identity fraud victim assistance initiatives were the culmination of internal reviews of current processes by senior fraud personnel, interviews with law enforcement, victims, and privacy advocates, and input from our Association's outside counsel on this effort, former Vermont Attorney General, Jerome M. Diamond. The industry's voluntary initiative became effective on January 1, 2001, and while our attached news release outlines all six initiatives, let me highlight a few for the Committee. Standardizing Security Alerts Prior to the CDIA's initiative, the three credit reporting systems were already voluntarily administering a system of security alerts, which are text messages (often accompanied by a code) included in a consumer's credit report these alerts notify lenders and other users of the report of the fact that a consumer has contacted the credit reporting system and believes that he or she is a victim of identity fraud. The alerts contain, at the consumer's request, one or two telephone numbers for the lender to use in contacting the consumer to verify that he or she is truly seeking a new line of credit or other service. The CDIA's initiative sought to improve the effectiveness of these alerts in two important ways: <bullet> The text of the security alerts is now standardized with the goal of ensuring that the consumer's request is honored regardless of which credit reporting system is used by a lender; <bullet> The text message is now preceded by an alphanumeric code that ensures that even in a computer-to-computer transmission, the fact that a security alert is part of a consumer's file is easily identified by the lender's system. The security alert is transferred with any consumer credit report, whether it is a highly codified version, merely summarized or otherwise formatted for a particular lender's system. Standardizing the First Three Steps In our interviews with consumer victims, we learned that consistency of experience is important. When consumers learn that they are victims of identity fraud, they are often advised to order a copy of their file disclosure (that is, credit report) from each of the three nationwide credit reporting systems. Under the CDIA initiative, when consumers call any one of the automated systems to order their file disclosures, they can now have confidence that the same three key steps will be taken: <bullet> A security alert will be added to the consumer's file ensuring that if a criminal is still active, subsequent lenders will know that the consumer may be a victim of identity fraud. <bullet> The consumer's file will be opted out of any direct-mail offers of credit or insurance, thus ensuring that only where the consumer initiates a transaction will the consumer's file be accessed. <bullet> The consumer's file will be placed in the mail within three business days of the consumer's request. Following Up Consumer victims expressed frustration with the difficulty of knowing whether or not the crime was ``over.'' In an effort to help consumer victims stay actively involved with our members when identity fraud has occurred, CDIA's credit reporting members altered their practices. Specifically, after a consumer's file has been corrected and the fraudulent data has been removed through a traditional reinvestigation process, our members will then continue to send the identity fraud victim additional copies of his or her file for the next 90 days. With each file, the consumer will have a toll-free number, which provides access to live personnel and, thus, if the consumer spots additional problems with the file, he or she can contact our members quickly and have the problem resolved. This 90-day service extends beyond the requirements of the Fair Credit Reporting Act (15 U.S.C. Sec. 1681 et seq.) and helps mitigate the effects of this longitudinal crime. New Victim Assistance Procedures and Police Reports Victims of identity fraud want to be believed when they claim that they are victims of the crime, and they want their situation addressed quickly. Our members looked for a safe and sound process to meet this need and as you can see in our attached letter to the Federal Trade Commission, our members have not only committed themselves to removing fraudulent data upon request of a victim who has a police report, but we have coordinated this effort with the FTC's Identity Theft Clearinghouse. Following are the comments of J. Howard Beales, III, Director of the FTC's Bureau of Consumer Protection, regarding our members' program. Another collaborative effort with tremendous promise is your new police report initiative. Through this program, the three agencies have agreed to block any credit line when they receive, from the consumer, a copy of the police report documenting the identity theft. And, last year the IACP passed a resolution encouraging local law enforcement to issue police reports to identity theft victims.\1\ We are doing our part too, developing a training video with IACP to encourage the police to issue the reports. I appreciate that certain consumer-based initiatives require you to balance accuracy issues--knowing that the consumer's report contains all relevant credit information, including derogatory reports-- against customer service. From my perspective, your police report initiative strikes just the right balance. You have an assurance of the consumer's good faith, evidenced through the official police report, and the consumer will be untouched by the false negative information. I encourage the ACB and its members to continue developing programs and systems that ease the burden on identity theft victims.'' \2\ --------------------------------------------------------------------------- \1\ International Association of Chiefs of Police, Curbing Identity Theft, (November 15, 2000) available at www.theiacp.org. \2\ Excerpts from a speech delivered to the members of the Consumer Data Industry Association by FTC Director Beales on January 17, 2002. Acceptance of the FTC Fraud Affidavit The FTC undertook a complex and laudable task of trying to simplify an identity fraud victim's paperwork burden by creating a single affidavit for multiple uses. A number of our members participated in the work group discussions which led to the creation of this new form and all of the CDIA's nationwide credit reporting system members accept this affidavit. A Single Call Reaches All Nationwide Consumer Reporting Agencies Included with this testimony is our news release wherein we discuss a very new initiative that should help victims by reducing the number of phone calls they have to make. As of April of this year, consumers can make a call to any of the nationwide consumer reporting agencies and in doing so, their information will be transferred to all nationwide agencies, each of which will add a security alert to the victim's file, opt them out of prescreened offers of credit or insurance and issue a file disclosure. This is truly a progressive step that makes it easier for a victim to notify our members that they have been a victim of identity fraud. CDIA and Consumer Education Any time a crime is identified, we all want to find the one ``silver bullet'' which will stop it in its tracks. In reality, layers of efforts and, in some cases, years of work are necessary to truly reduce the incidents of a particular type of crime. In our visits with law enforcement and with consumer groups, it was evident to the members of the CDIA that procedural changes are important, but that consumer education, focused on prevention and post-victim assistance, was essential. A Commitment to Call for Action The CDIA committed financial resources and technical expertise to support the efforts of Call for Action, a consumer educational organization, which is reaching out aggressively to consumers and identity fraud victims. Enclosed with this testimony is a practical, easily understood brochure * developed by Call for Action with the assistance of the CDIA. The brochure has been distributed to: --------------------------------------------------------------------------- * Held in Senate Banking Committee files. <bullet> National and State law enforcement agencies; <bullet> States attorneys general and consumer protection offices; <bullet> Military barracks and educational institutions; <bullet> Call for Action regional affiliate offices; and <bullet> CDIA members. Call for Action reports that more than 200,000 identity fraud brochures have been distributed and another 100,000 are going to print. Further, the information in the brochure is also available on their website and Call for Action reports that they have had more than 125,000 visitors view their identity fraud information. The brochure, produced by Call for Action, is available at www.callforaction.org. Call for Action's efforts also include production of a video news release (VNR). Their VNR reached 6.7 million viewers nationwide. The VNR included interviews with the FTC and, again, highlighted a message of steps for prevention and for post-victim assistance. Making sure victims understand their rights In addition to the many voluntary steps members of the CDIA have taken on behalf of consumer victims, our members must also comply with specific duties under the Fair Credit Reporting Act (15 U.S.C. Sec. 1681 et seq.). As important as it is for our members to comply with the law, it is equally important that victims of identity fraud are fully aware of their rights. To help accomplish this goal, the CDIA produced a brochure entitled ``The Credit Reporting Dispute Resolution Process.'' A simple flow chart, which is color coded, ensures consumers understand what must be done with their dispute of fraudulent information each step of the way. It has been an effective educational tool and it won the National Association of Consumer Agency Administrators' Print Media--Private Sector Category Award in 2000. Each year the CDIA sends letters to State consumer protection and State attorneys general offices offering free bulk supplies of this brochure. Are the efforts of Government and the private sector paying off ? There are some trends which are encouraging and which show that our Nation is making progress on this issue. The efforts of the FTC, our industry, and others to educate consumers about identity fraud appear to be making headway. First, our own members report that the majority of consumers who contact our credit reporting members' fraud units are taking preventative steps and are not reporting an actual crime. This is a strong indicator that the message is getting out to the consumers to exercise caution and quickly take the right actions to protect themselves. Regarding victims of the crime, the FTC's own identity fraud trend data shows that 42 percent \3\ of the consumers who contacted the FTC learned about the occurrence of the crime in less than a month. This percentage is fully 10 percentage points higher than the statistic cited in the FTC's previous report. Here too, we see that where consumers are educated, they are learning how to spot the crime, and take steps to limit the extent of the criminal's activity. Ultimately, consumer education remains one of the best crime-prevention efforts on which we can continue to focus. --------------------------------------------------------------------------- \3\ Federal Trade Commission Report produced by the Identity Theft Clearinghouse entitled ``Identity Theft Complaint Data, Figures and Trends on Identity Theft,'' November 1999 through June 2001, page 4. --------------------------------------------------------------------------- Summary In conclusion, we believe that since this crime began being debated publicly, a great deal has changed. Our members have voluntarily adjusted their practices to better assist victims. The educational efforts of the private sector and the efforts of Government are making progress with consumers, both in terms of a improving a consumer's understanding of prevention and post-victim assistance steps that can be taken. New laws have been enacted to define this crime and to clarify that consumers are clear victims. This point may seem to be less significant today. At one time 1 victims' top complaint was merely that law enforcement did not consider them to be victims under a crime statute. We continue to applaud the enactment of the ``Identity Theft and Assumption Deterrence Act of 1998'' (Pub. L. 105-318) and the more than 30 State laws which our members have actively supported. In all of this, while procedures will help victims and reduce application fraud, and while consumer educational efforts will continue, we believe that it is critical is that Congress ensure that law enforcement has the resources necessary to enforce the law. Ultimately, identity fraud is not a consumer protection issue begging for new laws. It is a crime prevention issue in need of large-scale, coordinated efforts to investigate and prosecute criminals. Law enforcement needs the financial support of Congress to get the job done. Everyone who even considers perpetrating identity fraud, should also know that they will be pursued, prosecuted, and incarcerated. These criminals deserve nothing less. Finally, we believe that the FCRA does have the basic framework of rights that all consumers need and deserve. Time frames for the completion of the reinvestigation of a consumer's or victim's dispute are particularly important and this is one of the seven provisions of the FCRA that operates as a uniform national standard. The benefit of having a national standard is that we can design our systems for assisting consumers and victims on a nationwide basis and we can be much more successful in encouraging national and local lenders to use our automated systems for dispute resolution which allow us to often resolve disputes in less than the FCRA standard of 30 days. It would be vastly more difficult to build a nationwide dispute resolution network if we had competing State requirements and this would work against servicing the needs of identity theft victims, as well. We believe that the standard time frames for completion of reinvestigations and all of the uniform standards found in Section 624(b) of the FCRA should be made permanent. Thank you for the opportunity to appear before this Committee and to share our views. I am happy to answer any questions you may have. <GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT> PREPARED STATEMENT OF LINDA FOLEY Executive Director, Identity Theft Resource Center June 19, 2003 Members of the Committee, thank you for the opportunity to provide both written and oral testimony for your Committee today and for your interest in the topic of identity theft. The Identity Theft Resource Center (ITRC) is passionate about combating identity theft, empowering consumers and victims, assisting law enforcement, reducing business loss due to this crime, and helping victims. We are honored by your invitation and will continue to make our opinions available upon request to your representatives over the next few months as you grapple with this complex crime and the FCRA sunsetting. About ITRC The Identity Theft Resource Center's (ITRC) mission is to research, analyze, and distribute information about the growing crime of identity theft. It serves as a resource and advisory center for consumers, victims, law enforcement, legislators, businesses, media, and governmental agencies. In late 1999, Linda Foley founded this San Diego-based nonprofit program after becoming a victim of identity theft. In her case, the perpetrator was her employer. ITRC's work with thousands of victims (by e-mail and by phone), credit granters, representatives from the CRA's, law enforcement officers, governmental agencies, and business has taught us much. Jay Foley, ITRC Co-Executive Director and Co-Writer of this testimony has spent hundreds of hours speaking with victims while assisting in their recovery, listening as they discuss their revictimization by ``a system that doesn't care, understand, or listen.'' As one of the few groups that deal with a victim throughout recovery process, we have a unique perspective on the crime. Our information is not just moment of discovery statistics. Our information comes at the cost of minutes, hours, days, weeks, months, and years of a victim's life. Through our testimony we will introduce you to some of the victims who have helped us to understand the changes that must be made in the areas of prevention and recovery. We hope their stories illuminate the issues as clearly for you as they have for us. To protect their privacy, they will be referred to as initials only. The ITRC has worked for a number of years to make changes in laws, policies, business practices, and trends to combat this crime. As a result, we have composed a list of recommendations that we feel will make a difference both in crime prevention (keeping the information from the hands of criminals and the issuance of credit) and in victim recovery. Our Testimony ITRC has been asked to address the following points: <bullet> The Crime: Who are these criminals and what is identity theft? <bullet> The Victim: What are some of the crimes we hear about? <bullet> Crime Expansion: crime trends, numbers, stats, anecdotes and articles? <bullet> Victim Recovery: What steps must victims take? <bullet> Recommendations about areas that need change? <bullet> Provide your perspective as to the value of State involvement. <bullet> Our opinion of the FCRA battle. Identity Theft The Crime There are four recognized main categories of identity theft: <bullet> In financial identity theft the imposter uses personal identifying information, primarily the Social Security number, to establish new credit lines in the name of the victim. This person may apply for telephone service, credit cards, loans, buy merchandise, or lease cars and apartments. Subcategories of this crime include credit and checking account fraud. <bullet> Criminal identity theft occurs when a criminal gives another person's personal identifying information in place of his or her own to law enforcement. In relation to your Committee and focus, this type of crime might occur in relationship to checking account fraud. Many States do prosecute on bad checks or on opening accounts fraudulently. Case history: One of our recent cases involved a woman who lives in Pittsburgh. Her imposter had several warrants in Kentucky for opening a fraudulent checking account and writing bad checks on it. The victim was 8 months pregnant at the time of the crime, restricted by her doctor to bed (in Pittsburgh), and clearly incapable of committing this crime. The bank finally cleared her but forgot to tell the DA to cancel the warrant. She has incurred legal expenses, as well as other expenses in clearing her name and rectifying the inaccurate records from various databases. <bullet> Identity cloning is the third category. This imposter uses the victim's information to establish a new life. He or she actually lives and works as you. This crime may also involve financial and criminal identity theft as well. Types of people who may try this fraud include undocumented immigrants, wanted felons, people who do not want to be tracked (that is, getting out of paying child support or escaping from an abusive situation), and those who wish to leave behind a poor work and financial history and ``start over.'' <bullet> Commercial identity theft is similar to financial identity theft and cloning except the victim in this type of case is a commercial entity. Criminals open checking and credit accounts as that company, order product, and may even try to conduct business as that entity. Unfortunately, this has yet to be explored topic and good answers for these victims are few. The Victims Identity theft is a dual crime and no one is immune, from birth to beyond death. Who are these victims? It could be you, unknown at this very moment. Let us introduce you to some of our clients/victims who have turned to us for assistance. Some of these cases are cut/paste of e-mails we have received from victims. We present them to you so that you can see what we work with on a daily basis. Case 1: Child Identity Theft. Victim owes about $65,000, $4,700 in child arrears and has 3 DUI warrants in his name. One problem. Jose is only 6 years old now and those arrears are to himself. The perpetrator is his father, now divorced from Jose's mother, an illegal immigrant, and subject to deportation when found. Case 2: Identity Theft of the Deceased. Perhaps one of the most poignant stories we have heard (New Jersey Star Ledger reported it) is the theft of a man's identity who died in the World Trade Center attack on September 11, 2001. His widow was notified about 10 months after the event to discuss her husband's recent auto accident. She went through hours of turmoil only to discover that an illegal immigrant had created a false driver's license and was living and working as her deceased husband. Unfortunately, this is only one of more than several dozen cases that we have worked on involving the deceased. In some cases, the imposter has purchased the information, in others the perp is a family member or even a caregiver. Some may ask what is the harm in using the Social Security number of the deceased. Not only can this affect the estate but the survivors still dealing with the grief of losing a loved one. In one other case, a mother has had to fight collectors trying to collect money from accounts opened in her daughter's name, a daughter who died several years ago. Each new call opens up the wound again. Case 3: Information Breach, Workplace Identity Theft. T's identity was stolen by her doctor's receptionist. She found out when applying for her first home loan, her dream home. Months later, after clearing her records, spending her own time to research how her thief got her information and used it, and seeing another family move into her home, she was able to convince authorities to prosecute her offender. The result--the thief is now living in a halfway house, driving the car she bought with T's identity, and working for another doctor as a staff member. T was finally able to buy a house almost 2 years later, at a higher purchase cost, with a higher interest rate due to the multiple accounts that had been opened in her name after the placement of a fraud alert. Case 4: Victim Recovery Issue. Victim owns her own business. For the past 3 years, she has been in a fight with her bank. They repeatedly open new accounts and grant access to her existing accounts, even generating dual credit cards sending them to the imposters as well as herself. At one point, she went to the local branch of her bank to once again put to rights the transfer of her account information. With multiple pieces of identification in her possession she was devastated by the bank officers who would not acknowledge her right to discuss the accounts in question or accept her identifying documents including passport, driver's license, utility bills, business license, and Social Security card. To date she still has problems with her bank and her accounts. She is currently talking to an attorney and plans to sue the multiple companies who continue to torment her and refuse to correct their errors. She believes that lawsuits are her only option left. Case 5: Financial identity Theft Turns into Criminal Case. Two nights ago, I was arrested as part of a 4-year ongoing theft of my identity. The arrest was over bad checks written in Lincoln, Nebraska near where I reside. The issue, other than the arrest and all that goes with it, is the fact that JPM was able to open fraudulent accounts because the Nebraska DMV had issued her a license with her picture and my information. I do not know what documentation she provided them, but we clearly do not have the same physical features. This should have sent up a red flag to the DMV. As a result, JPM illegally used my identity to spend almost $40,000, with new credit cards and with fraudulent checks. I am doing the best I can to be compensated for the money spent on bail, loss of work time, personal stress, which all occurred while I was finishing my undergraduate degree and throughout my master's degree. Needless to say, this has interfered with my performance in school because of the time it takes to free myself as a citizen and as a consumer. The arrest was the last straw, and I have been told that the statute of limitations to sue the woman who stole my identity has expired. I am looking for help. Case 6: Social Security Number Used as Driver's License Number. Victim had car broken into just prior to a move from Hawaii to Delaware. A file with all identity and information was stolen in Hawaii including her driver's license which used her Social Security number as the identity number. Since then a fraudulent cell phone account was setup with VoiceStream generating a bill for $10,000.00. The victim has made some payments during the course of the account dispute due to the bullying action of the collectors threatening to attach to possessions. Because of that VoiceStream refuses to acknowledge the account is fraudulent. Case 7: Security Breach. Victim was referred to ITRC by the FBI Victim/Witness Coordinator. The victim is a 72-year-old retired Air Force Major. His dentist told him his identity was stolen. The dentist had befriended a man who saw the victim's dental records. This man then copied and used all of victim's info. The dentist found out when he saw files out of place. This befriended man/handyman was the only person who had access. The imposter purchased a condo, a BMW, and used the victims HMO for medical services. The victim's HMO paid for this. Upon arrest it was discovered that the imposter had a prior record of fraud. The imposter is now in jail on nonrelated charges. Case 8: Cloning. Victim lives in San Diego on disability. The imposter is living and working in Illinois. Fraud is impacting her disability. IRS and SSA have been contacted. Victim is fearful of losing housing and being unable to cover living expenses due to the lengthy time of recovering her good name and clearing the records. Case 9: Workplace Identity Theft. The victim recently found out of the identity theft. In 1999, a co-worker stole her credit card. The victim went through all the necessary procedures with her credit card company to remove the charges including filing a police report. In January 2002, the victim applied for a loan with a small finance company. The victim was told her Social Security number had already been used to apply for a loan with this company. The victim retrieved the application and found it was used back in 1999 by the same lady who stole her credit card. The victim had never been contacted by this company. The company's reply: We denied the application. Unfortunately in doing so, they did not indicate that it was denial due to fraud but due to not enough income. I did go to the company with this, I even spoke with the Vice President in South Carolina and she was useless. I still have not received a copy of my credit report so I am not sure if she has not done any real damage or not. I am sure she used my Social Security number and I am not sure how else I can file a report if the police are not helpful. Thank you again. Case 10: Extreme Case. Victim's identity stolen by co-worker 10 years ago. She knows who the perp is and he has been questioned but released by police (refusal to take action due to ``extenuating family circumstances''). In the meantime, the victim has been unable to stop the perp from opening credit and checking accounts, fraudulently applying for welfare, etc. She has had to change her Social Security number, driver's license number, and name, essentially recreating herself in order to separate and protect her from the actions of the perp. Case 11: Reoccurrence. My wife was a victim of identity theft in 1999. After many letters, a police report, and an affidavit of forgery, we thought everything was settling. We were reassured that the loan and credit that was taken out in our name was removed from our reports and that our credit restored. We asked several times for correspondence that this was taken care of but no one returned a letter. As time passed and we received no bills, we forgot about it. That is until we received an Equifax on June 2, 2002 showing it still on the report. I tried to contact the office that I communicated with before but no one would return my call. The date reported was after we had notified them of the dispute. Are they in violation of the FCRA? Please advise or direct. Case 12: Family Identity Theft. Victim's relative used victim's identity to clear out victim's bank accounts. This relative has victim's Social Security number and stole checks. Victim has filed police report and is in contact with the managers at her bank. LEA is not investing a great deal of time on case, usually claiming that this is a family dispute. Family identity theft is one of the most difficult crimes we work on, in part, due to lack of police action and, in part, due to the emotional impact of this crime. How does one turn one's own mother in to the police? Unfortunately, we receive about 3-5 of these types of cases each week. Case 13: Domestic Abuse, Harassment. The victim was divorced in 1987, she now lives in Florida. The ex-husband is operating here in San Diego. Due to the actions of her ex, the victim is having IRS, SSA problems and is dealing with 3 accounts under her name. Unfortunately, identity theft is the perfect tool to harass another person and to perpetuate domestic abuse after a divorce or separation. Case 14: Stolen Wallet. I live in Texas. On June 2, 2002, my wallet was stolen in New York City. On June 6, 2002, a woman began using my identity from the wallet including driver's license, Social Security number from a medical insurance card, place of employment, and stolen cards to establish instant credit at 9 different stores in 3 different States. I have placed a credit alert fraud with the three credit reporting agencies but there has already been theft totaling in excess of $16,000. I am now having difficulty getting anyone to follow through with a report and also changing my drivers license number. Because the theft occurred out of my home State, I have to follow up on the phone and not getting much response or help. Case 15: Military Spouse. I have had the frustrating and humiliating experience of somebody taking my maiden name and Social Security number in order to open numerous fraudulent utility accounts leaving my credit reports a mess. I am also a military wife who is required to show my Social Security number on my identity card, which is used for everything. Case 16: Enable Credit Granting Behavior. I was a victim of credit fraud/identity theft beginning in November 2001, and continuing until approximately April 2002. All of the many fraudulent credit applications using my name and identifying information were done in the Los Angeles area. Somehow, my personal identifying information (Social Security number, name, birth date, etc.) were obtained and used to apply for instant store credit at Radio Shack, Gateway Computers, and approximately a dozen other merchants. Additionally, my personal credit card was ``taken over'' by these criminals. By calling Visa and posing as me, they changed my billing address, and claimed that they had lost the credit card. They then received my new Visa card in the mail at the fraudulent address. They applied for many credit cards under my name and were even successful at getting a few, then charging the cards up to the maximum very quickly. Case 17: Mail Theft by an Acquaintance. I just found out on June 14, 2002, that I am the victim of identity theft by my housekeeper/ babysitter. Since she had access to my mail it was easy. She opened the first account in April 2001. She has charged over $10,000 that I am aware of and I have jewelry, etc. missing from my home. This is so recent that I do not even know what I am up against yet, what I do know is that this has hurt my 11-year-old daughter very badly. My daughter sang in the housekeeper's wedding last May, I wonder now if the wedding was all charged to me! I would be happy to talk to anyone about this. I live in a small town of 12,000 people, right now I know 4 people, personally, that this has happened to including the President of one of the banks here in town. Something must be done!! She is having trouble getting creditors off her back. Case 18: Domestic Abuse, Insurance Fraud. My ex-husband and his employer used my Social Security number to file medical claims on my health insurance. My ex has not been covered on my insurance since 1999, and I have changed employers and insurance carriers since that time. However, claims for February 2002 through May 2002 have been filed on my current insurance. He has obtained the information without my knowledge. I found out about the claims after receiving Explanation of Benefit forms from my insurance provider. The claims have been denied, so the insurance provider states that they are doing their job. The insurer will not file a report with the police. Case 19: IRS Complications. I have had my identity stolen. Someone has gotten hold of my Social Security number and, from that, cause me to have false credit bureau claims and a warning from the IRS that I had underreported my income. Creditors have harassed me and required me to go to extraordinary lengths to prove that I could not have incurred the debt in question. The IRS has required extensive documentation as well. Right now the activity has settled down, but anytime the next shoe could fall. Even though there is a certain person I suspect of engaging in this identity theft, law enforcement authorities turn a deaf ear. I really do not blame them, it is not a high-priority crime to them. To me, it is a major theft and closely akin to rape. This whole situation has been aided by the use of computers and the overuse of the Social Security number. I understand that the original law establishing the issuance of Social Security numbers stated that that number should only be used for Social Security, but indeed, that has not been the case. Case 20: Victim Frustration--Complex Case. I became a victim of identity theft in March 2001. I found out when the person who had my Social Security number tried to open a credit card with a bank that I already had a card with. The woman was not able to give my correct birthday. They contacted me but they gave me a hard time saying that it was my daughter. They suggested that I contact the credit agencies about a fraud alert. That is when I found out that the person had many credit cards and a cell phone and they even bought a computer from Dell. Since I found out early, I was able to stop almost everything before it was way out of hand. I filed a report with the Dallas police department and talk to a detective all the time. Only to find out they would do nothing. They had the address the cards and computer was sent to but they would not go there. They even had another address where the person used a credit card in my name to buy a pizza. I found a lot of information on the Internet and started writing letters and sending them certified return receipt. I also made a file that I have with everything I did and all the copies. It took many months to clear everything up and I still have the fraud alert on my report for 7 years. This is a crime that is too easy for someone to do and they get away with it because our laws are too easy and the officers are not trained on this type of crime. I feel I am luckier than most because I found out early and was able to clear up the damage within a year. While you know my story, that only tells part of the picture. What I discovered disturbed me greatly: <bullet> Fraud alerts only help a little. Most places do not even honor them. So, I am not sure they help very much. <bullet> After I put the fraud alert on, they still opened a few more credit cards. All of the accounts they opened were done on the Internet. <bullet> I found that the credit card companies did not care much, they just closed the accounts. But before they will close the accounts, you have to prove to them it was not you who opened the account. <bullet> They also made you wait on the phone a long time and you are transferred to many people before you found one that could help you. Most of the people I talked with acted like they were not educated enough on the subject. <bullet> They treat you like it was your fault and most of them need more training on this issue. <bullet> The police are no help at all. <bullet> The credit agencies take forever to remove the fraud accounts from your file. <bullet> The victim spends hundreds of hours writing letters and making phone calls trying to remove the damage that the thief caused while they were free to go to the next victim. <bullet> Laws should help the victims, but you are alone when it comes to identify theft. Victim Impact: The Good, The Bad, and The Ugly While the victims are not usually held liable for the bills accumulated by the imposters, many do suffer significant financial and emotional harm from this crime. According to studies done by the Privacy Rights Clearinghouse (PRC)/CALPIRG in 2000 and Federal Trade Commission (FTC), the average victim spends about 175 hours and $1,100 in out-of-pocket expenses. These expenses include notarizing, postage, telephone, travel, photocopying, costs involved in getting police reports and fingerprints, and resource materials. ITRC is in the process of completing an updated study. We believe that the numbers will be significantly higher due to the complexity of the crimes committed. In many situations this does not cover time lost from work, loss in productivity while working or loss of personal or vacation time. Some victims never truly regain their financial health and find credit issuers and even employers are reluctant to deal with someone with ``baggage.'' To have someone use your good name, a reputation in which you have invested much time, energy, and money, is a deeply felt violation-- financially, emotionally, and on that has the power to affect your decisions, relationships, and financial/criminal history from that point forward in your life. The emotional impact of identity theft can be extremely traumatic and prolonged due to the extensive amount of time it can take to clear one's name. Some victims can be dealing with the crime for 3-7 years after the moment of discovery. Victims face many challenges in cleaning up the mess left by the thief. In the best case scenario: <bullet> Law enforcement takes a report and provides a copy to the victim. <bullet> The victim discovers the case early enough to prevent it from being sold to a collection agency. <bullet> The initial contact with the creditor is not misleading nor ignored. <bullet> The creditor freezes the account based on telephone contact and closes it completely when presented with a police report identifying the account as fraudulent. <bullet> The victim is provided with information that when provided to law enforcement makes the case and supports the arrest and prosecution of the thief. <bullet> The victim is given a letter of clearance and the entries and inquiries are removed from the credit report. <bullet> The creditor works with the victim and the police to complete the case. In the bad version, the victim: <bullet> Victim fights with police to get a report taken. <bullet> Has to deal with the creditor and one or more collection agencies. <bullet> The creditor's staff is unhelpful. They provide inaccurate information. <bullet> Creditors refuse to make account and transaction information available to the victim claiming privacy concerns of the accountholder/criminal. The victim is burdened with proving innocence without the benefit of knowing where the charges were made, how the account was opened, dates of purchases, etc. <bullet> Too often victims are told to have the police request this information but when requests are made by law enforcement they are denied access as well without a stack of paperwork at best. <bullet> They make statements to the victim that the account is cleared up but do not take the actions necessary to close or clear the account. <bullet> Accounts are resold after the victim has provided proof of the fraudulent nature of the account. <bullet> Victims are told that they are still responsible for the account when a family member did it fraudulently. <bullet> Accounts are not removed from the credit report by the creditor when proven to be fraudulent. <bullet> Victim is mislead to believe that the CRA will respond to their requests to have information removed or corrected on the credit report. The CRA passes the fact that a dispute over the validity of an account exists to the creditor but does not present any of the evidence submitted by the victim. In the ugly version, the victim: <bullet> Faces all of the problems from the bad version plus. <bullet> The victim is sued by the creditor without the victim's knowledge and a judgment rendered against the accountholder--the victim. (The imposter is served.) <bullet> The victim is arrested for the crimes of the thief. <bullet> Property is seized by court order leaving the victim to attempt to have the court reverse the order. <bullet> Homeless people and minors face many unique problems getting copies of their credit reports. <bullet> Despite all efforts, the victim is unable to stop the thief from using his/her Social Security number, name and other information. In these cases the ultimate solution is to change one's identifying information--name, Social Security number, driver's license number, etc. The problem: This solution creates more problems then it solves. You are now a person without a credit, work, college, or life history. You are nothing more than a blank slate. Identity Theft's Negative Economic Ripple Effect In terms of economic impact, a recent Florida Grand Jury report stated: ``The average loss to the financial industry is approximately $17,000 per compromised identity. For criminals, identity theft is an attractive crime. An identity thief can net $17,000 per victim, and they can easily exploit numerous victims at one time, with relatively little risk of harm. By comparison, the average bank robbery nets $3,500 and the criminal faces greater risk of personal harm and exposure to a more serious prison sanction if convicted.'' (reprinted at www.idtheftcenter.org under Speeches.) The Privacy Rights Clearinghouse 2000 Report found the average economic loss per victim to be $18,000, ranging from $250 to in excess of $200,000 (footnote 1). While the FTC study, so far, shows a different number, their numbers are based primarily on moment of discovery. In identity theft, it sometimes takes months before the total damage can be assessed. Using the number of $17,000 per victim and the estimate of 700,000 victims, the economic loss could total $11.9 billion to merchants, credit issuers, and the financial industry in 1 year alone. ITRC would like to further add that that $11.9 billion loss is just the beginning. You also have to add the cost of law enforcement and criminal justice time, costs to victims (including expensive attorney time) and secondary economic losses to merchants when merchandise ``bought'' by imposters is resold resulting in a lessening of customer trade. Finally, there is the cost of investigating and prosecuting secondary illegal activities (drug trafficking, etc.) funded with the money made by imposters or information brokers who sell the documents used by some imposters and those wishing to identity clone. Identity Theft Trends There are clear indications that identity theft is not only a crime that is committed by your garden-variety type of thief but is also used by organized crime groups. ITRC's new study will help to show the complexity of the crimes that are committed, the impact financially and emotionally and to help us track this crime even more effectively. Dumpster diving: Digging through trash is not glamorous but can be very profitable especially when that dumpster sits behind a mortgage broker, dentist's office, rental office, insurance company, or even a market or governmental agency. The papers there are a wealth of information including account number, Social Security number, names, unlisted phone numbers, and even mother's maiden name. The value of these dumpsters is that the thief doesn't leave with one document but with dozens at a time. Scams: Creative writing teachers would be proud with the types of both telephone and Internet scripts that have been written to separate you from your information. Some, including that apparently come from governmental agencies or from credit providers even seem to fool experts. ITRC receives at least a dozen requests each week from people asking us to verify a ``legitimate'' looking scam. One DMV Director even forwarded an urban legend to us that contained only partially correct information. He received it ``from a reliable source.'' Mail theft: In a recent conversation with a postal inspector in California, we were told that a good portion of identity theft cases involves the post office. Not only is it a way to move information, receive ``stolen'' good and cards but also the mail is a rich source of sensitive information. Preapproved credit offers are but one of the problem areas. Convenience checks (that come with credit statements-- ready to use by anyone), any bank/credit/financial statement with an entire account number imprinted on the bill, health benefit statement, payroll stubs and statements, literally hundreds of sheets that make their way to your home could be intercepted and used for identity theft. And the problem is that the post office is not the only location to steal this mail. It could be intercepted in a variety of locations-- print shop, mail room (either outgoing or incoming if returned to sender), postal office and then finally your own either locked or unlocked mailbox. Your own roommate, friend, caregiver, or family member could look at the mail, steal it, or just use the information. Checking account takeover: Checking account takeover is a heinous crime in that it can be accomplished in many ways. Your account can be accessed electronically, checks that you issue can be reused, and checks can be computer generated using your information on the top but a different bank routing and account number on the bottom. To date, the financial community and consumer groups have yet to find a good solution to this issue. Identity theft and other illegal activities: The reality is that identity theft is a way to make a lot of money quickly. This automatically draws the attention of narcotic dealers, manufacturers and junkies, gamblers, alcoholics, those who compulsively spend money and those who sell information (like selling drugs) to make large quantities of money to live the lifestyle they wish to enjoy. Gang behavior, information trafficking and identity theft: Several law enforcement groups have now shared that their large cities have given rise to organized identity theft rings. These groups control the information selling, teach others how to commit identity theft, and find the ``targets'' that will become their mules or information gatherers. They may have a division that helps to sell ``stolen'' merchandise or to traffic merchandise on the black market. These groups are also setting themselves up as businesses, allowing them access to information from groups like the CRA's and datahouses like ChoicePoint. They are finding ways to target groups of people based on a variety of fields--address, economic status, last name, ethnicity--so that they can customize the information for sale. Level of sophistication: Just when we think we have heard the very worst-case scenario, another person contacts our office with an even more difficult case. Gangs are working smart and even teach each other about our law enforcement and business weak links. There is a reason that some companies are regularly hit and others are rarely hit. Instead of opening 5 new credit cards, they open 30. In fact, skimmers may be found with more than 10,000 ``new'' credit cards ready to sell or use. These criminals have become bold and brazen. Why?--why not, especially when so few are caught and the crime is so profitable? Three other areas of concern: 1. Non-English Language Victims: Identity theft is an equal opportunity crime. It can strike anyone with a Social Security number. According to the latest census, in California one-third of our population is non-English speaking. However, even the simpliest task of ordering your credit report is difficult. In both of the CRA's that use automated systems, neither provide an option for even Spanish. Should the victim have another person call in for their report on their behalf (trusting their Social Security number to yet another stranger/friend), the information sheets which include consumer rights, how to understand the report or what to do, come in one language only--English. These same victims face similar situations in contacting credit issuers and collection agencies. ITRC has worked with some of these victims--in part through a translator and partly in the victim's native tongue. The frustration level is high and their dissatisfaction with the system even higher. Some have given up and just paid the bills, fearful of the consequences and not understanding their rights. 2. Deployed Active Duty Military: It is difficult enough to clear up a problem of identity theft if you have the time and ability to do so. But you cannot deal with a case in a timely manner while deployed-- either into a battle zone or in an overseas duty station. At this time we are working with about 20 military personnel. ITRC has proposed a plan for a Military Victim Support Program to several legislators, asking the Department of Defense to consider creating a trained body of JAG aides/victim liaison officers who will work with these members, almost as a one-stop shop. This program will save money, help to highlight security issues, and assist deployed military members as they serve our country, sometimes at great physical risk. ITRC will make that plan available to any Committee Member who will help us to move this program forward. 3. Identity Theft and Dominance/Domestic Abuse: Identity theft is the perfect tool to dominate, abuse, and harass another individual. More and more we are seeing cases like this. Recommendations for Laws It is our goal in the next section to illuminate problems reported by victims and law enforcement and to provide recommendations for consideration. ITRC has always been known as a problem-solver and not a finger-pointer. The Finding section of each recommendation is based on ITRC's research, studies widely available, and input by victims, law enforcement, and businesses. For text recommendations, please contact the ITRC national office. A * denotes areas of highest priority. A final comment. Many of these ideas are common sense, and ITRC hopes that the involved entities voluntarily absorb these concepts as standard practices. Legislative solutions should be a last resort. In fact, voluntary acceptance can be used to an advantage as illustrated in the following anecdote: Three weeks ago we bought our cell phones from Cingular. Both of us have fraud alerts on our reports. We explained to the salesperson at Best Buy that he might encounter a delay. He never had heard of fraud alerts through he specializes in one of the items that thieves are more likely to buy. Indeed, Cingular did notice the fraud alert, my husband went home to answer the telephone call to approve the transaction, and with no more than a 15-minute delay we had our phones. Cingular voluntarily did the right thing and has a loyal customer due to that. 1. Police Reports Finding: One of the biggest victim complaints is that law enforcement refuses to take a crime report in identity theft cases. ``You are not the victim, the business is.'' A secondary problem is jurisdiction, since many of these crimes cross lines both geographically and by agency. The victim's mail may have been stolen in Houston, but credit purchases are being made in Virginia and in Oklahoma. Who handles this case? The Post Office fraud investigation team, the Houston police, or the sheriff in Virginia? The other problem facing victims is that without a police report, credit issuers simply do not believe you. Bank fraud investigators have stated at legislative hearings and at conferences that a main determining factor in separating victims from those avoiding paying a bill is a crime report. The belief is that a ``deadbeat'' will not file a false police report and take the chance that they will be arrested for that action. Recommendation: Legislation declaring a person who has learned or reasonably suspects that another has unlawfully used his or her personal identifying information may initiate a law enforcement investigation in his or her own local jurisdiction and shall receive a copy of said report. For recommended text, see California P.C. 530.6 (www.leginfo.ca.gov). 2. Victim Access to Records on Accounts Opened in His/Her Name Finding: The burden of proving one's innocence lies on the shoulders of the victim. In a sense, you must prove a negative--that you did not open the account or make the purchases. This requires knowing the application and transaction information. If purchases were made in person in New York and you were working in Houston that day, you have a chance at being taken seriously. In some cases, victims recognize the handwriting on an application or know who made the purchase because they personally know the perpetrator. Recommendation: Legislation that allows the victim of identity theft and the investigating law enforcement agency to receive application and transaction information on fraudulent accounts opened in his or her name. Language recommendations: California P.C. 530.8 or S. 1742 (Federal bill--author Senator Cantwell). 3. Declaration of Innocence--Criminal Identity Theft Finding: Cases of criminal identity theft are especially difficult because even after proving you were not the person who committed the crime (or got the tickets), your name remains the ``alias'' on record. Every time a police officer stops you, when a potential employer does a criminal background check or you go out of the country on vacation, you wonder if you will be accused of the imposter's crime yet again. Recommendation: Legislation and/or policies to allow a person to petition the court for a ``factual declaration of innocence.'' We recommend that the victim not only be issued an official record of that declaration, but also for the State to establish a database that would keep these records. If the person loses the paper (most carry copies for life), this database would contain the order and a copy of the true person's fingerprint(s) for comparison in the case of another instance of mistaken identity. 4. Statute of Limitations for Lawsuits Involving Identity Theft Finding: Identity theft is an unusual crime. Most victims of other types of crime are involved from the moment the crime began. If your car is stolen, your house is robbed, or you are mugged and your purse taken, you know about the crime almost immediately. This is not true in identity theft. In three studies (FTC, Florida Grand Jury, Privacy Rights Clearinghouse), the average victim did not find out until 12-16 months after the crime first began. By Federal law, the clock starts when the crime began, giving identity theft victims only a few months to investigate, assess the damage, and find out how the crime may have begun. Many victims take a year or more to get to this point. Recommendation: Legislation to allow victims of identity theft and financial fraud at least a 2-year window to initiate a lawsuit against involved parties, starting from time of discovery and not time of when the crime(s) occurred. 5. Confirmation of Change of Address--Account Takeover Finding: Account takeover has been a problem for many years. It is fairly easy to find out the credit card number of an individual: Via mail interception, shoulder surfing, skimming, register receipts, and scams both by telephone and over the Internet. The U.S. Postal Service introduced a successful program that mirrors the one recommended in this legislation. It mandates that when an address change is requested that a card be sent to the current address on record and to the new address, informing the consumer of the requested change. The card directs the consumer to notify a toll-free hotline should they dispute the change of address request. Recommendation: Legislation mandating that a company must notify the cardholder when a change of address is submitted. This change of address notification should be mailed by postal mail (not postcards) to the current address on the account, as well as the new address. The notice should inform the account holder of the request and give a toll- free number to call if the account holder had not submitted the change. 6. Mandatory Observation of Fraud Alerts Finding: Current identity theft victims want to stop the perpetrator from opening yet another account. Many fear (with good reason) that unless they immediately lock the door to credit, the perpetrator will continue to attack them for years to come. Even if the imposter is arrested, there is no guarantee that he or she will not sell the information to another individual, who in turn will try to open credit using the consumer's information. While California is also experimenting with a credit freeze, ITRC believes that the mandatory observation of fraud/security alerts is the ultimate credit monitoring service. The only measure of control over the establishment of new credit lines is through a fraud or security alert placed with the three major credit reporting agencies. Unfortunately, at this time, the notice of a fraud alert--``Do not issue credit without my express permission. I may be reached at 555-555-5555 or please contact me at the following e-mail address:___''--is advisory in nature only. Language for this bill has been already written by Senator Feinstein. Recommendation: Legislation that would require all credit reporting agencies to indicate to credit issuers that there is a fraud/security alert and the entire text of that alert, whether a credit score, summary, or full report is requested. AND that all credit issuers must check for and observe security alert request as written on credit reports. This legislation should include penalties and civil remedies for failure to comply. 7. Truncation of Credit Card Account Numbers on Credit Card Receipts Finding: Many merchants print your entire credit card number on merchandise receipts. Unfortunately, this is an excellent way for thieves to gather information and enjoy a shopping spree at your expense. The scenario: It is a busy time, perhaps a white sale or during the holidays. As Mary wanders from store to store, she doesn't notice the gray-haired woman walking behind her. She also doesn't notice the woman slipping her hand into Mary's purchase bag and pulling out the receipt for the sweater she bought a few minutes ago. By the time Mary gets home a few hours later, this woman (minus the gray- haired wig) has hit two nearby shopping centers and charged about $3,000 in merchandise to Mary's account. Recommendation: Legislation that states that a person or an entity that accepts credit cards for the transaction of business may not print more than the last 5 digits of the credit card account number or the expiration date upon any receipt provided to consumers. A 2-year phase out deadline can be included to allow stores to adjust programs as they replace or alter machines and software programs. 8. Free Annual Credit Reports upon Request Finding: Credit reporting agencies (CRA's) collect credit information provided by credit issuers, merchants, and others and then resell it to their customers--credit issuers, merchants, and employers. That information is not verified for accuracy, and may even reflect addresses used by imposters or misread by clerks. The irony is that if this information is not accurate, not only does the consumer suffer, but the businesses that purchase this information and use it to determine whether to extend credit lines can also be harmed. Information distributed by the CRA's seems to take on a life of its own. These reports are replicated and distributed by resellers (for example, real estate industry). Errors in reports spread like a malignant growth throughout the system, affecting a person's ability to get credit, buy a house or car, obtain a job, and secure rental housing. The only way to confirm the database information is to allow the consumer to check it over on a regular basis. Currently, the credit reporting agencies charge a fee to look at one's credit report, arguing that they shouldn't be forced to give anything away for free. Yet, the only person who can authenticate information is the consumer. Why should they be forced to pay to verify information they did not provide to the CRA in the first place? Recommendation: We recommend following the lead of several other States (Colorado, Georgia, Massachusetts, Maryland, New Jersey, and Vermont) in allowing each consumer one free copy of all three credit reports per year, upon request and expand upon it to also follow California's lead in allowing multiple credit reports for victims of identity theft within the first TWO years after the discovery of the crime (perhaps one every 3 months). This bill is smart business, good for consumers, and good for a State's economy. 9. Victim's Right Act Finding: Victims of financial fraud must be given full rights under the law. These include the right to reasonable and timely notice of any public proceeding involving the crime and of any release or escape of the accused; the rights not to be excluded from such public proceeding and reasonably to be heard at public release, plea, sentencing, reprieve, and pardon proceedings; and the right to adjudicative decisions that duly consider the victim's safety, interest in avoiding unreasonable delay, and just and timely claims to restitution from the offender. Recommendation: Legislation that would require the victim to be notified of all steps of the criminal process including the trial date and the release of the perpetrator from custody. Provisions should be made to allow for victim input prior to sentencing and for restitution when appropriate. Victims of white-collar crimes should be afforded the same rights as those of violent crimes. 10. Information Trafficking Finding: As identity theft has grown, suspects have become actively engaged in the collection of personal profiles for purposes of identity theft. These suspects often steal mail and trash in search of new identities to use. They compile lists of victims' names, birth dates, Social Security numbers, maiden names, addresses, and other pieces of information that can be used to open fraudulent accounts or take over existing legitimate accounts. These profiles have become commodities that can be sold or traded for drugs or cash. Often the person compiling the profile is not directly involved in the actual use of the identifiers, thereby avoiding prosecution as an ``identity thief.'' In some cases, suspects have retained victim profiles for years, knowing they can be used again and again. Recommendation: Legislation making the action of information trafficking illegal and punishable as a felony or felony/misdemeanor (wobbler) depending on judicial discretion. Possible language includes: Every person who, with the intent to defraud, acquires, transfers, or retains possession of the means of identification of another person without the authorization of that person, is guilty of a public offense, and upon conviction therefore, shall be punished (terms equal to type of crime). The term ``means of identification'' means any name together with one or more other pieces of information which can be used to identify a specific individual, including a Social Security number, date of birth, State or Federal issued driver's license or identification number, taxpayer identification number, or unique biometric data, such as fingerprint, voice print, retina or iris image. 11. Confidentiality and Protection of the Social Security Number (SSN) Finding: The Social Security number is the golden key to financial identity theft. However, it is used by so many entities that it is nearly impossible for consumers to adequately protect it. New standards and laws need to be adopted that dictate collection, use, display, security, and confidentiality of the Social Security number. It should not be used as an identifier by schools, insurance companies, employers, utility companies, or businesses. Social Security numbers should not be publicly displayed (that is, printed on timecards or badges) or shared with other companies or organizations except where required by law. ITRC would hope that business groups would voluntarily adopt many of the recommendations in this section and that legislation be a last resort. Finding: Companies often ask for information that is not necessary for the transaction of business. They claim that they may need it at a future time or for statistical purposes. There should be some restriction of the type of information asked on applications. For example, a self-storage company and a health club were recently asked why they requested the person's Social Security number. The response was that it was a convenient identity number to use as a member number. Recommendation: Legislation prohibiting the use of the Social Security number as an identifier, except for specified governmental purposes. Entities that should not be using the Social Security number as an identifier include: Schools, insurance companies, employers, utility companies, or businesses. Both civil and business code penalties may need to be imposed on those who do not comply with these standards. Again, a phase-out program can be implemented to minimize costs to those entities that now use the Social Security number as the customer identity number. Recommendation: Legislation restricting circumstances in which a company/governmental agency may ask for certain identifying information including Social Security number, birth date, and driver's license number. This recommendation includes the requirement that all States convert to non-Social Security number for driver's license number use rather than allowing the consumer an option. Finding: Information is often exchanged in an unsafe manner. Those individuals collecting information must be trained on how to collect data in a manner that does not compromise the security of consumers or employees. That means that information should not be exchanged verbally in a public place, where the conversation may be overhead. How many times have you seen a pharmacist ask for a Social Security number in order to process a prescription? Who is overhearing that conversation? How many times have you seen a retail clerk phone in a credit application while standing in a workstation surrounded by shoppers? Even once is too often. Finding: Personal information on databases should be encrypted and accessed only on a ``need-to-know'' basis. These people should have access audited and their computers must be password controlled. Ideally, these people should all have criminal and financial background checks performed on a regular basis. Recommendation: Only the personal information relevant to the purpose to be used should be requested. It must be limited to ``need- to-know'' personnel, and access of information strictly audited and controlled. Consumers and employees must be notified in advance as to the purposes of the data collection, to whom it will be distributed, and the subsequent use after the fulfillment of the original purpose. Legislation should include anticoercion language so that consumers will not be penalized if they wish to ``opt out'' of additional services/ lists or denied services if they do not wish to provide sensitive information not essential to business operations. Recommendation: No person or entity shall sell, give away, or in any way allow distribution or use of information collected or provided to governmental agencies other than the original purpose for which the information was requested. Recommendation: Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification, or disclosure of data. If this occurs, legislation should be in place to allow for civil litigation and possible punitive actions by the courts. 12. Effective Disposal of Records No Longer Needed Finding: The privacy and financial security of individuals is increasingly at risk due to the widespread collection of personal information by both the private and public sectors. Credit transactions and applications, magazine subscriptions, telephone numbers, real estate records, automobile registrations, consumer surveys, warranty registrations, credit reports, employee records, pharmacy records, mortgage or banking applications, and Internet sites are all sources of personal information and form the source material for identity thieves. Consumers must trust that companies are adequately destroying information no longer stored. Unfortunately, investigative reporters around the country are finding compromising information in dumpsters behind buildings on a regular basis. Recommendation: Legislation requiring businesses to take all reasonable steps to destroy, or arrange for the destruction of a customer's or employee's records within its custody or control containing personal information which is no longer to be retained by the business by shredding, erasing, or otherwise modifying the personal information in those records to make it unreadable or undecipherable through any means. This should include records on paper and those stored electronically. 13. Security Breaches (Workplace Identity Theft) Finding: The concealment and notification delay to concerned parties of information breaches involving the theft or possible theft of identifying information must stop. The incidents at the Stephen P. Teale Data Center and the University of Texas/Austin in which the personal financial information of hundreds of thousands fall into the hands of computer hackers is a dramatic demonstration of an all too common event. This bill MUST include both computer breaches and paper breaches of information or it will not be complete. Recommendation: Legislation needs to be considered that would require a timely notification to all parties involved in a breach containing their personal identifying information. Recommendation: An individual should have the right to verify the accuracy of information collected about him or her without charge and in a form that is readily intelligible to him or her. They should be able to challenge data recorded in error, and if the challenge is successful to have the data erased, rectified, completed, or amended. 14. Protecting Information from Mail Theft Finding: Mail theft is a major source of information for identity thieves. When consumers do not know that an item is being sent to them, they are unable to report its loss. We also have to make sure that any document being sent via mail does not include a full Social Security number or account number. Recommendation: Require prior consumer consent via an opt in program for preapproved credit card offers and convenience/balance forward checks sent through the mail. This program would also require that consumers be notified of expected mailings so they can monitor in the event it is not received. Another way to tackle this problem is to prohibit any changes in the original form sent to the consumer or allow any forms that are incomplete (In other words, a thief may not know my birth date and leave it blank). In terms of other documents, the Social Security number must be eliminated from mailings, including paycheck stubs. The employee identity number (other than Social Security number) could be used in its place. 15. Consumer Notification of Excessive Applications or Negative Information on Credit Reports Finding: Credit granters are aware that there are recognized warning signals that indicate possible financial identity theft: Multiple applications within a short period of time, multiple applications with the same Social Security number but different addresses, etc. The problem has been that no one credit issuer sees all the applications. The only entities that have access to this information are the CRA's. Recommendation: Legislation that requires the CRA to notify a consumer at all the addresses on record for the past 6 months of a possible fraud situation should more than four (4) credit applications be submitted within a 30-day period of time. Finding: Consumers do not often find out about negative information on a credit report until the worst possible time--when applying for credit, a job, or tenancy. And this may be due to the consumer's own actions, those of an imposter, or clerical errors. Recommendation: Legislation that requires the CRA's to notify a consumer of any negative information submitted to the CRA at the time of submission. This legislation may stipulate that no more than four (4) notifications are required in any one calendar year unless a fraud or security alert is currently on that credit report. ITRC's Position About Identity Theft and FCRA Sunsetting 1. Identity theft crosses State borders and many of the crimes we hear about are both cross-geographic and multi-jurisdictional in nature. This creates a loophole in which identity thieves thrive. It is one that we can, by working as a unit, finally close. National standards supported and aided by State involvement is essential. 2. A cohesive, uniform set of laws that would keep sensitive information out of criminal's hands, strengthen credit issuing standards and assist victims is badly needed. The question that has not yet been answered is whether a single set of Federal laws can do the job. 3. While strong national laws will reduce the need or desire for fine-tuning via State laws there may always be a need for the States to address individual issues--in response to consumer/business needs of that State and to enhance the ability for local law enforcement and prosecutors to pursue actions on behalf of those who live in that State. 4. We do not agree with the concerns on businesses and other groups that they will need to conform to 50 different standards. That is speculative at best and prior to 1996 was not an issue. A dual regulatory system has worked well in other areas and can work to the betterment of all in regards to FCRA as well if needed. 5. We are well aware that as a victim resource center that interacts with business that to take a diehard approach that would drastically impair or negatively impact business ability to function will be just as devastating to the victims we assist. We seek a cooperative meeting point between the business, consumer, and victims so that we can defeat the one true enemy of all of us--the thieves. 6. To discuss FCRA preemptions is premature until we see the set of new, signed laws that are adopted as national laws. As in the last 5 years, there has been much talk but little action in the last 6 months, since the preemption discussion was opened and identity theft was thrust into the spotlight. Once those laws are signed, then we can discuss preemption. Until that time, this is like filing for retirement before you have been offered your first job. Conclusion Crime, like most things in our society grows, evolves, and constantly changes. In 1970, the writers of the FCRA could not have predicted that credit transactions would be conducted via the Internet. All business was conducted in person, in communities where people were known and applications could be verified. When President Franklin Delano Roosevelt expanded the use of the Social Security number as an identifier, he could not have anticipated the Pandora's box that he would open. It was impossible to predict the impact of the information age and how computer technology would allow a crime like identity theft to flourish. The FCRA preemption discussion has created more activity and talk of action in the last 6 months than in the last 5 years combined. In 2000, the FTC held a hearing on identity theft in which we participated. They have continued to monitor this crime through their database and through victim panels. The information has not changed, just the number of victims which has increased. ITRC's staff members have attended hearings and provided information for years now to Federal legislators and governmental agencies about changes that need to be made--to no avail. Few, if any, bills have been passed. The most recent was passed because of its link to Homeland Security (higher penalties--for all those criminals who are not caught in the first place). While the Federal Government shows an interest in identity theft, it has been the States that have led the way in restricting information access and victim recovery. These legislative bodies have shown a responsiveness that is unmatched to date at the Federal level. (See addendum.) If you are serious about identity theft and feel you can address it sufficiently on a national basis, this is your opportunity to prove it. But keep in mind, we (consumers, victims, law enforcement, advocates, and the business community who cares about combating this crime) have high standards for the laws that you pass. We will not accept weak laws that either do little to help the situation or weaken existing laws that have a proven history. ITRC's sole purpose is to combat this crime and to help victims. Our fear is that the public will be promised new laws, strong laws that allow for expansion and redirection as this crime grows and evolves but will never see them. Our fear is that the promise will be made but once groups interested in renewing the FCRA preemptions wins, these news laws will cease to be discussed, let alone passed. At this time, ITRC wants to see some action. We want to see what the new laws say, who they protect, what they address, and how they will affect both businesses and consumers, neither of which can be disregarded nor harmed. Until those laws are passed and signed by the President, discussing preempting States from passing laws is premature. Thank you for your time and consideration. * * * Addendum California vs. Federal laws that have been passed in the last 3 years in response to consumer/victim/law enforcement feedback. California State Laws Confidentiality of Social Security Numbers--California Civil Code Section 1798.85-1798.86 and 1786.6. This law restricts businesses from publicly posting or displaying Social Security numbers. The law takes effect gradually from July 1, 2002 through July 1, 2005. Consolidation of Identity Theft Cases--Penal Code Section 786. The jurisdiction for a criminal action for identity theft offenses may be the county where the theft occurred or the county where the information was illegally used. If similar identity theft offenses occur across multiple jurisdictions, any one of those jurisdictions is a proper jurisdiction for all of the offenses. Consumer Credit Reporting Agencies Act Civil Code Section 1785.1- 1785.36. This law, the State counterpart of the Fair Credit Reporting Act, regulates consumer credit reporting agencies. It requires them, among other things: (1) to provide free copies of credit reports to consumers who have been denied credit or who are identity theft victims, (2) to block information that appears on a report as the result of identity theft, (3) to place security alerts (effective July 1, 2002) or freezes (effective January 1, 2003) on the files of consumers who request them, and (4) to provide, for a reasonable fee, credit score information to consumers who request it. Credit Card Number Truncation--California Civil Code Section 1747.9. No more than the last five digits of a credit card number may be printed on the electronic receipts. Effective on January 1, 2001 for machines put in use on or after that date. Effective on January 1, 2004 for all machines that electronically print credit card receipts. Credit Card ``Skimmers''--Penal Code Section 502.6. The knowing and willful possession or use, with the intent to defraud, of a device designed to scan or reencode information from or to the magnetic strip of a payment card (a ``skimmer'') is punishable as a misdemeanor. The devices owned by the defendant and possessed or used in violation may be destroyed and various other computer equipment used to store illegally obtained data may be seized. Destruction of Customer Records--California Civil Code Sections 1798.80 -1798.84. This requires businesses to shred, erase, or otherwise modify the personal information in records under their control. Employment of Offenders--Penal Code Sections 4017.1 and 5071 and Welfare and Institutions Code Section 219.5. Specified prison and county jail inmates may not have access to personal information. The same prohibitions apply to specific offenders performing community service in lieu of a fine or custody. Identity Theft: Access to Financial Records on Fraudulent Accounts--California Civil Code Section 1748.95, California Financial Code Sections 4002 and 22470. Similar to Penal Code Section 530.8, these laws require certain types of financial institutions to release (to a victim with a police report or to the victim's law enforcement representative) information and evidence related to identity theft. Identity Theft--California Penal Code Sections 530.5-530.8. These code sections define the specific crime of identity theft, require the law enforcement agency in the victim's area to take a police report, allow a victim to get an expedited judicial ruling of factual innocence, require the Department of Justice to establish a database of identity theft victims accessible by law enforcement and victims, and require the financial institutions to release information and evidence related to identity theft to a victim with a police report or to the victim's law enforcement representative. Identity Theft Conspiracy/DMV--Penal Code Sections 182 and 529.7. Courts can impose fines of up to $25,000 on individuals convicted of felony conspiracy to commit identity theft. This law also makes it a misdemeanor for any unauthorized person to obtain (or assist another person in obtaining) a driver's license, identification card, vehicle registration certificate, or other official document issued by the Department of Motor Vehicles, with the knowledge that the person obtaining the document is not entitled to it. Identity Theft Victim's Rights Against Claimants--Civil Code Section 1798.92-1798.97. This law protects identity theft victims who are being pursued for collection of debts which have been created by identity thieves. The law gives identity theft victims the right to bring an action against a claimant who is seeking payment on a debt NOT owed by the identity theft victim. The identity theft victim may seek an injunction against the claimant, plus actual damages, costs, a civil penalty, and other relief. Information Practices Act of 1977--California Civil Code Sections 1798 and following. This law applies to State government. It expands upon the constitutional guarantee of privacy by providing limits on the collection, management, and dissemination of personal information by State agencies. Insurance Information and Privacy Protection Act, Insurance Code Section 791 et seq. This law limits most insurance companies from disclosing personal information about a consumer that is collected or received in connection with an insurance transaction, for example, (1) when a consumer provides written authorization for a disclosure, or (2) when a disclosure is necessary for conducting business. The law permits the disclosure of nonsensitive information for marketing purposes unless the consumer opts out. Investigative Consumer Reporting Agencies Act, California Civil Code Sections 1786 -1786.60. This law regulates the activities of agencies that collect information on consumers for employers, insurance companies, and landlords. Legal and Civil Rights of Persons Involuntarily Detained--Welfare & Institutions Code Section 5328. This law provides for the confidentiality of the records of people who are voluntarily or who are involuntarily detained for psychiatric evaluation or treatment. Mandated Blood Testing and Confidentiality to Protect Public Health--California Health & Safety Code Sections 120975-121020. This law protects the privacy of individuals who are the subject of blood testing for antibodies to the probable causative agent of acquired immune deficiency syndrome (AIDS). Notice of Security Breach--Civil Code Sections 1798.29 and 1798.82. This law requires a business or a State agency that maintains unencrypted computerized data that includes personal information, as defined, to notify any California resident whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. The type of information that triggers the notice requirement is the name plus one or more of the following: Social Security number, driver's license, or State identity card number, or financial account numbers. The law's intention is to give affected individuals the opportunity to take proactive steps to protect themselves from identity theft. These provisions take effect July 1, 2003. Office of Privacy Protection--California Business and Professions Code Section 350-352. A State law enacted in 2000 created the Office of Privacy Protection, with the mission of protecting and promoting the privacy rights of California consumers. http://www.leginfo.ca.gov/cgi- bin/displaycode?section=bpc&group=00001-01000&file=350-352. Payment by Check or Credit Card--Civil Code Sections 1725 and 1747.8. Any person accepting a check in payment for most goods or services at retail is prohibited from recording a purchaser's credit card number or requiring that a credit card be shown as a condition of accepting the check (Section 1725). Any person accepting a credit card in payment for most goods or services is prohibited from writing the cardholder's personal information on forms associated with the transaction (Section 1747.8). Patient Access to Medical Records--California Health & Safety Code Section 123110 et seq. With minor limitations, this law gives patients the right to see and copy information maintained by health care providers relating to the patients' health conditions. The law also gives patients the right to submit amendments to their records, if the patients believe that the records are inaccurate or incomplete. Personal Information Collected on Internet--California Government Code Section 11015.5. This law applies to State government agencies. When collecting personal information electronically, agencies must provide certain notices. Before sharing an individual's information with third parties, agencies must obtain the individual's written consent. Public Records Act--California Government Codes Sections 6250-6268. This law applies to State and local government. It gives members of the public a right to obtain certain described kinds of documents that are not protected from disclosure by the Constitution and other laws. It also requires that State and local agencies be ``mindful'' of the laws that confer privacy rights. This law also provides some specific privacy protections. Spam Laws--California Business and Professions Code, Section 17538.4 and 17538.45--Penal Code Section 502. These code Sections establish the guidelines relating to unsolicited e-mail and faxes. State Agency Privacy Policies, Government Code Section 11019.9. This law requires State agencies to enact and to maintain a privacy policy and to designate an employee to be responsible for the policy. The policy must describe the agency's practices for handling personal information, as further required in the Information Practices Act. Substitute Credit Cards--Civil Code Section 1747.05. A credit card issuer that issues a substitute credit card must provide an activation process where consumers are required to contact the card issuer to activate the credit card before it can be used. Supermarket Club Card Act--Civil Code Title 1.4B. This law prohibits supermarket club card issuers from requesting drivers license number or Social Security number and from selling or sharing personal customer information; limited exemption for membership card stores. Telemarketing: State Do-Not-Call List--Business and Professions Code Sections 17590-17595. Effective April 1, 2003, Californians can put their residential and cellular telephone numbers on a State do-not- call list. For program details, visit the Attorney General's website at http://caag.state.ca.us/donotcall/index.htm. Unsolicited Cell Phone/Pager Text Ads--Business and Professions Code Section 17538.41. This law prohibits the sending of unsolicited text advertisements to cell phones or pagers. Warranty Cards--Civil Code Section 1793.1. Product warranty cards must clearly state that the consumer is not required to return the card for the warranty to take effect. Federal Laws Children's Online Privacy Protection Act (COPPA)--15 U.S.C. 6501 et seq. The Act's goal is to place parents in control over what information is collected from their children online. With limited exceptions, the related FTC Rule requires operators of commercial websites and online services to provide notice and get parent's consent before collecting personal information from children under 13. Driver's Privacy Protection Act of 1994--18 U.S.C. 2721 et seq. This law puts limits on disclosures of personal information in records maintained by departments of motor vehicles. Fair Credit Reporting Act (FCRA)--15 U.S.C. 1681-1681u. This Federal law is designed to promote accuracy, fairness, and privacy of information in the files of every ``consumer reporting agency,'' the credit bureaus that gather and sell information about consumers to creditors, employers, landlords, and other businesses. www.ftc.gov/bcp/ conline/edcams/fcra/index.html. Family Educational Rights and Privacy Act of 1974 (FERPA)--20 U.S.C. 1232g. This law puts limits on disclosure of educational records maintained by agencies and institutions that receive Federal funding. Federal Identity Theft Assumption and Deterrence Act of 1998--18 U.S.C. 1028. The Act makes it a Federal crime to use another's identity to commit an activity that violates Federal law or that is a felony under State or local law. Violations are investigated by Federal agencies including the Secret Service, the FBI, and the Postal Inspection Service and prosecuted by the U.S. Department of Justice. www4.law.cornell.edu/uscode/18/1028.html. Federal Privacy Act of 1974 --5 U.S. Code 552a. This law applies to the records of Federal Government executive and regulatory agencies. It requires such agencies to apply basic fair information practices to records containing the personal information of most individuals. Financial Services Modernization Act, Gramm-Leach-Bliley (GLB), Privacy Rule--15 U.S.C. 6801 -6827. The 1999 Federal law permits the consolidation of financial services companies and requires financial institutions to issue privacy notices to their customers, giving them the opportunity to opt out of some sharing of personally identifiable financial information with outside companies. www.ftc.gov/privacy/ glbact/index.html. Health Information Portability and Accountability Act of 1996 (HIPAA), Standards for Privacy of Individually Identifiable Health Information, Final Rule --45 CFR Parts 160 and 164. HIPAA includes provisions designed to save money for health care businesses by encouraging electronic transactions and also regulations to protect the security and confidentiality of patient information. The privacy rule took effect on April 14, 2001, with most covered entities (health plans, health care clearinghouse, and health care providers who conduct certain financial and administrative transactions electronically) having until April 2003 to comply. http://aspe.hhs.gov/admnsimp/ bannerps.htm#privacy. Telephone Consumer Protection Act (TCPA)-- 47 U.S.C. 227. This law puts restrictions on telemarketing calls and on the use of autodialers, prerecorded messages, and fax machines to send unsolicited advertisements. Video Privacy Protection Act of 1998--18 U.S.C. 2710. The Act strictly limits the conditions under which a video rental or sales outlet may reveal information about the outlet's patrons. The Act also requires such an outlet to give patrons the opportunity to opt out of any sale of mailing lists. The Act allows consumers to sue for money damages and attorney fees if they are harmed by a violation of the Act. ---------- PREPARED STATEMENT OF WILLIAM HOUGH Vice President of Credit Services, The Neiman Marcus Group On Behalf of the National Retail Federation June 19, 2003 Good afternoon. My name is Bill Hough. I am Vice President of Credit Services for The Neiman Marcus Group. I am testifying today on behalf of the National Retail Federation. I would like to thank Chairman Shelby and Ranking Member Sarbanes for providing me with the opportunity to testify before the Banking Committee about the growing problem of identity theft and the steps that Neiman Marcus is taking to curb our losses and protect our customers from these crimes. By way of background, The Neiman Marcus Group is headquartered in Dallas, Texas, and is comprised of two primary operating segments: Specialty retail (which includes 35 Neiman Marcus stores nationwide and two Bergdorf Goodman stores in New York City) and direct marketing (which includes the catalogue and online operations for our Neiman Marcus, Horchow, and Chef 's brands). We issue our proprietary credit cards under the Neiman Marcus and Bergdorf Goodman names. The National Retail Federation (NRF) is the world's largest retail trade association with membership that comprises all retail formats and channels of distribution including department, specialty, discount, catalogue, Internet, and independent stores. NRF members represent an industry that encompasses more than 1.4 million U.S. retail establishments, employs more than 20 million people--about 1 in 5 American workers--and registered 2002 sales of $3.6 trillion. In fiscal 2001, Neiman Marcus reached a high-water mark for identity theft related losses with just over 520 cases representing a total expense of $1.3 million. In the past 2 years, we have experienced a decline of approximately 70 percent in the number of identity theft fraud cases with less than 150 cases projected for the current year. It is important to note that cases involving other forms of fraud, such as lost or stolen cards have remained constant over the past 2 years. Mr. Chairman, instant credit represents about 85 percent of all new accounts opened at Neiman Marcus. As you know, this process is most likely to take place at the point of sale and relies on a highly automated and relatively quick procedure to verify an applicant's identity and check that individual's credit report. In order to cut down on fraud and identity theft during the instant credit application, Neiman Marcus developed a custom fraud detection model that analyzes certain specific attributes of every credit application. This system isolates certain variables on an application and double-checks them against the information found on the applicant's credit report. Where discrepancies or inconsistencies occur, the model sends the application to our credit department for further review. Clearly, the model we developed works well and has reduced our losses significantly over the past 2 years. Additionally, another positive byproduct of the model is that it has identified and prevented many more identity theft cases (about 800 in the past year). Occasionally, we are able to definitively detect an attempted fraud and arrest the identity thief in our store. This usually occurs if our credit office, after being alerted during the application process, can quickly get in touch with the victim by calling a phone number provided through the credit bureau information. We will then ask if they want to pursue an arrest of the person attempting to use their personal information to open a credit account. If they agree, we will authorize a credit card number and allow the clerk to open the account and complete the transaction. At that point, Neiman Marcus Loss Prevention will detain the suspect and contact the police. We have had 33 such arrests this year, and 80 in 2002. Another program that Neiman Marcus has used to dramatically cut down on fraud is administered through our direct marketing division. Currently, Neiman Marcus Direct packs and ships approximately 10,000 packages per day for our Neiman Marcus, Horchow, and Chef 's brands. We also ship about 5,000 packages from our specialty retail stores each day. By using customer information-sharing we were able to develop an address delivery cross-check within our Delivery Manifest System. Thus, each package is passed through this address verification to make sure it is not going to a known bad delivery address. Additionally, edits are in place to identify unusual buying patterns that may be forwarding merchandise to a certain address. These controls stopped over 500 fraudulent shipments last year. Neiman Marcus also does special edits to focus on the hottest selling merchandise, knowing that these items often have the highest street sale value. In fact, a savvy sales clerk at the Neiman Marcus in White Plains, New York, helped to expose one of the largest identity theft rings in U.S. history involving a former employee of Teledata and over 30,000 stolen credit reports from the three major credit bureaus. The incident began when a woman called in an order for $6,000 in trendy shoes to the White Plains store and told the sales clerk she did not care what size shoes were shipped to her. The sales clerk realized this was a suspicious transaction and notified the Loss Prevention Department at Neiman Marcus who helped set up a controlled delivery with the local law enforcement and the U.S. Postal Service. Mr. Chairman, I would like to be able to tell you that Neiman Marcus has prevented 100 percent of all fraudulent credit applications this year, but I cannot. Successful identity thieves still slip by our systems at a rate of 7 per every 10,000 applications processed--less than one- tenth of 1 percent. This, in my view, is not the result of a flawed system, but the result of determined criminals with sophisticated tools like computers and the Internet. You see, the most successful identity thieves know how to replicate an individual's verifiable identity characteristics, including producing near-perfect identity documents such as State-issued driver's licenses and counterfeit credit cards. Thieves are always looking for the weakest link in any system in order to perpetrate a crime. Today, identity theft and unauthorized access to existing accounts (such as unauthorized account look-up or account takeover) seem to be the name of the game. Both of these crimes rely on being able to present yourself using someone else's identity information. For these types of criminals there is very little else we can do to detect and prevent the crime, and retailers, like other businesses, are looking to the States and the Federal Government to begin producing the most secure and fool-proof identity documents possible. Some have proposed the use of biometrics or magnetic strip authentication to verify an individual's identity. Whatever the mechanism, it behooves retailers, banks, and governmental bodies alike to make identity security a top priority. In fact, the NRF is in the beginning stages of creating a public-private partnership to focus on identity security and its implications for both preventing identity theft, as well as helping victims put their credit records back together again. The need for tougher law enforcement statutes is critical. While we will arrest approximately 250 fraud perpetrators this year, many of these criminals are out on the street the next day with a slap on the wrist. It is almost as though they are being treated as a harmless pickpocket versus a serious criminal who has created havoc for an innocent victim. These people, especially those that become multiple offenders, must face stiffer sentences if we are going to stop this type of crime. With identity theft representing such a small fraction of total credit applications, it is often a case of looking for a needle in a haystack. Further, identity thieves thrive on anonymity and rely on the assumption that large retailers such as Neiman Marcus cannot put a name and face together in order to prevent fraud. This is why it is so important for retailers to know their customers, and the only way we can do this is through the use of information. Information flows between Credit Services and the credit bureaus or between our Retail Division and Direct Marketing Division, combined with sophisticated technology and scoring models, cuts down on fraud and allows us to offer exceptional customer service. These two benefits are not mutually exclusive and the type of information we collect from each customer and its uses is explained clearly in the Neiman Marcus Security and Privacy policy that can be found online at www.NeimanMarcus.com. At Neiman Marcus, we also have a Fraud Unit that specializes in handling all types of fraud claims. These associates are specially trained to assist and guide identity fraud victims through a very complicated ordeal. In fact, a call from our Fraud Unit can be the first indication that a consumer may have of suspicious activity on their account or of a potential identity theft in progress. You can be sure that if an identity thief is trying to open accounts in our store, they are probably attempting to do the same thing at several other locations as well. Identity theft is a crime with at least two victims, the individual whose identity was stolen and the business from which money or merchandise was stolen. Clearly, it is the individual victim that is most directly hurt, but, if identity theft crimes continue to rise at the rate reported by the FTC, all consumers will ultimately pay as business losses are passed back to customers. We, at Neiman Marcus, are convinced that our systems are making a difference, but we also do not intend to sit on our hands waiting for criminals to find the next weakest link. Mr. Chairman, I ask that Congress think carefully before blocking information flows or constraining businesses to specific prevention techniques or responses. We, in business, must continue to have the leeway to innovate to respond to constantly changing variables. Criminals always find a way and we need to maintain the ability to find a response. In closing, I would like to emphasize the retail industry's strong support for the permanent reauthorization of the seven areas of preemption contained in Section 624 of the Fair Credit Reporting Act. The current uniform national standards allow retailers and lending institutions to get a complete and accurate picture of a person's credit history, as well as prevent fraud and identity theft. Consumers have come to expect efficient and secure access to credit when purchasing everything from an automobile to consumer goods such as furniture, appliances, and apparel. In the final analysis, we in the retail industry have a real concern that a more fragmented approval processes for credit would negatively impact consumers in many different levels and, as a consequence, retail sales, ultimately costing jobs and hurting the economy as a whole. I appreciate the opportunity to testify here today. I look forward to answering your questions, as well as those of the Committee. Thank you. ---------- PREPARED STATEMENT OF MICHAEL W. NAYLOR Director of Advocacy, AARP June 19, 2003 Good morning, Chairman Shelby, Ranking Member Sarbanes, and other distinguished Members of the Senate Banking, Housing, and Urban Affairs Committee. My name is Michael Naylor. I am the new Director of Advocacy at AARP. I want to take advantage of my first appearance before the Committee to introduce myself to you in my new role at AARP. I also want to take a moment to stress my strong desire to work closely with you on the full range of issues that come before this Committee which are of interest to our Members--and to midlife and older Americans generally. Let me begin by offering our views regarding the important subject of this hearing: ``The growing problem of identity theft and its relationship to the Fair Credit Reporting Act.'' I will summarize some important research that we have conducted which has guided AARP's thinking about these important issues. I have attached as appendices to my written remarks the results of two key studies that underpin today's testimony.\1\ --------------------------------------------------------------------------- \1\ See attached: ``Identity Theft: Experience of Older Complainants,'' and ``The Fair Credit Reporting Act: Issues and Policy Options.'' --------------------------------------------------------------------------- Identity theft is the co-opting of names, Social Security numbers, credit card numbers, or other pieces of personal information for fraudulent purposes. The fraud most often perpetrated takes the form of using someone else's account identity for purposes of financial theft. It can also take the form of an impostor--that is, someone assuming another person's identity in order to seek payment under false pretenses for provision of professional or other services--and to avoid accurate identification or detection. Identity theft occurs when an individual's personal identifying information (for example, name, Social Security number, date of birth, or mother's maiden name) is stolen by another person and used to commit fraud or engage in other unlawful activities. Often this stolen information is used to establish credit, run up debt, or take over existing financial accounts. Typically, identity theft damages the victim's credit, making it difficult for the victim to buy a home or car, rent an apartment, obtain employment, or purchase insurance. Victims can often spend substantial amounts of time and money resolving problems created by identity theft. Common problems include the victim's having to contact credit bureaus repeatedly in an attempt to clear his or her credit reports of fraudulent accounts, being turned down for credit based on the incorrect information contained in the victim's credit report, and receiving calls from creditors seeking to collect on the fraudulent accounts. I mentioned two studies. The first study confirms the seriousness of the identity theft problem for older persons. With a membership of over 35 million persons, AARP views, with alarm, the risk that identity theft poses to the personal security of all Americans, young and old, well-educated or not. However, our research does indicate a greater vulnerability of older Americans, based on the higher proportion of those age 50 years and older who report being victimized by identity theft, compared to the proportion of all age groups making such reports. The second study represents an extensive review of the research literature on the Fair Credit Reporting Act. This AARP report describes the range of risks faced by consumers that result from erroneous information (elements)--some resulting from identity theft. A variety of policy options for reform of FCRA emerged from this examination. We should recognize that all Americans are vulnerable to the fraudulent use of their--or someone else's--personal information. After all, we are known as the information society. But mid-life and older Americans are particularly vulnerable targets for this type of criminal activity because they control a proportionately larger share of the Nation's financial assets, and because there are likely to be more access points to a longer personal history that can be tapped into and exploited. For those near or in retirement, the costs of identity theft under any guise are particularly high, bringing a sense of violation and a loss of individual security that cannot easily be recovered. The magnitude of the Nation's problem with identity theft is just now coming to light. Identity theft has been listed by the U.S. Federal Trade Commission (FTC) as the fastest growing form of crime in the Nation. Depending on the reporting source and the manner in which the information was collected, the estimates range from 500,000 to 1.1 million victims for the year 2001 alone. Even the lower estimate seems staggering. Estimates also vary as to the financial losses incurred, and the time and effort it takes to reestablish a victim's proper credit and community standing. For example, according to studies done by the FTC and by the Privacy Rights Clearinghouse, the average victim spends about 175 hours and $1,100 in out-of-pocket expenses. Once victimized, an individual may never completely recover his or her ``good name.'' The risk of being victimized has been amplified through the availability and use of today's high-tech information resources and tools. The Identity Theft and Assumption Deterrence Act of 1998--known by short-hand as the Identity Theft Act--made it a Federal crime to knowingly transfer or use a means of identification of another person with the intent to commit, aid or abet any unlawful activity under Federal law, or any activity that represents a felony under State or local law. Most States have passed similar laws related to identity theft--that is, most State laws make identity theft a criminal offense. Thousands of impostors have been caught and prosecuted, most often by the U.S. Postal Service Inspection Service (which investigates mail fraud) and the U.S. Secret Service's Financial Crime Division. Also important are the efforts of State and local law enforcement agencies-- although all law enforcement resources are being heavily taxed by homeland security and antiterrorism responsibilities. Notwithstanding these efforts, it appears that identity theft remains a high-profit, low-risk, and--until recently at least--a low-penalty crime. Identity Theft: The Experience of Older Complainants The Identity Theft and Assumption Deterrence Act of 1998 made the actual theft of an individual's identifying information a specific Federal crime, and authorized the creation of the FTC's Identity Theft Data Clearinghouse and database--which has been in existence since 1999. The complaint data are based on self-reporting by the complainant either to the FTC or to another agency that subsequently forwarded the complaint to the FTC.\2\ Since inception of the database, the FTC has reported major increases in the number of telephone calls from consumers to its Clearinghouse hotline. Calls from consumers increased from an average of 445 calls per week in the first month the hotline was in operation (November 1999), to an average of 3,000 calls per week in December 2001. In addition to the toll-free hotline, consumers can file a complaint online or by mail. --------------------------------------------------------------------------- \2\ The question may arise regarding how to appropriately interpret consumer complaints data. We take the perspective that consumer complaints can serve as an early-warning function leading to increased accountability and safer, more effective, high-quality processes, products, and services. --------------------------------------------------------------------------- In order to get a sense of the vulnerability among those 50 and older to identity theft, AARP requested that the FTC prepare two sets of tabulations based on complaint data gathered through the Identity Theft Data Clearinghouse for the year 2001. The 2001 data report on 86,168 identity theft complainants, with 72 percent of these (61,956 complainants) reporting age information. For the year 2001, more than three-quarters (78 percent) of complainants who reported their age (n=61,956) were under 50 years old, while 22 percent of complainants were 50 years of age or older. We then asked the FTC to group its data for complainants on identity theft crimes, for those that provided their ages, into their classification system for different types of fraud. Key Results Credit Card Fraud Among the general types of fraud identified by the FTC, 42 percent of all complainants reported having their stolen information used in an effort to commit credit card fraud. Of complainants reporting this type of fraud, 62 percent reported that their information was used in an attempt to establish new credit, while 24 percent reported their information was used in an effort to access existing credit accounts. Half (51 percent) of complainants age 50 and older reported having their stolen information used in an attempt to commit credit card fraud. Of complainants reporting attempts at this type of fraud, two- thirds (66 percent) reported their information had been used in an effort to establish new credit, while one-third (33 percent) reported their information was used in an attempt to access existing credit accounts. Telephone or Utilities Fraud Twenty percent of all complainants reported having their stolen information used in an effort to commit telephone and utilities fraud. Nearly half (48 percent) of complainants experiencing this type attempt at fraud reported their information had been used in an effort to establish new wireless telephone service. Seventeen percent of complainants age 50 and older reported having their stolen information used in an effort to commit telephone and utilities fraud. Almost two- thirds (64 percent) of complainants in this age group experiencing this type of attempt at fraud reported their information had been used in an effort to establish new wireless telephone service. Bank Fraud Thirteen percent of all complainants reported having their stolen information used in an effort to commit bank fraud. Nearly half (47 percent) of complainants experiencing this type of attempted fraud reported their information had been used in an effort to commit check fraud. Eleven percent of complainants age 50 and older reported having their stolen information used in an effort to commit bank fraud. Sixty- three percent of older complainants experiencing this type of attempt at fraud reported their information had been used in an effort to commit check fraud. Loan Fraud Six percent of all complainants reported having their stolen information used in an effort to commit loan fraud. Half (53 percent) of complainants experiencing this type of attempted fraud reported their information had been used in an effort to secure a personal or business loan. Seven percent of complainants age 50 and older reported having their stolen information used in an effort to commit loan fraud. Of complainants experiencing this type of attempt at loan fraud, 56 percent reported their information had been used in an effort to secure a personal or business loan. Overall, 10 percent of all complainants that reported their personal information had been stolen indicated that it was used in an attempt to commit some type of fraud. However, nearly double that proportion, 18 percent of complainants age 50 and older, reported attempted identity theft fraud. We believe further collection and analysis of complaint data are necessary to better understand the nature of identity theft crimes and to devise more effective prevention and enforcement policies. Implications for the Fair Credit Reporting Act The Fair Credit Reporting Act (FCRA), enacted in 1970, is the foundation of our national credit system. consumer reporting agencies (CRA's) collect and compile information on consumers' creditworthiness from financial institutions, public records, and other sources. FCRA applies to the personal credit records maintained by CRA's. The FCRA also outlines a consumer's rights in relation to his or her credit report, as well as permissible uses for credit reports and disclosure requirements. In 1996, the FCRA was amended and now contains seven specific Federal preemptions (due to sunset on January 1, 2004, unless Congress extends them) that prevent States from overriding or changing: <bullet> The responsibilities of organizations and businesses that furnish information to reporting agencies. <bullet> The duties of organizations and businesses to notify consumers when they have been denied credit or employment based on information in their credit reports. <bullet> Procedures that a consumer reporting agency must use if a consumer disputes the accuracy of information. <bullet> The information that may be included in consumer reports, including the time during which consumer reporting agencies are permitted to report adverse data. <bullet> The form or content of the summary of rights that a consumer reporting agency is required to provide to a consumer along with information in the consumer's file. <bullet> The exchange of information among affiliated institutions. <bullet> Prescreening procedures that provide consumers with credit or other financial services or product lines. The consumer credit reporting industry is a $6 billion industry that provides information about consumers to a wide variety of businesses. Information on consumers is purchased by lenders, credit sellers, insurance companies, and landlords, and by employers seeking information on prospective or current employees. The largest sources of credit reports are the three national consumer reporting agencies (CRA's) that collectively maintain an estimated 570 million files on U.S. consumers. Each CRA collects its own data on an individual consumer and maintains its own file on that consumer. It should come as no surprise that the credit reporting industry is the most extensive user of consumer data in the private sector. In addition to selling credit reports, CRA's sell prescreened lists of consumers to providers of credit and insurance products. Prescreening involves CRA's creating a list of consumers who meet criteria specified by purchasers of the list. For example, credit card companies use prescreened lists to identify and solicit consumers who qualify for ``preapproved'' offers of their credit card product. As a result of the large amounts of data involved, the credit reporting industry relies heavily on computer automation, and information is transferred, sorted, stored, and retrieved electronically. To facilitate this automation, many creditors and other furnishers of information to CRA's use a standardized computer program to report data to CRA's. Information provided to CRA's is usually received monthly and downloaded into their databases. The widespread use of credit reports for an increasing variety of purposes, and the large amount of information processed by CRA's, raise a number of issues regarding the FCRA's uses and effects. One of the major goals of the FCRA is to promote accuracy in credit reporting by requiring CRA's to use reasonable procedures. Despite FCRA protections, available data suggest that assuring the accuracy of the information in credit reports continues to be a concern. Incorrect information has too often been included in consumer credit reports.\3\ --------------------------------------------------------------------------- \3\ A 2000 study examining consumer credit reports found that over half of the credit reports examined contained errors. A 1998 study found that 70 percent of credit reports investigated contained incorrect information. Of these reports, 29 percent contained errors significant enough to have serious adverse consequences for the consumer's credit, and 41 percent contained personal identifying information that was either incorrect or obsolete. See Appendix 2. --------------------------------------------------------------------------- Another accuracy issue is that information creditors provide to CRA's may be incomplete and positive information may be missing. The FCRA does not require creditors to report account payment information to any CRA. Rather, creditors are free to report to none, one, two, or all three of the national CRA's. Additionally, some companies apparently intentionally withhold positive credit information to prevent the loss of customers to competitors. As a result, the credit reports of these consumers will not reflect positive payment history, and the consumer will be unable to access less costly products and services. Inaccuracies can also occur when a creditor sells a delinquent account to a debt collector. Once the original creditor sells the account to a debt collector, the debt collector becomes the furnisher of information on this account to the CRA's. The main source of inaccuracy in this case results from incorrect reporting of the date of initial delinquency on the account.\4\ --------------------------------------------------------------------------- \4\ One concern is that debt collectors may report the date they purchased or received the account as the date of initial delinquency, even though the actual date of initial delinquency was likely much earlier. Because the FCRA stipulates that most negative information remains on a consumer credit report for 7 years from the date of initial delinquency, establishing this date is important to consumers attempting to restore their credit. --------------------------------------------------------------------------- A further source of inaccurate information is error in the electronic merging of files that occurs when one consumer's credit information is mixed with another consumer's file. This typically occurs with consumers who have similar identifying information such as a similar name or Social Security number. Yet another source of inaccuracy occurs when CRA subscribers request information on one consumer from a CRA database, and obtain data on another consumer instead. This problem occurs because the accuracy of the information received from a CRA is inversely related to the specificity of the identifying data elements that are used to search the database. That is, subscribers who use fewer identifying elements are more likely to receive credit information unrelated to the consumer about whom they are seeking credit information. For example, a subscriber who uses only name and address information will likely receive more matches (and consequently less accurate information) than a subscriber who uses additional identifiers (such as Social Security number and date of birth). Consumers are typically required to pay a fee when obtaining a copy of their credit report. The FCRA allows CRA's to charge consumers a fee of up to $9 (plus applicable State tax) for a copy of their credit report. Six States entitle consumers to one free credit report from each CRA annually, while other States cap the cost of credit reports below the Federally mandated level. Because most consumers have separate files at all three national CRA's, consumers are well-advised to purchase their credit report from all of them to ensure that each of their credit reports are accurate. They are used by potential lenders to provide an instant summary of information contained in the consumer's credit report and may be used to rank consumers to determine whether they qualify for a loan, how much they should be lent, and at what rate. Then there is the problem of identity theft that I raised earlier. At issue here is the role of the FCRA in preventing identity theft and assisting victims of this crime. Previously, I noted that older persons can be an appealing target for such theft because they typically have significant available credit to draw on. They can also be victimized by family members or caregivers who have access to their personal information. It appears that all too often, the identity thief takes the individual's personal information and uses it to open fraudulent accounts based on the unknowing victim's credit report information. FTC complaint data show that consumers often experience substantial difficulty in correcting information they dispute. One concern is that reinvestigation procedures used by CRA's are inadequate. Another problem is the reappearance of incorrect information previously deleted from a consumer's credit report. In addition, victims of identity theft have reported difficulty in removing fraudulent items from their credit reports even after the identity theft has been discovered. Another FCRA issue involves the preemption of some aspects of existing State credit reporting laws. Most States have laws relating to credit reporting, and generally the FCRA does not preempt State laws that provide greater consumer protections. Should the State preemptions expire on January 1, 2004, as required under the FCRA, States would be allowed to enact legislation governing the sharing of such information. Our survey of issues concludes with the 2-year statute of limitations provided by the FCRA. This issue is the result of a 2001 Supreme Court decision involving an identity theft victim's suit against a CRA for failing to take reasonable steps to ensure the CRA was issuing a credit report for the right person. The Court's ruling is a major concern for identity theft victims and their counsels because it takes an average of 14 months for victims to learn of the theft and subsequent damage to their credit reports. As a result, consumers who do not learn of problems in their credit reports quickly enough may have no legal recourse. Some Recommendations To address these concerns, we recommend that Congress and the Administration: <bullet> Provide stronger enforcement of rules requiring the date of initial delinquency to be reported correctly by debt collectors. The FCRA requires furnishers of such information to verify the accuracy of the data reported when challenged by a consumer. This proposal is intended to prevent the reporting of negative information beyond the time limits provided by the FCRA. <bullet> Require subscribers who purchase credit reports from CRA's to provide the same standard of identification to retrieve a consumer's credit report as is required of consumers seeking their own credit report. Because CRA's have procedures in place for consumer access, these same procedures can be applied to subscribers requesting credit reports. <bullet> Require CRA's to provide consumers with at least one annual free credit report a year to make it easier and less expensive for consumers to monitor their credit reports. Prohibitions need to be enacted that protect consumers from fraudulent ``credit-repair'' practitioners. <bullet> Allow consumers to place a security freeze on their credit report, and issue to consumers a password to prevent their credit report from being accessed without their express authorization. California recently enacted such a provision. This procedure slows down the process for retrieving a consumer's credit report because the consumer must first contact the CRA's and give permission for the release of his or her credit report to the specified individual or business, thereby providing an extra check to prevent fraud. <bullet> Require CRA's to permanently block fraudulent accounts on the credit reports of identity theft victims. Such blocking is required under California law and has been proposed under Federal legislation. This requires CRA's to correctly identify that the account is fraudulent despite the fact that the account may have been sold to a debt collector and been reported as a separate account. <bullet> Require the FTC to monitor how effectively consumer disputes with CRA's are resolved. <bullet> Allow the Federal preemptions to expire as originally intended under the FCRA unless Federal legislation providing greater consumer protections can be enacted. <bullet> Change the statute of limitations to allow consumers more time to discover potential problems in their credit reports. Federal legislation has been proposed to extend the statute of limitations. Changing it to 2 years from the time the violation is discovered, or should have been discovered by the exercise of due diligence by the consumer, would give consumers a longer time frame in which to act. Conclusion AARP supports strengthened Federal, State, and local efforts to hold the perpetrators of identity theft and fraud accountable. We are prepared to work with you, Chairman Shelby, Senator Sarbanes, and with the other Members of this Committee in this regard. However, we also believe that efforts to improve accountability should be complemented with effective measures to provide victim assistance. And we believe that the practices of credit reporting agencies should be reformed to protect consumers and businesses against erroneous information, provide greater consumer access to credit files, enable consumers to correct erroneous information more easily, require that credit reports be more user-friendly, and require the purging of files after a reasonable time. We would be very happy to work with the Committee in updating and upgrading the FCRA. I would be pleased to answer any questions that you may have. <GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT> REPONSE TO WRITTEN QUESTION OF SENATOR DOLE FROM J. HOWARD BEALES, III Q.1. Mr. Beales, while there is always room for improvement, do you believe that the credit reporting agencies are doing enough to combat identity theft? A.1. I am gratified by the credit reporting agencies' adoption of several new programs to assist victims of identity theft. The police report blocking initiative, the joint fraud alert, and their endorsement of our uniform identity theft affidavit all demonstrate a willingness on the part of the agencies to work with the Federal Trade Commission in finding ways to relieve the burden on victims of identity theft. As discussed in the Commission's July 10, 2003 testimony, the Commission supports legislative codification of these practices. As further outlined in the Commission's testimony, we believe that there are areas where the consumer reporting agencies can do more to help in the area of identity theft. Providing consumers with access to free credit reports may alert them to possible identity theft. In addition, free reports will enable consumers to keep a closer watch on their credit history. RESPONSE TO WRITTEN QUESTION OF SENATOR MILLER FROM J. HOWARD BEALES, III Q.1. What legislative remedies would you recommend that the Senate Banking Committee include in a FCRA bill? A.1. The Commission's July 10 testimony set forth specific legislative recommendations to the Committee. RESPONSE TO WRITTEN QUESTION OF SENATOR MILLER FROM TIMOTHY CADDIGAN Q.1. In Mr. Harrison's testimony he discusses the fact that Army officials at Ft. Bragg, North Carolina, issued his identity theft perpetrator an active duty military identity card in his name and Social Security number and that he has had trouble clearing up his identity issues. Is the Secret Service also working with the military to combat identity theft? If so, to what degree? A.1. The Secret Service works with many different State and local law enforcement agencies, as well as military law enforcement units, through our local field offices across the country. In cases involving military personnel as either victims or perpetrators, the individual military units (Army CID, Navy CIS, or Air Force OIG) and our local field offices collaborate on the investigation. On a national level, the new Identity Crime Video/CD-ROM the Secret Service has produced in partnership with the International Association of Chiefs of Police and others is being distributed to every local and State law enforcement agency in the country, including each military law enforcement office on every military base in the United States. In addition, the Secret Service provides resources on counterfeit checks, counterfeit documents, credit cards, and fictitious instruments to military investigators, all of which can be highly useful to an identity crime investigation. RESPONSE TO WRITTEN QUESTIONS OF SENATOR DOLE FROM MICHAEL D. CUNNINGHAM Q.1. Mr. Cunningham, how does affiliate sharing assist in your business' efforts to combat identity theft? A.1. From a fraud perspective, affiliate sharing allows us to prevent our customers from becoming identity theft victims through address verification and fraud files. For example, a mortgage can be used to verify the address on a credit card application. Imagine having a mortgage with a company that contacts you because they need to verify your address on a credit card application. Affiliate sharing also allows us to expedite processing and avoid the inconvenience customers may experience if we required them to submit documentation. Furthermore, if a customer becomes a victim of identity theft, through affiliate sharing we can prevent additional account compromises and facilitate a quicker recovery of funds and the victim's identity. Affiliate sharing also provides us with enhanced servicing opportunities by offering targeted products to our customers. Q.2. After our last hearing on the Fair Credit Reporting Act Authorization my friend, Senator Dodd, was good enough to send me a copy of a series of articles written by the HartfordCurrent recently which detailed some very distressing charges of errors the paper says have been built into the credit reporting system. One such charge was that credit reporting agencies have the incentive to put false information in a credit report because a potential creditor is more likely to buy a report with more information in it because they assume that it must be more accurate. I find that hard to believe. Mr. Cunningham, since you represent a bank which purchases credit reports, would you comment on that charge? A.2. We value the data integrity, not the quantity of data, when contracting with the credit bureaus. RESPONSE TO WRITTEN QUESTION OF SENATOR MILLER FROM MICHAEL D. CUNNINGHAM Q.1. Do you think that the credit bureaus are doing enough to help victims of identity theft clear and correct their information? A.1. I believe the credit bureaus are focused on assisting victims in recovering their identity and preventing additional occurrences. Please feel free to contact me if I can be of any additional assistance to the Committee on this very important issue. RESPONSE TO WRITTEN QUESTION OF SENATOR DOLE FROM JOHN M. HARRISON Q.1. Mr. Harrison, your testimony was excellent and I believe it gave us a new appreciation for the ordeal victims of identity theft go through. I would like to clarify a few of your points for the record. In your written testimony you state, ``My conclusion is, there is no system in place to assist an identity theft victim when banking accounts are opened in your name and Social Security number, but are completely removed and unrelated to your own banking accounts. This industry is well behind the progress that has been made in the credit industry.'' You appear to be holding up the credit bureaus, even though they admittedly have problems, as an example for banks. Is that accurate? A.1. Thank you for allowing me the opportunity to clarify part of my testimony for you. Your question is in regards to my comment about fraudulent banking accounts, the system surrounding those accounts and whether I am holding up the credit bureaus as an example for banks. In fact, it is not the credit bureaus I am holding up as an example, it is the system surrounding the credit industry as a whole that I am comparing to the banking industry's system. In my own situation, I have dealt with both types of fraud and I am in a good position to make the comparison. The problems that do exist within the credit system are a result of the participants not meeting their responsibilities; not the system itself. Creditors have a choice between three credit reporting agencies for account authorization and also to report both positive and negative information on consumers. Even after my identity was stolen and the many fraudulent accounts were opened, it could have been a manageable situation for me had the repositories, creditors, and debt collectors simply followed the rules within the system. That happens less than most people would think and the consequences they face for repeatedly making the same mistakes are minimal. Still . . . within that system a victim can maintain their hope. The fraudulent information is contained within those three repositories. Through persistence, through repetitiveness, a victim can order the reports, dispute the fraudulent accounts and continue to do that until one day, the updated reports have no more erroneous information on them. It did not take me long to learn that this same process cannot be used when dealing with savings and checking accounts fraudulently opened in my name. That system, or lack thereof, is far more complex, less cooperative, and not consumer- friendly. Banking accounts and bad checks get reported in many more databases than credit accounts. The majority of companies that maintain these databases do not consider themselves reporting agencies and therefore do not adhere to the FCRA. These companies feel no responsibility to assist victims or send them consumer reports. This creates a problem getting information and also makes it difficult for a victim to verify the negative information has actually been removed from the database. An identity theft victim dealing with bank fraud must communicate with banks, merchant's that accept checks, the merchant's check service company, and national databases to resolve their situation. Literally, there are hundreds of companies storing information on consumers and all that information is shared between those companies. Additionally, not all the information that is stored in those databases is listed under the victim's Social Security number. Companies that maintain databases of bad check writers store that information under driver's license numbers and routing/account numbers for each check. The average consumer would not have an understanding of how information is stored in these databases or how they relate to one another. Without that understanding, a victim of check fraud cannot get to the information contained in these databases to dispute it. The second great difficulty that I discovered is when a fraudulent credit account is opened in your name and you are successful in resolving the account with the creditor and the credit bureau reporting it, all transactions associated with that account are also resolved. This is not the case with checking accounts. Even if you are successful in removing the fraudulent information from the reporting agency, even if you successfully dispute the account directly with the bank that opened it; each check written on that account has already become its own individual debt. There is still a merchant, his/ her debt collector, or the merchant's check management company attempting to collect on the bad check. Still another difference between credit fraud and checking fraud: When a creditor suspects fraud and closes the account, the credit account is no longer useable by the imposter. When a bank closes an account for cause, the imposter can still continue using those checks for weeks or even months. My belief is the hundreds or even thousands of these check management companies are credit reporting agencies. They maintain information files on consumers. That information is sold to their customers and used in the legitimate business transaction of whether a check is accepted or declined by the merchant. Further, they share consumer information with their affiliates and some of their websites indicate they also sell consumer information to third parties. A great deal of attention has been paid to the three major repositories and the credit industry themselves has at least acknowledge the problem of identity theft and are addressing it. The banking/checking industries are virtually silent on the issue of identity theft and have not even begun to put procedures in place to assist victims of identity theft. I hope this sufficiently clarifies my comment and again I appreciate this opportunity to further address the issue of banking/checking fraud. Through default, I have a great deal of' knowledge and experience with the systems victims encounter in attempting to restore their names and reputations. Please feel free to call upon me at any time to answer questions or inquiries about the reality of those systems. RESPONSE TO WRITTEN QUESTION OF SENATOR MILLER FROM JOHN M. HARRISON Q.1. Mr. Harrison, I am sorry to hear about your personal situation regarding your identity theft. It does sound like it has been a challenge. Let me ask you, in your statement you say, ``Equifax has failed to meet nearly all the provisions of the FCRA.'' Could you tell me what you mean by that statement so I can understand your point of view better? A.1. Thank you for allowing me the opportunity to clarify part of my testimony for you. You have asked me to provide additional understanding of the statement in my written testimony, ``Equifax has failed to meet nearly all the provisions of the FCRA.'' I can begin by giving you a snapshot of what appears on my repository reports 21 months after learning I was an identity theft victim. There are no fraudulent accounts appearing on either my TransUnion or Experian reports presently. At times, new debts related to my identity theft appear on my Experian report, but the situation is manageable and I can generally have those accounts removed with an online dispute to Experian. TransUnion allowed me to take advantage of a new California law to freeze my credit report. They offered this to me free of charge and since my report was frozen, I have had no accounts related to my identity theft appear on my TransUnion report. In contrast, there are still 30 fraudulent accounts being reported by Equifax presently. Those 30 accounts are being reported on 2 separate reports that Equifax has in their system in my name and Social Security number. Equifax consistently sends one of those reports to my creditors and it contains 18 fraudulent accounts. Many of those accounts were disputed and thought resolved in November and December 2001. There are also 110 inquiries on that report from companies that requested my file. The second report, which Equifax sends to me when I request my consumer file, only contains 12 fraudulent accounts. There are 26 inquiries from companies on this file. While both TransUnion and Experian responded to each of my dispute letters, it took 11 months and three dispute letters to get my report from Equifax. When I finally received that report and the results of my reinvestigation, Equifax had failed to delete the accounts which they said would be deleted as a result of that investigation and those accounts still remain on my report. Equifax still has my current address, current employer, and phone number wrong in their system despite my efforts to correct them. They also refused to investigate any of the inquiries they were generated as a result of fraudulent accounts claiming they are a factual repre- sentation of my consumer file. For certain I have had some difficulties with the other two repositories and they have made mistakes that are clear violations of the FCRA. However, I have always felt they were at least making an effort to comply with FCRA and those mistakes were easy for me to overlook. Equifax in my opinion has made no effort on my behalf. I do not believe they have taken the time to read any of my dispute letters or review the 18 pages of supporting documentation I included with those letters. If someone at Equifax had set out to deliberately make a mess of my credit file; I do not believe they could have done a better job of it than exists right now. I hope this sufficiently clarifies my statement about Equifax and again I appreciate this opportunity to be a part of the process. Through default, I have a great deal of knowledge and experience with the systems victims encounter in attempting to restore their names and reputations. Please feel free to call upon me at any time to answer questions or inquiries about the reality of those systems. RESPONSE TO WRITTEN QUESTION OF SENATOR MILLER FROM LINDA FOLEY Q.1. Do you think the credit bureaus are doing enough to help victims of identity fraud clear and correct their information? If not, what should they do? A.1. ITRC does not think that the CRA's are doing enough. While we recognize that the CRA's are just data collectors, they have also accepted the role of helping in dispute and information management and that is where they tend to fall down. 1. Failure to follow established dispute process--ITRC has heard from victims that use the designated CRA dispute process (fill out the dispute form, attach police report and evidence). Only it appears that the evidence or items submitted with the dispute form is not forwarded to the credit issuer or collection agency. This results in the dispute being denied and forcing the victim to try to contact the issuer directly, creating more delays and time consumed by the victim in resolving issues. Due to this problem, ITRC is now advising victims to deal directly with the issuers rather than the CRA's to avoid these delays. The only exception is in California where the CRA is required to block the item. In this State, the ITRC recommends that the consumer contact both the CRA's and the issuers which results in additional costs and time for the consumer. 