PREPARED STATEMENT OF
THE FEDERAL TRADE COMMISSION ON
IDENTITY THEFT

Before the
SUBCOMMITTEE ON TECHNOLOGY,
TERRORISM AND GOVERNMENT INFORMATION
of the
COMMITTEE ON THE JUDICIARY
UNITED STATES SENATE
Washington, D.C.

July 12, 2000

Mr. Chairman Kyl, and members of the Subcommittee, I am Jodie Bernstein, Director of the Bureau of Consumer Protection, Federal Trade Commission ("FTC" or "Commission").⁽¹⁾ I appreciate the opportunity to present the Commission's views on the important issue of identity theft, and to describe to you the impressive strides we have made in implementing the Identity Theft and Assumption Deterrence Act.⁽²⁾

The fear of identity theft has gripped the public as few consumer issues have. Consumers fear the potential financial loss from someone's criminal use of their identity to obtain loans or open utility accounts. They also fear the long lasting impact on their lives that results from the denial of a mortgage, employment, credit or an apartment lease when credit reports are littered with the fraudulently incurred debts of an identity thief.⁽³⁾

The Identity Theft and Assumption Deterrence Act ("the Identity Theft Act") has raised the public's appreciation for the hardship suffered by identity theft victims. The Identity Theft Act's focus on the individual as the victim - rather than just the financial institutions that often absorb the bulk of the financial loss - has brought focus to business practices that may place consumers at higher risk of having their identities stolen. It has heightened consumers' awareness of the ways they can change their everyday practices to minimize the risk that they will be victimized. The Federal Trade Commission has worked to strengthen these measures through our responsibilities under the Act. In particular, we have expanded our consumer education campaign, encouraged increased use of our toll-free help line, made our Identity Theft Clearinghouse available to law enforcement through a secure website, continued to forge partnerships with other law enforcement offices, and reached out to private industry to help identify ways to establish identity theft prevention best practices. By letter dated June 1, 2000, we also conveyed our support for S. 2328, a bill introduced by Senator Feinstein, Chairman Kyl and Senator Grassley, that seeks to protect consumers by providing them with access to credit-related information that may reveal indicia of identity theft. The bill would also restrict the release of information through the sale of "credit header" information, and entitle consumers to free annual credit reports.

The Commission's participation in the March Summit on Identity Theft, hosted by the Department of Treasury, marked the beginning of a new dialogue among government, private sector and consumer groups on these critical issues. We continue to look for ways to expand on these efforts.

I. Meeting the Goals of the Identity Theft Act

In earlier testimony before this Committee, the Commission described the ways in which we have carried out our responsibilities under the 1998 Identity Theft Act.⁽⁴⁾ Since that time, we have built on these achievements.

1. Centralized Complaint Handling - 877 ID THEFT

The Commission established its toll-free telephone number, 1-877-ID THEFT (438-4338) to help consumers avoid or resolve identity theft problems. The Identity Theft Hotline phone counselors also enter information from the consumer complaints into the centralized Identity Theft Data Clearinghouse. In operation since November 1, 1999, the Identity Theft Hotline now receives between 800 and 850 calls per week.⁽⁵⁾ About two thirds of the calls are from victims, the remaining calls coming from consumers who are looking for information on ways to minimize their risk of identity fraud.

The telephone counselors provide victims of identity theft with specific information about how to try to prevent additional harm to their finances and credit histories. The phone counselors advise callers to contact each of the three consumer reporting agencies to obtain copies of their credit reports and request that a fraud alert be placed on their credit report.⁽⁶⁾ Fraud alerts request that the consumer be contacted when new credit is applied for in that consumer's name. We advise consumers to request copies of their credit reports, and explain how to review the information on the reports carefully to detect any additional evidence of identity theft. Because the credit reports of identity theft victims often reflect the fraudulent accounts opened or other misinformation, the counselors inform callers of their rights under the Fair Credit Reporting Act and provide them with the procedures for correcting their credit report.⁽⁷⁾ The counselors advise consumers to contact each of the creditors or service providers where the identity thief has established or accessed an account, and to follow up in writing by certified mail, return receipt requested. Where the identity theft involves "open end" credit accounts,⁽⁸⁾ consumers are advised on how to take advantage of their rights under the Fair Credit Billing Act, which, among other things, limits their responsibility for unauthorized charges to fifty dollars in most instances. Consumers who have been contacted by a debt collector trying to collect on debts incurred by the identity thief are advised of their rights under the Fair Debt Collection Practices Act, which limits debt collectors' practices in their collection of debts.

