Page 1       TOP OF DOC


Tuesday, June 24, 2003
U.S. House of Representatives,
Subcommittee on Financial Institutions,
And Consumer Credit
Committee on Financial Services,
Washington, D.C.
    The subcommittee met, pursuant to call, at 10:08 a.m., in Room 2128, Rayburn House Office Building, Hon. Spencer Bachus [chairman of the subcommittee] presiding.
    Present: Representatives Bachus, LaTourette, Castle, Royce, Lucas of Oklahoma, Kelly, Biggert, Toomey, Capito, Tiberi, Hensarling, Barrett, Renzi, Oxley (ex officio), Shadegg, Lucas of Kentucky, Sanders, Sherman, Moore, Hooley, Hinojosa, Lucas of Kentucky and Crowley.
    Chairman BACHUS. [Presiding.] Good morning. The Subcommittee on Financial Institutions and Consumer Credit will come to order.
    I want to welcome our witnesses. We have three panels today, so the hearing may be quite lengthy. This is the sixth of a series of hearings that we are having on the reauthorization of the Fair Credit Reporting Act. The preemptions or uniform standards that apply to our national uniform credit reporting act are due to expire next January 1. These hearings are being held in anticipation of either extending those uniform standards and making them permanent, or making any changes that need to be made in the Fair Credit Reporting Act to make it more friendly to consumers.
 Page 2       PREV PAGE       TOP OF DOC
    Our first five hearings have revealed without a doubt that the Fair Credit Reporting Act has led to widespread availability of credit. Those in the low-and middle-income classes have benefited tremendously from the Fair Credit Reporting Act and the availability of interest and the low interest rate in the United States. This hearing will deal with identity theft, which is I think by far the most serious problem facing Americans in their use of credit.
    The hearing today consists of three panels. The first panel is made up of Federal and State law enforcement officials who will inform us about the ongoing efforts to apprehend and prosecute identity thieves. Our second panel will actually consist of two victims of identity theft. They will share their personal experiences about the crime. I very much appreciate their courage and their willingness to appear before the panel. Our final panel includes several representatives from the financial services industry. They will share their perspective on FCRA and identity theft. We also have consumer groups represented.
    Identity theft is a crime committed by individuals or organizations seeking to capitalize on the good name of an innocent and unknowing consumer. It is a particularly heinous crime in that it harms not only financial institutions, but consumers and the effect can be both widespread and last for many years. A typical incident of identity theft involves a criminal using the personal data of another individual to assume that individual's identity. Using that false identity, the criminal will obtain goods and services using the victim's credit. The identity thief may also commit additional crimes using the victim's name, creating a false arrest record for the victim, or a record of arrest by the victim for crimes that they never committed.
    These activities obviously tarnish the victim's reputation, credit history and sense of security. The victim of identity theft must then make a great effort to get his or her credit report and personal history back in good shape. We sometimes refer to this as credit repair. Because the financial losses associated with identity theft are generally the burden of financial institutions and other businesses, not the consumer, financial institutions are also the victims of identity theft.
 Page 3       PREV PAGE       TOP OF DOC
    Existing Federal law does address the issue of identity theft. For example, the Identity Theft and Assumption Deterrence Act prohibits the transferring or using of another's identity for fraudulent or other illegal activities. Federal law also makes it illegal to use or traffic in counterfeit credit cards or debit cards, and prohibits criminals from attempting to obtain customer identification and other consumer information from financial institutions under false pretenses.
    The FCRA also is an important tool in addressing identity theft issues. Financial institutions frequently find that the consumer reports that they obtain from credit bureaus under the FCRA provide the most useful information in attempting to distinguish the identity theft from a legitimate consumer. For example, discrepancies between an address or Social Security number contained in a consumer report and the information contained on an application can be used to identify and prevent an identity theft before it occurs. In addition, an identity thief who knowingly and willingly obtains a consumer report from a consumer reporting agency under false pretenses is subject to criminal penalties under the FCRA.
    The FCRA also plays a central role in mitigating the consumer harms associated with identity theft. Under FCRA, each consumer has the right to review the contents of his or her credit report at no cost, and determine whether fraudulent activity has been attributed to the consumer's credit file. If a consumer has been a victim of identity theft which results in misinformation appearing on the consumer's credit report, the FCRA establishes a mechanism whereby the consumer can notify the credit bureau of the fraudulent information and have the information deleted.
    At this time, I am going to recognize the minority ranking member, Mr. Sanders, for any opening statement that he may have.
    [The prepared statement of Hon. Spencer Bachus can be found on page 70 in the appendix.]
 Page 4       PREV PAGE       TOP OF DOC
    Mr. SANDERS. Thank you very much, Mr. Chairman, and thank you for holding this important hearing, and thank you all, our panelists, for being with us this morning. We appreciate that very much.
    Mr. Chairman, today's hearing will focus on identity theft. Let me just mention that on this side of the aisle, we have a number of excellent proposals that address that issue. Mr. Gutierrez, Mr. Ackerman, Mr. Ford, Ms. Hooley, and Mr. Emanuel have all brought forth some excellent ideas that I think will take us a long way in addressing the crisis of identity theft.
    We all know that identity theft abuses in this country are skyrocketing. We are going to hear that from our witnesses. According to data from the Justice Department, 500,000 people, half-a-million people filed reports with law enforcement in 2002 for identity theft crimes, and an estimated 700,000 are likely to file similar reports this year. A major problem now, it is getting worse and we need some solutions to that. In addition, the dollar losses reported by identity theft victims have increased from $160 million in 2001 to $343 million in 2002. So this problem is accelerating and it is incumbent upon this committee to address it. We are going to hear, I know, in the course of the next few weeks a number of excellent ideas. I want to bring forth one idea that I think is important. That is that one very obvious and extremely helpful tool would be to provide consumers free credit reports and credit scores from all three credit bureaus at least once a year, and a description of the key factors that may have adversely affected the consumer's credit score. In other words, one way to deal with this issue and many other issues as well is to make sure that consumers all over this country have free access to their credit reports. When they have that access, they will be able to see, wow, who has been ripping me off; who has stolen my identity; and they will be able to move a lot quicker than they are at present.
    I am happy to inform you, Mr. Chairman, that I have introduced legislation in this regard which is being supported by virtually all of the consumer organizations in this country, including the Consumer Federation of America, Consumers Union, and the U.S. Public Interest Research Group. Allowing consumers free access to their credit reports could substantially improve the accuracy of credit reports and cut down on identity theft. I look forward to working with you, Mr. Chairman, on this legislation.
 Page 5       PREV PAGE       TOP OF DOC
    Mr. Chairman, I would also point out a somewhat tangential issue, but important as well, that very often we will hear testimony from our friends in the banking industry and the credit card industry about this and that other matter, but I think we should be aware as we hear their testimony that in some instances at least executive compensation in the banking industry is getting really out of hand. According to an article that appeared in the Philadelphia Inquirer on June 1, 2003, ''Number one on Business Week's 2020 pay scorecard was financial giant MBNA CEO Alfred Lerner with $194.9 million.'' Mr. Lerner died in October 2002 and was replaced in November by Charles Cawley, who managed to place number six on that list with a total pay of $48.6 million. Not too bad. Two more MBNA executives who were not CEOs also got megabucks. John Cochran got $36 million and Bruce Hammonds, $28.6 million.
    I raise this issue about excessive CEO compensation to point out that there are consumers in this country today who are being ripped off by credit card companies, who are paying up to 29 percent a year in interest rates. So when we hear our friends from the credit card companies or the banks telling us just in what kind of terrible financial need they are in, we might want to remember that number, and that the top four executives in that particular company in 2002 earned over $300 million collectively.
    Mr. Chairman, the last point that I want to make on credit cards is that it is absolutely imperative that this committee address the credit card bait and switch mechanisms that some of the credit card companies are bringing forth. As we all know, the credit card industry is hooking consumers into purchasing credit cards by bombarding them, this is one of the more astronomical numbers I have ever heard. In a given year, the credit card companies send out 5 billion solicitations, 5 billion solicitations, many of them going to young people all over this country. What they promise people is low interest rates, 0 percent, 3 percent, 5 percent. What they forget to tell you is that if you borrow money on another credit card, if you were late in paying your car loan 2 years ago, your credit card rates can soar. They are ripping off the American people, and this is an issue that we must address.
 Page 6       PREV PAGE       TOP OF DOC
    Mr. Chairman, I thank you again for calling this important hearing. I am going to be running in and out because of other commitments, but I will be back. I thank you for bringing these witnesses together.
    Chairman BACHUS. Thank you.
    I want to especially thank Mr. Sanders, along with Chairman Oxley and Ranking Member Frank for working very closely on the FCRA reauthorization. At this time, I recognize the chairman of the full committee, Mr. Oxley.
    Mr. OXLEY. Thank you, Mr. Chairman.
    I will be brief and make my opening statement part of the record, but I did want to commend you for this long march through the Fair Credit Reporting Act. By my count, some 75 witnesses have testified, just about anybody that has any opinion whatsoever on FCRA has had the opportunity in your subcommittee to air their views. You deserve a great deal of credit, if nothing else but for an iron-pants performance through these long weeks of hearings that will conclude today.
    We will have a voluminous record for the members to pore through and staff to pore through as we prepare to mark up legislation when we return after the Fourth of July recess. But your leadership has not gone unnoticed, and we appreciate the good bipartisan cooperation we have had on this issue. I think most of the members understand the critical importance of reauthorizing FCRA, what it has meant to our economy, that it has been one of the most successful pieces of legislation ever passed by any Congress. We want to make sure that this continues to be able to provide credit to people all over the country.
    So with that, Mr. Chairman, and with my sincere thanks, I yield back.
    Chairman BACHUS. I appreciate that, Mr. Chairman.
    At this time, Ms. Hooley or Mr. Hinojosa, do you have opening statements?
    Ms. HOOLEY. I do, Mr. Chair.
 Page 7       PREV PAGE       TOP OF DOC
    Chairman BACHUS. Okay. Ms. Hooley, you are recognized.
    Ms. HOOLEY. Thank you.
    Good morning. Although I have enjoyed our series of hearings on FCRA, I am excited that we are finally discussing in depth one of the core problems that has developed with our national credit system, the problem of identity theft. Identity theft is the fastest growing white collar crime in America, and legislation to correct and stem the rising tide must be enacted as soon as possible.
    As you may know, the Federal Trade Commission reported that the number of persons filing complaints of identity theft with the agency nearly doubled from 2001 to 2002. A 2003 survey I recently saw found that 92 percent of Americans think it is important that the government take action on the issue of identity theft. I have been fighting to enact common sense legislation to fight identity theft for 5 years. For the first time since this struggle began, I feel the momentum is unstoppable and that legislative action on this subject is no longer a question of if, but rather of when.
    We cannot and we must not ignore the fact that Americans throughout the country are begging us to act and to help them. They are begging for action sooner, rather than later. When this happens to a person, they feel violated. They are frustrated. They are angry. It takes way too long to get through the system, and many times they have a hard time just proving who they are and then it takes a longer time to get their credit report cleaned up.
    Myself and Mr. LaTourette from Ohio have introduced the Identity Theft and Financial Privacy Protection Act with nearly 50 cosponsors, many of whom are sitting in this room. If this bill is enacted, it will go a long ways toward fighting the rise of identity theft. It is not perfect. I know there are other proposals that should also be enacted, but I firmly believe that every provision of this bill will enhance our citizens's security and improve our credit process. I know that Mr. LaTourette shares my conviction.
 Page 8       PREV PAGE       TOP OF DOC
    As I said, I believe the time to act is now, during our discussion of FCRA. I believe the problem of identity theft is so severe that any extension of FCRA that I support must include significant measures to fight identity theft. It seems to me there is no option. We in Congress must act this year to protect both our consumers and financial institutions from the disastrous effects of identity theft. I want to thank each of the witnesses for giving up your time today to talk about identity theft and the broader issue of reauthorization of FCRA. I look forward to continued debate on the subject and to all your comments, and to my ranking member and to the chair, thank you so much for everything you have done on this issue. Thanks.
    Chairman BACHUS. Thank you.
    I want to recognize the lady from Oregon, Ms. Hooley. You and Mr. LaTourette have worked with other members of this panel on identifying identity theft issue and the need for the personal information of consumers to be more secure, and to take steps in this legislation going forward to make our ability to combat identity theft more effective.
    At this time, I will recognize the gentleman from Ohio, Mr. LaTourette.
    Mr. LATOURETTE. Thank you very much, Mr. Chairman.
    I want to thank you very much for having this hearing today, together with the Ranking Member. I want to bring to the subcommittee's attention an individual who is going to be testifying on the second panel today, and that is Maureen Mitchell, who hails from my hometown in Madison, Ohio. I have known Maureen and her family for a number of years. As a matter of fact, her son and my daughter traversed their way through the Madison public school system together. It came as a surprise to me when in 1999 she called and said, ''Steve, I need your help.'' It should be noted that Maureen is usually an unflappable registered nurse, a licensed realtor, and a wife and mother. It was clear to me that something serious was going on, causing her to come visit us in Painesville.
    What I did not know and could not have expected was the unbelievable saga that was about to unfold for Maureen and her family. She had discovered that she was a victim of identity theft. Her determined efforts to resolve the situation through repeated calls to her creditors, law enforcement, and the FTC, credit reporting agencies were only leading her further down a downward spiral of frustration and financial strife. In the years since her first visit to my office, Maureen has testified before a number of committees here in Washington and most recently in the Statehouse in Columbus, Ohio. One of the things that I found interesting was that in some instances of identity theft you say, well, you went online and you bought something using a credit card on a computer, you had your wallet stolen or your purse stolen, or maybe somebody broke into your mailbox, but none of those items were present in Maureen's and Ray's case.
 Page 9       PREV PAGE       TOP OF DOC
    The severity of Maureen's case is what inspired me, along with my good friend Darlene Hooley, in the 106th Congress to begin working on a bill. In this Congress, it is known as the Identity Theft and Financial Privacy Protection Act. Mr. Sanders will be pleased to know that one of the provisions in that bill is in fact the provision that every consumer receive a free credit report from the agencies, and his idea has been adopted as well.
    With reauthorization of the Fair Credit Reporting Act a likelihood later in this year, our committee is in a unique position to take the necessary steps to improve and continue the fight against identity theft, which is one of the fastest growing, most personally destructive and invasive crimes that can be committed against an individual. I would urge all of my colleagues to read Maureen's complete written testimony, as hers is a compelling case for this committee to act in a swift fashion. To give you some idea of the enormity of the extent that the Mitchell family has been victimized, all told it is well over $100,000. Their identities have been used to apply in a 2-hour period for $45,000 worth of personal loans at three different banks in Chicago, and they are the proud owners of two luxury sport utility vehicles, neither of which they ever purchased.
    Maureen, I want to thank you for being here today and I hope that one day you will have the opportunity to visit Washington without an invitation to testify on your identity theft ordeal. Hopefully this hearing and legislation will begin to help you and the thousands of other victims of this crime get your lives back on track.
    Again, Mr. Chairman, thank you for holding these hearings, and I very much look forward to hearing from our witnesses.
    Chairman BACHUS. Thank you, Mr. LaTourette. You have chaired some of the hearings in this regard, and I very much appreciate that.
    Let me read down through the list and see if any of the members have opening statements. This is in order of arrival. Ms. Kelly, do you have an opening statement? I also want to say that Ms. Kelly was the first member to hold hearings on information security in the House of Representatives, and we very much appreciate your early identification of the issue of identity theft.
 Page 10       PREV PAGE       TOP OF DOC
    Mrs. KELLY. Thank you, Mr. Chairman.
    I really appreciate the fact that you are holding this hearing on the role of the FCRA in preventing identity theft. Earlier this year, we chaired a joint hearing together on fighting identity fraud and improving information security. In that hearing, what we learned was that identity theft is among the fastest growing crimes in America. It is a top consumer complaint according to the FTC. More importantly, we discovered that combating identity theft requires the collaborative effort of law enforcement and regulatory agencies, as well as consumers and financial institutions. All four need to be involved if we are going to stop identity theft, and all of them have to have appropriate access to appropriate information.
    As this committee continues to explore the reauthorization of the FCRA, I would like to stress the impact that this law has had on our ability to combat identity theft and help the law enforcement officials in charge of tracking down illicit money get that job done. They do that job under the USA PATRIOT Act, this is one of the really positive things of the USA PATRIOT Act, and the FCRA has helped do that. The FCRA and information sharing that it has provided is essential to protecting the American people by detecting suspicious activity and weeding out the wrongdoers.
    The national uniform standards under the FCRA have also facilitated a financial institution's ability to utilize additional authentications and identity verifications to protect consumer security. The protections incorporated in the FCRA are critically important in enabling victims to correct the damage to their credit histories created by identity thieves.
    Over the last few weeks, we have heard testimony from many diverse panelists from lots of different witnesses endorsing the extension of the FCRA uniform standards. The Department of Treasury specifically highlighted the importance of the national credit reporting system in helping to detect identity theft, and in creating a framework for assisting its victims. I share these views and I think we have got to reauthorize the FCRA to protect Americans from really truly hideous and preventable crimes.
 Page 11       PREV PAGE       TOP OF DOC
    I thank all of the witnesses for appearing here today. I look forward to hearing what you have to say on strengthening our network to combat identity theft. But I am also pleased, and I am going to take a moment here to introduce one of the special witnesses from the great State of New York who will appear on the third panel. His name is Joshua Peirez. He is the Senior Vice President and Assistant General manager for MasterCard. Mr. Peirez is the counsel for MasterCard's North American region and he comes from my county, Westchester County in New York. It is great to have Mr. Peirez here. I look forward to his testimony and the testimony of all of the witnesses.
    I thank you and yield back my time.
    Chairman BACHUS. I appreciate that.
    At this time, the Chairman recognizes the gentleman from Texas, Mr. Hinojosa. Also, Mr. Hinojosa, I want to say that you and I will be holding hearings Thursday on expanding consumers's rights to obtain financial services in the low-and middle-income communities, and the need of the underserved for more financial services.
    Mr. HINOJOSA. Thank you, Mr. Chairman. I look forward to working with you on that hearing on Thursday.
    Today, I want to thank Chairman Bachus and Ranking Member Sanders for holding this final non-legislative hearing today to investigate the role of the Fair Credit Reporting Act in fighting identity theft. It is necessary that we continue to assess the importance of the national credit reporting system. I look forward to this hearing and to hearing additional testimony to further clarify this issue.
    As I noted at the first hearing, my office was contacted frequently by numerous individuals and groups about the Fair Credit Reporting Act in the first half of this year. I personally heard from industry, consumer groups and several regulators on the issue. Lately, I have not been contacted by industry groups nor consumer groups on what they would like included in the legislation that likely will be crafted and introduced in the near future. It is my hope that Treasury and the Administration will publish its long-awaited proposals on identity theft and the FCRA, perhaps as soon as this week.
 Page 12       PREV PAGE       TOP OF DOC
    Most of us realize that language has been available at the Treasury Department, but the White House has been taking its sweet time deciding what position to take on Treasury's proposal, while also watching closely the developments in the House and the hearings in the Senate. In 2001, more than 117,000 complaints from identity theft victims were added to FTC's database. In 2002, those complaints increased to almost 162,000. According to FTC Chairman Beales, the dramatic increase may reflect a growing awareness of consumers about identity theft.
    Consumers who call the FTC hotline receive telephone counseling from specially trained personnel who provide general information about identity theft and help guide victims through the steps needed to resolve the problems resulting from the misuse of their identities. Consumers are advised to contact the three national consumer reporting agencies and have a fraud alert place in their file, close accounts identity thieves have accessed, dispute unauthorized charges and report the theft to the police and get a police report.
    Identity theft occurs when a consumer's Social Security number, credit card number, or name is used without his or her knowledge to open fraudulent credit, telecommunications or utility accounts, or to use already existing accounts. It can also occur when an individual's name is used unknowingly to pass bad checks or to get loans, jobs or obtain housing. This crime potentially affects every consumer in all sectors of the financial services industry, including financial institutions, credit card companies, insurance companies, mortgage companies, and hospitals. The theft can be carried out over the telephone by computer hacking into an individual's confidential files or by stealing hard copies of a company's billing information. The victim of the theft usually does not realize the information has been stolen until sometime later. As a result, these crimes could be used to support terrorism, among other criminal activities.
    Today, I cosponsored H.R. 2035, the Identity Theft and Financial Privacy Protection Act of 2003, introduced by my friend, Congresswoman Hooley, the Chair of the Democratic Task Force on Identity Theft on which I serve. The Task Force investigated the exploding problem of identity theft, the fastest growing white collar crime in America, and other financial crimes. I decided to cosponsor Congresswoman Hooley's legislation because it contains strong provisions that will help fight identity theft. These provisions in this bill are extremely important to us in Texas, which ranks fifth in the number of identity theft complaints reported to the FTC.