2. Blocked line items--When the CRA blocks a line item, it needs to be blocked from everyone. ITRC has heard from too many consumers that an entity requesting a report sees items that were blocked or suppressed. In other words, the report the consumer receives shows that the item has been removed /blocked but the item is still shown on the report sent to the commercial requester. 3. Misinformation and half matches--The CRA's appear to include information either in a report or on a ``suppressed'' file that was from an application that partially matches the consumer. For example, the name is the same but spelled differently (Swanson v. Swansson) and the Social Security number matches 7 of the 9 numbers. That application is included in the consumer's file even though it is only a partial match. This results in misinformation affecting credit decisions. This misinformation may be the result of an identity theft attempt-- shoulder surfers or dumpster divers who did not quite remember or see the full information. 4. Non-English speakers--The CRA's require all consumers to use automated phone systems or the mail to request a credit report. The automated systems are in English only. We need to allow all consumers access to this vital information. The automated systems must have a Spanish language option and perhaps the ability to access an AT&T language translator for help in ordering his/her credit report. In addition, the CRA's must send instructions on how to read a report in the requesting languages or at least in maybe 5 of the languages that the national census shows are the largest population groups. 5. Access to fraud specialists--Due to the automated systems, consumers can only speak with a CRA consumer rep when they have a report and then only for about 3 months after receiving the report. They call a special number, type in the report number and are connected. If that 90-day window has ended, they cannot access a person to ask questions. Due to the complexity of this crime, victims need longer access to CRA personnel. ITRC would recommend that period of time be extended to 180 days, minimum. 6. Access to fraud specialists--It has also been reported by some of the victims that once they get their reports, they are only allowed one phone call to a fraud investigator at a bureau and then that report number no longer allows them access to the bureau's fraud division. 7. Two files-one Social Security number--Recently a victim called ITRC with the following complaint. It is one that we have heard numerous times before. The car dealer asked for a credit check using the man's Social Security number only. A report came in with his Social Security number but with another person's name and information. When the dealer asked for a report with the victim's name and Social Security number a totally different report came back. In other words, there are two reports with the same Social Security number. The second report with the different name is an imposter (in this case a family member) who stole the victim's identity when he was a child. In fact, it even says on the report that credit was established prior to the age of 18 and includes a bankruptcy. This man is in the military and this problem may affect his entire career. 8. Time issues--In some cases of identity theft, clearing up the problem is time sensitive. A park ranger called today. She was just told that a financial check showed a collection notice from First Premier Bank. She now must wait about 2 weeks for her credit reports and is unable to get beyond a customer rep at the bank to find out about this credit card she never opened. What she does know is that it is in her name and Social Security number but with an address she never lived at. She cannot wait several weeks to clear up this problem. The job will be gone tomorrow unless she can deal with this today. With the automated systems, there is no one to talk with for a line- block during investigation at the bureaus until she gets her report--which will be too late to help her. This is a common problem for those dealing with job background checks, loans for purchasing homes/car, or checks done for tenancy. 9. CRA cross-linking files--Some victims of extreme identity theft situations change their Social Security number. It is a last ditch effort to disassociate from a thief that is unstoppable. It brings severe consequences since so much of our personal history is linked to that number. You lose your college records, credit history, and more. It is as if you were born yesterday. People question you--are you a thief who has just made up the information, an illegal immigrant, etc.? ITRC only recommends this step in the worst of cases. It has been brought to ITRC's attention that in some cases the CRA is cross-linking the old and new Social Security number--an action that negates the changing of the Social Security number. Old and new numbers must remain separate (except with SSA and IRS per policy) or this extreme measure is ineffective. The purpose of changing one's Social Security number is to stop the thief from using your information. If the CRA cross-links the numbers, the thief 's actions appear on the new Social Security number and credit report. This means the victim is once again compromised. The CRA report is also a source of information for bail bondsmen and law enforcement. Unfortunately, many of these severe cases had thieves who broke the law while using the victim's Social Security number. This cross-linking may also result in the arrest of an innocent person. We would also like to address a couple other topics that were brought up by other panel members: 1. Mandatory Fraud Alert Observation: This has been a topic that is a sore spot for many victims and consumers. Far too many victims have placed alerts on their credit reports only to have companies ignore them. The bottom line is this: Why does a company have the right to ignore my warnings or requests, placed for their benefit to protect both the company and the consumer from fraud? 2. In the current version of the House Bill H.R. 2622, there is a mandatory observation section. There are two problems with this bill. First, it includes only those who already are victims. Consumers who wish to place a ``security alert'' as a proactive measure are unable to do so. It is vital that we act proactively and not just help in remediation. Second, the bill allows retailers to decide either to honor the ``alert me notice in the following manner'' which was placed by the consumer or to decide an alternate method. The problem with this is that info usually used is from the credit report. Once an imposter has become active in your life your credit report no longer represents your true information and only the thief would be able to answer any questions based on the report. Thank you for the opportunity to work with your Committee. RESPONSE TO WRITTEN QUESTION OF SENATOR MILLER FROM WILLIAM HOUGH Q.1. Do you think the credit bureaus are doing enough to help the victims of identity fraud clear and correct their information? If not, what should they do? A.1. The current system of reporting identity theft problems to the credit bureau could be improved by providing one toll-free 800 number that would allow the consumer to notify all bureaus of their situation. Thus, through centralized notification, all bureaus would place an identity theft alert on the consumer's files with one call. This 1-800 process, I believe, is currently being developed and would be a significant benefit. On the subject of clearing and correcting consumer information, over the past few years the credit bureaus and the industry have developed several tools to handle the information correction process more efficiently. For example, the E-OSCAR system (Online Solution for Complete Accurate Reporting) allows both merchants and credit bureaus to respond quickly (via Internet access) to these consumer inquiries and get them resolved faster. While any process can always be enhanced, the credit bureaus have and continue to make significant progress to aid identity theft victims. RESPONSE TO WRITTEN QUESTION OF SENATOR MILLER FROM MICHAEL W. NAYLOR Q.1. Do you think the credit bureaus are doing enough to help the victims of identity fraud clear and correct their information? If not, what should they do? A.1. We believe credit bureaus can do more, and act more efficiently and effectively, to prevent identity theft from occurring, and to help victims recover their good credit and name after the fact. The AARP's recommendations for increasing the involvement of consumer credit reporting agencies (CRA's) to help solve this problem, include: <bullet> Requiring CRA's to provide consumers with at least one annual free credit report a year to make it easier and less expensive for consumers to monitor their credit reports. <bullet> Requiring subscribers who purchase credit reports from CRA's to provide the same standard of identification to retrieve a consumer's credit report as is required of consumers seeking their own credit report. Because the CRA's have procedures in place for consumer access, these same procedures can be applied to subscribers requesting credit reports. <bullet> Allowing consumers to place a security freeze on their credit report, and issue to consumers a password to prevent their credit report from being accessed without their express authorization. <bullet> Requiring CRA's to permanently block fraudulent accounts on the credit reports of identity theft victims. AFFILIATE SHARING PRACTICES AND THEIR RELATIONSHIP WITH THE FAIR CREDIT REPORTING ACT ---------- THURSDAY, JUNE 26, 2003 U.S. Senate, Committee on Banking, Housing, and Urban Affairs, Washington, DC. The Committee met at 10:07 a.m. in room SD-538, Dirksen Senate Office Building, Senator Richard C. Shelby (Chairman of the Committee) presiding. OPENING STATEMENT OF CHAIRMAN RICHARD C. SHELBY Chairman Shelby. The hearing will come to order. First of all, I want to thank the witnesses for being here today. This morning, we are examining the provisions of the Fair Credit Reporting Act which established the rules for information sharing among affiliated entities. I believe that this is an area which deserves particularly close scrutiny in the reauthorization process because of the considerable changes that have occurred in the financial service sector since the passage of the 1996 Fair Credit Reporting Act amendments. Frankly, activities which were once strictly prohibited now commonly occur within the industry. The changes made to the financial services laws permit financial services firms to engage in new lines of business and to operate using larger and much more complex corporate structures. The purpose of this hearing is to consider this contemporary landscape and assess how well the Fair Credit Reporting Act operates in the context of current practices. To do this, I believe we must consider the types of affiliate structures firms use and look at the kinds of information they share and ascertain the purposes for which they share it. We must also examine the level of consumer understanding of information-sharing practices--are the consumers aware that their financial information is shared, do they recognize the range of entities it is shared with, does such sharing pose any threats to them, do they have concerns about such sharing, do they have choices regarding controlling the sharing? Hopefully, through the course of today's hearing, we can address these issues. As we go forward, we will have to closely measure these issues in order to be able to develop a product that achieves the most effective, efficient, balanced, and fair system possible. Senator Johnson. STATEMENT OF SENATOR TIM JOHNSON Senator Johnson. Well, thank you, Chairman Shelby, for holding today's hearing on affiliate sharing and the Fair Credit Reporting Act. I would like to welcome today's witnesses whose thoughtful written testimony has been helpful in laying out both the benefits of information sharing and some concerns that we should keep in mind as this debate goes forward. I would also like to extend a special welcome to Terry Baloun, who is a Regional President and Group Head of Wells Fargo Bank in South Dakota, North Dakota, Montana, and Western Minnesota. Terry has spent a good deal of time in communities throughout our State, and he knows firsthand the challenges of bringing meaningful credit opportunities to rural America. We face particular challenges, from low population density to specialized issues related to agricultural lending, and Wells Fargo plays an important role in the financial services sector in the Upper Midwest. In fact, national firms like Wells Fargo and Citigroup, which is also represented here today, are critical to the economic vitality of rural States like South Dakota. While smaller local banks and credit unions are the lifeblood of our communities, and provide critical lending services to people throughout rural States, their services are complemented by larger financial conglomerates like Wells and Citi. Some people prefer to patronize small banks, some prefer credit unions, and some prefer the one-stop shopping they find at larger financial services firms. The point is that people have choice. And in rural America, we do not take that for granted. For example, in the area of health insurance, by August, we will have only two insurance companies left in my State offering individual policies, and the lack of competition has had devastating results on farmers, ranchers and other self-employed workers. But the nationwide system of credit that now permits companies to operate around the country with one set of rules overcomes the negative economics of a small population living across a large State. The expanded choice in the financial services marketplace extends beyond simply the type of financial institution to an exploding array of financial products now available to retail customers, ranging from complex to the simple. For example, Citigroup allows mortgage customers to pledge from a Smith Barney brokerage account to collateralize the loan rather than liquidate the portfolio to come up with a downpayment. By the same token, Wells Fargo customers can pay their mortgage at any local branch or ATM, even though the mortgage company and the bank are separate entities within the same corporate family. Neither of these services would be possible without information sharing among affiliates. On the retail side, affiliate sharing has benefits as well as Mr. Prill notes in great detail in his written testimony. These range from making computerized returns without a receipt, to storage and retrieval of warranty information, to returns of Internet purchases to a brick-and-mortar storefront, to screening for bad checks through an instant authorization system. And of great relevance to our discussion last week, customer information is critical in preventing identity theft in both the retail and the banking sectors. In fact, Special Agent Caddigan of the Secret Service and Mr. Beales of the Federal Trade Commission stated unequivocally that information sharing, and in particular information sharing among affiliates, can play a critical role in our enforcement efforts against identity theft. Are these financial services absolutely necessary? Well, probably not. The world does not come to an end in a cash economy. And I want to make clear that I take seriously the concerns some of today's witnesses raise about affiliate sharing. But the impact of product innovation on economic growth, consumer choice, and the democratization of credit have been undeniable. It is this very balance between growth and innovation on the one side, and individual privacy rights on the other, that drove Congress' decision in 1996 to preempt seven critical provisions of the FCRA from State action. We wanted to encourage a national marketplace for credit that maximizes appropriate consumer access to affordable credit and, to a remarkable degree, we have succeeded. Again, I believe this issue fundamentally is about consumer choice. And that includes a consumer's right to choose not to be part of an affiliate-sharing arrangement. The first opportunity to choose comes when a consumer decides to establish a relationship with a company: in some sense, the decision to do business with a larger or smaller institution is the ultimate opt in. The second opportunity to choose comes when the consumer is presented with an opportunity to opt out of affiliate sharing. To be effective, this option must be clear and meaningful. I am interested in hearing from the witnesses what steps, if any, they would suggest beyond the mandatory privacy notices to give customers a meaningful opt out opportunity. So thank you, Chairman Shelby. I thank you, Senator Sarbanes, for your leadership on this issue, and I look forward to the opportunity to hear more from this panel. I have several other conflicting obligations, and I will likely have to excuse myself prior to entire panel being concluded. Thank you, Mr. Chairman. Chairman Shelby. Senator Bennett. STATEMENT OF SENATOR ROBERT F. BENNETT Senator Bennett. Thank you, Mr. Chairman. I remember from my own business experience that one does not seek a bank, one seeks a banker. One seeks a relationship where you are known, your background is known, and therefore you can deal with a sense of confidence, and the banker can deal with a sense of confidence about your background. If we put up artificial barriers within financial institutions to the sharing of information, we create a situation where one cannot be known. As Senator Johnson has said, the first opt in is the choice you make as to the organization with whom you deal, and once you have made that choice, it seems to me, as a consumer, you want everyone in that organization to know all about you so that the good reasons they have to give you credit or offer you products in one part of the organization will go with you to the other part of the organization, and you will not have to reintroduce yourself again and again to try to get those services. If you find, as some witnesses have suggested in previous hearings, that you are being badly dealt with as a result of the way that information is shared, this is America, and you can walk out the door and take your business someplace else. I am always interested that many of the people who get upset about activities that businesses engage in assume that the business exists to fleece you. I can assure you that business exists to get a consumer to come back. Business exists to try to have as much repeat business from reliable consumers as it possibly can. I am using the wrong pronouns here. Business people, there is no such thing as a business, business people want to have as many repeat customers as they possibly can. They want to build brand loyalty and customer loyalty, and as I have heard some horror stories that said a bank did this or bankers did this or that with my information, the immediate reaction I had was why would any customer ever deal with that banker again if, in fact, that was done? The ultimate opt out is the one to which Senator Johnson has referred, that you take your business, and you go someplace else. So intelligent businessmen and women will do everything they can to use the information within affiliates in a way that will benefit the consumer so that the consumer will want to come back, will want to stay with that institution and all of its affiliates, and that is the way successful businesses are built, and that is the way consumers want it, and that is one of the magic aspects of American commerce. We have more flexibility, consumers have more choices, they have more opportunities to expand their purchasing options in America than anyplace else, and I think the sharing of information intelligently and for the purpose of trying to build repeat business is one of the reasons that American consumers are so well-served. So, I will look forward to the testimony from the witnesses, and hope that the prejudices and preconceptions that I have just outlined will either be confirmed or corrected, depending on the information the witnesses have to share with us today. Thank you, Mr. Chairman. Chairman Shelby. Senator Sarbanes. STATEMENT OF SENATOR PAUL S. SARBANES Senator Sarbanes. Mr. Chairman, thank you very much. I commend you for holding what I regard to be quite an important hearing on affiliate sharing practices and regulation. I think it is fair to say an affiliate used to be one of a small group of companies performing a similar business. Today, an affiliate could be one of hundreds or more companies, many of which engage in different businesses, and the question, of course, is in the minds of many consumers, that broad scope of affiliates are often thought of as third parties. So there has been a quantum expansion, I think, in the concept of affiliates, and we need to bear that in mind. Of course, we are looking now at the problem of whether to extend the Federal preemption of State law which governs affiliate sharing and, if so, under what conditions, and that poses important questions about the right of consumers, in terms of what can be done with their confidential financial information. The information under current law which can be disclosed is really quite far-reaching: savings and checking account balances, certificate of deposit maturity dates and balances, checks individuals write, checks deposited in a customer's account, stock and mutual fund purchases and sales, life insurance payouts and so forth. So that the universe of confidential and sensitive financial information that is being shared or sold has not only increased dramatically over the past several years, but I am not sure consumers are fully abreast of how widespread it is. This is underscored, of course, because every survey shows considerable sensitivity on the part of people with respect to the privacy of their financial information. In California, where privacy has become a major issue, statewide polls show from 75, 85, 90 percent say consumers should provide their permission for the use of the financial information. There have been efforts at legislation. In California, I understand that this issue may go to initiative. So it may be put to the electorate in a very different form than the ability to work at it, as one can do, in a legislative context. Hopefully, this hearing will help to develop what specific consumer data financial institutions circulate to affiliated businesses, for what purposes the affiliates use such data, the awareness of consumers as to which businesses are receiving their information. These are all important questions, and obviously the sensitivity across the country, I think, to the question of the privacy of financial information is growing and growing. And I think we have to figure out some way to address it. I hope we will hear, in that regard, from the panel, including the representatives of the financial institutions, which after all have a major interest in this question as well, but I do not think the issue in the country has reached anything approaching equilibrium, where people are satisfied with a situation. Therefore, until that occurs, there are going to be continuing calls for action of one sort or another, whether it be regulatory, legislative, or even, as California is considering, actually initiated right from the electorate to try to deal with this issue. Thank you, Mr. Chairman. Chairman Shelby. Senator Allard. STATEMENT OF SENATOR WAYNE ALLARD Senator Allard. Thank you, Mr. Chairman. I will be brief. I just want to thank you right at the start for holding this hearing. I want to thank the witnesses for agreeing to be on the panel. You being a part of this discussion is really important. It is not always easy to get away from your jobs and businesses to be here, but I look forward to hearing your comments. Information sharing is a vital part of the U.S. financial and business systems and it has contributed to the vibrancy of the U.S. economy. While it is necessary to protect a consumer's personal information, certain sharing of information is necessary for U.S. financial and business systems to function and operate smoothly. Affiliate sharing allows the operation of our national credit reporting system by enabling lenders to perform effective credit underwriting and credit monitoring. This ability is important for the industry to reduce their overall risk of loss. At the same time, customers deserve protection of certain information. I look forward to today's discussion of affiliate sharing and how this Committee can facilitate striking the appropriate balance between consumer protection and business needs. Again, I would like to thank the witnesses for agreeing to testify and thank you, Mr. Chairman. Chairman Shelby. Senator Carper. COMMENTS OF SENATOR THOMAS R. CARPER Senator Carper. Thanks, Mr. Chairman. To all of our witnesses, welcome. I am pleased I get to spend at least a little bit of time with you. We have got a whole bunch of things going on this morning. I will be in and out of the hearing. One of the things I would hope that will come out here for us, as we try to move forward on the question of FCRA and the preemption provisions, a focus on how are consumers better served by the sharing of information across the company and through affiliates, and how are consumers better off because of that. Also, I would add that, we have a good mix of witnesses here, people with a lot of different perspectives, and I think very helpful perspectives. And for me, for a hearing like this to be really successful, I walk away from the hearing finding common ground and listening to thoughts of each of our witnesses, from their own perspectives, the world in which you live, to try to weave it together into some kind of a consensus, and I would ask that you keep that in mind, and to the extent I get to ask a question, I am going to be asking you where you see the common ground emerging on this issue among this disparate panel. Thank you very much. Chairman Shelby. Thank you. I want to welcome our distinguished panel of witnesses. Oh, Senator Dole. We cannot forget her. STATEMENT OF SENATOR ELIZABETH DOLE Senator Dole. Thank you, Mr. Chairman. I know I am way down here on the end. Chairman Shelby. I had your name here. Sorry. You have been waiting patiently. Senator Dole. Thank you. In the past two hearings on the issues pertaining to the reauthorization of the Fair Credit Reporting Act, I have discussed the importance of affiliate sharing with some of our witnesses. In each instance, the witness agreed that affiliate sharing is vitally important. Today, we have the opportunity to more fully explore the numerous advantages that affiliate sharing provides to consumers, financial institutions, and public policy objectives. We all benefit now that judgments based on race and gender have been taken out of the equation of credit worthiness, and one can now walk into a store and obtain a line of credit in minutes. Consumers clearly benefit when they are able to call a single person, as has been mentioned several times this morning in their bank, and that customer service agent is able to access each of their different accounts at once. We all know the frustration of being transferred from person-to-person when we are attempting to get our questions answered at a bank. With affiliate sharing, increasingly more institutions are able to develop systems to minimize the need to transfer customers from department-to- department. In addition, affiliate sharing allows financial institutions to realize greater efficiencies by permitting them to consolidate customer service and administrative functions for their affiliate businesses. A loss of all or part of the affiliate-sharing preemption would result in an increase of time and money wasted by consumers across the country, not to mention the increased frustration caused by being passed from person-to-person at their bank. Let me be clear: Privacy of personal information is very important, and I will work to implement reasonable protections. However, we must strive for a balance and should not sacrifice the efficiency of our credit system in the name of privacy. In many ways, I believe our responsibility is like that of doctors in the Hippocratic Oath: ``First, do no harm.'' Just as importantly, affiliate sharing assists financial institutions in antiterrorism efforts and in detecting and preventing money laundering. A customer service agent who can review all of a customer's accounts is more likely to spot potential problems or concerns. The value of this added benefit is extremely important, especially when we rely so heavily on the vigilance of our financial institutions and their cooperation with law enforcement officials. It is my hope that today's hearing will give us an opportunity to further explore these issues with our witnesses and that it will lead us all to greater appreciation of the advantages that consumers, industry, and the Government receive from the practice. Finally, I want to thank our distinguished panel of witnesses for taking the time to join us here today, and I look forward to working with my colleagues as we move closer to reauthorizing the important preemptions contained in the Fair Credit Reporting Act. Thank you, Mr. Chairman. Chairman Shelby. Thank you, Senator Dole. Now, I want to welcome, again, our distinguished panel. First, Professor Joel Reidenberg, Professor of Law at Fordham University; Ronald Prill, Former President, Target Financial Services; Terry Baloun, Regional President and Group Head, Wells Fargo Bank; Julie Brill, Assistant Attorney General of Vermont; Martin Wong, General Counsel, Global Consumer Group, Citigroup, Inc.; Edmund Mierzwinski, Consumer Program Director, U.S. Public Interest Research Group; and Angela Maynard, Chief Privacy Executive and Counsel, KeyCorp. We will start with you, Professor. All of your written statements will be made part of the record, in their entirety, and if you would briefly sum up your top points. STATEMENT OF JOEL R. REIDENBERG PROFESSOR OF LAW, FORDHAM UNIVERSITY SCHOOL OF LAW Mr. Reidenberg. Thank you, Mr. Chairman, Ranking Member Sarbanes, and distinguished Members of the Committee. I commend you for convening the hearing today on this important issue and for the leadership you have shown in this area. I also thank you for the honor and privilege to appear before you. I am Professor of Law at Fordham University School of Law, where I teach courses in information privacy law. I have written extensively on the regulation of fair information practices in the private sector and have written specifically on Fair Credit Reporting Act issues. I have also advised Federal and State Government agencies on some FCRA litigation matters. I am appearing today as an academic expert on privacy law, and I am not representing any organization or institution. I am glad that you will be able to include the submitted statement for the record. I should also mention that my prepared statement draws, in part, on testimony I gave last month to the House Subcommittee on Financial Institutions. What I would like to do this morning is highlight three points in the testimony and then make several recommendations. The first point is a context-setting point, specifically that strong privacy protections are absolutely essential for the credit reporting system in the United States. As I will discuss in a few moments, I think the affiliate sharing provisions and practices undercut this basic principle for privacy law. When Congress enacted the FCRA in 1970, Congress acted in response to significant abuses in the credit reporting industry. The documented abuses included the release of credit information to noncredit granters, the dissemination of inaccurate credit information, the inability of consumers to gain access to their credit reports and the difficulty in making corrections. Scandals and distrust were harming the marketplace then. I think the affiliate sharing provisions will send us back to that era. The FCRA was a novel statute at the time of enactment because it established the basic principle that information collected for one purpose would be used for statutorily defined permissible purposes. Any other use needed consent. It included other important fairness criteria--like rights of access, and an ability to dispute inaccurate information and have it corrected. The FCRA included important safeguards for American citizens related to law enforcement such as due process requirements for access to credit report information. Overall, it provided a bedrock set of standards for fair information practices. I think it is also important to recognize that the FCRA never created an overall uniform national standard, as we have heard numerous times in the various hearings during the past month. In fact, at the original enactment, Congress and this Committee, in particular, endorsed the position of State officials when they testified that we needed essentially a Federal floor to be supplemented by future State legislation. In the 1996 Amendments, the temporary and partial preemption clauses grandfathered three States. As a result, we have had differences from the start and even after 1996. The State differences have not impeded credit reporting or financial decisionmaking. Indeed, if we look at some of the statistics from the grandfathered States in 1996, we find that the lowest bankruptcy rates in the country are coming out of those three States and mortgage loan interest rates tend to be lower there than in other States. So we have not seen any problems arising from the fact that there are different standards. Weakening of the privacy protections, on the other hand, is a major problem. Surveys show that 95 percent of Americans object to the secondary use of their personal information, and that is exactly what affiliate sharing is allowing to happen today. My second point is that there are some unintended consequences of the affiliate-sharing loophole that enable the complete circumvention of all of the other protections in the Fair Credit Reporting Act. Congress, in allowing affiliate sharing, exempted affiliate sharing from the definition of a consumer report. By exempting it in that fashion, key protections of the statute then are lost for information shared among affiliates although there is a notice requirement and a one-time opportunity to opt out. Large groups of affiliated financial and nonfinancial organizations can easily engage in the same behavior that Americans found troubling and that caused the enactment of the Fair Credit Reporting Act in the first place. To illustrate, let us take a look at some of the specific affiliate sharing provisions. The blanket exemption given for experience and transaction data opens a Pandora's box. An organization can disseminate experience and transaction data, such as credit card performance information, insurance status, brokerage account activity among related companies without the protections of the FCRA applying such as accuracy or correction. If data is shared with affiliates, once the affiliates obtain the information and start using it and resharing it with other affiliates down a chain of companies, accuracy will disappear and the protections do not apply. It is very hard to tell right now the significance of this exemption. Because of the size of organizations, the scope is very poorly understood. I think it is very important that we learn about the specific data transfers that take place and the specific purposes for which they are being used. Consumers do not have access to this information. Consumers cannot simply walk out of the bank and start up a relationship with another bank in the hopes that their privacy is preserved because they cannot find out. More sweepingly, the affiliate-sharing provisions allow the complete circumvention of basic clauses. Communication to persons related by common ownership are exempted from the definition. So we see some examples. It means storage limitations, the types of uses, all of those protections disappear. The industry has already testified at hearings that they are using this exemption in ways that subvert the original protections of the Act. TransUnion testified that they promote affiliate sharing to make underwriting decisions. Citibank testified earlier this month that it shares information among affiliates, including credit application, credit bureau data, information on transactions with customers. MBNA indicated it shares credit eligibility information, including credit reports among affiliates. Once their affiliates have the data--data that has been exempted from the definition of consumer reports--the other protections then do not apply to those affiliates. The potential circumventions are particularly disturbing when we consider the affiliations of some of the large groups. TransUnion, for instance, belongs to the Marmon Group. Marmon has a large series of businesses, including a syringe needle business, and a residential water treatment plant. TransUnion provides a notice of affiliate sharing and an opt out. They can transfer credit reports wholesale to those companies. Experian is in the same situation. Experian is owned by a British company, Great Universal Stores. Great Universal Stores also owns Metromail and Burberry's. If Experian were to provide notice of affiliate sharing and an opt out, Experian could transfer the entire credit reporting database to Metromail, which is a direct marketing company. Well, as it turns out, Experian does just that. If you order a credit report from Experian online or if you subscribe to Experian's service that provides the credit watch function, Experian gives a notice, and an opt out of affiliate sharing. I do not think there is any way a consumer would recognize that Metromail is now entitled to receive their credit report, could do anything with that credit report and none of the protections of the statute would apply. Affiliate sharing also allows the Government to engage in surveillance outside the due process protections of the FCRA. Equifax, for example, operates through a number of changing groups. It is a little hard to figure out exactly how their corporate structure is defined from reading their annual reports, but their apparent group of affiliates includes one that provides information services to the Government. Equifax's Online Privacy Policy and Fair Information Principles statement informs consumers who request copies of their credit reports that they may disclose the information to affiliates. Well, what that suggests is that Equifax would have an ability to transfer the credit report database to an affiliate that provides information services to the Government. Once the affiliate receives it, the permissible purposes and the due process restrictions would not apply. Now, in each of these examples, I do not have any specific information to suggest that these companies are, in fact, exploiting this loophole because, again, it is not possible for a consumer to learn that information. What you find, though, is these practices are clearly authorized by the statute, and the companies disclose that they intend to do these sorts of activities. We simply do not have the specific details of what they are doing. The last point that I would like to raise is that the affiliate sharing provisions raise very significant security risks and threats to the soundness of the credit reporting system. The problem is really the leakage of credit information to affiliates for secondary purposes; in other words, information being shared for purposes that were not the original permissible purposes. I believe such sharing enhances identity theft risks. This Committee heard last week from U.S. Secret Service Agent Timothy Caddigan that insider jobs are a significant source of identity theft risk. To the extent that wide-ranging affiliate sharing starts moving this sensitive personal information across companies, down the chain from one to another, affiliate sharing magnifies the number of insiders who have access to personal data, without restrictions on how it is used, and without the obligations that the banking law imposes on banks, for instance, to maintain information security. Those protections are lost. Fraud detection, which we have heard about, certainly appears as an authorized purpose under the Fair Credit Reporting Act, a ``legitimate business need.'' It does not seem that the affiliate sharing exception is necessary for that purpose. I think, also, that affiliate sharing introduces a homeland security risk. The global reach of American companies and their affiliates means that sensitive data can be transferred to affiliates in countries that are presently on State Department watch lists and warning lists. We have examples that illustrate processing activities appear to be taking place in countries such as Malaysia and the Philippines. Once the data goes off-shore, not only do the consumers lose protection, but at the same time U.S. law enforcement loses the ability to engage in legitimate law enforcement activity because the processing is no longer within the jurisdiction of the United States. I would like to conclude with two recommendations for Congress to consider. Congress needs to restore the Fair Credit Reporting Act to the higher level of its original protection. And to do that, I would recommend, first, the elimination of the exemption for affiliate sharing from the definition of consumer report or at least allow the partial preemption clause to sunset on January 1. Let the States protect their citizens and experiment on how best to protect their citizens. The second recommendation is a process issue: investigate the actual sharing practices of credit report information among affiliated companies, and the specific uses of that data by the affiliated recipients that escapes the protection. This hearing is really the first part of this process. To this end, I think Congress should instruct the functional bank regulators and the Federal Trade Commission to investigate, audit, and report back exactly how organizations are using the affiliate sharing exemption. It is not sufficient to say a company uses the exemption to develop products and services or to provide better customer service. That does not tell us much. It does not give consumers the ability to talk with their feet and change their business relationships to those companies that protect their privacy. Thank you. Chairman Shelby. Thank you, Professor. Mr. Prill. STATEMENT OF RONALD A. PRILL FORMER PRESIDENT, TARGET FINANCIAL SERVICES ON BEHALF OF THE NATIONAL RETAIL FEDERATION Mr. Prill. Good morning, Mr. Chairman and Members of the Committee. Chairman Shelby. Put your mike in front of you. Mr. Prill. My name is Ronald Prill, and given the makeup of other Members of this Committee, I thought I should emphasize that my name is ``Prill,'' with a ``P.'' Until I retired about 3 weeks ago, I was President of Target Financial Services, and I was also CEO of Retailers National Bank, Target Corporation's credit card bank subsidiary. I am presently employed by Target as a consultant to our management as I transition into retirement. I appreciate this opportunity to speak to you today on behalf of my company, as well as all of the members of the National Retail Federation. Many retailers, like Target, have evolved, for a variety of reasons, into organizations having multiple-affiliated entities. Having affiliates enables us retailers to operate differentiated retail store formats, to operate efficiently and to be able to compete effectively. Besides running individual retail companies, a retailer's individual affiliates might source merchandise, administer retail credit card programs, deliver warrantee and repair services or perform other functions that are necessary to the success of the retail business. Among Target Corporation's affiliates are our 1,100 Target stores in each of the 48 contiguous States, except Vermont; Mervyn's, our chain of about 250 stores, serving the middle market and located mostly in Western States; Marshall Field's, 62 full-line department stores in 8 Midwestern States; Target.direct, our direct marketing and dot.com affiliate; and Retailers National Bank, which issues all Target, Mervyn's, and Marshall Field's credit cards. I hope you have had the opportunity to review my written testimony which I submitted to the Committee. In it, I covered, in detail, some of the many ways in which affiliates in a retail organization must share information about their customers in order to carry out the core business functions that are dependent on that sharing. These core functions include things like retail credit card programs, controls and protections against loss from fraudulent merchandise returns and bad checks, and the lifeblood of a retailer, the capability to reach and know its customers, to communicate with them, and to send them advertising and targeted offers. My written testimony also explains how many of the benefits that America's retail customers have come to expect are frequently possible only because of affiliate information sharing. These benefits include protection against identity theft, receiptless returns of merchandise, the convenience of returning or exchanging merchandise that was purchased at a retailer's website at any of its stores without a trip to the post office and without paying a return shipping fee, more customer-friendly check acceptance policies and procedures, the savings and other perks of customer loyalty programs, and the benefit which so many of our customers are so vocal about-- receiving sale catalogues and other advertising at home, on time, and before the sale starts. These are all examples of truly benign sharing of information among affiliates whether viewed from the retailer's perspective or from our customers' perspective. Not all retailers are structured the same, not all have affiliates or the same number of affiliates or the same kinds of affiliates, but we all have pretty much the same core business processes and the same need to serve our customers well. To accomplish these things, retailers are dependent on having readily available information about their customers, and that availability should be the same for all retailers and all of their customers, regardless of organizational structure. Our customers want it to be that way. In closing, I would like to take this opportunity to emphasize the retail industry's strong support for the permanent reauthorization of the seven areas of preemption covered in Section 624 of the Fair Credit Reporting Act. Without the extension of the Uniform National Standards, retailers and the customers we serve may be subject to a confusing patchwork of new State laws, rules, and regulations concerning important areas such as dispute resolution and the information contained in credit reports. And as today's hearing reflects, services that millions of customers have come to rely on and that they routinely take advantage of would be disrupted if information flows are interrupted. Mr. Chairman and Members of the Committee, consumers have come to expect instant access to credit when purchasing everything from an automobile to furniture, appliances, and apparel. In the final analysis, we in the retail industry have a real concern that a more fragmented process for information sharing and credit approval would negatively impact consumers in many different levels and, as a consequence, retail sales, ultimately costing jobs and hurting the economy as a whole. Thank you. I will be happy to answer any questions. Chairman Shelby. Thank you, Mr. Prill. Mr. Baloun. STATEMENT OF TERRY BALOUN REGIONAL PRESIDENT AND GROUP HEAD WELLS FARGO BANK Mr. Baloun. Thank you, Mr. Chairman. My name is Terry Baloun, and I am the Regional President and Group Head for Wells Fargo Banks in South Dakota, North Dakota, and Montana. Thank you, Chairman Shelby and Committee Members for the invitation to testify and respond to your questions. Our Wells Fargo Banks work in concert with other Wells Fargo business affiliates in providing financial service products to our customers. The service customers expect, requires that Wells Fargo have integrated information systems to give customers what they want--when, where, and how they want it. Subject to the Fair Credit Reporting Act, Wells Fargo shares customer information internally to meet these goals. Providing a new mortgage, providing rural or remote small businesses with credit, offering consolidated statements for customers with multiple Wells Fargo products requires information about their financial affairs. Applying inappropriate restrictions on transfers of information among affiliates would impede customer service. The 1996 Amendments to the Fair Credit Reporting Act recognize the value to customers of the ability to transfer information among affiliates. This ability is wholly consistent with our customers' expectations that their questions will be answered and their needs will be met with a single call or e- mail, whether their financial products are provided by a single company or several companies in the same affiliated group. In Wells Fargo's view, it is customer expectations and needs that should shape public policy that regulate information use--not legal structure. This is especially critical to our mortgage business. Since passage of the 1996 Amendments to the Fair Credit Reporting Act, mortgage servicing has become more efficient. Wells Fargo customers have more channels through which they can apply for a mortgage and get assistance or conduct transactions related to a mortgage, as well as the complete array of financial products offered by Wells Fargo. In California, 40 to 50 percent of our Wells Fargo mortgages originated this year are the result of referrals from our Wells Fargo Banks to Wells Fargo Home Mortgage. Many are first-time homeowners in Hispanic market areas. With affiliate transfers and the use of customer information, mortgage customers can make mortgage payments at their local branch bank, obtain balances, get consolidated statements, and get the support of 24-hour call centers that serve an entire affiliated enterprise. Our customers have found these services valuable. Sharing of customer information also benefits our small business customers. The basis for small business lending over the last 10 years has been direct-mail offers of preapproved credit. Wells Fargo has extended nearly 500,000 small business loans since the mid-1990's. FCRA allows Wells Fargo to provide such credit, based on Wells Fargo's own experiences with the customer and the most current credit report. Generally, small businesses no longer need to submit tax returns or financial statements, providing easier and cheaper credit for the business customer. Actions by multiple States to enact their own State versions of the Fair Credit Reporting Act will frustrate customers who do routine transactions across State lines. Wells Fargo provides services to thousands of customers who may have accounts domiciled in one State yet reside or do business with a Wells Fargo Bank in another State. Nearly half a million Wells Fargo customers have made teller or ATM transactions out of State within the last 5 months. In my banking States of South and North Dakota and Montana, nearly 10 percent of Wells Fargo customers live in one State, but use Wells Fargo banks or ATM's in a bordering State. Finally, Wells Fargo believes that the current uniform national standard for information use as provided by the 1996 Amendments to the FCRA is vital and ask that this Congress provide clarity and stability by removing the sunset provision that affects affiliate sharing and other segments of credit granting. Congress should also address identity theft and set new standards for notification about information use to customers. Availability of financial services, such as mortgages for our customers, and the flows of information required to meet those services available don't stop at State borders or corporate structures. Thank you. I will be happy to answer any questions that you, Chairman Shelby, or the Committee may have. Chairman Shelby. Ms. Brill. STATEMENT OF JULIE BRILL ASSISTANT ATTORNEY GENERAL THE STATE OF VERMONT Ms. Brill. Thank you. Good morning. My name is Julie Brill. I am an Assistant Attorney General from the State of Vermont. Thank you very much, Chairman Shelby, Ranking Member Sarbanes, and other distinguished Members of this panel for inviting me here today. I would like to make four points this morning. The first point that I would like to make is that the economies of Vermont and other States with more protective laws in this area of affiliate sharing and financial privacy, generally have not been harmed as a result of those laws. The second point that I would like to make is that States need to enact more protective laws because the Federal system for regulating affiliate sharing of information is inadequate. The third point that I would like to make is that States currently provide important protections in the affiliate sharing arena that are not provided in Federal law. The fourth point that I would like to make is that Congress should sunset the affiliate sharing provisions so that States can serve as laboratories of democracy in this arena, as Congress has done in so many other areas involving privacy, credit, and important consumer protection issues. With respect to my first point, the economies of Vermont and other States with more protective laws have not been harmed. As you may have heard earlier and you will certainly know by now, Vermont is the only State that has an affiliate sharing law that was grandfathered into the Fair Credit Reporting Act. That is because we were the only State as of 1996 that had a law affecting affiliate sharing. Vermont also has more protective laws with respect to credit reporting generally and also with respect to financial privacy. Vermont took advantage of Section 507, which was put forward by this Committee in the GLB enactment in order to have more protective opt in laws with respect to third-party sharing. As Professor Reidenberg has demonstrated, not only has Vermont's economy not been harmed but also the State economies in other States that have more protective laws. Those State economies have also not been harmed. Professor Reidenberg has shown that our bankruptcy rates are among the lowest in the Nation, and our mortgage interest rates are among the lowest in the Nation. In addition, our office has examined auto loan rates in the States that have more protective laws. Vermont ranks 50th. That means we have among the absolute lowest auto loan rates in the country. California is 31st, Massachusetts is 24th. In addition, we examined whether credit is readily available in Vermont--in other words, is instant credit available? Is it available at very low interest rates to a broad group of consumers? What you see over here on the poster boards, if you can see them--I apologize, Senator Dole, if you cannot see them, but they are over there--what is over there are advertisements that appeared---- Chairman Shelby. Could you turn them just a little bit so that everybody from this angle can pick them up? Ms. Brill. Copies of these ads are also in my testimony. What these advertisements show is that credit is available instantly, at extremely low rates, to broad numbers of consumers in our State. We believe that an examination of advertisements in California and Massachusetts would demonstrate the same thing. So, just to refer to what Senator Johnson described with respect to the importance of the democratization of credit, we think the democratization of credit is thriving in Vermont. With respect to my second point, the Federal laws governing affiliate sharing are simply inadequate. Corporate groups are vast and amorphous. We have included in my testimony lists of affiliate groups for three financial institutions, two of which are here this morning. Citigroup lists over 1,600 affiliates. KeyCorp, which considers itself a midsize bank, lists over 800 affiliates. Bank of America lists in official records over 1,300 affiliates. These affiliates are involved in a surprisingly wide variety of activities--insurance, securities, international banking, real estate holdings, and development. To answer your question, Senator Shelby--are consumers aware that these corporate groups are so vast and amorphous; do they understand the information flows among these affiliate groups; do they have choices with respect to these information flows--I think the answers to these questions are: ``No,'' ``No,'' and ``No.'' Federal law provides no notice and no choice with respect to sharing of transaction and experience information within an affiliate group or with respect to joint marketing by the affiliate group with respect to its joint marketing partners. It is quite simply the case that consumers do not expect that their Citibank account number will be shared with Travelers or a Citibank's affiliates for marketing purposes; nor do they expect that their health information that Travelers may hold as a result of a property or casualty claim will be shared with Citibank for credit decisions. Under Federal law--that is, if it were not for State laws protecting this kind of sharing of health information--that would occur. We believe that consumers should be notified with respect to this kind of affiliate sharing information when it is being used for marketing purposes or for credit decisions--that is, not for servicing the consumer's original account. Where Federal law does provide for notice and choice--that is, with respect to the sharing of credit information within an affiliate group--the notice and choice is woefully inadequate. The same problems that exist with respect to GLB notices also exist with respect to the notices that go out for affiliate sharing. With respect to my third point, States provide important protections in the affiliate sharing arena that are not provided by Federal law. GLB calls upon the States to regulate sharing of insurance information. The National Association of Insurance Commissioners has created a model that requires that health information can only be shared within an affiliate group if the consumer consents. Thirty-five States have adopted this law. States also have laws with respect to the sharing of health information that relates to specific diseases such as HIV testing, cancer, or genetic testing. These State laws prevent life and property and casualty insurers from sharing this critical information with banking and other affiliate groups for the making of credit decisions. The Health Insurance Portability and Accountability Act, or HIPAA, does not cover these financial institutions. In the absence of State laws, there would be no protections for this kind of information being used to determine whether a mortgage should be granted by an affiliate of the insurance company. And finally, with respect to my last point, the National Association of Attorneys General urges Congress to allow the limited preemption provisions in the FCRA to sunset. This is particularly true with respect to the affiliate sharing preemption provision. We request that Congress follow what it has done with respect to GLB, with respect to HIPAA, and with respect to other important consumer protection laws, and that is to set a Federal floor and allow the States to serve as laboratories of democracy as they have done so well in the past. Thank you very much. Chairman Shelby. Mr. Wong. STATEMENT OF MARTIN WONG GENERAL COUNSEL, GLOBAL CONSUMER GROUP CITIGROUP, INC. Mr. Wong. Good morning, Chairman Shelby, Ranking Member Sarbanes, and Members of the Committee. On behalf of Citigroup, I want to thank Chairman Shelby for holding these hearings on the Fair Credit Reporting Act, and I appreciate the opportunity to speak before you today to discuss how FCRA, and particularly the affiliate sharing provisions, impacts, our ability to operate efficiently and serve our over 200 million customer accounts. FCRA provides a national framework for the credit reporting system, which has been shown to work well and to provide substantial economic benefits to consumers, including affordable and convenient credit, wide credit availability, and prevention of fraud and identity theft. FCRA also facilitates the free flow of information that allows modern financial services companies to work efficiently. While Citigroup believes that maintaining national uniform standards for all seven of the expiring provisions of FCRA is crucial, I will focus my testimony on the topic of today's hearing--information sharing among affiliates. Information sharing among affiliates is an ingrained part of how we meet our customers' needs and expectations on a daily basis. Affiliate sharing is necessary for effective credit underwriting and credit monitoring which are the heart of the national credit report system. The sharing of information among affiliates enhances the ability of lenders to accurately assess credit risk, thereby reducing their overall risk of loss. Citigroup is able to use the credit information and transaction histories that we collect from our affiliates to create internal credit scores and models that help determine a customer's eligibility for credit. This information supplements credit reports and FICO scores to paint the most accurate picture possible of a customer. For example, CitiMortgage underwriters have access to information from affiliates that includes a customer's account balances, payment history, and available lines of credit. This allows our credit analysts to verify a customer's creditworthiness quickly and efficiently, minimizing the burden to the customer associated with providing this documentation. Sharing information among affiliates greatly assists in the prevention and detection of identity theft and fraud. Although some have argued that sharing information increases opportunities for identity theft, our experience is that information sharing among affiliates actually reduces identity theft. Through affiliate sharing, they are able to maintain an internal fraud database, which helps prevent the opening or maintenance of fraudulent accounts. This kind of information sharing also allows us to alert customers to potential fraud or identity theft at an earlier stages. Affiliate sharing allows us to provide one-stop shopping for our customers in a way that is seamless and consistent with our customers' expectations. Affiliate sharing allows companies like Citigroup to better service our customers' diverse financial needs through affiliates that have appropriate products and services. Our customers want and expect the convenience of having one-stop-shopping for all of our products--banking, insurance, home mortgage, credit cards, and securities. They also expect the ability to access information about all of their accounts in one statement, with one phone call, or on one website. Additionally, consolidated relationships allow our customers to move money seamlessly between accounts and to pay their Citibank credit card balances at any Citibank ATM, as well as, on the Internet, simply by making a transfer between accounts. Customers do not view us as different legal entities, but instead as a single source of multiple financial products. When a Citibank customer who has an account in Connecticut through our Federal thrift enters a Citibank branch in New York, our national bank, to cash a check or open another account, the customer expects to be recognized and receive the same level of service. The legal distinction between the two affiliated Citibanks is not relevant to the customer, and it should not affect his or her ability to obtain products and services. Affiliate sharing provides the customer with pricing discounts and products tailored to their needs. For customers who have multiple account relationships with us, the sharing of information between affiliates allows us to provide financial benefits in the form of relationship pricing and special offers. For example, many customers benefit from no-fee checking through a Citibank N.A. or Citibank FSB based upon their total combined balances, in their mortgage from CitiMortgage, credit card from Citibank South Dakota, and investments through Citicorp Investment Services. Sharing information among affiliates also permits us to service our customers on an individualized or tailored basis. For example, customers who have a Smith Barney brokerage account are eligible for a mortgage from CitiMortgage without a down payment by pledging their securities as collateral. In 1996, Congress struck the appropriate balance between consumer protection and business needs by allowing customers to opt out of having certain information shared among affiliate entities, but continuing to allow information about a company's own experiences with a customer to be shared among affiliates. The FCRA national standard is particularly reasonable now that the business of providing financial services, especially lending, is no longer restricted by State borders, which means that consumers have the same opportunities for credit, regardless of where they live. If different States were allowed to pass laws governing the exchange of information among affiliates, it would significantly disrupt our seamless, nationwide system of serving our customers. It could lead to a never-ending process as States and localities impose different regimes. Compliance with this patchwork of laws would be extremely burdensome and costly for lenders, and ultimately for consumers. Thank you for the opportunity to appear before this Committee. Chairman Shelby. Mr. Mierzwinski. STATEMENT OF EDMUND MIERZWINSKI DIRECTOR, CONSUMER PROGRAM U.S. PUBLIC INTEREST RESEARCH GROUP Mr. Mierzwinski. Thank you, Mr. Chairman and Senator Sarbanes. I also want to recognize Senator Allard, who has been a sponsor of important legislation on the transparency of credit scores in the past, and Senator Bunning, for his important contributions on Social Security Number protection in the past. These are important privacy bills that I hope the Committee will move on as well. The U.S. Public Interest Research Group is pleased to testify again on the important matter of affiliate sharing and the Fair Credit Reporting Act. In 1970, Congress passed a comprehensive statute to regulate the use of credit reports. It gave these third-party companies, credit reporting agencies, tremendous ability to collect and disseminate comprehensive dossiers on individual consumers and to sell them onto the market. That Fair Credit Reporting Act since 1970 has served a very important purpose. It is a very important law despite the problems that we have with it. But the important thing about the Fair Credit Reporting Act is that it regulated the use of those credit reports. It gave consumers comprehensive rights. When your credit report was used for an adverse action, you gained the right to learn that it had been used for an adverse action--the right to look at, the right to dispute, the right to correct, and then the right to enforce all of those rights if they would not correct your report. In 1996, when Congress amended the Fair Credit Reporting Act to deal with a number of problems in the Act, industry insisted on a ``stealth'' amendment to the Act. I was there. Assistant Attorney General Brill was there---- Chairman Shelby. Explain ``stealth'' amendment. Mr. Mierzwinski. I am unaware that Congress held any hearings, Senator, as this hearing is being held today, on the issue of affiliate sharing. I am unaware of any record testimony on why industry needed an exception to the definition of ``credit report'' for affiliate sharing. There was one big markup in the House Banking Committee at the time where it was debated extensively, but we lost-- industry had the horses, they had the votes--but really, the Federal Trade Commission, consumer groups, the attorneys general, NAAG, we all opposed this, and we thought there would be significant problems posed by creating an exception. And as Professor Reidenberg has pointed out, under the affiliate sharing regime, information collected by affiliates becomes exempt from the Fair Credit Reporting Act. It is not regulated in any meaningful way, if at all, by the Fair Credit Reporting Act, and it is not regulated by the Gramm-Leach-Bliley Act. The Gramm-Leach-Bliley Act was passed in 1999. It has Title V, a private title, and Title V simply says that if you provide notice of your affiliate sharing practices, your information practices, you have the right to do whatever you want within your affiliates and even with, as Assistant Attorney General Brill pointed out, some third parties who are treated as if they are part of your corporate family. You do have a limited right to opt out of the sharing of your comprehensive experience and transaction information only if it is going to be shared with telemarketers who are selling nonfinancial products. Now, as Mr. Wong pointed out, the biggest companies--the ones with hundreds or thousands of affiliates--are able to develop databases of information that has been laundered outside the protection of the Fair Credit Reporting Act. Even credit reports, not just the experience information, but credit reports and information from your applications, information from your references, can also be collected in these corporate entities, although that so-called ``other'' information, as opposed to the experience information, is subject to an opt out. They can use that information to create an unregulated in- house credit bureau. Chairman Shelby. How widespread is that? Mr. Mierzwinski. I think the biggest companies have the biggest databases. I think they are all doing it. We talk about this as a privacy issue, Senator, but really, the potential is that it is a consumer protection issue. And I cannot stress enough that when we have unregulated use of affiliate information, consumers do not gain the comprehensive bundle of rights that they gain under the Fair Credit Reporting Act. In the debate that has occurred over the continuation or extension--what industry calls ``reauthorization''--of the temporary preemption amendments, I think there has been a lot of misleading information out there. First, of course, the notion that industry is for opt out, and consumers are for a harsh opt in--industry is actually for no opt. That is what we have under Gramm-Leach-Bliley, is no opt, and that is what they vastly prefer--no choice for consumers. Second, this representation that information sharing will come to a grinding halt if we give consumers privacy rights is fallacious as well. Gramm-Leach-Bliley provides a number of exceptions for underwriting, for fraud control, for the public safety, for completing a consumer's own account requests. You can have a call center even with financial privacy. You can have multiple accounts with one database even with financial privacy. It is just flat-out wrong to claim that if consumers have the right to control their information for secondary purposes, all information would grind to a halt, and we would be living in caves. That is basically the summary of my testimony. I know I have run out of time. There is a lot more in my testimony. I also want to point out my House testimony from 2 weeks ago goes into great detail about other problems with the Fair Credit Reporting Act. I want to say finally, of course, that the Sarbanes Amendment to the Gramm-Leach-Bliley Act is a very critical amendment. That is the amendment that was added in conference that allowed the States to enact stronger financial privacy laws; and California is considering a stronger law. California's champion, Jackie Spear, has compromised with the industry, yet the industry still opposes her bill. She has even agreed that industry could have some information kept in no opt silos, other information would be under an opt out, some third- party sharing would be under an opt out, and some would be under an opt in. She has compromised, yet industry still opposes her reasonable bill. Consumers Union, CalPERG, and other groups are prepared to go to the ballot. But I think it is important that this Committee look at what industry is doing to chill efforts by other States around the country to emulate what California is trying to do by claiming that the Gramm-Leach-Bliley Act's preservation of the Fair Credit Reporting Act trumps the explicit provision giving States greater financial privacy rights. We think that that is wrong. We think that the Fair Credit Reporting Act's exception simply says that they are not a credit bureau when they share information. We do not like that, but it should not go any further than that. I want to conclude by saying that we would appreciate the Committee continuing its detailed deliberations on this issue and to consider this--if you extend the preemption and take away States' rights forever, it would be very difficult for the States, who are more nimble, to find local problems, identify them, and react to them quickly, as Vermont did, as Massachusetts did, as California did, before Congress ever acted in 1996. Remember that last year, even Enron was not enough to guarantee passage of the corporate reform bill. Sarbanes-Oxley legislation was only passed after Worldcom came to our door as well. Thank you very much. Chairman Shelby. Ms. Maynard. STATEMENT OF ANGELA L. MAYNARD CHIEF PRIVACY EXECUTIVE AND COUNSEL, KEYCORP ON BEHALF OF THE FINANCIAL SERVICES ROUNDTABLE Ms. Maynard. Mr. Chairman and Members of the Committee, my name is Angela Maynard, and I am the Chief Privacy Executive and Counsel for KeyCorp, or Key, an $86 billion financial services company headquartered in Cleveland, Ohio. Key is a member of the Financial Services Roundtable, and I am appearing on behalf of the Roundtable today, as well as the customers, employees, and shareholders of Key. I appreciate the opportunity to testify before the Committee on the role of affiliate sharing under the Fair Credit Reporting Act. FCRA is central to our national credit system. The Roundtable and Key support the affiliate sharing provisions of FCRA, and we urge the Committee to renew the provisions of FCRA that are scheduled to expire. The Roundtable has found that failure to renew key provisions of FCRA will result in higher credit costs for consumers, decreased credit availability for those least advantaged, and reduced customer spending. The Roundtable has found that the customers of its member companies have saved an estimated $8 billion as a result of information sharing within affiliates. Moreover, the Roundtable has found that contrary to common perception, targeted marketing reduces the number of solicitations consumers receive. Like many other financial services companies, Key owns a number of subsidiary companies, all of which qualify as affiliates for purposes of FCRA. However, less than 20 companies that Key owns provide products and services directly to consumers. Moreover, we have diligently tried to reduce this number, and it is only due to regulatory and tax laws that we continue to operate with multiple affiliates. To our customers, however, Key is not a collection of separate companies. It is a single entity that offers a variety of financial products and services. Key uses the affiliate sharing provisions of FCRA in many ways that help consumers. Affiliate information sharing permits us to provide products and services that meet specific needs of our customers. To do this, we must understand a consumer's financial needs and financial profile. Affiliate sharing allows us to gather that data. Once we have an understanding of our customers' needs and financial profile, we can determine what products and services are the best fit for that customer. Affiliate sharing allows us to deliver financial products and services efficiently. It eliminates the need for customers to deal separately with different Key employees at different locations. Affiliate sharing accelerates account application and approval procedures. When we can use existing customer information that is maintained by a Key company, we can reduce the need for a customer to spend time gathering papers and finding information necessary to complete an application. Using existing customer information also enables us to accelerate our review process. Key offers several products that straddle affiliates. For example, Key's Total Access Account connects a brokerage account with a bank deposit account. Customer information must be shared between our brokerage and our bank to allow this and similar cross-affiliate products to coexist. Combined statements and online account aggregation services are other examples of services that are a direct result of affiliate sharing. Key uses affiliate sharing to maintain and grow customer relationships. One way we achieve this is through relationship- based pricing and discounts for customers who maintain multiple accounts across Key. Affiliate sharing allows Key to determine which customers qualify for discounts and other pricing breaks. Affiliate sharing helps us to respond to customer inquiries and to update customer information. With access to shared information, a single Key employee can assist a customer with almost any request. This saves the customer the time and nuisance of separate visits and multiple telephone calls. Affiliate sharing also helps Key manage data quality across the organization, and maintaining the accuracy of customer information is critical in our fight against identity theft. Centralized functions--such as call centers, operations centers, analytics, and product development--all require information sharing across affiliates. Consolidating functions improves expertise, allows us to better manage risks, and significantly reduces operating expenses. These benefits are passed on to the customer in the form of better service and lower costs. In order to ensure that our marketing efforts benefit our customers, we use affiliate sharing to understand our customers' needs. We do not market products to consumers who have requested us not to solicit them. Information sharing among affiliates is critical in our efforts to fight fraud. Gathering and sharing information on the accounts across the organization is the only means to effectively address this serious problem. Having access to information across affiliates increases the speed with which Key can assist a victim of fraud and identity theft. Finally, affiliate sharing is a critical component to Key's compliance efforts with antimoney laundering laws. In conclusion, the Roundtable and Key support the affiliate sharing provisions of FCRA. We firmly believe that the statute strikes an appropriate balance between consumer protection and corporate structure, and we urge the Committee to make the existing provisions of FCRA permanent and thereby reaffirm our national credit system. Chairman Shelby. Thank you very much. As an initial matter, I think it is worth noting that many of the information sharing practices that have been identified here today by the witnesses from the financial service firms are, in fact, practices that I believe have statutory authority to conduct independent of the Fair Credit Reporting Act. For example, doesn't Gramm-Leach-Bliley authorize information sharing, for example, to combat identity theft or customer request, among many others, and if this is the case, can some of you from the financial service industry help us understand why the Fair Credit Reporting Act affiliate sharing provisions are so important? Mr. Wong. Mr. Wong. Senator, I believe that the Gramm-Leach-Bliley law does deal with sharing of information but more in the context of third parties and not affiliate sharing. The FCRA is important because it deals with affiliate sharing of information, information that is needed for us to render services, products, to a customer in the manner that he or she expects. Chairman Shelby. Mr. Baloun. Mr. Baloun. Mr. Chairman, I am not an expert in the compliance area, but my understanding is that the Fair Credit Reporting Act allows affiliate sharing explicitly for financial institutions as Wells Fargo which is not a credit bureau. There is a tremendous investment that we make in gathering the information, and if we segregate that, I do not think we could spend the amount of money and the technology that we do to gather it all. FCRA allows us to use that technology to give more information to our customers; so we get to leverage it in additional sales and additional opportunities for our customers along with notification. That would be my interpretation. Chairman Shelby. Thank you. Ms. Brill, of the seven preemption provisions up for reauthorization, six involve, I believe, substantive national standards. I would like to review just briefly the standard in terms of the rules regarding affiliate sharing. Could you explain the standard again? Ms. Brill. Thank you. Yes, I will try the best I can. It is a confusing standard. Chairman Shelby. First, what are the practical differences between what we call ``experience'' and ``nonexperience'' information? Ms. Brill. First of all, the standard is contained in a definition that excludes from the definition of ``consumer reports'' certain types of information. As was pointed out by Mr. Mierzwinski, there were no Congressional hearings of which I am aware that went into really what this exclusion to the definition actually meant. Chairman Shelby. Some of us have been on the Committee for a long time. I have been here for 17 years, and Senator Sarbanes has been longer than I have. I do not remember any hearings, do you? Senator Sarbanes. No. Chairman Shelby. Okay. Go ahead. Ms. Brill. Okay. So our research was accurate. We were not able to find any. So it is unclear--there is not a lot of work out there by the Congress to help us understand what these words mean, so we are left with the actual words in the statute. What the statute provides is that information that is known as, ``transaction and experience information,'' which I will describe in a second, is automatically excluded from the definition of a ``consumer report.'' Other information which the Federal regulatory agencies including the OCC have defined as basically credit-related information is excluded from the definition of ``consumer report'' but only if financial institutions provide an opt out. That is more or less what it is. Now, the difference between transaction and experience and other information is that ``transaction and experience information'' include not only your account balance on your credit card, your payment history, and things like that, but it even goes into what you are actually purchasing. I believe that financial institutions and other retailers are collecting and mining the information about your actual purchases. That is transaction and experience information. In other words, it is information that the financial institution holds as a result of having an account with you. In contradistinction, the other information for which the financial institutions have to give a notice and opt out is information they obtain from third parties. Primarily and foremost among that is credit reporting information. Also, it is information that they might have as a result of an employment investigation if they are going to hire you; that information is also considered other information. Have I answered your question? Chairman Shelby. You have. Mr. Mierzwinski, do you want to comment on that briefly? Mr. Mierzwinski. I would agree with all of that, and just to restate what I said earlier, the definitions create these as exceptions. They really actually do not provide a scheme of regulation. And even though there is an opt out for the other information, as the professor pointed out earlier, if Affiliate 1 obtains your credit report and uses it for an adverse action, it must provide you with an adverse action notice. However, if Affiliate 1 shares your credit report--if you had not opted out, if you did not understand the opt out---- Chairman Shelby. Does this distinction make sense to you? Mr. Mierzwinski. They get the credit report totally clean of any consumer rights if they give it to Affiliate 2. Chairman Shelby. Senator Sarbanes. Senator Sarbanes. Thank you very much, Mr. Chairman. This has obviously been a very interesting panel, and we appreciate the participation by the various panelists. This is an issue with some complexity and some great importance. Professor Reidenberg, I would like to ask you first--I want to make sure I understand this--is it the case that under the current system, if the data moves from the main enterprise to whom the consumer provides it to an affiliate, that affiliate then is free of some of the limitations or protections that apply to the data as far as its receipt by the main enterprise? Mr. Reidenberg. I believe that is correct. There would be one caveat to it. Take the case, for example, that I fill out a credit application that includes all sorts of financial data and other data about me, and I am given credit by the grantor. Ordinarily under the definitions, my application would have to be treated as a ``consumer report'' by the credit grantor. If that company shares my loan application data with an affiliate, the definition in Section 603 of affiliate sharing says that the credit grantor does not have to comply with all the protections in the statute to share the data with the affiliate. So if the affiliate wants to use the data for just general marketing purposes--a use that ordinarily would be prohibited-- the affiliate at that point--who acquired the personal information for marketing purposes--can do whatever it wants with the data. None of the protections apply. Senator Sarbanes. Whereas the enterprise that I provided it to to begin with could not; is that correct? Mr. Reidenberg. That is correct. Senator Sarbanes. All right. I just wanted to be clear on that. Mr. Reidenberg. There is one caveat that is important to recognize. If the affiliate acquired the data for credit decisions, then what the affiliate could then do with respect to third parties, unaffiliated companies, might come back within some of the protections of the statute. It is the initial transfer from Company 1 to Company 2 that is exempted under the definition. Senator Sarbanes. I want to be very clear about this. I am the consumer. I provide the information to Company 1. There are limitations on what Company 1 can do with it. Mr. Reidenberg. Correct. Senator Sarbanes. Company 1 then provides it to Company 2 which is an affiliate, and Company 2 is then free of those limitations, or at least some of those limitations. Is that correct? Mr. Reidenberg. By and large, that is correct; they are free of most of the limitations. Senator Sarbanes. Well, I have difficulty seeing the rationale for that, but I will defer because I have a number of other questions I want to ask, and my time is very short. Attorney General Brill, I would like to ask you--the Partnership to Protect Consumer Credit is running ads-- presumably, you have seen them. I understand that the Partnership to Protect Consumer Credit--a lot of work goes into picking the names of these groups--but I gather the National Retail Federation played a part in that; is that right, Mr. Prill? Mr. Prill. I do not know--yes. Senator Sarbanes. Yes. In this ad, they have a house with red tape all over it, and they say: ``Without a national consumer credit system, a new home could be a lot harder to move into.'' And then, they say it is going to be a bureaucratic nightmare of red tape with these States laws, and ``As a result, many Americans would face costly delays in purchasing a home, financing a car, or buying a big-ticket item.'' Now, of course, Vermont is able, with the grandfather clause, to provide extra protections. Have Vermonters encountered these costly delays referred to here in purchasing a home, financing a car, or buying a big-ticket item? Ms. Brill. No, absolutely not. Credit is very widely available in Vermont and at extremely low rates. Instant credit is available. We are able to go to ATM's across the Nation and obtain cash. We are able to obtain free checking---- Senator Sarbanes. That is enough; I have got to keep moving because my time---- Ms. Brill. Sorry. The answer to your question is no. Senator Sarbanes. Mr. Baloun, Wells Fargo's privacy policy states--this is off the Internet--``You have choices regarding how information about you is shared. If you would like to opt out of information sharing with outside financial companies and/or within the Wells Fargo family, your preferences will be honored and will apply to all accounts linked to your Social Security Number. If you choose to opt out of information sharing, please call the toll-free number that appears at the end of this disclosure.'' I gather that that obviously means you permit your customers to opt out of affiliate sharing; is that correct? Mr. Baloun. That is correct, Senator. Senator Sarbanes. If so, what problem would you have with the right of consumers to opt out of affiliate sharing under the Federal Credit Reporting Act? I take it it would not be a problem for you; it would only open up an opportunity for consumers who deal with institutions that do not provide this kind of privacy power. Would that be correct? Mr. Baloun. Senator, we grant our customers--at the time that an account is open, an opt out option and give them the materials. Then, we have set up the 800-number where they can contact--and let me go a step further. Once a year, we mail to our customers another notification, again giving them the opportunity to do a simple tear-off sheet if they want to opt out. Now, as a businessperson dealing with my three regions, we do talk with our customers and talk to them about the advantages of not opting out so we can share information with them. There are times when we may have mortgage products or something that is advantageous, and we will call our customers and talk to them about that, where they will actually end up getting cheaper rates or better deals. We cannot do that if they opt out. If they opt out, they have the right to do that, but we do not encourage them to because I can serve my customers better by being able to communicate with them--but they have the right. Senator Sarbanes. Do you think, generally speaking, that consumers should have this option that Wells Fargo offers to them? Mr. Baloun. It works for us. I do not really have a position for the industry. Senator Sarbanes. Let me very quickly ask Mr. Wong--you work in Europe and elsewhere, internationally, right? Mr. Wong. Yes, sir. We operate in over 100 countries. Senator Sarbanes. And you have to abide by the privacy provisions that apply in the European Union with respect to consumers there, do you not? Mr. Wong. Yes, sir, we do. Senator Sarbanes. Those privacy provisions are significantly more protective of the consumers' information than what exists in this country; would you say that that is generally the case? Mr. Wong. With some caveats, Senator. Senator Sarbanes. But you have been able to do business under those requirements. Mr. Wong. That is correct. Senator Sarbanes. Why does providing additional protections for consumers in this country seem to cause you so much concern? If you provide it over there so a European gets better protection, and if you can work, apparently, profitably and so forth under that circumstance, why does this create a problem for you? Mr. Wong. Senator, as I understand the European model, which people have described as an opt in model, the way it works is that if you are applying for credit, and should the lender offer you credit, the lender will condition the offer of that credit with you opting in to sharing of information. So the majority of customers seeking to obtain those products from that lender would in essence be opting in and therefore agreeing to sharing of that information. Senator Sarbanes. I have run over my time, and I know that Senator Bennett wants to ask some questions, and we have a vote. Chairman Shelby. Thank you, Senator Sarbanes. Senator Bennett. Senator Bennett. Have any of you ever applied for a home mortgage in a different State from the one in which you were previously employed prior to the passage of the Fair Credit Reporting Act? I have. It applies--I am sorry--to the red tape involved in the ad. It took me a month, moving from California to Utah, prior to the information sharing, even though I was dealing with the same bank, as they went through all of the red tape and all the rest of it. It was a nightmare. I got the home mortgage, I got the thing done, but I would be delighted to have had my bank in California to be able to tell the bank in Utah, ``We know this man; he is legitimate; his income is proper.'' I would have been thrilled with that experience. Is there any connection, Prill and Brill, with Vermont's position and the fact that that is the only State where you do not have a Target store--or is it pure coincidence? Just a quick ``yes'' or ``no.'' Mr. Prill. Senator, there are probably several factors there. Ms. Brill. I would say it has more to do with our environmental laws than anything, probably. Senator Bennett. Never mind. I do not want to get into that. I just thought it was very interesting that you were operating everywhere but Vermont, and Vermont talks about the grandfathered situation. Senator Sarbanes. Is it because of this privacy issue? Mr. Prill. No, Senator Sarbanes, I am not saying that. It is to that extent a coincidence, but we have no plans to build in Vermont, either. Senator Sarbanes. All right. Senator Bennett. All right. Well, the time is gone, and let me just share with you my reactions. Professor Reidenberg, you said ``We do not know.'' You gave us a lot of potentially difficult situations, and then you said ``We do not know.'' And the industry witnesses gave us concrete examples of things they had been able to do that had been better for the customer. My question would be this: Can anybody give me--among those who are opposing the extension of the affiliate provision--a concrete example, other than a single anecdote, that is, that can be quantified into some kind of analysis of how there has been definite consumer damage, because we have gotten concrete examples from the industry of consumer benefits. The consumer benefits have been fairly consistent between the different institutions, and we have a concrete number of the amount of money that has been saved by virtue of the affiliate sharing-- money which I presume in today's economic environment translates into lower consumer costs, because pricing power is very much absent in the present economy. So if companies are saving in the billions of dollars--and it can be documented--I assume you would not have put it in your testimony if it could not have been--companies are saving in the billions of dollars, and that is being translated into lower consumer costs by virtue of competitive pressures that says when you have that kind of savings, you pass it on competitively to try to get people to be with you rather than with your competition--if we have all of these documented benefits which consumers like--as I said, from my personal experience, I certainly would have liked getting that mortgage--can we get any concrete examples from the opponents of how consumers have been damaged? I have heard very careful legal arguments of things that could happen, but I have not heard any examples of things that have happened or people who have been damaged. And we have to run off to a vote, but if you could supply that for the record, I assure you I will read it very carefully. But that is where I come down on this. Chairman Shelby. And we will all read it if they will supply any of these answers. Senator Bennett. Yes. That is where I come down on this. It strikes me as a theoretical argument of this is what could happen and that could be bad versus this is 6 years of experience of things we have done that have been good. And my own background leads me to go with that which has happened rather than that which could happen. Thank you. Chairman Shelby. We have three stacked votes; that means we are going to have to accelerate this. Senator Sarbanes. Senator Sarbanes. Thank you very much, Mr. Chairman. I will be very brief, because I know the votes are pressing. In the course of responding to the question that Senator Bennett just asked, Mr. Baloun, I would particularly appreciate it if you would focus on the following situation. The Association of Community Organizations for Reform Now has written to Comptroller Hawke at the Currency about predatory lending issues involving Wells Fargo. In that letter, they say: ``We have seen various examples of referrals and other similar connections back and forth between the institutions embracing the affiliate institutions, unfortunately not in the direction of assuring A credit for A borrowers. One borrower family we know, for example, long-time customers of Wells Fargo Bank, went into a Wells Bank branch looking to refinance their home loan. After they provided the loan officer with information about themselves''--and apparently, the loan officer talked about a loan at about 5 percent and without closing costs--``they then got a call back from Wells Fargo Financial''--which I understand is your subprime lender; is that correct? Mr. Baloun. That is correct. They do make subprime loans. Senator Sarbanes. Yes. They are your subprime lending unit as I understand it. And contrary to these terms that at least had been put out to them originally as real possibilities, they ended up at a variable rate at 9\1/2\ percent and closing costs of 4 percent of their lender. Now, obviously, the information that came in to the bank then went out to the subprime lending affiliate subsidiary at Wells Fargo, and they then got in touch with these people. Could you look into that situation in the course of responding to the question that Senator Bennett put to you? Mr. Baloun. Yes. Senator Sarbanes. Thank you, Mr. Chairman. Chairman Shelby. Thank you. As I told you, we have three stacked votes, and it will take an hour or so before it is over, but I have a number of questions for the record, and other Members who were not here and in other hearings probably will. This has been a very interesting panel today, and I hope you would respond to those. I just want to touch on a few of them, but we will submit them. I'd be interested--I know you do not have time to answer this now--in what level of understanding does the average consumer have with respect to affiliate sharing? I think that's important. Does the number of affiliates a firm has affect this understanding? What about situations where the affiliates are engaged in entirely different lines of business? In other words, does it matter that a person recognizes that they have a relationship with a bank but may not know that the bank also owns a retail securities brokerage firm or a direct-mail operation where this information would be used, and other things? How important is a firm's brand to consumers in establishing their expectations with respect to the kind of relationship that they have with a company? How important is that brand? Should there be safeguards or best practices for sharing information within affiliates? Of course, I am also interested--and I think the Committee is for the record--that while called ``affiliate sharing provisions,'' some of these provisions actually allow companies to share information with entities that are outside their affiliate structures. Why is this necessary, and does it actually make sense? And do consumers have different concerns with respect to affiliate sharing versus third-party sharing? Should there be greater control over sharing information outside an affiliate structure than within an affiliate structure? In other words, should this provision be limited so that the only type of information sharing permitted is sharing with affiliate entities and so forth? We are going to submit other questions to you. Chairman Shelby. We appreciate very much you coming today and preparing. This is a very important piece of legislation. Thank you very much. [Whereupon, at 11:48 a.m., the hearing was adjourned.] [Prepared statements, response to written questions, and additional material supplied for the record follow:] PREPARED STATEMENT OF SENATOR JIM BUNNING Thank you, Mr. Chairman, for holding this very important hearing and I would like to thank our witnesses for testifying today. This is the third in a series of hearings on the Fair Credit Reauthorization Act. As we all know, the FCRA is a important issue for the financial industry and to consumers. There are differing opinions on the direction the FCRA should take. There are some who think we need to pass the FCRA with no changes, some who think we should pass the FCRA but with additional privacy and identity theft protections and some who think privacy decisions would be better left to the States. These hearings will be a great help to Members in deciding which is the best way to go. Affiliate sharing was something we addressed extensively during Gramm-Leach-Bliley and it seems to still be a point of contention. There are many questions being asked. Do consumers benefit from the flow of information between affiliates, or are there too many risks with this practice to warrant it? Is an ``opt in'' plan better than the current ``opt out'' program? Are the privacy statements too long and do they contain too much legalese? Or are consumers simply throwing the privacy notices out? What responsibilities do consumers have to keep themselves informed of the information sharing policies of the companies they do business with? What are the unintended consequences of legislation to change the current affiliate sharing status quo? I am looking forward to hearing these issues be hashed out. But I have another concern. I am very concerned about this economy. I am very worried about the possibility of a double-dip recession. I know that puts me at odds with more optimistic economic minds, like Chairman Greenspan, but contrary to popular belief, Chairman Greenspan is not always right. In fact, I think his decision to lower the prime interest rate yesterday by a quarter point was not nearly aggressive enough. He should have lowered the rate by a half point to further give the economy the shot in the arm it needs. Right now, the economy is just not where it should be, we are not growing like we can, and we are not creating jobs. If there is one thing that shakes the markets, it is uncertainty. I am afraid that the talk of not renewing the FCRA is creating a lot of uncertainty in the financial markets. If we have 50 different privacy standards, it will be difficult for financial companies to sell their products nationwide. If counties and municipalities get in the act, and some already have, it will be even more difficult. In this economic climate we need to promote a uniform standard for consumer reporting and not add more confusion and chaos. It is crucial we pass an FCRA extension this year. We must bring some certainty back to the markets if we are ever going to get this economy to grow and prevent a double-dip. Again, Mr. Chairman, thank you for holding this important oversight hearing. ---------- PREPARED STATEMENT OF JOEL R. REIDENBERG Professor of Law, Fordham University School of Law June 26, 2003 Mr. Chairman, Ranking Member, and distinguished Members of the Committee, I commend you for convening this hearing on affiliate sharing practices and their relationship to the Fair Credit Reporting Act and I thank you for the honor and privilege to appear before you. My name is Joel R. Reidenberg. I am a Professor of Law at Fordham University School of Law where I teach courses in information privacy, international trade, and comparative law. As a law professor, I have written and lectured extensively on the regulation of fair information practices in the private sector. My bibliography includes scholarly articles and two co-authored books on data privacy.\1\ Of relevance to today's hearing, I have studied and written about the Fair Credit Reporting Act (FCRA) and have advised both Federal and State Government agencies on FCRA litigation issues. I am a former Chair of the Association of American Law School's Section on Defamation and Privacy and have served as an expert advisor on data privacy issues to State and local governments, to the Office of Technology Assessment in the 103rd and 104th U.S. Congresses and, at the international level, to the European Commission and foreign data protection agencies. I appear today as an academic expert on data privacy law and policy and do not represent any organization or institution which I am or have been affiliated. --------------------------------------------------------------------------- \1\ Paul M. Schwartz & Joel R. Reidenberg, Data Privacy Law (Michie: 1996); Joel R. Reidenberg and Paul M. Schwartz, Online Services and Data Protection Law: Regulatory Responses (Eur-OP: 1998); Joel R. Reidenberg, Privacy Wrongs in Search of Remedies, 54 HASTINGS L. J.--(forthcoming); Lorrie Cranor & Joel R. Reidenberg, Can User Agents Accurately Represent Privacy Notices?, TPRC 30th Research Conference Paper #65 (2002) available at http://papers.ssrn.com/sol3/ papers.cfm?abstract_id=328860; Joel R. Reidenberg, E-commerce and Trans-Atlantic Privacy , 38 HOUSTON L. REV. 717 (2001); Joel R. Reidenberg, Resolving Conflicting International Data Privacy Rules in Cyberspace, 52 STANFORD L. REV. 1315 (2000); Joel R. Reidenberg, Restoring Americans' Privacy in Electronic Commerce, 14 BERKELEY TECH. L. J. 771 (1999): Joel R. Reidenberg, Setting Standards for Fair Information Practice in the U.S. Private Sector, 80 IOWA L. REV. 497 (1995); Joel R. Reidenberg & Francoise Gamet-Pol, The Fundamental Role of Privacy and Confidence in Networks, 30 WAKE FOREST L. REV. 105 (1995); Joel R. Reidenberg, Rules of the Road on Global Electronic Highways: Merging the Trade and Technical Paradigms, 6 HARVARD J. LAW & TECH. 287 (1993); Joel R. Reidenberg, The Privacy Obstacle Course: Hurdling Barriers to Transnational Financial Services, 60 FORDHAM L. REV. S137 (1992); Joel R. Reidenberg, Privacy in the Information Economy--A Fortress or Frontier for Individual Rights?, 44 FED. COMM. L. J. 195 (1992). Copies of most of my articles may currently be found on my website at: http://reidenberg.home. sprynet.com. --------------------------------------------------------------------------- My testimony will focus on three points: (1) the U.S. credit reporting system needs strong privacy protections to preserve a robust national information economy; (2) the affiliate sharing provisions of the 1996 Amendments create significant unrecognized loopholes that eviscerate the protections of the FCRA; and (3) the affiliate sharing loopholes pose that security risks and a threat to the soundness of the U.S. credit reporting system. I recommend that Congress either eliminate the affiliate sharing loopholes or leave the 1996 sunset clauses alone so that States are reauthorized to protect their citizens against abusive practices under the affiliate sharing loopholes. I further recommend that, before taking any other type of legislative action, Congress should investigate thoroughly these broader implications of affiliate sharing. Congress must have a much deeper factual knowledge of the specific types of credit report data that is shared among affiliated companies and a much deeper knowledge of the specific uses, disclosures, and onward transfers that are made by the affiliated recipients outside the protections of the FCRA for citizens' privacy. Strong Privacy Protections are Essential for the Credit Reporting System The FCRA was enacted in 1970 as a response to significant abuses in the nascent credit reporting industry. Decisions affecting citizens' lives were being made in secret with bad data. Congress heard extensive testimony during the late 1960's on the unfair and abusive information practices that voluntary industry guidelines failed to prevent. These included the release of credit information to noncredit grantors, the dissemination of inaccurate credit information, the inability of consumers to gain access to their credit reports, and the difficulty of consumers to obtain correction of erroneous information.\2\ Scandals and distrust were harming the marketplace. --------------------------------------------------------------------------- \2\ See e.g. S. Rep. 91-517, 91st Cong., 1st Sess. (1969); Hearings on Commercial Credit Bureaus before the House Special Subcommittee on Invasion of Privacy of the Committee on Government Operations, 90th Cong., 2nd Sess., March 12-14, 1968; Hearings on Fair Credit Reporting S. 823 before the Senate Subcommittee on Financial Institutions of the Committee on Banking and Currency, 91st Cong., 1st Sess. (May 19-23, 1969). --------------------------------------------------------------------------- In enacting the original FCRA, Congress wanted to assure the efficiency and integrity of the U.S. banking system. The statute became the cornerstone of U.S. privacy law. Congress recognized fair information practices were essential for vibrant credit markets and expressly sought, ``to prevent an undue invasion of the individual's right of privacy in the collection and dissemination of credit information.'' \3\ --------------------------------------------------------------------------- \3\ S. Rep. 91-517, 91st Cong., 1st Sess. 1 (1969). --------------------------------------------------------------------------- The FCRA Established the Principles of Opt In Consent and the Fair Treatment of Personal Information At the time of enactment, the FCRA was an extraordinary and unique statute precisely because the law set a new standard for strong privacy protection. The FCRA established a then-novel system of opt in permission for the dissemination of credit report information. The statute defined a specific set of permissible purposes for which the disclosure of credit report information was authorized. These purposes related directly to the reasons for which collected data was gathered and were generally limited to the extension of credit, insurance, or employment. Any other disclosure of credit report information required the written consent of the consumer. Among other important innovations for fairness, the law created transparency in the industry by granting a consumer the right of access to credit report information and by requiring the industry to identify the recipients of credit reports. The law further provided rights for consumers to dispute inaccurate information contained in their credit reports. Finally, the FCRA included due process safeguards before a consumer reporting agency could disclosure credit report information to Government agencies or law enforcement. This overall framework provided a bedrock set of standards for fair information practices. The FCRA Never Created an Overall ``Uniform National Standard'' From the start, however, Congress recognized that the credit reporting industry would be likely to evolve significantly and that even greater privacy and fairness could benefit the banking industry. As a result, Congress permitted the States to enact stronger privacy protections for credit reporting since stronger State statutes promoted the main goals of the original FCRA. In fact, at the time of enactment, this Committee specifically endorsed the position of State officials who testified at Senate hearings expressing, ``a need for Federal legislation to supplement any future State legislation which may be enacted.'' \4\ --------------------------------------------------------------------------- \4\ S. Rep. 91-517, 91st Cong., 1st Sess. 3, 8 (1969). --------------------------------------------------------------------------- The major subsequent fair information practice laws similarly adopted this policy and waived Federal preemption. For example, the Financial Services Modernization Act, the Health Insurance Portability and Accountability Act, the Cable Communications Policy Act, and the Video Privacy Protection Act, each expressly waived, in whole or in part, Federal preemption. Despite industry's wishful repetition at a plethora of hearings this spring,\5\ the FCRA never intended nor did it create an overall ``uniform national standard.'' Instead, the statute established a minimum set of Federal standards that have always been supplemented by varying State laws. --------------------------------------------------------------------------- \5\ See e.g. Hearing on ``The Growing Problem of Identity Theft and Its Relationship to the Fair Credit Reporting Act'' before the Senate Banking Committee, 108th Cong., 1st Sess. (June 19, 2003); Hearing on ``Fair Credit Reporting Act: How It Functions for Consumers and the Economy'' before the Subcommittee on Financial Institutions and Consumer Credit of the House Committee on Financial Services, 108th Cong., 1st Sess. (June 4, 2003); Hearing on ``the Importance of the National Credit Reporting System to Consumers in the U.S. Economy'' before the Subcommittee on Financial Institutions and Consumer Credit of the House Committee on Financial Services, 108th Cong., 1st Sess. (May 8, 2003). --------------------------------------------------------------------------- By 1996, when Congress adopted a number of significant amendments to the FCRA, the credit reporting industry had grown dramatically and, indeed, operated nationwide in a seamless fashion notwithstanding diversity at the State level. In testimony earlier this month before the House Subcommittee on Financial Institutions and Consumer Credit, Vermont Assistant Attorney General Julie Brill thoroughly documented the significant variations among State laws.\6\ --------------------------------------------------------------------------- \6\ Hearing on ``Fair Credit Reporting Act: How It Functions for Consumers and the Economy'' before the Subcommittee on Financial Institutions and Consumer Credit of the House Committee on Financial Services, 108th Cong., 1st Sess. (June 4, 2003) (Statement of Julie Brill, Assistant Attorney General for Vermont). --------------------------------------------------------------------------- Nevertheless, among the 1996 FCRA Amendments, Congress included a temporary and partial preemption clause that prevents States for another 6 months from implementing certain types of stronger credit reporting provisions. Notwithstanding the temporary and narrow preemption, the 1996 Amendments explicitly exempted the stronger California, Massachusetts, and Vermont statutes from specific elements of the narrow preemption.\7\ Hence, even the 1996 Amendments did not create an overall ``uniform national standard.'' --------------------------------------------------------------------------- \7\ 15 U.S.C. 1681t(b)(1)(F). --------------------------------------------------------------------------- State Differences Do Not Appear To Impede Credit Reporting or Financial Decisionmaking The fairness rules and opt in approach contained in the FCRA enabled the credit reporting industry to progress from its fragmented, chaotic, and abusive period in the late 1960's to a successful, respected component of the U.S. information-based economy. The FCRA obligations coupled with the ability of States to enact stronger protections, in effect, created today's thriving national infrastructure of credit reporting. Industry-funded projects, however, assert the imminence of a ``parade of horribles'' should Congress not support industry's desire to preclude stronger State privacy laws. Key ``findings'' from these projects are based on ideological hyperbole rather than comprehensive and accurate analysis. For example, some have argued that strong credit reporting rules overseas substantially hinder the ``miracle of instant credit'' and result in much higher interest rates or more onerous borrowing conditions.\8\ These arguments have no apparent basis in fact or analysis. No other major country to my knowledge has a comparable statute governing only credit report information. Comprehensive data privacy laws applicable to most processing of personal information do exist outside the United States such as those in Canada, in the United Kingdom and throughout Europe under European Directive 95/46/EC. These laws typically apply to credit reporting and are generally more protective of consumers than the FCRA. However, foreign consumer credit markets are structured by banking law, bankruptcy law, real estate law, and consumer protection laws that often deviate significantly from those in the U.S. legal system. The attribution of differences in credit markets to general data privacy laws without examination of the direct regulatory constraints on credit relationships such as interest rate regulation, down payment restrictions, or legal protections for security interests is specious and a misrepresentation of foreign privacy law. --------------------------------------------------------------------------- \8\ Hearing on ``the Importance of the National Credit Reporting System to Consumers in the U.S. Economy'' before the Subcommittee on Financial Institutions and Consumer Credit of the House Committee on Financial Services, 108th Cong., 1st Sess. (May 8, 2003) (Statement of Michael E. Staten, Director, Credit Research Center, McDonough School of Business, Georgetown University), at p. 6. --------------------------------------------------------------------------- Others have even argued that, ``increased competition, driven in part by prescreening, has caused [credit card] interest rates today to be . . . lower overall'' \9\ as compared to 1990. Yet, the ``analysis'' omitted any mention of the dramatic drop in the prime rate that many card issuers use to calculate their credit card interest rates. In fact, between 1990 and 2002, the prime rate declined from 10.01 percent to 4.67 percent.\10\ Most rational observers would give Chairman Greenspan and the Federal Reserve the acclaim for declines in credit card rates rather than prescreening. --------------------------------------------------------------------------- \9\ See Michael Turner, The Fair Credit Reporting Act: Access, Efficiency and Opportunity--The Economic Importance of Fair Credit Reauthorization, at 65 (Information Policy Institute: June 2003). \10\ See Federal Reserve System, Rate of interest in money and capital markets: Prime rate (not seasonally adjusted, 12 months ending in December) available at http://www.federalreserve. gov/releases/h15/ data/a/prime.txt. --------------------------------------------------------------------------- To my knowledge, there is no study or evidence that examines the actual, existing differences among State protections and that shows these stronger protections demonstrably impede the credit reporting system. Indeed, to my knowledge, no industry group has examined the effects of the three stronger State statutes recognized by Congress under the 1996 Amendments on either the credit markets in those States or on the nationwide industry. This is not surprising. A rudimentary look at Federal statistics suggests that credit decisions in these States benefit both lenders and consumers. Consumer bankruptcy filings per household, a basic sign of bad credit decisions, are markedly better for the three States with statutes recognized by Congress as more protective of consumer information. Vermont ranks 50th with the lowest rate of consumer bankruptcies in the Nation, Massachusetts is 49th and California comes in below the median at 27th.\11\ --------------------------------------------------------------------------- \11\ American Bankruptcy Institute, U.S. Bankruptcy Filing Statistics: Households per filing, Rank (2003) (using ``statistics based on data from the Administrative Office of the U.S. Courts (2002 bankruptcies) and the U.S. Bureau of the Census.'') available at http:/ /www. abiworld.org/stats/householdrank.pdf. --------------------------------------------------------------------------- Similarly, Federal statistics on interest rates seem to indicate that States with stronger credit reporting laws have lower rates. The most current annual Federal mortgage loan data indicates that the effective rate on a conventional mortgage for 2002 was 6.25 percent in California, 6.43 percent in Massachusetts and 6.59 percent in Vermont.\12\ All were below the national median and California had the lowest rate in the Nation. Vermont Assistant Attorney General Julie Brill has also noted in testimony presented to the House Subcommittee on Financial Institutions and Consumer Credit that Vermont has the second lowest auto loan rates in the country and the other more privacy protective States rank well with low rates.\13\ --------------------------------------------------------------------------- \12\ Federal Housing Finance Board, Periodic Summary Tables: Table IX--Terms on Conventional Home Mortgages 2002 available at http:// www.fhfb.gov/MIRS/mirstbl9.htm. \13\ Hearing on ``Fair Credit Reporting Act: How It Functions for Consumers and the Economy'' before the Subcommittee on Financial Institutions and Consumer Credit of the House Committee on Financial Services, 108th Cong., 1st Sess. (June 4, 2003) (Statement of Julie Brill, Assistant Attorney General for Vermont). --------------------------------------------------------------------------- While these statistics leave out important elements for a thorough assessment of the impact of stronger State laws such as a correlation with State unemployment data for bankruptcy filings and noninterest transaction costs for home mortgage loans, the data does show that the horror stories circulating about the preemption provisions make good theater, but reflect poor research.\14\ --------------------------------------------------------------------------- \14\ See also, Robert Gellman, No Fair Fight over FCRA Provisions, DM News, May 5, 2003, pp. 12-13. --------------------------------------------------------------------------- In fact, other countries with comprehensive data protection statutes such as Canada, demonstrate that robust credit information services can co-exist with strong, comprehensive data privacy laws. For example, one major U.S. credit reporting agency operating in Canada offers a typical credit report for Canadians that contains information strikingly similar to the typical report for Americans. In the United Kingdom where a comprehensive data privacy law also applies, major credit card companies offer instant approvals for platinum cards just as they do in the United States. Weakening of Privacy Protections Raises Uncertainty and Decreases Confidence The bottom line is that strong privacy protections are essential for public confidence in the integrity of financial services in the United States. Without adherence to strict fair information practices, financial markets will face uncertainty because the risk of newsworthy privacy scandals increases such as those commited by Citibank,\15\ U.S. Bancorp,\16\ Fleet Bank,\17\ or Chase Manhattan.\18\ The weakening of fair information practice standards at the Federal level or the preclusion of stronger State protections puts companies at greater risk for privacy scandal and diminishes public trust in the fairness of industry treatment of personal information. --------------------------------------------------------------------------- \15\ See National Assoc. of Attorneys General, Press Release: Multistate Actions: 27 States and Puerto Rico Settle With Citibank (Mar. 1, 2002) available at http://www.naag.org/issues/20020301-multi- citibank.php. \16\ See Minn. Attorney General Press Release, Minnesota Attorney General and U.S. Bancorp Settle Customer Privacy Suit (July 1, 1999) available at http://www.ag.state.mn.us/consumer/privacy/pr/ pr_usbank_07011999.html. \17\ See N.Y. Attorney General Press Release, Fleet Bank Agrees to New Privacy Protections (Jan. 16, 2001) available at http:// www.oag.state.ny.us/press/2001/jan/jan16b_01.html. \18\ See N.Y. State Dept. of Law, Annual Report 2000, at 24 (2000) available at http://www.oag.state.ny.us/2000AnnualReport.pdf. --------------------------------------------------------------------------- The Affiliate Sharing Loophole Eviscerates FCRA Protections The FCRA created fundamental fairness in the treatment of personal information through adherence to the basic principle that information collected for one purpose should not be used for different purposes without the individual's written consent. Surveys show that 95 percent of Americans object to secondary use of personal information.\19\ For information used to make financial decisions about consumers, citizens believe that fairness requires opt in permission. In 2001, citizens in North Dakota had the first and only opportunity in the Nation to take a real position at the polls on the dissemination of their personal financial information. The North Dakota State legislature had just watered down financial privacy from an opt in rule on third-party data sharing to an opt out rule. The citizens of North Dakota revolted. By an overwhelming 72 percent majority, the voters of North Dakota approved a referendum restoring the old opt in rule and rebuking the legislature's weakening of privacy standards. --------------------------------------------------------------------------- \19\ Harris Interactive/Privacy & American Business Poll, Privacy On and Off the Internet: What Consumers want (Feb. 7, 2002) available at http://www.aicpa.org/download/webtrust/priv_rpt_21mar02.pdf. (53 percent of those polled reported a ``major concern'' while only 5 percent were ``not concerned'' if ``the company will use my information outside of the specific transaction for which it was intended (for example, to offer me other products and services)''). --------------------------------------------------------------------------- Previous to these expressions of public opinion, Congress introduced in 1996 a significant deviation from the FCRA's historical commitment to this fundamental permissible purpose principle. Congress amended the definition of a ``consumer report'' in Section 603(d) to exclude information shared among companies affiliated by common ownership or control. This deviation allows organizations to escape the fair information practice obligations of the FCRA for information that would otherwise be covered when such data is disseminated to affiliates. Those affiliated companies will not be subject to important FCRA requirements including those of use only for a permissible purpose, access, accuracy, and civil liability. Congress permitted this departure from the core principle only if the company provided consumers with notice of affiliate sharing and an opportunity to opt out. The far-reaching consequences of this deviation as a result of the successful liberalization of the financial services sector have not, however, been recognized or subject to public scrutiny. Large groups of affiliated financial and nonfinancial organizations can now easily engage in exactly the same behavior that Americans find troubling--the dissemination of confidential credit report information for a wide range of activities unrelated to the purpose of collection--and escape the obligations of consumer reporting agencies and the opt in rule. The Blanket Exemption for Experience and Transaction Data Opens a Pandora's Box The 1996 Amendments first create a blanket exemption from FCRA protection for experience and transaction data. Section 603(d)(2)(A)(ii) excludes from the definition of ``consumer report'' any communication of experience or transaction data among ``persons related by common ownership or affiliated by corporate control.'' This means that organizations may disseminate experience and transaction data such as credit card performance information, insurance status, or brokerage account activity among related companies without key protections under the FCRA such as accuracy. If, however, the organization qualifies as a financial institution under the Gramm- Leach-Bliley Act, then the GLBA will require the organization to provide notice of its sharing practices to the consumer. But, under the GLBA, consumers will not have any right to dispute erroneous information, access the information, or even opt out of the sharing. The breadth of this exemption is likely to be very large with organizations such as Citibank that have an extraordinary array of related companies. At the same time, the scope of this exemption is also poorly understood. Industry practices are not transparent and consumers do not have access to specific information on the types of transaction and experience data that is shared nor do they have access to the identities of the actual recipients of such data and nor do they have information about the specific purposes for which the data is actually used by an identified affiliate. If this exemption is retained, I believe that Congress needs to investigate the reach of this exemption. Affiliate Sharing Allows the Circumvention of Basic Protections The most sweeping damage to the FCRA's fairness principles comes from the next part of the affiliate sharing exemption. Section 603(d)(2)(A)(iii) excludes ``communications . . . [to] persons related by common ownership or by corporate control'' from the definition of ``consumer report.'' To qualify for the exemption, the company must provide a one-time ``clear and conspicuous'' notice and must provide a single opportunity to opt out. Experience with the GLBA teaches that this limitation, however, is not likely to be particularly informative or useful for consumers. Some companies justify this affiliate sharing provision by arguing that corporate families should be treated as one unit for consumer privacy purposes because corporate organizational structure does not have an effect on consumers.\20\ This claim is simply not credible. The existence of separate entities to avoid consolidated legal liability confuses operational responsibility for privacy, impacts consumers seeking to assure the fair treatment of their personal information, and undermines consumers seeking legal redress for violations. A confusing maize of companies helped Enron obscure its true behavior. The same holds true for affiliates sharing personal information. --------------------------------------------------------------------------- \20\ Hearing on ``The Role of FCRA in the Credit Granting Process'' before the House Committee on Financial Services Subcommittee on Financial Institutions and Consumer Credit, 108th Cong., 1st Sess. (June 12, 2003) (Statement of Martin Wong, General Counsel, Citigroup Global Consumer Group) (testifying that, ``Corporate structure is usually driven by concerns that do not affect the customer, such as the company's history of acquisitions or by corporate tax, legal, and accounting concerns.'') --------------------------------------------------------------------------- The exemption for affiliate sharing means that credit report information loses protection when shared with far-flung related companies. Affiliated recipients can use and disseminate credit report information and ignore the fairness principles of use only for permissible purposes, consumer access (when no adverse credit, employment, or insurance decision is made), storage limitations for obsolete data or obligations for the correction of erroneous information. A consumer reporting agency might, for example, sell credit score information to one company as a permissible disclosure under the FCRA. If that purchaser were to transfer the score to an insurance affiliate, the transferred score would be excluded from the definition of ``consumer report'' and most of the consumer protection provisions would not apply. In effect, the exemption undermines the entire philosophy of the FCRA. Industry statements indicate that this mechanism is already being used to subvert the original protections of the FCRA: Decisions are made once again from data outside the general reach of consumers and without any consumer recourse. For example, TransUnion promotes the use of affiliate sharing for underwriting decisions.\21\ Citibank reported to Congress earlier this month that it, ``shares information among our affiliates . . . [including] credit application and credit bureau data, as well as information on our transactions with the customer.'' \22\ MBNA indicates that it shares credit eligibility information including credit reports among affiliates.\23\ These are precisely the uses of personal information that the original FCRA sought to cover. --------------------------------------------------------------------------- \21\ Hearing on ``The Role of FCRA in the Credit Granting Process'' before the House Committee on Financial Services Subcommittee on Financial Institutions and Consumer Credit, 108th Cong., 1st Sess. (June 12, 2003) (Statement of Harry Gambil, CEO, TransUnion), at p. 8. \22\ Hearing on ``The Role of FCRA in the Credit Granting Process'' before the House Committee on Financial Services Subcommittee on Financial Institutions and Consumer Credit, 108th Cong., 1st Sess. (June 12, 2003) (Statement of Martin Wong, General Counsel, Citigroup Global Consumer Group), at p. 4. \23\ See MBNA Privacy Notice, http://www.mbna.com/privacy.html (visited June 23, 2003). --------------------------------------------------------------------------- The enormous scope of this exemption can be illustrated by a few examples of possible practices among related companies. U.S. Bancorp included in its cardholder agreement a disclosure that said, ``We share customer information within our organization . . . to better meet your needs'' and provided instructions to opt out of affiliate sharing. At the same time the company was settling a claim brought by the Minnesota Attorney General for disclosures of customer information to third parties, the company purchased Gargoyles--a company that designs and markets sunglasses.\24\ Would any consumer reasonably understand that Gargoyles might receive copies of the customer's credit application or transaction history? While information is not available to determine if U.S. Bancorp actually transferred client data to Gargoyles, the affiliate sharing provisions would disturbingly allow the transfer of credit report data to Gargoyles for sunglass marketing purposes. Gargoyles would then be free to redisseminate the information outside the confines of the FCRA. --------------------------------------------------------------------------- \24\ See Minnesota v. U.S. Bank (Settlement dated June 6, 1999) available at http://www.ag.state.mn.us/consumer/privacy/PR/pr_usbank_ 06091999.html (visited June 23, 2003); U.S. Bank, SEC Form Schedule 13D for Gargoyles (filed with the SEC, June 11, 1999) available at http:// www.sec.gov/Archives/edgar/data/1016278/0001047469-99-023944-index. html. --------------------------------------------------------------------------- The potential circumventions are similarly disturbing when the affiliations of consumer reporting agencies are considered. TransUnion, for example, belongs to the Marmon Group.\25\ The group affiliates companies in a wide range of businesses including one in the syringe needle business and another in residential water treatment.\26\ If TransUnion provided notice of affiliate sharing and an opt out, the company could transfer credit reports to these affiliates. Experian is in the same situation. Great Universal Stores, a British company owns Experian, as well as Metromail and Burberry.\27\ If Experian were to provide notice of affiliate sharing and an opt out, Experian could share the credit reporting database with Metromail, a marketing company that paid $15 million to settle a lawsuit because the company was caught disclosing sensitive personal information to jailed convicts for processing.\28\ Burberry could also supply credit report information to Metromail outside the protections of the FCRA. --------------------------------------------------------------------------- \25\ See The Marmon Group: Companies, http://www.marmon.com/ Companies.html (visited June 19, 2003). \26\ See The Marmon Group: Companies, http://www.marmon.com/ Companies.html (visited June 19, 2003). \27\ See Great Universal Stores Interim Report 2002, at p. 2. (Nov. 21, 2002); GUS plc News: Great Universal Stores completes acquisition of Metromail Corporation, Apr. 4, 1998 available at http:// www.gusplc.co.uk/gus/news/gusarchive/gus19998/1998-04-28. \28\ See Dennis v. Metromail, No. 96-04451 (Travis Cty D. Tex., June 7, 1999). Settlement agreement available at http://www.entwistle- law.com/news/cases/settled/pdf/newmetronot.pdf. --------------------------------------------------------------------------- As it turns out, both Experian provides notice of affiliate sharing and opt out choices to a growing number of consumers. The company offers consumers online access to their credit reports and monitoring services. Experian appears to use registration for these services as a means in the legal boilerplate to provide notice and opt out for affiliate sharing.