SPEAKERS CONTENTS INSERTS
Page 1 TOP OF DOC
FIGHTING IDENTITY THEFT—THE
ROLE OF FCRA
Tuesday, June 24, 2003
U.S. House of Representatives,
Subcommittee on Financial Institutions,
And Consumer Credit
Committee on Financial Services,
Washington, D.C.
The subcommittee met, pursuant to call, at 10:08 a.m., in Room 2128, Rayburn House Office Building, Hon. Spencer Bachus [chairman of the subcommittee] presiding.
Present: Representatives Bachus, LaTourette, Castle, Royce, Lucas of Oklahoma, Kelly, Biggert, Toomey, Capito, Tiberi, Hensarling, Barrett, Renzi, Oxley (ex officio), Shadegg, Lucas of Kentucky, Sanders, Sherman, Moore, Hooley, Hinojosa, Lucas of Kentucky and Crowley.
Chairman BACHUS. [Presiding.] Good morning. The Subcommittee on Financial Institutions and Consumer Credit will come to order.
I want to welcome our witnesses. We have three panels today, so the hearing may be quite lengthy. This is the sixth of a series of hearings that we are having on the reauthorization of the Fair Credit Reporting Act. The preemptions or uniform standards that apply to our national uniform credit reporting act are due to expire next January 1. These hearings are being held in anticipation of either extending those uniform standards and making them permanent, or making any changes that need to be made in the Fair Credit Reporting Act to make it more friendly to consumers.
Page 2 PREV PAGE TOP OF DOC
Our first five hearings have revealed without a doubt that the Fair Credit Reporting Act has led to widespread availability of credit. Those in the low-and middle-income classes have benefited tremendously from the Fair Credit Reporting Act and the availability of interest and the low interest rate in the United States. This hearing will deal with identity theft, which is I think by far the most serious problem facing Americans in their use of credit.
The hearing today consists of three panels. The first panel is made up of Federal and State law enforcement officials who will inform us about the ongoing efforts to apprehend and prosecute identity thieves. Our second panel will actually consist of two victims of identity theft. They will share their personal experiences about the crime. I very much appreciate their courage and their willingness to appear before the panel. Our final panel includes several representatives from the financial services industry. They will share their perspective on FCRA and identity theft. We also have consumer groups represented.
Identity theft is a crime committed by individuals or organizations seeking to capitalize on the good name of an innocent and unknowing consumer. It is a particularly heinous crime in that it harms not only financial institutions, but consumers and the effect can be both widespread and last for many years. A typical incident of identity theft involves a criminal using the personal data of another individual to assume that individual's identity. Using that false identity, the criminal will obtain goods and services using the victim's credit. The identity thief may also commit additional crimes using the victim's name, creating a false arrest record for the victim, or a record of arrest by the victim for crimes that they never committed.
These activities obviously tarnish the victim's reputation, credit history and sense of security. The victim of identity theft must then make a great effort to get his or her credit report and personal history back in good shape. We sometimes refer to this as credit repair. Because the financial losses associated with identity theft are generally the burden of financial institutions and other businesses, not the consumer, financial institutions are also the victims of identity theft.
Page 3 PREV PAGE TOP OF DOC
Existing Federal law does address the issue of identity theft. For example, the Identity Theft and Assumption Deterrence Act prohibits the transferring or using of another's identity for fraudulent or other illegal activities. Federal law also makes it illegal to use or traffic in counterfeit credit cards or debit cards, and prohibits criminals from attempting to obtain customer identification and other consumer information from financial institutions under false pretenses.
The FCRA also is an important tool in addressing identity theft issues. Financial institutions frequently find that the consumer reports that they obtain from credit bureaus under the FCRA provide the most useful information in attempting to distinguish the identity theft from a legitimate consumer. For example, discrepancies between an address or Social Security number contained in a consumer report and the information contained on an application can be used to identify and prevent an identity theft before it occurs. In addition, an identity thief who knowingly and willingly obtains a consumer report from a consumer reporting agency under false pretenses is subject to criminal penalties under the FCRA.
The FCRA also plays a central role in mitigating the consumer harms associated with identity theft. Under FCRA, each consumer has the right to review the contents of his or her credit report at no cost, and determine whether fraudulent activity has been attributed to the consumer's credit file. If a consumer has been a victim of identity theft which results in misinformation appearing on the consumer's credit report, the FCRA establishes a mechanism whereby the consumer can notify the credit bureau of the fraudulent information and have the information deleted.
At this time, I am going to recognize the minority ranking member, Mr. Sanders, for any opening statement that he may have.
[The prepared statement of Hon. Spencer Bachus can be found on page 70 in the appendix.]
Page 4 PREV PAGE TOP OF DOC
Mr. SANDERS. Thank you very much, Mr. Chairman, and thank you for holding this important hearing, and thank you all, our panelists, for being with us this morning. We appreciate that very much.
Mr. Chairman, today's hearing will focus on identity theft. Let me just mention that on this side of the aisle, we have a number of excellent proposals that address that issue. Mr. Gutierrez, Mr. Ackerman, Mr. Ford, Ms. Hooley, and Mr. Emanuel have all brought forth some excellent ideas that I think will take us a long way in addressing the crisis of identity theft.
We all know that identity theft abuses in this country are skyrocketing. We are going to hear that from our witnesses. According to data from the Justice Department, 500,000 people, half-a-million people filed reports with law enforcement in 2002 for identity theft crimes, and an estimated 700,000 are likely to file similar reports this year. A major problem now, it is getting worse and we need some solutions to that. In addition, the dollar losses reported by identity theft victims have increased from $160 million in 2001 to $343 million in 2002. So this problem is accelerating and it is incumbent upon this committee to address it. We are going to hear, I know, in the course of the next few weeks a number of excellent ideas. I want to bring forth one idea that I think is important. That is that one very obvious and extremely helpful tool would be to provide consumers free credit reports and credit scores from all three credit bureaus at least once a year, and a description of the key factors that may have adversely affected the consumer's credit score. In other words, one way to deal with this issue and many other issues as well is to make sure that consumers all over this country have free access to their credit reports. When they have that access, they will be able to see, wow, who has been ripping me off; who has stolen my identity; and they will be able to move a lot quicker than they are at present.
I am happy to inform you, Mr. Chairman, that I have introduced legislation in this regard which is being supported by virtually all of the consumer organizations in this country, including the Consumer Federation of America, Consumers Union, and the U.S. Public Interest Research Group. Allowing consumers free access to their credit reports could substantially improve the accuracy of credit reports and cut down on identity theft. I look forward to working with you, Mr. Chairman, on this legislation.
Page 5 PREV PAGE TOP OF DOC
Mr. Chairman, I would also point out a somewhat tangential issue, but important as well, that very often we will hear testimony from our friends in the banking industry and the credit card industry about this and that other matter, but I think we should be aware as we hear their testimony that in some instances at least executive compensation in the banking industry is getting really out of hand. According to an article that appeared in the Philadelphia Inquirer on June 1, 2003, ''Number one on Business Week's 2020 pay scorecard was financial giant MBNA CEO Alfred Lerner with $194.9 million.'' Mr. Lerner died in October 2002 and was replaced in November by Charles Cawley, who managed to place number six on that list with a total pay of $48.6 million. Not too bad. Two more MBNA executives who were not CEOs also got megabucks. John Cochran got $36 million and Bruce Hammonds, $28.6 million.
I raise this issue about excessive CEO compensation to point out that there are consumers in this country today who are being ripped off by credit card companies, who are paying up to 29 percent a year in interest rates. So when we hear our friends from the credit card companies or the banks telling us just in what kind of terrible financial need they are in, we might want to remember that number, and that the top four executives in that particular company in 2002 earned over $300 million collectively.
Mr. Chairman, the last point that I want to make on credit cards is that it is absolutely imperative that this committee address the credit card bait and switch mechanisms that some of the credit card companies are bringing forth. As we all know, the credit card industry is hooking consumers into purchasing credit cards by bombarding them, this is one of the more astronomical numbers I have ever heard. In a given year, the credit card companies send out 5 billion solicitations, 5 billion solicitations, many of them going to young people all over this country. What they promise people is low interest rates, 0 percent, 3 percent, 5 percent. What they forget to tell you is that if you borrow money on another credit card, if you were late in paying your car loan 2 years ago, your credit card rates can soar. They are ripping off the American people, and this is an issue that we must address.
Page 6 PREV PAGE TOP OF DOC
Mr. Chairman, I thank you again for calling this important hearing. I am going to be running in and out because of other commitments, but I will be back. I thank you for bringing these witnesses together.
Chairman BACHUS. Thank you.
I want to especially thank Mr. Sanders, along with Chairman Oxley and Ranking Member Frank for working very closely on the FCRA reauthorization. At this time, I recognize the chairman of the full committee, Mr. Oxley.
Mr. OXLEY. Thank you, Mr. Chairman.
I will be brief and make my opening statement part of the record, but I did want to commend you for this long march through the Fair Credit Reporting Act. By my count, some 75 witnesses have testified, just about anybody that has any opinion whatsoever on FCRA has had the opportunity in your subcommittee to air their views. You deserve a great deal of credit, if nothing else but for an iron-pants performance through these long weeks of hearings that will conclude today.
We will have a voluminous record for the members to pore through and staff to pore through as we prepare to mark up legislation when we return after the Fourth of July recess. But your leadership has not gone unnoticed, and we appreciate the good bipartisan cooperation we have had on this issue. I think most of the members understand the critical importance of reauthorizing FCRA, what it has meant to our economy, that it has been one of the most successful pieces of legislation ever passed by any Congress. We want to make sure that this continues to be able to provide credit to people all over the country.
So with that, Mr. Chairman, and with my sincere thanks, I yield back.
Chairman BACHUS. I appreciate that, Mr. Chairman.
At this time, Ms. Hooley or Mr. Hinojosa, do you have opening statements?
Ms. HOOLEY. I do, Mr. Chair.
Page 7 PREV PAGE TOP OF DOC
Chairman BACHUS. Okay. Ms. Hooley, you are recognized.
Ms. HOOLEY. Thank you.
Good morning. Although I have enjoyed our series of hearings on FCRA, I am excited that we are finally discussing in depth one of the core problems that has developed with our national credit system, the problem of identity theft. Identity theft is the fastest growing white collar crime in America, and legislation to correct and stem the rising tide must be enacted as soon as possible.
As you may know, the Federal Trade Commission reported that the number of persons filing complaints of identity theft with the agency nearly doubled from 2001 to 2002. A 2003 survey I recently saw found that 92 percent of Americans think it is important that the government take action on the issue of identity theft. I have been fighting to enact common sense legislation to fight identity theft for 5 years. For the first time since this struggle began, I feel the momentum is unstoppable and that legislative action on this subject is no longer a question of if, but rather of when.
We cannot and we must not ignore the fact that Americans throughout the country are begging us to act and to help them. They are begging for action sooner, rather than later. When this happens to a person, they feel violated. They are frustrated. They are angry. It takes way too long to get through the system, and many times they have a hard time just proving who they are and then it takes a longer time to get their credit report cleaned up.