 Page 13       PREV PAGE       TOP OF DOC
    I have said in the past that one of the main decisions we, as a Committee, needed to make is whether to extend all seven exceptions to the Fair Credit Reporting Act that preempt State law, just some of the exceptions or none of them. They all expire January 1, 2004. On June 11, 2003, I and several new Democrats cosigned a letter to Chairman Oxley and Ranking Member Frank looking towards their leadership to ensure that legislation extending the seven expiring provisions of the Fair Credit Reporting Act is passed by the House and Senate before their termination on January 1 of next year. I believe that these seven provisions enhance the efficiency of the nation's credit system, promote access to the financial industry, protect American consumers, and I am firmly committed to extending them.
    With that said, Mr. Chairman, I ask that the rest of my statement be included in today's record of the proceedings.
    [The prepared statement of Hon. Rubén Hinojosa can be found on page 76 in the appendix.]
    Chairman BACHUS. I thank the gentleman.
    I now recognize subcommittee Chairman Castle and commend him for his expertise in the matter of FCRA and your participation in these hearings.
    Mr. CASTLE. Thank you, Mr. Chairman.
    When they write the book about pieces of legislation not having sufficient hearings, anyone who protests that you did not have sufficient hearings, send them to me. We have had more hearings on this subject, more panels than anything that I remember since I have been in the Congress of the United States, and I came with you, on the Fair Credit Reporting Act. And they have been informative, and I believe it has served its purpose, Mr. Chairman. I think we have a consensus forming on both sides of the aisle, now both sides of the Capitol, that extending the preemption provisions in FCRA is essential to our economy.
    I am particularly interested in today's topic, the role FCRA plays in fighting identity theft because that is at the heart of people's concerns about their financial privacy. As we seek to pass legislation to extend FCRA's preemptions, we need to be careful that efforts to improve FCRA in the name of privacy do not have unintended consequences of undermining the ways FCRA currently prevents identity theft. I think today's hearing will establish the foundation we need to make sure the law of unintended consequences does not become an amendment to future legislation in the area.
 Page 14       PREV PAGE       TOP OF DOC
    I would like to mention way down on the third panel is an extraordinary Delawarean and American, Jim Kallstrom, who is now living in the State of Delaware. I think it is safe to say that when times get tough and the nation needs smart capable people to serve, Jim Kallstrom's name rises quickly to the top. In addition to his decades of service to our nation as a Marine Corps captain in Vietnam and an FBI Special Agent in Charge, Mr. Kallstrom rose to the occasion after 9-11, leaving MBNA, where he works in Delaware, to serve as the Director of public security for the State of New York. There he was responsible for counterterrorism planning and operations and served as the point of contact for the State with the then-White House Office of Homeland Security. Now Jim splits his time among advising the Governor of New York on counterterrorism, advising MBNA, and hosting the Discovery Channel weekly show, The FBI Files. So we thank him very much for being here today and look forward to his testimony, as well as the testimony of the others.
    Thank you, Mr. Chairman.
    Chairman BACHUS. Thank you.
    Mr. Lucas or Mr. Crowley, do you have opening statements?
    Mr. CROWLEY. Mr. Chairman, I do not have an opening statement. I just want to welcome someone later on as well in the second panel, Maureen Mitchell, who is nee Sullivan. She now lives in Ohio, but was originally from Woodside, Queens. Just for the record, I want to welcome her if I am not here later on.
    Thank you, Mr. Chairman.
    Chairman BACHUS. I thank the gentleman from New York.
    At this time, it is my pleasure to introduce the gentleman from Arizona, Mr. Shadegg, and to remind members of the committee that it was Mr. Shadegg that actually introduced the Identity Theft and Assumption Deterrence Act and was the main sponsor of that legislation. So I commend you for that, Mr. Shadegg, and we welcome your participation in this hearing and your early leadership.
 Page 15       PREV PAGE       TOP OF DOC
    Mr. SHADEGG. Thank you very much. Thank you, Chairman, Bachus, for allowing me to be a part of this Financial Institutions Subcommittee hearing on identity theft. I am pleased to be here to listen to the testimony that will be provided by our distinguished witnesses.
    I am particularly interested in hearing the testimony from our second panel, the victims of identity theft. I strongly believe that we will learn the most about appropriate legislative responses from those who have experienced this crime first-hand and are intimately familiar with the difficulties victims face in trying to clear their name and repair their credit after an identity theft crime has occurred.
    My personal interest in identity theft began about five years ago when two of my constituents, Bob and JoAnn Hartle of Phoenix, Arizona were the victims of identity theft. Unfortunately, Mr. and Mrs. Hartle could not be here with us today to tell their story. I am confident that we would have benefited from their experience and expertise as independent consultants to other consumer victims of identity theft. Mr. Chairman, I would like to request unanimous consent to submit for the record their written testimony.
    Chairman BACHUS. Without objection.
    Mr. SHADEGG. Bob and JoAnn Hartle were instrumental in getting the first State law in the nation to criminalize identity theft passed. Mr. and Mrs. Hartle suffered the devastation of identity theft when a convicted felon took Mr. Hartle's identity and made purchases totaling over $100,000. This individual also used Mr. Hartle's identity to obtain a security clearance to secure areas of Phoenix's Sky Harbor International Airport, and to purchase handguns using Mr. Hartle's clean record to get around the Brady gun law.
    As a result of this victimization, Mr. and Mrs. Hartle were forced to spend more than four years of their lives and more than $15,000 of their own money to restore their credit because there were no Federal penalties for identity theft. Their case led me to introduce a bill in the House that was eventually signed into law, the bill you referenced, Mr. Chairman, the Identity Theft and Assumptions Deterrent Act of 1998. It gave law enforcement agencies the authority to investigate and prosecute identity theft crimes. Mr. and Mrs. Hartle turned their experience into something positive by establishing a nonprofit organization to assist other victims of identity theft. Their Web site, Error! Bookmark not defined., is available to provide guidance to identity theft victims nationwide. Identity theft ranges from individual instances like the Hartles involving small or large dollar amounts, to large organized professional crime rings. TriWest Healthcare Alliance, a company located in my district, may have been the victim of a professional crime ring. On December 14, 2002, computer hard drives containing their clients's sensitive, personally identifiable information were stolen from TriWest Phoenix's office.
 Page 16       PREV PAGE       TOP OF DOC
    The nature of identity theft has changed and threat is more likely than ever to come from breaches of data security. According to the Federal Trade Commission, there is a shift by identity thieves from going after single individuals to going after mass amounts of information. Law enforcement experts now estimate that half of all cases come from the thefts of business databases as more and more information is stored in computer databases that are vulnerable to attack from hackers.
    The identity theft legislation that I introduced and was signed into law in 1998 was an important first step on the road to crack down on identity fraud crimes. However, Mr. Chairman, clearly more legislation is needed in this area to protect consumers from identity theft. I am currently working on my own draft and there have been many others discussed here today, some of which have already been introduced. I look forward to hearing the testimony from our witnesses and to working with you and the other leaders in the Congress on legislation in this area.
    I thank you and I yield back the balance of my time.
    Chairman BACHUS. Thank you.
    I would like to again thank the gentleman from Arizona for participating in our hearing. We felt like having the author of the first piece of Federal legislation to combat this problem would be appropriate, and we certainly appreciate your participation.
    Mr. SHADEGG. Thank you, Mr. Chairman.
    Chairman BACHUS. I think it is appropriate that with Mr. Shadegg's opening statement, I understand no other members of the subcommittee have opening statements. That being the case, I think it is appropriate for us to move to our first panel. I want to introduce them.
    Mr. Howard Beales, III. Mr. Beales is testifying for the third time in our series of hearings. He is the Director of the Bureau of Consumer Protection at the Federal Trade Commission. We always find your testimony enlightening, Mr. Beales, and we welcome you back.
 Page 17       PREV PAGE       TOP OF DOC
    Mr. Daniel Mihalko, Inspector in Charge of the United States Postal Inspection Service, we appreciate your assistance with the subcommittee in preparing for these hearings. Mr. Tim Caddigan, Special Agent in Charge, Criminal Investigation Division, the United States Secret Service, we welcome you, Mr. Caddigan. And last but not least, Ms. Mary Ann Viverette, who is the Chief of Police for the City of Gaithersburg, Maryland, which is a suburb of Washington, on behalf of the International Association of Chiefs of Police. We welcome you to this morning's hearing.
    Mr. Beales, if you would lead off with your testimony.
    Mr. BEALES. Thank you very much, Mr. Chairman and members of the subcommittee. It is a pleasure to be back in front of you again today.
    I am pleased to have this opportunity to discuss identity theft and its relationship to the Fair Credit Reporting Act. The views expressed in the written statement are those of the Commission, but my oral presentation and responses to questions are my own and do no necessarily represent the views of the Commission or any individual commissioner.
    Identity theft, as you noted, can be devastating to consumers's reputations, to their financial well-being and to their sense of security. At the FTC, we are fighting identity theft on many fronts. For example, in partnership with the Justice Department and all of the agencies that are represented at this table, the Postal Inspection Service, the Secret Service, and the International Association of Chiefs of Police, we are training local law enforcers on how to fight identity theft. Today, we are holding a training session in Westchester, New York.
    We at the FTC are also providing law enforcers with case referrals from our identity theft data clearinghouse. We are also working to keep consumers' financial data safe through our new safeguards rule, which took effect at the end of May, and our enforcement actions against companies that fail to keep their security promises to consumers. Just last week, we announced a settlement with online retailer Guess.com for failing to protect customer data as promised. We also released a tip sheet for businesses on the steps they should take to assure the security of their online systems.
 Page 18       PREV PAGE       TOP OF DOC
    Through workshops, educational campaigns and our ID theft hotline, we are counseling consumers and businesses on how to prevent identity theft. We are also providing consumers with tools such as our uniform identity fraud affidavit to help them recovery more quickly and easily from identity theft.
    Today, you have asked for testimony about identity theft in the Fair Credit Reporting Act. In addition to harming consumers, identity theft threatens the fair and efficient functioning of consumer credit markets. It undermines the accuracy and credibility of the information flows that support those markets. Credit bureaus are simultaneously a target for identity thieves and a valuable resource for combating identity theft. The credit reporting system can play an important role in helping to detect identity theft, in limiting the damage from identity theft, and in helping victims to clean up the mess that thieves leave behind.
    The Fair Credit Reporting Act helps consumers detect identity theft by providing consumers access to credit reports when they need them most. A credit report digests in one timely document all accounts opened in the consumer's name, and it is the best way to discover those accounts that may have been opened by an impostor. Under the FCRA, consumers who believe they may have fraudulent information in their files are entitled to a free credit report.
    Moreover, the FCRA requires that consumers who are denied credit based on information in a credit report be notified of the adverse action and given the opportunity to obtain a free copy of the credit report. This adverse action notice can alert consumers that they may have bad marks on their credit record that they do not know about. The free credit report helps them to pinpoint the fraudulent or erroneous accounts. Adverse action notices provide consumers with a critical safeguard and we are vigorously enforcing the FCRA's adverse action provisions.
    In addition to helping victims detect identity theft, the credit reporting system helps limit the damage that identity thieves can cause by allowing for the placement of a security alert in a victim's credit file. Currently, the three major credit bureaus include a standardized format security alert in the credit reports of identity theft victims. This alert puts potential creditors on notice that they should proceed with caution when granting credit in the victim's name.
 Page 19       PREV PAGE       TOP OF DOC
    Finally, the credit reporting system can help identity theft victims clean up the bad credit marks caused by a thief. A common problem of victims is that they find it difficult to get credit, insurance or employment in the wake of an identity theft incident because the impostor has damaged their credit history. The big three credit bureaus now allow victims to block fraudulent information on their credit report with a valid police report of the identity theft incident.
    We are working with the credit bureaus to develop other victim assistance programs. For example, this spring the credit bureaus implemented their joint fraud alert initiative whereby victims only need to call one credit bureau to get a security alert and a free credit report from all three. These and other kinds of steps can help to reduce the costs and the consequences for identity theft victims, but there is clearly more to be done.
    I thank you for the opportunity to appear today. I look forward to responding to your questions.
    [The prepared statement of J. Howard Beales III can be found on page 87 in the appendix.]
    Chairman BACHUS. I appreciate that.
    Mr. Mihalko?
    Mr. MIHALKO. Thank you, Mr. Chairman. Good morning, members of the subcommittee. On behalf of the Postal Inspection Service, I would like to thank you for holding this hearing and giving me the opportunity to discuss identity crimes and the significant role the Postal Inspectors play in combating it.
    To put things in perspective, I would like to start by talking about three things: the mail, the Postal Service and identity crimes. The Postal Service delivers about 200 billion pieces of mail each year. In this country, there is an expectation that each one of those pieces is going to get delivered not only in a timely manner, but it is not going to be tampered with, no one is going to take anything out of it, no one is going to read the correspondence. The responsibility for safeguarding those 200 billion pieces of mail rests with the Postal Inspection Service.
 Page 20       PREV PAGE       TOP OF DOC
    As Federal law enforcement officers, we ensure the confidence in the mail by enforcing over 200 Federal statutes that deal with the mail. Primary among those are the theft or possession of mail and the oldest and the still most effective consumer protection law, the mail fraud statute. Last year, Postal Inspectors made over 11,000 arrests, 6,000 of those were for mail theft. Of those 6,000, 2,000 were for identity theft crimes. In fiscal year 2003, we have already surpassed that number of identity theft arrests.
    I think this morning we have already heard some good explanations and definitions of what identity theft is and the way it occurs. Over the years, Postal Inspectors have developed an expertise in working these types of cases, particularly when they involve the use of the mail. Those that involve the use of the mail receive swift action by Postal Inspectors. We work hard to ensure consumers are being protected. In addition, we work closely with the mailing and the financial industry to develop guidelines on how best to design mailing pieces to prevent theft. This partnership illustrates how the industry as a whole is serious about the issue. Mail is very important to consumers who receive it, and it is very important to the businesses that send it.
    I am sure all of you have received preapproved credit applications in the mail. Those mailings were prime targets for an identity thief because they simply required a signature and the return of the form back to the company. When stolen from the mail, the thief could redirect the response to the application to a different address and have the credit card sent there. But times have changed due to our efforts and industry awareness. For example, credit card companies have adopted our security recommendations and now automatically discard applications when they are returned with a change of address, making them less attractive to the identity thief. Also, industry has changed its practices. Credit offers now contain much less information.
    Fraudulent changes of address sent through the post office used to be another favorite vehicle for identity thieves, but not anymore. The proactive effort by the Postal Service to prevent false changes of address is the move validation letter. When a change of address is filed now, the Postal Service sends a letter to both the old and the new address. The letter instructs the individual to call an 800 number if they have not filed the change of address. This simple measure has virtually eliminated the placing of false change of addresses with the Postal Service as an avenue for committing identity theft.
 Page 21       PREV PAGE       TOP OF DOC
    As we have made it more difficult for mail theft to be a component of identity theft, the crime has evolved to the Internet and other electronic means. Personal information contained in corporate and government records and computer databases is a fertile area for dishonest employees working in conjunction with identity thieves. Businesses understand the need to protect their personal data. Improved data security should be a goal of all businesses. We can measure arrests and the effectiveness of law enforcement efforts, but it is hard to measure the full impact on victims, and it can be devastating. I am sure you are going to be hearing about that in your second panel when the victims testify. A couple of interesting points, most victims do not learn about the theft of their identity until 14 months after it has occurred. It generally takes about 44 months to clear up their cases, and victims report that they spend on average 175 hours actively trying to restore their credit rating and to clear their good name. Victims run the gamut of society. They are wealthy; they are poor; they are old; they are young. No one is immune and everyone is a potential victim.
    Our experience has shown that enforcement laws coupled with an aggressive education campaign, the cooperation of industry and the interagency enforcement efforts are invaluable tools in the fight against identity crimes. In addition to modifying industry practices and making financial mailings less attractive to a thief, our partnerships have resulted in a number of fraud prevention guides. The first one is Identity Theft, Safeguard Your Personal Information. This is a Postal Inspection Service publication we first put out in the late 1990s. As of this point, we have printed and distributed over 2 million of these guides to businesses and consumers.
    Second is a video called Identity Theft, The Game of the Name. This is a video that is put out for law enforcement, for consumer groups, and for corporate personnel. It talks about the dangers of identity theft and some prevention tips. Another guide that we put together is Detecting and Preventing Account Takeover Fraud, a publication which goes towards credit grantors with information for preventing takeover schemes. Later this year, the joint law enforcement-financial industry task force called the Financial Industry Mail Security Initiative will issue a book on best practices developed over the years.
 Page 22       PREV PAGE       TOP OF DOC
    As Congresswoman Kelly said, aggressive law enforcement efforts are not enough. They are a key component of our mission, but arrests are not the only solution. We have found that creating awareness and prevention programs for consumers can go a long way to lessen the impact this crime has on the public. In addition to the two brochures and the videos mentioned, we partnered with Showtime network in 2000 to produce a Showtime movie on television about identity theft based on cases of Postal Inspectors. This past year during national consumer protection week, Postal Inspectors partnered with the Postal Service's consumer advocate in a nationwide awareness campaign on identity theft. This September, the Postal Inspection Service, along with our partners the FTC and the Postal Service, will be unveiling yet another nationwide campaign. This one is also on identity theft.
    This year, we are going to take a two-pronged approach. We are going to be providing information to consumers as we have in the past, but we are also going to be addressing businesses on the need to safeguard their files and databases of customers' information. Actor Jerry Orbach of television's Law and Order fame, who also was a victim of identity theft, has agreed to be the campaign spokesperson. The campaign will include a mailing to residences in 10 States identified by the FTC as reporting the most identity theft complaints, a public service announcement featuring Jerry Orbach, and an identity theft insert outlining prevention tips that will be included with monthly financial industry statements. We will be displaying in lobbies in all 38,000 post offices, which is going to make people aware of identity theft and some of the prevention tips. We are also going to produce another informational video and we are going to place half-page newspaper ads in the major newspapers in the 10 States that the FTC identified as having the most complaints.
    The Mullen agency of Pittsburgh has provided support for this campaign on a pro bono basis, but what really makes this campaign unique is the funding source. We have all heard the saying, ''crime does not pay.'' Well, in the case of this awareness case, it does pay. This campaign is being funded through a unique application of fines and forfeitures paid by criminals in a past fraud case.
 Page 23       PREV PAGE       TOP OF DOC
    Educating the public and working to reduce opportunities where the Postal Service and the mail can be used for illegal purposes are crucial elements in our fight against identity crimes. As always, we will do our part to remove criminals from society. We appreciate the subcommittee's recognition of the importance of this issue.
    Thank you, Mr. Chairman.
    [The prepared statement of Daniel L. Mihalko can be found on page 165 in the appendix.]
    Chairman BACHUS. Thank you.
    Special Agent Caddigan?
    Mr. CADDIGAN. Mr. Chairman, Mr. Sanders, thank you for inviting me to be part of this hearing today and the opportunity to address the committee regarding the Secret Service's efforts to combat identity crime and protect our nation's financial infrastructure.
    The explosive growth of identity theft-related crimes has resulted in the evolution of the Secret Service into an agency that is recognized worldwide for its expertise in the investigation of all types of financial crimes. Our efforts to detect, investigate and prevent financial crimes are aggressive, innovative and comprehensive. The burgeoning use of the Internet and advanced technology, coupled with increased investment and expansion, has intensified competition within the financial sector. Although this provides benefits to the consumer through readily available credit and consumer-oriented financial services, it also creates a target-rich environment for today's sophisticated criminals, many of whom are organized and operate across international borders.
 Page 24       PREV PAGE       TOP OF DOC
    Identity crime is not targeted at any particular demographic. Instead, it affects all types of Americans regardless of age, gender, nationality or race. What victims do have in common is the difficult, time-consuming and potentially expensive task of repairing the damage that has been done to their credit, their savings and their reputation. According to the GAO, the average victim spends over 175 hours attempting to repair the damage inflicted by identity crime.
    Identity crimes originate when another person obtains your personal or financial identifiers. Methods of acquiring such information range from the so-called ''dumpster diving'' where the criminal searches through your garbage for billing statements or other documents that may include personal identifiers, to insiders who purge information from their own company's database and place it for sale on the Internet.
    Since our inception in 1865, the twin pillars of the Secret Service have been prevention and partnership building. A central component of the Secret Service's preventive effort has been to increase awareness of issues related to identity crime, both in the law enforcement community and among the general public. The Secret Service has undertaken a number of unique initiatives aimed at increasing awareness and providing the training necessary to combat identity crime and assist victims in rectifying damage done to their credit. This includes the development of a number of training tools designated to assist our local law enforcement partners.