\29\ In other words, consumers particularly concerned about the sanctity of their credit reports are likely to enable inadvertently the sharing of their data by the credit reporting agency with affiliates outside the protections of the FCRA. No information, however, is readily available to determine whether Experian actually shares data with these affiliates or others. --------------------------------------------------------------------------- \29\ See Experian's Scorecard Privacy Policy, http:// scorecard.experian.com/creditexpert/common/privacy__policy.asp (visited June 24, 2003) (``We may disclose any of the information that we collect to our affiliated companies. . . . If you prefer that we do not share information with affiliated companies, you may opt out of these disclosures.''). --------------------------------------------------------------------------- If these uses are or become widespread, then the FCRA loses both effectiveness and credibility. Since affiliate sharing generally escapes the transparency and accuracy obligations of the FCRA, there is no way for a consumer to learn the magnitude of this problem. Even for those organizations regulated by the GLBA, affiliate sharing notices under the GLBA would not provide sufficient detail for a consumer to realize that a company like Experian might share with Metromail or that U.S. Bancorp might share with Gargoyles. If this loophole is closed, Congress can and should investigate whether companies have begun to circumvent the FCRA in this fashion. Affiliate Sharing Allows the Government To Engage in Surveillance Outside the FCRA Due Process Protections Sections 604 and 625 of the FCRA provide due process safeguards against Government surveillance of credit report information. Briefly, Government and law enforcement agencies may obtain credit report information for specified purposes with procedural safeguards or pursuant to a court order or a Federal Grand Jury subpoena or, in the case of counterintelligence investigations, a statutorily defined FBI certification.\30\ However, affiliate sharing means these due process protections for access by law enforcement can easily be circumvented. If consumer report information is shared with an affiliate, the data loses its ``consumer report'' status and the FCRA protections would not apply to subsequent disclosures by the affiliate. This loophole would be one way for the ``Total Information Awareness'' program, an effort already the subject of Congressional concern,\31\ to obtain detailed sensitive personal data on U.S. citizens and escape the need for compliance with privacy obligations. --------------------------------------------------------------------------- \30\ 15 U.S.C. Sec. Sec. 1681b(a)(3)(D), 1681b(a)(4), 1681f, 1681u. \31\ See e.g. Department of Defense, DARPA Report to Congress Regarding the Terrorist Information Awareness Program (May 20, 2003) http://www.darpa.mil/body/tia/TIA%20ES.pdf. --------------------------------------------------------------------------- A simple example of the possible sharing between two affiliated companies illustrates the magnitude of this potential problem. Equifax, the credit reporting agency, operates through a number of changing groups including the currently named U.S. Consumer Services Group.\32\ This apparent group of affiliates provides information services to Government clients. Equifax includes a statement in its Online Privacy Policy & Fair Information Principles informing consumers who request copies of their credit reports that, ``we may disclose any of the information, as described above [including Equifax credit file information], to affiliates which are companies that are related to us by common ownership or affiliated with us by common control'' and describing for consumers several opt out choices.\33\ Although the specific language of the current opt out choices might be insufficient to qualify for the affiliate sharing exemption, a simple clarification would clearly enable Equifax to transfer the credit report information to members of the U.S. Consumer Services Group who, in turn, could sell the data to Government agencies without an otherwise permissible purpose or court order. --------------------------------------------------------------------------- \32\ See Equifax, Annual Shareholders Report Form 10-K for the Fiscal Year Ended Dec. 31, 2002 (filed with the SEC on Mar. 23, 2003). \33\ Equifax Online Privacy Policy & Fair Information Principles (U.S. only) available at https://www.econsumer.equifax.com/consumer/ forward.ehtml?forward=privacypolicy (visited June 24, 2003) --------------------------------------------------------------------------- At present, I have no information to suggest that Equifax engages in this practice or that Government agencies or law enforcement officials are currently exploiting this loophole. I do, however, believe that this possible practice needs to be investigated if Congress does not eliminate this loophole. States May Not Protect their Citizens Prior to January 1, 2004 According to Section 624 of the FCRA, stronger State laws applicable to experience and transaction data and to affiliate sharing are temporarily preempted, with the exception of Vermont's affiliate sharing rule. If Congress allows these preemptions to sunset, the States will be reauthorized to protect their citizens against the circumvention of FCRA protections. The States can play a useful role experimenting and fine tuning workable solutions to the affiliate sharing loopholes. Security Risks and Threats to the Soundness of the Credit Reporting System The leakage of credit report information to affiliates for secondary purposes outside the protections of the FCRA increases security risks and threatens the integrity of the credit reporting system. Affiliate Sharing Enhances Identity Theft Risk The circulation of credit report information to affiliates outside the core permissible purposes and outside the overall protection of the FCRA increases the risk of identity theft. Reports indicate that identity theft often occurs as an ``inside job.'' In testimony to this Committee last week, U.S. Secret Service Special Agent Timothy Caddigan stated: ``The method that may be most difficult to prevent is theft by a collusive employee. The Secret Service has discovered that individuals or groups who wish to obtain personal or financial identifiers for a large-scale fraud ring will often pay or extort an employee who has access to this information through their employment at workplaces such as a financial institution, medical office, or Government agency.'' \34\ Wide ranging affiliate sharing increases the exposure of credit report information to the risk that a malevolent insider will steal data for identity theft. --------------------------------------------------------------------------- \34\ Hearing on ``The Growing Problem of Identity Theft and Its Relationship to the Fair Credit Reporting Act'' before the Senate Banking Committee, 108th Cong., 1st Sess. (June 19, 2003) (Statement of Timothy Caddigan, Special Agent In Charge Criminal Investigation Division, U.S. Secret Service). --------------------------------------------------------------------------- Not surprisingly, some lobbyists deny that the wider circulation of personal information through secondary use of credit report data facilitates identity theft.\35\ Yet, in the context of prescreening, the overwhelming consensus among those involved in identity theft prevention is that preapproved credit card offers are one of the most common resources for identity thieves. The U.S. Postal Inspection Service, the U.S. Department of Justice, the U.S. Secret Service, and each of the major credit reporting agencies warn consumers that discarded, preapproved credit card offers are one of the most common sources of personal information for identity thieves.\36\ A lobbying paper sponsored by an industry group, the Privacy Leadership Initiative, admits that the average response rate to credit card offers in 2000 was only 0.6 percent.\37\ In other words, American consumers are not interested in 99.4 percent of these purportedly targeted offers and throw them away. There is no credible, public evidence to suggest that product or service offers generated through affiliate sharing will be of any greater interest to consumers. Yet, this type of secondary use of credit information creates an important leakage of data from confidential and secure credit reporting. --------------------------------------------------------------------------- \35\ See e.g. Hearing on ``The Growing Problem of Identity Theft and Its Relationship to the Fair Credit Reporting Act'' before the Senate Banking Committee, 108th Cong., 1st Sess. (June 19, 2003) (Statement of Michael D. Cunningham, Sr. Vice President, Credit and Fraud Operations, Chase Cardmember Services), at p. 3-4. \36\ See Criminal Gangs Hitting Mailboxes for Credit Offers, Personal Data, Privacy Times, June 16, 2003, at 2; U.S. Dept. of Justice, Identity Theft and Fraud, available at http://www.usdoj.gov/ criminal/fraud/idtheft.html (visited May 28, 2003) (``What are the most common ways to commit identity theft or fraud? . . . If you receive applications for `pre-approved' credit cards in the mail, but discard them without tearing up the enclosed materials, criminals may retrieve them''); Hearing on ``The Growing Problem of Identity Theft and Its Relationship to the Fair Credit Reporting Act'' before the Senate Banking Committee, 108th Cong., 1st Sess. (June 19, 2003) (Statement of Timothy Caddigan, Special Agent In Charge Criminal Investigation Division, U.S. Secret Service) (the Secret Service advises Americans to ``shred or burn pre-approved credit card applications''), at p. 8; Experian, All about Credit: Fraud Prevention Tips, available at http:// www.experian.com/consumer/help/fraud/prevention.html (visited May 28, 2003); TransUnion, Avoiding Fraud available at http:// www.transunion.com/content/page.jsp ?id=/personalsolutions/general/ data/AvoidingFraud.xml (visited May 28, 2003); Equifax, How Identity Theft Strikes, available at https://www.econsumer.equifax.com/consumer/ forward. ehtml?forward=identitytheft_fraud (visited June 24, 2003). \37\ Michael E. Staten & Fred H. Cate, Paper prepared for the Privacy Leadership Initiative ``The Adverse Impact of Opt In Privacy Rules on Consumers: A Case Study of Retail Credit,'' at p. 25. (April 2002). --------------------------------------------------------------------------- The exemption for affiliate sharing also appears unnecessary for the purpose of fraud detection and prevention. Fraud detection and prevention would in most cases qualify as a ``legitimate business need'' under Section 604(a); the disclosure of credit report information for that purpose should be a permissible purpose. If legitimate reasons justify affiliate sharing outside the protections of the FCRA to detect or prevent fraud, a more narrowly drawn exemption for that specific purpose would reduce the risk of identity theft from wide circulation. Affiliate Sharing Introduces Homeland Security Risks The global reach of U.S. corporate groups means that affiliate sharing may send credit report information on U.S. consumers to countries with high risk of political instability or terrorist action. As a consequence, U.S. consumer data may be subject to compromising risks. For example, banks may share credit report information with affiliates in India or the Philippines where no privacy rights apply and where local concerns for the safety of U.S. data are substantial.\38\ Indeed, unconfirmed reports suggest that many United States financial institutions transfer client data to India, but take careful steps not to reveal the existence of these off-shore arrangements. --------------------------------------------------------------------------- \38\ See e.g. U.S. Dept. of State, Public Announcement: Philippines (March 7, 2003) (``The terrorist threat to Americans in the Philippines remains high'') available at http://travel.state.gov/ philippines_announce.html; U.S. Dept. of State, Public Announcement: India (Mar. 27, 2003) available at http://travel.state.gov/india.html. --------------------------------------------------------------------------- One specific example illustrates this potential risk. Fair Isaacs offers a ``decisioning process'' that handles ``30 percent of U.S. credit card applicants, as well as auto loans, mortgages, loans, and lines of credit around the world'' and offers a fraud detection system that monitors ``more than 400 million payment card accounts worldwide.'' \39\ Fair Isaacs appears to have an affiliated distributor in Malaysia,\40\ a country for which the U.S. Department of State has issued a warning about the possibility of terrorist attacks against American citizens and American interests.\41\ While the exact ownership relationship between Fair Isaacs and the Malaysian partner is unclear, the point remains that if these companies are under common control, then the United States data may be sent there. In this particular case, there is also no readily available information that would suggest whether Fair Isaacs does indeed transfer United States credit report information to Malaysia. --------------------------------------------------------------------------- \39\ See Fair Isaac, New Product Releases: Capstone Decision Manager, Falcon Fraud Manager for Issuers available at http:// www.predictive.com.au/whatsnew.html (visited June 11, 2003). \40\ See http://www.predictive.com.au/contacts.html (visited June 11, 2003). \41\ U.S. Department of State, Public Announcement: Malaysia (May 14, 2003) available at http://travel.state.gov/malaysia_announce.html. --------------------------------------------------------------------------- Without specific information on where affiliates are located and what information they receive, the magnitude of this risk cannot be evaluated. If Congress does not eliminate the affiliate sharing loopholes, I believe that this risk needs further investigation. Recommendations for Future Action When Senator Proxmire introduced the original FCRA, he sought to preclude ``the furnishing of information to Government agencies or to market research firms or to other business firms who are simply on fishing expeditions.'' \42\ The implications of the affiliate sharing loopholes seem to return consumers to the unfair and unsafe data handling practices of the pre-FCRA era. --------------------------------------------------------------------------- \42\ Cong. Rec. Senate, Jan. 31, 1969 (statement of Senator Proxmire) reprinted in Hearings on Fair Credit Reporting S. 823 before the Senate Subcommittee on Financial Institutions of the Committee on Banking and Currency, 91st Cong., 1st Sess., at 436 (May 19-23, 1969). --------------------------------------------------------------------------- In sum, I believe that Congress needs to restore the FCRA to the higher level of its original protections for consumer privacy. To do so, I recommend the following: 1. Eliminate the exemption for affiliate sharing from the definition of ``consumer report'' in the FCRA or allow the partial preemption clause in Section 624 to sunset on January 1, 2004. 2. Investigate the actual sharing practices of credit report information among affiliated companies and the uses of such data by the affiliated recipients that escape the protections of the FCRA. To this end, Congress should instruct each of the functional bank regulatory agencies and the Federal Trade Commission to investigate, audit and report to Congress on the actual sharing of consumer report information among affiliated companies and on the actual, unprotected uses of such data by the affiliated recipients. ---------- PREPARED STATEMENT OF RONALD A. PRILL Former President, Target Financial Services, Target Corporation on Behalf of the National Retail Federation June 26, 2003 Introduction and Background Good morning Mr. Chairman and Members of the Committee. My name is Ronald Prill. Until 3 weeks ago, I served as President of Target Financial Services, and also as Chairman and CEO of Retailers National Bank, Target Corporation's credit card bank subsidiary. I am presently employed by Target as a consultant to our corporate management as I transition into retirement. I appreciate having been given this opportunity to speak to you today on behalf of both my company and the National Retail Federation. Target Corporation, with annual sales of $44 billion, is the Nation's fourth largest retailer. Like many other retailers, it has evolved to include many affiliated entities. Our divisions include 1,100 Target Stores (located in each of the lower 48 States except for Vermont), Mervyn's (our chain of about 250 stores that sells moderately priced family fashion and home merchandise in primarily western States), Marshall Field's (our oldest affiliate, with 62 full line department stores in 8 midwestern States) and Target.direct (our direct marketing affiliate which operates all of our e-commerce sites and direct marketing catalogs). Further, Retailers National Bank was established in 1994 as our limited purpose credit card bank affiliate. The bank presently has about 46 million credit cards in circulation, each of which carries the Target, Mervyn's, or Marshall Field's brand. Target Corporation, as well as many other retailers, use multiple affiliated entities to execute critical business processes like sourcing merchandise, transacting the retail sales of goods and services, administering credit card programs, and delivering other expected services and conveniences to their customers. Retail shoppers bring these expectations to every retailer they choose to patronize. Good retailers are attentive to the shopping habits, brands, styles, sizes, and price points their customers prefer. For consumers, the benefits they receive as a result of the sharing of information among a retailer's affiliates are essential to their having a positive shopping experience. Further, the critical business processes that require the sharing of information among affiliates are essential to the success of the retail business. Mr. Chairman, retail affiliates use the sharing of information in ways that are unique to our industry in order to fulfill important business needs and to deliver real benefits to our customers. The list of the ways in which retailers share information among affiliates is a lengthy one, and I would like to briefly describe some of them for you today. Retail Credit Card Programs The sharing of information among affiliates is critical to offering credit through an in-store credit card program. Many retailers, including Target Corporation, have a chartered credit card bank, or other financial institution, that issues their company's credit cards. This entity is often set up as an affiliate of one or more retail divisions. Frequently, the servicing of these credit card accounts is provided by yet another affiliate of the bank. At Target Corporation for example, customer service for Target, Mervyn's, and Marshall Field's cards is provided by an affiliate of Retailers National Bank at two call center locations. The customer service representatives who answer these calls need access to detailed account information in order to answer cardholder questions. In fact, the customer service representatives first use information to verify that the caller is, in fact, the true cardholder, and not someone attempting to perpetrate a fraud. Neither this customer protection nor subsequent servicing of the account would be possible without information sharing. Merchandise Returns Another example of affiliate information sharing that results in customer benefits is receiptless returns. Many retailers, including Target Corporation stores, generally require that customers who are returning merchandise present a sales receipt that reflects the purchase. Frequently, however, retail customers throw away, misplace, or forget their receipts. To remedy this problem, we, as well as other retailers, have developed receipt look-up systems, so that customers can return merchandise without presenting their original receipt. Specifically, a Target cardholder can simply present their Target credit card and a Target store team member will use our computerized returns system to look up and verify the original purchase then accept the return and issue a credit. The benefits of this system are clear: The cardholder does not have to return home, hunt for their original receipt, and then make another trip back to the store to make their return. They also do not have to keep merchandise they do not want in the event they cannot find the original receipt. As you might expect, our customers absolutely love this convenience. This service is made possible only because Retailers National Bank shares Target credit card purchase history information with its affiliated Target Stores. This return system also uses the same information to protect us from losses due to fraudulent returns. Because each item purchased and returned is so noted in this system, an item that was purchased once will be accepted as a return only once. Shoplifters who repeatedly steal the same item from our stores and attempt repeated returns for repeated credit, sometimes even using counterfeit receipts, are stopped by the use of shared information. Warranties, Repairs, and Servicing Many retailers also have affiliated or third-party warranty or servicing departments. The sharing of information about their customers among these affiliates makes each part of their business operationally efficient and also provides real benefits to customers. For example, in one case that I am aware of, a customer needed a specific part to repair his Craftsman lawn mower. After making the drive to the retail store he learned that the service department needed to know the specific model number of the lawn mower in order to find the exact part he needed. Unfortunately, this customer did not know the model number. Fortunately, however, since the mower had been purchased on his store credit card, an original purchase look-up could be done instantly and the correct model number, and the correct repair part number were quickly determined. Because the retail credit card affiliate shares information with the service department, this business process can not only exist, but can be used to deliver great customer service. This very satisfied customer had to make only one round trip, rather than two. E-Commerce Affiliates As you know, many brick-and-mortar retailers that have e-commerce websites established their ``dot.com'' business organizations as separate entities. However, the sharing of information allows customers who make purchases at a retailer's website to return or exchange those purchases by just bringing them into a brick and mortar store. These returns are more convenient, and save the customer the cost of a return-shipping fee. Our e-commerce retail channels continue to grow at an amazing rate and the need to share information with the store affiliate in the brick-and-mortar channel is growing just as rapidly. Bank Check Authorization Many retailers have also developed in-house bank check authorization systems. These systems contain the MICR number sequence from customer checks that have been returned to the retailer unpaid by the customer's bank, and which are still outstanding. This file of MICR numbers from returned checks is usually called the ``negative'' file. Some retailer's negative files even include a list of MICR numbers from currently outstanding checks that have been returned unpaid to other businesses. This supplemental information can be purchased from third party services. If a consumer whose check MICR number is in the negative file should attempt to write a new check to the retailer to pay for a new purchase, these check authorization systems will reject that check and protect the retailer from greater loss. Ultimately, the prevention of losses helps keep prices down for all of our customers. Many check authorization systems also include a ``positive'' file. This file consists of the MICR number sequence from checks previously written to the retailer that are now known to have been good checks. The positive file typically includes a record for each MICR number of how many good checks have been written to the retailer, over what length of time, and for what amounts. If a consumer whose check MICR number is in the positive file with a lengthy history of writing good checks should present a new check, the authorization system can instantly approve that check, even if it might be written for a large amount. Target Corporation is among those retailers who have such check authorization systems. To prevent larger losses by accepting new checks written at one of our retail affiliates by check writers who already have outstanding bad checks at another affiliate, we have a larger, common negative file that includes negative MICR number information from Target, Mervyn's, and Marshall Field's. This sharing of affiliate information supports a critical business process--authorization of bank checks--and helps us control our bad check losses. This protection against loss is especially important in cities where we have multiple stores including two, or all three, of our retail affiliates. Target Corporation retail affiliates also share their positive check writing data. As a result, we have a much larger common positive check file as well. This sharing of affiliate information benefits many of our check-writing customers as they shop in our retail chains. Checks written at one store can be instantly approved because our common positive check file includes the positive history information from an affiliated store. Further, our Retailers National Bank affiliate mails over 9 million statements each month. Most payments on Target, Mervyn's, and Marshall Field's accounts are made by check and, of course, most of those checks are good. In fact, through their account with us, many of our store credit cardholders also have a long and excellent check writing history with our Retailers National Bank affiliate. Our credit card bank shares these positive check-writing histories with its retail affiliates by passing these MICR numbers to the common positive check file. As a result, millions more customers can write checks for substantial amounts in all of our affiliated stores and have their checks approved instantly. Preventing Identity Theft Information is also a retailer's best weapon against identity theft. As you know, identity theft is one of the fastest growing crimes in the United States. At Target, we have implemented a number of safeguards to help protect our business and our customers--all of which require information sharing. Identity thieves thrive on anonymity and rely on the assumption that large retailers such as Target cannot put a name and face together in order to prevent fraud. This is why it is so important for retailers to know their customers, and the only way we can do this is through the use of information. Information flows between Retailers National Bank and the credit bureaus or between our retail affiliates, combined with sophisticated technology, cuts down on fraud and allows us to offer exceptional customer service. Customer Loyalty Programs Retailers today have to work hard to keep their best customers. In recognition of this, many retailers have developed customer loyalty programs to help them identify and reward their best customers. Loyalty program participants typically receive benefits such as discounts on their purchases, free gift-wrapping, free alterations, and other free or discounted offers. Many of these programs are offered only to store credit cardholders and are based on cumulative purchase levels. Often, some or all of the purchase history data for a retailer's customer resides with an affiliate, and the sharing of information among affiliates becomes essential to coordinate and administer a successful rewards program. Communicating With Our Customers In addition to protecting customers and providing customer services, affiliate information is also used for marketing. Some retailers depend heavily on direct mail to reach their customers. Clearly, some of this is general advertising. The catalog for a large storewide sale, for example, is mailed to a large share of customers. However, some advertising is targeted to specific customer groups. For instance, a retailer might send advertising about an upcoming semi- annual home sale event to its most recent home furnishings customers, or offer a free gift with purchase to its customers who buy a particular brand of cosmetics. Retail customers expect to receive such advertising and information. In fact, many retail credit cardholders cite getting these mailings as among the key reasons they opened their account in the first place. Additionally, the most frequent and vocal complaints that retailers receive from their customers usually involve catalogs and sale information that did not arrive at a customer's home, or arrived late. Many retailers today depend on their credit card bank affiliate, or their direct marketing affiliate, as the repository of the names and addresses and the purchase histories of their customers. They further depend on affiliate sharing of this information to communicate effectively with their customers. These retailers would be unable to market their goods and services or even reach their customers without these information flows. Retail customers not only accept this sharing, they expect this sharing. They are very aware of the benefits they get because of the availability of information where it is needed, and when it is needed. The type of information we collect from each customer and its uses are also explained clearly to our customers in our Privacy Policy. Organizational Structure Should Not Matter In order for retailers to give our customers the service they expect, information sharing among our affiliates is absolutely necessary. This complex business structure is in place for many technical, legal and accounting reasons, however the structure is completely transparent to our guests. Through information sharing with these entities we can not only market more specifically to our customers and provide them exceptional customer service, but we can also do things such as prevent fraud and combat identity theft in our stores. Mr. Chairman, retail stores take on many different corporate structures. Some retailers issue their own credit cards in-house. Other retailers use a credit card bank, or other financial services affiliate, to issue store credit cards. Other retailers have contractual arrangements with unaffiliated, third party credit card service providers like GE Capital who own and operate the retailer's customer credit card function. Further, some retailers have established their e-commerce business as a separate entity, while others have not. Some retailers have a separate catalog and/or direct mail affiliate. Others have made these functions part of the advertising or merchandising departments within each of their retail entities. Some retailers own all of their retail store departments and businesses. Other retailers have third party lease arrangements for some merchandise or service categories (such as cosmetics, fine jewelry, or a beauty salon), while others have selectively established separate affiliated entities as part of their store. All retailers, regardless of organizational structure, need to reach their customers. They need to have access to and use the same kinds of customer information to run their business and compete in an efficient manner, regardless of how they are structured. Retail customers expect to receive the same kinds of services, recognition, conveniences, amenities, and advertising from their favorite retailers, regardless of structural differences. They expect to be able to write a check as easily in one department of a store as in any other. They also expect to be able to use their credit card in every department in which they shop. Finally, customers expect to be protected from identity theft and, as we are always hearing, they want to receive retail sale catalogs and other promotional materials. The amount of information about our customers that retailers share among our business, control and operating functions, or our various computer subsystems, is the same, whether this sharing at a particular retailer ever crosses an affiliate line or not. This information is treated with the same care and control and used to satisfy similar business requirements or deliver similar customer benefits regardless whether we may have chosen different business structures. Therefore, our ability to access information about our business relationships with our customers should not be dependent on what structure we have chosen. Finally, many people have asked what affiliate sharing has to do with the granting of credit. The answer is: A lot. Retailers use the data and transaction histories that they collect from their stores and affiliates to create internal credit scores and models that predict the credit habits of their customers. This information supplements credit reports and FICO scores to paint the most accurate picture possible of a customer. In fact, retailers most often use this type of proprietary information to grant credit to people on the margins, in lower- to middle-income households who do not have prime FICO scores, or to those who are just entering the credit market. Mr. Chairman, retailers want to help our customers make purchases to meet their needs. And many times, this means emergency purchases such as a new hot-water heater or refrigerator--both big-ticket items that require credit approval. In closing, I would like to take this opportunity to emphasize the retail industry's strong support for the permanent reauthorization of the seven areas of preemption contained in Section 624 of the Fair Credit Reporting Act. Without the extension of the uniform national standards, retailers and the customers we serve may be subject to a confusing patchwork of new State laws, rules, and regulations governing fundamental and important areas such as dispute resolution and the information contained in credit reports. And, as today's hearing reflects, services that millions of customers have come to rely on, and that they routinely take advantage of, could be disrupted if information flows are interrupted. Mr. Chairman, Members of the Committee, consumers have come to expect instant access to credit when purchasing everything from an automobile to consumer goods such as furniture, appliances, and apparel. In the final analysis, we in the retail industry have a real concern that a more fragmented process for information sharing and credit approval would negatively impact consumers in many different levels and, as a consequence, retail sales, ultimately costing jobs and hurting the economy as a whole. Thank you again for the opportunity to testify here today. I look forward to working with all the Members of this Committee to permanently reauthorize the FCRA preemptions before they expire on December 31 of this year. I would be happy to answer any questions you may have. ---------- PREPARED STATEMENT OF TERRY BALOUN Regional President and Group Head, Wells Fargo Bank June 26, 2003 My name is Terry Baloun and I am the Regional President and Group Head for Wells Fargo banks located in South Dakota, North Dakota, and Montana. Wells Fargo, our parent company, is a diversified financial services company, offering mortgage, securities, insurance, real estate services, online banking, institutional and retail banking products under the Wells Fargo brand through a number of separately incorporated affiliates to 15 million customers nationwide. Wells Fargo's headquarters is in San Francisco; the company has 130,000 employees, has mortgage offices nationwide, and has a retail banking presence in 23 States. Thank you, Chairman Shelby and Committee Members for the invitation to testify and respond to your questions. I would like to share with you some of my experiences in providing banking services to communities within the framework established by the Fair Credit Reporting Act. Our Wells Fargo banks work in concert with other Wells Fargo business affiliates in providing financial services products to customers. Marketplace experience shows that consumers expect the financial services companies they do business with to know about their accounts, to respond quickly to their questions, and to advise them about products and services that will help them reach their financial goals. The service consumers expect requires that Wells Fargo have integrated information systems to give customers what they want--when, where and how they want it. Subject to the Fair Credit Reporting Act, Wells Fargo shares customer information internally to meet these goals. Information Integration by Affiliates in the Same Corporate Family Providing a new mortgage, providing rural or remote small businesses with credit, offering consolidated statements for customers with multiple Wells Fargo products requires information about their financial affairs. Applying inappropriate restrictions on transfers of information among affiliates would impede customer service. The 1996 Amendments to the Fair Credit Reporting Act recognize the value to customers of the ability to transfer information among affiliates. This ability is wholly consistent with consumer expectations that their questions will be answered and their needs will be met with a single call or a single e-mail message, whether their financial products are provided by a single company or several companies in the same affiliated group. To put it another way, customers do not care whether for technical, regulatory, or management reasons Wells Fargo chooses to organize itself into a particular series of affiliates of a holding company or subsidiaries of one bank. What customers do care about is the seamless delivery of the products Wells Fargo offers regardless of how we choose to distribute them. In Wells Fargo's view, it is consumer expectations and needs that should shape the public policy that regulates information use, not legal structure. Because of legal requirements that prohibited or restricted bank branching, Wells Fargo at one time owned numerous separately incorporated banks. The Riegle-Neal Act of 1994 allowed bank holding companies to consolidate banks into as few as a single charter. Today, for business reasons rather than legal reasons, Wells Fargo owns 28 separately chartered banks. But the number of separate banks that a holding company chooses to have should not affect public policy relating to information use. If a bank holding company conducts its banking business in a single bank entity that bank would have all the information about a customer who had deposits, a mortgage, a credit card, and a home equity loan from that bank. As a single corporate entity, it could use this information without restriction to serve its customer. If, on the other hand, the bank holding company chooses to conduct its mortgage, credit card, and home equity loan businesses in three separately incorporated banks and the law restricted the sharing of information among affiliates, a customer who supplied the same information for the same products to three affiliated institutions instead of a single institution would not receive the same level of service from its financial services company. To use customer information to provide the same level of service that could be provided by a single entity with the same information about the same customer, a holding company like Wells Fargo that provides services through multiple bank and nonbank charters would have to consolidate its operations into as few charters as legally possible. If the FCRA debate remains unresolved, institutions like Wells Fargo will likely change their corporate structures to reduce the number of separate entities rather than risk restrictions on information sharing among affiliates. It is our view the corporate structure should not be a factor in setting public policy regarding information use. The touchstone, instead, should be consumer expectation. This is especially critical to our mortgage business. Since passage of the 1996 Amendments to the Fair Credit Reporting Act, mortgage servicing has become more efficient. Wells Fargo customers have more channels through which they can apply for a mortgage and get assistance or conduct transactions related to a mortgage, as well as the complete array of financial products offered by Wells Fargo. In California, 40- 50 percent of Wells Fargo's mortgages originated this year are the result of referrals from Wells Fargo Banks to Wells Fargo Home Mortgage. Many are first-time homebuyers in Hispanic market areas. With affiliate transfers and use of customer information, mortgage customers can make a mortgage payment at their local bank branch, obtain balances, get consolidated statements, and get the support of 24-hour call centers that serve an entire affiliated enterprise. Our customers have found these services valuable. Sharing of customer information also benefits our small business customers. The basis for small business lending over the last 10 years has been direct mail offers of preapproved credit. Wells Fargo has extended nearly 500,000 small business loans since the mid-1990's. The FCRA allows Wells Fargo to provide such credit, based on Wells Fargo's own experiences with the customer and the most current credit report. Generally, small businesses no longer need to submit tax returns or financial statements, providing easier and cheaper credit for the business owner. Actions by multiple States to enact their own State versions of the Fair Credit Reporting Act will frustrate customers that do routine transactions across State lines. Wells Fargo provides services to thousands of customers that may have accounts ``domiciled'' in one State, yet reside or do business with a Wells Fargo bank in another State. Nearly half a million Wells Fargo customers have made teller or ATM transactions out of State within the past 5 months. In my banking States of South and North Dakota and Montana, nearly 10 percent of Wells Fargo's customers live in one State, but use Wells Fargo banks or ATM's in a bordering State. Uniform National Standard Finally, Wells Fargo believes the current uniform national standard for information use, as provided by the 1996 Amendments to the FCRA, is vital and asks that this Congress provide clarity and stability by removing the sunset provisions that affect affiliate sharing and other segments of credit granting. Congress should also address identity theft and set new national standards for notices about information use to customers. The problem of identity theft and complicated notices about information use are frustrating to both customers and financial service providers. The availability of financial services, such as mortgages for our customers and the flows of information required to make those services available, do not stop at State borders or corporate structures. Thank you and I would be happy to answer any questions that you, Chairman Shelby, or the Committee may have. <GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT> PREPARED STATEMENT OF MARTIN WONG General Counsel, Global Consumer Group, Citigroup June 26, 2003 Good morning, Chairman Shelby, Ranking Member Sarbanes, and Members of the Committee. My name is Martin Wong and I am the General Counsel of Citigroup's Global Consumer Group. On behalf of Citigroup, I want to thank Chairman Shelby for holding these hearings on the Fair Credit Reporting Act (FCRA) and I appreciate the opportunity to speak before you today to discuss how the FCRA, and particularly the affiliate sharing provisions, impact our ability to operate efficiently and serve our over 200 million customer accounts. As one of the largest diversified financial services companies in the United States, Citigroup has extensive experience with the FCRA and has a significant interest in seeing that it continues to operate successfully. Citigroup currently serves customers in all fifty States and over 100 countries. Citigroup has long been a leader in using the information available through the credit reporting system to provide credit opportunities to customers at all income levels through a diverse range of financial products and services, including credit cards, mortgages, consumer finance, student loans, and auto loans. We also offer noncredit products, including retail banking, private banking, life insurance and annuities, asset management, and investment products. Today, I want to emphasize the importance that Citigroup attributes to making permanent the national standards contained in the FCRA. The FCRA provides a national framework for the credit reporting system, which has been shown to work well and to provide substantial economic benefits to consumers, including affordable and convenient credit, wide credit availability, and prevention of fraud and identity theft. The FCRA appropriately balances consumer protections with the crucial need for creditors to have access to a uniform national database on which to make credit decisions. The FCRA also facilitates the free flow of information that allows modern financial services companies to work efficiently. It is essential, therefore, that Congress act to preserve all of the provisions of this uniform national framework that are scheduled to expire at the end of this year. While Citigroup believes that maintaining national uniform standards for all seven of the expiring provisions of the FCRA is crucial, I will focus my testimony on the topic of today's hearing-- information sharing among affiliates--and why preserving the uniform national standards for affiliate sharing is critical to our continued ability to serve our customers well. Reasons for Affiliate Structure From a technical perspective, Citigroup is, indeed, a financial services holding company comprised of approximately 1,900 legal entities. However, the majority of these entities are established or retained for legal, regulatory, or tax purposes. For example, in the insurance agency and mortgage businesses, State registration requirements make it prudent and convenient to be separately incorporated in most States for licensing purposes. Additionally, many of our affiliates do business only with Government or corporate entities or exist solely to house certain assets. Only a small number of these entities actually transact business with customers, and all of them are limited by the Gramm-Leach-Bliley Act (GLB) to the provision of financial services in one of three lines of business--banking, insurance, and securities. For the customers who conduct business with us, the existence of these affiliates is invisible and irrelevant. Therefore, when viewed from the customer's perspective, Citigroup is a single provider of financial services. How We Share Information to Better Serve Our Customers and Run Our Business More Efficiently Information sharing among affiliates is an ingrained part of how we meet our customers' needs and expectations on a daily basis. The process is so seamless that customers are often unaware of the connection between the free flow of information and the significant benefits they receive. Affiliate Sharing Is Necessary for Effective Credit Underwriting and Credit Monitoring, Which Are at the Heart of the National Credit Reporting System The sharing of information among affiliates enhances the ability of lenders to accurately assess credit risk, thereby reducing their overall risk of loss. Citigroup is able to use the credit information and transaction histories that we collect from affiliates to create internal credit scores and models that help determine a customer's eligibility for credit. This information supplements credit reports and FICO scores to paint the most accurate picture possible of a customer. For example, CitiMortgage underwriters have access to information from affiliates that includes a customer's deposit, loan, and brokerage account balances, as well as the customer's payment history and available lines of credit. This allows our credit analysts to verify the customer's creditworthiness quickly and efficiently, minimizing the burden on the customer associated with providing this documentation. Sharing of credit information and transaction histories also allows us to extend credit to traditionally underserved populations and reduces the costs for those with better credit histories. The quality, quantity, and timeliness of customer credit information available through affiliate sharing greatly reduces the opportunities for mistakes in the granting of credit to the benefit of customers and lenders. Affiliate sharing is also important for credit monitoring. Many of our credit card customers have multiple cards with us and those cards will often be issued by more than one affiliate. We can order a single credit report to monitor credit behavior across all cards, leading to increased efficiencies and lower costs. This cross-affiliate monitoring allows us to reach out to customers who are starting to have problems and offer appropriate assistance. Sharing Information Among Affiliates Greatly Assists in the Prevention and Detection of Identity Theft and Fraud Although some have argued that sharing information increases opportunities for identity theft, our experience is that information sharing among affiliates actually reduces identity theft. Through affiliate sharing, we are able to maintain an internal fraud database, which helps prevent the opening or maintenance of fraudulent accounts. This kind of information sharing also allows us to alert customers to potential fraud or identity theft at an earlier stage. The sooner we detect the fraud, the sooner we can notify the customer, minimizing the effect on the victim. Finally, sharing information among affiliates makes it easier to assist law enforcement to build a strong case for prosecution Additionally, Citigroup has policies and procedures in place to reduce the threat of internal misuse of this information. For example, most of our businesses have internal fraud investigation units; access to sensitive information is given to employees only on a ``need to know'' basis; we have policies concerning the handling of sensitive information by our employees; and we separate certain key responsibilities among employees to reduce the potential for fraud. Affiliate Sharing Allows Us To Provide One-Stop-Shopping for Our Customers in a Way That Is Seamless and Consistent with Our Customers' Expectations Affiliate sharing allows companies like Citigroup to better serve our customers' diverse financial needs through affiliates that have appropriate products and services. Consumers who choose to do business with Citigroup expect easy access to the full array of financial products we offer. Our customers want and expect the convenience of having one-stop-shopping for all of our products--banking, insurance, home mortgage, credit cards, and securities. They also expect the ability to access information about all of their accounts on one statement, with one phone call, or on one website. For example, customers who use our Financial Centers can link their checking account from Citibank, N.A., credit card account from Citibank South Dakota, mortgage account from CitiMortgage, and brokerage account from Citicorp Investment Services, Inc. Additionally, consolidated relationships allow customers to move money seamlessly between accounts and to pay their Citibank credit card balances at any Citibank ATM, as well as on the Internet, simply by making a transfer between accounts. The amount will be credited that same day, which allows customers to avoid additional interest and late fees. Customers can also execute trades and transfer money from their checking account to their investment-linked money market products online. Affiliate sharing also allows us to provide seamless service for our customers. Customers do not view us as different legal entities, but instead as a single source of multiple financial products. When a Citibank customer who has an account in Connecticut (through our Federal thrift--Citibank FSB) enters a Citibank branch in New York (our national bank--Citibank, N.A.) to cash a check or open another account, the customer expects to be recognized and receive the same level of service. The legal distinction between the two affiliated Citibanks is not relevant to the customer and it should not affect his or her ability to obtain products and services. Affiliate Sharing Provides Customers with Pricing Discounts and Products Tailored to Their Needs For customers who have multiple account relationships with us, the sharing of information between affiliates allows us to provide financial benefits in the form of relationship pricing and special offers. For example, many customers benefit from no-fee checking through Citibank, N.A. or Citibank FSB based upon their total combined balances in their mortgage from CitiMortgage, credit card from Citibank South Dakota, and investments through Citicorp Investment Services, Inc. The combined balance also permits customers to receive better rates on investment products. After recent acquisitions, we reached out to customers to help them link their accounts for this benefit. We could not have done that without the ability to share information across affiliates. Sharing information among affiliates also permits us to service our customers on an individualized or tailored basis. Information about our experience with a particular customer can be used among our affiliates to provide the customer with more suitable products and services. For example, customers with a Smith Barney brokerage account are eligible for a mortgage from CitiMortgage without a down payment by directly pledging securities in their account as collateral. This allows the customer to avoid having to sell at what may be an inopportune time and to continue to receive the interest or dividends on the securities. Similarly, a customer who maintains a high balance on a Citibank credit card may be informed that he can reduce the interest rate he is paying and possibly get tax benefits by transferring the balance to a secured home equity loan through an affiliate bank. In the absence of affiliate sharing, Citigroup would know decidedly less about our customers' financial needs, making it more difficult to identify and service those needs. FCRA Contains the Appropriate Balance In 1996, Congress struck the appropriate balance between consumer protection and business needs by allowing customers to opt out of having certain information shared among affiliated entities, but continuing to allow information about a company's own experiences with a customer to be shared freely among affiliates. This national standard has worked well for 7 years. The FCRA national standard is particularly reasonable now that the business of providing financial services, especially lending, is no longer restricted by State borders, which means that consumers have the same opportunities for credit, regardless of where they live. Given the fact that 16 percent of the U.S. population moves every year, and that many of our customers work in one State and live in another, have vacation houses in different States, or attend college in a different State for part of the year, it would be a significant technical challenge to determine the appropriate treatment of customer information in the face of inconsistent State laws. Our experience has shown that opt outs provide our customers with all the choice they need to control the use of their personal information. Citigroup has been providing customers with the ability to opt out of information sharing, in one form or another, for over 15 years. Citigroup businesses have significantly different opt out rates depending on a variety of factors, including products and services offered and the length and nature of the customer relationship. This significant variation demonstrates that opt outs work. Our customers are making informed choices about the kinds of information they want to share, and the kinds they do not. However, the majority of our customers still prefer the free flow of information that results in enhanced products and services. Opt ins function as de facto prohibitions on information sharing, particularly for existing customers. They do not promote customer choice--rather, they eliminate it. Conclusion If different States were allowed to pass laws governing the exchange of information among affiliates, it would significantly disrupt our seamless, nationwide system of serving our customers. It could lead to a never-ending process as States and localities impose different regimes. Compliance with this patchwork of laws would be extremely burdensome and costly for lenders, and ultimately for consumers. We believe that Congress must act this year to make permanent the uniform standards established under the FCRA. It has created more competition in the financial services industry and allowed companies to better serve their customers through more widely available, affordable, and convenient credit. Thank you again for the opportunity to appear before this Committee. I would be pleased to answer any questions you may have. PREPARED STATEMENT OF EDMUND MIERZWINSKI Consumer Program Director U.S. Public Interest Research Group June 26, 2003 Chairman Shelby, Senator Sarbanes, and Members of the Committee, on behalf of the nonprofit, nonpartisan, State-based Public Interest Research Groups, U.S. PIRG is pleased to offer you this testimony on affiliate sharing practices and the Fair Credit Reporting Act (FCRA). Among the most important matters before this Congress is review of the impact of the 1996 exception to the definition of credit report allowing companies to share customer experience and transaction information among corporate affiliates outside the major consumer protections of the FCRA. Our testimony also discusses the relationship between the FCRA and the 1999 Gramm-Leach-Bliley Financial Services Modernization Act (GLB) and attempts by industry to chill efforts by cities and States to enact stronger financial privacy laws, as GLB clearly allows under the Sarbanes States' Rights Amendment. In addition to presenting our views on the problems caused by unregulated and under-regulated information sharing by and among corporate affiliates and unaffiliated third parties, we urge the Congress not to extend the FCRA's temporary 1996 partial preemption provisions. The FCRA itself does not need to be reauthorized; extension of preemption is an optional decision by the Congress that, in our view, reverses clear Congressional intent from 1996 that preemption be temporary. Summary Congress enacted in 1970 a comprehensive scheme for regulating the sharing of detailed information by credit bureaus under the Fair Credit Reporting Act. Yet, through a 1996 exception, it created a new class of unregulated affiliate sharing transactions. Sharing of confidential consumer information among affiliates is not regulated under the FCRA nor under the Gramm-Leach-Bliley Act. The latter Act simply requires notice of affiliate and third party information sharing practices and provides a modest opt out in an extremely limited subset of third-party transactions. In the post-GLB marketplace, this failure to regulate a growing class of transactions involving confidential consumer information and decisionmaking is troubling. While we have enacted comprehensive standards for regulating credit reports, we have no standards for regulating affiliate sharing. Industry, in a series of hearings before this Committee and the House Financial Services Committee, has failed to make the case for a continued exception from regulation for affiliate information sharing. Industry has also claimed, without proof, that unregulated information sharing provides billions of dollars of benefits to the economy and, again with proof, that providing consumers with greater privacy rights will eliminate those alleged benefits. Industry has also claimed that providing consumers with privacy protection will prevent them from stopping fraud or completing transactions on consumer accounts. Neither claim is true. The industry also infers that consumer groups are for ``harsh'' opt in rules, but that the pro-consumer industry would support a more reasonable opt out privacy mechanism. In fact, sharing under the Gramm-Leach-Bliley Act is largely based on a notice only, no opt regime. The vast majority of the financial services industry prefers no opt even to modest opt out protections. The Fair Credit Reporting Act Strictly Regulates Information-Sharing by Credit Bureaus under The Fair Information Practices, But Allows Companies A Sweeping Affiliate-Sharing Exception to the Definition of Credit Report The Fair Credit Reporting Act, Its History and the Fair Information Practices I want to state clearly at the outset that the FCRA is an important consumer protection and privacy law. It plays a critical role in helping consumers obtain opportunities in the marketplace. The 1970 Act recognized the importance to the economy of the third-party credit reporting system, but it also recognized the importance of accurate credit reports and the protection of privacy. Yet, despite the 1996 attempts to update the law to improve it, the law still suffers from numerous problems\1\ in addition to its affiliate-sharing exception, the subject of today's hearing. --------------------------------------------------------------------------- \1\ For example, other problems with the FCRA include a lack of adequate Federal agency enforcement, unacceptable limits on private enforcement, an utter disdain for compliance by many creditors when they furnish information to credit bureaus, the failure by the consumer reporting industry to maintain adequate accuracy standards, and the disconnect in the credit granting process that has led to the identity theft epidemic. See U.S. PIRG's testimony before the House Subcommittee on Financial Institutions, 4 June 2003, at http:// financialservices.house.gov/media/pdf/060403em.pdf. --------------------------------------------------------------------------- The FCRA was enacted \2\ in 1970 in the wake of a series of scandals involving unfair insurance investigations. Congress also recognized an increasing inability of consumers to obtain redress when credit mistakes were made. The 1970 Act created a broad structure for regulating consumer reporting agencies (CRA's, or credit bureaus). --------------------------------------------------------------------------- \2\ 15 U.S.C. 1681 et seq. --------------------------------------------------------------------------- The FCRA's general structure is based on the Code of Fair Information Practices,\3\ which were later described by a 1973 Health, Education, and Welfare (HEW) task force and embodied into the 1974 Privacy Act,\4\ which regulates Government uses of information. The Fair Information Practices require data collectors to collect only limited information; to use it only for specified purposes, unless consent of the data subject is granted for secondary uses; to protect the security, accuracy, and privacy of that information; to make information practices transparent to subjects; to grant data subjects the rights to inspect, correct, and dispute records about them; and to grant data subjects the right to enforce these rights. --------------------------------------------------------------------------- \3\ Ideally, consumer groups believe that all privacy legislation enacted by either the States or Congress should be based on Fair Information Practices, which were originally proposed by a Health, Education, and Welfare (HEW) task force and then embodied into the 1974 Privacy Act and into the 1980 Organization for Economic Cooperation and Development (OECD) guidelines. The 1974 Privacy Act applies to Government uses of information. Consumer and privacy groups generally view the following as among the key elements of Fair Information Practices: (1) Collection Limitation Principle: There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject. (2) Data Quality Principle: Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date. (3) Purpose Specification Principle: The purposes for which personal data are collected should be specified not later than at the time of data collection and the subsequent use limited to the fulfillment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose. (4) Use Limitation Principle: Personal data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with the Purpose Specification Principle except: (a) with the consent of the data subject; or (b) by the authority of law. (5) Security Safeguards Principle: Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification, or disclosure of data. (6) Openness Principle: There should be a general policy of openness about developments, practices, and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data controller. (7) Individual Participation Principle: An individual should have the right: (a) to obtain from a data controller, or otherwise, confirmation of whether or not the data controller has data relating to him; (b) to have communicated to him, data relating to him within a reasonable time; at a charge, if any, that is not excessive; in a reasonable manner; and in a form that is readily intelligible to him; (c) to be given reasons if a request made under subparagraphs (a) and (b) is denied, and to be able to challenge such denial; and (d) to challenge data relating to him and, if the challenge is successful to have the data erased, rectified, completed, or amended. (8) Accountability Principle: A data controller should be accountable for complying with measures which give effect to the principles stated above. This analysis derived from Robert Gellman, ``Privacy, Consumers, and Costs: How The Lack of Privacy Costs Consumers and Why Business Studies of Privacy Costs are Biased and Incomplete,'' March 2002, http://www.epic.org/reports/dmfprivacy.html or http://www.cdt.org/publications/dmfprivacy.pdf which also discusses in detail the OECD Council Recommendations Concerning Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data, 20 I.L.M. 422 (1981), O.E.C.D. Doc. C (80) 58 (Final) (Oct. 1, 1980), at http://www.oecd.org//dsti/sti/it/secur/prod/PRIV-EN.HTM. \4\ 5 U.S.C. 552a. --------------------------------------------------------------------------- For example, the FCRA allows credit bureaus--which are clearly third parties without a direct relationship with consumers--to obtain detailed information from public records, creditors, and even subjective interviews and then to engage in widespread trafficking in detailed credit dossiers containing a consumer's most intimate financial details. But, the FCRA strictly regulates that trafficking through its comprehensive structure, based on the Fair Information Practices. It requires credit bureaus to employ reasonable procedures to ensure the ``maximum possible accuracy'' of credit reports. It limits the use of credit reports only to users with a permissible purpose. It gives consumers a series of rights, including a right to inspect the reports (for free after denial of credit) and to dispute errors. It gives consumers a right to learn when their reports have been used adversely, for example to deny them credit or insurance. It gives consumers the right to sue bureaus that make mistakes or refuse to fix them, but it tempers that right with strong affirmative defenses and defamation immunity for the CRA's. Although the Act was not and is not perfect, most experts agree that the FCRA was the first comprehensive privacy law enacted in the United States and that its general framework is soundly based on the Fair Information Practices. In 1989, in response to a series of complaints about credit reporting errors, Congress began a series of hearings that culminated in the 1996 Amendments to the FCRA. Three matters of extreme controversy--pitting consumer groups, State attorneys general and, on all major issues joined by the Federal Trade Commission, against the financial industry--delayed final passage of the Amendments from 1992 until 1996.\5\ --------------------------------------------------------------------------- \5\ In the interim, a number of States, including Vermont (1992), California (1994), and Massachusetts (1995) acted more quickly to address credit reporting problems. <bullet> First, industry insisted that the FCRA's longstanding floor preemption provision (States can enact stronger laws) be reversed and that the Federal FCRA become a ceiling. The final 1996 Amendments preempted only some provisions of the FCRA, and then only for 8 years. <bullet> Second, industry fiercely resisted efforts to add a new provision to the Act imposing duties on creditors that furnish information to credit bureaus to ensure accuracy and imposing liability when those duties were violated. The final provision imposed only limited duties. Liability for making errors was subjected only to agency enforcement, with consumers only having a private right of action to enforce violations of the Act's reinvestigation provisions. <bullet> Third, industry insisted that a new exception to the definition of credit report be carved out, for the sharing of experience and transaction information among companies affiliated by common control. In addition, the new exception was included in the list of provisions subject to the temporary preemption of State action. The Affiliate Sharing Exception to the FCRA Although numerous hearings were held from 1989-1996 during consideration of the FCRA Amendments, we are unaware of any specific hearing on affiliate sharing, nor any record testimony of any significance, if any at all, provided by the industry about the subject. Yet, among State attorneys general, consumer groups, and the FTC, there was grave concern that Congress was acting precipitously to create a sweeping exception that could limit consumer access to the wide panoply of rights granted by the FCRA. The affiliate sharing exception allows detailed experience and transaction information to be shared and used for adverse actions without triggering the FCRA's consumer protection rights,\6\ in the circumstance where the information is shared among corporate affiliates. Experience and transaction information could include details from credit card and checking account purchases, mortgage balances and payment histories, bank account and brokerage balances and other deposit account usage information, relationships with co-signers, if any, etc. --------------------------------------------------------------------------- \6\ The 1996 Amendments do provide that consumers be provided an extremely limited notice if affiliate shared information is used adversely, but provision of the notice triggers no additional rights. See FCRA Section 615(b)(2). Compare with notice under 615(a) (adverse action based on credit report), which triggers comprehensive rights and duties under Sections 609, 610, 611. --------------------------------------------------------------------------- As the FTC, in an official position paper,\7\ stated on affiliate sharing: --------------------------------------------------------------------------- \7\ The FTC took an official position on the proposed FCRA Amendments in 1994. U.S. PIRG has archived a (scanned) copy of the document, ``H.R. 1015, Federal Trade Commission Analysis and Recommendations, 25 July 1994,'' at http://www.pirg.org/consumer/ credit/ftcanalysis hr1015.pdf. Because the subject of information sharing with affiliates has not been the subject of Congressional hearings, the factual basis for the provision is not necessarily available and the Commission cannot easily evaluate its pros and cons. The Commission believes, however, that caution is the best approach in considering whether to create what may become a significant exception to the consumer protections provided by the FCRA. It may be preferable to defer creation of any exceptions to the FCRA's protections for affiliate sharing until Congress has an opportunity to study this issue and its implications more --------------------------------------------------------------------------- carefully. Congress did not debate affiliate sharing prior to 1996. Prior to enactment of the 1999 Gramm-Leach-Bliley Act, however, Congress finally became acutely aware of the problems posed by unfettered information sharing. The Costs To Consumers of Under-Regulated Affiliate Sharing In 1999, while it was considering enactment of GLB, a sweeping deregulation of the financial services industry that would encourage the establishment of affiliate-based financial services supermarkets-- with banks, brokerages, and insurance companies all under one roof-- Congress became aware of the first two in a series of privacy nightmares involving banks and their affiliates. <bullet> First, NationsBank (now Bank of America) had recently paid civil penalties totaling $7 million to the Securities and Exchange Commission and other agencies, plus millions more in private class action settlements, over its sharing of confidential bank accountholder information with an affiliated securities firm. ``Registered representatives also received other NationsBank customer information, such as financial statements and account balances.'' \8\ In this case, conservative investors who held maturing certificates of deposits (CD's) were switched into risky financial derivative products. Some lost large parts of their life savings. --------------------------------------------------------------------------- \8\ See the SEC's NationsBbank Consent Order http://www.sec.gov/ litigation/admin/337532.txt. --------------------------------------------------------------------------- <bullet> Second, Minnesota Attorney General Mike Hatch had recently sued U.S. Bank and its holding company, accusing them of having ``sold their customers' private, confidential information to MemberWorks, Inc., a telemarketing company, for $4 million dollars plus commissions of 22 percent of net revenue on sales made by MemberWorks.'' \9\ Memberworks and other nonaffiliated third party telemarketers sign credit card customers up for add-on ``membership club'' products and bill their credit cards as much as $89 or more if they do not cancel within 30 days. The catch? The consumer never gave the telemarketer her credit card number; her bank did, in a scheme known as preacquired account telemarketing. General Hatch has settled with both U.S. Bank and Memberworks. --------------------------------------------------------------------------- \9\ See the complaint filed by the State of Minnesota against U.S. Bank http://www.ag.state. mn.us/consumer/privacy/pr/ pr%5Fusbank%5F06091999.html. While industry continues to claim that these were isolated pre-GLB incidents, many of the Nation's largest banks have since been involved in enforcement actions and private litigation over their similar sloppy information practices. Capital One,\10\ Chase Manhattan,\11\ Citibank,\12\ First U.S.A.,\13\ GE Capital,\14\ MBNA America\15\ are other banks or bank affiliates that have provided their customers' personal and confidential information to fraudulent telemarketers. --------------------------------------------------------------------------- \10\ Office of the Washington State Attorney General, ``Settlement with Discount Buying Club Highlights Privacy Concerns,'' Aug. 4, 2000, http://www.wa.gov/ago/releases/rel_brand direct_080400.html. \11\ Id. \12\ National Association of Attorneys Generals, ``Multistate Actions: 27 States and Puerto Rico Settle with Citibank,'' Feb. 27, 2002, http://www.naag.org/issues/20020301-multicitibank.php; Settlement document available at http://www.oag.state.ny.us/press/2002/feb/ feb27b_02_ attach.pdf. \13\ Office of the New York Attorney General, ``First USA to Halt Vendor's Deceptive Solicitations,'' Dec. 31, 2002, http:// www.oag.state.ny.us/press/2002/dec/dec31a_02.html. \14\ Supra, note 1. \15\ Id. --------------------------------------------------------------------------- While some cynical consumers might expect tawdry marketing behavior from a credit card company, Minnesota Attorney General Mike Hatch also brought an action against a mortgage company, in this case a subsidiary of a national bank. In December 2000, the Minnesota Attorney General filed a complaint against Fleet Mortgage, an affiliate of FleetBoston, for substantially the same types of violations as U.S. Bank had engaged in. Incredibly, the firm was allowing telemarketers to add bills for buying club and roadside assistance plan memberships to consumer mortgage payments after making deceptive telemarketing calls based on confidential information derived from account relationships.\16\ That complaint was settled in June 2001.\17\ The State's complaint explains the problem with sharing confidential account information with third party telemarketers. --------------------------------------------------------------------------- \16\ See testimony of Minnesota Attorney Mike Hatch before this Committee, 19 September 2002 at http://banking.senate.gov/02_09hrg/ 091902/index.htm. \17\ Minnesota v. Fleet Mortgage Corp., 158 F. Supp. 2d 962 (D. Minn. 2001), available at http://www.ag.state.mn.us/consumer/PR/ Fleet_Opinion_61901.html. Other than a cash purchase, providing a signed instrument or a credit card account number is a readily recognizable means for a consumer to signal assent to a telemarketing deal. Preacquired account telemarketing removes these short-hand methods for the consumer to control when he or she has agreed to a purchase. The telemarketer with a preacquired account turns this process on its head. Fleet not only provides its telemarketing partners with the ability to charge the Fleet customer's mortgage account, but Fleet allows the telemarketing partner to decide whether the consumer actually consented. For many consumers, withholding their credit card account number or signature from the telemarketer is their ultimate defense against unwanted charges from telemarketing calls. Fleet's sales practices remove this defense.\18\ --------------------------------------------------------------------------- \18\ 28 December 2000, Complaint of State of Minnesota vs. Fleet Mortgage, see http://www.ag. state.mn.us/consumer/news/pr/ Comp_Fleet_122800.html. Another bank, Charter Pacific, was caught selling its database containing 3.6 million valid credit card account numbers to a convicted felon who then fraudulently billed the accounts for access to Internet pornography sites that victims had never visited.\19\ In fact, approximately 45 percent of the victims did not even own a computer. Charter Pacific did not develop the database from its own customers' information. Instead, it compiled the information from credit cardholders who had purchased goods and services from merchants that had accounts at Charter Pacific. The information included the date of sale, account number, and dollar amount of every credit card transaction processed by the bank's merchant customers. The unrestricted sharing of this information resulted in over $44 million of unauthorized charges. --------------------------------------------------------------------------- \19\ Federal Trade Commission, ``FTC Wins $37.5 Million Judgment from X-Rate Website Operator; Bank Sold Defendants Access to Active MasterCard, Visa Card Numbers,'' Sept. 7, 2000, http://www.ftc.gov/opa/ 2000/09/netfill.htm. --------------------------------------------------------------------------- When data collectors do not adhere to Fair Information Practices, consumers face numerous privacy risks. A summary of significant privacy costs includes the following: <bullet> Consumers pay a much higher price than dinner interruptions from telemarketers. Many unsuspecting consumers may still be paying $89/year or more for essentially worthless membership club products they did not want and did not order. Although the Federal Trade Commission has enacted amendments to the Telemarketing Sales Rule \20\ (TSR) in an attempt to regulate the tawdry bank practices described above, additional amendments may be necessary to ensure that banks and their affiliates and subsidiaries comply fully with the amendments, since they may run to the OCC for protection from the FTC otherwise. --------------------------------------------------------------------------- \20\ The amendments took effect 31 March 2003. http://www.ftc.gov/ opa/2003/01/tsrfrn final.htm. --------------------------------------------------------------------------- <bullet> Easy access to confidential consumer identifying information leads to identity theft. Identity theft may affect 500,000-700,000 consumers each year. Identity theft victims in a recent PIRG/ Privacy Rights Clearinghouse survey \21\ faced average out-of- pocket costs of $808 and average lost time of 175 hours over a period of 1-4 years clearing an average $17,000 of fraudulent credit off their credit reports. It is difficult to measure the costs of higher credit these consumers pay, let alone attempt to quantify the emotional trauma caused by the stigma of having their good names ruined by a thief who was aided and abetted by their bank and credit bureau's sloppy information practices. The Committee need only review last week's compelling testimony of Captain John Harrison \22\ (Ret.). In his oral statement, in particular, Harrison described how he had gone from a high- achieving military officer to a failed salesman who recently lost his job due to, in his view, his loss of confidence caused by his inability to cope with the frustration and emotional distress of being a victim of identity theft and his subsequent inability to clear his name of 61 fraudulent credit accounts. --------------------------------------------------------------------------- \21\ See ``Nowhere To Turn: A Survey of Identity Theft Victims, May 2000, CALPIRG and Privacy Rights Clearinghouse, http://calpirg.org/ CA.asp?id2=3683&id3=CA&. \22\ Senate Banking Committee Hearing On Identity Theft, 19 June 2003. See Captain Harrison's testimony at http://banking.senate.gov/ 03_06hrg/061903/harrison.pdf. --------------------------------------------------------------------------- <bullet> The Easy access to Social Security numbers by Internet information brokers and others also leads to stalking. <bullet> The failure to safeguard information and maintain its accuracy leads to mistakes in credit reports and consequently consumers pay higher costs for credit or are even denied opportunities. <bullet> Researchers at Michigan State University recently studied over 1,000 identity theft cases and found that victims in 50 percent of the cases specifically reported that the theft was committed by an employee of a company compiling personal information on individuals.\23\ Many identity fraud cases stem from the perpetrator's purchase of consumers' personal information from commercial data brokers. Financial institutions information sharing practices contribute to the risk of identity theft by greatly expanding the opportunity for thieves to obtain access to sensitive personal information. --------------------------------------------------------------------------- \23\ Personal communication from author to Chris Hoofnagle of EPIC. Study forthcoming; results provided in e-mail from Judith M. Collins, Ph.D., Associate Professor, Leadership and Management Program in Security School of Criminal Justice, Michigan State University to EPIC (Apr. 22, 2003, 18:13:35 EST) (on file with EPIC). --------------------------------------------------------------------------- <bullet> The unlimited collection and sharing of personal data poses profiling threats. Profiles can be used to determine the amount one pays for financial services and products obtained from within the ``financial supermarket'' structure. As just one example, information about health condition or lifestyle can be used to determine interest rates for a credit card or mortgage. Even with a history of spotless credit, an individual, profiled on undisclosed factors, can end up paying too much for a financial service or product. Because there are no limits on the sharing of personal data among corporate affiliates, a customer profile can be developed by a financial affiliate of the company and sold or shared with an affiliate that does not fall within the broad definition of ``financial institution.'' A bank, for instance, that has an affiliation with a travel company could share a customer profile resulting in the bank's customer receiving unwanted telephone calls and unsolicited direct mail for offers of memberships in travel clubs or the like that the individual never wanted or requested. A negative credit decision based on this profile would not trigger the vast consumer protection rights that would be triggered by use of a strictly regulated credit report.\24\ --------------------------------------------------------------------------- \24\ For additional discussion of the profiling issue, and related privacy threats posed by information sharing, see 1 May 2002 comments of EPIC, U.S. PIRG, Consumers Union, and Privacy Rights Clearinghouse on the GLBA Information Sharing Study (Federal Register: February 15, 2002 (Volume 67, Number 32)) available at http://www.epic.org/privacy/ financial/glb_comments.pdf. --------------------------------------------------------------------------- <bullet> Further, the lack of any regulation of experience and transaction information may pose risks for the privacy of health data. Confidential medical records held by any health insurer or hospital are strictly regulated by the Health Insurance Portability and Accountability Act (HIPAA)'s medical privacy rules. If that information is obtained by any GLB entity, it could be freely shared outside of HIPAA.\25\ --------------------------------------------------------------------------- \25\ See testimony on medical privacy of Joy Pritts, Georgetown University and Marc Rotenberg, EPIC, House Financial Institutions Subcommittee, 7 June 2003 at http://financialservices. house.gov/ hearings.asp?formmode=detail&hearing=231. In response to the public uproar over the NationsBank and U.S. Bank cases, Congress included a privacy title, Title V, in GLB.\26\ --------------------------------------------------------------------------- \26\ 15 U.S.C. Sec. Sec. 6801-09. --------------------------------------------------------------------------- While the FCRA Is Based on Comprehensive Protections, The Gramm-Leach-Bliley Financial Services Modernization Act's No Opt Regime Conversely Fails to Adequately Regulate Either Affiliate or Third Party Information Sharing The GLB's No Opt Regime Much of the debate over affiliate sharing and financial privacy has not been over whether financial institutions protect information under the Fair Information Practices. Rather, the debate has been over whether banks and other institutions should provide consumers with an express consent right (affirmatively say yes, or opt in, before sharing) or whether information sharing should be allowed automatically unless the consumer says no (OK to share as long as consumer does not opt out). Industry documents and materials assert that the debate is over opt out or opt in, falsely implying that they are for opt out, but that opt in goes too far and would cost too much. Actually, the vast majority of the financial services industry has yet to agree that even an opt out is acceptable--most companies are actually for no opt. Many observers are unaware that the primary protection Congress established in Gramm-Leach-Bliley is provided only by notice (no opt), not by opt out. The Fair Credit Reporting Act is based broadly on the Fair Information Practices, but GLB is, at best, based on FIP's-Lite. Notice is not enough. When comprehensive databases of information are held and used by companies, consumers need all of the rights provided by the Fair Information Practices. GLB does not regulate in any way affiliate sharing of experience and transaction. It does not close the loophole established in the FCRA. Under GLB, sharing of experience and transaction information with either affiliates or with any third party providing joint marketing services is unregulated under a no opt regime. The rationale for treating marketing partners as affiliates was ostensibly to create a level playing field for smaller institutions that might not have in- house affiliates selling every possible product larger firms might sell. Of course, large firms use joint marketing partners, too. The limited consumer right to opt out Congress established only applies in the circumstance where the bank shares experience and transaction information with other third parties selling nonfinancial services, primarily telemarketers. Even Congressional Research Service reports have misunderstood the modest effect of the limited opt out provisions of GLB.\27\ --------------------------------------------------------------------------- \27\ See for example, ``Financial Privacy--The Economics of Opt In vs Opt Out. (Updated 16 Apr 2003) by CRS's Loretta Nott. It repeats a mischaracterization of GLB that I believe has been made in other CRS reports. The third sentence states: ``A consumer's financial information may be shared among the (affiliates of the same corporate) group as long as the person has been notified and has the opportunity to decline, or `opt out.' '' The paragraph goes on to wrongly say that the Johnson S. 660/Tiberi H.R. 1766 proposals are intended, among other things to, ``maintain the opt out policy for affiliate information sharing.'' --------------------------------------------------------------------------- GLB should have closed the affiliate sharing exception in the FCRA. It did not. The failure of the GLB to regulate or require any form of consumer consent for the vast majority of information sharing transactions affected is one example of how GLB--unlike the broader FCRA as it applies to credit reports--fails to meet the Fair Information Practices. GLB fails to adequately protect consumer privacy. Notice is Not Enough The result of this defective scheme is that most information- sharing is only regulated or ``protected'' by notice. Sharing of confidential consumer information with either affiliates or joint marketing partners continues regardless of a consumer's privacy preference. Although we have no way of knowing how many joint marketing partners a company may have, we do know how many affiliates some of the largest financial services holding companies and bank holding companies have. For their recent joint comments to the Treasury Department on GLB, State Attorneys General accessed the Federal Financial Institutions Examination Council and Federal Reserve websites and counted affiliates for Citibank (2,761), Key Bank (871) and Bank of America (1,476).\28\ --------------------------------------------------------------------------- \28\ See 1 May 2002 Attorneys General Comments http:// www.ots.treas.gov/docs/r.cfm ?95421.pdf or http://www.epic.org/privacy/ financial/ag_glb_comments.html on the GLBA Information Sharing Study (Federal Register: February 15, 2002 (Volume 67, Number 32)). --------------------------------------------------------------------------- In 2001, a coalition of consumer and privacy groups filed a petition \29\ with the agencies responsible for enforcing the GLB Privacy Rule. On an encouraging note, many of the petitioners have recently been informally contacted to watch for agency actions in response to that petition calling for better privacy notices. Some industry members are even supporting improvements to the privacy notices. Of course, improving the notices does not change the flawed GLB approach to the sharing of information among affiliates and third parties. --------------------------------------------------------------------------- \29\ The petition is available at http://www.privacyrightsnow.com/ glbpetition.pdf. See the website http://www.privacyrightsnow.com for additional information about the coalition. --------------------------------------------------------------------------- A Comparison of the Regulated and Unregulated Information Sharing of FCRA and GLB Categories of information regulated by the FCRA and GLB are treated in several different ways. The FCRA strictly regulates consumer credit reports. Credit bureaus sell certain other products, known as credit headers, under an unregulated regime, although recent court decisions have narrowed the credit header exception. Credit bureaus also sell under-regulated, prescreened lists of consumers derived from credit reports, for credit and insurance related purposes. Prescreened opt out notices are hard to find and harder to read; the opt out mechanism is overly complex and, for a permanent opt out, a consumer must make a call, receive a notice in the mail, sign it, stamp it, and return it.\30\ --------------------------------------------------------------------------- \30\ See PIRG's testimony before the House Financial Institutions Subcommittee, 4 June 2003 for a detailed analysis. http:// financialservices.house.gov/media/pdf/060403em.pdf. --------------------------------------------------------------------------- Information obtained by corporate affiliates, however, is known as either ``experience and transaction'' information or ``other'' information and regulated by exception to the FCRA. Title V of GLB provides that once companies have provided customers with notice of their information sharing policies, they can share experience and transaction under the extremely permissive GLB regime, with consumer protection provided primarily by notice only (no opt). --------------------------------------------------------------------------- \31\ The DC Circuit is 2001 decision is F. 3d 809 (2001). http:// laws.findlaw.com/dc/001141a.html. The Supreme Court also denied cert. (536 U.S. ___(2002) 01-1080, 10 June 2002) in TransUnion I vs. FTC, which ended 10 years of litigation over TransUnion's illegal use of credit reports for target marketing. \32\ TransUnion II vs. FTC, See http://laws.findlaw.com/dc/ 015202a.html. This important appellate decision upheld the constitutionality of the GLB privacy regulations and restricted the sale of nonpublic personal information, including Social Security numbers, by credit bureaus outside of the strict FCRA regime. \33\ The prescreening opt out does not stop the flow of credit card solicitations, it only slows it down. Now, many retailers, airlines, organizations, and others routinely send credit card solicitations to their customers. Yet, these offers are based on affiliate sharing-- under the Gramm-Leach-Bliley Act, not the FCRA. No credit report was used for prescreening, so no opt out is provided on the mailings. Under Gramm-Leach-Bliley, affiliate sharing of ``experience and transaction'' information is subject to a no opt rule. The FCRA opt out does not apply, nor does the limited GLB opt out. Congress should create a ``no credit card offers'' list and apply the 1-call opt out to all credit card solicitations not only prescreened solicitations. Information Sharing Under The FCRA and The GLB ------------------------------------------------------------------------ Type of Information Shared or Sold By Protection Scheme ------------------------------------------------------------------------ Consumer credit reports Credit Bureaus FCRA: Comprehensive and investigative regulation under consumer reports FIP's. ------------------------------------------------------------------------ Credit headers Credit bureaus FCRA: Previously sold (Demographic, under exception to noncredit related, FCRA, but under information derived recent decisions by from credit reports) the DC Circuit, U.S. Court of Appeals, dates of birth\31\ and Social Security numbers\32\ can no longer be sold as part of credit headers. ------------------------------------------------------------------------ Prescreened lists of Credit bureaus FCRA: Moderately consumers with certain regulated, with weak characteristics\33\ right for consumers to opt out. Lists cannot be used for general target marketing, only sold for marketing credit or insurance products. ------------------------------------------------------------------------ ``Experience and Banks, brokerages, FCRA provides that Transaction'' insurance companies, this information is Information (credit and other financial not regulated as a card and checking institutions credit report. GLB: account purchases, Can be shared with mortgage balances, any affiliate or any bank account and third party in a brokerage balances, joint marketing and other deposit relationship with account usage bank to sell information, financial products relationships with co- regardless of signers, etc.) customer's privacy preference (no opt). Customer has right to opt out only if information will be shared with or sold to other third parties, primarily telemarketers. ------------------------------------------------------------------------ ``Other'' information Banks, brokerages, FCRA: Affiliates can obtained from a insurance companies, share this consumer's and other financial information with application, a institutions affiliated companies consumer's credit provided consumer is report or a consumer's given a notice and a references right to opt out. ------------------------------------------------------------------------ GLB exceptions to opt Banks, brokerages, Under numerous out rights insurance companies, exceptions, opt outs and other financial do not apply to institutions experience and transaction information shared with any affiliate or third party for completion of consumer's transaction, fraud control, Government purposes, secondary market underwriting, etc. ------------------------------------------------------------------------ How the Gramm-Leach-Bliley Act Falls Short of the Fair Information Practices First, GLB fails to require any form of consent (either opt in or opt out) for most forms of information sharing for secondary purposes, including experience and transaction information shared between and among either the affiliates or certain affiliated third parties with ``joint marketing agreements.'' These outside firms are treated as if they were affiliates, under the no opt regime. Second, while institutions point out consumers generally have access to and dispute rights over their financial account statements, they have no knowledge of, let alone rights to review or dispute, the development of detailed profiles on them created by financial institutions. California is considering a PIRG-backed proposal to address the problem that consumers have neither knowledge of nor a right to inspect marketing profiles.\34\ --------------------------------------------------------------------------- \34\ Proposed California legislation, SB 27, offered by State Senator Liz Figueroa, would require a business that discloses a consumer's personal information to a third party for direct marketing purposes to provide to a customer, upon request, a written description of the sources and recipients of that information and copies of the information disclosed. See http://www.leginfo.ca.gov/pub/bill/sen/ sb_0001-0050/sb_27_cfa_20030507_132723_sen_comm.html. --------------------------------------------------------------------------- Third, while GLB does require disclosure of information practices, numerous reviews of these privacy policies, by outside experts,\35\ CALPIRG,\36\ and others has documented that the policies are unreadable and incomprehensible. None fully explain all uses of information, including the development of consumer profiles for marketing purposes. None list all the affiliates, or even all the types, that they might share information with. None describe the specific products, most of which are of minimal or even negative value to consumers, that third party telemarketers might offer for sale to consumers who fail to opt out. Yet all the privacy policies make a point of describing how consumers who elect to opt out will give up ``beneficial'' opportunities. --------------------------------------------------------------------------- \35\ Mark Hochhauser, readability consultant to the Privacy Rights Clearinghouse, analyzed dozens of the initial notices: ``Readability analyses of 60 financial privacy notices found that they are written at a 3rd-4th year college reading level, instead of the junior high school level that is recommended for materials written for the general public. See ``Lost in the Fine Print: Readability of Financial Privacy Notices'' by Mark Hochhauser at http://www.privacyrights.org/ar/GLB- Reading.htm. \36\ See the CALPIRG report Privacy Denied: A Survey Of Bank Privacy Policies, 15 Aug 2002, http://calpirg.org/ CA.asp?id2=7606&id3=CA&. --------------------------------------------------------------------------- Fourth, GLB does not give consumers a private right of action to enforce the law as the FCRA generally does. GLB's Preservation of States' Rights: The Sarbanes Amendment Congress recognized that GLB did not adequately protect privacy and that Title V was only a modest first step. Indeed, Chairman Shelby pointed this out in his floor remarks in opposition to the bill's enactment in 1999. We are about to pass this afternoon a financial modernization bill that represents industry interests in a big way. However, we have forgotten the interests of the most crucial market participant of all in America--the consumer, the American citizen. Under this bill, the consumer has little, if any, ability to protect the transfer of his or her personal nonpublic financial information. . . . I can assure Members these large financial conglomerates will have more information on citizens than the IRS, but we have done virtually nothing to protect the sharing of such nonpublic personal financial information for the American people. . . . First, the opt out requirement does not apply to affiliate sharing. . . . Second, the bill includes an exception to the porous opt out provision that allows two or more financial institutions to share their customers' nonpublic personal information with telemarketers to market financial products or services offered under a so-called joint agreement. . . . I believe these privacy provisions are a sham. I have said it before.\37\ --------------------------------------------------------------------------- \37\ 145 CR S13895 Floor remarks of Senator Richard Shelby (R-AL), 4 Nov 1999, during consideration of S. 900, which became GLB. In recognition of the concerns of a bi-partisan group of Members, led by Senators Shelby (R-AL) and Sarbanes (D-MD) and Representatives Barton (R-TX) and Markey (D-MA), the Congress took the exceedingly rare step of affirmatively and specifically granting the States the right to enact stronger financial privacy laws. In conference committee, the Congress inserted an amendment offered by Senator Sarbanes granting --------------------------------------------------------------------------- States the right to enact stronger financial privacy laws: Sec. 6807. Relation to State laws (a) In general This subchapter and the amendments made by this subchapter shall not be construed as superseding, altering, or affecting any statute, regulation, order, or interpretation in effect in any State, except to the extent that such statute, regulation, order, or interpretation is inconsistent with the provisions of this subchapter, and then only to the extent of the inconsistency. (b) Greater protection under State law For purposes of this section, a State statute, regulation, order, or interpretation is not inconsistent with the provisions of this subchapter if the protection such statute, regulation, order, or interpretation affords any person is greater than the protection provided under this subchapter and the amendments made by this subchapter, as determined by the Federal Trade Commission, after consultation with the agency or authority with jurisdiction under Section 6805(a) of this Title of either the person that initiated the complaint or that is the subject of the complaint, on its own motion or upon the petition of any interested party. (Pub. L. 106-102, Title V, Sec. 507, Nov. 12, 1999, 113 Stat. 1442.) The GLB Conference Report illustrates the final statement of the terms agreed to by both Houses, which confirms what GLB states explicitly: The States are free to adopt laws regarding the privacy of consumer financial information provided to financial institutions. On the floor, Senator Sarbanes \38\ emphasized protection of the States' authority to legislate in the area of consumer privacy: --------------------------------------------------------------------------- \38\ 145 Cong. Rec. S13789 (1999) Statement of Senator Sarbanes on final passage of GLB. [W]e were able to include in the conference report an amendment that I proposed which ensures that the Federal Government will not preempt stronger State financial privacy laws that exist now or may be enacted in the future. As a result, States will be free to enact stronger privacy --------------------------------------------------------------------------- safeguards if they deem it appropriate. Likewise, Senator Grams \39\ said the savings clause of GLB, ``preserves all existing and all future State privacy protections above and beyond the national floor established in this bill.'' House Members similarly interpreted the amended bill. As Representative John LaFalce \40\ said, ``[T]he conference report totally safeguards stronger State consumer protection laws in the privacy area.'' --------------------------------------------------------------------------- \39\ 145 Cong. Rec. S13889 (1999) Statement of Senator Grams. \40\ 145 Cong. Rec. E2310 (1999) Statement of Representative LaFalce. --------------------------------------------------------------------------- Industry's Claim That The FCRA's Preemption Provision Trumps GLB's States' Rights Provision Is False, But Its Propaganda Campaign Has Had a Chilling Effect on State Action To Enact Stronger Financial Privacy Laws The FCRA regulates credit reports. As discussed above, a narrow exception states that when companies share information among corporate affiliates, the sharing does not make the sharing entity a credit bureau, with a credit bureau's concomitant responsibilities and duties. Although that exception is troubling, since it means that companies are able to make credit decisions on the basis of unregulated internal databases, nothing in the legislative history suggests that Congress intended more than that when it exempted affiliate sharing from the FCRA in 1996. But while the substantial legislative history and the plain language of Section 6807 of the GLB grants States greater rights to enact stronger privacy laws, industry has alleged that a different provision of GLB, Section 6806, renders the Sarbanes Amendment meaningless. The Sarbanes Amendment and the FCRA Savings Clause Section 6806 is the so-called FCRA savings clause and is intended to preserve the greater protections of the FCRA strictly regulating credit reports from being weakened by GLB's lesser protections. Industry claims that the FCRA savings clause creates a safe harbor preventing the Sarbanes Amendment from applying to affiliate sharing, by allowing the preemptive affiliate sharing exception of the FCRA to trump GLB's Sarbanes Amendment. Yet, as former FTC Chairman Pitofsky testified before Congress on financial services modernization, in a 1999 hearing on H.R. 10, the House bill which became GLB: Finally, the bill should make it clear that its privacy provisions do not limit the FCRA's protections to the extent they apply to financial institution files. . . . If construed to supersede the FCRA, the H.R. 10 privacy provisions would be a major retreat in privacy protections for consumers. Credit reports could be distributed to firms that had no permissible purpose to see them if the consumer did not take the affirmative step of stopping that practice. The Commission believes it essential to eliminate the potential for such an interpretation by adding a savings clause indicating that, notwithstanding any provisions of H.R. 10, the full protections of the FCRA continue to apply where applicable.\41\ [Emphasis added] --------------------------------------------------------------------------- \41\ Testimony of FTC Chairman Robert Pitofsky before the House Financial Institutions Subcommittee on HR 10, 21 July 1999, at http:// financialservices.house.gov/banking/72199pif.htm. Industry argues that the FCRA savings clause inserted following the FTC Chairman's request instead acts to limit consumer protection. Industry argues that somehow the purpose of the clause is to allow the FCRA's one weaker exception--not its myriad greater protections--to prevail. War is peace. Up is down. State and Local Action under the Sarbanes Amendment Industry's threats that the Sarbanes Amendment is meaningless have had a chilling effect on State efforts to enact stronger financial privacy laws governing affiliate sharing. Although numerous States have considered financial privacy legislation since 1999, only California has come close to enactment of legislation. In California, a compromise version of SB 1, proposed by State Senator Jackie Speier, has passed the State Senate but is currently mired in the Assembly Banking Committee due to industry opposition. The bill would greatly strengthen consumer rights in information sharing. Anticipating that the bill will not pass, consumer groups including CALPIRG and Consumers Union have already collected over 200,000 signatures toward a proposed ballot initiative for March 2004. The ballot initiative is even stronger than SB 1. Although it remains the consumer group view that the FCRA savings clause of GLB's effect on the Sarbanes Amendment should be construed narrowly, it should be noted that the groups planned the ballot referendum for 2004, after the scheduled sunset of FCRA preemption, to clear one additional procedural hurdle: Predicted bank litigation. Indeed, tired of waiting for the State or Congress to act, several California cities and counties led by San Mateo and Daly City, have enacted local financial privacy ordinances modeled after SB 1. The ordinances will take effect on 1 September 2003, but first they must survive court challenges by Bank of America and Wells Fargo, joined by the Nation's chief national bank regulator, the Office of the Comptroller of the Currency.\42\ --------------------------------------------------------------------------- \42\ For more information about OCC's abusive preemption positions generally, see http://www.pirg.org/occwatch. <GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT> If the cities lose in court, despite the clear legislative history in their favor, particularly under a National Bank Act preemption argument, it may be appropriate for the Congress to consider a narrow clarifying amendment to GLB that makes it clear that the Sarbanes Amendment is the paramount Federal rule on financial privacy, all other laws notwithstanding. Industry Has Misrepresented the Goal and the Effect of State Financial Privacy Laws Throughout the debate over financial privacy and the FCRA preemption, industry has engaged in a two-part strategy to confuse the public and decisionmakers. First, Industry Claims To Be For Opt Out, When It Is In Favor Of No Opt As discussed above in the section on GLB, industry muddles the issue of no opt versus opt out. For example, a white paper prepared for the industry that is routinely cited by industry witnesses before Congress states the following: Congress struck a critical balance in the 1996 FCRA Amendments between consumers' interest in reaping the benefits of accessible credit files and their interest in privacy. That balance is reflected in the combination of preemption and opt out provisions for prescreening and affiliate-sharing. Efforts to fundamentally alter that balance by not reenacting preemption and/or by conditioning prescreening and affiliate- sharing on opt in threaten to impose considerable costs on consumers, business, and the economy, while not increasing privacy protection.\43\ --------------------------------------------------------------------------- \43\ Financial Privacy, Consumer Prosperity, and The Public Good: Maintaining The Balance. Fred Cate, Robert E. Litan, Michael Staten, Peter Wallison. Mar 2003. See http://www.aei. brookings.org/ publications/abstract.php?pid=313. The paper is wrong on the affiliate sharing opt out, unless it is cleverly hedging behind the limited ``other'' information opt out.\44\ It fails to accurately describe the actual no opt regime in place for affiliate sharing of experience and transaction information. For this and numerous other reasons, one expert observer, an independent privacy consultant, called this paper ``shockingly incompetent.'' \45\ --------------------------------------------------------------------------- \44\ See FCRA, Section 604 (d)(2)(A)(iii) concerning information obtained from ``other'' sources, such as a consumer's credit report or application or references. \45\ ``No Fair Fight Over FCRA Provision,'' by Robert Gellman, DM News, 6 May 2003. --------------------------------------------------------------------------- Industry witnesses refer to a number of other white papers and pseudo-academic documents \46\ purporting to prove that either eliminating State preemption or providing greater financial privacy protections will cost the economy ``billions of dollars.'' In our view, these papers are based on specious assumptions. --------------------------------------------------------------------------- \46\ Harvard Law School Professor Elizabeth Warren, co-author of several major peer-reviewed studies of the impact of bankruptcy on consumers, has written an extensive article criticizing the use of ``proprietary'' research (data not available or peer-reviewed, paid for by industry associations that hire academic ``research'' centers) to make public policy. Wisconsin Law Review Vol. 2002, No. 1, ``The Market For Data: The Changing Role of Social Sciences in Shaping The Law,'' Public Law Research Paper No. 038 See http://papers.ssrn.com/sol3/ papers.cfm ?abstract_id=332162. <bullet> None of the papers measure the costs of not protecting privacy, including the costs of identity theft. <bullet> None of the papers measure the cost to society of inaccurate credit reports caused by mistakes due to lack of enforcement of the Federal FCRA. <bullet> None of the papers separate the impact, if any, of the 1996 preemption provisions from other dependent variables or attempts to evaluate the effect of other factors on the credit economy. None of the industry studies attempt to quantify the costs of not protecting privacy. One contrary study finds, ``In fact, the costs incurred by both business and individuals due to incomplete or insufficient privacy protections reach tens of billions of dollars every year.'' \47\ --------------------------------------------------------------------------- \47\ ``Privacy, Consumers, and Costs: How The Lack of Privacy Costs Consumers and Why Business Studies of Privacy Costs are Biased and Incomplete,'' by Robert Gellman, March 2002, See http://www.epic.org/ reports/dmfprivacy.html. --------------------------------------------------------------------------- None of the industry studies measures the costs of inaccurate credit reports. According to just one key finding of a major recent study of 500,000 credit files: Misclassification into the subprime mortgage market can require a borrower to overpay by tens of thousands of dollars in interest payments on a typical mortgage. For example, over the life of a 30-year, $150,000 mortgage, a borrower who is incorrectly placed into a 9.84 percent subprime loan would pay $317,516.53 in interest, compared to $193,450.30 in interest payments if that borrower obtained a 6.56 percent prime loan--a difference of $124,066.23 in interest payments. That study,\48\ by the Consumer Federation of America and National Credit Reporting Association, found that at least 8 million consumers are at risk of being misclassified into subprime credit due to sloppy information handling practices by credit reporting agencies. --------------------------------------------------------------------------- \48\ ``Credit Score Accuracy and Implications for Consumers,'' December 17, 2002, Consumer Federation of America and the National Credit Reporting Association http://www.consumer fed.org/ 121702CFA_NCRA_Credit_Score_Report_Final.pdf. --------------------------------------------------------------------------- None of the industry studies measures the costs of a post-GLB credit economy where adverse decisions are made without consumers gaining the right to know about, look at, dispute, or correct their file. Industry Falsely Claims That Financial Privacy Laws Will Stop All Information Sharing, not Simply Sharing for Secondary Purposes Perhaps even more importantly, industry's white papers and testimony and press releases have made a wide variety of false and even wild claims about the goal and effect of financial privacy laws: <bullet> Industry alleges that stronger financial privacy laws will prevent firms from using one telephone call center for all of a consumer's accounts. <bullet> Industry claims that financial privacy laws ``will hinder their efforts to spot terrorists.'' \49\ --------------------------------------------------------------------------- \49\ ``Privacy Laws Under Attack,'' Associated Press, 19 Feb 2002. The article quotes executives of two powerful industry associations opposing State privacy laws on terrorism grounds: The Financial Services Roundtable (``We would have trouble communicating with law enforcement . . .'') and the Financial Services Coordinating Council (``I do not think that explicitly a legislator would try to hurt the exchange of information that would allow law enforcement to do what they need to do . . .'') --------------------------------------------------------------------------- <bullet> Industry claims that information sharing is critical to stopping fraud and identity theft. Actually, the goal of consumer financial privacy laws is not to prevent these uses. SB 1 (California) would simply limit information sharing for secondary purposes without consent. The goal of SB 27 (California) is to give consumers access rights in GLB that modestly approach those of the FCRA. Here is the antifraud, anti-identity theft, exception to the opt out in existing Federal law: GLB Section 6802(e)(3)(A) to protect the confidentiality or security of the financial institution's records pertaining to the consumer, the service or product, or the transaction therein; (B) to protect against or prevent actual or potential fraud, unauthorized transactions, claims, or other liability; (C) for required institutional risk control, or for resolving customer disputes or inquiries; (D) to persons holding a legal or beneficial interest relating to the consumer; or (E) to persons acting in a fiduciary or representative capacity on behalf of the consumer; Similar provisions exist for completing a consumer's transaction, underwriting, to comply with Government requirements, or to protect the ``public safety.'' In addition, each of the proposed State and local laws and ballot initiatives, to our knowledge, includes similar exceptions. It is worse than disingenuous to claim that financial privacy laws, intended to give consumers control over the use of their confidential information for secondary marketing and profiling purposes, will completely close the spigot of information sharing for laudable purposes. Does Information Sharing Prevent Identity Theft? No Industry has claimed that information sharing is critical to identity theft prevention. From 1989 through 1996, while Congress considered the strengthening of the FCRA, identity theft was not a significant issue in the debate. While it turns out that the problem was growing, the industry had been keeping it quiet and absorbing the costs of fraud without providing Congress or the FTC with significant information. In 1996, the State PIRG's released the first national report on the problem, ``The Consumer X-Files,'' documenting the cases of several identity theft victims and attempting to quantify the problem. In 1997, the State PIRG's released a follow-up, ``Return To The Consumer X-Files.'' \50\ In 2000, the State PIRG's and Privacy Rights Clearinghouse released a detailed survey of identity theft victims, ``Nowhere To Turn.'' \51\ In 2003, CALPIRG released the first analysis of police officer views on identity theft, ``Policing Privacy.'' \52\ It found that police share consumer groups' views that creditor practices must be reined in to stop identity theft. --------------------------------------------------------------------------- \50\ See http://www.pirg.org/reports/consumer/xfiles/index.htm. \51\ See http://calpirg.org/CA.asp?id2=3683&id3=CA&. \52\ See http://www.pirg.org/alerts/route.asp?id2=9791. --------------------------------------------------------------------------- In 1998, Congress took its one step to stop identity theft, criminalizing it without reining in the creditor and credit bureau practices that aid and abet the thieves. The FTC has recently reported that identity theft was the leading complaint to the Agency for the years 2000, 2001, and 2002. The number of cases doubled in 2002, according to the FTC. Based on figures reported to the GAO by the credit bureaus themselves, identity theft may strike as many as 500,000-700,000 consumers annually. Criminalization has not worked. Do industry's unbelievable allegations that identity theft is being slowed by information sharing mean the problem would be even worse without information sharing? Misuse, overuse, and easy access to Social Security numbers is what drives the identity theft epidemic. Fundamentally, this nation needs to wean the private sector of its over-reliance on Social Security numbers (SSN) as unique identifiers and database keys. Creditors issue credit based on a match between an applicant's Social Security number and a credit bureau Social Security number, with no additional verification in many cases that the applicant is actually the consumer whose credit bureau file is accessed. Getting Social Security numbers out of circulation and improving sloppy credit granting practices, not unfettered information sharing, are the real solutions to the identity theft menace. Changing Industry Practices Limiting Information Sharing, not The Threat of State Action, Are the Real Threat To the Economy Failure To Report Completely To Game Credit Score Results This spring, the Federal Reserve Board of Governors released a major study \53\ of credit reports. Among its key findings, based on a review of 248,000 credit reports held by one unnamed repository, was the following: Fully 70 percent of consumers had at least one trade line account with incomplete information. The Fed finds this problematic. --------------------------------------------------------------------------- \53\ See ``An Overview of Consumer Data and Credit Reporting,'' Avery et al, February 2003, Pages 47-73, Federal Reserve Bulletin http://www.Federalreserve.gov/pubs/bulletin/2003/0203lead.pdf. A key measure used in credit evaluation--utilization--could not be correctly calculated for about one-third of the open revolving accounts in the sample because the creditor did not report the credit limit. About 70 percent of the consumers in the sample had a missing credit limit on one or more of their revolving accounts. If a credit limit for a credit account is not reported, credit evaluators must either ignore utilization (at least for accounts without limits) or use a substitute measure such as the highest-balance level. The authors' evaluation suggests that substituting the highest-balance level for the credit limit generally results in a higher estimate of credit utilization and probably a higher perceived level of credit risk for affected consumers. [Emphasis added] \54\ --------------------------------------------------------------------------- \54\ See page 71, ``An Overview of Consumer Data and Credit Reporting,'' Avery et al, February 2003, Pages 47-73, Federal Reserve Bulletin http://www.Federalreserve.gov/pubs/bulletin/2003/0203lead.pdf. Although industry witnesses will testify to a vast ``free flow of information'' driving our economy that should not be constrained, more and more firms are choosing to stifle the flow of information themselves--to maintain their current customers as captive customers. We expect industry witnesses to claim this problem has been resolved. According to the Fed and CFA studies it has not. This month, a major lender told the American Banker newspaper it does not report credit limits: ``Capital One has never reported credit limits, for proprietary reasons,'' Diana Don, a spokeswoman for the McLean, VA, card issuer, said Wednesday. ``We feel that it is part of our business strategy and provides competitive advantage.'' \55\ --------------------------------------------------------------------------- \55\ ``FCRA Hearing to Shine Spotlight on Credit Process,'' American Banker, 12 June 2003 by Michele Heller. --------------------------------------------------------------------------- When a bank intentionally fails to report a consumer's complete credit report information to a credit bureau, that consumer is unable to shop around for the best prices and other sellers are unable to market better prices to that consumer. Even the Comptroller of the Currency, Mr. Hawke, has condemned the practice.\56\ So has the FFIEC: ``The Agencies are aware that over the last year some financial institutions have stopped reporting certain items of customer credit information to consumer reporting agencies (credit bureaus). Specifically, certain large credit card issuers are no longer reporting customer credit lines or high credit balances or both.'' \57\ --------------------------------------------------------------------------- \56\ See speech by Comptroller of the Currency John Hawke at http:/ /www.occ.treas.gov/ftp/release/99-51.txt 7 June 1999: ``Some lenders appear to have stopped reporting information about subprime borrowers to protect against their best customers being picked off by competitors. Many of those borrowers were lured into high-rate loans as a way to repair credit histories.'' According to U.S. PIRG's sources in the lending industry, this practice continues. \57\ See advisory letter of 18 January 2000 at http:// www.ffiec.gov/press/pr011800a.htm Testimony of U.S. PIRG, 26 June 2003, p.20. --------------------------------------------------------------------------- Affiliate Sharing Regime Provides Fewer Consumer Rights As we have indicated above, the FCRA is an important privacy and consumer protection law. It provides consumers with substantive rights. Yet the growing use of affiliate sharing under GLB for profiling and credit decisionmaking may lessen the public benefits of the FCRA. If credit decisions are made on the basis of affiliate-shared information, consumers do not have the same bundle of rights as they would under the FCRA. As internal creditor databases increase in size and predicative value, either credit decisions or other profiling decisions (whether to even offer a consumer a certain class of product, for example) may more and more be made under the GLB regime. These adverse actions will not result in triggering the same disclosures and rights that consumers obtain under the FCRA. These changes in the marketplace, which are already occurring, mean that consumers may not have the same credit rights in the future. Congress should carefully scrutinize issues related to the lack of consumer rights in the affiliate sharing world, compared to the significant consumer protections provided by the FCRA. Conclusion Our complex national credit system, which relies on interrelationships between and among furnishers of information (creditors), consumer reporting agencies (credit bureaus) and numerous other information providers, secondary market players and, finally, consumers, was not created by the temporary 1996 preemption compromise to the FCRA and will not be destroyed by letting it expire. Nor was that complex national credit system created by the affiliate sharing regime of GLB which has resulted in a growing number of unregulated transactions and credit decisions. The FCRA worked well before 1996, as the testimony of the Vermont Attorney General's office and other consumer witnesses has made clear today. Industry's lobbying campaign urging you to simply extend the temporary preemption and extend the nonregulation of affiliate sharing is merely an attempt to preserve the unacceptable status quo that has resulted in unacceptable levels of credit report errors and an epidemic of identity theft. We hope to work with the Committee on solutions to these problems as well. We generally agree with industry that a uniform national law would be the most efficient, provided it is adequate. But the best way to get to adequate uniformity is to retain States' rights. Congress has not demonstrated a propensity for enacting uniform consumer protection laws that are adequate, except when driven by the threat of State actions. If Congress fails to solve the problem, or new problems arise, the States can act more quickly to resolve the problem and provide a template for additional Federal action by the Congress. Retaining States' right to enact stronger laws is the best way to guarantee an eventual strong uniform Federal law. The States are rational actors; they will not act to balkanize our financial system. Instead, they will respond to new threats with new and innovative ideas, which will eventually be adopted by other States. The notion of 50 different, conflicting laws is absurd and not even worth debate. In the area of consumer protection, without ideas from the States, typically the only way the inertia of Congress is ever overcome is by a stark crisis--such as Enron. Remember, the Enron fiasco was not even enough to guarantee passage of last year's Sarbanes-Oxley corporate reforms--we had to wait for Worldcom. We appreciate the opportunity to provide our views on the Fair Credit Reporting Act and affiliate sharing. We look forward to working with you in the future on these and other solutions to the problems consumers face in dealing with creditors, furnishers, and identity theft. ---------- PREPARED STATEMENT OF ANGELA L. MAYNARD Chief Privacy Executive and Counsel, KeyCorp on behalf of the Financial Services Roundtable June 26, 2003 Mr. Chairman and Members of the Committee, my name is Angela Maynard, and I am the Chief Privacy Executive and Counsel for KeyCorp (Key), an $86 billion financial holding company headquartered in Cleveland, Ohio. As the nation's 11th largest banking company, Key conducts business throughout the United States in States spanning from Maine to Alaska. Key is a member of the Financial Services Roundtable (Roundtable), and I am appearing today on behalf of the Roundtable as well as the customers, employees and shareholders of Key. The Roundtable represents 100 of the largest integrated financial services companies providing banking, insurance, and investment products and services to consumers. Member companies participate through their chief executive officer and other senior executives nominated by the CEO. I appreciate the opportunity to testify before the Committee on the role of affiliate information sharing under the Fair Credit Reporting Act (FCRA). The FCRA has become central to our Nation's credit system, and the Committee is to be commended for undertaking a thorough review of the Act and its impact on consumers, businesses, and the economy. The Roundtable and Key support the affiliate information sharing provisions of the FCRA, and urge the Committee to renew those and the other provisions of the Act that are scheduled to expire at the end of the year. The Importance of the FCRA and the Consumer Benefits of Information Sharing Before I explain how Key uses the affiliate information sharing provisions of the FCRA, I thought it might be useful to provide the Committee with some insight into the importance of the FCRA to the economy and the consumer benefits associated with affiliate information sharing. Economic Consequences of Failing to Renew the FCRA The Roundtable has found that the failure to renew key provisions of the FCRA will impose substantial costs on consumers and the economy, and will raise barriers to the least advantaged segments of our population.\1\ More specifically, the Roundtable has found that the failure to renew key provisions of the FCRA will result in higher costs for interest on mortgages, credit cards, and other debt; reduced credit access; and higher costs for insurance, electric power (in competitive markets), mail-order and e-commerce purchases, and third-party offerings by financial services companies. --------------------------------------------------------------------------- \1\ ``The Economic Consequences of Failing to Renew Current Provisions of the Fair Credit Reporting Act (FCRA) Which Promote Uniform National Standards,'' a study prepared for the Financial Services Roundtable by the Perryman Group, 2003. --------------------------------------------------------------------------- The additional costs consumers would pay on mortgages and other forms of credit are estimated to total over $20 billion each year. This amount includes $1.7 billion in new mortgage expenses, $1.7 billion in additional home equity and refinancing costs, and over $11 billion in increased credit card charges. The increased annual costs for insurance, electric power, e-commerce sales, and third party services are estimated to total another $20 billion. Additionally, approximately $170 billion in total funds from home equity loans and refinancings would no longer be available to households. Of this amount, approximately $100 billion would otherwise have been spent and circulated through the economy. When these and other cost factors are combined, the net direct loss in annual aggregate spending from the failure to renew the FCRA is estimated to be over $180 billion. Consumer Benefits of Information Sharing The Roundtable also has found that the customers of its member companies obtain significant benefits from information sharing.