This web site was copied prior to January 20, 2005. It is now a Federal record managed by the National Archives and Records Administration. External links, forms, and search boxes may not function within this collection. Learn more.   [hide]
SPEAKERS       CONTENTS       INSERTS    
 Page 1       TOP OF DOC


H.R. 4311—THE IDENTITY THEFT PREVENTION ACT OF 2000

WEDNESDAY, SEPTEMBER 13, 2000
U.S. House of Representatives,
Committee on Banking and Financial Services,
Washington, DC.

    The committee met at 10:12 a.m., in room 2129, Rayburn House Office Building, Hon. James A. Leach, [chairman of the committee], presiding.

    Present: Chairman Leach; Representatives Castle, Kelly, LaTourette, Biggert, LaFalce, C. Maloney of New York, Bentsen, Hooley, Sherman, Inslee, Schakowsky, Moore, and Capuano.

    Chairman LEACH. The hearing will come to order.

    The Committee meets this morning to examine the threat to financial services consumers from persons using illegal means to obtain private bank account balances and other financial information of persons and to consider the merits of a particular legislative proposal to combat identity theft put forward by two respected Members of this Committee.

    At the dawn of the 21st century, Americans' financial privacy, indeed, their very financial identities, are at risk as never before.
 Page 2       PREV PAGE       TOP OF DOC

    Whether the threat involves cyber intrusions into large corporate databases by hackers seeking to download credit card numbers or other account information, or less technologically sophisticated techniques such as dumpster diving to retrieve credit card receipts or bank statements, the most confidential pieces of a consumer's financial profile appear to be easily available to a growing number of financial scam artists.

    The Federal Trade Commission, which will testify later this morning, reports that calls to its recently established identity theft hotline are now averaging over a thousand a month, one of several indications that the identity theft problem is fast reaching epidemic proportions.

    In such an environment, the importance of vigilance by financial services providers and their customers in deterring and detecting unauthorized access to confidential financial data cannot be overemphasized.

    Complicating the job of the FTC and other enforcement agencies is the increasingly international character of identity theft, underscored by several recent episodes of intrusions into U.S. corporate databases by hackers operating in Eastern Europe and elsewhere around the world.

    The Secret Service, which is also represented at today's hearing, testified before the Committee several years ago about the growing presence in this country of organized criminal groups, many with Russian or Nigerian origins, that have engaged in large-scale identity theft schemes targeted at United States citizens.
 Page 3       PREV PAGE       TOP OF DOC

    What steps are being taken to protect consumers from these crimes which wreak havoc on individual credit ratings and result in a profound sense of violation of those who are its victims? Is there a need for additional laws, or is it a matter of strong law enforcement of existing laws? These are among the questions the Committee has before it.

    This is the latest in a series of hearings the Committee has held on this issue of financial fraud and identity theft in this and prior Congresses. In 1998, the Committee was the first to focus congressional and public attention on the problem of ''pretext calling,'' a practice closely related to identity theft, that involves the use of false and deceptive methods to obtain personal financial information.

    We welcome back before the Committee today one of the witnesses at that earlier hearing, Robert Douglas, a private citizen in Alexandria, Virginia, who was instrumental in first making the Committee aware of the threat to financial privacy posed by practitioners of pretext calling.

    Prompted in large part by the information shared by Mr. Douglas and other witnesses at the Committee's 1998 hearing, I introduced legislation making it a Federal crime to obtain or attempt to obtain consumer information of a financial institution by false pretenses, such as by misrepresenting the identity of the person requesting the information or otherwise tricking an institution or its consumer into making unwitting disclosures of such information.

    These provisions were incorporated in last year's Gramm-Leach-Bliley financial modernization legislation and went into effect upon the signing of that law on November 12th, 1999.
 Page 4       PREV PAGE       TOP OF DOC

    In the ten months since, the Committee has received sporadic reports that since passage, Federal regulators have not paid adequate heed to the strictures of the legislation. To determine in an admittedly unscientific way whether it remains possible to find someone willing to break the law to obtain private financial information of an individual, an informal survey was conducted by Committee staff over the recently concluded August recess, assisted by Mr. Douglas.

    Staff identified and contacted businesses advertising their ability to locate bank accounts, determine bank account balances, and find other financial assets assumed by most consumers to be confidential. Subjects were selected at random based upon searches of the internet, telephone book yellow pages, and classified advertisements in legal trade journals.

    Posing as a potential customer, a member of the Committee staff, Ms. Alison Watson, placed a series of calls in which she purported to be someone whose live-in boyfriend had recently disappeared, cleaning out their joint bank account and absconding with other assets in the process. The staff member asked each firm whether it could assist her in locating her ex-boyfriend and any bank accounts in which he might have placed the funds removed from their joint account. Of 26 calls placed in an uninterrupted three-hour period, eleven were completed. Of the eleven companies reached, every one of them confirmed their ability and their willingness, for a fee, to obtain bank account and other financial information.

    Put another way, three hours of calling to randomly selected vendors yielded the names of eleven firms willing and in all cases eager to sell bank account information on a private citizen with few, if any, questions asked.
 Page 5       PREV PAGE       TOP OF DOC

    Although two of the eleven firms made vague references to privacy laws that they said would complicate their efforts to locate assets, none mentioned the existence of statutory prohibitions on the services they were offering to provide.

    Based upon this survey, it appears that the fraudulent practices first highlighted by the Committee in mid-1998 are continuing largely unabated.

    In short, bank account information and other aspects of consumers' financial profiles apparently remain freely available to anybody willing to pay for them. What we have are outfits unafraid to break the law, in fact, even continuing to advertise their lawbreaking talents. The victims are those individuals whose account information is obtained, but it is also our civil society that is based upon trust and respect for the privacy of one another.

    While no money may instantly be changing hands, and no one's life is immediately at risk from gun-toting thieves, these are cases of robbery of bank information and potentially of bank accounts.

    For many Americans, account information may be almost as valuable as their actual balance, and the impact of knowing that our private financial records are so readily available is frightening. Law enforcement agencies need to take these crimes more seriously.

    Mr. Douglas will expand on the survey later during his testimony.

    Our first witnesses this morning will be two distinguished Members of the Committee, Ms. Hooley and Mr. LaTourette, who are the primary sponsors of H.R. 4311, The Identity Theft Prevention Act of 2000.
 Page 6       PREV PAGE       TOP OF DOC

    This legislation, cosponsored by 37 other Members of the House, reflects a very thoughtful approach to the identity theft problem and deserves serious consideration by this Committee.

    We will hear later from several witnesses with differing perspectives on some of the bill's specific provisions. But I want at the outset to commend Ms. Hooley and Mr. LaTourette for their work in developing this very important piece of pro-consumer legislation.

    At this point, let me ask Mr. Sherman if he has any opening comments.

    Mr. SHERMAN. Thank you, Mr. Chairman. Thank you for holding these hearings on an important matter. Several constituents of mine have had problems with identity theft.

    We need not only strict criminal laws, we also need perhaps some national clearing agency so that a person can identify themselves as potentially a victim of identity theft and make it at least more difficult for those stealing their identity to in effect steal thousands and tens of thousands of dollars from the lenders that they are then approaching and trying to bilk, or make the withdrawals from bank accounts. I would like, without objection, to place in the record a report by the Federal Trade Commission issued just last month, August 22nd, titled ''Information on Identity Theft for Consumers in California from November 1999 through July 2000'', where the FTC indicates that just it—and, frankly, it is not the first agency that I would have thought of—has had over 2,700 contacts from California in a one-year period about identity theft. Sixty-two percent of those were complaining that their identity had been the subject of such theft.
 Page 7       PREV PAGE       TOP OF DOC

    I would also like to place in the record the suggestions of Sheriff Lee Bacca of Los Angeles County giving consumer tips as to how to avoid being victims of such identity theft. I have a good friend who I will simply identify——

    Chairman LEACH. If the gentleman will yield, without objection, both of those will be placed in the record.

    Mr. SHERMAN. Thank you, Mr. Chairman. I have a friend who I will identify only as ''Karen,'' who has been pushed through the wringer on this. And without objection, I would like permission to add to the record a statement that she might provide, Mr. Chairman, how many days is traditional to submit additional material for the record?

    Chairman LEACH. Usually several, but we will do our best.

    Mr. SHERMAN. OK. Whatever number of days we have.

    Chairman LEACH. And without objection, the statement of Ms. ''Karen'' will be placed in the record if it is presented in a timely basis.

    Mr. SHERMAN. Thank you. So I want to compliment those who will be making presentations to us who have taken the time to draft legislation in this area. This is not only lost money and lost sense of security for those who are victims of identity theft; it is a tremendous drain on their time and also a drain on our business and banking system which is bilked into making loans to people who are not who they say they are or allowing the withdrawal of funds from a bank by a person who is not the depositor.
 Page 8       PREV PAGE       TOP OF DOC

    Thank you, Mr. Chairman.

    Chairman LEACH. Thank you very much, Mr. Sherman.

    At this point, the Committee would welcome Ms. Hooley and Mr. LaTourette. And we thank you for the bill that you have presented to us and thank you for your long and thoughtful service to this Committee in general.

    Shall we begin with you, Ms. Hooley?

    Ms. HOOLEY. Mr. Chair, either one is fine.

    Chairman LEACH. Fine. Please.

STATEMENT OF HON. DARLENE HOOLEY, A REPRESENTATIVE IN CONGRESS FROM THE STATE OF OREGON

    Ms. HOOLEY. First of all, I would like to thank you for your willingness to hold this meeting, and I would like to thank you for all the work you have done in this area, both in trying to make and making it a criminal act, and for your pretext calling. Those are both really important pieces of this issue, and so thank you for doing that.

    Mr. LaTourette and I introduced this bill because identity theft occurs when someone uses your name, Social Security number, mother's maiden name, or any personal identifiable information to purchase goods or services.
 Page 9       PREV PAGE       TOP OF DOC

    While credit issuers have been willing to refund fraudulent charges, victims are still faced with problems of ruined or destroyed credit, the time commitment of redeeming their name with multiple credit bureaus and credit issuers, and the fear and anxiety associated with knowing that someone is using all of their personal information to charge any manner of goods. As a result of identity theft, victims have been turned down for jobs, turned down for mortgages, and other important extensions of credit.

    Identity theft is becoming a growing concern for millions of Americans. Now this is an equal opportunity crime, with victims of all ages, incomes, and races. Regardless, the effects can be devastating on the victim. Take, for example, Shon Boulden from Hillsboro, Oregon, who you will be hearing from today.

    Shon has dozens of accounts opened under his Social Security number. As a result, Shon has spent countless hours battling to clear up his good name. Now at the age of 23, Shon is unable to get the kind of credit a young person needs to start off in life, including credit card loans, business loans, or student loans.

    While the consequences can be dire for the young, this crime can be devastating to the elderly who are especially vulnerable. A few months ago I spoke to a constituent whose 96-year-old mother had her checks, credit card, and driver's license stolen. Now I was surprised she still had a driver's license at 96.

    With her driver's license and account numbers, the thieves were able to cash multiple checks in her name. She and her son, along with the bank, investigated this issue, and they did open up new accounts for her. But it did not end there.
 Page 10       PREV PAGE       TOP OF DOC

    Even though she canceled her credit card, the thieves were able to transfer $12,000 from her Visa card to a bank in Ann Arbor, Michigan. Now I should note that this woman has never been to Ann Arbor, nor has she ever had anything close to that kind of a balance on her card.

    This constituent was lucky enough to have a son to help her navigate through the maze of opening and closing accounts, dealing with banks and credit card companies and credit bureaus.

    But many elderly people do not have children nearby, they are in poor health, financially unstable. Therefore, these crimes do not just aggravate—they cause tremendous fear. People fear not only the criminals, but the harassing phone calls and threatening letters from collection agencies.

    In introducing the Identity Theft Protection Act, we are asking credit issuers and credit reporters to do their part in making sure that credit is extended to the right person. And in the case of fraud, we are asking for procedures to be put in place to assure that consumers can clear up their good names quickly.

    For instance, the legislation requires that anytime a creditor receives a change of address form, the creditor sends back a confirmation to both the old and new address. That way, if a thief attempts to change a victim's address, the victim will know about it. A very simple but important piece of prevention.

 Page 11       PREV PAGE       TOP OF DOC
    It asks credit bureaus to investigate discrepancies in the names and addresses they have on file with names and addresses provided by a credit issuer.

    H.R. 4311 codifies a practice of placing fraud alerts on consumer credit files and allows a consumer to require verification before credit is extended. This bill gives the FTC the authority to impose fines against credit issuers that ignore that fraud alert.

    This legislation also gives consumers more access to the personal information collected about them, which is a critical tool in combatting identity theft by requiring that every consumer that asks for it across the Nation have access to one free credit report annually.

    This bill restricts the sale of Social Security numbers by credit bureaus. Increasingly, the Social Security number is becoming a national identity and the key to identity theft.

    I want to reiterate that I fully understand that in most cases of identity theft, the victims recoup most of their financial losses, and I applaud the credit issuers for not further punishing victims.

    However, I believe that credit issuers and credit bureaus must recognize the problem this creates for consumers. The son of the 96-year-old victim told me that his mother's bank just did not seem to care. As they saw it, she did not lose money, so she should not be upset. Well, Mr. Chairman, I do not see it that way.

 Page 12       PREV PAGE       TOP OF DOC
    In closing, our bill has common sense reforms. It asks credit bureaus to honor fraud alerts, forces credit issuers to observe those alerts, gives customers a notice when their billing addresses are changed, and asks credit bureaus to at least look into discrepancies.

    In my mind, this is the least we can ask of those companies—who profit in extending credit and trading in our credit histories—to do to protect us. Thank you.

    Chairman LEACH. Well, thank you very much, Ms. Hooley.

    Mr. LaTourette.

STATEMENT OF HON. STEVEN C. LaTOURETTE, A REPRESENTATIVE IN CONGRESS FROM THE STATE OF OHIO

    Mr. LATOURETTE. Thank you very much, Mr. Chairman. I want to thank you for conducting this hearing and for your continued efforts in finding ways to protect the consumers in this country on this very important issue. I also want to congratulate my colleague, Darlene Hooley from Oregon. And this bill is affectionately known by the acronym the HOOLA bill in our two offices, and that was why it immediately became attractive to us.

    I thought I would, by way of illustration, share with the Committee a story as to how I became intimately involved with the issue of identity theft. Last year, a couple from my home town, Ray and Maureen Mitchell, came into my district office.

 Page 13       PREV PAGE       TOP OF DOC
    And I have a special affection for the Mitchells, because when I was first running in 1994, their son, who goes to Madison High School with my daughter Sarah, was the only boy who would show up to be in my television commercials, so the Mitchells have been long-time favorites of mine.

    They told me a numbing story of how they became involved in identity theft and how they had been involved now in ''identity theft hell.''

    There are a half-a-million people a year out there just like them—victims of crimes that largely go unreported and widely misunderstood.

    In many ways, being the victim of this crime can be far more devastating than being the victim of a typical crime. Once you are exposed to this crime, you never feel totally safe. As a matter of fact, now the Mitchells drive around with a signed affidavit in their car, fearing that when they make a purchase they will be confused for the bogus Mitchells, and this is not a way for innocent people to live.

    The Mitchells' daughter just graduated from high school this year, and like a lot of parents, they wanted to buy her a car. They purchased the car with cash, however, because they were afraid they could not get a loan as a result of their once perfect credit now being shattered.

    It started about a year ago. The Mitchells' bank noticed $2,100 worth of unusual charges on their credit card, and it has been downhill ever since. The thieves used the Mitchells' personal information to open new credit cards, buy cell phones, take out two huge personal loans, and purchase not one, but two $40,000 SUVs. One was a Ford Expedition. They are probably having some problems with their tires now.
 Page 14       PREV PAGE       TOP OF DOC

    [Laughter.]

    Mr. LATOURETTE. And the other one was a Lincoln Navigator.

    All told, Ray and Maureen have been victimized to the tune of $110,000. The Secret Service is involved, the Postal Inspector is involved, Illinois authorities are involved.

    But last November 19th, Mr. Chairman, three days after the fraud alerts were placed on their credit report, a man went into three different Chicago banks, and in a two-hour period applied for $45,000 worth of personal loans in Ray Mitchell's name. Each time the bogus Ray Mitchell presented a valid Illinois driver's license, an Illinois State identification card, and all of the real Ray Mitchell's personal information.

    The Mitchells never engaged in so-called risky behavior or behavior that is, quite frankly, typical for millions of American families. They did not put shopping receipts or preapproved credit card offers in the trash. They did not buy things online. They did not do catalogue shopping or pay for credit card purchases over the telephone. There was no stolen wallet or credit cards. Still, someone was able to re-create Ray Mitchell's identity with ease. Because the Mitchells had a history of always paying their bills on time and had a blemish-free credit report, they were a perfect target.

    The good news, Mr. Chairman, is that the guy that applied for the loans was arrested the same afternoon. Police arrested him as he tried to leave Bank One in Chicago, after securing a $15,000 loan. He had $5,000 in cash and $10,000 in bank checks payable to ''Raymond Mitchell''.
 Page 15       PREV PAGE       TOP OF DOC

    The bad news is that the judge freed him two days later on a personal recognizance bond, even though he has a criminal record dating back to 1977 and has used seventeen different aliases. Suffice to say that the guy was not shaking in his boots when he was arrested. He told the detective, ''I did not use a gun. I did not use a knife. Call my lawyer and I will plead guilty and they will put me on probation.''

    The Mitchells are angry, Mr. Chairman. They agree with the purposes of this bill. There were red flags that should have been noticed by someone, like the thirty inquiries in the Mitchell's credit card report in just sixty days or the numerous change-of-address requests.

    Almost every other day the bogus Ray Mitchell was applying for car loans and personal loans. The Mitchells had not had that much activity on their credit report in two decades. They averaged just 1.5 inquiries on their credit report per year.

    It is disheartening to me that this legislation is opposed by some folks. I understand that it may increase some costs and it may require more paperwork. But the Mitchells, and people that find themselves like the Mitchells, deserve the attention and the protection of this Congress. And I would just ask unanimous consent to include the rest of my statement in the record so you can move on with your hearing.

    Chairman LEACH. All right. Without objection.

    And let me thank both of you for your very thoughtful testimony, and more importantly, for realerting the Committee again to a very profound area of concern.
 Page 16       PREV PAGE       TOP OF DOC

    We just have one or two minutes before a vote. Does anyone seek to ask our witnesses any questions?

    [No response.]

    Chairman LEACH. If not, I would like to recess the hearing pending the votes on the floor. The hearing is in recess.

    [Recess.]

    Chairman LEACH. The hearing will reconvene.

    Our second panel is represented by Ms. Betsy Broder, who is the Assistant Director of the Division of Planning and Information of the Bureau of Consumer Protection of the Federal Trade Commission, and Mr. Bruce Townsend, who is Special Agent in Charge of the Financial Crimes Division of the United States Secret Service.

    We will begin with you, Ms. Broder, unless you have a differing agreement.

    Ms. BRODER. No, that is fine.

    Chairman LEACH. Ms. Broder.

    Ms. BRODER. Thank you, Mr. Chairman, and Members of the——
 Page 17       PREV PAGE       TOP OF DOC

    Chairman LEACH. And if I could ask you to withhold for a second.

    Ms. BRODER. Yes, sir.

    Chairman LEACH. If you would put the microphone up very close, I think it is an easier way you will find to speak and you do not strain as much. Thank you.

STATEMENT OF BETSY BRODER, ASSISTANT DIRECTOR, DIVISION OF PLANNING AND INFORMATION, BUREAU OF CONSUMER PROTECTION, FEDERAL TRADE COMMISSION

    Ms. BRODER. Thank you. As you said, my name is Betsy Broder, and I am the Assistant Director for Planning and Information at the Federal Trade Commission's Bureau of Consumer Protection.

    I am very pleased to have the opportunity this morning to present the Commission's testimony describing our efforts to help victims, alert industry, and equip law enforcement to deal with this pernicious crime of identity theft.

    I would like first to discuss the measures that the Commission has taken to meet the goals of the Identity Theft Assumption and Deterrence Act of 1998 and then describe what we see as the challenges for the future.

 Page 18       PREV PAGE       TOP OF DOC
    The FTC has launched a comprehensive response to ID fraud. Under the 1998 act, the agency was charged with establishing a central repository for identity theft complaints, to refer appropriate complaints to law enforcement and private sector entities, and to provide support for identity theft victims.

    This is how we have met these goals. We have established a toll-free hotline—1-877-ID THEFT—for consumers to call to report incidents of identity theft. Callers who call our toll-free line are connected to specially trained telephone counselors, one of whom actually was Mrs. Mitchell referred to earlier by Mr. LaTourette.

    These counselors provide information to assist the consumers who find themselves to be victims of identity theft. Our approach is to give consumers the information necessary to help them resolve problems typically associated with identity theft.

    While we receive many calls from victims, about 40 percent of our callers are people seeking information to try to prevent this type of crime. Some of these people find themselves especially vulnerable to identity theft, perhaps because they have had their wallet stolen and they want to find out what they can do to prevent identity theft from happening to them.

    With these callers, we provide practical tips on identity theft prevention, including ways to protect the type of personal financial information that is frequently exploited by identity crooks. We also refer these callers to our consumer education publication.

 Page 19       PREV PAGE       TOP OF DOC
    Our toll-free number has been up less than a year. We set it up in November of 1999, and so far we have answered almost 30,000 calls. Our call volume has tripled in the last six months, and we believe that this steep growth will continue.

    We now receive about 1,000 calls a week to our hotline. When we first set this up, we were receiving 100 calls a month. We are now up to 1,000 calls every week.

    Consumer education is a key component of our efforts. Our publication, which I show you here, ''ID Theft: When Bad Things Happen to Your Name'', has been a tremendous hit and an asset to consumers. We have distributed more than 100,000 copies of this publication. The Social Security Administration itself has printed and distributed over 140,000 copies, and about an equal number have been accessed through our identity theft website.

    The website links to State statutes, publications, and other information that assists consumers and law enforcement, and it has received about 160,000 visits.

    Finally, we are using the complaint information——

    Chairman LEACH. If the gentlelady will yield for a second. With regard to your publication, we are going to put that on our website as well, and I think it is a very appropriate one. And I want to congratulate you on putting it together.