    Mr. Chairman, I cannot emphasize enough the importance of sharing expertise with our local and state police partners, and empowering them with the ability to respond on the local level to identity crimes. In a nation of thousands and thousands of communities and a population exceeding 270 million, providing the first responder, in this case a local police officer, with the training and information they need to investigate an identity crime and provide victim assistance, is imperative.
    We believe the Secret Service can best service the American people by acting as a force multiplier. In other words, directing our efforts towards providing the 700,000-plus local and State law enforcement officers with the tools and resources they need to provide assistance in their communities. In partnership with the International Association of Chiefs of Police, the Secret Service produced the best practice guide for seizing electronic evidence. This pocket-sized guide instructs law enforcement officers in the seizure of evidence, from personal computers, wireless telephones, to digital cameras. We have also worked with this group and our private sector partners to produce the interactive computer-based training program known as Forward Edge, which incorporates virtual reality features and technical support to instruct local law enforcement officers on how to address an electronic crime scene.
 Page 25       PREV PAGE       TOP OF DOC
    Thus far, we have distributed free of charge over 300,000 best practice guides and over 20,000 Forward Edge CDs to State, local and Federal law enforcement officers. In addition, we are nearing completion of an identity crime video and CD-ROM which will contain over 50 investigative and victim assistance resources that law enforcement officers can use when combating identity crime. In the coming weeks, we will be sending an identity crime CD-ROM to every law enforcement agency in the United States. Over 25,000 identity crime CD-ROMs are being prepared for distribution.
    In short, any police department in the country, regardless of size or resources, now has access to state-of-the-art training as well as multiple investigative and victim assistance resources to help them combat identity crime. In a joint effort with the Postal Inspectors, the FTC, the Department of Justice and the International Association of Chiefs of Police, we are hosting identity crime training seminars for local law enforcement. In the last year, we have held such training seminars in Chicago, Dallas, Las Vegas, Des Moines, Washington, D.C., and Phoenix, and seminars are planned in the near future for Washington State and Texas. One, as previously reported, is ongoing in New York State as we speak.
    For law enforcement to properly prevent and combat identity crimes, steps must be taken to ensure that State, local and Federal agencies are addressing victims' concerns in addition to actively investigating identity crime. It is essential that law enforcement recognize that identity crimes must be combated on all fronts, from the officer who receives the victims's complaints to the detective or agent investigating an organized identity crime ring. The Secret Service is prepared to assist this committee in protecting and assisting the people of the United States with respect to prevention, identification and prosecution of identity criminals.
    Mr. Chairman, that concludes my prepared remarks. I am happy to answer any questions your or the committee members may have.
    [The prepared statement of Tim Caddigan can be found on page 100 in the appendix.]
 Page 26       PREV PAGE       TOP OF DOC
    Chairman BACHUS. Thank you, Agent Caddigan.
    At this time, we will hear from Chief of Police Viverette.
    Ms. VIVERETTE. Good morning. I am pleased to be here this morning on behalf of the International Association of Chiefs of Police.
    As I appear before you today, the issue of identity theft is one of great and growing concern to the law enforcement community. In a relatively short period of time, identity theft has transformed from a relatively unnoticed crime to a major problem in the United States and around the world. In the last few years, personal information has become one of the commodities most sought after by criminals in this country and elsewhere.
    Although identity theft is in itself a criminal act under both Federal and most State laws, the theft is almost always a stepping stone to the commission of other crimes such as credit card, bank, computer and Internet fraud, designed to enable the perpetrator to profit from the original theft. Furthermore, funds obtained illegally as a result of the identity theft and its resultant frauds may be used to finance other types of criminal enterprises, including drug trafficking and other major forms of criminal activity. As the use of technology to store and transmit information increases, so too will identity theft.
    The ability to accurately define the financial losses of the vast number of crimes committed by means of identity theft is not possible at this time. Many identity theft crimes are not reported to the police and there is no single source of information on this issue. It is fair to say, however, that the cumulative financial losses from identity theft and various crimes that feed from it are staggering. However, perhaps even more tragic than the monetary loss, is the personal cost of identity theft. Because identity theft by definition involves the fraudulent obtaining of funds in the name of someone else, the victim of identity theft may sustain not only great financial loss, but also severe damage to credit standing, personal reputation and other vital aspects of the victim's personal life. Even if the victim ultimately clears his or her credit records and avoids other personal and financial consequences of identity theft, the physical and mental toll on the victim can be significant.
 Page 27       PREV PAGE       TOP OF DOC
    Identity theft is not perpetrated only by so-called ''white collar'' thieves. It is committed by criminals of all types. A recent report indicated that during the period of November 1999 to March 2001, about 12 percent of all suspected perpetrators had a personal relationship of some sort with the victim. However, the remaining 88 percent of suspects had no relation to the victim of the theft. In most cases, the thieves are geographically located far from the victim's place of work or residence. These perpetrators may be solo operators, but more often are members of a larger criminal organization. Such organizations may be local, regional, national or international.
    In early years, the involvement of local police departments in identity theft cases was typically minimal. In fact, many local police departments did not know how to respond because the crime was not well understood. This was caused by several factors, including the lack of State laws making identity theft a crime, the fact that most identity theft operations are multi-jurisdictional enterprises with perpetrator and victims usually widely geographically separated, and the general lack of police expertise in investigating the crime of identity theft.
    Fortunately, the situation is now rapidly being remedied. The passage of numerous Federal and State statutes has given law enforcement agencies the authority to investigate and prosecute identity theft crimes and departments everywhere are becoming more aware of the significance of identity theft and the availability of a means to combat it. Effectively combating identity theft will require not only the dedication of significant resources and personnel, but also greater collaboration and cooperation between Federal, State, tribal and local law enforcement agencies. This information-sharing among agencies is essential as it may not only lead to successful prosecution of the case in one jurisdiction, but concurrent investigations in other areas of the country. I am pleased to say that in recent years law enforcement agencies have made significant strides in this area, and are increasing our capability to investigate, track, apprehend and prosecute these criminals.
 Page 28       PREV PAGE       TOP OF DOC
    Nevertheless, the law enforcement community cannot effectively combat identity theft by itself. Citizens need to take proactive steps to protect their personal information. Businesses must act to establish safeguards that will ensure that the personal information of their patrons is not exposed. Policymakers at all levels of government need to review current statutes to ensure that protection of personal information is a priority and develop legislation that will strengthen the penalties for identity theft. Only by acting to establish greater protections of personal information and by aggressively tracking down and punishing those who commit identity theft can we hope to turn the tide in this battle.
    Thank you, Mr. Chairman.
    [The prepared statement of Mary Ann Viverette can be found on page 202 in the appendix.]
    Chairman BACHUS. I appreciate the testimony of the panel.
    At this time, I recognize the members for questions. The gentleman from Pennsylvania, Mr. Toomey?
    Mr. TOOMEY. Thank you very much, Mr. Chairman.
    I appreciate the testimony we have just heard. It is focused largely on enforcement of existing laws, which is obviously a very important part of this. But I was hoping that several of you might comment on whether better law enforcement, better training, more resources, more education, is that really likely, in your judgments, to reverse this really shocking trend that we have had, this big acceleration, this upward spike in the frequency of identity theft? Is better enforcement of existing law going to be sufficient to reverse this trend, in your minds, or do we need something above and beyond, in addition, or separate and apart from that?
    Mr. Beales, perhaps you would like to begin?
    Mr. BEALES. I think we need to address the problem on many fronts. I think enforcement is a key part of any attempt to solve it. I think better penalties would be something that would certainly help and would enhance the enforcement effort. I think there are probably also things that can be done to help with prevention of the crime in the first place and to help victims recover more easily. We at a staff level are hard at work on a package of recommendations that we would bring forward to the commission and then to the Congress, but at this point we do not have any other recommendations.
 Page 29       PREV PAGE       TOP OF DOC
    Mr. TOOMEY. Anyone else care to comment?
    Mr. MIHALKO. Yes, I would like to comment.
    Resources are always an issue. We in law enforcement never have enough to go around. We do have plenty of good statutes, though, at least in the Postal Inspection Service. We have statutes that cover identity theft on both ends. If there is a theft of mail, we have excellent Federal statutes to deal with theft or possession of stolen mail. If the mail is not part of the initial scheme, but is then used to either mail a phony credit card or a counterfeit credit card, whatever it may be, we have an excellent statute there with the mail fraud statute.
    I think what we need, and what I hear from a lot of my inspectors out in the field, is that we need more resources for prosecutors. There seems to be a shortage of Federal prosecution of the identity theft-type cases. But like Mr. Beales said, we also agree that prevention and educating the consumer is a key component of fighting this crime. We just can't seem to get enough education out to people.
    Mr. TOOMEY. I would like to follow up on the prevention idea, because it seems to me there are different orders of magnitude of identity theft. Someone can grab a credit card carbon out of a wastebasket and identify my credit card number and perhaps run up some charges. That is a terrible thing, obviously. It is a serious crime, but it is something that I am likely to discover relatively quickly and I am likely to be able to avoid actually incurring the expense. The more serious types of crimes, of course, are those when someone establishes an identity, steals my identity, establishes accounts, obtains credit through this new bogus identity, and then might run up huge credit obligations, which I discover much, much later, which are a huge problem now.
    Are we doing enough to prevent that from happening? Are there more things that ought to be done by the private sector to prevent those kinds of abuses? I see, Officer, you are nodding your head. Do you have a response to that?
 Page 30       PREV PAGE       TOP OF DOC
    Mr. CADDIGAN. I think we have seen in recent years the private sector and law enforcement come together on this issue. That has been tremendously beneficial to the consumer. I see the credit card companies, they not only share information among themselves, but with law enforcement. I see all law enforcement, State, local and Federal, coming together and sharing resources. State prosecutors are working with Federal prosecutors. It is not a crime that is going to be completely eliminated overnight, but from our perspective we do see growth in cooperation on all fronts, as Mr. Beales has said, that we have prevention, we have education, we have awareness.
    One of the areas that we are most concerned about is information security with regard to end-users and consumers. That is something that is taking a higher priority because when we do have, for example, a hacking situation, customer databases are stolen in bulk, that has a tremendous impact on the identity crime arena. When we can deal with end-users on how to safeguard their systems and safeguard their data files, that is going to be a huge impact. Those relationships are being built as we speak. Those conversations are being had at all levels with regard to security, information sharing and safeguarding information sharing. So I think from our perspective, that multi-front process is effective and it does handle not only the simple carbon theft, but it also deals in the international Internet theft or hacking case involving a large magnitude of identity crimes.
    Mr. TOOMEY. Does anybody else have a comment?
    Ms. VIVERETTE. Yes, sir. Local law enforcement is really overwhelmed with investigating these, so I agree that prevention is part of the way to solve this. There are several recommendations by the investigators that look into these cases every day. One of those is the availability of instant credit tends to be a problem. They recommend requiring thumbprints or digital photos with any credit application.
    Mr. TOOMEY. So some kind of system for authenticating the applicant?
 Page 31       PREV PAGE       TOP OF DOC
    Ms. VIVERETTE. Yes, sir. And the addition of possibly a PIN number along with the credit card to additionally verify the user as the proper person.
    Mr. TOOMEY. Thank you very much.
    Thank you, Mr. Chairman.
    Chairman BACHUS. I thank the gentleman from Pennsylvania.
    At this time, the Ranking Member, Mr. Sanders, is recognized.
    Mr. SANDERS. Thank you, Mr. Chairman. A question for Mr. Beales, to begin with. Mr. Beales, in your oral statement, you mentioned that when consumers discover that they are victims of identity theft, they may receive a free copy of their credit report. In your judgment, wouldn't it be a good idea if all consumers were to get a free copy of their credit report to catch identity thieves quicker and correct errors in a prompt manner? In other words, if people were able to gain access to their reports, they would see aberrations and dishonest dealings. Does that make sense to you?
    Mr. BEALES. The Commission has not taken a position on that. I think that there is no question that access to the credit report would help. I think under the existing statute, consumers have access to a free credit report when they are most likely to need it, which is when they think there is fraudulent information or when they find out that there is a problem.
    Mr. SANDERS. I understand that. In general, given the significant increase in this horrendous type of crime, if people receive the reports, they would be able to spot the problem a lot quicker than is currently the case right now. I think one of the problems that we are hearing is that people do not know that they are being ripped off for, in some cases, a relatively long period of time. Don't you think this would expedite the process?
    Mr. BEALES. I think it certainly could.
    Mr. SANDERS. Okay. Thank you.
 Page 32       PREV PAGE       TOP OF DOC
    Mr. Caddigan, do you have thoughts on that?
    Mr. CADDIGAN. I would agree that anything that would make the consumer more aware of his current situation is a preventive tool.
    Mr. SANDERS. Okay. Thanks.
    Let me ask Chief Viverette a question. You may not want to answer it. It may be too political, but that is okay. One of the debates, the key debate that is going on here has to do with Federal preemption. Some of us believe that we should have very strong standards for identity theft and other consumer problems in general at the Federal level, but we should allow States to go forward in a more aggressive way if they want to. In fact, Maryland, as I understand it, is one of six States in the country right now which does require free credit reports. Is that correct?
    Ms. VIVERETTE. I believe it is, yes, sir.
    Mr. SANDERS. Okay. Now, I am not suggesting that Congress would take away Maryland's right to do that. I doubt that they would. But give us your thoughts about a State that has been proactive in trying to protect consumers, should States in your judgment continue to have that right?
    Ms. VIVERETTE. The decision of the International Association of Chiefs of Police is normally to keep the rights at the State level. Yes, sir.
    Mr. SANDERS. Okay. Thank you.
    Mr. Chairman, what you heard is from attorneys general from all over this country who believe that they should have the right to be aggressive in protecting consumers, and you are hearing from police officers as well, who want strong consumer protection. I would note the point that the chief made a few moments ago, which is a very important point. I am sure it is all over this country that local law enforcement is being overwhelmed. When somebody calls you up, that takes a heck of a lot of resources to address that problem. Is that correct, Chief?
 Page 33       PREV PAGE       TOP OF DOC
    Ms. VIVERETTE. Yes, sir.
    Mr. SANDERS. All right. So I would suggest, Mr. Chairman, that we want to be as aggressive as we can. One way that we are aggressive is allowing States to go further than the Federal government.
    Thank you, Mr. Chairman, and I thank the panelists.
    Chairman BACHUS. Thank you, Mr. Sanders.
    Ms. Kelly?
    Mrs. KELLY. Thank you, Mr. Chairman.
    Mr. Beales, you said that there can be some things done to help with prevention. Would you mind just expanding on that a little bit? You made the remark and then went on with something else.
    Mr. BEALES. We are working on trying to develop and to analyze legislative ideas that we would recommend to the commission and then the commission would offer its advice if that was appropriate to you all. I think the one active prevention program that I think really should be seen as a prevention program that we are very much involved in now and should be continued is efforts to protect information security. Increasingly we see that as the source of the information that turns up in identity theft cases, and we see, frankly, very many businesses that have not taken basic precautions to protect the security of their information.
    We have brought cases in some of those instances, our guest case, that I mentioned, which involved the failure to close a well-known vulnerability in a system. And we have developed a business education pamphlet to encourage businesses to look for those kinds of known vulnerabilities and to fix them. I think that is an important preventive effort and I think there is more that can be done in that area in particular.
    Mrs. KELLY. One of the reasons that I am concerned about this is that we heard testimony just now about educating the consumer, but any more the way that identity theft can happen, there isn't any act that the consumer does necessarily. It is not about just making sure you tear up your credit card slips when you throw them out. Your identity can be stolen without your knowledge by your not doing anything at all different than you have ordinarily done. That is really tough to educate about. People, I think, are very vulnerable and you can educate them to do certain things, but there are limits to what we can do to educate people to protect themselves.
 Page 34       PREV PAGE       TOP OF DOC
    I am wanting to know what kind of things we are doing with regard to identity theft and terrorism, the movement of terrorism money. We know that that has occurred. I really would like to ask Mr. Caddigan, could you talk to me a little bit about what the Secret Service is doing to put a check on identity theft or identity use in transferring terrorism's money?
    Mr. CADDIGAN. When we talk terrorism, the FBI has always taken the lead in the terrorism investigations. That includes the financial investigations. We are an active participant in their initiatives through their JTTFs across the country. So what we try to do is to bring our expertise to bear in the financial sector and apply them to ongoing initiatives that we have in tracking terrorism in our country. That may apply to passport fraud or counterfeit documents, to credit cards that were used to fund individuals that are staying here. It does run the gamut with regard to our own agency's initiatives. We do that under the umbrella of a joint initiative led by the FBI.
    Mrs. KELLY. Maybe you and I can explore that in a little less public venue, but I am very interested in what you are doing. This takes me to another level, and that is with anything that we do with regard to protecting people's identity and anything that you do with regard to helping share information so that people can have identity protections, that sharing of information steps into another field, and that is the privacy issue. I wonder if anyone on this panel would be willing to address the problems we are going to experience as we get deeper and deeper into the protections with regard to privacy.
    Mr. Beales?
    Mr. BEALES. I think that one of the great successes of the Fair Credit Reporting Act is the way in which it balances those concerns, the tremendous benefits of information sharing in detecting and preventing and mitigating the consequences of bad credit and of identity theft, and at the same time protecting privacy. It does that by restricting uses to people who have a permissible purpose and by trying to assure that the information is accurate and that the consumer has a way to try to correct it if it is not. But I think privacy is an important component of it and is really sort of a key goal of the Fair Credit Reporting Act.
 Page 35       PREV PAGE       TOP OF DOC
    Mrs. KELLY. Anyone else want to pick up on that? Thank you very much. My time is up.
    Thanks, Mr. Chairman.
    Chairman BACHUS. Thank you.
    Mr. Hinojosa?
    Mr. HINOJOSA. Thank you, Mr. Chairman.
    I want to ask a question of Mr. Beales. Did you answer the question about or the idea that was given by Mr. Sanders, providing consumers with a free credit report annually or biannually at their request?
    Mr. BEALES. The Commission has not taken a position on that. I think that the consumers have credit reports at the time they are most likely to need it, at the time it is most beneficial, which is when they think there is fraud or when there has been an adverse action. But I think there is no doubt that more availability of credit reports would help in combating the problem.
    Mr. HINOJOSA. I disagree that you would wait until you are applying for credit to buy a car a house or whatever, because all the testimony says that most consumers do not find out until about 14 months after the occurrence of that identity theft. So it seems to me that we are going to have to address that question and see what the costs would be and if it is feasible.
    I would like to ask Mr. Caddigan the question that I had on trying to give training to our officers out in the field. It seems to me it is time-consuming, but very important. The question is, do you know if the FBI or Secret Service agencies, are able to reach large numbers of officers in States like Texas and California?
    Mr. CADDIGAN. A program that is ongoing right now in the State of New York is a collaboration with all four partners at the table here today. We are able to reach across all law enforcement, to include the financial institutions, anybody that would have a need to provide assistance in the area of identity theft, whether it is criminal or victim assistance. The event today has several hundred officers there representing dozens and dozens of departments in New York. We think that by being able to provide a Federal, State and local perspective to the problem and solutions. We are not there just to identify a problem. We are there to provide you with skill sets in providing real solutions to your community or your constituency on how to deal with this epidemic.
 Page 36       PREV PAGE       TOP OF DOC
    So when we can reach out to a victim and make them aware of what they need to do to safeguard themselves, not only from crime that has already occurred, but for future crime that potentially could occur, we feel that that force multiplier in the law enforcement community has a ripple effect that is a substantial benefit in this initiative.
    Mr. HINOJOSA. I understand what you said, Mr. Caddigan. Possibly my question, then, should go to Chief Viverette. What I heard Caddigan say is that they were training the trainers, 100 of them in New York. I am talking about reaching much larger numbers. Could it be done through, say, video conferencing? Could it be done through distance learning like the universities are doing now where you could have multiple sites listening to the presentation? If that is so, if it is possible, how do chiefs of police give release time to large numbers of officers so that they can be trained?
    Ms. VIVERETTE. Sir, the CD-ROM that the Secret Service has put together is an excellent resource for local law enforcement. Most of us have training commissions at the State level that can require training. The CD-ROMs are perfect for roll-call training at the beginning of a shift. And generally what we are doing is making the patrol officer aware of what is out there, their resources. They will never have the time to do the follow-up. So we are training investigators at a higher level and the patrol officer is provided the resources to know where to go to follow up on their report.
    Mr. HINOJOSA. I am concerned that the numbers of identity theft complaints are increasing rapidly, which means that there is insufficient dissemination of information and education to the public and those that help us. The chiefs of police and their officers are evidently not getting enough training or resources to get it done.
    So the last question that I would have, Mr. Chairman, is to Howard Beales. Do you support Mrs. Hooley's legislation on identity theft?
    Mr. BEALES. The Commission has not taken a position on that legislation. I think there are a number of features in that legislation that are attractive, but the Commission has not at this point taken a position.