\2\ These benefits include increased convenience, personalized service, and real savings of time and money. --------------------------------------------------------------------------- \2\ ``Customer Benefits from Current Information Sharing by Financial Services Companies,'' a study prepared for the Financial Services Roundtable by Ernst & Young, December 2000. --------------------------------------------------------------------------- Information sharing saves the customers of Roundtable companies, on average, $195 per household per year. For all customers of Roundtable companies, the total dollar savings due to information sharing is estimated to be $17 billion. About $9 billion of this total comes from sharing information with third parties, and the remaining $8 billion is due to information sharing with affiliates. The dollar savings for customers result from the outsourcing of services to third parties, relationship pricing, and proactive offers. Obviously, these savings would be greater for the entire financial services industry. Information sharing also saves time for the customers of Roundtable companies. The average household saves close to 4 hours per year because of the convenience provided by information sharing. This amounts to a savings of about 320 million hours per year for all customers of Roundtable companies. About 115 million hours are saved because of information sharing with affiliates and 205 million hours are saved because of information sharing with third parties. The timesavings for customers are a result of centralized call centers, Internet-based services, third party services, proactive offers, and prefilled applications. The Roundtable also has found that, contrary to common perception, the ability to share information reduces identity theft and fraud, and that it reduces the number of solicitations consumers actually receive. Identity theft and fraud are reduced because information sharing allows organizations to better identify and respond to fraud and identity theft. Solicitations are reduced as a result of targeted marketing. Roundtable members save about $1 billion per year through the use of targeted marketing, as opposed to mass marketing, and those costs savings can be passed forward to customers. Failure to renew the FCRA could result in a shift back to mass marketing and cause Roundtable members to send out over three times as many solicitations to achieve the same level of sales. How Key Uses Information Sharing To Benefit its Customers Like many other financial services companies, Key is a holding company that owns a number of subsidiary companies, all of which would qualify as affiliates for purposes of the FCRA. At present, KeyCorp owns approximately 20 companies that provide products and services directly to individuals, including: KeyBank, N.A.; Key Bank U.S.A, N.A.; McDonald Investments, Inc.; Victory Capital Management, Inc.; Key Bank Life Insurance, Ltd.; KeyTrust Company, N.A.; and SecoLink Settlement Services, LLC. Key has worked diligently to consolidate the legal affiliates under which we conduct business. Key was the first large multibank holding company to consolidate bank charters under the authority provided by the Riegle-Neal Act. Despite our efforts, we still must operate under multiple legal affiliates due to State and Federal legal requirements, tax and accounting considerations, and operational considerations. For example, the Gramm-Leach-Bliley Act (GLBA) requires many of Key's financial activities be conducted separate and apart from our banking subsidiaries. However, to our customers, Key is not a collection of separate companies; it is a single entity that offers a variety of financial products and services. These include retail and commercial banking; investment banking and management; residential mortgages; home equity and installment loans; financial, estate, and retirement planning; asset management; and, for our business customers, real estate finance and equipment leasing. Despite this structure, Key has a single privacy policy that covers all of our businesses. This policy discloses our practices regarding the collection and sharing of information with both affiliated and nonaffiliated companies. Key has had a privacy policy in existence for 6 years, which predates GLBA's privacy policy requirements. Through our privacy policy, any consumer who provides information to Key can learn the types of information we may collect, from whom, how that information may be used, and how he or she can restrict the use of this information across our company and with third parties. We provide a copy of our privacy policy at the time a consumer first provides the information to Key, whether or not an account is opened, and annually, so long as a relationship exists with Key. Disclosed in the privacy policy is a toll-free number that is dedicated solely to recording privacy elections and answering privacy related questions. Once recorded, a privacy election is applied corporate-wide, covering all Key affiliates, and stays in effect until changed by the individual. The FCRA has two provisions related to the sharing of information among affiliated companies. One provision relates to information about a customer that is based on a company's own transactions with the customer (so-called ``transaction and experience'' information). The other provision relates to any other information about a consumer, including information based on the consumer's transactions with other institutions (so-called ``other'' information). Transaction and experience information is information that relates to a company's own experiences and transactions with a consumer. It would include, for example, the length of time that a customer has held a credit card, the number of times the customer has been late in making a payment on the credit card, or the average monthly balance in the customer's savings account. Under the FCRA, transaction and experience information that is shared with an affiliate is not treated as a credit report. Also, a customer does not have the ability to elect not to allow Key to share such information within the Key family of companies. Key's affiliates share this type of information for many purposes, including customer risk assessments, the servicing of accounts, fraud control, and targeted marketing. Examples of other information, that is nontransaction and nonexperience information, include information on an application, lists of a consumer's assets and liabilities with other companies, and lists of the names of companies from whom the customer has purchased other financial products and services. Under the FCRA, such other information that is shared with an affiliate is not treated as a credit report as long as a consumer is notified that such information may be shared and is given the opportunity to opt out of having this information shared. This provision permits Key's affiliated companies to share all types of information maintained on customers, not just information on our own transactions or experiences with the customer, provided the customer does not ``opt out'' of the sharing. These two provisions were added to the FCRA in 1996 to accommodate the flow of information within organizations, such as Key, which provide products and services to consumers through multiple legal entities. Absent these exceptions to the definition of what constitutes a consumer report, Key's affiliates would be treated as consumer reporting agencies under the FCRA and would be able to share consumer information only in limited circumstances, such as a credit transaction, the underwriting of insurance, or for employment purposes. Key uses the affiliate information sharing provisions of the FCRA in many other ways to help consumers. It relies upon affiliate information sharing to help consumers obtain needed products and services and service customer accounts. It also uses affiliate sharing to fight fraud and identity theft, and to comply with anti-money laundering and anti-terrorist financing laws. The following is a summary of the many ways in which Key uses affiliate information sharing to benefit consumers. Appropriate Product and Services Our customers expect us to help them identify appropriate financial products and services. Affiliate information sharing permits us to efficiently and effectively provide products and services that meet the specific needs of our customers. To do so, we first must understand a customer's financial needs and risk profile. Affiliate information sharing allows us to gather this data. Once we have an understanding of a customer's financial needs and risk profile, including an understanding of the existing product and service relationships the customer maintains across Key, we can determine what products and services are best for the customer, from both a product function and cost perspective. Without affiliate information sharing, our customers would be at a disadvantage in terms of product selection and cost. One-Stop-Shopping Our customers want to minimize the time it takes to conduct business. Affiliate information sharing allows us to deliver financial products and services efficiently. It eliminates the need for our customers to deal separately with different Key employees at multiple locations in order to obtain products and services that are offered by Key through separate legal affiliates. For instance, if a customer goes to a Key branch to open a deposit account, the same employee can assist that individual with other products, such as a home equity line that is offered by a separate Key affiliate. Affiliate information sharing also accelerates account approval and opening processes by leveraging information Key already maintains on the customer to process the customer's request. This eliminates the need for a customer to spend time gathering papers and finding information necessary to proceed with a product request. Integrated Products and Services Key offers several products that straddle affiliates. For example, Key's Total Access Account connects a brokerage account to a bank deposit account. This enables us to swap funds back and forth to maximize the return on a customer's funds. Customer information must be shared between our brokerage and bank to allow these products to co- exist. Combined statements and online account aggregation services are other examples of services that benefit our customers, and that are a direct result of affiliate information sharing. Relationship-Based Discounts Key strives to maintain and grow customer relationships. One way we achieve this goal is through relationship-based pricing and discounts for customers who maintain multiple accounts across Key. The number and mix of products and services a customer maintains across Key impacts the profitability of a customer, which allows Key to provide certain customers with discounts and preferential pricing. Affiliate information sharing allows Key to perform the analysis necessary to determine which customers qualify for discounts or other pricing breaks. The benefit to the customer in this case is clear: Advantageous pricing. This benefit is a direct result of affiliate information sharing. Ease for Clients Affiliate information sharing supports our ability to effectively service customers. It allows us to respond to customer inquires. With access to shared information, a bank branch representative can assist a customer who may have questions concerning the customer's brokerage and deposit accounts. Information sharing also enables a centralized department to update customer information for accounts held at any Key affiliate. This saves the customer the time and nuisance of separate visits and multiple telephone calls. Furthermore, information sharing helps Key manage data quality. When personal information related to a customer is changed at one affiliate, information sharing enables us to reflect that change in other accounts held throughout the organization. Maintaining the accuracy of customer information is critical in the fight against identify theft. Effective Solutions Information sharing helps Key provide the best possible financial solutions to its customers. For example, when determining the best source for funds needed by a customer, a Key representative can identify more opportunities with a full understanding of the client's relationship across Key. Utilizing information sharing, the Key representative may discover that the customer has a home equity line with a Key company and may conclude that the home equity line is a less expensive source of funds than the credit card limit extension the customer may have requested. Increased Efficiencies/Decreased Costs Centralizing functions--such as call centers, operations centers, analytics, and product development--all require information sharing across affiliates. The centralized functions enable the same Key employees to effectively and efficiently perform nearly identical functions for different affiliates within our organization. Consolidating functions across affiliates improves expertise, allows us to better manage risks, and significantly reduce operating expenses. These benefits are passed on to the customer in the form of better service and lower costs. If affiliate information sharing is restricted, it would force Key to decentralize and duplicate functions within the organization, with no benefit to customers. Well-Suited Offers Key uses information sharing to determine which products or services to market to our customers. We strive not to annoy our customers with offers for products or services that do not fit their needs. We know that customers only will choose new products or services if those products or services fill a specific need. Efforts to market the wrong products and services to our customers benefit no one. In order to ensure that our marketing efforts benefit our customers, we conduct the necessary analysis of the information we have available to us to understand our customers' needs. This does not mean that we will market products to those who have requested us not to solicit them. For many years, Key has provided its retail and business customers the option to not receive marketing from Key if they chose. Uncovering Fraud Information sharing among affiliates is critical in our efforts to fight fraud. Organized crime groups conduct the majority of fraud committed against financial institutions. These groups know the requirements under which we operate and ``game'' the system. They know where and how we can share information, and play that against us. They know the legal restrictions we operate under and the technology we utilize. When a financial institution is the target of fraud, it generally is not an isolated incident; criminals strike at multiple points across the organization. Gathering and sharing information on the impacted accounts across the organization is the only means to effectively address this problem. In these situations, information must be retrieved from employees in closest contact with the accounts, as well as the individuals who established the accounts. The information must be shared with those involved throughout the organization involved to help uncover the totality of the fraud. Preventing Fraud Key uses information sharing to help prevent fraud before it occurs. Some of our processes check existing information we have on a customer against information we receive when an account is established. If the information appears suspicious upon comparison, our employees take a closer look to uncover attempted fraud. By sharing information across the entire organization, not just within an affiliate, we have a much greater opportunity to stop fraud before it happens. Affiliate information sharing is also a critical component of Key's compliance efforts with OFAC requirements, suspicious activity reporting requirements, and anti-money laundering and anti-terrorist financing requirements. Easing the Impact on Victims Having access to information across affiliates increases the speed with which Key can react when assisting a victim of fraud or identity theft. Systems that house information across the company are a tremendous tool in aiding an identity theft victim. By placing one call to our fraud unit, a customer can, within a few minutes, have confirmation that a check was fraudulently passed, and can obtain credit to his or her account. This is possible through access to an imaging system that contains copies of checks that can be searched and viewed within seconds to compare signatures on checks and an accounting system that permits accounts to be adjusted. Our fraud unit is centralized to support this function corporate-wide. In order for the unit to work properly, it is necessary for all affiliates to share information with the unit. Our centralized fraud unit also allows a customer one point of contact within our organization. This avoids the need for the customer to make separate phone calls to the different affiliates that may be involved. Additionally, our centralized fraud unit benefits the company by making us more effective in successfully investigating the crimes and quickly getting information to law enforcement to aid in potential recoveries. When identity theft does occur, affiliate information sharing enables us to ease the victim's burden of clearing the many difficult issues that are often encountered. For instance, in the process of reestablishing a customer's accounts after an identity theft has occurred, it is essential to quickly access information across affiliates on the affected accounts. This is critical in lessening the hardship that would otherwise linger for the victim. Consumer Protections I have described how Key shares information among affiliates for the benefit of its customers. Key is equally concerned about protecting customers from unwanted distribution of information: <bullet> Key has stringent information access restrictions across the company. <bullet> We train our employees (23,000+) annually on the importance of privacy and its requirements. <bullet> Key does not share medical information among affiliates for any reason not related to the servicing of the account or product. <bullet> Any consumer who provides personal information to Key is informed of our information sharing practices. <bullet> Consumers can opt out of the sharing of nontransaction and experience information among affiliates. We inform consumers of this right, and provide them with our toll-free Privacy Line number to exercise the right. <bullet> Consumers are notified of any adverse decisions based upon information contained in a credit report, and given the opportunity to dispute that information. Conclusion In conclusion, the Roundtable and Key support the affiliate sharing provisions of the FCRA. We firmly believe that the statute strikes an appropriate balance between consumer protection and corporate structure. It permits financial services companies, like Key, to offer a full range of products and services to consumers in a convenient and efficient manner resulting in real benefits and savings for our customers. At the same time, it permits consumers to block unwanted information sharing and helps protect against identity theft. We urge the Committee to make the existing provisions of the FCRA permanent and thereby reaffirm our national credit system. RESPONSE TO WRITTEN QUESTIONS OF SENATOR SHELBY FROM TERRY BALOUN Q.1. What level of understanding does the average consumer have with respect to affiliate sharing? A.1. The average consumer has little understanding of affiliate sharing. The consequences of that misunderstanding may vary considerably, depending on how a particular business is organized. Wells Fargo, for example, has a separate banking affiliate in almost every State in its banking footprint, and separate credit card and home mortgage entities. Few, if any, customers want to be treated as a stranger if they try to conduct business in a branch outside their home State. Customers expect to be able to make payments on their Wells Fargo credit cards and mortgages in any Wells Fargo branch, even though those products are offered by different legal entities. Even when the affiliates are in different lines of business, for example banking and securities brokerage, most customers expect that their overall relationship with ``Wells Fargo'' will be considered in determining whether they qualify for certain benefits; they would not want the value of their relationship measured based solely on the balances in bank accounts if they also maintain a sizable securities portfolio with us. Indeed, to provide intelligent financial solutions for many customers, it is necessary to understand their overall financial picture--including investments and insurance, as well as banking relationships. In most cases, when consumers ``opt out'' of information sharing--with affiliates or with third parties--what they are really trying to achieve is a reduction in direct marketing solicitations. That concern is already addressed by State and Federal laws establishing ``opt out'' mechanisms for telemarketing calls, fax and e-mail advertising, and prescreened solicitations. Q.2. Does the number of affiliates a firm has affect this understanding? A.2. See #1 above. The sheer number of affiliates is less important than the complexity of the organization in terms of different lines of business. In many cases, the number of affiliates is a red herring. For example, more than two-thirds of Wells Fargo's affiliates have no consumer-oriented business and thus are unlikely to have any use for consumer data; we believe the same is true for most other large financial institutions. Q.3. What about situations where the affiliates are engaged in entirely different lines of business? Does it matter that a person recognizes that they have a relationship with a bank but may not know that the bank also owns a retail securities brokerage operation or a direct mail operation where this information would be used and other things? A.3. See #1 above. Few customers would be well served if any financial institution tried to meet all their financial needs in a single entity or line of business. Insurance and securities investments are an important part of the overall financial security of most customers but, for regulatory reasons, insurance and securities brokerage activities cannot be conducted by banks. The main purpose of the Gramm-Leach- Bliley Act was to facilitate coordinated offerings of different types of financial products by integrated financial institutions. Cutting off the flow of customer information among the various parts of such an institution would largely undo the benefits foreseen in the GLBA. Q.4. How important is a firm's brand to consumers in establishing their expectations with respect to the kind of relationship they have with a company? A.4. Branding is extremely important in setting consumer expectations, and this is reflected in the branding policies of most consumer-oriented businesses. For example, it may make economic sense for the same hotel chain to operate very different level hotels in the same market, but it would be madness to operate a $500 per night hotel under the same brand as a $59 per night hotel. Both serve the needs of important market segments, but someone walking into a Best Western does not expect the amenities--or the prices--of the Ritz, and someone walking into the Ritz does not expect the amenities or the prices of a Best Western. The same is true in financial services. Wells Fargo, like most other large financial institutions, uses a common brand name for its mainstream consumer financial businesses. (In the case of acquired businesses, there is often a transition period during which the old name is retained.) If a different brand is used for a part of the business, it is usually because that segment serves a specialized market segment, for example, investment advisory services for high net worth individuals. Different brands may also be used for some nonconsumer businesses. Even where separate brands are employed, the corporate family name is often identified as well; that is, ``XYZ Corp., a Wells Fargo company.'' Q.5. How important is that brand? A.5. Brand reputation is extremely important to any consumer- oriented business. See #4 above and #6 below. Q.6. Should there be safeguards, or best practices for sharing information within affiliates? A.6. Yes, but such ``safeguards'' and ``best practices'' do NOT need to be imposed by legislative mandate. Misuse of customer information almost always comes to light, usually sooner rather than later. Businesses such as financial service providers have substantial motivation to maintain the trust and goodwill of their customers, and they know that nothing will erode that trust and goodwill faster or more permanently than misuse of customer information. If any Wells Fargo business is discovered to have misused customer information, the reputation of the entire enterprise will be sullied. We have substantial information to ensure that all our businesses use customer information responsibly without legislative mandates around the sharing of information with affiliates. The existence of such mandates would provide little additional incentive to use customer information responsibly, but would stifle innovation and competition. Q.7. While called ``affiliate'' sharing provisions, these provisions actually allow companies to share information with entities that are outside their affiliate structures, don't they? Why is this necessary and does this make sense? A.7. The ``affiliate sharing'' provisions of the FCRA in no way permit sharing of information outside of the ``affiliate structure'' or ``corporate family'' at least with respect to financial institutions. Sharing with nonaffiliates is governed by Title V of the GLBA. If the affiliate where the information originates could not share it with a nonaffiliated third party, an affiliate who receives that information will also be prohibited from sharing it with a nonaffiliated third party. Q.8. Do consumers have different concerns with respect to affiliate sharing versus third party sharing? A.8. Clearly their concerns are different in degree, if not in kind; far fewer customers opt out of affiliate sharing than opt out of third party sharing. Most customers are unaware of the corporate entity structure of most businesses. If anything, they expect that legal entity boundaries will be transparent to them. In our case, a California bank customer expects to be treated as a Wells Fargo customer and not a stranger in a Wells Fargo Bank in another State, or if s/he applies for a Wells Fargo mortgage or credit card, even though those are all different legal entities. That seamless customer experience simply would not be possible if customer information could not flow freely among Wells Fargo affiliates. Q.9. Should there be greater control over sharing information outside of an affiliate structure than within? In other words, should this provision be limited so that the only type of information sharing permitted is sharing within affiliated entities? A.9. This is already the case for financial institutions: Sharing of information within the ``corporate family'' is governed by the FCRA while sharing of information with unaffiliated third parties is governed by Title V of the GLBA and, if applicable, State or local laws which may be even more restrictive than Federal law. Q.10. Do financial institutions make underwriting decisions without using credit reports? A.10. Generally, no. In most cases internal information and information obtained from affiliates--which may be much more detailed than the information in credit reports--is used to supplement the credit report when an existing customer applies for credit. In some limited instances, a long-standing relationship with the institution (including its affiliates) may be considered sufficient to forego the use of a credit report for certain products. Q.11. There are a range of sharing activities that you are permitted to engage in under the law. Have any of your firms decided NOT to take advantage of the full range of these sharing activities--are there things you could do but don't do, and if so, why don't you do these things? A.11. Wells Fargo does not share information with nonaffiliated third parties for marketing nonfinancial products or services without the customer's explicit consent, even though the GLBA and almost all State laws permit doing so subject to notice and opt out. Wells Fargo also permits its customer to opt out of information sharing with other financial institutions under ``joint marketing agreements'' even though the GLBA permits such sharing without an opt out opportunity. (However, we recognize the importance of the joint marketing agreement exception to smaller institutions which cannot provide the same range of financial products internally.) Wells Fargo permits its customers to opt out of sharing any information with affiliates for marketing purposes, even though the FCRA permits sharing identifying and ``transaction and experience'' information with no opt out. Wells Fargo also permits its customers request solicitation restrictions in addition to those required by law; for example do not mail and do not e- mail, even for current customers. RESPONSE TO WRITTEN QUESTIONS OF SENATOR BUNNING FROM TERRY BALOUN Q.1. Are there simple ways to make the opt out notice clearer to the consumer without having to send out the long and drawn out privacy notices. I think that if it was clear, whether that means bold print, a larger check off box, or a simple and precise explanation, it would eliminate some of the apprehension some have. Do you agree/disagree? A.1. Since enactment of Gramm-Leach-Bliley, Wells Fargo has undergone a process to evaluate content and style of its privacy notices and have made improvement. We believe that there are steps that each company can take to ensure the ready availability of notices and opt out opportunity, for example brochures available on bank branch counters. Wells Fargo would recommend that Congress provide sufficient flexibility to regulators to allow for simpler notices. If there is a problem with consumer privacy notices, it is that they are too long and too complex. Virtually all the experts in this area agree that privacy notices should be shortened, simplified, and standardized (to enhance comparability). For many--perhaps most--financial institutions, it would be extremely cumbersome and expensive to maintain and distribute 50 different notices (even small, local institutions are likely to have some customers who reside in different States). Thus the likely response to different requirements in different States would be an attempt to develop ``one-size- fits-all'' notices that would meet the requirements of all the States, and which would be neither short nor simple. Q.2. What unintended consequences do you foresee for some of the proposals that would change the current affiliate sharing status quo? A.2. Wells Fargo's customers expect seamless service across business lines. A change to the existing framework would hamper that service, if not bring it to a halt. As I mentioned in my testimony, new homeowners and small business owners have access to credit available to them as a result of our analysis of data. Products are offered on a timely and nationwide basis. Wells Fargo is a financial services provider and should be allowed to structure itself in a way that allows the company to offer financial products to its customers. The United States currently enjoys historically low interest rates on almost all credit products, and greater access to credit for all economic segments than has ever been true in the past. While the Fed's monetary policy due to the economic slump has been a factor, the decline in consumer interest rates began long before the economic downturn. Interest rates in the United States are also lower than in almost any other country on earth. Long-term, the decline in consumer interest rates in the United States has been driven by three primary factors: <bullet> Better risk assessment. <bullet> National competition. <bullet> An active and efficient secondary market for consumer credit receivables. All three of these forces depend on accurate, complete, and consistent credit information on a nationwide basis, and thus would be endangered if different States had different laws on information sharing and credit reporting. Q.3. What are some of the difficulties financial services companies might have in marketing to a community where there are multiple privacy standards? A.3. If California's nine pending local ordinances go into effect, Wells Fargo will not be able to automatically service/ contact customers in those local markets. Our experience in North Dakota shows that Wells Fargo now has a customer base in rural markets of North Dakota that do not see information related to insurance products. Conforming with Gramm-Leach-Bliley, the North Dakota legislature changed its opt in law to opt out with respect to information sharing with outside third parties for financial purposes. But this was reversed by a 2002 referendum election to return to an opt in standard--requiring banks to get customer approval before providing financial services offered by a third party financial services company. Wells Fargo expects that the result will have an impact on North Dakota's rural communities. To ensure compliance, Wells Fargo has, in effect, placed all the residents of North Dakota on a do-not-contact list regarding insurance products and is not providing any unsolicited information. Customers have opportunities for a broad array of financial products and North Dakota's State action has the result of preventing rural access to that product list. Q.4. Do you think that a company that has stringent privacy practices (the good guys) would open itself up to unnecessary litigation if it has to adhere to multiple privacy standards? A.4. Yes. Q.5. Do you think that a company that does business in an area that institutes multiple privacy standards will choose to stop doing business in that area? A.5. Again, we would refer to our experience in North Dakota. Conforming with Gramm-Leach-Bliley, the North Dakota legislature changed its opt in law to opt out with respect to information sharing with outside third parties for financial purposes. But this was reversed by a 2002 referendum election to return to an opt in standard--requiring banks to get customer approval before providing financial services offered by a third party financial services company. Wells Fargo expects that the result will have an impact on North Dakota's rural communities. To ensure compliance, Wells Fargo has, in effect, placed all the residents of North Dakota on a do-not- contact list regarding insurance products and is not providing any unsolicited information. Our customers outside of North Dakota have opportunities for a broad array of financial products and North Dakota's State action has the result of preventing rural access to that product list. Q.6. How many customers actually opt out of information sharing with affiliates? A.6. Wells Fargo has had a very small percentage. I would note that Wells Fargo offers an annual opt out opportunity for a customer--which is over and above what is currently required by the Fair Credit Reporting Act. Opt out rates have not increased significantly over the past 5 years, despite annual notices and extensive media attention. RESPONSE TO WRITTEN QUESTIONS OF SENATOR SARBANES FROM TERRY BALOUN Q.1. Please identify the specific types of transaction/ experience information about its customers that the bank keeps on file. Which types of data does your bank share with one or more affiliates for purposes other than servicing an account or fraud prevention? Does your bank or a bank affiliate combine your customer data with information purchased from other sources to create a fuller picture of your customer? If so, what specific types of information do you receive from these other sources and for what purposes is the composite information used? A.1. Information is generally made available to affiliates by granting access to the centralized customer information system which contains primarily account-level information or, in some cases, to systems of record with more detailed transaction information. For example, employees who answer customer service telephone calls may need access to detailed transaction information in order to respond to questions about specific checking or credit card transactions. Access to all customer information, whether within the same legal entity or across affiliates is restricted on a ``need to know'' basis; employees of affiliates which do not provide consumer products and services would not have access to any information about any consumer customers. Extensive physical, technical, and procedural safeguards are employed to protect customer information at all stages. These safeguards, in turn, are reviewed and approved by our respective Federal regulators. Wells Fargo obtains information from credit bureaus as part of an application/credit granting process. Wells Fargo needs to have the most complete and current financial picture of an individual applying for credit. As a general matter, Wells Fargo supports full and equal reporting of credit information, and we support the efforts of the credit reporting agencies and the financial regulators to encourage full reporting. However, we also recognize that the United States has a voluntary system of credit reporting that has worked very well over many years. A change as fundamental as mandatory credit reporting would undoubtedly have many unforeseen consequences. Therefore, we urge Congress to encourage full voluntary credit reporting, which it best can do by maintaining the existing limits on the liability of reporting entities. Q.2. Professor Reidenberg in his testimony wrote ``The FCRA created fundamental fairness in the treatment of personal information through adherence to the basic principle that information collected for one purpose should not be used for different purposes without the individual's written consent.'' Do you agree or disagree that ``information collected for one purpose should not be used for different purposes without the individual's written consent''? Why? A.2. I am not sure how you define ownership in the context of a company that wants to provide services of value to customers. ``Ownership'' is not a very useful concept when applied to information. ``Ownership'' of a physical object implies total control to the exclusion of others. The same piece of information, on the other hand, can be used by many people, often without diminishing the value to any other user. Thus the question should be, ``What uses should a particular party be allowed to make of a particular piece of information.'' The information of interest to financial institutions primarily arises from the relationship between the institution and its customer, and secondarily from information each furnishes to the other--directly, for example on an application, or indirectly, for example from a credit report--in connection with that relationship. It seems that both parties should have the right to use information. Q.3. What is the total number of affiliates that the bank has and what lines of business are the affiliates engaged in? Does the bank disclose to customers the identities of the affiliates which it may share their confidential financial data and their lines of business? A.3. Wells Fargo has roughly 800 legal entities--so-called affiliates--but only 38 are considered to be national businesses (per Wells Fargo's annual report); approximately one quarter of the 800 number actually uses consumer data. Moreover, Wells Fargo is structured so that data is available based on what is relevant to a particular business line and if other affiliates want access, the entity has to prove business use/need and request clearance by Wells Fargo Information Security. These firewalls and processes are examined by our Federal banking regulators. The Committee should also keep in mind that as we acquire other financial companies, we may elect to keep them operating in their existing structures, so our so- called affiliate number fluctuates. Q.4. On June 19, 2003, at the Banking Committee's hearing on identity theft, a witness from the Secret Service wrote, ``With lower costs of information processing, legitimate companies have found it profitable to specialize in data mining, data warehousing, and information brokerage. . . . This has led to a new measure of growth within the direct marketing industry that promotes the buying and selling of personal information.'' He went on to write that such data are ``valuable commodities.'' How valuable is this data? If a bank were to buy such data on customers, how much would it cost? A.4. Wells Fargo cannot judge the value of collected data and cannot speculate on the cost. Wells Fargo is a financial services company and for credit granting, relies on the most current available credit report in order to complete a transaction/approve credit. Q.5. Do your affiliates use transaction/experience data from your customers in making decisions of whether to grant credit, for purposes other than fraud prevention? If so, please describe with specificity what information is used and how it is used in deterring whether to extend credit? A.5 Wells Fargo maintains one centralized database. The cost of developing systems, plus a mobile customer base, and the need to comply with multiple State rules--will result in confusion for both the customer and our employees if a separate database is required for fraud control and another database for credit granting. Because of a centralized database, affiliate sharing does control fraud perpetrated against Wells Fargo businesses. Our tellers are our front line of defense in controlling fraud and can only do that because they have a full screen of information in front of them. A centralized database also allows relevant businesses to provide credit along with the most current credit bureau report. In general, with affiliate sharing of information, my company can offer beneficial rates and streamlined services to individuals with their brokerage accounts, to mortgage customers, to small businesses. For example, credit card issuers today provide credit on a nationwide basis and instantly--in contrast to 5-10 years ago, when such credit granting required a relationship with a banker; mortgage companies can offer its existing customers beneficial rates and quick turnaround on refinancings; with low interest rates, investment/financial planners can advise customer on safe financial products to get better return for their investments. RESPONSE TO WRITTEN QUESTIONS OF SENATOR DOLE FROM TERRY BALOUN Q.1. Some of my colleagues have made the point that some banks have thousands of affiliates. Ms. Brill also lists the number of affiliates for Keycorp and Citigroup in her prepared statement. Can you explain why this is and how many of these affiliates actually deal in customer information? A.1. Yes. Wells Fargo has roughly 800 legal entities--so-called affiliates--but 38 are considered to be national businesses (per annual report) and roughly a quarter of the 800 number actually use consumer data. Moreover, Wells Fargo is structured so that data is available based on what is relevant to a particular business line and if other affiliates want access, the entity has to prove business use/need and request clearance by Wells Fargo Information Security. These firewalls, in turn, are examined by our Federal banking regulators. The Committee should also keep in mind that as we acquire other financial companies, we may elect to keep them operating in their existing structures, so our so-called affiliate number fluctuates. Q.2. Last week we heard from both the FTC and the U.S. Secret Service that information sharing helps prevent identity theft. In Ms. Brill's statement, she states that this practice likely facilitates identity theft. Mr. Baloun, does sharing information among affiliates increase or help prevent identity theft? A.2. Yes, affiliate sharing does control fraud perpetrated against Wells Fargo businesses. Our tellers are our front line of defense in controlling fraud and can only do that because they have the necessary information in front of them. In Omaha, Nebraska, Teller Sara Locke compared the out-of- State account information in her computer with the identity provided by a customer in Omaha, and stopped her from fraudulently cashing a check for $2,700 drawn on a Wells Fargo California bank account. Locke noticed that the real accountholder's birth date did not match the age of the person standing in front of her. The real accountholder was in her 70's, while the person standing in front of the teller looked no more than 30. The police were contacted, and the information provided by the woman helped them uncover a nationwide fraud ring. RESPONSE TO WRITTEN QUESTIONS OF SENATOR JOHNSON FROM TERRY BALOUN Q.1. Professor Reidenberg has made some assertions in his testimony that variation in State laws has had little to no impact on the availability of financial services in those States. You run Wells Fargo in North Dakota, which had a high profile referendum on opt in versus opt out. Would you comment on what impact this referendum has had on your ability to serve people in North Dakota. A.1. Wells Fargo's experiences with the outcome of the North Dakota referendum show that Wells Fargo customers do not get information about certain Wells Fargo products. That same customer may get information from another provider or may not receive as large a variety as individuals in other States. Conforming with Gramm-Leach-Bliley, the North Dakota legislature changed its opt in law to opt out with respect to information sharing with outside third parties for financial purposes. But this was reversed by a 2002 referendum election to return to an opt in standard requiring banks to get customer approval before providing financial services offered by a third party financial services company. Wells Fargo expects that the result will have an impact on North Dakota's rural communities. To ensure compliance, Wells Fargo has, in effect, placed all the residents of North Dakota on a do-not-contact list regarding insurance products and is not providing any unsolicited information. Customers outside of North Dakota have opportunities for a broad array of financial products and North Dakota's State action has the result of preventing rural access to that product list. Q.2. I think a lot of us here are surprised to learn how many affiliates can be included in a corporate family. Would you please explain why your companies are structured the way they are and how many affiliates actually have access to consumer information? For example, it is my understanding that while Bank of America has over 1,100 affiliates, only 20 or so of those affiliates actually deal with consumer information. A.2. Wells Fargo has roughly 800 legal entities--so-called affiliates--but 38 are considered to be national businesses (per annual report) and roughly a quarter of the 800 number actually use consumer data. Moreover, Wells Fargo is structured so that data is available based on what is relevant to a particular business line and if other affiliates want access, the entity has to prove business use/need and request clearance by Wells Fargo information security. The Committee should also keep in mind that as we acquire other financial companies, we may elect to keep them operating in their existing structures, so our so-called affiliate number fluctuates. Q.3. It has been noted today that information shared within an affiliated structure does not constitute a consumer report and is therefore not protected by the FCRA with respect, for example, to adverse action notices and reinvestigation timeframes. Would you please describe how you might use internal credit information, and whether this lack of protection might adversely affect your customers? For example, how might you use experience information of a credit card customer if that customer applies for a mortgage through your mortgage affiliate? A.3. It is simply not true that information provided by affiliates is not subject to adverse action and reinvestigation protections. The FCRA Section 615(b)(2) requires that when adverse action is taken because of information provided by an affiliate, the consumer is entitled to an adverse action notice that is substantially similar to that required when adverse action is taken based on information provided by a consumer reporting agency. In most cases, including the example given in the question, the information used in connection with an application for new credit, will have been reflected in a billing statement provided to the customer by the institution, and subject to the protections of the Fair Credit Billing Act (FCBA), including the right to dispute information. Unlike the FCRA, when a dispute is lodged directly with the institution under the FCBA, the institution is required to not report the disputed amount as delinquent to any consumer reporting agency until the reinvestigation has been completed and the information verified. (Under the FCRA, the reporting institution must note that a dispute has been lodged, but it may continue to report the disputed information pending resolution of the dispute.) Q.4. What steps do you take with new customers to help them understand their rights to opt out of information sharing among affiliates? Do you do more than just send them the privacy notice? Are tellers, for example, trained in any particular manner to help customers understand their rights? A.4. All employees go through annual privacy training. Our Wells Fargo bankers that set up new accounts for customers are trained to provide privacy notices and help customers that have elected to opt out--if a customer would like to opt out, they are given options, including a toll-free number. In addition, Wells Fargo goes over and above current FCRA requirements by providing an annual opportunity to opt out. Opting out of affiliate sharing is easy at most large financial institutions. Wells Fargo, for example, provides an 800 number that customers can call to opt out (and register other privacy preference) in addition to a simple tear-off form attached to the privacy disclosures given to all new customers and annually to existing customers--which is over and above what the Fair Credit Reporting Act requires. Financial institutions maintain centralized customer information systems--which are the key to detecting and preventing identity theft--primarily to provide seamless service to our customers, and to inform customers about other products and services that we believe might be of interest to them. Merely exempting fraud prevention uses from restrictions on information sharing will not provide the incentive needed to develop and maintain such complex and expensive systems. As I indicated in my statement, without affiliate sharing, Wells Fargo will be unable to provide service to bank customers across State lines, or service across legal entity lines (that is, paying mortgage or credit card bills at bank branches, offer combined statements, and provide our business direct loans to small business owners.) Information is generally made available to affiliates by granting access to the centralized customer information system which contains primarily account-level information or, in some cases, to systems of record with more detailed transaction information. For example, employees who answer customer service telephone calls may need access to detailed transaction information in order to respond to questions about specific checking or credit card transactions. Access to all customer information, whether within the same legal entity or across affiliates is restricted on a ``need to know'' basis; employees of affiliates which do not provide consumer products and services would not have access to any information about any consumer customers. Extensive physical, technical and procedural safeguards are employed to protect customer information at all stages. Q.5. There seems to be some disagreement about whether affiliate sharing is more about benefits to the company or the consumer. What benefits specifically flow to the customer, and I do not mean getting marketing fliers that are often included in a credit card statement. A.5. With affiliate sharing of information, Wells Fargo mortgage has provided close to 200,000 new mortgages as a result of referrals from a Wells Fargo bank. Specifically, Wells Fargo can offer beneficial rates and streamlined services to mortgage customers. For example: <bullet> Wells Fargo mortgage can offer its existing mortgage customers beneficial rates and quick turnaround on refinancings. Mortgage can quickly gather needed data from all Wells Fargo businesses with which the customer may have a relationship. Process keeps Wells Fargo customers away from other predatory mortgage lenders that make it tough and costly to refinance. <bullet> Pack pricing: Wells Fargo regions offer new mortgage customers a $300 discount on closing costs if customer opens up a package relationship with Wells Fargo, which includes: Bank account, credit card, discounts on brokerage fees/Wells Trade, and a free consultation with a financial consultant. <bullet> Customers who want to open a home equity line simultaneously with getting their mortgage only have to provide their information once because we are able to share their information across affiliates. Generally, Wells Fargo's ability to compete against other companies--``our secret sauce''--is to be able to find creditworthy customers in a population that would not appear creditworthy just on credit bureau/credit score information alone--that is, our own experience with the customer. This allows us to qualify more customers and to extend credit to those we otherwise in the absence of this internal information would have turned down. If we cannot aggregate our own customer experience info, our ability to identify good customers based on internally generated information would be eliminated. Competitors who collect information about customers and operate in a single enterprise would not be impacted. Q.5. Do you have any data to share with the Committee on how information sharing has impacted your lending practices in traditionally underserved communities? In particular, have you seen an impact on mortgage lending in underserved communities? A.5. The United States currently enjoys historically low interest rates on almost all credit products, and greater access to credit for all economic segments than has ever been true in the past. Long-term, the decline in consumer interest rates in the United States has been driven by three primary factors: <bullet> Better risk assessment. <bullet> National competition. <bullet> An active and efficient secondary market for consumer credit receivables--especially mortgages. All three of these forces depend on accurate, complete, and consistent credit information on a nationwide basis, and thus would be endangered if different States had different laws on information sharing and credit reporting. In California, data on our mortgage market shows that 40 percent of new Hispanic Wells Fargo mortgage customers became homeowners as a result of a Wells Fargo bank referring the customer to an affiliates Wells Fargo Home Mortgage office. Q.6. I am interested in something Mr. Prill has noted in his statement related to customer demand for mailings announcing sales and other promotions. Some people might view this as junk mail. Do you have any statistics anecdotes relating to how these promotional materials might be viewed? A.6. In all direct marketing, the response rate increases when you are able to target the message more closely to consumers who are likely to be interested in the product. When interest rates on mortgages are low, we know our customers appreciate hearing from us, especially if we are able to offer them a preapproved loan or a streamlined process for refinancing their loans as a result of the relationship they have with us. Q.7. Do you have statistics to opt out rates among customers that might show that customers understand their rights? Are opt out rates the same among all customer groups? A.7. Wells Fargo customer opt out rates have remained fairly low (about 5 percent) for over 5 years, despite annual disclosures and extensive media attention to the subject. When Wells Fargo conducted research among customers and noncustomers to assess the readability of privacy disclosures, we learned that the respondents understood the disclosures easily when they took the time to read them, but most stated that they had not opted out and did not plan to because they trusted their banks. Wells Fargo's privacy policy goes beyond the GLBA in that we offer our customers separate choices to opt out of internal and external sharing, even though the only external sharing we do is with other financial institutions as permitted by the GLBA. The number of customers who opt out of external sharing is more than double the number who opt out of internal sharing only, indicating that there is a clear distinction between the two types of sharing and that our customers feel significantly more comfortable with internal sharing than with external sharing. Not all customers have a high level of concern about opting out, and even fewer opt out from sharing within a company with which they have a relationship. National consumer research indicates that, in general, about 26 percent of Americans have been identified as ``privacy fundamentalists'' (Privacy & American Business/Harris Poll, March 2003). Ten percent are classified as ``unconcerned'' and 64 percent are labeled ``pragmatists.'' These statistics do not necessarily pertain to established business relationships, where the number of people concerned enough to take action and opt out would be expected to be much lower. Therefore, if the universe of consumers who have expressed concerns about privacy in any venue is 26 percent, and that number is significantly reduced to eliminate those consumers who are less concerned or unconcerned about companies with which they have an established business relationship, then the rate of opt outs experienced within the financial services industry seems reasonable and appropriate. RESPONSE TO WRITTEN QUESTIONS OF SENATOR SHELBY FROM MARTIN WONG Q.1. What level of understanding does the average consumer have with respect to affiliate sharing? A.1. The average consumer has many opportunities, from life experience and now from Fair Credit Reporting Act (FCRA) and Gramm-Leach-Bliley Act (GLB) notices, to become aware that financial information may be shared with affiliates for customer service, operational, and marketing purposes. Consumers expect prompt and efficient delivery of products or services from their financial institution and seem to understand that information must be shared among affiliates to meet those needs. Consumers also have some awareness that many U.S. financial service companies, for historical reasons, have a large number of affiliates. Consumers may become aware of this when they move between States and need to change homeowner or auto policies, or when they must take additional steps in order to make bank deposits from outside their home State. Recognizing that customers want seamless service, affiliate sharing programs are focused on enabling a group of affiliates to serve their customers in an integrated, cohesive fashion rather than interacting with customers in a seemingly disjointed and customer-unfriendly way. While some of the affiliate sharing is obvious to consumers, other affiliate sharing is not. For example, if customers access all of their accounts through a combined statement, transfer funds among accounts at different affiliates through a single ATM transaction, or manage their money through a consolidated web- site, they understand--and want--information to be shared among affiliates. The customer may not be aware of all the legal vehicles that operate jointly to provide retail banking products to individual depositors and borrowers. For example, the Citibank retail banking business in the United States operates under 10 separate charters. Nor may customers feel a need to know that each of these entities may have a number of subsidiaries and affiliates that provide servicing for the loans or back office systems support, hold foreclosed property taken in satisfaction of debts, or act as agent in the sale of insurance to bank customers. However, customers generally expect these affiliates to work together and share information so that a customer from a Connecticut branch (Citibank, F.S.B.) can receive the service he or she expects when coming to a New York City branch (Citibank, N.A.). This service is based on the ability of the customer service representative to access the customer's deposit accounts and outstanding lines of credit on a screen in the branch of the affiliate, to validate the customer's identity, and to have efficient procedures for processing the request. Q.2. Does the number of affiliates a firm has affect this understanding? A.2. Customers who deal with Citigroup are aware of the fact that we are a global brand with many affiliated businesses. Citigroup promotes our ability to offer comprehensive financial services to customers through our affiliated business lines and believes that many customers choose to do business with us for that reason. Customer understanding is less a function of the number of affiliates a firm has and more a function of whether or not the affiliates interact directly with customers. Q.3. What about situations where the affiliates are engaged in entirely different lines of business? Does it matter that a person recognizes that they have a relationship with a bank but may not know that the bank also owns a retail securities brokerage operation or a direct mail operation where this information would be used and other things? A.3. Citigroup, as a financial holding company, only has financial affiliates. Citigroup's reputation is enhanced by the affiliates we have assembled to serve customers with banking, insurance, and securities products. Many of our customers have chosen a Citigroup company due to the breadth and sophistication of our product offerings. As part of each brand, we identify the business as a ``member of Citigroup.'' Moreover, GLB notices are required to make customers aware that affiliates may be in these other business lines. We understand that there are some customers who may not want to be solicited for products by other Citigroup companies. For that reason, Citigroup provides our customers with an opportunity to opt out so that a business does not provide that customer's name for solicitations to other Citigroup business lines. This opt out opportunity goes significantly beyond the FCRA and GLB opt out choices. We and other institutions offer these and other choices to customers as a matter of responding to customer needs. Q.4. How important is a firm's brand to consumers in establishing their expectations with respect to the kind of relationship they have with a company? A.4. Our research on our GLB privacy notice indicates that having a notice in line with consumer's perception of the brand is very important. For example, consumers know Citigroup as a large global company with many financial affiliates. Citigroup is known as a leader in marketing, as well as in information security and consumer choices. Consumers have found our notice to be in line with this perception. Citigroup may even hurt our reputation and stock price if we said that the company no longer believed in cross-selling. On the other hand, an institution with fewer cross-sell opportunities may use such a market position as a competitive difference for its own particular segment of consumers. Citigroup has found that brand names are important to consumers and serve as a shorthand way by which consumers can identify companies from whom they have received good or bad service in the past. This encourages them to seek those companies for services in the future, or to avoid them, as appropriate. Because of this, Citigroup makes a serious effort to ensure that our brand is well known to consumers, and that the attitude that consumers adopt when they see this brand is a positive one. From the consumer perspective, a company with one of the Citigroup brands is expected to perform the service the consumer wants regardless of what legal entities may be needed to provide that performance. To the consumer, it is the quality of the service that is crucial, not the numbers or kinds of affiliates involved in delivery of the product. Generally, it really does not make a difference to a customer with a Citibank credit card that his or her bill is processed in a legal entity designed to meet State law requirements in any of a dozen different States, as long as the company has proper controls for privacy, security, and quality. This is also true for nonaffiliated third parties who are working strictly under the company's control. We also find that customers expect certain performances by Citigroup once a customer relationship has been established. For example, customers expect that Citigroup would recognize them as a customer in whatever part of Citigroup that they enter, or that Citigroup can do so quickly once the consumers identify themselves as a customer. Q.5. How important is that brand? A.5. The reputation of the brand is extremely important to any company. That is why ``reputation risk'' is a key regulatory concern within financial services. This, more than specific laws and regulations, may drive a company's privacy practices within the financial services sector, which usually go well beyond the law. In the case of Citigroup, we put a major stake in the ground with our Citigroup Privacy Promise for Consumers as an element of our brand. Regardless of the numbers of affiliated entities or the businesses in which they engage, the consumer will remember the brand. If we provide good service in any of the businesses, the customer may be more likely to consider purchasing products of another Citigroup business. If we provide poor services, the customer will be less inclined to use the service of that entity or any other institution that carries our brand. Customers may even cancel products that they have with other affiliates if they are disappointed with one of them. Q.6. Should there be safeguards, or best practices for sharing information within affiliates? A.6. In addition to the restrictions on affiliate sharing contained in the FCRA, there are many other laws and regulations, as well as industry-wide and internal company safeguards and best practices, that govern information sharing for financial firms. We feel that it is most appropriate for specific standards to be adopted at the individual company level since this provides the greatest ability to respond to external threats that can change rapidly. If laws or regulations are required, these will be most useful to consumers if they are directed to specifically identified harms. From a sharing perspective, the most important provisions may fall under the information security requirements now required under GLB for a very broad set of financial services companies. For banks, these require written information security safeguards that are formalized and included as part of the regulatory examination process. These apply within business units and departments, as well as across third parties and affiliates. Regulators are also able to provide guidance through broad reputation risk and safety and soundness requirements. Q.7. While called ``affiliate'' sharing provisions, these provisions actually allow companies to share information with entities that are outside their affiliates structures, don't they? Why is this necessary and does this make sense? A.7. We understand that this question relates to the FCRA provision concerning the sharing of transaction and experiential information. However, GLB provides customers an opt out right for any sharing of such information with third parties by any entity that provides services that are ``financial in nature.'' Our understanding is that this term covers any provider financial services, whether or not they hold a specialized license or charter to engage in banking, securities, insurance, consumer finance, or other financial activity. Thus, we are not sure that the ``loophole'' suggested by this question actually exists. In any event, if such a ``loophole'' does exist, it is not one that Citigroup or any other entity covered by GLB could use. Q.8. Do consumers have different concerns with respect to affiliate sharing versus third party sharing? A.8. We do not have any special information on this. We think the answer is probably ``no'' when third parties are acting as our agents and marketing our own financial products. We think the answer may be ``yes'' when third parties are not acting as our agents and are marketing their own products, but this is likely to depend on whether the third party has appropriate information security standards. Q.9. Should there be greater control over sharing information outside of an affiliate structure than within? In other words, should this provision be limited so that the only type of information sharing permitted is sharing within affiliated entities? A.9. For financial services companies, there is already more control over third party sharing than there is for affiliate sharing. Under GLB, the notice and opt out choice covers more data and more purposes--even the fact that a person is a customer is included. In the event of an opt out, the ability to share transaction and experience data with third parties becomes very limited. There is also a ban on sharing credit bureau reports with third parties. Most of the sharing of customer information in which Citigroup engages is with affiliates. There are many instances, however, in which Citigroup has found that utilizing third parties to assist us in meeting certain customer requests or providing certain services provides a better and less expensive product for the customer. These third parties have legally binding contractual commitments to Citigroup to perform these services with the same confidentiality and security that Citigroup provides to our customers. We monitor these companies on their compliance with these provisions. Q.10. Do financial institutions make underwriting decisions without using credit reports? A.10. In making decisions about whether to extend credit, we always look for a credit report when providing unsecured loans or credit lines since this offers the most timely, consistent, and full view of the consumer. However, many consumers with a ``thin file'' or no credit report could be expected to perform well. To be fair to these consumers, Citigroup and other companies establish special programs to make credit available. The obvious case is a client who has done a good job of managing a checking account over a period of time. Another customer may meet other application criteria that we can confirm such as owning a home or having a steady job, This may qualify the customer for an appropriate product, perhaps starting with a small value overdraft credit line. There are also relatively rare cases in which we do not use a credit report, such as when executives from certain other countries are relocated to work in the United States for some period of time. Our retail bank branch may make arrangements with our credit card company to provide credit cards for these executives, since a credit card has become a necessity in the United States for making reservations, renting a car, or engaging in other consumer transactions. As a matter of interest, this, like any other interaffiliate agreement within a bank holding company, is subject to arms length negotiations between affiliates. Q.11. There are a range of sharing activities that you are permitted to engage in under the law. Have any of your firms decided NOT take advantage of the full range these sharing activities--are there things you could do but do not do, and if so, why don't you do these things? A.11. Citigroup and other companies focus their limited resources on items of value to their consumers and efficiencies to the company. This means that we share very little of what we are permitted to share for reasons of business efficiency, as well as for information security reasons. ``Need-to-know'' procedures and similar rules cause companies like Citigroup to require a good reason for sharing before allowing it to happen. Customer relationships, including information about these customers, are often a company's most important asset. Even within a large institution, each broker or banker is likely to be very protective of his or her clients since it may have taken years to build up the current level of trust. In terms of efficiency, when designing screens that display information to our staff, it is difficult enough to clearly show a banker or broker the volume of information they need to see without having screens cluttered with information from other internal or external sources that are not relevant to their business. In terms of marketing, a business that is focused on a particular portion of the population is not likely to have any interest in information from affiliates about consumers who are not part of that population because of the increased costs that follow processing of additional information. In our credit card business, we pull credit reports very regularly to monitor open-ended accounts. While we could reduce costs by pulling one report for a customer and applying it to all of that customer's accounts, we actually pull a report for each separate account. This is because the value of the credit bureau information starts dropping almost instantly after it is obtained, since the consumer may have engaged in activity that compromises the information that is on the report. The lost value from a short delay would be greater than the cost of pulling separate reports for these additional accounts. This is the case within the credit card affiliate, as well as across affiliates. RESPONSE TO WRITTEN QUESTIONS OF SENATOR BUNNING FROM MARTIN WONG Q.1. Are there simple ways to make the opt out notice clearer to the consumer without having to send out the long and drawn out privacy notices. I think that if it was clearer, whether that means bold print, a larger check off box, or a simple and precise explanation, it would eliminate some of the apprehension some have. Do you agree or disagree? A.1. Citigroup agrees. However, we would like to note that we have received very few complaints from our customers about our privacy notices. Clearly, not all customers have difficulties understanding notices, because we have a fair amount of customer inquiries and opt outs, which shows that customers are reading and reacting to our notices. We also would like to note that before a company can share information among affiliates or with nonaffiliated third parties, a company must provide the consumer with a clear and conspicuous disclosure and opportunity to opt out. Citigroup, like other companies, takes this clear and conspicuous requirement seriously and has expended significant time and effort in making our own privacy choices clear and easy to respond to. For example, on our credit card applications, we currently have the selection for affiliate sharing in bold type next to the signature line. This is prime space on the brochure and is quite prominent. When the consumer chooses to open a credit card account by phone, we make the same clear choices available in our scripts. We also make the FCRA choice very clear in our privacy brochures that we provide at account opening and once per year. That said, we have been working with several industry groups to come up with ways to improve the notices to make them more clear and concise. This is an issue that should be discussed more fully in the future outside of the context of FCRA reauthorization. For example, there may be a benefit in having a consistent framework for notices that are used by both financial and nonfinancial companies. This may promote customer understanding of these notices and their use of these disclosures in deciding whether or not to open a particular account or to provide particular information. Q.2. What unintended consequences do you foresee for some of the proposals that would change the current affiliate sharing status quo? A.2. If a number of States would adopt opt in laws or requirements, it would increase the complexity of the notice and the difficulty of obtaining customer choice. The unintended consequence might well be an effective ban on information sharing. Another unintended consequence is likely to be a coerced reduction in the number of their affiliates simply to protect current methods of doing business. While this would have virtually no consumer benefits, it could reduce positive benefits that companies get from their current structure, as well as benefits that local communities may receive from locally organized affiliates. Those who lived through the interstate banking era may well remember the difficulty of managing a central back office so that calls from a particular area code were answered by a person who reported to the particular business unit in that State. The rules in effect at that time may have required the call to be transferred if the customer actually held accounts in a different State. Even then, there was often the need to ask the customer to separately call back other affiliates if there were multiple accounts. While some of this still occurs, it is generally something that customers would prefer to avoid. Another likely State-mandated change would be longer and more complex privacy notices or separate notices to customers in different States. Currently, for example, California requires a different notice to insurance customers. States are likely to insist on differing information in the disclosure. If these changes reduced the quality or consistency of data, these would be likely to impact many different types of models that depend upon the data, whether fraud scores or credit scores. Companies may respond by tightening lending or increasing borrowing costs. There are, as yet, no good opt in models that are likely to work for the affiliate structure that currently exists for U.S. financial services or for the large portfolios of existing customers that most established financial service companies have. Changes in State or Federal laws at this time could easily stop the developments of certain products. Most laws and regulations that have worked well have been adopted only after the market has ceased its experimentations and settled upon a process or a product that works. An example where that was not done was the short time frame GLB provided for companies to adopt opt out systems. Many companies simply abandoned third party sharing after passage of GLB because they were unable to meet those times frames, with the resulting detrimental impact on their customers and upon the companies' competitive position. Q.3. What are some of the difficulties financial service companies might have in marketing to a community where there are multiple privacy standards? A.3. In 2003, we have seen dozens of bills introduced in the States that would vary from the national standards established by the FCRA. The cost to comply with each variation would be significant for companies that operate nationally. Multiple privacy standards essentially destroy the economies of scale associated with national markets, which means that the benefit of these economies of scale cannot be passed on to consumers. Depending upon the significance of the market in a State, some companies might not find it economically feasible to market in some States with requirements too different or stringent. Additionally, we have seen an increase in municipalities and counties that seek to adopt their own privacy standards, making it even more difficult to market to consumers and serve our customers. Multiple standards also degrade the accuracy and compatibility of credit reports, which would raise the price of credit and limit credit availability. Q.4. Do you think that a company that has stringent privacy practices (the good guys) would open itself up to unnecessary litigation if it has to adhere to multiple privacy standards? A.4. Yes. Litigation is often driven by the complexity of well- intentioned legal requirements. For example, we often face requirements from a statute or regulation to delete particular records after a short period of time. Another statute or regulation may require us to retain those records for a longer period of time. In another case, one regulator may want to give an advantage to local companies that do most of their business through branches, while another regulator may be trying to entice diversified national companies to enter the market. A single account may be under two different sets of contradictory regulations if one regulator focuses on where the company has its charter and another on where the customer lives. This can be further complicated as lifestyles change over time and more and more customers have multiple primary addresses, which change regularly throughout the year. If companies need to communicate multiple policies, these policies are more likely to be misunderstood by employees and customers, and the risk of failing to comply is exacerbated. This is especially true in the case of disclosure requirements where the notices may be complicated by a need to include differing requirements and to use different model notices. The credit card billing disclosures of 25 years ago included multiple footnotes with the differing requirements of each State and would be criticized today as an ineffective disclosure tool. This is a reasonable model of where unfettered State action could take us in the privacy area. We have already seen in the case of privacy that even localities, such as Daly City and the unincorporated portions of Santa Clara County, have imposed local requirements. Companies whose practices are universally recognized as ``best'' practices may be caught off guard by variations in local requirements that result in expensive or impossible choices. Q.5. Do you think that a company that does business in an area that institutes multiple privacy standards will choose to stop doing business in that area? A.5. In our experience in States like Vermont, most of our businesses have continued to do business in the State but have opted customers out of information sharing which, in the process, has eliminated many choices for Vermont customers that we provide to customers in other States. At some point, this may result in unprofitable or unsatisfying relationships for us or for the customer. These could make companies consider terminating business in the area and prevent new competition from entering. Q.6. How many consumers actually opt out of information sharing with affiliates? A.6. Among Citigroup companies, the range of cumulative opt outs over time for affiliate sharing varies from percentages in the low single digits to the mid-30's. These differences are driven by many factors. The higher opt outs are generally found where the opt out has been offered for a longer period of time and the relationship is remote rather than face-to-face. RESPONSE TO WRITTEN QUESTIONS OF SENATOR JOHNSON FROM MARTIN WONG Q.1. I think a lot of us here are surprised to learn how many affiliates can be included in a corporate family. Would you please explain why your companies are structured the way they are, and how many affiliates actually have access to consumer information? For example, it is my understanding that while Bank of America has over 1,100 affiliates, only 20 or so of those affiliates actually deal with consumer information. A.1. Citigroup has never felt that consumers care about the number or kinds of affiliations that exist in the Citigroup corporate family, nor do they care why they exist. They want good service provided in a timely manner, and if we can provide that, we feel our customers will be satisfied. Citigroup is a financial holding company comprised of approximately 1,900 affiliates, more than half of which are incorporated in the 100 foreign countries in which Citigroup operates. The majority of these affiliates are established or retained for legal, regulatory, or tax purposes and the number includes entities that are historical vestiges of outdated banking laws or recent mergers. Many affiliates do business only with Government or corporate entities or exist solely to house certain assets. Only a small percentage of these entities actually transact business with individual consumers, and much of the number of legal vehicles is the result of State licensing requirements in such lines of business as insurance and consumer finance companies. Moreover, Citigroup is limited by GLB to the provision of financial services in one of three lines of business--banking, insurance, and securities. For the customers who conduct business with us, our affiliate structure is invisible and irrelevant. Therefore, when viewed from the customer's perspective, Citigroup is a single provider of financial services. Q.2. It has been noted today that information shared within an affiliated structure does not constitute a ``consumer report'' and is therefore not protected by the FCRA with respect, for example, to adverse action notices and reinvestigation timeframes. Would you please describe how you might use internal credit information, and whether this lack of protection might adversely affect your customers? For example, how might you use experience information of a credit card customer if that customer applies for a mortgage through your mortgage affiliate? A.2. First, it should be noted that where Regulation B and the Equal Credit Opportunity Act (ECOA) apply, we are required to provide an adverse action notice whenever we take an adverse action. This notice must include the principal reasons for why this action was taken. If the basis for the adverse action came from information provided by an affiliate, the customer would be required to receive written notice in accordance with Section 615(b)(2) of the FCRA. On the rare occasion that customers want to dispute information provided by an affiliate, they have the opportunity to contact the affiliate directly to resolve the dispute. It also should be noted that a consumer may have more protection in the sharing of consumer reports among affiliates than they do with credit reporting agencies, since they can opt out of the sharing among affiliates, at least to the extent that the information is other than internal experience information. And to the extent that internal experience information is involved, this is the same information routinely shared by different departments within a single financial institution. As an example of the use of internal experience information, if a customer applies for a mortgage through our mortgage affiliate, we always pull one or more reports from the credit reporting agencies. If the application is by phone, we may use recent ``application information'' from some affiliates to complete the application or verify the information provided by the customer to reduce the time the customer may need to spend on the phone. Q.3. What steps do you take with new customers to help them understand their right to opt out of information sharing among affiliates? Do you do more than just send them the privacy notices? Are tellers, for example, trained in any particular manner to help customers understand their lights? A.3. Discussion of the affiliate opt out choice is a required part of the account opening process in our Citibank retail branches and is included in account opening scripts when credit card accounts are opened on the phone. We use Citibank financial consultants rather than tellers to explain this to customers. Most of our businesses have training and scripts for phone customer service staff who may get these questions. In other cases, the customer may be referred to their account officer, agent, or broker for an explanation. Citigroup spends a substantial amount of time and money, including on consumer focus groups to test draft notices, to ensure that customers do, in fact, see and understand their opt out rights. In some businesses, this has led us to a prominent display of the ``opt out'' box rather than a description of rights. The fact that significant numbers of our customers do opt out provides good evidence that customers are aware of their choices. As with other disclosures, Citigroup's success as a financial services company will be determined, in great part, by whether or not our customers trust us. If we are not trusted, we will lose customers, so we make every effort to make sure that customers understand all of our communications with them. Q.4. There seems to be some disagreement about whether affiliate sharing is more about benefits to the company or the consumer. What benefits specifically flow to the customer, and I do not mean getting marketing fliers that are often included in a credit card statement. A.4. Overall, consumers who value convenience and efficiency get tremendous benefits when their financial institutions can share transaction and experience information across affiliates. For example, customers can see all of their information on one statement, access all of their accounts at one time at the ATM or online, and get lower ``combined balance'' fees. Customers may be able to add new accounts without filling out forms and may easily transfer money between brokerage, banking, and credit accounts to minimize interest paid or as their needs or the market changes. As customers move from one State to another, they are able to keep their same financial relationship rather than closing all accounts and starting over again. On an operational level, institutions, like Citigroup, can use affiliate sharing to place holds against savings accounts or credit lines rather than bounce checks, saving the customer embarrassment and fees. The institution may be able to update phone numbers and addresses of multiple accounts at the same time. The institution also may be able to validate the customer across accounts using one card and one password for the consumer to remember. These efficiencies may also save the institution money, some or all of which may flow back to the customer. The ability to share information also increases competition since the barriers to entry are reduced. This can broaden offerings and offer alternatives for better service or lower prices. In terms of credit granting, one useful example may be a customer who picks up a credit card brochure in a convenient location and applies for the product offered. While the customer may have an immediate need for credit, he or she may apply for a product that is not appropriate to that customer's qualifications or needs. If, on the application, the customer does not opt out from affiliate sharing, the financial institution may be able to provide a better offer of credit without asking the customer to fill in a new application and without adding another enquiry to the customer's credit report. This may get customers the credit they need quickly and put them on the path of building a good credit rating. At Citigroup and at many other institutions, these different credit products are provided by different affiliates. Consumers also benefit from being able to apply for multiple credit products at the same time--with one application and one enquiry at the credit bureau. This may be a home equity line of credit or a credit card opened in conjunction with obtaining a mortgage. It also may be a credit card and an overdraft credit product included in the sales process when a customer opens a new checking account. These products are provided by different affiliates at Citigroup. The customer saves time, has fewer ``enquiries'' at the credit bureau, and gets a set of products that better meets his or her needs. Financial planning and awareness is made easier and more complete with an account opening procedure that looks at needs across deposit products, credit products, insurance, and securities to develop a consolidated financial plan. In the same way, periodic statements that include information about the current status of all of the products and services provided makes it easier for customers to see how they are doing. Shifting funds between various accounts and services from anywhere in the world as the customer determines would be nearly impossible without affiliate sharing. Q.5. Do you have any data you can share with the Committee on how information sharing has impacted your lending practices in traditionally underserved communities? In particular, have you seen an impact on mortgage lending in undeserved communities? A.5. To the degree that the underserved market is characterized by more frequent moves and thinner credit reports, the more accurate information we obtain, including information on relationships with affiliated companies, the more likely we are to be able to give underwriting approval. The Committee received much information in the recent hearings on how the various FCRA provisions, including affiliate sharing, reduce the cost of credit. Affiliate sharing allows us and other companies to provide lower limit credit cards and credit lines that can pull underserved consumers into the market. It should be noted that even the cost of a privacy brochure could be the difference between a small profit and a small loss on products that generate low returns. Requirements that lead to longer, more complex, or differing State notices may raise the break-even point. We also have programs that allow us to provide offers of credit to applicants who have applied for an inappropriate product. For example, someone may have applied for a premium credit card when all they want is a loan or a low limit credit line. We can offer applicants who have not opted out of affiliate sharing a product that they qualify for. This may start them on the path to building a solid credit history so that they can qualify, over time, for that premium product. Q.6. I am interested in something Mr. Prill has noted in his testimony related to customer demand for mailings announcing sales and other promotions. Some people might view this as junk mail. Do you have any statistics or anecdotes relating to how these promotional materials might be viewed? A.6. Response rates are, indeed, low even for true zero percent credit offers that could save a consumer a significant amount of money. Ideally, companies could better use information to reduce this mail volume by better identifying consumers at the precise times that they are ready to buy. It often takes a number of mailings to get a consumer to take action, even where the offer involves a product or service in which they have significant interest. Therefore, simple lack of action does not make this ``junk mail.'' Companies make a significant effort to reduce the unnecessary volume of general solicitations through the mail. This could change dramatically if there were a reduction in the ability to share information with affiliates. For example, a credit card company may currently suppress mailings about brokerage accounts for their sister company to customers who already have such an account. Consumers appear to be very annoyed to see their company wasting money by sending offers for things they already have. Q.7. Do you have statistics relating to opt out rates customers that might show that customers understand their rights? Are opt out rates the same among all customer groups? A.7. Some of our Citigroup businesses have unique experience because they have had marketing opt outs in place for more than 15 years. This has been in the form of an annual notice and opt out form sent to credit card customers providing a method to opt out from promotional phone calls or mail. While the response to a particular notice may be low, this accumulates, over time, to a significant portion of the portfolio. In the case of Citigroup's opt out for information sharing across affiliates and third parties, the wide variations in opt out rates for different Citigroup affiliates show that customers are aware of their rights and take an action that is appropriate to the relationship with the company. Among Citigroup companies, the range of cumulative opt outs over time for affiliate sharing varied from percentages in the low single digits to the mid-30's. These differences are driven by many factors. The higher opt outs are generally found where the opt out has been offered for a longer period of time and the relationship is remote rather than face-to-face. RESPONSE TO WRITTEN QUESTIONS OF SENATOR DOLE FROM MARTIN WONG Q.1. In Ms. Brill's statement she mentioned that Vermont law does not allow for affiliate sharing except for ``transactions or experiences.'' Can you tell me how this affects the service you provide to your customers in Vermont? Do your institutions actively seek customers in Vermont? A.1. The relevant regulations in Vermont only became applicable to Citigroup and other national lenders in 2001. The response of Citigroup and other national creditors to these regulations has been to automatically opt out all Vermont customers from programs that would require affiliate sharing or third party sharing, because the cost of an opt in regime is prohibitive. Thus, the new regulations, rather than enhancing the privacy choices of Vermont customers, have, in fact, ended up limiting their choices. Q.2. Ms. Brill mentions that despite extensive regulation in this area by Vermont and several other States, the economies have not been adversely affected. Indeed, Vermont consumers face some of the most favorable conditions for loan rates in the country. Can you explain why the restrictive laws in Vermont have not resulted in higher loan rates? A.2. The new Vermont regulations have only been in place for about 16 months, so it is too early to draw any conclusions about the long-term effect of the change. From our perspective, as we have said, we do not provide offers to Vermont customers that require affiliate sharing. Therefore, Vermont consumers have fewer choices available to them. As for the loan rates that Vermont residents are paying, it appears likely that Vermont residents have so far continued to enjoy the benefits of a national uniform credit market. However, if every State made significant and inconsistent changes to the way this national market functioned, it is likely that none of the citizens of the U.S. could enjoy the benefits of a national uniform credit market. Q.3. Some of my colleagues have made the point that some banks have thousands of affiliates, Ms. Prill also lists the number of affiliates for KeyCorp and Citigroup in her statement. Can you explain why this is and how many of these affiliates actually deal in customer information? A.3. Citigroup has never felt that customers care about the number or kinds of affiliations that exist in the Citigroup corporate family, nor do they care why they exist. They want good service provided in a timely manner, and if we can provide that, we feel our customers will be satisfied. Citigroup is a financial holding company comprised of approximately 1,900 affiliates operating in more than 100 companies. Of those subsidiaries, fewer than 50 percent operate in the United States. The majority of these affiliates are established or retained for legal, regulatory, or tax purposes and the number includes entities that are historical vestiges of outdated banking laws or recent mergers. Many affiliates do business only with Government or corporate entities or exist solely to house certain assets. Only a small number of these entities actually transact business with individual consumers, and all of them are limited by GLB to the provision of financial services in one of three lines of business--banking, insurance, and securities. For the customers who conduct business with us, our affiliate structure is invisible and irrelevant. Therefore, when viewed from the customer's perspective, Citigroup is a single provider of financial services. <GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT> ACCURACY OF CREDIT REPORT INFORMATION AND THE FAIR CREDIT REPORTING ACT ---------- THURSDAY, JULY 10, 2003 U.S. Senate, Committee on Banking, Housing, and Urban Affairs, Washington, DC. The Committee met at 10:02 a.m. in room SD-538 of the Dirksen Senate Office Building, Senator Richard C. Shelby (Chairman of the Committee) presiding. OPENING STATEMENT OF CHAIRMAN RICHARD C. SHELBY Chairman Shelby. Good morning. The Committee will come to order. Today, we take up one of the most important issues, if not the most important, associated with the Fair Credit Reporting Act: The accuracy of the information contained in consumer credit reports. Changes in our financial services industry have made accuracy more important than ever. Credit report information is increasingly used as the key determinant of the cost of credit or insurance. By way of risk-based pricing, gone are the days when lenders merely lumped borrowers into the ``qualified'' or ``unqualified'' category. The use of risk-based pricing allows lenders to extend credit to a broader range of borrowers predicated on the assumption that borrowers receive credit terms which are commensurate with the credit risk that they pose. As a result, credit report information has a direct impact on the amount and the interest rates at which credit is offered. With respect to large credit transactions, such as mortgages, rate differences can translate into hundreds of thousands of dollars over the course of a loan. Even in smaller dollar credit transactions, such as credit cards, rate differences can mean large amounts of money. Furthermore, with the practice of credit card companies reviewing credit reports and adjusting rates in real time becoming more prevalent, the application of risk-based pricing to consumer finances is practically an everyday event. Let me try to further illustrate these points, and we have some charts here. The first chart, Chart 1 *, provides some rough indication as to the effects that particular entries on a credit report can have on a person's credit score or creditworthiness. As indicated, some entries, such as bankruptcy filing, can greatly reduce a person's creditworthiness. You can see the numbers from the chart here that Mr. Oesterle is holding. --------------------------------------------------------------------------- * This chart is included in Chairman Shelby's prepared statement on pg.400. --------------------------------------------------------------------------- There is nothing wrong with this. Consumers who have failed to pay their debts, again, do pose a considerable risk to creditors, and we need to acknowledge that. But what if a bad rating is based on inaccurate information? What if you had never been bankrupt and such an item appeared on your credit report? Now I just want to reference Chart 2 *. The second chart highlights the spreads in interest rates that people with differing credit scores would pay for some sample products. As the chart shows, the differences are very real. So are the financial consequences. For example, consider the cost differences for a $200,000, 30-year fixed mortgage. A borrower classified as a ``marginal risk'' pays almost $90,000 more in interest than someone with an excellent credit rating. Someone classified as a ``poor'' credit risk would pay $124,000 more in interest than the person with excellent credit. --------------------------------------------------------------------------- * This chart is included in Chairman Shelby's prepared statement on pg.401. --------------------------------------------------------------------------- Credit rating matters for other transactions as well. Someone financing a $24,000 new car with a ``marginal'' rating can expect to pay 127 percent more in interest, about $3,300, than a person with excellent credit. Someone with ``poor'' credit can expect to pay 255 percent more in interest, about $6,700 more. Again, what if the information that leads to a bad credit rating is inaccurate? With the rewards for good credit so meaningful and the penalties for bad credit so severe, it is absolutely critical that credit reports accurately portray consumers' true credit histories, thus the focus of today's hearing: Examining the Fair Credit Reporting Act and the operation of our credit markets to determine whether or not the present system provides optimum accuracy. With a system as large and complex as ours, involving the transfer of billions of pieces of information, it is almost a certainty that there are going to be some errors which occur. On the other hand, the credit reporting agencies are paid to properly handle the data. And furnishers, who also happen to be the largest consumers of credit report information, take advantage of the efficiencies provided by the system. Both derive significant benefits from this system. Both also have a significant responsibility to get things right. So let us consider: How and why do errors occur in credit reporting? Can more be done to prevent errors in the first place? If some errors are not preventable, does the system enable them to be quickly recognized? Who most efficiently recognizes them? And once recognized, does the system work to ensure that errors are quickly corrected? I look forward to examining these questions with the witnesses. Senator Sarbanes. STATEMENT OF SENATOR PAUL S. SARBANES Senator Sarbanes. Mr. Chairman, thank you very much, and thank you for holding this hearing on accuracy in credit reporting. Accuracy of credit report information is integral to our reporting process. In fact, the Fair Credit Reporting Act's first finding is that, ``The banking system is dependent upon fair and accurate credit reporting.'' The Act goes on to say, ``Inaccurate credit reports directly impair the efficiency of the banking system, and unfair credit reporting methods undermine the public confidence which is essential to the continued functioning of the banking system.'' That is right out of the Act itself. And yet, credit report inaccuracies continue to plague consumers. The U.S. Public Interest Research Group has conducted several studies with respect to credit report accuracy, and in their most recent study in 1998, found that 29 percent of the credit reports which they studied contained serious errors that could result in a denial of credit. Now, this morning we will hear, on the second panel, from the Consumer Federation of America, who, I understand, examined credit scores and reports from all three major credit repositories and found that inaccuracies remain a significant problem in consumer credit reports. The fact is, we need much better information regarding the accuracy of credit reports. Erroneous negative information on credit reports can often take a significant investment of time and money to remove. Errors can also be very costly to consumers by significantly raising borrower costs. Not only do such inaccuracies raise the cost of borrowing, but they may also actually cost the consumer the loan. Insurers, mortgage banks, and other financial institutions rely heavily on credit scores to make credit decisions. Inaccuracies in the underlying credit reports can, therefore, make it more difficult and significantly more expensive for Americans to purchase insurance, homes, cars, and other big-ticket items. Our first witness this morning is Chairman Muris from the FTC. As you may know, Chairman Muris, Mr. Beales, the Director of the FTC's Consumer Protection Division, has testified at two of our previous hearings. At our identity theft hearing, I mentioned to him that I considered it essential that we hear some recommendations from the FTC on ways to improve some of the problems that we have been hearing about with respect to the Fair Credit Reporting Act. There are a number of interested parties who believe that additional regulatory and enforcement authority is needed by the FTC to administer the FCRA. In addition to credit report accuracy, I hope that you will address this issue, as well as a number of other issues that have been brought to the Committee's attention, including: Alleged marketing abuses, the prescreening process, lack of financial privacy, risk-based pricing, and the use of credit scores for insurance purposes, among other issues. Mr. Chairman, I look forward to FTC Chairman Muris' testimony, and I also look forward to the testimony that will come from the second panel. And in case I am not here at the moment that second panel begins, I want to take a moment to welcome Evan Hendricks, a resident of the State of Maryland. Mr. Hendricks was the Founder of the Privacy Times newsletter, has been its Editor for 23 years, and has testified before Congress a number of times on Fair Credit Reporting Act issues. His expertise has been helpful in the past, and I am sure will continue to be helpful as the Committee examines the functioning of the credit reporting system and the ways in which consumers' credit reports are affected. Thank you very much. Chairman Shelby. Senator Dole. STATEMENT OF SENATOR ELIZABETH DOLE Senator Dole. Thank you, Mr. Chairman. The accuracy of credit reports is a key issue, of course, for us to examine as we consider reauthorizing the Fair Credit Reporting Act. And I thank you, Mr. Chairman, for giving us this opportunity to review and discuss these issues in greater detail. Under the Fair Credit Reporting Act, credit bureaus must, ``Assure the maximum possible accuracy of the information concerning the individual about whom the report relates.'' However, in recent hearings, we have heard anecdotes about the harm caused to consumers who have had false information on their credit reports as a result of mistakes or fraud. It is my hope that as part of this effort, we can agree upon positive steps to ensure greater accuracy in credit reports. Recently, my staff and I purchased copies of our credit reports, as well as sample credit scores as preparation for our work on this issue. I was pleased to discover that my credit reports were entirely accurate and easy to understand. All of the information contained in the report was, in my opinion, appropriate and necessary. In addition, the sample FICO credit score gave simple and understandable explanations for the factors used in its determination. We have, of course, heard testimony before this Committee on the problems some consumers have faced with respect to the credit bureaus. And, particularly, Captain John Harrison, a victim of identity theft, described to us on June 19 how information that had been removed from his credit report reappeared later. One of our goals here should be to do all we can to prevent such things from happening in the future. These errors can truly wreak havoc in a person's life, with effects that can linger for years or for a lifetime. One positive sign that we are making progress was the truly bipartisan Fair Credit Reporting Act reauthorization bill that was recently introduced in the House. This proposal contains provisions that address many of the concerns voiced by consumer groups and the industry. The Administration also recently announced that it supports much of this approach, leading me to believe that we are well within sight of being able to sign off on a positive, consensus-based approach to reauthorization. I want to take a moment to welcome Chairman Muris from the Federal Trade Commission who is with us today. As an alumnus of the FTC, it is a special pleasure to hear from you this morning. And, Mr. Chairman, I stand ready to work with you and the rest of our colleagues as we move toward achieving our goal of reauthorization this year. Thank you. Chairman Shelby. Senator Johnson. STATEMENT OF SENATOR TIM JOHNSON Senator Johnson. Mr. Chairman, thank you for holding today's hearing on the accuracy of credit reporting information and the Fair Credit Reporting Act. Welcome to Chairman Muris and the second panel. As I have noted in past hearings, the last thing our weakened economy needs is a blow to the credit-granting system. In fact, Treasury Secretary Snow stated yesterday that if the national standards were to expire and States adopted new laws currently under consideration, a minimum of 3.5 percent of loans now approved would be denied to maintain the same level of credit risk. That translates to at least $270 billion of the current total of just under $8 trillion in consumer credit outstanding could be in jeopardy, according to Secretary Snow. So, Mr. Chairman, I thank you for focusing our attention on America's credit-granting system. The reason credit is so widely available and so affordable is due in large part to the amount of data available to lenders and other users of credit reports. Quantity is no substitute for quality, and I hope we can work together to make any adjustments to the underlying statute to increase the quality of the data without creating unintended consequences that deter data furnishers from participating in the system. I am very pleased that the Administration and the FTC have now taken a public position in favor of permanently extending the preemption provisions of FCRA. I think a number of us on the Committee were beginning to feel a little sorry for Mr. Beales who appeared before us a couple times to tell us about how well FCRA is working, but was unable to say whether it might be better to let the California Legislature write the statute for us. I hope that Chairman Muris will spend some time today talking about how our system would change if we lose uniformity of credit data. However, I am sure we all agree that the last thing we want is a uniformly bad system, which is why we need to look hard at the current statute to determine whether changes need to be made. I have read Mr. Jokinen's testimony, and I am pleased to see him alive and well before us. And while Mark Twain might have chuckled over reports of his untimely death, it is no laughing matter when those reports deprive you of historically low mortgage rates and cause very real emotional damage in the process of correcting the information. I regret that we do not have any data furnishers with us today. It sounds to me as if the breakdown in Mr. Jokinen's case may have had more to do with the data furnisher than with the credit bureau. But what is clear is that the system failed this witness, and we need to figure out if the statute itself is at fault or if we need to focus on enforcement. Clearly, there is enough blame to go around, and the fact is everyone benefits from accurate data. So, I look forward to working with you, Mr. Chairman, and other Members of the Committee on a quick and responsible reauthorization process. Again, I have conflicting, overlapping committee hearings, including markups going on. I may not be able to stay as long as I would like. But, I thank you for conducting this hearing. Chairman Shelby. Senator Enzi. STATEMENT OF SENATOR MICHAEL B. ENZI Senator Enzi. Thank you, Mr. Chairman. I appreciate your holding this hearing and the other hearings that you are holding to steadily move us toward a consensus on getting this important reauthorization done. The accuracy of financial information collected, maintained, and delivered by the credit reporting agencies is vital to ensuring the integrity of our entire financial system. I was very pleased to hear Secretary Snow of the Department of the Treasury announce last week that the Administration supports making free credit reports available annually to consumers. This will go a long way to helping consumers to understand what information is retained by the credit reporting agencies, to see if there are any inaccuracies in the information, and to correct that information. The accuracy and timeliness of the information will help consumers, merchants, and financial institutions to stem the explosion of identity theft crimes. I also want to mention two articles that I believe highlight the problems that we face with identity thefts. The first article was a front-page article in The Wall Street Journal on May 1 entitled, ``A Tussle Over Who Pays For Credit Card Theft--Retailers Stuck With the Bill, Say Issuers Lack a Reason To Fight.'' The second appeared recently--in fact, last weekend--in Parade magazine. I am concerned about the situations highlighted in The Wall Street Journal article where victims of identity theft struggle to retain their identities and the credit card industry appears to offer little help in pursuing the criminals. Further, it is troublesome that the retailers, most likely small business retailers, may get stuck with the cost of the crime. The financial cost of identity theft is growing at a very alarming rate, and we have to find ways to encourage credit card companies to track down fraudsters and help retailers recover damages. Therefore, I would like to hear from Chairman Muris as to what the Federal Trade Commission is doing to bring credit card companies to the table and what the Commission is doing to help small retailers cope with identity theft. With regard to the Parade magazine article, my colleagues will remember--and Senator Dole already mentioned--Captain John Harrison who had testified at the June 19 hearing. The article illustrates the trauma that Captain Harrison has experienced as a victim of identity theft since July 27, 2001. For nearly 2 years, Captain Harrison has been trying to clear his good name. That means closing over 60 fraudulent accounts that range from credit cards to checking accounts to utilities. And, those are just the ones he knows about. Captain Harrison is still learning about open and damaging accounts. He is just one individual whose life has been turned upside down. There are a hundreds of thousands more out there, and we have to do something to help these victims. Last year, Senator Cantwell and I introduced a bill that would assist victims in reclaiming their identities. The bill passed unanimously in the Senate last November. It did not pass the House, however, and I would like to work with our esteemed Chairman to ensure that parts of that bill are reauthorized in the Fair Credit Reporting Act. Some of these parts may be similar to the changes proposed by the Administration relating to accuracy of information in a consumer's file. I am particularly interested in the Administration's proposal related to the blocking of files and reinvestigations by resellers. Senator Cantwell and I worked last year with all of the stakeholders to address these issues in our bill, and I would appreciate the opinion of Chairman Muris and the other panelists on the Administration's proposal. In addition, I believe we need to discuss the accuracy of consumer's data when the consumer is also a small business. According to the Small Business Administration, there are millions of small businesses that are sole proprietors. Over the past decade, there has been a very good campaign on the part of financial institutions to market products and services to small business owners. This has made credit available to many sole proprietors that otherwise would not have been able to obtain credit elsewhere. I would like to hear from today's witnesses as to how we can maintain the accuracy of consumers' financial information if the consumer also owns a business. Thank you, Mr. Chairman, for holding this hearing. I look forward to hearing from the witnesses. Chairman Shelby. Senator Carper. COMMENTS OF SENATOR THOMAS R. CARPER Senator Carper. Mr. Chairman, thank you. To my colleagues, to our witnesses, and other guests, welcome. Chairman Muris, good to see you. Thank you for joining us today. I just want to mention briefly three principles that I think we will all be able to subscribe to as we approach today's hearing. One of those principles is the need for accuracy of credit reports and something that is essential, first of all, to consumers. The second principle would be that accurate reports are also of a great benefit to those who grant credit. And, finally, the belief that absolute accuracy cannot be achieved; however, the system should have as few errors as possible. And the system that we are working with here and refining here should make it easier for consumers to correct errors in their credit reports. I think those are three good principles that we can all subscribe to, and I am encouraged with the announcement by the Administration of their position on these issues. Today, we are going to make a step forward toward reaching those principles. I am encouraged that the House legislation has been introduced and is starting to move. It will be helpful toward that end. Finally, we have had quite a few hearings with respect to FCRA, and they have been enlightening and educational. And I suspect that this will be true today. Thank you, Mr. Chairman. Chairman Shelby. Senator Bennett. STATEMENT OF SENATOR ROBERT F. BENNETT Senator Bennett. Thank you very much, Mr. Chairman. All of us are very much in favor of accuracy within the credit bureaus and the information that is reported. I want to change the focus just a little in my opening statement to accuracy of studies. Senator Sarbanes quoted a study that said 29 percent of the credit records contained errors. There is a 1992 study commissioned by the Consumer Data Industry, which is the trade association group, that says the error rate is 0.2 percent. There is a 1998 study conducted by the U.S. Public Interest Research Group that says the error rate is 70 percent. That is a pretty wide range, a 0.2-percent error rate or a 70-percent error rate or a 29-percent error rate. If we are going to legislate to try to bring down the error rate, we have got to know what the error rate really is. And these kinds of studies are all over the place. To go from 0.2 percent, some will say that is suspect because it was a study commissioned by the industry itself; to 70 percent, I frankly think that is obviously suspect, commissioned by someone who may hate the industry. We need to know exactly what the error rate is. Furthermore, Mr. President--Mr. Chairman. Sorry, a Freudian slip with all the other colleagues around here. [Laughter.] We need to know accurately what an error is. I will give you an example out of my own life. We moved in Salt Lake City, and when you do that, you call people up and tell them that you have moved, and they put a new address on your bill. No matter how hard I try, I am unable to get the Salt Lake City Corporation to bill Robert F., as in Frank, Bennett. They insist on billing Robert S., as in Sam, Bennett. Someone heard that as an ``S'' over the telephone when we changed our address, and that constitutes an error. Now, it could be a very serious error in that there might be a Robert S. Bennett out there who is rampaging around the credit world and I do not want to be associated with him. On the other hand, I really do not think that the fact that my water bill is addressed to Robert S. Bennett at 1224 11th Avenue, Salt Lake City, Utah, when it really is Robert F. Bennett at that address constitutes an error that justifies Federal legislation. So as we examine this whole question of the error rate in these databases, we need to know what kind of errors we are talking about, and we need to be able to separate those that are incidental from those that do constitute a threat to our identities. The only piece of data that I have been able to find out that I think moves in the direction of giving us an accurate picture of what is going on is information that we have had from the FTC, and I simply repeat it here. The FTC reports that they receive approximately 2,000 complaints per year per bureau--since there are three bureaus, that is 6,000 error complaints--out of a database of 600 million. Now, I realize that not every error by any means gets reported to the FTC. But those that felt concerned enough about the errors that they contacted the FTC gives us 6,000 on a database of 600 million, which is 0.001 percent. Perhaps more significant than this number is the fact that in 1990, the FTC was receiving 10,000 complaints per year per bureau. So over a decade, we have seen the complaints on errors go from a total of 30,000 down to 6,000 as far as the Feds are concerned. Now, this is not a survey. This is not a study. This is not a poll. These are actual complaints coming into the Federal Government that signify the trend is going in the right direction. Six thousand is one-fifth of 30,000. So, in 10 years, we have had an 80-percent improvement rate in the complaints to the FTC while the granting of credit has gone up dramatically. I think that says that the Fair Credit Reporting Act has done a pretty good job. Now, having said that, I am as concerned about making sure that the database is accurate as anyone else on this Committee. But I think as we pursue the goal of getting a higher rate of accuracy, we need to do so against the background of accurate information about what the problem really is and how bad it is. Thank you. Chairman Shelby. Senator Dodd. STATEMENT OF SENATOR CHRISTOPHER J. DODD Senator Dodd. Thank you, Mr. Chairman. I ask that my prepared statement be included in the record. Chairman Shelby. Without objection, it is so ordered. Senator Dodd. I think most of the comments that I would make have been included, just striking the balance. Thank you, Mr. Chairman, for holding this hearing. It is extremely important. All of us as we travel around, no matter where we go, the issue comes up about whether or not we are going to reauthorize the FCRA, when we are going to do it, and what is it going to look like. I think these hearings are tremendously helpful, and I want to commend you. We have already listened to a lot of people and we are going to hear from some wonderful witnesses today who will share with us their views and thoughts on this very important subject, and that is tremendously worthwhile. As we move into an economy that requires some straightening out, credit is going to be even more important in terms of getting back on its feet again. So having a level of confidence that people will need is going to be essential. I appreciate my colleague from Wyoming mentioning Captain Harrison, my constituent from Connecticut, who gave eloquent testimony. His is certainly an incredible case. What he has been through is just stunning to identity theft issues. We know this may be an extreme case, but I think most people recognize that it probably occurs far more often than we all like to admit, even though studies may vary about the percentage of incidences. I just want to end on the note that the Treasury Department is moving in the right direction, and I want to commend them. I spend a lot of time saying what I think the Treasury Department is doing wrong, but in this case, I think the Treasury Department deserves some credit for its recent recommendations dealing with consumer protections. For example, it is right, I think, to suggest that consumers should have the right to free copies of their credit reports and credit scores so that they can identify the problems for themselves. Obviously, you can solve a lot of problems if you can have a chance to look at your own stuff and think something is wrong. That would seem to be helpful and positive, and I commend them for it. I also agree that we need to strengthen the protections against fraud, identity theft, and the like that they have made recommendations on. So, I am anxious to hear what other thoughts can be offered to us as we try and fashion this legislation. I think what Senator Carper said makes a lot of sense. Those are pretty good standards by which to judge how we are progressing here. There is the realization you are not going to have a perfect system, and any hopes of achieving that should be put aside immediately. But today with our technology and sophistication, we can do a better job all the time in guaranteeing that, to the extent possible, the consumers are being protected by accuracy of information that determines whether or not they are creditworthy. Again, Mr. Chairman, I thank you for your efforts. Chairman Shelby. Senator Crapo. STATEMENT OF SENATOR MIKE CRAPO Senator Crapo. Thank you, Mr. Chairman. As Senator Dodd indicated, most of--in fact, all of my thoughts have been very well stated by other Members of the Committee, so I will be brief. I want to thank you for not only this hearing, but the series of hearings that you are holding on this legislation because I think they have helped us to focus very well on the issues at hand. I have said before that I think our primary obligation here as we approach this legislation is to make certain that we protect the credit reporting system that we have in the United States today, which is the envy of the world and is the backbone and a strong part of our economy. In fact, I think the statistics I have seen indicate that something like three- fourths of all American households are involved in some way with the credit system in this country, and that frankly to me sounds like it might be a little bit low, either in the mortgage credit system or in the consumer loan system. As I approach this, we have already had hearings on identity theft and a number of other issues that directly relate to the issues we have before us here today. But it seems to me that we want to make sure that the information that we are dealing with in our credit reporting system is complete, that it is accurate, that it is accessible by consumers, that it is understandable by consumers so that those who are dealing with their own credit information--whether it is in the context of identity theft or just in terms of a report that they are getting in terms of a credit transaction or just in terms of checking their credit rating--that they understand what it is that they are dealing with, and that it is fixable when errors occur. So that when a consumer finds that there has been a problem, whether it is a minor problem like Senator Bennett has identified or a major problem like an identity theft problem, or simply poor reporting or poor standards or poor procedures by the reporting agency, that it is fixable. And I think that means we might need to look at modernizing our dispute resolution process and some of the other ways that we address these issues. Finally, I think we need to make sure that the adequate protections are in place to assure that we do not have identity theft or fraud or inappropriate reporting mechanisms and that the entire industry, including the consumers, understand how the system works and are able to work with it easily. So, again, Mr. Chairman, I thank you for holding these hearings, and I look forward to working with you as we craft this legislation. Chairman Shelby. Thank you, Senator Crapo. Senator Stabenow. STATEMENT OF SENATOR DEBBIE STABENOW Senator Stabenow. Thank you, Mr. Chairman. I have a complete statement that I would ask to have placed into the record. Chairman Shelby. Without objection, it is so ordered. It will be in the record. Senator Stabenow. Thank you. Just a couple of comments. First, welcome, Mr. Chairman. We appreciate your being here and your work, and I would share the same concerns my colleagues have and as Senator Crapo just indicated in terms of what this is all about: accuracy of information for consumers, the ability to maintain a system that is the envy of the world. And we certainly want to extend, I believe, not only the existing provisions of the Act in a timely manner, but we also need to use this opportunity to look for ways to improve areas where there may be problems and concerns. So, I welcome your thoughts on that today. This is really our opportunity to do that. And when there is a problem for consumers, we want to make sure that it can be addressed quickly, that there is a way for us to remedy problems with our own credit reports or others that we represent. Mr. Chairman, I did just want to also mention on another front that one of the best ways, I think, in the long run that we can help on these issues is through making sure that we all have the education and financial literacy that we need in order to be educated, active consumers. Senator Enzi and I are working together on some legislation that we hope to bring to you and work with the Committee on. I know Senator Corzine is working on this issue, and other Members of the Committee. But I think it is important that provisions that move us forward on financial literacy are also a part of what we are doing in making sure that we are all educated consumers in using information in order to protect our own interests and our own financial situation. Thank you, Mr. Chairman. Chairman Shelby. Senator Allard. STATEMENT OF SENATOR WAYNE ALLARD Senator Allard. Mr. Chairman, thank you. I have a full statement I would like to make a part of the record. Chairman Shelby. It will be made part of the record. Senator Allard. I want to just make a couple of brief comments. First of all, I would like to associate myself with the comments of the Senator from Idaho, but I would add a couple of things. We are all human, and errors do occur. I think when errors do get into a credit report, we need to find ways that those errors can be expeditiously purged from the public record. So often an error is recorded by one group but it gets dispersed throughout the entire system. Other systems record this error and, it reemerges again. I hope that some time and thought is given to recorded errors. I also hope we can look at how that error can be readily purged so the consumer gets that mistake eliminated from the record and is able to move on with their own personal lives and investments. The second comment I would make is that earlier this week, Senator Schumer and I drew up a piece of legislation on disclosure of credit scores. I think full transparency of credit scores is important so that the consumer--if there is something impacting their credit, can respond to it. There are things that go into a credit score that, frankly, when I found out about them, I was surprised. I think a lot of consumers are unaware of the factors that make up their credit score. For example, if a customer is informed that their interest rate is higher than ordinary; or they get turned down, they do not know how to take the necessary steps to make themselves qualify again for a lower interest rate or a loan. These are two additional comments I wanted to make, and thank you, Mr. Chairman. Chairman Shelby. Senator Corzine. COMMENTS OF SENATOR JON S. CORZINE Senator Corzine. Thank you, Mr. Chairman. I want to congratulate you on the thoughtful way of approaching this overall issue. I think it is important that it get fleshed out in its fullness. I think we all recognize how important this is to each individual life. I think about two- thirds of our economy is driven by consumer activities. It even rises at certain points in time. And this is an enormous area of concern, and when you have the range of variables that Senator Bennett talked about of errors, I think we should understand how much that actually translates into individual life experience. I think the only other comment I would make--and I hear this over and over. This is an interconnected element of activity. Accuracy ties to identity theft, which ties to financial literacy, which ties to credit scores. And we should be thinking about this in a comprehensive way as opposed to piecemeal. And I think like many other Senators, I have pieces of this with respect to financial literacy, and with respect to questions on identity theft. Frankly, I think there is a need for this to be brought together in a comprehensive format so that we aid the consumer on a complete basis. Thank you. Chairman Shelby. I appreciate your remarks. Senator Schumer. STATEMENT OF SENATOR CHARLES E. SCHUMER Senator Schumer. Thank you, Mr. Chairman. Again, I want to add my kudos to you and Ranking Member Sarbanes for the careful, thoughtful, and thorough way these hearings are being conducted on one of the most important pieces of legislation that will be before us, the FCRA. I think of all the hearings we have had, this one may be the most important, at least in terms of its impact on the average person's life, and that is the accuracy of the information in his or her credit report. Our laws and principles make it clear that the reporting agencies have a responsibility to maintain accurate information. And on top of this obligation, there is the pressure of the market. Companies want accurate information. They do not want it to be too high or too low. It does not lead to their best economic interest. But as Senator Allard mentioned, there is an additional check and balance that we must have in the system. Consumers should have a right to review their credit information and the right to have that information corrected when it needs to be. After all, they have the most at stake from inaccurate information, and we have found that in our financial systems, when there is transparency, the opportunity for abuse is lower. And that is why Senator Allard and I introduced this week legislation that will provide our national credit system with more transparency. Our bill is called S. 1370, the Consumer Credit Score Disclosure Act of 2003. Hopefully we can add it to FCRA at some point and not move it along separately. But whatever the Chairman would please--I think I speak for Wayne, as well--would be fine with us. Let me just give my colleagues a little bit of detail about this, and I will be quick. Right now, people get a credit report, and it is a complex formula, but it is the credit score that matters most. The score determines whether a loan is made and at what rate. Often, people only know the number of their score. They do not know the factors that went into the number, how different information in their credit report was weighed. It is like a black box. And the stakes are very high here. Nearly 80 percent of all mortgage lending decisions now use credit scores. Specifically, lenders use the score to determine whether to extend a loan to an applicant and to make pricing decisions regarding the terms of the loan. For most families, we all know buying a home is the biggest financial move they make. Credit score, the principal factor in determining the creditworthiness and loan terms, is shrouded in mystery, and the simple purpose of our legislation is to lift the veil of secrecy. There is a huge difference. Let me take an example, a modest Syracuse mortgage of $80,000. If you shave three points from that loan, it would save the homeowner about $140 a month, $1,600 a year. And so if the credit score is wrong, people pay for 15, 20, or 30 years, depending on the term of their mortgage. And up until this year, even the outline of how these scores, mysterious scores, have been determined was kept a secret. In fact, most consumers, for instance, have no idea that having a whole lot of credit cards, even if you pay every one on time, lowers your credit score. Well, if consumers knew this was part of the credit score, they could make a decision whether they wanted to have that fifth, seventh, or tenth credit card. So things are beginning to move into the right direction. E-LOAN, one company, is offering a free Web-based service that allows real estate agents, bankers, and consumers to instantly determine the credit rating. But we think this should be available for everybody. And I hope that our colleagues will pay some attention to this legislation as we move it along. It requires lenders to supply consumers with their credit score and an invoice that describes how it was calculated, the source of who calculated the score, and the four factors negatively affecting the score. It is simple Adam Smith free market disclosure, and it is something we would like to discuss, Senator Allard, and I would like to discuss as we move this bill along. Thank you. Chairman Shelby. Thank you, Senator Schumer. Our first panel will just be one gentleman. Mr. Timothy Muris, he is the Chairman of the Federal Trade Commission. We welcome you to the Committee. We appreciate your indulgence through our opening statements. Your written statement will be made part of the record in its entirety, without objection. You may proceed as you wish. STATEMENT OF TIMOTHY J. MURIS CHAIRMAN, U.S. FEDERAL TRADE COMMISSION Chairman Muris. Thank you very much, Mr. Chairman. I want to thank you for holding this important hearing, and I particularly want to thank you and your staff for working so closely with us. I know, as has been mentioned, the Director of the FTC's Bureau of Consumer Protection, Howard Beales has testified before the Committee, and it is a particular pleasure since your Staff Director, Kathy Casey, is a former student of mine. And it has been a pleasure to see her and her staff 's professionalism and skill in working through this process. Chairman Shelby. You taught her well. Chairman Muris. Thank you. I am not sure she will agree with that, but that is another subject. As we testified--Howard presented the Commission's testimony in May--the statute, the FCRA, has been a remarkably effective law. It helps make possible what I call the miracle of instant credit, which occurs all over America every day. For example, you can walk into a car dealership, and if you have good credit, in less than an hour you can borrow $10,000 from a complete stranger, or more, and drive out with a new car, which, when you think about it, I think is really a remarkable fact. And it exists really only in the United States. In the over 30 years since the FCRA was enacted, with the leadership of this Committee and Senator Proxmire, consumer credit has expanded exponentially. It accounts for over two- thirds of our Nation's GDP. It has been particularly important, this expansion of credit, for the least affluent Americans. Thirty years ago, for example, 5 percent of low- and moderate- income Americans had credit cards. Today, half have those cards, nearly half. The FCRA has facilitated this growth while at the same time protecting sensitive financial data. The FTC supports the package of proposed legislation that the Administration and Secretary Snow announced on June 30. We believe these proposals, along with a couple of additional ones in our testimony, will help improve credit report accuracy and fight identity theft, while preserving the benefits to consumers of the national credit reporting system. To begin, the Commission recommends that Congress renew the uniform national standards in Section 624 of the FCRA. The national character of our credit markets is a powerful argument for retaining these standards. This is not to say that the FCRA is perfect, but any improvement should be made by changes to the national standard and not through a patchwork of different State laws. The changes we support focus on getting more credit reports in consumers' hands, streamlining the dispute process, detecting and preventing identity theft, and easing the burden on identity theft victims. Turning more specifically to accuracy, we have several proposals that I believe will enhance the accuracy of credit reports. One proposal that I believe is particularly important is our recommendation to expand adverse action notices to consumers, and it builds on your charts, Mr. Chairman. A key element of the FCRA's protection of consumers is the requirement that when credit, insurance, employment, or other benefits are denied, based even in part on a credit report, the creditor must notify the consumers of their rights to a free copy of the report and to dispute the accuracy of information in the report. This self-help mechanism is a critical component in an effort to maximize the accuracy of consumer reports, and it is a quite ingenious part of this statute. It puts credit reports in consumers' hands when they are the most motivated to inspect their report for inaccuracies--that is, after they have been denied benefits based on the report. We are vigorously enforcing FCRA's adverse action provisions through industry compliance sweeps and enforcement actions against users of credit reports. Nonetheless, this is an area where we believe an important improvement is needed in the statute. The FCRA generally requires an adverse action notice when a consumer is offered less advantageous terms because of his credit report with respect to credit offers. But if the consumer is offered and accepts those less advantageous terms, he gets no adverse action notice. Now, in the modern world, this counteroffer exception makes no sense. Ten years ago, credit decisions were usually pass- fail. You either got the credit you applied for or were rejected. Today, with the prevalence of risk-based pricing, which was your point, Mr. Chairman, consumers more often are offered a higher rate or worse terms. Those consumers may pay for a loan or credit card based on inaccurate information in their credit report, but they will never learn about it. This gap frustrates achievement of the FCRA's basic consumer protection goals. For this reason, we recommend that Congress give the FTC rulemaking power to expand the circumstances under which consumers get adverse action notices. Again, it is crucial to the working of the system that consumers be notified when there is a problem in their credit report. For most consumers, most of the time, it is not worth their time to go read their credit reports. They have a lot of busy things to do in life. An ingenious part of the system is you are notified when you are denied a benefit because of what is in the report. But because of changes since the law was enacted with this risk-based pricing, there is now a significant loophole which we think should be closed. We also have recommendations that will make it easier for consumers to dispute inaccurate information. For example, there is an anomaly in the law whereby resellers of consumer reports are responsible for investigating consumer disputes. We think that the credit repositories should share some of that burden. In addition, we recommend amendments that would make it harder for furnishers to reintroduce fraudulent information in the credit reports. Finally, we believe the law should be amended to require furnishers of information to investigate consumer disputes when consumers contact them directly. Consumers do not know necessarily that under current law they are supposed to contact the credit reporting agency. We see no reason why, when they contact the furnisher, that should not trigger the reinvestigation requirement. It is a pleasure to be here, and I will be happy to respond to any of your questions about our recommendations or any of the other issues. Thank you. Chairman Shelby. Thank you, Chairman Muris. The very first section of the Fair Credit Reporting Act highlights the importance of the accuracy of credit reports that we have been talking about today. Let me just briefly quote from the law. ``Inaccurate credit reports directly impair the efficiency of the banking system.'' It might be fitting, Mr. Chairman, to expand that sentence so that it reads, ``Inaccurate credit reports directly impair the efficiency of our whole economy.'' Chairman Muris. I certainly think that one of the reasons that our economy is so strong, particularly compared to the rest of the world, is the flexibility of our credit system. Chairman Shelby. Absolutely. Chairman Muris. And that credit system relies on these national credit standards, and this law is essential, I think, to making those standards work. Chairman Shelby. Would you agree that inaccuracy in credit report information could create inefficiencies in the economy? Chairman Muris. Absolutely. And I certainly agree with the comments that others are making, you know, that not all inaccuracies are created equal. Chairman Shelby. Sure. Chairman Muris. But, again, that is why it is so important to put this information in the hands of consumers. Chairman Shelby. What is your understanding, Mr. Chairman, as to the level of inaccuracy found in credit reports? Chairman Muris. We have no way of knowing the precise level of inaccuracy. Again, the ingenious nature of this system and why we want to expand the adverse action notices is that when you are denied a benefit because of what is in the credit report, you need to be told. And that puts you on notice, particularly if you think there must be a mistake, to see what the problem is. The statute obviously understands that you are dealing with something like, with these big credit bureaus, 2 billion transactions a month. Perfect accuracy is neither possible nor desirable. Chairman Shelby. But accuracy is very desirable, maybe not perfect. Chairman Muris. Absolutely. That is why we take lots of steps to deal with accuracy, and that is why we think, although you should extend the preemptions in the national system, that you should improve the statute, particularly in terms of accuracy. Chairman Shelby. A lot of things that Senators Corzine, Crapo, Allard, Schumer, and others have been talking about as far as accuracy, is putting together a comprehensive bill here which could improve the accuracy and the efficiency of credit reporting, could it not? Chairman Muris. Absolutely, and that is what our package of proposals is aimed for. We look forward to working with you on developing such a package. Chairman Shelby. You do not have a specific number, you know, statistically, as to the errors. Is there any way