    Ms. BRODER. Thank you, sir. In fact, it has been an enormously successful campaign, and we know that if we can give some of this information to consumers, they may not be able to prevent consumer ID theft, but they can limit their exposure.
 Page 20       PREV PAGE       TOP OF DOC

    I talked earlier about our hotline. What do we do with the people who call in? Well, we provide assistance, but we also get information from them. We use the complaint information provided by these victims to help law enforcement efforts. We enter consumer's complaints into our ID Theft Data Clearinghouse.

    This Clearinghouse is part of our larger consumer fraud network called Consumer Sentinel, which is used currently by more than 260 law enforcement agencies around this country and Canada.

    Using a password and special security software, law enforcers use their desktop PC to access Sentinel and through it the identity theft clearinghouse. They search for identity theft perpetrators and victims in their backyard, and they are able to uncover trends through this collection of data that would not be apparent by looking at individual complaints.

    We are also developing ways, in accordance with the Act, to provide limited and appropriate access to financial institutions and the three national consumer reporting agencies to allow them to track complaints and trends related to themselves.

    I would just add that we receive complaint data from consumers themselves, but we are also receiving data from other agencies and entities to add to our database. Just today, we will be receiving complaint data from the Social Security Administration representing the last two weeks of complaints that they have to include in our database, to make it as rich a repository of data as possible to assist in law enforcement in this area.

 Page 21       PREV PAGE       TOP OF DOC
    Our database has given us some very interesting statistics about identity theft and financial institutions. About 55 percent of the victims who contact our hotline report that an ID thief either opened or took over a credit card account. Eighteen percent report that a bank or a checking account had been opened in their name and/or that checks had been fraudulently written in their name, and 11 percent report that loans were obtained in their name.

    Of course, you realize that each of these violations may have occurred to the same person. They may have had a bank account opened in their name, and a credit card takeover. People suffer numerous types of harm.

    Our Clearinghouse also collects complaints about the ways in which banks and other financial institutions handle ID theft. That is, have their business practices unnecessarily exposed people to this crime, or have they been responsive to their customers' needs as victims of ID theft? Again, as we build out our system, we will make this information directly available to those institutions through limited access to the Clearinghouse.

    Private sector and legislative proposals have also emerged to help protect against identity theft. H.R. 4311, from this Committee, is one such response.

    The Senate version of this, S.R. 2328, contains many of the same provisions, and the Commission has come out strongly supporting these proposals. Giving consumers access to information when there are changes of address; providing them with free credit reports every year from each of the major credit reporting agencies. All of these measures give consumers access to information about themselves that could reveal vulnerability to, or actual victimization of, identity theft.
 Page 22       PREV PAGE       TOP OF DOC

    We think these are very positive and helpful measures, and we support them.

    Finally, we are working closely with many private sector groups to uncover ways to help improve prevention and victim assistance.

    In late October we will be hosting a workshop on victim assistance and identity theft. We have invited all interested parties—the consumer reporting agencies, consumer groups, Government agencies, financial institutions—to help us set up the agenda.

    We hope to able to use this forum as an opportunity to start developing a standardized complaint affidavit, something that is also referred to in H.R. 4311, so that consumers will only have to fill out one form when they have been a victim of identity theft, and this form will be accepted by all financial institutions.

    We will also be pursuing, with our sleeves rolled up, other practical ways to assist consumers who have been victims of identity theft.

    Thank you, Mr. Chairman and Members of the Committee, and I would be happy to answer any questions you may have.

    Chairman LEACH. Thank you very much, Ms. Broder.

    Mr. Townsend.
 Page 23       PREV PAGE       TOP OF DOC

STATEMENT OF BRUCE A. TOWNSEND, SPECIAL AGENT IN CHARGE—FINANCIAL CRIMES DIVISION, U.S. SECRET SERVICE

    Mr. TOWNSEND. Good morning. Mr. Chairman, Members of the Committee, thank you for the opportunity to address the Committee on the subject of identity theft and the Secret Service's efforts to combat this problem.

    I have prepared a comprehensive statement which will be submitted for the record. And with the Committee's permission, I will summarize it at this time.

    Chairman LEACH. Without objection, your statement will be fully in the record if it has not been fully presented.

    Mr. TOWNSEND. In addition to providing the highest level of physical protection to our Nation's leaders, the Secret Service exercises broad investigative jurisdiction over a wide variety of financial crimes.

    As the original guardian of our Nation's financial payment systems, the Secret Service has a long history of pursuing those who would victimize our financial institutions and our law abiding citizens.

    In recent years, the combination of the information technology revolution and the effects of globalization have caused the investigative mission of the Secret Service to evolve in a manner which cannot be overstated.
 Page 24       PREV PAGE       TOP OF DOC

    Today we are faced with a new challenge. That of identity theft. We in the Secret Service view identity theft as a disturbing combination of old schemes and abuse of the emerging technologies. However, it should be clear. This crime is about more than the theft of money or property. This crime is about the theft of things that cannot be so easily replaced. A person's good name, a reputation in the community, years of hard work and commitment to goals.

    Make no mistake about it, this crime is a particularly invasive crime that can leave victims picking up the pieces of their lives for months or years afterward.

    Mr. Chairman, we in the Secret Service applaud your efforts in convening this hearing today. We stand ready to work with you and all the Members of the Committee in attacking the crime of identity theft.

    It is our belief that hearings such as this will be the catalyst to bring together the resources of both the State and Federal Governments in a unified response to the identity theft problem.

    As we enter the next century, the strength of the financial industry has never been greater. A strong economy, burgeoning use of the internet and advanced technology, coupled with increased spending has led to fierce competition within financial sector.

    Although this provides benefits to the consumer through readily available credit and consumer-oriented financial services, it also creates a rich environment for today's sophisticated criminals, many of whom are organized and operate across international borders.
 Page 25       PREV PAGE       TOP OF DOC

    In addition, information collection has become a common byproduct of the newly emerging e-commerce. Internet purchases, credit card sales and other forms of electronic transactions are being captured, stored, and analyzed by entrepreneurs intent on increasing their market share. This has led to an entirely new business sector being created, which promotes the buying and selling of personal information.

    With the advent of the internet, companies have been created for the sole purpose of data mining, data warehousing, and brokering of this information. These companies collect a wealth of information about consumers, including information as confidential as their medical histories.

    Data collection companies, like all business, are profit motivated, and as such, may be more concerned with generating potential customers rather than the misuse of information by unscrupulous individuals.

    This readily available personal information, in conjunction with customer-friendly marketing environment, has presented ample opportunities for criminals intent on exploiting the situation for economic gain.

    The Secret Service has investigated cases where criminals have used other people's identities to purchase everything from computers to houses. Financial institutions must continually practice due diligence lest they fall victim to the criminal who attempts to attain a loan or cash a counterfeit check using someone else's identity.

 Page 26       PREV PAGE       TOP OF DOC
    As financial institutions and merchants become more cautious in their approach to hand-to-hand transactions, the criminals are looking for other venues to compromise. Today, criminals need look no further than the internet.

    For example, an internet fraud investigation conducted by the Secret Service, the Department of Defense, the Postal Inspection Service, and the Social Security Administration Office of the Inspector General, highlighted the ease with which criminals can obtain personal information through public sources.

    These defendants accessed a website that published the promotion list of high-ranking military officers. This site further documented personal information on these officers that was used to fraudulently obtain credit, merchandise, and services.

    In this particular case, the financial institution, in an effort to operate in a customer-friendly manner, issued credit over the internet in less than a minute. Approval for credit was granted after conducting a credit check for the applicant, who provided a true name and matching true Social Security number. All other information provided, such as the date of birth, the address and telephone number that could have been used for further verification, was fraudulent.

    The failure of this bank to conduct a more comprehensive verification process resulted in substantial losses; and more importantly, a long list of high-ranking military officers who became the victim of identity fraud.

    The internet provides the anonymity that criminals desire. In the past, fraud schemes required false identification documents and necessitated a face-to-face exchange of information in identity verification. Now with just a laptop and modem, criminals are capable of perpetrating a variety of financial crimes without identity documents through the use of stolen personal information.
 Page 27       PREV PAGE       TOP OF DOC

    The Secret Service has investigated several cases where cyber criminals have hacked into internet merchant sites and stolen the personal information and credit card account numbers of their customers. These account numbers are then used with supporting personal information to order merchandise, which is then transshipped throughout the world. Most account holders are not aware that their credit card account has been compromised until they receive their billing statement.

     The Secret Service continues to attack identity theft by aggressively pursuing our core violations. It is by the successful investigation of criminals involved in financial and computer fraud that we have been able to identify and suppress cases of identity theft.

    The Secret Service's investigative program focuses on three areas of criminal schemes within our core expertise.

    First, the Secret Service emphasizes the investigation of counterfeit instruments. By ''counterfeit instruments'', I refer to counterfeit currency, counterfeit checks, both commercial and Government, counterfeit credit cards, counterfeit stocks or bonds, and virtually any negotiable instrument that can be counterfeited.

    Many of these schemes would not be possible without the compromise of innocent victims' financial identities.

    Second, the Secret Service targets organized criminal groups which are engaged in financial crimes on both a national and international scale. Again, we see many of these groups, most notably the West African and Asian organized criminal groups, prolific in their use of stolen financial and personal information to further their financial crime activity.
 Page 28       PREV PAGE       TOP OF DOC

    Finally, we focus our resources on community impact cases. The Secret Service works in concert with the State, county, and local police departments to ensure our resources are being targeted to those criminal areas that are of a high concern to the local citizenry.

    Further, we work very closely with both Federal and local prosecutors to ensure that our investigations are relevant, topical, and prosecutable under existing guidelines. No area today is more relevant or topical than that of identity theft.

    The Secret Service acknowledges that identity theft is a very real problem and pledges its support in the Federal Government's efforts to eliminate it.

    Mr. Chairman, this concludes my prepared statement. I would happy to answer any question that you or other Members of the Committee have. Thank you.

    Chairman LEACH. Well, thank you very much. And I thank both witnesses.

    We have a very, very large problem. One element—and I stress it is only one element of the problem—is a professional class of facilitators who are lawbreakers. And I remain absolutely astonished that after passage of a law that says that identity theft is by national statute illegal, subject to fine and imprisonment, that it is as wantonly advertised.

    I have never known any area of criminal behavior in which one advertises that they are going to do a criminal misdeed, and bizarrely, advertised in legal publications, that is, advertised to officers of the court, that a company is prepared to do illegal acts for a fee.
 Page 29       PREV PAGE       TOP OF DOC

    And I would like to introduce or reintroduce, because the FTC once did a sting, the word ''sting'' to law enforcement in this area. It is inconceivable to me that anybody should be advertising to do these things. And when our Committee hit eleven of eleven through public advertisements of people willing to steal someone's identity or get information based upon false identity presentations, there is something that is not being met in an active way, and I turn to the FTC.

    Have you brought any enforcement actions against any of these companies?

    Ms. BRODER. Mr. Chairman, pretexting is not new to the Federal Trade Commission. We have, in fact, brought a case against a pretexter.

    Chairman LEACH. This was the one in Colorado?

    Ms. BRODER. Yes, the Touchtone case. And this was prior to the passage of Gramm-Leach-Bliley.

    Chairman LEACH. Sure.

    Ms. BRODER. And in that case, the information broker, a company called Touchtone, posed as the consumer, asked the bank for that consumer's private financial information, and then they sold that information to a third party; of course, without the knowledge or consent of the account holder.

 Page 30       PREV PAGE       TOP OF DOC
    We have obtained a judgment against Touchtone and its principals which prohibits them from pretexting except for those exceptions allowed by Gramm-Leach-Bliley, and we have extracted a $200,000 suspended judgment.

    Since the passage of the Gramm-Leach-Bliley Identity Theft Act, we have taken further steps, further tools to track down and further prevent the pretexting.

    But, we too are aware, Mr. Chairman, that notwithstanding the passage of Gramm-Leach-Bliley, pretexting persists. And while today I am not able to discuss ongoing investigations, we are mindful of this problem, and we will use our Gramm-Leach-Bliley enforcement authority under H.R. 521 to target appropriate cases in keeping with our resources as an agency.

    Chairman LEACH. Well, I would first of all suggest that the FTC listen very carefully to one of our following witnesses and what he has to say. And I would also ask the FTC to be in contact after this hearing with my Committee staff about what they did, how they did it, and the simplicity of receiving affirmations that people were willing to do illegal activities.

    Ms. BRODER. We will certainly follow up, Mr. Chairman.

    Chairman LEACH. And, I mean, it is inconceivable to me that you cannot simply look at advertisements and reach some conclusions on actions that can follow.

    In addition, it has struck me that there has been an inadequate education effort to the legal community. I mean, if people advertise in legal publications, that is an invitation for a lawyer to use services. And I think it should be clear that a lawyer could be accountable under the law if he or she knowingly uses a service that itself uses illegal methodologies.
 Page 31       PREV PAGE       TOP OF DOC

    And I do not know what outreach you have to the various Bars of the country, but I would certainly think that strong advisements would be in order.

    With regard to the Secret Service, Mr. Townsend, I am very impressed with one of your premises that the Secret Service is the guardian of our financial payment system, which I think is a very profound obligation.

    And my own view is that of all the criminal activity that is rising in the world today, it relates to this. And I am not convinced that you have all the adequate resources you need, and I am wondering if you would like to opine on this.

    And as I look at the year-end budgeting circumstance in Congress, I have directed my staff to look at this issue, because I think that the assumption of the Secret Service's jurisdiction of one nature in the popular mind does not relate to some of the activities and areas of concern in other areas.

    And I am wondering if you would be willing to indicate whether you think the Secret Service needs more resources with regard to payment system issues.

    Mr. TOWNSEND. With regard to payment system issues and more broadly, our evolving investigative jurisdiction, clearly, resources are stretched thin.

    I mentioned earlier that the lay of the land with regard to identity theft and the broader issue of financial crimes has really changed in the last five years with this concept we refer to as globalization.
 Page 32       PREV PAGE       TOP OF DOC

    We have had to go global to stay up with the criminals. Today, the Secret Service has special agents deployed on a permanent basis to eighteen United States embassies around the world.

    In years past when we worried about our identities being compromised, we had to worry about perhaps our mail being stolen out of our mailbox or our wallet being stolen. Today, with computer technology, information technology generally, a hacker in a country can literally steal from our technological boxes around the world. And in order to be responsive, we in the Secret Service have deployed our personnel in a global fashion.

    This, of course, does stretch existing resources.

    Chairman LEACH. Can you give us some order of magnitude of the Secret Service today? How many people in it?

    Mr. TOWNSEND. The Secret Service today is at about 2,800 Special Agents, and we are an agency that is changing.

    Over the last two years, the Congress, with the support of many of you on this Committee, have supported additional Special Agent positions, which we, as I mentioned, we have deployed around the world.

    Additionally, we are deploying them to our major field offices domestically in order that we can be more effective to attack issues like this.
 Page 33       PREV PAGE       TOP OF DOC

    Chairman LEACH. Well, thank you very much.

    Mr. TOWNSEND. Yes, sir.

    Chairman LEACH. Mr. LaFalce.

    Mr. LAFALCE. Thank you very much, Mr. Chairman.

    Mr. Chairman, by your comments, I appreciate the gravity with which you take this issue, and I think that gravity is extremely warranted. I share it, as do many other Members on both sides of the aisle—Ms. Hooley, Mr. LaTourette, many others. And I know it is very, very late in the session and it would be very difficult to pass legislation, but I would hope that we could mark this legislation up at least and attempt to get it to the House floor, and then who knows what would happen during the Omnibus bill. Because this is an extremely serious problem, as has been testified, of epidemic proportions.

    Ms. Broder, you indicated that FTC supports the preventive measures proposed in H.R. 4311, correct?

    Ms. BRODER. Correct, sir.

    Mr. LAFALCE. OK, fine. Now I think we are going to hear from trade associations that the measures are unnecessary and the problems you have identified can be addressed through voluntary self-regulatory measures. How would you respond to those arguments?
 Page 34       PREV PAGE       TOP OF DOC

    Ms. BRODER. We believe that the measures in H.R. 4311 and its companion bill, S.R. 2328 in the Senate, are necessary because we have not seen a great response on the self-regulatory front, quite frankly.

    And while initiatives have been announced, we have not seen any changes implemented, for example, among the consumer reporting agencies.

    Now we know that fraud alerts are placed on a consumer's credit file when they call into their credit reporting agency, but we also know that in many cases those fraud alerts are neither clear nor conspicuous. One of the provisions in H.R. 4311 is to make certain that those fraud alerts do what they are supposed to do.

    So there are many measures within this bill that we think are very practical and would in fact assist consumers and have not been undertaken by private industry itself.

    Mr. LAFALCE. Both Mr. Townsend and Ms. Broder, if you were on this Committee or a Member of Congress and could initiate and pass legislation to deal with the problem of identity theft, what do you think might be either necessary or desirable legislatively? We will start with you, Mr. Townsend.

    Mr. TOWNSEND. Sir, clearly the data that we are getting and the trends that we are seeing indicate that the criminal suspects we need to be most concerned about are operating online. They are operating in the cyber world. And I would submit, respectfully, to the Committee that legislation that would be drafted address specifically the cyber issues.
 Page 35       PREV PAGE       TOP OF DOC

    Frequently, as we have seen in the last two or three years, the amendment of 18 U.S.C. 1028 to move away from a certain number of false identification documents to address the fact that information can be downloaded now from the internet.

    So I would submit respectfully that legislation address crimes that are committed via the use of the internet and computers.

    Mr. LAFALCE. All right.

    Ms. Broder.

    Ms. BRODER. And I would agree with everything Mr. Townsend said. I would also suggest at this time that we have some fairly young legislation out there. We have certainly criminalized, or Congress has criminalized, identity theft.

    We have established the central repository of identity theft complaints. And we believe that this will provide tremendous incentive for prosecutors to be able to go after identity theft. Not only do they have the data now, they can see the picture rather than individual complaints.

    So I would suggest perhaps that it is time to see how the system is working with what we have in place, and should H.R. 4311 be enacted into law, with those provisions, too, to help prevent identity theft, as opposed to the prosecution.

 Page 36       PREV PAGE       TOP OF DOC
    Mr. LAFALCE. We are talking about both prevention, which is necessary, and prosecution, which is necessary.

    Now forget about legislation. What could you do to enhance the prosecution of identity theft? I mean, who can prosecute? Is it a local county district attorney? Is it a State attorney general? Is it the U.S. attorney, or is it all of the above, depending? And to what extent are prosecutors equipped to handle the growing epidemic?

    And how could you engage in an outreach effort to enlist them to prosecute these cases as a priority item which might turn out to be the best preventive measure we could take?

    Ms. BRODER. It is a priority item.

    Mr. LAFALCE. For whom? And how do we make it a priority item for all the prosecutors?

    Ms. BRODER. You have asked a series of questions. Let me first tell you who it is that prosecutes these cases. It is now a Federal crime to engage in identity theft. So any U.S. Attorney's office can prosecute these crimes.

    Seventy-five percent of the States have statutes prohibiting identity theft, so there can be State, and in some cases, local prosecution of these crimes.

    As I have mentioned, I think one of the problems is, when a——
 Page 37       PREV PAGE       TOP OF DOC

    Mr. LAFALCE. You say in some cases. Aren't most every local county attorney or prosecutor able to prosecute violations of State laws?

    Ms. BRODER. I think generally that is so, sir.

    Mr. LAFALCE. And with respect to the 25 percent of the States that do not have laws, is there any effort that we could make to get them to pass laws in those States to enable their prosecutors to also prosecute this crime?

    Ms. BRODER. I think this is the trend that we are going to see, sir.

    Mr. LAFALCE. Under the Federal law that exists making it a Federal crime, do the local prosecutors have the capacity to prosecute for violations of Federal law?

    Ms. BRODER. No they do not.

    Mr. LAFALCE. Can we enable them to do that? I am just asking questions.

    Ms. BRODER. Sir, we know that under certain civil statutes, for example, the Home Equity Protection Act, the Telemarketing Sales Rule, the 900 Number Act, the Federal Trade Commission and State attorneys general have enforcement authority. So there is this joint jurisdiction and enforcement authority on a civil level.
 Page 38       PREV PAGE       TOP OF DOC

    I am not aware, Mr. LaFalce, on the criminal side of whether that is a common measure.

    Mr. TOWNSEND. If I could respond, sir, to your first issue regarding prosecution. Clearly, as you have mentioned, it is a Federal crime. And in the case of the Secret Service, we aggressively pursue those for presentation to the various United States Attorneys offices.

    But more importantly, I mentioned in my opening statement, one of the critical components of the Secret Service investigative strategy is community impact cases. And that varies widely across this country from judicial district to State to various counties.

    We regularly present for prosecution identity theft cases to State and local authorities if in fact in that area that is a community impact issue. It may not meet the Federal threshold for prosecution, but we in the Secret Service regularly submit, testify in open court, all of the resources of the Secret Service in terms of expert testimony, forensic service analysis are available to the State and local prosecutors.

    If in fact that is deemed to be a community impact case, that is an important issue, wherever it may be, we would then go into the State court if for whatever reason the Federal system were unavailable to us through the thresholds or other reasons.

    You also asked a question about resources. Clearly, prosecutors, like many in the criminal justice system, feel besieged by a competing number of priorities. I can report to you that on November the 27th, the Secret Service, along with the Treasury Department, will host an identity theft workshop focused on enforcement efforts. And we hope to host local prosecutors and their local police and State counterparts in order that we can move this issue along.
 Page 39       PREV PAGE       TOP OF DOC

    Clearly, there is work to be done, but in the Secret Service, we view partnerships with State and local governments as critical to our effort.

    Mr. LAFALCE. Is there a committee of the National District Attorneys Association that deals specifically with the issue of identity theft? At the State or national conventions of the District Attorneys Association, do you attempt to put seminars before them at their meetings or make presentations on the issue of identity theft?

    I just see this, because of the proliferation of the usage of the internet and the availability of so much personal data—if it is epidemic now, it is going to be geometrically increasing epidemically in the future—and so we have to wage war.

    Mr. TOWNSEND. If I could respond, public education is also a key regarding this variety of financial crimes that we investigate. I find myself sometimes having to make difficult decisions because of the demand for our Special Agents to make public presentations versus actually working the cases we need to be working.

    But we have such a demand for presentations, and we have long lists and regular—we have people literally today in Mexico City making presentations on this topic and deployed elsewhere around the country speaking to these kinds of groups.

    So, your point is well taken. Public education is a key component, and it is one that we try to pursue.

 Page 40       PREV PAGE       TOP OF DOC
    Chairman LEACH. Ms. Biggert.

    Ms. BIGGERT. Thank you, Mr. Chairman. I was amazed going on the internet, at the amount of information that could be gathered from one of the companies, I think the investigative company.