 Page 37       PREV PAGE       TOP OF DOC
    Mr. HINOJOSA. We are going to go into a debate on that proposal. I hope that all four agencies would take a good close look because we really need to stop this increase that is occurring and being reported, and it is going to be very important that we get the help of all four agencies.
    With that, Mr. Chairman, I yield back the rest of my time.
    Chairman BACHUS. Thank you.
    The gentleman from Texas, Mr. Hensarling?
    Mr. HENSARLING. Thank you, Mr. Chairman.
    I think one thing we can all agree on is that identity theft is a very serious and pervasive crime in the U.S. I myself at an earlier hearing announced that I had been victimized by identity theft prior to coming to Congress, when I was a small businessman and a former employee managed to open up a credit card in the name of my small business. When I discovered it, there was about a $22,000 tab on the credit card that had not been paid. Fortunately for me, with one telephone call and one letter, I was able to take care of the matter, so I can attest, at least in my case, occasionally the system does work.
    The question really for us today, though, as we look at the title of this hearing, is fighting identity theft, the role of FCRA. So really to cut to the chase, I am interested in the opinion of the panelists, is FCRA friend or foe? Besides the good that comes from FCRA, and we have heard some very persuasive testimony about how we in America enjoy the greatest availability of credit, the lowest-cost credit in the world, and that FCRA plays a very significant role in that. But the question today is, when it comes to identity theft, are we better off having a paradigm that gets us closer to a national standard of credit reporting with a central database, or are we better off with more of an individualized state patchwork system, just with the narrow question of combating identity theft?
    Mr. Beales, if we could start with you and receive your opinion on the matter.
 Page 38       PREV PAGE       TOP OF DOC
    Mr. BEALES. I think the uniform system and the safeguards of the Fair Credit Reporting Act do help to reduce the risk that credit bureaus and credit data are the source of identity theft. The fact that the data is centralized and largely in three large institutions I think facilitates efforts to protect the data and facilitates efforts to prevent unauthorized access and to control access, compared to lots of little databases in lots of different places.
    Mr. HENSARLING. Mr. Mihalko?
    Mr. MIHALKO. I think a national standard is a huge benefit for Federal law enforcement, if we only have to deal with one type of standard. It is also a big benefit for the mailing industry so that they only have to deal with one standard nationwide and do not have to deal with 50 different standards in their mailings across the borders.
    Mr. HENSARLING. Mr. Caddigan?
    Mr. CADDIGAN. From a Federal law enforcement agency, any standard that eliminates confusion is best for us as we cross State lines in our investigations. The sharing of information with regard to verification check and balance is something that I think will show leads to a reduction in identity crimes. It provides earlier response to potential problems.
    Mr. HENSARLING. Ms. Viverette?
    Ms. VIVERETTE. Yes, sir. I agree with Mr. Caddigan. It is a situation where when we cross State lines, that is where as a patrol officer we have problems with the follow-up on the investigations. So his remarks are appropriate.
    Mr. HENSARLING. We have heard advocacy about a proposal to ensure, I suppose, that all American citizens receive a free copy of their credit bureau reports. Mr. Beales, my guess is you are the expert on this subject, but I am under the impression that free reports are made available already today, for example, to the indigent, to those who have been denied credit, and to those who believe they have been a victim of identity theft. Is my understanding correct?
 Page 39       PREV PAGE       TOP OF DOC
    Mr. BEALES. There are free reports available to people who think they are victims of fraud. There are free reports available to the indigent and the unemployed. There are free reports available to anybody if there is an adverse action taken based on information in the report. Those are the circumstances and in some of those, I think, are the circumstances where the report is most valuable, but it could have value in other circumstances as well.
    Mr. HENSARLING. My guess is no one on the panel is qualified to come up with a cost estimate of what that proposal would indeed cost the system. I am just curious what impact that might have on our credit availability and our credit costs should such a plan be enacted.
    I see my time is out, Mr. Chairman.
    Chairman BACHUS. Thank you.
    Mrs. Hooley?
    Ms. HOOLEY. Thank you, Mr. Chair.
    I have a question for the entire panel, and I apologize for not being here the entire time, and hopefully you have not answered this question yet. One of the things we talk about when we look at identity theft is it is really composed of five pieces, and one of the pieces is prevention; it is education; it is how do you get through the process; it is how do you leave room for technology to help solve the problem. And the last piece, and a very important piece, is law enforcement.
    I have spent a lot of time talking to our law enforcement, and one of the problems of course is you don't have to stick a gun to somebody's head to steal their money now; you can just take their identity and steal their money. Because a gun is not used, frequently this crime sort of goes to the end of the list of everything else you are doing. What is the one thing we need to do in law enforcement that would help you prosecute the crime and what is the solution to this obstacle? Because the perpetrator knows that they are probably not going to be prosecuted; they know they are very good at going across city lines, county lines, State lines; they know how much they have to steal before it becomes a felony.
 Page 40       PREV PAGE       TOP OF DOC
    I have known some local police officers who have arrested the same person over and over and over again and let them go because no one was willing to prosecute. What is the solution? What do we do? Do we need to make the laws tougher, the penalties larger? What do we need to do? And if each panel member would answer that question, I would appreciate it.
    Mr. BEALES. I think one thing that would clearly help is the penalty enhancement legislation that I know has been introduced in the Senate and I believe has been introduced in the House as well. I think prosecutors look to the length of time that they can get by alleging a particular offense. I think that longer penalties and the change in the structure of penalties to make it more like the gun laws where there is an add-on if you steal an identity in committing another crime, it is an additional sentence added on to whatever sentence there is for the base offense. I think those are approaches that can make prosecutors more willing to prosecute the cases and then enhance deterrence.
    Ms. HOOLEY. Thank you.
    Mr. MIHALKO. I think one of the things that would be most beneficial to us is an increase in probably the appropriations for the Justice Department to hire assistant U.S. attorneys to handle these types of prosecutions. What we have seen is that there are different U.S. attorneys offices that have different thresholds before they are going to accept identity theft cases for prosecution. It may be $70,000; it may be $100,000, which makes it less attractive to bring those cases because they are not going to be prosecuted. There are a lot of law enforcement resources devoted on the Federal, State and local level to investigating identity theft crimes.
    Ms. HOOLEY. Okay, thank you.
    Mr. CADDIGAN. I think we are on an upswing with regard to the enforcement and the prosecution. We have seen some enhancements. We have seen some legislative benefits recently. I also think we have seen a shift in the prioritization of these type of crimes in our U.S. attorneys's and district attorneys's offices. I have also seen where we have a better sharing relationship between the State and the Federal with regard to where the biggest bang, if you will, will come for prosecution, depending upon the magnitude, the loss and all the other factors that go into determining prosecution.
 Page 41       PREV PAGE       TOP OF DOC
    So the enhancements that I think we have seen are starting to take effect and hopefully we will see that continue in the future.
    Ms. HOOLEY. Thank you.
    Ms. VIVERETTE. Yes, ma'am, having identity theft as a specific crime has been helpful. Prior to having that in our State, it was underreported because it was reported as a theft and not identity crime.
    Ms. HOOLEY. Okay.
    Ms. VIVERETTE. Enhance penalties I think would be important and also the addition of resources for officers to follow up on a crime. Right now, they often have the information, but they do not have the investigative resources to go out and make the arrest.
    Ms. HOOLEY. Thank you very much.
    Chairman BACHUS. Thank you.
    Ms. Capito?
    Mrs. CAPITO. Yes, I have just two brief questions. For Mr. Caddigan, you testified that the method of identity theft that may be most difficult to prevent is theft by a collusive employee. What are some possible ways to combat such theft? And also in line with that, that many of the identity criminals use information obtained from companies or off of Web sites, and what can companies do to prevent such intrusions?
    Mr. CADDIGAN. The insider threat industry will tell you it is their number one concern, protecting not only their database, but their systems. Again, we believe in prevention; we believe in education. An initiative that we began about two years ago, not quite two years ago now, is an insider threat study. What it basically does is reach out starting with our investigative cases that involve such type of activity. They reach back out to the businesses and ask them to provide a little bit more information as to the prevention methods they use, the safeguards they use, and actually provide advice on how they can better themselves in that arena. That initiative is ongoing. It has reached across the country.
 Page 42       PREV PAGE       TOP OF DOC
    We already see some impact with regard to information sharing within sectors, business sectors. We think that because not only the identity theft portion of criminal activity to the insider, proprietary issues, customer-based issues, there is a lot of need for protection in that arena. Again, not overnight, but I think the right steps are being taken to provide an awareness and also to give viable solutions in a security-minded atmosphere on how you can better safeguard your material as a small, medium and large business. Those initiatives are ongoing.
    Mrs. CAPITO. Thank you. I just have one additional question, and this is for anybody who thinks they have an idea. I am curious to know the demographics of someone who could fall prey to identity theft. Is it someone who has the information on the Internet? Is it the elderly? Is it someone in big cities? Is it everywhere? Has it been categorized to a point? I am just curious to know what kind of statistics have been gathered, understanding that identity theft has just now been identified as a crime, or at least one that has been reported.
    Mr. Beales?
    Mr. BEALES. In our complaint database, the victims look pretty much like the population at large. There are not very many children, but other than that, it pretty much mirrors the distribution of the population. There is no one group that is disproportionately affected. We have completed a random sample survey of identity theft that we hope to release within the next few weeks that will give us a more comprehensive picture of the level of identity theft and also of the nature of who is victimized, but what we see in our complaint data is it just looks like the population at large.
    Mrs. CAPITO. Any other comments?
    Mr. CADDIGAN. From the enforcement perspective, we rely on the FTC data and we find it to be consistent with our casework. The vulnerabilities are again from the simple trash theft to you dealt with a business on the Internet that was the unfortunate victim of a hacking. It funs the full gamut. No one is particularly targeted.
 Page 43       PREV PAGE       TOP OF DOC
    Mrs. CAPITO. What would be the average time that someone would realize that their identity has been stolen? Would I find out in a month, in a week?
    Mr. BEALES. In our complaint data, 48 percent find it out within a month, and an additional number find it out within 1 to 6 months. Within a year, it is 78 percent find it out within a year.
    Mrs. CAPITO. I have no further questions. Thank you.
    Chairman BACHUS. My first question may be just to follow on that, Mr. Beales, the postal agent testified that it was an average of 14 months to discover?
    Mr. MIHALKO. Right. It is about 14 months according to our data before it is discovered, before a victim discovers that they have been a victim of identity theft.
    Chairman BACHUS. I am not sure how we square that with Mr. Beales's testimony just moments ago. Are there a significant number that are taking 12 to 14 months to discover, Mr. Beales? What about Mr. Mihalko's testimony?
    Mr. BEALES. There certainly are some that take that long, and I don't know the statistical basis for that. What we see in our complaints, and it is just our complaints, is what I reported. Now, I just don't know, in terms of what, it is about 7 percent that take between one and two years and another 8 percent that take between 2 and 4 years to discover it, and then there is a tail of about 5 percent where it takes more than 5 years before it is discovered. So there are some cases that are out there in terms of it taking a long time, but most people find out quickly in our complaint data.
    Chairman BACHUS. Okay. I will end the questioning with this question to you, Mr. Beales. FTC Chairman Muris has testified that you are considering different proposals to combat identity theft. You testified at this hearing and previous hearings that you are working on proposals to combat it or additional proposals. This committee anticipates marking up FTC reauthorization next month, at least that is what is anticipated at this time. Will the FTC have any formal proposals to make to this committee that can be incorporated in legislation this month?
 Page 44       PREV PAGE       TOP OF DOC
    Mr. BEALES. We would hope to not be too late, and whether we are too late or not, we are of course willing to offer whatever technical assistance we can in your effort.
    Chairman BACHUS. It would be extremely helpful if the Federal agency that is charged with oversight and investigation and coming up with remedies could offer us some formal proposals prior to reauthorization.
    Mr. BEALES. We understand that and we will do our best.
    Chairman BACHUS. Thank you.
    This concludes the testimony of the first panel. The first panel is discharged and we will go immediately to consideration of the second panel. I appreciate your testimony and you are discharged.
    The second panel is made up of two victims of identity theft. While they are making their way to the witness table, I might simply say that whether you go by the FTC testimony of basically 125,000 victims of identity theft each year, or you go by the Justice Department records which indicate as many as 500,000 victims of identity theft, we do know that those are both significant numbers. We know that as many as 500,000 reported cases and we know that for each of those cases there is an emotional and financial toll on the victims.
    In this second panel, we will actually hear from two of these victims, which in the one regard will be representing a much larger group of millions of American citizens each year who find themselves the victims of identity fraud. I want to welcome our second panel. Our two witnesses, Ms. Maureen Mitchell of Madison, Ohio, formerly of Queens, New York, is that right?
    Ms. MITCHELL. That is correct, Mr. Chairman.
    Chairman BACHUS. That is correct, thank you. And also Commander Frank Mellott, a U.S. Navy victim of identity theft. You are also here testifying on behalf of the Identity Theft Resource Center.
 Page 45       PREV PAGE       TOP OF DOC
    Commander MELLOTT. Yes, sir, I am, but principally on my own.
    Chairman BACHUS. Would you tell this committee what actually the Identity Theft Resource Center is?
    Commander MELLOTT. The Identity Theft Resource Center is a victim advocacy group and counseling assistance for victims of identity theft. I am the military assistance coordinator and also the mid-Atlantic-Virginia area regional coordinator. I see primarily cases that involve active-duty, retired or reserve members who are dealing with some of the unique aspects when a military member is a victim.
    Chairman BACHUS. I think Mr. Sanders testified that it is a horrendous crime, but it is particularly deplorable or despicable when the victims of identity theft are members of the military serving overseas in defense of our country. It is totally reprehensible that someone would do such a thing to our men and women in uniform. So we welcome your testimony here today.
    Also, Ms. Mitchell, I have read your testimony and it has truly been a nightmare for you, just almost inconceivable that someone has to go through what you have gone through. At this time, if you will lead off the testimony.
    Ms. MITCHELL. Thank you, Mr. Chairman.
    It is a pleasure and a privilege to be here and I want to express particular appreciation to Congressman LaTourette and Congresswoman Hooley for their efforts and the committee's efforts. And I wanted to say just a personal hello to Congressman Crowley. Joe Crowley and I grew up together in Woodside, New York.
    We have been the victims of identity theft and we were not only victims once, we were victims twice. We are a typical middle-class family. We do not have extraordinary assets and we had always taken the normal consumer protections that we are all advised to take to safeguard our information. We shred our outgoing trash. We were never robbed. We were never burglarized. We never lost our credit cards, and we had checked our credit report in March of 1999 to ensure its accuracy.
 Page 46       PREV PAGE       TOP OF DOC
    Yet in September of 1999, we received a phone call from our KeyBank MasterCard service provider questioning an unusual pattern of activity on our credit card. We were very fortunate that they noticed that unusual level of activity. It turns out that that was the start of our identity theft nightmare when we learned that fraudulent purchases had been made, mail-order purchases by criminals who did not have our credit cards in their possession because we had not lost ours, but they had obtained our credit card number. We do not throw out our credit card receipts intact. And in the days when we all had carbons on our credit cards, when we used them, we obtained the carbons and used to rip them up. We are extremely conscientious about safeguarding our information.
    We did not bank on the Internet. We did not order merchandise via the Internet. We did not use an Internet program to balance our checkbook. And we found ourselves victims of this. Unfortunately for us in September of 1999 when our MasterCard account number was compromised, our bank closed our credit card account number and told us we would not be responsible for the fraudulent charges. However, they did not suggest that we put fraud alerts on our credit reports, and they left making out a police report to our option. I did make out a police report because if was a few thousand dollars worth of charges that were made using our credit.
    In November 1999, 2 months later, we received a phone call from a J.C. Penney credit representative from New Mexico. We have been residents of Ohio since 1978, finding out that criminals in Illinois, and it was in Illinois that the fraudulent mail order charges were made also, had used my husband's name and Social Security number to obtain a line of credit at the J.C. Penney store in Illinois. It was the J.C. Penney's representative who suggested we put fraud alerts on our credit reports, which I did immediately on November 15.
    When I contacted Trans Union, Experian and Equifax, the three major reporting bureaus, I was dismayed to learn that there had been over 25 inquiries into our credit during that 2-month period of time between the initial credit card account number being compromised and the phone call from J.C. Penney's, and criminals had changed our address six times. I did place the fraud alerts on our credit report and I also put 7-year consumer statements, and it took me over 400 hours of time to dispute 30 fraudulent accounts that criminals had opened in our names out of State. There had not been 30 inquiries into our credit in the entire 20 some-odd years my husband and I had been married at that point, yet 30 inquiries into our credit in a 2-month period of time did not send up red flags to anybody at the credit reporting agencies. I think that needs to be addressed.
 Page 47       PREV PAGE       TOP OF DOC
    Four hundred hours, hundreds and hundreds of pages of documentation were required by us. I found the information from the Federal Trade Commission's identity theft clearinghouse to be helpful to me. Kathleen Lund from the Federal Trade Commission was the identity theft counselor whom I had spoken to, and she did offer me some guidance and assistance and some emotional support. I also put that in the testimony, because as a victim of identity theft, your life is spinning out of control and we never were able to ascertain our point of compromise. I did meet with our Congressman Steve LaTourette, and it was through his intervention that we were able to be in touch with the FBI. We ultimately wound up with the United States Secret Service, the United States Postal Inspectors, the Office of the Inspector General of the Social Security Administration, and the FBI, plus our local police department as the investigating authorities.
    Criminals in Illinois did a $150,000 worth of new credit applications in our names. We had previously had an impeccable credit report. Our FICO scores were in the low 800s; $150,000; 30 different accounts. They bought a Ford Expedition. They bought a Lincoln Navigator. Neither of those vehicles were sitting in my driveway. And two months after the criminals purchased the Ford Expedition, they torched that vehicle, filed a fraudulent insurance claim in my husband's name, and then we had to deal with the National Insurance Crime Fraud Bureau because there was a fraudulent insurance claim filed.
    We did get good cooperation from our local police department in Madison, Ohio. As a matter of fact, my husband and I and both of our adult children are carrying a notarized letter from our police chief in our wallets at all times saying that we are the victims of these crimes and not the criminals, because if we get pulled over for some innocuous traffic violation, we can find out that there are warrants under our Social Security numbers that we know nothing of.
    Two years after the criminals initially victimized us, and it was 2 years of fighting our way, it is a task made for Hercules that requires the wisdom of Solomon, as a victim of identity theft, to fight your way through the system. Two years afterwards, with the security protocols in place, and I had insisted upon security protocols on our bank accounts, we were making a purchase of a small home for both of our adult children who are students to live in while they were attending medical school and college. The fraudulent purchase of the Ford Expedition, the one that the criminals torched and filed the fraudulent claim on, showed up on my husband's credit report as we applied for the mortgage, lowered my husband's FICO credit score by 118 points, and we were almost denied the loan for the mortgage that we were legitimately applying for.
 Page 48       PREV PAGE       TOP OF DOC
    My girlfriend Cathy said to me, ''You know, Maureen, you just should have had the criminals apply for the mortgage. They would have gotten it with no problem.'' And there may be some truth to that statement. We again had that remedied. This account had bounced back onto my husband's credit report. They knew it was a fraudulent account, yet it reappeared.
    In October of 2001, we received at home a very alarming phone call from an intercity branch of our bank asking whether we were having trouble with our bank accounts. I had placed security protocols on our bank accounts. I had insisted upon them. Photo ID and password, and the password was not mother's maiden name or anything else that would be available on a genealogical Web site. Photo ID and password required on our bank accounts, and our local branch of KeyBank, and they have known us for 20 years, insisted that we use those protocols every time we banked, and we insisted upon it also. Yet when I received this phone call on October 30, criminals had made four fraudulent withdrawals from our personal bank accounts. It was upon the attempt of the fifth fraudulent withdrawal that we were finally notified. Criminals removed $34,006.50 from our bank accounts in spite of the fact that photo ID and password was required on these accounts.
    We had an arrest made in the State of Illinois, Lansing, Illinois as a matter of fact. The criminal there was prosecuted. He was sentenced to three years in the Illinois Department of Corrections in 1999 when he was arrested. He served less than a year. We currently have a case pending in Cuyahoga County, Ohio. The criminal who made the KeyBank fraudulent withdrawals a week after I received the phone call was attempting to make a $5,000 credit application using my name at the Circuit City store in North Randall, Ohio. When the Illinois crimes were occurring, there were criminals impostoring my husband. When the Ohio crimes were occurring, there were criminals impostoring me.
    She was eventually apprehended at the Circuit City store because the fraud alerts on our credit reports did indeed work. Why the security protocols on our bank accounts did not work still remains to be answered. One of the hardest things in being a victim of identity theft is that you are repeatedly subject to having your integrity and character questioned. You are perceived as the criminal and the scales of justice are tipped in the wrong direction in this regard. The criminal is assumed innocent until proven guilty, but the victim of identity theft is assumed guilty until you prove your innocence.