to get a specific number? Because numbers do matter. Chairman Muris. Well, they do matter. I am not sure that it is worth the cost of getting a specific number. I do think that easing the ability of consumers to have the information is the best route to take, and that is why we made several proposals, including free credit reports---- Chairman Shelby. That would be good for the consumer by a long way, but also good for business, would it not? Chairman Muris. Well, yes. I do think that a more accurate system, assuming it can be achieved without undue cost, would be better. And I think the proposals that we have made take us a significant way down that road. Chairman Shelby. Mr. Chairman, do you think that the Federal Trade Commission should have a responsibility to obtain information regarding the accuracy of the information contained in consumer reports on an ongoing basis? Chairman Muris. I would be particularly concerned--and I know there is a provision in the House bill--if we were asked to spend a lot of resources trying to come up with, trying to determine what the level of accuracy is. I think our resources would be better spent on consumer education, on developing new laws such as we have talked about, on enforcement, because-- although, again, accuracy is a key to this statute, but trying to find out and deal with some of the issues that people have raised here about accuracy, I am not sure that is the best---- Chairman Shelby. Well, accuracy is going at the truth of whatever the information is. Chairman Muris. Yes, that is certainly true. But I think Senator Bennett's point about levels of accuracy is very well taken. Chairman Shelby. Absolutely. Does the Federal Trade Commission, currently have the authority and the resources necessary to ensure that the highest level of accuracy possible is achieved? Do you need more resources? Or do you think, as you alluded to, you are going to work with us toward better legislation? Chairman Muris. I think the preferable route is better legislation. We received our mark from the House appropriators yesterday. If we get that amount of money from the Senate, I think we can very admirably carry out our responsibilities, including whatever new responsibilities you would give us. Chairman Shelby. Especially if we put together a good bill overall, one that is good for business, good for the economy, and good for the consumer? Chairman Muris. Yes, sir, absolutely. Chairman Shelby. Senator Sarbanes. Senator Sarbanes. Thank you very much, Mr. Chairman. Chairman Muris, I am going to try to run through some questions with you very quickly. As you know, our time for questioning is limited. But, first, I do want to note the front-page article in today's New York Times on the FTC's Do Not Call Registry. This article says that there has been an outpouring of public interest in the registry far exceeding the Government's initial expectation. According to the article, Americans have submitted 23 million phone numbers in the last 2 weeks for the registry, and the FTC expects at least 60 million Americans to sign up by October 1. What does this tell you about the way people are feeling about the invasions of their privacy? Chairman Muris. Well, I think the reason that we have adopted the national Do Not Call Registry is in response to concerns over privacy. And, indeed, the reason that we are making several proposals here is in response to concerns about privacy. I am not sure that it is accurate that we have received a lot more initial sign-ups than we expected. We thought this would be a very popular initiative. The Commission has never received anything like the comments and the response in its history to anything we have done like the Do Not Call Initiative. I do think people care about privacy, and what they care about, I think, is when their information is misused in ways that bother them. And the interruption of their dinnertime is a perfect example, and I also think, to transfer that to this context, when sensitive information is misused or it is inaccurate, those are the kinds of things that bother people the most rather than abstract notions of, you know, privacy. I think people are very practical, and when it is misused and causes them consequences, that is when they really care. And I think Do Not Call demonstrates that. Senator Sarbanes. One of the witnesses on the next panel, Mr. Brobeck, from the Consumer Federation, recommends broadening the Federal enforcement of FCRA in two ways. He recommended, ``An appropriate Federal Agency such as the FTC should audit the repositories' records on a regular basis to identify data furnishers who report incomplete or incorrect information to the repositories.'' He also recommended that the FTC should collect and analyze information about credit reporting disputes on a quarterly basis and report this information to Congress annually. Would you support those recommendations? Chairman Muris. Well, I have welcomed our cooperation and support on many issues from the consumer movement and the CFA in the past. I have trouble with some of their recommendations here. The idea of an audit bothers me in the following sense. I think we need to focus on the key trigger point of the statute, which is letting consumers know when there is a problem. I think in terms of furnishers, it is a voluntary system. We have sued furnishers for supplying inaccurate information. There are duties dealing with furnishers. In fact, we are proposing to trigger the reinvestigation process, as I mentioned, when a consumer contacts the furnisher. So, I think there are some more things that furnishers can do. There are already duties on furnishers. But I am concerned about shifting our focus from the consumer and the consumer getting notified to a more abstract idea of auditing and studying the procedures of the credit reporting agencies. Senator Sarbanes. You used the instant credit example in your own statement. Does the store receive a complete credit report, or does it simply receive a credit score when it acts in that instance? Chairman Muris. Well, I think it depends. In the case of the real instant credit, they are receiving often just an approval. I am not even sure---- Senator Sarbanes. And if the consumer is denied credit in the instant credit scenario and then requests a credit report as a result of that adverse action, what would the credit reporting agency provide to the consumer? Just what the store got? Chairman Muris. My understanding is no. Well, I am not sure what the store gets, and---- Senator Sarbanes. Well, shouldn't the consumer---- Chairman Muris. Yes, I agree the consumer should get the full---- Senator Sarbanes. Shouldn't the consumer, at least, get what the store got? And if that is not the full report, probably get the full report as well, should he not? Chairman Muris. Absolutely. I agree, Senator. What they are supposed to get now, this is triggered by the so-called Equal Credit Opportunity Act notice. They are supposed to be told the four leading reasons why there was a problem with their credit report. I agree that just giving them a very simple piece of information would not be useful, but I believe under current law they are required to get more than that. Senator Sarbanes. My time is up. Let me just ask you, is it the intention of the FTC to provide to the Committee draft statutory language to carry out the recommendations that you have presented to us in your statement here this morning? Chairman Muris. Yes, sir. Senator Sarbanes. And how promptly can you do that? Chairman Muris. Well, we have been working with the Committee, and I think we would be able to do this very promptly. And we have been working with the other body as well. Senator Sarbanes. What is ``very promptly?'' [Laughter.] Chairman Muris. Well, I am not even sure what day of the week it is. It is Thursday, I think. I would be very surprised if we cannot sit down and do something--next week? I am checking with the people who have to do the work before I make a promise. Yes, next week would not be a problem at all. Senator Sarbanes. Thank you, Mr. Chairman. Chairman Shelby. Senator Dole. Senator Dole. Mr. Chairman, as an alumnus of the FTC, I take a great deal of interest in your testimony, which I find very credible, because I know that these recommendations represent a bipartisan consensus approach. Now, currently, the Federal Trade Commission has four Commissioners appointed by President Clinton, and then you, an appointment of President Bush. Isn't that correct? Chairman Muris. Yes, Senator. Senator Dole. You are clear in your testimony the FTC supports the permanent reauthorization of the Fair Credit Reporting Act preemptions contained in the 1996 Act with some modest amendments. Is this the unanimous position of all the Commissioners? Chairman Muris. Yes, it is. Senator Dole. Mr. Chairman, do you agree with the statement of Director Beales who stated earlier that affiliate sharing assists in the prevention of identity theft? Chairman Muris. Yes. Yes, I think that it is important that financial institutions have access to more information than the crooks have to stop the fraud. And in that sense, I think the information is helpful. Senator Dole. Inasmuch as affiliate sharing prevents identity theft, would you agree, then, that affiliate sharing leads to more accurate credit reports? Chairman Muris. Yes, I would, and we do support it and think that affiliate sharing is an important part of this process. Senator Dole. And while there is always room for improvement, do you believe that the credit reporting agencies are doing enough to ensure accurate credit reports? Chairman Muris. We have had several opportunities to engage in enforcement against the credit reporting agencies. That process continues. We are their primary regulator. I think, you know, with a rare misstep, which I think we have corrected, I think that they have done a good job. I do believe that some additional legislative protections, particularly in terms of accuracy, which I have outlined, would be helpful. Senator Dole. In your prepared statement, you give the example that if States are able to pass differing laws on reinvestigation times, furnishers might determine that their reinvestigation duties are too onerous and simply exit the system. Do you believe the 30-day period in the Fair Credit Reporting Act is the appropriate one? Chairman Muris. Well, Senator, I do think the 30 days has worked well, and I think there are a couple of important points to make. The one that you are referring to about the voluntary nature of the system and the furnishers' cooperation is very important. And a second point is we have frequently brought cases against scams that involve credit repair. And one of the things that some of these scams tell you to do is to challenge everything, ask for a reinvestigation on everything, with the idea that maybe you can run out the clock. And if the period was shortened particularly dramatically--I know some people have proposed 15 days--I think that would be a serious problem in terms of these scams. Senator Dole. You also give an example in your prepared statement as to the problems that may arise from shorter obsolescence periods governing how long negative information can continue to be reported. Do you believe the 7-year period included in the Fair Credit Reporting Act is the appropriate time period? Chairman Muris. Well, I think the 7 years has worked well. I have seen no reasons at all to change, and that is the basis of our recommendation. Senator Dole. Senator Dodd sent me a copy of a series of articles that were written in the Hartford Courant, and this detailed some very distressing charges of errors the paper says have been built into the credit reporting system. One such charge was that credit reporting agencies have the incentive to put false information in a credit report because the potential creditor is more likely to buy a report with more information in it because they assume that it must be more accurate. I find this hard to believe. Would you comment on that charge? Chairman Muris. I find that very hard to believe as well Senator, and I am not aware of any evidence that this has occurred. The credit bureaus are in the business of selling not only information, but also accurate information, and that is why I am surprised by that allegation. Senator Dole. In your written testimony, you state that, ``Prescreened offers provide many benefits for consumers, and can enhance competition, leading to greater credit availability, better terms, and lower costs for consumers.'' Some of the witnesses in previous hearings have stated that prescreened offers have one of the lowest rates of fraud. Do you agree with this observation? Chairman Muris. I do not think that there are systematic problems in terms of fraud with prescreened offers. I have seen evidence certainly consistent with the statement that you are making. I think the prescreened system has worked well. I do think that giving us the ability to make the opt out more prominent and easier for consumers to use would be a useful thing, and that is why we have recommended that. Senator Dole. And I just want to make it clear for the record. All of the Commissioners at the Federal Trade Commission support the continuation of the prescreening preemption, of course, with better disclosure for the opt out. Chairman Muris. Yes, yes. Senator Dole. What can Congress do to improve the accuracy of information in credit reports? Chairman Muris. I do think it would be helpful to implement the proposals that we made. We do not have a monopoly on the best way to approach this, of course, and I am certainly looking forward to working with you. And I just want to add on a personal note that it is a pleasure to be working with you again after all these years. The years have treated me a little worse than they have treated you, but it is a pleasure to be working with you again, Senator. Senator Dole. Thanks very much. My time has expired. Thank you, Mr. Chairman. Chairman Shelby. Senator Corzine. Senator Corzine. Thank you, Mr. Chairman. I do not really know how to follow that up. [Laughter.] Let me see. The idea that you are going to give an opportunity for a consumer who has an adverse notice is the major response that you are suggesting--do I hear this correctly--with regard to making sure that consumers are aware of deterioration in their credit? Chairman Muris. I think the key to the system that Senator Proxmire set up is that the consumers are put on notice when there is a problem, when they are denied a benefit because of something in their credit report, and I think we can improve that system. Senator Corzine. But you are suggesting at the point of a transaction, being turned down? Chairman Muris. I think that for most consumers, that is when they would care. Now, I do think that there are several things that we propose that--if a consumer is really interested in the absence of a transaction, I think we should make it easier for them to get the information about their credit report and about how the system works, and---- Senator Corzine. Secretary Snow's once-a-year credit report and the detail in the way that Senator Sarbanes and others were talking about--information that might have changed from year to year, or adverse factors, so that individuals would know when they are going to change jobs that they may have adverse information in a credit report, or if they are contemplating buying a car, they know that they are going to get a lower credit score. I am presuming you are incorporating the once-a- year---- Chairman Muris. Yes, sir. Senator Corzine. And for the record, that is part of your recommendations, not just a notification of an adverse factor at the time of---- Chairman Muris. Oh, absolutely. We are proposing that they be able to get the one free consumer report. We are proposing that consumers have the option of receiving more information. Now, I think it is important to add that it needs to be up to the consumer. We are certainly not proposing a blanket mailing to everyone of their consumer report. I am not suggesting, and we do not suggest, that everybody needs to look at their consumer report on a routine basis. That should be up to the individual. Senator Corzine. I just--and I guess this is a basic philosophy issue--but an individual who is in contemplation of buying a car, in contemplation of taking out a mortgage, or accessing credit may be already dependent on having that transaction take place, and if they are not aware of deterioration in their credit, there can be serious circumstances that are attributed to it. So, I am a little troubled with that tension. Chairman Muris. Well, I am not sure that there is a tension. It is really up to the individual. If the individual is particularly risk-averse, or if they have some reason to believe there is a problem, we think it should be easier than it is now for them to investigate. On the other hand, I do not think--for a lot of people who have not had any problems in their lives, they have a lot of things to do with their lives, and I am not going to recommend to such a person that they spend their precious time reading and investigating their credit. But we want to make it easier for the individual, and we particularly want to make it easier at that crucial time if you are denied a benefit to get the information. Senator Corzine. One specific on that. I do not know if other Senators feel this way, but I would like to understand in practical terms, if you request a credit report on yourself, what that would look like. What would the requirements actually be that would be sent out by one of the reporting agencies so that the practical elements of it are actually what we are talking about? Chairman Muris. Yes, that is an excellent question. Right now, in some States, you can get them for free, and in other places, you can buy them. We would be glad to work with you and show you how that works. Senator Corzine. I find it troubling that you have to buy them. Chairman Muris. And that is one of the reasons that, under our recommendation, that would no longer be true. Senator Corzine. I think that under Secretary Snow's, if individuals knew they had the availability, they would put in an annual request. Chairman Muris. Well, in the States, again, it depends on the consumer. In six States, they have that right, and more exercise the right than if they had to pay for the report, but obviously, it takes some time to digest and understand, and for some people, that might not be worth their time, and I can understand that. Senator Corzine. Three other points, quickly. First, I think that you just gave an absolute recommendation of financial literacy ties to this. Chairman Muris. Oh, absolutely. Senator Corzine. That, without education, these things are---- Chairman Shelby. Senator Corzine, our next hearing is going to dwell on financial literacy. Senator Corzine. Second, I think the identity theft issue makes this even more important. Once you have been invaded as an individual, the idea of whether this thing gets cleaned up on an accuracy basis is one of the reasons we are introducing the nature of the legislation, but I again go back to this comprehensive nature. And finally, I am really struck with the range of statistical variation that Senator Bennett talked about and others recognized, and I am not sure that I agree that it is not worth the cost of having some kind of understanding of what the nature of the problems are. Even though it is a big and complicated system, having some readout on the nature and the gradation of the nature of the problems--is it an ``S'' or an ``F'' or is it the kinds of things that come with identity theft. I am a little troubled that we make policy decisions when we are not sure what the nature of the problem is because we are not accumulating all the data. So, I will ask a simple question and then I will shut up. What is the range? Are we closer to 0.2 percent, or 29 percent, or 0.70 percent? Senator Bennett. Not ``point''--70 percent. Senator Corzine. Yes, yes. Excuse me. Chairman Muris. I will say this--that the studies with the higher numbers, I believe their methodology is seriously flawed. I would be very surprised--and I do not know as much about the methodology of the 0.2. The question which Senator Bennett's ``F'' and ``S'' illustrates is the significance of the benefits, which is again why I think it is so important to expand the adverse action notice, and for those consumers who want, even outside the context of a particular transaction, to look at their credit report and understand the system. I think we should increase that availability as well. Senator Corzine. Thank you. Chairman Shelby. Thank you, Senator Corzine. Senator Bennett. Senator Bennett. Thank you very much, Mr. Chairman. Chairman Muris, have you or your staff looked into two issues with respect to the free credit report--and let me say right up front that I applaud the idea that someone should be able to access their report at their own instigation, not only when there is a notice of an adverse action--but have you looked at two aspects of providing the free report--number one, the cost, and number two, the opportunity for identity theft. Let me tell you what I mean on the second one. We had, at our last hearing, a passionate appeal for Congress to do something--I am not quite sure what we could do--about ``dumpster diving.'' During the hearings on identity theft that I held when I was Chairman of the Subcommittee that dealt with this, we were told that one of the standard ways of people who went after identity theft in a serious fashion was to steal mail. They would hope they would find in the mail a credit card. If they did not find in the mail a credit card, they would hope they would find a bank statement or some other document that would give them information about some individual whose identity they could then steal. Isn't there a possibility that some clever criminal listens to all this and says, ``Boy, this is terrific; I am going to request the free credit report for Robert S. Bennett''---- Senator Schumer. How about Robert F. Bennett? Senator Bennett. --I will do that, too, and I will do Charles Schumer, and I will do John Corzine and all the rest of it--and see what I get, and particularly if there is a flood of these coming in, and you talk about errors, and a flood of mail coming back, is there a possibility that in our effort to prevent identity theft, we facilitate it? Chairman Muris. Well, a couple of responses to that, and particularly to the last point. The CRA's right now require various steps to make sure it is the right person. If you are a successful criminal, if this tactic really worked, I am not sure the $9 that it costs now would be much of a deterrent. Obviously, it is $9 more than free. Senator Bennett. I will get back to cost in a minute. I am not talking about the cost right now. Chairman Muris. No. But I am saying that if this is a way to engage in identity theft, you can do it now for $9 per credit report. Senator Bennett. I see. Chairman Muris. I do think that identity theft is a serious problem--a very serious problem. I know that you had a hearing on it; FTC Bureau of Consumer Protection Director Howard Beales testified. Many of our proposals deal with identity theft. We are going to release a survey sometime this summer about the incidence of identity theft, and we are still trying to digest those numbers now. But I do not think this proposal, based on the experience that we have seen just in the small number of States that allow free reports and the experience with the $9 now, has been a major source of identity theft. Senator Bennett. Okay. I have discussed this with the industry, and they tell me that if the request is made online-- if this is an Internet request--they are almost certain that they can prevent anybody from requesting this information. If it is mailed out, they say the chance of somebody getting the information and using it improperly is substantially better. So, I would like to pursue in the legislation, Mr. Chairman, the whole question of how the report--if we are indeed going to see a significant rise in requests for reports--is formed. I do not know if we can absolutely insist that it always be an electronic request and an electronic response, but that, I am told, is far more secure than responding in the mail. Now, back to this issue of cost. I am not talking about the cost to the consumer. I am talking about the cost to the credit bureau. Chairman Muris. I understand. Senator Bennett. And the question arises--do we have any statistics as to how more requests they will get, how much additional costs they will incur, and life being what it is, therefore, costs that will be ultimately passed on to the consumer? Chairman Muris. You are absolutely correct that the costs will be passed on. From various parts of the industry, I have heard two different estimates of the costs in the handful of States that allow it now. One is that not very many more people requested free reports. Another is that a significant increase off a very small base requested reports. And I do think it is important--and this may be somewhat of a tension in the previous questions--I personally would oppose something that really pushed people to look at their credit reports unless they had some reason--if they were very risk-averse, were about to enter an important transaction, or they had some particular suspicion about their report. Most people do not look at their credit reports. Most people have good credit. I think it should obviously be the choice of the consumer, but we should not encourage or frighten people to do something that is not necessarily in their interest. Senator Bennett. Thank you. Thank you, Mr. Chairman. Chairman Shelby. Senator Schumer. Senator Schumer. Thank you, Mr. Chairman. I want to thank you, Mr. Muris, for always being available to this Committee and for your forthright answers. I would like to focus on the legislation that Senator Allard and I talked about earlier today. First--and I know you have not seen it; we just dropped it in yesterday, so you probably have not seen the details--but what do you think of the general concept? Chairman Muris. We support the concept of giving people information, the right to a free credit report, information on how the credit scoring system works, certainly having a credit score. I think it is important to understand there is no one ``the credit score,'' so I am hoping you have some flexibility. I am a little bit concerned--we do antitrust and competition--this is an industry with not very many players, and I would not want to do anything inadvertently that gave one player an advantage. I do not think you would do this or are proposing to do this, but if somebody wanted to say one kind of credit score was more preferable than another, that would cause us problems. Senator Schumer. But all we do is allow people to see how they got the credit score from that particular agency. It is obviously the bank or whoever is hiring the company that is going to---- Chairman Muris. Sure. That is fine. Senator Schumer. We do not want to determine what the credit score should be. Chairman Muris. But there are different kinds of credit scores. That is all I am saying. Senator Schumer. No question, no question. But we are not going to mandate how you create a credit score. We just want people to know--right now, they give you your score, and that is it. So it is like saying you flunked, or you got a ``D,'' or you got a ``B,'' and you ask which questions did I get right, and which questions did I get wrong, and they say, ``We cannot tell you.'' That is the frustration that people feel. Chairman Muris. Yes. You can certainly get more detailed information in terms of adverse actions already now, but we think that that should be available more widely; it should be available without cost, and if that is the concept of your bill, then that is certainly completely consistent with what we are proposing. Senator Schumer. Well, I had a lot of other questions in case you said ``No,'' but you said ``Yes,'' so I will yield back my time. I know we have a vote, so my colleague can proceed. Chairman Shelby. Senator Allard. Senator Allard. Thank you. I want to delve a little bit into enforcement. Sometimes constituents have contacted me when they have had problems with jurisdictional issues concerning the enforcement of fraud. For example, the victim may live in one State, and the act occurred at a retail store in another State, and both enforcement agencies say it is the others' responsibility. My question to you is what enforcement actions are at your disposal, and how often have you exercised that authority? Chairman Muris. Well, we certainly engage in a wide variety of enforcement, and we have enforcement, obviously, interstate, and when it comes to fraud, that is particularly the mainstay of what we do. Because more and more problems are international, and we have a proposal before the Congress, which has passed the Commerce Committee as part of the FTC reauthorization, to approve our ability to deal with cross-border fraud. In terms of the credit reporting agencies, we are their primary regulator and, as I have mentioned, from time to time over the years, we have brought cases against them, including very recently. Senator Allard. How would you bring a case against a reporting agency, because this is an enforcement problem. It may come to light because it went through the Agency, so the Agency tells you to contact the local law enforcement in each State. When the State refuses to take action--what alternative does that individual have? Chairman Muris. One of the ways which we have recently--and this is still an ongoing issue in some ways--dealt with the credit reporting agencies is making sure that they are answering the phones. They are supposed to have a process that consumers can reasonably use to deal with problems on their credit report. Obviously, if you are talking about some kind of fraud or problem with a credit card company, or if there is a dispute about a bill, that is not the responsibility of the credit reporting agencies. We also enforce the Fair Credit Billing Act, which provides procedures for dealing with those disputes. In terms of fraud, I mentioned with Senator Dole the credit repair scams. We have brought a large number of those cases. We have recently seen people--you know, when money is involved and financial information is involved, there is a lot of opportunity for scams. There are people online right now who are scamming people, trying to get sensitive information from them, and it is to misuse the information, and we have a lot of those investigations and have brought a lot of those cases. Senator Allard. So you have the capability to investigate and to prosecute? Chairman Muris. Absolutely. Senator Allard. How often have you exercised that authority? Chairman Muris. Let me just give you one statistic. In terms of telemarketing fraud, for example--we were talking about the telemarketing issue--between the FTC and the States in the 8 years or so of the Telemarketing Sales Rule, there have been over 1,000 cases. When consumers are ripped off--and fraud is the worst example--that is the mainstay of what we do, and many more of our resources go there than anyplace else. Senator Allard. One other question just to follow up on Senator Schumer's line of questioning--he did not ask if you believe that the credit scores should be provided free of charge? Chairman Muris. Yes, yes. Again, it is not just the score, but we believe that people should be able to get their report, they should be able to get an explanation---- Senator Allard. What goes into it, right. Chairman Muris. Right, how the system works. Senator Allard. Do you think that whole report should be provided? Chairman Muris. Right, and I think that is more important, quite frankly, than the score itself. The steps that you can take to improve--these scores can be confusing since different people use different systems. Senator Allard. Thank you, Mr. Chairman. Chairman Shelby. Senator Sununu. Senator Sununu. Thank you, Mr. Chairman. Chairman Muris, I want to talk a little bit more specifically about access to free reports, and I apologize for being the last questioner, so you might have touched on some of this already. Currently, consumers can get access to a free credit report if they are denied credit. What is the percentage of consumers that have been denied credit who actually take advantage of the opportunity for a free report? Chairman Muris. You know, I do not know that number. Even my experts do not know that number, but we would be glad to try to get you something. Chairman Shelby. Can you do that--find out for the record and furnish that to us? Chairman Muris. Sure. Yes, sir. Senator Sununu. That would be good. It would seem to me to be a pretty important figure, especially if ensuring full access for everyone to free credit reports is part of the proposal, because if it is 10 million people getting free credit reports, and it is costing a tremendous amount of money, then obviously, we would want to at least give some extra consideration---- Chairman Muris. The number of people who seek free credit reports even in areas where they are allowed to get free credit reports does not appear to be, percentage-wise, a large number. Senator Sununu. Which brings me to my next question. There are six States that allow that, correct? Chairman Muris. I think that is right. Senator Sununu. What are those States, or what is the largest of those States, and what are the take-up rates for those States that allow free credit reports? Chairman Muris. The more recent evidence that we have received is that people--somewhere around double. It was a fairly small number. Georgia, Massachusetts, Colorado, and Vermont, I am told. I received a statistic yesterday it was somewhere in the neighborhood of--I think it was Colorado--it was something like 100,000 reports. Senator Sununu. Okay. I would appreciate it if you could go ahead and provide that information for those six States that allow full access to credit reports and the number of credit reports that are provided to those consumers who do not have a problem. Chairman Muris. Right, and the number that sticks in my head, and I think it was for Colorado, even with free reports, was something under a couple of hundred thousand a year. Senator Bennett. Do you want the numbers? Chairman Muris. Yes. Do you have the numbers? Senator Bennett. I have them, yes. Chairman Muris. Okay. Senator Bennett. New Jersey, 2.37 percent, which is a 35 percent increase over the national average of 1.7 percent; Massachusetts, 2.21 percent, a 25 percent increase over the national average; Maryland, 5.53 percent, a 204 percent increase over the national average--Senator Sarbanes' constituents are more curious; Georgia, 6.14 percent, a 250 percent increase over the national average; and Colorado, 4.45 percent, or a 153 percent increase over the national average. So the average increase for all of these States is 144 percent. So you are operating off of a small base. The national average is 1.76 percent, and it goes up to 4 or 5 percent in the highest. Senator Sununu. And I would simply appreciate it if you could verify those numbers, and Mr. Chairman, if we could include the numbers in the record Chairman Shelby. Absolutely. Senator Sununu. And I would ask a question of my colleague, which is how can there be a national average if there is not a uniform requirement that people have access to their credit reports. Senator Bennett. Well, by ``national average,'' that means the national average of people who get reports when there is an adverse action. Senator Sununu. So it is 20, 50, or 250 percent more than the percentage that take advantage when there is an adverse action. Senator Bennett. That is right. Chairman Muris. And again, the absolute numbers are not very large. But one thing that is interesting is I suspect, Senator Bennett--and I do not know for sure whether we are getting numbers from the same sources, and they do not completely agree, but we will figure out whatever the discrepancy is. Senator Sununu. I would appreciate the best possible numbers being provided to the Committee. Senator Bennett. These are the numbers from a single credit bureau. Chairman Muris. A single credit bureau, okay. We have them from the three. Senator Sununu. How many of the three major credit bureaus provide information about scoring methodology on their credit reports now? Chairman Muris. I believe that you can get information from all of them. Senator Sununu. I am sure you can get information from all of them---- Chairman Shelby. Do you believe it, or do you know it? Senator Sununu. --but is it provided---- Chairman Shelby. Will you furnish that for the record? Chairman Muris. Yes. My understanding is that they do that, but I will double-check to make sure. Senator Sununu. And being able to get information if you ask for specific information is one thing; being given information in conjunction with your credit report is another. Chairman Muris. Correct. And my understanding again is that you get that information, but I will verify that. Senator Sununu. A final question. I think one of the most frustrating that I have seen, both seen personally and heard about, is when a consumer addresses a problem in their credit report, a piece of inaccurate information, and they deal with this issue, and then it comes back, and the next time they are dealing with a credit report, it is back on there, and then they call and fix it again, and then it is back on there again. What, if anything, is the FTC doing to try to address or alleviate this problem? Chairman Muris. We have taken several steps. There is on occasion a situation where the consumer and the creditor simply disagree. There are also private rights of action available, and there is something of a cottage industry involved in these sorts of cases. But we have, in the aggregate, been worried over the years and have taken steps, including suing the companies to make sure that their complaint resolution process provides the kinds of reasonable procedures that the law requires. Senator Sununu. Is it your perception that where private right of action or other enforcement mechanisms--penalties, fines, what-have-you--exist, are they substantive enough and appropriate to actually discourage the activity, and if not, where are they short? Chairman Muris. Well, you have two different levels of issues here. One is between the consumer and the creditor, and the other is the credit reporting agency. In terms of the latter, we are not recommending as a Commission, and I certainly would not recommend personally, any change in the remedial structure. In terms of the former, although I have not focused on it particularly for this hearing, I am not aware of any systematic problems. Obviously, in a system where you have 2 billion transactions a month going to the credit reporting agencies, it would be shocking if you could not find examples of mistakes, and mistakes that are hard to correct. I do believe that the incentives of the system are good, and I also believe they can be improved some, which is the basis of our recommendations. Senator Sununu. Thank you very much. Thank you, Mr. Chairman. Chairman Shelby. Thank you. Mr. Chairman, maybe I misheard you a few minutes ago. I believe you were answering Senator Corzine's observation or question. But you said you would oppose one--for example, myself--wanting to look at my credit report? Did I mishear you? Chairman Muris. No. What I would oppose is you requiring a mass mailing to everyone of their credit reports. Chairman Shelby. Oh, okay. I am glad you corrected that. You are talking about a mass mailing without it being requested. Chairman Muris. Right, right. Chairman Shelby. Okay. Chairman Muris. And I am saying I can understand if Senator Corzine wants to look at his credit report a lot; I can understand that. I can understand if Senator Bennett or somebody else does not. And I think it should be at the-- Chairman Shelby. Yes. But just a mass mailing--we do not have mass mailings by the States now, do we? Chairman Muris. No, no, no. Chairman Shelby. Okay. I am glad you corrected that. That was bothering me, because after these hearings that we have been holding for the record, gosh, I have just ordered a credit report on myself. I do not intend to borrow any money today or buy something, but maybe tomorrow--and with identity theft and the horror stories, I am going to look at my credit report and see how accurate it is. I had not thought about it before these hearings, but---- Senator Bennett. I am afraid to look at mine. Chairman Shelby. Oh, I might be afraid, but I think it might be smart, especially if you are contemplating buying something, because of this. Let me see if I am right in this from what I have heard from the record over a series of hearings. Let us say, Mr. Chairman, that I apply for a loan that is advertised at 5 percent on a house for 30 years, or whatever it is, 5\1/4\, and they run a credit check on me, and they come back and say, ``You do not qualify for that, but I am making you a counteroffer. I will make you a counteroffer for 6\3/4\ or 7\1/ 4\.'' And I am desperate for the money--like everyone, time is of the essence--so I say okay, I will take it, because the payments are dragged out. But I still do not know what is in the credit report, because they have made a counteroffer to me, as I understand it now, that may have deemed my credit score to be lower than ordinary. And the ordinary person--gosh, I would not have known anything about the scoring of credit until we had these hearings--you know they do not know what that is based on. The average American citizen would not know. That is why we are going to have our next hearing on financial literacy, which I think is important. Chairman Muris. Oh, absolutely, I agree. Chairman Shelby. So, I guess what bothers me some is that by making a counteroffer to me, they do not have to disclose what is in my--or, give me a copy of my--credit report. Now, if they turn me down--in other words, they are not turning me down; they are just making me a counteroffer--that bothers me. Chairman Muris. I agree, and that is why we think in that-- Chairman Shelby. How do we work around that somehow? Chairman Muris. We have recommended that you change the law so in that situation, they need to get an adverse action notice. Chairman Shelby. Okay. You see where I am coming from. Chairman Muris. Oh, absolutely, absolutely. Chairman Shelby. We had the horror story of the young man that Senator Dodd talked about, the young army captain, and his life has been ruined because of identity theft and everything that goes with it. Chairman Muris. Look, I completely agree about the horrors of identity theft. We spend a lot of time working on identity theft. I think this system is ingenious, and because of the adverse action notice, because of the risk-based pricing that you are talking about, there has developed a large situation which did not exist when the statute was passed, and we need to fix that. I personally have a less risk-averse attitude about looking at consumer reports--until I went through the confirmation process, when it turned out there was a wrong address in my credit report which was not relevant for credit, but it was relevant for my confirmation. That was the first time I had ever looked at it. And I think that is a fine rule for me, and if somebody else wants to have a different rule of their life and spend more of their precious time reading their credit report, I think they should be able to do that. Chairman Shelby. I want to ask these questions for the record, because we are going to have votes, and we are going to have another panel, quickly. And you can do it, Mr. Chairman, for the record, as soon as you can. Chairman Muris. Yes, sir. Chairman Shelby. Do you believe the consumer has the ultimate responsibility for ensuring his or her credit report is accurate? Would providing consumers access to free credit reports enable them to be more proactive in ensuring accuracy? Doesn't greater accuracy ultimately benefit consumers, the credit reporting agencies, and credit providers--all of them. Do you consider a consumer credit report that contains incomplete information to be accurate? What is your understanding as to the efforts credit bureaus make to get furnishers to provide full-file reporting? I believe this was brought up earlier today--in other words, not to game the system and so forth. What incentives are there for furnishers to withhold information that we have read about at times? Do you think that the average consumer understands that they can suffer negative consequences because a firm they have a credit relationship with decides to--yes--underreport information regarding their credit history? Do you think they should be made aware of the underreporting activities of these companies? These questions we are interested in getting to. Chairman Muris. We would be glad to answer those. Chairman Shelby. At the end of the day and at the end of these hearings, which we are hoping to get to, we are interested in accuracy--which is very important on both sides of the aisle to everybody--because we should do everything to have the credit report accurate, because accuracy depends on money, doesn't it, and the cost, among other things. So, we are going to be working with you on this, and we appreciate your appearance here today. Chairman Muris. Thank you very much. Chairman Shelby. Thank you. Senator Bennett. Senator Bennett. The bells have not gone off for the votes yet, and I would just like a quick second round as well. I have been denied credit because of a credit report, and the credit report was entirely accurate. I have had some rough patches in my life where I have missed some payments and all the rest, and that is the only time I have seen my credit report. And yes, there were some errors in it, and frankly, there was difficulty getting them cleared up. But that was 20 years ago, and I have the feeling now that things are a whole lot better than they were because the bureaus understand that their livelihoods depend upon their being accurate. There was almost an adversarial relationship when I got involved in my situation. They did not care whether it was accurate or not; they were just selling it. And I think that the culture has changed rather dramatically from that time until now. I am a little concerned about the score, because I think we have a sense that the score is an absolute number. That is, it is an ``A,'' ``B,'' ``C,'' ``D,'' ``E,'' or ``F,'' and everybody knows what that means. I think the score is a guess from the credit bureau, and then the credit grantor puts his own score, based on his analysis, and marries it to the score, and pretty soon you have scores on top of scores, and it is not an ``A,'' ``B,'' ``C,'' ``D,'' ``E,'' or ``F;'' it is a reasoned judgment on the part of the grantor. And we may be opening the door of trying to turn something into an automatic, ``Yes, I have a right because your score is 73, and 73 is a good enough score that I have a right to this credit.'' And the credit grantor says, ``I do not care what the bureau score is. I have looked at the report, and I have put a different score on it, and I have put a different weighting here, and I am not going to give you the credit.'' ``Oh, you have an obligation to give me the credit, and I will be back to Congress saying as long as I get a score that is above 65, I deserve this, that, and the other.'' Is that concern well-placed on my part, or am I seeing demons here that do not really exist? Chairman Muris. Well, there are several different issues, Senator, and I would certainly be concerned with a fixation on the number and the score, because different companies use different models and different predictions, and if the information were presented to consumers in a way that overemphasized the number and overemphasized the importance and underemphasized the explanation of how the system works and, most important, we need to provide people with information about how to maintain good credit. So, I can see some misuses, probably unintended, in how we present that information. I think we have got to be careful in how we present it, and we would certainly be glad to work with you. But if we are going to provide people information about their credit report and how the system works, it seems odd to me that we would withhold the score. There is no one score, of course, but I think it is important, very important, crucially important, that we not overemphasize the significance of the number, and that we put the thing in context. Senator Bennett. Okay. We are on the same page here, because we all want the consumer to be able to get accurate information and complete transparency. My concern is that if we focus on the score, we run the risk of distorting the information so that the consumer then starts to argue, as I said, that he has rights. And this is a guess--the score is an estimate--and if we surround the score with the kinds of caveats that you have talked about, I get a little less concerned about revealing it to---- Chairman Muris. We certainly do not want to encourage people to spend a lot of their time correcting ``S's'' and ``F's''--unless it has some particular consequence, which it may--given the last name ``Bennett,'' there could be confusion between two people. Senator Bennett. Thank you. Chairman Shelby. Senator Sarbanes. Senator Sarbanes. Chairman Muris, there has been enough testimony. There are real problems that exist, and the FTC has got to step up to this challenge, and we are looking for you all to do that. I think it is imperative that that be the case. I just want to leave you with that observation, that is all--I am not seeking an answer--well, the answer I am seeking would be in your actions. Chairman Shelby. Absolutely. Mr. Chairman, we thank you for coming. I am now going to introduce the second panel before we start our votes. We apologize for the length of the hearing, but I think it is very, very important. Chairman Shelby. Our second panel will consist of Mr. Stephen Brobeck, Executive Director, Consumer Federation of America; Mr. Stuart Pratt, President and Chief Operating Officer, Consumer Data Industry Association; Mr. Richard LeFebvre, President and Chief Executive Officer, AAA American Credit Bureau; Mr. David Jokinen, a consumer witness; and Mr. Evan Hendricks, Editor of Privacy Times, which Senator Sarbanes alluded to earlier. We appreciate all of you appearing today. Your written testimony will be made part of the hearing record in its entirety, and if you could sum up your best points quickly, we would appreciate it. Mr. Brobeck, we will start with you. STATEMENT OF STEPHEN BROBECK EXECUTIVE DIRECTOR, CONSUMER FEDERATION OF AMERICA Mr. Brobeck. Thank you, Chairman Shelby, Senator Sarbanes, and Members of the Committee. My name is Stephen Brobeck, and I am Executive Director of the Consumer Federation of America. We very much appreciate the opportunity to give testimony about the need for the Fair Credit Reporting Act to ensure accurate credit report information. Let me begin by saying that considering the challenges it faces, our credit reporting system functions relatively well. These challenges include keeping track of billions of important changes in the credit histories of nearly 200 million Americans, and doing so when the furnishing of information by lenders is voluntary. Yet these challenges have to be met because of the growing influence of this information and the related credit scores. Increasingly, these credit scores determine whether a consumer can purchase a mortgage loan, a consumer loan, auto insurance, homeowners insurance, a rental unit and utilities, and at what price; and increasingly, these scores influence whether Americans can obtain and retain a job. As well as being secure, credit report information and scores must be accurate. This is especially important for those millions of consumers near availability and pricing points. For those individuals, relatively small errors can mean the difference, for example, between credit offers and denials and between prime and subprime loans. Our research, for example, estimated that millions of Americans who should qualify for conventional mortgages are, because of inaccuracies, offered subprime mortgages instead. Here, it is important to stress that errors of omission can be just as damaging to consumers as are errors of commission. If credit files, for example, do not include a credit account in good standing or even just the related credit limit, the loss of points could be just as great as if the file included an erroneous 30-day delinquency. So what evidence do we have of the accuracy of the information in credit files? There are really two methods of usefully assessing accuracy. The first is observing consumer complaint behavior or surveying their experience. While useful in assessing consumer satisfaction, this method is not always reliable in assessing accuracy because of consumer lack of knowledge or inertia. The absence of consumer complaints, or even perception of credit report accuracy, could reflect numerous factors including lack of understanding of how to access or understand credit report information such as credit limits, or how to correct any inaccuracies. The second method is independent evaluation of the credit report information. An assessment by Government agencies or nonprofit organizations represents the most objective, unbiased type of evaluation. While these groups usually lack access to the credit files, during the past year, both the Federal Reserve Board and the Consumer Federation of America, in cooperation with an industry group, the National Credit Reporting Association, were able to assess the accuracy of information in many credit files. The Fed studied nearly 250,000 credit files from a single national repository, while CFA compared the scores from all three major repositories, reviewed more than 1,700 files in three regions of the country, and examined in great detail consistencies and inconsistencies in 51 representative files containing information from the three repositories. The findings of the two studies are generally consistent. Most important, both concluded that there was important information missing from many files that unfairly lowered credit scores. The Fed found, for example, that more than two- thirds of the files it studied contained at least one revolving account that did not include information about the credit limit. This error of omission prevents a determination of the level of credit utilization which would lower a consumer's credit score. After the industry provided a newer dataset, the Fed still found that the files of about one-third of people with a revolving account failed to include information about the credit limit. In addition, the Fed cited evidence that some creditors report only derogatory information. The CFA study also discovered the absence of much positive information from many files. The principal reason for the frequently wide variance in credit scores among the three repositories, which for 4 percent of consumers studied was greater than 100 points, was significant differences in the information contained in the three files. Errors of omission tending to lower credit scores included the failure to report credit limits on revolving accounts, revolving accounts in good standing, and mortgage accounts with no late payments. Less frequent errors of commission that we did detect, however, included the inclusion of an account not belonging to the consumer, a false collection, or a false indication of bankruptcy. One way that lenders minimize the risk of using inaccurate information in credit files is to use only the middle credit score provided by the three repositories. But in general, only first mortgage lenders consider all three credit scores. Usually second mortgage lenders, consumer lenders, insurers, and others use the scores of only one repository. If these scores tracked median scores, potential biases would be minimized--but they do not. The scores of one repository are far more variable than are the median scores of the three major repositories, and in addition, even the median scores reflect errors of omission and commission that could result in the unfair denial or overpricing of credit or some other important services. I have exhausted my time so I will save my recommendations for responses to your questions. Thank you. Chairman Shelby. Thank you so much. Mr. Pratt. STATEMENT OF STUART K. PRATT PRESIDENT AND CHIEF OPERATING OFFICER CONSUMER DATA INDUSTRY ASSOCIATION Mr. Pratt. Chairman Shelby, Senator Sarbanes, and Members of the Committee, thank you for this opportunity to appear before you again. I guess I am trying to compete with Mr. Beales in terms of how many times I get to come back. Chairman Shelby. We will probably get you back again if you will come. Mr. Pratt. Thank you, sir. We are the Consumer Data Industry Association, and for the record, I am Stuart Pratt, President and CEO of that organization, and we do commend you for holding this hearing on accuracy. Accuracy is the lifeblood of how the credit reporting system works, and I thought, Mr. Chairman, that what you said in the beginning was right on--the law says that maintaining an accurate credit reporting system benefits everyone, and in fact, I think Senator Johnson said the same thing in his opening remarks. Accuracy is dealt with in the law in a couple of ways. We have heard about that. Consumer reporting agencies have to have reasonable procedure to assure maximum possible accuracy. In 1996, data furnishers were included under the law for the first time, and they were also given an accuracy standard by which they must live. The marketplace drives accuracy for us, and it is one means by which we can try to measure the general success of consumer reporting. We have a better credit market than ever before, and we have safety and soundness well in hand, I think, and those are certainly good metrics, I think, by which to measure the general performance of the consumer reporting system in this country. The marketplace also drives the consumer reporting agencies to compete on accuracy. This is what lenders do. They look at us carefully, and they expect us to produce accurate reports, and they expect us to produce reports that will allow them in turn to allow the consumer to drive off the car lot with a car with nothing more than, really, a promise and the consumer report. There is no doubt that ``accuracy'' is a tough term to define. I think we circled around that a little bit in some of the previous testimony. For example, inaccuracy is, as Mr. Brobeck testified, missing information, or at least that is a term that has been applied to it. I think it is a good time to remind all of us that in fact the consumer reporting system is voluntary. We cannot compel any lender in the country to report information. So, of course, while we do have data acquisition people out there every day of the week trying to convince every lender in the country or every furnisher to report to that particular consumer reporting system, there is no doubt that there will be some missing information because a small lender may just choose not to report to any or may just choose to report to the one with which they are most familiar, and that can happen in the marketplace. There is also no doubt that some consumers, because of how calibrated the decisions become with scoring, desire their file to be almost instantaneously updated so that if they wrote a check in a given month and paid down a balance, they would love for that balance to be immediately reported to the bureau. Most lenders report on a 30-day cycle. It is voluntary. The three bureaus cannot force a lender to report on a more frequent cycle. So the file is accurate as of the date reported, but may not be accurate in the eyes of the consumer, who says, ``Well, my gosh, I paid something down.'' There are times when consumers misunderstand divorce decrees, there are times when consumers misunderstand how a court may make a decision about whether or not a contractual credit obligation is severable or not, and we do run into those sorts of perception issues with consumers and actually spent quite a bit of time with consumers on the phone when we look at their files, and they are looking at their files, talking to them about that. And there are times when consumers at the end of the day will say, ``You know, I guess that is right. That is how the law works. I may not be happy about how that law worked, but you are right in terms of my file; the information is accurate.'' We have tried to put some contexts that are more metrics- driven than all of this. For example, let us just set up a larger context. Two billion files are sold every year in this country, and interestingly enough, about 2 billion updates are reported to the credit reporting systems. There are 200 million consumer files in each of the nationwide consumer credit reporting agencies, and there are 30,000 data furnishers providing data into this system. Every year, about 16 million consumers obtain their file disclosure from the consumer reporting systems. That is the aggregate number for all three. That is their right under the law, and about 95 percent of those are free-of-charge. That is about eight-tenths of 1 percent of all files sold in the marketplace when you take that 16 million and put it into the context of how many files were sold. We do try to look at how consumers review their files. Sixteen million look at it every year. A little more than half those consumers never call us back. Our full statement for the record includes the fact that when you look at smaller populations, sometimes the contact rate--not the dispute rate, but the contact rate--is about 5 or 10 percent, which means that about 90 or 95 percent of the consumers who looked at these sets of files, as far as we can tell, thought that they were working well. We did look at the marketplace, in closing, and we asked some of our resellers, who are also members of the CDIA, to take a look at the mortgage marketplace. So, we had a review of about 189 merged reports--that is over 500 consumer in-files from the three national systems--and out of that, we asked them to identify when were they updated information to make sure it was as current as possible, and when was the data just absolutely wrong, and it was wrong as of the date reported. About 1 percent of the time, the data was wrong, at least in this study, and about 32 percent of the time, they were updating something in the record. I see my time has expired, and I appreciate the opportunity to be here and would be happy to answer any questions. Chairman Shelby. Thank you, Mr. Pratt. Mr. LeFebvre. STATEMENT OF RICHARD F. LeFEBVRE PRESIDENT AND CHIEF EXECUTIVE OFFICER AAA AMERICAN CREDIT BUREAU, INC. Mr. LeFebvre. Good afternoon, Chairman Shelby, Ranking Member Sarbanes, and distinguished Members of the Committee. My name is Richard LeFebvre, and I am President of AAA American Credit Bureau, a CRA reseller of consumer reports. I thank you for the opportunity to testify before you today on an issue that is fundamentally important to the American economy, as well as to individual Americans. The FCRA is a consumer statute--not an industry statute, as some would like you to believe. We are here to discuss accuracy, but first we have to define what an error is. An error is any misleading, incomplete, and/or outdated data which fails to convey the full and true picture of the consumer's credit reputation, credit risk, and creditworthiness. Accuracy comes in three facets--first, accuracy at the national repository level; second, at the CRA reseller level; and third, at the user level. This is explained in my prepared statement. Let me define rescoring. Rescoring is not credit repair. In a nutshell, rescoring is the updating of credit information that is in error, for a very large fee. This is not meant to say that all reports have inaccuracies and significantly reduce credit scores and increase credit risk. On repository error rates, the CFA/NCRA study, and a study that AAA conducted in 1999 through 2000 confirmed what we all knew. Please remember that these two studies only cover comparing data under 1681(e)(b) and not under 1681(i) reinvestigation. So the numbers would more likely be higher if a true reinvestigation were done. Industry will attack the study, but just remember that the two studies were conducted on consumers who were involved in a mortgage process, which many times is the better credit risk consumer. It astonishes me to this day how the same credit furnisher can report different information about the same account to all three repositories, but it is the common problem. Perhaps it is a ``Tower of Babel'' problem. CRA resellers stop performing. CRA resellers are supposed to follow reasonable procedures to assure maximum possible accuracy. This means that if any reseller sees differences in the reporting, they must verify the accuracy with the furnisher of the information to assure maximum possible accuracy. The reseller is now on notice that he cannot rely on the data coming from the repositories. The bar is raised to even a higher standard the minute the consumer disputes for a reinvestigation. The users of both GSE's must stop preventing CRA resellers from doing their duty under the FCRA. If not, consumers do not get the benefit of the bargain or the protection of the FCRA. If the FCRA requires CRA resellers to perform, but Fannie Mae and Freddie Mac will not accept that performance through their AU systems, then the FCRA is being undermined every day. Consumers cannot fight what they cannot see, and by not allowing transparency for consumers during the mortgage process by disclosing copies of their consumer reports, credit reports, and/or adverse action notices, we truly do not have transparency, at least on behalf of all consumers. Efficiencies in processing applications and increasing sophistication in credit underwriting rules should not be mistaken for assuring maximum possible accuracy. Indeed, automated systems must not be allowed to interfere with these requirements of the FCRA and/or the opportunity of consumers to dispute. For example, Mr. Smith applies to buy a home, puts into escrow his entire life savings as a nonrefundable deposit, as required in most real estate transactions. He knew when he checked his credit report 6 months ago that it was great; but now he finds out he is a victim of identity theft, fraud, or inaccuracies. This is where many times, consumers find out for the first time they are victims. He calls ABC reseller, who is prohibited from helping him under H.R. 2622, or currently in any AU system. This changes the FCRA and the FTC's consent order with Credco. So the consumer is faced with two options--first, walk away from the property he selected and lose his deposit because the real estate contracts do not allow refunds unless you have been turned down; or, second, he would take the subprime A-minus loan, which changes the rate considerably, the terms may require more down payment and may even include a prepayment penalty. This is a decision that consumers should not have to face when buying a home, which is many times the largest consumer purchase, their life savings and their future financial nest egg. Does the consumer deserve adverse action in this example? Yes. In closing, inaccuracy leads to higher rates and terms. It also leads to increased credit risk for new lenders, lowering consumers' creditworthiness, credit reputation, and harming the consumer and the lender who lost the chance to do a good loan. Lenders, the GSE's, and the repositories are taking away consumer choice because they are forcing consumers to check their credit files in advance, or buyer beware and/or be ready to pay extremely high fees for rescoring or higher fees and costs for a mortgage. It is a position that consumers should not have to face. All consumer reporting agencies are to assure maximum possible accuracy, or are we just giving lip service to the banking industry and to the consumer whom we are trying to protect? I thank you, Mr. Chairman, for the opportunity to testify and present my views, and I would be happy to answer any questions you may have. Thank you. Chairman Shelby. Thank you. We have about 50 seconds left on a vote, and there may be two votes. So, we are going to come back--I know I will--and we will try to let you two testify and then probably have some questions for the record. We will stand in recess until we can get back in a few minutes. [Recess.] Chairman Shelby. The Committee will come back to order. We will continue with our panelists. Mr. Jokinen, we welcome you here today. Your written testimony, as I said earlier, will be made part of the record. You can tell we are dragging the hearing on all day, but please sum up your pertinent points. STATEMENT OF DAVID A. JOKINEN SUGAR LAND, TEXAS Mr. Jokinen. Thank you very, very much. I appreciate it. It is not my desire to be here today, but I do have a story about being declared a ``dead man walking'' for over 2 years that I think is important. Chairman Shelby. You look alive today, though. Mr. Jokinen. Yes. On certain days, I have to check my pulse. Chairman Shelby. I want to hear your story. Mr. Jokinen. I have a little background information in my testimony that simply says that I have a dual master's from MIT and Harvard, and I have been a professor in Europe, so I am not unsophisticated in trying to resolve this, but it has taken me over 2\1/2\ years, and I still do not have it resolved. Chairman Shelby. Tell us what happened. Mr. Jokinen. Yes. My mother died on April 30, 2001. She was 95 years old. She had three credit cards with three different banks which I was a cosigner on, because at the end, her hand was too shaky to sign, and I was cosigner for her Social Security checks. I contacted all three banks immediately, sent death certificates, and said, ``Please, I will honor any bills that she has, but please clear this up. And since I was a cosigner, if it is agreeable with you, I would like to be able to use these as cards of my own after your time period--whatever you need.'' All three said fine. The Bank One card got cleared up in 2 weeks; People's Bank, a little company in Connecticut, got cleared up in 2 weeks; and Chase Bank has been an ongoing sore. Right now, I have two cards with me from the Chase account that is disputed, and I have two more cards at home that they keep sending me, with my name on them, and they have extended my credit on that account 10 grand--but I am still declared dead. So it is a case of the left hand at Chase Bank not even knowing what the right hand is doing. Chairman Shelby. Have you gone to the doctor lately to see if you are really alive? Mr. Jokinen. Yes. Every now and then, I have a checkup-- about as often as I read the credit bureau reports. But really, when it starts to hurt is when you go for refinancing--and you have talked about home mortgaging--and that is when I really discovered the problem. Chairman Shelby. Absolutely. That was our point earlier today. Mr. Jokinen. Yes, exactly. You have to get three bureau scores; but only one score showed up when I went for refinancing 2 years ago, much to my surprise. I said, ``Oh, what is going on here?'' I had no idea that this was possible. I grew up in the Midwest, and I honestly assumed that Federally regulated systems work. I read all the nice platitudes about the Fair Credit Reporting Act, and I said something is crazy here--this does not make any sense. So, I got a copy of the FTC rules, and I filled everything out and sent it in. I have done that 12 times in 2 years. Chairman Shelby. Twelve times? Mr. Jokinen. Twelve times, to the credit provider, plus to the three bureaus. There used to be a Book-of-the-Month Club-- now we have David's Death-of-the-Month Club. I have no idea from month to month whether I will have one bureau, two bureaus, or three bureaus saying I am dead. Sometimes none of them delcare I am dead that month. Chairman Shelby. And how many years has this been going on? Mr. Jokinen. Over 2 years. We used to have a 30-day rule that I heard about someplace. I am on the 714th day with this problem. I do not know where the 30-day rule applies. I have communicated with Chase Bank, in writing or fax, 12 times. It is such an obvious error that I have been able to get the staff at Chase and at the three bureaus--which I now call ``the Three Stooges''--to talk to me candidly because they know the story. They know it is so ridiculous on its face, that they start to tell me what is really going on in their own corporate back yards. So, all of a sudden, I am no longer naive. I have become very wise--or battle-scarred, I should say--as to what really goes on. A mortgage banker friend of mine 2 months ago said, ``David, before the rates go up, you have got to get your house refinanced.'' So he found a sophisticated lender to whom I explained the whole story of the Death-of-the-Month Club. He said, ``Well, we have to get a letter from the Federal Government saying you are alive.'' I said, ``How do you do that?'' He said, ``That's our problem. We'll figure it out, and you just do it.'' Chairman Shelby. How would they know you are alive? Mr. Jokinen. Well, I will tell you the story--I have the letter right here--I did not include it in my report. Chairman Shelby. Go ahead, sir. Mr. Jokinen. What happened was that particular month, I had two credit bureau scores that we could not get. The idea was that since the secondary market is now controlled by Freddie Mac and Fannie Mae with guidelines, if they got somebody from the Government to say that I was alive their underwriters would approve my loan. This is like the old story about Santa Clause having the post office endorse him for being alive, that old ``Miracle on 34th St.'' movie classic from years ago. They said why don't you go to the Social Security office-- because I am older than 65. They know me down there. I walked into the Social Security office and said I would like a letter saying I am alive. They looked at me totally nonplussed. It kept going higher up their management ladder until finally, the office manager in the Houston office came and said, ``It is not in our Federal handbook how to do this. Do you mind if I call Washington?'' I said, ``No. I can stay here all day.'' That man from Washington wanted to talk to me to make sure that I was a live person talking. Afterward, they started laughing, because it just became obviously ridiculous. So, I now have this letter from Social Security--which they said they had never written before--saying that I am alive. I did not put it as part of the evidence, but I think it is a classic document. Chairman Shelby. It is good. Mr. Jokinen. I got my mortgage. Chairman Shelby. Can you furnish a copy of that letter for the record? Mr. Jokinen. Oh, yes, sir, absolutely, absolutely. So, I finally got my mortgage. When I look at my out-of- pocket costs, hard dollars, it is about 250,000 hard dollars that this credit mistake has cost me in the last 2\1/2\ years. Chairman Shelby. Two hundred fifty thousand dollars. Mr. Jokinen. Yes, sir, yes, sir. Chairman Shelby. Oh, gosh. Mr. Jokinen. Yes. And I have documented that in my written report as far as where it went. And then, the emotional truama--my mother was the longest living tuberculosis victim from World War II who lived on half a lung. She was in a TB sanitarium for a couple years when I was a little kid in elementary school. I did not see her for 3 years. She had one lung removed; this was called the ``pneumonectomy,'' and it was a standard medical procedure back then. They do not do it anymore; it is rather barbaric for a medical procedure. But when she was being released, the doctor said, ``Mrs. Jokinen, you have about 2 to 5 years of life-expectancy, because you will now be overworking the other remaining half of your lung with your whole body's use. It wears out very quickly. That is what the survival averages are, and we just want you to be aware of that.'' She looked at the doctor and said, ``Sir, I will decide this matter with my maker, and just because you have `M.D.' after your name does not mean that you are going to tell me when I am going to leave this earth.'' When I contacted the TB Association and the American Lung Association, they had never heard of anybody living that long with half of a lung. They are now checking the world records. They have told me that she probably outlived anybody. But at the end, she had a couple of years where she was really in pain, coughing up blood, living in a wonderful nursing home. I relived her agony every time I get a notice that I am dead this month. I go through this sad memory, and it is really excruciating--I can feel my bones shiver. Chairman Shelby. There has to be a better way, doesn't there? Mr. Jokinen. Oh, I think so. And I am at your mercy to do so. I made a suggestion as to how to solve the problem. Chairman Shelby. Go ahead, sir. Mr. Jokinen. To me it is a very simple problem to solve. When I started getting the real story from the back office of ``the Three Stooges'' and Chase Bank, their own people told me what would stop this ridiculous stuff. It is a faceless, nameless person to whom you ``The Consumer'' talk to. You never have that person's name the next time you call in, the consumer contact staff at Chase Bank and the 3 credit bureaus said, ``We have to be made accountable, but nobody in management wants to do it.'' So, I thought about this process when I was asked to come here. I have been a stockbroker licensed by the NASD and the SEC. That is what this FCRA needs. What I suggest is that the FTC or somebody stronger than them have the same power that the SEC has. Take this credit industry and make a self-regulatory agency within the industry; and paid for by the industry. Every human being who has contact with the consumer must be trained. They are not licensed or trained professionally at the moment. I asked them what their backgrounds were. Once they are licensed, they must also take continuing education programs. If they are licensed, they can lose their license to work in that industry. Not only will they be individually licensed, but also the three bureaus and all the information furnishing people and companies will be licensed. This is a much more precise and easy way to enforce accuracy. What we have now is industry promoted fairy tales. I feel the ``Fair'' Act is a ``fairy tale'' Act. It has wonderful words, it sounds great; but 95 percent of the players do not follow it. There are no teeth in the existing Act. I am just trying to create a sense of consumer accountability. It is a real simple and inexpensive solution. Thank you so much for your time. Chairman Shelby. We appreciate your experience, and I believe you are alive, too, sir. Mr. Jokinen. Yes, last time I looked. Chairman Shelby. Mr. Hendricks, thank you for your patience. We also thank you for what you have done over the years. STATEMENT OF EVAN HENDRICKS EDITOR AND PUBLISHER, PRIVACY TIMES Mr. Hendricks. Thank you. I want to start by thanking my Senator from Maryland, Ranking Member Sarbanes. Chairman Shelby. Absolutely. Senator Sarbanes has another meeting, and I do not know if he can get back, but he wanted to express his regrets. Mr. Hendricks. It was a kind introduction, and over the years, he has made us proud by consistently doing so well for our State. And I have to thank you, Mr. Chairman, because you are giving hope to the American public that we might actually make some improvements in the system that has such a deep and profound impact on their lives, so thank you for your leadership. Chairman Shelby. I will tell you, Mr. Hendricks, you can tell from the record we are building, and both sides of the aisle, Republicans and Democrats on this Committee, that we are going to make some changes. We are going to make some good changes, and I think it will be good for industry, and it is going to be good for the American people, because it is too important to ignore. I think Mr. Pratt, Mr. Brobeck, all of you, would think that. Now the question is to do it, and as Senator Corzine, Senator Crapo, Senator Allard, Senator Enzi--we all want to do it right, and this is the time to do it, is it not? Mr. Hendricks. Oh, we could not agree more, and you being in this position reaffirms my faith in God. Thank you. Chairman Shelby. Oh, do not go that far. [Laughter.] Mr. Hendricks. Well, we have miracle of credit, and we have the FTC Chairman granting other miracles, and thanks to Mr. Jokinen, because he can show us that just because thousands of lives are being ruined, we can still have a few good laughs, too; right? Chairman Shelby. He has the humor; he has not lost that, so you know he is alive. Mr. Hendricks. Yes. Let us walk through the accuracy problem. In a practical sense, accuracy is not necessarily the priority of the credit reporting system. The credit bureau's job is to make sure they do not miss anything in your credit history, because if they disclose a credit report, and they miss something bad, the credit granter will blame them. So, they have to maximize the amount of information they possibly disclose about a consumer, and to do that, they use what is known as partial matches--partial matches of names, partial matches of Social Security numbers. This can work, and it can also be a major cause of inaccuracy. At the end of my testimony, I printed out some examples of how Judy Thomas of Klamath Falls, Oregon was mixed with Judith Upton of Stevens, Washington, because their Social Security numbers were one digit different, and the algorithm just assumed it was a mistake and they were the same person. Myra Coleman of Itta Bena, Mississippi was mixed with Maria Gaytan of Madera, California. The person had used Ms. Coleman's Social Security number, so it was an exact match on that, and that wiped out all the differences in their names and locations and allowed Ms. Gaytan to basically have a joyride in an identity theft situation. It is maddening when they mix files; it is more maddening when they cannot seem to unmix them, and that gets us into the reinvestigation and the problems with---- Chairman Shelby. Excuse me. Why can't they unmix them--and we have heard stories here last week, 2 weeks ago. Go ahead. Mr. Hendricks. There are several reasons. One, I think the volume of these partial matches creates such great volume--and if Senator Bennett were here, he would hear me say that there are approximately 7,000 to 10,000 disputes a day at a credit bureau. Capital One has seen its disputes go from 1,000 a day 18 months ago to 4,000 a day currently. That creates volume. So they have to create an automated system to deal with this, and the automated system boils down to the person you described at the credit bureau, reducing the dispute to a two-number or two- letter code that they transmit--let us say Judy Thomas writes in and says ``This is not mine; I never had a credit card with you''--and the credit bureau then, instead of relaying all the relevant information, just transmits a two digit code to say, ``Consumer says not mine.'' The credit granter then responds with a code to the credit bureau saying, yes, we reported that Judith Upton was responsible for this account, and then the credit bureau says it is ``verified as reported.'' That is how they define a ``reinvestigation,'' and that is how they define ``verified.'' So, it is extremely problematic, and that is why this loop continues. And also, in terms of why does information get reinserted, when the subscribers or their furnishers submit their tapes every month, again, the credit bureaus use many of the same algorithms, and those algorithms will throw the information back into the file, unbeknownst to the consumer. The thing about the system is that the credit bureaus to my knowledge have an official policy that if you sue or you threaten to sue, you get priority status. So, we have created a system where pretty much if you want to get your credit report corrected, and you have a situation like this--and many other consumers have--you have to litigate. That is why we think we need to have minimum statutory damages per violation, the right to go to small claims court and stay there, and a catalyst theory for attorney's fees. And also, the FTC has now endorsed the reinvestigation duties extended to the credit granters. The thing about damages is that every time they get into court and hear the story about Mr. Jokinen or people like him, the credit bureaus say, ``That is too bad, but you were not really damaged.'' So there are a lot of things we can do to specify what every Committee Member here has said, that this is extremely damaging to people. Another good study that Mr. Brobeck cited is the Federal Reserve Board study which said that they could not rely on credit bureau data to predict the economy. But the Federal Reserve Board said, ``What do we do about this?'' Well, we can improve access to people's own credit reports and consumers have to be more vigilant about access. That is why the free access one per year is a good idea, but I think we can take it to the next level. I think we have to have the goal of plugging people into their own consumer reports the way that all the credit granters are plugged into all consumer reports. And the good news is that the credit reporting agencies have created the infrastructure for this with their monitoring and alert services. The bad news is they charge excessively for it--$80 to $120 a year to sell back to you your own data--but the advantage of this kind of system is fantastic, because it reduces the cost of getting notice and a bunch of other things which I will not go into. But I think also here is a win-win in Mr. Pratt--may I call you Stuart---- Mr. Pratt. Stuart is good. Mr. Hendricks. --okay--this is where we can actually get a win-win, because if they have a million people paying $80 a year, that is $80 million; but if we get 30 million people at $10 a year, that is $300 million. And then they can hire enough dispute handlers so they can have a better dispute process. So, I think there is clearly a win-win here, and I think the Act can do this by capping the price of these services just as it does the price of a credit report. In conclusion, I would like to say a note about the prescreening issue. I think Senator Sarbanes cited our study from Privacy Times from a few weeks ago, that now we know criminal gangs are systematically targeting mailboxes and stealing mail for preapproved credit offers, convenience checks, whatever personal information they can get. If they cannot turn the instrument into cash itself, they sell the information to a fence. I talked to five postal inspectors. It is very authoritative stuff and very scary. I think now that the FTC has demonstrated that the Do Not Call Registry is something that is very important to Americans with junk phone calls, I think the next thing we have to look at, and that we recommend, is that we need to have a ``Do Not Mail Me Financial Data and Offers Registry'' for people who know they do not want the risk of having their mailbox hit. So just strengthening the preapproved, prescreening process is important, but I think we need to take it to the next level to handle the problem. Thank you. Chairman Shelby. I thank all of you for your testimony. I am going to ask some questions now--and you can tell we are really pressed for time--and then we are going to have a number of questions for the record that I hope we can submit to you. Mr. Pratt--as fast as I can go--you provided a lot of information to the General Accounting Office that touches on inaccuracy in consumer disputes. From this submission, I have not been able to make out any definitive information with respect to the total--yes, total--number of disputes consumers lodged with the three big credit repositories. Is the number the same as the 16 million file disclosures that are made each year, or is it something more, something less? Could you tell us quickly the total number of disputes that are made to the credit bureaus--and when I say ``the total number of disputes,'' for the record, we want you to include disputes made over the phone, through the Internet, through the mail, and by way of other means by which consumer dispute communications can be made. Can you answer that now, or do you want to answer that for the record? Mr. Pratt. I think because of the particular detail of the question--there are many parts to it--I would like to answer in writing for you, Senator Shelby. Chairman Shelby. That would be good. Mr. Pratt. But Mr. Chairman, just very quickly, out of the 16 million consumers who look at their files, we estimate that probably a little less than half of those consumers pick up the phone and call us back. You have seen some populations in our testimony where we said people who looked at their files--many of those consumers are adverse action consumers; 84 or 85 percent of the files we issue for adverse action, which is one of the reasons why you can get a free file. So the rate of calls seems to be higher, because I think a lot of people call so they can ask, ``Why was I declined?'' So, we do educate consumers, and I am drilling down to try to get you a better number on that, and we will be happy to do that. I recognize that in our testimony, we are not absolutely black and white. We did try to drill down and say that we get about half again as many calls, and then--it depends--25 to 30 percent are disputes, and then the nature of those disputes, and as we have said before in our testimony, disputes do not always equal inaccuracies. Disputes are sometimes actually about information that is accurate as to the time reported--but I would like to get that updated a little bit. Chairman Shelby. But it seems to me that whether you represent industry or consumers, or just a citizen consumer like most of us, that the key to all of this is the accuracy-- what goes in and what comes out has to be as accurate as we can possibly make it to improve the system. That is in the interest of the industry as well as, but ultimately, it affects the consumer greatly. Mr. Pratt. There are instances where--and obviously, I have had a couple of conversations with Mr. Jokinen and similarly with Captain Harrison when he was here as well--those are learning moments where you learn something about the system. There are some contexts that I could share with you about some of that along the way, but there is no doubt the goal is learn from that, Mr. Chairman--not to simply say, well, gosh, that is one instance, and let us just move past that one. Chairman Shelby. That is why we are holding these hearings for the record, because we have never done it before. Mr. Pratt. Yes, sir. Chairman Shelby. Would everyone agree that an error as significant as yours, as to whether or not a person is alive or dead, should be quickly recognized and permanently resolved-- yes or no? Mr. Pratt. Yes. Chairman Shelby. Everybody says yes. Mr. Jokinen. Yes. Mr. LeFebvre. Yes. Mr. Pratt. May I just add--if we can verify it. We were last year in hearings-- Chairman Shelby. There has to be a way to do it and do it quickly, though, doesn't there? Mr. Pratt. If we can do it quickly. Let me just add that one of the keys--and I am not at all denigrating in any way or trying to in any way reframe Mr. Jokinen's testimony. Chairman Shelby. It has to be difficult. He is well- educated. Mr. Pratt. My gosh, yes, a lot more than I am. Last year and in the year prior, with September 11, we were asked why could a Social Security number still be used when it was part of the death master file of the Social Security Administration. So then we had hearings on the death master file, and we heard about how the NTIS could escalate the data to us, and then we learned that State agencies do not report data quickly enough to the Social Security Administration. One of the challenges for us is to be able to pull away the wheat from the chaff and make sure that we absolutely get it right the first time with Mr. Jokinen and then also absolutely get it right when the Social Security number should not be in circulation. Those are the two challenges. Chairman Shelby. Mr. Hendricks and Mr. Jokinen, quickly, what do you think--and I know you have already made some statements--what do you think it says about a system such as ours today that reports an obviously living person as dead, and then you cannot get the error corrected? Mr. Jokinen. I even asked Chase on the phone if they could prove that I was dead. I can prove that I am alive. And I asked them if they had a corpus delicti in a coldroom someplace, because I would like to come and match fingerprints, because I have been fingerprinted for 40 to 50 years, with all kinds of files, and they are always the same, so what do they have? Chairman Shelby. A writ of habeas corpus would produce a body, wouldn't it? Mr. Jokinen. Yes, that is right. Chairman Shelby. If you were breathing, you would be all right. Mr. Jokinen. Yes, exactly, and it got to that point, and still they did not correct it. Mr. Hendricks. And Senator, I think it raises serious concerns. The truism is circulating that this is the best system, which it is, or as Churchill said, ``the worst except for all the rest.'' I am seeing signs of breakdowns like this on such a regular basis that I think we need a really deep, drilled-down look into the accuracy problem, and you have to wonder if there is a correlation to skyrocketing bankruptcy. Aren't these systems supposed to predict that so we do not have it, yet from the mid-1990's on, the bankruptcy rate has really gone up, and we need research on that. Mr. Pratt. Again, I would just like to add that in our testimony, we talk about how 16 million consumers look at their files every year, and less than half of them ever call back. So one of my concerns is about the difference between how we learn from certain patterns or even individual experiences, and the difference between that and the performance of the industry on a day-to-day basis, a week-to-week basis, a year-to-year basis in terms of how well the system does work. You do not have to try to reconcile those, because each is true. We need to learn from those individual experiences and make changes and improvements. And every year, the industry at the association level, through data format standards, which can be changed--for example, bankruptcy issues, Evan, that you raised in your testimony, the new format allows for better, more precise reporting. Some of that cannot be anticipated--we cannot be absolutely prescient about the future--so it is evolutionary, and you change over time with that thing. Now, if we could get everybody on the new format, we would have better data than the data on the old format. I think Richard would agree with that as well. Mr. LeFebvre. Absolutely. Mr. Pratt. But it is a voluntary system, and there are certain aspects of this, Mr. Chairman, that we can control. We cannot have access to the Social Security Administration--there are lots of good reasons for that--but that would allow us to authenticate whether or not somebody's Social Security number is really correct. Chairman Shelby. Then we would need IRS records, right? Mr. Pratt. It is dangerous to ask for access to a lot of Government data. Chairman Shelby. Resellers see each report that the big three bureaus prepare on consumers. This provides them a unique vantage point to get an understanding with respect to the accuracy of reports. The Banking staff contacted some resellers to get a sense as to some of the issues they come across. In a period of less than a week, the resellers found 13 files that contained inaccurate, delinquency information. Correcting these inaccuracies resulted in FICO score changes that ranged between 6 and 80 points. They found 13 files that required correction of information related to bankruptcy filings. These corrections resulted in FICO score changes that ranged from 18 to 108 points. They found a file with a fraudulent credit card account that, when removed, resulted in a 105-point FICO score increase. While these are some anecdotes collected over a limited period of time, the results are interesting. From your experience, sir, how representative do you think these reports are? Mr. LeFebvre. Senator Shelby, I was one of the first resellers back in 1998 who was allowed to rescore. In 5 years, the numbers that you have quoted are absolutely right on, if not higher. If you can remove the inaccuracy or get all three bureaus to agree on the same thing, scores dramatically go up. The more recent the inaccuracy removed, the more positive impact it has. Chairman Shelby. If the consumers whose credit reports I was referencing containing these errors had not been trying to obtain, let us say, mortgages on their homes or business, and had not had merged files prepared, is it likely they would have come across these errors? Mr. LeFebvre. Absolutely not. Chairman Shelby. Mr. Pratt, I want to come back to you again. In your written testimony, you indicate that--and I will quote--``Accuracy of reports is elemental.'' That is true. It is elemental. The whole system requires accurate reports. We all, I think, agree to that. Later in your testimony, Mr. Pratt, you indicate--and I quote again--``We could do an even better job if everyone used our newest data standard and also if every one of the 30,000 furnishers of information would also use the online system for processing consumer disputes.'' I believe those were your words. Mr. Pratt. Yes, sir. Chairman Shelby. I assume that by ``we,'' you mean the credit repositories. Mr. Pratt. Yes--although when you look at-large at the community of furnishers who are providing data, I do not think you would find a single executive in a company who will say, ``My goal is to report bad data'' or to declare somebody dead. But in the bigger picture, yes, the more we can run through the automated process--and I think Evan has made a couple of comments about one of the challenges of automation is that you have to automate, you have to communicate--in fact, the law required in 1996 that we build an automated system under FCRA to allow for error correction so that I could correct my error just once. It used to be historically that I could correct it in one file, and then it would be in another file, and I would not find out until later. So one of the challenges was to--and, in fact, lenders were obligated to report corrections to all nationwide consumer reporting agencies--it is always a challenge to try to convey with absolute precision the nature of the consumer's dispute, at the same time to do it quickly, at the same time to get it done in 30 days, and at the same time to handle---- Chairman Shelby. Quickly and accurately. Mr. Pratt. Yes, sir, quickly and accurately--do not work coterminously all the time. We do have that challenge of doing both, yes, sir. Chairman Shelby. By the word ``better,'' I also assume you mean more accurate. Mr. Pratt. We definitely could be more accurate if that were the case. Chairman Shelby. Okay. Mr. Brobeck, I have raised the issue that we do not have a firm handle on the true level of accuracy in the system at this point in time. While your study provides--and I thought your study was very interesting--a sense of where things are right now, don't we need to be better-informed about this issue in the future? Mr. Brobeck. Yes. We know that at least a significant minority of consumers can be adversely impacted by inaccurate scores, even annually. We cannot at this point assign a specific number-- Chairman Shelby. An inaccurate score will cost you over time possibly hundreds of thousands of dollars. Mr. Brobeck. Yes, sir, it could--if, for example, you purchase a subprime mortgage instead of a conventional mortgage, it could cost you well over $100,000. We would agree with the recommendation that a Federal Agency, perhaps the FTC, should be given the authority and the responsibility to continuously monitor this issue and also assume some responsibility for reviewing the dispute resolution process. Chairman Shelby. I think it is very, very important. Gentlemen, we have a lot of questions, as I said, for the record as we build this record. And I think we have a great opportunity here in the Banking Committee, here in the Senate and the House, to put together a comprehensive bill that will be good for the economy, that will be good for the financial services industry, but will be good for the American people. Mr. Jokinen. Mr. Shelby, if I may. Chairman Shelby. Yes, sir. Mr. Jokinen. This has been the best day I have had in over 2 years. Thank you. Chairman Shelby. Thank you--and I want to say this--I will sign an affidavit--I believe you are very alive. [Laughter.] Chairman Shelby. The hearing is adjourned. [Whereupon, at 1:12 p.m., the hearing was adjourned.] [Prepared statements, response to written questions, and additional material supplied for the record follow:] PREPARED STATEMENT OF SENATOR RICHARD C. SHELBY This morning, we take up one of the most important issues, if not the most important, associated with the FCRA: The accuracy of the information contained in consumer credit reports. Changes in our financial services industries have made accuracy more important than ever. Credit report information is increasingly used as the key determinant of the cost of credit or insurance. By way of risk-based pricing, gone are the days when lenders merely lumped borrowers into the ``qualified'' or ``unqualified'' category. The use of risk-based pricing allows lenders to extend credit to a broader range of borrowers predicated on the assumption that borrowers receive credit terms which are commensurate with the credit risk they pose. As a result, credit report information has a direct impact on the amount and the interest rates at which credit is offered. With respect to large credit transactions, such as mortgages, rate differences can translate into hundreds of thousands of dollars over the course of a loan. Even in smaller dollar credit transactions, such as credit cards, rate differences can mean large amounts of money. Furthermore, with the practice of credit card companies reviewing credit reports and adjusting rates in real time becoming more prevalent, the application of risk-based pricing to consumer finances is practically an every day event. Let me try to further illustrate these points. This first chart provides some rough indication as to the effects that particular entries on a credit report can have on a person's credit score or credit worthiness. As is indicated, some entries, such as a bankruptcy filing can greatly reduce a person's credit worthiness. There is nothing wrong with this; consumers who have failed to pay their debts DO pose a considerable risk to creditors. But what if a bad rating is based on inaccurate information? What if you had never been bankrupt and such an item appeared on your credit report? The second chart highlights the spreads in interest rates that people with differing credit scores would pay for some sample products. As the chart shows, the differences are very real. So are the financial consequences. Consider the cost differences for a $200,000, 30-year fixed mortgage. A borrower classified as a ``marginal'' risk pays almost $90,000 more in interest than someone with an ``excellent'' credit rating. Someone classified as a ``poor'' credit risk would pay $124,000 more in interest than the person with ``excellent'' credit. Credit rating matters for other transactions as well. Someone financing a $24,000 new car with a ``marginal'' rating can expect to pay 127 percent more in interest (about $3,300) than a person with ``excellent'' credit. Someone with ``poor'' credit can expect to pay 255 percent more in interest (about $6,700). Again, what if the information that leads to a bad credit rating is inaccurate? With the rewards for good credit so meaningful, and the penalties for bad credit so severe, it is absolutely critical that credit reports accurately portray consumers' true credit histories. Thus, the focus of today's hearing--examining the FCRA and the operation of our credit markets to determine whether or not the present system provides optimum accuracy. With a system as large and complex as ours, involving the transfer of billions of pieces of information, it is almost a certainty that there are going to be some errors which occur. On the other hand, the credit reporting agencies are paid to properly handle the data. And furnishers, who also happen to be the largest consumers of credit report information, take advantage of the efficiencies provided by the system. Both derive significant benefits from this system. Both also have a significant responsibility to get things right. So let us consider: How and why do errors occur in credit reporting? Can more be done to prevent errors in the first place? If some errors are not preventable, does the system enable them to be quickly recognized? Who most efficiently recognizes them? Once recognized, does the system work to ensure that errors are quickly corrected? I look forward to examining these questions with the witnesses. <GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT> <GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT> PREPARED STATEMENT OF SENATOR CHRISTOPHER J. DODD Mr. Chairman, I want to thank you for conducting this hearing. Accurate credit reporting is essential to the proper functioning of our credit system and to the financial security of American consumers. Your strong leadership on this issue is greatly appreciated. Since its enactment in 1970, the Fair Credit Reporting Act has provided the framework within which our credit system has flourished. The vast majority--more than 75 percent of all U.S. households, I am told--participate in credit transactions that are likely to be the subject of credit checks and credit reports. If it weren't for the ability of credit issuers to quickly determine a consumer's creditworthiness, there is no doubt that less credit would be available to American consumers in general and the economy would suffer. Our modern consumer reporting system serves a purpose that benefits both consumers and businesses. However, to say that something is useful is not to say that it cannot be improved. The credit reporting system can be improved and I look forward to working with my colleagues to identify the best ways to ensure that credit reports do not contain avoidable errors. What is at stake is too important. Consumer's financial lives can literally be in the hands of the credit reporting agencies and the creditors who provide information to those agencies. I believe consumers have a right to expect that the information compiled about their financial dealings will be as accurate as is humanly possible. People will make mistakes-- we recognize that. But consumers must have a clearly articulated remedy for correcting errors when they to occur. A few weeks ago, we heard from a witness named John Harrison, a retired Army Captain from Connecticut who was the victim of identity theft. His credit reports very clearly contained erroneous information, misinformation that was deliberately planted there by a criminal--but Captain Harrison found it very difficult to get the bad data out of his reports. He was required to spend hundreds of hours and eventually had to leave his job because trying to clean up his credit was taking so much time. That is wrong and we need to fix that problem. I am encouraged by some of the Treasury Department's recent recommendations to strengthen the consumer protections contained in the Fair Credit Reporting Act. I think, for example, that the Department is right to suggest that consumers should have access to free copies of their credit reports and credit scores so they can identify problems for themselves. I also agree that we need to strengthen protections against fraud, identity theft, and the misuse of consumer credit information. Mr. Chairman, thank you for bringing this important issue before the Committee. Again, your leadership is greatly appreciated. I look forward to hearing from all of our witnesses, and I thank them for being here today. ---------- PREPARED STATEMENT OF SENATOR DEBBIE STABENOW Thank you, Mr. Chairman. Let me begin by saying that I appreciate the very thorough and methodical approach you have taken to examining the Fair Credit Reporting Act. I believe it is important that we move in a timely fashion to extend the expiring provisions of the Act to ensure that our credit system remains the envy of the world. But, I also strongly believe that we must be open to necessary modifications and improvements in the Act. We have an important opportunity to look at what has worked and what hasn't and to respond to changes in technology, our economy, and our ever-evolving understanding of consumers' needs. Today, we are going to be examining the issue of accuracy of credit reports. In many ways this is the linch pin in the entire credit- granting system. If we cannot assure that this information is correct, it could cost consumers thousands and thousands of dollars through improperly inflated interest rates. It is, therefore, absolutely imperative that the companies who furnish credit data be certain that the information they keep on all of us is accurate. In addition, when that information is not accurate, consumers need a quick and easy resolution process. In a fast-paced society like ours, unnecessarily long delays in correcting inaccurate credit reports have profound consequences. They can lead to denial of a mortgage to buy a home or the steering into a subprime loan. They can lead to the inability to get a credit card or an unwarranted increase in interest rates on an existing credit card. They can also create reduced work productivity and extreme stress as consumers must take off work and spend countless hours trying to correct mistakes that occurred through no fault of their own. I believe that it is important to ensure that consumers have fair and expedient means to address inaccuracies in their credit reports, and I look forward to hearing some of the solutions proposed by our witnesses today. Let me also take a moment, Mr. Chairman, if I might, to say that as we prepare to mark up FCRA legislation, one other thing that I believe is absolutely essential in enhancing the way our credit system works is elevating the financial literacy of America's consumers. While laws and regulations can protect people, one of the most powerful weapons we have to protect ourselves from fraud and inaccurate information about our finances is education. I want to work with all of my colleagues to ensure that, as part of this process, the Federal Government is taking steps to improve its efforts on financial literacy. Again, I commend you and the Ranking Member, Senator Sarbanes, for your leadership on this issue. I look forward to hearing from our witnesses today and working with all of my colleagues to ensure a timely reauthorization and improvement of the Fair Credit Reporting Act. Thank you. ---------- PREPARED STATEMENT OF SENATOR WAYNE ALLARD I would like to thank Chairman Shelby for holding this hearing on the accuracy of credit report information and the Fair Credit Reporting Act. I am sure it will be a helpful part of our ongoing work to reauthorize FCRA. Americans have unparalleled access to goods and services, much of which stems from the fact that we have the most successful consumer credit system in the world. The Fair Credit Reporting Act has been instrumental in expanding the availability of consumer credit, which has in turn played a vital role in the U.S. economy. The 1996 Amendments improved FCRA's framework, allowing the free, fair, and accurate flow of consumer data. It is now important for us to evaluate and assess the successes of, and possible improvements to, this important legislation. Examining the accuracy of credit information may be one of the key issues that we consider. Inaccurate information is, perhaps, even more problematic than no information, for both consumer and lenders. It doesn't matter if FCRA allows quicker, easier, simpler credit decisions if it yields the wrong decisions. Further, an inaccurate record of one's credit history can make even the most simple financial transaction or inquiry burdensome or even impossible. Consumers deserve to have their credit history reflected accurately, and credit furnishers and credit reporting agencies have the obligation to provide and report accurate information. While there may be things we can do to improve the accuracy of the credit reporting system, we will realistically never reach a state of absolutely no errors. I believe that one of the strongest antidotes to errors is an informed consumer. In particular, I believe that consumer access to credit reports and credit scores will help catch the inaccuracies that occur. I was pleased to join with Senator Schumer in introducing the Consumer Credit Score Disclosure Act of 2003 earlier this week. Our bill would allow mortgage applicants to receive their credit score, along with other information such as specific factors that adversely affected their score. This information will help consumers better understand the importance of accuracy in the credit reporting process. I would encourage my colleagues to take a look at the bill and consider adding their name as a cosponsor. I look forward to hearing from our witnesses today on ways to enhance our current system and ensure the accuracy of people's credit information. <GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT> PREPARED STATEMENT OF DAVID A. JOKINEN Sugar Land, Texas July 10, 2003 Mr. Chairman, Ranking Member, and Committee Members. Thank you for allowing me to appear today. I will share with you my 2-year nightmare of being declared a ``dead man walking.'' It is a little harder to get credit when the depositories report you as ``deceased.'' Personal Background I am a self-employed suburban businessman running my own real estate development firm. I am 67 years old. In the past, I have been a guest professor at 2 european universities, plus two graduate schools here in the States. I authored 3 books on engineering and architecture. They were published in Holland. I wrote them in a foreign language. I have also been an urban affairs/town planning consultant to numerous Governments in Canada, Europe, and the United States. I have also been a senior executive with a major department store chain. For the last 35 years, I have been a self-employed businessman. The Day My World Turned Upside Down My 95-year-old mother passed away on April 30, 2001, in a Houston nursing home. I later discovered that because of a clerical error I also ``died'' that day. My mother had credit cards with 3 banks, (Chase Bank, Bank One, and People's Bank). I was also a signer on all three cards. Within 24 hours of her death I called all 3 banks to say I would honor my mother's bills; and would send them each a death certificate as soon as I got it. Two weeks later, I contacted all 3 banks to verify they received their copy of mom's death certificate. I also asked if it was now ``okay'' for me to begin reusing their card solely in my name. All 3 said ``fine.'' Much to my surprise, I received a form letter from Chase Bank, 1 month later, asking for a copy of mom's death certificate. I called and asked Chase Bank what they did with both the hard copy I mailed and the fax copy I sent weeks earlier. They casually said, both probably got lost in their huge filing system. Could I resend them another? This cavalier attitude prompted me to formally ask Chase Bank for a written confirmation that they had removed my mother's name and her Social Security number off this Chase Bank Visa card. I made that request more than 2 years ago. I have still not received their promised written confirmation. How long should I wait. Five months after mom's death, Chase Bank did send a different form letter. It said I was now the sole name on this Visa card. They also sent me 2 additional cards, (for this account) with my name on them, why? I do not know? I never asked for them? Both, Bank One and People's Bank had sent me their letters more than 4 months earlier. Cascading Consequences of One Clerical Error Suddenly, this whole other world of credit bureau problems came crashing into my life. After some detective work, I discovered Chase Bank was the sole culprit reporting me dead to all 3 credit depositories. They ``mixed up'' my mother's death with my Social Security number. The 3 bureaus seemed to have embedded this error in different locations on their recirculating data loops. It seems that on each different month my death notice shows up from a totally different depository's report. They seem to be playing a perverted version of the ``book of the month club.'' Only now, it is ``David's Death of the Months.'' It was becoming ghoulish. The whole thing was starting to send chills down my spine. Two Out of Three The first time we noticed that 2 credit bureaus had declared me ``deceased'' on the same month was later in the fall of 2001. Mortgage interest rates had been falling dramatically, so my wife and I decided to refinance our house. The mortgage broker called back a few days later, and said, ``We have a strange problem.'' Only one bureau gave her a credit score. Experian claimed they could not calculate a Fair Isaac score because David was dead. Equifax said their Beacon score was not available because the subject was deceased. Today, without 2 out of 3 credit scores, no one gets a residential mortgage, we certainly did not. I immediately purchased copies of my credit reports from both bureaus. Both showed Chase Bank reported me dead on one Visa Card. Ironically, I was still alive as far as my other Chase Bank credit card with them was concerned. I followed the FTC printed consumer guidelines for correcting these errors. I mailed in my corrections and waited 30 days. I then purchased new copies of my reports from both Experian and Equifax. I naively expected them to be clean. When the same dirt was still there, I called both bureau's and said ``Hello people, I am really not dead.'' Help me correct this. Both bureaus said the same thing. ``They had forwarded my complaint to Chase Bank, and Chase has not responded.'' I asked what is next? They said case closed. They harshly explained that I, as a little consumer, was not their client or customer. I was just another number for them to make money off. In this case, their client was Chase, (a rich bank); and their customers were all the other banks, retailers, etc., who regularly paid them big dollars for thousands of reports at a time. They just did not care if I was dead or alive, on paper, or in reality. Equifax told me to quit bothering them, and go away. Experian lost their temper. They threatened me by saying they would put more dirt on my report (so they could make more money) if I did not hang up. Deal Directly With The Source Chase Bank was the only creditor reporting this problem. So, on the very next business day (in November 2001) I called, and faxed, Chase Bank. I asked them how a responsible and ethical bank could report such a malicious lie. Their only response was ``They were sorry if it bothered me.'' They said they would communicate with both Equifax and Experian saying that my death was an error and inaccurate. I said thank you. I thought that finally would be the end of it. That was how the Fair Credit Reporting Act was supposed to work. I finally slept sound that night, after months of agony. A few days later, I called to verify their correction process was in the works. I was shocked when the supervisor at Chase Bank gave me a noncommittal answer--saying, ``it was routinely handled.'' This supervisor refused to give me his name. Later, when I told a depository employee this conversation--they laughed. They said that it was ``insider code'' for throwing my correction request into the trash can. It was at this moment of anger, plus insight, that I truly realized what a ``toothless paper tiger'' all the Federal legislation on credit protection really was. None of the ``Big Players'' in this industry obey any of these rules and guidelines set forth by Congress. They have told me, ``since there are no tough policemen daily watching their actions it was still ``business as usual.'' Sure, the FTC makes a headline now and then with consent settlements against each of the big 3 depositories. But, they said that was only a minor irritant. The only action they might fear is legislation making their individual managers personally responsible for their groups' error rates, under penalty of hefty personal fines, and/ or jail time. They mentioned the SEC's forced collapse of Arthur Anderson and other firms. A Serious Disconnect Between Words and Results I am a living case example of how our current fair credit reporting laws still do not work as intended. They sure sound great on paper. I remember reading (in 1994), the Senate finally shifted the ``Burden of Proof'' for the accuracy of information off the back of individual consumers, and onto the shoulders of the 3 giant credit bureaus, and their associated creditors. That sounded wonderful. It was the fair thing to do. However, it is now 9 years later, and hardly anything has really changed. We, the consumer, are still stuck with the ``burden of proving'' any ``error'' on our report is a fabrication, or ``mix up'' from some other file. Over the last 26 months I have asked Chase Bank to either prove I am dead, or quit reporting that lie. ``Off the record,'' people at Chase Bank have told me that: (A) Until there is either a financial incentive, to correct errors, or (B) Until the penalty on both a company and it's staff is so severe it cannot be ignored ``little'' inaccuracies like mine will never be given the proper attention or time to get corrected. I Had To Prove I Was Alive After 2 years of struggling to find any courageous lender to refinance my home, a friend took pity on me. He is a mortgage banker. He found a sophisticated national lender who was willing to work outside the box. Now, when that nasty message: ``Only 1 bureau this month will give me a Fair-Isaac score popped up,'' he was prepared. Most mortgages today end up in the secondary market. Either ``Freddie Mac'' or ``Ginnie Mae'' typically sets the guidelines for that. So, why not try to get some Federal Government Agency (on paper) to declare, ``Jokinen is alive.'' A Visit To The Government Last month, I walked into the Houston Regional Office of the Social Security Administration, and begged them to write a Government letter saying that I was not dead. Under Federal law, this is Chase Bank's or the 3 credit bureaus responsibility to prove, or disprove. But, those fat cats only ``yawned in my face'' every time I requested they correct this glaring inaccuracy. At first, the employees in the Social Security office did not know what to do with my request. There was not a sample letter on this topic in their Federal handbook. They decided to call their supervisor in Washington, DC. I also had to talk to some higher official in the national capital, who then asked to speak again to the Houston Office Manager. These two talked some more, and then started laughing. Soon, all the clerks in this entire Social Security office started whispering to each other and then laughing. A few minutes later my human interest story spread out into the waiting room. My request for this unusual letter was being translated into Chinese, Vietnamese, Spanish, etc. As people started hearing my strange story in their language, they started laughing too. Soon the entire floor in this high rise was laughing. I was now the object of much pity. When the Social Security Manager finally presented me with my ``Living Letter,'' the entire waiting room broke out into applause. It was like ``little David going out to slay the Goliath Bank.'' Yes, my wife and I finally got our home's mortgage refinanced. But, it was not from any help given by the Federal Fair Credit Reporting Act. What Happened To The 30-Day Rule? The 1994 Act required creditors and depositors to furnish only ``accurate'' information. Who enforces this? When consumers dispute any data these bureaus have 30 days to theoretically correct those errors. Is this a fairy tale? I have never seen it happen in real life. Chase Bank has ``inaccurately,'' reported me dead for more than 26 months. They still have not lifted one finger to update or to correct their inaccuracy. Then, 1 year after Chase Bank had declared me ``deceased,'' they mailed me an offer to raise the credit limit on that same Visa card in dispute, to $10,500, with ``zero'' interest on balance transfers for 9 months. Is this a question of their right hand not knowing what the left hand is doing? Or, was it just a profit-hungry bank looking to make a buck off a dead man's account? Chase Bank, also, sent me an unsolicited $5,000 preprinted check to pay off competitor bank card accounts. This was beginning to look like the old ``Abbott and Costello'' comedy routine: ``What's on first, who's on second?'' Except this bank is no longer funny to me. What a phony slogan Chase Bank claims to have: ``The right relationship is everything.'' The only relationship Chase Bank has ever given me is ``dead man walking.'' Ten years ago, Congress was moved to considering new fair credit reporting laws. This move came after research revealed ``in 1991 consumers had to complain an average of 23 weeks before getting minor corrections on their credit reports.'' By 1993, it got worse. Consumers had to now complain for a longer average of 31 weeks before getting any satisfaction. My 30 Days Has Grown To 784 Days I have been complaining to all 3 Giant Credit Bureaus, (plus Chase Bank) for over 112 weeks--and still, I get no satisfaction? Rodney Dangerfield described America's current consumer plight best--``We get no respect!'' How many more weeks do I have to ``ask'' these giants to grant me my consumer credit rights that were supposedly authorized by Congress 9 years ago? My Damages The costs of this credit bureau screw-up to me keep mounting monthly. It is an ever-increasing financial burden. I discovered I have been spending an average of 7 hours each week, just keeping these mounting credit errors under control. This comes to 364 hours a year with my finger stuck in this ``Dyke of Inaccurate Data.'' I am afraid if I pulled my finger out, I would be totally inundated in a swirling sea of paper lies. If their flood of bogus reports became more overwhelming it will impair my ability to economically support my family. For the last dozen years, my minimum rate for consulting has been $50 per hour. So far, I have expended 798 hours on just trying to keep Chase Bank and the ``3 Stooges'' (the 3 bureaus) under control. That has cost me $39,900, so far. Paying much higher monthly mortgage payments over the last 2 years than I now have has already cost me an additional $11,000. Also the higher interest rate slapped on us when we purchased my wife's used car has already cost us another $2,500. I am currently trying to raise money from investors. I am starting a new type of Home Building Company. We will build new modular homes in 6 weeks, instead of the regular 6 months. These new homes will also be hurricaneproof (up to wind speeds of 130 mph), floodproof (up to 2 feet above your neighbor's living room floors), and mold resistant. These new homes look identical to any conventional stick built homes on the same block. One of my potential investors (a $200,000 prospect) told me he pulled a merged credit file on me, and it scared him off. That is an additional $200,000 investment that should have been generating profits for my new corporation. These itemized monetary damages today add up to, more than $250,000, and counting. Emotional Suffering I was my mother's only child. We were quite close. My mother had Tuberculosis during World War II. She was confined to a TB sanitarium in Detroit for 3 years. My mother left our house when I was 5 years old. I never saw her in person again until I was 8 years old. In 1943, the TB doctors removed half of my mother's lung. During her recovery, the TB doctor told my mother she probably only had 2 to 5 more years to live. That is because she was now living on only half a lung, and it would eventually wear out. That was when she was 39 years old. She actually lived to 95. Because of Chase Bank's stupidity, I have now relived her last few painful years over and over again--while trying to get this mess cleared up. Suggested Legislation It seems most consumer complaints are the same: The majority of errors on their credit report do not get corrected. And, when some did, it wasn't in a timely fashion. Solution Give the FTC the same licensing and oversight powers the SEC currently has over stock and bond brokers. That way, all future credit reports would go out under a full name and FTC license of the bureau's assigned manager for that specific account. Then consumers would not be unfairly negotiating with nameless, faceless, customer services clerks they will never speak to again, the next time they call in or write. Under this reform, trained and licensed persons on the other side would be fully responsible for handling consumer corrections in 30 days. Then, if major mistakes are made or not corrected, the FTC should be granted the same SEC powers of serious fines against individuals, and/or their employing firms. The FTC should be able to take away an individual's license to work in this credit industry. The FTC should also be able to set jail time for those found guilty in court. Solution Continues Not only should the 3 depositories be required to license various levels of their staffs--this should also apply for all creditors who regularly supply the 3 credit bureaus with their information. That means all future credit reports would also carry another set of contact names of licensed people after: (1) Each bank's entry (like Chase), (2) Each retailers entry (like Sears), (3) Each lender's entry (like Countrywide), (4) Each insurers entry (like State Farm), and so forth. The best way to reduce complaints in any industry is to professionally train all staff who must deal with the consumer. Then hold each of those licensed staff people individually accountable for their own report corrections, or lack of corrections. Thank you for your time and courtesy today. <GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT> FROM TIMOTHY J. MURIS Q.1. Currently, consumers can get access to a free credit report if they are denied credit. What is the percentage of consumers that have been denied credit who actually take advantage of the opportunity for a free report? A.1. There are tens of thousands of credit report users who are obligated to send notices when taking an adverse action. We do not have data on how many consumers receive adverse action notices. However, a July 21, 2003 Report from CRS states that 13.4 million consumers each year request a free report following adverse action. This represents 88 percent of all annual free file disclosures by CRA's to consumers. Q.2. What States currently provide full access to free credit reports and what are the take up rates for those States? In other words, how many consumers that have not been denied credit take advantage of their free reports? A.2. Massachusetts, Colorado, New Jersey, Georgia, Maryland, and Vermont require access to free reports. (Some other States require access to reports for less than the $9 Federal maximum.) We have heard varying reports on the take-up rate in the free States. The July 21, 2003 CRS Report states that it is 2 to 4 times the take-up rate in States where consumers must pay $9. CDIA tells us that the rate of free reports per capita in the free report States is 218.5 percent that of the States without a free report requirement. But we have no absolute numbers--CDIA's members are reluctant to disclose those numbers to us because they do not want their competitors to be able to figure out their market share. Q.3. Which of the three major credit reporting agencies currently provide information about scoring methodology on their credit reports? Specifically, what information is provided? Do the credit reporting agencies provide this information only on request by the consumer, or do they provide it automatically in conjunction with a consumer's credit report? A.3. This is a question best addressed to the credit bureaus. Our understanding is that non-CRA subsidiaries of the three major national credit bureaus sell scores to users of credit reports and also sell scores directly to consumers, along with educational material. We are told that none of those bureaus provide scores as a routine matter, either with a free credit report or a credit report for which the consumer paid the $9 statutory charge--that is, there is an extra charge for the credit score. In some States (California and Colorado), credit bureaus are required to provide scores, but are permitted to charge for them. <GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT> <GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT> CONSUMER AWARENESS AND UNDERSTANDING OF THE CREDIT GRANTING PROCESS ---------- TUESDAY, JULY 29, 2003 U.S. Senate, Committee on Banking, Housing, and Urban Affairs, Washington, DC. The Committee met at 10:06 a.m. in room SD-538 of the Dirksen Senate Office Building, Senator Richard C. Shelby (Chairman of the Committee) presiding. OPENING STATEMENT OF CHAIRMAN RICHARD C. SHELBY Chairman Shelby. Good morning. I want to thank the witnesses for appearing today. Over the course of the last few months, the Banking Committee has held numerous hearings on various issues relating to the Fair Credit Reporting Act. We have heard testimony regarding the positive changes which have resulted in cheaper and more widely available credit. We have also heard from witnesses who have highlighted some of the troubling practices which occur in today's marketplace. As a general matter, I think a common element deserving our careful consideration has emerged from our hearing process. Regardless of whether we are talking about the positive or negative developments in the credit markets, consumer understanding of these developments, as well as their awareness of the overall operation of the credit markets, I believe, is the key. Simply, what people know and understand about finances I think truly matters. Considering that informed, knowledgeable consumers have the best opportunity to take advantage of new credit-related products and services and are also best able to reduce the likelihood of falling prey to the negative developments, such as identity theft or predatory lending. It is very important for this Committee to get an understanding as to just how much consumers know and understand about the general operation of the credit markets. Furthermore, as the Fair Credit Reporting Act assigns consumers significant responsibilities with respect to the content and the control of their credit reports, the Committee needs to get a better understanding as to the level of consumer knowledge and understanding of these specific matters. That is the purpose of today's hearing: Providing Members of this Committee an opportunity to examine consumer awareness and understanding of financial and credit-related matters, generally, and consumer awareness and understanding of their FCRA rights and responsibilities specifically. In the end, it is my hope that the record established today will help guide the Committee's FCRA reauthorization effort. I want to thank you for coming and appearing today, and we look forward to your testimony. Senator Sarbanes. STATEMENT OF SENATOR PAUL S. SARBANES Senator Sarbanes. Thank you, Mr. Chairman, for holding this hearing on consumer awareness and understanding of the credit granting process. Last year, when I was privileged to chair this Committee, we held a series of hearings relating to the issues of financial literacy and education. So, I am particularly appreciative of the attention you are giving to this matter. The credit scoring and reporting system plays a significant role in most consumers' lives. However, consumer awareness and understanding of the credit granting process is less than it should be. I believe that all consumers should have the knowledge to access their credit score, the ability to access their score with ease, and the understanding necessary to realize the importance of their credit score and the impact it may have on consumer choices they seek to make. Yesterday, the Consumer Federation of America issued a study which found the following: 61 percent of all Americans say their knowledge of credit scores is either fair or poor, and this figures increases to nearly 70 percent among households with incomes under $35,000 a year; 75 percent of Americans, 80 percent of those with incomes below $35,000, say they do not know what their credit score is; and when asked a true or false question as to whether applying for a credit card may lower your credit score, only 37 percent of Americans answered correctly. This is indicative that there is a serious need to increase financial literacy and education among consumers. Actually, a number of Members of the Senate have taken a strong interest in this issue, and I particularly want to acknowledge the efforts of Senators Stabenow and Enzi, as well as Senators Corzine and Akaka. I know that Senators Stabenow and Enzi are actually working on a bill right now, as I understand it, and I look forward to working closely with them and with you, Mr. Chairman, as well as other Members of the Committee. Yesterday, I introduced legislation with Senator Corzine, the Financial Literacy and Education Coordination Act, which, if passed, would create a more unified and comprehensive framework to improve the state of financial literacy and education amongst American consumers. This is a first step. This would be an effort to have a coordinating committee within the executive branch of the Government to address the issues of financial literacy and education. We established such a committee with respect to the Trade Promotion Coordinating Committee, and it has worked quite well and brought a significant improvement, we think, in the coordinated effort within the executive branch of the Federal Government on trade promotion. And I am hopeful we could accomplish the same thing with respect to financial literacy and education. I thank the witnesses who are here today. Many of them represent agencies and organizations that have long been actively involved in efforts to increase financial literacy and education, and I look forward to their testimony. Thank you very much. Chairman Shelby. Thank you. Senator Bennett. STATEMENT OF SENATOR ROBERT F. BENNETT Senator Bennett. Thank you, Mr. Chairman. I recognize that this is just one in a series of hearings that you have been holding on this particular issue and this bill, and I congratulate you for the thoroughness with which you are examining it. We need to get this one right, and the opportunity to mess it up in the name of good intentions is very high. I remember as a brand new Member of this Committee in 1993, one of the main issues that we discussed during the time when Don Riegle was the Chairman of the Committee was credit availability, particularly to those at the lower end of the economic scale. And there was a great deal of concern that financial institutions were not making credit available to those in the minority community or in the lower economic end of the scale because they wanted to protect the safety and soundness of their institutions. Burned by the savings and loan experience, they wanted to make sure that every loan they made was absolutely safe, to the point that they were not making loans. And they preferred to put their money into Government securities and earn money that way without taking the risk in the marketplace of making loans. So the focus of the Committee at that time was on the question of how loans could be made available, how credit could be made available across the spectrum of America. My concern, as I sit through these hearings and listen to some of the requests being made in the name of more consumer information, is that we might inadvertently get into the position where we are once again shutting off credit to that portion of the economy that badly needs it. I have often said that the best place to hide a leaf is on the floor of the forest in open sight, surrounded by all of the other leaves. It becomes impossible for you to pick it up. Much of the problems that I have found in life with respect to disclosure of consumer rights is that we end up hiding a whole bunch of leaves. We end up with documents that are very thick and procedures that are very onerous, and we say, well, we are just making sure they get full disclosure. And that kind of full disclosure becomes, in effect, nondisclosure because you cannot pick out of it what really matters and understand what is really going on. I am looking forward in this hearing to hear from the regulators and from the consumer advocates as to what would be the most meaningful disclosure that would give us transparency so that the customer understands what is going on and at the same time not clog up the system with so many ``consumer protections'' that would end up taking us back to the