    And, for example, they no longer will provide Social Security numbers, but in a location search, they can locate, by Social Security number, the name of a person for $43. They can locate a current address from a phone number. For $25, you can have the date of birth of somebody. For financial searches, you can get a bank account balance for $45.

    A bank account search costs you quite a bit of money, $249, to find out what somebody's bank account is. You can get bank account activity detail for $99. More information is the property records by name for $37, property records by address for $32.

    I am astounded by the personal information that can be garnered just from the internet.

    Now, apparently, the Social Security number is a little bit harder to find, but could you not just go with a made-up a Social Security number until you find somebody that you you want to assume their identity, even if they do not have that Social Security number or they had a hacker find the Social Security number, and then proceed from there?

    Ms. BRODER. Identity thieves are tremendously resourceful, and they can obtain this type of information legally and illicitly, and generally they have many ways of doing so.
 Page 41       PREV PAGE       TOP OF DOC

    We know that there is legislation being considered now to prohibit the offering for sale and purchase of Social Security numbers. So there are measures being undertaken.

    Certainly with the internet, information that had been publicly available before is available on such a widespread basis, it can be disseminated so broadly that it is causing all of us concern.

    It is time to stop and look at these practices in this cyber world and determine the balance between access to information and privacy interests.

    Ms. BIGGERT. I think people would be absolutely amazed if they knew that people had access to their bank account balance and their activity every month.

    But several of the proposals, including H.R. 4311, deal with the issue of removing the Social Security number from the header of credit reports.

    I know that there has been some opposition to that and some are saying that it would actually detract from the accuracy of the credit reporting system, with the consequences being an inability to locate heirs, deadbeat debtors or others who there is an interest in identifying.

    Do you think this is a valid concern? And if so, how would you address it?

    Ms. BRODER. We do not think it is a valid concern. They will have access to the information if they have a permissible purpose under the FCRA. That is, entities who obtain a consumer's consent who can get access to this information, so we do not find it a compelling argument.
 Page 42       PREV PAGE       TOP OF DOC

    Ms. BIGGERT. All right. Thank you.

    And then, Mr. Townsend, I think that there was a U.S. News & World Report recently that reported the indictment of two Government employees for allegedly using information from the FDIC and the Department of Health and Human Services to commit identity theft.

    In addition, there was a report issued by Congressman Horn of the Government Management and Information Committee, which gave very low marks to computer security systems in the Government agencies.

    Do you think that the Federal Government has adequate procedures in place to protect its employees and citizens whose personal information is on their centralized databases from identity theft?

    Mr. TOWNSEND. Well, I can tell you that the Secret Service is a law enforcement bureau within the Treasury Department, and as such, we are charged with looking at intrusions and so forth within the Treasury system.

    Although I have not read the report in detail, as I recall, the Treasury was not listed, fortunately, as one of those which was having problems.

    I really have to tell you that I am not intimately familiar with the other systems. I can tell you that, with regard to the Treasury system, we have not investigated intrusions during my tenure there.
 Page 43       PREV PAGE       TOP OF DOC

    But clearly, your point—and you referred to the U.S. News article from I believe August the 31st—clearly, this is an area in which we in the Government need to get our houses in order also. It is an area that is highly topical, it is discussed daily, and it is one that certainly we are going to be pursuing in the days to come.

    Ms. BIGGERT. Thank you.

    Thank you, Mr. Chairman.

    Chairman LEACH. Well, thank you very much.

    Mrs. Maloney.

    Mrs. MALONEY. Thank you, Mr. Chairman, for calling this hearing. And I applaud my colleague, Darlene Hooley, for her bill.

    It has been pointed out in Ms. Biggert's statement and others that the societal changes of the information age have really improved our lives, they have helped the economy, but in the area of privacy and protecting the personal information of individuals, I believe this Congress has really fallen far behind in providing legal protections for our constituents.

    I know that identity theft is growing problem. I am getting more and more calls in my office about it. And I think by giving one example it helps illustrate what we are hearing in our offices.
 Page 44       PREV PAGE       TOP OF DOC

    One such victim is a Mr. Ahmed who lives and works in Manhattan, and he has been battling credit reporting agencies for five years. Five years ago, he discovered that someone had stolen his Social Security number in order to obtain fourteen credit cards.

    When he ordered copies of his credit reports, he was astounded to find two names with two different occupations and two different birthdates on the reports. Even with such glaring errors on his credit report, and after obtaining a police report to back up his claim, the credit reporting agencies were largely totally unresponsive in assisting him in clearing his name.

    The agencies informed him that they had contacted the credit issuing banks, and having received confirmation that the Social Security numbers that the banks were using matched, would continue to include the information from both names on his credit report.

    The credit issuing banks were also of little help. After writing to all fourteen, only four responded over a three-year period, and even some of the account information from the four remained on Mr. Ahmed's credit report. In all, the identity theft defaulted on over $20,000 in charges for which he received collection notices.

    Despite the fraud alert that has been on his credit report since 1995, and the terrible credit record, he continues to receive credit card solicitations. He and his wife continue to monitor his credit report, and every time they think that the problem is completed, they find a new fraudulent account on this report.

    And this has been going on for five stressful years, and they have invested literally hundreds of hours trying to clear his name. Just last week they were initially denied a mortgage until the situation was again explained to the bank. They now they face an even more stringent review. In this coming week, they have to appear before a New York co-op board and explain once again why their credit history has had such a turbulent past.
 Page 45       PREV PAGE       TOP OF DOC

    And I really want to let the representatives of the credit reporting agencies in the audience today know that I will continue to follow his case and other constituents' cases. And I really feel, Mr. Chairman, that all of our constituents deserve the extra protections of sensitive information that is provided in the Hooley bill, and I feel that we need to adopt it in this Congress.

    I would like to first of all ask Mr. Broder, in your testimony, you indicated that the FTC is receiving—or rather, Mrs. Broder—a thousand calls a week regarding identity theft. And first of all, how many other FTC hotlines receive anywhere near this many consumer contacts?

    Second, when consumers call the FTC hotline, they are advised to contact the credit reporting agencies. From my own experience that is illustrated in the case that I just gave you, many of my constituents are totally frustrated with the response from the agencies.

    The constituent whose case that I just spoke about, indicated of the three that he contacted, the TransUnion Fraud Department was by far the most helpful. And how does the FTC monitor what is happening to our constituents when our constituents call and relay these problems?

    Specifically, do you make sure that the credit reporting agencies are answering their fraud lines with real people and not just computers that never follow up? Have you—or do you—test the credit reporting agency's ability to actually resolve an identity theft case? Or are more people than my constituents and Mr. Ahmed, who is just running around in circles, really not receiving help from anyone in his particular case? So I look forward to your answers.
 Page 46       PREV PAGE       TOP OF DOC

    Ms. BRODER. One of the measures that we hope to enter into with the consumer reporting agencies is one-stop shopping. If there is one constant that we hear from victims, it is that they have to call each of the three major consumer reporting agencies and the Federal Trade Commission and all of their creditors to take care of things.

    One measure that we would like to enter into with the three major credit reporting agencies is one-stop shopping; that is, they either call the FTC at our hotline or call one of the three major credit reporting agencies to place a fraud alert on their file and that it goes to all three offices.

    We have not made progress toward pursuing that. We think that it would be of great help to consumers who are so burdened with——

    Mrs. MALONEY. Do you ever monitor? Do you ever go in and take a case and see if they are actually solving it? I have got about five cases that are very similar to his, where they say they call everyone and no one ever does anything and it is now five years, four years, three years, and they are running in circles.

    Ms. BRODER. Well, I would offer to you, Mrs. Maloney, first our toll-free hotline for you to provide to your constituents so they can talk to our specially trained telephone counselors and be given the information.

    Many consumers know they have to call the consumer reporting agencies for fraud alerts. Do they know they should also call the Department of Motor Vehicles to find out if someone obtained a driver's license in their name? Do they know they should also contact the Social Security Administration to see if there is other misuse, if people are making money, earning wages in their name, and incurring tax liability?
 Page 47       PREV PAGE       TOP OF DOC

    So there are many steps, a lot of information that our phone counselors can provide.

    We do follow this data. We collect data in our database that shows how responsive the financial institutions are and the consumer reporting agencies, all of those associated entities that consumers have to deal with when they are victims of ID theft. And we look forward to putting a little pressure on them, you know, to get them to be more responsive.

    Is there a legal responsibility? They are supposed to correct erroneous reports on a consumer's file, but we know that in many cases after consumers have gone in and gotten a correction on their report, the same debt pops up again, which is why in our testimony we make the rather dire, but perhaps at this time appropriate statement that often identity theft is unavoidable, undetectable, and unstoppable. Unstoppable, because it keeps rising up just when the consumer believes that he or she has settled out all of these problems, they keep coming up.

    We are working very, very hard both with individual consumers and with the financial industries to try to approach this, but I share your frustration.

    Mrs. MALONEY. Well, my time is up. Thank you.

    Chairman LEACH. Thank you very much.

    Mr. LaTourette.

 Page 48       PREV PAGE       TOP OF DOC
    Mr. LATOURETTE. Thank you, Mr. Chairman.

    Agent Townsend, I want to follow up with the excellent questions that Mr. LaFalce was asking.

    You talked about the Federal threshold a couple of times. What is a Federal threshold?

    Mr. TOWNSEND. When we discuss Federal thresholds, what we are referring to are prosecutive guidelines, if you will. Those are set by the individual United States Attorneys in their respective judicial districts. So as you can imagine, the prosecutive guidelines are different in the Central District of California as opposed to the Central District of Illinois.

    Mr. LATOURETTE. And that is an excellent point, and that is what I thought you were talking about. Because in my testimony when I was talking about the family from Lake County, Ohio, the Mitchells, they had the misfortune at the time they reported it to the Federal authorities of only having lost $80,000. They had not crested $100,000. And so their fondest hope was that the thieves would take another $20,000 from them so that they could get the attention of the U.S. Attorney in Cleveland. And that seems to be a problem.

    And then what happens is—before this job, I was a district attorney in Ohio—and what happens is that what you have available then if the Federal prosecution is not initiated, the miscreant is arrested in Chicago, the full panoply of charges available to a Federal prosecutor is not available to the prosecutor in Chicago, because the crime committed in Chicago was going to get one $15,000 loan. That becomes something in most States that is a felony, punishable by eighteen months. And I made the observation when the fellow arrested he said, ''I did not use a gun. I am going to get probation'' even though he had a record going back to 1977.
 Page 49       PREV PAGE       TOP OF DOC

    So it really seems to be that we have not given prosecutors anything if the Federal threshold is going to be a certain amount, identity theft is not a crime. Identity theft, when you steal a lot of money is a crime, and it seems to me that one of the things that we could do is to somehow massage those Federal thresholds. Otherwise we are going to have disparate prosecutions.

    And prosecutors all over the country are busy. The guy in Chicago who is worried about the murderers and the rapists and the burglars does not care about some lady in Madison, Ohio that lost $100,000 to a guy that got a loan. And I would be interested, one, in any thoughts that you have on that.

    And then, two, one of the things that concerns the victims of identity theft that I have talked to are not only what Ms. Broder was talking about, and that is, it seems you have to do all the work. I mean, you have got to call everybody in town, and it does not get in the file. As a matter of fact, some of these loans that were made to the crooks were made after the phone calls had been made. And so one-stop shopping would be a wonderful addition to what it is you are doing.

    But what they are also concerned about—and any knowledge that you have about the market for this information. We have three guys now in jail in Chicago. They are concerned that they sold it to three more guys in Colorado and that there is a move to traffic this information, not only to steal it and use it once, but then also to sell it to other people that want to engage in similar criminal activity. And any information that you have on that I would be interested in hearing.
 Page 50       PREV PAGE       TOP OF DOC

    Mr. TOWNSEND. Sir, you have hit on two key issues. We share your frustration at times with regard to Federal prosecutive thresholds or guidelines. As you know, the United States Attorneys have wide prosecutorial discretion as to what they do prosecute.

    And you make the point federally we can bring people much more easily back and forth across judicial lines as opposed to extraditing under the State courts. But we do make efforts——

    Mr. LATOURETTE. If I could interrupt you for just a second. You also have jurisdictional problems. I mean, the reason that it is a smaller crime in Chicago is, especially if it is on the internet, that these crimes could have been committed all over the country, and all the guy in Chicago gets to do is what happened in Chicago.

    Mr. TOWNSEND. You make a very good point, which relates to this issue of globalization. If the hacker in Moscow hacks into a system in Chicago, sends the identity to a co-conspirator in Buenos Aires who buys property and transships it to Miami and sells it to unsuspecting people, where did the crime occur? And it takes about that long to transact that transaction. So your point is well taken.

    Second, with regard to the marketing of this information, there is no question that we have seen a migration of organized criminal groups who formerly dealt in crack cocaine, weapons and so forth, into this very lucrative area.

    And within the Chicago area that you mentioned, well-known street gangs are now moving into this area, because, as you say, the sentencing guidelines are not perhaps what we would all like them to be. They know that violent crime is a priority. And additionally, they are able to traffic second and third and fourth time among other members of the gangs these identification documents and full identities.
 Page 51       PREV PAGE       TOP OF DOC

    Mr. LATOURETTE. Thank you very much.

    Thank you, Mr. Chairman.

    Chairman LEACH. Ms. Hooley.

    Ms. HOOLEY. Thank you for your testimony. I have question for Ms. Broder. First of all, thank you for all the work that you have done, and I know you have not had very much time to get this up and running.

    And when I have constituents call, you are very good at helping victims help themselves. However, as far as law enforcement goes, it seems that your hands are still somewhat tied. What types of authority do you think you need to further combat this problem?

    Ms. BRODER. Well, as you know, we have civil enforcement, not criminal enforcement authority. And we have used that in cases of identity theft. We just recently obtained a judgment against a company based in California.

    We have a judgment for $37 million for a company that was billing consumers' credit cards for purchases they did not make. They were cramming charges onto their credit card. That is a violation of the Identity Theft Act of 1998, because they were using consumers' identity, their name and their credit card numbers to commit a crime.

    And so we will continue vigorously to exercise our authority under Section 5 for unfair and deceptive acts and practices that involve identity theft. We believe that that is a very full granting of jurisdiction for us to address many issues civilly.
 Page 52       PREV PAGE       TOP OF DOC

    But we do know that we rely upon our criminal enforcement colleagues to add a little more muscle there for criminal enforcement, for serious jail time under the Identity Theft Act.

    Ms. HOOLEY. You talked about one-stop shopping that you had not found people too cooperative to make that happen. And we have talked to a number of victims of identity theft, and that is the problem.

    I mean, there are a lot of problems with it. I mean, people just feel so violated with this, and it comes up. I mean, something like 55 percent of the cases have gone on over four years, so it is just a constant—I mean, it is there all the time with them.

    So it is much more than just money being taken. And most of the time, money is not that—I mean, they do not have to pay the money, so it is just this feeling of violation that somebody is out there impersonating them all the time.

    But what would it take to motivate other organizations to join with you in this one-stop, how do we let everyone know, Motor Vehicles, the credit bureaus, what would that take?

    Ms. BRODER. We are working very closely. We are trying to work very closely with all of the affected entities, public and private consumer groups to answer that question.

 Page 53       PREV PAGE       TOP OF DOC
    You know, specifically, if you ask me what will it take to get the credit reporting agencies to step up and engage in one-stop shopping, I guess I would have to address that to one of the later witnesses on a later panel today.

    But we are always available to discuss these initiatives with any other entities. And in fact, we hope that our workshop later in October will be just such an opportunity.

    Ms. HOOLEY. OK.

    Mr. Townsend, thank you again for all that you are doing and for your testimony. This piece of legislation that we have introduced, H.R. 4311, is really trying to deal with the prevention. And fraud alerts have to be put on. We are trying to codify that so that they actually have to use those. Again, this is a prevention piece, not necessarily the enforcement that we have dealt with in other pieces of legislation.

    But since you are in enforcement, what can Congress do to help law enforcement help victims and put these criminals behind bars? What do we need to do both nationally and to help local law enforcement?

    Mr. TOWNSEND. I think some of the points that Mr. LaTourette raised are interesting with regard to your question. One area that we have not touched a great deal on today is sentencing guidelines.

    Clearly, the effect that this crime of identity theft is having in our community, I believe that Congress could support looking once again at where the sentencing guidelines put identity theft and perhaps this joint effort between the FTC, Congress, the Secret Service and our other partners might institute a new look at where the sentencing guidelines could go.
 Page 54       PREV PAGE       TOP OF DOC

    Ms. HOOLEY. OK. Thank you.

    Chairman LEACH. Mr. LaFalce.

    Mr. LAFALCE. I thank the Chairman. I will only take a minute for one question.

    Is the advertising of what is criminal intent to steal an identity—is the advertising, in and of itself, criminally prosecutable?

    Mr. TOWNSEND. My understanding is that it is not. And, of course, let me once again say that what may be prosecutable in one particular district is not the case in another. United States Attorneys——

    Mr. LAFALCE. I am thinking now with respect to not thresholds, but just the law itself. If we had a U.S. Attorney who wanted to prosecute advertising that clearly advertises with a criminal intent, could it be done under existing law? That is the first question.

    The second question, if it could be done under criminal law, could we pass a law that would be both constitutional and practically enforceable? In other words, I am thinking of the ability to—you say people are advertising, can we go in there and stop them by prosecuting them criminally before they do the injury? Have they done enough injury to the public in some way by advertising?
 Page 55       PREV PAGE       TOP OF DOC

    If somebody intends to murder you and we see—is there a conspiracy law that is applicable? And they are into a conspiracy with the millions of people who use the internet.

    Mr. TOWNSEND. You have asked obviously a very complex issue which a team of lawyers would——

    Mr. LAFALCE. Well, I would like a team of lawyers to huddle together and respond to me.

    Mr. TOWNSEND. Yes, sir.

    Chairman LEACH. Will the gentleman yield?

    Mr. LAFALCE. Yes, surely.

    Chairman LEACH. There is a further point. Are there enforcement actions against advertising criminal intent? The FTC brings enforcement actions against misleading advertising. Is there such a thing as an enforcement action against truthful advertising of any illegal act?

    Ms. BRODER. Yes there is. Under various theories of our unfairness jurisdiction, we could pursue a civil case under that type of theory.

 Page 56       PREV PAGE       TOP OF DOC
    Chairman LEACH. Have you ever done that?

    Ms. BRODER. Not since the 1950's.

    Chairman LEACH. All right. Let me go a step further, again following the logic of Mr. LaFalce. Have you considered informing newspapers, yellow books, and so forth, that a given type of advertising is for an illegal act and do companies want to have a policy accepting advertising for illegal acts?

    Ms. BRODER. We have done that.

    Chairman LEACH. Is that a First Amendment problem?

    Ms. BRODER. Well, we have met with the editors or the directors of classified sections of newspapers before to talk about the offering of fraudulent franchises and business opportunities with which Mr. LaFalce is very familiar.

    And we have spoken to them about what the warning signs are, what are the indicia of frauds, and so that they can then institute a policy to screen out those. And I think that you raise a very interesting point, which I will bring back to the Commission to discuss.

    Chairman LEACH. Fair enough.

    Ms. HOOLEY. Mr. Chairman.

 Page 57       PREV PAGE       TOP OF DOC
    Chairman LEACH. Yes, Ms. Hooley.

    Ms. HOOLEY. Just one real quick question for Ms. Broder. I mean, with your hotline and your educational pieces, what have we done to educate just the agencies within the Federal Government on, you know, having their Social Security numbers on pieces of information or on documents that may not be necessary? Because so much of identity theft really deals with your Social Security number.

    And one of the reasons I bring it up is I look at my voting card. It has our Social Security number on it. You know, and if you lose this card, somebody has your Social Security number. So my question is, what kind of a job have we done in educating our other Federal agencies?

    Ms. BRODER. Well, the Department of the Treasury just obviously made changes in the way that they send out checks. They no longer reveal the Social Security number in the mailing window. There is growing sensitivity.

    When we began our efforts on identity theft, we met with over a dozen other Federal agencies to talk about initiatives that we could take, but also about cleaning up our own houses and our own information practices. It is a very important point that we make whenever we speak to the public, to private agencies as well as to public governmental units.

    Chairman LEACH. I apologize. It is still the time of Mr. LaFalce if—no? Thank you.

 Page 58       PREV PAGE       TOP OF DOC
    If there are no further questions, I would just like to ask Mr. Townsend if he would return to his agency and think through some of the resource questions. And I would like to meet with your agency by the end of the week with regard to that question.

    Mr. TOWNSEND. Yes, sir.

    Chairman LEACH. Thank you. Thank you all very much.

    Our third panel is composed of Mr. Robert Douglas, who is the CEO of American Privacy Consultants, Inc. of Alexandria, Virginia, and Shon Boulden, who is an identity theft victim from Hillsboro, Oregon.

    And let me say, both of your statements will be placed fully in the record, and you may proceed as you see fit. And Mr. Douglas, you are welcomed back to the Committee, and we appreciate very much the assistance over the last several years you have given the Committee on this specific issue.

    Mr. DOUGLAS. Thank you, Mr. Chairman.

    Chairman LEACH. Mr. Douglas.

STATEMENT OF ROBERT DOUGLAS, CEO, AMERICAN PRIVACY CONSULTANTS, INC., ALEXANDRIA, VA

    Mr. DOUGLAS. My name is Robert Douglas, and I am with American Privacy Consultants. I appreciate the opportunity to appear before this Committee once again to address the issue of identity theft, pretext calling, and other deceptive practices.
 Page 59       PREV PAGE       TOP OF DOC

    Unfortunately, in spite of the enaction of legislation drafted by this Committee to outlaw such practices, these methods not only survive, but also continue to grow in volume, scope, and methodology.

    Chairman Leach and Ranking Member LaFalce——

    Chairman LEACH. Excuse me. If you could withhold for one second.

    Mr. DOUGLAS. Certainly.

    Chairman LEACH. Is anyone still here from the FTC? Good. And you are taking notes? Thank you. Please.

    Mr. DOUGLAS. Certainly. I would like to personally thank you and Ranking Member LaFalce and the Committee for your continued willingness and desire to address this serious issue.

    On July 28th, 1998 while appearing before this Committee, I stated: ''All across the United States, information brokers and private investigators are stealing and selling for profit our fellow citizens' personal financial information. The problem is so extensive that no citizen should have confidence that his or her financial holdings are safe.''

    Sadly, I return today to inform this Committee that my statement of 1998 remains true to this day.
 Page 60       PREV PAGE       TOP OF DOC

    The good news is progress has been made. In 1998 four steps were required. First, the financial services industry needed to understand and combat the threat. Second, tough Federal legislation was needed. Third, appropriate Federal regulatory agencies needed to create standards and regulations designed to assist institutions. And finally, aggressive prosecution was required.

    The financial services industry has made significant progress in beginning to combat identity theft and pretext. This Committee and Congress moved quickly to pass legislation designed to punish those who would impersonate others in order to gain access to confidential financial records.

    The Federal regulatory agencies moved quickly in 1998 by means of an advisory letter and other steps to alert all institutions to the practices of identity thieves and information brokers.

    With the first three sides of the box either erected or under construction, it is now time to build the final wall—progressive enforcement action.

    In the invitation letter I received from the Committee to testify today, I was asked to specifically address three issues.

    First, the extent to which the use of pretext calling and other deceptive means continue in spite of the passage of Gramm-Leach-Bliley.

 Page 61       PREV PAGE       TOP OF DOC
    Two, the effectiveness of efforts by the financial services industry to deter and detect fraudulent attempts to obtain confidential account information.

    And third, other threats to financial privacy emerging today.

    The use of pretext calling and other means of deception to trick financial institution employees and customers continue unabated. Advertisements on the World Wide Web have doubled in the past two years.

    We have several exhibit boards to my right in the hearing room today, and I would be happy to discuss those in detail if the Committee so desires.

    I would hope that Members of this Committee would find the services offered and language of the advertisements disturbing. Members of this Committee might wonder why these firms are allowed to operate. The excuse might be offered that these companies fly so far below the horizon as to be undetectable. That excuse would have a hollow ring.

    Docusearch is the company that sold personal information concerning Amy Boyer to a stalker that resulted in the murder of Ms. Boyer and the suicide of the stalker. Amy's parents have testified before Congress and have been widely covered in the media.

    Docusearch was the cover story for Forbes Magazine on November 29, 1999, just seventeen days after Gramm-Leach-Bliley was signed into law. In the article, Dan Cohn of Docusearch bragged about his abilities to obtain personal information about a subject. Amazingly, Cohn arguably admits to the use of fraud and bribery. And should there be any question as to the ability of a determined criminal to gain access to confidential information, including, Mr. Chairman, financial information, the Forbes article evidences Cohn doing it with apparent ease.
 Page 62       PREV PAGE       TOP OF DOC

    Cohn is willing to lead officials to believe he is a law enforcement officer. If you read the Forbes piece and my analysis of it in my written statement, there can be only one question. Why are Dan Cohn, Docusearch, and thousands of others offering these same services still in business?

    To be sure, Docusearch is not alone. There are now more information brokers and private investigators openly advertising their ability to obtain and sell financial information than there were in 1998.

    One phone call to a company advertising in the DC area Legal Times determined that they offer for $200 to supply the name of the bank, the type of account maintained, and the balance in the account for any individual specified. And I would note that that is a trade paper that is in the U.S. Attorney's Office, the Department of Justice, and I dare say at the FTC.

    The scenario presented to the company fell squarely within the four corners of Gramm-Leach-Bliley that would make the request and provision of the banking information if accomplished by pretext. The company was informed that a woman was trying to locate a current address for a live-in boyfriend who had skipped town with money from her checking account. There was nothing in the scenario presented that even began to come close to the exceptions enacted as part of Gramm-Leach-Bliley.

    In fact, as the Chairman is aware, on August 30th, Senior Counsel Jim Clinger and other of your staff members and I called numerous private investigators and information brokers in an effort to determine how many would sell bank account information and under what circumstances.
 Page 63       PREV PAGE       TOP OF DOC

    We surveyed the first ten companies we could reach by phone. And, Mr. Chairman, you referred to eleven. There were eleven, and I would give them a push, because of some of their answers, but I will talk about that later.

    The companies were selected randomly. The companies were presented with the scenario outlined above. And with the Committee's permission, I would like to detail some of the results we obtained.

    In less than three hours, the first ten companies we reached were all willing to sell us personal bank account information detailed enough to raise the educated belief that the information would be obtained by pretext or other deceptive means. Not a single company we reached turned us down. Not one.

    More to the point, two of the companies' representatives made specific mention of ''privacy laws'' and ''Federal statutes'' being a hindrance to their ability to provide the information. However, we were told, they could succeed, but just ''don't tell anybody'' that we had obtained the information.

    One individual referred to the fact that he had banking experience and guaranteed he could find the bank and 80 percent of the time could get the account number and balance. Several of the companies stated they could get us individual transaction records, including individual deposit transactions.

    One offered to teach us how to determine the amount in the account once he located the bank and account number. He would not do it, he would teach us how.
 Page 64       PREV PAGE       TOP OF DOC

    One company stated they would check the Federal Reserve section for the part of the country where the individual was located. This same company claimed to work for hundreds—and this is a quote: ''hundreds and hundreds of attorneys and collection agencies.'' Further, they stated they had found $1.2 million in an account just the previous day for an attorney. They advised us to wait for the banking information before going to court, in direct contravention of Gramm-Leach-Bliley, I might add.

    Another company stated that they would locate the information if they had a court filing judgment or a letter from an attorney giving the name of the person the account information was being sought for and the reason. This company stated they could find local bank information for $200 and statewide information for $500, including account numbers and balances.

    Several of the companies offered to locate safety deposit box locations and securities-related information. One company charges $175 to locate the name and address of the bank if you have a judgment. However, the same company for $250—slightly more—would locate all accounts, account numbers, balances, mutual funds, names on the accounts, dates of closure if an account was closed, safety deposit box information, if we did not have a judgment.

    Here is just one example of the type of advertising we found, and I believe we have an exhibit board for this. Actually we do not, but it is in my testimony. But they have a disclaimer at the bottom, and I will just read a couple of quick sentences. And I know my time is short. ''We limit retrieval to documents or information available from a public entity or public utility which are intended for public use only. We neither utilize, reveal, nor attempt to access any confidential information concerning the parties involved.'' And the ad is specifically referring to bank account information.
 Page 65       PREV PAGE       TOP OF DOC

    The disclaimer is amazing in light of the fact that this company offered to sell us the amount located in a checking account and the deposit history to the account for $275. I can't fathom a single way that account balance and deposit transaction records could be ''intended for public use.'' Indeed, this would be a direct revelation of ''confidential information.''

    Mr. Chairman, no company reached asked any question that would logically follow from the passage of Gramm-Leach-Bliley, even when they had disclaimers in the advertisements suggesting there were restrictions.

    Further, in addition to the overt remarks made by several companies to the minor obstacles presented by ''Federal statutes'' and ''privacy laws,'' the advertisements and telephonic presentations bore all the classic signs of pretext operations. And I could detail those later if you would like.

    The financial services industry has for many years utilized various methods of combatting fraud and protecting the confidentiality of customer information. The industry is traditionally between a rock and a hard place when it comes to information security. Customers want their information to remain confidential. At the same time, they want easy access 24-hours a day to that same confidential information.

    It is this very dilemma that criminals exploit.

    The financial services industry is moving aggressively to combat the methods and deceptive practices used by identity thieves and info brokers that seek to illegally gain access to information.
 Page 66       PREV PAGE       TOP OF DOC

    I believe the Committee will hear from Richard Harvey, the chief privacy officer and chief compliance officer for Chevy Chase Bank later today, who will document and detail the steps the industry has taken both historically and recently.

    But as an interested and active observer of the industry over the last several years, I would like to commend the efforts and initiatives they have undertaken.

    I have worked directly with institutions and professional associations to educate them on the issue of pretext and other deceptive practices used to penetrate security systems. In each instance I have found that the privacy, administrative and security leaders in the institutions and in associations are genuinely concerned about solving the problem and are moving to do so.

    This concern has led in one instance to the American Bankers Association distributing to the entire membership an education and basic training program on pretext calling I was asked to author at the Association's initiative. The portion I authored was just a small part of a comprehensive three-part series the ABA has distributed to the membership.

    I have been asked to speak on a number of occasions to groups of bankers to demonstrate how to spot pretext calls, how to educate financial services employees, and what steps to take at the institution level.

    Indeed, you would be hard pressed to find a gathering of bankers anywhere today where the subject of privacy is not addressed as a major topic of discussion. In fact, I flew overnight last night to be here this morning from just such a gathering, where I made two rather major presentations on this issue.
 Page 67       PREV PAGE       TOP OF DOC

    But, Mr. Chairman, the financial services industry needs a helping hand from law enforcement. These criminals must be prosecuted. The message needs to be sent that Federal law enforcement is serious about protecting financial institution customers. It is time to act.

    My last area is the emerging threats to financial privacy. And this is all new material that has not been covered in the last two years, Mr. Chairman.

    The fastest growing method used to skip trace for the current address and other personal information of an individual is to obtain the information from the phone company. Most United States citizens believe that their phone records are private unless obtained by subpoena or other form of court order. This is especially true for the millions of Americans who pay extra to have a nonpublished or unlisted phone number.

    Most citizens would further think that who they call and how long they talk is also a private matter. Most Americans would be wrong.

    Currently there are presentations of closed, highly secure classes for private investigators and information brokers—and we have an ad of one on the exhibit boards—teaching the inner workings of the telecommunications industry. We have exhibits in the room today that I just mentioned.

    Why am I discussing the access of confidential phone information before the Banking Committee? One of the most common financial pretexts begins with either a pretext call to the consumer impersonating someone from the phone company, or a pretext call to the phone company to develop enough personal information from their databases to be used as part of a further pretext against either the consumer or financial institution.
 Page 68       PREV PAGE       TOP OF DOC

    Another method becoming more common is the use of a ''Trojan check.'' I cover this method in my written statement and will be happy to address any questions the Committee may have.

    Suffice it to say there is great debate in the investigative broker, and I might add legal communities, as to the legality of this practice, given GLB and the deceptive trade practice statues. While the debate continues, so does the practice.

    Informal networks of investigators, info brokers, judgment collectors and collection professionals are found all over the internet. It is common to see requests for contacts in financial service institutions. Some collection professionals openly advertise their ability to provide information maintained within their files.

    Routinely, there are account and file numbers along with the names of targets placed on the internet for inspection by others to determine if information can be traded or obtained.

    And I would add that I have close to 2,000 such references of the methods that I am discussing catalogued at home on my computer that I have collected over the last two years.

    Vehicle tracking devices are being offered for sale in order to follow or record the travels of citizens. While not directly relevant to the pretext of financial information, it demonstrates the length that some will go to in order to obtain information on citizens in the United States today.
 Page 69       PREV PAGE       TOP OF DOC

    If law enforcement agencies of State and Federal Governments were caught doing these practices absent a constitutionally permissible purpose and/or court order, there would be rioting in the streets. Yet every day these events are carried out by private investigators, information brokers and judgment collectors who have no authority above that of a private citizen, and no one seems to blink.

    From where I sit, my privacy is just as violated whether the intrusion comes from a person with a badge or not.

    I would like to make some suggestions concerning what needs to be done to continue the battle. First and foremost, we need swift, aggressive, nationwide action by law enforcement to begin criminal investigations and prosecutions of those who are thumbing their noses at the provisions of Gramm-Leach-Bliley and other appropriate statutes.

    I hope the information I provided in 1998 and today supports this conclusion.

    Second, GLB needs to be amended. The narrowly crafted child support exemption for the use of pretext is being used as an advertising shield by private investigators to hide behind while continuing the covert sale of financial information that falls outside of the GLB exemption.

    I have prepared a lengthy analysis for the Committee's consideration in my written testimony. Simply put, there is no legitimate reason to continue the child support exemption to Gramm-Leach-Bliley.
 Page 70       PREV PAGE       TOP OF DOC

    Third, financial institutions must continue the work they have started to take every precaution necessary to teach all banking employees about the methods associated with identity theft.

    Fourth, the Federal regulatory agencies must continue their efforts to stay abreast of information security threats and implement appropriate standards and regulations

    Finally, this Committee must continue on a regular basis to exercise the appropriate oversight functions necessary to ensure that the agencies of the Federal Government continue to take every step available to stop illegal access of confidential information.

    In closing, when I appeared before this Committee in 1998, I recited a long laundry list of the dangers posed by the deceptive methods in use by some private investigators and information brokers to gain illegal access to confidential and protected information.

    There were some who found it hard to believe that what I claimed was true or as serious as I presented the problem. However, those in the investigative and information broker industries who were practicing these techniques knew that I had spoken honestly and were not pleased to have sunshine illuminating their practices.

    These practices continue to this day and threaten the soundness of our financial system and the rule of law. These very techniques are also used to indeed put more than information and money in jeopardy, and here I might part company with you, Mr. Chairman, in your opening statement about threats to lives.
 Page 71       PREV PAGE       TOP OF DOC

    One need look no further than the case of Touchtone Services which we heard referred to earlier. While I have described in detail the activities of Touchtone in my written statement, I would like to point out that by using the means of pretext that I have been discussing for several years now with this Committee and others within the United States Congress, Touchtone endangered the lives of many undercover police officers in Los Angeles in a case involving organized crime.

    Mr. Chairman, one of my best friends, the father of my Godchildren, is a police officer serving within sight of the Capitol steps. On his behalf and on the behalf of the American people, I ask that Federal law enforcement begin to take this problem seriously before disaster strikes and we all return to this room to do a post-mortem.

    Mr. Chairman and Members of the Committee, as I leave you today, I hope that the time and effort I have placed in this testimony will serve as a blueprint for further examination by this Congress of matters deserving attention.

    Thank you.

    Chairman LEACH. Well, thank you very much, Mr. Douglas.

    Mr. Boulden.

STATEMENT OF SHON BOULDEN, IDENTITY THEFT VICTIM, HILLSBORO, OR
 Page 72       PREV PAGE       TOP OF DOC

    Mr. BOULDEN. Thank you, Mr. Chairman. And thank you for allowing me to tell my story today.

    About eight months ago, I decided to switch my checking account from US Bank to Washington Mutual. To my amazement, I was denied an account there. Upon getting denied, I asked to see my credit report to see what had caused the denial.

    What I found was incredible. Washington Mutual told me that when they ran my Social Security number, twelve different names showed up. Twelve different people were using my Social Security number to obtain credit.

    Despite the fact these people were using their own personal identifying information, including names, addresses, all of the information about credit inquiries and accounts had been tied to my credit report some way or another.

    It appears that the identity thieves used my Social Security number to open accounts with AT&T Wireless, Bank of America, Citibank, Capitol One, Gastalks, Macy's, Oscar Supply Hardware, Payless, Home Depot, Associates Corner, Household Credit, Dayton Hudson, Montgomery Wards, GMAC, Peoples Bank, and perhaps others.

    At one bank, three people opened accounts using the same Social Security number—mine. But the bank did not seem to notice. They opened two car loans through GMAC. I sent the bank a letter requesting help in March. They have not replied.

 Page 73       PREV PAGE       TOP OF DOC
    In many of these cases, I am not sure who has bought what and for how much, because the creditors will not give me the information without a subpoena. It is obvious to me that the banks and credit bureaus are not doing any checking. I am frustrated that the credit bureaus did not notify me when multiple people were using the same Social Security number.

    In this age of computer technology, that should have raised a huge red flag.

    I notice that H.R. 4311 requires credit bureaus to investigate discrepancies between information they have on file and information being given to them by banks and stores. Perhaps such a law should and would have triggered further investigation in my case.

    As a result of this problem I can't obtain credit anywhere. I have been denied by Meier & Frank, US Bank, and Capitol One. Interestingly enough, one credit card company which approved an account for someone else who was using my Social Security number denied me credit.

    I have been denied a car loan, so I am still driving my 1983 Oldsmobile, which is on its last legs, and have been denied a personal loan.

    I am very lucky that I did not have a credit check done to get my apartment, or I might not have a place to live.

    Dealing with this situation has been very difficult. I have had to take several days off of work to spend hours on the phone trying to speak with live representatives of creditors and credit bureaus so I could fix these problems. But the problems have not gotten worked out yet.
 Page 74       PREV PAGE       TOP OF DOC

    The credit bureaus have not been particularly helpful in solving these problems, partly because they say they have not ever seen anything like it and do not know how to deal with it.

    Although the credit bureaus have fraud alerts on my account, they have not done much to help me get rid of my bad credit. TransUnion has removed several names from my credit report, but recently I found that new people have been opening accounts using my Social Security number, even after I had put a fraud alert on. This has shown me that creditors should be required to honor the fraud alert, as is called for by H.R. 4311.

    Further adding insult to injury, Experian will not give me the names of people using my Social Security number, nor will they tell me what accounts are open under my Social Security number.

    Even though the other names have easily been put on my credit report, the credit bureaus have required proof from me that I am really Shon Boulden before they will help me at all. I even tried to apply for a new Social Security number, which would prevent continued fraud, but I am afraid that will not help me get my credit straightened out.

    I fear every day that I will not be able to get this fixed and I will have bad credit for my whole life.

    As a young person, I need credit to get started in life. In the coming years, I will want to buy a car, a home, finance my education and maybe even start a business. Without good credit, I will not be able to do any of these things.
 Page 75       PREV PAGE       TOP OF DOC

    In addition to working with someone from the Secret Service in Portland and the Federal Trade Commission, I have filed a police report with the Hillsboro Police Department, which is working with the Los Angeles Police Department, since most of the fraud has taken place in Southern California.

    However, it is clear to me that scarce resources limit what law enforcement can do help victims like myself.

    I would like to mention that through this ordeal, the Federal Trade Commission has been extremely helpful, especially Kathleen Lund, who has spent hours on the phone with me gathering the information on my case, telling me what I need to do to clear it up, and checking up on me periodically.

    In closing, I would like to thank Representatives Hooley and LaTourette for introducing the Identity Theft Protection Act. It is my hope that this Committee will seriously consider passing H.R. 4311 or other legislation that will help victims like me to not only restore our good names, but prevent identity fraud from happening in the first place.

    Chairman LEACH. Well, thank you very much, Mr. Boulden.

    Several years ago we had a doctor from the Mayo Clinic who had her identity stolen, and I remember thinking at the time, and I think of it in your instance, that part of the repair may be psychological assistance.

 Page 76       PREV PAGE       TOP OF DOC
    I mean, to have this great an intrusion on your life is extraordinary. The hours she and you have gone through to try to straighten things out, and in both instances neither fully achieved it, has got to be a dilemma of extraordinary proportions.

    And we are going to have to break because of a vote, but let me just say that this is an identity issue that is extraordinary for the individual.

    And another way of looking at it, and one reason that I am a little concerned with some of the opposition to our approach, this is from the banking industry's perspective a theft of bank information. It is a bank robbery. And I think all banks in America ought to be as alarmed as the individual who is so vehemently and difficultly injured.

    But there is nothing like a personal example to make clear what the dilemma is.

    In any regard, at this point I apologize. We have not only a vote on the floor, we have a series of votes—I am told six. And so what I would like to do is recess pending the votes, and we will do it to a time certain so that people—there is a snack bar below, and so forth—that we will recess until 1:15 p.m., at which point I would like to be able to ask of the panelists questions for both of you, and then we will go to the next panel.

    Thank you very much.

    [Recess.]

 Page 77       PREV PAGE       TOP OF DOC
    Chairman LEACH. The hearing will reconvene.

    Let me begin the questions with you, Mr. Douglas. It is about the concept of intervention through sting. Do you think that is an appropriate law enforcement technique?

    The modest effort that the Committee went through with your assistance seemed to reveal a wide ranging problem. Do you think this is an appropriate circumstance for such techniques?

    Mr. DOUGLAS. Absolutely, Mr. Chairman. And I think you will probably recall from my testimony two years ago, I believe in the conclusion I said, somewhat perhaps in a minimalist approach, that one Federal law enforcement officer with a fax machine, a computer, and a telephone could catch these criminals and get things underway.

    Well I think we have proved that in the survey that we conducted out of your offices on August 30th. None of us are exactly the most seasoned of criminal investigators, and yet it is very easy to catch these folks.

    And as the exhibits and other documents that I have provided to your staff over the last two years I think adequately demonstrate, it is right in front of our noses. I heard the discussion between you and Mr. LaFalce and the FTC representative trying to thrash out a little bit about whether there could be criminal prosecution for advertisements. I can certainly see some Constitutional issues there.

    But on the civil side, the State of Massachusetts, who was represented in this hearing two years ago, both prior to that hearing and subsequently, was extremely effective within their State, to the point of many information brokers specifically advertising in their ads that they will not take cases in the State of Massachusetts.
 Page 78       PREV PAGE       TOP OF DOC

    So that tells you that if you crack the whip a little bit they do pay attention. But the way that they often went after them was just in the wording of the advertisement alone under Massachusetts State provisions very similar to the Federal provisions dealing with unfair and deceptive trade practices, bringing the ads themselves into question.

    So when you see ads that claim a 90 percent hit ratio, when you see ads such as one we have today that the print is so fine you can't see it from the podium, I'm sure, but talks about accessing proprietary databases—that is Docusearch's ad, who until just recently was saying that they were accessing Federal databases, Mr. Chairman.

    And many of these ads reference that they access the Federal Reserve's databases.

    Well you and I both know that that is not the truth. They know it is not the truth. And I have spoken publicly so much about Docusearch that he changed that portion of his ad to say ''a proprietary database.''

    So I think the FTC, just on the ads alone, could send cease and desist letters very similar to what we have seen them do just in the past two to three months in other scam type operations that have gotten a lot of publicity in the news.

    Chairman LEACH. If I could interrupt for a second, I asked earlier if there was a representative of the FTC still here.

 Page 79       PREV PAGE       TOP OF DOC
    [Audience person so indicates.]

    Chairman LEACH. Good. And you are taking notes. Thank you.

    Mr. DOUGLAS. And if I could so say——

    Chairman LEACH. Please.

    Mr. DOUGLAS. I would be more than willing to share my database with them. I have got over 2000 e-mails documenting where this is going on, in what chat rooms it takes place, where information is traded and, without saying much more, I have shared some of that with the FTC before.

    Chairman LEACH. Well I thank you.

    I will tell you, I have never known of a citizen taking on an issue in such an interesting way. I think the public sector and the public are in your debt.

    Mr. DOUGLAS. That's very kind of you.

    Chairman LEACH. I am deeply appreciative of your efforts.

    Mr. DOUGLAS. Thank you.

    Chairman LEACH. Shon, I am intrigued at two aspects of your dilemma. One is that you thought through the prospect of changing your Social Security number.
 Page 80       PREV PAGE       TOP OF DOC

    Has the Government been cooperative in helping in that regard? And is this an easy thing to do?

    Mr. BOULDEN. No, it is not, because if you change your Social Security number, well the first point, if you try to change your Social Security number they want me to have a substantial amount of evidence that there is fraud going on, which I need to contact individual creditors and get the actual applications of where the identity thieves have actually put in my Social Security number.

    Chairman LEACH. And they may consider that to be a privacy invasion of a crook.

    Mr. BOULDEN. And I cannot get any of that information without a subpoena from a law enforcement agency.

    Chairman LEACH. Well this is a dilemma that we might want to think through and talk to the Social Security Administration about.

    The second aspect that has been discussed in other environments, and a little bit earlier in the Committee before, that is today, that what happens when an individual identifies that he has been misrepresented, how does one clear one's name?

    And whether the methodologies are in place in this regard, if we think in terms of an FTC whether there are standardized procedures that credit agencies can be expected to follow, and whether these procedures are reviewed so that credibly someone can take the appropriate steps in the appropriate way.
 Page 81       PREV PAGE       TOP OF DOC

    I know from the testimony several years ago of the doctor from the Mayo Clinic, this issue persisted and persisted and persisted. And in her case it almost destroyed her medical practice, she had to spend so much time trying to figure out how to put her life together in terms of finances.

    I can think of a young guy—and I do not know if you are single or married—but, I can visualize walking into a jewelry store and saying ''I want to get an engagement ring,'' and how difficult that might be if it were to be on credit.

    And just so many different episodes that could occur. And so it is conceivable that an aspect of this is to shift Social Security numbers. And I do not know just how ready those facilities are.

    I am just thinking in terms of common practices of, for example, the FTC or the banking regulators might be interested in, that I can see where a bank would be hesitant to give out information data on somebody else, even though that person is criminal, but they certainly can give out affirmations that such exists; and that that might be part of a process by which one can go forward with either new Social Security numbers or new credit arrangements with other institutions.

    I will tell you, this Committee is going to write you a letter of appreciation for your testimony that might be used by you as evidence to indicate that improper circumstances have occurred in your life.

 Page 82       PREV PAGE       TOP OF DOC
    Mr. BOULDEN. Thank you.

    Chairman LEACH. Ms. Hooley.

    Ms. HOOLEY. Thank you, Mr. Chair.

    Mr. Douglas, thank you for your testimony. It was terrific. Let me ask you a little bit about the credit header. If I were to get information, how do I get information from a credit report, and how is that information sold, and who is it sold to, and by whom, and do you think it is important to eliminate Social Security numbers from the credit header?

    Just talk to me a little bit about how it is used, what happens to it, who it is sold to, all of those things.

    Mr. DOUGLAS. Sure. The process essentially works like this:

    The credit reporting agencies, I think for the most part the big three, resell the credit header information. For those who are not aware of what that is, that has classically been considered the biographical, sometimes I think with a misperception believed to be commonly and publicly available information—in fact, I have often heard it referred to as ''the publicly-available biographical information.'

    It is literally above the break-line on a credit report where the credit reporting data begins. That is why it is called ''the header.'

 Page 83       PREV PAGE       TOP OF DOC
    It is legal to sell that information, or it has historically been legal to sell that information. And it is sent out and sold, and repackaged by information brokers—I will use that term, and I do not mean that in the same phrase that I am using in regard to these criminals I am talking about——

    Ms. HOOLEY. Right.

    Mr. DOUGLAS. And it is repackaged in a number of different ways. I will give you an example, and I wish I had brought one with me today, but it is the example I used in part over at the Pentagon.

    It is repackaged in one instance into a product called ''Faces Of The Nation.'' By simply providing two pieces of matching information to the credit header, whether it be a name, an address, name and Social Security number, any two pieces, birth date, any two pieces, it will spit back to you a product that will include all of the biographical data maintained by the credit reporting agency, sometimes including employment information, sometimes including mother's maiden name, which as we all know is an access point for many security systems around the country, and will have information, incredibly enough, about neighbors, their names, addresses, and phone numbers.

    So that the potential privacy aspects, if you will, start to spider out to others who were not even involved in the initial investigation. Other public records. And all of this is legal. All of this is public record information compiled into one report by means of, beginning with the credit header, boating information, automobiles, DMV information, telephone information, professional license information.
 Page 84       PREV PAGE       TOP OF DOC

    The typical report, one that I pulled on an officer, a high-ranking officer in the military, ran to about seventeen pages. It includes information about relatives. In fact, that is one way you can track relatives of an individual.

    So in the hands of a stalker, in the hands of others, it is very potentially dangerous.

    At the same time, it does have many potentially good uses, and I used it as a private investigator for many years for what I would hope to be valid reasons.

    The problem is, there seem to be more and more people like we see on the internet just selling it—literally where you just fill in blanks on the screen and get it back within a minute or two, or certainly within a day.

    And with that level of access, there seem to be even the informal checks and balances that existed between the private investigative and the credit reporting and the information broker agencies have evaporated.

    And remember, it is not only available to U.S. citizens, but anyone around the world. So the barriers are no longer there. And I have been talking for several years now, and appearing before many committees on the Hill here, that there need to be further restrictions to the credit header in compliance with the FCRA, which I think still give the opportunities to lawful investigators by restricting the access to those who might do harm to others.

 Page 85       PREV PAGE       TOP OF DOC
    Ms. HOOLEY. So do you think the Social Security number should be eliminated from the header?

    Mr. DOUGLAS. I was afraid you would remember that you had asked that question.

    Ms. HOOLEY. I did remember.

    Mr. DOUGLAS. It is a very complex issue. It really is. I get asked that every time I am up here, usually phrased more as should we do away with the Social Security number altogether.

    Yes, I would say in open access to Social Security numbers I think at this point we have crossed the line and you have to restrict it, because it is the starting point to all information contained in these massive databases, both maintained within the Government, but even more so today in the private sector.

    I mean companies like Axiom, Microstrategy right here in the DC. suburbs, this is how they are making their living, is compiling all this information on all of us.

    On the one hand it is driving the information age and is leading, I believe, is really responsible for leading the economy the way it has been going for many years. We are an information society and we lead the world in that area.

    At the other side, we need to balance that with who is going to have access under what circumstances. And I would tend to lean toward restricting it under the FCRA.
 Page 86       PREV PAGE       TOP OF DOC

    Ms. HOOLEY. OK. Thank you.

    Shon, thank you very much for being here today and taking your time to come out and testify in front of the Committee. You did a great job.

    I would like to also introduce Jolene who is in the audience, who came with Shon. Thank you for coming.

    Shon, tell me a little bit about—one of the things this bill requires is that if fraud has been committed that you notify the credit bureaus, they put a fraud alert in, which means that you may ask them if anybody is looking for my credit. You put a fraud alert in.

    If you are going to give anybody credit, you have to call me at home.

    Did you put a fraud alert on your credit reports?

    Mr. BOULDEN. Yes, I did.

    Ms. HOOLEY. When people, when they gave credit to other people, obviously, I mean if you have got 12 different people using your Social Security number, did you ever get a call?

    Mr. BOULDEN. No. Not once.

 Page 87       PREV PAGE       TOP OF DOC
    Ms. HOOLEY. Not once.

    Mr. BOULDEN. And when I checked—I put the fraud alert on, and a couple of months later I had checked back with the credit bureau and one of the representatives had told me that there were more names that had been removed and now there are new names on my credit report.

    Ms. HOOLEY. So even though they had removed names, they now were adding new names because other people were still using it?

    Mr. BOULDEN. Yes. Creditors were still applying that information——

    Ms. HOOLEY. Even though there was a fraud alert on it?

    Mr. BOULDEN. Yes.

    Ms. HOOLEY. Do you have a credit card?

    Mr. BOULDEN. No, I don't.

    Ms. HOOLEY. Can you get a credit card?

    Mr. BOULDEN. No.

 Page 88       PREV PAGE       TOP OF DOC
    Ms. HOOLEY. How do you——

    Mr. BOULDEN. I tried to get a secured credit card through U.S. Bank, which, you know, it takes money out of your own account.

    Ms. HOOLEY. Yes.

    Mr. BOULDEN. And they would not give me a secured credit card, which is the first step to getting your credit straight.

    Ms. HOOLEY. So how do you do sort of like, I guess what I think of as normal things, I mean if I am going on a vacation I call and I, you know, reserve a hotel, or a rental car, or airplane tickets via credit card.

    I know we used to do these without credit cards, but nowadays that is how you reserve most hotel rooms. How do you reserve a hotel room?

    Mr. BOULDEN. I don't. When I go on vacation, I just try to find a room and pay cash.

    Ms. HOOLEY. So you really can't make it ahead of time then.

    Mr. BOULDEN. No.

    Ms. HOOLEY. So you are really at a disadvantage. And if you wanted to take out a student loan, can you get a student loan so you can go to school?
 Page 89       PREV PAGE       TOP OF DOC

    Mr. BOULDEN. I don't think so.

    Ms. HOOLEY. OK.

    Mr. BOULDEN. Any kind of credit, I've tried to apply for even a Myron Frank card, which in high school my friends were getting Myron Frank cards and they were, you know, trying to build their credit and start there, and I had gone there and they denied me. And I didn't know why. And, you know, that was about when I was eighteen years old. And I really didn't know anything about how credit worked, or how the credit bureaus worked, and all that kind of stuff.

    Ms. HOOLEY. You have had an education.

    Mr. BOULDEN. What's that?

    Ms. HOOLEY. I said, you have had an education.

    Mr. BOULDEN. Yes.

    Ms. HOOLEY. Maybe not the kind of education you wanted, however.

    Mr. BOULDEN. Yes. I do know a lot about the situation now and have talked to other people about it.
 Page 90       PREV PAGE       TOP OF DOC

    Ms. HOOLEY. How long had this been going on before you found out about it?

    Mr. BOULDEN. All the fraud?

    Ms. HOOLEY. Yes.

    Mr. BOULDEN. I think the earliest case might have been 1996 or 1997.

    Ms. HOOLEY. OK. And then——

    Mr. BOULDEN. I think the individual—somehow my Social Security worked for them. My Social Security number worked for them. Maybe because I had never established any kind of credit.

    Ms. HOOLEY. So they were using it before you had even established credit?

    Mr. BOULDEN. Yes.

    Ms. HOOLEY. OK. Thank you again for coming and talking about what happened to you. I cannot imagine anything, Mr. Chair, more frustrating than to be caught in this situation with somebody just starting out with trying to build their life and build a good credit rating, how awful this must be.
 Page 91       PREV PAGE       TOP OF DOC

    Chairman LEACH. I want to thank you for suggesting that Shon would be a witness for the record, because I just think putting a personality behind something is important.

    How old are you, Shon?

    Mr. BOULDEN. Twenty-two.

    Chairman LEACH. And do you have a job?

    Mr. BOULDEN. I was working for a guitar store for two years, and then it went out of business last month.

    Chairman LEACH. OK, so you would be an employee of a tire store?

    Mr. BOULDEN. Yes.

    Chairman LEACH. OK, and are you going on to college at all? Are you going to junior college?

    Mr. BOULDEN. My community college, yes. It is kind of tough for me right now, because I am paying for all my college myself right now.

 Page 92       PREV PAGE       TOP OF DOC
    Chairman LEACH. I understand.

    Mr. BOULDEN. And I cannot get credit to pay for that kind of stuff, so it is a little hard.

    I am trying to make an effort to get that done. This is probably the first thing that I am trying to fix in my life right now—is my credit situation.

    Chairman LEACH. Let me just thank you again; also to underscore how appreciative I am of Mrs. Hooley and her efforts in this area, as well as her bringing you out here or suggesting that you come out here. Thank you.

    Mr. BOULDEN. Thank you, Mr. Chairman.

    Chairman LEACH. One last question for you, Mr. Douglas. Maybe it was too hurried, but I did not get the subtleties of the new issue, to me at least, of how telephone companies become so easily involved.

    Can you go through an example? I mean, let us say you have a dishonest intent in mind against an individual.

    How would you start with the telephone company, and what would be the process you would go through?

    Mr. DOUGLAS. OK. Historically, phone record information has been for sale and has been being accessed through the same pretext methods that we discussed two years ago against financial institutions.
 Page 93       PREV PAGE       TOP OF DOC

    With the advent of GLB and some of the attention that has come to pass, the criminals that are doing this are finding it is easier to start to gather the pieces of biographical data they need to assume the identity of the subject that they want to impersonate with the financial institution via the phone company's own databases.

    So, we have two situations here. One, historically, the phone company was involved as a piece of financial pretext, because one of the most common methods used can be against the consumer themself.

    It will start like this. The information broker will call the phone company impersonating the subject of the investigation by just having the phone number, even a name and address, and giving some excuses as to why they need some information—there is a problem with their phone bill, they need to make a change on the account.

    They convince the phone company to open up their database to look at their computer screen and confirm or pass on information.

    It is done as a con. If you know a few pieces of information, you normally can convince an operator on the other end or a customer-service representative that you are that person.

    Sometimes through posing relatively crafty questions, or sometimes not, just saying, you know, ''Well, gee, what are you showing me there for that second phone number in the house?'' or, ''My wife just got us an unlisted number; I have lost track of it; what has she got on that second line?''
 Page 94       PREV PAGE       TOP OF DOC

    Because they are already convinced in their mind that you are who you are posing to be, they just start reading anything off the screen.

    I think the Chairman is aware—as I finished up my testimony this weekend, I found a case right in your home State in the Des Moines Register of a woman who is now suing MCI because her ex-husband/stalker was calling the phone company and, not even trying to impersonate her, was just claiming—some of this is a little bit of assumption from the article, knowing how these things work—to still be her husband and have a rightful knowledge to the information, even though this woman kept calling the phone company and putting them on alert that she was being stalked by this man and her friends were.

    Under subpoena, the phone record showed a warning on the account not to give out account information.

    All right, how it ends up being part of the financial pretext is, once they have gathered enough information about the account with the phone company, they will then call the consumer and pose as a representative of the phone company, and, ''Gee, Congressman Leach, your phone bill is overdue. We do not want to shut it off. Did you pay the bill?''

    ''Well, of course I did.''

    ''Can you go get me your checkbook, and let's check your information against what we might have on this end, so we can double-check. We do not want to put your credit in jeopardy with the company or put your account in jeopardy with the company.''
 Page 95       PREV PAGE       TOP OF DOC

    So, you immediately rush off, because you want to prove you paid the bill.

    You get your checkbook, and they say, ''Well, gee, what check number was that? We will check it against our database. Maybe it got lost in the shuffle.''

    Being a trusting person, you give out the check number.

    ''And how much was the check for? Let's match it against your balance.''

    ''Well, I paid $94.92 here.''

    ''Well, that matches up, Congressman Leach. All right, for the last track, just read me those numbers across the bottom of the check there.''

    ''OK, 5——''

    And, that is the routing number, that is your account number, and that is the check number encoded in the numbers at the bottom of the check.

    Now, the information broker has all of your account information, can call your institution, and pose as you, because they have got your biographical data, they have got your account number.

    They even know about what check number you are at based on when you wrote that check to the company.
 Page 96       PREV PAGE       TOP OF DOC

    So, if asked for a check number, they can say, ''I do not have it with me, but I am right around check—you know, 1043,'' with a fairly safe guess that they have done that.

    You are starting to ring true now to them. Now you can get the exact balance in the account and start looking at what other information that bank may hold and with certain——I mean, we just saw the merger announcement of Chase and—I am forgetting who else right now—but with these conglomerates that are out there.

    Quite frankly, with GLB opening up other areas, once you are in, you are in.

    Now, if you have convinced somebody, whatever they have got access to on that screen becomes fair game.

    So, I hope that is helpful. Now, the final piece of that puzzle is we now have—and we have advertisements over here of seminars—secret seminars—being held around the country by a woman by the name of ''Michelle Ma Bell Yontiff'' is how she bills herself, teaching supposedly private investigators, information brokers, and here—does this ring a bell from two years ago—law enforcement.

    Now, I am not here to say that law enforcement is attending these, but the door appears to be open. Maybe somebody ought to go.

 Page 97       PREV PAGE       TOP OF DOC
    If they do not want to go to that trouble, I have the materials. I penetrated it myself, and I have got the materials that they are handing out.

    You will note some of their own quotes in the advertisements refer to—beg my indulgence one second—''With so many of our tools of the trade,'' in quotes, ''being taken from us by recent privacy laws, this is a must-attend seminar. There is no recording of any kind will be permitted. Extensive security measures.''

    They use metal detectors on people coming in to be sure there are no recording devices coming in.

    She will show you how to skip-trace and locate like never before by using the telecom as a database.

    In some of those several thousand pieces of information that I have categorized and put away over the years, there is a lot of traffic about these seminars, one of which took place in your home State just within the last month, this one in Los Angeles.

    As of this morning, I saw six more that are planned over the next three months around the country, where 100 to 200 private investigators and information brokers are attending at a time and are being taught the lingo, the workings.

    I have a glossary book that runs to over a thousand entries of terminology used within the telephone companies.

 Page 98       PREV PAGE       TOP OF DOC
    So why? So, when you call them, you know how to sound like you work within the phone company.

    Chairman LEACH. It used to be said that it was—the old Communist Party of the United States was—no one could get the right number on it, because most of the people that attended the meetings were FBI agents.

    I hope this next seminar has someone from the FTC and the Secret Service.

    Mr. DOUGLAS. Can I make one final point, especially in particular reference to Shon?

    Chairman LEACH. Yes, go ahead.

    Mr. DOUGLAS. Over the last two years, Mr. Chairman, I have spoken to a number of groups around the country, and I have gotten in the habit of making it personal for them in many ways.

    One of the questions I always ask is how many people in the room—and we could almost do it here, I bet—how many people in the room have either been the victim of identity theft or know somebody, either a relative or friend, who has?

    Invariably, around 50 percent of the hands go up. We know that the statistics are running upward of 500,000 cases a year.

 Page 99       PREV PAGE       TOP OF DOC
    These are Government statistics, not Rob Douglas statistics, and an average loss of $17,000 per case. Do the math.

    What I have also taken to saying is, ''If this were the situation and it was a medical problem, it would be considered The Plague.''

    Yet, we really do not see much going on to address this at a law enforcement level. I listened to the Secret Service this morning talk about organized crime.

    It is clear that organized crime is involved in this, and $100,000 thresholds at U.S. Attorneys' offices are laughable.

    It is ridiculous, and those numbers could be reached by aggregation if they did a little digging, because these are not just one guy going and dumpster-diving.

    These are teams of professionals doing this, and with a little scratching, you would find the $100,000 threshold met through aggregation of the case.

    You could use RICO. You could use other organized-crime statutes.

    I do not mean to take up the Chairman's time, just I get a little frustrated.

    Chairman LEACH. Well, I appreciate that, and I think the notion of RICO ought to be reviewed in this context.
 Page 100       PREV PAGE       TOP OF DOC

    I will just conclude with, two years ago you were on a panel and one of your other panelists was someone who participated in disreputable practices.

    What he was really saying is that ''we are particularly vulnerable as a society despite our laws because of the nature of Americans.''

    He did not say it this way, but that is what he meant, that is, Americans are very trusting.

    So, a nice voice calls up a bank—an interior person—and they believe him.

    He gave the example. He would call up a bank. He said he never failed, ever, to get information.

    That is a very strong statement. Never failed, and he gave the example of a bank.

    They said, ''Well, what is your mother's maiden name?'' They apparently had this on record, and he said, ''Well, it is Smith.''

    The person on the other end of the line says, ''No, it is not,'' and he says, ''What do you have down there?''

 Page 101       PREV PAGE       TOP OF DOC
    They say, ''Well, we can't tell you,'' and he goes into this fake offense and says, ''You have messed up my records again. I'm going to call the president. You know it's Smith, and I know it's Smith. I'm calling your president.''

    They say, ''Well, we'll change it,'' and so they change it to Smith. They give out the information.

    Then, the real person calls, and they are asked, ''What's your mother's maiden name?'' They give Jones.

    ''No, it isn't.'' They've already changed it on behalf of the first guy.

    Well, Americans are a trusting breed, and so one of our problems is how do you deal with the dilemma with the massive trust of the American populace.

    I mean, it is not the fault of banks. It is not the fault of—I mean, it is not an institutional fault. It's a human-nature circumstance of this country.

    So, what do we do to limit it at an absolute minimum? Now that it is Federal law—not State law—it is Federal law—that one would think that the law enforcement people in the United States would make this an extraordinarily high priority.

    Mr. DOUGLAS. One would think.

    Chairman LEACH. And, if we do the math that you just suggested and cut it by a tenth on the assumption that that might be invalid, it is still extraordinary—absolutely extraordinarily.
 Page 102       PREV PAGE       TOP OF DOC

    What it does to people, my guess is, for every Shon that has really fought the system, there are a dozen that don't even fight and don't know what to do, and are just beleaguered and just live a beleaguered life, and might even feel guilty about it.

    I mean, it is almost as if the innocent become the guilt-infected, I mean, because possibly Shon left a wallet somewhere at some time in his life.

    So, is he at fault? And obviously, he isn't.

    I appreciate very much your testimony, and I thank you very much.

    Mr. DOUGLAS. Thank you.

    Chairman LEACH. Our final panel consists of Mr. Richard H. Harvey, Jr., who is Vice President of Chevy Chase Bank, one of the truly respected banks in the Nation's Capitol, on behalf of the American Bankers Association; Mr. Stuart K. Pratt, who is Vice President of the Associated Credit Bureaus, Inc.; Mr. Ronald S. Plesser, who is Coordinator of the Individual Reference Services Group; Ms. Janine Benner, Consumer Associate of the California Public Interest Research Group; and Mr. Bruce H. Hulme, who is President, Special Investigations, Inc., on behalf of the National Council of Investigation and Security Services.

    We will begin with Mr. Plesser.

STATEMENT OF RONALD L. PLESSER, COORDINATOR, INDIVIDUAL REFERENCE SERVICES GROUP
 Page 103       PREV PAGE       TOP OF DOC

    Mr. PLESSER. Mr. Chairman, thank you so much for calling on me first.

    Privacy is a very popular issue these days, and there is a conference up at the Shoreham that I am supposed to be at and give a presentation to, really, at 2:30.

    So, if I leave a little early, I hope you understand that.

    The Individual Reference Service Group is delighted to be here. Bob Glass of LEXIS-NEXIS represented the Individual Reference Service Group two or three years ago in your hearings, where I think he came up and we very much supported the Chairman's legislation on pretext interviewing and the abuses in the system.

    We very much support the efforts that was referred to before to eliminate the abuses of the system.

    But, in eliminating the abuses of the system, I think it is very important not to eliminate the benefits of the system.

    It is that balance that I think we would like to work with you and continue to work with you.

    The IRSG represents a leading information industry companies including major credit reporting agencies that provide commercial information services to help verify the identity of or locate individuals.
 Page 104       PREV PAGE       TOP OF DOC

    Customers use Individual Reference Services for a variety of purposes.

    They include finding witnesses, heirs, pension beneficiaries, hidden assets.

    Indeed, regulations issued by several Federal agencies require the use of these types of services.

    For example, if you are going to wind up a pension fund, you have to use the look-up services to find anybody who is entitled to money under that fund.

    Tracking down missing and exploited children, finding deadbeat dads.

    Let me stop at deadbeat dads. It was brought up before, and I think it really focuses a critical issue.

    The Individual Reference Service Group opposes and has opposed in regulation, in self-regulation, and would support appropriate regulation that would limit the display or sale of Social Security numbers to the public.

    We don't think it belongs on the internet. We think we have had a good role in keeping it off the internet.

    But, that is not to say that there are not uses of the Social Security number, indeed, including those that come from credit-header reports.
 Page 105       PREV PAGE       TOP OF DOC

    Typically, in a deadbeat dad situation, the spouse will know the Social Security number, so companies like LEXIS or other companies that provide this information will never display the Social Security number.

    What they will do, though, is, if the inquiry comes in with—the person making the inquiry comes in with a Social Security number, then they will identify the current address, the name of the person that they have.

    This allows, for example, in deadbeat dads, about a 50 percent find rate to be increased up to a 95 percent find rate.

    We think this is the way to balance the interests, allows Social Security numbers to be used to make sure that we're using and finding the right person, but never let it be displayed or disclosed to the public.

    It is also used to locate blood, bone, and organ donors, verifying the identities of contributors to political campaigns.

    Each of the companies that belong to the IRSG has adopted self-regulatory principles governing the dissemination and use of personal data.

    The IRSG developed these principles in 1997 in conjunction with the Federal Trade Commission.

 Page 106       PREV PAGE       TOP OF DOC
    Although it was not mentioned this morning, the Federal Trade Commission in December of 1997 issued a very extensive report on look-up services and said, because of the self-regulatory activity, that they did not see the need for legislation at that time.

    I am not sure that I know of anything that has changed that.

    I think they are responding to requests here, but, clearly, as recently as 1997—and there is no reason to change—they supported the industry's activities and thought they were positive in controlling the use of credit-header information.

    When this Committee adopted the Fair Credit Reporting Act amendments in 1996, they tasked the Federal Reserve Board with looking at Individual Reference Services and these look-up lists and services to find if they led to identity theft, which seems to be the undercurrent of the question here.

    In fact, they found no evidence—and, I want to be very careful. I think they said that they were concerned about it.

    But, they said there was no evidence—absolutely no evidence—that the look-up services created or led to identity theft.

    I think that the case that we like to make is that these services which allow financial institutions and others—to make sure they know who they are dealing with and to locate the person—the people that they need to deal with—that it avoids identity theft.
 Page 107       PREV PAGE       TOP OF DOC

    In fact, the Secret Service, who is here this morning, many Federal agencies use the look-up services to make sure that they can locate and identify the right people.

    We believe the customers we work with, I think—well, I don't think. They will support the proposition that it decreases identity theft rather than increases it.

    As part of these principles, companies commit, among other things, to restrict their distribution of non-public information through appropriate safeguards.

    One such safeguard prohibits the display of Social Security numbers and dates of birth in Individual Reference Service products distributed to the general public and for products distributed to professional and commercial users.

    So, if you are a lawyer and you have LEXIS-NEXIS or Weslaw, one of the services, and you want to locate an individual, you can get the credit-header report, but you will never get the full Social Security number nor the full date of birth.

    That was before Gramm-Leach-Bliley and hopefully will survive Gramm-Leach-Bliley, depending on how the regulations are interpreted.

    The IRSG does have litigation in terms of the interpretation of Gramm-Leach-Bliley by the FTC, not challenging the legislation, but challenging the regulations.

    The products offered by the Individual Reference Services are used in the fight against identity theft where verifying an individual's identity is crucial—bank, credit card companies, and other types of credit institutions, as well as gas, electric, telephone, utility companies and Government agencies distributing public entitlement programs are all increasingly becoming plagued by frauds, who use an existing person's identity to illegally extract product services and monies.
 Page 108       PREV PAGE       TOP OF DOC

    We think the look-up services, as well as credit reporting services, help to eliminate those frauds, not increase them.

    I want to conclude quickly in just saying that H.R. 4311 would directly affect Individual Reference Services.

    Primarily, it would cut off most of the information coming through credit headers.

    Again, I think there's two points here, and perhaps, if Mr. Douglas is called back, maybe if we refined the question, he might answer it slightly differently. I'm not sure.

    But, we support the idea that credit-header information should not be displayed or sold to the general public.

    To the extent that there's legislation that this Committee is working on that goes to that end, I think my members would be helpful and supportive of the effort.

    However, at the same time, we need to be able to use a Social Security number to make sure that we are dealing with the right person, we're not confusing people, and that we do have a means of verifying identity.

    So, we look forward to working with this Committee on this process, and thank you very much for having me this afternoon and the courtesy of letting me go first.
 Page 109       PREV PAGE       TOP OF DOC

    Chairman LEACH. Thank you for your testimony, and you may leave at any point that you so desire.

    We'll now turn to Mr. Harvey, who is the Vice President of Chevy Chase Bank, and we welcome your testimony, sir.

    Mr. HARVEY. I would like to thank you, Mr. Chairman, for holding these hearings——

    Chairman LEACH. Excuse me. If I could just ask you to hold on. Without objection, all full statements will be placed in the record.

    If you wish to summarize or proceed in any manner you see fit, you're welcome to.

    Ms. HOOLEY. Mr. Chairman.

    Chairman LEACH. Excuse me, Ms. Hooley.

    Ms. HOOLEY. Just a real quick question. Mr. Plesser is not going to be here for questions, is that correct?

    Chairman LEACH. I think it is only fair that the other panelists be allowed—if you had one quick question——
 Page 110       PREV PAGE       TOP OF DOC

    Mr. PLESSER. I will be happy to answer any question your office has, on the record.

    Chairman LEACH. All right.

    Mr. PLESSER. Whatever the Chairman would like.

    Chairman LEACH. I will say this is a fairly informal hearing, and, because you've got a position slightly different than Ms. Hooley's, why don't I—just for one question——

    Ms. HOOLEY. If you wouldn't mind. Just one quick question.

    Chairman LEACH. Please, go ahead.

    Ms. HOOLEY. You know, you talk about your need for Social Security numbers for making sure you're dealing with the right person and these are legitimate purposes.

    My question is why can't you use their address and date of birth to verify that you're dealing with——

    Why do you need to use Social Security numbers and not some of those other identifiers like date of birth, address, and so forth?
 Page 111       PREV PAGE       TOP OF DOC

    Mr. PLESSER. Well, date of birth, as a result of the Transunion case by the FTC which is now under appeal, but their latest pronouncement, the month and year of birth, would not be included in the credit-header information.

    So, we're facing losing both elements, number one.

    Number two, I think that, you know, it's all a level of quality. You know, no one is going to come up here and say the sky is falling on either element.

    But, certainly, the Social Security number, particularly when somebody has it to begin with—an ex-employer, an ex-spouse, and can go forward with it—it becomes a very positive way of identifying the right person.

    Often, an ex-spouse or if you are looking for a witness, you don't know the address.

    I mean, that is the whole—if you knew the address, you wouldn't be using a look-up service.

    I mean, look-up services is basically used to find current address, so, if you had that, you wouldn't need it.

    You have the name, but often names—I'm Ronald L. Plesser. If I decided to beat child-support payments, which I am not interested in doing and happily married with two kids, but, if I did, maybe I'd change my name to Richard Plesser.
 Page 112       PREV PAGE       TOP OF DOC

    Or, it would become R. Plesser, or it would become some Reginald Plesser. It would become some derivative that I could probably kind of work into my records that would be hard to find me.

    My name is a little bit unique, but, if there's somebody with a Smith, Jones, or Jenkins or other name that is a little bit more common, I think the Social Security number is a very critical element to make sure you are dealing with the right person.

    Ms. HOOLEY. Thank you, Mr. Chair, for your courtesy.

    Chairman LEACH. Mr. Harvey, we're to you.

STATEMENT OF RICHARD H. HARVEY, JR., VICE PRESIDENT, CHEVY CHASE BANK, ON BEHALF OF THE AMERICAN BANKERS ASSOCIATION

    Mr. HARVEY. Thank you, Mr. Chairman. I would like to thank you, Mr. Chairman, for holding this hearing.

    Your leadership has been instrumental in passing critical legislation on identity theft, and particularly on pretext calling over the last few years.

    These strong laws, which ABA strongly supported, make it a Federal crime to obtain customer information by false pretenses or to use stolen identity information.
 Page 113       PREV PAGE       TOP OF DOC

    While we appreciate the continuing concern of Members of Congress on this issue, we believe that these changes are so significant that no new legislation is necessary at this time.

    Rather, the primary focus needs to be on enforcement of these laws.

    At ABA, we have developed a number of measures to provide identity theft information to our customers.

    The first is an identity theft communications kit. This kit contains materials to help banks educate their customers on how to prevent identity theft and how to resolve cases of those individuals who have become victims of identity theft.

    I have included in my written statement several consumer tips from this kit.

    We encourage you, Mr. Chairman, and your colleagues to use these documents in your own communications with your constituents to tell them how to protect themselves from identity theft.

    Chairman LEACH. If the gentleman will withhold for a second, let me instruct staff. We ought to have their kit on our internet site, too.

    That would be very helpful. Please go ahead.
 Page 114       PREV PAGE       TOP OF DOC

    Mr. HARVEY. Again, we would encourage you, Mr. Chairman, and your colleagues to use these documents in your own communications with your constituents to tell them how to protect themselves from identity theft and what to do if they should ever become a victim of such a crime.

    The greater the awareness of the American public on this issue, the greater the hope that this crime can be prevented.

    The second is a training manual for spotting and avoiding pretext calls.

    This manual, developed with the assistance of Rob Douglas, is designed to train bank employees about common pretext methods and how to recognize, deal with, and stop suspected cases.

    ABA has also provided to members a consumer privacy training video to help educate bank employees.

    The ABA has been involved in other outreach programs as well, including media tours and a video news release on preventing identity theft.

    These programs have reached audiences totaling well over 60 million people.

    Mr. Chairman, banks have every interest in finding workable methods to preventing this crime, as the losses banks suffer in these cases are staggering.
 Page 115       PREV PAGE       TOP OF DOC

    In fact, three out of every four dollars lost by a community bank to check fraud was due to some form of identity theft.

    The new laws enacted over the last two years are sufficient to punish criminals who benefit from stealing another's identity.

    While we certainly appreciate the spirit in which H.R. 4311 is offered, we believe that additional legislation is not needed to prosecute pretext and identity theft criminals at this time.

    Credit card and other financial institutions have security measures in place, such as confirmation of identity before a credit card can be activated, that are best suited for their particular circumstances.

    Unfortunately, criminals are always trying to outsmart my industry, and any mandated requirements will only be temporarily effective as these criminals find ways around the new rules.

    When that happens, all that is left is added expenses for regulatory compliance for the card issuer, drawing funds away from more effective solutions and raising the cost of credit to our customers.

    Mr. Chairman, I appreciate the opportunity to appear before this Committee to discuss this important subject.
 Page 116       PREV PAGE       TOP OF DOC

    I look forward to answering any questions you or the Committee may have.

    Chairman LEACH. Before turning to the next witness, we have a little less than eight minutes on a vote.

    I think it would be unfair for you to start before that, Mr. Pratt, and so I will recess and come back after the vote.

    But, I did want to just underscore one point of Mr. Harvey's, and I am looking for it in the testimony.

    I wasn't following it. You said three out of four dollars lost. In what context?

    Mr. HARVEY. That is based upon an ABA survey that was in 1998.

    Chairman LEACH. I'm sorry, but three out of four dollars of what?

    Mr. HARVEY. Check fraud.

    Chairman LEACH. Of check fraud.

    Mr. HARVEY. Yes, sir.
 Page 117       PREV PAGE       TOP OF DOC

    Chairman LEACH. Was identity theft?

    Mr. HARVEY. Absolutely.

    Chairman LEACH. Do you have any sense what the total magnitude of that is?

    Mr. HARVEY. We don't have any particular numbers that we can really point to, but we're continuing to research that.

    Chairman LEACH. So, I mean, what you're asserting to the Committee that is so extraordinary is that we're looking at something that is, not only a robbery of bank information, it is a robbery of the bank itself, and that is a very serious thing.

    Mr. HARVEY. Absolutely.

    Chairman LEACH. And, again, why I stress this is that we have a long history in this country of disproportionate and appropriate concern for bank robberies.

    This is another technique of bank robbery that, in my view, has gotten less law enforcement attention than any other technique of bank robbery.

    All I am saying is that the statistics you're placing on the table are very stunning.
 Page 118       PREV PAGE       TOP OF DOC

    That does not necessarily mean that any new legislative approach is wise or unwise. It simply means that attention to compliance with current law is very important, and that there are techniques available and that the lack of assertiveness is self-apparent.

    Mr. HARVEY. We agree with you, Mr. Chairman. In fact, that is why it is so important for us to pursue this from an enforcement standpoint.

    Everyone loses through identity theft, and the banks are suffering tremendous losses in the area of check fraud and other fraud as a result of this.

    We think the laws are in place. We'd just like to see them enforced vigorously.

    Chairman LEACH. Thank you, Mr. Harvey.

    Let me say we will recess pending the vote. It is my understanding it should be a shorter recess than the last recesses, probably about twenty minutes. Thank you.

    [Recess.]

    Chairman LEACH. The Committee will reconvene. Our next witness is Mr. Stuart K. Pratt, who is Vice President of the Associated Credit Bureaus, Inc. Mr. Pratt.

STATEMENT OF STUART K. PRATT, VICE PRESIDENT, ASSOCIATED CREDIT BUREAUS INC., WASHINGTON, DC
 Page 119       PREV PAGE       TOP OF DOC

    Mr. PRATT. Mr. Chairman, thank you very much for your invitation for us to be a part of your hearing today.

    In fact, this is one of those issues that we have been very concerned about for a number of years here within our trade association as well.

    My principal reason for being here today is it is always in part to try to inform and explain what our industry is doing.

    In fact, it is also in part to hear what others have to say about the issue, and we always end up at the end of this experience walking back from this experience with some new information for our own members.

    So, I guess my first commitment to you is that we will visit with the young victim who is here today to learn more about his specific experience, how it worked, why it occurred the way that it did.

    It gives us a chance to look back and see if we have systemic problems that could be fixed.

    For us, this is all about fixing the issue, not just resisting progress. The best indication of that, Mr. Chairman, is the initiatives we released earlier this year.

    In fact, many of these will be online during this quarter.
 Page 120       PREV PAGE       TOP OF DOC

    These initiatives were our first effort to look at and compartmentalize the issue of identity theft and to various portions.

    For example, we have the prevention element, law enforcement. How can we create a real deterrence that ensures that, when people think about perpetrating this crime, that they really understand that there is going to be a consequence?

    You're going to go to jail. That is not the whole solution, but we think that is a very important part of this—is that there is a real robust deterrence effect out there in the marketplace.

    There's really two types of efforts that Congress has taken to, I think, add to the arsenal.

    The right elements, at least on its face, one is the pretexting effort that you have undertaken here in this Committee and passed in this Committee.

    Pretexting is a risk that exposes our own industry to the type of crime that we are concerned about today.

    The other issue is, of course, was the passage of the Identity Theft Assumption and Deterrence Act of 1998, which established a Federal crime.

    Consistent with some questions Mr. LaTourette raised earlier, our industry does a lot of work in the States as well as here in Congress.
 Page 121       PREV PAGE       TOP OF DOC

    We worked with many of the States. I think we have over 30 States now that have a crime statute at the State level, and, as our commitment to you, we will continue to work with States.

    We have been meeting with Attorneys General even during the summer period to encourage the passage of additional crime statutes that will ensure that every State has an actionable point, if you will.

    On the enforcement area, we are also in conversations with the U.S. Postal Inspectors and other law enforcement.

    One of the key questions, again, I think that Mr. LaTourette was—and you yourself—were very on-point with, and that is it is a newer crime and so it is not out there in the general law enforcement marketplace.

    We don't know—every officer out there doesn't really know whether or not this is a crime, doesn't know what crime statute to go to.

    It isn't an easy task, and so I think that there are some efforts that the private sector can help undertake and help to underwrite to ensure that law enforcement is educated about the tools, even the FTC's database, which does allow aggregation of the amount of the crime that is occurring in any particular area.

    So, I think that these are some good efforts that are going forward.
 Page 122       PREV PAGE       TOP OF DOC

    Our initiatives focused on another component of the crime, specifically the area of victim assistance.

    After the crime has been perpetrated, I think there are several questions: Where do I go? How do I fix my situation?

    In fact, we had a chance to meet with the ABA prior to the final product that they produced, and it is a good product.

    In fact, the FTC has produced some excellent materials on how do you go about beginning to extricate yourself from this situation.

    It is a different type of crime. It is different than credit card fraud in its original form.

    It isn't just a matter of whether I am out $50, or whether I call and cancel a card and get another one. It is longitudinal. It is time-consuming.

    The question for us is how to reduce that. Our initiatives are our way of beginning to do that.

    For example, even on a credit history, we'll look at the inquiry section of a file, and, where a consumer says, ''You know, I don't recognize that company; I don't know that I did business with that lender,'' we'll e-mail a transmission back to that lender to make sure that they are aware that they may be at risk.
 Page 123       PREV PAGE       TOP OF DOC

    They may have opened up a fraudulent credit account of some sort. This gives us and the lender and the consumer all a chance to fix it faster.

    That is really, I think, elemental to all of this—how do we fix it faster?

    Another example, which I think addresses some of the issues here, is the longitudinal effect of the crime. We actually hired a former Attorney General to work with us on this project.

    One of the issues with interviews with victims and interviews with our own consumer relations personnel was that we discovered consumer identity theft happens again and again and again over time.

    This is extraordinarily frustrating, and, unlike being able to lock the doors on my house, I can't necessarily know what is happening with my credit history after it has been bought whole.

    One of our initiatives addresses that. We will re-investigate. And you are going to look at your file, and we will pull it together under the Fair Credit Reporting Act duties that we have and there is your file back together, and we think we have taken care of at least the initial round of the crime.

    But, we are committing ourselves to building better products that will then monitor activity on that file, so that, over a period of time—three months—more—we will be able to tell that consumer, ''We have seen some additional file activity on your file. Would you like another copy of your file? Would you like an 800 number to call somebody? Would you like to talk to somebody?''
 Page 124       PREV PAGE       TOP OF DOC

    This goes beyond the law, but it actually, I think, is fairly common-sense. That gives everybody a chance to stay in touch with each other to make sure that the credit history that has been brought whole remains whole.

    It is a twofold benefit. For us, it assures that we have a consumer who is satisfied and it also ensures that we have banks who are confident in the products we produce for safety and soundness and risk management, and all of those things that we do.

    So, for us, it is a practical assessment. There are other elements to this, and I am sure your staff—and, I visited with some of your staff, and, of course, many of you up there as well, and we appreciate the fact you gave us some time to visit about some of these—and this is just our first round.

    We have more work this month. We have more announcements we will be making before the end of this year, and our whole goal here is to try to demonstrate that we are a progressive industry. We are willing to take responsibility and to try to do things better, and to identify systems, procedures, and so on.

    For example, one thing that seems very practical, but just hosting a quarterly conference call with our Fraud Unit personnel allows us to cross-pollinate everything from just different patterns of the crime to also potentially identifying better procedures for serving consumers—standardizing a document, for example, that might be used to validate that the consumer has been a victim.

 Page 125       PREV PAGE       TOP OF DOC
    I want to mention that, in particular, in the Bill. In our formal statement, we have run through various sections of the Bill and tried to describe where our initiatives have a nexus with a proposal in the legislation.

    But the idea of some sort of validating document is still important to us.

    If there is a way to do that, we think it ought to be done as well. We don't know yet what that way is. Is it a police report?

    I was encouraged by some of the way the Bill was structured, though. It talked about various items that might be part of the validating process.

    I think we're on the right track with that sort of thing, so I appreciate the fact that that was an element of the total package that you have put together in this initial proposal.

    We have tried to educate our customers as well. We have sent out 200,000 of this brochure which is used for employees as well, which discusses practical steps such as you don't throw credit reports in dumpsters.

    We would all think that would be self-evident, but, of course, when a business is closing out, they might do that very thing.

    But, this is the kind of effort that we are undertaking to make sure credit histories don't get into the wrong hands.
 Page 126       PREV PAGE       TOP OF DOC

    We have also hired and have now funded an outside certification authority and are putting all of our outside access——

    In other words, if there is a terminal, we want that terminal to shut down within a short period of time, so somebody can't go and browse through credit histories and try to pull data and perpetrate the crime of identity theft.

    So, this is a certification program that Grant Thornton is working with us on and that we have asked them to develop.

    So, this is another part of our effort to do the right thing and to make sure that we are taking preventative steps.

    Our members also partner with our customers. A lot of what we do is in partnership with the customer. They're the ones who help us decide what products make sense.

    We have new risk management products that look at applications to try to decide whether even minor differences in how an application is filled out in total should give the lender a red flag.

    For example, a perpetrative identity theft may not know that Stuart Pratt's address—my street name is Hillbrooke. Hillbrooke could be one word. It could be two words.

 Page 127       PREV PAGE       TOP OF DOC
    In fact, it is one word with an ''e'' on the end, but there might be minor discrepancies throughout an application, which, in and of themselves, don't look like much.

    But, if you added them together and you were able to cross-check against identifying data, you might be able to say, ''You know, this is just enough that we'd better flag that and let our lender know that they need to cross-check that applicant before they open up that line of credit.''

    Obviously, stopping it before it starts makes a lot of sense.

    In closing, we urge you to give us an opportunity to build the kinds of fraud prevention products that we are producing today.

    It does tie in with header data and with Social Security numbers. It is a controversial issue. It is important to us.

    We want to explain the reasons why we would like to be able to use it in limited contexts. We want to put controls on it.

    Similar to what Mr. Plesser said, the Associated Credit Bureaus also believes that there is no reason for Social Security numbers to just be there in the general public for display.

    They should not be sold to individuals, and our members do not sell Social Security numbers and lists of that sort to individuals out in the general public in any fashion.
 Page 128       PREV PAGE       TOP OF DOC

    So, I think our commitment to you is to continue to stay engaged on this process, to be progressive, and do this in the context of this Committee process.

    So, we appreciate very much the chance to be here.

    Chairman LEACH. Thank you very much, Mr. Pratt.

    Ms. Benner.

STATEMENT OF JANINE BENNER, CONSUMER ASSOCIATE, CALIFORNIA PUBLIC INTEREST RESEARCH GROUP

    Ms. BENNER. Good afternoon, Chairman Leach, Representative Hooley.

    Thank you very much for giving me the opportunity to speak with you today. I am here with CALPIRG, the California Public Interest Research Group.

    I am also representing U.S. PIRG and the Privacy Rights Clearinghouse in San Diego.

    Today we've heard statistics about the severity of the crime of identity theft, how many people it affects each year, and how much this crime has cost our economy.

 Page 129       PREV PAGE       TOP OF DOC
    I am here to talk to you about the human cost of identity theft.

    There is much more to this crime than financial damage, as we have heard today, and, unfortunately, Mr. Boulden's case is not unique.

    CALPIRG and the Privacy Rights Clearinghouse have been helping victims for years through advocacy, free guides, hotlines, monthly support group meetings, and we have communicated with thousands of victims.

    We hear new, unique, and horrifying experiences every single day, and last year the two groups surveyed a number of victims who had contacted our organizations for help.

    In recent years, we produced a report entitled ''Nowhere to Turn; Victims Speak Out on Identity Theft.'' It is available on our website.

    I would also be happy to make copies of it for anybody who wants it.

    We basically did a survey of all these victims, and, from the data compiled from the responses, we were able to quantify some startling and staggering statistics.

    We were able to show that cases like Mr. Boulden's and the others that we have heard today are not unique.

    In fact, these types of experiences have happened to many people. We found that victims said they had spent an average of 175 hours and $808 in out-of-pocket costs to fix problems stemming from their identity theft.
 Page 130       PREV PAGE       TOP OF DOC

    The fraudulent charges made on the victim's new and existing accounts was $18,000.

    In addition to lost time and money, 42 percent of the victims responding to our survey reported long-term negative impacts on their credit reports, and 36 percent were denied credit or a loan due to the fraud.

    Despite the placement of a fraud alert on their credit reports, almost half—almost half—of the respondents' financial fraud recurred, meaning that creditors continued to grant credit to the imposter even after the crime was known.

    Then, one last appalling fact is that 12 percent of the respondents noted, as a related problem, that there was a criminal investigation of them or a warrant for their arrest issued due to the identity theft.

    Although the fraud committed against the victims totaled as much as $200,000 in one case, the common theme was that stress, emotional trauma, lost time, and damaged credit reputation, not the financial aspects of the crime, were the most difficult problems.

    One woman from Nevada told us ''This is an extremely excruciating and violating experience, clearly the most difficult obstacle I have ever dealt with.''

    How are we going to stop this crime and minimalize its effects? We've already tried consumer education. We've produced pamphlet after pamphlet and fact sheet after fact sheet.
 Page 131       PREV PAGE       TOP OF DOC

    Identity theft continues to escalate. The public is aware of this issue.

    The responsibility to prevent identity theft can no longer be placed solely on the consumer. We advise consumers to guard their information carefully and even to buy technology such as shredders to destroy old records that may contain bank account or Social Security numbers.

    But, as long as financial institutions and credit bureaus continue to be reckless with consumers' information, there is little that individuals can do to prevent identity theft.

    Identity thieves are obviously the main criminals here, but banks and creditors are sometimes accomplices in the crime.

    Enforcement is definitely critical, but we need more effective laws to enforce in this case.

    Law enforcement, Government, and the credit industry have failed to address the root causes of identity theft and alleviate the problems facing its victims.

    The financial industry has the ability to take simple steps to prevent identity theft from happening to thousands of people each year.

    As consumers, we trust them with an increasingly valuable commodity, our personal financial information. They have the responsibility to guard that information as carefully as we do.
 Page 132       PREV PAGE       TOP OF DOC

    The Bill before the Committee, H.R. 4311, would encourage the industry to take these important steps to check identity theft and to provide help for its victims.

    First of all, it requires credit bureaus to provide a free credit report annually on request, so that consumers can detect identity theft early and fix any false information.

    Second, it closes what is called the credit-header loophole, which allows credit bureaus to sell demographic information found in the consumer's credit report, including a Social Security number, to companies and websites that are often used by thieves and stalkers.

    Voluntary standards, while we appreciate the efforts, have not halted the sale of Social Security numbers over the web.

    Privacy advocate Beth Gibbons recently was able to purchase her own Social Security number from the website called fastbreakbale.com for $20. It contained recently updated information.

    The Bill also improves change of address notification, requiring creditors to send notice of a change of address or new credit to the old address.

    This would alert consumers in the beginning stages of the theft. Most consumers we found don't even find out about the crime until over a year after it happens.

 Page 133       PREV PAGE       TOP OF DOC
    Finally, the Bill requires fraud alert flags which alert potential creditors that the consumer has been a victim of fraud.

    It would also prevent the issuance of credit on any account with a fraud flag unless the creditor confirms the identity of the consumer, and that the consumers actually authorize the issuance of credit.

    These are simple, logical steps that the credit and financial industries can take so that fewer people will be forced to go through the problems, the unpleasant and even terrifying experiences faced by victims.

    We thank Representative Hooley for introducing the bill and Chairman Leach for calling this meeting. Thank you very much.

    Chairman LEACH. Thank you very much, Ms. Benner.

    Mr. Hulme.

STATEMENT OF BRUCE H. HULME, PRESIDENT, SPECIAL INVESTIGATIONS, INC., ON BEHALF OF THE NATIONAL COUNCIL OF INVESTIGATION AND SECURITY SERVICES

    Mr. HULME. Good afternoon, Mr. Chairman, Ms. Hooley. Thank you for having me here.

 Page 134       PREV PAGE       TOP OF DOC
    I am President of Special Investigations, Incorporated in New York City, and I am appearing today on behalf of the National Council of Investigation and Security Services.

    I am also Chairman of the Associated Licensed Detectives of New York State.

    In the formal presentation, there are some comments regarding New York State law—some suggestions regarding some privacy issues there and some regulatory matters that affect private investigators—which we would like you to look at, because a number of States have similar things.

    What I am going to discuss briefly here is those aspects that we feel have a real-world significant effect on Americans.

    It is a little bit of a different take, particularly as it regards credit-header information.

    Identity theft is not new, and it wasn't invented with the internet. We have been battling it for years. Perhaps a little bit of pro bono work for Shon might have helped, too.

    Maybe we can still help him out. Identity theft also has been going on through low-tech means—the dumpster-diving, the picking up the garbage, stealing charge accounts.

 Page 135       PREV PAGE       TOP OF DOC
    You probably have a better chance of getting ripped off by identity thefts going into the wrong bar or at the wrong restaurant and having the waiter, you know, keep a copy of the charge slip, or what have you.

    Congress should resist the temptation to choose only one avenue, by which some criminals may gain some information, by denying those tools such as credit-header information to those of us who are out there also investigating cases and also investigating the very cases now and then of identity theft.

    Almost every aspect of this bill we agree with and we wholeheartedly support.

    Basically, there are two major things. We have concerns over the aspect regarding credit headers being included, you know, just being eliminated and having the same provisions for obtaining a credit-header report come under the same provision for getting a whole credit report.

    I believe that earlier, Congresswoman Biggert's staff asked a question of the FTC witness, and her answer was it would be for these legitimate purposes. It would be legitimate purposes to obtain the credit report.

    The way this bill will end up, there would be no real legitimate purpose for getting a header report at all.

    I would like to just go into a few anecdotes from the opposite perspective.
 Page 136       PREV PAGE       TOP OF DOC

    Credit helpers help determine the correct identity of individuals we are seeking. They help us by leading us to the correct individual verified by the Social Security number, the past addresses, and the like.

    One case, however, in San Francisco, an investigator reports very recently working for a successful business owner who started getting statements in the mail saying he owed tens of thousands of dollars on computers and other purchases.

    He realized somebody hijacked his identity, and he went to the San Francisco police.

    This could have happened really, after listening today—this morning—anywhere in the United States. The San Francisco police took the report and said, basically, they weren't going to do anything.

    They referred him to the Secret Service. The Secret Service said ''We have a threshold of $100,000 in that jurisdiction.''

    He is now up to about $80,000 as of now, so nothing happened there. He did hire a private investigator, and he does have some resources.

    He had an inkling suspicion that, basically, it was probably a former employee that might have been doing this, and the bottom line is, utilizing credit-header information and a lot of other aspects, they zeroed in on this guy.
 Page 137       PREV PAGE       TOP OF DOC

    They haven't caught him, but at any rate, this person has at least three names he has been using and three definite Social Security numbers, and plus one transposed Social Security number, which probably really is one of the three, or it could be three or four, and different dates of birth on file.

    So, here we have the threshold aspect that is a problem.

    It is not going to work. Another example of how credit headers can be used effectively, in Tennessee a show-dog breeder—and we attached lists of a few anecdotes—she was being basically cyberstalked and threatened by e-mail from an unknown harasser.

    She was terrified, because she had no idea what the subject looked like.

    She was often exposed in public arenas at these various dog shows. The police couldn't really help her without any identification.

    She did go to the investigator. The investigator used credit header and other sources, including criminal checks. It went back to the police, basically identified the guy.

    They got the mug shot, and, if nothing else, there's a mug shot that was made available to the potential victim, so she at least knows what to keep an eye out for.

 Page 138       PREV PAGE       TOP OF DOC
    I testified in 1997 at the Federal Trade Commission workshop regarding the Individual Reference Services, and Mr. Plesser earlier made reference to it.

    I think somebody—when you get a chance, if you could take a look at this or have the staff study it, I think all the pros and cons regarding the availability of credit headers are in here.

    There's reasons why they probably should be closed. There's very good reasons why they should remain open.

    I think the easiest thing is, let's have some strong, number one, enforcement for the improper use of any of this information that is bandied about.

    Let's put in some tight controls on the people that do have access or that—and I feel that should have access.

    I feel licensed private investigators and others, including, now and then, legitimate journalists, attorneys, and insurance companies, what have you, also ought to have the access.

    So, limit it, hopefully, from our standpoint, to a person that has legitimate need.

    The Congress Appropriation Bill, Section 1150A of that measure, permits only appropriate entities access to the measure. Maybe that could be referred to.
 Page 139       PREV PAGE       TOP OF DOC

    The next problem with us is Section 8 of the bill, Individual Reference Service definition, is really too broad.

    That defines an Individual Reference Service provider to include not only credit bureaus and databanks, but anyone who gathers information.

    It would require providers to open their files to consumers, and this makes sense—or, that makes sense with credit bureaus, but it doesn't make sense when somebody is investigating possible crimes in the workplace or sensitive investigations.

    I note that this Committee right now in an unrelated legislation proposed H.R. 3408. It is attempting to correct some deficiencies in the Fair Credit Reporting Act, one of which requires employers to give unedited, unredacted investigative reports to employees when taking adverse action against them.

    Well, Section 8—this present bill, H.R. 4311, goes further than that.

    It would require investigators, upon request, to provide not only the report given to the employer, but the entire investigative file.

    That disclosure would have a chilling effect and create a climate of fear among any potential witnesses or victims.

    So, I think it is important that somehow that be rectified, and the only way I can see it is that the literal interpretation the way the bill is drafted would include people like me and others right into that category.
 Page 140       PREV PAGE       TOP OF DOC

    If we're in that category as being viewed as an IRSP, we're sunk.

    I might also throw out that the self-regulatory organizations such as the Index Bureau and the National Association of Security Dealers, all of their files, the manner in which they do business, the manner in which they assemble, collect, and what have you, they would fall under the same category.

    Now, you also asked us to make some comments on Gramm-Leach-Bliley provisions on pretexting.

    I have listened to what everybody has to say. I take some issue with some aspect of it, and that would be the outlawing of pretexting of a criminal.

    I have no position against, at all, outlawing the pretexting of a bank in any manner, but I don't think that should apply to a criminal.

    We do have a situation where, if you are going to allow——

    We've outlawed pretexting of a criminal that often has actually stolen our client's money, and I don't think a bank should become a safe haven for our client's money.

    Under the law, we can use a pretext to get child support.

    Now, it would seem to me either outlaw all pretexting, or, if you are going to allow pretexting for child support, then extend it to spousal support.
 Page 141       PREV PAGE       TOP OF DOC

    If we are going to allow, under the law——

    Chairman LEACH. Withhold for just a second. It is a little more careful than that.

    Mr. HULME. OK.

    Chairman LEACH. Pretexting is allowed for child support when there is a court order of two kinds. One is a court order in favor of a party. The second is a court order authorizing the pretexting.

    That double court order is a very powerful constraint, so it is an extremely limited exception, and it can only be done under the authorization of a court.

    Mr. HULME. All right, and I personally know of nobody that has ever gotten a court order—that second order you're talking about.

    So, I don't know what the status is, as an investigator—and I've been in the business forty years—of the manner in which they're now doing it.

    I do know, as an investigator on some very involved crimes, I will walk into a bank with my file and sit down and exchange information and try to get information, usually to the bank's benefit and definitely to my client's benefit.

 Page 142       PREV PAGE       TOP OF DOC
    The other aspect, I suppose, is the insurance fraud aspect on pretext.

    The greatest fraud these days that is emerging is fraud against the elderly, so, if we're going to expand any type of pretexting with court orders or otherwise, maybe it should extend to all fraud—I don't know—or no pretexting.

    Now, one of our frustrations—and I agree with Mr. Douglas wholeheartedly on this—is our members, we feel, are complying with the requirements of the law.

    I would like everybody to comply with the requirements of the law, and I see all these advertisements.

    Everything that was up here earlier, I mean they're all over the place, and I also don't think the FTC is doing necessarily what they should.

    I was astonished to hear—I believe I heard it as a $33 million civil judgment regarding an identity thing in California.

    I have a feeling that is probably the pornography case, and it sounds to me like $33 million judgment on charging accounts for services that weren't rendered is out-and-out theft and is a criminal activity.

    It's a problem that has got to be addressed. There's got to be criminal sanctions.
 Page 143       PREV PAGE       TOP OF DOC

    In my written testimony, there are a number of sanctions. We go for throwing the book on everything—disgorgement of profits, criminal sanctions, and even include it with this bill.

    But, we feel that, if you are going to close up credit headers, it is going to be a tool that is going to have a greater detrimental effect to consumers.

    That is basically it. Thank you for allowing me the opportunity.

    Chairman LEACH. Thank you very much, and let me just say in conclusion to your testimony, you represent the most prestigious and most reputable organization in your field.

    Your testimony is very appreciated, and I think one always makes a mistake when one hears testimony of a given type of activity to apply it to everybody.

    I am personally very appreciative that there is such an association as yours that is concerned for standards.

    Mr. HULME. Thank you.

    Chairman LEACH. In thinking this through, particularly the magnitude of the problem, I want to turn to Mr. Harvey and Mr. Pratt for a second.

 Page 144       PREV PAGE       TOP OF DOC
    One reason one has Congressional hearings is to bring attention to issues and to review the possibility of change in statute and to bring attention to issues to Executive Branch agencies.

    But, it strikes me that your associations ought to be working more closely with law enforcement than I think has been the case.

    That is, to the degree that these statistics are anywhere near the mark, it is astonishing to me that the American bankers and the various banking agencies throughout the country aren't all over the United States Department of Justice, the State Attorneys General, demanding attention be brought to this, because, absent law enforcement and the laws that exist, there is a natural tendency to seek other laws that might become more comprehensive in other kinds of ways.

    So, I would make the strongest possible recommendation that the American Bankers Association and other banking organizations at all levels develop a task force of how they coordinate with law enforcement.

    I think it is self-evident that the exact same applies to credit bureaus, that, as credit bureaus hear of problems, I think it is in your strong vested interest to try to get law enforcement orchestrated.

    I mean, I think it is pretty clear that this is a low priority for American law enforcement.

 Page 145       PREV PAGE       TOP OF DOC
    So, one of the great questions is, if this is as pervasive a crime as it appears to be, if it is growing as it appears to be growing, if the new technologies make the crime more potentially accessible, and if Americans for some reason think that, because there's no gun involved, it is not as serious as if there is a gun involved—which has an element of self-evident truth, but it still disguises the fact that very devastating consequences can follow—I think everybody has got to get orchestrated in a new kind of way.

    Now, all of you have reference material—Mr. Hulme, Ms. Benner, Mr. Pratt, Mr. Harvey.

    I would like to ask, at the end of the hearing, that you provide us all of this, and I will try to put them in the record.

    Without objection, by the way, any full statements of all of you will be in the record as well.

    But, I think each of you has taken individual approaches that strike me as all being helpful and that we are all going to have to be looking at.

    But, I do think that one of the absences of this is a fire being lit under law enforcement itself at many different levels.

    For example, reference was made earlier today to the State of Massachusetts. The Massachusetts Attorney General's office was approached a few years back.

 Page 146       PREV PAGE       TOP OF DOC
    The first person they approached did nothing. It sat for over a year. Then, someone got a little bit interested, and then it really piqued their interest.

    All of a sudden, Massachusetts became very interested, and a very active—one person in the State Attorney General's office took kind of a special responsibility.

    I am tempted to say that, you know, one might have a national strategy, that the ABA, for example, might ask that, will one person be designated in every State Attorney General's office to look into this issue or take accountability for it, so you pinpoint some accountability.

    But, I think we have a real problem here. Ms. Benner has made a very interesting point, because it fits the testimony.

    But, you're the first person that I know that has a kind of larger picture of looking at larger numbers of statistics that, among other things, say that the people affected come to conclude that the dollar amount is a small consequence compared to the other losses—the violations, every other effect.

    That is certainly the picture of a medical doctor that appeared before us and an individual who worked in a tire store.

    So, what it says is that it is the entire spectrum of the American face that is affected. It isn't necessarily the highest-income person, or necessarily the lowest-income person.
 Page 147       PREV PAGE       TOP OF DOC

    It's just a real American, and I think it is very interesting from your perspective, and you see it as an institution that is probably more concerned with social activism in America than anybody that has testified on this sort of issue.

    I think your testimony is particularly helpful and meaningful in looking at this.

    I am very appreciative you have come across this great land to testify.

    Anyway, I want to thank Mr. Hulme for coming from New York, and I want to express my great respect for his association and judgment.

    Ms. Benner and Mr. Pratt, I appreciated very much the attitude in which you described things.

    Mr. Harvey, your testimony was very strong, so thank you.

    Ms. Hooley.

    Ms. HOOLEY. Thank you, Mr. Chairman. I also would like to thank all of you for testifying.

    It is always helpful to know what works and what doesn't work, and particularly, Mr. Hulme, at where you specified what you thought would work and what you thought wouldn't work. That was really helpful.
 Page 148       PREV PAGE       TOP OF DOC

    I just have some very quick questions to ask, I think, of all of you.

    Mr. Harvey, I am going to start with you. One thing this bill attempts is to combat a technique used by identity thieves, whereby they change their address so the victim doesn't get her bills for a few months.

    If they are like me and lead busy lives, I mean, I wouldn't know whether I received a bill or not until somebody probably called the collection service or I got several other bills in the mail.

    But, to prevent this from happening in mail, generally, the post office now sends confirmation back to the original address to ask if the person really changed their address.

    As a result, the post office has reported significant drops in mail fraud.

    It seems to me almost a foolproof way of making sure the person who requested that change of address is the person whose address is actually being changed.

    So, why is this a problem for your members?

    Mr. HARVEY. Well, ma'am, I am not familiar with the post office study, although I do have some personal experience that I can share with you.

 Page 149       PREV PAGE       TOP OF DOC
    It is pretty easy to go into the post office and make a change of address. If I am a criminal seeking to steal someone's identity, I'll go into the post office and I'll just fill out a change of address form.

    Ms. HOOLEY. Yes, but the post office now, if you turn in a change of address form, they now confirm that with both your old address and your new address so it is sent back to you.

    Mr. HARVEY. Even if they do that—and, actually, I have just done this.

    My stepson went off to college. There was no confirmation at the old address, but they changed the address for me.

    There was absolutely no problems with it, and I think that is, at least based upon my experience, I think that at least this provision would not be something that would be as helpful as we might otherwise think it would be.

    Financial institutions are establishing various security measures. Those security measures are based upon what we are actually seeing happening as far as fraud is concerned.

    As soon as a measure like this is established as a mandate, the criminals are made aware of it.

 Page 150       PREV PAGE       TOP OF DOC
    As soon as they are made aware of it, they will find some other way to get around it.

    But, then we've got to dedicate resources to continuing to comply with this particular law, but yet the criminals have found a way around it.

    That is what we consistently see. Every time you start out doing something one way as a security measure, clever criminals are going to try and find a way around it.

    Our concern is that, unless we have the flexibility that is necessary to dedicate our resources based upon the kinds of fraud that we see, that we'll be locked into dedicating those resources in a manner that won't yield the kind of benefits that our customers need, as well as the financial institutions.

    Ms. HOOLEY. Yes, and I am just saying the post office has been very successful in reducing mail fraud by doing this.

    So, it was a question of might you not want to try this at least to see if it works.

    Again, fortunately, I guess, not all thieves are clever. Some of these—you know, we talk about——

    Today we have talked a lot about—certainly, some of these are in well-organized organizations that are selling it on the internet.
 Page 151       PREV PAGE       TOP OF DOC

    It may be that groups are getting into this, but a lot of this is done just on an individual basis, where that is what they decide to do.

    So, it is not always organized in their effect of doing this.

    One of the other things, I guess, is I agree with your statements that we need to make sure that the criminals are punished, and that we probably need to do more with law enforcement in this area.

    I agree wholeheartedly with you. However, I don't think that is going to be the only thing that prevents this crime from happening.

    I mean, all we have to do is look in our States where we have built a lot of prisons. We fill them up, and that particular piece hasn't necessarily reduced crime. It usually takes some prevention piece as well.

    So, my question is, is it unreasonable for Congress to demand that the industry take some minimal steps to prevent the crime from happening in the first place? Is that an unreasonable request?

    Mr. HARVEY. No, ma'am. It is not that it is unreasonable at all.

    As a matter of fact, financial institutions are doing just that. We are working very diligently at trying to develop preventive measures.
 Page 152       PREV PAGE       TOP OF DOC

    Some of the things that I pointed out, for example, and some of the things that we have in our ABA Financial Privacy Toolbox and Identity Theft Communications Kit are just that.

    They point out preventative measures, but I guess what needs to be understood is this. First of all, financial institutions have every interest in preventing ID theft.

    We lose a lot of money to fraud, but, second, there needs to be the education.

    Our customers need to be educated. Our employees need to be trained and educated, and that is what we are doing.

    The ABA has provided very good and detailed materials with the assistance of the likes of the panelists before and Rob Douglas.

    We have those things, and different institutions are looking at these as recommendations for ways that they can develop measures for prevention.

    I really think it is prevention, it is providing the kind of assistance once a person's identity has been stolen, and it is also prosecution.

    I think we can't have one without the other in order for us to be effective. I know that customers are getting information.
 Page 153       PREV PAGE       TOP OF DOC

    But, I still think that free-flow of that information to individuals who are identity thieves is occurring at an alarming rate.

    I guess it goes back to what the Chairman was mentioning earlier today, and that is the fact that the American public is pretty free in giving out that kind of information.

    Once we get that information and it is presented to a financial institution, it is extremely difficult.

    If that information, for example, in many instances, it is freely given to the individual, because the individual who is giving that information doesn't know any better.

    They don't know that it is going to be used for some illicit purpose, but, once we get that information presented to us in the form of a loan application, we have obligations under Federal law to process that application.

    What we do is we build in security measures to try and ascertain whether or not we are dealing with the individual that we are supposed to be dealing with.

    But, it is extremely complicated, and institutions need to have the flexibility to develop their own security measures to deal with their particular concerns.

    Ms. HOOLEY. Mr. Pratt, I have a couple of questions. First of all, Mr. Pratt, let me thank you for giving your card to Shon and doing that. That was very nice of you. I appreciate that.
 Page 154       PREV PAGE       TOP OF DOC

    I just have some questions. How do credit bureaus assure they have the correct address on file?

    I mean, for example, consumers, when they change addresses, they will fill out all these little forms or send little cards in with an address change to the post office.

    They certainly don't call you when they move, I am assuming, and so how many new accounts need to be opened or how much information do you need to get for you to change your files, and how do you verify that those accounts are fraudulent?

    Mr. PRATT. Well, you are asking—it is a desperately important question. It has to do with file accuracy, which is a duty that we have under the current Fair Credit Reporting Act.

    It has to do with preventing fraud and making sure, again, that we produce a product that is of value to Mr. Harvey, for example, and also nets benefits for consumers.

    Context—we have it in the testimony, as well, but just for the sake of you who are sitting here thinking about this, there's 42 million addresses that are changing every year.

    Ms. HOOLEY. Right.

    Mr. PRATT. Three million last names changed due to marriage and divorce. Six million, probably, vacation homes.
 Page 155       PREV PAGE       TOP OF DOC

    You have seen all of this, and I try to walk through this just to make sure that we understand that an address changing in and of itself isn't automatically a red flag.

    Ms. HOOLEY. Right.

    Mr. PRATT. It can be an indication of something happening. It could be separation, pending divorce.

    It could be my son moving out of my house and, you know, moving on in life, and this sort of thing.

    We are generally dependent on an accuracy standard that also extends to our customer as well. In other words, the data-furnishers who provide data to us, they receive a change of address.

    They change it in the account. They, on the next cycle of reporting to the credit bureau, will report that new address.

    Our systems manage multiple addresses at the same time. Many of us may have a bank card that is being paid at our work address, because we use it principally for work.

    Then, we have other cards going home, so, at any given time, there's a large population that may have at least two, if not three, live addresses, all of which are accurate and correct.
 Page 156       PREV PAGE       TOP OF DOC

    So, definitely, we are in a situation of being dependent on maintaining accuracy in partnership with the customers that we work with.

    Now, we also have access to some tools, and, in some cases—I am going to go back and verify this before I make a commitment to this—but, I have this with our data-furnishers—we do cross-check against various data sources.

    For example, a Social Security number that comes in and isn't currently active. There are ranges of numbers that are not active according to the Social Security Administration.

    That obviously gives us a clue that something is wrong if that Social——

    We can't have access, on the other side, though, for many good reasons. We don't have access to the Administration number to verify that, in fact, this is a real number.

    We just know it is not a live, active number, and that is a clue. That would be one way for us to verify.

    If that address is the only address that comes in and all the others remain cycle after cycle being reported, that address is probably never used as a searchable element.

 Page 157       PREV PAGE       TOP OF DOC
    It sits there for a period of time, and then it disappears. It is eliminated.

    But, we do not have a direct-to-consumer verification, as you point out. It is a system that starts with our customers and works in tandem with us.

    Ms. HOOLEY. One of the things, as I became involved in this issue, and it happened because I did a series of workshops on credit and how to protect your credit ratings.

    This issue came up, and I certainly have learned a lot in this whole process.

    TRW had reported huge increases to ID fraud through 1997. Are credit bureaus still keeping these records, and will they be reporting those soon?

    Mr. PRATT. I think that was, actually, information that was provided to the GAO. Is that the same data that I think we're referring to?

    I think it was Transunion data, but in any event, that showed you, from the beginning of the establishment of their Fraud Unit, to, I think, 1998, what had happened with the escalation in total phone calls.

    What isn't absolutely evident is what part of that was, ''I lost my wallet,'' which is a valid call, by the way.
 Page 158       PREV PAGE       TOP OF DOC

    We'll put a fraud alert on a file if a consumer says, preventatively, ''I've lost my wallet,'' or ''Somebody broke into my home,'' or ''I've misplaced a credit card.''

    Those are valid reasons for loading a security alert on the file. That alert may stay on a shorter period of time or a longer period of time, depending on choices the consumer makes with us.

    But, that is an element of those phone calls, so that wasn't, in its entirety, just——

    There was also account takeover, for example, there's skimming, for example, is another type of credit card fraud where, you know, somebody can have a belt skimmer, and they can simply swipe your card, give your card back to you in a restaurant, for example. Then, they have your account information off that magnetic strip data on the card.

    That is another form of fraud that is accounted for in those Fraud Units. In fact, I've asked our members just prior to this hearing, and we're looking into what type of data we have today with regard to the size of the issue.

    I just want to emphasize it is a definitional question, too, though, but, by the way, I guess the most important thing to say is, big or small, it is big enough that it needs attention.

    Ms. HOOLEY. Right.
 Page 159       PREV PAGE       TOP OF DOC

    Mr. PRATT. I guess that is the most important point.

    Ms. HOOLEY. But, I just thought it was interesting that it seemed to me somebody was keeping track, and then——

    Mr. PRATT. Well, we keep track in terms of—we can't validate differently than a creditor whether this is absolutely correct every time.

    Ms. HOOLEY. Right. It certainly gives you a ballpark figure, though, which is helpful.

    Mr. PRATT. We can take a guess: ''You sure look like you have been a victim. We're going to take some proactive steps here.''

    Ms. HOOLEY. OK.

    Mr. PRATT. That would be the best we could do until we advise them to go to their creditors, and then we have dispute processes and these sorts of things under the Fair Credit Reporting Act.

    Ms. HOOLEY. Mr. Pratt, you talked in your testimony about, in the next few months, having something that will be up and running that can verify those discrepancies in people's files.

 Page 160       PREV PAGE       TOP OF DOC
    Mr. PRATT. When we looked at this issue, one of the questions we tried to ask was why is it that consumers say it happens again and again.

    Of course, by the way, that, in turn, means more consumer relations phone calls, but these aren't necessarily the good ones.

    Now the consumer is extraordinarily frustrated—''This is the second time I have called you.''

    Ms. HOOLEY. Right.

    Mr. PRATT. ''This is the third time I've called you.''

    Ms. HOOLEY. Right.

    Mr. PRATT. We said what can we do longitudinally to stay with that consumer, so, when that security alert goes on the file, when we take them out of prescreened offers of credit, for example, which is another step we can take, and it certainly is a right consumers have under the 1996 amendments to the Fair Credit Reporting Act, when we send them their file, and so on, and we bring it whole, we decided that gave us an opportunity to say let's go beyond the law. Let's use a principle. Let's just look at activity on the file.

    One of the examples given—and, by the way, we want to be cautious about what we tell you about what triggers might trigger a notice to the consumer. The last thing we want to do is explain to the criminals how you can avoid triggering the credit bureau notification.
 Page 161       PREV PAGE       TOP OF DOC

    But, trust me, there are some triggers——

    Ms. HOOLEY. But, you're looking at doing this, and it will be online, or whatever.

    Mr. PRATT. Absolutely. This quarter. The end of this year.

    Ms. HOOLEY. Soon.

    Mr. PRATT. Yes. Soon.

    Ms. HOOLEY. Is this going to cost the consumers money?

    Mr. PRATT. No.

    Ms. HOOLEY. OK, so this will help everyone, but they won't have to pay $13.95 or $29.95?

    Mr. PRATT. No, a victim—somebody who has been a victim—that was one of the issues here. Somebody who has been a victim—if we're a steward of their information—and I think that is an important kind of mindset to have when you think about the kind of information we have.

    Ms. HOOLEY. Yes.
 Page 162       PREV PAGE       TOP OF DOC

    Mr. PRATT. We said what can we do to stay in touch with that consumer who has been a victim or thinks they've been a victim, and stick with it and try to establish a line of communication that extends beyond what the law requires.

    The law says, ''OK, your job is done. You've corrected the file.''

    But, it could be new information is coming in from, if you will, the other victim—the creditor victim—who has underwritten more fraud.

    So, the creditor victim is reporting, unbeknownst to them, more information. Well, this gives us a chance to stay in touch with that consumer over that period of time.

    We're going to have to pilot-test. We'll have to see what kinds of triggers work.

    This does go in sync with some of our concerns about how rigidly the law prescribes something that we do, because we may discover certain triggers work, other triggers don't, and that sort of thing.

    Ms. HOOLEY. When you put a fraud flag on the file, do creditors have to change their practices when they see that?

    Is it required that they do something with that fraud alert?
 Page 163       PREV PAGE       TOP OF DOC

    Mr. PRATT. Well, the fraud alert that we transmit—I'm going to circle around your question.

    Ms. HOOLEY. OK.

    Mr. PRATT. We obviously can't impose as private industry the practice on our customers.

    We view the fraud alert as part of the partnership with our customers. In other words, for example, one of the reasons we focused, by the way, in our initiatives on the fraud alert was one of the observations we got from Beth and others was—''Boy, these aren't working as well as they should.''

    We said ''Why is that? What are we doing?'' Well, there's, first of all, three major systems in this country.

    So, we have asked ourselves, and we've answered the question can we standardize, for example, the text message?

    First of all, it makes it easier for all customers who need to identify and take the action the consumer requests.

    So, if Mr. Harvey's bank receives a text message saying, ''Please don't grant credit; call this number,'' Mr. Harvey, then, along with the application, can make decisions about how to process that.
 Page 164       PREV PAGE       TOP OF DOC

    On our end of it, it also makes it better for those larger institutions who have a third-party data processor, because there's this spiffy term ''normalizing.''

    There's normalizing of credit data, and so they may pull several files, and normalize them means bring them together.

    In that process, we want to make sure the security alert doesn't get lost, so that is another way of trying to make it more effective.

    We also are going to include an alphanumeric sequence right there in the text message, so that we can tell a creditor, if you have a highly automated system, you can look for this sequence, which will trigger and tell you this is a fraud alert associated with identity theft.

    That is another way for us to try and make the security alert more effective.

    The goal we have is to make sure that Mr. Harvey's bank has the target to look for, and so he doesn't have to look for three targets or two targets.

    We believe that will make the security alerts more effective than they are today.

    Ms. HOOLEY. Will they get that fraud alert when you're just pulling up the score as opposed to the whole credit report?
 Page 165       PREV PAGE       TOP OF DOC

    Mr. PRATT. Excellent question, and the answer is yes.

    Ms. HOOLEY. OK, but right now that doesn't happen?

    Mr. PRATT. No, that is a practice today. That is a mythology I have heard out in the marketplace that we do not transmit with scores.

    But, because we use a field, we actually use a field that the FCRA requires that we have in place.

    It is a field, meaning a section of your database, if you will. The field is a statement field that must go with every single credit file, no matter how it is issued.

    We would view a score as a type of consumer report. It is a very limited consumer report, but it is a consumer report, and we would transmit that message along with that.

    Ms. HOOLEY. So they would get it with the report with the score with——

    Mr. PRATT. With a highly codified version with the full printed-out version.

    Ms. HOOLEY. Help me understand. I may not be asking the right person this question.
 Page 166       PREV PAGE       TOP OF DOC

    Why is it then, when I talk to person after person who has been a victim of identity theft, why they tell me—and Shon was another example where the credit alerts are ignored—or, they're giving credit, or——

    I mean, if the person says, ''I want a fraud alert put on my credit report,'' and I say, ''I want you to call me before you give''—before the person gives any credit to anybody else, how come those are ignored?

    I mean, what do we need to do to make sure that those aren't ignored?

    Mr. PRATT. Well, I think that what we need to do is—and it is similar to the whole pretexting issue/ID theft issue—we need to make sure that our banking customers and our telecom customers understand what to look for and to give them the best single target to look for.

    This is why—I think, if we can issue a release this year—and Richard is probably the fellow that would receive this.

    We'd say, ''Richard, you should look for this. This is how we're going to do it,'' whether it is the experience system or the Transunion system or the Equifax system.

    Then, he has a better chance to say, ''I'm going to do this with my people internally. This is how we're going to look at the file.''

 Page 167       PREV PAGE       TOP OF DOC
    But, we have also talked with some lenders who have said, ''Can't you make it more obvious to us, for example, when somebody asks for an increase in credit?''

    So, they pull a credit report to evaluate whether or not you should get an increase.

    We have learned in those cases we need to work with banks.

    When we deliver that, we don't have control over how that message is then presented on the screen to the consumer service person.

    But, in talking with some of our customers, they have said, ''Aha. I see, so I can program my system to make that more obvious.''

    ''Popping up on the screen is a more obvious message to my consumer service people,'' so that they don't automatically just process an increase in credit, because they were successful in pulling a credit history.

    You know, there is no silver bullet in this type of crime. That is the great struggle.

    It is a layering of efforts that I think are going to make this an effective undertaking, and I think the urging of the Chairman to make sure that we have the right task force for law enforcement.

 Page 168       PREV PAGE       TOP OF DOC
    In fact, we think there's some other areas where we probably need to look at a more coordinated effort as well.

    Chairman LEACH. Ms. Hooley, could we——

    Ms. HOOLEY. Yes.

    Chairman LEACH. Is that all right? I want to give Steve a chance, and then, if we can come back.

    Mr. LaTourette.

    Mr. LATOURETTE. Thank you, Mr. Chairman. I'll be pretty brief.

    There was just an article in the Cleveland Plain-Dealer. It doesn't have anything to do specifically with this, but there was a guy in Federal prison that was successful at going to one of the finer banks in Cleveland and buying a Mercedes.

    Then, he went out and bought an SUV, and they only caught him when he was attempting to buy three trucks.

    The loan officer at the bank remembered that the reason he was in Federal prison was he had kited $110,000 in checks a couple of years ago.

    The problem that they described was that sometimes the credit application is taken at the car dealership.
 Page 169       PREV PAGE       TOP OF DOC

    Then, when he goes to the bank for financing, there isn't always an interfacing—a communication of all of the facts necessary before there is a decision to grant credit.

    It came as a big surprise to people that a fellow in Federal prison was able to buy some cars that I probably couldn't buy.

    I'm not in Federal prison yet. I wanted to just talk to you about a couple of things, so, Mr. Pratt, first of all, you were describing to Mrs. Hooley the additional flags that you are going to put on to better stay in contact with those who have been identified as fraud victims.

    Are you also working on a program to be proactive with those who have yet to be victims of fraud?

    The reason I ask you that question is, when Mr. Harvey was talking to Ms. Hooley about the change of address, I understand a lot of people have different addresses.

    A lot of people move. A lot of people get divorced, but the case that brought this matter to my attention, you had a family that lived in the same house for twenty years, then all of a sudden you had six changes of address in six months.

    You had a family who had, for twenty years, every year, 1.5 credit inquiries, and then there were sixty hits within a four-month period.
 Page 170       PREV PAGE       TOP OF DOC

    Now, my question, is your technology without legislation, such as Ms. Hooley has devised?

    Is your technology in your industry moving to a situation where you are going to be pro—that looks fishy to me, that a couple that never has moved all of a sudden has moved six times.

    I mean, if nothing else, it looks like the customer went nuts, and they've gone on a shopping spree.

    Mr. PRATT. That, too. I guess the short answer is this next step gives us a much better understanding of what the undertaking would be to try and administer a program for 180 million credit files, where two billion elements of information are being loaded on a monthly basis.

    So, I only say that this is—we're probably managing some of the largest and most complicated private-sector databases globally today.

    So, the challenge is to look for the unusual pattern, but I think your point is well taken.

    I don't see how I could argue with the idea of continuing our work to say how can we continue to use software and technology in a preventative way, look at the larger population.
 Page 171       PREV PAGE       TOP OF DOC

    I just can't answer specifically how that would work at this time.

    Mr. LATOURETTE. I understand that, but that is why a provision of this particular bill says that somebody should have an obligation to ask if you have really moved and you are really the person that is involved in the credit application.

    I understand Mr. Harvey's observation that it is onerous and that it might cost some money, and so forth and so on.

    But, one way, until you get your computers to sort of key in on events like that that would be suspicious and really aid and abet the thief might be to do it the old-fashioned way and reach out and touch the customer, and say, ''Is that really you who moved?''

    Then, we can figure out the technology and let that catch up later.

    Mr. Harvey, one of the criticisms that I get when I go to town meetings, especially with senior citizens relative to the financial services industry, are all the credit card applications unsolicited that they receive in the mail.

    I think Mr. Hulme described them as ''dumpster divers.'' We did a project in conjunction with sweepstakes mailings in my District, where we asked senior citizens to save their mail for thirty days, so that we could catch those who prey upon seniors and invite them to enter contests, and convince them, if they only buy that extra copy of Outdoor Life, they're going to be a millionaire pretty directly.
 Page 172       PREV PAGE       TOP OF DOC

    But, one of the things we found as they collected their mail was there's a lot of unsolicited credit card applications.

    There are some who suggest that this increase—the sharp rise in identity theft—is facilitated by people receiving these things that they haven't asked for at their home with personal identifiable information and they toss it in the garbage.

    I would be interested to know the position either your bank or the ABA has on that particular observation and criticism.

    Mr. HARVEY. Well, with respect to the kinds of solicitations that are going out, certainly financial institutions want to be able to provide the kind of advertisement and solicitation of its services that it thinks that customers are going to be interested in.

    It is very difficult sometimes to actually know which group of people are going to take you up on a particular offer.

    You will see more and more financial institution credit card issuers sending out solicitations, because they are not able to determine with any kind of certainty who will take advantage of the offers and who won't take advantage of those offers.

    Whether or not it facilitates this crime, yes, it certainly does, but I think there is a communication that needs to go out to the public.
 Page 173       PREV PAGE       TOP OF DOC

    That is, there are still ways to handle those types of solicitations. There are ways to cut off those types of solicitations.

    I can assure that no financial institution wants to send out these solicitations to anyone that they didn't think would be interested.

    But, you can't shut off those solicitations. You can contact the, I think, Direct Marketing Association.

    You could actually call them on the telephone and tell them you are not interested in receiving mail solicitations.

    Mr. LATOURETTE. And the reason that I—you talked about education in your testimony, and I want to go back and touch on that, I think, education of the public.

    You also talked about education of your employees at the financial institution.

    Again, when I was growing up and got my first credit card, my mom taught me that, when I was done with it and I got a new one, I was supposed to take a pair of scissors and slice it.

    Is that what you and the ABA would recommend? If I get an offer, like I always get, that I have been preapproved for a $10,000 credit card from the XYZ bank and I don't choose to take the XYZ bank up on that particular offer, what should I do with that?
 Page 174       PREV PAGE       TOP OF DOC

    What should the consumer do with that solicitation?

    Mr. HARVEY. You should shred that solicitation, because it certainly is something that the dumpster divers are looking at.

    They are going in, and they're trying to find out information about you for various reasons.

    Mr. LATOURETTE. Back to your employees for just a minute.

    My understanding of one of the ways that the pretext callers are successful in getting information is that they repeatedly will call a bank until they find somebody that gives them the information.

    Can you tell me what your bank is doing to educate its employees to deal with that situation?

    Mr. HARVEY. Certainly. Some of the things that we are doing are the things that are also included in the tool box and we have also included in our testimony.

    Some of those things include, for example, making sure that we have policies and procedures in place to question the caller very carefully, always paying attention to being customer service advocates, but questioning very carefully those who call in, to be consistent in the types of questions that we ask them, and to be leary about answers that don't seem to be responsive to those questions.
 Page 175       PREV PAGE       TOP OF DOC

    Mr. LATOURETTE. Is there a chain of command at the bank that—again, the same question I was asking Mr. Pratt, when something doesn't smell right, something doesn't look right, is there a procedure in place that the customer service representative can turn to someone else that is more expert or better trained in this?

    Mr. HARVEY. Absolutely. As a matter of fact, it is one of the recommendations that the ABA has presented.

    That is that, if there is something that doesn't exactly sound right or if you are getting some resistance from the caller, that you bump that call up to a supervisor who has more experience in this area.

    Mr. LATOURETTE. I thank you, and I thank the Chair.

    Chairman LEACH. Thank you. We have a vote on the floor. Is it all right to end, or do you want to come back?

    [No response.]

    Chairman LEACH. All right. Let me thank you all very much. I would like to ask unanimous consent to place in the record a statement by America's Financial Services Association, the Consumer Bankers Association, and the National Retail Federation.

    Without objection, we'll do that. I also would like to ask if my staff would come and collect some documents that you have.
 Page 176       PREV PAGE       TOP OF DOC

    We will potentially place them in the record, too, if their length is appropriate.

    Let me thank you all for your testimony. I think it has been very helpful, and I think that, whenever legislation of this nature is introduced, the thrust might be reasonable.

    But, there also might be reasons for refinement. All of your testimony is very much appreciated.

    Thank you very much. The hearing is adjourned.

    [Whereupon, at 3:58 p.m., the hearing was adjourned.]