 Page 49       PREV PAGE       TOP OF DOC
    We started to receive phone calls from collection specialists at our home, wanting to know why we were late for the payments on our Lincoln Navigator and our Ford Expedition, the vehicles that we had not purchased. It amazed me that the collection specialist could find the real Ray and Maureen Mitchell when they wanted their money. Too bad nobody bothered to find the real Ray and Maureen Mitchell before they loaned out that money. There are protocols that should work when they are in place. No system is perfect. Our protocols should not have failed. They did. We had to re-work our way through the system. And when the criminal impostor of me was arrested at Circuit City in North Randall, Ohio, she was found to have an Ohio DMV-issued photo identification card that contained her picture but all of my information.
    And when that criminal had obtained that photo ID card, my driver's license was automatically suspended in the State of Ohio because it is illegal to have a driver's license and a State-issued photo ID card. So as a result of that impostor's activities, our bank accounts were frozen on October 30, 2001 and I had a suspended driver's license. I am a registered nurse. I am a licensed realtor. We are entitled to have access to our own monies and we are entitled to safeguard our personal licenses. I was scared to death that my real estate or my nursing license would be impacted by criminals because they had already impacted my driver's license.
    Our lives were turned upside down for 4 years because of identity theft, and the only risk factor that we had of becoming victims of this crime was that we had an impeccably good credit report. The demographics, as we heard in previous testimony, will show that this crime does affect all people. But if you do not have credit-worthiness, you are not sought out as a victim because it does not serve the purpose of the criminals.
    Words cannot begin to describe what this has been like for us. We have fought our way through this tooth and nail. We have received help from Congressman LaTourette. I had the privilege of testifying in a Senate subcommittee at the request of Senator Kyl. We have received help from the Federal Trade Commission. This is a national epidemic and it has to be stopped. Billions of dollars a year are being lost because of identity theft crimes and credit fraud. The impact that it has on victims' lives is unbelievable. Your credit score does not only reflect your loan worthiness. It also reflects to many entities, insurance industries, employers, et cetera, they equate that number with your good character. To have criminals assail that is unacceptable and incomprehensible.
 Page 50       PREV PAGE       TOP OF DOC
    I would encourage all of you to please read my full written testimony. I do realize it is lengthy. Believe me, I compressed four years of details into those pages. I will be happy to answer any questions and I again thank you for the privilege of having testified.
    [The prepared statement of Maureen V. Mitchell can be found on page 177 in the appendix.]
    Chairman BACHUS. Thank you, Ms. Mitchell.
    Commander Mellott?
    Commander MELLOTT. Yes, sir, Mr. Chairman, Ranking Member and other members of the committee, thank you very much for the opportunity to testify today. The views and opinions I express today are my own and do not necessarily represent the Department of Defense or the Navy.
    I am here because I am a victim of identity theft, but I am also here because I am a victim of what I would call a blunder by the credit reporting industry. My ordeal began back in the summer of 2001 when my wife walked in from the mailbox carrying a letter from the Department of Treasury. That letter said that my $5,000 tax refund, along with all Federal payments, was diverted to California to pay back child support. Now, my paycheck is a Federal payment so I was a little concerned that in less than two weeks I had zero income.
    However, the more I thought about it, I became even more concerned with the long-term consequences. As a military member, particularly as an officer working in the field in which I do, a security clearance is an essential component to my ability to function. My security clearance can be affected almost instantly by my credit history. If I lose my security clearance, I am unable to do my job. I am unable to compete with peers for promotion. I am unable to compete for milestone positions such as command of a unit or a squadron, and fundamentally it affects my ability to support my family in my chosen vocation, service to the country.
 Page 51       PREV PAGE       TOP OF DOC
    This all began in calendar year 2000 when my half-brother used my Social Security number and only my Social Security number on W-2 forms he filed with the Breckenridge Group and with Pep Boys in California. Now, I cannot say whether either of those companies verified identity documents when they hired him, but I would suspect that they did not.
    In the end, California found out that he was working again by name, and since he owed about $75,000 in back child support, they sent his data off to the Federal agencies for collection. Unfortunately, the data they pulled was the data he supplied, my Social Security number, and the next thing you know I got the letter.
    So unfortunately, I am staring this letter in the face. Instead of spending a summer leave period enjoying some time catching up with my two sons after nearly six years of straight sea duty, I am spending it fighting jurisdictional issues. I have got three police agencies all going like this when I tried to file a police report. I am spending hours and hours either writing letters or on the phones with credit reporting agencies trying to track the source of these problems and then get them resolved. I am trying to keep my security clearance folks flooded with information so that I do not lose my security clearance, because quite honestly it is much easier to take one away than it is to get it restored. Once it is gone, it is very difficult.
    Of course, I am working with the IRS to try and resolve about $10,000 of income that was reported against my Social Security number that I did not claim. Unfortunately, in February 2002 the problems continued. I had already started the cleanup effort so I had placed fraud alerts with the three credit reporting agencies. Unfortunately, my brother was still able to go out and get cellular phone service with AT&T Wireless in spite of those alerts, but that was not the end of it. The worst happened when Experian merged my credit file with that of the criminal, my brother's. So now instead of having one or two bad entries in my credit file from which I am trying to correct, I now have 30 or more. I have incorrect addresses, incorrect employers. I have two aliases. I have alternate uses of my Social Security number, a host of collection actions, even listing his wife as mine. Any single one of those could have had a severe and adverse affect on my ability to function as a naval officer by removing my security clearance.
 Page 52       PREV PAGE       TOP OF DOC
    I found the credit industry is unfortunately not quite as responsive as I would hope. As a military member with frequent moves I was very concerned about having specific language put in the fraud alert. So I sent all three of them a certified return receipt letter asking them to incorporate specific language. Not a single one of them incorporated that language. Not a single one of them even bothered to reply.
    Now, as bad as this sounds for me that the identity theft tarnished my image, the blunder by the industry could have done the same thing. Although my case has been largely resolved, as an officer responsible for the welfare of my troops I am very concerned about how this affects the 19-year-old soldiers, sailors, airmen, Coast Guardsmen and Marines serving around the world right now. This problem is virtually impossible to clear up unless you are right there. It is hard enough right here fighting the jurisdictional issues military members face when oftentimes three or more States are involved.
    But fundamentally, our nation is at war and our military members can be deployed anywhere in the world at a moment's notice. We have heard this morning that it can take months for people to find out they are victims of a crime or a mistake and we have heard how it can take a substantially longer period of time to correct that. How do we expect that young soldier to be doing that from the streets of Baghdad at night? How do we expect him to spend that 175 hours or the $1,400 in estimated out-of-pocket costs to correct problems or mistakes?
    I encourage this committee to take any action they can to improve accountability. Obviously, I have some opinions. I think there needs to be some increased accountability for the accuracy of data. I think there needs to be some specific measures targeted to protect military members on active duty. I think the committee needs to take a good look at some of the critical nodes in the credit reporting and credit-issuing arena.
    I do have to thank Congresswoman Loretta Sanchez for her efforts to assist me in my case, as well as specific thanks to Special Agent Chris Behe of the Navy Criminal Investigative Service who was the first officer to take a police report which subsequently opened doors and led to a prosecution.
 Page 53       PREV PAGE       TOP OF DOC
    Sir, I have completed my statement and I stand by to answer any questions you may have.
    [The prepared statement of Frank Mellot can be found on page 161 in the appendix.]
    Chairman BACHUS. Commander, did your brother ever go to jail? Was he ever prosecuted?
    Commander MELLOTT. Yes, sir. The Navy criminal investigative report I was able to forward to California and then they were able to take action on it. They arrested him. Unfortunately, he had been arrested and appeared in court once before I was even notified, and found out that his final hearing was going to take place the next morning, so I spent the better part of a day putting together a victim impact statement. He was awarded a 3-year suspended sentence on two felony counts for falsely providing information on the W-2 forms. He spent 120 days in jail and he is out on supervised probation.
    Chairman BACHUS. Has he stopped doing it?
    Commander MELLOTT. At this point, he has, although, sir, I continue to see lingering effects from it. About 4 or 5 months ago I got a letter addressed to his wife at my address about a $5,000 bill that was outstanding.
    Chairman BACHUS. You have never not been to California during this period of time, is that right?
    Commander MELLOTT. I can't say for sure during the period. I most certainly visited at least once. I am a legal resident of California, but I was stationed in the State of Washington and then in Rhode Island before being transferred to Virginia where I am at now.
    Chairman BACHUS. So after you reported what was going on and then you would get your credit reports, there was nothing on those credit reports to indicate that there was a problem, right?
 Page 54       PREV PAGE       TOP OF DOC
    Commander MELLOTT. When the initial letter came from Department of Treasury, by the end of the week I was able to establish that it legitimately was not me they were looking for. About a week later, I got the credit reports and then what I found on those credit reports was that it had started much earlier. He had applied for cable TV service in the State of New York with Time-Warner Cable. When he defaulted on the bill, it was reported as a collection action against me. At that point, that was the only thing that showed up on my credit report. It was not until the merging of the two files by, as Experian said, the computer did it, that I encountered a substantial problem with inaccuracies.
    Chairman BACHUS. When you wrote to the credit reporting agencies and you said, ''here is what is going on,'' subsequent to that, did you obtain your credit report? You said that none of them listed this information?
    Commander MELLOTT. I would have to look back in my records, sir, to make sure I quote the exact company that had it. Of the three credit reporting agencies, there was only one that reflected the outstanding Time-Warner bill. Subsequent to that was when the data files were merged. That is when the information in those files in my credit report was substantially incorrect. It has been months trying to get that cleared up.
    Chairman BACHUS. Yes, but I am not sure you are following.
    Commander MELLOTT. Yes, sir?
    Chairman BACHUS. When you wrote to the three credit reporting agencies and you said, ''my brother is engaged in this activity, this is the problem,'' what I am saying is subsequent to that, you said they refused to take any action?
    Commander MELLOTT. Yes, sir.
    Chairman BACHUS. They did not put your letter in the credit report, or there is no mechanism?
    Commander MELLOTT. What I did, sir, was I was concerned because as a military member I move fairly frequently. It is often difficult for credit agencies to keep the information current because I move so often. So what I wanted to do was to try and find a way to, much like Mrs. Mitchell here, provide a much more secure method before somebody issues credit to someone who may be trying to do it in my name.
 Page 55       PREV PAGE       TOP OF DOC
    Chairman BACHUS. Right.
    Commander MELLOTT. So I sent a letter that was substantially the same letter to all three asking them to include specific language on the fraud alert. What I wanted somebody to do was that if anybody tried to apply for credit in my name, that they had to cite a photocopy at a minimum, but certainly a military identification card, for a couple of reasons. One, that assists me with jurisdictional issues if it happens, because now it is impersonating an active duty member, but also it is a photo ID that has the information on it. Not a single one of them did that. They did not put that language into the permanent fraud alert. They put their standard language on, which of course refers them to the phone number and address that I have on record that, well I am sorry, three moves in a year make it very difficult for that to keep up. I recognized that the standard alert was not going to suit the bill, asked them to put something specific on, and they ignored it.
    Chairman BACHUS. Okay. Thank you.
    Mr. LaTourette?
    Mr. LATOURETTE. Thank you, Mr. Chairman.
    Both of you talked about jurisdictional things, and I can remember, Maureen, when you were dealing with the criminals in Illinois, I used to be a county prosecutor and I tend to think that States should principally deal with criminal matters and only in extraordinary circumstances call for the Federalization of crimes. But it was my recollection that what was described by the first panel was existence in the different jurisdictions and they had different thresholds. I don't remember if it was $50,000 or $100,000, but they said they were really not going to take a look at your case at the Federal level unless you reach $100,000. As a result in Illinois, if I remember correctly, they were treated with what in Ohio would be fourth degree felonies that carry maybe a year and a half in prison, and typically are probationable offenses where people get out.
 Page 56       PREV PAGE       TOP OF DOC
    So I think both of your stories are reasons why the majority of the members of this committee have become convinced that this is a national problem that needs to be addressed nationally and can't be left to the devices or the different States, for the reason in your case, well in both of your cases, you lived in one State and the crimes were taking place in different States.
    Maureen, I again want to thank you for coming. You came on your own dime from Ohio and I appreciate that. I would think that, and I know, sort of like a softball question, I know that your experience has probably given you the ability and the time to think up a long list of suggestions that the government could do to help people that find themselves in the same position as you and Ray found yourselves in. Would you want to share a few of those with us?
    Ms. MITCHELL. Thank you, Congressman LaTourette. Yes, I would.
    I cannot stress enough to the committee that we had zero risk factors of this happening to us. However, that is not the case for most consumers. So the truncation of the credit card numbers on credit card receipts is indeed important. I recently saw a receipt for a Discover card purchase that our daughter had made using her account. It not only contained her Discover card account number, it also contained her name. If that receipt were inadvertently placed in the trash and a criminal were to obtain it, they would have all of the information that they needed from one careless disposal of a credit card receipt to start committing crimes.
    I do think that there needs to be a free annual consumer credit report available to any consumer that requests it. We had looked at our consumer credit reports in March of 1999. It was a fluke that we did that because we were putting a mortgage on a property, so I had the lender send me a copy of it. If I were not putting a mortgage on a property, I would never have requested that. An annual review of the credit reports by the consumer is good for two different reasons. One, many victims of identity theft are often unaware that they are victims and may be unaware of it for years until the next time they apply for credit. Consumer credit reports are also, if you are unfamiliar with reading them, somewhat of a challenge to decipher at first. So it would also give the American consumer an opportunity to familiarize themselves with the verbiage in the consumer credit report so that as they familiarize themselves with it, they would more easily recognize in the future if something were indeed wrong. So those would be two things that I would strongly suggest.
 Page 57       PREV PAGE       TOP OF DOC
    Mr. LATOURETTE. I think that, and some of those point to the need to hand over the credit report, but some of those things put the burden on the customer, the consumer. The legislation that Mrs. Hooley and I have worked up also shifts the burden to those who extend credit a little bit. It seems to me that most of us here, you are not only a nurse, but you are a realtor, most of us and most of the people of our acquaintance probably do not move six or seven times within the course of a year. It seems to me that those who are in a position to extend credit, and come across a credit file where there are people moving from Ohio to California to Illinois and to Texas during a 12-or an 18-month period, perhaps a burden should be placed upon them as well to say maybe this is something that is not quite right. I would assume that is something that you would think would be a good idea as well.
    Ms. MITCHELL. I absolutely agree with you, Congressman. Anything that does not match the consumer record of file on the credit report when a new application of credit is filed should serve as a red flag, not requiring necessarily denial of credit, but requiring further investigation into the legitimacy of that application before credit is indeed granted. We have resided at the same address for well over 20 years. Yet as a result of criminals in Illinois, and we were victimized by an organized identity theft ring, as a result of the criminals in Illinois we now showed six address changes on our credit reports within a two-month period of time. We had lived at the same address stable for 20 years. We did not hopscotch from house to house six times in 2 months in Illinois.
    Mr. LATOURETTE. Right. I think when we were talking a couple of years ago, the notion, and to the commander, you as well with the experience with your half-brother, there is a thought that the prison sentences for people convicted of this crime ought to be enhanced and increased from again typically based upon the amount of money that is stolen, and if you are in a variety of different jurisdictions you can steal a little bit of money here, a little bit of money there, and in the aggregate it turns out to be a lot, but under the State penal code it may affect the classification of crime. So commander first with you, would you like to see legislation that increased the available penalties for people who engage in this activity?
 Page 58       PREV PAGE       TOP OF DOC
    Commander MELLOTT. Sir, absolutely. To Mrs. Mitchell's recommendations and personally, I would also like to see a mandatory observation of fraud alerts. I think if companies were held accountable for not observing a fraud alert that was on an account, then they would be a lot more careful about issuing credit to people who quite honestly are doing it fraudulently.
    Mr. LATOURETTE. And Maureen, is that something you wish we would consider as well, that is the increased criminal penalties, lock them up longer?
    Ms. MITCHELL. Absolutely. The criminal who was prosecuted in the State of Illinois, who was apprehended impostoring my husband, was eventually sentenced to 3 years in the Illinois Department of Correction. He would have received probation, in my opinion, had we not been assertive consumers willing to prosecute and had not Congressman LaTourette's office intervened in that. The damages that were done to us were extensive. He was one of many, but if these criminals are able to commit these crimes and count on probation instead of incarceration, we are not offering any deterrent for these crimes to continue. They need to be held accountable.
    I would like to add, too, that some of the merchants also need to be held accountable. When the criminals purchased the Ford Expedition in my husband's name, there were six glaringly obvious errors on that credit application. Our name was even misspelled. They put down 3-0-0 as the area code to verify their place of employment. You don't really need to be an Einstein to know that 3-0-0 is not a valid area code in the continental United States. Yet they received approval for a $40,000 purchase on a vehicle. The merchants need to be held accountable. Good business practices, common sense and due diligence need to be used at all steps of the lending process to ensure that the monies are indeed being loaned to the real individual.
    Mr. LATOURETTE. Thank you very much.
    Thank you, Mr. Chairman.
 Page 59       PREV PAGE       TOP OF DOC
    Chairman BACHUS. Thank you.
    We have no further questions for Ms. Mitchell or Mr. Mellott.
    Ms. Mitchell, one thing, you said they misspelled your name?
    Ms. MITCHELL. Yes, they did.
    Chairman BACHUS. Is that the name ''Mitchell'' you mean?
    Ms. MITCHELL. Yes, they did.
    Chairman BACHUS. Okay.
    Ms. MITCHELL. Yes, they did. And it was not only misspelled on the application filed by the criminal, it was also misspelled on the facts from the lender granting the car dealership the loan approval. The only thing that matched us on that application was my husband's Social Security number. The Social Security number and the State driver's licenses have become the de facto form of identification in the United States. Safeguards need to be in place to ensure that those numbers safeguard the real individuals from having their identities compromised.
    Chairman BACHUS. Thank you.
    Have you put a financial cost estimate on what this cost you?
    Ms. MITCHELL. I can tell you that the criminals fraudulently applied for $150,000 worth of lines of credit in 1999 in the Illinois area in our names. In 2001, they removed $34,000 from our bank accounts. Those monies were eventually restored with interest. We had our bank accounts frozen. It was extraordinarily embarrassing. Out-of-pocket financial expenses for us are in the $2,000 to $3,000 price range, the nearest estimates that I could give. It is countless hours lost in time, sleepless nights, and sprouting gray hairs. The blood, sweat and tears that went into trying to resolve our identity theft victimization, it is indescribable to try and put that into words. But it was a few thousand dollars out of pocket expense and over 500 hours of time, very dedicated time, and hundreds of pages of documentation.
 Page 60       PREV PAGE       TOP OF DOC
    Fortunately now, and I think it was a direct result of a Senate subcommittee testimony that Senator Kyl chaired, the FTC now does have the uniform victim reporting identity theft affidavit, so future identity theft victims will not have reams of paperwork, because our experience was that the individual merchants all required individual protocols. That is no longer the case. It is still a daunting task for the victim of identity theft to try and have their credit restored, and I am not sure that it is ever restored fully.
    Chairman BACHUS. Thank you.
    Commander, do you have any last remarks?
    Commander MELLOTT. No, sir. Thank you for inviting me. Anything I can do to help, I am standing by.
    Chairman BACHUS. Thank you. We appreciate your assistance to the committee and your testimony in sharing your experiences. We appreciate your testimony.
    At this time, you all are discharged and we will request that our third panel make their way to the witness table.
    Mr. TIBERI. [Presiding.] I thank the panelists from our third panel for being here today. I will quickly introduce the panel, and then we can begin.
    Starting from my far left, Ms. Amy Hanson, President of the FACS Group, a subsidiary of Federated Department Stores; Mr. Jim Kallstrom, Senior Executive Vice President, MBNA America Bank; Joshua Peirez, Senior Vice President and Assistant General Counsel, MasterCard International; Ms. Janell Mayo Duncan, Legislative and Regulatory Counsel, Consumers Union; Mr. Joseph Ansanelli, CEO of Vontu; and last but not least, Mr. Lee Lundy, Vice President, Consumer Services, Experian.
    Good. Thank you all for coming. We will begin with Ms. Hanson. I remind everybody that you will see a clock that will eventually turn red in five minutes. At that point, if you could sum up your remarks and you will be able to submit your written testimony as well.
 Page 61       PREV PAGE       TOP OF DOC
    Ms. Hanson, the floor is yours.
    Ms. HANSON. Thank you. Good afternoon. My name is Amy Hanson. I am President of the FACS Group, which provides credit and other administrative services for Federated Department Stores and its affiliated bank. I am testifying today on behalf of the National Retail Federation.
    I would like to thank Chairman Bachus for providing me with the opportunity to testify before the House Financial Institutions Subcommittee about the growing problem of identity theft and the steps that Federated is taking to protect our customers and reduce losses from these crimes.
    By way of background, Federated is comprised of seven merchant nameplates, Macy's, Bloomingdale's, Burdine's, Rich's, Lazarus, Goldsmith's and the Bon Marche. We issue our proprietary credit cards under these names through our affiliated bank. In fiscal year 2000, Federated reached a peak for identity theft-related losses with 5,678 cases representing a total expense of just under $8 million. In the past two years, we have experienced a decline of approximately 33 percent in the number of identity theft cases and recognized a $3.2 million reduction in expense. In the last six months, we have seen a 41 percent improvement in ID theft cases compared to last year. We feel strongly we are making progress in our efforts to protect our customers due to our ability to optimize technology and information, both of which are critical in this fight.
    Identity theft can occur in two basic ways in our stores: through an application for a proprietary account or through a takeover of an existing credit card account. Over the last several years, we have continued to add additional verification steps to our internal processes to prevent identity theft. This issue is of paramount importance to us because after all, these are our customers who expect both a high level of personalized service and personal security in our stores.
 Page 62       PREV PAGE       TOP OF DOC
    Instant credit represents about 93 percent of all new accounts opened by customers at Federated. This process takes place at point of sale and relies on a highly automated and relatively quick procedure to verify an applicant's ID and check their credit report. In order to cut down on fraud, we have implemented many processes to protect our customers. These include validating applicant information against credit reports, checking applicant data against our internal fraud file, and checking the consumer credit bureau report for fraud alerts placed there by the customer. If there are discrepancies in any of the application information, the application is declined.
    Our screening does not stop there. We have a process by which customer charges are reviewed for out-of-pattern behavior, high velocity purchasing, making payments on their account for significantly more than their balance due, and high-risk merchandise purchases. We also systemically prevent the mailing of a new credit card on a recently changed address.
    In addition, our fraud prevention group utilizes technology to crosscheck Internet orders and an affiliate fulfillment system to search multiple orders across affiliate chains. This ability proved very helpful in discovering an Internet fraud ring where the perpetrators were placing several orders for the same merchandise on different Federated Web sites, then shipping these items to various addresses in the U.S. They then collected the items for shipment overseas. Fortunately, we were able to uncover and shut down this ring using our affiliate sharing tools.
    I would like to be able to say that FACS has prevented all of the fraudulent applications this year, but I can't. Unfortunately, sophisticated identity thieves continue to work diligently to bypass our systems and were successful in 2002 at a rate of 7 per every 10,000 applications processed, less than one-tenth of 1 percent. This in my view is not the result of a flawed system, but the result of determined criminals with sophisticated tools like computers and the Internet. You see, the most identity thieves know how to produce near-perfect identity documents such as State-issued driver's licenses and counterfeit credit cards.
 Page 63       PREV PAGE       TOP OF DOC
    For these types of criminals, there is very little else we can do to detect and prevent the crime, and retailers, like other businesses, are looking to the States and the Federal government to begin producing the most secure and foolproof identity documents possible. Our ultimate goal is to confirm the identity of the customer and ensure their identity is not compromised.
    With identity theft representing such a small fraction of total credit applications, it is often a case of looking for a needle in a haystack. Further, identity thieves thrive on being anonymous and rely on the assumption that a large retailer such as Federated cannot put a name and face together in order to prevent fraud. This is why it is so important for retailers to know our customers, and the only way we can do this is through the use of information. Information flows between FACS and the credit bureaus or between our corporate nameplates. That, combined with sophisticated technology and scoring models, cuts down on fraud and allows us to offer exceptional customer service.
    As you know, identity theft is a crime with at least two victims: the individual whose identity was stolen and the businesses that bear the financial cost of the crime. Clearly, it is the individual victim that is the most directly hurt, but if identity theft crimes continue to rise, all consumers will ultimately pay as business losses are passed back to them. As such, it is critical that our access to information and prevention opportunities continue. The identity theft criminals adapt and change quickly and we need that same flexibility.
    I appreciate the opportunity to testify here today and I look forward to answering your questions, as well as those of the committee.
    Thank you.
    [The prepared statement of Amy Hanson can be found on page 117 in the appendix.]
    Mr. TIBERI. Thank you, Ms. Hanson.
 Page 64       PREV PAGE       TOP OF DOC
    Just as an aside, one of my first credit cards was a Lazarus credit card.
    Ms. HANSON. That is good. I hope it is still in your wallet.
    Mr. TIBERI. Mr. Kallstrom?
    Mr. KALLSTROM. Good afternoon, Mr. Chairman. Thank you for inviting me here today. I think I can safely speak for the entire industry in complimenting the committee for the thoroughness with which you are examining the issues relating to the reauthorization of the Fair Credit Reporting Act. From our perspective, you have constructed a compelling record from which to legislate and we have high praise for the diligence and dedication of the staff who have brought all of this together.
    Regarding identity theft, we are in complete agreement with you and the other members. Identity theft, like other serious crimes, is an attack on our customers, our businesses and on our economy. While it accounts for only about 4 percent of the fraud we experience, as you have just heard it often exacts a personal cost of time, reputation and frustration that is very hard to measure. Viable solutions likely will involve greater participation by all of us, the credit granting industry, retailers, the credit bureaus, law enforcement, prosecutors, government agencies and consumers. But also recognizing that our collective task is made much more difficult by the rampant availability of false identification documents, which is an epidemic in this country today.
    As with many crimes, the cliche ''forewarned is forearmed'' applies to identity theft as well. Ensuring the availability of key information, both to businesses and potential victims alike, goes a long ways towards prevention and apprehension. As Assistant Secretary Abernathy remarked recently, identity theft is not caused by information; it is caused by a lack of information.
 Page 65       PREV PAGE       TOP OF DOC
    In summarizing my statement for the record, I would like to make four points. First, the interests of our customers and the interests of industry are synonymous. Our business philosophy is, find the right customers and keep them. We want our customers to be able to use our products and use them securely. We want our customers to have confidence that we will help protect them against the ravages of identity theft. When fraud does occur, our customers are not responsible for the fraudulent charges and we provide assistance both to help stop further damage and to help in recovering from the identity theft. But as we have just heard, it is far more difficult to restore the confidence of victims and to relieve the effects of having their identity stolen. We agree with our customers who say, reputations, good will, financial well being and consumer confidence are all put at risk because of identity theft. In the end, it hurts every one of us.
    Second, prevention and detection of identity theft is what we do with every application and every transaction, 7 days a week, 365 days a year. We invest millions of dollars preventing and detecting identity theft and other types of fraud. We employ hundreds of people who specialize in fraud detection and prevention, and have a sizeable cadre of people dedicated to ensuring our customers are properly identified. We employ extremely sophisticated neuro-networks and experience-based automated strategies to find and reduce fraud and identity theft, from exploring discrepancies between applicants and credit reports, to scrutinizing hundreds of thousands of daily transactions for anomalies. We fight identity theft from the credit application stage through loan repayment. Our customers are critical participants in this process, but there is no question that the Fair Credit Reporting Act is the foundation of this effort. To be successful, we rely upon the kind of uniform current credit information that FCRA has given us.
    The third point I would like to make is setting the record straight on a couple of things, affiliate sharing and prescreening. With affiliate sharing, we are aware of no instance, not one, where affiliate sharing resulted in identity theft. To the contrary, it helps the industry fight identity theft. Our experience with prescreening is similar. Prescreening results in substantially fewer fraud attempts, not more. A study released last week by the Information Policy Institute, the IPI, a copy of which I am submitting with my statement for the record, confirms that the same holds true for the entire industry. In fact, the study found that industry losses from fraudulent prescreened applications amount to four one-thousandths of 1 percent of total sales volume. Eliminating prescreening would likely result in an increase in identity theft. That is so because prescreened offers reflect only names and addresses, less than is in the telephone book. The prescreening process involves more filtering, not less filtering.
 Page 66       PREV PAGE       TOP OF DOC
    One final point, Assistant Secretary of the Treasury Wayne Abernathy understands the industry, understands the problem, and he and others at Treasury have talked about the need for a comprehensive approach to address the problem of identity theft. We agree that any approach should include enhanced prevention, detection and victim assistance. It should include reauthorization of FCRA because, as Assistant Secretary Abernathy says, to do otherwise creates shadows where identity theft can occur. On the enforcement side, the solution should include stiffer penalties, reflecting the serious and pervasive nature of this crime.
    We also agree that any solution should help consumers make more informed decisions about information sharing. This can happen by making privacy notices shorter, simpler and in plain English, and making opt-out procedures easier and uniform so that consumers can more easily exercise control of their personal information in a meaningful way. Everyone agrees it would be of enormous benefit to provide consumers with easily digestible privacy notices that include easy opt-out procedures. In fact in a recent survey, we found that our customers overwhelmingly support a simple food label-like notice as the kind of notice they want, a notice they will actually read, that is easily comprehensible, and which allows busy people an opportunity to participate in information sharing decisions in a more meaningful way. It is simply a good idea that will be of great benefit to consumers.
    In the end, legislating more and better tools for law enforcement, consumers and the industry to use to prevent, detect and recovery from identity theft is a consumer issue that will help us all. We applaud your attention to these critical issues and I look forward to any questions you might have.
    Thank you very much.
    [The prepared statement of Jim Kallstrom can be found on page 125 in the appendix.]
    Mr. TIBERI. Thank you, Mr. Kallstrom.
 Page 67       PREV PAGE       TOP OF DOC
    Mr. Peirez?
    Mr. PEIREZ. Good morning, Chairman Bachus, Congressman Sanders, and members of the subcommittee.
    My name is Joshua Peirez and I am Senior Vice President and Assistant General Counsel at MasterCard International located in Purchase, New York. MasterCard is a global organization comprised of financial institutions that are licensed to use the MasterCard marks. I thank the subcommittee for having a hearing on this critically important issue and for giving me the opportunity to provide information on combating identity theft.
    MasterCard takes its obligation to protect MasterCard cardholders against identity theft and other forms of fraud very seriously. In fact, this issue is a top priority for MasterCard and we have a team of experts, including many ex-law enforcement personnel devoted to combating fraud. We are proud of our strong record of working closely and proactively with Federal, State and local law enforcement agencies to apprehend these criminals.
    MasterCard believes its success in fighting fraud is perhaps best demonstrated by noting that our fraud rates have continuously declined over time and are at historically low levels. MasterCard recognizes that identity theft and other fraudulent schemes evolve constantly, and we devote substantial resources to staying one step ahead of the criminals. We continually develop new ways to fight fraud and identity theft. For example, MasterCard has instituted a number of protections against unauthorized use of MasterCard payment cards. These include enhanced security features on the card, the risk-finder service, the address verification service, the issuers clearinghouse service, and our proprietary fraud reporting system. In addition, we have voluntarily implemented a zero-liability rule which means that a MasterCard cardholder will generally not be liable for any fraud losses at all.
 Page 68       PREV PAGE       TOP OF DOC
    Although MasterCard has established these consumer and anti-fraud protections, one of the most important tools in combating identity theft is the availability of accurate, reliable consumer reports. Providing consumer reports is the role of the credit bureaus which gather information from thousands of sources commonly referred to as furnishers. The reliability of consumer reports as an identity theft prevention tool is largely due to the uniform national standards established by the FCRA. If States impose different obligations on furnishers, the amount and quality of information could substantially decrease.
    The FCRA also governs two activities that greatly assist financial institutions in fighting identity theft, affiliate sharing and prescreening. Financial institutions rely on the ability to share information among their affiliates in order to detect and prevent identity theft. This happens, for example, when an application does not match existing information about the same consumer held by an affiliate. Additionally, prescreening also results in fewer cases of identity theft and other fraud than when the accounts are acquired through other means. In this regard, prescreening and affiliate sharing are important weapons in the fight against identity theft.
    Other provisions in the FCRA are also useful in limiting the damage to identity theft victims. For example, consumers receive notices if they are denied credit based on information in a consumer report. This flags for the consumer that the consumer's report may contain negative information and allows the consumer to follow up and investigate the matter further. If there is information in the credit report that may be the result of identity theft, the consumer can generally require the credit bureau to correct any error within 30 days. In conclusion, MasterCard is committed to working with government, credit bureaus, our members and cardholders to ensure that we provide the safest financial environment possible. We take our role in fighting identity theft and fraud very seriously and will continue to research and develop technologies and programs to help with that fight. By making the national uniformity under the FCRA permanent, MasterCard will be able to provide better protection against identity theft and fraudulent activities to its cardholders and issuers.
 Page 69       PREV PAGE       TOP OF DOC
    Thank you again for allowing me to appear before you today on this important topic. I am happy to answer any questions you may have.
    [The prepared statement of Joshua L. Peirez can be found on page 195 in the appendix.]
    Mr. TIBERI. Thank you, Mr. Peirez.
    I am going to yield just a minute to the chairman of the subcommittee.
    Chairman BACHUS. I thank you, Mr. Tiberi.
    I wanted to take this time to say to Mr. Kallstrom and Mr. Peirez, Mr. Kallstrom from MBNA America and Mr. Peirez from MasterCard, the staffs of your institutions have been very helpful to us in the committee in reviewing legislation on reauthorization for FCRA. They have been very timely in getting back with us and just fully cooperative, and I want to commend both you gentlemen for that. It has been a very good experience for us. I think that the legislation going forward will reflect your expertise. As you say, Mr. Kallstrom, the interest of the consumer and the interest of your institutions are analogous.
    Mr. KALLSTROM. Yes.
    Chairman BACHUS. The National Retail Federation, Ms. Hanson, has also been very helpful in pointing out particularly some of the strengths of the uniform fair credit reporting system. I don't think there was a car dealer from my home State of Alabama who told me that he does business, about 20 percent of his business comes from the State of Florida, about 35 to 40 percent comes from the State of Georgia. The rest comes from the State of Alabama. He says even dealing with three sets of conflicting information could be a detriment in extending credit. So I think whether we are retailers or credit card companies or Ms. Duncan with the Consumers Union, I think we can certainly find some identity of interest because we are all looking for the same thing, and that is the extension of credit in a fast, expedient way.
    It has been a great benefit if you look at low-and middle-income citizens, under FCRA there has been an explosion of available credit. At the same time, we ought to be able to find ways to protect those consumers in this process. So I think we all have an identity of interest there. We may have different opinions on how we get there.
 Page 70       PREV PAGE       TOP OF DOC
    At this time, I will yield back.
    Mr. TIBERI. Thank you, Mr. Chairman.
    We have a series of votes on the floor and the Chairman has asked me to recess the committee until 1:30 p.m. when we will return with the next panelist. Thank you.
    Mr. LATOURETTE. [Presiding.] The subcommittee will come back to order. We appreciate your patience during that series of votes, and hopefully we will be able to complete this panel before more mischief like that is occasioned.
    Ms. Duncan, I think we are with you, and thank you for being here. We look forward to your testimony.
    Ms. DUNCAN. Thank you.
    Good afternoon, Mr. Chairman and members of the subcommittee. Thank you for providing me with the opportunity to come before you today. I am Janell Mayo Duncan, Legislative and Regulatory Counsel for Consumers Union, publisher of Consumer Reports magazine. I am pleased to be able to share our views on the relationship between the FCRA and identity theft.
    Consumers Union, an advocate for consumers, is the only consumer representative on this panel. We are a nonprofit organization, and as you will see from my comments today we would strongly disagree with Mr. Kallstrom's claim that he and MBNA are appropriate spokespersons for consumer interests.
    In addition, the FCRA at its core is a consumer protection statute, and we are here and stand ready to join MBNA, MasterCard and the National Retail Federation in lending our perspective as the committee crafts legislation to address these problems, understand the impact on consumers, and to develop solutions to this crime.
 Page 71       PREV PAGE       TOP OF DOC
    This hearing is entitled Fighting Identity Theft, the Role of FCRA. We believe that the current operation of the FCRA, FCRA Federal preemptions, and ongoing industry practices are to a great extent responsible for the skyrocketing number of identity theft cases. Consumer Reports magazine looked at this problem in a 1997 article. At the time, the magazine described the crime of identity theft as one of the fastest growing in the nation.
    The article chronicled stories of people victimized by the crime and in it we identified flaws in the system that we believed to be contributing to this problem, including lax identification standards, where credit is granted to a thief by creditors matching as few as two pieces of identification with information on the credit report of an unsuspecting individual; the granting of quick credit; the dissemination of convenience checks; instant credit and easy replacement of reportedly lost of stolen cards; inadequate fraud detection by credit reporting agencies or CRAs; credit grantors that ignored fraud warnings meant to serve as an obvious indication that an identity thief had been actively exploiting a consumer's credit file; and unfair correction processes where credit bureaus continue to update files with inaccurate information or information generated by the thief. Six years after our report, thieves have become more sophisticated and organized and the problems are more widespread. However, the basic elements placing consumers at risk have not changed and continue unabated. We believe that the solutions lie in requiring industry to better manage and safeguard information already at their disposal. In addition, the current preemption of State laws must be allowed to expire so that States can act quickly to address new and emerging identity theft crimes, because thus far States have been the most responsive and effective source of solutions to this growing problem.
    Additionally, consumers must be empowered with more control over the dissemination of their personal information in order to prevent identity theft. Some of our specific recommendations are to allow consumers to obtain yearly and at no cost a copy of their credit report and credit score from the three major CRAs; prohibit CRAs from releasing consumer information unless they have made a careful matching of a minimum of four identifiers; require CRAs to notify consumers at their original address when an address change is made to their report; allow victims of identity theft to freeze their credit reports to prevent impostors from accessing any more credit in their names; penalize creditors that grant credit to a thief without following up on a fraud alert placed on a credit report; require CRAs to alert consumers free of charge when suspicious activity is observed on the report; increase penalties for furnishers that reinsert information in a consumer's credit file that already had been disputed by a consumer as inaccurate and had been previously removed; and give consumers control over the sharing of personal information among companies, including affiliates.
 Page 72       PREV PAGE       TOP OF DOC
    We urge this subcommittee to work to pass meaningful legislation that will address the elements of the FCRA and industry practices that help make the commission of these crimes possible. I have provided the subcommittee with additional recommendations in my written testimony. In our view, the improvements we suggest would go a long ways towards preventing this crime.
    I thank the chairman and members of the subcommittee for this opportunity to testify and I look forward to answering any questions.
    [The prepared statement of Janell Mayo Duncan can be found on page 109 in the appendix.]
    Mr. LATOURETTE. I thank you very much for not only your testimony, but your ability to complete it before the red light went on. Thank you very much, Ms. Duncan.
    Mr. Ansanelli, welcome and we look forward to hearing from you.
    Mr. ANSANELLI. Thank you and good afternoon.
    My name is Joseph Ansanelli and I am the CEO and founder of Vontu. We provide information security software that helps guard against the loss of customer information. I am honored to provide testimony in fighting identity theft and the role of the Fair Credit Reporting Act. I commend the subcommittee for discussing this important issue.
    My testimony draws from my experience in working with chief information security officers at some of the country's top financial services, insurance, media and retail companies. These security professionals are acutely aware of the challenges in adequately protecting consumer information.
    To begin, we believe it is important to help a consumer quickly repair his or her credit when their identity has been stolen. However, this problem will continue to grow if we do not prevent the theft of consumer data in the first place. This means making sure Social Security numbers, credit card numbers and other identifiers don't get out from those companies that have that information.
 Page 73       PREV PAGE       TOP OF DOC
    While there are many ways identity theft occurs, from a financial report taken from the trash, a credit card receipt in a restaurant, companies and government agencies are the ultimate sources for large electronic databases of consumer information. Without additional safeguards in place, millions of Americans may be victims of identity theft by the end of this decade.
    Traditionally, organizations have focused on the hacker and preventing people from breaking into their customer data systems. Many organizations now realize that another significant threat exists. With the rapid adoption of the Internet and tools such as electronic mail, consumer information can be leaked in a moment's notice by insiders. No matter how secure an organization's systems are, many employees require access to sensitive customer data, yet it is much easier for insiders to accidentally leak or maliciously steal information than it is for a thief to break in from the outside.
    As an example, in November of last year a customer service employee of Teledata Communications who had easy access to consumer credit reports, allegedly stole 30,000 customer records. That is the first step in the identity theft process. This theft cost millions of dollars in financial losses and demonstrates that even though any computer system can be hacked, it is much easier and in many cases far more damaging for information to be stolen from the inside. Last month, we conducted a survey with Harris Interactive of 500 employees and managers who had access to customer data that confirms this. Almost half of the respondents said it would be easy to take sensitive customer information from their employers's networks. Two-thirds believe that their coworkers pose the greatest risk to consumer data security, while only 10 percent said hackers were the biggest issue. In fighting identity theft, we suggest it is important to fix the problem and to look beyond external threats and recognize that insiders pose a fast-growing risk.
    Based on our experiences, I recommend the subcommittee weigh the following when considering revisions to the Fair Credit Reporting Act. First, confusion is the enemy of consumer protection. A consistent and unified national approach to our credit system will benefit consumers the most. However well intentioned a system of 50 different laws might be, it would only create confusion and paralysis that would ultimately harm consumer protection. Therefore, we believe that the preemption provisions of the Fair Credit Reporting Act are critical and should extend to any additions to help protect identity theft.
 Page 74       PREV PAGE       TOP OF DOC
    Second, we urge the subcommittee to ensure that any modifications to the FCRA encourage companies to go above and beyond any stated requirements to protect customers' data. Most companies know it is in their self-interest to protect a customer's data. However, I have had companies question whether they should go beyond base Legislative and Regulatory requirements such as GLBA for fear in doing so could potentially reveal problems that trigger punitive actions. Future legislation should encourage and protect organizations that go above and beyond any base security requirements.
    Third and most importantly, I suggest this committee develop a consumer data security standard as part of the FCRA. Ensuring a national unified and standard approach to protecting consumer information at its source will help to stop one of the main and growing sources of identity theft. Any such standard should include the following principles. First, corporate security policies should be mandated. A company security policy should be publicly available, regularly reviewed and updated, and audited and approved by its board of Directors. Second, employee education is critical. In the Harris survey I referenced earlier, almost one-third of workers and managers had not read or did not know if their company had a written customer data protection policy.
    Third, data protection and control should require best practices. Physical and network protection should use best practices for all commercially reasonable solutions. And last, companies must enforce employee compliance. Organizations should have an obligation to regularly monitor and enforce employee compliance with government regulations and their own internal security policies for the use and distribution of sensitive consumer information.
    I hope these comments will be helpful to the committee and I welcome the opportunity to answer any questions.
    Thank you.
    [The prepared statement of Joseph Ansanelli can be found on page 80 in the appendix.]
 Page 75       PREV PAGE       TOP OF DOC
    Mr. LATOURETTE. Thank you, Mr. Ansanelli.
    Mr. Lundy, thank you for being here and we would like to hear from you.
    Mr. LUNDY. Thank you, Mr. Chairman and committee members. Good afternoon.
    My name is Lee Lundy. I am Vice President, Consumer Services, for Experian. I am responsible for managing Experian's National Consumer Assistance Center in Allen, Texas.
    Of the total consumer reports that Experian issues each year, only about 1 percent results in a request by a consumer for disclosure. About half of that number results in an inquiry by a consumer relating to a dispute or a general question about a disclosure. Only a portion of this one-half of 1 percent results in an actual change to the consumer's file, which may be either a correction or an update. All of this takes place within an environment where the industry estimates that up to 30 percent of consumer contacts we receive are the result of credit-repairing inquiries where attempts are made to remove negative information, but it is accurate. These calls require investigative processes that impact our ability to address true consumer concerns. Today, I want to discuss the steps we are taking to provide the business community with ways to prevent ID theft, help consumers restore their reputation with victim assistance, and discuss solutions that will not work, specifically limiting information flows and providing free credit reports without condition.
    What works? The most effective strategy is responsibly using the free flow of information. Experian and others are making large investments in developing effective fraud prevention and detection tools based on responsible information sharing. Our national fraud database is comprised of known and verified fraudulent activity provided by businesses from across many different industries. Our customers use this database to stop fraud before it happens.
 Page 76       PREV PAGE       TOP OF DOC
    Experian's Detect service takes fraud prevention to the next level by comparing an individual's application history for anomalies that may indicate fraud. Do they work? Just an example, one company using Experian's fraud tools experienced a 55 percent decrease in fraud losses and reduced the time it took to confirm fraud records by more than two-thirds. As you can see, fraud prevention is paramount. However, in the event that victim assistance is required, Experian has been working with our counterparts for several years to develop uniform and efficient processes. Recently, we announced a one-call fraud alert program. Today, consumers who believe they are victims of fraud need only contact one credit reporting agency to add fraud alerts and receive complimentary reports from all three of the agencies. Once the consumer receives the report, Experian's consumer assistance agents are trained to personally assist the consumer by explaining the information on the report and initiating an inquiry to the creditors to resolve any inaccuracies.
    The question has been asked why it takes so long to resolve identity theft issues on a consumer's file. In some cases, the full extent of the crime may not be known for some time. Identity theft, unlike other crimes of theft, often occurs over a period of weeks or months. When a victim identifies fraudulent entries on a consumer report, we work promptly with the provider of the information to resolve the issue. So when you hear stories in the media that it took consumers months to unravel financial records affected by identity theft, it is often because elements of the crime do not fully appear until weeks or months after the criminal activity began.
    What doesn't work? Restricting data access and providing free credit reports without condition. At face value, both seem to promise greater fraud protection. In reality, they do little to protect consumers and in fact may make the fraud problem worse. Access to and responsible use of information from a broad spectrum of sources is essential to our fight against fraud and identity theft. Effective solutions demand tools that utilize complete, accurate and current information from multiple sources in order to counter consistent variations of the crime. We know that more information, not less, will reduce fraud and ID theft. Eroding the ability of businesses to obtain, share and compare information will increase the risk of fraud and ID theft.
 Page 77       PREV PAGE       TOP OF DOC
    Free credit reports upon request have been touted as a solution to the fraud problem, but actually have little impact on fraud prevention and would impair our ability to control costs and meet mandated service levels. Current FCRA provisions already provide free reports for virtually all qualifying consumers. Costs such as postage, for the average report is approximately 13 pages long, and staff are often lost when factoring in the actual cost of a free report. Cases involving security breaches from systems outside of the credit allocation stream already result in large unpredictable numbers of free report requests. Such cases impose tremendous costs on credit reporting agencies. They also result in flooding our assistance centers with calls that impact those consumers who have a more urgent service need.
    Thank you for the opportunity to address the committee. I will be happy to answer any questions you may have. I have submitted a more detailed written statement for the record.
    [The prepared statement of Lee Lundy can be found on page 134 in the appendix.]
    Mr. LATOURETTE. I thank you, Mr. Lundy, very much. I think I will begin with you.
    Obviously, as someone, and I think Mr. Sanders talked about legislation that he has drafted, and I know the legislation I have drafted with Mrs. Hooley has a provision that calls for one free credit report annually. So obviously it is disappointing to hear you opine that it actually would increase fraud activities. I think the only issue that I would take, well a couple of issues I will take with that statement.
    One is that I don't think that it is being touted as the answer to identity theft. I think it is, to take another portion of your testimony, the more information the consumer has, I think, if it is a two-way street, if we are not only asking those who grant credit to be more vigilant, there is a concurrent responsibility on the individual, the consumer to pay attention, but they can't really pay attention if they don't know what is in their credit report. I think at least from my perspective, Mr. Sanders I know can speak for himself, but from my perspective that is the idea behind it.
 Page 78       PREV PAGE       TOP OF DOC
    So the question that I would have for you is, has the industry or has your organization calculated a cost and/or the ability to comply with such a provision should that be the ultimate enactment of the Congress?
    Mr. LUNDY. Actually, I do not have those figures with me. We know that it is a tremendous impact only by what has happened in the recent past, as far as whenever we do have data stolen from within a business. We then get a very big impact as far as sending out free credit reports to consumers who really have not truly been impacted or affected by credit fraud, but only there is a fear that they may have been. It does create quite a bit of staffing issues because even with those additional calls coming in because of the literally hundreds of thousands of credit reports going out, we still are mandated to make sure that we handle all those calls within FCRA requirements.
    Mr. LATOURETTE. Ms. Duncan, as I listened to your suggestions, I pulled some off the Web site relative to freezing credit reports and also it mentions increased participation by local police agencies in taking down reports. I think you mentioned three or four other things in your testimony today.
    I am wondering if you have had a chance to review any of the legislation that has been introduced by any member of the Congress relative to fraud, and in particular I would think of Mr. Sanders's bill, I would think of Ms. Hooley's bill and any others, and whether your organization has formed an opinion as to whether they would work or are moving in the right direction, or we need to do more, or we are about there.
    Ms. DUNCAN. We do agree that any additional information that can be given to consumers is a good idea, as consumers are being asked to take control over their credit report and their financial well being. Yes, we have supported Mr. Sanders's legislation asking for a free credit report. We have been very active out in California supporting some of the laws that have come about out there. On the Federal level, we have supported other legislation that would require for the truncation of credit card numbers and quite a few others.
 Page 79       PREV PAGE       TOP OF DOC
    Mr. LATOURETTE. Okay. And I heard you take exception with Mr. Kallstrom's testimony, with Mr. Ansanelli sitting next to you. How do you feel about the preemption issue, the observation that having 50 different sets of credit regulations actually increases the opportunity for mischief? Has your organization taken a position on whether or not there should be Federal preemption in these areas?
    Ms. DUNCAN. We have supported the expiration of the preemption provisions and we do believe that States have been very active in these areas. As you can see, there has been a lot of talk about the things that can be done, but as you know, the incidence of identity theft is skyrocketing, and the methods that criminals are using to perpetrate this crime are changing over time. So we think that States are probably the most appropriate body to act very quickly when these methods change.
    Mr. LATOURETTE. Thank you.
    Ms. Hanson, that brings me to your testimony and the question of preemption. As I understood you, you said that Federated has been pretty successful about getting to know your customer. One of the things I think you cited was you got to know your customer by information that had been shared by affiliates. If States come up with different rules and regulations to restrict sharing among affiliates, do you have an opinion as to whether or not that helps or hurts the problem we are discussing here today?
    Ms. HANSON. I think it would make our job much more difficult as a retailer, to know our customer, if we have to wade through the morass of multiple States' different interpretation of laws. I think our job would become much more difficult in protecting our customers.
    Mr. LATOURETTE. And Mr. Ansanelli, when a corporation decides to go above and beyond, or an organization decides to go above and beyond, were you talking about a benefit that basically would restrict them from liability should they, sort of protecting them from the lawyers?
 Page 80       PREV PAGE       TOP OF DOC
    Mr. ANSANELLI. Exactly. I don't like necessarily the phrase, but a safe harbor which is that they are actually going to try to find problems that they discover above and beyond what the regulation says. They should not then be held liable for finding out that they had a problem that they didn't have to actually go find to begin with.
    Mr. LATOURETTE. That is an interesting idea. There is a company in my district that has nothing to do with what we are talking about, but a company in my district that disinfects things. When SARS was in the news, and it still continues to be in the news, they developed a program to disinfect the inside of airplanes. The airlines were reluctant to do it because by disinfecting the inside of the airline they might be assuming a responsibility that they don't currently have for passengers with SARS.
    Thank you all very much.
    Mr. Sanders?
    Mr. SANDERS. Thank you, Mr. Chairman.
    Before I get to identity theft, there is another issue that I would like to talk to MBNA about, and that is what some of us call the bait-and-switch process that many credit card companies are currently engaged in. Mr. Kallstrom, let me just read to you from an article that appeared in the New York Times, well, summarize an article that appeared in the New York Times on May 29.
    The essence of the article was that it appears that all over this country companies, including your company, do a bait-and-switch. You send out solicitations to people asking them to accept your credit cards at certain interest rates, and then month after month these people pay the bill that they owe you. Let's say they have a 5 percent interest rate and they pay you every month the $200 that they owe you, whatever it is. Suddenly, lo and behold, 5 months later, after having paid on time every month what they owe you, the interest rates go sky high. And when they inquire as to why that is so, and many of them, of course, do not inquire. They don't notice what has been happening. They find out that somebody will tell them, well, yes, you paid us on time, but you borrowed additional money. We are sorry somebody in your house was sick and you needed additional money, and yes, you have always paid us on time, but nonetheless we are going to double or triple your interest rates.
 Page 81       PREV PAGE       TOP OF DOC
    Please explain to me why you think this is moral acceptable behavior when somebody month after month has paid you on time what they owe you? Why do you change the rules of the game and double or triple their interest rates?
    Mr. KALLSTROM. I read that article in the New York Times also. For the record, I would say that we do not bait and switch. What we do is we assess risk and we give unsecured loans to people to better their life and to carry on or live in the world we live in today. I would not necessarily believe everything I read in the New York Times.
    Mr. SANDERS. Well, let me ask you a question.
    Mr. KALLSTROM. Let me finish my answer please. People's situations do change and we are assessing risk. There is a lot of oversight on us. There are a lot of good reasons, there are hundreds of reasons why we should assess risk.
    Mr. SANDERS. Well, let me ask. I will give you your time. Sir, the problem here, as you know, is we are limited in time. I wish we had time.
    Mr. KALLSTROM. Let me just finish the answer in 30 seconds.
    Mr. SANDERS. Yes.
    Mr. KALLSTROM. So from time to time, we do assess risk. We always pre-notify the customer as to the conditions that are going to change. We always give them the opportunity to just say no. We give them the opportunity to pay off that account at the existing rate and close their account, or keep the account open at the new rate that the risk has brought us to. That is good business practice, good ethical practice, and that is what we do.
    Mr. SANDERS. What percentage of the people that you deal with who have your credit cards do you change interest rates on?
    Mr. KALLSTROM. We are in a competitive market, sir, that changes all the time for competitive reasons.
    Mr. SANDERS. I asked you a simple question.
 Page 82       PREV PAGE       TOP OF DOC
    Mr. KALLSTROM. I do not have an exact percentage.
    Mr. SANDERS. And what percentage of the people do you think actually know? People get a lot of stuff. Among other things, they get 5 billion solicitations a year from credit card companies. What percentage of the people who you send out this information to do you think actually know?
    Mr. KALLSTROM. I believe the vast majority on that point know because we highlight it. We set it off in sharp colors. But you are right about disclosures. People don't actually know what a lot of those things say, particularly the Gramm-Leach-Bliley ones because no one can understand what they say.
    Mr. SANDERS. But I would suspect that many people who see their interest rates change, I want to get back. You say you are not into bait-and-switch, but what you are into is changing the interest rates on people even though they have paid you every single month. Now, if I do business with you and I pay my bill on time to you every month and I pay you what I owe you, why do you think you have the right to double my interest rate?
    Mr. KALLSTROM. Because we must assess risk on the portfolio.
    Mr. SANDERS. Even though I have paid you?
    Mr. KALLSTROM. And you might have gone and borrowed $50,000 from somebody else and you are not paying it back. So in this day and age we live in, we have to look at the total.
    Mr. SANDERS. In other words, what you are doing is punishing people who have paid their bills because you think they may not, even though they have always kept their word and their contract with you. I think that is wrong.
    Mr. KALLSTROM. We are giving unsecured loans, sir, and we are giving them notice that if they do not want that additional rate; in every occasion, we are giving them notice.
 Page 83       PREV PAGE       TOP OF DOC
    Mr. SANDERS. Excuse me, excuse me, sir. You have not answered me in terms of how many people do not even know that their interest rates would change, and I suspect many do not.
    Mr. KALLSTROM. I agree that the vast majority do know.
    Mr. SANDERS. You are dealing with large numbers of people. Excuse me. Even if the vast majority is true, there will be many, many thousands of people who simply every month, who assume because they pay their bills on time, do not anticipate an increase in interest rate. I will bet you that there are thousands of people who are paying you far higher interest rates than they contemplated.
    Mr. KALLSTROM. I don't know the percentage.
    Mr. SANDERS. Thank you. I have limited time. I would love to discuss the issue. I really would, but we have a limited amount of time.
    Mr. KALLSTROM. I would also.
    Mr. SANDERS. Ms. Duncan, do you have thoughts on that practice?
    Ms. DUNCAN. We agree with your concerns that there are consumers, and I read the article as well, out there who are, regardless of their payment history with the particular lender, are possibly seeing their rates skyrocket. Also, it is quite possible that that increase in rates, I mean, if you look at a consumer who has been responsible in the past, you could possibly assume that they would be responsible in the future. In making those rates go up like that, that could very well be the proverbial last straw that broke the camel's back.
    Mr. SANDERS. Right. And there are instances, as I understand it, that that practice has driven people into bankruptcy. Thank you, Ms. Duncan.
    Let me ask Mr. Lundy a question. When you discussed with the Chairman your opposition to providing consumers with free credit reports, you mentioned the cost. Obviously, there is a cost and we don't know what the cost will be. But how can you tell the consumers of this country that they are not entitled to free credit reports when just in 2002, MBNA just happened to have enough money in that year to pay their four top executives $308 million? Don't you think that maybe if they wanted to cover the cost of informing consumers all over this country what their credit reports were, maybe they could take a little bit of a cut in salary? Do you think that might be possible? Just a little bit. We don't want to put them on welfare, but $308 million for the top four execs, now, what can I say?
 Page 84       PREV PAGE       TOP OF DOC
    Mr. LUNDY. Sir, I can't discuss, of course, the salaries at MBNA. However, we are not opposed to free credit reports to consumers with conditions. We believe that all consumers knowing what is in their credit reports is very important. We do not believe that the price that we charge a consumer, which is $9 or less in some States, is prohibitive for consumers who have no conditions to actually get their credit file report.
    Mr. SANDERS. I would certainly agree with you. It is not prohibitive. But there will be a heck of a lot of people who will not pay the $9 who, if they got it for free, might learn that they were a victim of identity fraud.
    Let me get back to Mr. Kallstrom. Maybe you want to tell the people in terms of cost, what do you think about $308 million in 1 year for the top four executives?
    Mr. KALLSTROM. Well, look, I don't know exactly what their compensation was.
    Mr. SANDERS. I can give it to you.
    Mr. KALLSTROM. I can tell you that is not salary.
    Mr. SANDERS. That is total compensation.
    Mr. KALLSTROM. Like Al Lerner who you talked about earlier, who is an American patriot, who served this country in Korea, who grew up in a back room and invested capital in a small company.
    Mr. SANDERS. I am not making any disparaging remarks. Excuse me. We hear over and over again and we heard it from Mr. Lundy. I am not disparaging anybody or the patriotism of anybody. But there are a lot of Americans who are a little bit concerned, because they are going bankrupt in record numbers, about executive salaries.
    Mr. KALLSTROM. Sir, with all due respect, those are not salaries.
    Mr. SANDERS. Compensation packages is what I am talking about.
 Page 85       PREV PAGE       TOP OF DOC
    Mr. KALLSTROM. They are not salaries.
    Mr. SANDERS. I said it five times, compensation packages.
    Mr. KALLSTROM. They chose to sell some stock in the company that they built at the time, and you are taking a point in time and you are making a point.
    Mr. SANDERS. That is right. I am making a point that in 2002, your top four executives made over $308 million.
    Mr. KALLSTROM. It is not salaries.
    Mr. SANDERS. Thank you.
    Thank you, Mr. Chairman.
    Mr. LATOURETTE. I thank the gentleman very much.
    Mr. Toomey?
    Mr. TOOMEY. Thank you, Mr. Chairman.
    Mr. Kallstrom, just to follow up on this. I can't help but address this. I for one would be shocked and very concerned if you made credit decisions without taking into account the entirety of a person's credit portfolio. Just by way of clarification, with respect, for instance, to a corporate borrower, if you extend credit to a corporate borrower and that borrower were then to take on some massive new amount of debt after the fact, would the banking regulators be a bit concerned if that didn't cause you to reevaluate the loan that you had made, the terms of that loan?
    Mr. KALLSTROM. Without question, the regulators would be extremely, well, they would find our practices outside the boundaries of their guidance clearly, in both of those instances. And that is why it is important to our economy that we do not have a lot of unsecured loans out there at high risk. There is a reason why this happens. There is a good sensible reason why it happens.
    Mr. TOOMEY. Right. What I would like to focus on, I just wanted to establish that point, but I did want to focus back on the issue at hand of identity theft. Can you tell us, for your institution, and if this is in your testimony, I apologize, I did not see it though, has the cost to your bank been rising or falling with regard to incidents of identity theft and the fraud related thereto?
 Page 86       PREV PAGE       TOP OF DOC
    Mr. KALLSTROM. I think generally they have been rising. Even though we still have some of the lowest rates in the industry, they are still rising.
    Mr. TOOMEY. Do you see that as just a cost of doing business, or are you, in the face of this rising cost, and that was the way I thought you would respond, are you developing new procedures and systems for more aggressive prevention?
    Mr. KALLSTROM. We are, but as we talked about earlier, this whole thing is geometric. It involves law enforcement. It involves the credit bureaus. It involves retailers. It involves the credit industry. It involves consumers. It involves the fact that we have an epidemic of false identification in the world and in the United States, where 8-year-old kids can make driver's licenses on a laptop computer. So it involves a lot of different things.
    Mr. TOOMEY. I understand that and I acknowledge that, but it seems to me that ultimately a lot of the problem arises from financial institutions that extend credit to people who are pretending to be someone that they are not.
    Mr. KALLSTROM. Without question, that is correct.