bad old days when credit was not available to people who desperately need it. I think you have assembled a panel that can address that issue, and I appreciate your leadership in this entire effort. Chairman Shelby. Thank you. Senator Stabenow. STATEMENT OF SENATOR DEBBIE STABENOW Senator Stabenow. Thank you, Mr. Chairman, for holding this hearing. I apologize in advance for having to leave to go to the floor in a moment, but I did want to be here to say thank you to those who are speaking, and I look forward to your testimony and having an opportunity to review your testimony. As our Ranking Member, Senator Paul Sarbanes mentioned, there are a number of us that are working on the issues not only of understanding the credit system but also understanding financial literacy in total. And I thank Senator Sarbanes, as well as the Chairman and others for their efforts. Senator Enzi and I have been working now for a number of months on an approach to, in fact, bring together all those who provide financial literacy programs of some kind, as well as a website and a 1-800 number and other opportunities for people to be able to go to one spot and be able to get information so that they can not only get their credit reporting information in terms of how to access it, but also additional information as well. I think it is an important hearing, and hopefully we can all work together to put this concept into law and be able to make information more readily available to consumers to be able to access information and empower them with knowledge that they need in order to manage their own financial affairs. Thank you, Mr. Chairman. Chairman Shelby. Senator Enzi. STATEMENT OF SENATOR MICHAEL B. ENZI Senator Enzi. Thank you, Mr. Chairman. I have a complete statement that I would like to submit for the record. Chairman Shelby. Without objection, it will be made part of the record. I want to thank you so much for holding this hearing today. We are finally to the heart of fair credit reporting: The consumer. I really prefer to call them ``customers.'' I think that elevates them to---- Chairman Shelby. They were your customers, weren't they? Senator Enzi. Yes. [Laughter.] That elevates them to being the heart of the economic engine, which is what they really are. Without the customer there isn't an economy. This will bring out some things that will help us a lot in designing some bills that will help the customer to get both the credit they need and the credit for what they do. There have already been some significant steps in this area, and I appreciate Senator Sarbanes' efforts last year at promoting financial literacy. I had an opportunity to do a little bit of research, and in Wyoming, we have a significant effort that is being done by Fannie Mae, the Wyoming Community Development Association, which provides low-cost housing, the realtors, the bankers, and the credit unions. And that is a special program that is done on compressed video to a number of sites around the State at one time so that people can learn the intricacies of buying a house. If you take the course, you also get a discount on your loan, so there is some real big incentive for doing it. Several thousand people have already taken that, and now they are looking at moving that down into the high schools as a part of the curriculum. I think it will make a tremendous difference to young people, particularly. I was Mayor of Gillette when it was a boom town. We had a lot of young people coming to take on the jobs, and even clear back then they were making $50,000, $60,000 a year, and going broke. And they did because their parents had all these different things that they owned, and they were making a lot less, so the kids went out and bought all of those things at once, and then found out that the payments were more than their income. I tried to find some way to get some credit counseling for them, and we did that through some associations and through the credit unions, who have even gone into the schools and put on classes for kids and organized many banks so that they can have an emphasis on savings and get a little bit of information on how credit cards affect them. So there are some efforts out there, and Senator Stabenow and I have been working on a bill trying to figure out a way-- and I think we have got it--that people can have an entry ramp to the information that the Federal Government has on financial literacy, and that we can make that available to these customers so that they can be better customers. I thank you for the part that this will play in the activity that we are doing. Thank you. Chairman Shelby. Thank you, Senator Enzi. Our panel today, we want to welcome you all again. We have Ms. Dolores Smith, Director, Division of Consumer and Community Affairs, the Board of Governors of the Federal Reserve System; Ms. Donna Gambrell, Deputy Director of Compliance and Consumer Protection, Federal Deposit Insurance Corporation; Mr. Joel Winston, Associate Director, Financial Practices Division, Bureau of Consumer Protection, Federal Trade Commission; Mr. Travis Plunkett, Legislative Director, Consumer Federation of America; Ms. Stacey D. Stewart, President and Chief Executive Officer of the Fannie Mae Foundation; Ms. Cheri St. John, Vice President of Global Scoring Solutions, Fair Isaac Corporation; Mr. Scott Hildebrand, Vice President of Direct Marketing Services, Capital One Financial Corporation. I welcome all of you here. All of your written statements will be made part of the record in their entirety. There are seven of you here. We have six microphones, so somebody will have to share a little bit. But if you will quickly sum up your top points, that will enable us to ask you some questions. Ms. Smith, we will start with you. STATEMENT OF DOLORES S. SMITH DIRECTOR, DIVISION OF CONSUMER AND COMMUNITY AFFAIRS BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM Ms. Smith. Thank you, Mr. Chairman. Mr. Chairman and Members---- Chairman Shelby. Bring your microphone up. You can share it with her later. Ms. Smith. Okay. Is that better? Senator Sarbanes. It would be better if you pulled it quite close. Chairman Shelby. A little closer. Ms. Smith. All right. Mr. Chairman and Members of the Committee, I appreciate the opportunity to testify on the significance of maintaining a reliable national credit reporting system, on the importance of the Fair Credit Reporting Act to that system, and on the need for consumer awareness of how the credit reporting system functions and how it relates to their ability to obtain credit. As the financial services industry has grown larger, financial products and services more complex, and the U.S. population more mobile, it is no longer feasible for institutions to evaluate the credit standing of consumers based solely on their direct experiences with consumers. Centralized consumer reporting agencies have evolved to provide a repository of credit history information that can be accessed by creditors to evaluate prospective borrowers. This national credit reporting system provides creditors with an efficient and cost-effective method of obtaining data for credit decisionmaking and consumers with increased credit availability. The data are limited on what consumers understand about the national reporting system, the credit granting process, and how their credit report relates to that process. There is anecdotal evidence that consumers are generally aware of the terms ``credit scoring'' or ``credit rating,'' but they are less clear how credit scores are used in credit granting. The national credit reporting system has become invaluable to creditors for assessing consumers' creditworthiness. Thus, it is crucial that consumers understand how this system operates and how it impacts their access to credit. Educated consumers who make informed decisions about credit are essential to an efficient and effective marketplace. Consumers who understand how their credit-risk profile relates to credit rates and terms can better determine which credit product best suits their needs. Participation in the U.S. credit reporting system is voluntary. Creditors are not required to obtain consumer reports before making credit decisions, although most creditors rely on consumer reports for risk management. Creditors are not required to furnish information to consumer reporting agencies. But if they do, the information they furnish must be accurate. The Fair Credit Reporting Act contains important consumer rights and protections. Several are designed to promote accuracy in consumer reports. For example, the right to receive notice if information in a consumer report has resulted in adverse action enables consumers to check the accuracy of information in their credit reports and to dispute the accuracy or completeness of any items of information. Other consumer rights and protections are designed to protect consumer privacy. The ready availability of accurate, up-to-date credit information from consumer reporting agencies benefits both creditors and consumers. Information from credit reports gives creditors the ability to make credit decisions quickly and in a fair, safe and sound, and cost-effective manner. Consumers benefit from access to credit from different sources, the competition among creditors, quick decisions on credit applications, and reasonable costs for credit. The FCRA promotes the national credit system in important ways. Perhaps most significantly, the availability of standardized consumer reports, containing nationally uniform data, allows banks to make prudent credit decisions efficiently wherever they do business and wherever their customers live and work. Consumer financial education plays an important role in helping consumers understand the national credit system. In particular, consumers need to be more aware that the accuracy and completeness of information in their credit files affects the pricing and availability of credit. Markets operate more efficiently when consumers are well-informed. The Federal Reserve System recently launched a financial education initiative to encourage consumers to learn more about personal financial management. The objective of this nationwide initiative is to highlight the benefits of financial education and provide information on resources available to consumers for assistance in managing their finances. The Committee is to be commended for undertaking an examination of the Fair Credit Reporting Act and related issues at this important juncture. In conducting this examination, it is important to work to maintain a viable national credit system that preserves and expands reasonable access to credit and to promote consumers' understanding and awareness of the credit reporting system and of its impact on their ability to obtain credit and the pricing of that credit. Thank you. Chairman Shelby. Ms. Gambrell. STATEMENT OF DONNA GAMBRELL DEPUTY DIRECTOR FOR COMPLIANCE AND CONSUMER PROTECTION DIVISION OF SUPERVISION AND CONSUMER PROTECTION FEDERAL DEPOSIT INSURANCE CORPORATION Ms. Gambrell. Chairman Shelby, Senator Sarbanes, and Members of the Committee, thank you for inviting me to testify on behalf of the Federal Deposit Insurance Corporation. The FDIC has been closely following the hearings of the Fair Credit Reporting Act and related issues. At stake are matters that affect both individual consumers and the manner in which the Nation's economy operates. FDIC Chairman Don Powell has stated his support for making the expiring FCRA preemption provisions permanent. We thank you for your careful consideration of these important issues. We also commend the Committee's attention to the difficult problems associated with combating identity theft. For its part, the FDIC is coordinating an effort among the Federal financial institution regulators to publish guidance on measures that should be taken when security breaches occur that may lead to identity theft. It is the FDIC's commitment to consumer protection that compelled the Agency to assess ways in which a segment of our society could gain greater access to the financial mainstream. Policymakers and financial institutions alike have made commendable efforts to broaden the scope of banking products for low- and moderate-income people. However, many families still fall outside of the financial mainstream and do not maintain traditional bank credit, savings, or investment accounts. According to conservative figures, nearly 10 percent of U.S. families do not have banking relationships. Several studies have shown that financial education efforts can raise consumer awareness, foster positive changes in behaviors, and better equip consumers to operate within the financial arena. We share that point of view. The FDIC introduced Money Smart, a 10-module training curriculum, in the summer of 2001 to help low- and moderate- income adults better understand the basics of banking. We designed Money Smart to be easy to teach and easy to learn. It can be taught in its entirety or in single units. Money Smart is free and has no copyright restrictions, so organizations desiring to use the program can reproduce and use the training materials as needed. Also, banks can get Community Reinvestment Act credit for their involvement in offering Money Smart classes in their communities. Because immigrant populations represent a significantly underserved market, we have translated Money Smart into Spanish, Chinese, and Korean, and we will have a Vietnamese translation by the end of this year. To date, we have provided more than 22,000 organizations across the country with over 75,000 copies of Money Smart. While we are pleased with these numbers, Chairman Powell has set an even more aggressive goal for the next 4 years, including: one, exposing 1 million consumers to our financial education program; and, two, linking Money Smart to wealth- building and asset accumulation programs, such as homeownership initiatives and individual development accounts. We are committed to meeting this goal. We believe that a critical factor in the success of Money Smart has been our emphasis on working through our regional community affairs staff with local organizations that are best situated to bring Money Smart to those who can benefit from it. To date, over 340 organizations throughout the country, in both urban and rural communities, have joined our Money Smart Alliance as local partners, and 20 major private and public sector organizations have joined as national partners. These entities represent a wide spectrum of delivery systems for our financial education program: Housing and social service agencies, financial institutions, colleges and universities, community organizations, as well as Government, faith-based, and employment organizations. As an example, under a partnership agreement with the Neighborhood Reinvestment Corporation, Money Smart has been used to train over 5,500 students in 39 cities over the past year. These students primarily are low-income consumers, minorities, or women who are potential homebuyers or existing homeowners having problems making ends meet. We recognize the long-term success of Money Smart is largely dependent on our ability to set measurable goals for the program and monitor our results on an ongoing basis. Recently, we completed a large-scale survey effort. Based on preliminary results, we estimate that the number of participants who have completed at least one Money Smart module to date exceeds 100,000. The survey also indicates that over 13,000 Money Smart participants went on to initiate a banking relationship as a result of the program. We have a great banking system in this country. We also have a credit market that is the envy of the world, and we believe everyone should have an opportunity to participate. With Money Smart, we believe we have the means to raise consumer awareness about bank services, credit, budgeting, and savings, and to offer financial alternatives to the most needy in our society. Thank you for giving me the opportunity to testify before you this morning on this critically important topic. I look forward to answering any questions you might have. I also make the offer on behalf of Chairman Powell to assist any Senator interested in looking into establishing Money Smart programs for their communities. Thank you. Chairman Shelby. Mr. Winston. STATEMENT OF JOEL WINSTON ASSOCIATE DIRECTOR, FINANCIAL PRACTICES DIVISION BUREAU OF CONSUMER PROTECTION U.S. FEDERAL TRADE COMMISSION Mr. Winston. Mr. Chairman, Senator Sarbanes, Members of the Committee, I am pleased to appear today to discuss financial literacy as it relates to credit reporting and credit granting. As others have said, this is a vitally important subject because our economic system and the welfare of our consumers depend on knowledgeable consumers making well-informed decisions about their finances. I should note that the views expressed in my written testimony represent those of the Commission, but my oral presentation and answers to questions are my own. The Commission has a great deal of experience through its law enforcement and education activities in assessing the level of consumer knowledge in this area. Unfortunately, what we have observed is consistent with the Consumer Federation study that came out yesterday; that is, many consumers have limited knowledge of how our credit system works. They may not realize that their financial information is compiled and used not only by just creditors but also by employers, insurers, landlords, and others. They may not know how this information affects their ability to get a loan, insurance, or a job. They may not understand what rights they have to ensure that the information is accurate. And as you mentioned earlier, Mr. Chairman, knowledgeable consumers are especially important here because the Fair Credit Reporting Act relies, in important ways, on the vigilance of consumers in protecting their rights. Uninformed consumers may not take the steps they should to improve their credit ratings or correct errors. I would like to talk briefly about the FTC's consumer education program, and I brought along some samples, including our most recent publication called ``Getting Credit,'' a primer that will be distributed to community colleges around the country, as well as in many other venues. And we have other things which are available in the back ranging from refrigerator magnets to bookmarks to brochures of every type on credit topics. Senator Sarbanes. Where are those located? Mr. Winston. I believe they are just outside on the table, and we have a number of copies. Consumer education is among our most important tools in the fight against fraud and deception. Overall, we have over 30 publications on credit issues available directly from the FTC and through a variety of partner organizations. Many of them are in Spanish, as well as English. Credit publications have consistently been among our most popular items with annual distribution in the millions. At the same time we have partnered with many outside organizations to improve consumers' understanding of credit, ranging from the CFA to the Jump$tart Coalition to the Department of Defense. For example, our Northeast Office works with colleges and universities in an effort called Project Credit Smarts, in which we make presentations and distribute credit-related publications during student orientation sessions. Our identity theft program is another way in which we educate consumers about credit. One of the most devastating consequences of identity theft is the damage that it causes to the victim's credit record. We offer publications with tips on how to avoid identity theft and what to do if it happens, and these publications have been extremely popular. We should also remember that the FCRA itself serves an important educational function. Perhaps most important, the law requires that users of credit reports notify consumers when they take adverse action based on information in a report. The notice must tell consumers what credit bureau supplied the report, and advise consumers of their rights to a free copy of that report, and to dispute the accuracy of the information in it. Consumers get this information when they are motivated to act on it. The FTC's legislative recommendations about which Chairman Muris testified before this Committee on July 10, would result in better educated consumers. Our proposals would put more information in consumers' hands by first expanding consumers' rights to adverse action notices when they are offered less favorable credit terms; second, making annual credit reports available at no charge; third, giving consumers more information about their credit scores, along with explanatory materials; and fourth, making it easier for consumers to correct errors in their report. Thank you for the opportunity to discuss this important subject, and I will be happy to answer any questions you may have. Chairman Shelby. Mr. Plunkett. STATEMENT OF TRAVIS B. PLUNKETT LEGISLATIVE DIRECTOR CONSUMER FEDERATION OF AMERICA Mr. Plunkett. Good morning. Chairman Shelby, Ranking Member Sarbanes, and the Members of this Committee, my name is Travis Plunkett, and I am the Legislative Director of the Consumer Federation of America. I applaud the Committee for conducting a hearing on such an important and little understood subject. In response to the invitation to testify here today, the Consumer Federation of America commissioned a study about consumer knowledge of credit reports and credit scores, and about the level of public support for a variety of protections that this Committee may consider. More than a thousand adults were interviewed. Overall the survey found that a large number of Americans not only do not understand basic facts about credit scores and reports, but also admit their lack of knowledge about this subject. That is a finding that you sometimes do not find in these kinds of public surveys, that people acknowledge their lack of understanding and then show it. An important finding of the survey is that low- and moderate-income Americans--who tend to pay the highest price for credit and are the most vulnerable to inaccurate credit scores--are the least knowledgeable about credit reports and credit scores. We also found that a breathtaking number of Americans believe they need greater credit reporting rights. They want easier access to their credit reports and scores, greater protections against privacy and credit reporting abuses, and the right to go after lenders in court who repeatedly make grievous reporting errors. Let me give you some details. First, in questioning Americans about what they say they know, 50 percent said their knowledge of credit reports was fair or poor. While, 61 percent said they had a fair or poor awareness of credit scores. Lower- income Americans are the most likely to believe that their understanding is not good. More than 60 percent of those in households with incomes under $35,000 a year said their knowledge of credit reports was fair or poor. That number rose to 70 percent for credit scores. Young adults were also likely to say that their knowledge was not good. Sixty two percent said their awareness of credit reports was fair or poor, 78 percent for credit scores. Now we get to the second part. We tested actual consumer knowledge about credit reports and scores, and the results were no better. Only 25 percent of Americans and less than 20 percent with incomes below $35,000 said they knew what their credit score was. Forty three percent of Americans, and only 35 percent of those with incomes under $35,000 a year, said they had obtained a copy of their credit report from the three credit bureaus in the past 2 years. On the pop quiz portion of the survey, only 3 percent of Americans could, unprompted, name the three main credit bureaus. I am not sure we'd get a better response in this room either. The survey also tested consumer knowledge using a series of true/false questions. The good news is that large majorities know that consumers have the right to see their credit report, and that consumers who fail to qualify for a loan have the right to a free credit report. Now the bad news, a majority of Americans did not know several important facts: That in most States they must pay a fee to obtain their credit report; that their credit score may be lowered if they use all of the credit available on their credit card; that their credit score may be lowered if they apply for a credit card; and that they are not required to contact their lenders if they believe their credit report or score is inaccurate. As you all know, they must go to the credit bureau. Also, 27 percent incorrectly believe that their credit score mainly measures their knowledge of consumer credit as opposed to their creditworthiness. We also found that a large number of Americans are unaware that credit scores are increasingly being used by electric utilities, insurers, landlords, and cellular telephone companies to decide whether they can purchase a service and at what price. By comparison, only 13 percent did not know that credit cards used credit scores, credit card companies I should say. Finally, we questioned Americans about their opinions on new consumer protections that are being floated in Congress. We found overwhelming support, generally at the 80 to 95 percent level for a number of reforms, requiring credit bureaus to better verify identities on credit applications in order to reduce identity theft; allowing consumers to obtain a free credit report and credit score once a year from the three main credit bureaus upon request; requiring lenders to give consumers who are denied a loan or charged a high rate, a free copy of the credit report and the score used as the basis for the lender's decision; requiring banks to obtain a consumer's permission before sharing financial information with affiliates; prohibiting the use of medical information to make credit decisions without a consumer's consent; and allowing consumers to sue lenders who knowingly provide credit bureaus with incorrect, damaging information. When quizzed about the practice of credit card companies raising interest rates for a problem, a credit problem with another lender, Americans overwhelmingly opposed that practice. I have summarized the findings of this survey. My written testimony also includes a number of public policy recommendations on how to deal with some of the findings of the survey and what they lead to. Let me close by talking about one other finding and conclusion based on our survey. The survey also points to the need for a long-term strategy to boost general financial awareness and to improve financial decisionmaking by Americans. Thankfully, Senators Sarbanes, Shelby, Stabenow, Enzi, and Akaka have all shown a great deal of interest in improving financial education efforts in this country. For instance, Senator Sarbanes recently introduced his bill to create a Financial Literacy and Education and Coordinating Committee within the Department of the Treasury. We think this proposal has great merit, and we support it. We would also encourage this Committee to look at broader solutions to improving financial literacy throughout this country over the long term. Thank you. Chairman Shelby. Ms. Stewart. STATEMENT OF STACEY D. STEWART PRESIDENT AND CHIEF EXECUTIVE OFFICER FANNIE MAE FOUNDATION Ms. Stewart. Mr. Chairman, Ranking Member Sarbanes, and Members of the Committee, good morning. My name is Stacey Stewart. I am the President and CEO of the Fannie Mae Foundation. As you may know, the Fannie Mae Foundation is a separate organization from Fannie Mae, though funded exclusively by Fannie Mae. It is an honor to have this opportunity to address the Committee. The mission of the Fannie Mae Foundation is to give more Americans access to homeownership and all Americans access to decent, safe, and affordable housing. We are driven by the conviction that the expansion of homeownership is both an economic and ethical imperative. It is a matter of both fiscal health and social justice. We are, therefore, grateful for this opportunity to discuss the Foundation's activities in promoting financial literacy. As we guide people down the pathway to homeownership, we try hard to help them understand the critical importance of acquiring and maintaining good credit. Research, anecdotal evidence, and reports from the many national and community-based organizations with which we work all tell us the same unsettling story. Far too many consumers, and far too many aspiring homeowners, do not understand the link between good credit and their ability to get a home mortgage. In a survey the Fannie Mae Foundation commissioned in 1999, almost 70 percent of African-Americans and Hispanic-Americans expressed a belief that paying their bills late would represent only a minor problem or no problem at all in obtaining a mortgage. More recent research tells us that 40 percent of all African-Americans and 60 percent of Hispanic-Americans believe you need a perfect credit rating in order to qualify for a mortgage, and roughly 40 percent of minorities believe that you need a 20 percent downpayment in order to buy a home. As those of you before me know, of course, none of these beliefs are true. Yet the problems run even deeper. The sunshine provisions of the Fair Credit Reporting Act also are not well understood. In 2002, the Fannie Mae Foundation helped fund research among high school seniors to understand where and how to start encouraging financial literacy. Sixty percent of the respondents did not know the conditions under which they could access their credit report. I think you might find this particularly interesting, Mr. Chairman: more than 12 percent of those graduating seniors expressed the view that one's credit record is the property of the U.S. Government and can be viewed only by the FBI and lenders. This suggests a problem that goes far beyond fair credit reporting. It suggests we must do more to overcome the information deficit that remains the most formidable barrier to financial literacy. Up to this point, I have focused on consumers who misunderstand credit, how it is reported, and what that means for them. But there is a large and growing number of our citizens who are simply excluded from the credit reporting system. This is a huge concern. Millions of Americans are operating outside of the country's mainstream financial system. They do not have meaningful credit records, and they do not have the opportunity to benefit from timely payment of crucial monthly charges, such as rent and utility bills. Without a record of their responsible payment history, these Americans cannot secure credit from mainstream financial institutions. As a result, many turn to high-cost, alternative financial services. In fact, according to the GAO, 22 million households lack as basic a financial service as a bank account. How likely is it that consumers who lack even a basic bank account understand credit reporting systems? These consumers pay high fees for credit from alternative lenders and then receive no benefit in mainstream financial institutions for repaying those loans on time because such transactions are not captured by the mainstream credit reporting system. Information such as this defines our challenge, and it explains why consumer education initiatives are at the heart of the Fannie Mae Foundation's agenda. Our financial literacy efforts are designed to give Americans the information they need to take control of their financial future. In 2002 alone, more than 800,000 individuals requested or downloaded our free instructional guides on credit and the homebuying process. Since 1993, we have made these guides available in 9 languages and have delivered them to more than 14 million Americans. Our 30-minute instructional video, ``Knowing and Understanding Your Credit,'' and its Spanish- language counterpart that aired on Black Entertainment Television and Telemundo affiliates, respectively, throughout the Nation in 2002. Our foundation invests $3 million annually in the most effective homeownership and credit education providers around the country. We have also launched research to improve the design and the delivery of these services. And we are funding promising research aimed at producing innovative strategies for bringing mainstream financial services into underserved and overlooked communities. At the Fannie Mae Foundation, we are very proud of our consumer outreach initiatives, but we know we must do more, and we are committed to doing so with an abiding understanding of our responsibility to lift Americans out of the darkness of financial illiteracy into the light of financial opportunity. I am confident that this Committee shares our commitment. To expand homeownership and help millions of low- and moderate-income Americans build assets. We must enhance their understanding of credit and the relationship between credit reporting and their ability to secure a mortgage. This is an essential step in helping all of our citizens become active and knowledgeable participants in the financial life of our Nation. It is also the first in helping low- and moderate-income Americans fully participate in the American economy and, ultimately, the American Dream. Mr. Chairman, I thank you, and I will be happy to answer any questions the Committee may have. Chairman Shelby. Ms. St. John. STATEMENT OF CHERI ST. JOHN VICE PRESIDENT OF GLOBAL SCORING SOLUTIONS FAIR ISAAC CORPORATION Ms. St. John. Mr. Chairman, Members of the Committee, my name is Cheri St. John, and I am the Vice President of Global Scoring Solutions for Fair Isaac Corporation. Thank you for the opportunity to testify about what Fair Isaac is doing to improve consumer understanding and awareness of the credit granting process and what can be done to make even more usable information available to consumers. Fair Isaac invented statistically based credit risk evaluation systems, commonly called credit scoring systems. Thousands of credit grantors use the scores known as FICO scores, generated by Fair Isaac scoring systems, implemented at the three national credit reporting agencies. There are many different kinds of credit scores. The most well known are the credit risk scores, developed by Fair Isaac, known as FICO scores and widely distributed to lenders by the three national credit bureaus. In addition, there are broad- based credit scores developed by each of the three bureaus and third-party developers. There are custom scores, scores for specific industries, and there are scores distributed primarily to the consumer market. There are three main points I would like to highlight today. Point one: Although there is a lot of educational information already available to consumers, we need to work together to let them know it is there. As credit scoring has grown, Fair Isaac has responded by providing consumers with the information they need to understand credit scoring and to use that to take control of their credit health. We started in June 2000 by publicizing all of the factors used in the FICO scores. Nine months later, consumers could get their own FICO score and the accompanying underlying credit report, as well as a complete explanation of their personal FICO score. Since then, our FICO score simulator and many additional services have been added to Fair Isaac's website, www.myfico.com. Free information has been available to consumers at that website since its inception, including a weighting of the credit report factors in the FICO scores so that consumers know what events or behaviors have the greatest influence on the scores in general. It indicates what information is not included in the FICO scores and offers free advice on what actions consumers should take or avoid taking to improve FICO scores over time. There is too much information on the website to describe here, or even in our written statement, so I urge you to visit www.myfico.com to see for yourselves the breadth and quality of the information available there. Fair Isaac also makes information available about FICO scores by U.S. Mail, and collaborates with Equifax and TransUnion to make information available to consumers directly from those two agencies. The information is there. We all need to work together to help consumers know where to get the information that will help the most. Point two: To be well-educated, consumers must know and understand the credit score lenders are using to evaluate them. Colleges typically use the SAT score to evaluate students who apply for admission. Students know this, and use that same score to decide where to apply or which colleges might accept them. Although a different aptitude test might provide the student with some useful information, prospective students get the greatest benefit from knowing their own SAT score, empowering them to judge for themselves how they may be viewed by a college admissions office. The same is true for credit scores. Consumers should know and understand the credit score that lenders use. Point three: Score disclosure legislation should require agencies to provide the broad-based credit score the agency most widely distributes to lenders and give consumers the right to choose a different score that is widely distributed. We have made a good start at educating the American consumer about the credit granting process, but more can be done. Credit scoring can be confusing and it becomes more confusing if the consumer gets one score when the lender uses something else. If, as we suggest, mandatory score disclosure gives the consumer the choice and defaults to the score that the agency distributes most widely to lenders, the consumer is in charge rather than the agency or the score developer. Furthermore, the uninformed consumer who needs help the most is likely to get a useful score, by defaulting to the score the agency distributes most widely to lenders. In conclusion, there is much valuable information about credit scoring available to consumers as a paid service and free. Consumer education will be improved if consumers can get the scores most widely distributed to lenders or another score of their choice. I thank you for the opportunity to share Fair Isaac's expertise and experience in this important area and I would be happy to answer your questions. Chairman Shelby. Mr. Hildebrand. STATEMENT OF SCOTT HILDEBRAND VICE PRESIDENT, DIRECT MARKETING SERVICES CAPITAL ONE FINANCIAL CORPORATION Mr. Hildebrand. Chairman Shelby, Ranking Member Sarbanes, Members of the Committee, my name is Scott Hildebrand, and I am appearing before you on behalf of the Capital One Financial Corporation, where I serve in the capacity as Vice President of Direct Marketing Services. On behalf of Capital One, let me express my thanks to you for your leadership you have shown on this issue. Capital One is one of the 10 largest credit card issuers in the Nation, and a diversified financial services company with over 45 million customers and $60 billion in loans outstanding. At Capital One, we believe that a thorough understanding of financial matters not only helps consumers to make better decisions, but also helps to ensure the continued health of the financial services industry. We are not successful if our customers fail to manage their personal finances effectively, and thus are unable to meet their credit obligations. Capital One believes that clear communications about its products and services is important to maintaining successful relationships. Our best channel and our most direct vehicle for reaching out to our cardholders is their monthly statement. We include financial tips that are pertinent to their account in prominent locations on the statement where it is likely to be noticed. Understanding that Capital One may be the first credit card for many cardholders, we built financial education into all product touchpoints. Upon activation of the card, these cardholders receive a welcome booklet explaining the ins and outs of credit. Our message focuses on the importance of building a positive credit history. During the first year with Capital One, cardholders receive quarterly reminders about the importance of maintaining good credit habits. Created with Myvesta.org and Jump$tart Coalition for Personal Finance, these reminders provide more detailed information on numerous personal finance topics. For other customers we place the financial toolbox on Capital One's website, which includes guides, articles, and calculators to give consumers a better understanding of how to use our products. We also believe it is important to reach out beyond our customer base. Several years ago, we undertook a major corporate initiative to develop a financial education program. Following the Capital One method of doing business, we started by surveying the market to assess the delivery and methodology used by financial education programs. As a result of our research, we initially decided to focus on those most in need, lower-income and underbanked populations. As a result, we decided the best approach would be to find a strong, nonprofit organization with who we could partner. We contacted Consumer Action. Since beginning our partnership, we have developed a highly effective collaboration that has produced measurable results. Capital One has donated approximately $1\1/4\ million to create and implement MoneyWi$e, a program that offers straightforward easy-to-read information to address financial responsibility. Together, we have created a four-part series of MoneyWi$e educational materials that provide the basic building blocks for developing and honing personal finance skills. These include: Building good credit, credit repair, basic banking, and basic budgeting. Capital One's financial support of this program ensures that these materials are provided to nonprofit organizations and consumers free of charge. The materials are also available in four languages in addition to English including Spanish, Chinese, Korean, and Vietnamese. This ensures that we are able to reach immigrant groups, many of which have had negative experiences with banks in their home countries and are vulnerable to unscrupulous financial service providers. Five years ago, we joined Jump$tart. The premise behind our support of this program is simple. We believe in their mission to teach financial education in the public schools. Based on this belief, we provided financial support for the integration of Jump$tart's Money Math Curriculum into the Virginia school standards. Capital One has developed a unique method to reach college students. We decided to experiment with a method that utilizes students' relationships with their peers. Last year, we piloted MoneyWi$e for college students, a train-the-trainer program that teaches college students how to become ``money mentors'' and to deliver personal finance curricula to other students. Currently, the program is delivered on three college campuses, including the University of South Florida, Texas A&M, and Washington State. Because of the success of this test, we are currently in talks to expand the program to additional schools this fall including the University of Maryland, Penn State and the University of Alabama. The workshops cover a broad range of topics from how to maintain a checking account to understanding credit reports. The program results have been impressive with 100 percent of participants willing to recommend the program to other students. At Capital One, we believe in the principle that knowledge is power. Our products work best if our consumers manage their finances responsibly. For us, educated consumers, customers who know their annual percentage rate they are paying, who know when their bills are due, and who know and understand how to manage the products we offer, are our best customers. Mr. Chairman, Ranking Member Sarbanes and Members of the Committee, thank you again for the opportunity to testify before you today. I will be happy to answer any questions you may have. Chairman Shelby. I want to thank all of you. Mr. Plunkett, I am going to ask you this question. First, I am going to make a statement. The Consumer Federation survey results indicate that there is a troubling lack of awareness regarding many crucial financial matters. One of the things that I am concerned about is the seeming lack of understanding consumers have about the fact that creditors make decisions about them based on their entire credit profile. I think the results of one of your survey questions indicate that most consumers do not recognize that simply applying for or obtaining an additional credit card can have negative consequences for their credit score. Mr. Plunkett, how can we improve consumer understanding of the fact that creditors look beyond their credit history and examine their whole credit profile? Mr. Plunkett. Senator, we have two suggestions in our written testimony, one broad and one narrow. The first is to get consumers more information up front so that they can prevent problems before they occur, and this goes to their recommendations for a free credit report annually upon request and a free credit score annually upon request. This is a slow process, but as access to this information is improved, as consumers use it more, as they are allowed to prevent problems before they occur, they will slowly learn more about the factors that are used in considering their credit history. The second set of recommendations are very targeted, and they go to improving the dispute resolution process so that when consumers have what educators might call a teachable moment, that is, they are about to be denied credit, they get information at that time from the lender about this situation. They get their credit report. They are allowed to look at that and correct errors. You are touching on an even broader issue, which is that experience and transaction information is used as part of a credit profile to market to consumers, to develop new products, et cetera. My view is that the more consumers get access to their actual credit report and score, the more we engage them in this information, the more we talk about the variety of purpose for which creditors use this information, as you are intimating, it is not just the granting of credit that is involved, the more we can raise awareness of consumer knowledge there. And also, the thing to do of course is to give them the protection that you have been advocating for years, which is the ability to say no to the sharing of this information, especially among financial affiliates. That more than anything is going to confront them with a choice. The financial institution is going to make the pitch. They are going to say, this is why this information is good for us to share. This is how it helps you. And whether it is an opt in or an opt out, that decision, more than anything, will educate the consumer about what this information is being used for, and then they will be able to make a decision about whether they want it shared or not. Chairman Shelby. Ms. Stewart, what do you think is the best method to expand consumer awareness of how the credit system evaluates them? Ms. Stewart. Obviously, the need to increase awareness among consumers is vital. It is important for those that are particularly not in the credit reporting system right now to understand what it would take for them to actually get into the credit reporting system, and not only establish good credit but also maintain good credit over the long term. That is why we invest so much of our resources into building educational support systems that would provide this kind of information to consumers. The thing that is most important for the Fannie Mae Foundation though is making the distinction between having an established credit record and people that are creditworthy. What we find---- Chairman Shelby. Two different things. Ms. Stewart. Those are two different things. As I mentioned earlier in my testimony, there are 22 million households who are unbanked, who have no relationship with a financial institution, and therefore have a much more difficult time establishing a credit record. That is 56 million individuals in this country. We believe it is very important to figure out how to move those 56 million people into the mainstream of financial activity in this country. One of the things that we provide in our ``Knowing and Understanding Your Credit'' brochure, which we provided copies of to the Committee, * is how to begin talking to a lender about nontraditional sources of credit, rent, utilities, other kinds of sources of credit that could actually bolster one's own discussion with a lender or a credit provider about one's creditworthiness, so that in case some credit information is not captured in a credit history, there is still a way for an individual to make a case that they are still a creditworthy individual. So there is a bit of awareness in education that is provided, but there is also some empowerment by consumers that we think we can do more of. --------------------------------------------------------------------------- * Held in Senate Banking Committee files. --------------------------------------------------------------------------- Chairman Shelby. Thank you. Senator Sarbanes. Senator Sarbanes. Thank you, Mr. Chairman. This has been an extremely interesting panel, and I think it underscores in many respects the difficulty of the problem we are trying to deal with. Actually, Ms. St. John, I like the logical construct you used in your statement. You said first, the information is there, but we have to show the consumer how to get it, and obviously we need to look at the premise of that, whether the information is there in all instances or whether there is more, but it is quite a reasonable point. It is there. Are they gaining access to it? And then your next logical point which I thought was extremely important is, how can the consumer understand the information that they get? I am struck by all of this material from the FTC that is in that plastic bag there, that we have a set of. I note that identity theft is obviously a fast-growing problem because there is a lot of material in here on identity theft. So, I think that underscores that issue. There is an awful lot of material here. But, one, how does a consumer get it, and then what use is a consumer able to make of it? I mean do they really understand it? How do we do that education process? I just want to ask first though some questions about the information they can get to begin with, to go right back to the premise. Mr. Winston, you stated in your testimony that FCRA itself serves an important educational function. Perhaps, most important, the law requires that lenders and other users of credit reports notify consumers when they take adverse action based on information from a credit report. So then the consumer knows that they are getting an adverse action because of their credit report. They are able to check their credit report to see whether the information upon which this is based is accurate. But Ms. Smith noted when a consumer accepts a creditor's offer of credit, even on different terms from those that were requested, an adverse action notice is not required. Of course, that raises a question whether an adverse action notice should be required when a consumer is denied the best credit rate offered by a company. In that situation, it is not a rejection of credit. It is putting them in a higher credit payment situation. What is your view on if they are offered less credit at less than most favorable terms, whether that is an adverse offer and should require an adverse notice. Mr. Winston. Under current law, it would require an adverse action notice if you got less favorable terms unless there were a counteroffer that you accepted in the credit situation. There is that caveat there. We have proposed that that be changed, that the Commission be given rulemaking authority to close that loophole because we believe it is a loophole. We think that in an era of risk-based pricing where very few consumers are actually turned down any more, but instead you get a higher rate or less favorable terms, that is the adverse action consumers should be informed of and given a right to look at their credit report and dispute any errors. Senator Sarbanes. Mr. Plunkett, did you want to add to that? Mr. Plunkett. That is an extremely important proposal. It goes to the heart of modernizing the Fair Credit Reporting Act for consumers given the trend in risk-based pricing. These days people with slightly blemished credit are much more likely to be offered a credit card or a mortgage loan at a higher interest rate, maybe with higher fees, than they are to be turned down. This goes to Senator Bennett's point. Instead of throwing information at consumers, let us let them know that they are not being offered the most favorable rate because of a blemish on their credit. Let us eliminate the counteroffer loophole and tell them this up front. Then that will trigger their FCRA rights to get the credit report and to check for problems. Senator Sarbanes. Is there anyone at the table who disagrees with this? Ms. Smith. I have a question as to the implementation of such a rule. Let me say that this rule comes from Regulation B because the application of the adverse action notice requirements on Fair Credit Reporting parallel, by law, the ones that we have under the Board's Regulation B. Basically, the position that is taken in the Regulation is one that was set certainly in the days before risk-based pricing, and it was set both to give a bright-line test for when is an adverse action notice required or when is it triggered? Then also to avoid confusion on the part of a consumer who might receive a credit card, for example, in the counteroffer situation, and then simultaneously receive an adverse action notice saying your credit was granted but it somehow suffered because of information in your credit report or information about you and your credit experiences. So that is the context in which it was established. If the rule is changed, I think that there would be some practical difficulties in determining what exactly represents an adverse or an unfavorable term in the sense that with risk- based pricing, where you do have complexity in the pricing structure, where you have ranges--the example I used in the statement was from 7.9 to 14.9. And if someone receives the 8.9, because it is not the most favorable, the person would receive an adverse action notice. I guess I also have a question as to practical impact in the sense that if someone receives a notice saying that they did not receive the most favorable rate based on information in their credit report, how likely is that individual to follow up? They will have the opportunity and be alerted that there is information in their credit report. The question is how likely is someone who knows that he or she has a credit history that is not stellar, that does have some blemishes, to follow up by asking for the credit report? It is only an issue of the likely impact that it might have, so certainly making credit reports available is something that would be valuable to the consumer. Mr. Winston. If I might just respond to that. I agree with Ms. Smith that there are complexities, and we want to avoid a situation where in essence everyone is getting an adverse action notice because no one ever gets the absolute best rate, but I think those are complications that can be resolved through a fact-gathering process and a rulemaking. I do not think it is necessary that the adverse action notice be negative in the sense of we have done something bad to you. It can simply be a statement of fact that we looked at your credit report, and something in that report resulted in you getting the offer that you got. It just triggers in the consumer's mind that this factored into their decision, and that is where I think the educational function comes in. I think there are a lot of consumers out there who apply for a loan, are offered 7 percent, and have no idea that it was not 6 percent because of their credit report. It would never even occur to them. I think consumers in that situation should be told that the credit report was factored in, you have a right to get it, and here are your rights, so that particular consumer can check and make sure there are not mistakes. I think that can be done through a rulemaking in a way that makes sense and balances these different interests. Senator Sarbanes. Of course, the other thing is even if they check it and there is no mistake, it drives home to the consumer the lesson that they need to pay attention to their credit record. Otherwise, it is going to have an adverse impact on their financial situation. That is part of the educational function, as well I would assume. Mr. Winston. Absolutely. Mr. Plunkett. Senator, I would just add that then the consumer, at that point, once they get the notice, can look at the difference in the rate that is being offered, for example, if it is a slight increase in a credit card, and this consumer is inclined to pay their balances every month, then they do not request their report, they do not sweat it. But if it is a 3 percent difference on a mortgage loan, that can obviously be hundreds of thousands of dollars over the course of a 30-year fixed loan, then they are going to want to look at their credit report. Leave the decision to the consumer. Senator Sarbanes. Ms. Stewart. Ms. Stewart. We would just agree that it is very important for consumers to have the information so that they can make an informed decision. When it comes to mortgage credit, for example, the fact that they may get a notice that they are paying a slightly higher rate, if they do have truly damaged credit, might not be a bad thing. If they have credit extended to them at all, it might be a good thing. But it is not a good thing if they do not know, going into the process, that they may not have good credit or that there may be problems in their credit report that may lead to a higher interest rate. The reason that is important for them to know is that obviously the whole purpose of homeownership is not just to provide a shelter over your head. It is to provide a wealth- building opportunity. To the extent that they have to pay more in financing costs, it reduces that opportunity to build wealth over time, and therefore eliminates one of their biggest priorities in terms of acquiring a home and having and building home equity over time. Senator Sarbanes. Mr. Chairman, my time is up. It shows the complexity. One question and we run out of time. Chairman Shelby. Absolutely. Senator Bennett. Senator Bennett. Thank you very much, Mr. Chairman. I agree with Senator Sarbanes that this has been a very useful and interesting panel. I wish we had had some representatives of the industry that provides credit scoring. I know Fair Isaac does, but I am talking about Equifax and the others, to address some reactions to some of the proposals that have been made. One of them that I would want to know is clearly cost. What is it going to cost to give a free credit report to everybody who asks for it? We have got some indication in those States where it is available now, but when I have asked that question of representatives of the industry, they say, well, it depends on the advertising campaign. I am not sure it is fair to put it on you, Mr. Plunkett, but groups say, get your credit report. They start advertising this. People say, you know, the cost is de minimis unless there is an advertising campaign whipping everybody up to please write in for their credit report. Then the number of credit reports goes up. The number of free credit reports goes up very dramatically. And the free credit report, while free to the individual, is not free to the credit bureau that is providing it. We might inadvertently go down the line of saying, gee, free credit reports for everybody is wonderful, and by the way, we have just added X amount of cost to the overall system which will then fall back on the consumer because ultimately the consumer has to pay the cost. If any of you have any information about that, I hope you would furnish it to the Committee. Let me get specifically, Ms. St. John, to the area that you talked about that I found really fascinating and frankly, a little bit confusing. One of the concerns that I have, take your reference to the SAT scores as an analogy here, is that some overactive trial lawyer will try to turn the score into an entitlement. We have seen that with respect to colleges, of people saying, I have an SAT score of X. Someone else has an SAT score that is not as good as mine. The college made a choice to choose them for reasons other than just the score, and I am going to bring lawsuit saying I am entitled to that spot in this law school, or this university because my SAT scores were higher than his. You see the problem here. Now, you have indicated that a customer can choose the score by which he wants to be judges, as opposed to the score that is widely distributed, and I need to have you explain that to me a little better. I do not quite understand that statement. Ms. St. John. Senator, your point is well taken. One of the things that we make very clear on the website and in the consumer booklets that we publish, is that the score is just one factor that lenders use in making their decision, and that lenders use a number of different factors, depending on the type and the nature of the credit decision that is being made. Having said that, we recognize that there is a variety of different kinds of scores available. One of the biggest concerns that we actually have with some of the score disclosure legislation that is in place today is that it simply requires disclosure of a score by the credit reporting agencies, not necessarily the one that is most widely used. Consumers may not recognize that the score information they are getting in those States is not necessarily a widely distributed score. In some cases, it may be a general consumer education score. It may be other scores that the credit reporting agencies distribute. But the point that we were really trying to make is that we feel consumers are best served if they know and understand the scores that lenders are using. Lenders use a wide variety of scores, including a lot of custom, proprietary scores. But to the extent that there is a widely distributed score, we feel that is the most useful score for consumers to know and understand. Senator Bennett. Then why would a consumer say, well, I want to choose another score to be disseminated about me? If it is the most widely distributed score that people use, aren't you de facto creating a national norm here? Ms. St. John. To the extent that there is a widely used score, I agree. We would think that that would be the default. However, recognizing that there are other generally available scores, there may be a general consumer education score, at the end of the day we feel that consumer choice, if they have the information to understand the types of scores that are available, if they are allowed to at least choose the score most widely used, would serve them best. Today, in the State of California, consumers do not necessarily even have access to the score most widely distributed by all three credit reporting agencies. Senator Bennett. My time is up, but I would like to come back to this on a second round if I could, Mr. Chairman. Chairman Shelby. Thank you. Senator Miller. COMMENTS OF SENATOR ZELL MILLER Senator Miller. Thank you, Mr. Chairman. I would like to thank the panel. I particularly would like to thank Ms. Gambrell for including that information about the Money Smart model site and the Dekalb workforce center in Georgia and also what is going on at Decatur High School. I did not know that until I read your testimony, and that is good work and I am glad you included it. I grew up in a home where the head of the household was a woman, and back in those days of antiquity, I can remember how she dreaded to go to the bank to try to borrow some money. Back then, a woman being the head of a household was a rarity. Of course today it is commonplace. I am wondering though, do we lump these women who head households under the title of consumer, that we use so freely, or should there be any kind of special effort to educate this group in particular somewhat better? Anybody have any thoughts on that? Ms. Gambrell. Senator, just some quick observations. I think certainly we have found at the FDIC that there are specific populations that have an even greater need, and certainly the panelists have talked about that today. When you look at underserved communities, when you look at unbanked populations, there are in particular groups within those categories: Minorities, women, those who are in low- and moderate-income categories. So as you look at the wide range, quite honestly, of financial education curricula, you will see that there are some very excellent programs that are geared specifically toward women, sometimes toward older women, sometimes toward women who are heads of household. That information is critical. It is crucial to help them understand how to get a foothold into the financial structure, how to better manage their money, and how to better manage their household. But I think we can all say certainly today that there continues to be the need for even greater education. And more than just education and awareness, that there has to be a link between that education and specific products, services, and programs, so that as people move through the educational track, there is something on the other end, there is an incentive that will bring them into a bank, a financial institution, or to use other types of products and services that will, in essence, lift them from their current financial situation. Senator Miller. Thank you. Ms. Stewart. Senator Miller, we have done research at the Fannie Mae Foundation on issues around women and their comfort level with financial matters, and some of our research shows that women in general are less comfortable dealing with financial issues, less comfortable with financial terms like IRA's, IDA's, and other kinds of financial jargon. So, we believe at the Fannie Mae Foundation we have to do a particularly good job in reaching out to lots of different communities, and in particular to women, to help them better understand issues around financial literacy and get them better prepared to manage their financial life for themselves and their families. We know that the homeownership rates among women, single- family headed households are particularly low, but they are growing. We believe there is a huge opportunity in this country if we invest more in education and information among women, that we will be able to do more to push the homeownership rate. One of the things that we found in terms of the delivery of financial services information for lots of different groups, African-Americans, Hispanics, minority groups, and immigrants, is that if you present information in the language and in a way that they understand and feel comfortable with, you actually have more success in getting information through. For example, with the Native American population, we have actually produced financial literacy information that is culturally specific to their population so that they can receive the information in a way that they feel comfortable and can understand. We think this can be tailored for women, as well as other groups that are particularly in need and are particularly underserved and overlooked by the financial services industry. Senator Miller. Thank you very much. I think they face a special challenge, and I am glad to hear there are some special programs that try to zero in on this. I do not have any other questions, Mr. Chairman. Chairman Shelby. Thank you. Ms. St. John, just a quick question here, and then I will move on. Would it be fair to say that FICO scores can only be as good as the baseline information used to develop them, that is, accuracy is everything here, is it not? Ms. St. John. Yes. The FICO scores use all of the factors proven predictive of credit risk based on the credit reports information. Chairman Shelby. You need accuracy. You need the information in the report to do it right, don't you? Ms. St. John. Well, you certainly need a base level of information for those scores to be predictive, definitely. Chairman Shelby. Right. Mr. Hildebrand, I assume that Capital One wants to have a good understanding about the credit history of its potential customers. In other words, your underwriters need information to make underwriting decisions like everybody that extends credit. Mr. Hildebrand. Absolutely. Chairman Shelby. So as consumers of information, you are fully supportive of its widespread availability? Mr. Hildebrand. Yes. Chairman Shelby. But as providers of information, you seem to have adopted a different perspective from what the staff has told us. They say you deliberately withhold furnishing to credit bureaus important customer information, information which has a material bearing on your customers' eligibility for credit. Some have claimed that Capital One, your company, is gaming the system to prevent its customers from appearing like worthwhile marketing targets to your competitors in the marketplace. Do you think your customers know of, let alone understand, Capital One's policy with respect to furnishing information to the credit bureaus? Quick answer. Mr. Hildebrand. So you speak about our reporting of credit lines? Chairman Shelby. Yes, under reporting stuff. Our staff has said---- Mr. Hildebrand. One specific variable that has been cited is the reporting of credit lines, Senator. Chairman Shelby. You said you do that because if you report it all, then the customer might have a better shot in the market. Mr. Hildebrand. We have not seen any research yet that indicates that this is in any way impactful on consumers. we have agreed to team up with Fair Isaac to actually look into this. Chairman Shelby. But you do not deny doing it, I would hope? Mr. Hildebrand. No, no, we do not report customer's credit line, that is correct. Chairman Shelby. Well, why don't you report it, because accuracy is so important? Mr. Hildebrand. It is a proprietary issue for us. At Capital One, one of the ways we manage risk, quite appropriately, is through the granting of credit lines, and the way that we manage that is called ``credit line sloping.'' We believe that is a competitive tool that we use better than anybody else in America. Our concern is that if we were to report that, our competitors could reverse engineer our credit policies and replicate that. It is an advantage that we have in the marketplace. Chairman Shelby. But on the other hand, what about accuracy? If I was doing business with you or anybody, I would want my report coming from Ms. St. John's company or whoever does this, to reflect everything I have to be accurate. In other words, how can the other people determine the report that comes out to be accurate if you do not, as a creditor, furnish that information to the credit bureau or if you skew the information? Mr. Hildebrand. We do not yet---- Chairman Shelby. I know you do it for proprietary reasons, but the customers out there, which is all Americans, do not know that. Mr. Hildebrand. No, they do not. And as I said, Senator, we do not yet have any evidence that it actually has an impact on the accuracy of their credit score. If we receive that, we will certainly reconsider our policy. Chairman Shelby. But it could have some impact on whether or not the customers can go somewhere to shop for better. Mr. Hildebrand. That is possible. Chairman Shelby. Could it not? Sure. Mr. Plunkett, do you think the average consumer in America understands that they can suffer negative consequences because a firm they have a credit relationship with decides to underreport information regarding their credit history? Mr. Plunkett. Senator, the answer is no. Our survey shows that, we asked a specific question here, that the majority of Americans do not understand. Chairman Shelby. Do you think that the average consumer understands that they may suffer, yes, suffer negative consequences because a firm they obtained credit from decides to underreport information regarding their credit history, same fact? Mr. Plunkett. Same answer, Senator. They do not understand they can suffer and this actually harms their overall credit score. Chairman Shelby. Would you agree that firms, that everybody that is in the marketplace, with credit so available, and accuracy so important, need to either furnish complete and accurate information to the credit bureaus or they need to inform their customers about their policy of limiting reporting? Mr. Plunkett. Senator, we think the first is absolutely essential. We need a requirement for complete reporting. As for informing customers on this one, this is an unethical practice. The experts on credit reporting and credit scoring tell us that it is very, very likely that this is a ding on the credit report. We know that if you look maxed out on your credit card, that is, you have a $500 balance and it looks like your credit line is $500, that that almost certainly is used as a negative factor in some way in calculating your credit score. Absolutely, it should be required that this information be reported. Telling consumers about it after the fact, I do not know that that helps them very much on this one, because the point of the whole credit reporting system is to have accurate and complete information. Chairman Shelby. Senator Sarbanes. Senator Sarbanes. Mr. Chairman, I want to take a moment or two to follow up on your line of questioning that you were pursuing. I think it is important. Ms. St. John, in your statement you say that 30 percent of your FICO score is determined on the basis of amount owed. Ms. St. John. Yes. Senator Sarbanes. And you list as one of the factors under amounts owed proportion of credit lines used, proportion of balances to total credit limits on certain types of revolving accounts. So you would look to see--maybe you have a $5,000 limit--whether you would use $500 of it or $4,500 of it. Is that correct? Ms. St. John. Yes. Senator Sarbanes. Okay. Ms. St. John. The amount of available credit line that is actually used and the balance owing been proven to be predictive factors. Senator Sarbanes. And the higher percentage of the available credit on a particular credit line a consumer is using could hurt their credit score. Is that correct? Ms. St. John. In general, the pattern that we see is the higher the percentage of the line utilized, the greater the risk of nonpayment in the future, yes. Senator Sarbanes. How do you determine what a consumer's credit limit is on any given line of credit? Ms. St. John. There are several different fields that are available that vary by the different credit reporting agencies. Some have a specific credit limit amount. Others represent a high credit amount that has been reached. The scoring systems use a variety of information to determine that high credit amount. If the credit limit is missing, it may look to see if there is other information that is available that can be used that has been proven predictive in the calculation of that ratio. Senator Sarbanes. The credit limit reported by the creditor, is that where that information comes from, presumably? Ms. St. John. Yes. Senator Sarbanes. All right. Now, is the creditor required to report that information? Ms. St. John. No. Senator Sarbanes. What happens if a creditor does not report a credit limit maximum for a particular credit line? Ms. St. John. It depends on the specific algorithm or the predictive variable that is being calculated. In some cases, the variables may default to a high credit amount or another field that is available. In other cases, it may bypass that particular account from the calculation altogether if it cannot contribute to the calculation overall. The end result is that the individual score for any given consumer in that situation could be higher or could be lower, depending on the ratio of credit used relative to the limits on all their other accounts. Senator Sarbanes. On the particular credit line, isn't the highest amount charged reported as the maximum? Ms. St. John. Depending on the credit reporting agency, yes, the highest amount actually reported is---- Senator Sarbanes. So if the creditor did not report the maximum score, that could artificially depress a consumer's credit score because it would make it appear he had maxed out or was close to maxing out, when, in fact, that was not the case. Is that right? Ms. St. John. It actually depends on what the current balance is at the time relative to whatever the maximum balance may have been. If they are carrying a very low balance at the time relative to the highest amount reached historically on that file---- Senator Sarbanes. Let's assume that---- Ms. St. John. --it could be lower. Senator Sarbanes. --the maximum balance they ever had was far short of what the credit limit was. So you could end up-- let's say my maximum balance has been $500. I have $400 on my card. My limit is $5,000. But I am going to get reported as though I am at 80 percent of my usable money, as I understand what you are telling me, rather than getting reported at 8 percent. Is that right? Ms. St. John. It actually depends on what the total limits outstanding are across all revolving trade lines and the total balance is across all. So it's not calculated on an individual account or trade line basis, but across all revolving accounts on the credit report. Senator Sarbanes. If that is my only revolving account? Ms. St. John. If that is your only revolving account and is the maximum balance reached, then, yes, it would be lower. It would likely result in a higher calculation. Senator Sarbanes. Well, I just want to ask Mr. Hildebrand. Does Capital One report the maximums on the credit limits? Mr. Hildebrand. We do not report the credit limit, the credit line that has been granted. We report the amount outstanding. Senator Sarbanes. Yes, so the person, this hypothetical person I have been describing, would really get a black mark when they do not deserve it. Isn't that the case? Mr. Hildebrand. To paraphase Ms. St. John, it depends on the broad spectrum of the credit that you are looking at as the score is developed. The score is developed looking at the entire credit profile coming from the bureau. Senator Sarbanes. I understand that, but this is one factor in there. Mr. Hildebrand. It is one factor. Senator Sarbanes. As far as this factor is concerned, clearly a negative mark is going to register against the consumer when they do not deserve that negative mark. Mr. Hildebrand. Senator, there are other scenarios that could be constructed that it is just as positive for consumers. And that is the research we are trying to do, to understand the impact that this would have. We certainly do not want to do anything detrimental to American consumers. We have a business to run as well. That is what we are trying to protect here. And so we have to balance those two. Right now it is a voluntary system. Senator Sarbanes. Are you unique amongst businesses in following this path? Mr. Hildebrand. I do not know. Mr. Plunkett. Senator, I can tell you from our survey and our study in December, from the Federal Reserve study in February of this year in which they looked at 248,000 credit reports. Capital One is likely not the only one using this practice. The Fed study, one of their conclusions, by the way, was that the use of this positive information does overstate risk for particular consumers. The other point I would make is that one of the standard generic explanations that consumers get when they get that adverse notice we have been talking about is, ``Proportion of debt to available credit.'' That means this is one of the reasons why your credit history, your credit report and your credit score, is not as high as it could be. Senator Sarbanes. I have used a lot of time on that, but I---- Chairman Shelby. It has been very informative. Senator Sarbanes. It is an important point. Chairman Shelby. Senator Bennett. Senator Bennett. Thank you. I think it is an important point as well, and I think we should dig a little further into it. Where it leads is where I am not quite sure I want to go, which is legislation laying out the requirement as to what the provider of information has to provide by law. Currently, it is entirely voluntary, is it not? Mr. Hildebrand. Yes, it is. Senator Bennett. Now, everybody who participates in the system has a vested interest in seeing that the system works. And, therefore, you are going to be as cooperative as you possibly can in providing information that you think will help the system work. If legislation comes in and says, okay, we are going to determine, by the wisdom of Congress, that the following things must be reported by every provider, with fines or other kinds of punitive action taken by the Government against a provider that does not fill in every single aspect of the blank, it conjures up, for me, a world that I am not really comfortable with because it means the Government virtually has taken ownership of this process, and the next step, Mr. Winston, is that the FTC runs it, Fair Isaac goes out of business, the FTC is giving scores, Congress is mandating what will be considered and what will not. And I think somebody out there is going to figure out a way to game that and get around it because this was not listed, so we can start to make decisions here, there, and everywhere. Am I overreacting? Mr. Plunkett. Senator, I would just respond to say we would not recommend that kind of micromanaging in the statute. There are obligations placed on credit bureaus and credit furnishers in the statute on accuracy. The statute is not explicit in terms of what is accurate and what is not. The agencies enforce it. We need an explicit standard on completeness, you know, just a definition, without micromanaging what is and what is not complete. We will leave that to the agencies. I will just add one more point. My understanding is that Fannie Mae and Freddie Mac require complete reporting, and I have not heard any reports that it has led to a problem in terms of people leaving the system. Senator Bennett. That is voluntary. Mr. Plunkett. When it comes to mortgage lending. Senator Bennett. That is voluntary. Mr. Plunkett. Yes, but it goes to your point that this kind of requirement would result in people fleeing, you know, furnishers fleeing the credit reporting system. What this shows us is that scenario probably would not happen. Senator Bennett. Could you furnish us with a list of the things you think should be required? Mr. Plunkett. In a definition of completeness? Senator Bennett. Right. Mr. Plunkett. Yes. Absolutely, Senator. Senator Bennett. Okay. We can take a look at that and get a reaction to it. You made mention earlier on, Mr. Plunkett, in one of your answers to opt in or opt out on the affiliate sharing issue, and we have not gotten into that issue with this panel. But since you made a mention of opt in or opt out, at least as you said it there was the implication that you really did not care one way or the other, just so long as the consumer has an opportunity at that particular point that the adverse action is triggered by something other than the present definition of adverse action, you would prefer to go in the direction of adverse action being defined as something less than the optimum rate. And at that point the consumer can say, well, I do not want my information shared with somebody in an opt in or opt out situation. I am pretty firmly in the opt out camp on this because I believe that if you have opt in, simple inertia will prevent the whole system from getting the information it needs. The analogy I give is if the phone book was opt in or opt out, you would probably have only about 20 percent of the phone numbers that are currently available to you in the phone book because the other 80 percent of the people would not get around to opting in. But if you do not want to get phone calls with the phone book, you can opt out and say I want an unlisted number. And I have discovered for those who say, yes, but an unlisted number costs money and I would prefer an opt out that is free, I have discovered it is very easy to get an opt out that is free, simply list your name in a way that nobody is going to recognize but your friends and relatives. My wife has an aunt who is listed by the initials, her first initial, then the initial of her maiden name and her married name, and nobody knows who she is in the phone book except her friends and relatives. Therefore, she has an unlisted number if somebody is trying to look for her, and it did not cost her anything. Could you address this question of opt in and opt out and what might very well happen if we go to an opt in and a large number of people say, well--not say, but by simple inertia stay out of it and thereby deprive affiliates of information that, in fact, can be, as we have heard in other panels, very, very useful to consumers? Mr. Plunkett. Senator, we support an opt in approach, but let me say this: Right now nationally, and at the State level, an opt in does not exist and an opt out does not exist. Neither exists for consumers regarding the sharing of this affiliate information. So either would be an improvement. We support the opt in approach because consumers again and again in polling have said that they are extremely concerned about the sharing of this information, this transaction and experience information because we should respect that, and also because the institutions you are talking about, even with an opt in, I have no doubt we are going to see a lot of marketing. The financial institutions in this country are masters of marketing. They are going to do everything in their power to explain the good purposes that they talk about for which this information is used. And so, even if it is an opt in, they are going to have their best shot at convincing consumers to use that opt. Consumers will have an opportunity to make that decision, to weigh the factors, and to decide whether it is worth their while to allow that information to be shared. Senator Bennett. My time is up. I would join you in supporting an opt out. I would suggest to you that the opt in process that you have described, which is a massive marketing plan to get those 80 percent of the people who would not otherwise do it unless they got convinced, would be really quite expensive and raise costs for everybody, and even if it were successful, end up hurting the consumer in higher costs for the services that were provided. Mr. Chairman. Thank you. Chairman Shelby. Senator Allard. STATEMENT OF SENATOR WAYNE ALLARD Senator Allard. Thank you, Mr. Chairman, I apologize I was not here at the start of the hearing, but I do have a full statement I would like to make part of the record. Chairman Shelby. It will be made part of the record in its entirety, without objection. Senator Allard. I hope this is not duplicative of a question previously asked, but I would like to direct this to Ms. St. John. In your testimony, you explain that there are many different kinds of credit scores ranging from the Fair Isaac's-developed, broad-based FICO scores, widely distributed to lenders, to custom models that are developed for use by individual lenders. The last kind of credit score you mention are those distributed primarily to the consumer market. I am curious how the credit scores distributed to lenders are different than those distributed to consumers. Ms. St. John. In many cases, credit scores are being made available to consumers in States that have required score disclosure. California was the first and Colorado has recently passed a law. We have cooperated with one of the credit reporting agencies to ensure that the FICO scores are indeed provided to consumers in those States when they request them. That is not necessarily the case, though, with all the credit reporting agencies. It is really up to the credit reporting agency to simply provide a score which may or may not be the one that is actually the scores that lenders are using in a number of cases. As I mentioned in the written testimony, there are general consumer education scores that have been developed that describe scores in general and give an idea. There are scores that the credit reporting agencies have developed on their own that are proprietary to those agencies. There is the FICO score. And then, of course, there are custom proprietary scores that the lenders would use that the credit reporting agencies would not have access to. Our point in our written testimony is simply that it is important when score disclosure comes up as a topic to be clear on what score. We certainly would indicate that the consumer's knowing and understanding what scores lenders use and having access to the scores most widely distributed at a particular point in time is what would serve the consumers best. And at the end of the day, if there is a choice of different widely distributed scores, it puts consumers in charge by giving them the choice. Senator Allard. All those scores, though, impact decisionmaking by the lender, whether or not they are distributed to the consumer. Is that correct? Ms. St. John. They may or may not. My understanding is that generally developed consumer scores for consumer education purposes may not even be something that is provided to lenders or that lenders are using. I do not really know in many cases, and I think that is one of the biggest issues that we have found, that it is difficult for consumers to necessarily know what score they are actually being provided with. Senator Allard. Okay. So the score that the lender has is not necessarily comparable to that which has been provided to the consumer. Is that correct? Ms. St. John. That is correct in the sense that, again, there are many different kinds of scores that are available. And the best way to indicate if there is understanding and access to credit scores is by ensuring that if there is a widely distributed score, it makes sense that that would be the one that is provided most often as opposed to, say, lenders' own proprietary scores. As I indicated, the credit reporting agencies would not even have access to those. Senator Allard. We have three main credit bureaus, I guess is the best way to describe it. Do credit scores vary among those three credit bureaus? Ms. St. John. Yes, they do. Senator Allard. In what way? Ms. St. John. Well, the FICO scores, as we indicated, are the most commonly used. In fact, there are different underlying credit scoring algorithms at each of the three credit reporting agencies. The reason for that is because there are different underlying data elements that are maintained by those credit bureaus, and Fair Isaac has sought to develop the most predictive scores available for each of those three credit repositories. We do scale them so that the same score represents the same degree of risk, regardless of which credit reporting agency it is obtained from. But the actual underlying statistical algorithms are slightly different between the three. Senator Allard. Mr. Chairman, I see my time has expired. Chairman Shelby. Thank you, Senator Allard. Ms. Smith, in your written testimony, you have highlighted that the development of risk-based pricing has reduced the number of adverse action notices, which is a key accuracy device that consumers receive. You also point out that, at present, there are significant questions as to the overall accuracy of credit reports. You then indicate that the outmoded adverse action notice should not be updated. This is troubling to me, and probably others. In other words, it seems to me if you are looking for accuracy rather than just making--and Senator Sarbanes, I believe, raised the question--them another offer, but always at a higher rate of interest, always, without them being jolted. Ms. Smith. Okay. I was not intending to suggest that this is an area that should not be looked at or should not be updated. Chairman Shelby. By ``looked at,'' you mean---- Ms. Smith. Considered as far as---- Chairman Shelby. This is the time to deal with it, isn't it? Ms. Smith. Right. Chairman Shelby. Okay. All right. Mr. Winston, the FTC favors updating the adverse action notice process. Is that support for updating based on the notion that consumers will never be more aware of the need to review their credit report than after they have been jolted to that awareness by some kind of credit-related problem? For example, if I were to apply for a credit card with Capital One, or anybody, and---- Senator Sarbanes. Well, Capital One is at the table, so that is a good example. Chairman Shelby. It is. Mr. Hildebrand. And we appreciate you applying, too, Senator. [Laughter.] Chairman Shelby. I may have one from them. Who knows? Mr. Hildebrand. I hope you do. Chairman Shelby. But if I did, shouldn't they have all the information that goes on me to evaluate my credit risk? Do you agree with that? Mr. Winston. Yes, that is the ultimate teachable moment. Chairman Shelby. Now, on the other hand, if they did not have all the accuracy, all the information, and they might not give me the credit card with the lowest rate of interest, they might make a counteroffer of 3 percent more interest, or whatever it is. But I still would not know why, would I? I would just know they made me a counteroffer. Is that correct? Mr. Winston. You would not know that this is a counteroffer, necessarily. You may not even know that there is a lower rate available to people with better credit. They give you a number. You may think that is what they offer, that is their best rate. I think a lot of consumers do not understand this notion of different rates for different credit risks. Chairman Shelby. Well--and I am speaking for myself--I think there should be different rates for different credit risks. Mr. Winston. Of course. Chairman Shelby. I mean, that is how the market works. You know, you have to have that, I believe. On the other hand, the accuracy of that credit report is key to all the scoring, is it not? Mr. Winston. Yes. I think the fact that there are different rates for different credit risks is a terrific thing. That is good for our economy. That is good for consumers. But that heightens the need for an accurate report, and it heightens the need for consumers to understand how that report is being used. Chairman Shelby. Absolutely. Thank you. Senator Sarbanes. Senator Sarbanes. This has obviously been a very interesting session. I wanted to just add an addendum to that last point. At some point for the different rates for different risks, we reach the point where the person is being called upon to pay rates that they cannot sustain by any reasonable measure. That is when we get into, in my judgment, predatory lending and similar practices. And it is one of the reasons I have been so concerned about that, because beyond a certain reasonable point people are being led into a situation which is very apparent that this is well beyond their means to sustain. Usually that happens when there is real estate that can then be stripped away from them, so this wealth-building, whatever was done in the equity, is all taken out away from the people. So, I just want to add that extra dimension to it. I am not clear on the answer to Senator Allard's question, which I thought was a good line of questioning. As I understand, it is possible, under the way the current system works, that a creditor can deny me credit as a consumer. I get an adverse notice. I ask for the credit report to see what went wrong. And the credit report that I am given is different from the credit report used by the creditor to deny me credit. Is that correct? Ms. St. John. Senator, I was speaking in the case where it was proactive--a request by the consumer to obtain a copy of their credit score from a credit reporting agency. I think there are others on the panel who are better equipped to address the situation in the case of an adverse action, when an adverse action has been taken. Lenders have always been provided with the top reasons behind the score in order to provide the key underlying reasons for that adverse action to the consumer. Senator Sarbanes. Well, but that may be reformulated by the creditor. I want to know whether, if I am a consumer and I get an adverse notice, I ask for my credit report, whether I am going to get exactly what the creditor got when he denied me credit. Mr. Plunkett. Senator, here is a circumstance where that could happen. The creditor only submits a couple of points of identifying information on the potential--on the applicant, on the consumer: Name, Social Security number. We know that the system is imperfect and that it pulls up information that does not always pertain to that particular person. The consumer, when they ask for their report, they use four or five pieces of identifying information. So the credit bureau gets it right. The consumer gets the right information for them. But the creditor's report may contain mixed files. It may contain information about John Smith, Sr., instead of John Smith, Jr. And the information then used by the lender to make a credit decision is wrong, is inaccurate. That is why the consumer needs to see, in the case of an adverse action, that actual report that the lender used. Senator Sarbanes. Yes. Mr. Hildebrand. May I, Senator? Senator Sarbanes. Yes, certainly. Mr. Hildebrand. As a lender here, the case that Mr. Plunkett just cited could indeed happen, although the credit bureaus and all the lenders strive to make sure that the individual who has applied to us is the one whose credit record we are pulling. And there are mountains of information and pieces of technology that are used to do that. When an adverse action is issued, what we are trying to do there--we receive a large amount of information about a consumer electronically, machine-read, virtually unintelligible to a human, when those credit records are passed. So when we actually ask a bureau for a record so that we can approve an application, it comes in a format that is readily available to computers, not easily deciphered by people. The report that is issued to a consumer out of the credit bureaus puts that into understandable language and context. The adverse action letters do the exact same thing. We may be looking at large amounts of information, but the salient points, the reason for the issuance of the adverse action letter is really what is important to the consumer. It is that they, you know, have had too many late payments, for instance. That is why. The specifics of what we looked at and all those things, that is available on the report, but it is made in a format that is much different than what we see. Senator Sarbanes. Of course, Mr. Plunkett posits a situation in which the consumer is being denied credit on the basis of a faulty report. Mr. Hildebrand. And as I said, that is a very rare circumstance. Senator Sarbanes. Well, it should not occur at all, presumably. Mr. Hildebrand. Agreed, and the credit bureaus, that is what they spend most of their time trying to do, is make sure that, you know, we do not walk around with identifying numbers that sort of--you know, a national security identification number that we use readily that makes all that information easy to capture and compile. That is what they spend their time doing. Senator Sarbanes. All right. Let me ask, Ms. Smith, in your testimony you speak of the efforts at the Federal Reserve to promote enhanced financial education. Ms. Gambrell and Mr. Winston also spoke of their agencies' efforts. And it is my understanding--in fact, knowledge--that many other agencies, departments, and regulators have financial literacy and education initiatives underway. Of course, there are extensive efforts at the State and local level, in the private sector, and by the nonprofit community as well. It is my strong view that there is a lack of coordination with respect to all these efforts, and particularly amongst the various Federal agencies. I think we need a comprehensive strategy to promote financial literacy and education for all Americans. Do you think that increased coordination between the various Federal entities who are working on this problem, along with strong cooperation with State and local governments and nonprofit and private entities, to develop and implement a coordinated strategy would be a beneficial undertaking? Ms. Smith. It certainly would be valuable to coordinate and collaborate in terms of having the agencies know what each of the others is doing. Generally, some of this is already taking place in the sense that I know that in the case of the Federal Reserve, when we enter into the financial education arena, we look at where it is that the Federal Reserve can add value rather than approaching it from ground zero and thinking that we need to produce brochures or that we need to produce programs. We, for example, would not attempt to replicate what the FDIC is doing, knowing the wonderful job that they have done with their Money Smart program. So that what we do attempt to do within the Federal Reserve is to see where there are segments of the population where we might add value, so that, for example, some of our Federal Reserve districts, if they have Native American populations, have placed their efforts there, not in the sense of educating them necessarily in a direct sense, but working with Native American tribes, partnering with banking organizations and with community groups to bring the different elements together and to leverage resources. Senator Sarbanes. Ms. Gambrell, do you think we need a coordinated strategy? Ms. Gambrell. Senator, I would support and the FDIC would support a stronger coordination of financial literacy efforts, and certainly at the FDIC we have seen from our own efforts the importance of the grass-roots collaboration with community organizations, with financial institutions, and others. There are, as I said earlier, excellent programs out there, and we certainly see the benefit to an even more structured and strong coordination among the programs. Senator Sarbanes. Mr. Winston. Mr. Winston. Coordination is certainly a good thing. There is a lot of it that goes on now. I agree with Ms. Smith. And what we have learned in our educational efforts generally is that consistency of message is critical, that everybody be saying the same thing, be on the same page. And the more we can do that, the better. Senator Sarbanes. Ms. Stewart, do you want to add anything? Ms. Stewart. We think the coordination would be very important. But one thing I would just add to it is that one of the other important institutions to include in that conversation would be the public education system. One of the things that we found in researching the likelihood of consumers to even seek out financial literacy information is that it usually comes when there is a crisis going on, when there is an important goal that a family may want to reach, like homeownership or some other goals, or when a family has to comply with some requirements or some regulations. I dare say that I think for some younger people, younger Americans who need access to more information on financial literacy, a requirement of school would prompt them to actually learn more about financial literacy. Actually, we would be able to do more in terms of increasing the understanding of credit and financial literacy to educate people younger in their lives, so that before they get through college and certainly when they start working in the workplace, they have a much better understanding of how to establish good financial practices for themselves that will start them on the path to creating wealth and building wealth over time. Senator Sarbanes. Good. Thank you. Chairman Shelby. Senator Bennett. Senator Bennett. Thank you, Mr. Chairman. Back to this issue of score disclosure, Ms. St. John, I have gone into it and Senator Allard has gone into it. You are aware, of course, that what you are proposing here is different from what the House bill suggests and different from what is being done in both Colorado and California, where the credit reporting agency has latitude to choose. You have talked about latitude on the part of the consumer to choose, and I am still not quite sure I understand how that works here. The experience in the States that have this is the experience that the House bill has adopted, which means that the credit reporting agency can choose between the widely used scores, which presumably is yours--and I can understand you have a brand you would like everybody to use. But either that or educational scores, which in their view might go farther toward helping the consumer understand why an adverse action was taken. I will not ask you to say, gee, we prefer somebody other than our company to be the one that is chosen, but this whole question of latitude, if I understand your testimony, you think the customer should make the decision as to which score he gets rather than the credit reporting agency being permitted to determine which score they give. Ms. St. John. That is correct. We feel the information is out there about scoring in general. It is a matter of simply trying to get the word out. In some cases, though, we feel like what is proposed under the House bill, if it follows what some of the States are doing could actually be confusing or misleading. It has been debated well, is it the score most widely used at any given time? That may or may not be the FICO score at some point in the future. A general education score that could be more valuable. At the end of the day, we simply feel that if the consumer had sufficient information to understand, they could choose, and at least have the right to be able to get the score that lenders are using widely at any given time. So what we were trying to propose was simply more flexibility in some of the wording or the language that would allow for greater consumer choice, and at least allow access to the score that is widely used by lenders at any given time. Senator Bennett. Okay. Not to prolong it, my problem is that many times the score may be the most widely distributed score, but it is not the score that a particular lender uses, in which case the customer is getting a score that is irrelevant to the fact that he has had an adverse action from that particular lender. And, you know, that becomes more confusing. Let me just close my comments here--we have got a vote coming up--to put into the record, not to ask any particular question or raise any particular issue, but just put into the record that I think might help in our perspective of this. The FDIC is responsible for ensuring compliance at 5,400-plus FDIC- insured, State, nonmember banks, literally millions and millions of consumers. I think the following set of numbers is interesting. In 2000, the FDIC received a total of 600 Fair Credit Reporting Act complaints and 194 inquiries. When they examined the 600 complaints, 90 percent, 540, were found not to involve an error; only 60 were found to have involved an error or violation. So think of the millions of transactions that took place. Out of those millions, 600 produced something that somebody decided they wanted to complain to the Federal agency about, and out of that 600, 60 were found to involve an error. That was in 2000. In 2001, the FDIC received 100 complaints, down from 600 to 100, and of them, 65 percent--easy, the raw numbers--65 were found not to have involved an apparent bank error violation. In 2002, the FDIC received a total of 452. We got off the round numbers in 2002. Of these, 391, or 86 percent, were found not to involve an apparent bank error or violation; only 61, or 14 percent. That does not mean this is a trivial issue, and that does not mean we should not be having this hearing and looking at it as carefully as we are. But it does mean that the Fair Credit Reporting Act is performing an awful lot better than some of the rhetoric around it might suggest. And we should be very careful, Mr. Chairman, as we draw up the specifics of this legislation, to fix some of the problems that have been outlined here. I am particularly intrigued by Mr. Winston's suggestion that we change the definition of adverse action when a credit report is triggered. I agree with you that is a teaching moment. And the fact that I am not getting the best rate that I could have otherwise have gotten might be the time that it gets my attention. I would prefer that to be the trigger of the free report than an advertising campaign to be the trigger of a free report. But as we go through all of these possibilities, we should remember that this process has served America extremely well, has served minorities and those who are economically disadvantaged extremely well, has served entrepreneurial activity on the part of those who could not otherwise get credit to start businesses extremely well. And we should be very careful not to mess up a good thing while we are in the process of trying legitimately and properly to make it better. Chairman Shelby. Senator Allard. Senator Allard. Thank you, Mr. Chairman. Just briefly, I am just curious to know, of those of you who provide financial literacy information, do you also provide information on how to improve your credit score? Mr. Winston. Yes. Mr. Plunkett. Yes. Senator Allard. How many? All of you? Ms. Gambrell. We do. Senator Allard. Let's see. I see four out of seven? Five out of seven? Okay. And obviously you think this is an important follow-up on a credit score. When you talk about how a consumer can improve their credit score and then discuss their credit report, do consumers understand the difference? Mr. Plunkett. Well, funny you ask, Senator. We just did a survey on this. We found that only a quarter of consumers had seen their credit score--this does not go exactly to your question--and that just under 50 percent had looked at their credit report. So we can assume for the rest of the population that they may not understand the difference. In fact, I mentioned this earlier. A small percentage of consumers think the credit score actually measures their knowledge of credit as opposed to their creditworthiness. Senator Allard. Interesting. Ms. Gambrell. Senator, we certainly have found, as well, that in the Money Smart classes that we have taught, there are questions that are raised by those participants. And, in fact, one of our modules actually walks people through a credit report to help them better understand what they need to look at, and in many of those classes, they have the reports right in front of them. But, clearly, there is still some confusion over the differences between that credit report and the credit scoring and how it may impact a person's credit history. Ms. St. John. And if I could, for those who have visited myfico.com and actually purchased the basic service, which is their FICO score, the underlying credit report, and a detailed explanation of the factors that go into it, as well as some general advice as to how they can improve their score over time, we have had over 3 million customers who have purchased that basic service, and they understand the difference from the standpoint that they can see their score, but then go back and forth between the score explaination and the underlying credit report. And many of the statistics that we have gathered where we have surveyed visitors to myfico.com have indicated that over 80 percent have taken steps to try to improve their credit score over time following that, and roughly 80 percent would continue to monitor their score at least once a year. At least for those people that have visited the site, and gotten that information, including both the score and the report, it is quite clear what the differences are. Senator Allard. Yes, ma'am. Ms. Stewart. I would just add to it that our consumer education brochures on credit give general advice on how one can improve one's credit score, credit profile, or credit report in general. But we do not feel that we have the information that would provide specific advice to a consumer on specifically the things that would drive a credit score up. We just give general advice that would improve one's credit profile altogether. Senator Allard. I would suspect that most of you, if you get an adverse action, somebody applying for credit who got turned down, you would recommend to them at some point in time to come back and get another credit report to see if their credit history is accurately reflected. Under current law, consumers are provided one free credit report. If there is adverse action determined and they correct it, do they have to pay for that second follow-up to see if that correction is there? Mr. Winston. Yes, except in those States where it is free. Senator Allard. Oh, some States provide that free of charge? Mr. Winston. Colorado is one. Senator Allard. Colorado is one of those. Senator Sarbanes. How many such States are there? Mr. Winston. I believe there are six. Ms. Stewart. Senator Allard, one other thing that I would just add to that is we actually advise in our outreach material that people actually get their credit report before they even enter the process and that people understand their credit profile before they actually apply for a mortgage so that they do not get down the road and have to face a situation where they may end up having to pay more for a mortgage that may actually reduce their wealth-building opportunity. And so we actually advise people to even start the process with looking at a credit report before even applying for the mortgage in the first place. Senator Allard. Thank you, Mr. Chairman. Chairman Shelby. I want to thank all of you for being here today. I think this has been a very important and lively hearing. Senator Sarbanes. I agree with that, Mr. Chairman. Chairman Shelby. This hearing is adjourned. [Whereupon, at 12:22 p.m., the hearing was adjourned.] [Prepared statements and response to written questions supplied for the record follow:] PREPARED STATEMENT OF SENATOR MICHAEL B. ENZI Mr. Chairman, I commend you for holding this important hearing today. Our credit market has been extremely important to the health of our economy. During the past few weeks, many individuals before our Committee have discussed that it is vital for consumers to understand the credit process before getting involved and the consequences that happen when people do not. In an ideal world, the primary tools of financial literacy would be taught to children at a very young age. I firmly believe that the fundamental basics of how to save, to invest, and to put money away for retirement are more important now than ever. There is a tremendous amount of excellent information out there, both in the public and private sectors, to help consumers comprehend how to handle money and credit. However, I also recognize that consumers can get confused easily by all of the information that is available, especially when trying to determine what information is right for a particular consumer. To help in the process, Senator Stabenow and I will be introducing legislation this week to help give consumers an entry point for this information within the Federal Government. Whether a consumer is searching for financial information about starting a savings account, to open a credit card, to start investing in the stock market, to purchase a home, or to put away money in a retirement account or pension plan, all consumers should have all of the information at their fingertips without having to hunt down specific information for just one purpose. We hope that this bill will help the Federal Government bring the right information, in the proper perspective, in one spot for consumers. As we will hear today, there are many excellent Federal programs and public/private partnerships out there. We just have to make sure that people can find them. I also want to single out Senator Sarbanes for all his hard work on financial literacy. I know that he has worked very hard over the years, as Chairman and as ranking member, to bring this issue to the forefront. Mr. Chairman, I am very grateful that you also are making financial literacy a part of the Committee's overview of the Fair Credit Reporting Act. I look forward to working with you and Senator Sarbanes and other Members of the Committee on this important issue. ---------- PREPARED STATEMENT OF SENATOR WAYNE ALLARD I would like to thank Chairman Shelby for holding this hearing on consumer awareness and understanding of the credit granting process. There are certain responsibilities a consumer has in finding out the status of his or her credit, by purchasing or retaining a credit report. However, customers are often not aware of the factors that inhibit or enhance their ability to receive credit. Regulators and the credit industry have an important role to play in making sure that consumers are educated on the factors that determine their credit status, and what steps they can take to improve their credit score. Maintaining a good credit report is essential as it can determine a customer's ability to get a mortgage, a car loan, or insurance. Senator Schumer and I recently introduced S. 1370, the Consumer Credit Score Disclosure Act of 2003. This bill would provide consumers with their numerical credit score and an explanation of the factors that determined that score when they apply for a mortgage or a loan. S. 1370 would ensure that customers are made aware of their credit score, how it was created, and what they can do to repair it. Our bill would ensure that consumers have the tools they need to ensure they are getting the best rate and terms when applying for financing. Thank you again, Mr. Chairman for convening this important hearing. I would like to thank the witnesses for agreeing to testify today, and look forward to your testimony. ---------- PREPARED STATEMENT OF DOLORES S. SMITH Director, Division of Consumer and Community Affairs Board of Governors of the Federal Reserve System July 29, 2003 Mr. Chairman and Members of the Committee, I appreciate the opportunity to testify on the significance of maintaining a reliable national credit reporting system, the importance of the Fair Credit Reporting Act to that system, and the need for consumer awareness of how this system functions and relates to their ability to obtain credit. Background and Overview of the Fair Credit Reporting Act Background In the past, local banking institutions knew the credit capacity of individuals in their community. As the financial services industry has grown larger, financial products and services more complex, and the U.S. population more mobile, it is no longer feasible for institutions to evaluate the credit standing of consumers based solely on their direct experiences with such consumers. Centralized credit bureaus, or consumer reporting agencies, have evolved to provide a repository of credit history information that can be accessed by creditors to evaluate the creditworthiness of prospective borrowers. This national credit reporting system provides creditors with an efficient, competitive, and cost-effective method of obtaining data for credit decisionmaking and consumers with increased credit availability. The data on what consumers understand about the credit granting process, and how their credit report relates to that process, are limited. There is some anecdotal evidence consumers are generally aware of the terms ``credit scoring'' and ``credit rating,'' but that they are not clear on how credit scores are used in credit granting. Because information obtained through the national credit reporting system has become invaluable to creditors in determining the creditworthiness of consumers, it is crucial that consumers understand how this system operates and impacts their ability to obtain credit and the pricing of credit. Educated consumers who make informed decisions about credit are essential to an efficient and effective marketplace. Consumers who understand how their credit-risk profile relates to credit rates and terms can better determine which credit product suits their needs. Today, each of the three national consumer reporting agencies-- Experian, Equifax, and TransUnion--maintains records on as many as 1.5 billion credit accounts held by approximately 190 million individuals. Each of the consumer reporting agencies receives more than 2 billion items of information per month and issues roughly 2 million credit reports each day.\1\ --------------------------------------------------------------------------- \1\ See ``An Overview of Consumer Data and Credit Reporting,'' Federal Reserve Bulletin, February 2003, at 49-50. --------------------------------------------------------------------------- The information that is gathered by the consumer reporting agencies is obtained from banks, savings associations, credit unions, finance companies, retailers, other creditors, and collection agencies, as well as from public records. A consumer report generally consists of five types of information: Identifying information, such as the consumer's name and address; detailed information reported by creditors regarding individual credit accounts; public record information, such as records of bankruptcies, foreclosures, and tax liens; information reported by collection agencies, mostly regarding nonpayment of bills; and information regarding inquiries about a consumer's credit record. Consumer reports are used for credit, insurance, employment, and certain other limited purposes. Overview of the Fair Credit Reporting Act The Congress adopted the Fair Credit Reporting Act (FCRA) in 1970 to regulate credit reporting systems in the United States, and passed significant amendments in 1996. The primary purposes of the FCRA are to ensure fair and accurate credit reporting and to protect consumers' privacy. Among other things, the FCRA imposes certain obligations on consumer reporting agencies, on users of consumer reports, and, since 1996, on furnishers of information. A person may obtain a consumer report only for a permissible purpose. The FCRA specifies the permissible purposes, which include using the information contained therein for a transaction involving an extension of credit to a consumer. If a creditor takes any action that is adverse to a consumer based on information in a consumer report, the creditor generally must give the consumer a notice of the adverse action. This notice informs consumers about their rights under the FCRA. Participation in the U.S. credit reporting system is voluntary. Creditors are not required to obtain consumer reports before making credit decisions, although most creditors rely on consumer reports for risk-management purposes. Creditors also are not required to furnish information to consumer reporting agencies. But if they do, the information they furnish must be accurate. They must correct and update erroneous information, and must investigate any disputed information. Consumer reporting agencies have extensive responsibilities under the FCRA. Those responsibilities include: Maintaining reasonable procedures to ensure that consumer reports are furnished only to persons having a permissible purpose; following reasonable procedures to ensure the maximum possible accuracy of consumer reports; reinvestigating the accuracy or completeness of any disputed information and notifying the consumer of the results of the reinvestigation; omitting certain obsolete information from consumer reports after specified periods of time; and providing consumers with a copy of their consumer reports upon request. The FCRA contains important consumer rights and protections. Several are designed to promote accuracy in consumer reports. For example, the right to receive notice if information in a consumer report has resulted in adverse action enables consumers to check the accuracy of information in their credit reports. An adverse action notice must inform the consumer of the name, address, and telephone number of the consumer reporting agency that furnished the report, the consumer's right to obtain a free copy of the consumer report, and the consumer's right to dispute the accuracy or completeness of any information in the consumer report. Consumers have a right to obtain a copy of their consumer reports, upon request; currently this right does not extend to getting their credit score.\2\ Consumers also have the right to dispute the accuracy or completeness of any information in their consumer reports with a consumer reporting agency, to have such information deleted or corrected, and to have a statement of dispute included in the report if the dispute is not resolved. Consumers may also dispute the accuracy of items with the furnisher of the information. --------------------------------------------------------------------------- \2\ A credit score is a numerical representation of a consumer's overall credit profile arising from mathematical procedures that weight attributes in the way that best distinguishes between preferred and not preferred accounts. --------------------------------------------------------------------------- Other consumer rights and protections are designed to protect consumer privacy. Consumers have a right to be excluded from prescreened solicitation lists. The three national consumer reporting agencies maintain a toll-free telephone number that consumers can call to exercise this right. Limiting access to consumer reports to persons that have certified a permissible purpose under the FCRA also protects consumer privacy. In general, the FCRA restricts the sharing of certain information among affiliates unless the consumer is given the opportunity to opt out of that sharing. Additional privacy protections apply in circumstances where consumer reports are provided to prospective employers or contain medical information, and where investigative consumer reports are prepared or obtained. The Importance of the National Credit Reporting System Maintaining a reliable national credit reporting system is essential to ensure the continued availability of consumer credit at reasonable cost. As Federal Reserve Board Chairman Greenspan has observed, ``unless we have some major sophisticated system of credit evaluation continuously updated, we will have very great difficulty in maintaining the level of consumer credit currently available[.]'' \3\ Without the information that comes from various credit bureaus and other sources, lenders would have to impose higher costs on consumers to compensate for the increased risk and uncertainty associated with the credit they extend. --------------------------------------------------------------------------- \3\ Remarks following prepared testimony by Alan Greenspan, Chairman of the Board of Governors of the Federal Reserve System, April 30, 2003, House Financial Services Committee. --------------------------------------------------------------------------- The readily availability of accurate, up-to-date credit information from consumer reporting agencies benefits both creditors and consumers. Information from consumer reports gives creditors the ability to make credit decisions quickly and in a fair, safe and sound, and cost- effective manner. Consumers benefit from access to credit from different sources, the competition among creditors, quick decisions on credit applications, and reasonable costs for credit. The Importance of Credit Scoring Credit scoring has become an important tool in the credit granting process. Credit scoring models, which typically are proprietary to individual institutions or individual consumer reporting agencies, use credit bureau information and other data to construct mathematical scorecards that can accurately predict levels of creditworthiness across various populations. These models assign positive and negative weights to items of information that have demonstrated statistical usefulness for the evaluation of credit risk. Credit scoring enables creditors to evaluate, quickly and inexpensively, the risk of lending to credit applicants, and promotes the making of expedited credit decisions in a safe and sound manner. Consumers benefit from the increased availability and lower cost of credit made possible by the use of credit scoring models. Credit scoring also may help to reduce unlawful discrimination in lending to the extent that these systems are designed to evaluate all applicants objectively and thus avoid issues of disparate treatment. As Chairman Greenspan has noted, the emergence of credit scoring technologies, ``has proven useful in expanding access to credit for us all, including for lower-income populations and others who have traditionally had difficulty obtaining credit. It has also enabled financial institutions to offer a wide variety of customized insurance, credit, and other products.'' \4\ Chairman Greenspan stressed the importance of maintaining a system that provides incentives to develop more sophisticated credit scoring models and enables credit scoring models and technologies to advance.\5\ --------------------------------------------------------------------------- \4\ Letter from Chairman Alan Greenspan to Congressman Ruben Hinojosa, February 28, 2003. \5\ Remarks following prepared testimony by Alan Greenspan, Chairman of the Board of Governors of the Federal Reserve System, July 15, 2003, House Financial Services Committee. --------------------------------------------------------------------------- Risk-Based Credit Pricing Credit evaluation systems rely on information gathered by consumer reporting agencies on consumers' borrowing and payment experiences to measure the credit risk posed by current and prospective borrowers. Risk-based pricing, which has become increasingly common in all sectors of the credit industry, is a mechanism by which the rates offered or charged to consumers reflect the creditworthiness and risk posed. Risk- based pricing is made possible because creditors have available to them data from consumer reports, including credit scores, which permit them to assess the risk profiles of individual consumers. For example, a consumer demonstrated to have an extremely low risk of default or delinquency, based on a consumer report, would likely be offered a very favorable interest rate; a consumer with a marginal credit history, on the other hand, may also be offered credit, but at a higher rate. Risk- based pricing permits creditors to offer credit products tailored to the consumer's individual risk profile. The Importance of the FCRA to the National Credit Reporting System Federal Preemption Under the FCRA of Certain State Laws In 1996, the Congress amended the FCRA and, among other things, preempted the States from enacting laws or regulations dealing with seven areas addressed by the FCRA. These seven areas include: The procedures for using prescreened solicitations; the time for reinvestigating disputed information; the duties of creditors that take adverse action; the informational contents of consumer reports; the duties of furnishers of information; affiliate information sharing; and the form and content of the summary of rights disclosure. Through these preemption provisions, the Congress effectively established uniform national standards in these areas. The FCRA preemption provisions are scheduled to sunset on January 1, 2004. After that date, States would be permitted to enact laws in these seven areas if those laws explicitly provide that they are intended to supplement the FCRA and give greater protection to consumers than is provided under the FCRA. Chairman Greenspan has stated his support for making permanent the provision currently in the FCRA to provide for uniform Federal rules. In an appearance before the House Financial Services Committee earlier this year, Chairman Greenspan spoke of the importance of having ``national standards'' under the FCRA, and cautioned that with significant differences State by State, it would be very difficult to maintain as viable a system as we currently have. The FCRA promotes the national credit system in important ways. Perhaps most significantly, the availability of standardized consumer reports--that contain nationally uniform data--allows banks to make prudent credit decisions efficiently wherever they do business and wherever their customers live and work. The FCRA's national standards governing furnisher responsibilities and duties of users taking adverse action--the two primary areas of responsibility for most financial institutions--promote efficiency by enabling banks to comply with a single set of rules for all of their domestic credit operations. State-specific restrictions on furnishing information to consumer reporting agencies, or on the contents of information contained in consumer reports supplied by consumer reporting agencies, could negatively affect credit availability and increase the cost of credit. Accuracy of Consumer Reports Although maintaining uniform Federal rules in the seven areas where the FCRA currently preempts State action is essential to the national credit system, the current system is by no means perfect. In particular, concerns have been raised about the accuracy and completeness of information in consumer reports. Recent studies have shown that consumer reports sometimes contain inaccurate, incomplete, or inconsistent data, although the degree to which this is a problem is in dispute.\6\ Moreover, the growing problem of identity theft only heightens concerns about the accuracy of consumer reports, because of the difficulties that victims often face in having fraudulent accounts removed from their credit files. --------------------------------------------------------------------------- \6\ For a summary of these recent studies, see ``An Overview of Consumer Data and Credit Reporting,'' Federal Reserve Bulletin, February 2003, at 50. --------------------------------------------------------------------------- The accuracy of consumer report information is a critical element of the national credit reporting system. Most of the problems associated with consumer reporting agency data appear to result from the failure of creditors, collection agencies, or public entities to furnish complete and consistent information in a timely manner.\7\ Four particular areas of concern with regard to consumer report accuracy include: (1) The failure to report credit limits; (2) the failure to report updated information on accounts; (3) the failure to report nonderogatory accounts or minor delinquencies; and (4) the inconsistent reporting of public record data, collection agency data, and inquiries.\8\ Although the financial services industry has undertaken efforts to address the problem of inaccurate (and incomplete) information in order to deter fraud, ongoing efforts are needed to ensure that information furnished to consumer reporting agencies is accurate, timely, and complete. Concerns about the accuracy of consumer reports can be alleviated to some extent through consumer education, such as efforts to encourage consumers to check their consumer reports periodically. --------------------------------------------------------------------------- \7\ Id. at 70-73. \8\ Id. at 71-72. --------------------------------------------------------------------------- Adverse Action Notices and Risk-Based Credit Pricing Under the FCRA, if a creditor denies credit or takes other ``adverse action'' based on information in a consumer report, the creditor generally must give the consumer a notice of that fact. Among other things, the notice must also tell consumers of their right to obtain a free copy of their credit report and to dispute inaccurate information. The FCRA incorporates the definition of ``adverse action'' contained in the Equal Credit Opportunity Act and its implementing regulation, the Federal Reserve Board's Regulation B. Under the ECOA and Regulation B, consumers are entitled to a notice containing the specific reasons for a credit denial or other adverse action. The FCRA and ECOA notices, which are typically combined, provide an important tool in educating consumers about the impact on credit availability of negative information in their consumer reports. Receiving notice of the specific reasons for adverse action coupled with notice that the adverse action was based, in whole or in part, on information in a consumer report: (1) Alerts consumers to specific problems or possible inaccuracies in their credit reports, and (2) informs consumers of their right to obtain a free copy of the report and to dispute inaccurate information. With the increase in risk-based pricing, consumers who previously would have been denied credit (and would have received adverse action notices) now are offered credit at rates that reflect their risk as borrowers, thus expanding access to credit. When a consumer accepts a creditor's offer of credit, even on different terms from those that were requested, an adverse action notice is not required under Regulation B, and hence is not required under the FCRA. Therefore, when consumers apply for credit, adverse action notices are given to them less frequently than in the past. Concern has been raised that because of risk-based pricing, adverse action notices may no longer be meeting at least part of the intended purpose under the FCRA--helping to ensure the accuracy of consumer reports. Inaccurate information in a consumer report may negatively impact access to credit at rates that reflect the consumer's creditworthiness, but there is no adverse action notice directing the consumer's attention to potential errors may stand in the way of more favorable terms. One suggested approach for addressing this concern is to revise the FCRA definition of adverse action to require that creditors provide an adverse action notice whenever credit is granted on material terms less favorable than those otherwise available. For example, a creditor using a risk-based pricing system may offer a credit card based on an assessment of the consumer's creditworthiness with rates ranging from 7.99 to 14.99 percent. A consumer would receive an adverse action notice if the consumer was offered and accepted a rate of 8.99, rather than the lowest rate of 7.99 percent, based on that risk assessment. Providing adverse action notices to consumers that receive credit might provide some benefit to consumers, but at a cost to industry that likely would outweigh the potential benefit. Other tools could be made available to consumers to mitigate these concerns. For example, the Congress is now considering legislation to give consumers the right annually to obtain a free copy of their consumer reports upon request. If enacted, such legislation could encourage consumers to check their consumer reports periodically, particularly if coupled with appropriate consumer education about the importance of consumer reports and how to check for accuracy. Consumer Education and Financial Literacy Consumer education and financial literacy play an important role in helping consumers to understand the credit system and their own credit standing.