In addition, the FTC phone counselors advise consumers to notify their local police departments, both because local law enforcement may be in the best position to catch and bring the perpetrator to justice, and because a police report is among the best means of demonstrating to would-be creditors and debt collectors that they are genuine victims of identity theft. More than half the states have enacted their own identity theft laws, and our counselors, in appropriate circumstances, will refer consumers to other state and local authorities for potential criminal investigation or prosecution.

2. Outreach and Consumer Education

The FTC also reaches consumers through the Internet. The FTC's identity theft website-- www.consumer.gov/idtheft -- gives tips on how consumers can guard against identity theft, warns consumers about the latest identity theft schemes and trends, and provides access to consumer education materials on identity theft. This website has received more than 108,000 hits since November, 1999. The site also links to a secure complaint form on which identity theft victims can enter the details of their complaints online, allowing consumers to contact the Commission at all times. After review by FTC staff, these complaints are entered into the Clearinghouse. To date we have received more than 1500 complaints through this electronic form.

The Federal Trade Commission continues to distribute the comprehensive consumer guide: ID Theft: When Bad Things Happen to Your Good Name. Developed in consultation with more than a dozen federal agencies,⁽⁹⁾ this booklet provides consumers with practical tips on how best to protect their personal information from identity thieves, summarizes the various federal statutes that protect consumer victims of identity theft, and details the victim assistance mechanisms available. The Federal Trade Commission has distributed more than 83,000 copies of the booklet, and is in the process of revising the booklet for a second, and larger printing. The Social Security Administration has also printed and distributed 115,000 copies of When Bad Things Happen.⁽¹⁰⁾

3. Identity Theft Clearinghouse - Launched Online

The Identity Theft Act authorized the Commission to establish a central repository of consumer complaints about identity theft, and refer appropriate cases to law enforcement for prosecution. The Identity Theft Complaint Database, which was activated in November 1999, provides specific investigative material for law enforcement and larger, trend-based information providing insight to both private and public sector partners on ways to reduce the incidence of identity theft. Currently, the Clearinghouse contains the data from consumers who contact the FTC through the toll free number or website. We are pursuing ways to collect complaint data from other agencies and private sector entities to allow Clearinghouse users from law enforcement agencies to see as much complaint data on identity theft as possible.⁽¹¹⁾

With a database as rich as we envision the Clearinghouse becoming, we can and do refer cases for potential prosecution. To maximize use of the data, we now provide law enforcement partners with direct access to the Clearinghouse through Consumer Sentinel, our secure website for sharing complaints and other information with consumer protection law enforcers. Starting this month, law enforcement and appropriate regulatory offices can access the Clearinghouse through their desktop personal computers. This access enables them to readily and easily spot identity theft problems in their own backyards, and to coordinate with other law enforcement officers where the database reveals common schemes or perpetrators. The FTC will continue to comb through the data to spot cases for referral, but has also enabled others to use the data to ferret out the bad actors for prosecution.

The Identity Theft Act also authorized the Commission to share complaint data with "appropriate entities,"⁽¹²⁾ including specifically the three major consumer reporting agencies and others in the financial services industry.⁽¹³⁾ The Commission does not envision providing access to the complete database for these private sector entities. Unfettered access could interfere with law enforcement efforts. FTC data analysts can, however, identify patterns that reveal a business or business practice that exposes consumers to a high risk of identity theft. We will forward appropriate information about these complaints to the entities involved so they can evaluate and revise those practices.⁽¹⁴⁾ Similarly, we plan to share limited complaint data with a business if data reveal that that business fails to respond to legitimate consumer complaints about identity theft or frustrates their efforts to correct misinformation on their credit reports.

II. What the Clearinghouse Tells Us About Identity Theft

The Identity Theft Act recognized the importance of creating a single repository for identity theft complaints. Accordingly, the Commission established the Identity Theft Clearinghouse to collect and consolidate these complaints. We are already seeing the fruits of this effort. Our basic complaint data show that the most common forms of identity theft reported during the first seven months of operation were:

• Credit Card Fraud - Approximately 54% of consumers reported credit card fraud -- i.e., a credit card account opened in their name or a "takeover" of their existing credit card account;

• Communications Services - Approximately 26% reported that the identity thief opened up telephone, cellular, or other utility service in their name;

• Bank Fraud - Approximately 16% reported that a checking or savings account had been opened in their name, and/or that fraudulent checks had been written; and

• Fraudulent Loans - Approximately 11% reported that the identity thief obtained a loan, such as a car loan, in their name.

Not surprisingly, the states with the largest populations account for the largest numbers of complainants and suspects. California, New York, Florida, Texas, and Illinois, in descending order, represent the states with the highest number of complainants.⁽¹⁵⁾ About 55% of victims calling the identity theft hotline report their age. Of these, 40% fall between the 30 and 44 years of age. Approximately 26% are between age 45 and 64, and another 25% are between age 19 and 29. About 7% of those reporting their ages are 65 and over; and slightly over 2% are age 18 and under.

The data also reveal information about the perpetrators. Almost 60% of the caller-complainants provided some identifying information about the identity thief, such as a name, address, or phone number. More than one quarter of those victims reported that they personally knew the suspect. We also are assessing the data on the monetary impact of this theft. Some complainants provided estimates of the dollar amounts obtained by the thief, because they have received the resulting bills or been notified of the resulting bad debts. The range of dollar amounts reported varies widely, with approximately 34% of complainants reporting theft of under $1,000; approximately 35% of complainants reporting theft totaling between $1,000 and $5,000, approximately 13% of complainants reporting theft totaling between $5,000 and $10,000, and approximately 18% of complainants reporting theft of over $10,000.

Consumers also report the harm to their reputation or daily life. The most common non-monetary harm reported by consumers is damage to their credit report through derogatory, inaccurate information. The negative credit information leads to the other problems most commonly reported by victims, including loan denials, bounced checks, and rejection of credit cards. Identity theft victims also report repeated contacts by debt collectors for the bad debt incurred by the identity thief. Many consumers report that they have to spend significant amounts of time resolving the problems caused by identity theft.

The Clearinghouse data also reveal that consumers are often dissatisfied with the consumer reporting agencies. The leading complaints by identity theft victims against the consumer reporting agencies are that they provide inadequate assistance over the phone, or that they will not reinvestigate or correct an inaccurate entry in the consumer's credit report. In one fairly typical case, a consumer reported that two years after initially notifying the consumer reporting agencies of the identity theft, following up with them numerous times by phone, and sending several copies of documents that they requested, the suspect's address and other inaccurate information continues to appear on her credit report. In another case, although the consumer has sent documents requested by the consumer reporting agency three separate times, the consumer reporting agency involved still claims that it has not received the information.

Consumers also report problems with the institutions that provided the credit, goods, or services to the identity thief in the consumer's name. These institutions often attempt to collect the bad debt from the victim, or report the bad debt to a consumer reporting agency, even after the consumer believes that he or she has established the illegal fraud. Consumers further complain that these institutions' inadequate or lax security procedures failed to prevent the identity theft in the first place; customer service or fraud departments were not responsive; or the companies refused to close or correct the unauthorized accounts after notification by the consumer.

Callers to the hotline are not limited to identity theft victims. Indeed, approximately 36% of the callers simply requested information on identity theft. Many felt they were vulnerable to identity theft because, for example, their wallets had recently been lost or stolen (23%); someone had attempted to open an account in their name (19%); or they had given out their personal information to someone they did not know (7%).⁽¹⁶⁾

III. Next Steps

The Commission has made great strides in assisting consumers and law enforcement to combat identity theft, but recognizes that much remains to be done. As mentioned earlier, the Identity Theft Act authorizes the Commission to refer consumer identity theft complaints and information to the three major national consumer reporting agencies and other appropriate entities. The Commission envisions a streamlined process that would decrease the amount of time spent by consumer victims correcting credit report errors. Paramount among these efforts would be the ability of a consumer to make a single call to report him or herself as a victim of identity theft to the FTC or one of the three major national consumer reporting agencies, and to have a fraud alert posted on the credit reports from each of the reporting agencies. Currently, a victim of identity theft must notify each of the three national consumer reporting agencies separately, and then typically make additional calls to the FTC and to all creditors. The Commission looks forward to working with the three major national consumer reporting agencies to develop a complementary process to allow identity theft victims to share the details of their complaints simultaneously with the FTC and the national consumer reporting agencies.

Further, the Commission will soon begin sharing certain limited information from its Identity Theft Clearinghouse with businesses whose practices are frequently associated with identity theft complaints. Our goal is to encourage and enable industry and individual companies to develop better fraud prevention practices and consumer assistance techniques. To that end, the Commission, in conjunction with the Department of Treasury and the other federal agencies who participated in the Identity Theft Summit, will convene a workshop for law enforcement and industry on Identity Theft victim assistance and prevention in the fall of 2000.

IV. Conclusion

The Identity Theft Clearinghouse, our toll free number, and the consumer education campaign have helped us begin to address the serious problems associated with identity theft. Heightened awareness by consumers and businesses will also help reduce the occurrences of this fraud. We look forward to continued collaboration and cooperation in these efforts. The FTC also looks forward to working with the Subcommittee to find ways to prevent this crime and to assist its victims.

1. The views expressed in this statement represent the views of the Commission. My oral presentation and response to questions are my own, and do not necessarily represent the views of the Commission or any Commissioner.

2. Pub. L. No. 105-318, 112 Stat. 3007 (1998) (codified at 18 U.S.C. § 1028).

3. Data from the Identity Theft Clearinghouse, our central repository of identity theft complaints, bear out these fears. See discussion at pp. 7-10.

4. The Commission testified before this subcommittee on March 7, 2000. We also testified before this subcommittee in May 1998 in support of the Act. Following the passage of the Act, the Commission testified again, in April 1999, before the House Subcommittee on Telecommunications, Trade and Consumer Protection and the Subcommittee on Finance and Hazardous Materials of the Commerce Committee. That testimony focused on identity theft in the financial services industry.

5. That figure has doubled since March, when we reported 400 calls a week. To date, the hotline has received more than 20,000 calls.

6. The three consumer reporting agencies are Equifax Credit Information Services, Inc., Experian Information Solutions, Inc. and Trans Union, LLC.

7. In addition to fraudulently acquiring accounts or loans, the identity thieves also may register a change of address in the victim's name, routing bills and other correspondence to a different address. In that way, it may take months for the victim to realize that his/her identity has been hijacked.

8. The Fair Credit Billing Act generally applies to "open end" credit accounts, such as credit cards, revolving charge accounts, and overdraft checking accounts. It does not cover installment contracts such as loans or extensions of credit that are repaid on a fixed schedule.

9. These include: Department of Justice; Federal Bureau of Investigation; Federal Communications Commission; Federal Deposit Insurance Corporation; Federal Reserve Board; Internal Revenue Service; National Credit Union Administration; Office of the Comptroller of the Currency; Office of Thrift Supervision; Social Security Administration; United States Postal Inspection Service; United States Secret Service; United States Securities and Exchange Commission; and United States Trustee.

10. The FTC has provided the booklet on zip disk to other agencies who are interested in printing additional copies.

11. Our Consumer Sentinel database, which houses consumer fraud complaints, receives complaint data from Better Business Bureaus, consumer outreach organizations and others. We are looking to replicate this approach with identity theft complaints.

12. The Identity Theft Assumption and Deterrence Act provides, in pertinent part, "the Federal Trade Commission shall establish procedures to . . . refer [identity theft] complaints . . . to appropriate entities, which may include referral to . . . the 3 major national consumer reporting agencies." 18 U.S.C. Sec. 1028 (note).

13. The unique role of the consumer reporting agencies in resolving the problems of identity theft victims is discussed below.

14. S. 2328, introduced by Senator Feinstein, Chairman Kyl and Senator Grassley of this Subcommittee, identifies a set of best practices that would minimize consumers' exposure to identity theft. For example, S. 2328 would require that creditors notify consumers if they receive a change of address notification.

15. Texas and Illinois had an equal number of complaints.

16. Our data analysis covers the period from November 1, 1999 through May 31, 2000.