    Mr. TOOMEY. So it seems to me that the point at which we are most likely to be successful in preventing this would be systems that defeat that attempt. Since the incidence of this fraud is rising so much, my question is what new things are you folks working on, is the industry working on that will cause that graph to turn around and have the same precipitous decline that we need to have?
    Mr. KALLSTROM. I think clearly the more information we have, the fact that we have affiliates and affiliates were created for good reason, and we can have more points of information. Our neuro-network can be a lot more effective and we can stop identity theft to a much larger degree. But there are forces outside our control that must simultaneously improve.
    Mr. TOOMEY. I am not suggesting that this is all your responsibility to solve this. I am acknowledging that there are other aspects of this problem. But for instance, does it make sense for financial institutions such as yours to have considerably more aggressive identification verification procedures when new accounts are established, or some substantive change is made in an account?
 Page 87       PREV PAGE       TOP OF DOC
    Mr. KALLSTROM. Yes, it does, sir. And we invest a lot of technology in that area. We invest a lot of human resources in that area. I would just make a point, at the point of sale, if someone comes in an presents baseline documents that are recognized in the United States as being prima facie evidence of identity, birth certificates, Social Security cards et cetera, in true name and in true address, it is very difficult to weed those types of events out. There is technology available today to stop that practice. I would encourage the Federal government to deal with that issue.
    Mr. TOOMEY. If we could just follow up on that. When people provide that, obviously it is happening that people are providing that information and it is all information about someone else.
    Mr. KALLSTROM. Right.
    Mr. TOOMEY. And then some portion of it is usually inaccurate, like an address, perhaps. What about using much more aggressive techniques to verify these things, some kind of biometric signature or some kind of verification when this person's name comes up?
    Mr. KALLSTROM. I agree, and I think our processes, our expert systems, our neuro-network, our human beings, our fraud experts, the way those situations get routed, we stop the vast majority of them. Our identity theft percentage is extremely low. But yes, we need to have biometrics. We need to have anti-counterfeiting technology put into our baseline identification documents. So I am agreeing with what you just said.
    Mr. TOOMEY. Do you have any specific biometric techniques that you think are likely to be implemented soon?
    Mr. KALLSTROM. Today in driver's licenses in the United States, there are about 20 different biometric algorithms in the licenses. There is technology available today in one black box that can identify all of those. So we could have at a point of sale a black box that could say green light-red light as to whether that identification is counterfeit. I think the other thing that helps us immensely is having many data points to check, so that someone showing up with your driver's license and your address with their picture on it, we are going to know that they are phony because we are going to check other points of reference that you cannot answer those questions.
 Page 88       PREV PAGE       TOP OF DOC
    Mr. TOOMEY. If the Chair would just allow for a wrap-up comment, I thank you for that. It just strikes me that when we hear the kind of horror stories that we are hearing and we know that the frequency of these incidents is increasing, my concern is that if the industry does not take very aggressive measures to successfully change the trend, there will be legislation which might become very onerous at some point, that may have unintended consequences. I am just strongly encouraging you.
    Mr. KALLSTROM. I agree with that. I would just simply say the industry is spending millions of dollars in this area, hundreds of millions of dollars in this area.
    Mr. TOOMEY. Okay. Thank you, Mr. Chairman.
    Mr. LATOURETTE. I thank the gentleman.
    Mr. Moore?
    Mr. MOORE. Thank you, Mr. Chairman.
    Mr. Kallstrom, in your written testimony you said, and I believe you testified this, everyone agrees it would be of enormous benefit to provide consumers with easily digestible privacy notices that include easy opt-out procedures. Is that correct, sir?
    Mr. KALLSTROM. Yes, sir.
    Mr. MOORE. Why then are the notices that we receive, every person in this country receives, from a credit card company so hard to read and so, I am a lawyer; I practiced law for 28 year and I do not read those. Why are they so complicated?
    Mr. KALLSTROM. In the 1999 Gramm-Leach-Bliley Act, the regulators did not create a model notice for the safe harbor. So all the lawyers from all the regulators, I mean good people get in a room and came up with these notices that basically talk about technical compliance, but I think they have largely left the consumers bewildered as to what they mean. They are four or five pages long. The type, you know, you get my age, it is very difficult to read. They are in legalese that virtually nobody, in my view, understands.
 Page 89       PREV PAGE       TOP OF DOC
    I think a much better solution would be to, and I would think my friend from Vermont would agree, tell consumers what their rights are in plain English on a short notice, and then give them a very simple way of opting out if they do not want to share information. That is what consumers want.
    Mr. MOORE. And you don't have a problem with opting out if they make that choice, the consumers?
    Mr. KALLSTROM. No. I think consumers should be given their choices in plain English and they should be allowed a simple methodology to opt out. We would hope that the majority would not opt out because we think some of the offers would be compelling. If you have business with us and you manage your business very well, your unsecured loan, and we have another product that we are going to price you at very competitively, we would think you would want to know that. But there will be some people that clearly will opt out and that is fine.
    Mr. MOORE. And they have that right if they choose, correct?
    Mr. KALLSTROM. Absolutely.
    Mr. MOORE. All right. Do you have any kind of form, simplified notice?
    Mr. KALLSTROM. Actually, we had a working group of people in the industry and we have come up with some examples of what these forms would look like. They have gotten wide distribution. I would be happy to attach them to my statement and leave them here for the committee. But one form is sort of modeled after a food can nutrition label.
    Mr. MOORE. Is this such a form?
    Mr. KALLSTROM. Yes.
    Mr. MOORE. Can you see it? It says ''version K.'' Would that be it?
    Mr. KALLSTROM. Yes, sir.
 Page 90       PREV PAGE       TOP OF DOC
    Mr. MOORE. Mr. Chairman, I would ask that a copy of this be received in the record.
    Mr. LATOURETTE. Without objection.
    [The following information can be found on page 210 in the appendix.]
    Mr. MOORE. Thank you.
    Are you aware of any efforts by individual State legislatures to change notice requirements? What is your opinion about that? Of what consequence is that?
    Mr. KALLSTROM. As we sit here today, sir, there 39 States considering 154 Gramm-Leach-Bliley-type related bills today. There are 46 States considering 234 FCRA-type bills today.
    Mr. MOORE. What would be the consequence as far as you are concerned for providing credit at a fair price to consumers if that were the case?
    Mr. KALLSTROM. I think clearly the balkanization of our system would have higher prices, higher interest rates. My friend from Vermont would be more exercised than he is today because things would be much higher. The European Community is trying to mimic our system over there, and we are talking about balkanizing our system. It would have dramatic negative impacts on our economy. I think it would have the most debilitating impacts on the lower rung of our economic population, who are finding their way into credit, who are getting the credit card, opening a small business with a credit card, building a credit file. Those segments of zip codes in different areas that in prior times were not issued good credit or good offers or preapproved offers, where they could pick from one or two different offers, they would be the most harmed, without question. There are economic studies that clearly point that out.
    Mr. MOORE. Would it be correct, Mr. Kallstrom, that a populated State like California or New York or some other State with a large population, by enactment of some of these provisions might in effect control what happens in a lot of other States?
 Page 91       PREV PAGE       TOP OF DOC
    Mr. KALLSTROM. I think there will be standards, congressman, in these areas. The question is, will they be standards set here in Washington that benefit the entire country, or will they be California standards that become the de facto national standard. I think that would be a sad day for business and for our economy, and would not help our country, would not help the lower quadrant of the FICO-scored people that are clawing their way up into the middle class. It would have a negative impact on small business and it is not the right thing to do for the good of this country.
    Mr. MOORE. You say it would hurt the economy. How so?
    Mr. KALLSTROM. I think it would have a dramatic impact on credit. It would close out that community I talked about. It would have an impact on our GNP. It would have an impact on consumer spending. Rates would be higher. Clearly, rates would be higher and there would be less credit available.
    Mr. MOORE. I am concerned about opening up GLB and the problems that could present from the standpoint of building bipartisan support for FCRA. I am also concerned that my constituents could get something far worse if GLB is opened up again and something happens there. Do you have any of these concerns?
    Mr. KALLSTROM. We certainly have concerns. We think, though, that when you talk about the whole issue of privacy, the majority of people in focus groups talk about identity theft. They talk about issues of simplicity of notice. We think the way to go here is to give people plain English notice and to give them an easy methodology to opt out. If they want to restrict the information at businesses, that is what they should do. I think by the government doing nothing in that area and allowing the States to muck around and balkanize this whole area, we are going to end up with national standards, but they are not going to be Federal standards. And States are not going to spend the money to cookie-cutter a little different version of a standard in 50 different States. They are going to go with probably the California standard, the most restrictive, and we are going to let Sacramento decide what the Federal policy is going to be, as opposed to the Federal government.
 Page 92       PREV PAGE       TOP OF DOC
    Mr. MOORE. Thank you, sir.
    Ms. DUNCAN. I would like to respond.
    Mr. MOORE. I would like to hear your response. Mr. Chairman, is that okay?
    Mr. LATOURETTE. Sure.
    Ms. DUNCAN. From the perspective of opting out, the Gramm-Leach-Bliley notices only informs people of their rights, but for the most part consumers are only allowed to opt out of third party sharing. I would be very surprised if what Mr. Kallstrom is referring to in being in favor of allowing consumers to opt out would be extended to letting them opt out of the sharing of their information between affiliates. That is something that I think consumers should have more power over, the sharing of their personal information. If they share it with an entity for one purpose, it should not be able to be used unauthorized for other purposes.
    Mr. MOORE. Okay. Would you agree, though, with the general statement that any solution should help consumers make more informed decisions about information sharing and that everyone agrees it would be of enormous benefit to provide consumer easily digestible privacy notices that include easy opt-out procedures. Would you agree with that generally?
    Ms. DUNCAN. More comprehensible is always better. Easier is always better. Meaningful is more important. What I am trying to convey is that these notices, the rights are not meaningful so the notices are not meaningful because it is not giving consumers the ability to opt out of sharing between joint marketing partners and affiliates.
    Mr. KALLSTROM. They are not meaningful because they are not understood.
    Ms. DUNCAN. And they are not meaningful in that what is being conveyed are not true rights, but just a notice of how we are going to use your information regardless of whether you like it or not.
 Page 93       PREV PAGE       TOP OF DOC
    Mr. MOORE. Have you seen the proposed sample simple notice?
    Ms. DUNCAN. I have heard about it. I have not seen it yet. My concern also is that regardless of simplicity, which is important, what is more important is to have the rights be meaningful.
    Mr. MOORE. If they are following the law, is that sufficient? My question is, if they are following the law, is that a good thing? And if it is understandable to the consumer?
    Ms. DUNCAN. The consumers in California have been polled and show that they do not believe they are being given enough rights under the current law.
    Mr. MOORE. That is not the question. The question is, if whoever the provider of credit is tells them what the law is and tells them what their rights are in an understandable fashion, is that something that is good?
    Ms. DUNCAN. To follow the law is good, yes.
    Mr. MOORE. And advise them in simple language what the law is and what their rights are, is that good as well?
    Ms. DUNCAN. Or course. That is certainly always a positive thing.
    Mr. MOORE. Thank you.
    Mr. LATOURETTE. I thank the gentleman.
    Mr. Tiberi?
    Mr. TIBERI. Thank you, Mr. Chairman.
    I would like to submit for the record an editorial that was in The Hill publication today.
    Mr. LATOURETTE. Without objection.
    [The following information can be found on page 212 in the appendix.]
 Page 94       PREV PAGE       TOP OF DOC
    Mr. TIBERI. Thank you, Mr. Chairman.
    Mr. Kallstrom, I am going to continue along the lines of questioning that Mr. Sanders started and Mr. Moore continued. Are you familiar with the legislation that was introduced by myself and Mr. Lucas dealing with national uniform privacy standards?
    Mr. KALLSTROM. I am, sir.
    Mr. TIBERI. Good. You had in answering a question that Mr. Sanders had asked you, you started down the road of explaining how privacy notices were complicated and confusing to consumers under Gramm-Leach-Bliley. You did not finish. Can you expand on that?
    Mr. KALLSTROM. Yes, I think the Gramm-Leach-Bliley notices, because there was not a simple model notice created, the lawyers, which they should do to protect everybody, created this monster of a notice that virtually nobody can understand. Even some lawyers can't understand it. So it is no question that there is a lot of consternation. There are a lot of people that think these things are created by the companies and on purpose so people cannot understand their rights. Nothing could be further from the truth. Those notices are created by Gramm-Leach-Bliley and the regulators getting together and creating this five-page notice that is written in type that you can barely read.
    So it does not surprise us that people have all this consternation about what their rights are. We think one solution, a simple solution is to give them a plain English version. Not a version, we would always make available the long notice so they could if they wanted to get a master's degree in law, they could figure out what it means.
    Mr. TIBERI. You mentioned 30 States have legislation introduced that deal with this issue.
    Mr. KALLSTROM. Thirty-nine States.
    Mr. TIBERI. Thirty-nine States. What happens on this particular issue if States begin passing their legislation?
 Page 95       PREV PAGE       TOP OF DOC
    Mr. KALLSTROM. What you end up getting is you get different versions of the same thing, with separate notices that say basically the same thing, but they are different. We have a bill in California now, SB-1, that has a separate notice that probably ends up saying virtually the same thing, but it says it in California language. The cost of sending out multiple notices would be more confusing, not less confusing. So we think the solution is to settle on some plain simple language on a simple meaningful way of opting out very easy. You call an 800 number. You fill out this thing, just like changing your address, and you opt out. And to her point, we give them real choices of what the law is to opt out of. We think that is the solution.
    At the same time, make some fixes for identity theft, which we talked about for hours all the different things that can be done to make that more effective. I think that is what is on the minds of consumers.
    Mr. TIBERI. I want to get to identity theft, but before we go there expand upon your comments with respect to the current relationship between Gramm-Leach-Bliley and FCRA as it applies to State laws on affiliate sharing.
    Mr. KALLSTROM. Yes, we think that FCRA is the rule on affiliate sharing and governs affiliate sharing. Let's remember, we created affiliates and we let companies have affiliates for a couple of reasons. First reason probably, to better manage risk; to get parts of the company, and in our company we have five affiliates. One of them is a technology or data processing company. We have to share information with them or else they could not process the information. So we can look at these things and put all those entities that we really deal with risk in one place.
    Of course, we created these affiliates so that people with good credit, even people with marginal credit, could get better offers for other products. That was the whole idea, the idea of a rising tide raising all ships in the harbor; that if you did business with company X in one particular line, now you needed a home equity loan or you needed some other product, they had the benefit of having advantages of your ability to manage debt and they could take that good record that hopefully you had and they could apply it to good costing, good interest rates over here so that people could emerge and have success in the American dream. It was done for those reasons. It was not done for any dastardly reason that people would paint it as today.
 Page 96       PREV PAGE       TOP OF DOC
    Mr. TIBERI. Final question, each State has a different criminal background check system. How, in your mind, does the reporting of that information, without a national uniform standard, impact your customers and your employees?
    Mr. KALLSTROM. Well, it is complicating. I don't mean to get involved in 9-11, my other job I have, but this business of connecting the dots is always universally more difficult when you have stovepipe information, when you have information that is not easily accessible or quickly accessible. So for the reasons that we can have a good credit system that is national, we can therefore have the benefit of it. People have got to remember, it was not that long ago you waited five weeks to get a mortgage. It wasn't that long ago that if you wanted cash, you had to go to your bank and write a check. You didn't go to an ATM. There was no such thing. And if you drove from Vermont to Florida, that credit didn't necessarily follow you. You had to start all over again. So the American public, with all the problems we have here, and identity theft is a huge problem, but we think it is fixable. With all the problems we have, we have the best system in the world.
    Mr. TIBERI. Thank you.
    Ms. HANSON. Could I add a comment on the subject of GLB and Mr. Kallstrom's testimony on that?
    Mr. LATOURETTE. Sure.
    Ms. HANSON. Just generally speaking, all good discussion, good ideas. I think everybody is generally in agreement that it is a complicated notice, hard to understand for our customers, but the FCRA and the issue that is at hand is of such high priority to us. I share your concern that introducing another subject at this point will just complicate an already complicated subject. We are very concerned about that.
    Mr. LATOURETTE. I thank you.
    Mr. KALLSTROM. Let me add, extending FCRA is our number one priority, clearly, too, but we would be less than honest if we did not talk about a companion issue that is interwoven with FCRA. The devil is going to pay its due here in the future if we balkanize the other half of the system.
 Page 97       PREV PAGE       TOP OF DOC
    Mr. LATOURETTE. Okay. I thank you, Mr. Tiberi, and the six of you. I thank you very much.
    Mr. SANDERS. Are we letting them off so easily?
    Mr. LATOURETTE. Well, we have been here a long time, Mr. Sanders.
    Mr. SANDERS. I know that Mr. Kallstrom wants more questions.
    Mr. LATOURETTE. Maybe you and Mr. Kallstrom can talk in the hallway a little bit.
    Mr. SANDERS. Do you have a few more minutes or do you want to close it?
    Mr. LATOURETTE. I really was going to close it up. If you have a couple of questions you want to ask, I am happy to yield.
    Mr. SANDERS. If you would.
    Mr. LATOURETTE. Sure.
    Mr. SANDERS. Okay.
    Just a few points for the record, picking up on Mr. Moore's question, the first point that we have to deal with when we talk about preemption and States's rights, we live in a Federalist society. We have local government, State government and Federal government. In fact, if we really want a very simple effective system, we could have a dictator sitting a few blocks away from here, wipe out State government, everything would be nice and simple. Very few of us want to live in that society.
    We live in a society where different States have different regulations for how fast you can drive your car and a dozen other things. We call that American democracy. That is what we call it. Does it cause problems sometimes? Yes, it does. But the other side of that is that sometimes somewhere in California or in Vermont or in New Hampshire, some attorney general or some member of the legislature or some governor comes up with a great idea and it works in that State, and other States steal that idea and eventually it filters here to Washington, D.C. and it becomes the law of the land. Many of my conservative friends say that all the time. They say States are the laboratories of democracy. My friend is nodding his head in agreement.
 Page 98       PREV PAGE       TOP OF DOC
    So some of us get a little bit confused when our conservative friends on Tuesdays or Wednesdays tell us they want the big bad Federal government, which they knock on Mondays and Fridays as terrible, to limit the ability of States to protect consumers. That is one point.
    Second point, just for the record, I think Mr. Kallstrom if my memory is correct you indicated that if we have States moving in different directions, their interest rates might be higher. Did you say that? I think you said that.
    Mr. KALLSTROM. I think the impact would be that there would be more costs in the system. Clearly, that is the case.
    Mr. SANDERS. Well, let me tell you what the case is. As a result of the 1996 Fair Credit Reporting Act amendments, they exempted stronger consumer protection statutes in California, Massachusetts and Vermont from preemption. So we still have those laws. What we have seen in those three States is very low bankruptcy rates. In fact, Vermont now has the lowest rate of consumer bankruptcies in the country. And also in terms of mortgage rates, the most recent data indicates that the State of California has the lowest effective rate of a conventional mortgage in the nation, and Vermont and Massachusetts are well below the median. Those are States that have the rights, and you were suggesting this would be a terrible thing, but those States have done okay.
    The last question that I would ask is you suggested, Mr. Kallstrom, that that legalese, and I certainly agree with you that you have very complicated language that was developed by lawyers, but those were developed by your lawyers, the industry's lawyers.
    Mr. KALLSTROM. The regulators, sir.
    Mr. SANDERS. Well, then you will have to tell me why it is that credit unions operating under the same law have much simpler language.
    Mr. KALLSTROM. I can't answer that question. I don't know the answer to that. Logically, I am told, and I stand to be corrected, that the bulk of the work was done by lawyers representing the seven different regulators. I am sure there was input from the industry. Clearly, I am sure there was. The bottom line is they are not understandable.
 Page 99       PREV PAGE       TOP OF DOC
    Mr. SANDERS. Right. We certainly agree on that, and to the best of my knowledge credit unions operating under the same law and the same regulations have easily understood language. You might want to look into that, sir.
    Mr. KALLSTROM. I will look that up.
    Mr. SANDERS. Okay. Thank you.
    Thank you, Mr. Chairman.
    Mr. LATOURETTE. I thank the gentleman very much. I would just editorially comment that some of us on our side sometimes wonder why members of your party are champions for the Federal government on Monday, Wednesday and Friday and champions for States's rights on Tuesday and Thursday.
    Mr. SANDERS. I am an Independent, so my party is always consistent. They always do what I say.
    Mr. LATOURETTE. I thank the gentleman very much.
    The chair would note that some members, like Mr. Sanders or others, may have additional questions for the panel which they would like to submit in writing. Without objection, the hearing record will remain open for 30 days for members to submit written questions to these witnesses and to place their responses in the record. Again, it has been a lengthy hearing. We thank you for your patience and we thank you for your participation.
    The hearing is adjourned.
    [Whereupon, at 2:38 p.m., the subcommittee was adjourned.]