\9\ Financial education can equip consumers with the knowledge required to make better choices among the financial products and services, thus enabling consumers to obtain those products and services at the lowest cost available to them. Financial education is particularly valuable for populations that have traditionally been underserved by the financial system and may help protect vulnerable consumers from abusive credit arrangements that can be financially devastating. --------------------------------------------------------------------------- \9\ The Federal Reserve, however, does not have data that measure consumers' level of knowledge or awareness of credit reporting, credit scoring, or how the credit system operates. We do conduct consumer research but the focus generally targets consumer knowledge of specific practices or products. --------------------------------------------------------------------------- Markets operate more efficiently when consumers are well informed. Making informed decisions about what to do with their money will help build a more stable financial future for individuals and their families. The Federal Reserve System recently launched a national financial education initiative to encourage consumers to learn more about personal financial management, complete with a public service announcement that featured Chairman Greenspan. The objective of this initiative is to highlight the benefits of financial education and to provide information on the resources available to consumers for assistance in managing their finances. The Federal Reserve's financial education website (www.FederalReserveEducation.org) makes available a variety of materials that may be useful to consumers, including a brochure entitled, ``There is a Lot to Learn about Money'' that contains tips for managing credit wisely and protecting personal credit ratings. In addition, the Federal Reserve Bank of Boston has published an excellent educational video and booklet on identity theft that explains what identity theft is, how consumers can protect themselves from becoming victims, and what they should do if they do become victims. These materials also explain the importance of checking consumer reports regularly, provide tips for how to read a consumer report, and list appropriate contact information for the three major consumer reporting agencies and certain Federal Government agencies. A copy of the Boston Reserve Bank's identity theft booklet can be viewed online at the Federal Reserve Bank of Boston's public website (www.bos.frb.org/consumer/identity/index.htm). Conclusion The Committee is to be commended for undertaking an examination of the FCRA and related issues at this important juncture. In conducting this examination, it is important to maintain a viable, national credit reporting system that preserves and expands reasonable access to credit, and to promote consumer understanding and awareness of the credit reporting system and how it relates to the credit granting process. ---------- PREPARED STATEMENT OF DONNA GAMBRELL Deputy Director for Compliance and Consumer Protection Division of Supervision and Consumer Protection Federal Deposit Insurance Corporation July 29, 2003 Chairman Shelby and Senator Sarbanes, thank you for inviting me to testify on behalf of the Federal Deposit Insurance Corporation (FDIC). The FDIC has been closely following the hearings on the Fair Credit Reporting Act (FCRA) and related issues. At stake are matters that affect both individual consumers and the manner in which the Nation's economy operates. FDIC Chairman Don Powell has stated his support for making the expiring FCRA preemption provisions permanent. Doing so will ensure the continuity of the credit reporting system of our Nation--a system that provides consumers with unparalleled access to credit that generally costs less than the credit available in other parts of the world. We thank you for your careful consideration of these important issues. We also commend the Committee's attention to the difficult problems associated with combating identity theft. For its part, the FDIC is coordinating an effort among the Federal financial institution regulators to publish guidance on measures that should be taken when security breaches occur that may lead to identity theft. We believe that institutions should take active steps to minimize potential harm to consumers whose information has been breached, and urge a proactive approach when an institution becomes aware of a breach. The Nation's credit system and its regulatory framework have played a vital role in increasing the availability of credit to a broader cross section of American consumers, particularly in historically underserved market segments. The Federal Reserve Board's 2001 Survey of Consumer Finances indicates that between 1970 and 2001, the share of households with credit cards increased from 16 to 73 percent. More dramatically, during the same period, access to credit cards for the lowest income quintile increased from 2 percent to 28 percent. Greater access to credit also has meant greater access to mortgage financing. Between 1983 and 2001, overall homeownership increased from 60 percent to 68 percent of U.S. households. The largest increases in homeownership were observed among minorities and lower- income households. During the same period, homeownership among families with incomes of less than $10,000 increased from 29 percent to 34 percent, and homeownership among families with incomes between $10,000 and $25,000 increased from 49 percent to 54 percent. Policymakers and financial institutions alike have made commendable efforts to broaden the scope of banking products for low- and moderate- income people. However, many families still fall outside of the financial mainstream and do not maintain traditional bank credit, savings, or investment accounts. Nearly 10 percent of U.S. families do not have transaction accounts. ``Unbanked'' individuals tend to: Have low incomes, not own homes, be under 35 years of age, be nonwhite or Hispanic, be unemployed, and be educated at the high school level or below. Some low- and moderate-income households have been able to take advantage of access to banking services, but are finding themselves very unprepared to deal with the complexities that characterize today's financial environment. Unfortunately, one of the undesirable consequences of the expansion of credit markets has been the rise of predatory lending and other abusive practices. New customers who are less familiar with traditional banking products and practices are certainly more susceptible to accepting disadvantageous or even illegal terms. These consumers also may be able to access more credit than they can reasonably repay. Clearly, increased knowledge on the part of consumers is a significant way to combat these problems. The FDIC Consumer News (circulation: 75,000) routinely discusses issues such as personal financial management and consumer protection as a way to raise awareness among bankers and consumers. Consumer protection issues discussed in detail include identity theft, predatory lending, and financial fraud. The FDIC also recognizes the need for a more comprehensive approach to financial education that will better equip consumers to enter the financial mainstream. Consumers need to understand the existing protections that guard against discrimination or unfair treatment in the lending process and the recourse available to them under the law. They also need to understand the wide variety of financial services that are available to them. Money Smart Three years ago, the FDIC was grappling with the problem of misleading and abusive marketplace practices brought to our attention by consumers, the banking industry, and Government agencies. As part of our effort to explore solutions to this problem, the FDIC held forums on predatory lending in seven locations nationwide. Those attending the meetings included bankers, community leaders, city and State officials, and local residents. Participants identified problems in their particular geographic area and recommended solutions, which ranged from more legislation to better enforcement of existing regulations. But there was one recommended solution that remained constant across all participants: Enhanced consumer education. This recommendation provided the impetus for the FDIC to develop ``Money Smart'' as a way to address a number of problems affecting consumers such as: The lack of traditional banking relationships for millions of Americans; consumer reliance on so-called ``fringe providers'' at costs they can ill afford; abusive lenders targeting vulnerable segments of our population; identity theft; inaccurate credit reports; and unwise use of credit. Numerous studies have shown that financial education efforts can foster positive changes in behaviors and better equip consumers to operate within the financial arena. We share that point of view. We introduced Money Smart in the summer of 2001 as a program uniquely designed to address the needs of low- and moderate-income adults new to the banking system or lacking the knowledge to reap potential rewards or avoid pitfalls. We designed Money Smart to be easy to teach and easy to learn. It can be taught in its entirety, or specific modules can be used to fill in the gaps in other financial education programs. We make Money Smart available free of cost and without copyright so that organizations desiring to use the program can reproduce and use the program materials as needed. Also, we have made clear that banks can receive Community Reinvestment Act credit for their involvement in offering Money Smart classes in their communities. We have made a number of improvements to the program since introduction. Because immigrant populations represent a significantly underserved market, we have translated Money Smart into Spanish, Chinese, and Korean, and we will have a Vietnamese translation by the end of this year. Also, we have added a CD-ROM version of the program. This has improved accessibility to the program and has helped to keep our costs low during a period where we have dramatically increased distribution to meet increasing demand. We also plan to release a web- based interactive version of the curriculum in early 2004 so that individuals without access to an instructor can learn on their own online. Money Smart has generated a great deal of interest since it began in July 2001. It has been widely cited in over a hundred national and local publications. We have also received requests for the Money Smart curriculum from Mexico, Thailand, and Canada. To date, we have provided more than 22,000 institutions and organizations across the country with over 75,000 copies of Money Smart. About a quarter of the copies were requested by FDIC-insured financial institutions and credit unions. While we are pleased with these numbers, FDIC Chairman Donald Powell has set an even more aggressive goal for the next 4 years: To establish partnerships with 1,000 organizations and institutions, in all 50 States; to distribute 100,000 copies of Money Smart; and to expose one million consumers to our financial education program. We are committed to meeting this goal. Money Smart consists of 10 instructor-led training modules covering the following topics: Bank On It--an introduction to bank services; Borrowing Basics--an introduction to understanding credit; Check It Out--how to open and maintain a checking account; Pay Yourself First-- the importance and benefits of, and methods for, saving money; Money Matters--preparing a personal budget; Keep It Safe--consumer rights and responsibilities; To Your Credit--the importance of credit history; Charge it Right--the costs and benefits of using a credit card; Loan To Own--the costs and benefits of consumer loans; and Your Own Home--an introduction to home loans. Four of these modules--Borrowing Basics, Keep It Safe, To Your Credit, and Charge It Right--address credit- related issues discussed in the recent hearings before this Committee, including recognizing the value of credit, understanding credit reports, repairing credit, identifying potential problems with credit card use, becoming familiar with consumer protection laws, avoiding identity theft, and steering clear of scams. We believe that a critical factor in the success of Money Smart has been our emphasis on working through our regional community affairs staff to establish relationships with local organizations that are best situated to bring Money Smart to those who could benefit from it. In announcing the Money Smart Alliance Program last year, Chairman Powell stated its purpose would be to increase financial literacy in communities where it is most needed. To date, over 340 organizations throughout the country--in both urban and rural communities--have joined our Money Smart Alliance. These organizations represent a wide spectrum of delivery systems for our financial education program-- social services, financial institutions, housing services, educational services, community organizations, as well as Government, faith-based, and employment services. Money Smart Alliance members facilitate implementation of our financial education program by making contributions in a variety of ways, including promotion, delivery, translation, funding, and evaluation. We also have entered into formal partnerships with 20 major public and private sector organizations that have a nationwide capability to deliver Money Smart. These partnerships are a critical component in our strategy to broaden our ability to deliver financial education to more consumers. For example, under a partnership agreement with the Neighborhood Reinvestment Corporation, Money Smart has been used to train 315 adult educators in 39 major cities, who, in turn, taught money management skills to a total of over 5,500 students. These students primarily consist of low-income consumers, minorities or women who are potential homebuyers or existing homeowners having problems making ends meet. In our partnership with the Department of Defense (DoD), we plan to reach thousands of military personnel by using Money Smart curriculum in conjunction with financial counseling. DoD also will offer seminars on an ongoing basis to service members and their families. In the private sector, we have corporate partners, such as Wachovia Corporation, that have agreed to reach 5,000 low- and moderate-income individuals this year in 11 States and the District of Columbia through employee volunteerism in their communities. Other national partners include the: Association of Military Banks, American Bankers Association Education Foundation, Conference of State Bank Supervisors, National Bankers Association, Independent Community Bankers Association, America's Community Bankers, Department of Housing and Urban Development, USDA Rural Development, Operation Hope, Office of the White House Initiative on Asian Americans and Pacific Islanders, Internal Revenue Service, Department of Labor, National Coalition of Asian Pacific American Community Development, Goodwill Industries, Opportunities Industrialization Centers of America, Inc., Women in Housing and Finance, Inc., and National Image, Inc. Based on our experience and suggestions from our many partners, we determined that building additional program delivery capacity was essential. Specifically, the FDIC concluded that train-the-trainer workshops for banks and community organizations would boost the program and should be a major focus in 2003, and beyond. Early this year, we launched a major train-the-trainer campaign. The train-the-trainer initiative not only increases capacity, but has the added bonus of further standardizing instruction. As of June, we have held over 50 train-the-trainer workshops attended by more than 1,700 people. The workshops are free and the FDIC projects each trainer will go on to teach approximately 40 persons annually. Because we need to be focused on not only quantity, but also quality, we have developed model programs that blend a strong financial curriculum with service programs and proven asset building strategies. The FDIC has taken the lead in establishing partnerships with community and banker coalitions to link financial education with low-cost bank accounts and services, free tax preparation services through the IRS Volunteer Income Tax Assistance (VITA), Earned Income Tax Credit (EITC) funds, Individual Development Accounts (IDA's), homeownership counseling, job counseling, and other programs. To demonstrate the flexibility of our financial education program and its ability to reach diverse groups of consumers, each of the FDIC's eight regional and area offices, as well as our headquarters in Washington, have established Money Smart Model Site Projects. A model site is a sustainable initiative in which Money Smart classes are taught on a regular basis, there is active participation by one or more financial institution(s) and links are established with other asset-building or service programs. To date, we have established 17 model sites throughout the country. The following are a few highlights from these efforts. <bullet> The DeKalb Workforce Center in Georgia serves as the FDIC Atlanta Region's model site. The 2-year target is to move a minimum of 500 previously unbanked consumers into the financial mainstream. Partners include: Decatur First Bank, Wachovia Bank, Bond Community Credit Union, Washington Mutual, SouthTrust Mortgage, SunTrust, United Way, Federal Reserve Bank of Atlanta, Lutheran Services Department of Labor (Employment and Training and the Women's Bureau), Decatur/DeKalb Housing Authority, Internal Revenue Service, Decatur High School, New Leaf, Columbia Residential Properties, and Network IDA of the Southeast. Consumer education workshops, with Money Smart as the core curriculum, are taught by DeKalb Cooperative Extension personnel and volunteers from financial institutions. Class participants have the opportunity to access low-cost electronic/checking products and services. In addition, the model site offers IRS Volunteer Income Tax Assistance, providing free tax preparations in an effort to help low-income families claim tax credits and receive refunds that can be used to establish new bank accounts or reach other long- or short-term financial goals. In May 2002, the DeKalb Workforce Center received a First Accounts Award of $271,000 from the U.S. Department of the Treasury to further its financial education efforts. To date, over 1,400 persons have taken Money Smart classes in English and Spanish. In addition to the adult education component in this model site, Decatur High School offers Money Smart as part of its job readiness program for seniors who will enter the workforce after graduation rather than go to college. <bullet> Our Kansas City Regional Office has taken the unique approach of establishing a three-pronged model site project to reach consumers in rural, urban, and Native American communities located in Iowa, Kansas, Minnesota, Missouri, Nebraska, North Dakota, and South Dakota. As a result of the 17 coalitions formed from the 204 Money Smart Model Site partners in these States, over 8,600 individuals have been able to participate in Money Smart classes and 1,100 of them have opened bank accounts. <bullet> Several of our Model Sites across the county have teamed up with organizations administering programs for Temporary Assistance for Needy Families (TANF) clients. As you know, TANF is a U.S. Department of Health and Human Services program that awards block grants to States to provide assistance and work opportunities to needy families. The model site, formed by our Boston Regional Office with the Williamanic-Danielson Partnership and Department of Labor Employment One-Stop Centers in Connecticut, is an excellent example of our effort to reach these consumers. It combines both mandatory and voluntary financial education classes to reach over 1,500 low- and moderate-income adults, including both TANF clients and IDA program participants. The IRS VITA and Earned Income Tax Credit (EITC) programs also are available to class participants. One client named Maria shared with us her dream of owning her own home. Maria has three children and is participating in the IDA program offered in conjunction with model site partner ACCESS Agency, a nonprofit community-based organization. After attending 6 weeks of Money Smart classes, Maria learned how to budget her money and is taking steps to repair her credit history. She is saving with the help of another model site partner, the Savings Institute of Williamanic, which administers the IDA savings account. With the help of the dollar-for-dollar matching funds Maria receives through her IDA savings account, she is on her way to realizing her dream of homeownership. We recognize that the long-term success of Money Smart is largely dependent on our ability to set measurable goals for the program and monitor our results on an ongoing basis. Two critical metrics for measuring the program's success are: (1) The number of people who complete the program; and (2) the number of people who entered into a banking relationship (that is, opened up a checking or savings account) after attending at least one Money Smart financial education class. To measure these statistics, we recently completed a large-scale effort to survey over 9,000 organizations that ordered Money Smart from the FDIC between July 2001 and October 2002. Data from 2,641 respondents to the survey indicated that over 85,000 participants attended at least one Money Smart class during the survey period. Accounting for the organizations that did not participate in the survey, and the additional Money Smart financial education that has taken place since the end of 2002, we expect that the number of participants that have attended at least one Money Smart class to date exceeds 100,000. The survey also indicates over 13,000 Money Smart participants went on to initiate a banking relationship as a result of the program. To plan for the future of Money Smart, Chairman Powell is seeking advice from people involved in consumer finance. In June, we assembled a forum in Chicago to explore issues related to financial literacy. We also are in the preliminary stages of planning a financial literacy symposium here in Washington. Our goal is to assemble a broad spectrum of those with experience to identify innovative solutions for banks to become more progressive in meeting their community lending responsibilities and better meet the needs of the unbanked. Last week, we sent out our first Money Smart electronic newsletter to each of the institutions or organizations that have ordered the curriculum thus far. Our hope is that the newsletter will be an effective way for us to keep abreast of and share information on how Money Smart is being implemented by banks, community organizations, Government agencies, colleges and universities, and others. A link to the newsletter and other information about Money Smart can be found at the FDIC website at www.fdic.gov. We have a great banking system in this country. We have a credit market that is the envy of the world, and we believe everyone should have an opportunity to participate. With Money Smart and the additional dialogue we are proposing, we will have the means to offer better access and financial alternatives to the most needy in our society. Our plans for the future include additional program surveys and assessments, continued expansion of collaborative efforts to deliver Money Smart to consumers, and exploration of additional steps to bring the unbanked and underserved into the financial mainstream. Again, thank you for giving me the opportunity to testify before you this morning on this critically important topic. I look forward to answering any questions you might have. I also make the offer on behalf of Chairman Powell to assist any Senator interested in looking into establishing Money Smart programs for their constituents. Please contact us so that we might have our regional staff meet with your staff to help bring Money Smart to your communities. ---------- PREPARED STATEMENT OF JOEL WINSTON Associate Director, Financial Practices Division Bureau of Consumer Protection, U.S. Federal Trade Commission July 29, 2003 Mr. Chairman and Members of the Committee, my name is Joel Winston. I am Associate Director for Financial Practices at the Federal Trade Commission (Commission or FTC). The Division I head is responsible for enforcing the various consumer credit laws subject to the Commission's jurisdiction.\1\ --------------------------------------------------------------------------- \1\ The views expressed in this statement represent the views of the Commission. My oral presentation and responses to questions are my own and do not necessarily represent the views of the Commission or any Commissioner. --------------------------------------------------------------------------- I am pleased to appear today to discuss ``financial literacy,'' both generally and as it relates to the Fair Credit Reporting Act (FCRA). This is a topic of critical importance, especially because the FCRA relies on the vigilance of consumers in protecting their own rights. Our economy operates most efficiently when consumers understand the credit system so they can make the best decisions about their finances. The FTC's Consumer Education Program The Commission has undertaken significant efforts to educate consumers about financial matters generally and credit issues specifically. Consumer education is among our most important tools in the fight against fraud and deception, because consumers are their own first line of defense. Through our Division of Consumer and Business Education, we continue to develop creative and effective ways of reaching consumers to arm them with the information they need. We have over 30 publications related to consumer credit topics, ranging from advance-fee loans \2\ to vehicle financing.\3\ These publications are available directly from the FTC and through a variety of partner organizations and the Federal Citizen Information Center in Pueblo, Colorado. All these materials are on the Commission's website at www.ftc.gov. Credit publications have consistently been among the Commission's most popular items. Last year, we distributed about 2 million credit-related brochures in print, and consumers accessed these publications on the Commission's website another 1.5 million times. Twelve of our credit publications are available in Spanish, and more are in the translation pipeline. --------------------------------------------------------------------------- \2\ ``Easy Credit? Not So Fast. The Truth About Advance-Fee Loan Scams'' (http://www.ftc.gov/bcp/conline/pubs/tmarkg/loans.pdf). \3\ ``Understanding Vehicle Financing'' (http://www.ftc.gov/bcp/ conline/pubs/autos/vehfine.pdf). --------------------------------------------------------------------------- Both at our headquarters here in Washington and in our regional offices, we have partnered with many outside organizations to improve financial literacy. For example, our Northeast Region works with colleges and universities in an effort called ``Project Credit Smarts,'' in which we make presentations and distribute credit-related publications during student orientation sessions. We have similar working relationships with organizations such as the Jump$tart Clearinghouse, the American Savings Education Council, AARP, the Consumer Federation of America's Consumer Literacy Consortium, the National Consumers League, and the Department of Defense. We also distribute financial education materials at national meetings of the NAACP, National Urban League, National Council of La Raza, and the League of United Latin American Citizens, among others. When the Commission takes law enforcement action, it strives to combine it with an educational effort. Each action comes with a press release and outreach efforts to consumers. Many cases are accompanied by a consumer education publication that re-emphasizes the messages consumers should take away from the case.\4\ --------------------------------------------------------------------------- \4\ For example, the Commission's announcement of its settlement with Mercantile Mortgage Co. included consumer education regarding home equity loans. See http://www.ftc.gov/opa/2002/07/mercantilediamond.htm. --------------------------------------------------------------------------- Our identity theft program is another important way in which we educate consumers about credit matters. One of the most devastating consequences of identity theft is the damage that it causes to the victim's credit record. As you know, Congress designated the Commission to operate the national clearinghouse for identity theft complaints. We offer publications with tips on how to avoid identity theft and what to do if it happens. Last year, the Commission distributed about 1 million identity theft publications and registered an estimated 2 million hits to our identity theft website. There are many sources of financial education materials throughout Government and the private sector. For example, the National Endowment for Financial Education, a nonprofit foundation, provides funding, support, and expertise to develop financial literacy programs for the public. The three major credit bureaus and Fair Isaac Corporation, a major developer of credit scores, all operate websites with useful information about credit reports and scores. Consumer Education and the FCRA Unfortunately, many consumers have limited knowledge of our credit reporting system. They may not realize information about their financial history is compiled and sold, not only just to creditors, but also to employers, insurers, landlords, utilities, and others who use it to make decisions. Consumers may not know what information is reported about them, who uses it, and for what purposes. They may not understand how that information affects their ability to get a loan, insurance, or a job, and what rights they have to ensure the information is accurate. Uninformed consumers may not take the steps they should to improve their credit ratings or correct errors. Improving financial literacy may not by itself ensure that consumers are successful in using our credit system, but it is certainly a key component. It also is important to remember that the FCRA itself serves an important educational function. The FCRA mandates that information be made available to consumers in many different contexts. Perhaps most important, the law requires that lenders and other users of credit reports notify consumers when they take ``adverse action'' based on information from a credit report. The notice must tell consumers that the action was based, in whole or in part, on information in a credit report. The notice also must disclose which credit bureau supplied the report, and advise consumers of their rights to a free copy of the report and to dispute the accuracy of the information in it. This notice puts credit reports in consumers' hands when they are the most motivated to act on it--that is, after they have been denied credit, insurance, employment, or benefits based on the report. Consumers receive additional information when they obtain credit reports from the bureaus, whether in response to an adverse action notice or otherwise. In 1996, Congress mandated that the bureaus send with the report a copy of a document called a ``Summary of Consumer Rights.'' This summary briefly describes the FCRA and explains the consumer's rights under the statute, and directs consumers to the FTC's website, which has extensive information about the FCRA and other credit laws, and to the Commission's toll-free telephone helpline. The Commission's legislative recommendations, about which Chairman Muris testified before this Committee on July 10, would result in better-educated consumers.\5\ Our proposals would put more information in consumers' hands by: (1) Expanding consumers' right to adverse action notices when they are offered less favorable credit terms; (2) making annual credit reports available at no charge, and (3) giving consumers more information about their credit scores along with explanatory materials. --------------------------------------------------------------------------- \5\ See Testimony of Timothy J. Muris before the Senate Committee on Banking, Housing, and Urban Affairs, July 10, 2003 (http:// www.ftc.gov/os/2003/07/fcrasenatetest.htm). --------------------------------------------------------------------------- The Commission's proposals also would empower consumers to act on this improved information by streamlining the dispute process. For example, the Commission supports an amendment that would require resellers of consumer reports to submit disputes to the originating repository to investigate these disputes.\6\ In addition, the Commission believes that the law should be amended to require furnishers of information to investigate consumer disputes when the consumers contact them directly.\7\ --------------------------------------------------------------------------- \6\ See id. at 10. \7\ See id. at 15. --------------------------------------------------------------------------- Thank you for the opportunity to discuss the Commission's efforts in the area of financial literacy. I will be happy to answer any questions you may have. ---------- PREPARED STATEMENT OF TRAVIS B. PLUNKETT Legislative Director, Consumer Federation of America July 29, 2003 Good morning Chairman Shelby, Ranking Member Sarbanes, and the Members of this Committee. My name is Travis B. Plunkett and I am Legislative Director of the Consumer Federation of America.\1\ Thank you for this opportunity to offer our comments on consumer awareness and understanding of the credit granting and reporting process. We have been involved for many years in efforts to increase the transparency and effectiveness of the credit reporting system for consumers. --------------------------------------------------------------------------- \1\ CFA is a nonprofit association of 300 pro-consumer organizations that, since 1968, has sought to advance the consumer interest through education and advocacy. --------------------------------------------------------------------------- I applaud the Committee for conducting a hearing on such an important--and little understood--subject. The hearing is very timely for several reasons. First, unless consumers understand the credit reporting system and have access to clear, timely information, they won't be able to use the rights granted to them under the Fair Credit Reporting Act. The Act expects a great deal from consumers because significant protections are only triggered if consumers take narrowly defined actions. For example, if a consumer doesn't know to contact a credit bureau to trigger a reinvestigation of a credit reporting problem, he or she might waste valuable time contacting his or her lender and never get the problem resolved. This is because, as you know, the lender is currently under no legal obligation to begin a reinvestigation unless contacted by a credit bureau. Second, with the advent of ``risk-based pricing'' in the last decade, the way that credit is granted in this country has changed dramatically, but information provided to consumers under the FCRA about the nature of these loans has not kept up with this change. These days, a consumer with some credit blemishes is much more likely to be offered a higher-cost loan with less favorable terms than to be denied a loan. Misclassification as a high-risk, subprime borrower because of a credit report error or incomplete reporting by a furnisher (creditor) can cause consumers to pay tens or hundreds of thousands of dollars in higher interest rates. CFA's report on credit score accuracy issued last December found that eight million Americans are likely to be misclassified as subprime upon applying for a mortgage, based on the study's review of credit files for errors and inconsistencies.\2\ Yet, millions of consumers have no way of knowing that this has occurred, because under the ``counteroffer'' loophole in the FCRA, they do not receive an adverse action notice and are not granted the right to look at their credit report at no charge and check for inaccuracies. --------------------------------------------------------------------------- \2\ Consumer Federation of America and National Credit Reporting Association. Credit Score Accuracy and Implications for Consumers. December 2002. Available at: http://www.consumer fed.org/ 121702CFA_NCRA_Credit_Score_Report_Final.pdf. --------------------------------------------------------------------------- And finally, there has never been greater need for Congress to discuss how it can help boost overall financial awareness and improve financial decisionmaking by Americans, especially in regards to the credit reporting and credit granting process. For three decades, our organization has sought to improve financial ``literacy'' among the public and to promote effective financial education. In response to the invitation to testify at this hearing, the Consumer Federation of America commissioned a study about consumer knowledge of credit reports and scores and the level of public support for a variety of protections that this Committee may consider. More than 1,000 adults were interviewed.\3\ We found that a strikingly high percentage of Americans not only do not understand basic facts about credit reports and scores, but also acknowledge their own lack of understanding about the subject. This recognition and awareness of the growing importance of credit scores, may explain why the survey found overwhelming support for new consumer protections. An important finding of the survey is also that low- and moderate-income Americans--those who tend to pay the highest price for credit and are most vulnerable to inaccurate credit scores--are the least knowledgeable about credit reports and scores. --------------------------------------------------------------------------- \3\ The survey was conducted by Opinion Research Corporation International. ORCI interviewed a representative sample of more than 1,000 adult Americans from July 18 to 21, 2003. The survey's margin of error is plus or minus 3 percentage points. --------------------------------------------------------------------------- Most Americans Say They Don't Understand Credit Reports and Scores Well When asked to assess their knowledge of credit reports and credit scores, most Americans say their knowledge is fair or poor. Fifty percent said their knowledge of credit reports was fair or poor, while 61 percent said their knowledge of credit scores was fair or poor. Lower-income Americans are most likely to believe their knowledge isn't good. More than 60 percent of those in households with incomes under $35,000 said their knowledge of credit reports was fair or poor. Nearly 70 percent of these low- and moderate-income Americans said their knowledge of credit scores was fair or poor. Young adults between the ages of 18 and 24 were also likely to say their knowledge was not good. Sixty-two percent said their knowledge of credit reports was fair or poor, while 78 percent said their knowledge of credit scores was fair or poor. Many Americans Lack Essential Knowledge About Credit Reports and Scores The survey also tested actual consumer knowledge about credit reports and scores. Only 25 percent of Americans--and less than 20 percent of those with incomes below $35,000--said they knew what their credit score was. And only 3 percent of Americans could, unprompted, name the three main credit bureaus--Experian, Equifax, and TransUnion-- that provide both lenders and consumers information from credit reports. Forty-three percent of Americans--only 35 percent of those with incomes below $35,000--said they had obtained a copy of their credit report from the three credit bureaus in the past 2 years. The survey also tested consumer knowledge using a series of true- false questions. The good news from this test is that large majorities understand that consumers have the right to see their credit report (97 percent) and that consumers who fail to qualify for a loan have the right to a free credit report (81 percent). The bad news is that many consumers do not understand that in most States they must pay a fee to obtain their credit report (54 percent), that their credit score may be lowered if they use all of the credit available on their credit card (55 percent), that their credit score may be lowered if they apply for a credit card (62 percent), and that they are not required to contact their lenders if they believe that their credit report or score is inaccurate (64 percent). Also, 27 percent incorrectly believe that their credit score mainly measures their knowledge of consumer credit, not their creditworthiness. Finally, the survey tested the knowledge about which service providers often use credit scores to decide whether consumers can purchase a service or at what price. Many Americans are not aware that certain service providers frequently use these scores--60 percent were not aware that electric utilities do so, 41 percent for home insurers, 41 percent for landlords, and 38 percent for cell phone companies. By comparison, only 13 percent did not know that credit card companies use credit scores. Large Majorities Support Stronger Consumer Protections The survey also questioned Americans about their opinions on new consumer protections currently being considered by Congress. The protections would give consumers greater access to their credit reports and scores, and strengthen individual remedies that they could pursue. The protections would also require credit bureaus to do a better job of verifying consumer identities and would proscribe certain lender practices. Large majorities indicated their support for these protections. Credit bureaus should do a better job of verifying identities on credit applications to reduce identity theft--96 percent support, 83 percent strongly. Consumers who are denied a loan or charged a high price should be able to get from the lender a free copy of the credit report and score used as the basis for the lender's decision--94 percent support, 78 percent strongly. A bank should not be allowed to use your medical information to make credit decisions without your consent--87 percent support, 77 percent strongly. A bank should be required to obtain your permission before it can share your financial information with other companies it owns--91 percent support, 76 percent strongly. Consumers should be able to obtain a free credit report and score once a year from the three main credit bureaus--91 percent support, 71 percent strongly. Consumers should be able to sue lenders who knowingly provide credit bureaus with incorrect, damaging information--84 percent support, 62 percent strongly. A credit card lender should not be allowed to raise the interest rate because of a credit problem that involves another lender--75 percent support, 52 percent strongly. The cumulative effect of the extremely broad support for these proposed reforms is nothing less than a mandate for a comprehensive overhaul of the Fair Credit Reporting Act. Consumers want easier access to their credit reports and scores, greater protections against privacy and credit reporting abuses, and the right to go after lenders in court who repeatedly make grievous errors. Empowering Consumers through Reforms to the Fair Credit Reporting Act Given the relatively low levels of knowledge about credit reporting and scoring reported by the survey, it is especially important that Congress improve the transparency of the credit reporting system. We also strongly recommend that Congress overhaul the cumbersome and out- of-date procedures under the FCRA for resolving disputes between consumers and credit bureaus, and between consumers and data furnishers, such as credit card companies. First, give consumers more information. Information, provided in a clear manner and on a timely basis, is the key to improving consumer knowledge of the credit reporting process. Our recommendations will provide consumers with more information about their credit reports and scores in two ways: (1) On an ongoing basis--so that consumers can eliminate inaccuracies and prevent problems before they occur--and, (2) when credit troubles arise because of a credit report, such as the denial of a loan or an offer to extend credit on less than favorable terms. <bullet> Credit bureaus should be required to provide consumers with their credit reports and their credit scores once a year upon request at no charge. They should be given a description of the major factors that are used to calculate the score, the weight of each factor in calculating the score, and how the consumer rated on each major factor. Free credit reports, once a year upon request, are currently required in legislation that has just moved to the House floor (H.R. 2622) but the bill does not require free access to the score. Charging a fee for credit scores will not only mean that fewer consumers will learn their score, but it undercuts the goal of offering the report at no charge, since reports and scores are often marketed to consumers as a package product. Also, disappointingly, the full Committee accepted an amendment to limit provision of the free credit report annually on request to the national repositories. The original version of the bill would have required all credit bureaus to provide a free credit report on request. <bullet> Congress should mandate that these reports be easy to get, perhaps through the establishment of a registry at the Federal Trade Commission that will allow consumers to call or e-mail one location and get a copy of their reports from all three major credit bureaus. Consumers should not be limited to making requests only by mail, or have to deal with a complicated and time-consuming voice mail system, or have to click through page after page of information online simply to get access to a free report. Credit bureaus could easily undermine the goal of improving consumer access to their reports and scores if they make it cumbersome for people to request this information. To deal with privacy concerns when requesting a report, consumers could verify their identities by using a credit card, as other applicants do, but then not have the card billed. <bullet> Require creditors to identify any offer of credit at less than the most favorable terms as an ``adverse offer,'' as has been called for by the Federal Trade Commission. This would include prescreened ``subprime'' mortgage offers or credit cards solicitations that are based on negative or less than favorable credit information. As is well known, the subprime credit industry has boomed in the past decade by offering borrowers with blemished or limited credit histories mortgage loans, car loans, and credit cards at higher rates and less favorable terms than offered to their ``prime'' borrowers. As lenders increasingly offer a continuum of loans at different rates and terms, it is more important than ever that consumers have the ability to exercise their FCRA rights to ensure that the adverse credit information is correct. In the world of ``risk-based'' pricing, borrowers should know that they are being targeted because of their less-than- optimal credit history and should be offered the opportunity to check their credit history and change any information that is not accurate or complete. Furthermore, as stated above, many consumers are unwittingly giving up their FCRA rights because they are accepting loans that are legally considered ``counteroffers.'' <bullet> Consumers should also be able to obtain directly from the lender a free copy of the ``subscriber'' report and score used to deny credit or offer it under less favorable terms. This report includes the actual report data by the lender used to take an adverse credit action. Employment applicants already have a similar right under FCRA but borrowers currently do not. Easy access to this information will also provide a powerful incentive for credit bureaus to improve accuracy, as well as giving consumers a helpful educational tool. Consumers face two problems when they request a credit report (and score) from a credit bureau. First, any adverse actions previously taken were based on a subscriber credit report provided to the lender. The subscriber report is often provided based on a limited number of matching data points and is more likely to contain inaccurate or mismerged information about other consumers than a report requested by a consumer, since a consumer must provide a detailed match of name, address, and Social Security number. Second, a score derived from that consumer report will probably differ from the score the subscriber obtained from the less accurate report. Upon receiving the subscriber report, consumers would then be allowed to identify any errors or out-of- date information, provide documentation, and be reevaluated for the loan or for prime rates. The additional cost to lenders and businesses of providing these reports immediately would be minimal. Since they already possess the report in paper or electronic form, they would merely have to copy or print this report. <bullet> Provide consumers with detailed explanations as to why credit is denied or less-than-favorable terms are offered. In its study of credit score accuracy,\4\ CFA found that approximately 7 in 10 credit reports indicated that the primary factor contributing to the credit score was ``serious delinquency,'' ``derogatory public record,'' ``collection filed,'' or some combination of these factors. This generic and extremely vague information provided by creditors when they take an adverse credit action is too general to be helpful, especially for most subprime borrowers, who by definition have some credit blemishes. Instead, lenders should be required to identify any specific entries (trade lines) that are lowering a consumer's score and indicate the impact on the consumer (either the point value deducted for that entry or the proportional impact relative to other derogatory entries.) --------------------------------------------------------------------------- \4\ Consumer Federation of America and National Credit Reporting Association. Credit Score Accuracy and Implications for Consumers. December 2002. Available at: http://www.consumer fed.org/ 121702CFA_NCRA_Credit_Score_Report_Final.pdf --------------------------------------------------------------------------- <bullet> Require creditors and other data furnishers to notify consumers any time derogatory information has been placed on a credit report. The State of Colorado requires credit bureaus to provide consumers who have had any negative information added to their reports with annual notification of their rights. This would offer consumers the opportunity to check the accuracy of this information when it is submitted, as opposed to finding out the next time the consumer applies for credit and is turned down or offered a high interest rate. Second, allow consumers to quickly and easily question the accuracy and completeness of information in credit reports. <bullet> Give consumers an FCRA right to contact a furnisher directly to initiate reinvestigation, as the Federal Trade Commission has recommended. As stated above, furnishers have no legal obligation under current law to investigate a credit reporting error, if contacted by the consumer. Under the FCRA, credit furnishers only have a legal obligation to respond to a reinvestigation begun by a credit bureau, at the request of a consumer. As a result, consumers often face longer delays and more ``finger pointing'' when they contact their lender about a credit reporting problem first. The law should make it clear that furnishers have an obligation to respond to their customers if a credit reporting complaint is made. <bullet> Shorten the deadlines by which creditors must respond to consumer disputes about credit information. Currently, the FCRA provides creditors with 30 days to respond to a dispute; 45 days if the consumer submits additional documentation about the dispute. In the age of ``instant credit'' and 3-day credit rescoring by credit reporting resellers, these deadlines are much too long. By the time the consumer hears back from the credit bureau about the outcome of the dispute, he or she might have lost a home loan (and the home) or submitted to a loan at a higher rate than he or she was entitled to. Given how fast credit decisions are now made, resolution deadlines of 10 days (15 days if the consumer submits additional information) do not seem unreasonable. Credit bureaus have shown in recent years that extremely quick reinvestigations are possible. The credit bureaus have a well-documented system that provides ``concierge'' services for certain classes of consumers. VIP's and consumers who are suing the bureaus generally can get complaints resolved more quickly. The most efficient reinvestigation systems are provided for consumers working with certain mortgage entities, where rapid rescoring can gain a correction in 24-48 hours. <bullet> Require the FTC and other regulators to fully enforce the existing requirement that credit bureaus consider all information relevant to a consumer's dispute, including information provided by the consumer, and to require bureaus to reject findings of so- called furnisher reinvestigation that conflict with such relevant information provided by the consumer. This Committee has already heard testimony, from Evan Hendricks and others, that credit bureaus and furnishers are failing to conduct reinvestigations in a reasonable manner. Third, give consumers better private enforcement rights, since the agencies aren't adequately enforcing the accuracy provisions of the law: <bullet> Give consumers the right to go to a court and seek injunctive relief to stop a credit bureau from selling faulty credit reports about them. <bullet> Give consumers the right to seek minimum statutory damages of $100 to $1,000 per violation of the FCRA, as other consumer laws provide, so that they do not have to prove their actual damages to a court. This provision is especially critical for identity theft victims, who often spend hundreds of hours over a period of years trying to clear their good names. While the cost of emotional distress is significantly greater than $100 to $1000, the threat of specific damages would be a powerful incentive to force creditors and credit bureaus to clean up the credit reporting system's accuracy. Improving Overall Financial Literacy The results of this survey also point to the need for a long-term strategy to boost general financial awareness and to improve financial decisionmaking by Americans. There has never been a greater need to advance financial education. The financial education needs of the least affluent and well- educated Americans are especially pressing, in part because recent changes in the financial services marketplace have increased the vulnerability of these households. In particular, the dramatic expansion of high-cost and sometimes predatory lending to moderate and lower-income Americans in the last decade has put many of these people at great financial risk. Because these individuals lack financial resources and often are charged high prices, they cannot afford to make poor financial choices. But because of low general and financial literacy levels, they often have difficulty making smart financial decisions, in part because they are especially vulnerable to abusive seller practices. There is no large population that would benefit more from improved financial education than the tens of millions of the least affluent and well-educated Americans. In 1998, 37 percent of all households had incomes under $25,000. With the exception of older persons who had paid off home mortgages, these households had accumulated few assets. In 1998, according to the Federal Reserve Board's Survey of Consumer Finances, most of these least affluent households had net financial assets (excluding home equity) of less than $1,000. Moreover, between 1995 and 1998, a time of rising household incomes, the net worth of lower-income households actually declined. For lower-income households with few discretionary financial resources, failing to adequately budget expenditures may pressure these consumers into taking out expensive credit card or payday loans. Mistakenly purchasing a predatory mortgage loan could cost them most of their economic assets. These households also need to make smart buying decisions because they tend to be charged higher prices than more affluent families: Higher homeowner and auto insurance rates because they live in riskier neighborhoods; higher loan rates because of their low and often unstable incomes; higher furniture and appliance prices from neighborhood merchants that lack economies of scale and face relatively high costs of doing business; and higher food prices in their many neighborhoods without stores from major supermarket chains. Lower- income families are also faced with higher prices for basic banking services and they lack access to essential savings options. Lower- income households with low literacy levels are especially vulnerable to seller abuse. Consumers who do not understand percentages may well find it impossible to understand the costs of mortgage, home equity, installment, credit card, payday, and other high-cost loans. Individuals who do not read well may find it difficult to check whether the oral promises of salespersons were written into contracts. And, those who do not write fluently are limited in their ability to resolve problems by writing to merchants or complaint agencies. Consumers who do not speak, read, or write English well face special challenges obtaining good value in their purchases. Over the past decade, the financial vulnerability of low- and moderate-income households has increased simply because of the dramatic expansion of the availability of credit. The loans that subjected the greatest number of Americans to financial risk were made with credit cards. From 1990 to 2000, fueled by billions of mail solicitations annually and low minimum monthly payments of 2-3 percent, credit card debt outstanding more than tripled from about $200 billion to more than $600 billion. Just as significantly, the credit lines made available just to bank cardholders rose to well over $2 trillion. By the middle of the decade, having saturated upper- and middle-class markets, issuers began marketing to lower-income households. By the end of the decade, an estimated 80 percent of all households carried at least one credit card. Independent experts agree that expanding credit card debt has been the principal reason for rising consumer bankruptcies. Also worrisome has been the expansion of high-priced mortgage loans and stratospherically priced smaller consumer loans. In the 1990's, creditors began to aggressively market subprime mortgage loans carrying interest rates greater than 10 percent and higher fees than those charged on conventional mortgage loans. By 1999, the volume of subprime mortgage loans peaked at $160 billion. Mortgage borrowers in low-income neighborhoods were three times more likely to have subprime loans than mortgage borrowers in high-income neighborhoods. A significant minority of these subprime borrowers would have qualified for much less expensive conventional mortgage loans. Some of these borrowers were victimized by exorbitantly priced and frequently refinanced predatory loans that ``stripped equity'' from the homes of many lower-income households. The 1990's also saw explosive growth in predatory small loans-- payday loans, car title pawn, rent-to-own, and refund anticipation loans--typically carrying effective interest rates in triple digits. The Fannie Mae Foundation estimates that these ``loans'' annually involve 280 million transactions worth $78 billion and carrying $5.5 billion in fees. The typical purchaser of these financial products has income in the $20,000 to $30,000 range with a disproportionate number being women. Both proper regulation and education are necessary to ensure that lower and moderate income Americans are not subject to abusive lending practices and that they have the knowledge to make effective decisions in an increasingly complex financial services marketplace. Thankfully, Senators Sarbanes, Shelby, Stabenow, Enzi, and Akaka have all shown a great deal of interest in improving financial education efforts in this country. For example, Senator Sarbanes' recently proposed an idea that has a lot of merit: Creating a Financial Literacy and Education and Coordinating Committee within the Department of the Treasury. While many worthwhile financial education programs exist, they are not well coordinated, effectively reach only a small minority of the population, and do not reflect any broad, compelling vision. Many focus only on increasing consumer knowledge of how to best operate in the financial services marketplace, and not on actually changing consumer behavior to improve decisions about spending, saving, and the use of credit. Moreover, there is no clear consensus about how to effectively provide financial education, especially to those who have completed their secondary education and to those with low literacy levels. What is most needed is a comprehensive needs assessment and plan to guide and inspire financial educators and their supporters. Moreover, for any comprehensive plan to win broad public and private support and participation, the Federal Government must provide leadership. Both a comprehensive strategy and Federal leadership (not ownership) are called for in the Sarbanes' bill. Such an approach could also convince a broad array of government, business, and nonprofit groups to work together to persuade the Nation to implement that plan. We commend Senator Sarbanes for proposing a comprehensive and achievable vision for improving financial awareness and decisionmaking. We look forward to working with him, Senator Shelby, and the other Senators I mentioned to improve financial education in this country. Conclusion I applaud the Chairman, the Ranking Member, and all the Members of this Committee for the exhaustive and informative set of hearings that you have conducted about the state of the Fair Credit Reporting Act. As the Committee begins writing legislation to deal with the problems that have been identified in these hearings, I urge you not to overlook what we heard from Americans in our survey. Consumers want a credit reporting system that is more accurate, more transparent, and that better protects their privacy. I look forward to working with the Committee to achieve these important goals. ---------- PREPARED STATEMENT OF CHERI ST. JOHN* Vice President of Global Scoring Solutions, Fair Isaac Corporation July 29, 2003 Introduction Mr. Chairman and Members of the Committee, my name is Cheri St. John. I am the Vice President of Global Scoring Solutions for Fair Isaac Corporation. Thank you for the opportunity to testify before you today about Fair Isaac's leadership in improving the financial literacy of American consumers, specifically with respect to Fair Isaac's efforts to empower consumers by providing them with actionable information about the credit scores that lenders use to make credit decisions. --------------------------------------------------------------------------- * All attachments referenced in Ms. St. John's prepared statement are held in Senate Banking Committee files. --------------------------------------------------------------------------- Fair Isaac Corporation Fair Isaac Corporation is the preeminent provider of creative analytics that unlock value for people, businesses, and industries. Founded in 1956, Fair Isaac helps thousands of companies in over 60 countries acquire customers more efficiently, increase customer value, reduce fraud and credit losses, lower operating expenses, and make more credit available to more people. Fair Isaac pioneered the development of statistically based credit risk evaluation systems, commonly called ``credit scoring systems,'' and is the world's leading developer of those systems. Thousands of credit grantors use broad-based credit scores commonly known as ``FICO<SUP>'</SUP> scores'' generated by Fair Isaac-developed scoring systems implemented at the national credit reporting agencies. Fair Isaac has also developed custom scoring systems for hundreds of the Nation's leading banks, credit card issuers, finance companies, retailers, insurance companies, and telecommunication providers. There are many different kinds of credit scores. The most well known are the broad-based credit risk scores developed by Fair Isaac known as FICO scores and widely distributed to lenders by the three national credit bureaus under the brand names: Beacon from Equifax; Empirica from TransUnion; and, the Experian/Fair Isaac Risk Model from Experian. Indeed, there are several versions of the above FICO scores available because some lenders adopt newly developed versions more quickly than other lenders. There are also broad-based credit scores developed by each of the three bureaus and from other third-party developers. There are custom models developed for use by individual lenders. There are also credit score models developed for specific industries, such as the mortgage, automobile, and telecommunications industries. Finally, there are credit scores distributed primarily to the consumer market. Over the last 40 years credit scoring has become an important part of most credit decisions, such that Fair Isaac believes some form of credit scoring is now used in the majority of consumer credit decisions. A FICO Score is a 3-digit number that tells lenders how likely a borrower is to repay as agreed. To develop the models that generate the credit scores, Fair Isaac analyzes anonymous credit report data to statistically determine what factors are most predictive of future credit performance. Factors that do not have predictive value and factors that by law cannot be used in the credit decision are excluded from consideration. FICO scores use information from consumer credit reports to provide a snapshot of the credit risk at a particular point in time. Scores can change over time, as subsequent credit risk predictions reflect changes in underlying behaviors. Fair Isaac is a leading developer of insurance risk scores. Over 350 insurance companies use Fair Isaac insurance scores that they obtain through national credit reporting agencies. Although insurance scores utilize credit data, they differ from credit scores in that insurance scores are developed based on insurance premium and loss history and predict future insurance loss ratio relativity. Like credit scores, insurance scores do not consider a person's income, marital status, gender, ethnic group, religion, nationality, or neighborhood, and the scores are applied consistently from one consumer to the next. A strong statistical correlation has been repeatedly demonstrated between credit data and insurance loss ratio,\1\ and insurance scores have become a valuable component in determining insurability and the rate assigned. Insurers use insurance scores to accelerate their processing for applicants and renewal shareholders, to concentrate their additional underwriting attention on higher-risk individuals, and to better manage operational strategies. Consumers benefit from lower rates. Insurers have stated that 60-75 percent of their policyholders pay lower premiums because of insurance scoring. Fair Isaac has been supportive of the efforts of insurance score users to educate consumers and agents about insurance scoring.\2\ --------------------------------------------------------------------------- \1\ See, Predictiveness of Credit History for Insurance Loss Ratio Relativities, October 1999; Attachment 1: A Statistical Analysis of the Relationship Between Credit History and Insurance Losses, Bureau of Business Research (McCombs School of Business) at the University of Texas, March, 2003 available at http://www.utexas.edu/depts/bbr/ bbr_creditstudy.pdf. \2\ See e.g., Answers to Your Questions About Insurance Bureau Scores, Attachment 2. --------------------------------------------------------------------------- With Credit Scoring, More People Get Credit, They Get It Faster, and It's More Affordable FICO scores mean more people have access to credit. Credit scores allow lenders to better assess their risk and tailor credit for each consumer's needs. FICO scores are used in almost every sector of the Nation's economy: For mortgages, credit cards, auto loans, personal loans, even cell phone service. More people can get credit regardless of their credit history because credit scores allow lenders to safely assess and account for the risk of consumers who have no existing relationship with the lender, who have never entered the lender's branches, and who may have been turned away in the past by other lenders. Lenders use scores not only to evaluate applications, but also to manage the credit needs of existing customers by extending additional credit or helping consumers avoid overextending themselves. FICO scores are also used by lenders and securities firms as to aid securitization of credit portfolios which provides lenders the capital they need to make credit available to more consumers. FICO scores are accepted, reliable,\3\ and trusted to the point that even regulators including Federal bank examiners, and security rating agencies, use them to help ensure the safety and soundness of the financial system.\4\ --------------------------------------------------------------------------- \3\ See Attachment 3, A Clarification of the Consumer Federation of America's Observations About Credit Score Accuracy. \4\ See Attachment 4 for examples of Federal agencies that use FICO scores. --------------------------------------------------------------------------- FICO scores mean people get credit faster. ``Instant credit'' at a retailer, an auto dealer, over the phone, or on the Internet would not be possible without credit scores. Even mortgage loans that used to take weeks can now be done in minutes. Among the tremendous lending advances in the United States over the last decade has been the streamlining of the lending process, so that credit approvals--not just on credit cards but on installment loans, mortgages, home equity lines of credit, and even commercial loans to small businesses--can be made faster with less manual review, less paperwork, and fewer data requests. All of this has occurred while lenders have not only preserved but also strengthened their visibility and control over their risk exposure. FICO scores mean people pay less for their credit. Scores make credit more affordable by reducing the cost of evaluating applications, reducing loan losses, reducing the cost of managing credit portfolios, reducing marketing costs with prescreening, and cutting the cost of capital with securitization. This efficient flow of credit and capital has a large part to play in the continued robustness of the American economy. By enabling lenders to extend credit quickly while managing their risk, credit reports and scores have made credit more accessible, at lower rates, to more people. Lenders must make a credit decision, and they must predict the future in doing so. Lenders can use a variety of decision making techniques to predict the future, ranging from a simple subjective evaluation of application and credit history information by a loan officer, to predictive technologies, including credit scoring. When a creditor switches from judgmental decisions to scoring, it is common to see a 20-30 percent increase in the number of applicants accepted with no increase in the loss rate. Lenders should use all the information that is legally, economically, and efficiently available to make the best and fairest possible decision for each individual with whom they do business. FICO scores, when used properly, make a tremendous contribution in doing just that. FICO scores use only legal data as inputs, and only those factors proven to be predictive of credit risk. Scores are also more consistent from consumer to consumer because they assess the same factors the same way, each time. Studies have concluded that the same Fair Isaac credit score indicates the same level of risk regardless of the income level of the consumer or whether the consumer resides in an area with a high percentage of minority residents, with differences consistently favoring the low- to moderate-income (LMI) and high minority area (HMA) applicants.\5\ Those same studies indicate that credit scoring is a far more predictive screen for both the LMI and HMA applicants than is judgmental decision making. Finally, the multiple scorecard systems developed by Fair Isaac and resident at the three main U.S. credit bureaus were proven to be more predictive than a single scorecard developed for the HMA population for the study. --------------------------------------------------------------------------- \5\ See, The Effectiveness of Scoring on Low-to-Moderate Income and High Minority Area Populations, a Fair Isaac Paper dated August, 1997, Attachment 5. --------------------------------------------------------------------------- Fair Isaac credit scores transform the economics and efficiency of the credit decision to allow all relevant information to be brought to bear so that no information that is favorable to an individual is omitted from the decision process. Credit scoring scientifically, and therefore fairly, balances and weighs positive information along with any negative information in credit reports. In essence, full positive credit reporting and scoring have ``democratized'' credit granting-- information about all consumers is available to all lenders for a fair evaluation. Scoring has transformed credit granting so that it is no longer simply based on who you know. Financial Education and Consumer Empowerment Depend Upon Actionable Information About the Credit Scores That Lenders Use Fair Isaac Supports Consumer Education and Empowerment When lenders first began using credit scoring, Fair Isaac provided both lenders and regulators the information and training needed for effective score tracking and oversight. Lenders have always been provided with the top four reasons with every credit score, in order of their importance to the score. As credit scoring use has grown, Fair Isaac has responded by providing consumers with the information they need to understand credit scoring and use it to take control of their credit health. Fair Isaac has published consumer booklets on credit scoring since the early 1990's on its own and in conjunction with others such as the FTC. Free information has also been available to consumers at www.myFICO.com, since its inception. Consumers interested in learning more about their individual score can access www.myFICO.com to get their own FICO Score, accompanied by the underlying credit report, and a complete explanation of their personal FICO score for $12.95. Fair Isaac has given consumers a place in the credit reporting process by pioneering consumer credit empowerment with its myFICO.com score explanation. Millions of consumers have already taken steps to control their credit lives by using myFICO.com to obtain informative, actionable credit-information services including the FICO scores that lenders use, and to help improve and protect their overall financial health. Explanations of Adverse Action Consumers, by law, are provided with the key reasons behind their score, when those score(s) were a factor in a decision resulting in an adverse action. These reason codes provided with the FICO score can be used by the lender as part of its explanation to the consumer of any adverse action taken and what the consumer can do to improve their outlook for being approved for credit in the future. Evolution of Consumer Credit Score Education FICO scores first became available commercially from all three national credit reporting agencies in 1991. Prior to the mortgage industry's embrace of credit risk scoring technology in the mid-1990's, U.S. consumers generally were not aware of this business decision tool and it was not as widely used. This started to change in 1995 when Fannie Mae and Freddie Mac approved the use of credit risk scoring by mortgage lenders. Their approval prompted an increasing number of mortgage lenders and mortgage brokers to use credit risk scores in loan underwriting. Other industries began relying more heavily on FICO scores as well, such as auto lenders and bankcard issuers. Through consumers' interaction with brokers and lenders, the public became more aware of credit scores. The news media also began reporting on this as yet relatively unknown lender risk evaluation tool. Five years ago, market research showed an initiative to educate consumers about credit scoring was likely to fail due to lack of consumer interest. Once the wide use of credit scores made consumers receptive, however, Fair Isaac launched its consumer education initiative that has made it a leader in promoting financial literacy for all consumers. We believe it is instructive to briefly review the development of consumer credit education to show how Fair Isaac continues to respond to the need for financial literacy as consumers' awareness grows. The one constant has been Fair Isaac's commitment to the disclosure of credit scores in a way that equips the consumer with accurate, actionable information while avoiding the confusion that can be created from a misunderstanding of a complex topic. Initiative to Demystify FICO Scores On June 8, 2000, Fair Isaac announced its public disclosure of all the factors used in its FICO credit bureau risk scores. The list was made publicly available on the company's website for free, and remains free and accessible today at http://www.my fico.com/myfico/ CreditCentral/ScoreConsiders.asp. FICO Guide By late October 2000, Fair Isaac had developed and launched an online service called FICO Guide. FICO Guide provided a FICO score explanation when a lender or broker provided the consumer with his or her FICO score, the accompanying reason codes, and the name of the credit reporting agency that had calculated the score. FICO Guide was developed to offer consumers, and the lenders and brokers who served them, an interim score explanation service. While the Fair Isaac pursued several options for disclosing FICO scores directly to consumers FICO Guide was phased out shortly after Fair Isaac launched its score disclosure and explanation service 5 months later via myFICO.com. The First Online Consumer Service That Provides FICO Scores and Explanation Directly To Consumers On January 11, 2001, Fair Isaac and Equifax announced their agreement to create the first service that explains and delivers credit scores directly to consumers, accompanied by the underlying Equifax credit report and a score explanation by Fair Isaac. In their announcement, Fair Isaac explained, ``We will provide the tools to not only review an individual's credit information, but to help them understand how that data may be analyzed to predict the risk associated with a credit application.'' The companies began offering their new service online on March 19, 2001. Personalized FICO Score Simulation On May 21, 2002, Fair Isaac revolutionized consumer credit education when it introduced its FICO Score Simulator on www.myFICO.com, as a free service for customers who purchase a score explanation service.\6\ The FICO Score Simulator uses consumers' own credit information and FICO scores to help them see how specific future actions they might take could change their FICO score, and learn what's most important to achieve and maintain good credit health. Consumers can see how their FICO scores would respond to any of a variety of actions ranging from paying all their bills on time for the next month, to declaring personal bankruptcy. --------------------------------------------------------------------------- \6\ A sample of the FICO Score Simulator is accessible at http:// www.myfico.com/Content/Samples/ Sample_ScoreSimulator.asp?ReportID=1&ProductID=1. --------------------------------------------------------------------------- Fair Isaac Provides Considerable Free Credit Score Educational Information As noted above, Fair Isaac provides consumers with free educational information on FICO scoring directly from its website, and in booklet form.\7\ Free content on www.myFICO.com includes a weighting of the credit report factors evaluated by the FICO score so that consumers know what events or behavior has the greatest influence on the scores in general. The following is sample of free content, taken directly from www.myFICO.com.\8\ --------------------------------------------------------------------------- \7\ See Attachment 6 available free at http://www.myfico.com/ Offers/RequestOffer.asp. \8\ Accessible at http://www.myfico.com/myfico/CreditCentral/ ScoreConsiders.asp. <GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT> <GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT> The website's educational information also lists and discusses the kinds of information NOT included in calculating FICO scores.\9\ These extend well beyond the prohibited factors listed in the Equal Credit Opportunity Act. --------------------------------------------------------------------------- \9\ Accessible at http://www.myfico.com/myfico/CreditCentral/ ScoringWorks/FICOIgnores.asp. <GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT> The website also provides free advice on actions consumers should take--or avoid taking--to improve FICO scores over time.\10\ --------------------------------------------------------------------------- \10\ Accessible at http://www.myfico.com/myfico/CreditCentral/ ScoreConsiders/Tips/Amounts OwedTip.asp. <GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT> <GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT> Other educational information offered free to consumers on the website includes: Ways in which credit scores help consumers; information on credit reports and what to do if a credit report error is suspected; over 50 different financial calculators to help consumers manage their money; and, an extensive section of Frequently Asked Questions \11\ regarding credit scoring and the site's consumer products such as: --------------------------------------------------------------------------- \11\ Accessible at http://www.myfico.com/myfico/FAQ.asp. <GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT> Fair Isaac has also pioneered new tools to help consumers better understand what influences their scores and how their scores affect lender decisions. On March 6, 2002, the company introduced a free interest-rate service on www.myFICO.com that matches consumer FICO scores with current interest rates currently charged by lenders for 18 different types of mortgage and auto loans.\12\ The service helps consumers quickly understand how getting a better FICO score can translate into more attractive credit terms and significant dollar savings over time. The interest rate information is collected daily by Informa Research Services, Inc. --------------------------------------------------------------------------- \12\ Accessible at http://www.myfico.com/myfico/CreditCentral/ LoanRates.asp. --------------------------------------------------------------------------- FICO Scores are Readily Available to Consumers Today, Fair Isaac provides FICO<SUP>'</SUP> scores, directly to consumers through several distribution channels. These scores are always accompanied by key supplementary information that helps the consumer understand and use the score: The consumer's underlying credit report and Fair Isaac's personalized score analysis including the score range, where the consumer's score falls on that range, what factors contributed most to their particular score and how to improve their score given those factors over time. At www.myFICO.com, consumers can get their FICO score calculated from data in their credit report provided by any of the three national credit reporting agencies: Equifax, Experian, and TransUnion. For $12.95, the basic service provides the consumer's FICO score, Fair Isaac's personalized explanation of the score and suggestions for improving it over time, the underlying credit report information from which the score was calculated, and access to the FICO Score Simulator. In addition, the website offers several other services based on the consumer's FICO score: <bullet> FICO Saver for Homebuyers shows consumers how their FICO score and other information will likely be evaluated by mortgage lenders, and helps consumers realistically assess the maximum loan amount they can comfortably handle. <bullet> 3 Bureau Report with FICO score provides consumers with all three credit reports plus their FICO score calculated by TransUnion and Fair Isaac's score explanation, for a complete view of their credit history. <bullet> Equifax Credit Watch is the comprehensive credit-monitoring service for consumers concerned about the risk of identity theft. <bullet> myFICO Credit Advantage helps consumers track changes in their FICO score and credit report over one year. Fair Isaac has also worked with the credit reporting agencies such that those credit reporting agencies can also provide FICO scores directly to consumers, accompanied by the underlying credit report and Fair Isaac's personalized explanation and suggestions for improving the score over time. Today, Equifax and TransUnion both offer FICO scores and explanation service via their websites as well. FICO Score Explanation by Mail Fair Isaac has expanded its consumer education initiative to make FICO score education available to consumers who may not have convenient access or who choose not to obtain it over the Internet. Fair Isaac collaborates with Intersections, a company that provides credit information and credit-monitoring services to consumers both online and via U.S. Mail. This includes a 3-in-1 credit report that provides credit reports from all three bureaus, the consumer's FICO score calculated by TransUnion, and Fair Isaac's score explanation. In addition, Fair Isaac also works with a variety of businesses to create new channels that consumers can use to access FICO score-based consumer services and information. These businesses include some of the Nation's leading financial service providers, as well as financial management solution providers such as Quicken.com, and nonprofit credit counseling organizations such as Springboard and Consumer Credit Counseling Service of Santa Clara and Ventura Counties. Alerting the Public to FICO Score Availability Even though Fair Isaac has worked diligently to let consumers know what information about FICO scores is available, the biggest challenge remains getting the word out. Since June 2000, Fair Isaac has welcomed and encouraged media coverage on the importance to consumers of credit scores and Fair Isaac's efforts to empower and educate consumers with scores and related information. The media's response has been extremely helpful to consumers and includes articles and broadcast coverage in hundreds of outlets including The Wall Street Journal, The New York Times, USA TODAY, Newsweek, NBC Network News, National Public Radio, and The Today Show. Traffic at the myFICO.com site increases after each significant media event. On January 26, 2003, Fair Isaac promoted credit score awareness in a television commercial on credit scoring aired during the Super Bowl. The educational ad highlighted the importance of credit scores in determining consumer interest rates on mortgage and auto loans, and referred viewers to www.myFICO.com for more information.\13\ --------------------------------------------------------------------------- \13\ The ad can be viewed at http://wip2.space150.com/myfico/ myfico_future/. --------------------------------------------------------------------------- In a further effort to increase public awareness, this past May 5- 6, Fair Isaac hosted numerous consumer advocacy organizations for an intensive discussion on credit scoring and the best ways to reach consumers, especially underserved consumer groups, with credit scoring information that can help them improve their overall credit health. Participants included representatives from such organizations as Consumer Action, La Raza, and Operation Hope. Solutions to Improve Financial Literacy While there is a whole range of excellent score education material available to consumers today, there are improvements that can be made to solve problems that are inhibiting greater financial literacy of American consumers. Problem: Scores that are not commonly used by lenders are marketed to consumers looking for information to improve their financial literacy. Consumers, unaware of which credit scores are actually used by lenders to make decisions about credit, unknowingly purchase information about other credit scores that are not commonly used by lenders in making lending decisions. In some cases, purveyors of these credit score services launch massive marketing campaigns to induce consumers to purchase their score services without clearly disclosing the extent to which the scores they provide and explain are actually used by lenders. Consumers who unknowingly purchase such services may be confused when the credit score they purchase is different than the broad-based credit score used by their lender. In some cases, steps taken by the consumer to improve another score may not have the same effect on the credit score that lenders use. To be well-educated, consumers should understand the measure lenders are using, and know the score the lender will use to evaluate them. Colleges typically use the SAT score to evaluate students who apply for admission. Students know this and use that same score to decide where to apply based in part on which colleges might accept them. Although a different aptitude test might provide the student with some useful information, prospective students get the greatest benefit from knowing their own SAT score, empowering them to judge for themselves how they might be viewed by a college admissions office. The same is true for credit scores. Educated consumers should know and understand the credit score that lenders use. Solution: Consumer Choice and Education. We believe the solution to this problem is to educate consumers so they can make informed choices about purchasing score explanation services, and can decide what is most useful for them. The Senate can help consumers by improving upon the California score disclosure law \14\ upon which S. 1370 and H.R. 2622 are patterned and promote a policy designed to provide the score most likely to help consumers and empower consumers to choose the available score that will be most useful to them. --------------------------------------------------------------------------- \14\ Fair Isaac has consistently supported effective score disclosure legislation. Fair Isaac did so in testimony in May 2000, before the California State Senate Business and Professions Committee regarding S. 1607 has mandated credit score disclosure and eventually became California law. Fair Isaac again supported effective score disclosure in September 2000, in testimony before the U.S. House Subcommittee on Financial Institutions and Consumer Credit, including testimony that Fair Isaac, ``supports disclosure of scores to consumers provided that such disclosure is conducted in a manner that provides meaningful and helpful information to consumers.'' --------------------------------------------------------------------------- Problem: Consumers are confused because many of the scores provided to consumers as mandated by current State laws are not commonly used by lenders. Under current California and Colorado score disclosure law, the credit reporting agency chooses the credit score it discloses to consumers and, other than in the context of a residential real estate transaction, the consumer cannot choose to get another score, even if that other score is more useful to the consumer. Two of the three national agencies are disclosing their own proprietary scores in compliance with the California disclosure law and do not give the consumer the option to obtain other broad-based credit scores these agencies widely distribute to lenders.\15\ The proprietary scores these agencies choose to make available to consumers aren't nearly as widely distributed to lenders as others distributed by those agencies. --------------------------------------------------------------------------- \15\ Fair Isaac has agreements with one agency authorizing it to disclose FICO scores to consumers to comply with California and Colorado score disclosure laws. Fair Isaac is willing to enter into similar agreements with the other credit reporting agencies. --------------------------------------------------------------------------- Fair Isaac's consumer support line gets calls from consumers confused by scores other than FICO scores that they have obtained. For example, consumers have reported they have closed a number of accounts, after which the score they have obtained increased, but their FICO score did not. When we explain to them that the score they based their actions on was not a ``FICO'' score, their reaction is often a version of: <bullet> ``What good is that score if it's not what lenders use?'' <bullet> ``This is confusing people.'' <bullet> ``Why don't the bureaus provide the FICO score?'' In such circumstances, it is harder to help the consumer understand credit scoring because the confusion and frustration from the different score must be overcome before actionable education can begin. If consumers are given a choice of scores widely distributed by the agencies, there will be less confusion and more education. Solution: Provide the score that is most likely to be helpful, and give the consumer the right to get a different widely distributed score if the consumer so chooses. The consumer should be equipped with the credit score that can best help him or her learn how lenders evaluate credit risk, and empowered to choose from the broad-based credit scores that are widely distributed by the bureau. Existing legislative proposals should be improved by: (1) Adding the name of the credit score and the name of the third- party developer, if applicable, to the information about credit scores that credit reporting agencies must disclose to the consumer.\16\ With this information, the consumer is empowered to seek out additional, accurate information about the credit score that matters to them. It also empowers the consumer to effectively compare the credit score information it gets from the credit reporting agency to information from lenders and other sources. --------------------------------------------------------------------------- \16\ This requirement could easily be added to the disclosures proposed in Section 3(a) of S. 1370 and to H.R. 2622. --------------------------------------------------------------------------- (2) When a consumer requests the disclosure of a credit score, the credit reporting agency should be required to disclose the broad-based credit score it most widely distributes to lenders. In addition, put the consumer in control by allowing him or her to request and receive at their choice one of either: (i) A broad-based credit score that the credit reporting agency widely distributes to lenders, or (ii) the general education credit scores current State law and H.R. 2622 already allow the bureau to provide.\17\ Protect the credit reporting agency from uncooperative third-party score developers by adding another exception that would relieve the agency from the obligation to disclose the developer's score if the third-party developer refuses to authorize such disclosure at a reasonable fee. Limit the burden on the agency and the complexity of the regulation by limiting the disclosure requirement to one model from the agency and one model from each third party that develops models for broad-based credit scores widely distributed by the agency.\18\ --------------------------------------------------------------------------- \17\ This requirement could easily be added to the disclosures in proposed for Section 609(d)(2) by Section 3 of S. 1370 and to H.R. 2622. \18\ These protections could easily be added to the Limitations proposed for Section 609(d)(1) in Section 3(b) of S. 1370 and to H.R. 2622. The above suggestions to improve existing proposals add to the choice and education available to consumers without placing a significant, additional burden on either the credit reporting agencies or score developers. Nothing forces a third-party developer to make its score available. If the third party refuses to authorize disclosure at a reasonable fee, the agency has no obligation to offer the score. The number of different scores the agency must offer is limited because an agency must offer a score only if the score is a broad-based credit score that the agency widely distributes to lenders, and then only one score from each such third-party developer. Moreover, the legislation is flexible and will adapt as the credit scores used by lenders change. As a particular score becomes more widely distributed to lenders, it will be more useful to consumers and therefore it will be requested more often. When a new score becomes the broad-based credit score most widely distributed to lenders by that credit reporting agency, the score provided to consumers who do not exercise a choice will change to the score that is most likely to be helpful to the consumer. Existing score disclosure proposals can and should be modified to give consumers more choice and to continue to improve consumer credit education. Credit Score Regulatory Overview I will say to you that it is very important to us to maintain a system which enables those models and those technologies to advance, because if they don't we're probably going to find that costs--interest costs and availability for credit to the average consumer are likely to rise. Alan Greenspan, testifying about credit scoring at the July 15, 2003, House Committee on Financial Services Hearing on Monetary Policy. We believe that Chairman Greenspan can comfortably make the above cautionary statement because existing regulation and oversight by various governmental agencies is working well. Credit scores are one of many methodologies used by lenders to make better lending decisions, and every lender is required by law to use those methodologies in compliance with applicable laws, including the Equal Credit Opportunity Act. Regulation B, promulgated under the ECOA, prohibits lenders from using prohibited bases in the lending decision, such as race, marital status, religion, and national origin. Consumer reporting agencies do not collect that information, except what may be collected in accordance with identifying the consumer. That identifying information is not utilized in Fair Isaac's scoring models. Consumer reporting agencies collect data in five general categories. (1) Header information that identifies the consumer, such as name, address, date of birth, Social Security number; (2) Trade lines (for account information); (3) Public records; (4) Collections; (5) Inquiries. Fair Isaac's credit bureau scoring models do not utilize any of the header information in category 1. The OCC and other banking regulatory agencies have access to published Performance Charts for the Fair Isaac Credit Bureau Risk Scores. Fair Isaac periodically produces those Performance Charts (also called Validation Odds Charts) from new national credit bureau data samples used for model update purposes. These charts demonstrate and prove that the FICO score rank-orders consumers according to repayment risk. Clients for whom Fair Isaac develops custom models are provided a suite of development statistics with each custom model development so the client may share that information with examiners. These statistics demonstrate the rank-ordering of payment performance for the client's specific portfolio based on their specific definition of ``bad'' payment performance. Fair Isaac also provides information on the individual characteristics that make up the client's custom models. These statistics show the predictive content contained in each characteristic and illustrate why the scorecard contains the characteristic mix that it does. Fair Isaac also provides complete score tracking standards so that the client is able to monitor the performance of the model and scores, and track changes in the profile of their population over time. The OCC and other banking regulatory agencies have access to these performance statistics and tracking standards, as of course do the banks themselves. One way lenders are assured their use of Fair Isaac credit scores complies with existing regulations is the following warranty and representation found in Fair Isaac's contracts with the credit reporting agencies and end-user lenders: Fair Isaac, the developer of [insert score name], warrants that the scoring algorithms used in the computation of the [insert score name] Score are empirically derived from [insert name of ] credit data and are a demonstrably and statistically sound method of rank-ordering candidate records with respect to credit risk, and that no scoring algorithm used by [insert score name] uses a ``prohibited basis'' as that term is defined in the Equal Credit Opportunity Act and Regulation B (Reg. B) promulgated thereunder. Regulatory agencies charged with overseeing the safety and soundness of lenders have a variety of regulations pertaining to credit scoring such as the OCC's Bulletin 97-24, dated May 20, 1997. (accessible at http://www.occ.treas.gov/ftp/bulletin/97-24.txt ) Regulators are Well Trained to Oversee Lender's Use of Credit Scoring Fair Isaac has actively partnered with many regulators for many years to help ensure there is informed and effective oversight of the use of credit scoring. Office of the Comptroller of Currency Right after the above OCC bulletin was issued in June 1997, Fair Isaac hosted three representatives of the OCC at an interactive scorecard engineering meeting at which scorecard engineering was demonstrated to help the OCC understand the methodology used to develop credit scorecards. Fair Isaac has continued to work with the OCC since then, such as the 2-day seminar on April 10-11, 2002 in Dallas entitled, ``Making the Most of Scoring Tools.'' The seminar covered scoring concepts, model development, implementation issues, uses of scores in strategies across the account lifecycle, and tracking and validation. The seminar focused on both custom application risk models and Fair Isaac credit bureau risk scores.\19\ --------------------------------------------------------------------------- \19\ See Agendas, Attachment 7. --------------------------------------------------------------------------- Federal Financial Institutions Examination Counsel \20\ --------------------------------------------------------------------------- \20\ The FFIEC was established in 1978 and consists of the Chairpersons of the FDIC and the National Credit Union Administration, the Comptroller of the Currency, the Director of the OTS, and a Governor of the Federal Reserve Board appointed by the Board Chairman. The FFIEC's purpose is to prescribe uniform Federal principles and standards for the examination of depository institutions, to promote coordination of bank supervision among the Federal agencies that regulate financial institutions, and to encourage better coordination of Federal and State regulatory activities. --------------------------------------------------------------------------- On June 4, 2002, approximately 205 examiners from the Federal Reserve, OCC, OTS, FDIC, NCUA, and Farm Credit Administration attended a day-long seminar, ``Making the Most of Scoring Tools,'' covering scoring concepts, model development, implementation issues, and tracking and monitoring, and focused on custom application risk models and the Fair Isaac credit bureau risk scores.\21\ --------------------------------------------------------------------------- \21\ See Agendas, Attachment 7. --------------------------------------------------------------------------- Office of Thrift Supervision Fair Isaac has delivered a series of 2-day seminars for the OTS (November 2001, April 23-24, 2002, and October 15-16, 2002, April 22- 23, 2003) focused on the Fair Isaac credit bureau risk scores and pooled application risk models. Fair Isaac is scheduled to deliver another seminar in 2003 and two, 2-day seminars in each of 2004 and 2005. \22\ --------------------------------------------------------------------------- \22\ See Agendas, Attachment 7. --------------------------------------------------------------------------- Conclusion Fair Isaac is proud of its role in providing actionable credit score information to empower consumers to improve their financial literacy and is committed to continuing its efforts in both the regulated and private disclosure of credit scoring information. I thank you for the opportunity to share with you Fair Isaac's expertise and experience in this important area. ---------- PREPARED STATEMENT OF SCOTT HILDEBRAND Vice President, Direct Marketing Services Capital One Financial Corporation July 29, 2003 Chairman Shelby, Ranking Member Sarbanes, and Members of the Committee. My name is Scott Hildebrand and I am appearing before you on behalf of Capital One Financial Corporation where I serve in the capacity as Vice President for Direct Marketing Services. On behalf of Capital One, let me express my thanks to you for the leadership you have shown on this important issue. Capital One is one of the top 10 largest credit card issuers in the Nation, and a diversified financial services company with over 45.8 million customers and $60.7 billion in managed loans outstanding. In addition to credit cards, we are one of the Nation's premier auto finance companies, and also offer our customers an array of banking and related products. We employ nearly 18,000 associates worldwide, with offices around the country and overseas. We wish to commend you and the Congress on the work you have done to support financial education programs. Last year, President Bush signed into law the ``No Child Left Behind Act of 2002,'' making $385 million available to State educational agencies to encourage the sharing of best practices and the teaching of basic economic principles and personal finance. This Act put into place the resources that teachers need to teach basic personal finance and personal finance management skills to school-age children. We believe that this Act has served as a foundation for improving the Nation's level of financial literacy as the monies have put more schools in the position of being able to incorporate personal finance teaching into their curriculum. Informed Customers are Key to Capital One's Success At Capital One, we believe that a thorough understanding of financial matters not only helps consumers to make better decisions, but also helps to ensure the continued health of the financial services industry. In the banking business, there exists an age-old truism: Anyone can lend money; success is measured by whether you are paid back. We are not successful if our customers fail to manage their personal finances effectively, and thus are unable to meet their credit obligations. To borrow a phrase from legendary clothing retailer Sy Syms, ``An educated consumer is our best customer.'' Capital One's success can be attributed to its offering the most attractive products and pricing in the market today, including the lowest fixed credit card rate in the Nation of 4.99 percent, and auto rates as low as 3.89 percent. It is our belief that consumers who understand the benefits of these products will choose Capital One. Continuous Financial Education is a Vital Component of Our Customer Interactions Capital One believes that clear communication about its products and services is important to maintaining successful relationships-- ensuring better customer retention in a highly competitive environment. Therefore, each product is accompanied by basic information that covers how our cardholders can avoid fees, stay within their established credit limit, obtain copies of credit bureau reports, and understand how their annual rates are applied. Our best channel and most direct vehicle for reaching our cardholders is their monthly statement. We include financial tips that are pertinent to their account in prominent locations on the statement where it is most likely to be noticed. We have used this vehicle to inform cardholders of their account status and to remind them to make payments, check their bureau reports, and to monitor their credit line. Some sample messages include: Why does good credit count? Employers check credit references before hiring new people. Banks and leasing companies often base the interest rate they offer you on your credit rating. Achieving life goals such as buying a new car or owning your own home are facilitated by good credit. Credit bureaus keep information on your record for up to 10 years so a credit problem history can follow you around for a long time. Overlook your bill? Be sure to make your payment today. First-Time Cardholders Receive a Course on ``The Fundamentals'' Understanding that Capital One may be the first credit card for many college-age cardholders, we have built financial education into all product touchpoints. Upon activation of the card, college students receive a welcome booklet that explains the ins and outs of credit. Our message focuses upon the importance of building a positive credit history--making at least the minimum monthly payment by the due date each month, and making sure to always stay within the credit line. Following the welcome package, for their first year with Capital One, cardholders will receive quarterly reminders about the importance of maintaining good credit habits. Created with Myvesta.org and the Jump$tart Coalition for Personal Finance (Jump$tart), these reminders provide more detailed information on being cost conscious, understanding how interest and finance charges can add up, the cost of accessing cash advances, warning signs of having too much debt, obtaining a copy of credit bureau reports, and the importance of saving. Capital One has also joined forces with YOUNG MONEY, the leading quarterly money and lifestyle magazine for young adults, to provide information to our cardholders on improving their financial decisionmaking skills. In this first-time venture, Capital One and YOUNG MONEY will co-brand a website specifically geared to our cardholders. In addition, we will provide a free 1 year subscription to a select number of our college age cardholders. Because YOUNG MONEY's articles are written by college students for college students, the magazine's content addresses the financial concerns specific to this age group. YOUNG MONEY covers a variety of money related matters including: Money Management--Find the best ways to control your budget and pay off debt. Learn how to save money and cut your expenses. Investing--Ever wanted to invest in the stock market? Find out everything that you need to know before you invest your money. Financial Aid--Learn the best ways to finance your education. Get tips on finding and winning scholarships, applying for student loans, and more. Credit and Debt--Manage debt the smart way--check out tips about credit cards, debt control, and credit reports. Careers--Find career-building resources, and read about successful job searches, interviews, and resumes. Consumer Issues--Learn to be a smart consumer by spotting credit- repair scams, Internet service rip-offs, and fraudulent business ``opportunities.'' Our basic website for young adult cardholders has a range of education topics and includes a listing of frequently asked questions that covers maintaining good credit, avoiding fees, dealing with creditors, and the difference in variable and fixed rates. There is also contact information for all three major credit bureaus so customers can track the progress their making in building good credit. Upon instances when our young adult cardholders miss a payment or go over their credit limit, we will forward them a warning e-mail that outlines the importance of paying on time and/or staying below their limit. Information Is Available to All Consumers Online We have also placed a ``Financial Tool Box'' on Capital One's website, which includes guides, articles, and calculators that give consumers a better understanding of how to use our products. Articles include: How Credit Works and Your Credit Rights--As a current cardholder, you no doubt have a firm grasp on how credit works. However, your card comes with several important, built-in legal benefits you may not be aware of. The law protects many of these ``credit rights.'' Your Credit History--Your credit report does more than track your credit and how you pay your bills. It represents your financial profile, and it can affect more than just your ability to obtain additional credit. Managing Credit and Key Strategies for Money Management--The key to managing your credit is control--control of how much you spend on credit, how quickly you pay it back, and the types of items you purchase. Credit is not a financial cure-all. Used the right way, however, it can help you afford certain purchases and build a powerful credit rating. Safeguarding Credit and Learning how to Protect Your Credit from Thieves--We provide a number of tips for consumers to avoid identity theft and provide them with the steps they will need to take if they should ever become a victim. Our customers also have access to their accounts online where they can view recent transactions and available credit, see payment due dates to help avoid late penalty fees and update account information. Capital One Seeks to be Part of the Solution on Financial Education Our efforts to improve financial literacy are not limited to our existing customers. Capital One has invested considerable time, effort, and money to develop innovative and far-reaching programs to improve financial education. Capital One's Financial Education Activities Have Been Designed With a Focus on Effectiveness and Impact Capital One's business success has been driven largely by a highly analytical ``test and learn'' culture that seeks to customize products and services to the specific needs of individual consumers. Our founders realized that a ``one-size-fits-all approach'' makes little sense in an environment where each consumer possesses vastly different needs and characteristics. This ``test and learn'' culture pervades everything we do, from designing our products to meeting the needs of our associates. Not surprisingly, it also influences profoundly how we have chosen to tackle the important issue of financial education. Several years ago, we undertook a major corporate initiative to develop a financial education program. Following the Capital One method of doing business, we started by surveying the market to assess the delivery and methodology used by existing financial education programs. Our research revealed a high level of activity using a wide variety of approaches. While looking for information regarding best practices, we found limited understanding of what types of programs were most effective for which populations. We read training materials that were attractive visually, but we wondered if the language used was too complicated to reach the target populations. We also found quality materials without an effective method for getting the materials to market. Finally, we observed a limited amount of measurement and evaluation in the programs to assess their effectiveness. As a result of our research, we initially decided to focus on those most in need--lower-income and underbanked populations. We spent time thinking about two key goals: First, how to develop content that would be read and understood; and second, how to develop a delivery method that would effectively reach our targeted populations. As a result, we decided the best approach would be to find a strong nonprofit organization with whom we could partner--an organization that would bring expertise in materials development and have existing relationships with community-based organizations who are best situated to reach underserved communities. Capital One Has Formed a Partnership With Consumer Action Following the research and development of our program goals, we contacted Consumer Action (CA) to discuss the feasibility of developing a partnership related to financial education for lower-income communities. Founded in 1971, CA has a long history and strong record of work in this area. Because CA is an umbrella organization whose membership includes more than 7,000 community-based nonprofit organizations throughout the country, we were confident that delivery of the materials to reach our target consumers could be achieved. Since beginning our partnership, we have developed a highly effective collaboration that has produced measurable results. Capital One has donated approximately $1.25 million to create and implement MoneyWi$e, a program that offers straightforward, easy-to-read information to address financial responsibility. Together, we have created a four-part series of MoneyWi$e educational materials that provide the building blocks for developing and honing personal finance skills. These four brochures focus on key financial education issues, including: Building Good Credit--Explains what credit history is, what a credit report is, how to get your credit report, how to establish good credit, and where to complain if you have a problem. Credit Repair--Explains why having good credit is important, your rights if your credit application is rejected, how to check your credit report, how to dispute mistakes on your credit report, and how to begin to rebuild good credit. Basic Banking--Discusses the fundamentals of banking, from opening a bank account to balancing a checkbook, and includes tips for resolving problems such as mixed up deposits and bounced checks. Basic Budgeting--Explains the importance of wise money management, including budgeting, balancing your checkbook, cutting back on expenses, and ways to spend less and save more. Capital One's financial support of this program ensures that these materials are provided to nonprofit organizations and consumers free- of-charge. In addition, we feel it is critical that they be offered in multiple languages to ensure that we reach immigrant groups, many of which have had negative experiences with banks in their home countries and are vulnerable to unscrupulous financial service providers. The materials are available in four languages in addition to English including Spanish, Chinese, Korean, and Vietnamese. Through CA, materials are available to their membership of their more than 7,000 community organizations nationwide, as well as directly to consumers via mail or the Internet. I am proud to report to date the distribution of these multilingual materials totals more than 1 million brochures. Our plans for later this year include creating and distributing information on two additional topics: The first is a guide for parents on talking to teens about money and the second is about understanding bankruptcy. Capital One and CA also joined forces to develop a ``train-the- trainer'' program for community-based organizations. We liked this approach because it enabled us to leverage the talents of other organizations to achieve a higher impact at the local level. Together with CA, we were able to develop curricula that focus on the key issues contained in the brochures. The results have been phenomenal. To date, more than 800 nonprofit organizations across the country have requested the information. They have included a wide variety of types of organizations such as university cooperative extension offices, consumer credit counseling service organizations, and community development corporations. During the fall of 2002, Capital One and CA co-sponsored Statewide meetings in Tampa, Florida and Oakland, California to train the leaders of nearly 75 community-based organizations in each location to use the MoneyWi$e materials in their communities. The 2-day meetings included sessions to review the materials and train participants on teaching adult populations. They were interactive and included many hands-on activities designed to reflect real-life situations. A follow-up survey on the training sessions found a high satisfaction level among participants. We have two additional meetings planned for later this year; one meeting will take place in Dallas and serve agencies throughout Texas and the other will take place in the District of Columbia and serve agencies in the metropolitan area. We have also strengthened the program by offering stipends to 18 nonprofit organizations around the country that are starting to teach financial education to their constituents--the grants provide them with the funding they need to staff and provide additional resources. We anticipate reaching approximately 60,000 consumers through the reach of the program. This month, the MoneyWi$e partnership received the Achievement in Consumer Education award by the National Association of Consumer Agency Administrators. We Have Engaged the Talent of our Employees To Deliver Financial Education to our Local Communities Capital One believes in the value of employee involvement in community service. We have a long-standing focus on company-sponsored volunteerism in the areas of youth-at-risk, education and community development. Therefore, it made sense to incorporate financial education into our volunteer activities as we were developing our program. Trained by CA and equipped with materials and a training/curriculum manual, Capital One employees pilot-tested this approach in its home communities of Richmond and Northern Virginia. Our volunteers have contributed approximately 250 hours to teach the information to constituents of several nonprofit organizations. Because of the overwhelmingly positive response from employees, the program is being expanded to other Capital One sites around the country. Capital One Focuses on Youth Through Its Partnership With Jump$tart Five years ago, to align our financial education program with our philanthropic focus on helping youth-at-risk, we joined Jump$tart. The premise behind our support of this program is simple: We believe in their mission to teach financial education in the public schools. And the most effective method for reaching a wide population, including lower-income children, is through a public education program. Based on this belief, we provided financial support for the integration of Jump$tart's Money Math curriculum into the Virginia school standards. Through this effort, we hoped to provide another tool that Virginia teachers can use to teach their students about personal financial management. At a press conference last Spring, the U.S. Department of the Treasury's Office of Financial Education recognized Capital One for this effort. Targeting and Reaching College Students There has been a tremendous amount of concern expressed about college students and the need for financial education. Capital One shares this concern and has developed a unique method to reach this population. Specifically, we decided to experiment with a method that utilizes students' relationships with their peers. Last year, we piloted MoneyWi$e for College Students, a ``train-the-trainer'' program that teaches college students how to become ``money mentors'' and deliver personal finance curricula to other students at their colleges or universities. MoneyWi$e for College Students is a program whereby student leaders use their influence to educate fellow students about how to make informed credit decisions. Currently, the program is delivered on three college campuses including the University of South Florida, Texas A&M University, and Washington State University. Because of the success of this test, we are currently in talks to expand the program to additional universities this coming fall--we have received interest from the University of Maryland, Pennsylvania State University, and the University of Alabama. The workshops cover a broad range of topics from how to maintain a checking account to understanding credit reports. In addition, students attending the workshops receive informational brochures focusing on basic money management. Capital One sets up a page on the website of participating universities that links to Visa's Practical Money Skills. The training program results reported by participating students has been impressive: <bullet> 100 percent would recommend the program to other students. <bullet> 100 percent reported that the program improved their understanding of basic money management concepts. <bullet> 84 percent indicated that the program taught skills and concepts that were new to them. <bullet> 95 percent rated their impression of Capital One and Visa as ``very or somewhat positive.'' We Encourage the Media To Report on Financial Topics To Help Educate the Public Capital One has sought to utilize the media to provide the public with tools to better manage their finances. All of our fact sheets are available on our website's press center, and serve to encourage reporters to write stories on these topics. Earlier this summer, we ran an auto buying campaign that advised consumers to prepare carefully before buying this big-ticket item. This campaign made 26.8 million impressions and was covered by print, television, and radio reporters. Other campaign efforts have focused on key life events: (1) The back-to-school shopping ritual and importance of parents explaining to their kids how to budget; (2) what newlyweds need to be aware of when they first tie the knot; (3) budgeting for the holidays; and (4) staying fiscally fit, in general. Financial Services Industry Continues To Increase Its Focus on Financial Education Thankfully, we are not alone in our efforts. According to the Consumer Bankers Association (CBA) annual survey on financial literacy, the number of financial institutions sponsoring or partnering on financial education initiatives continues to increase year after year. Not surprisingly, these programs have focused on the most vulnerable segment of consumers. Youth The CBA survey confirmed that there is a strong effort among banks to advance personal finance skills among youth. Seventy-seven percent of responding banks indicated that they offer financial literacy programs for students in grades K-12, organizations like Jump$tart, the national ``Adopt-a- School'' program, and employees/student mentoring. At the post- secondary level, 26 percent of financial institutions offer financial education programs on college campuses. The Unbanked For the first time, CBA polled banks on their efforts to address the financial services needs of the unbanked. Seventy-four percent of responding institutions indicated that they offer Individual Development Accounts to such consumers. Fifty-seven percent of responding banks indicated that they have developed a personal finance program or initiative specifically designed for unbanked consumers. Recent Immigrants and Multilingual Consumers In addressing the particular needs of a major segment of the unbanked population--immigrants and non-English speaking consumers--70 percent of responding banks indicated that their institution provides financial education programs, basic banking literature, or educational brochures in a foreign language, primarily Spanish. Particular attention is being paid to small business development, which has shown a significant upward trend in the percentage of banks offering such programs. This year, 79 percent of responding banks indicated that they sponsor or partner on programs aimed at providing small business development assistance. Conclusion At Capital One, we believe in the principle that knowledge is power. It is that power that will enable the American consumer to make better choices about their personal finances. Our products work best if our customers manage their finances responsibly. Put another way, the less our customers know, the more likely they are to find themselves in financial trouble. When these customers cannot pay their bills, we bear the loss. Higher losses in turn, leads to higher costs for everyone. For Capital One, ``educated consumers''--customers who know the annual percentage rate they are paying, who know when their bills are due, and who know and understand how to manager the products we offer--are our best customers. Mr. Chairman, Ranking Member Sarbanes, and Members of the Committee, thank you again for the opportunity to testify before you. I would be happy to answer any questions you may have. RESPONSE TO WRITTEN QUESTION OF SENATOR SARBANES FROM DOLORES S. SMITH Q.1. I have introduced S. 1470, the Financial Literacy and Education Coordinating Act. What are your views on this legislation? A.1. The development and adoption of a national strategy for improving financial education and knowledge in this country is a significant public policy undertaking, and the proposal for a Financial Literacy and Education Coordinating Committee merits strong support. A committee of decisionmakers from across the spectrum of Federal agencies will bring high-level visibility to the Government's promotion of financial education and knowledge for all Americans. Drawing State and local agencies, along with private-sector organizations from industry and the nonprofit world, into the collaborative-consultative process adds an important dimension to the undertaking. While collaboration among agencies already takes place, having a formal mechanism for the development and coordination of a Federal strategy would strengthen the process in a number of ways. It would facilitate the sharing among agencies and others of information on financial education activities; promote interest in and support of needed research for testing the effectiveness of different approaches to personal financial education; and foster increased engagement in financial education initiatives. Coordination through the Committee also could help minimize duplicative efforts at all levels, and assist in directing agency resources to where they are most needed or where they can be most productive. ADDRESSING MEASURES TO ENHANCE THE OPERATION OF THE FAIR CREDIT REPORTING ACT ---------- THURSDAY, JULY 31, 2003 U.S. Senate, Committee on Banking, Housing, and Urban Affairs, Washington, DC. The Committee met at 10:20 a.m., in room SD-538, Dirksen Senate Office Building, Senator Richard C. Shelby (Chairman of the Committee) presiding. OPENING STATEMENT OF CHAIRMAN RICHARD C. SHELBY Chairman Shelby. The hearing will come to order. Secretary Snow, good morning and welcome to the Committee. We appreciate you coming here today to express the Administration's views on this important subject. Today, the Committee comes to the final in a series of hearings that we have held on the Fair Credit Reporting Act. We adopted this, process because the FCRA, the Fair Credit Reporting Act, is a complex statute that regulates a complicated and dynamic component of the marketplace that is crucial to the operation of our economy. It is my hope that we have met our responsibility of conducting a comprehensive review. In the near future, we will begin developing legislation to address the matters identified as issues during our hearing process. Drawing upon what we have learned from our many witnesses, we will approach this task with the perspective that while the system is generally pretty good, I think it can and must get better. I believe we have identified real questions about the level of accuracy in credit reporting. There are numerous issues associated with the insidious crime of identity theft. There are areas where consumers need more opportunities to make their own choices and greater information to make informed decisions. Last and perhaps most importantly, we are faced with the question of how best to ensure that with constantly evolving credit markets, the maximum fairness, accuracy, and efficiency is consistently achieved. To help move toward solutions, today's witnesses are here to provide their views regarding these and other issues. I think there is much for the Committee to gain from their input. In our first hearing, I expressed the view that it should be our goal to ensure that the Fair Credit Reporting Act produces the most effective, efficient, balanced, and fair system achievable. As we close the hearing process, I remain hopeful that we can meet this goal. Again, I want to thank Secretary Snow, Secretary of the Treasury, for being here, and I look forward to yours and other witnesses' testimony. Secretary Snow, your written statement will be made part of the record in its entirety. You proceed as you wish. STATEMENT OF JOHN W. SNOW SECRETARY, U.S. DEPARTMENT OF THE TREASURY Secretary Snow. Thank you very much, Mr. Chairman, and Members of the Committee. It is a pleasure to be here with you today to talk about a subject that is critically important to the way our credit markets and financial institutions work in the United States. We have submitted a proposal to strengthen the use of the Fair Credit Reporting Act in a way that I think promotes consumer interest and continues to make access to credit and other financial services available at a low cost, and to Americans who are seeking credit. It is important to understand that these uniform national standards for information sharing operate in a very fundamental way to expand the opportunity for consumers to get access to credit and to a broad range of financial services. What they really do is allow you to take your reputation with you as you travel around the country. America is a very mobile society. Something like one-sixth of the American families move in a given year. As you move, you leave the place where you are known, you move to another State, another city, you can get credit. You can buy a house. You can buy an automobile. You can go into a store and easily get credit because your reputation follows you around and you do not have to start from scratch, and that is critically important in a mobile society like the one we have in the United States. These national uniform standards really play a critical role in making the miracle of modern credit available. From 1995 to 2001, the percentage of minority families--and I think it is important to recognize the impact they have on minorities and people at the lower-income levels--holding mortgages increased significantly. One-sixth of minorities who qualified for mortgages in 2001 would not have qualified, would not have qualified in 1995, and we see a higher rate of improvement in homeownership among minorities than we do for the overall percentages. Similarly, the percentage of minority families with credit cards has risen very, very substantially and disproportionately to the population as a whole. That is a credit to what these uniform standards make possible. But there are problems in this world of credit, and the most serious worry for financial consumers today is, as you all know, identity theft. A recent private study reports that identify theft has been greatly under reported, and according to this study, as many as 7 million Americans were victims of identity theft last year. Of course, once you lose your identity, many enormously bad things happen to you and it is very difficult to get your good identity back, and you are put through a hellish period. Many identity thieves specifically target the most vulnerable members of society: That is, families of the recently deceased, hospital patients, men and women serving in the U.S. armed forces that are away from home. Our national information sharing system, made possible by the Fair Credit Reporting Act, is an important tool in this fight against identity theft, and it can be made even more effective. With the right information about your true identity, financial institutions can ask the validating questions that can unmask the identity theft and the identity thieves. In other words, the banker, our bankers and your bankers, can stop the identity thief if that banker or that financial institution knows more about you than the thief does. That is part of what we are trying to do with our recommendations, is to put the banks in that position. National uniform standards make timely access to full and accurate information possible, giving the financial institutions the tools to stop many identity theft assaults before they can succeed. In other words, seeing the information moving faster than the thieves can move, and getting ahead of the thieves. On June 30 this year, I announced the Administration's proposal to remove the sunsets on the uniform standards, and focus these standards, and the FCRA itself, even more effectively on meeting two key consumer interests, the interest in improved access to credit and financial services and the interest--and I know this is important to every one of you on the Committee--the interest in the accuracy and the security of financial information. Let me just quickly go through a few highlights of our proposal. First, we would recommend making free credit reports available upon request. They are of course available today under certain circumstances, but we think that an annual free credit report from the credit reporting agencies is appropriate. A basic tool to place in the hands of the consumers is access to their credit reports. As I say, once a year upon request, free of charge, doing so we think would enhance the accuracy and the completeness of the credit reports. We think the credit reporting agencies have an interest in engaging the users, the consumers, to make sure that those reports are accurate. Making these free reports available annually upon request will do just that because then the consumers can correct those reports if they see an error in them. Second, we would propose a system of national security alerts. Under this system, uniform standards would include allowing consumer who have been victimized or who are in danger of being victimized, to put banks and merchants on guard against the efforts of those who may be trying to impersonate them. Third, we would propose a system of red flags. This is a related effort in which we suggest bank regulators should watch for patterns followed by identity thieves, and put in place red flags that indicate the likelihood of fraudulent activity, and share this information with each other so that the whole group of financial regulators are part of the effort to share information, put up red flags and make it tougher for identity theft to occur. Under our proposal, the regulators would provide notices of these red flags to the institutions that they supervise, and would verify in their bank examinations that these warning signs are being heeded, and that the banks are really following the red flag indicators, and they will be empowered to fine those institutions where there is lack of appropriate attention to the red flags. Finally, fourth, because we have other suggestions, and I am just giving you the highlights here, we would propose a prohibition on the sale or transfer of identity theft debt: That is, once an institution has been notified that there is a threat of an identity theft, that institution would be precluded from going off and selling that debt. So, we would propose prohibiting the sale or transfer of debt for collection that a creditor knows is the result of identify theft. This measure would help reduce the repollution, if you want to use a word, of consumers' credit files with wrong information, and save consumers countless hours of needless hassle in trying to restore their good name. We look forward to working, Mr. Chairman, with you, Ranking Member Sarbanes, and all of the Members of the Committee, to ensure that the Fair Credit Reporting Act becomes an even more effective tool to meet the financial interests of America's consumers. Thank you very much for the chance to be here today. Chairman Shelby. Thank you, Secretary Snow. Mr. Secretary, during the course of the Committee's review of the Fair Credit Reporting Act, the Banking staff asked the General Accounting Office to perform an analysis of the accuracy of credit reports. The GAO has just come back with these results, which will be included in the record here today. The chief finding of the report by the General Accounting Office was that only limited and to some degree contradictory information was available with respect to the overall accuracy of credit reports. Specifically, GAO concluded, ``Information on the frequency, type, and cause of credit report errors is limited to the point that a comprehensive assessment of overall credit report accuracy using currently available information is not possible.'' This is troubling, concerns us. In order for us to know where things stand presently, and to know the direction that the new Fair Credit Reporting Act provisions would take things in the future, including measures such as one you have outlined, Mr. Secretary, we need some independent data to make informed determinations. Considering the importance of credit reports to the credit process, Mr. Secretary, is it not worth the effort to get an objective understanding as to how accurate the reports are? Secretary Snow. Absolutely, Mr. Chairman. I agree with you. It is important, though, I think to distinguish what features of the report are inaccurate. Chairman Shelby. Absolutely. Secretary Snow. Understand I am not an expert on this, but there are people at the Treasury that I have talked to who are, like Mr. Abernathy, who indicate that some of this information is fairly trivial and some of it is not. Chairman Shelby. What is substantive and what is trivial? But a lot of times it is substantive, and really accuracy goes to the heart of the report, does it not? Secretary Snow. I think having better understanding of this whole question is very important. I think the credit agencies themselves have a real stake in having better information, and in creating greater trust in the accuracy of the information. I share your concern about this. Chairman Shelby. Mr. Secretary, the Administration, which you are part of as Secretary of the Treasury, has recommended permanent extension of the preemption provisions. In some of our discussions with stakeholders involved with issues related to the Fair Credit Reporting Act, we have been told that many, if not most, of the positive developments they have seen have come just in recent months as we have been holding these hearings, when the shadow of reauthorization loomed largest. I guess this is common sense. Do you think, Mr. Secretary, that at a minimum, the process of reauthorization tends to serve as a force that motivates interested parties to perform at a higher level, both here and in the marketplace? Secretary Snow. I think being subject to scrutiny certainly heightens one's attention and serves a useful purpose. Chairman Shelby. Absolutely. Is it worth noting, Mr. Secretary, that even at the time when the Fair Credit Reporting Act reauthorization is being considered, when you would think that everyone associated would be on their absolute best behavior, whatever that is, the FTC just completed an enforcement action and levied a significant fine against one of the big credit bureaus for failing to meet basic responsibilities with respect to handling consumer complaints. With that in mind, will the necessary incentives remain if reauthorization is permanently taken off the table, or should we make sure that we provide some type of legislation to keep people on their toes? Secretary Snow. I think what we are trying to do in our proposal is create the right incentives for the whole system, that whole complex system of furnishers, scorers, and the credit reporting agencies, and the consumers themselves, to work in