Myself and Mr. LaTourette from Ohio have introduced the Identity Theft and Financial Privacy Protection Act with nearly 50 cosponsors, many of whom are sitting in this room. If this bill is enacted, it will go a long ways toward fighting the rise of identity theft. It is not perfect. I know there are other proposals that should also be enacted, but I firmly believe that every provision of this bill will enhance our citizens's security and improve our credit process. I know that Mr. LaTourette shares my conviction.
Page 8 PREV PAGE TOP OF DOC
As I said, I believe the time to act is now, during our discussion of FCRA. I believe the problem of identity theft is so severe that any extension of FCRA that I support must include significant measures to fight identity theft. It seems to me there is no option. We in Congress must act this year to protect both our consumers and financial institutions from the disastrous effects of identity theft. I want to thank each of the witnesses for giving up your time today to talk about identity theft and the broader issue of reauthorization of FCRA. I look forward to continued debate on the subject and to all your comments, and to my ranking member and to the chair, thank you so much for everything you have done on this issue. Thanks.
Chairman BACHUS. Thank you.
I want to recognize the lady from Oregon, Ms. Hooley. You and Mr. LaTourette have worked with other members of this panel on identifying identity theft issue and the need for the personal information of consumers to be more secure, and to take steps in this legislation going forward to make our ability to combat identity theft more effective.
At this time, I will recognize the gentleman from Ohio, Mr. LaTourette.
Mr. LATOURETTE. Thank you very much, Mr. Chairman.
I want to thank you very much for having this hearing today, together with the Ranking Member. I want to bring to the subcommittee's attention an individual who is going to be testifying on the second panel today, and that is Maureen Mitchell, who hails from my hometown in Madison, Ohio. I have known Maureen and her family for a number of years. As a matter of fact, her son and my daughter traversed their way through the Madison public school system together. It came as a surprise to me when in 1999 she called and said, ''Steve, I need your help.'' It should be noted that Maureen is usually an unflappable registered nurse, a licensed realtor, and a wife and mother. It was clear to me that something serious was going on, causing her to come visit us in Painesville.
What I did not know and could not have expected was the unbelievable saga that was about to unfold for Maureen and her family. She had discovered that she was a victim of identity theft. Her determined efforts to resolve the situation through repeated calls to her creditors, law enforcement, and the FTC, credit reporting agencies were only leading her further down a downward spiral of frustration and financial strife. In the years since her first visit to my office, Maureen has testified before a number of committees here in Washington and most recently in the Statehouse in Columbus, Ohio. One of the things that I found interesting was that in some instances of identity theft you say, well, you went online and you bought something using a credit card on a computer, you had your wallet stolen or your purse stolen, or maybe somebody broke into your mailbox, but none of those items were present in Maureen's and Ray's case.
Page 9 PREV PAGE TOP OF DOC
The severity of Maureen's case is what inspired me, along with my good friend Darlene Hooley, in the 106th Congress to begin working on a bill. In this Congress, it is known as the Identity Theft and Financial Privacy Protection Act. Mr. Sanders will be pleased to know that one of the provisions in that bill is in fact the provision that every consumer receive a free credit report from the agencies, and his idea has been adopted as well.
With reauthorization of the Fair Credit Reporting Act a likelihood later in this year, our committee is in a unique position to take the necessary steps to improve and continue the fight against identity theft, which is one of the fastest growing, most personally destructive and invasive crimes that can be committed against an individual. I would urge all of my colleagues to read Maureen's complete written testimony, as hers is a compelling case for this committee to act in a swift fashion. To give you some idea of the enormity of the extent that the Mitchell family has been victimized, all told it is well over $100,000. Their identities have been used to apply in a 2-hour period for $45,000 worth of personal loans at three different banks in Chicago, and they are the proud owners of two luxury sport utility vehicles, neither of which they ever purchased.
Maureen, I want to thank you for being here today and I hope that one day you will have the opportunity to visit Washington without an invitation to testify on your identity theft ordeal. Hopefully this hearing and legislation will begin to help you and the thousands of other victims of this crime get your lives back on track.
Again, Mr. Chairman, thank you for holding these hearings, and I very much look forward to hearing from our witnesses.
Chairman BACHUS. Thank you, Mr. LaTourette. You have chaired some of the hearings in this regard, and I very much appreciate that.
Let me read down through the list and see if any of the members have opening statements. This is in order of arrival. Ms. Kelly, do you have an opening statement? I also want to say that Ms. Kelly was the first member to hold hearings on information security in the House of Representatives, and we very much appreciate your early identification of the issue of identity theft.
Page 10 PREV PAGE TOP OF DOC
Mrs. KELLY. Thank you, Mr. Chairman.
I really appreciate the fact that you are holding this hearing on the role of the FCRA in preventing identity theft. Earlier this year, we chaired a joint hearing together on fighting identity fraud and improving information security. In that hearing, what we learned was that identity theft is among the fastest growing crimes in America. It is a top consumer complaint according to the FTC. More importantly, we discovered that combating identity theft requires the collaborative effort of law enforcement and regulatory agencies, as well as consumers and financial institutions. All four need to be involved if we are going to stop identity theft, and all of them have to have appropriate access to appropriate information.
As this committee continues to explore the reauthorization of the FCRA, I would like to stress the impact that this law has had on our ability to combat identity theft and help the law enforcement officials in charge of tracking down illicit money get that job done. They do that job under the USA PATRIOT Act, this is one of the really positive things of the USA PATRIOT Act, and the FCRA has helped do that. The FCRA and information sharing that it has provided is essential to protecting the American people by detecting suspicious activity and weeding out the wrongdoers.
The national uniform standards under the FCRA have also facilitated a financial institution's ability to utilize additional authentications and identity verifications to protect consumer security. The protections incorporated in the FCRA are critically important in enabling victims to correct the damage to their credit histories created by identity thieves.
Over the last few weeks, we have heard testimony from many diverse panelists from lots of different witnesses endorsing the extension of the FCRA uniform standards. The Department of Treasury specifically highlighted the importance of the national credit reporting system in helping to detect identity theft, and in creating a framework for assisting its victims. I share these views and I think we have got to reauthorize the FCRA to protect Americans from really truly hideous and preventable crimes.
Page 11 PREV PAGE TOP OF DOC
I thank all of the witnesses for appearing here today. I look forward to hearing what you have to say on strengthening our network to combat identity theft. But I am also pleased, and I am going to take a moment here to introduce one of the special witnesses from the great State of New York who will appear on the third panel. His name is Joshua Peirez. He is the Senior Vice President and Assistant General manager for MasterCard. Mr. Peirez is the counsel for MasterCard's North American region and he comes from my county, Westchester County in New York. It is great to have Mr. Peirez here. I look forward to his testimony and the testimony of all of the witnesses.
I thank you and yield back my time.
Chairman BACHUS. I appreciate that.
At this time, the Chairman recognizes the gentleman from Texas, Mr. Hinojosa. Also, Mr. Hinojosa, I want to say that you and I will be holding hearings Thursday on expanding consumers's rights to obtain financial services in the low-and middle-income communities, and the need of the underserved for more financial services.
Mr. HINOJOSA. Thank you, Mr. Chairman. I look forward to working with you on that hearing on Thursday.
Today, I want to thank Chairman Bachus and Ranking Member Sanders for holding this final non-legislative hearing today to investigate the role of the Fair Credit Reporting Act in fighting identity theft. It is necessary that we continue to assess the importance of the national credit reporting system. I look forward to this hearing and to hearing additional testimony to further clarify this issue.
As I noted at the first hearing, my office was contacted frequently by numerous individuals and groups about the Fair Credit Reporting Act in the first half of this year. I personally heard from industry, consumer groups and several regulators on the issue. Lately, I have not been contacted by industry groups nor consumer groups on what they would like included in the legislation that likely will be crafted and introduced in the near future. It is my hope that Treasury and the Administration will publish its long-awaited proposals on identity theft and the FCRA, perhaps as soon as this week.
Page 12 PREV PAGE TOP OF DOC
Most of us realize that language has been available at the Treasury Department, but the White House has been taking its sweet time deciding what position to take on Treasury's proposal, while also watching closely the developments in the House and the hearings in the Senate. In 2001, more than 117,000 complaints from identity theft victims were added to FTC's database. In 2002, those complaints increased to almost 162,000. According to FTC Chairman Beales, the dramatic increase may reflect a growing awareness of consumers about identity theft.
Consumers who call the FTC hotline receive telephone counseling from specially trained personnel who provide general information about identity theft and help guide victims through the steps needed to resolve the problems resulting from the misuse of their identities. Consumers are advised to contact the three national consumer reporting agencies and have a fraud alert place in their file, close accounts identity thieves have accessed, dispute unauthorized charges and report the theft to the police and get a police report.
Identity theft occurs when a consumer's Social Security number, credit card number, or name is used without his or her knowledge to open fraudulent credit, telecommunications or utility accounts, or to use already existing accounts. It can also occur when an individual's name is used unknowingly to pass bad checks or to get loans, jobs or obtain housing. This crime potentially affects every consumer in all sectors of the financial services industry, including financial institutions, credit card companies, insurance companies, mortgage companies, and hospitals. The theft can be carried out over the telephone by computer hacking into an individual's confidential files or by stealing hard copies of a company's billing information. The victim of the theft usually does not realize the information has been stolen until sometime later. As a result, these crimes could be used to support terrorism, among other criminal activities.
Today, I cosponsored H.R. 2035, the Identity Theft and Financial Privacy Protection Act of 2003, introduced by my friend, Congresswoman Hooley, the Chair of the Democratic Task Force on Identity Theft on which I serve. The Task Force investigated the exploding problem of identity theft, the fastest growing white collar crime in America, and other financial crimes. I decided to cosponsor Congresswoman Hooley's legislation because it contains strong provisions that will help fight identity theft. These provisions in this bill are extremely important to us in Texas, which ranks fifth in the number of identity theft complaints reported to the FTC.
Page 13 PREV PAGE TOP OF DOC
I have said in the past that one of the main decisions we, as a Committee, needed to make is whether to extend all seven exceptions to the Fair Credit Reporting Act that preempt State law, just some of the exceptions or none of them. They all expire January 1, 2004. On June 11, 2003, I and several new Democrats cosigned a letter to Chairman Oxley and Ranking Member Frank looking towards their leadership to ensure that legislation extending the seven expiring provisions of the Fair Credit Reporting Act is passed by the House and Senate before their termination on January 1 of next year. I believe that these seven provisions enhance the efficiency of the nation's credit system, promote access to the financial industry, protect American consumers, and I am firmly committed to extending them.
With that said, Mr. Chairman, I ask that the rest of my statement be included in today's record of the proceedings.
[The prepared statement of Hon. Rubén Hinojosa can be found on page 76 in the appendix.]
Chairman BACHUS. I thank the gentleman.
I now recognize subcommittee Chairman Castle and commend him for his expertise in the matter of FCRA and your participation in these hearings.
Mr. CASTLE. Thank you, Mr. Chairman.
When they write the book about pieces of legislation not having sufficient hearings, anyone who protests that you did not have sufficient hearings, send them to me. We have had more hearings on this subject, more panels than anything that I remember since I have been in the Congress of the United States, and I came with you, on the Fair Credit Reporting Act. And they have been informative, and I believe it has served its purpose, Mr. Chairman. I think we have a consensus forming on both sides of the aisle, now both sides of the Capitol, that extending the preemption provisions in FCRA is essential to our economy.
I am particularly interested in today's topic, the role FCRA plays in fighting identity theft because that is at the heart of people's concerns about their financial privacy. As we seek to pass legislation to extend FCRA's preemptions, we need to be careful that efforts to improve FCRA in the name of privacy do not have unintended consequences of undermining the ways FCRA currently prevents identity theft. I think today's hearing will establish the foundation we need to make sure the law of unintended consequences does not become an amendment to future legislation in the area.
Page 14 PREV PAGE TOP OF DOC
I would like to mention way down on the third panel is an extraordinary Delawarean and American, Jim Kallstrom, who is now living in the State of Delaware. I think it is safe to say that when times get tough and the nation needs smart capable people to serve, Jim Kallstrom's name rises quickly to the top. In addition to his decades of service to our nation as a Marine Corps captain in Vietnam and an FBI Special Agent in Charge, Mr. Kallstrom rose to the occasion after 9-11, leaving MBNA, where he works in Delaware, to serve as the Director of public security for the State of New York. There he was responsible for counterterrorism planning and operations and served as the point of contact for the State with the then-White House Office of Homeland Security. Now Jim splits his time among advising the Governor of New York on counterterrorism, advising MBNA, and hosting the Discovery Channel weekly show, The FBI Files. So we thank him very much for being here today and look forward to his testimony, as well as the testimony of the others.
Thank you, Mr. Chairman.
Chairman BACHUS. Thank you.
Mr. Lucas or Mr. Crowley, do you have opening statements?
Mr. CROWLEY. Mr. Chairman, I do not have an opening statement. I just want to welcome someone later on as well in the second panel, Maureen Mitchell, who is nee Sullivan. She now lives in Ohio, but was originally from Woodside, Queens. Just for the record, I want to welcome her if I am not here later on.
Thank you, Mr. Chairman.
Chairman BACHUS. I thank the gentleman from New York.
At this time, it is my pleasure to introduce the gentleman from Arizona, Mr. Shadegg, and to remind members of the committee that it was Mr. Shadegg that actually introduced the Identity Theft and Assumption Deterrence Act and was the main sponsor of that legislation. So I commend you for that, Mr. Shadegg, and we welcome your participation in this hearing and your early leadership.
Page 15 PREV PAGE TOP OF DOC
Mr. SHADEGG. Thank you very much. Thank you, Chairman, Bachus, for allowing me to be a part of this Financial Institutions Subcommittee hearing on identity theft. I am pleased to be here to listen to the testimony that will be provided by our distinguished witnesses.
I am particularly interested in hearing the testimony from our second panel, the victims of identity theft. I strongly believe that we will learn the most about appropriate legislative responses from those who have experienced this crime first-hand and are intimately familiar with the difficulties victims face in trying to clear their name and repair their credit after an identity theft crime has occurred.
My personal interest in identity theft began about five years ago when two of my constituents, Bob and JoAnn Hartle of Phoenix, Arizona were the victims of identity theft. Unfortunately, Mr. and Mrs. Hartle could not be here with us today to tell their story. I am confident that we would have benefited from their experience and expertise as independent consultants to other consumer victims of identity theft. Mr. Chairman, I would like to request unanimous consent to submit for the record their written testimony.
Chairman BACHUS. Without objection.
Mr. SHADEGG. Bob and JoAnn Hartle were instrumental in getting the first State law in the nation to criminalize identity theft passed. Mr. and Mrs. Hartle suffered the devastation of identity theft when a convicted felon took Mr. Hartle's identity and made purchases totaling over $100,000. This individual also used Mr. Hartle's identity to obtain a security clearance to secure areas of Phoenix's Sky Harbor International Airport, and to purchase handguns using Mr. Hartle's clean record to get around the Brady gun law.
As a result of this victimization, Mr. and Mrs. Hartle were forced to spend more than four years of their lives and more than $15,000 of their own money to restore their credit because there were no Federal penalties for identity theft. Their case led me to introduce a bill in the House that was eventually signed into law, the bill you referenced, Mr. Chairman, the Identity Theft and Assumptions Deterrent Act of 1998. It gave law enforcement agencies the authority to investigate and prosecute identity theft crimes. Mr. and Mrs. Hartle turned their experience into something positive by establishing a nonprofit organization to assist other victims of identity theft. Their Web site, Error! Bookmark not defined., is available to provide guidance to identity theft victims nationwide. Identity theft ranges from individual instances like the Hartles involving small or large dollar amounts, to large organized professional crime rings. TriWest Healthcare Alliance, a company located in my district, may have been the victim of a professional crime ring. On December 14, 2002, computer hard drives containing their clients's sensitive, personally identifiable information were stolen from TriWest Phoenix's office.
Page 16 PREV PAGE TOP OF DOC
The nature of identity theft has changed and threat is more likely than ever to come from breaches of data security. According to the Federal Trade Commission, there is a shift by identity thieves from going after single individuals to going after mass amounts of information. Law enforcement experts now estimate that half of all cases come from the thefts of business databases as more and more information is stored in computer databases that are vulnerable to attack from hackers.
The identity theft legislation that I introduced and was signed into law in 1998 was an important first step on the road to crack down on identity fraud crimes. However, Mr. Chairman, clearly more legislation is needed in this area to protect consumers from identity theft. I am currently working on my own draft and there have been many others discussed here today, some of which have already been introduced. I look forward to hearing the testimony from our witnesses and to working with you and the other leaders in the Congress on legislation in this area.
I thank you and I yield back the balance of my time.
Chairman BACHUS. Thank you.
I would like to again thank the gentleman from Arizona for participating in our hearing. We felt like having the author of the first piece of Federal legislation to combat this problem would be appropriate, and we certainly appreciate your participation.
Mr. SHADEGG. Thank you, Mr. Chairman.
Chairman BACHUS. I think it is appropriate that with Mr. Shadegg's opening statement, I understand no other members of the subcommittee have opening statements. That being the case, I think it is appropriate for us to move to our first panel. I want to introduce them.
Mr. Howard Beales, III. Mr. Beales is testifying for the third time in our series of hearings. He is the Director of the Bureau of Consumer Protection at the Federal Trade Commission. We always find your testimony enlightening, Mr. Beales, and we welcome you back.
Page 17 PREV PAGE TOP OF DOC
Mr. Daniel Mihalko, Inspector in Charge of the United States Postal Inspection Service, we appreciate your assistance with the subcommittee in preparing for these hearings. Mr. Tim Caddigan, Special Agent in Charge, Criminal Investigation Division, the United States Secret Service, we welcome you, Mr. Caddigan. And last but not least, Ms. Mary Ann Viverette, who is the Chief of Police for the City of Gaithersburg, Maryland, which is a suburb of Washington, on behalf of the International Association of Chiefs of Police. We welcome you to this morning's hearing.
Mr. Beales, if you would lead off with your testimony.
STATEMENT OF J. HOWARD BEALES, III, DIRECTOR OF THE BUREAU OF CONSUMER PROTECTION, FEDERAL TRADE COMMISSION
Mr. BEALES. Thank you very much, Mr. Chairman and members of the subcommittee. It is a pleasure to be back in front of you again today.
I am pleased to have this opportunity to discuss identity theft and its relationship to the Fair Credit Reporting Act. The views expressed in the written statement are those of the Commission, but my oral presentation and responses to questions are my own and do no necessarily represent the views of the Commission or any individual commissioner.
Identity theft, as you noted, can be devastating to consumers's reputations, to their financial well-being and to their sense of security. At the FTC, we are fighting identity theft on many fronts. For example, in partnership with the Justice Department and all of the agencies that are represented at this table, the Postal Inspection Service, the Secret Service, and the International Association of Chiefs of Police, we are training local law enforcers on how to fight identity theft. Today, we are holding a training session in Westchester, New York.
We at the FTC are also providing law enforcers with case referrals from our identity theft data clearinghouse. We are also working to keep consumers' financial data safe through our new safeguards rule, which took effect at the end of May, and our enforcement actions against companies that fail to keep their security promises to consumers. Just last week, we announced a settlement with online retailer Guess.com for failing to protect customer data as promised. We also released a tip sheet for businesses on the steps they should take to assure the security of their online systems.
Page 18 PREV PAGE TOP OF DOC
Through workshops, educational campaigns and our ID theft hotline, we are counseling consumers and businesses on how to prevent identity theft. We are also providing consumers with tools such as our uniform identity fraud affidavit to help them recovery more quickly and easily from identity theft.
Today, you have asked for testimony about identity theft in the Fair Credit Reporting Act. In addition to harming consumers, identity theft threatens the fair and efficient functioning of consumer credit markets. It undermines the accuracy and credibility of the information flows that support those markets. Credit bureaus are simultaneously a target for identity thieves and a valuable resource for combating identity theft. The credit reporting system can play an important role in helping to detect identity theft, in limiting the damage from identity theft, and in helping victims to clean up the mess that thieves leave behind.
The Fair Credit Reporting Act helps consumers detect identity theft by providing consumers access to credit reports when they need them most. A credit report digests in one timely document all accounts opened in the consumer's name, and it is the best way to discover those accounts that may have been opened by an impostor. Under the FCRA, consumers who believe they may have fraudulent information in their files are entitled to a free credit report.
Moreover, the FCRA requires that consumers who are denied credit based on information in a credit report be notified of the adverse action and given the opportunity to obtain a free copy of the credit report. This adverse action notice can alert consumers that they may have bad marks on their credit record that they do not know about. The free credit report helps them to pinpoint the fraudulent or erroneous accounts. Adverse action notices provide consumers with a critical safeguard and we are vigorously enforcing the FCRA's adverse action provisions.
In addition to helping victims detect identity theft, the credit reporting system helps limit the damage that identity thieves can cause by allowing for the placement of a security alert in a victim's credit file. Currently, the three major credit bureaus include a standardized format security alert in the credit reports of identity theft victims. This alert puts potential creditors on notice that they should proceed with caution when granting credit in the victim's name.
Page 19 PREV PAGE TOP OF DOC
Finally, the credit reporting system can help identity theft victims clean up the bad credit marks caused by a thief. A common problem of victims is that they find it difficult to get credit, insurance or employment in the wake of an identity theft incident because the impostor has damaged their credit history. The big three credit bureaus now allow victims to block fraudulent information on their credit report with a valid police report of the identity theft incident.
We are working with the credit bureaus to develop other victim assistance programs. For example, this spring the credit bureaus implemented their joint fraud alert initiative whereby victims only need to call one credit bureau to get a security alert and a free credit report from all three. These and other kinds of steps can help to reduce the costs and the consequences for identity theft victims, but there is clearly more to be done.
I thank you for the opportunity to appear today. I look forward to responding to your questions.
[The prepared statement of J. Howard Beales III can be found on page 87 in the appendix.]
Chairman BACHUS. I appreciate that.
Mr. Mihalko?
STATEMENT OF DANIEL L. MIHALKO, INSPECTOR IN CHARGE, CONGRESSIONAL & PUBLIC AFFAIRS, UNITED STATES POSTAL INSPECTION SERVICE
Mr. MIHALKO. Thank you, Mr. Chairman. Good morning, members of the subcommittee. On behalf of the Postal Inspection Service, I would like to thank you for holding this hearing and giving me the opportunity to discuss identity crimes and the significant role the Postal Inspectors play in combating it.
To put things in perspective, I would like to start by talking about three things: the mail, the Postal Service and identity crimes. The Postal Service delivers about 200 billion pieces of mail each year. In this country, there is an expectation that each one of those pieces is going to get delivered not only in a timely manner, but it is not going to be tampered with, no one is going to take anything out of it, no one is going to read the correspondence. The responsibility for safeguarding those 200 billion pieces of mail rests with the Postal Inspection Service.
Page 20 PREV PAGE TOP OF DOC
As Federal law enforcement officers, we ensure the confidence in the mail by enforcing over 200 Federal statutes that deal with the mail. Primary among those are the theft or possession of mail and the oldest and the still most effective consumer protection law, the mail fraud statute. Last year, Postal Inspectors made over 11,000 arrests, 6,000 of those were for mail theft. Of those 6,000, 2,000 were for identity theft crimes. In fiscal year 2003, we have already surpassed that number of identity theft arrests.
I think this morning we have already heard some good explanations and definitions of what identity theft is and the way it occurs. Over the years, Postal Inspectors have developed an expertise in working these types of cases, particularly when they involve the use of the mail. Those that involve the use of the mail receive swift action by Postal Inspectors. We work hard to ensure consumers are being protected. In addition, we work closely with the mailing and the financial industry to develop guidelines on how best to design mailing pieces to prevent theft. This partnership illustrates how the industry as a whole is serious about the issue. Mail is very important to consumers who receive it, and it is very important to the businesses that send it.
I am sure all of you have received preapproved credit applications in the mail. Those mailings were prime targets for an identity thief because they simply required a signature and the return of the form back to the company. When stolen from the mail, the thief could redirect the response to the application to a different address and have the credit card sent there. But times have changed due to our efforts and industry awareness. For example, credit card companies have adopted our security recommendations and now automatically discard applications when they are returned with a change of address, making them less attractive to the identity thief. Also, industry has changed its practices. Credit offers now contain much less information.
Fraudulent changes of address sent through the post office used to be another favorite vehicle for identity thieves, but not anymore. The proactive effort by the Postal Service to prevent false changes of address is the move validation letter. When a change of address is filed now, the Postal Service sends a letter to both the old and the new address. The letter instructs the individual to call an 800 number if they have not filed the change of address. This simple measure has virtually eliminated the placing of false change of addresses with the Postal Service as an avenue for committing identity theft.
Page 21 PREV PAGE TOP OF DOC
As we have made it more difficult for mail theft to be a component of identity theft, the crime has evolved to the Internet and other electronic means. Personal information contained in corporate and government records and computer databases is a fertile area for dishonest employees working in conjunction with identity thieves. Businesses understand the need to protect their personal data. Improved data security should be a goal of all businesses. We can measure arrests and the effectiveness of law enforcement efforts, but it is hard to measure the full impact on victims, and it can be devastating. I am sure you are going to be hearing about that in your second panel when the victims testify. A couple of interesting points, most victims do not learn about the theft of their identity until 14 months after it has occurred. It generally takes about 44 months to clear up their cases, and victims report that they spend on average 175 hours actively trying to restore their credit rating and to clear their good name. Victims run the gamut of society. They are wealthy; they are poor; they are old; they are young. No one is immune and everyone is a potential victim.
Our experience has shown that enforcement laws coupled with an aggressive education campaign, the cooperation of industry and the interagency enforcement efforts are invaluable tools in the fight against identity crimes. In addition to modifying industry practices and making financial mailings less attractive to a thief, our partnerships have resulted in a number of fraud prevention guides. The first one is Identity Theft, Safeguard Your Personal Information. This is a Postal Inspection Service publication we first put out in the late 1990s. As of this point, we have printed and distributed over 2 million of these guides to businesses and consumers.
Second is a video called Identity Theft, The Game of the Name. This is a video that is put out for law enforcement, for consumer groups, and for corporate personnel. It talks about the dangers of identity theft and some prevention tips. Another guide that we put together is Detecting and Preventing Account Takeover Fraud, a publication which goes towards credit grantors with information for preventing takeover schemes. Later this year, the joint law enforcement-financial industry task force called the Financial Industry Mail Security Initiative will issue a book on best practices developed over the years.
Page 22 PREV PAGE TOP OF DOC
As Congresswoman Kelly said, aggressive law enforcement efforts are not enough. They are a key component of our mission, but arrests are not the only solution. We have found that creating awareness and prevention programs for consumers can go a long way to lessen the impact this crime has on the public. In addition to the two brochures and the videos mentioned, we partnered with Showtime network in 2000 to produce a Showtime movie on television about identity theft based on cases of Postal Inspectors. This past year during national consumer protection week, Postal Inspectors partnered with the Postal Service's consumer advocate in a nationwide awareness campaign on identity theft. This September, the Postal Inspection Service, along with our partners the FTC and the Postal Service, will be unveiling yet another nationwide campaign. This one is also on identity theft.
This year, we are going to take a two-pronged approach. We are going to be providing information to consumers as we have in the past, but we are also going to be addressing businesses on the need to safeguard their files and databases of customers' information. Actor Jerry Orbach of television's Law and Order fame, who also was a victim of identity theft, has agreed to be the campaign spokesperson. The campaign will include a mailing to residences in 10 States identified by the FTC as reporting the most identity theft complaints, a public service announcement featuring Jerry Orbach, and an identity theft insert outlining prevention tips that will be included with monthly financial industry statements. We will be displaying in lobbies in all 38,000 post offices, which is going to make people aware of identity theft and some of the prevention tips. We are also going to produce another informational video and we are going to place half-page newspaper ads in the major newspapers in the 10 States that the FTC identified as having the most complaints.
The Mullen agency of Pittsburgh has provided support for this campaign on a pro bono basis, but what really makes this campaign unique is the funding source. We have all heard the saying, ''crime does not pay.'' Well, in the case of this awareness case, it does pay. This campaign is being funded through a unique application of fines and forfeitures paid by criminals in a past fraud case.
Page 23 PREV PAGE TOP OF DOC
Educating the public and working to reduce opportunities where the Postal Service and the mail can be used for illegal purposes are crucial elements in our fight against identity crimes. As always, we will do our part to remove criminals from society. We appreciate the subcommittee's recognition of the importance of this issue.
Thank you, Mr. Chairman.
[The prepared statement of Daniel L. Mihalko can be found on page 165 in the appendix.]
Chairman BACHUS. Thank you.
Special Agent Caddigan?
STATEMENT OF TIM CADDIGAN, SPECIAL AGENT IN CHARGE, CRIMINAL INVESTIGATIVE DIVISION, UNITED STATES SECRET SERVICE
Mr. CADDIGAN. Mr. Chairman, Mr. Sanders, thank you for inviting me to be part of this hearing today and the opportunity to address the committee regarding the Secret Service's efforts to combat identity crime and protect our nation's financial infrastructure.
The explosive growth of identity theft-related crimes has resulted in the evolution of the Secret Service into an agency that is recognized worldwide for its expertise in the investigation of all types of financial crimes. Our efforts to detect, investigate and prevent financial crimes are aggressive, innovative and comprehensive. The burgeoning use of the Internet and advanced technology, coupled with increased investment and expansion, has intensified competition within the financial sector. Although this provides benefits to the consumer through readily available credit and consumer-oriented financial services, it also creates a target-rich environment for today's sophisticated criminals, many of whom are organized and operate across international borders.
Page 24 PREV PAGE TOP OF DOC
Identity crime is not targeted at any particular demographic. Instead, it affects all types of Americans regardless of age, gender, nationality or race. What victims do have in common is the difficult, time-consuming and potentially expensive task of repairing the damage that has been done to their credit, their savings and their reputation. According to the GAO, the average victim spends over 175 hours attempting to repair the damage inflicted by identity crime.
Identity crimes originate when another person obtains your personal or financial identifiers. Methods of acquiring such information range from the so-called ''dumpster diving'' where the criminal searches through your garbage for billing statements or other documents that may include personal identifiers, to insiders who purge information from their own company's database and place it for sale on the Internet.
Since our inception in 1865, the twin pillars of the Secret Service have been prevention and partnership building. A central component of the Secret Service's preventive effort has been to increase awareness of issues related to identity crime, both in the law enforcement community and among the general public. The Secret Service has undertaken a number of unique initiatives aimed at increasing awareness and providing the training necessary to combat identity crime and assist victims in rectifying damage done to their credit. This includes the development of a number of training tools designated to assist our local law enforcement partners.
Mr. Chairman, I cannot emphasize enough the importance of sharing expertise with our local and state police partners, and empowering them with the ability to respond on the local level to identity crimes. In a nation of thousands and thousands of communities and a population exceeding 270 million, providing the first responder, in this case a local police officer, with the training and information they need to investigate an identity crime and provide victim assistance, is imperative.
We believe the Secret Service can best service the American people by acting as a force multiplier. In other words, directing our efforts towards providing the 700,000-plus local and State law enforcement officers with the tools and resources they need to provide assistance in their communities. In partnership with the International Association of Chiefs of Police, the Secret Service produced the best practice guide for seizing electronic evidence. This pocket-sized guide instructs law enforcement officers in the seizure of evidence, from personal computers, wireless telephones, to digital cameras. We have also worked with this group and our private sector partners to produce the interactive computer-based training program known as Forward Edge, which incorporates virtual reality features and technical support to instruct local law enforcement officers on how to address an electronic crime scene.
Page 25 PREV PAGE TOP OF DOC
Thus far, we have distributed free of charge over 300,000 best practice guides and over 20,000 Forward Edge CDs to State, local and Federal law enforcement officers. In addition, we are nearing completion of an identity crime video and CD-ROM which will contain over 50 investigative and victim assistance resources that law enforcement officers can use when combating identity crime. In the coming weeks, we will be sending an identity crime CD-ROM to every law enforcement agency in the United States. Over 25,000 identity crime CD-ROMs are being prepared for distribution.
In short, any police department in the country, regardless of size or resources, now has access to state-of-the-art training as well as multiple investigative and victim assistance resources to help them combat identity crime. In a joint effort with the Postal Inspectors, the FTC, the Department of Justice and the International Association of Chiefs of Police, we are hosting identity crime training seminars for local law enforcement. In the last year, we have held such training seminars in Chicago, Dallas, Las Vegas, Des Moines, Washington, D.C., and Phoenix, and seminars are planned in the near future for Washington State and Texas. One, as previously reported, is ongoing in New York State as we speak.
For law enforcement to properly prevent and combat identity crimes, steps must be taken to ensure that State, local and Federal agencies are addressing victims' concerns in addition to actively investigating identity crime. It is essential that law enforcement recognize that identity crimes must be combated on all fronts, from the officer who receives the victims's complaints to the detective or agent investigating an organized identity crime ring. The Secret Service is prepared to assist this committee in protecting and assisting the people of the United States with respect to prevention, identification and prosecution of identity criminals.
Mr. Chairman, that concludes my prepared remarks. I am happy to answer any questions your or the committee members may have.
[The prepared statement of Tim Caddigan can be found on page 100 in the appendix.]
Page 26 PREV PAGE TOP OF DOC
Chairman BACHUS. Thank you, Agent Caddigan.
At this time, we will hear from Chief of Police Viverette.
STATEMENT OF MARY ANN VIVERETTE, CHIEF OF POLICE, GAITHERSBURG, MARYLAND, ON BEHALF OF THE INTERNATIONAL ASSOCIATION OF CHIEFS OF POLICE
Ms. VIVERETTE. Good morning. I am pleased to be here this morning on behalf of the International Association of Chiefs of Police.
As I appear before you today, the issue of identity theft is one of great and growing concern to the law enforcement community. In a relatively short period of time, identity theft has transformed from a relatively unnoticed crime to a major problem in the United States and around the world. In the last few years, personal information has become one of the commodities most sought after by criminals in this country and elsewhere.
Although identity theft is in itself a criminal act under both Federal and most State laws, the theft is almost always a stepping stone to the commission of other crimes such as credit card, bank, computer and Internet fraud, designed to enable the perpetrator to profit from the original theft. Furthermore, funds obtained illegally as a result of the identity theft and its resultant frauds may be used to finance other types of criminal enterprises, including drug trafficking and other major forms of criminal activity. As the use of technology to store and transmit information increases, so too will identity theft.
The ability to accurately define the financial losses of the vast number of crimes committed by means of identity theft is not possible at this time. Many identity theft crimes are not reported to the police and there is no single source of information on this issue. It is fair to say, however, that the cumulative financial losses from identity theft and various crimes that feed from it are staggering. However, perhaps even more tragic than the monetary loss, is the personal cost of identity theft. Because identity theft by definition involves the fraudulent obtaining of funds in the name of someone else, the victim of identity theft may sustain not only great financial loss, but also severe damage to credit standing, personal reputation and other vital aspects of the victim's personal life. Even if the victim ultimately clears his or her credit records and avoids other personal and financial consequences of identity theft, the physical and mental toll on the victim can be significant.
Page 27 PREV PAGE TOP OF DOC
Identity theft is not perpetrated only by so-called ''white collar'' thieves. It is committed by criminals of all types. A recent report indicated that during the period of November 1999 to March 2001, about 12 percent of all suspected perpetrators had a personal relationship of some sort with the victim. However, the remaining 88 percent of suspects had no relation to the victim of the theft. In most cases, the thieves are geographically located far from the victim's place of work or residence. These perpetrators may be solo operators, but more often are members of a larger criminal organization. Such organizations may be local, regional, national or international.
In early years, the involvement of local police departments in identity theft cases was typically minimal. In fact, many local police departments did not know how to respond because the crime was not well understood. This was caused by several factors, including the lack of State laws making identity theft a crime, the fact that most identity theft operations are multi-jurisdictional enterprises with perpetrator and victims usually widely geographically separated, and the general lack of police expertise in investigating the crime of identity theft.
Fortunately, the situation is now rapidly being remedied. The passage of numerous Federal and State statutes has given law enforcement agencies the authority to investigate and prosecute identity theft crimes and departments everywhere are becoming more aware of the significance of identity theft and the availability of a means to combat it. Effectively combating identity theft will require not only the dedication of significant resources and personnel, but also greater collaboration and cooperation between Federal, State, tribal and local law enforcement agencies. This information-sharing among agencies is essential as it may not only lead to successful prosecution of the case in one jurisdiction, but concurrent investigations in other areas of the country. I am pleased to say that in recent years law enforcement agencies have made significant strides in this area, and are increasing our capability to investigate, track, apprehend and prosecute these criminals.
Page 28 PREV PAGE TOP OF DOC
Nevertheless, the law enforcement community cannot effectively combat identity theft by itself. Citizens need to take proactive steps to protect their personal information. Businesses must act to establish safeguards that will ensure that the personal information of their patrons is not exposed. Policymakers at all levels of government need to review current statutes to ensure that protection of personal information is a priority and develop legislation that will strengthen the penalties for identity theft. Only by acting to establish greater protections of personal information and by aggressively tracking down and punishing those who commit identity theft can we hope to turn the tide in this battle.
Thank you, Mr. Chairman.
[The prepared statement of Mary Ann Viverette can be found on page 202 in the appendix.]
Chairman BACHUS. I appreciate the testimony of the panel.
At this time, I recognize the members for questions. The gentleman from Pennsylvania, Mr. Toomey?
Mr. TOOMEY. Thank you very much, Mr. Chairman.
I appreciate the testimony we have just heard. It is focused largely on enforcement of existing laws, which is obviously a very important part of this. But I was hoping that several of you might comment on whether better law enforcement, better training, more resources, more education, is that really likely, in your judgments, to reverse this really shocking trend that we have had, this big acceleration, this upward spike in the frequency of identity theft? Is better enforcement of existing law going to be sufficient to reverse this trend, in your minds, or do we need something above and beyond, in addition, or separate and apart from that?
Mr. Beales, perhaps you would like to begin?
Mr. BEALES. I think we need to address the problem on many fronts. I think enforcement is a key part of any attempt to solve it. I think better penalties would be something that would certainly help and would enhance the enforcement effort. I think there are probably also things that can be done to help with prevention of the crime in the first place and to help victims recover more easily. We at a staff level are hard at work on a package of recommendations that we would bring forward to the commission and then to the Congress, but at this point we do not have any other recommendations.
Page 29 PREV PAGE TOP OF DOC
Mr. TOOMEY. Anyone else care to comment?
Mr. MIHALKO. Yes, I would like to comment.
Resources are always an issue. We in law enforcement never have enough to go around. We do have plenty of good statutes, though, at least in the Postal Inspection Service. We have statutes that cover identity theft on both ends. If there is a theft of mail, we have excellent Federal statutes to deal with theft or possession of stolen mail. If the mail is not part of the initial scheme, but is then used to either mail a phony credit card or a counterfeit credit card, whatever it may be, we have an excellent statute there with the mail fraud statute.
I think what we need, and what I hear from a lot of my inspectors out in the field, is that we need more resources for prosecutors. There seems to be a shortage of Federal prosecution of the identity theft-type cases. But like Mr. Beales said, we also agree that prevention and educating the consumer is a key component of fighting this crime. We just can't seem to get enough education out to people.
Mr. TOOMEY. I would like to follow up on the prevention idea, because it seems to me there are different orders of magnitude of identity theft. Someone can grab a credit card carbon out of a wastebasket and identify my credit card number and perhaps run up some charges. That is a terrible thing, obviously. It is a serious crime, but it is something that I am likely to discover relatively quickly and I am likely to be able to avoid actually incurring the expense. The more serious types of crimes, of course, are those when someone establishes an identity, steals my identity, establishes accounts, obtains credit through this new bogus identity, and then might run up huge credit obligations, which I discover much, much later, which are a huge problem now.
Are we doing enough to prevent that from happening? Are there more things that ought to be done by the private sector to prevent those kinds of abuses? I see, Officer, you are nodding your head. Do you have a response to that?
Page 30 PREV PAGE TOP OF DOC
Mr. CADDIGAN. I think we have seen in recent years the private sector and law enforcement come together on this issue. That has been tremendously beneficial to the consumer. I see the credit card companies, they not only share information among themselves, but with law enforcement. I see all law enforcement, State, local and Federal, coming together and sharing resources. State prosecutors are working with Federal prosecutors. It is not a crime that is going to be completely eliminated overnight, but from our perspective we do see growth in cooperation on all fronts, as Mr. Beales has said, that we have prevention, we have education, we have awareness.
One of the areas that we are most concerned about is information security with regard to end-users and consumers. That is something that is taking a higher priority because when we do have, for example, a hacking situation, customer databases are stolen in bulk, that has a tremendous impact on the identity crime arena. When we can deal with end-users on how to safeguard their systems and safeguard their data files, that is going to be a huge impact. Those relationships are being built as we speak. Those conversations are being had at all levels with regard to security, information sharing and safeguarding information sharing. So I think from our perspective, that multi-front process is effective and it does handle not only the simple carbon theft, but it also deals in the international Internet theft or hacking case involving a large magnitude of identity crimes.
Mr. TOOMEY. Does anybody else have a comment?
Ms. VIVERETTE. Yes, sir. Local law enforcement is really overwhelmed with investigating these, so I agree that prevention is part of the way to solve this. There are several recommendations by the investigators that look into these cases every day. One of those is the availability of instant credit tends to be a problem. They recommend requiring thumbprints or digital photos with any credit application.
Mr. TOOMEY. So some kind of system for authenticating the applicant?
Page 31 PREV PAGE TOP OF DOC
Ms. VIVERETTE. Yes, sir. And the addition of possibly a PIN number along with the credit card to additionally verify the user as the proper person.
Mr. TOOMEY. Thank you very much.
Thank you, Mr. Chairman.
Chairman BACHUS. I thank the gentleman from Pennsylvania.
At this time, the Ranking Member, Mr. Sanders, is recognized.
Mr. SANDERS. Thank you, Mr. Chairman. A question for Mr. Beales, to begin with. Mr. Beales, in your oral statement, you mentioned that when consumers discover that they are victims of identity theft, they may receive a free copy of their credit report. In your judgment, wouldn't it be a good idea if all consumers were to get a free copy of their credit report to catch identity thieves quicker and correct errors in a prompt manner? In other words, if people were able to gain access to their reports, they would see aberrations and dishonest dealings. Does that make sense to you?
Mr. BEALES. The Commission has not taken a position on that. I think that there is no question that access to the credit report would help. I think under the existing statute, consumers have access to a free credit report when they are most likely to need it, which is when they think there is fraudulent information or when they find out that there is a problem.
Mr. SANDERS. I understand that. In general, given the significant increase in this horrendous type of crime, if people receive the reports, they would be able to spot the problem a lot quicker than is currently the case right now. I think one of the problems that we are hearing is that people do not know that they are being ripped off for, in some cases, a relatively long period of time. Don't you think this would expedite the process?
Mr. BEALES. I think it certainly could.
Mr. SANDERS. Okay. Thank you.
Page 32 PREV PAGE TOP OF DOC
Mr. Caddigan, do you have thoughts on that?
Mr. CADDIGAN. I would agree that anything that would make the consumer more aware of his current situation is a preventive tool.
Mr. SANDERS. Okay. Thanks.
Let me ask Chief Viverette a question. You may not want to answer it. It may be too political, but that is okay. One of the debates, the key debate that is going on here has to do with Federal preemption. Some of us believe that we should have very strong standards for identity theft and other consumer problems in general at the Federal level, but we should allow States to go forward in a more aggressive way if they want to. In fact, Maryland, as I understand it, is one of six States in the country right now which does require free credit reports. Is that correct?
Ms. VIVERETTE. I believe it is, yes, sir.
Mr. SANDERS. Okay. Now, I am not suggesting that Congress would take away Maryland's right to do that. I doubt that they would. But give us your thoughts about a State that has been proactive in trying to protect consumers, should States in your judgment continue to have that right?
Ms. VIVERETTE. The decision of the International Association of Chiefs of Police is normally to keep the rights at the State level. Yes, sir.
Mr. SANDERS. Okay. Thank you.
Mr. Chairman, what you heard is from attorneys general from all over this country who believe that they should have the right to be aggressive in protecting consumers, and you are hearing from police officers as well, who want strong consumer protection. I would note the point that the chief made a few moments ago, which is a very important point. I am sure it is all over this country that local law enforcement is being overwhelmed. When somebody calls you up, that takes a heck of a lot of resources to address that problem. Is that correct, Chief?
Page 33 PREV PAGE TOP OF DOC
Ms. VIVERETTE. Yes, sir.
Mr. SANDERS. All right. So I would suggest, Mr. Chairman, that we want to be as aggressive as we can. One way that we are aggressive is allowing States to go further than the Federal government.
Thank you, Mr. Chairman, and I thank the panelists.
Chairman BACHUS. Thank you, Mr. Sanders.
Ms. Kelly?
Mrs. KELLY. Thank you, Mr. Chairman.
Mr. Beales, you said that there can be some things done to help with prevention. Would you mind just expanding on that a little bit? You made the remark and then went on with something else.
Mr. BEALES. We are working on trying to develop and to analyze legislative ideas that we would recommend to the commission and then the commission would offer its advice if that was appropriate to you all. I think the one active prevention program that I think really should be seen as a prevention program that we are very much involved in now and should be continued is efforts to protect information security. Increasingly we see that as the source of the information that turns up in identity theft cases, and we see, frankly, very many businesses that have not taken basic precautions to protect the security of their information.
We have brought cases in some of those instances, our guest case, that I mentioned, which involved the failure to close a well-known vulnerability in a system. And we have developed a business education pamphlet to encourage businesses to look for those kinds of known vulnerabilities and to fix them. I think that is an important preventive effort and I think there is more that can be done in that area in particular.
Mrs. KELLY. One of the reasons that I am concerned about this is that we heard testimony just now about educating the consumer, but any more the way that identity theft can happen, there isn't any act that the consumer does necessarily. It is not about just making sure you tear up your credit card slips when you throw them out. Your identity can be stolen without your knowledge by your not doing anything at all different than you have ordinarily done. That is really tough to educate about. People, I think, are very vulnerable and you can educate them to do certain things, but there are limits to what we can do to educate people to protect themselves.
Page 34 PREV PAGE TOP OF DOC
I am wanting to know what kind of things we are doing with regard to identity theft and terrorism, the movement of terrorism money. We know that that has occurred. I really would like to ask Mr. Caddigan, could you talk to me a little bit about what the Secret Service is doing to put a check on identity theft or identity use in transferring terrorism's money?
Mr. CADDIGAN. When we talk terrorism, the FBI has always taken the lead in the terrorism investigations. That includes the financial investigations. We are an active participant in their initiatives through their JTTFs across the country. So what we try to do is to bring our expertise to bear in the financial sector and apply them to ongoing initiatives that we have in tracking terrorism in our country. That may apply to passport fraud or counterfeit documents, to credit cards that were used to fund individuals that are staying here. It does run the gamut with regard to our own agency's initiatives. We do that under the umbrella of a joint initiative led by the FBI.
Mrs. KELLY. Maybe you and I can explore that in a little less public venue, but I am very interested in what you are doing. This takes me to another level, and that is with anything that we do with regard to protecting people's identity and anything that you do with regard to helping share information so that people can have identity protections, that sharing of information steps into another field, and that is the privacy issue. I wonder if anyone on this panel would be willing to address the problems we are going to experience as we get deeper and deeper into the protections with regard to privacy.
Mr. Beales?
Mr. BEALES. I think that one of the great successes of the Fair Credit Reporting Act is the way in which it balances those concerns, the tremendous benefits of information sharing in detecting and preventing and mitigating the consequences of bad credit and of identity theft, and at the same time protecting privacy. It does that by restricting uses to people who have a permissible purpose and by trying to assure that the information is accurate and that the consumer has a way to try to correct it if it is not. But I think privacy is an important component of it and is really sort of a key goal of the Fair Credit Reporting Act.
Page 35 PREV PAGE TOP OF DOC
Mrs. KELLY. Anyone else want to pick up on that? Thank you very much. My time is up.
Thanks, Mr. Chairman.
Chairman BACHUS. Thank you.
Mr. Hinojosa?
Mr. HINOJOSA. Thank you, Mr. Chairman.
I want to ask a question of Mr. Beales. Did you answer the question about or the idea that was given by Mr. Sanders, providing consumers with a free credit report annually or biannually at their request?
Mr. BEALES. The Commission has not taken a position on that. I think that the consumers have credit reports at the time they are most likely to need it, at the time it is most beneficial, which is when they think there is fraud or when there has been an adverse action. But I think there is no doubt that more availability of credit reports would help in combating the problem.
Mr. HINOJOSA. I disagree that you would wait until you are applying for credit to buy a car a house or whatever, because all the testimony says that most consumers do not find out until about 14 months after the occurrence of that identity theft. So it seems to me that we are going to have to address that question and see what the costs would be and if it is feasible.
I would like to ask Mr. Caddigan the question that I had on trying to give training to our officers out in the field. It seems to me it is time-consuming, but very important. The question is, do you know if the FBI or Secret Service agencies, are able to reach large numbers of officers in States like Texas and California?
Mr. CADDIGAN. A program that is ongoing right now in the State of New York is a collaboration with all four partners at the table here today. We are able to reach across all law enforcement, to include the financial institutions, anybody that would have a need to provide assistance in the area of identity theft, whether it is criminal or victim assistance. The event today has several hundred officers there representing dozens and dozens of departments in New York. We think that by being able to provide a Federal, State and local perspective to the problem and solutions. We are not there just to identify a problem. We are there to provide you with skill sets in providing real solutions to your community or your constituency on how to deal with this epidemic.
Page 36 PREV PAGE TOP OF DOC
So when we can reach out to a victim and make them aware of what they need to do to safeguard themselves, not only from crime that has already occurred, but for future crime that potentially could occur, we feel that that force multiplier in the law enforcement community has a ripple effect that is a substantial benefit in this initiative.
Mr. HINOJOSA. I understand what you said, Mr. Caddigan. Possibly my question, then, should go to Chief Viverette. What I heard Caddigan say is that they were training the trainers, 100 of them in New York. I am talking about reaching much larger numbers. Could it be done through, say, video conferencing? Could it be done through distance learning like the universities are doing now where you could have multiple sites listening to the presentation? If that is so, if it is possible, how do chiefs of police give release time to large numbers of officers so that they can be trained?
Ms. VIVERETTE. Sir, the CD-ROM that the Secret Service has put together is an excellent resource for local law enforcement. Most of us have training commissions at the State level that can require training. The CD-ROMs are perfect for roll-call training at the beginning of a shift. And generally what we are doing is making the patrol officer aware of what is out there, their resources. They will never have the time to do the follow-up. So we are training investigators at a higher level and the patrol officer is provided the resources to know where to go to follow up on their report.
Mr. HINOJOSA. I am concerned that the numbers of identity theft complaints are increasing rapidly, which means that there is insufficient dissemination of information and education to the public and those that help us. The chiefs of police and their officers are evidently not getting enough training or resources to get it done.
So the last question that I would have, Mr. Chairman, is to Howard Beales. Do you support Mrs. Hooley's legislation on identity theft?
Mr. BEALES. The Commission has not taken a position on that legislation. I think there are a number of features in that legislation that are attractive, but the Commission has not at this point taken a position.
Page 37 PREV PAGE TOP OF DOC
Mr. HINOJOSA. We are going to go into a debate on that proposal. I hope that all four agencies would take a good close look because we really need to stop this increase that is occurring and being reported, and it is going to be very important that we get the help of all four agencies.
With that, Mr. Chairman, I yield back the rest of my time.
Chairman BACHUS. Thank you.
The gentleman from Texas, Mr. Hensarling?
Mr. HENSARLING. Thank you, Mr. Chairman.
I think one thing we can all agree on is that identity theft is a very serious and pervasive crime in the U.S. I myself at an earlier hearing announced that I had been victimized by identity theft prior to coming to Congress, when I was a small businessman and a former employee managed to open up a credit card in the name of my small business. When I discovered it, there was about a $22,000 tab on the credit card that had not been paid. Fortunately for me, with one telephone call and one letter, I was able to take care of the matter, so I can attest, at least in my case, occasionally the system does work.
The question really for us today, though, as we look at the title of this hearing, is fighting identity theft, the role of FCRA. So really to cut to the chase, I am interested in the opinion of the panelists, is FCRA friend or foe? Besides the good that comes from FCRA, and we have heard some very persuasive testimony about how we in America enjoy the greatest availability of credit, the lowest-cost credit in the world, and that FCRA plays a very significant role in that. But the question today is, when it comes to identity theft, are we better off having a paradigm that gets us closer to a national standard of credit reporting with a central database, or are we better off with more of an individualized state patchwork system, just with the narrow question of combating identity theft?
Mr. Beales, if we could start with you and receive your opinion on the matter.
Page 38 PREV PAGE TOP OF DOC
Mr. BEALES. I think the uniform system and the safeguards of the Fair Credit Reporting Act do help to reduce the risk that credit bureaus and credit data are the source of identity theft. The fact that the data is centralized and largely in three large institutions I think facilitates efforts to protect the data and facilitates efforts to prevent unauthorized access and to control access, compared to lots of little databases in lots of different places.
Mr. HENSARLING. Mr. Mihalko?
Mr. MIHALKO. I think a national standard is a huge benefit for Federal law enforcement, if we only have to deal with one type of standard. It is also a big benefit for the mailing industry so that they only have to deal with one standard nationwide and do not have to deal with 50 different standards in their mailings across the borders.
Mr. HENSARLING. Mr. Caddigan?
Mr. CADDIGAN. From a Federal law enforcement agency, any standard that eliminates confusion is best for us as we cross State lines in our investigations. The sharing of information with regard to verification check and balance is something that I think will show leads to a reduction in identity crimes. It provides earlier response to potential problems.
Mr. HENSARLING. Ms. Viverette?
Ms. VIVERETTE. Yes, sir. I agree with Mr. Caddigan. It is a situation where when we cross State lines, that is where as a patrol officer we have problems with the follow-up on the investigations. So his remarks are appropriate.
Mr. HENSARLING. We have heard advocacy about a proposal to ensure, I suppose, that all American citizens receive a free copy of their credit bureau reports. Mr. Beales, my guess is you are the expert on this subject, but I am under the impression that free reports are made available already today, for example, to the indigent, to those who have been denied credit, and to those who believe they have been a victim of identity theft. Is my understanding correct?
Page 39 PREV PAGE TOP OF DOC
Mr. BEALES. There are free reports available to people who think they are victims of fraud. There are free reports available to the indigent and the unemployed. There are free reports available to anybody if there is an adverse action taken based on information in the report. Those are the circumstances and in some of those, I think, are the circumstances where the report is most valuable, but it could have value in other circumstances as well.
Mr. HENSARLING. My guess is no one on the panel is qualified to come up with a cost estimate of what that proposal would indeed cost the system. I am just curious what impact that might have on our credit availability and our credit costs should such a plan be enacted.
I see my time is out, Mr. Chairman.
Chairman BACHUS. Thank you.
Mrs. Hooley?
Ms. HOOLEY. Thank you, Mr. Chair.
I have a question for the entire panel, and I apologize for not being here the entire time, and hopefully you have not answered this question yet. One of the things we talk about when we look at identity theft is it is really composed of five pieces, and one of the pieces is prevention; it is education; it is how do you get through the process; it is how do you leave room for technology to help solve the problem. And the last piece, and a very important piece, is law enforcement.
I have spent a lot of time talking to our law enforcement, and one of the problems of course is you don't have to stick a gun to somebody's head to steal their money now; you can just take their identity and steal their money. Because a gun is not used, frequently this crime sort of goes to the end of the list of everything else you are doing. What is the one thing we need to do in law enforcement that would help you prosecute the crime and what is the solution to this obstacle? Because the perpetrator knows that they are probably not going to be prosecuted; they know they are very good at going across city lines, county lines, State lines; they know how much they have to steal before it becomes a felony.
Page 40 PREV PAGE TOP OF DOC
I have known some local police officers who have arrested the same person over and over and over again and let them go because no one was willing to prosecute. What is the solution? What do we do? Do we need to make the laws tougher, the penalties larger? What do we need to do? And if each panel member would answer that question, I would appreciate it.
Mr. BEALES. I think one thing that would clearly help is the penalty enhancement legislation that I know has been introduced in the Senate and I believe has been introduced in the House as well. I think prosecutors look to the length of time that they can get by alleging a particular offense. I think that longer penalties and the change in the structure of penalties to make it more like the gun laws where there is an add-on if you steal an identity in committing another crime, it is an additional sentence added on to whatever sentence there is for the base offense. I think those are approaches that can make prosecutors more willing to prosecute the cases and then enhance deterrence.
Ms. HOOLEY. Thank you.
Mr. MIHALKO. I think one of the things that would be most beneficial to us is an increase in probably the appropriations for the Justice Department to hire assistant U.S. attorneys to handle these types of prosecutions. What we have seen is that there are different U.S. attorneys offices that have different thresholds before they are going to accept identity theft cases for prosecution. It may be $70,000; it may be $100,000, which makes it less attractive to bring those cases because they are not going to be prosecuted. There are a lot of law enforcement resources devoted on the Federal, State and local level to investigating identity theft crimes.
Ms. HOOLEY. Okay, thank you.
Mr. CADDIGAN. I think we are on an upswing with regard to the enforcement and the prosecution. We have seen some enhancements. We have seen some legislative benefits recently. I also think we have seen a shift in the prioritization of these type of crimes in our U.S. attorneys's and district attorneys's offices. I have also seen where we have a better sharing relationship between the State and the Federal with regard to where the biggest bang, if you will, will come for prosecution, depending upon the magnitude, the loss and all the other factors that go into determining prosecution.
Page 41 PREV PAGE TOP OF DOC
So the enhancements that I think we have seen are starting to take effect and hopefully we will see that continue in the future.
Ms. HOOLEY. Thank you.
Ms. VIVERETTE. Yes, ma'am, having identity theft as a specific crime has been helpful. Prior to having that in our State, it was underreported because it was reported as a theft and not identity crime.
Ms. HOOLEY. Okay.
Ms. VIVERETTE. Enhance penalties I think would be important and also the addition of resources for officers to follow up on a crime. Right now, they often have the information, but they do not have the investigative resources to go out and make the arrest.
Ms. HOOLEY. Thank you very much.
Chairman BACHUS. Thank you.
Ms. Capito?
Mrs. CAPITO. Yes, I have just two brief questions. For Mr. Caddigan, you testified that the method of identity theft that may be most difficult to prevent is theft by a collusive employee. What are some possible ways to combat such theft? And also in line with that, that many of the identity criminals use information obtained from companies or off of Web sites, and what can companies do to prevent such intrusions?
Mr. CADDIGAN. The insider threat industry will tell you it is their number one concern, protecting not only their database, but their systems. Again, we believe in prevention; we believe in education. An initiative that we began about two years ago, not quite two years ago now, is an insider threat study. What it basically does is reach out starting with our investigative cases that involve such type of activity. They reach back out to the businesses and ask them to provide a little bit more information as to the prevention methods they use, the safeguards they use, and actually provide advice on how they can better themselves in that arena. That initiative is ongoing. It has reached across the country.
Page 42 PREV PAGE TOP OF DOC
We already see some impact with regard to information sharing within sectors, business sectors. We think that because not only the identity theft portion of criminal activity to the insider, proprietary issues, customer-based issues, there is a lot of need for protection in that arena. Again, not overnight, but I think the right steps are being taken to provide an awareness and also to give viable solutions in a security-minded atmosphere on how you can better safeguard your material as a small, medium and large business. Those initiatives are ongoing.
Mrs. CAPITO. Thank you. I just have one additional question, and this is for anybody who thinks they have an idea. I am curious to know the demographics of someone who could fall prey to identity theft. Is it someone who has the information on the Internet? Is it the elderly? Is it someone in big cities? Is it everywhere? Has it been categorized to a point? I am just curious to know what kind of statistics have been gathered, understanding that identity theft has just now been identified as a crime, or at least one that has been reported.
Mr. Beales?
Mr. BEALES. In our complaint database, the victims look pretty much like the population at large. There are not very many children, but other than that, it pretty much mirrors the distribution of the population. There is no one group that is disproportionately affected. We have completed a random sample survey of identity theft that we hope to release within the next few weeks that will give us a more comprehensive picture of the level of identity theft and also of the nature of who is victimized, but what we see in our complaint data is it just looks like the population at large.
Mrs. CAPITO. Any other comments?
Mr. CADDIGAN. From the enforcement perspective, we rely on the FTC data and we find it to be consistent with our casework. The vulnerabilities are again from the simple trash theft to you dealt with a business on the Internet that was the unfortunate victim of a hacking. It funs the full gamut. No one is particularly targeted.
Page 43 PREV PAGE TOP OF DOC
Mrs. CAPITO. What would be the average time that someone would realize that their identity has been stolen? Would I find out in a month, in a week?
Mr. BEALES. In our complaint data, 48 percent find it out within a month, and an additional number find it out within 1 to 6 months. Within a year, it is 78 percent find it out within a year.
Mrs. CAPITO. I have no further questions. Thank you.
Chairman BACHUS. My first question may be just to follow on that, Mr. Beales, the postal agent testified that it was an average of 14 months to discover?
Mr. MIHALKO. Right. It is about 14 months according to our data before it is discovered, before a victim discovers that they have been a victim of identity theft.
Chairman BACHUS. I am not sure how we square that with Mr. Beales's testimony just moments ago. Are there a significant number that are taking 12 to 14 months to discover, Mr. Beales? What about Mr. Mihalko's testimony?
Mr. BEALES. There certainly are some that take that long, and I don't know the statistical basis for that. What we see in our complaints, and it is just our complaints, is what I reported. Now, I just don't know, in terms of what, it is about 7 percent that take between one and two years and another 8 percent that take between 2 and 4 years to discover it, and then there is a tail of about 5 percent where it takes more than 5 years before it is discovered. So there are some cases that are out there in terms of it taking a long time, but most people find out quickly in our complaint data.
Chairman BACHUS. Okay. I will end the questioning with this question to you, Mr. Beales. FTC Chairman Muris has testified that you are considering different proposals to combat identity theft. You testified at this hearing and previous hearings that you are working on proposals to combat it or additional proposals. This committee anticipates marking up FTC reauthorization next month, at least that is what is anticipated at this time. Will the FTC have any formal proposals to make to this committee that can be incorporated in legislation this month?
Page 44 PREV PAGE TOP OF DOC
Mr. BEALES. We would hope to not be too late, and whether we are too late or not, we are of course willing to offer whatever technical assistance we can in your effort.
Chairman BACHUS. It would be extremely helpful if the Federal agency that is charged with oversight and investigation and coming up with remedies could offer us some formal proposals prior to reauthorization.
Mr. BEALES. We understand that and we will do our best.
Chairman BACHUS. Thank you.
This concludes the testimony of the first panel. The first panel is discharged and we will go immediately to consideration of the second panel. I appreciate your testimony and you are discharged.
The second panel is made up of two victims of identity theft. While they are making their way to the witness table, I might simply say that whether you go by the FTC testimony of basically 125,000 victims of identity theft each year, or you go by the Justice Department records which indicate as many as 500,000 victims of identity theft, we do know that those are both significant numbers. We know that as many as 500,000 reported cases and we know that for each of those cases there is an emotional and financial toll on the victims.
In this second panel, we will actually hear from two of these victims, which in the one regard will be representing a much larger group of millions of American citizens each year who find themselves the victims of identity fraud. I want to welcome our second panel. Our two witnesses, Ms. Maureen Mitchell of Madison, Ohio, formerly of Queens, New York, is that right?
Ms. MITCHELL. That is correct, Mr. Chairman.
Chairman BACHUS. That is correct, thank you. And also Commander Frank Mellott, a U.S. Navy victim of identity theft. You are also here testifying on behalf of the Identity Theft Resource Center.
Page 45 PREV PAGE TOP OF DOC
Commander MELLOTT. Yes, sir, I am, but principally on my own.
Chairman BACHUS. Would you tell this committee what actually the Identity Theft Resource Center is?
Commander MELLOTT. The Identity Theft Resource Center is a victim advocacy group and counseling assistance for victims of identity theft. I am the military assistance coordinator and also the mid-Atlantic-Virginia area regional coordinator. I see primarily cases that involve active-duty, retired or reserve members who are dealing with some of the unique aspects when a military member is a victim.
Chairman BACHUS. I think Mr. Sanders testified that it is a horrendous crime, but it is particularly deplorable or despicable when the victims of identity theft are members of the military serving overseas in defense of our country. It is totally reprehensible that someone would do such a thing to our men and women in uniform. So we welcome your testimony here today.
Also, Ms. Mitchell, I have read your testimony and it has truly been a nightmare for you, just almost inconceivable that someone has to go through what you have gone through. At this time, if you will lead off the testimony.
STATEMENT OF MAUREEN V. MITCHELL, MADISON, OH, VICTIM OF IDENTITY THEFT
Ms. MITCHELL. Thank you, Mr. Chairman.
It is a pleasure and a privilege to be here and I want to express particular appreciation to Congressman LaTourette and Congresswoman Hooley for their efforts and the committee's efforts. And I wanted to say just a personal hello to Congressman Crowley. Joe Crowley and I grew up together in Woodside, New York.
We have been the victims of identity theft and we were not only victims once, we were victims twice. We are a typical middle-class family. We do not have extraordinary assets and we had always taken the normal consumer protections that we are all advised to take to safeguard our information. We shred our outgoing trash. We were never robbed. We were never burglarized. We never lost our credit cards, and we had checked our credit report in March of 1999 to ensure its accuracy.
Page 46 PREV PAGE TOP OF DOC
Yet in September of 1999, we received a phone call from our KeyBank MasterCard service provider questioning an unusual pattern of activity on our credit card. We were very fortunate that they noticed that unusual level of activity. It turns out that that was the start of our identity theft nightmare when we learned that fraudulent purchases had been made, mail-order purchases by criminals who did not have our credit cards in their possession because we had not lost ours, but they had obtained our credit card number. We do not throw out our credit card receipts intact. And in the days when we all had carbons on our credit cards, when we used them, we obtained the carbons and used to rip them up. We are extremely conscientious about safeguarding our information.
We did not bank on the Internet. We did not order merchandise via the Internet. We did not use an Internet program to balance our checkbook. And we found ourselves victims of this. Unfortunately for us in September of 1999 when our MasterCard account number was compromised, our bank closed our credit card account number and told us we would not be responsible for the fraudulent charges. However, they did not suggest that we put fraud alerts on our credit reports, and they left making out a police report to our option. I did make out a police report because if was a few thousand dollars worth of charges that were made using our credit.
In November 1999, 2 months later, we received a phone call from a J.C. Penney credit representative from New Mexico. We have been residents of Ohio since 1978, finding out that criminals in Illinois, and it was in Illinois that the fraudulent mail order charges were made also, had used my husband's name and Social Security number to obtain a line of credit at the J.C. Penney store in Illinois. It was the J.C. Penney's representative who suggested we put fraud alerts on our credit reports, which I did immediately on November 15.
When I contacted Trans Union, Experian and Equifax, the three major reporting bureaus, I was dismayed to learn that there had been over 25 inquiries into our credit during that 2-month period of time between the initial credit card account number being compromised and the phone call from J.C. Penney's, and criminals had changed our address six times. I did place the fraud alerts on our credit report and I also put 7-year consumer statements, and it took me over 400 hours of time to dispute 30 fraudulent accounts that criminals had opened in our names out of State. There had not been 30 inquiries into our credit in the entire 20 some-odd years my husband and I had been married at that point, yet 30 inquiries into our credit in a 2-month period of time did not send up red flags to anybody at the credit reporting agencies. I think that needs to be addressed.
Page 47 PREV PAGE TOP OF DOC
Four hundred hours, hundreds and hundreds of pages of documentation were required by us. I found the information from the Federal Trade Commission's identity theft clearinghouse to be helpful to me. Kathleen Lund from the Federal Trade Commission was the identity theft counselor whom I had spoken to, and she did offer me some guidance and assistance and some emotional support. I also put that in the testimony, because as a victim of identity theft, your life is spinning out of control and we never were able to ascertain our point of compromise. I did meet with our Congressman Steve LaTourette, and it was through his intervention that we were able to be in touch with the FBI. We ultimately wound up with the United States Secret Service, the United States Postal Inspectors, the Office of the Inspector General of the Social Security Administration, and the FBI, plus our local police department as the investigating authorities.
Criminals in Illinois did a $150,000 worth of new credit applications in our names. We had previously had an impeccable credit report. Our FICO scores were in the low 800s; $150,000; 30 different accounts. They bought a Ford Expedition. They bought a Lincoln Navigator. Neither of those vehicles were sitting in my driveway. And two months after the criminals purchased the Ford Expedition, they torched that vehicle, filed a fraudulent insurance claim in my husband's name, and then we had to deal with the National Insurance Crime Fraud Bureau because there was a fraudulent insurance claim filed.
We did get good cooperation from our local police department in Madison, Ohio. As a matter of fact, my husband and I and both of our adult children are carrying a notarized letter from our police chief in our wallets at all times saying that we are the victims of these crimes and not the criminals, because if we get pulled over for some innocuous traffic violation, we can find out that there are warrants under our Social Security numbers that we know nothing of.
Two years after the criminals initially victimized us, and it was 2 years of fighting our way, it is a task made for Hercules that requires the wisdom of Solomon, as a victim of identity theft, to fight your way through the system. Two years afterwards, with the security protocols in place, and I had insisted upon security protocols on our bank accounts, we were making a purchase of a small home for both of our adult children who are students to live in while they were attending medical school and college. The fraudulent purchase of the Ford Expedition, the one that the criminals torched and filed the fraudulent claim on, showed up on my husband's credit report as we applied for the mortgage, lowered my husband's FICO credit score by 118 points, and we were almost denied the loan for the mortgage that we were legitimately applying for.
Page 48 PREV PAGE TOP OF DOC
My girlfriend Cathy said to me, ''You know, Maureen, you just should have had the criminals apply for the mortgage. They would have gotten it with no problem.'' And there may be some truth to that statement. We again had that remedied. This account had bounced back onto my husband's credit report. They knew it was a fraudulent account, yet it reappeared.
In October of 2001, we received at home a very alarming phone call from an intercity branch of our bank asking whether we were having trouble with our bank accounts. I had placed security protocols on our bank accounts. I had insisted upon them. Photo ID and password, and the password was not mother's maiden name or anything else that would be available on a genealogical Web site. Photo ID and password required on our bank accounts, and our local branch of KeyBank, and they have known us for 20 years, insisted that we use those protocols every time we banked, and we insisted upon it also. Yet when I received this phone call on October 30, criminals had made four fraudulent withdrawals from our personal bank accounts. It was upon the attempt of the fifth fraudulent withdrawal that we were finally notified. Criminals removed $34,006.50 from our bank accounts in spite of the fact that photo ID and password was required on these accounts.
We had an arrest made in the State of Illinois, Lansing, Illinois as a matter of fact. The criminal there was prosecuted. He was sentenced to three years in the Illinois Department of Corrections in 1999 when he was arrested. He served less than a year. We currently have a case pending in Cuyahoga County, Ohio. The criminal who made the KeyBank fraudulent withdrawals a week after I received the phone call was attempting to make a $5,000 credit application using my name at the Circuit City store in North Randall, Ohio. When the Illinois crimes were occurring, there were criminals impostoring my husband. When the Ohio crimes were occurring, there were criminals impostoring me.
She was eventually apprehended at the Circuit City store because the fraud alerts on our credit reports did indeed work. Why the security protocols on our bank accounts did not work still remains to be answered. One of the hardest things in being a victim of identity theft is that you are repeatedly subject to having your integrity and character questioned. You are perceived as the criminal and the scales of justice are tipped in the wrong direction in this regard. The criminal is assumed innocent until proven guilty, but the victim of identity theft is assumed guilty until you prove your innocence.
Page 49 PREV PAGE TOP OF DOC
We started to receive phone calls from collection specialists at our home, wanting to know why we were late for the payments on our Lincoln Navigator and our Ford Expedition, the vehicles that we had not purchased. It amazed me that the collection specialist could find the real Ray and Maureen Mitchell when they wanted their money. Too bad nobody bothered to find the real Ray and Maureen Mitchell before they loaned out that money. There are protocols that should work when they are in place. No system is perfect. Our protocols should not have failed. They did. We had to re-work our way through the system. And when the criminal impostor of me was arrested at Circuit City in North Randall, Ohio, she was found to have an Ohio DMV-issued photo identification card that contained her picture but all of my information.
And when that criminal had obtained that photo ID card, my driver's license was automatically suspended in the State of Ohio because it is illegal to have a driver's license and a State-issued photo ID card. So as a result of that impostor's activities, our bank accounts were frozen on October 30, 2001 and I had a suspended driver's license. I am a registered nurse. I am a licensed realtor. We are entitled to have access to our own monies and we are entitled to safeguard our personal licenses. I was scared to death that my real estate or my nursing license would be impacted by criminals because they had already impacted my driver's license.
Our lives were turned upside down for 4 years because of identity theft, and the only risk factor that we had of becoming victims of this crime was that we had an impeccably good credit report. The demographics, as we heard in previous testimony, will show that this crime does affect all people. But if you do not have credit-worthiness, you are not sought out as a victim because it does not serve the purpose of the criminals.
Words cannot begin to describe what this has been like for us. We have fought our way through this tooth and nail. We have received help from Congressman LaTourette. I had the privilege of testifying in a Senate subcommittee at the request of Senator Kyl. We have received help from the Federal Trade Commission. This is a national epidemic and it has to be stopped. Billions of dollars a year are being lost because of identity theft crimes and credit fraud. The impact that it has on victims' lives is unbelievable. Your credit score does not only reflect your loan worthiness. It also reflects to many entities, insurance industries, employers, et cetera, they equate that number with your good character. To have criminals assail that is unacceptable and incomprehensible.
Page 50 PREV PAGE TOP OF DOC
I would encourage all of you to please read my full written testimony. I do realize it is lengthy. Believe me, I compressed four years of details into those pages. I will be happy to answer any questions and I again thank you for the privilege of having testified.
[The prepared statement of Maureen V. Mitchell can be found on page 177 in the appendix.]
Chairman BACHUS. Thank you, Ms. Mitchell.
Commander Mellott?
STATEMENT OF COMMANDER FRANK MELLOTT, UNITED STATES NAVY, VICTIM OF IDENTITY THEFT, ON BEHALF OF THE IDENTITY THEFT RESOURCE CENTER
Commander MELLOTT. Yes, sir, Mr. Chairman, Ranking Member and other members of the committee, thank you very much for the opportunity to testify today. The views and opinions I express today are my own and do not necessarily represent the Department of Defense or the Navy.
I am here because I am a victim of identity theft, but I am also here because I am a victim of what I would call a blunder by the credit reporting industry. My ordeal began back in the summer of 2001 when my wife walked in from the mailbox carrying a letter from the Department of Treasury. That letter said that my $5,000 tax refund, along with all Federal payments, was diverted to California to pay back child support. Now, my paycheck is a Federal payment so I was a little concerned that in less than two weeks I had zero income.
However, the more I thought about it, I became even more concerned with the long-term consequences. As a military member, particularly as an officer working in the field in which I do, a security clearance is an essential component to my ability to function. My security clearance can be affected almost instantly by my credit history. If I lose my security clearance, I am unable to do my job. I am unable to compete with peers for promotion. I am unable to compete for milestone positions such as command of a unit or a squadron, and fundamentally it affects my ability to support my family in my chosen vocation, service to the country.
Page 51 PREV PAGE TOP OF DOC
This all began in calendar year 2000 when my half-brother used my Social Security number and only my Social Security number on W-2 forms he filed with the Breckenridge Group and with Pep Boys in California. Now, I cannot say whether either of those companies verified identity documents when they hired him, but I would suspect that they did not.
In the end, California found out that he was working again by name, and since he owed about $75,000 in back child support, they sent his data off to the Federal agencies for collection. Unfortunately, the data they pulled was the data he supplied, my Social Security number, and the next thing you know I got the letter.
So unfortunately, I am staring this letter in the face. Instead of spending a summer leave period enjoying some time catching up with my two sons after nearly six years of straight sea duty, I am spending it fighting jurisdictional issues. I have got three police agencies all going like this when I tried to file a police report. I am spending hours and hours either writing letters or on the phones with credit reporting agencies trying to track the source of these problems and then get them resolved. I am trying to keep my security clearance folks flooded with information so that I do not lose my security clearance, because quite honestly it is much easier to take one away than it is to get it restored. Once it is gone, it is very difficult.
Of course, I am working with the IRS to try and resolve about $10,000 of income that was reported against my Social Security number that I did not claim. Unfortunately, in February 2002 the problems continued. I had already started the cleanup effort so I had placed fraud alerts with the three credit reporting agencies. Unfortunately, my brother was still able to go out and get cellular phone service with AT&T Wireless in spite of those alerts, bu