a more effective way, to create incentives for the whole system to work more effectively. We strongly support removing the sunsets, but recognize in removing the sunsets that Congress will continuously review, as you are doing today on how the system is working, and whether it is working well to protect consumer interest, and whether it is working well to make credit available at low interest rates. I think you have ample authority here and ample ability to continue to police the system and create yourselves, through that oversight, the right incentives. Chairman Shelby. Mr. Secretary, lastly, we heard testimony here that consumers are not all that well versed in the area of credit reporting, and I think the proposal to allow--that you just mentioned--free access to their credit reports will certainly help improve things. I also think it is almost as important here to make people aware of their right to a free report as it is to provide them the right in the first place. In other words, if you give them the right--you have talked about free reports--but they have to be aware of that right, which I think would really help in identity theft, would help clear up misunderstandings and probably have a lot of positive things in it. Do you disagree with that? Secretary Snow. No. I agree very much. At the Treasury, we are engaged in this important effort on financial education which I think is central to---- Chairman Shelby. If they have a right, they need to know they have that right. Secretary Snow. Exactly. I think broader understanding of the financial system and people's rights under it, is important, I agree. Chairman Shelby. Senator Sarbanes. COMMENTS OF SENATOR PAUL S. SARBANES Senator Sarbanes. Thank you very much, Mr. Chairman. Mr. Secretary, we are pleased to have you here before the Committee. I am going to take advantage of the fact that you are here to digress for just a moment. I was following this bus tour that you and Secretary Chao and Secretary Evans were making out there in the Midwest, running around the countryside, and I noticed you indicated that you thought the Chinese Government needed to allow its currency to strengthen by widening its trading ban against the dollar. We have followed this issue of currency manipulation closely in this Committee, and I welcome that statement on your part, but I want to underscore just how important I think it is. In fact, when we enacted the Omnibus Trade and Competitiveness Act in 1988, it requests the Treasury--this has now been in existence some 15 years--requires the Treasury to submit a report to Congress on international economic and exchange rate policy by October 15 of each year. The Act requires the Secretary of the Treasury, ``to analyze on an annual basis the exchange rate policies of foreign countries and consider whether countries manipulate the rate of exchange between their currency and the U.S. dollar for purposes of preventing effective balance of payments adjustments, or for purposes of gaining unfair competitive advantage in international trade.'' I just have some process questions. One, do you anticipate submitting that report on time, by mid-October? Secretary Snow. Yes, we do, Senator. Senator Sarbanes. And will the report contain the required analysis of exchange rate manipulation? Secretary Snow. Yes, it will. Senator Sarbanes. The Act requires the Treasury Secretary to testify before Congress on the report if requested, and I think Chairman Shelby has indicated his desire to have such testimony, so presumably you would anticipate testifying before the Committee on the report? Secretary Snow. Yes, indeed. Chairman Shelby. Senator, would you yield for a second on that same thing? We had Secretary Snow coming earlier in July, but he was traveling with the President, as I understood, so we postponed this hearing, did not cancel it, and added it to the October hearing schedule. I understand that the Treasury will be releasing the next exchange report in October, and that Secretary Snow then would address these issues when he appears before the Banking Committee at that time. Is that right? Secretary Snow. That is absolutely right, Mr. Chairman. Senator Sarbanes. I just wanted to indicate a number of us are looking forward to that hearing. We think it is an extremely important one in terms of international economics, and we are looking forward of course to the report and the analysis, which the Treasury people will be making, of this possibility of seeking unfair competitive advantage in international trade by manipulating the currency exchange rates. Mr. Chairman, I was not here right at the outset, but I wanted to take a moment to commend you for holding this series of hearings on the Fair Credit Reporting Act. I think each and every one of the hearings has been extremely productive, and I particularly commend the comprehensive approach you have taken in examining these issues, and also the wide cross-section of interests that have been represented by the witnesses you have invited to the hearing table. I think it has given us some valuable insights into the workings of the Act as we consider solutions to the various issues that have been raised. As I noted at the outset, when we started, the Fair Credit Reporting Act, really at its core is a consumer protection statute. I think it serves a very fundamental purpose helping to ensure the privacy of consumer financial data, the accuracy of credit report information, and fair practices in the collection and the use of credit information and then credit granting. It is very important to literally tens of millions of Americans that we work to ensure fair, accurate, and effective credit reporting practices as we consider reauthorizing the preemption provisions of the Act. Mr. Secretary, during these hearings we have received a number of recommendations for improving the operation of the Act. These suggestions have included--and I am going to go through a list of the summary headings, I guess. Beneath the summary headings there is obviously important questions of what are the details? The devil is always in the details, and I recognize that, and I am not going to, at this moment, get down to that level. But as I go through these summary headings, I just want to get some sense if there are any of them that you think are not an appropriate item for us to be looking at as we consider this reauthorization. Combatting fraud and identify theft; clearly, you have made that a lead item in your own statement. Secretary Snow. Yes, I have. Senator Sarbanes. Protecting consumers' financial privacy. Secretary Snow. Certainly protecting the accuracy, security, and that translates into privacy information, is very important, yes. Senator Sarbanes. Clarifying the credit scoring process and the use of credit scores. Secretary Snow. Yes, we have recommendations in that area as well. Senator Sarbanes. Improving the accuracy of credit reports, which of course relates to the one I just asked. Secretary Snow. We have recommendations there as well, yes. Senator Sarbanes. Improving consumers' understanding of the credit reporting process. Secretary Snow. Very much so, as I responded to the Chairman earlier, yes. Senator Sarbanes. Combatting abusive marketing practices. Secretary Snow. Yes. Our proposal deals with that as well. Senator Sarbanes. Finding ways to improve the financial literacy and education of all consumers. Secretary Snow. Yes, certainly. Senator Sarbanes. You have an office in the Department of the Treasury addressed to financial literacy and education. We have introduced legislation to set up a coordinating committee within the Executive Branch of the Federal Government to be headed actually by the Secretary of the Treasury, and to be staffed in effect by this office in your department. We had a number of agencies here the other day, all of whom work on consumer literacy and consumer education. As you know, from the Trade Promotion Coordinating Committee, we did a comparable thing in that area. I do not know whether you have had a chance yet to fully review that legislation. Secretary Snow. Senator, we support the broad thrust of what you and the Chairman are putting on the table here. There is an office that reports to Assistant Secretary Abernathy that deals with this broad question of financial literacy. We want to see that office become even more effective, even stronger in its capacity to deal with this issue. It is a critically important issue. I agree with you. Senator Sarbanes. Thank you very much. Thank you, Mr. Chairman. Chairman Shelby. Senator Bennett. COMMENTS OF SENATOR ROBERT F. BENNETT Senator Bennett. Thank you, Mr. Chairman, and I echo Senator Sarbanes comment about the thoroughness and the wisdom of this series of hearings. My experience on the Banking Committee, I do not know of any legislation that has had a series of hearings that has been as comprehensive as this and had witnesses from across the spectrum the way this one has, and now we are culminating in the statement from the Secretary, and I applaud you for the methodology of putting this together. If I can pick up on what Senator Sarbanes was saying, I listened very carefully to the list of items on which he focused, and there were a few things that I would like to add to that list. I will not suggest that Senator Sarbanes overlooked them. I will just suggest that I focused on them. In your testimony, you outlined what has happened since the Fair Credit Reporting Act has been in place and the amount of credit that is available to people that presumably was not available before and how it has facilitated the extending of credit, particularly to groups that were left out of credit earlier. As I have said at one of our previous hearings, I remember when I was sitting where Senator Corzine is sitting now, as a very new member of this Committee, and there is hope, Senator, that it moves really fast to come around the horse shoe. [Laughter.] The main issue that we were discussing at the time was availability of credit, particularly for minorities. And we were beating people up who would come before the Committee for the fact that credit was not made available. Their defense was, well, many of these people are not good credit risks. Now, by virtue of information about them and their credit habits being made widely available, we have discovered that they are better credit risks than the institutions thought they were and that credit is now being made available. I raise that because part of the testimony we have had here has suggested that if we do not extend the Fair Credit Reporting Act in essentially the same form that it has been in during this period of success, we run the risk of having credit begin to dry up for certain people; in other words, we protect in the name of consumer protection, information to the point that it is not available and credit extenders then say, well, I cannot take the risk because I do not have the information. I am particularly focusing on the preemption clause with respect to that, and I love your statement when you said this allows you to take your reputation with you when you move. We have had testimony before the Committee that indicates that the number of Americans who move every year is in the tens of millions, and this is one of the challenges of the credit reporting agencies to keep up with people. And many of the errors that are in their files are errors of wrong addresses, wrong employers, et cetera, because the information does not catch up with the fluidity of the American workforce. I have had the experience of moving from one State to another prior to the Fair Credit Reporting Act and discovering it was extremely difficult to get a mortgage in the new State. Fortunately, my family was fairly well known in Utah. I had moved back to Utah after a period of 24 years away, and it took my father going down to the credit reporting agency or to the financial institution with whom I was dealing and laying down his credit as a guarantee of mine, having just moved from California, in order for me to get a loan, and now I can take that reputation with me. Let me shift with that now to one quick question for you, and maybe we will get around to a second round on some other issues. Free credit reports on request. I back this. I think it is a very logical thing, but again let us get into the details. We are asking the credit reporting agencies to give away their product. That which they charge for, that which they earn their money on, we are saying you have to give this away. And as long as they are giving it away to a relatively small percentage of the people whose names are in their files, they can handle that. But as we drive toward getting them to give away their products to more, and more and more people, it raises all kinds of questions about who is going to pay for it eventually and will some enterprising providers of credit say, look, you ask for your credit report and bring it in along with your application for a loan, so I will not have to ask for it, and therefore I do not have to pay for it. Have you given any thought as to what can be done to deal with the cost implications of saying to an entire industry, by law, we are going to require you to give away your product to a certain portion of the economy while you are trying to sell it to another? Secretary Snow. Senator, those are good questions, and we have thought about them. Today, of course, the credit reporting agencies are required to make those free reports available under a number of circumstances, and they do. The one change we are making is to make the annual-upon-request requirement, put that in place. I do not think, I mean, we have heard from people who raised the issues that you raise, and I think they are legitimate issues. In fact, they are issues I raised when I first heard about this proposal inside the Treasury Department. As I have thought about it, on balance, I think it still makes good sense and will not lead to an untoward burden on the credit reporting agencies. I think we have to be on guard for the unintended consequences of the sort you are mentioning and monitor that. In a way, you could see where the credit reporting agencies would welcome the input on their reports from the consuming public because it would make those reports more accurate, and they are in the business of providing accurate information. So, at one level, I can see where they would embrace it and say it really helps us do our basic job, but I think we should be alert to some unintended consequences that we, at this point, cannot foresee, and be prepared to deal with it if it arises. Senator Bennett. As I said, I favor the free credit report, but the details have to be looked at. Senator Sarbanes. Right. Senator Bennett. Thank you, Mr. Chairman. Chairman Shelby. Senator Johnson. COMMENTS OF SENATOR TIM JOHNSON Senator Johnson. Welcome, Secretary Snow. So that I do not misunderstand your earlier testimony to Chairman Shelby, it is my understanding that the Administration supports a permanent extension of the Fair Credit Reporting Act. You observed that you favored a sunset of the Fair Credit Reporting Act, which is obviously a termination of the legislation, subject to then reauthorization process again. So that I do not have any misunderstanding, I wonder if you would clarify the Administration's position. Secretary Snow. That may be a distinction without much of a difference. The sunsets are in place and will be triggered unless action is taken by the Congress by the end of this year. We favor the continuation of the current national standards, which means we want the sunsets removed. I used the word ``permanent.'' Congress will, I imagine, continue to monitor this and make improvements over time and deal with issues such as the ones that may arise that Senator Bennett talked about. We would like to see these national standards extended, with the modifications that we have proposed, which is tantamount to saying we do not want to see the sunset go into effect. We like the preemption. Senator Johnson. As I understand, it would be a permanent extension. Obviously, Congress would continue its oversight responsibilities, which we always do. The Administration's position is, that it would not be an extension of a finite, limited time, but it would extend the existing law beyond the current sunset. Secretary Snow. Precisely, Senator. Senator Johnson. Legal certainly, I am assuming, is a high priority for the Administration relative to the business community that they can make plans over the long term, knowing that the Fair Credit Reporting Act is not only here, it is here to stay, subject, obviously, to the occasional Congressional modifications. Secretary Snow. Exactly. We think it would be really devastating if the business community could not plan on the preemption staying in place. Senator Johnson. Do you think that increasing furnisher liability is a useful way of increasing the accuracy of credit reports or do you think that such an approach might, in fact, have a counterproductive consequence with respect to participation rates? Secretary Snow. Again, it all depends on the specifics of the proposal, but in general I think we have it about right now. I would be concerned about higher levels of burdens on furnishers, since it is a voluntary system, creating disincentives for them to stay in the system. The ability to provide broad-based, low-cost credit really depends on lots of furnishers staying in the system. I would be very chary and very concerned about changing that balance very much, Senator. Senator Johnson. Secretary Snow, in your judgment, who would stand to lose the most if Congress fails to reauthorize a uniform national standard for credit reporting? Secretary Snow. Well, I think those who would lose the most are those who, today, have been brought into the system over the course of the last 7 or 8 years because of the national standards. And they, as I think we all know, tend to be more minorities, more Hispanics, more African-Americans, more small business owners who do business on credit cards. It would tend to be the less fortunate, the less financially well-established segments of society who would suffer the most. Senator Johnson. One of the great strengths of the American economy, as opposed to many other economies in the world is the mobility and the fluidity of America's workforce. Would failure to extend the Fair Credit Reporting Act have a negative consequence on that important piece of our economy? Secretary Snow. Senator, I think it would have far-reaching adverse consequences. One of the great strengths of this country is labor mobility, and it is a contradiction to so many other major industrialized economies of the world, particularly, say, Germany. Something like one-sixth of all our workforce changes locations in a given year. And as we said earlier, that ability to take your reputation with you, to be able to get credit for a house, to get credit for a car, or to get credit for shopping and so on is just a powerful part of what makes this American economy so fluid and work so well. Senator Johnson. Thank you, Mr. Secretary. Chairman Shelby. Senator Crapo. COMMENTS OF SENATOR MIKE CRAPO Senator Crapo. Thank you very much, Mr. Chairman. I too want to thank you for holding these hearings. Secretary Snow, I want to follow up on one of the answers that you gave to Senator Sarbanes when he went through the list of issues that we should be considering here. One of them was the privacy issue. I think that raises the whole question of whether the Committee should get into the issue of Gramm-Leach- Bliley and the privacy provisions that we deal with there. There is a debate as to whether there should be an opt in proposal or an opt out proposal adopted with regard to the sharing of citizens information. And it is my understanding that the Administration has not proposed that we get into that issue. I would like to clarify that and find out, if not, why the Administration does not believe that we should get into that issue at this time. Secretary Snow. Because I think it is premature at this time, Senator. That legislation is almost brand new. It is just being implemented. We are just figuring out how it really works and getting acquainted with the ins and outs of Gramm-Leach- Bliley, and the experiment, in effect, that it put in place. The experiment that you put in place with the FCRA has had a lot more experience under it, and I think it is an experiment that has clearly proven successful. We know that the results of this experiment are really superb, terrific. And with some changes that we are recommending, we think that it should continue. I do not think we are in that position with Gramm-Leach- Bliley yet. That experiment is too new, too young. I would urge that we give that more time, learn more from the experience under Gramm-Leach-Bliley and return to that at some time in the future, but not now. Senator Crapo. I have in front of me a letter from a number of the financial and consumer institutions in Idaho who make the point, from their point of view, that we need to have a much more readily, comprehensible, and simply executed national privacy notice of system, so that people can understand what is being done with private, financial, medical, and other records about them and they can have an ability to control how that information is utilized. I want to be sure that I understand your testimony. You are saying that you think that the issue is not ripe, but not that the issue is not one we should approach; is that correct? Secretary Snow. Exactly. I think now we should focus on extending the Fair Credit Reporting Act with some of the modifications that have been talked about, and at the same time, obviously there are concerns along the lines you are suggesting. I understand that the regulators are working right now: That is, the financial regulators, at improving those notices. It is a matter of simplifying those notices to make them easier to understand and giving the consumers a better sense of what their rights are. While it is an issue that needs some attention, I think right now, from our point of view, the priority is on reauthorizing these national standards and making sure they stay in place. Senator Crapo. Thank you very much, Mr. Secretary. I think, like most Americans who receive these privacy notices in the mail, I do not know if very many people read them, I, because I sit on the Committee and have a responsibility in this area, actually read every privacy notice that I have an opportunity to look at, and I have concluded that they are either incomprehensible or unbelievably simplistic. I mean, they seem to go from one end of the scale to the other, but I do not believe they are accomplishing what we need with our citizens in the United States, in terms of their ability to understand their rights and to define what the rights of Americans are with regard to financial information that is maintained about them. I think we need to address this issue, and I would appreciate the opportunity to work with you on this as we move forward. Secretary Snow. Thank you, Senator Crapo. Senator Crapo. Thank you. Chairman Shelby. Senator Carper. COMMENTS OF SENATOR THOMAS R. CARPER Senator Carper. Senator Crapo and I actually were talking about this subject in the last week, and I am glad he has raised it here today. I do not know that it is possible to ever have a notice from a financial services institution that was almost as simple to read and understand as, say, the ability to change your mailing address, but it sure would beat some of the language I have tried to wade through myself. I take my hat off to you if you read all of those. God bless you. [Laughter.] I am glad you raised the issue, and, Mr. Secretary, I am glad that you were able to let us know from your perspective that you think the issue may not be ripe yet, but it is one that I am interested in returning to, and I am pleased Senator Crapo is as well. Have you ever known anybody in your own family or personal friend whose identity was stolen? Secretary Snow. Yes, I have. Senator Carper. Anybody in your own family? Secretary Snow. No, but close friends. Senator Carper. We have a niece down in North Carolina whose identity was stolen a couple of years ago. She is recently out of college, and I think you described the situation and the experience as hellish. That is a good description for her and for her family. In looking at the experience, and the reason I think why there has been a rise in the prevalence of identity theft, a couple of reasons; one is that it is pretty easy to do. Two, it is fairly lucrative. Three, people who perpetrate these crimes are not easily caught. And four, if you look at the penalties that people pay for putting a lot of people through a hellish experience, the penalties are fairly light. And I just want to ask you to walk us through the Administration's proposal on this front and describe for us again how it makes identity theft harder to do, how it would make it less lucrative, how it would enable us to more easily catch those who perpetrate these crimes, and how would it stiffen the penalties for those when we catch them? Secretary Snow. Senator, our recommendations touch a number of those matters that you raise. First, we would recommend establishing, I guess, for want of a better term, we would call it a national security alert system. Senator Carper. How would that work? Put this in a practical sense. How would it work? Use a real-life example, if you will. Secretary Snow. You have been victimized. All right. You think you have been victimized. You can, under our proposal, go to the financial institution and, in effect, put a red flag on that. You can tell them I do not want you sharing any more of my information with anybody, and the way you do this is you go to an authorized agency of the State government and get what would be tantamount, I guess, to a police report that says you have filed a report. Now, I think to keep the system honest and fair, you have to hold people who would get that police report to a standard of perjury if they are simply making false statements. But once they get that government document, probably a number of some kind, the financial institution would be precluded from continuing to send that information around, and that would help the individual put a stop to his identity being used by others. And we would also require that once an identity theft had been identified, the banking institutions would be required and the CRA's would be required to broadcast that out broadly so that everybody would know about it. We also think that the banks can do a better job on this, and we would have the banking regulators require them to take more responsibility for putting in place the capacity to deal with identity theft, with fines and penalties for not doing so. There are telltale signs. Senator Carper. Would you elaborate on that for just a moment please, what you just said. Secretary Snow. We would recommend that the CRA be amended so that banking regulators be required to coordinate with each other and develop what you might want to call a system of red flags, indicators of identity theft, and there are patterns to identity theft, and share these with other regulators so that the banking regulators, as a whole, become united in their effort to deal with identity theft. They become more deeply engaged in the question, in that issue of identity theft. They watch for the patterns that the identity thieves employ and put up these red flags. Now, the red flag would be an indicator that here is the likelihood in this instance that somebody is trying to steal your identity. And we would ask that the legislation include a requirement that the regulators, when they do their audits of the banks, look at the question whether the banks are actually doing what they are required to do, what the legislation directs them to do, with respect to engaging, through this system of red flags and watching for patterns of identity theft. Just as they do audits of their capital ratios, they do audits of their identity theft engagement so that we bring this whole issue to a much higher level--put a much higher profile on this--and engage the consumers, engage the banking institutions, and engage the regulators in dealing with this issue. Also, we would seek to protect the interests of the victim of identity theft by precluding the sale or the transfer of identity theft debt. What happens today is somebody sees a red flag. There may be an identity theft with respect to some individual. They want to make sure they get as much money out of that debt obligation as they can, so they go and sell that obligation. What we would suggest doing is precluding, where there is evidence--reasonable evidence--to suggest identity has occurred, the sale or the transfer of that obligation. Once that obligation gets sold, that information is repolluting the whole stream of information that is relied on to establish people's credit, your bad debt moves through the system and continues to register to make you less worthy of credit. Senator Carper. Thanks, Mr. Secretary. Chairman Shelby. Senator Dole. COMMENTS OF SENATOR ELIZABETH DOLE Senator Dole. Mr. Secretary, let me ask you a bit about the Department's view of the House legislation, and I want to follow up on one of Senator Johnson's questions here. As you said, our credit system is based on a voluntary reporting system in which the furnishers best interest is to report information to the credit bureaus. How do you view the duties that have been imposed on the furnishers in the House bill? Could any of these jeopardize the willingness of furnishers to provide information to the system? Secretary Snow. Senator, we broadly support the House bill, but there are some provisions that do add some burdens that we would like to understand better before we embrace them fully because of just the issue you raise. We are concerned that we have got to get this balance right. As you put more burdens on furnishers, you may improve accuracy, you may help protect privacy, you may help security, but you also may cause the furnishers to withdraw from the system or be reluctant to be in it. Getting that balance right is really important. Senator Dole. Well, there are a number of duties imposed on furnishers. Secretary Snow. There are indeed. Senator Dole. The House accepted an amendment which allows consumers to go directly to a furnisher to dispute what they believe to be incorrect information on their credit report. Does Treasury have a position on that language? Secretary Snow. We are still looking at that. There may be some merit in that approach, and we are still reviewing that question. Senator Dole. The 1996 Amendments to the Fair Credit Reporting Act gave credit bureaus the ability to dismiss consumer disputes that they deemed to be frivolous. Now, if Congress decides to allow consumers to register disputes directly with furnishers, should we give furnishers the same ability to dismiss frivolous suits or claims? Secretary Snow. That is again one of those matters that we want to understand better. Senator Dole. I would like to follow up with some questions to be answered in the record. Chairman Shelby. Absolutely. Senator Dole. Does the Treasury support the provisions in the House bill which require the disclosure of the factors used to develop credit scores---- Secretary Snow. Yes, we do. Senator Dole. --but still allow for a reasonable fee to be paid to receive the credit score? Secretary Snow. Yes, we do. Senator Dole. Thank you, Mr. Chairman. Chairman Shelby. Senator Corzine. COMMENTS OF SENATOR JON S. CORZINE Senator Corzine. Thank you, Mr. Chairman, and welcome, Mr. Secretary. Let me go at a little bit of this view on free credit reports upon request, which I think having the consumer informed about what their credit standing is, is probably one of the great checks and balances to identity theft, to mistaken information--some check and balance against how information is put together. Why are we resistant to the idea of it not being a more regularized report to a consumer, so every individual would have, say, once a year, look at what is going on in their credit report, particularly why do we not ask for credit reports to be made available to consumers in situations where there has been invasion into their consumer activities and identity theft situations, so it can be cleaned up. When you have one of these situations occur, all of us have either had friends, family, or situations that this has occurred, it is extremely expensive. I do not need to go into the detail. Why, upon request, as opposed to a periodic review of one's credit information so that you are not surprised when you go off to the bank and apply for a mortgage, and they tell you are subprime, and you had no idea? Secretary Snow. Well, Senator, I think today you can get access, free access. Senator Corzine. Upon request. Secretary Snow. Upon request, in the case of identity theft or various other circumstances, such as being turned down for credit and so on, adverse events. But what we are proposing is that at least once a year you can get it free. Senator Corzine. If you are aware that there is that potential, if you are aware that these things in the whole financial---- Secretary Snow. Well, just if you want it, though. Senator Corzine. Right. Secretary Snow. Just if you want it, you are able to get it once a year. If there is an adverse event, then you can get it today free, and we would add one more adverse event, and that is applying for credit and getting the credit, but getting it on terms that are less advantageous than what you applied for. You apply for the home mortgage loan at X percent, and you get X plus 1, you can get a free report from the credit reporting agency telling you what lay behind that decision. Senator Corzine. I think what I am asking, though, is a simple thing. Why are we making it the requirement of the consumer to request, as opposed to have this be a periodic requirement, the agencies to report to the consumer, so you could actually plan. It is fine that you just got turned down or you got an extra 2 percent on your mortgage, why are individuals required to actually go through the system to come to look at the credit officer to have you tell them that, as opposed to planning for what your life is about? I think, in the financial world, people have credit rating agencies label them AAA, AA. People know what their credit standing is so that they can make plans and considerations for how they are going to approach credit markets. Secretary Snow. Senator, I think the basic answer is people should get those reports if they want them. These reports, I am told, are dozens of pages. If you do not want the reports, you are probably not going to put it to much use, but a burden is imposed on the credit reporting agencies sending out 100 million plus reports a year, whether the consumer wants it or not, and I underline wants it or not. This could be enormously expensive and serve no purpose, since most of them would be thrown in the trash can. The ``upon request'' is to get some sense of the user's interest in the report, rather than engaging in what otherwise could be costly and useless acts. Senator Corzine. Have there been surveys that would confirm your view that the consumer would think this was useless and automatically be a round file in the wastebasket or is that a presumption? Secretary Snow. I think if they want the report that they will request it. The best evidence of people's desire for something is the fact that they indicate an interest in it. We are providing an opportunity for people to request. A lot of people I think would not be all that happy to get these reports sent to them--just something else they have got to go through and then throw out. If they want it, they can get it. Senator Corzine. I guess I understand your reasoning, not necessarily agree. Secretary Snow. Thank you. Chairman Shelby. Mr. Secretary, before I call on Senator Bunning, I just want to--you did say, as I understood it to a question earlier, that you were in favor of the Administration being in favor of making it easier and educating the public on their ability to get a credit report. In other words, most people do not know that. Secretary Snow. Right. Absolutely. Very much so. I said that absolutely in our response to your questions. Chairman Shelby. If they thought they needed one and make it accessible to them. Secretary Snow. Yes. We need to do a better job on this. Chairman Shelby. Absolutely. Secretary Snow. I agree with you. Chairman Shelby. Senator Bunning. COMMENTS OF SENATOR JIM BUNNING Senator Bunning. Thank you, Mr. Chairman. Mr. Secretary, thank you for being here. This is a little off the subject of FCRA, but I think I would be remiss if I did not take advantage of your presence here to ask a question that is of great importance to my State of Kentucky. The IRS recently issued IRS Revenue Announcement 2003-46, which effectively separates private letter rulings regarding Section 29 Tax Credits for solid coal-based synthetic fuels. This announcement threatens to revoke more than 80 previously issued Section 29 letter rulings. Taxpayers, including many Kentucky coal companies, have invested hundreds of millions of dollars in reliance on these rulings. The IRS action has created massive uncertainty, making it impossible for taxpayers to earn back their investments they made in reliance on this law. How does the IRS plan to proceed with this announcement and will the IRS lift its moratorium on rulings so that taxpayers will be able to use credits as provided by the law? Secretary Snow. Senator, my understanding on this issue you have raised is that the IRS is looking into the question whether the tax credits are being properly applied. I am not an expert on these particular tax credits, but some questions have been raised as to whether the companies who are using the tax credits are actually engaged in the activity that would justify the use of those credits, and the IRS has simply, they have not come to a conclusion, said they are going to do an investigation of that. Senator Bunning. Well, I am going to follow up with a written question on this so that I can get a much more thorough answer from the Department of the Treasury on this because it is very important to presently 80 previous letters that were issued and 46 more. We are talking about 126 companies that are being affected by this ruling. The thing that I am most concerned with on Fair Credit Reporting is how long it takes victims of identity theft to clean up their records. I mean, we have heard horrendous stories about a year, 2 years, and they are still not out of the woods, and I do not know if all of the red flags that you talked about are going to get them back their good credit rating quicker, but we have to do something in this bill that says, by the way, you are a victim, and therefore you should not be suffering for 2 years because someone stole your identity. We have to put something in this bill that will allow the victim to get their Fair Credit Report back in 100 percent what it was before the theft. Does the Administration feel that this is a major problem currently or does it not? Secretary Snow. No, Senator, we agree with you 100 percent. We would like to obviously make it more difficult at the inception for a thief to steal. Senator Bunning. I understand that. Secretary Snow. But we also agree with your point we would like to make it easier to get those records fixed, get those records corrected as soon as possible, and restore the identity and take people out of this hellish situation where they have got to prove their own identity. And we have done some things that we think try and get at that issue. Certainly, we are open to do other things, and others have good ideas as well, and I agree with you. I think this is one of the most miserable situations that human beings can find themselves in--to know that you are you, and nobody else believes you are you, and how do you prove you are you? Senator Bunning. Well, particularly the financial institution you may be dealing with for quite a while. Secretary Snow. That is right. Senator Bunning. And others. Last, but not least, and my time is running out, I think we need much more stringent penalties on those who commit identity theft. Does the Administration also feel this way? Secretary Snow. Senator, yes. I think anything that discourages identity theft raises the bar on people who engage in identity theft and certainly should be looked at. I agree. Senator Bunning. Thank you very much. Chairman Shelby. Mr. Secretary, before I call on Senator Schumer, I just want to associate myself with the remarks of Senator Bunning regarding Section 29. He referenced his State of Kentucky, and so many people have been depending on what they heard from the Treasury. In my State of Alabama, we are also a big coal producer like they are, and we shared the same problems, so I want to join with Senator Bunning in addressing that problem that he posed to you. Senator Bennett. We mine coal in Utah, too, Mr. Chairman. Chairman Shelby. Absolutely. Same thing, I suppose. [Laughter.] Big time out there. Secretary Snow. And Maryland has got a little coal as well, I know. [Laughter.] Chairman Shelby. So everybody. Senator Schumer, I do not know if you mine coal, but we are going to recognize you. Senator Schumer. No, we do not have any coal in New York, to my knowledge. We have a lot of it, but it is all imported from Kentucky, Utah, and Alabama. Anyway, I want to thank you, Mr. Chairman. Once again, you are on the money, so to speak, with an excellent hearing, and you are moving along this Committee in a great way, and I think we all appreciate it. And I want to thank you, Mr. Secretary, for being here. This is the first time you are here, and we all have a whole lot of questions. I want to ask on an area which we have sent some correspondence to you, and that is the relationship of trade with China, particularly the value of the Chinese currency, the yuan, and the impact on our job base. As you know, 2 weeks ago, Senators Dole and Lindsey Graham, myself, and Senator Bayh wrote to you on the subject. I know you understand our concern. And you seem to be taking a little more of a stand on this issue lately, but we still have not heard a firm position from you or the Treasury on whether China's currency is, in fact, undervalued. So I want to ask you the question directly. Do you and does Treasury believe that presently the Chinese currency, the yuan, is undervalued vis-a- vis the dollar? Secretary Snow. Senator, that is the subject of the review under the 1988 Trade Act that we are engaged in looking at right now. I do not want to make a premature judgment on that. Certainly, some economists who studied the matter have reached that conclusion, and others say it is more of an open question. I, frankly, do not have a firm view on that at this point. But, what I do have a firm view on, though, is that we should encourage that the Chinese, I mean, and we will turn to Japan in a second, we should encourage them, in the reports that they are looking at widening the band on the yuan. Senator Schumer. But why should they not just let the currency float? Let me just, first, I have to tell you I am disappointed that you do not have a view, and that we are going to wait until a report comes out in October. Every day, every one of us hear from our States of jobs, manufacturing, and otherwise going to China. Some of that is on the basis of free trade, but much of it, a good deal of it is because the Chinese have unfairly pegged their currency to the dollar at too low a rate, and not just of some economists, but most economists I talked to, and I have talked to a wide range, Democrat, Republican, liberal, and conservative, who believe that it is undervalued. The only question is how much? Is it 15 percent? Is it 40 percent? And I do not think, as we lose jobs every day, we can afford until October, and then the report will come out, and then you will study it, and it may not be until next year that the Treasury even begins to take a position on this key issue. And I have to tell you, as somebody who has been a free trader--I lost the AFL-CIO endorsement when I was in the House for a while--free trade is losing ground in this Congress like a sinking stone. When you hear that Intel, IBM, and Goldman Sachs planned to move high-end jobs to China and India, what is going to be left here, restaurants? I mean, the manufacturing jobs are going, the agricultural jobs are going. I have to say, with all due respect, I do not think it is adequate for you to wait until October, and at least myself and others are going to push the President and the Treasury not only to come out with a position, this is even before a position, but also not to be so coy with the Chinese. You know, the Chinese want to be included in the family of Nations when it benefits them, and they do not live up to their responsibilities. This is not a small little country that needs to peg something to the dollar. Their currency should float like everybody's. What is the theoretical objection to having their currency float and determine, even if you do not know if it is undervalued or not, the best way to do that is to let it float. And what are we doing to get the Chinese to do that? Secretary Snow. Well, Senator, as I indicated to you earlier, we are encouraged by the reports that are coming out of China that they are looking at employing a more flexible exchange rate regime. They are to be encouraged in that. But this is an extraordinarily complex matter. You probably are aware of the banking problems and the Chinese economy. You are probably aware of concerns about overvalued assets on the books of the banks. You are probably aware, Senator, of the capital controls that are in place, and you are probably aware of concerns that many economists have, and many China hands have, that if you moved too rapidly in the direction of freely floating exchange rates with the removal of capital controls, which of course go hand in hand, as you would know, that you would have a huge exodus of yuan into euros and into dollars, and of course you know that that would drive up the value of the dollar versus the yuan and drive up the value of the euro versus the yuan. So this is a very complex question. I think we should encourage them to move in the direction they seem to be going. I think we should also have some appreciation and understanding of the real complexity of this matter and the need to approach it in a really thoughtful manner. Senator Schumer. I have to tell you, sir, to the tens of thousands, hundreds of thousands, millions of Americans who have lost jobs and who we or you ask us to say, well, free trade benefits everybody, to say let us be patient, when the yuan has been pegged at an artificial rate for a long time, is not much consolation. Furthermore, there is probably manipulation here. You are saying undoing the manipulation may have bad consequences, but let me just quote Chairman Greenspan. He says, ``If China's exchange rate is significantly undervalued, and indeed a reflection of that would be their [China's] accumulation of dollar assets. The accumulation of dollar assets will expand their money supply to the point that it will create problems in monetary policy, and it will be to their interest to change.'' So that undercuts the argument you are making. He basically says that it is in their interests to even have some of the consequences. Now, maybe you cannot do it all at once, but when do we expect Treasury action on this? The report is coming out in October. Do you think we have manipulation of the currency by China? Secretary Snow. Senator, you read the quote from Chairman Greenspan, and it began with ``if.'' Senator Schumer. Yes. Secretary Snow. ``If.'' Senator Schumer. Well, what is your view? Secretary Snow. The ``if '' is what needs to be understood better. That is the question. Senator Schumer. Well, what is your view? Secretary Snow. And the Chairman was very careful in the words he chose there. Senator Schumer. Yes, he is always careful. I have talked to him. Secretary Snow. He said, ``If.'' Senator Schumer. What is your view? Is China manipulating its currency? Secretary Snow. Well, I think if the Chairman felt he knew the answer to that question, he would not have used the ``if.'' Senator Schumer. But I would like to know your view. Secretary Snow. I have an ``if '' as well. Senator Schumer. Well, I do not think these answers are satisfactory, with all due respect, sir. We are going to lose not just jobs, you are going to lose, my guess is, a free trade consensus in this Congress very, very rapidly, and this is a proeconomic, profree trade way to restore some of the imbalance because this is an unfair part of the imbalance, and I do not think your patience with this, with all due respect, is shared by Members on both sides of the aisle in this Committee and elsewhere. Secretary Snow. Senator, when we report to you in October, which is only a couple of months away, we really want to know the facts. We want to give you a thoughtful, well-considered, and analytically sound answer to the question, the question that the Chairman aptly notes is an ``if.'' We have to pay careful attention to this issue, though, of manufacturing, the whole problem of currency manipulations or the problem of undervalued currencies, to the whole question of countries promoting their export sectors at the expense of the world trade system. It is not really in their interest to do so. No country has ever devalued itself to prosperity, and the issues the Chairman raised, and the issues I have talked to him about in that same vein are important. They are critically important issues. And there is the potential for an imbalance in the whole trading system if countries build up excessively large reserves because they are suppressing the value of their currency. We are in full agreement. We recognize the issue. We want to come back and have a dialogue with you and with our friends in China on this question. And if, in fact, the yuan is being held at a considerably lower than market value, then it is not in their long-term interests, and we want to have that dialogue with them. I do think, though, we have to recognize that some of the loss of manufacturing is due to a variety of other things. I think you would acknowledge that. There has been a long-term downward trend in manufacturing in the United States over the last 50 years. A part of that is due to rising productivity itself in the manufacturing sector. Part of it is due to the rise of technology. A lot of it is due to domestic competition. The whole question of manufacturing, and its role in our economy, and where it is going, and what can be done to assist it are serious issues that Secretary Evans is engaged in, that I am engaged in, and that we hope to come back and put in better perspective for the Congress. Senator Schumer. Thank you, Mr. Secretary. Chairman Shelby. Senator Dole. Senator Dole. Mr. Chairman, I just want to associate myself with the comments of Senator Schumer. Because no question about it, our textile industry in North Carolina has been decimated, and I do believe that time is of the essence, Mr. Secretary, and that, yes, there are a number of causes, but certainly Chinese currency manipulation is something we must move on. I do not think we can wait. And also I recalled the comments of Chuck Hayes, who passed away about a year ago, he was head of the Textile Institute in North Carolina, head of one of the top companies, which has gone down. He said, if the transshipments from China--or he did not mention China, specifically, but we know that is where most of them are coming from--these illegal transshipments had been half what they had been, then our textile industry would be thriving in North Carolina, and of course it has been decimated. So a number of these issues go back to the Chinese, and I just want to associate myself with the comments that you have made today and hope that we can get some speedier action on this. Chairman Shelby. Thank you, Senator Dole. Senator Sarbanes. Senator Sarbanes. Just to close out this issue. Obviously, it is a matter of very deep concern here in the Congress. Senators Levin and Voinovich are also addressing Japanese manipulation of currency. The Government of Japan intervened in foreign exchange markets 24 times in the month of May alone, spending $43 billion in order to keep the yen weak against the U.S. dollar. In effect, this amounts to a Government subsidy of its major exports. So the issue runs not only to China, but to Japan as well, and I share the concern my colleagues have expressed and the need for the Treasury to act on it now, promptly. In any event, it is very clear that this hearing that the Chairman has indicated is going to be held after you prepare your report, is going to be a very, very important hearing because, obviously, at that point, you are not going to be able to sit at the table and say, well, we have not finished our study yet. But I think this situation is urgent enough that you need to be doing things in the interim. It seems pretty clear we are being taken advantage of, in terms of the rules of international fair trade. Secretary Snow. Senator, as I indicated earlier, we have indicated that we are encouraged by the fact that the Chinese, very high levels of their Government, have indicated an interest in widening the peg, widening the ban, and we are encouraging them to do so. We are also encouraging them to think about, though, the financial infrastructure of the country, so that as they move in that direction, there are parallel developments with respect to the banking system and capital controls, and so on. Of course, it is I guess worth noting that during the period of the Asia currency crisis, where there was so much concern about stability, and contagion and all of those issues, the Chinese maintained the peg, and of course that had the effect of, at a time when all of the other currencies were falling, of making their currency more valuable, since it is tied to the dollar, and the dollar sustained its value. So these, again, I come back to the fact we recognize there is an issue here. It needs to be addressed. We are addressing it. We are encouraged by some developments. We would like to encourage further developments, and we will be having a dialogue on this subject and are having a dialogue on this subject, a dialogue that is probably best conducted with the parties directly, though. Senator Schumer. Mr. Chairman. Chairman Shelby. Sure. Go ahead, Senator. Senator Schumer. Thank you. I would just like to follow up briefly because it is an issue that concerns a good number of us on both sides---- Chairman Shelby. All of us---- Senator Schumer. --both sides of the aisle here. First, here is the United States' position right now--this comes from the last time this report was issued, Treasury's Report to Congress on International Economic and Exchange Rate Policy, dated May 3, 2002--``No major trading partner of the United States manipulated exchange rates under the terms of Section 3004 of the Act during the period July 1, 2002, through December 31, 2002.'' Right now, our position is that there is not currency manipulation. Now, you say, well, that is not now, it is then, but the yuan was still pegged at that time. Second, I am just going to ask three quick questions and ask your comments. This is the first one. Is that still our official position? Do we have to wait until October to say? Because the Chinese were given a clean bill of health. Two, Greenspan said, yes, if they were manipulating the currency, there was an ``if,'' but he said that, then, their money supply would accumulate, that that would be an indication, and we know that China's reserves are going up, up, up. I think the IMF estimated them at $350 billion, China's reserves. This is as clear as the nose on your face that it is an example of currency manipulation, and at the same time, we are saying, no. And I would just add to you one of the reasons the Chinese financial system is messed up is because they have pegged their currency. It is not unpegging it that will mess it up, it is that they have pegged it, and that has messed it up, and that is what happened. And three, I would ask you this: Is there any indication, other than verbiage, because I have been through this with the Chinese and the Japanese on trade before, we get 5 years of verbiage before you get a single bit of action. And this idea of ``leave it to the big boys'' to just discuss this quietly? Not me. I have had it that way. I left it to the big boys to open up Japanese financial markets for 5 years, nothing happened. I started raising my voice, and within 6 months, New York firms were allowed on the Japanese stock exchange. So, I learned it the hard way, and I am not going to be fooled again. Have the Chinese done one single thing that changes what their currency is or have they just said they might explore it? So those are the three questions. I apologize for being excited about this, but when I read last week that Goldman Sachs was moving 2,500 jobs, not low-end jobs, high-end jobs, and Intel said they can get an engineer in India for $5,000, not $60,000, here in America, what is going to be left here? This is something we have to act on quickly. I apologize. Secretary Snow. Good, Senator. I understand what lies behind this line of questioning and am in deep sympathy with what motivates it by you, and by Senator Dole, and really by the whole Committee. You know where this Administration is. We favor fairly fluctuating exchange rates. We think they work better. We think they make the international trading system better, and we think they add to the stability of the whole global monetary system. Senator Schumer. Have we ever asked the Chinese to change? We always talk about this in, excuse me, in broad terms. We generally favor floating rates, and then when it comes, and you are asked, ``What are you doing about China,'' or even ``Should China change?'' we go back to the ``generally we believe in.'' That is not going to get us anywhere. Secretary Snow. Well, Senator, as you know as well or better than I, the decision, with respect to the currency regime that a country adopts, is a sovereign decision. The United States cannot dictate to another country what currency regime they employ. I think, though, we can have a good dialogue with them, and the circumstances are a little different now. Those foreign reserves are at much higher levels than they were when that prior report was written. And as Chairman Greenspan so well stated, it is really not in a country's long-term interest to acquire a disproportionate amount of foreign reserves because that is capital. That is capital that could go into the domestic economy. And we are very strongly of the view that countries cannot devalue their way to prosperity. They have to develop their domestic economies, and taking capital out of your economic system and putting it into owning foreign reserves over somewhere does little to develop the domestic economy. I believe we are in a heated agreement here. Chairman Shelby. We hope so. [Laughter.] Mr. Secretary, we do look forward, again, to your October meeting. And I will tell you this, that meeting here will be well attended, not only by the press of the world, but by the Committee Members because we all are concerned--Senator Dole, Senator Schumer, I guess just about all of them are concerned about what is going on. Secretary Snow. Thank you, Mr. Chairman. Chairman Shelby. Mr. Secretary, we want to thank you for your appearance today and look forward to your next one in October. Secretary Snow. Thank you very much. Chairman Shelby. Thank you. We will now go to our second panel, and they have been very patient here. Mr. Edmund Mierzwinski, Consumer Program Director, U.S. Public Interest Research Group, and Mr. Michael McEneney, on behalf of the U.S. Chamber of Commerce; is that right? Mr. McEneney. McEneney. Chairman Shelby. McEneney. In the interest of time, gentlemen, your written statements will be made part of the record. I am hoping you will sum up your basic points as quickly as possible. We will start with you. STATEMENT OF MICHAEL F. McENENEY PARTNER, SIDLEY AUSTIN BROWN & WOOD, LLP ON BEHALF OF THE U.S. CHAMBER OF COMMERCE Mr. McEneney. Good morning, Mr. Chairman, Senator Sarbanes, and Members of the Committee. My name is Mike McEneney, and I am a Partner at the law firm of Sidley Austin Brown and Wood. I am pleased to have the opportunity to appear before you today on behalf of the U.S. Chamber of Commerce. I would like to commend the Members of the Committee for their work in examining key aspects of the FCRA. The FCRA and its national uniform standards have provided a robust framework for the most advanced consumer credit and insurance markets in the world. Indeed, the benefits of the FCRA were highlighted in a recent Information Policy Institute study which found that the national uniform standards established by the FCRA have contributed significantly to the consumer benefits of the current credit marketplace. The study concluded that the loss of the existing framework of uniformity would threaten the current consumer benefits and that Congressional action is necessary to ensure the continuity of our national standards. The national standards established by the FCRA are also an important component of protecting the security of consumers' personal information. For example, the national uniform provisions under the FCRA ensure that financial institutions can have access to reliable credit report information for identify verification and other identity theft prevention measures. Although renewal of the FCRA's national uniform standards is an important step, we believe that more can be done. For example, this Committee has heard testimony highlighting the issues of identity theft and consumer education. The Chamber strongly supports efforts to address these important issues and looks forward to working with the Committee to achieve these goals. With respect to identity theft, we believe there is a common theme that may be helpful in guiding considerations of provisions to combat the problem. In particular, the methods used to address potential identity theft scenarios should be flexible, allowing companies to utilize the most efficient means to thwart identity thieves. Such an approach would rely on the obvious fact that a one-size-fits-all approach may not work for all companies. For example, the red flags presented by identity thieves will invariably change over time, and the tools used to combat identity thieves should change as well. We hope this theme could be further explored as part of the Committee's deliberations. Another topic that has been raised is the important issue of a consumer's ability to access his or her credit report. The Chamber welcomes consideration of how to make credit reports more available to consumers. We believe, however, that this issue requires careful study before next steps are taken. In particular, there should be a full examination of the costs associated with additional free reports in order to ensure that there are no unintended consequences, particularly for consumers. Moreover, if consumers are given access to their credit reports free of charge, the frequency and volume of demand for free reports will be difficult, if not impossible, to predict since a widely circulated press report or e-mail could drive extremely high volumes of demand in short periods of time. Given such inherent unpredictability, it is unclear how credit bureaus would be in a position to adequately manage this problem. For example, even the most basic issues, like establishing adequate staffing levels, are difficult to address when you cannot predict the volume of demand. The Chamber also encourages the Committee to consider legislation that would make it clear that companies can conduct investigations of wrongdoing in the workplace without the inappropriate application of the FCRA. Because of the difficulties in conducting an investigation while complying with the FCRA's requirements, the FTC's interpretation on this issue deters employers from using experienced and objective outside organizations to investigate workplace misconduct. The FTC interpretation I am referring to here is one that would actually cause an accounting firm or a law firm that is hired by a company to help in investigating workplace misconduct, that accounting firm or law firm, by reporting the results back to the employer under this FTC interpretation, might actually become a consumer reporting agency; and the Chamber urges amendments to the FCRA to make it clear that that is not the case. Before concluding, I would like to just briefly address certain issues that have come up in the context of affiliate sharing. First, I have heard it mentioned that perhaps affiliated entities might be establishing their own credit bureaus and operating free from the scope of the FCRA. Actually, that cannot happen. If affiliated entities were to establish a credit bureau and, for example, sell information to third parties the way that credit bureaus do, they would be subject to the full range of provisions of the FCRA, and they would be regulated as a credit bureau would be. Second, in my experience, affiliated entities have no desire to set up credit bureaus within their affiliated families, and there are significant limitations on their ability to do so, I would add. For example, they only see part of the picture with respect to a particular individual's credit history or financial experience because they do not see the experience that others have at other organizations. They do not see the public record information that can be vital to making credit decisions. The real purpose of affiliate sharing is to know enough about your customers to give your customers what they want. And the real purpose of the affiliate sharing exercise is to expand or enhance customer relationships, not limit them, not to use the information to deny people credit, or otherwise limit the relationships. Now, although risk assessment can be an important part of that process, to my knowledge, affiliate sharing entities typically do not deny people credit or other products based on the information they get from other affiliates. The reason for this is simple: They only see part of the picture. What they typically will do is go out to a credit bureau to obtain a consumer report before that type of decision is made. Just one final note on affiliate sharing. I am aware, though, that affiliates will use information in an affiliate sharing context to grant people credit or other products where they cannot find information at the bureau on that individual. So where, for example, an individual is just starting out their financial history, they do not have a file at a credit bureau, there are entities that, through affiliate sharing, may know more than the credit bureau would on that individual. And I am aware of at least certain circumstances under which affiliates will use that information, again, to expand or enhance that relationship with the individual. Once again, I would like to commend the Committee for its efforts to maintain the consumer benefits of our current financial marketplace while also protecting the security of consumers' personal information. The Chamber looks forward to working with the Members of the Committee as any legislation moves forward. Thank you again for the opportunity to appear before you today, and I would be happy to answer any questions. Chairman Shelby. Sir, go ahead. STATEMENT OF EDMUND MIERZWINSKI CONSUMER PROGRAM DIRECTOR U.S. PUBLIC INTEREST RESEARCH GROUP ON BEHALF OF: ACORN, CENTER FOR COMMUNITY CHANGE, CONSUMER ACTION CONSUMER FEDERATION OF AMERICA, CONSUMERS UNION ELECTRONIC PRIVACY INFORMATION CENTER IDENTITY THEFT RESOURCE CENTER NATIONAL CONSUMER LAW CENTER PRIVACY RIGHTS CLEARINGHOUSE, PRIVACY TIMES, AND U.S. PUBLIC INTEREST RESEARCH GROUP Mr. Mierzwinski. Thank you, Chairman Shelby, Senator Sarbanes, Members of the Committee. I am Ed Mierzwinski, Consumer Program Director with U.S. Public Interest Research Group. My testimony today is on behalf of the Nation's leading consumer and community and privacy organizations, including ACORN, the Center for Community Change, Consumer Action, Consumer Federation of America, Consumers Union, the Electronic Privacy Information Center, the Identity Theft Resource Center, the National Consumer Law Center, Privacy Rights Clearinghouse, Privacy Times, and we are all united. We have all been working on this, and we appreciate that the Senate has asked for our views before it develops its own comprehensive solution to the problems identified in your set of detailed hearings. We want to make sure that credit reports are accurate, that consumer privacy is protected, and that identity theft is stopped. All the indicators show that identity theft is up, Mr. Chairman. Just this week, the distinguished Professor Alan Westin reported that millions of Americans--not hundreds of thousands, as most previous reports have identified. Millions of Americans annually are probably victims of identity theft, and the crime costs consumers billions of dollars a year. Consumers are the victims, as your hearings have pointed out. Industry has in the past claimed that they are the victims because they eat the costs. Consumers are the victims because of the emotional distress, the time, the inability, as Captain Harrison pointed out to the Committee, of being able to clear 61 fraudulent accounts from his good name. We also know, in terms of identity theft, that the Federal Trade Commission has documented that identity theft is up and that it is at higher levels every year. Also, this week, you may have seen that yesterday the Federal Trade Commission imposed a $250,000 civil penalty on the Equifax Credit Bureau for violating the terms of a consent decree, where it was supposed to have enough people on staff to answer the phone and help consumers. I am, quite frankly, astonished, Mr. Chairman, that during the terms of a Congressional review of this industry--and this industry is seeking all kinds of favors, seeking preemption forever--that they would get caught violating a consent decree; and at the same time they are arguing that if you are going to provide consumers with greater rights, the first to a free credit report, for example, that you have to be careful that you do not impose too many duties on them. They are not even complying with their current duties to answer the phone, so I am quite dismayed that the credit bureaus are asking for additional time on the free credit report. I would also point out to the Committee that this week the Privacy Times broke a story that suggests that the credit bureaus are moving jobs offshore. I think the Committee should look into that before it drafts its bill. I am very concerned. Identity theft is often an insider game. If they are moving jobs to low-wage countries, there may be greater opportunities for identity theft. There is real secret--I am sorry, confidential information in credit reports, and I think you should scrutinize very carefully this proposal by the credit bureaus to move our confidential consumer records offshore. The consumer groups think it is the wrong time to grant permanent preemption for a number of reasons, and we think that, as you pointed out in your opening statement, ongoing Congressional review is a good idea. The biggest problem we have in this Congress is inertia, and having a reauthorization every 4 years or so seems to be a good idea. We would, of course, support removing the preemption and just letting it expire. But if you are not going to do that--and the House chose not to do that--at least this Committee should consider sunsetting the preemption. This week, disappointingly, a District Court Judge in California overturned parts of the San Mateo and Daly City privacy ordinances which were enacted under the broader pro- privacy, pro-State authority terms of the Sarbanes Amendment to the Gramm-Leach-Bliley Act. We would also ask that the Committee reiterate its 1996 Congressional history that the preemption in the Fair Credit Reporting Act as it pertains to affiliate sharing was narrow and does not affect the Gramm- Leach-Bliley Act and the right of the States to enact stronger financial privacy laws, so long as the States do not attempt to enact laws that turn those companies into credit bureaus when they share information. I also want to point out that I find it somewhat hypocritical of the industry to be saying that they want flexibility because they do not want one-size-fits-all for their companies, but they do want one-size-fits-all for the laws. So they want the law to be national; they do not want the States, who have been demonstrated to be engines of change, laboratories of democracy, all the good ideas in the modest House bill have already been enacted in State law to a large extent. Yet industry does not want one-size-fits-all. They want flexibility in the rules. It is a little surprising. My testimony goes into a number of key reforms, Mr. Chairman, that I will not go into now, but we believe the House bill does not go forward adequately enough. It does not provide enough transparency. It originally was supposed to provide free credit reports and free credit scores. It now no longer provides free credit scores. I spoke with a leading lender yesterday, a leading executive of a leading lender, and he told me he would like much greater opportunities to provide consumers with free credit scores. But he is prohibited by contracts that prevent him from doing so. We think that the scores should be free along with reports, and they should be provided by all credit bureaus. We think the FTC should be required to audit the companies annually and to publish the results of those audits to the public. We believe that the consumers should have availability of more scores, and this is outlined in our testimony--I am sorry, more reports and more scores. And it is also something that is supported by the FTC and, I believe, the Treasury Department. There are circumstances in the economy where today we accept a counteroffer and we do not receive a credit report. We should get a credit report when we accept a counteroffer. We should also get a credit report when a company like Citibank makes a decision based on a profile internally. And while we may disagree, my colleague and I here at the table, over whether the companies will eventually want to set up their own internal credit bureaus, they, in fact, are using information derived from affiliate sharing for credit profiling, according to Citibank's testimony last month. When that happens, you do not have the same rights as you would if they used a full credit report. In terms of accuracy, we make a number of recommendations to the Committee. I am very disappointed in the GAO report, Mr. Chairman, because it ignores the fundamental findings of the largest and peer-reviewed study that has been provided in testimony to this Committee. The CFA's study, the Consumer Federation of America's study, looked at half a million credit files and found that 29 percent of consumers had a disparity of 50 points or more on their credit scores if obtained from one or another of the three repositories. I believe that the findings of that CFA study, which, again, was peer-reviewed and is a legitimate, academic-level, statistically valid study, in my opinion, should have been discussed in greater detail in the GAO's findings. The other studies that I would like to point out to the Committee--and I would like to make sure that they are in the record if they are not already--the industry has relied on a number of white papers, a number of studies that claim or purport that there will be billions of dollars of cost to the economy if we do not do what they want done. I would say that Robert Gelman, a noted privacy expert, has prepared a study on the costs of not protecting privacy. And Professor Elizabeth Warren of Harvard Law School has prepared a study rebutting a number of the proprietary industry white papers as a way to make public policy. And, in addition, our proposals talk about the need to have better credit score models transparency as well. We do not know enough about credit scores. We do not know enough about how they are made. As your testimony, however, pointed out on Tuesday, we do know that your credit limit is part of your credit score, and that when your credit limit is withheld by a furnisher, that is a problem for the consumer. So there is a very important study by the civil rights group, the Center for Community Change, called ``Risk or Race,'' that finds that, in fact, risk may not be the factor that has black and Hispanic applicants disproportionately mentioned in subprime lending; that is, if you are black or Hispanic, you are more likely to be paying too much for a loan. And that study, ``Risk or Race,'' should be entered into the record. Our testimony goes into a number of other important details about changes that need to be made in the act. Our groups hope to work closely with you and Senator Sarbanes on solutions to these important problems. But at a very minimum, we strongly oppose the permanent extension of preemption. We think it is unjustified. We urge the Committee to go for a sunset rather than permanent preemption. Chairman Shelby. Thank you. We have seen indications that some creditors do not report information regarding their customers to the credit bureaus. You referenced that. What do you believe is their motivation for this? Mr. Mierzwinski. Well, very clearly, the motivation is to game the credit scoring system to prevent those customers from shopping around. If I want to apply for credit, I want the best credit score I can have. But the easiest thing for a company to do is not to look for new customers, but to keep its existing customers. That is why they do it. Chairman Shelby. But if they do that, you cannot have accuracy in scoring, could you? You do not have all the information. Mr. Mierzwinski. We do not believe you can have accuracy in scoring, and the fact is even though the so-called black box of the credit scoring models is secret to you and me, the companies know enough about it to know that if they withhold certain pieces of information that they can game the system. And there is a lot of motivation there because if they keep their customers, most of those customers are probably paying too much for the---- Chairman Shelby. It is to their benefit, but perhaps to the loss or detriment of the consumer. Mr. Mierzwinski. It is absolutely to the loss or detriment of the consumer to be prevented from being able to shop around. And it is also to the loss or detriment of the credit scoring system. I think a bigger threat to the uniformity of the system, to the voluntary nature of the system, than the States, who I think are rational actors, is these acts of companies to prevent their consumers from being able to shop around. Chairman Shelby. Do you believe it is important to establish some kind of baseline, that is, objective information regarding the level of credit report accuracy? Mr. Mierzwinski. I absolutely think that you need to establish a better baseline on credit report accuracy, and I know the GAO--again, I disagree with their finding, but they say more needs to be done, that the FTC or the agencies, the bank agencies, or the credit bureaus should do more of a study. I personally feel that the annual audits of credit bureau accuracy should be provided and the public should hear about them. The Committee should hear about them as well. Chairman Shelby. We have also learned here a lot about--but we do not know everything about it--the growing use of risk- based pricing. Adverse action notices are not provided as regularly, we have been told, as they once were. I believe that consumers are never more aware of the need to review their credit report than after they have been jolted, perhaps jolted to the awareness of some kind of credit-related problem. Do you agree? And do you think it is necessary to update the adverse action notice process to meet today's realities? Mr. Mierzwinski. You are exactly right. We agree. I believe that the agencies, the Treasury and the FTC, also agree, or at least on that one the FTC agrees. The old credit system was yes or no. Now the credit system is more or less. You pay more or you pay less. If the system is inaccurate, you probably pay too much. But in many cases, when you are paying more, you do not know that it is because of a mistake on your credit report because you are not receiving the adverse action notice. Chairman Shelby. The whole system is based on accuracy, which is truth, is it not? If somebody is gaming the system for proprietary reasons, withholding information, the consumer is going to get hurt. Mr. Mierzwinski. Well, the consumer gets hurt, but it is an externality to that company. That company benefits by charging that consumer too much. They are happy. Chairman Shelby. Sir, going forward, how can we best ensure that entities involved in the credit granting process continue to meet their Fair Credit Reporting Act responsibilities? Mr. McEneney. Mr. Chairman, I think that probably the best way to do that is the continued active, vigorous enforcement of the existing statute. The statute really is a remarkable piece of legislation, providing powerful protections to consumers. The credit bureaus that have information on them are under an obligation to maintain reasonable procedures to ensure the maximum possible accuracy of that information. Consumers' access to that information, the ability to dispute it, the ability to demand that the furnisher---- Chairman Shelby. Ability to dispute it and clear it up if it is wrong, right? Mr. McEneney. Clear it up if it is wrong, absolutely, and including involving the furnisher, the entity that provided the information to the bureau, in that process. Chairman Shelby. Well, how do we change that a little? We had this gentleman, this Army Captain, retired, that had a horror story. It just ruined his life, basically, trying to deal with identity theft and all this. There should be an easier way to clear up somebody, because they steal your identity. And the Secretary of Treasury testified here today, as you know--you were here--that this is a big and growing problem. Mr. McEneney. I could not agree with you more strongly, Mr. Chairman. I think if you take--virtually every anecdote I have heard about accuracy that is not related to identity theft can really be addressed by the proper application of the existing statute. But identity theft is really where the statute, unfortunately, has a weakness. Now, in that regard, I think that many in the industry, and I think to a certain extent the people in the Administration as well, have looked at a way to try and make it easier for those people who are the victims of identity theft to get it cleared up quickly. Probably the most powerful tool that consumers could have in that context is the trade line blocking. Now, the way the trade line blocking works is the consumer, for example, files a report. A police report is one standard that has been talked about. Whatever the standard is, it has got to be a credible one to avoid credit repair clinics from using it to game the system. But assuming that we can come up with a credible threshold--and I think we can--what that would do is then enable that consumer to take that report, go to the bureau, file that report, and block for all time---- Chairman Shelby. And not have the horror stories we have had here. Mr. McEneney. Absolutely. Chairman Shelby. And I am sure there are thousands. Mr. McEneney. Yes, absolutely. And, Mr. Chairman, could I just comment on a few other questions that you raised earlier? Chairman Shelby. Absolutely. Mr. McEneney. I am familiar with the issues regarding the reporting of credit limits, and my understanding of the motivation behind those issues--and I am not defending that practice, but---- Chairman Shelby. Please do not. Mr. McEneney. But it is a little different than I think my colleague at the table may have described. As I understood it, I thought that some banks thought that they may have come up with a clever proprietary way to set credit limits and did not want to tip their hand to their competitors that they had come up with this methodology. I do not think it was designed to prevent their customers from shopping. After all, if that was their intent, they would not report anything on those consumers at all. Chairman Shelby. Well, why not report everything for accuracy? How can you have accuracy if you are gaming the system, even if you want to rationalize for proprietary reasons, and keep you or you from shopping in the market? Mr. McEneney. I agree with you. Chairman Shelby. Because the market does not work if you do not have it open. Mr. McEneney. I agree with you that full reporting should be encouraged. I think requiring it may have some adverse consequences that outweigh the benefits. Chairman Shelby. Like what? Mr. McEneney. One of the things that happens if you mandate--today, we have a voluntary system that I think works extremely well, and I think there is substantial evidence for that because of the incredibly successful rate at which creditors are able to grant credit and get paid based on---- Chairman Shelby. We like all that, but we like accuracy, which is based on the truth. Mr. McEneney. And I think that the way the system works today is extremely effective. Creditors grant credit. They get paid back. I think that supports the notion that the information they have today, although not complete in some cases---- Chairman Shelby. Well, we all agree that the system is working pretty well. But where it is not working well, I think it is our responsibility to clear it up. And you can help us. Mr. McEneney. And I am prepared to help you, Mr. Chairman, and the only thing I would say is that I think encouragement or persuasion in this regard will likely provide the benefits you are looking for without significant detrimental impacts, like driving people from providing the information in the first place. Chairman Shelby. What is wrong with mandating it? Mr. McEneney. There are a number of questions that come up in that context. One is: Who do we mandate provide the information? There are thousands and thousands of furnishers of information out there. And then what do they provide? For example, small businesses have certain types of information. Utility companies have different types of information. Credit card companies have different types of information. Mortgage companies. What is it that constitutes full file? Also, who do they provide it to? There are hundreds of credit bureaus around the country, and do we only mandate that it be provided to certain credit bureaus and not others? Also, I think one of the things that has to be assessed is the potential impact on the reliability of the information. Today, people provide the information voluntarily because they are willing to build the infrastructure to do so; they are willing to incur the costs to deal with follow-up disputes. If you force people to do it where those people have not build those infrastructures to support the reporting of the information, I think there is a significant risk that it could actually decrease the reliability of the information you get. Chairman Shelby. Well, I disagree with you on that. Even if the motivation is not to so-called game the system, shouldn't we be concerned if the effect hurts the consumer? In other words, the consumer--there are a lot of choices out there in the marketplace, and you have got different firms fighting for that customer. But if somebody is withholding information which keeps their customer base in line where they might have an opportunity to do a little better somewhere else, I think it games the system and the free market does not work. Mr. McEneney. Well, I would say on that point that one of the things that I think people should look into in that context is the extent to which those issues can be dealt with through modeling. One of the great things about credit scoring is that if you know what you do not know, you can model for it. You can assess what it means over time. And I do not think we are talking about systematic problems in the reporting of this information. I think we are talking about exceptional situations that are a small minority of the circumstances. And I think that can be dealt with through proper modeling. Chairman Shelby. At the very least, the banking regulators could ensure that entities that they supervise full-file reports. They could do that. Mr. McEneney. And I think they are strongly encouraging that, Mr. Chairman, and I think it has been effective. For example, the Fed did a study on this issue sometime back, and between the time that they gathered the information from the credit bureau to figure out what the credit reporting looked like and the time they prepared the report, the number of accounts that did not have the credit limit on them went from something in the neighborhood of 35-plus percent down to 13 percent. And my understanding is that that friendly or not-so- friendly persuasion by the agencies has been even more effective in continuing to drive those numbers down and encourage the full-file reporting. Chairman Shelby. Senator Sarbanes, I would like to thank you for your patience. Senator Sarbanes. Thank you very much, Mr. Chairman. I will be brief. This has been an extremely helpful hearing, in my view. Also, I want to thank both of the witnesses who are currently at the table for their testimony and their statements. Mr. Mierzwinski, I particularly appreciate this very detailed testimony that you and the other organizations that you are representing have put together here. In that light, Mr. Chairman, I hope we can keep the hearing record open to receive additional recommendations. Chairman Shelby. We certainly will. The record will remain open. Senator Sarbanes. I wanted to ask you this question. I am particularly interested in this. One of the ways of assuring that the consumer can straighten things out is that he can bring legal action under FCRA in order to do so. Is that correct? Mr. McEneney. Yes. Senator Sarbanes. And that is an instrument whereby you get, in a sense, some self-policing of the workings of the system and I guess in that respect is desirable. Would you both agree with that? Mr. McEneney. I think one of the most powerful things about the FCRA is the tools it gives the consumer to get out and dispute the information they believe is inaccurate and to have it corrected. Senator Sarbanes. Now, let me ask you this question: The current statute of limitations governing the time period by which a consumer must bring legal action under the FCRA runs 2 years after the occurrence of the fraud, regardless of when the victim discovers it. Now, in the most extreme case, the victim could discover it more than 2 years after the fraud occurred, and the statute of limitations would knock the victim out of the box, would it not, under current statute? Mr. McEneney. Yes, I believe it would. Senator Sarbanes. Well, I have difficulty understanding. Obviously there is no fairness to that, and obviously it eliminates the workings of the system in terms of the consumer correcting it. Now, some have suggested that the statute of limitations period should be 2 years after the date on which the violation is discovered or should have been discovered by the exercise of reasonable diligence, because I can understand it will be argued, well, you know, they should have known this, we just cannot have this thing hanging out there forever. So you put some burden of responsible action on the consumer. But why wouldn't that be a better way for the statute to work, 2 years after the date on which the violation is discovered or should have been discovered by the exercise of reasonable diligence? Do you have any problem with that? Mr. McEneney. Senator, just a clarification of how I think that statute of limitations issue works. If I am a consumer and I come to look at my file at any time, my rights accrue at the time I look at that information to dispute the information and have it corrected. It is not that if the information was added more than 2 years ago I cannot correct it. I can demand correction anytime it is in my file. I think the situation that you may be referring to is one where a consumer comes to look at his or her file, believes that there is a problem in it, and more than 2 years ago, for example, applied for credit or took some other action and believes they were damaged at that point in time. Under those circumstances, I believe the statute would run, and the individual would not have a right to go back and sue for an act or for damages that took place 2 years prior, but would have the right to demand correction of that information right then and there. The 30-day time frame would then apply, and all their rights would accrue. I think that it is important to just focus on what that statute of limitations issue really means. The consumer always has the right to come and dispute what is in his or her file. Mr. Mierzwinski. Senator Sarbanes, if I could add, we want to reverse the Supreme Court in the TRW v. Andrews case. We think it is important to clarify the discovery rule and make it easier. The complexity of the discovery rule is just one example of how the general principle of this Act is that the consumer generally has a right to self-enforce his or her rights. But those rights are very difficult to enforce. In 1996, a former Member of the Committee, Senator Bryan, worked very hard to establish a furnisher liability compromise. As part of that, he said consumers could sue banks and department stores some of the time after they failed to comply with the reinvestigation, but not if they simply provided information to a credit bureau that they consciously knew was in error. So that first test would only be enforceable by the agencies. The consumer could only sue in the latter case where there was a request by the consumer to remove the fraudulent or false information and that information was not removed. Consumers had to go to court for the last 8 years. They had to get the Federal Trade Commission to file amicus briefs on their behalf. Despite clear legislative intent that Congress intended to give consumers the right to sue furnishers of information in some circumstances, many furnishers of information argued that they did not have the right to sue them. The law is very difficult to enforce as a private individual. One example: Why is there so much identity theft? There is so much identity theft because the companies do not care about fixing the problem. They look at it as a cost of doing business. That is all it is to them. They are making so much money issuing credit that the millions of consumers who are victims of identity theft have so much trouble enforcing the law and clearing up their name, as Captain Harrison did, that they just give up. And we really need to make it easier for consumers to enforce their rights, strengthen the duties of these companies. Senator Sarbanes. I may not be fully understanding, but I have difficulty understanding the rationale for a statute of limitations that runs when the victim is unaware that something wrong has been done to them. I understand once they know about it if they then do not do anything about it within a reasonable period of time, or if, you know, by taking due diligence they should have known about it and did not do it because they were--that is a different situation. But the situation in which they just do not know about it and then they find out about it and they want to do something, someone says, well, you know, 2 years has gone by, it is just too bad but you are out of luck. I mean, what is the rationale to justify that kind of position? Mr. McEneney. I would be happy to look into the details of the statute of limitations issue for you, Senator. Senator Sarbanes. On first blush, it is hard-put to see a rationale, isn't it? Mr. McEneney. You know, statutes of limitation generally are designed to avoid litigation involving issues where the facts relevant to those issues took place beyond a certain period of time before. And I would have to look at the specific issues you are talking about. Senator Sarbanes. Even if you go down that path, 2 years is a pretty short period of time when you are talking about, I think, matters of this sort. But a lot of statutes of limitations have in them some provision about knowledge or should have had knowledge in order for the time period to kick into effect and then knock you out of getting a remedy. You, after all, are the one who has been victimized. My question is whether the victim should be able to get some remedy for that, and it is quite a step simply to knock them out of getting any remedy when they are in complete lack of knowledge that this has been done to them. Mr. McEneney. Senator, I would be happy to look at the details of that issue and get back to you. Senator Sarbanes. Thank you, Mr. Chairman. Chairman Shelby. Could I ask the other side, could you also furnish information regarding the same subject? Mr. Mierzwinski. Mr. Chairman, we would be happy to do so. And we had an amicus brief before the Court in that case, which we will provide to the staff. We think the Supreme Court was wrong, but it was a statutory ruling, so the Committee can certainly reverse them. Chairman Shelby. Senator Bennett. Senator Bennett. Thank you very much, Mr. Chairman. Mr. Mierzwinski, I have gone through your recommendations, every one of which has some rationale behind it. But taking the whole thing in total, it reminds me of the comment that came out of the Vietnam War where the infantry captain said, ``In order to pacify the village, we had to destroy it.'' And I think if all of these recommendations were put in place in order to make sure that the customer got absolute accuracy and absolute protection of his privacy, you would cut him off from the opportunity of obtaining credit. And that is what this whole thing was about. Again, I go back to my first days in this Committee where the complaint was that particularly minorities and others who did not have a gilt-edged credit history were being denied credit absolutely, and the Fair Credit Reporting Act has gone a long way toward making credit available to them. And if we say, yes, but there is this and there is this and there is this and there is this possibility, every possibility of which must be guarded against, we go back to the bad old days when the only people who could get credit are those who basically do not need it. So, I have some real problems with the totality of what you are presenting here. Now, I also disagree with you about the GAO report because I think the GAO report reflects what we have heard in these hearings. We have had a wide range of studies presented to us. You claim, with understandable enthusiasm, that the studies that support your position are the reliable ones and the peer- reviewed ones and the objective ones. But other witnesses claim, with equal sincerity, that the studies that they put forward are objective and peer-reviewed and reliable. And the results, as we found in previous hearings, are all over the lot. So it does not surprise me at all when the GAO begins with the quote with which the Chairman began this hearing, and I will read it again: ``Information on the frequency, type, and cause of credit report errors is limited, to the point that a comprehensive assessment of overall credit report accuracy using currently available information is not possible.'' And that resonates with the sum total of what we have heard in these hearings. In the GAO report, we have what I find to be a very useful summary as to the common causes of errors in the consumer credit report process, and they cite three common causes: Number one, consumers. Consumers provide inaccurate data to furnishers, either by mistake--which I assume is by far the most logical reason--or purposely provide false information in order to establish a new credit identity. This is a form of identity theft, if you will, identity concealment. I have bad credit; I will now, in an attempt to create a new identity for myself, mislead the furnishers. That is the first cause of errors. The second cause of errors, furnishers input accurate information incorrectly. I referred to this previously where I described where I was moving, over the phone, opening an account. My name is Robert F. Bennett, and the bill came back Robert S. Bennett. There was not anything malevolent about it, but the person on the other end of the line heard my ``F'' as an ``S'' and I have been unable to correct that, as many times as I have tried. Finally, I just pay the bill, Robert S. Bennett every month and I do not worry about it. But that is accurate information incorrectly inputted. Pass on incomplete or inaccurate data to consumer reporting agencies, or pass on accurate data in incorrect format. Fail to voluntarily report data. Those are all of the various ways that furnishers put in accurate information into the system. And finally, the third way you get errors is that the bureaus input inaccurate information or they input accurate information in the incorrect file. Robert S. Bennett begins to get information that is not accurate because somehow he is getting my utility bill put in there. Because of these common errors involving consumers, furnishers, and credit reporting agencies, the GAO has concluded that we cannot get our arms around the size or complexity of the problem. So I think what we need to do, Mr. Chairman, is continue that which has been working, and for that reason, I am strongly in favor of both the preemption provision and the affiliate sharing provision, while we continue to try to find out more information about where the inaccuracies come from and what we can do to deal with it. I think the reference to the bank regulators to which you, Mr. McEneney, have referred, is an indication the bank regulators have gotten tough and the number of inaccuracies or omissions has begun to go down. And I think that is a salutary thing, and we should work for that. I am in favor of Senator Sarbanes' position on the statute of limitations. I cannot imagine why it would be a problem to say that, well, if something has gone bad, you do not know about it until 18 months later, and then suddenly you are faced with a major identity theft problem, you have only got 6 months to get your lawyer together and file the case. I want to have the full 2 years from the time that happens. Those are the kinds of changes that I think we can make. We can tighten things up. But I do not want to throw out the baby with the bath water. I do not want to reverse the fact that credit has been made available to a wide range of Americans who did not have it before in the name of saying, well, we are going to protect your privacy in all of these belt and suspenders and raincoat kinds of ways, and in the process you are going to be completely private, but you are not going to get any credit. Mr. McEneney. Senator Bennett, on the GAO finding of the inability to assess accuracy, I would just like to make one point. It does not answer the question, but perhaps provide some temporary comfort. That is, there is a proxy for assessing the accuracy of the information at a broad level, and that is its remarkable predictive value. Creditors successfully rely on this information, have been extremely successful in making credit more widely available, more cheaply than ever before, and that would not be the case unless the information were accurate to a high degree. Now, that does not deal with the detailed issue, but I am just saying that there is some comfort to be taken from that widely available fact. Mr. Mierzwinski. If I could speak to that briefly, Senator--and, by the way, on your first point on our recommendations, we would be happy to work with you. If you want to take our top five or something like that, we would be pleased. Senator Bennett. Well, as long as you give me preemption and affiliate sharing, why, I would be happy-- [Laughter.] Mr. Mierzwinski. But the situation here, I think--and I would refer you--I will provide it to the staff. There is a study by a Philadelphia Federal Reserve Board economist, Mr. Hunt, that talks about some of the ways that information is used in the system. And one of the points he makes is a theory that the system is weighted toward false negatives; that is, the system may be providing credit accurately to people that deserve---- Chairman Shelby. Would you furnish a copy of that to the Committee? Mr. Mierzwinski. Yes. May be providing credit in a way that people that deserve credit tend to get credit, but some people may be paying too much for credit. And that is what the system is not measuring, and that is my point on the GAO report. I only read it very quickly. I just got a copy of it. But the one particular part of the CFA report was the study of half a million scores that I do not think they looked at in as detailed a way that they should have. And that was my point. On the other studies, maybe their points were more valid. But on that particular portion of the CFA report, that is where I disagree with them. I was encouraged, however, that they agree with our finding and recommendation that there should be more adverse action notices provided so more consumers trigger looking at reports and trigger reinvestigations. Senator Bennett. I think the Committee is clearly going in that direction. That is what the FTC recommended. Mr. Mierzwinski. Right. Senator Bennett. I think there is some legitimacy to that. Thank you, Mr. Chairman. Chairman Shelby. In closing, I want to thank you two for being patient today and also for your input. I believe this will help guide the Committee as we seek in the next weeks to craft a bill that balances the interests of consumers and the needs of the credit market. We are not going to try, I hope, to reinvent the automobile here, but we believe that we can maybe change the model a little bit, fine-tune it and make it work better for the American people, and that is all of us. Thank you, gentlemen. Mr. McEneney. Thank you. Mr. Mierzwinski. Thank you. [Whereupon, at 12:40 p.m., the hearing was adjourned.] [Prepared statements, response to written questions, and additional material supplied for the record follow:] PREPARED STATEMENT OF SENATOR ELIZABETH DOLE First of all, I want to thank Chairman Shelby on behalf of the people of North Carolina and the entire country not only for holding today's hearing on measures to enhance the operation of the Fair Credit Reporting Act, but also for holding six hearings on the issues involved in the reauthorization of the Fair Credit Reporting Act preemptions. This has given us all an opportunity to examine the great benefits the FCRA has brought to the consumers of America. These hearings have also illustrated the ways this law can be strengthened to ensure more accurate credit reports and help our efforts to combat identity theft. The actions of the House Financial Services Committee passing its version of this legislation by an overwhelming vote of 61-3 shows there is a broad consensus on the issues before us and that we all can work together to accomplish our goal this year. While I have long spoken out about the tangible benefits the FCRA has brought to our Nation by lowering the cost of credit and empowering individuals, there are further steps we can take to help consumers and industry, such as providing access to a free credit report once a year. A free report will help consumers gain a better understanding of the factors that financial institutions take into account when pricing a product and when deciding whether to extend credit. Free credit reports will also ensure the accuracy of credit reports and help stop identity theft, a destructive crime that is unfortunately growing more common every day. As we all know, there has been a healthy debate on the issue of credit scores. While I feel strongly that consumers should be given an accurate description of the different factors that go into these numbers, I do not think this should extend to the right to a free credit score. This score is a proprietary analysis of a credit report used to gauge the risks involved in extending credit to an individual. Since independent businesses develop the scores with their own resources, they should be able to receive a small fee for their use. It is also my hope that we not put one score--such as FICO--above all others. Competition in the credit score market should be preserved. I want to thank our distinguished panel of witnesses for taking the time to join us here today. I look forward to working with all of my colleagues on these issues as the Committee prepares to craft a legislative package. ---------- PREPARED STATEMENT OF JOHN W. SNOW Secretary, U.S. Department of the Treasury July 31, 2003 Thank you Chairman Shelby, Senator Sarbanes, and other distinguished Members of this Committee for this opportunity to testify on the Administration's proposal to strengthen the use of the Fair Credit Reporting Act (FCRA) to promote consumer interests. All consumers have two important interests, the promotion of which is the central purpose of the FCRA. One is the interest in improved access to credit and other financial services. The other is the interest in the accuracy and security of their financial information. The Administration proposes to remove the sunsets on the uniform standards and focus these standards and the FCRA even more on meeting these two key consumer interests. A hallmark of our country is readily available credit. In fact, it is not too much to say that ready access to credit on competitive terms is an integral part of the economic security and well-being of American families. All over the country, Americans depend on competitive credit markets to realize the dream of homeownership, to finance their cars, to pay for college, and meet a variety of other needs. More than two- thirds of Americans now own their own home, and 9 out of 10 homes are purchased with a mortgage. For example, consumer credit helps finance the vast majority of the more than 15 million cars and trucks consumers purchase annually. The FCRA's uniform national standards for information sharing operate to expand the opportunity for consumers to access credit and financial services--they make your reputation as a borrower portable, so that you do not have to establish your good name from scratch in every city you visit, or every store where you shop. The Council of Economic Advisers estimates that, if States passed laws that significantly deviated from the national uniform standards of the Fair Credit Reporting Act, 280,000 home mortgage applications that are now approved each year would be denied--that is $22 billion in new mortgages annually. Access to accurate and reliable financial information is particularly important for approving loans to first-time homebuyers, for example. This democratization of credit has especially benefited minority and lower income families. For example, from 1995 to 2001, the percentage of minorities holding mortgages increased significantly-- one-sixth of minorities who qualified for mortgages in 2001 would not have qualified in 1995, a higher rate of improvement in homeownership than for families overall. In addition, the percentage of minority families with credit cards has risen substantially. From 1995 to 2001, the percentage of African-American families holding credit cards rose from 39.4 percent to 55.8 percent. More generally, since 1970, credit access by U.S. households in the bottom half of income distribution has experienced the most rapid growth. National uniform standards help all Americans participate more fully in the miracle of modern credit markets. We need to accelerate that process and do nothing to slow it down. Perhaps the most serious threat to financial consumers today is identity theft. Identity thieves are clever, adaptable, and heartless. Indeed, many identity thieves specifically target the most vulnerable members of society--families of the recently deceased, seniors, hospital patients, and men and women serving our Nation overseas. These schemes come in many forms and I have described several of the more deplorable schemes elsewhere. Today, I would like to cite still another example, as reported last week, that demonstrates how clever and adaptable the thieves are: Using a $100, commercially available keystroke logging program, an identity thief in New York stole over 450 online banking passwords during a 2-year period. The scam began with the thief installing a keyboard-sniffing program on public Internet terminals at 13 locations scattered throughout Manhattan. Unwitting customers using the terminals then had their keystrokes logged as they accessed information. With username and password information in hand, the thief used the victims' personal and financial information to open new accounts under their names and transferred money from the victims' legitimate accounts into the new, fraudulent ones. Many Americans have worked hard for years to build and keep good credit histories. In today's information-driven economy, one of your most important personal assets is your reputation, your credit history. The statistics are there--and have been cited by many. For example, a recent study reports that identity theft has been seriously under- reported and asserts that 7 million Americans were victims of identity theft last year alone. We may never know what the right number is. But one thing we do know is that there are far too many victims of identity theft and that the crime is spreading. One of the most distressing aspects of identity theft is how quickly an identity thief can damage your credit history and how long it can take to undo the damage. A recent General Accounting Office study found that victims spend on average 175 hours trying to recover from the crime. In many cases, recovery can take even longer, and involve thousands of dollars in legal and other expenses. The costs are so significant that a market in identity theft insurance is now developing. Our national information sharing system can and should be improved to do more in the fight against identity theft. As we do so, it is important to understand that national standards for sharing such information are an important tool in the fight against identity theft. When a thief tries to steal your identity and open an account in your name, he is posing as you, hiding behind a mask that he has constructed out of bits of information about your identity. Bankers or merchants can stop the would-be thief right in the act, before the crime is committed, if they have timely access to the right information. With the right information about your true identity, financial institutions can ask validating questions and peer behind the thief 's mask. In other words, your banker can stop the identity thief if your banker is more familiar with you than the thief is. National uniform standards make timely access to full and accurate information possible, giving financial institutions the tools to stop many identity theft assaults before they can succeed, information moving faster than the thieves. On June 30, I announced the Administration's proposals to make the Fair Credit Reporting Act an even more effective instrument to protect consumer financial data from fraud and abuse, enhancing the quality and integrity of that information, while at the same time expanding consumer access to credit and other financial services. We are extremely pleased that several of these proposals are contained in bipartisan legislation now pending before the House of Representatives, approved last week by the Financial Services Committee by a strong 61 to 3 vote. We look forward to working with you as the Senate considers these issues. In my testimony today, I wish to focus on five of our proposals: <bullet> Free credit reports upon request. To achieve these important goals of the Fair Credit Reporting Act we would be wise to engage the consumers themselves. A basic tool to place in the hands of consumers is access to their credit reports, once a year, upon request, free of charge. Consumers should be offered the opportunity to review their credit reports for accuracy and completeness. We believe that this proposal will not only help stop identity theft, but that it will also lead to improvement in the overall quality of the information in the credit reporting system. After all, no one has a stronger interest in ensuring the accuracy of their credit reports than consumers themselves. As the overall quality of the information improves, everyone will benefit-- consumers, merchants, financial institutions, and the economy as a whole. <bullet> National Security Alert System. We recommend that the uniform standards include a national security alert system. Under such a system, consumers who have been victimized or are in danger of being victimized can put banks and merchants on their guard against any further efforts to impersonate the consumer, thus making it much harder to steal one's identity. <bullet> Red Flags. We propose the bank regulators also be put on the watch for patterns followed by identity thieves, red flags that indicate the likelihood of fraudulent activity. The regulators would provide notice of these red flags to the institutions that they supervise and put them on the watch for these telltale signs. Further, the regulators would verify in their bank examinations that these warning signs are being heeded, fining those institutions where lack of attention results in customer losses. I regard this proposal to be a very important part of the package. One of the challenges in fighting identity theft is that identity thieves are adaptable. They are always looking for ways to exploit systems and procedures that we set up to thwart them. It is important, therefore, that regulators and financial institutions be equally adept in catching them. To be effective and not become soon out of date, this proposal avoids locking today's tell-tale signs in the statute, but instead gives regulators the flexibility to adapt to new identity theft schemes and to establish procedures to thwart them and foil the efforts of the would-be thieves, and it gives financial institutions increased incentives to be on guard as well. <bullet> Prohibition on the sale or transfer of identity theft debt. Another important Administration proposal is a prohibition on the sale or transfer of debt for collection a creditor knows is the result of identity theft. Too often, consumers labor for hours persuading a creditor that they were the victims of identity theft only to find that they must begin the process all over again with a new creditor who has purchased the debt from the original creditor. Our proposal would help reduce repollution of consumer's credit files and save consumers countless hours of needless hassle. <bullet> Adverse Action Notices. The Administration proposes granting the FTC specific rulemaking authority that would require notices to consumers when their credit scores caused them to be offered less favorable rates than for which they applied. These are a few highlights of the package of proposals we have offered, that would build upon and amplify the use of the FCRA to promote consumer access to credit within a context of improved accuracy and security of personal financial information. Enactment of this package will make our national information sharing system even more a servant of consumer interests. Given the important role that the national standards of the Fair Credit Reporting Act play in expanding access to credit and maintaining the accuracy and security of consumers' information, it should come as no surprise that national information sharing standards benefit our economy as a whole. It seems so basic that we take it for granted, but an integral part of our economy's success is our confidence in financial services such as bank services, insurance, and investment products. Our credit markets helped the American economy weather the serious shocks we have experienced over the last 3 years--a recession, September 11, homeland security, corporate accounting fraud, and so on. And there should be no doubt that the national uniform standards of the Fair Credit Reporting Act help make our credit market more robust. According to the Council of Economic Advisors, if the national standards were to expire, and States adopted new laws currently under consideration, a minimum of 3.5 percent of loans currently approved would be denied to maintain the same level of credit risk. This could put as much as $270 billion of consumer credit in jeopardy. We look forward to working with this Committee and the full Senate to move a strong package of reforms into law this year and ensure that the Fair Credit Reporting Act becomes an even more effective tool for meeting the financial interests of American consumers. Accomplishing this task is vital to the future of our economy. With improved national standards, we can make great strides to protect our citizens against identity theft, while holding open the doors of credit to many more American families of every income and background. PREPARED STATEMENT OF MICHAEL F. McENENEY Partner, Sidley Austin Brown & Wood LLP on behalf of the U.S. Chamber of Commerce July 31, 2003 Good morning, Mr. Chairman, Senator Sarbanes, and Members of the Committee. My name is Michael F. McEneney and I am a Partner at the law firm of Sidley Austin Brown & Wood LLP. I am pleased to have the opportunity to appear before you today on behalf of the U.S. Chamber of Commerce. The U.S. Chamber serves as the principal voice of the American business community here in the United States and around the world. Specifically, the Chamber is the world's largest business federation, representing more than three million businesses of every size, sector, and region of the country. The FCRA has provided a robust framework for the most advanced consumer credit and insurance markets in the world. A key component of this success is the fact that the FCRA establishes a single national system in which our credit and insurance markets can operate smoothly. This has resulted in significant consumer benefits, in the form of increased credit and insurance availability at lower costs, and has provided a source of strength for our economy. The national uniformity of key provisions in the FCRA is currently scheduled to expire on January 1, 2004. Making these provisions permanent has been a high priority for the Chamber and the business community generally. We urge the Members of the Committee to make these provisions permanent. The Economic Importance of National Uniformity At the beginning of the Committee's deliberations on these issues, there were a number of questions raised about the significance of the national uniformity established by the FCRA. A recent study entitled ``The Fair Credit Reporting Act: Access, Efficiency, and Opportunity'' goes a long way to answering those questions. The study was prepared by the Information Policy Institute (IPI) with the support of the National Chamber Foundation of the U.S. Chamber of Commerce. The aim of the study was to examine specifically whether a loss of the existing framework of preemption would threaten the benefits of our credit markets currently enjoyed by consumers. This study relied on hard data to determine the impact on consumers and industry if the national uniform standards were lost. I would like to share some of the study's findings with the Committee. In General In all areas of inquiry, the IPI found that the national uniform standards established by the FCRA have contributed significantly to the consumer benefits of the current credit marketplace. Further, the IPI found few quantifiable direct or indirect costs to consumers associated with the national uniform standards. The study concluded that the loss of the existing framework of preemptions would threaten the current consumer benefits, and that Congressional action is necessary to ensure the continuity of our national standards. Mortgages The study recognizes that many of the efficiencies developed by the mortgage underwriting market, such as automated underwriting, are made possible, at least in part, by the national uniformity established by the FCRA. According to the study, automated underwriting consistently does a better job of identifying loans that ultimately ``perform''--loans that do not experience a serious delinquency or default. Moreover, automated underwriting allows mortgage underwriters to accommodate high volumes of activity. For example, in 2002, the Federal Reserve estimates that homeowners were able to gain access to approximately $700 billion of equity in their homes--an astounding figure that may not have been possible under a less efficient system. The introduction of mortgage underwriting efficiencies, which have resulted in part from the national uniformity established by the FCRA, also appear to have significantly reduced the costs of closing a loan, saving consumers at least $18.75 billion in 2002. Credit Availability The study also examined four different scenarios under which the FCRA's national uniformity was allowed to expire and the FCRA's operative provisions were modified in ways suggested by existing legislative proposals in various States. The study examined the impact of these changes on six different commercial credit scoring models in order to approximate the impact on consumers and the cost of credit. In all four scenarios, the study found that loan approval rates would decrease or delinquencies would increase, resulting in increased costs to consumers. Furthermore, the predictive power of credit report information would decline, damaging creditors' ability to evaluate credit risk. If creditors cannot properly evaluate credit risk, one of two things generally occurs in order to hedge against that increased risk--creditors make less credit available, or they increase the cost of credit. Either way, consumers lose if the FCRA's national uniform standards expire. Prescreening The study evaluated the current practice of ``prescreening'' customers for preapproved offers of credit. According to the study, increased competition which has been driven in part by prescreening, has caused interest rates to be lower overall than they were in 1990. The study also found that prescreening was the most important method of acquiring new credit card customers, and that restrictions on prescreening would increase costs to consumers, and decrease consumers' access to unsecured credit. The Importance of National Uniformity to the Security of Consumers' Personal Information The Chamber believes that it is important to pursue the goals of providing for continued access to credit as well as protecting the security of consumers' personal information. The national standards established by the FCRA are an important component of protecting the security of consumers' personal information. For example, the national uniform provisions under the FCRA ensure that financial institutions can have access to reliable credit report information for a variety of purposes, including identity theft prevention. Indeed, the important role credit reports can play in the efforts of financial institutions to verify the identity of their customers has been recognized as part of the regulatory efforts to implement the customer identification provisions of the USA PATRIOT Act. The national uniform standards also allow companies to prevent identity theft in other ways. Under the FCRA, companies have a single Federal standard governing their ability to share information among affiliated entities. A key purpose for the sharing of information among affiliates is to prevent fraud, including identity theft. The FCRA also establishes a uniform standard for prescreening consumers for credit. It is noteworthy that the fraud rates, including identity theft, are significantly lower on accounts acquired through prescreening than accounts acquired through other means. Providing States the opportunity to enact their own prescreening rules would make this more secure method of customer acquisition less attractive if not impossible. The national standards established by the FCRA also ensure that consumers have the tools necessary to protect themselves against identity theft. For example, consumers are provided a standardized notice if they are the subject of adverse action based on a consumer report. This notice, which is uniform across the country, informs the consumer of the adverse action and notifies the consumer that the action was based, at least in part, on information from a credit report. This is a ``red flag'' to the consumer to check the credit report to ensure its accuracy. Furthermore, the FCRA establishes a single timeframe under which credit bureaus have to reinvestigate any consumer disputes. I think we can all agree that it is challenging enough for credit bureaus and consumers to resolve identity theft issues under a single set of rules--imagine the difficulty if credit bureaus had to comply with different rules depending on where the consumer is located. The Practical Application of the FCRA to Underwriting Although the broad concepts I have discussed to this point are important, I would like to provide a more practical application of how the credit reporting and underwriting process thrive under the FCRA. The concept of credit underwriting, or the analysis of economic risk on which a decision to lend money is based, has received repeated mention by many participants in the debate, but at no point have we really stopped to talk about what that means. I have attached an example to my testimony consisting of two simple revolving loan portfolios, each containing 100 loans of $1,000 apiece, and each paid off within a year. One portfolio has an interest rate of 5 percent, the other a rate of 18 percent. If one loan in the 5 percent portfolio were to immediately default (whether because of identity theft, consumer bankruptcy, or poor judgment on the part of the lender), it would take the interest payments from 41 performing loans to compensate for that default. If, instead, as few as three borrowers default, the lender is completely underwater--and will lose money--even before facing the expense of managing 97 other loans. If one loan in the 18 percent portfolio defaults, it takes the interest from 12.11 performing loans to compensate for that one default. Even if the lender gets it exactly right 92 percent of the time, no matter how well those 92 consumers pay their bills, the lender is in serious trouble. There is not much more to underwriting than that. And this is why it is so important for lenders to be able to assess credit risk accurately. The complicated part occurs when trying to fit the maximum number of borrowers into the continuum of rates between 5 and 18 percent while keeping defaults to a minimum. Whoever does the best job of fitting borrowers to a particular interest rate attracts the most customers because they can offer the lowest rate and manage their defaults so they still make money. Anything that enhances this process has obvious consumer benefits. Since 1996, the seven preemptions of the FCRA have enabled lenders, at a national level, to take advantage of technological advances to serve their customers while greatly refining their ability to fit the right borrower into the right rate. Potential Issues for Enhancement Identity Theft One issue that deserves serious consideration is identity theft. Although identity theft is not caused by the FCRA, we believe the FCRA can certainly provide part of the solution. In general, we believe that there is a common theme that should guide the Committee in its consideration of provisions to combat identity theft. More specifically, the Chamber believes that the methods used to address potential identity theft scenarios should be flexible, allowing companies to utilize the means most efficient to them to thwart identity thieves. Indeed, a ``one-size-fits-all'' approach may not work--the challenges presented by identity thieves will invariably change over time and the tools used to combat the thieves should change as well. The Chamber is concerned that if the methods for preventing identity theft are ``written in stone,'' companies will be forced to devote resources to complying with these methods, regardless of whether they become outdated or if more efficient alternatives become available. Furthermore, if companies must adhere to specific statutory requirements with respect to identity theft, it may become very difficult for companies to alter their procedures in light of the constantly evolving nature of identity theft schemes. Access to Credit Reports It is important for a consumer to have access to his or her credit report in order to ensure the report's accuracy, as well as to address any instance of identity theft as soon as possible. The FCRA currently ensures that access to credit reports is relatively inexpensive--the cost is capped by law at $9. In addition, the Chamber strongly supports the provisions in current law that provide consumers with access to their credit report at no charge in certain situations. For example, a consumer can obtain his or her credit report for free if the consumer: (i) has been the subject of ``adverse action'' (for example, denial of credit) due in part to information in a credit report; (ii) is unemployed and intends to apply for employment; (iii) is a recipient of public welfare assistance; or (iv) has reason to believe that the file on the consumer at the credit bureau contains inaccurate information due to fraud, including identity theft. Aside from the numerous instances when a consumer currently can obtain a copy of a credit report for free, some have advocated providing consumers with a credit report at least once annually at no charge. The Chamber welcomes the consideration of how to make credit reports more available to consumers. We believe, however, that this issue merits careful study before next steps are taken. In particular, there should be a careful examination of the costs associated with a ``free'' credit report in order to ensure that there are no unintended consequences. For example, the costs of providing free reports and the related customer service will have to be absorbed by the consumer. Moreover, resources that are currently dedicated to investigating potential errors in consumer reports, or assisting consumers with resolving identity theft claims, will need to be redirected to meet the demand for ``free'' credit reports. It should also be noted that a single, well-placed national news article or widely circulated e-mail could create significant spikes in demand for credit reports that simply could not be met without severe disruption to the other important customer service functions performed by credit bureaus. Investigating Wrongdoing in the Workplace Currently, the broad definitions of ``consumer report'' and ``consumer reporting agency,'' as interpreted by the FTC, appear to apply if an employer uses outside experts to investigate employee misconduct. This results in the outside firm, such as an accounting firm or law firm, potentially becoming a consumer reporting agency for purposes of the FCRA. Because of the difficulties in conducting an investigation while complying with the FCRA's requirements, and because employers and investigators face significant potential liability, including punitive damages, for failure to comply with the FCRA's requirements, the FTC's interpretation deters employers from using experienced and objective outside organizations to investigate workplace misconduct. While the FTC's interpretation affects all businesses, it is particularly damaging to small and medium businesses that do not have in-house resources to conduct their own investigations. The Chamber strongly believes that Congress should take this opportunity to remedy this problem. We urge the Committee to adopt legislation that would exclude employment investigations which are not for the purpose of investigating the employees' creditworthiness from the FCRA requirements. Such legislation has been introduced on the House side in the past few Congresses by Representatives Pete Sessions and Sheila Jackson-Lee and was included as Title VI of the Fair and Accurate Credit Transactions Act of 2003, which was approved by the House Financial Services Committee on July 24. I want to stress that the Sessions/Jackson-Lee language in the FACT Act is a narrow correction of an obvious problem created by current interpretation of the law. In addition, the legislation should not leave those suspected of misconduct without protection--it still requires that employers who take adverse action against an employee based on information from an investigation provide the employee with a summary of the nature and substance of the report. We urge the Senate to address the problem created by the FTC's interpretation by enacting the Sessions/Jackson- Lee language. Conclusion Once again, I would like to thank the Committee for its efforts in examining ways to maintain the consumer benefits of our current financial marketplace while also protecting the security of consumers' personal information. The Chamber strongly endorses the criteria suggested by Treasury Secretary Snow that any amendments to the FCRA affecting the credit reporting or credit underwriting process should enhance both personal data security and access to and availability of credit. Our recommendations are made with this formulation in mind. The Chamber looks forward to working with you, Mr. Chairman, and with other Members of the Committee as your efforts to amend the FCRA progress. Thank you again for the opportunity to appear before you today. I would be happy to answer any questions you may have. <GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT> RESPONSE TO WRITTEN QUESTIONS OF SENATOR DOLE FROM JOHN W. SNOW Q.1. Our credit system is based on a voluntary reporting system in which it is in the furnisher's best interest to report information to the credit bureaus. Do you believe that some of the duties imposed on the furnishers by the House bill could jeopardize the willingness of furnishers to participate in the system? A.1. We support H.R. 2622 and commend Chairman Oxley and Ranking Member Frank for their hard work. However, some provisions go too far. The new requirements concerning the accuracy of consumer information contained in H.R. 2622 were not in the Administration's proposal. We are concerned that these new requirements may lead to some furnishers dropping out of our voluntary credit reporting system or simply deleting disputed information. This would not advance consumers' interest in the security and the completeness of their credit reports. We have been working with the House to resolve these concerns to ensure that we maintain a robust, national credit reporting system and protect consumers' interests in access to credit and other financial services, while at the same time protecting their interest in the accuracy and security of their information. My staff and I would be pleased to discuss the matter further with you and Members of the Committee. Q.2. The House accepted an amendment to allows consumers to go directly to a furnisher, whether it be a retailer or a bank, to dispute what they believe to be incorrect information on their credit report. Does the Treasury have a position on this language? What, if any changes to the language, would the Treasury recommend? A.2. We support H.R. 2622 and commend Chairman Oxley and Ranking Member Frank for their hard work. The new proposal to allow consumers to initiate disputes directly with furnishers contained in H.R. 2622 was not in the Administration's proposal. We are concerned that this proposal may lead to some furnishers dropping out of our voluntary credit reporting system. Also, a cornerstone of both the Administration's proposal and H.R. 2622 is the ability for all consumers to obtain a free credit report every 12 months from each of the three nationwide consumer reporting agencies. If this becomes law, consumers will be more familiar with the role of the consumer reporting agencies. Given this likely greater familiarity, it makes sense to direct consumer disputes to the consumer reporting agencies, which can efficiently refer the disputes to the appropriate furnisher. We are working with the House to resolve these concerns to ensure that we maintain a robust, national credit reporting system and protect consumers' interests in access to credit and other financial services, while at the same time protecting their interest in the accuracy and security of their information. My staff and I would be pleased to discuss the matter further with you and Members of the Committee. Q.3. It's my understanding the 1996 Amendments to the FCRA gave credit bureaus the ability to dismiss consumer disputes they deem to be frivolous. If Congress decides to allow consumers to register disputes directly with furnishers, should we give furnishers the same ability to dismiss frivolous claims? A.3. Yes. Frivolous claims should on no account be acceptable. <GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT>