Skip banner
HomeHow Do I?Site MapHelp
Return To Search FormFOCUS
Search Terms: personal w/5 information w/5 privacy, House or Senate or Joint

Document ListExpanded ListKWICFULL format currently displayed

Previous Document Document 27 of 261. Next Document

More Like This
Copyright 2000 Federal News Service, Inc.  
Federal News Service

September 13, 2000, Wednesday

SECTION: CAPITOL HILL HEARING

LENGTH: 36265 words

HEADLINE: HEARING OF THE HOUSE BANKING AND FINANCIAL SERVICES COMMITTEE
 
SUBJECT: IDENTITY THEFT
 
CHAIRED BY: REPRESENTATIVE JAMES LEACH (R-IA)
 
LOCATION: 2128 RAYBURN HOUSE OFFICE BUILDING, WASHINGTON, D.C.

WITNESSES:
 
BETSY BRODER, ASSISTANT DIRECTOR, DIVISION OF PLANNING AND INFORMATION, FEDERAL TRADE COMMISSION;
 
BRUCE TOWNSEND, SPECIAL AGENT IN CHARGE, FINANCIAL CRIMES DIVISION, U.S. SECRET SERVICE;
 
ROBERT DOUGLAS, CEO, AMERICAN PRIVACY CONSULTANTS;
 
SHON BOULDEN, IDENTITY THEFT VICTIM;
 
STUART PRATT, VICE PRESIDENT, ASSOCIATED CREDIT BUREAUS;
 
RONALD PLESSER, COORDINATOR, INDIVIDUAL REFERENCE SERVICES GROUP;
 
JANINE BENNER, CONSUMER ASSOCIATE, CALIFORNIA PUBLIC INTEREST RESEARCH GROUP;
 


BODY:
REP. JAMES LEACH (R-IA): The committee will come to order.

The committee meets this morning to examine the threat to financial services consumers from persons using illegal means to obtain private bank account balances and other financial information, of persons to consider the merits of a particular legislative proposal to combat identity theft put forward by two respected members of this committee.

At the dawn of the 21st century, America's financial privacy -- indeed, the very financial identities -- are at risk as never before. Whether the threat involves cyber intrusions of large corporate databases by hackers seeking to download credit card numbers or other account information, or less technology sophisticated techniques such a dumpster diving to retrieve credit card receipts or bank statements, or the most confidential pieces of a consumer's financial profile appear to be easily available for the growing number of financial scam artists. The Federal Trade Commission, which will testify later this morning, reports that calls since the recently established identify theft hotline are now averaging over a thousand a month, one of several indications that the identity theft problem is fast reaching epidemic proportions. In such an environment, the importance of vigilance by financial services providers and their customers in deterring and detecting unauthorized access to confidential financial data cannot be overemphasized.

Complicating the job of the FTC and other enforcement agencies is increasingly international character of identify theft, underscored by several recent episodes of intrusions into U.S. corporate databases by hackers operating in Eastern Europe and elsewhere around the world.

Secret Service, which is also represented in today's hearing, testified before the committee several years ago about the growing presence in this country of organized criminal groups, many with Russian or Nigerian origins, that have engaged in large scale identity theft schemes targeting United States citizens.

What steps are being taken to protect consumers from these crimes which reek havoc on individual credit rating and result in a profound sense of violations of those who are its victims. Is there a need for additional laws or a matter of stronger law enforcement of existing laws? These are among the questions the committee has before it.

This is the latest in the series of hearings the committee has held on this issue of financial fraud and identity in this and prior congresses. In 1998, the committee was the first to focus congressional and public attention on the problem of "pretext calling," a practice closely related to identify theft that involves the use of false and deceptive methods to obtain personal financial information.

We welcome back before the committee today one of the witnesses at that earlier hearing, Robert Douglas, a private citizen in Alexandria, Virginia who was instrumental in first making the committee aware of the threat to financial privacy posed by practitioners of pretext calling.

Prompted in large part by the information shared by Mr. Douglas and other witnesses of the committee's '98 hearing, I introduced legislation making it a federal crime to obtain, or attempt to obtain, consumer information of a financial institution by false pretenses, such as by misrepresenting the identity of the person requesting the information, or otherwise tricking an institution or its consumer into making unwitting disclosures of such information. These provisions were incorporated in last year's Gramm-Leach-Bliley Financial Modernization legislation, and went into effect upon the signing of that law on November 12, 1999.

In the 10 months since, the committee's received sporadic reports that since passage federal regulators have not paid adequate heed to the strictures of the legislation. To determine in an unscientific way whether it remains possible to find someone willing to break the law to obtain private financial information of an individual, an informal survey was conducted by committee's staff over the recently concluded August recess assisted by Mr. Douglas.

Staff identified and contacted businesses advertising their ability to locate bank accounts, determine bank account balances, and find other financial assets assumed by most consumers to be confidential. Subjects were selected at random based upon searches of Internet, telephone book, Yellow Pages, and classified advertisements and legal trade journals.

Posing as a potential customer, a member of the committee staff, Ms. Alison (sp) Watson, placed a series of calls in which she purported to be someone whose live-in boyfriend had recently disappeared, cleaning out their joint bank account and absconding with other assets in the process. The staff member asked each firm whether it could assist her in locating her ex-boyfriend and any bank accounts in which he might have placed the funds removed from their joint account.

Of 26 calls placed in an uninterrupted 3-hour period, 11 were completed. Of the 11 companies reached, every one of them confirmed their ability and their willingness, for a fee, to obtain bank account and other financial information. Put another way, three hours of calling to randomly selected vendors yielded the names of 11 firms willing, and in all cases eager to sell bank account information on a private citizen with few, if any, questions asked. Although 2 of the 11 firms made vague references to privacy laws that they said would complicate their efforts to locate assets, none mentioned the existence of statutory prohibitions on the services they were offering to provide.

Based upon this survey, it appears that the fraudulent practices first highlighted by the committee in mid-1998 are continuing largely unabated.

In short, bank account information and other aspects of consumers financial profiles apparently remain freely available to anybody willing to pay for them.

What we have are outfits unafraid to break the law; in fact, even continuing to advertise their law-breaking talents. The victims are those individuals whose account information is obtained, but it is also our civil society that is based upon trust and respect for the privacy of one another. While no money may instantly be changing hands, and no one's life is immediately at risk from gun-toting thieves, these are cases of robbery of bank information and potentially of bank accounts.

For many Americans, account information may be almost as valuable as their actual balance, and the impact of knowing that our private financial records are so readily available is frightening. Law enforcement agencies need to take these crimes more seriously. Mr. Douglas will expand on the survey later doing his testimony.

Our first witness this morning will be two distinguished members of the committee, Ms. Hooley and Mr. LaTourette, who are the primary sponsors of H.R. 4311, the Identity Theft Prevention Act of 2000. This legislation, co-sponsored by 37 other members of the House, reflects a very thoughtful approach to the identity theft problem, and deserve serious consideration by this committee.

We will hear later from several witnesses with different perspectives in some of the bill's specific provisions. But I want at the outset to commend Ms. Hooley and Mr. LaTourette for their work in developing this very important piece of pro-consumer legislation.

At this point, let me ask Mr. Sherman if he has any opening comments.

REP. BRAD SHERMAN (D-CA): Thank you, Mr. Chairman. Thank you for holding these hearings on an important matter. Several constituents of mine have had problems with identify theft. We need not only strict criminal laws; we also need perhaps some national clearing agency so that a person can identify themselves as potentially a victim of identity theft, and make it at least more difficult for those stealing their identity to in effect steal thousands and tens of thousands of dollars from the lenders that they're then approaching and trying to bilk or make the withdrawals from bank accounts.

I'd like, without objection, to place in the record a report by the Federal Trade Commission issued just last month, August 22nd, titled Information on Identity Theft for Consumers in California, November 1999 through July 2000, where the FTC indicates that just it -- and frankly, it is not the first agency I would have thought of -- has had over 2,700 contacts from California in a one-year period about identity theft; 62 percent of those were complaining that their identify had been the subject of such theft.

I'd also like to place in the record the suggestions of Sheriff Lee Bacca (sp) of Los Angeles County giving consumer tips as to how to avoid being victims of such identity theft.

REP. LEACH: If the gentleman will yield. Without objection, both of those will be placed in the record.

REP. SHERMAN: Thank you, Mr. Chairman.

I have a friend, who I'll identify only as Karen, who has been pushed through the ringer on this. And without objection, I'd like permission to add to the record a statement that she might provide, Mr. Chairman.

How many days is traditional to submit additional material?

REP. LEACH: Usually several, but we'll do our best.

REP. SHERMAN: Okay. Whatever number of days we have.

REP. LEACH: And without objection, the statement of Ms. Karen will be placed in the record if it's presented on a timely basis.

REP. SHERMAN: Thank you.

So I want to compliment those who will be making presentations to us, and who have taken the time to draft legislation in this area. This is not only loss money and loss sense of security for those who are victims of identity theft; it is a tremendous drain on their time and also a drain on our business and banking system which is bilked into making loans to people who are not who they say they are, or allowing the withdrawal of funds from a bank by a person who is not the depositor.

Thank you, Mr. Chairman.

REP. LEACH: Thank you very much, Mr. Sherman.

At this point, the committee would welcome Ms. Hooley and Mr. LaTourette. And we thank you for the bill that you've presented to us. And we thank you for your long and thoughtful service to this committee in general.

Shall we begin with you, Ms. Hooley?

REP. DARLENE HOOLEY (D-OR): Mr. Chair, either one is fine.

REP. LEACH: Fine.

REP. HOOLEY: First of all, I would like to thank you for your willingness to hold this meeting, and I'd like to thank you for all the work you've done in this area, both on making it a criminal act and for your pretext calling. Those are both really important pieces of this issue. So thank you for doing that.

Mr. LaTourette and I introduce this bill because identity theft occurs when someone uses your name, social security number, mother's maiden name, or any personal identifiable information to purchase goods or services. While credit issuers have been willing to refund fraudulent charges, victims are still faced with problems of ruined or destroyed credit, the time commitment of redeeming their name with multiple credit bureaus and credit issuers, and the fear and anxiety associated with knowing that someone is using all of their personal information to charge any manner of goods.

As a result of identity theft, victims have been turned down for jobs, turned down for mortgages, and other important extensions of credit. Identity theft is becoming a growing concern for millions of Americans.

Now, this is an equal opportunity crime with victims of all ages, incomes and races. Regardless, the effects can be devastating on the victim.

Take for example, Shon Boulden from Hillsboro, Oregon, who you will be hearing from today. Shon has dozens of accounts opened under his social security number. As a result, Shon has spent countless hours battling to clear up his good name. Now at the age of 23, Shon is unable to get the kind of credit a young person needs to start off in life, including credit card loans, business loans, or student loans.

While the consequences can be dire for the young, this crime can be devastating to the elderly who are especially vulnerable. A few months ago, I spoke to a constituent whose 96-year-old mother had her checks, credit cards, and drivers license stolen. Now, I was surprised she still had a drivers license at 96. With her drivers license and account number, the thieves were able to cash multiple checks in her name.

She and her son along with her bank investigated this issue, and they opened up a new account for her. But it didn't end there. Even though she canceled her credit card, the thieves were able to transfer $12,000 from her Visa card to a bank in Ann Arbor, Michigan. Now, I should note that this woman has never been to Ann Arbor, nor has she ever had anything close to that kind of a balance on her card.

This constituent was lucky enough to have a son to help her navigate through the maze of opening and closing accounts, dealing with banks and credit card companies and credit bureaus. But many elderly people don't have children near by. They're in poor health, financially unstable. Therefore, these crimes don't just aggravate; they cause tremendous fear. People fear not only the criminals, but the harassing phone calls and threatening letters from collection agencies.

And introducing the Identity Theft Protection Act we are asking credit issuers and credit reporters to do their part in making sure that credit is extended to the right person. And in the case of fraud, we are asking for procedures to be put in place to assure the consumers can clear up their good names quickly.

For instance, the legislation requires that any time a creditor receives a change of address form, the creditor sends back the confirmation to both the old and new address. That way, if a thief attempts to change a victim's address, the victim will know about it-- a very simple but important piece of prevention. It asks credit bureaus to investigate discrepancies in the names and addresses they have on found with names and addresses provided by a credit issuer.

H.R. 4311 codifies a process of placing fraud alerts on consumer credit files and allows the consumer to require verification before credit is extended. This bill gives the FTC the authority to impose fines against credit issuers that ignore that fraud alert.

This legislation also gives consumers more access to the personal information collected about them, which is a critical tool in combatting identity theft by requiring that every consumer that asks for it across the nation have access to one free credit report annually.

This bill restricts the sale of social security numbers by credit bureaus. Increasingly, the social security number is becoming a national identity and the key to identity theft. I want to reiterate that I fully understand that in most cases of identity theft the victims recoup most of their financial losses. And I applaud the credit issuers for now further punishing victims. However, I believe that credit issuers and credit bureaus must recognize the problem this creates for consumers.

The son of the 96-year-old victim told me that his mother's bank just didn't see to care, as they thought, she didn't lose money, so she shouldn't be upset.

Well, Mr. Chairman, I don't see it that way. In closing, our bill has common sense reforms; it asks credit bureaus to honor fraud alerts; forces credit issuers to observe those alerts; gives customers a notice when their billing addresses are changed; and asks credit bureaus to at least look into discrepancies. In my mind, this is the least we can ask of those companies, who profit in extending credit and trading in on our credit histories, to do to protect us. Thank you.

REP. LEACH: Well, thank you very much, Ms. Hooley.

Mr. LaTourette.

REP. STEVEN LaTOURETTE (R-OH): Thank you very much, Mr. Chairman. And I want to thank you for conducting this hearing, and for your continued efforts in finding ways to protect the consumers in this country on this very important issue. I also want to congratulate my colleague, Darlene Hooley from Oregon. This bill is affectionately known by the acronym the HOOLA (sp) bill in our two offices, and that was why it immediately became attractive to us.

I thought I would, by way of illustration, share with the committee a story as to how I became intimately involved with the issue of identity theft.

Last year, a couple from my home town, Ray and Maureen Mitchell, came into my district office. And I have a special affection for the Mitchells because when I was first running in 1974, their son who goes to Madison High School with my daughter Sarah was the only boy who would show up to be in my television commercials. So the Mitchells have been long time favorites of mine.

They told me a numbing story of how they became involved in identity theft, and how they have been involved now in identity theft. There are a half a million people a year out there just like them, the victims of crime, their lives that go unreported, and widely misunderstood.

In many ways, being the victim of crime can be far more devastating than being a victim of a typical crime. Once you are exposed to this crime, you never feel totally safe. As a matter of fact, now the Mitchells drive around with a signed affidavit in their car, fearing that when they make a purchase they will be confused for the bogus Mitchells, and this isn't a way for innocent people to live.

The Mitchells' daughter just graduated from high school this year, and like a lot of parents, they wanted to buy her car. They purchased the car with cash, however, because they were afraid they couldn't get a loan as a result of their once perfect credit now being shattered.

It started about a year ago. The Mitchells' bank noticed $2,100 worth of unusual charges on their credit card, and it's been down hill ever since. The thieves used the Mitchells' personal information to open new credit cards, buy cell phones, take out two huge personal loans, and purchase not one, but two $40,000 SUVs. Now, one was a Ford Expedition -- they're probably having some problems with their tires there -- and the other was a Lincoln Navigator. All told, Ray and Maureen has been victimized to the tune of $110,000. The Secret Service is involved, the postal inspector's involved, the Illinois authorities are involved.

But last November 19th, Mr. Chairman, three days after the fraud alerts were placed on their credit report, a man went into three different Chicago banks, and in a two-hour period applied for $45,000 worth of personal loans in Ray Mitchell's name. Each time the bogus Ray Mitchell presented a valid Illinois drivers license and Illinois state identification card, and all of the real Ray Mitchell's personal information.

The Mitchells never engaged in so-called risky behavior, or behavior that is, quite frankly, typical for millions of American families. They didn't put shopping receipts and pre-approved credit card offers in the trash. They didn't buy things on line. They didn't do catalog shopping or pay for credit card purchases over the telephone. There was no stolen wallet or credit cards. Still someone was able to re-create Ray Mitchell's identity with ease. Because the Mitchells had a history of always paying their bills on time and had a blemish free credit report, they were a perfect target.

The good news, Mr. Chairman, is the guy that applied for the loans was arrested the same afternoon. Police arrested him as he tried to leave Bank One in Chicago after securing a $15,000 loan. He had $5,000 in cash and $10,000 in bank checks payable to Raymond Mitchell. The bad news is that the judge freed him two days later on a personal recognizance bond, even though he has a criminal record dating back to 1977 and has used 17 different aliases.

Suffice it to say that the guys not shaking in his boots. When he was arrested he told the detective, "I didn't use a gun. I didn't use a knife. Call my lawyer, and I will plead guilty. And they will put me on probation."

The Mitchells are angry, Mr. Chairman. They agree with the purposes of this bill. They were red flagged. It should have been noticed by someone, like the 30 inquiries in the Mitchells' credit card report in just 60 days, or the numerous change of address request. Almost every other day the bogus Ray Mitchell was applying for car loans and personal loans. The Mitchells haven't had that much activity on their credit report in two decades. They average just 1.5 inquiries on their credit report per year.

It's disheartening to me that this legislation is opposed by some folks. I understand that it may increase some cost, and it may require more paperwork. But the Mitchells, and people who find themselves like the Mitchells, deserve the attention and the protection of this Congress. And I would just ask unanimous consent to include the rest of my statement in the record so you can move on with your hearing.

REP. LEACH: Well, without objection. And let me thank both of you for your very thoughtful testimony, more importantly for re- alerting the committee again to a very profound area of concern.

We just have one or two minutes for a vote. Does anyone seek to ask our witnesses any questions?

If not, I'd like to recess the committee, pending the votes on the floor. The committee's in recess.

(Recess.)

REP. LEACH: The committee will reconvene.

Our second panel is represented by Ms. Betsy Broder, who's the assistant director of the Division of Planning and Information in the Federal Trade Commission, and Mr. Bruce Townsend, who's special agent in charge of the National Crimes Division of the United States Secret Service.

We'll begin with you, Ms. Broder, unless you have a differing agreement.

MS. BRODER: No, that's fine.

REP. LEACH: If I could ask you to hold for a second. If you put the microphone very up close, I think it's an easier way you'll find to speak, and you don't strain as much.

MS. BRODER: Thank you. As you said, my name is Betsy Broder, and I assistant director for Planning and Information at the Federal Trade Commission's Bureau of Consumer Protection. I'm very pleased to have the opportunity this morning to present the commission's testimony describing our efforts to help victims, alert industry, and equip law enforcement to deal with this pernicious crime of identity theft.

I'd like first to discuss the measures that the commission has taken to meet the goals of the Identity Theft Assumption and Deterrence Act of 1998, and then describe what we see as the challenges of the future.

The FTC has launched a comprehensive response to ID fraud. Under the '98 act, the agency was charged with establishing a central repository for identity theft complaints, to refer appropriate complaints to law enforcement and private sector entities, and to provide support for identity theft victims. This is how we've met these goals.

We've established a toll free hotline, 877-IDTheft for consumers to call and report incidents of identity theft. Callers who call our toll free line are connected to specially trained telephone counselors, one of whom actually was Ms. Mitchell, referred to earlier by LaTourette. These counselors provide information to assist the consumers who find themselves to be victims of identity theft. Our approach is to give consumers the information that's necessary to help them resolve problems typically associated with identity theft.

While we receive many calls from victims, about 40 percent of our callers are people seeking information to try to prevent this type of crime. Some of these people find themselves especially vulnerable to identity theft perhaps because they've had their wallet stolen, and they want to find out what they can do to prevent identity theft from happening to them.

With these callers, we provide practical tips on identity theft prevention, including ways to protect the type of personal financial information that's frequently exploited by identity crooks. We also refer these callers to our consumer education publication.

Our toll free number has been up less than a year. We set it up in November of '99, and so far we've answered almost 30,000 calls. Our call volume has tripled in the last six months, and we believe that this steep growth will continue. We now receive about 1,000 calls a week to our hotline. When we first set this up, we were receiving 100 calls a week. We're now up to 1,000 calls every week.

Consumer education is a key component of our efforts. Our publication, which I show you here -- ID Theft: When Bad Things Happen to Your Good Name -- has been a tremendous hit and an asset to consumers. We've distributed more than 100,000 copies of this publication. The Social Security Administration itself has printed and distributed over 140,000 copies. And about an equal number have been accessed through our identity theft website. The website links the state statutes, publications and other information that assist consumers and law enforcement, and it has received about 160,000 visits.

Finally, we're using the --

REP. LEACH: If the gentle lady would yield for a second.

With regard to your publication, we're going to put that on our website as well. And I think it's a very appropriate one. And I want to congratulate you on putting it together.

MS. BRODER: Thank you, sir. In fact, it's been an enormously successful campaign. And we know that if we can give some of this information to consumers, they may not be able to prevent consumer ID theft, but they can limit their exposure.

I talked earlier about our hotline, what we do with the people who call in. Well, we provide assistance, but we also get information from them. We use the complaint information provided by these victims to help law enforcement efforts. We enter consumers' complaints into our ID theft data clearinghouse. This clearinghouse is part of our larger consumer fraud network called Consumer Sentinel, which is used currently by more than 260 law enforcement agencies around this country and Canada.

Using a password and special security software, law enforcers use their desktop PC to access Sentinel and through the identity theft clearinghouse. They search for identity theft perpetrators and victims in their backyard, and they're able to uncover trends through this collection of data that wouldn't be apparent by looking at individual complaints.

We're also developing ways, in accordance with the act, to provide limited and appropriate access to financial institutions and the three national consumer reporting agencies to allow them to track complaints and trends related to themselves.

I would just add, we receive complaint data from consumers themselves, but we are also receiving data from other agencies and entities to add to our database. Just today, we're receiving complaint data from the Social Security Administration, representing the last two weeks of complaints that they have to include in our database to make it as rich a repository of data as possible to assist in law enforcement in this area.

Our database has given us some very interesting statistics about identity theft and financial institutions. About 55 percent of the victims who contact our hotline report that a ID thief either opened or took over a credit card account; 18 percent report that a bank or a checking account had been opened in their name and/or that checks had been fraudulently written in their name; and 11 percent report that loans were obtained in their name. Of course, you realize that each of these violations may have occurred to the same person. They may have had a bank account opened in their name, a credit card takeover; people suffer numerous types of harm.

Our clearinghouse also collects complaints about the ways in which banks and other financial institutions handle ID theft. That is, have their business practices unnecessarily exposed people to this crime, or have they been responsive to their customers' needs as ID theft. Again, as we build out our system, we'll make this information directly available to those institutions through limited access to the clearinghouse.

Private sector and legislative proposals have also emerged to help protect against identity theft. 4311 from this committee is one such response. The Senate version of this, 2328, contains many of the same provisions. And the commission has come out strongly supporting these proposals; giving consumers access to information when there are changes of address; providing them with free credit reports every year from each of the major credit reporting agencies. All of these measures give consumers access to information about themselves that could reveal vulnerability or actual victimization of identity theft. We think these are very positive and helpful measures, and we support them.

Finally, we're working closely with many private sector groups to uncover ways to help improve prevention and victim assistance. In late October, we'll be hosting a workshop on victim assistance and identity theft. We've invited all interested parties -- the consumer reporting agencies, consumer groups, government agencies, financial institutions -- to help us set up the agenda. We hope to be able to use this forum as an opportunity to start developing a standardized complaint affidavit -- something that's also referred to in 4311 -- so that consumers will only have to fill out one form when they've been a victim of identity theft. And this form will be accepted by all financial institutions.

We will also be pursuing with our sleeves rolled up other practical ways to assist consumers who have been victims of identity theft.

Thank you, Mr. Chairman, and members of the committee. And I'd be happy to answer any questions you may have.

REP. LEACH: Thank you very much, Ms. Broder.

Mr. Townsend.

MR. TOWNSEND: Good morning. Mr. Chairman, members of the committee, thank you for the opportunity to address the committee on the subject of identity theft and the Secret Service's efforts to combat this problem. I have prepared a comprehensive statement which will be submitted for the record, and with the committee's permission, I will summarize it at this time.

REP. LEACH: Without objection. Both of the statements will be fully in the record if they haven't been fully presented.

MR. TOWNSEND: In addition to providing the highest level of physical protection to our nation's leaders, the Secret Service exercises broad investigative jurisdiction over a wide variety of financial crimes. As the original guardian of our nation's financial payment systems, the Secret Service has a long history of pursuing those who had victimized our financial institutions and our law- abiding citizens.

In recent years, the combination of the information technology revolution and the effects of globalization have caused the investigative mission of the Secret Service to evolve in a manner which cannot be overstated.

Today we are faced with a new challenge, that of identity theft. We in the Secret Service view identity theft as a disturbing combination of old schemes and abuse of the emerging technologies. However, it should be clear. This crime is about more than the theft of money or property. This crime is about the theft of things that cannot be so easily replaced-- a person's good name, a reputation in the community, years of hard work, and commitment to goals. Make no mistake about it. This crime is a particularly invasive crime that can leave victims picking up the pieces of their lives for months or years afterwards.

Mr. Chairman, we in the Secret Service applaud your efforts in convening this hearing today. We stand ready to work with you and all the members of the committee in attacking the crime of identity theft. It is our belief that hearings such as this will be the catalyst to bring together the resources of both the state and federal governments in a unified response to the identity theft problem.

As we enter the next century, the strength of the financial industry has never been greater. A strong economy, burgeoning use of the Internet and advanced technology, coupled with increased spending has led to fierce competition within the financial sector. Although this provides benefits to the consumer through readily available credit and consumer oriented financial services, it also creates a rich environment for today's sophisticated criminals, many of whom are organized and operate across international borders.

In addition, information collection has become a common by- product of the newly emerging e-commerce. Internet purchases, credit card sales, and other forms of electronic transactions are being captured, stored, and analyzed by entrepreneurs intent on increasing their market share. This has led to an entirely new business sector being created which promotes the buying and selling of personal information.

With the advent of the Internet, companies have been created for the sole purpose of data mining, data warehousing and brokering of this information. These companies collect a wealth of information about consumers, including information as confidential as their medical histories. Data collection companies, like all businesses, are profit motivated, and as such, may be more concerned with generating potential customers rather than the misuse of information by unscrupulous individuals. This readily available personal information in conjunction with customer-friendly marketing environment has presented ample opportunities for criminals intent on exploiting the situation for economic gain.

The Secret Service has investigated cases where criminals have used other people's identities to purchase everything from computers to houses. Financial institutions must continually practice due diligence, unless they fall victim to the criminal who attempts to obtain a loan or cash account of the check using someone else's identity.

As financial institutions and merchants become more cautious in their approach to hand-to-hand transactions, the criminals are looking for other venues to compromise. Today criminals need look no further than the Internet. For example, an Internet fraud investigation conducted by the Secret Service, the Department of Defense, the Postal Inspection Service and the Social Security Administration, Office of the Inspector General highlighted the ease with which criminals can obtain personal information through public sources.

These defendants access a website that publish the promotion list of high-ranking military officers. This site further documented personal information on these officers that was used to fraudulently obtain credit, merchandise and services. In this particular case, the financial institution in an effort to operate in a customer-friendly manner issued credit over the Internet in less than a minute. Approval for credit was granted after conducting a credit check for the applicant who provided a true name and matching true social security number. All other information provided, such as the date of birth, the address, and telephone number that could have been used for further verification was fraudulent.

The failure of this bank to conduct a more comprehensive verification process resulted in substantial losses, and more importantly, a long list of high-ranking military officers who became the victim of identity fraud.

The Internet provides the anonymity that criminals desire. In the past, fraud schemes required false identification documents and necessitated a face-to-face exchange of information in identity verification. Now with just a laptop and modem, criminals are capable of perpetrating a variety of financial crimes without identity documents through the use of stolen personal information.

The Secret Service has investigated several cases where cyber criminals have hacked into Internet merchant sites and stolen the personal information and credit card account numbers of their customers. These account numbers are then used with supporting personal information to order merchandise which is then transhipped throughout the world. Most account holders are not aware that their credit card account has been compromised until they receive their billing statement.

The Secret Service continues to attack identity theft by aggressively pursuing our core violations. It is by the successful investigation of criminals involved in financial and computer fraud that we have been able to identify and suppress cases of identity theft. The Secret Service's investigative program focuses on three areas of criminal schemes within our core expertise.

First, the Secret Service emphasizes the investigation of counterfeit instruments. By counterfeit instruments, I refer to counterfeit currency, counterfeit checks -- both commercial and government -- counterfeit credit cards, counterfeit stocks or bonds, and virtually any negotiable instrument that can be counterfeited. Many of these schemes would not be possible without the compromise of innocent victims' financial identities.

Second, the Secret Service targets organized criminal groups which are engaged in financial crimes on both the national and international scale. Again, we see many of these groups, most notably the West African and Asian organized criminal groups, prolific in their use of stolen financial and personal information to further their financial crime activity.

Finally, we focus our resources on community impact cases. The Secret Service works in concert with the state, county and local police departments to ensure our resources are being targeted to those criminal areas that are of a high concern to the local citizenry. Further, we work very closely with both federal and local prosecutors to ensure that are investigations are relevant, topical and prosecutable under existing guidelines.

No area today is more relevant or topical than that of identity theft. The Secret Service acknowledges that identity theft is a very real problem, and pledges its support in the federal government's efforts to eliminate it.

Mr. Chairman, this concludes my prepared statement. I'd be happy to answer any question that you or other members of the committee have. Thank you.

REP. LEACH: Thank you very much, and I thank both witnesses.

We have a very, very large problem. One element -- and I stress it's only one element of the problem -- is a professional class of facilitators who are law breakers. And I remain absolutely astonished that after passage of a law that says that identity theft is by national statute illegal, subject to fine and imprisonment, that it is wantonly advertised. I've never known any behavior of criminal behavior in which one advertises that they're going to do a criminal misdeed. And bizarrely, advertised in legal publications; that is, advertised to officers of the court that a company is prepared to do illegal acts, for a fee.

And I would like to introduce -- or re-introduce because the FTC once did a sting -- the word "sting" to law enforcement in this area. It is inconceivable to me that anybody should be advertising to do these things. And when our committee staff hit 11 of 11, through public advertisements, of people willing to steal someone's identity, or get information based upon false identity presentations, there's something that isn't being met in an active way.

And I turn to the FTC. Have you brought any enforcement actions against these companies?

MS. BRODER: Mr. Chairman, pretexting is not new to the Federal Trade Commission. We have in fact brought a case against a pretexter --

REP. LEACH: This is the one in Colorado?

MS. BRODER: Yes, the Touchtone case. And this was prior to the passage Gramm-Leach-Bliley. And in that case, the information broker -- a company called Touchtone -- posed as the consumer, asked the bank for that consumer's private financial information. And then they sold that information to a third party, of course, without the knowledge or consent of the account holder.

We've obtained judgment against Touchtone and its principles, which prohibits them from pretexting, except for those exceptions allowed by Gramm-Leach-Bliley. And we've extracted a $200,000 suspended judgment.

Since the passage of Gramm-Leach-Bliley 10 months ago, and in addition the Identity Theft Act, we have further stops -- further tools -- to track down and prevent the pretexting. But we too are aware, Mr. Chairman, that not withstanding the passage of Gramm-Leach- Bliley, pretexting persists. And while today I'm not able to discuss ongoing investigations, we are mindful of this problem. And we will use our Gramm-Leach-Bliley enforcement authority under 521 to target appropriate cases in keeping with our resources as an agency.

REP. LEACH: Well, I would, first of all, suggest that the FTC listen very carefully to one of our following witnesses and what he has to say. And I would also ask the FTC to be in contact after this hearing with my committee staff about what they did, how they did it, and the simplicity of receiving affirmations of people who are willing to do illegal activities.

MS. BRODER: We will certainly follow up, Mr. Chairman.

REP. LEACH: I mean, it is inconceivable to me that you can't simply look at advertisements and reach some conclusions and actions that can follow.

In addition, it has struck me that there has been an inadequate education effort to the legal community. I mean, the people advertise in legal communications. That's an invitation for a lawyer to use services. And I think it should be clear that a lawyer can be accountable under the law if he or she knowingly uses a service that itself uses illegal methodologies. I don't know what outreach you have to the various bars in the country, but I would certainly think that strong advisements would be in order.

With regard to the Secret Service, Mr. Townsend, I'm very impressed with one of your premises that the Secret Service is a guardian of our financial payment system, which I think is a very profound obligation. And my own view is, of all the criminal activity that's rising in the world today, it relates to this. And I'm not convinced that you have all the adequate resources you need, and I'm wondering if you would like opine on this. As I look at the year-end budgeting circumstance in Congress, I've directed my staff to look at this issue because I think that the assumption of the Secret Service's jurisdiction, of one nature in the popular mind, doesn't relate to some of the activities and areas of concern in other areas.

I'm wondering if you'd be willing to indicate whether you think the Secret Service needs more resources with regard to payment system issues.

MR. TOWNSEND: With regard to payment system issues, and more broadly our evolving investigative jurisdiction, clearly resources are stretched thin.

I mentioned earlier that the lay of the land with regard to identity theft and the broader issue of financial crimes has really changed in the last five years with this concept we refer to as globalization. We have had to go global to stay up with the criminals. Today, the Secret Service has special agents deployed on a permanent basis to 18 United States embassies around the world. In years past when we worried about our identities being compromised, we had to worry about perhaps our mail being stolen out of our mailbox or our wallet being stolen. Today, with computer technology, information technology generally, a hacker in a country can literally steal from our technological boxes around the world. And in order to be responsive, we in the Secret Service have deployed our personnel in a global fashion. This, of course, does stretch existing resources.

REP. LEACH: Can you give us some order of magnitude? The Secret Service today, how many people are in it?

MR. TOWNSEND: The Secret Service today is at about 2,800 special agents. And we are an agency that is changing. Over the last two years, the Congress, with the support of many of you on this committee, has supported additional special agent positions, which as I mentioned, we have deployed around the world. Additionally, we're deploying them to our major field offices domestically in order that we can be more effective to attack issues like this.

REP. LEACH: Thank you very much.

MR. TOWNSEND: Yes, sir.

REP. LaFALCE (D-NY): Thank you very much, Mr. Chairman.

Mr. Chairman, by your comments, I appreciate the gravity with which you take this issue, and I think that gravity is extremely warranted. I share it, as do many other members, both sides of the aisle-- Ms. Hooley, Mr. LaTourette and many others. And I know it's very, very late in the session, and it would be very difficult to pass legislation. But I would hope that we could mark this legislation up at least and attempt to get it to the House floor. And then who knows what would happen during the omnibus bill because this is an extremely serious problem, as has been testified, of epidemic proportions.

Ms. Broder, you indicated that FTC supports the preventive measures proposed in H.R. 4311, correct?

MS. BRODER: Correct, sir.

REP. LaFALCE: Okay, fine.

I think we're going to hear from trade associations that the measures are unnecessary, and the problems you've identified can be addressed through voluntary self-regulatory measures.

How would you respond to those arguments?

MS. BRODER: We believe that the measures in 4311, and its companion bill, 2328 in the Senate, are necessary because we have not seen a great response on the self-regulatory front, quite frankly. And while initiatives have been announced, we haven't seen any changes implemented, for example, among the consumer reporting agencies.

Now, we know that fraud alerts are placed on a consumer's credit file when they call into their credit reporting agency, but we also know that in many cases those fraud alerts are neither clear nor conspicuous. One of the provisions in 4311 is to make certain that those fraud alerts do what they're supposed to do.

So there are many measures within this bill that we think are very practical and would, in fact, assist consumers, and have not been undertaken by private industry itself.

REP. LaFALCE: Both Mr. Townsend and Ms. Broder, if you were on this committee, or a member of Congress, and could initiate and pass legislation to deal with the problem of identity theft, what do you think might be either necessary or desirable legislatively?

Let's start with you, Mr. Townsend.

MR. TOWNSEND: Sir, clearly, the data that we are getting and the trends that we are seeing indicate that the criminal suspects we need to be most concerned about are operating on line. They're operating in a cyber world. And I would submit respectfully to the committee, legislation that would be drafted address specifically the cyber issues. Frequently, as we've seen in the last two or three years, the amendment of 18 USC 1028, to move away from a certain number of false identification documents; that you address the fact that information can be downloaded now from the Internet.

So I would submit respectfully that legislation address crimes that are committed via the use of the Internet and computers.

REP. LaFALCE: Ms. Broder.

MS. BRODER: And I would agree with everything Mr. Townsend said. I would also suggest at this time that we have some fairly young legislation out there. We have certainly, as Congress says, criminalized identity theft. We have established the central repository of identity theft complaints. And we believe that this will provide tremendous incentive for prosecutors to be able to go after identity theft. Not only do they have the data; now they can see the big picture, rather than individual complaints.

So I would suggest perhaps it's time to see how the system is working with what we have in place, and should 4311 be enacted into law, with those provisions too to help prevent identity theft as opposed to the prosecution.

REP. LaFALCE: We're talking about both prevention, which is necessary, and prosecution which is necessary.

Forget about legislation, what could you do to enhance the prosecution of identity theft? Who can prosecute? Is it a local county district attorney? Is it a state attorney general? Is it the U.S. attorney? Or is it all of the above, depending? And to what extent are prosecutors equipped to handle the growing epidemic? And how can you engage in an outreach effort to enlist them to prosecute these cases as a priority item, which might turn out to be the best preventive measure we can take?

MS. BRODER: It is a priority item.

REP. LaFALCE: For whom? And can we make it a priority item for all the prosecutors?

MS. BRODER: You've asked a series of questions. Let me first tell you who it is that prosecutes these cases.

It's now a federal crime to engage in identity theft, so any U.S. attorney's office can prosecute these crimes. Seventy-five percent of the states have statutes prohibiting identity theft. So there can be state, and, in some cases, local prosecution of these crimes.

REP. LaFALCE: You say in some cases. Is most every local county attorney or prosecutor able to prosecute violations of state laws?

MS. BRODER: I think generally that's so.

REP. LaFALCE: And with respect to the 25 percent of the states that don't have laws, is there any effort that we could make to get them to pass laws in those states to enable their prosecutors to also prosecute this crime?

MS. BRODER: I think this is the trends that we're going to see, sir.

REP. LaFALCE: Under the federal law that exist making it a federal crime, do the local prosecutors have the capacity to prosecute the violations of federal law?

MS. BRODER: No, they do not.

REP. LaFALCE: Can we enable them to do that? I'm just asking questions.

MS. BRODER: We know that under certain civil statutes -- for example, the Home Equity Protection Act, the Telemarketing Sales Rule, the 900 Number Act -- the Federal Trade Commission and state attorneys general have enforcement authority. So there is this joint jurisdiction and enforcement authority on a civil level. I'm ont aware, Mr. LaFalce, on the criminal side of whether that is a common measure.

MR. TOWNSEND: If I could respond, sir, to your first issue regarding prosecution. Clearly, as you've mentioned, it's a federal crime. And in the case of the Secret Service, we aggressively pursue those for presentation to the various United States attorneys offices. But more importantly, I mentioned in my opening statement, one of the critical components of the Secret Service investigative strategy is community impact cases. And that varies widely across this country, from judicial district, to state, to various counties.

We regularly present for prosecution identity theft cases to state and local authorities if, in fact, in that area that is a community impact issue. It may not meet the federal threshold for prosecution. But we in the Secret Service regularly submit, testify in open court. All of the resources of the Secret Service, in terms of expert testimony, forensic service analysis, are available to the state and local prosecutors. If in fact that's deemed to be a community impact case -- that's an important issue wherever it may be -- we would then go into the state court, if, for whatever reason, the federal system were unavailable to us through thresholds or other reasons.

You also asked a question about resources. Clearly, prosecutors, like many in the criminal justice system, feel besieged by a competing number of priorities. I can report to you that on November 27th, the Secret Service, along with the Treasury Department, will host an identity theft workshop focused on enforcement efforts. And we hope to host local prosecutors and their local police and state counterparts in order that we can move this issue along.

Clearly, there's work to be done. But in the Secret Service we view partnerships with state and local governments as critical to our --

REP. LaFALCE: Is there a committee of the National District Attorneys Association that deals specifically with the issue of identity theft? At the state or national conventions of the District Attorneys Association, do you attempt to put seminars before them at their meetings or make presentations on the issue of identity theft?

Because of the proliferation of the uses of the Internet and the availability of so much personal data, if it's an epidemic now, it's going to be geometrically increasing epidemically in the future. And so we have to wage war.

MR. TOWNSEND: If I could respond. Public education is also a key regarding this variety of financial crimes that we investigate. I find myself sometimes having to make difficult decisions because of the demand for our special agents to make public presentations versus actually working the cases we need to be working.

But we have such a demand for presentations, and we have long list and regular. We have people literally today in Mexico City making presentations on this topic and deployed elsewhere around the country speaking to these kind of groups.

So your point is well taken. Public education is a key component, and it's one that we try to pursue.

REP. LEACH: Ms. Biggert.

REP. JUDY BIGGERT (R-IL): Thank you, Mr. Chairman.

I was amazed going on the Internet and the amount of information that could be gathered from one of the investigative companies that was found. They no longer will provide social security numbers, but in location searches they can locate by social security number the name of a person for $43. They can locate a current address from the phone number. For $25, you can have the date of birth of somebody. For financial searches, bank account balance for $45. Bank account search-- that will cost you quite a bit of money, $249 to find out what somebody's bank account is. Bank account activity detail for $99. More information is, the property records by name for $37, property records by address for $32.

I'm astounded by the personal information that can be garnered just from the Internet. Now, apparently the social security number is now a little bit harder to find. But couldn't you then make up a social security number until you find somebody that you think you want to assume their identity, even if they don't have that social security number? Or they could have a hacker find their social security number, and then proceed from there.

MS. BRODER: Identity thieves are tremendously resourceful. And they can obtain this type of information legally and illicitly. And generally they have many ways of doing so. We know that there's legislation being considered now to prohibit the offering for sale and purchase of social security numbers. So there are measures being undertaken.

Certainly with the Internet, information that had been publicly available before is available on such a widespread basis, and can be disseminated so broadly that it's causing all of us concern. It's time to stop and look at these practices in this cyber world, and determine the balance between access to information and privacy entrance.

REP. BIGGERT: I think people would be absolutely amazed if they knew that people had access to their bank account balance and their activity every month. It's amazing.

But several other proposals, including the H.R. 4311, deal with the issue of removing the social security number from the header of credit reports. I know that there's been some opposition to that in saying that it would actually detract from the accuracy of the credit reporting system, as well as consequences of not being able to locate errors, deadbeat debtors, or others who they have an interest in identifying.

Do you think this is a valid concern? And if so, how would you address it?

MS. BRODER: We don't think it's a valid concern. They will have access to the information if they have a permissible purpose under the FCRA. Entities who obtain a consumer's consent can get access to this information. So that we don't find a compelling argument.

REP. BIGGERT: Thank you. And then, Mr. Townsend, I think that there was a U.S. News and World report recently that reported the indictment of two government employees for allegedly using information from the FDIC and the Department of Health and Human Services to commit identity theft. And in addition, there was a report issued by Congressman Horn of the Government Management and Information Committee, which gave very low marks to computer security systems in the government agencies.

Do you think that the federal government has adequate procedures in place to protect employees and citizens whose personal information is on there in centralized databases from identity theft?

MR. TOWNSEND: Well, I can tell you that the Secret Service is a law enforcement bureau within the Treasury Department, and as such, we are charged with looking at intrusion and so forth within the Treasury system. Although I have not read the report in detail, as I recall, the Treasury was not listed, fortunately, as one of those which was having problems.

I really have to tell you though that I'm not intimately familiar with the other systems. I can tell you that with regard to the Treasury system, we have not investigated intrusions during my tenure there. But clearly, your point -- and you refer to the U.S. News report article from I believe August 31st -- clearly, this is an area in which we in the government need to get our houses in order also. It's an area that's highly topical, it's discussed daily, and it's one that certainly we are going to be pursuing in the days to come.

REP. BIGGERT: Thank you.

Thank you, Mr. Chairman.

REP. LEACH: Thank you very much.

Ms. Maloney.

REP. CAROLYN MALONEY (D-NY): Thank you, Mr. Chairman, for calling this meeting. And I applaud my colleague, Darlene Hooley, for her bill.

It's been pointed out in Ms. Biggert's statement and others that the societal changes of the information age have really improved our lives, they've helped the economy; but in the area of privacy and protecting the personal information of individuals, I believe this Congress has really fallen far behind in providing legal protection for our constituents.

I know that identity theft is a growing problem. I am getting more and more calls in my office about. And I think by giving one example that helps illustrate what we are hearing in our offices, one such victim is a Mr. Ahmed (sp) who lives and works in Queens. And he is been battling credit reporting agencies for five years.

Five years ago, he discovered that someone had stolen his social security number in order to obtain 14 credit cards. When he ordered copies of his credit report, he was astounded to find two names with two different occupations and two different birthdates on the report. Even with such glaring errors on his credit report, and after obtaining a police report to back up his claim, the credit reporting agencies were largely, totally unresponsive in assisting him in clearing his name.

The agencies informed him that they had contacted the credit issuing banks, and having received confirmation that the social security number that the banks were using matched, would continue to include the information from both names on his credit report.

The credit issuing banks were also of little help. After writing to all 14, only 4 responded over a 3-year period. And even some of the account information from the 4 remained on Mr. Ahmed's credit report.

In all, the identity theft defaulted on over $20,000 in charges for which he received collection notices. Despite the fraud alert that has been on his credit report since 1995, and the terrible credit record, he continues to receive credit card solicitations. He and his wife continue to monitor his credit report. And every time they think that the problem is completed, they find a new fraudulent account on this report. And this has been going on for five stressful years. And they have invested literally hundreds of hours trying to clear his name.

Just last week, they were initially denied a mortgage until the situation was again explained to the bank. Now they face an even more stringent review. In this coming week, they have to appear before a New York co-op board and explain, once again, why their credit history has had such a turbulent past.

And I really want to let the representatives of the credit reporting agencies in the audience today know that I will continue to follow his case and other constituents' cases. And I really feel, Mr. Chairman, that all of our constituents deserve the extra protections of sensitive information that is provided in the Hooley bill; and I feel that we need to adopt it in this Congress.

I would like to, first of all, ask Ms. Broder, in your testimony, you indicated that the FTC is receiving a thousand calls a week regarding identity theft.

First of all, how many other FTC hotlines receive anywhere near this many consumer contacts?

Secondly, when consumers call the FTC hotline, they're advised to contact the credit reporting agencies. From my own experience that is illustrated in the case that I just gave you, many of my constituents are totally frustrated with the response from the agency. The constituent whose case that I just spoke about indicated, of the three that he contacted, the TransUnion fraud department was by far the most helpful.

And how does the FTC monitor what is happening to our constituents when our constituents call and relay these problems? Specifically, do you make sure that the credit reporting agencies are answering their fraud lines with real people and not just computers that never follow up? Have you, or do you, test the credit reporting agencies' ability to actually resolve an identity theft case? Or are more people than my constituents, and Mr. Ahmed who is just running around in circles, really not receiving help from anyone in his particular case?

So I look forward to your answer.

MS. BRODER: One of the measures that we hope to enter into with the consumer reporting agencies is one-stop shopping. If there's one constant that we hear from victims, it's that they have to call each of the three major consumer reporting agencies, and the Federal Trade Commission, and all of their creditors to take care of things.

One measure that we would like to enter into with the three major credit reporting agencies is one-stop shopping. That is, they either call the FTC at our hotline or call one of the three major reporting agencies to place a fraud alert on their files, and that it goes to all three offices.

We haven't made much progress toward pursuing that. We think that would be a great help to consumers that are so burdened with --

REP. BIGGERT: But do you ever monitor? Do you ever go in and take a case, and see if they're actually solving it? I've got about five cases that are very similar to his, where they say they call everyone, and no one ever does anything. And it's now five years, four years, three years; and they're running in circles.

MS. BRODER: Well, I would offer to you, Ms. Maloney, first our toll free hotline for you to provide to your constituents so they can talk to our specially trained telephone counselors and be given the information. Many consumers know they have to call the consumer reporting agencies for fraud alert.

Do they know they should also call the Department of Motor Vehicles to find out if someone obtained a drivers license in their name? Do they know they should also contact the Social Security Administration to see if there's other misuse, if people are making money, earning wages in their name and incurring tax liability? So there are many steps and a lot of information that our phone counselors can provide.

We do follow this data. We collect data in our data base that shows how responsive the financial institutions are and the consumer reporting agencies-- all of those associated entities that consumers have to deal with when they're victims of ID theft. And we look forward to putting a little pressure on them to get them more responsive.

Is there a legal responsibility? They are suppose to correct erroneous reports on a consumer's file. But we know that in many cases, after consumers have gone in and gotten a correction on their report, that same debt pops up again, which is why in our testimony we make the rather dire, but perhaps at this time appropriate statement that often identity theft is unavoidable, undetectable and unstoppable, unstoppable because it keeps rising up just when the consumer believes that he or she has settled out all of these problems. They keep coming up.

We're working very, very hard, both with individual consumers and with the financial industry to try to approach this. But I share your frustration.

REP. BIGGERT: My time is up. Thank you.

REP. LEACH: Thank you very much.

Mr. LaTourette.

REP. LaTOURETTE: Thank you, Mr. Chairman.

Agent Townsend, I want to follow up with the excellent questions that Mr. LaFalce was asking.

You talked about the federal threshold a couple of times. What is the federal threshold?

MR. TOWNSEND: When we discuss federal thresholds, what we are referring to are prosecutive guidelines, if you will. Those are set by the individually United States attorneys in their respective judicial districts. So as you can imagine, the prosecutive guidelines are different in the central district of California as opposed to the central district of Illinois.

REP. LaTOURETTE: And that's an excellent point. And that's what I thought you were talking about. Because in my testimony when I was talking about the family from Lake County, Ohio, the Mitchells, they had the misfortune at the time they reported to the federal authorities of only having lost $80,000; they hadn't crested $100,000. And so their fondest hope was that the thieves would take another $20,000 from them so they could get the attention of the U.S. attorney in Cleveland.

And that seems to be a problem. And then what happens is -- before this job, I was a district attorney in Ohio. And what happens is that what you have available down there is the federal prosecution isn't initiated. The miscreant is arrested in Chicago. The full panoply of charges available to a federal prosecutor isn't available to the prosecutor in Chicago because the crime committed in Chicago was going to get one $15,000 loan; that becomes something -- in most states it's a felony punishable by 18 months. And I made the observation when the fellow was arrested. He said, "I didn't use a gun. I'm going to get probation," even though he had a record going back to 1977.

So it really seems to be that we have not given prosecutors anything. If the federal threshold is going to be a certain amount, identity theft isn't a crime. Identity theft when you steal a lot of money is a crime. And it seems to me that one of the things that we can do is to somehow massage those federal thresholds; otherwise, we're going to have despaired prosecutions.

And prosecutors all over the country are busy. The guy in Chicago who's worried about the murderers, the rapists and the burglars doesn't care about some lady in Madison, Ohio that lost $100,000 to a guy that got a loan. And I would be interested, one, in any thought that you have on that.

And then two, one of the things that concerns the victims of identity theft that I've talked to is not only what Ms. Broder was talking about. And that is, it seems you have to do all the work. You've got to call everybody in town, and it doesn't get on the file. As a matter of fact, some of these loans that were made to the crooks, were made after the phone calls had been made. And so, one-stop shopping would be a wonderful addition to what it is you're doing.

But what they're also concerned about -- and any knowledge that you have about the market or this information. We have three guys now in jail in Chicago. They're concerned that they sold it to three more guys in Colorado, and that there's a move to traffic this information-- not only to steal it and use it once, but then also to sell it to other people that want to engage in similar criminal activity. And any information that you have on that, I'd ben interested in hearing.

MR. TOWNSEND: Sir, you've hit on two key issues. We share your frustration at times with regard to federal prosecutive thresholds or guidelines. As you know, the United States attorneys have wide prosecutorial discretion as to what they do prosecute. And you make the point, federally we can bring people much more easily back and forth across judicial lines as opposed to extraditing under the state courts.

REP. LaTOURETTE: If I could interrupt you for just a second. You also have jurisdictional problems. The reason that it's a smaller crime in Chicago, especially if it's on the Internet, is that these crimes could have been committed all over the country. And all the guy in Chicago gets to do is what happened in Chicago.

MR. TOWNSEND: You make a very good point which relates to this issue of globalization. If the hacker in Moscow hacks into a system in Chicago, sends the identity to a co-conspirator in Buenos Aires, who buys property and tranships it to Miami, and sells it to unsuspecting people, where does the crime occur? And it takes about that long to transact that transaction. So your point is well taken.

Secondly, with regard to the marketing of this information, there's no question that we have seen a migration of organized criminal groups, who formerly dealt in crack cocaine, weapons and so forth, into this very lucrative area. And within the Chicago area that you mentioned, well known street gangs are now moving into this area because, as you said, the sentencing guidelines are not perhaps what we would all like them to be. They know that violent crime is a priority. And additionally, they are able to traffic second, and third, and fourth times among other members of the gangs these identification documents and full identities.

REP. LaTOURETTE: Thank you very much.

Thank you, Mr. Chairman.

REP. LEACH: Ms. Hooley.

REP. HOOLEY: Thank you for your testimony. I have a question for Ms. Broder.

First of all, thank you for all the work that you have done. And I know you haven't very much time to get this up and running. When I have constituents call, you are very good at helping victims help themselves. However, as far as law enforcement goes, it seems that your hands are still somewhat tied. And what types of authority do you think you need to further combat this problem?

MS. BRODER: Well, as you know, we have civil enforcement, not criminal enforcement authority. And we have used that in cases of identity theft. We've just recently got a judgment against a company based in California. We have a judgment for $37 million for a company that was billing consumers' credit cards for purchases they did not make. They were cramming charges onto their credit cards. That's violation of the Identity Theft Act of '98 because they were using consumers' identities -- their name and their credit card numbers -- to commit a crime.

And so, we will continue vigorously to exercise our authority under Section 5, for unfair and deceptive acts and practices that involve identity theft. We believe that that is a very full granting of jurisdiction for us to address many issues civilly. But we do know that we rely upon our criminal enforcement colleagues to add a little more muscle there, for criminal enforcement and for serious jail times under the Identity Theft Act.

REP. HOOLEY: You talked about one-stop shopping in that you hadn't found people to cooperative to make that happen. And we've talked to a number of victims of identity theft, and that is the problem. I mean, there's a lot of problems with it. I mean, people just feel so violated with this, and it comes up. Something like 55 percent of the cases have gone over 4 years. So it is just constant. I mean, it's there all the time with them. So it's much more than just money being taken. And they don't have to pay the money, so it's just feeling of violation that somebody's out there impersonating them all the time.

But what would it take to motivate other organizations to join with you in this one-stop, "how do we let everyone know," Motor Vehicles, the credit bureaus; what would that take?

MS. BRODER: We are working very closely -- we are trying to work very closely with all of the affected entities, public and private, consumer groups. To answer that question specifically, if you ask me what will it take to get the credit reporting agencies to step up and engage in one-stop shopping, I guess I would have to address that to one of the later witnesses on a later panel today. But we are always available to discuss these initiatives with any other entities. And in fact, that we hope that our workshop later in October will be just such an opportunity.

REP. HOOLEY: Mr. Townsend, thank you again for all that you're doing and for your testimony. This piece of legislation that we've introduced, 4311, is really trying to deal with the prevention. Fraud alerts have to be put on, that we're trying to codify that so that they actually have to use those. Again, this is a prevention piece, not necessarily the enforcement that we've dealt with in other pieces of legislation.

But since you're in enforcement, what can Congress do to help law enforcement help victims and put these criminals behind bars? What do we need to do, both nationally and to help local law enforcement?

MR. TOWNSEND: I think some of the points that Mr. LaTourette raised are interesting with regard to your question. One area that we've not touched a great deal on today is sentencing guidelines.

Clearly, the effect that this crime of identity theft is having in our community, I believe that Congress could support looking once again at where the sentencing guidelines put identity theft. And perhaps this joint effort between the FTC, Congress, the Secret Service and our other partners might institute a new look at where the sentencing guidelines could go.

REP. HOOLEY: Thank you.

REP. LEACH: Mr. LaFalce.

REP. LaFALCE: I'll only take a minute for one question.

Is the advertising of what is criminal intent to steal an identity, is the advertising in and of itself criminally prosecutable?

MR. TOWNSEND: My understanding is that it is not. And of course, let me once again say that what may be prosecutable in one particular district is not the case in another.

REP. LaFALCE: Well, I'm thinking now with respect to not thresholds, but just the law itself. If we had a U.S. attorney who wanted to prosecute advertising, that clearly advertises with a criminal intent, could it be done under existing law? That's the first question.

The second question. If it couldn't be done under criminal law, could we pass a law that would be both constitutional and practically enforceable? In other words, I'm thinking of the ability -- you say people are advertising. Can we go in there and stop them by prosecuting them criminally before they do the injury? Because they've done enough injury to the public in some way by advertising.

If somebody intends to murder you, is there a conspiracy law that is applicable? And they're into a conspiracy with the millions of people who use the Internet?

MR. TOWNSEND: You've asked obviously a very complex issue, which a team of lawyers would --

REP. LaFALCE: Well, I would like a team of lawyers to huddle together and respond to me.

MR. TOWNSEND: Yes, sir.

REP. LEACH: Will the gentleman yield?

REP. LaFALCE: Yes.

REP. LEACH: There's a further point. Are there enforcement actions against advertising criminal intent? I mean, the FTC brings enforcement actions against misleading advertising. Is there such a thing as an enforcement action against truthful advertising and an illegal act?

MS. BRODER: Yes, there is, under various theories on fairness jurisdiction. We could pursue a civil case under that type of theory.

REP. LEACH: Have you ever done that?

MS. BRODER: Not since the 1950s.

REP. LEACH: Let me go a step further, again, following the logic of Mr. LaFalce.

Have you considered informing newspapers, yellow books, et cetera, that a given type of advertising is for an illegal act, and do companies want to have a policy accepting advertising for illegal acts?

MS. BRODER: We have done that.

REP. LEACH: Is that a first amendment problem?

MS. BRODER: Well, we have met with the directors of classified sections of newspapers before to talk about the offering of fraudulent franchises and business opportunities with which Mr. LaFalce is very familiar. And we've spoken to them about what the warning signs are, what are the indicia of fraud. So that they can then institute a policy to screen out those. And I think that you raise a very interesting point which I will bring back to the commission to discuss.

REP. LEACH: Fair enough.

REP. HOOLEY: Mr. Chairman, just one real quick question for Ms. Broder.

With your hotline and your educational pieces, what have we done to educate just the agencies within the federal government on having their social security numbers on pieces of information, or on documents, that may not be necessary because so much of identity theft really deals with the social security number. And one of the reasons I bring it up is I look at my voting card that has our social security numbers on it. And if you lose this card, somebody has your social security number.

So my question is, what kind of job have we done in educating our other federal agencies?

MS. BRODER: Well, the Department of Treasury just, obviously, made changes in the way that they send out checks. They no longer reveal the social security number in the mailing window. There is growing sensitivity.

When we began our effort on identity theft, we met with over a dozen other federal agencies to talk about initiatives that we could take, but also about cleaning up our own houses and our own information practices. This is a very important point that we make whenever we speak to the public, the private agencies, as well as public governmental units.

REP. LEACH: Apologies. It's still the time of Mr. LaFalce.

REP. LaFALCE: Nothing.

REP. LEACH: Thank you.

If there are no further questions, I would just like to ask Mr. Townsend if he'd return to his agency and think through some of the resource questions. And I would like to meet with your agency by the end of the week with regard to that question.

MR. TOWNSEND: Yes, sir.

REP. LEACH: Thank you.

Thank you all very much.

Our third panel is composed of Mr. Robert Douglas, who is the CEO of American Privacy Consultants, Inc. of Alexandria, Virginia; and Shon Boulden, who is an identity theft victim from Hillsboro, Oregon.

And let me say, both of your statements will be placed fully in the record. And you may proceed as you see fit.

Mr. Douglas, you're welcomed back to the committee. And we appreciate very much the assistance over the last several years you've given to the committee on this specific issue.

MR. DOUGLAS: Thank you, Mr. Chairman.

REP. LEACH: Mr. Douglas.

MR. DOUGLAS: My name is Robert Douglas, and I'm with American Privacy Consultants. I appreciate the opportunity to appear before this committee once again to address the issue of identity theft, pretext calling, and other deceptive practices. Unfortunately, in spite of the enactment of legislation drafted by this committee to outlaw such practices, these methods not only survive, but also continue to grow in volume, scope and methodology.

Chairman Leach --

REP. LEACH: Excuse me. If you could withhold for one second.

Is anyone still here from the FTC? And you're taking notes? Thank you.

MR. DOUGLAS: -- I'd like to personally thank you and Ranking Member LaFalce and the committee for your continued willingness and desire to address this serious issue.

On July 28, 1998, while appearing before this committee, I stated "all across the United States, information brokers and private investigators are stealing and selling for profit our fellow citizens personal financial information. The problem is so extensive that no citizen should have confidence that his or her financial holdings are safe." Sadly, I return today to inform this committee that my statement of 1998 remains true to this day.

The good news is progress has been made. In 1998, four steps were required. First, the financial services industry needed to understand and combat the threat. Second, tough federal legislation was needed. Third, appropriate federal regulatory agencies needed to create standards and regulations designed to assist institutions. And finally, aggressive prosecution was required.

The financial services industry has made significant progress in beginning to combat identity theft and pretext. This committee in Congress moved quickly to pass legislation designed to punish over who would impersonate others in order to gain access to confidential financial records. The federal regulatory agencies moved quickly in 1998 by means of advisory letter and other steps to alert all institutions to the practices of identity thieves and information brokers. With the first three sides of the box, either erected or under construction, it's now time to build the final wall through aggressive enforcement action.

In the invitation letter I received from the committee to testify today, I was asked to specifically address three issues. First, the extent to which the use of pretext and other deceptive means continue in spite the passage of Gramm-Leach-Bliley; two, the effectiveness of efforts by the financial services industry to deter and detect fraudulent attempts to obtain confidential account information; and third, other threats to financial privacy emerging today.

The use of pretext and other means of deception that's hurt financial institution employees and customers continue unabated. Advertisements ont he World Wide Web have doubled in the past two years. We have several exhibit boards to my right in the hearing room today, and I'd be happy to discuss those in detail if the committee so desires.

I would hope that members of this committee would find that services offered in language of the advertisement disturbing. Members of this committee might wonder why these firms are allowed to operate. The excuse might be offered that these companies fly so far below the horizon as to be undetectable. That excuse would have a hollow ring.

Docu-Search is the company that sold personal information concerning Amy Boyer to a stalker that resulted in the murder of Ms. Boyer and the suicide of the stalker. Amy's parents have testified before Congress and have been widely covered in the media. Docu- Search was the cover story for Forbes magazine on November 29, 1999, just 17 days after Gramm-Leach-Bliley was signed into law.

In the article, Dan Cohen (sp) of Docu-Search bragged about his abilities to obtain personal information about a subject. Amazingly, Cohen arguably admits to the use of fraud of bribery.

And should there be any questions to the ability of a determined criminal to gain access to confidential information, including, Mr. Chairman, financial information, the Forbes' article evidences Cohen doing it with apparent ease.

Cohen is willing to lead officials to believe he is a law enforcement officer. If you read the Forbes' piece and my analysis of it in my written statement, there can be only one question. Why are Dan Cohen, Docu-Search and thousands of others offering these same services still in business?

To be sure Docu-Search is not alone, there are now more information brokers and private investigators openly advertising their ability to obtain and sell financial information as they were in 1998. One phone call to a company advertised in the D.C. area's Legal Times determined that they offer for $200 to supply the name of the bank, the type of account maintained, and the balance in the account for any individual specified. And I would note that that is a trade paper that is in the U.S. Attorney's Office, the Department of Justice, and I dare say at the FTC.

The scenario presented to the company fell squarely within the four corners of Gramm-Leach-Bliley, that would make the request and provision of the banking information illegal if accomplished by pretext.

The company was informed that a woman was trying to locate a current address for a live-in boyfriend who had skipped town with money from her checking account. There was nothing in the scenario presented that even began to come close to the exceptions enacted as part of Gramm-Leach-Bliley. In fact, as Mr. Chairman's aware, on August 30th, senior counsel Jim Klinger (sp) and other of your staff members and I called numerous private investigators and information brokers in an effort to determine how many would sell bank account information and under what circumstances.

We surveyed the first 10 companies we could reach by phone. And Mr. Chairman, you referred to 11. There were 11, and I'd give them a push because of some of their answers. But I'll talk about that later.

The companies were selected randomly. The companies were presented with the scenario outlined above. And with the committee's permission, I would like to detail some of the results we obtained.

In less than 3 hours, the first 10 companies we reached were all willing to sell us personal bank account information detailed enough to raise the educated belief that the information would be obtained by pretext or other deceptive means. Not a single company we reached turned us down, not one. More to the point, two of the companies' representatives made specific mention of privacy laws and federal statutes being a hindrance to their ability to provide the information. However, we were told, they could still succeed, but just, "don't tell anybody," that we had obtained the information.

One individual referred to the fact that he had banking experience, and guaranteed he could find the bank, and 80 percent of the time he could get the account number and balance. Several of the companies stated they could get us individual transaction records, including individual deposit transactions. One offered to teach us how to determine the amount in the account once he located the bank and account number. He wouldn't do it; he'd teach us how.

One company stated they would check the federal reserve section for the part of the country where the individual is located. This same company claimed to work for hundreds -- and this is a quote -- "hundreds and hundreds of attorneys and collection agencies." Further, they stated they had found $1.2 million in an account just the previous day for an attorney. They advised us to wait for the banking information before going to court, in direct contravention of Gramm-Leach-Bliley I might add.

Another company stated that we would locate the information if we had a court filing judgment, or a letter from an attorney, giving the name of the person the account information was being sought for, and the reason. This company stated they could find local bank information for $200 and state-wide information for $500, including account numbers and balances.

Several of the companies offered to locate safety deposit box locations and securities related information. One company charges $175 to locate the name and address of the bank, if you have a judgment. However, the same company for $250 -- slightly more -- would locate all accounts, account numbers, balances, mutual funds, names on the accounts, dates of closure if an account was closed, safety deposit box information, if we didn't have a judgment.

Here is just one example of the type of advertising we found. And I believe we have an exhibit board for this. Actually, we don't; it's in my testimony. But they have a disclaimer at the bottom, and I'll just read a couple of quick sentences. And I know my time is short.

"We limit retrieval of documents or information available from a public entity or public utility, which are intended for public use only. We neither utilize, reveal, nor attempt to access any confidential information concerning the parties involved." And the ad is specifically referring to bank account information.

The disclaimer's amazing, in light of the fact that this company offered to sell us the amount located in a checking account and the deposit history to the account for $275. I can't fathom a single way that account balance and deposit transaction records could be intended for "public use." Indeed, this would be a direct revelation of confidential information.

Mr. Chairman, no company reached asked any question that would logically follow from the passage of Gramm-Leach-Bliley, even when they had disclaimers in the advertisements suggesting there were restrictions. Further, in addition to the overt remarks made by several companies, to the minor obstacles presented by federal statutes and privacy laws, the advertisement from telephonic presentations bore all the classic signs of pretext operations. And I could detailed those later, if you would like.

The financial services industry has for many years utilized various methods of combatting fraud and protecting the confidentiality of customer information. The industry is traditionally between a rock and a hard place when it comes to information security. Customers want their information to remain confidential. At the same time, they want easy access 24 hours a day for that same confidential information. It is this very dilemma that criminals exploit.

The financial services industry is moving aggressively to combat the methods and deceptive practices used by identity thieves and info brokers that seek to illegally gain access to information.

I believe the committee will hear from Richard Harvey, chief privacy officer and chief compliance officer for Chevy Chase Bank later today, who will document and detail the steps the industry has taken both historically and recently. But as an interested and active observer of the industry over the last several years, I'd like to commend the efforts and initiatives they've undertaken.

I've worked directly with institutions and professional associations to educate them on the issue of pretext and other deceptive practices used to penetrate security systems. In each instance I've found that the privacy, administrative and security leaders in the institutions and at associations are genuinely concerned about solving the problem, and are moving to do so.

This concern has led in one instance to the American Bankers Association distributing to the entire membership an educational, basic training program on pretext calling I was asked to author at the association's initiative. The portion I authored was just a small part of a comprehensive three-part series the ABA has distributed to the membership.

I've been asked to speak on a number of occasions to groups of bankers to demonstrate how to spot pretext calls, how to educate financial services' employees, and what steps to take at the institutional level. Indeed, you'd be hard pressed to find a gathering of bankers anywhere today where the subject of privacy is not addressed as a major topic of discussion. In fact, I flew overnight last night to be here this morning from just such a gathering, where I made two major presentations on this issue.

But, Mr. Chairman, the financial services industry needs a helping hand from law enforcement. These criminals must be prosecuted. The message needs to be sent that federal law enforcement is serious about protecting financial institution customers.

It is time to act.

My last area is emerging threats to financial privacy. And this is all new material that has not been covered in the last two years, Mr. Chairman.

The fastest growing method used, to skip trace for the current address and other personal information of an individual is to obtain the information from the phone company. Most United States citizens believe that their phone records are private unless obtained by subpoena or other form of court order. This is especially true for the millions of Americans who pay extra to have a non-published or unlisted phone number. Most citizens would further think that who they call and how long they talk is also a private matter. Most Americans would be wrong.

Currently, there are presentations of closed, highly secure classes for private investigators and information brokers -- and we have an ad of one on these exhibit boards -- teaching the interworkings of the telecommunications industry. We have exhibits in the room today that I just mentioned.

Why am I discussing the access of confidential phone information before the banking committee? One of the most common financial pretexts begins with either a pretext call to the consumer, impersonating someone from the phone company, or a pretext call to the phone company to develop enough personal information from their databases to be used as part of a further pretext against either the consumer or a financial institution.

Another method becoming more common is the use of a trojan check. I cover this method in my written statement, and will be happy to address any questions the committee may have. I suffice it to say there's great debate in the investigative broker, and might add, legal communities as to the legality of this practice given GLB and the deceptive trade practice statutes. While the debate continues, so does the practice.

Informal networks of investigators, info brokers, judgment collectors and collection professionals are found all over the Internet. It is common to see requests for contacts in financial service institutions. Some collection professionals openly advertise their ability to provide information maintained within their files. Routinely, are an account and file numbers, along with the names of targets, placed on the Internet for inspection by others to determine if information can be traded or obtained.

And I would add that I have close to 2,000 such references of the methods that I'm discussing cataloged at home on my computer that I've collected over the last two years.

Vehicle tracking devices are being offered for sale in order to follow or record the travels of citizens. While not directly relevant to the pretext of financial information, it demonstrates the lengths that some will go to in order to obtain information on citizens in the United States today.

If law enforcement agencies of state and federal governments were caught doing these practices, absent a constitutionally permissible purpose and/or court order, there would be rioting in the streets. Yet, everyday these events are carried out by private investigators, information brokers and judgment collectors who have no authority above that of a private citizen, and no one seems to blame you. From where I sit, my privacy is just as violated, whether the intrusion comes from a person with a badge or not.

I would like to make some suggestions concerning what needs to be done to continue the battle.

First and foremost, we need swift, aggressive nationwide action by law enforcement to begin criminal investigations and prosecution of those who are thumbing their nose at the provisions of Gramm-Leach- Bliley and other appropriate statutes. I hope the information I provided in 1998 and today supports this conclusion.

Second, GLB needs to be amended. The narrowly-crafted child support exemption for the use of pretext is being used as an advertising shield by private investigators to hide behind while continuing the covert sale of financial information that falls outside of the GLB exemption.

I've prepared a lengthy analysis for the committee's consideration in my written testimony. Simply put, there's no legitimate reason to continue the child support exemption to Gramm- Leach-Bliley.

Third. Financial institutions must continue to work. They have started to take every precaution necessary to teach all banking employees about the methods associated with identity theft.

Fourth. The federal regulatory agencies must continue their efforts to stay abreast of information, security threats, and implement appropriate standards and regulations.

Finally, this committee must continue on a regular basis to exercise the appropriate oversight functions necessary to ensure that the agencies of the federal government continue to take every step available to stop illegal access of confidential information.

In closing, when I appeared before this committee in 1998, I recited a long laundry list of the dangers posed by the deceptive methods in use by some private investigators and information brokers to gain illegal access to confidential and protective information. There were some who found it hard to believe that what I claimed was true or serious as I presented the problem. However, those in the investigative and information broker industries who were practicing these techniques knew that I had spoken honestly, and were not pleased to have sunshine illuminating their practices.

These practices continue to this day, and threaten the soundness of our financial system and the rule of law. These very techniques used indeed put more than information and money in jeopardy. And here, I might part company with you, Mr. Chairman, in your opening statement about threats to lives.

One look no further than the case of Touchtone services, which we heard referred to earlier. While I've described in detail the activities of Touchtone in my written statement, I'd like to point out that by using the means of pretext, that I've been discussing for several years now with this committee and others within the United States Congress, Touchtone endangered the lives of many undercover police officers in Los Angeles in a case involving organized crime.

Mr. Chairman, one of my best friends, the father of my godchildren, is a police officer serving within sight of the Capitol steps. On his behalf, and on the behalf of the American people, I ask that federal law enforcement begin to take this problem seriously before disaster strikes, and we all return to this room to do a postmortem.

Mr. Chairman and members of the committee, as I leave you today, I hope that the time and effort I have placed in this testimony will serve as a blueprint for further examination by this Congress of matters deserving attention. Thank you.

REP. LEACH: Well, thank you very much, Mr. Douglas.

Mr. Boulden.

MR. BOULDEN: Thank you, Mr. Chairman. And thank you for allowing me to tell my story today.

About eight months ago, I decided to switch my checking account from U.S. Bank to Washington Mutual. To my amazement, I was denied an account there. Upon getting denied, I asked to see my credit report to see what had caused the denial. What I found was incredible.

Washington Mutual told me that when they ran my social security number 12 different names showed up. Twelve different people were using my social security number to obtain credit. Despite the fact these people were using their own personal identifying information, including names and addresses, all of the information about credit inquiries and accounts had been tied to my credit report in some way or another.

It appears that the identity thieves used my social security number to open accounts with AT&T Wireless, Bank of America, Citibank, Capital One, Gastalks, Macy's, Oscar Supply Hardware, Payless, Home Depot, Associates Corner, Household Credit, Dayton Hudson, Montgomery Wards, GMAC, People's Bank, and perhaps others.

At one bank, three people opened accounts using the same social security number, mine. But the bank didn't seem to notice.

They opened two car loans through GMAC. I sent the bank a letter requesting help in March. They haven't replied.

In many of these cases, I'm not sure who has bought what and for how much because the creditors won't give me the information without a subpoena. It's obvious to me that the banks and credit bureaus aren't doing any checking. I'm frustrated that the credit bureaus didn't notice me when the multiple people were using the same social security number. In this age of computer technology, that should have raised a huge red flag.

I noticed that 4311 requires credit bureaus to investigate discrepancies between information they have on file and information being given to them by banks and stores. Perhaps such a law should, and would, have triggered further investigation in my case.

As a result of this problem, I can't obtain credit anywhere. I have been denied my Meier & Frank, U.S. Bank, and Capital One. Interestingly enough, one credit card company which approved an account for someone else who is using my social security number denied me credit.

I have been denied a car loan, so I'm still driving my '83 Oldsmobile which is on its last legs, and have been denied a personal loan. I am very lucky that I did not have a credit check done to get my apartment, or I might not have a place to live.

Dealing with this situation has been very difficult. I have had to take several days off of work, spend hours on the phone trying to speak with live representatives of creditors and credit bureaus so I could fix these problems, but the problems haven't gotten worked out yet.

The credit bureaus have not been particularly helpful in solving these problems, partly because they say they haven't never seen anything like it and don't know how to deal with it. Although the credit bureaus have put fraud alerts on my account, they haven't done much to help me get rid of my bad credit. Transunion has removed several names from my credit report. But recently I found that new people have been opening accounts using my social security number, even after I had put a fraud alert on. This has shown me that creditors should be required to honor the fraud alert, as it's called by H.R. 4311.

Further adding insult to injury, Experian won't give me the names of the people using my social security number, nor will they tell me what accounts are open under my social security number. Even though the other names have easily been put on my credit report, the credit bureaus have required proof from me that I am really Shon Boulden before they help me at all. I even tried to apply for a new social security number which would prevent continued fraud, but I am afraid that won't help me get my credit straightened out.

I fear everyday that I won't be able to get this fixed, and I'll have bad credit for my whole life. As a young person, I need credit to get started in life. In the coming years, I will want to buy a car, a home, finance my education, and maybe even start a business. Without good credit, I won't be able to do any of these things.

In addition to working with someone from the Secret Service in Portland, and the Federal Trade Commission, I have filed a police report with the Hillsboro Police Department, which is working with the Los Angeles Police Department, since most of the fraud has taken place in Southern California. However, it is clear to me that scarce resources limit what law enforcement can do to help victims like myself.

I would like to mention that through this ordeal, the Federal Trade Commission has been extremely helpful, especially Kathleen Laundi (sp), who has spent hours on the phone with me gathering information on my case, telling me what I need to do to clear it up, and checking up on me periodically.

In closing, I would like to thank Representatives Hooley and LaTourette for introducing the Identity Theft Protection Act. It is my hope that this committee will seriously consider passing H.R. 4311, or other legislation that will help victims like me to not only restore our good names, but prevent identity fraud from happening in the first place.

REP. LEACH: Well, thank you very much, Mr. Boulden. Several years ago we had a doctor from the Mayo Clinic who had her theft stolen. And I remember thinking at the time -- and I think of it in your instance -- part of the repair may be psychological assistance. I mean, to have this great an intrusion on your life is extraordinary, the hours that she and you have gone through to try to straighten things out, and in most instances neither fully achieved it. It's got to be a dilemma of extraordinary proportions.

We're going to have to break because of a vote. But let me just say that this is an identity issue that's extraordinary for the individual. And another way of looking at it -- and one reason I'm a little concern with some of the opposition to our approach -- this is, from the banking industry's perspective, a theft of bank information. It's a bank robbery. And I think all banks in America ought to be as alarmed as the individual who is so vehemently injured, with difficulty. There's nothing like a personal example to make clear what the dilemma is.

In any regard, at this point I apologize. We have not only a vote on the floor, we have a series of votes. I'm told six. And so, what I would like to do is recess pending the votes. And we'll do it to a time certain. There's a snack bar below, et cetera.

We will recess until 1:15, at which point I'd like to be able to ask the panelists questions, for the both of you, and then we'll go to the next panel. Thank you very much.

(Recess.)

REP. LEACH: The committee will reconvene.

Let me begin the question to you, Mr. Douglas. And it's about the concept of intervention through sting. Do you think that's an appropriate law enforcement technique? The modest effort that the committee went through with your assistance seemed to reveal a wide range of problems.

Do you think this is an appropriate circumstance for such techniques?

MR. DOUGLAS: Absolutely, Mr. Chairman. And I think you'll probably recall from my testimony two years ago, I believe in the conclusion I said that -- somewhat perhaps in a minimalist approach -- one federal law enforcement officer with a fax machine, computer and telephone could catch these criminals and get things underway. Well, I think we proved that in the survey that we conducted out of your offices on August 30th. None of us are exactly the most seasoned of criminal investigators; and yet, it's very easy to catch these folks, and that the exhibits and other documents that I've provided to your staff over the last three years I think adequately demonstrate it's right in front of our noses.

I heard the discussion between you and Mr. LaFalce and the FTC representative trying to thrash out a little bit about whether there could be criminal prosecution for advertisements. I can certainly see some constitutional issues there. But on the civil side, the state of Massachusetts, who was represented in this hearing two years ago, both prior to that hearing and subsequently, was extremely effective within their state to the point of many information brokers specifically advertising in their ads that they will not take cases in the state of Massachusetts.

So that tells you that if you crack the whip a little bit, they do pay attention. But the way that they often went after them was just in the wording of the advertisement alone, under Massachusetts state provisions, very similar to the federal provisions, dealing with unfair and accepted trade practices, bringing the ads themselves and the questions.

So when you see ads that claim a 90 percent hit ratio; when you see ads, such as one we have today -- the print is so fine, you can't see it from the podium, I'm sure, but talks about accessing proprietary databases. That's Docu-Search's ad, who until just recently was saying that they were accessing federal databases, Mr. Chairman. And many of these ads reference that they access the Federal Reserve's databases.

Well, you and I both know that that's not the truth. They know it's not the truth. And I've spoken publicly so much about Docu- Search, that he changed that portion of his ad to say a proprietary database.

So I think the FTC, just on the ads alone, could send cease and desist letters very similar to what we've seen them do just in the past two to three months in other scan type operations that have gotten a lot of publicity in the news.

REP. LEACH: If I could interrupt for a second.

I asked earlier, is there a representative of the FTC still here? Good. And you're taking notes? Thank you

MR. DOUGLAS: And if I could say, I'd be more than willing to share my database with them. I've got over 2,000 emails documenting where this is going on, in what chat rooms it takes place, where trick information is traded. And without saying much more, I have shared some of that with the FTC before.

REP. LEACH: Why, thank you. I will tell you, I've never known of a citizen taking on an issue with such an interesting way. And I think public sector and the public is in your debt. And I'm certainly appreciative of your efforts.

MR. DOUGLAS: Thank you.

Shon, I'm intrigued at two aspects of your dilemma. One is that you thought through the prospect of changing your social security number. Has the government been cooperative in helping in that regard? And is this an easy thing to do?

MR. BOULDEN: No, it's not because if you change your social security number -- well, the first point, if you try to change your social security number, they want me to have a substantial amount of evidence that there is fraud going on, which I need to contact individual creditors and get the actual applications of where these identity thieves have actually put in my social security number.

REP. LEACH: And they may consider that to be a privacy invasion of a crook.

MR. BOULDEN: And I can't get any of that information without a subpoena from a law enforcement agency.

REP. LEACH: Well, this is a dilemma that we might want to think through, and talk to the Social Security Administration about.

The second aspect that has been discussed in other environments, and a little bit earlier in the committee before -- that is today -- what happens when an individual identifies that he's been misrepresented, how does one clear one's name? And whether the methodologies are in place. In this regard, if we think in terms of the FTC, whether there are standardized procedures that credit agencies can be expected to follow, and whether these procedures are reviewed so that credibly someone can take the appropriate steps in the appropriate way.

I know from the testimony several years ago of the doctor from the Mayo Clinic, this issue persisted, and persisted, and persisted. And in her case almost destroyed her medical practice; she had to spend so much time trying to figure out how to put her life together in terms of finances.

I can think of a young guy -- and I don't know if you're single or married. But I can visualize walking into a jewelry store and saying, I want to get an engagement ring, and how difficult that might be if it were to be on credit, and just so many different episodes that can occur.

And so it's conceivable in aspect of this to shift social security numbers. I don't know just how ready those facilities are. And I'm just thinking in terms of common practices that, for example, the FTC or the banking regulators might be interested in. I can see where a bank would be hesitant to give out information data on somebody else, even though that person is a criminal, but they certainly can give out affirmations that such exists. And that that might be part of a process by which one can go forward with either new social security numbers of new credit arrangements with other institutions.

I will tell you, this committee is going to write you a letter of appreciation for your testimony that might be used by you as evidence to indicate improper circumstances that occurred in your life.

MR. BOULDEN: Thank you.

REP. LEACH: Ms. Hooley.

REP. HOOLEY: Thank you, Mr. Chair.

Mr. Douglas, thank you for testimony. It was terrific.

Let me ask you a little bit about the credit header. How do I get information from a credit report, and how is that information sold, and who is it sold to, and by whom? And do you think it's important to eliminate social security numbers from the credit header? Just talk to me a little bit about how it's used, what happens to it, who it's sold to-- all of those things.

MR. DOUGLAS: Sure.

The process essentially works like this. The credit reporting agencies -- I think for the most part, the big three -- resell the credit header information. And for those that aren't aware of what that is, that's classically been considered the biographical, sometimes I think with the misperception believed to be commonly and publicly available information. In fact, I've often heard it referred to as the publicly available biographical information, that is literally above the break line on a credit report, where the credit reporting data begins. And that's why it's called the header.

It is legal to sell that information, or it's historically been legal to sell that information. And it is sent out, and sold, and repackaged by information brokers. I'll use that term. And I don't mean that in the same phrase that I'm using in regard to these criminals I'm talking about. And it's repackaged in a number of different ways.

I'll give you an example. And I wish I had brought one with me today. But it's the example I used, in part, over at the Pentagon.

It is repackaged in one instance into a product called Faces of the Nation. And by simply providing two pieces of matching information to the credit header, whether it be a name and address, name and social security number, any two pieces -- birthdate -- it will spit back to you a product that will include all of the biographical data maintained by the credit reporting agency, sometimes including employment information, sometimes including mother's maiden name, which as we all know is an access point for many security systems around the country. And it will have information, incredibly enough, about neighbors, their names, addresses and phone numbers. So that the potential privacy aspects, if you will, starts to spider out to others who weren't even involved in the initial investigation, other public records. And all of this is legal.

All of this is public record information compiled into one report by means of beginning with the credit header-- boating information, automobiles, DMV information, telephone information, professional license information.

A typical report, one that I pulled on a high ranking officer in the military, ran to about 17 pages. It includes information about relatives. In fact, that's one way you can track relatives of an individual. So in the hands of a stalker, and in the hands of others, it's very potentially dangerous.

At the same time, it does have many potentially good uses. And I used it as a private investigator for many years for what I would hope to be valid reasons. The problem is there seems to be more and more people like we see on the Internet, just selling it, literally where you just fill in blanks on the screen, and get it back within a minute or two, or certainly within a day. And with that level of access, there seems to be that even the informal checks and balances that existed between the private investigative, and the credit reporting and the information broker agencies have evaporated.

And remember, it's not only available to U.S. citizens, but anyone around the world. So the barriers are no longer there.

And I have been talking for several years now, and appearing before many committees on the Hill here, that there need to be further restrictions to the credit header in compliance with the FCRA, which I think still give the opportunities to lawful investigators by restricting the access to those who might do harm to others.

REP. HOOLEY: So do you think the social security number should be eliminated from the header?

MR. DOUGLAS: I was afraid you'd remember that you asked that question.

REP. HOOLEY: I did remember.

MR. DOUGLAS: It's a very complex issue; it really is. And I get asked that every time I'm up here, usually phrased more as, should we do away with the social security number altogether.

Yes. I would say in open access to social security numbers, I think at this point we have crossed the line, and you have to restrict it because it is the starting point to all information contained in these massive databases, both maintained within the government, but even more so today, in the private sector.

I mean, companies like Axion, Micro Strategy, right here in the D.C. suburbs, this is how they're making their living, is compiling all this information. On the one hand, it's driving the information age. And I believe it's really responsible for leading the economy the way that it has been going for many years. We are an information society, and we lead the world in that area. But the other side, we need to balance that with who's going to have access and under what circumstances. And I would tend to lean towards restricting it under the FCRA.

REP. HOOLEY: Thank you.

Shon, thank you very much for being here today, and taking your time to come out and testify in front of the committee. You did a great job.

I'd like to also introduce Joleen (sp), who's in the audience, who came with Shon. Thank you for coming.

Shon, one of the things this bill requires is that, if fraud has been committed, that you notify the credit bureaus; they put a fraud alert in, which means that you may ask them if anybody's looking for my credit. You put a fraud alert in. If you're going to give anybody credit, you have to call me at home.

Did you put a fraud alert on your credit report?

MR. BOULDEN: Yes, I did.

REP. HOOLEY: When they gave credit to other people -- obviously, if you've got 12 different people using your social security number. Did you ever get a call?

MR. BOULDEN: No, not once.

REP. HOOLEY: Not once.

MR. BOULDEN: I put the fraud alert on, and a couple months later I had checked back with the credit bureau, and one of the representatives had told me that there were more names on -- the names had been removed. Now there are new names on my credit report.

REP. HOOLEY: So even though they had removed names, they now were adding new names because other people were still using it?

MR. BOULDEN: Yes. Creditors were still applying that information.

REP. HOOLEY: Even though there was a fraud alert on it?

MR. BOULDEN: Yes.

REP. HOOLEY: Do you have a credit card?

MR. BOULDEN: No, I don't.

REP. HOOLEY: Can you get a credit card?

MR. BOULDEN: No. I tried to get a secured credit card through U.S. Bank, which takes money out of your own account. And they wouldn't give me a secured credit card.

REP. HOOLEY: So how do you do sort of, I guess what I think of as normal things. I mean, if I'm going on a vacation, I call and I reserve a hotel, or rental car, or airplane tickets via a credit card. I know we used to do these without credit cards, but nowadays that's how you reserve most hotel rooms.

How do you do reserve a hotel room?

MR. BOULDEN: I don't. When I go on vacation, I just try to find a room and pay cash.

REP. HOOLEY: Okay. So you really can't make it ahead of time then?

MR. BOULDEN: Yeah.

REP. HOOLEY: So you're really at a disadvantage. And if you wanted to take out a student loan? Can you get a student loan so you can go to school?

MR. BOULDEN: I don't think so. Any kind of credit I've tried to apply for, even a Meier & Frank card, which in high school, my friends were getting Meier & Frank cards. And they were trying to build their credit and start there. And I'd gone there, and they denied me. I didn't know why. That was about when I was 18 years old. And I really didn't know anything about how credit worked, or how the credit bureaus worked, and all that kind of stuff.

REP. HOOLEY: You've had an education?

MR. BOULDEN: What's that?

REP. HOOLEY: I said, you've had an education.

MR. BOULDEN: Yeah.

REP. HOOLEY: Maybe not the kind of education you wanted, however.

MR. BOULDEN: Yeah, I do know a lot about the situation now, and have talked to other people about it.

REP. HOOLEY: How long had this been going on before you found out about it?

MR. BOULDEN: All the fraud?

REP. HOOLEY: Yeah.

MR. BOULDEN: I think the earliest case might have been 1996 or '97. I think the individual -- somehow my social security number worked for them. Maybe because I'd never established any kind of credit.

REP. HOOLEY: So they were using it before you had even established credit?

MR. BOULDEN: Yes.

REP. HOOLEY: Thank you, again, for coming and talking about what happened to you.

And I can't imagine anything, Mr. Chair, more frustrating than to be caught in this situation where somebody just starting out with trying to build their life and build a good credit rating, how awful this must be. Thank you.

REP. LEACH: And I want to thank you for suggesting that Shon be a witness.

For the record -- because I just think putting a personality behind something is important -- how old are you, Shon?

MR. BOULDEN: Twenty-two.

REP. LEACH: And do you have a job?

MR. BOULDEN: I was working for a guitar store for two years, and then it went out of business last month.

REP. LEACH: Okay. So you would be an employee of a tire store?

MR. BOULDEN: Yes.

REP. LEACH: And are you going on to college at all? Are you going to junior college?

MR. BOULDEN: Community college, yeah. It's kind of tough for me right now because I'm paying for all my college myself right now. And I can't get credit to --

REP. LEACH: Understood.

MR. BOULDEN: -- pay for that kind of stuff. It's a little hard. I'm trying to make an effort to get that done. This is probably the first thing that I'm trying to fix in my life right now, is my credit and this situation.

REP. LEACH: Let me just thank you again. And also really underscore how appreciative I am of Ms. Hooley and her efforts in this area, as well as her bringing you out here, or suggesting that you come out here. Thank you.

MR. BOULDEN: Thank you, Mr. Chairman.

REP. LEACH: One last question for you, Mr. Douglas. Maybe it was to hurried, but I didn't get the subtleties of the new issue, to me at least, of how telephone companies become so easily involved. And can you show an example?

Let's say, you have a dishonest intent in mind against an individual. How would you start with the telephone company? What would be the process you'd go through?

MR. DOUGLAS: Historically, phone record information has been for sale, and it's been accessed through the same pretext methods that we discussed two years ago against financial institutions. With the advent of GLB and some of the attention that's come to past, the criminals that are doing this are finding it's easier to start to gather the pieces of biographical data they need to assume the identity of the subject that they want to impersonate with the financial institution via the phone company's own databases.

And so, we have two situations here. One, historically, the phone company was involved as a piece of financial pretext because one of the most common methods used can be against the consumer them self. And it will start like this.

The information broker will call the phone company impersonating the subject of the investigation. And by just having the phone number, even the name and address, and giving some excuses as to why they need some information -- there's a problem with their phone bill, they need to make a change on the account -- they convince the phone company to open up their database to look at their computer screen, and confirm or pass on information.

And it's done as a con. If you know a few pieces of information, you normally can convince an operator on the other end, or a customer service representative that you're that person, and sometimes posing relatively crafty questions, or sometimes not. Just saying, "Gee, what are you showing me there for that second phone number in the house?" "My wife just got us an unlisted number. I've lost track of it. What has she got on that second line?" Because they already are convinced in their mind that you are who you are posing to be, they just start reading anything off the screen.

And I think the chairman's aware, as I finished up my testimony this weekend, I found a case right in your home state, on the Des Moines Register, of a woman who is now suing MCI because her ex- husband/stalker was calling the phone company, and not even trying to impersonate her, but just claiming -- some of this is a little bit of assumption from the article, knowing how these things work -- to still be her husband, and have a rightful knowledge to the information, even though this woman kept calling the phone company and putting them on alert that she was being stalked by this man, and her friends were. And under subpoena the phone records showed a warning on the account not to give out account information.

How it ends up being part of the financial pretext is, once they've gathered enough information about the account with the phone company, they will then call the consumer and pose as a representative of the phone company, "Gee, Congressman Leach, your phone bill's overdue. We don't want to shut it off. Did you pay the bill?"

"Well, of course I did."

"Can you go get me your check book, and let's check your information against what we might have on this end, so we can double check. We don't want to put your credit in jeopardy with the company or put your account in jeopardy with the company."

So you immediately rush off because you want to prove you paid the bill. You get your check book. And they say, "Well, gee, what check number was that? We'll check it against our database. Maybe it got lost in the shuffle."

Being a trusting person, you give out the check number. "And how much was the check for? Let's match it against your balance."

"Well, I paid $94.92 here."

"Oh, that matches up, Congressman Leach. All right, for the last track, just read me those numbers across the bottom of the check there."

"Okay." And that's the routing number, that's your account number, and that's the check number encoded in the numbers at the bottom of the check.

Now, the information broker has all of your account information, can call your institution and pose as you because they've got your biographical data, they've got your account number. They even know about what check number you're at, based on when you wrote that check to the company. So if asked for a check number, you say, "Well, I don't have it with me, and I'm right around check 1043," with a fairly safe guess that they've done that. And you're starting to ring true now to them.

Now you can get the exact balance in the account, and start looking at what other information that bank may hold. We just saw the merger announcement of Chase and I'm forgetting who else right now. But with these conglomerates who are out there, and, quite frankly, with GLB opening up other areas, once you're in, you're in. And now if you convince somebody, whatever they've got access to on that screen becomes fair game. So I hope that's helpful.

Now the final piece of that puzzle is we have advertisements over here of seminars -- secret seminars -- being held around the country by a woman by the name of Michele Ma Yontif (sp), is how she bills herself, teaching supposedly private investigators, information brokers, and -- does this ring a bell from two years ago -- the law enforcement.

Now, I'm not here to say that law enforcement's attending these. But the door appears to be open; maybe somebody ought to go. And if they don't want to go to that trouble, I have the materials. I penetrated it myself, and I've got the materials that they're handing out. And you'll note some of their own quotes in the advertisements refer to, "With so many of our tools of the trade being taken from us by recent privacy laws, this is a must-attend seminar. No recording of any kind will be permitted, extensive security measures." They use metal detectors on people coming in to be sure there are no recording devices coming in. And she'll show you how to skip, trace and locate like never before by using the telecom as a database.

And in some of those several thousand pieces of information that I've categorized and put away over the years, there's a lot of traffic about these seminars, one of which took place in your home state just within the last month. There's one in Los Angeles. And as of this morning, I saw six more that are planned over the next three months around the country, where 100 to 200 private investigators and information brokers are attending at a time. And they're being taught the lingo, the workings. I have a glossary book that runs to over a thousand entries of terminology used within the telephone companies. So why? So when you call them you know how to sound like you work within the phone company.

REP. LEACH: Well, it used to be said that, the old communist party of the United States was, "No one could get the right number on it because most of the people that attended the meetings were FBI agents." And I hope this next seminar has someone from the FTC and the Secret Service.

MR. DOUGLAS: Can I make one final point?

REP. LEACH: Yeah, go ahead.

MR. DOUGLAS: Especially with particular reference to Shon.

Over the last two years, Mr. Chairman, I've spoken to a number of groups around the country. And I've gotten in the habit of making it personal for them in many ways. And one of the questions I always ask is -- and we could almost do it here, I bet -- how many people in the room have either been the victim of identity theft or knows somebody, either a relative or friend, who has? And invariably, around 50 percent of the hands go up.

We know that the statistics are running upwards at 500,000 cases a year -- these are government statistics, not Rob Douglas statistics -- at an average loss of $17,000 per case. Do the math.

And what I've also taken to saying is, if this were the situation, and it was a medical problem, it would be considered the plague. And yet, we really don't see much going on to address this at a law enforcement level.

I listened to the Secret Service this morning talk about organized crime. It's clear that organized crime is involved in this. And $100,000 thresholds at U.S. attorneys offices are laughable. It's ridiculous. And those numbers could be reached by aggregation if they did a little digging, because these aren't just one guy going and dumpster diving. These are teams of professionals doing this, and with little scratching you would find the $100,000 threshold me through aggregation of the case. You could use RICO (sp), or you could use other organized crime statutes.

I don't mean to take up the chairman's time. It's just that I get a little frustrated.

REP. LEACH: Well, I appreciate that. And I think the notion of RICO ought to be reviewed in this context.

I'll just conclude with, two years ago, you were on a panel, and one of your other panelists was someone who participated in disreputable practices. And what he was really saying is, we are particularly to society despite our laws because of the nature of Americans. He didn't say it this way, but that's what he meant. That is, Americans are very trusting. And so, a nice voice calls up a bank interior person, and they believe them. And he gave the example. He'd call up a bank. He said he never failed, ever, to get information. That's a very strong statement-- never failed.

And he gave the example of a bank. The guy said, "Well, what's your mother's maiden name?" They apparently had this on record. He said, "Well, it's Smith." And the person on the other end of the line says, "No, it is not."

And he says, "What do you have down there?" And they say, "Well, we can't tell you." And he goes into this fake offense and says, "You've messed up my records again. I'm going to call the president. You know it's Smith, and I know it's Smith. I'm calling your president."

And they said, "Well, we'll change it." And so they change it to Smith. They give out the information. Then the real person calls and they say, "What's your mother's maiden name?" and they give Jones. "No, it isn't." They've already changed it on behalf of the first guy.ericans are a trusting breed. And so, one of our problems is, how do you do deal with a dilemma with the massive trust of the American populist? I mean, it's not the fault of banks. It's not the fault of -- I mean, it's not an institutional fault; it's a human nature circumstance of this country. And so, what do we do to limit it at an absolute minimum?

Now it's federal law -- not state law, it's federal law -- that one would think that the law enforcement people in the United States would make this an extraordinarily high priority.

MR. DOUGLAS: One would think.

REP. LEACH: And if we do the math that you just suggested, and cut it by a tenth, on the assumption that that might be invalid, it is still extraordinary, absolutely extraordinary.

And it was does to people. My guess is, for every Shon that's really fought the system, there are a dozen that don't even fight, and don't know what to do, and are just beleaguered. And just live a beleaguered life, and might even feel guilty about it. It's almost as if the innocent become the guilt infected. Could possibly Shon left a wallet somewhere at some time in his life? And so, is he at fault? And obviously, he isn't.

I happen to think I'm the most susceptible person in the world because my wife can't remember where she puts her purse. I take that back. I want that exited from the record here.

(Laughter.)

But I appreciate very much your testimony, and I thank you very much.

MR. DOUGLAS: Thank you.

Our final panel consist of Richard H. Harvey, Jr., who's vice president of Chevy Chase Bank, one of the truly respected banks in the Nation's Capitol, on behalf of the American Bankers Association; Mr. Stuart K. Pratt, who's vice president of the Associated Credit Bureaus, Inc., Mr. Ronald S. Plesser, who is coordinator of the Individual Reference Services Group; Ms. Janine Benner, Consumer Associate of the California Public Interest Research Group; and Mr. Bruce H. Hulme, who's president of Special Investigations, Inc., on behalf of the National Council of Investigation and Security Services.

And we will begin with Mr. Plesser.

MR. PLESSER: Mr. Chairman, thank you so much for calling on me first. Privacy is a very popular issue these days, and there's a conference up at the Shoreham that I'm suppose to be at and give a presentation at 2:30. So if I leave a little early, I hope you understand that.

The Individual Reference Services Group is delighted to be here. Bob Glass (sp) of Lexus Nexus represented the Individual Reference Services Group two or three years ago in your hearings, where I think he came up, and we very much supported the chairman's legislation on pretext interviewing and the abuses in the system. We very much support the efforts that were referred to before, to eliminate the abuses of the system. But in eliminating the abuses of the system, I think it is very important not to eliminate the benefits of the system. And it's that balance that I think we'd like to work with you and continue to work with you.

The RSG represents leading information industry companies, including major credit reporting agencies that provide commercial information services to help verify the identity of or locate individuals. Customers use Individual Reference Services for a variety of purposes. They include finding witnesses, heirs, pension beneficiaries, hidden assets. Indeed, regulations issued by several federal agencies require the use of these types of services.

For example, if you're going to wind up a pension fund, you have to look up services to find anybody who is entitled to money under that fund; tracking down missing and exploited children, finding dead- beat dads. Let me stop at dead-beat dads. It was brought up before, and I think it really focuses a critical issue.

The Individual Reference Service Group opposes, and has opposed, in regulation, in self-regulation, and would support appropriate regulation that would limit the display or sale of social security numbers to the public. We don't think it belongs on the Internet. We think we've had a good role in keeping it off the Internet. But that's not to say that there isn't uses of the social security number, indeed including those that come from credit header reports.

Typically in a dead-beat dad situation, the spouse will know the social security number. So companies like Lexus, or other companies that provide this information, will never display the social security number. What they will do though is, if the person making the inquiry comes in with a social security number, then they will identify the current address and name of the person that they have. This allows, for example, in dead-beat dads about a 50 percent find rate to be increased up to a 95 percent find rate.

We think this is the way to balance the interest, allow social security numbers to be used to make sure that we're using and finding the right person, but never let it be displayed or disclosed to the public. It's also used to locate blood, bone and organ donors and verifying the identities of contributors to political campaigns.

Each of the companies that belong to the RSG has adopted self- regulatory principles governing the dissemination and use of personal data. The RSG developed these principles in 1997 in conjunction with the Federal Trade Commission. And although it was not mentioned this morning, the Federal Trade Commission in December of 1997 issued a very extensive report on look-up services, and said because of the self-regulatory activity, they did not see the need for legislation at that time. And I'm not sure that I know of anything that has changed that. I think they're responding to requests here. But clearly as recently as '97 -- and there's no reason to change -- they supported the industry's activities, and thought they were positive in controlling the use of credit header information.

When this committee adopted the Fair Credit Reporting Act amendment in 1996, they tasked the Federal Reserve Board, who was looking at Individual Reference Services and these look-up lists and services to find if they led to identity theft, which seems to be the undercurrent of the question here. In fact, they found no evidence. And I want to be very careful. I think they said that they were concerned about it. But they said there was no evidence, absolutely no evidence, that the look-up services created or led to identity theft.

I think the case that we like to make is that these services, which allow financial institutions and others to make sure they know who they are dealing with, and to locate the people that they need to deal with, avoids identity theft. In fact, the Secret Service, who was here this morning, and many federal agencies use the identity services -- the look-up services -- to make sure that they can locate and identify the right people. We believe the customers we work with, I don't think they will support the proposition; that it decreases identity theft rather than increases it.

As part of these principles, companies commit, among other things, to restrict their distribution of non-public information through appropriate safeguards. One such safeguard prohibits the display of social security numbers and dates of birth in individual reference service products distributed to the general public, and for products distributed to professional and commercial users.

So if you're a lawyer, and you have Lexus Nexus or Westlaw, or one of the services, and you want to locate an individual, you can get the credit header report, but you will never get the full social security number nor the full date of birth. That was before Gramm- Leach-Bliley, and hopefully will survive Gramm-Leach-Bliley, depending on how the regulations are interpreted. The RSG does have litigation in terms of the interpretation of Gramm-Leach-Bliley by the FTC, not challenging the legislation, but challenging the regulations.

The products offered by the Individual Reference Services are used in the fight against identity theft, where verifying individuals' identity is crucial. Bank, credit card companies, and other types of credit institutions, as well as gas, electric, telephone, utility companies, and government agencies distributing public entitlement programs, are all increasingly becoming plagued by frauds who use an existing person's identity to illegally extract products, services and monies. We think the look-up services, as well as the credit reporting services, help to eliminate those frauds, not increase them.

I want to conclude quickly in just saying that H.R. 4311 would directly affect Individual Reference Services. Primarily, it would cut off most of the information coming through credit headers. Again, I think there are two points here. And perhaps, if Mr. Douglas was called back, maybe if we refined a question, he might answer it slightly different; I'm not sure. But we support the idea that credit header information should not be displayed or sold to the general public. And to the extent that there's legislation that this committee is working on that goes to that end, I think my members would be helpful in support of the effort. However, at the same time, we need to be able to use the social security number to make sure that we are dealing with the right person, we're not confusing people, and that we do have a means of verifying identity.

So we look forward to working with this committee on this process. And thank you very much for having me this afternoon, and the courtesy of letting me go first.

REP. LEACH: Thank you for your testimony. And you may leave at any point that you so desire.

We'll now turn to Mr. Harvey, who is the vice president of Chevy Chase Bank. And we welcome your testimony, sir.

Without objection, all full statements will be placed in the record. If you wish to summarize or proceed in any manner you see fit, you're welcome to.

REP. HOOLEY: Mr. Chair, just a real quick question. Mr. Plesser is not going to be here for questions; is that correct?

REP. LEACH: I think it's only fair that the other panelists be allowed -- if you had one quick question.

MR. PLESSER: I certainly will be happy to answer any question your office has on the record, but whatever the chairman would like.

REP. LEACH: I will say, this is a fairly informal hearing. And because you've got a position slightly different than Ms. Hooley's, why don't I --

REP. HOOLEY: Just one quick question.

REP. LEACH: Please, go ahead.

REP. HOOLEY: You talk about your need for social security numbers for making sure you're dealing with the right person, and these are legitimate purposes.

My question is, why can't you use their address and date of birth to verify that you're dealing with it? Why do you need to use social security numbers, and not some of those other identifiers, like date of birth, address and so forth?

MR. PLESSER: Well, date of birth, as a result of the Transunion case by the FTC -- which is now under appeal. But their later pronouncement, the month and year of birth would not be included in the credit header information. So we're losing both elements, number one.

Number two. I think it's all a level of quality. No one is going to come up to you and say the sky is falling on either element. But certainly, the social security number, particularly when somebody has it to begin with -- an ex-employer, an ex-spouse -- and can go forward with it, it becomes a very positive way of identifying the right person.

Often an ex-spouse, or if you're looking for a witness, you don't know the address.

If you knew the address, you wouldn't be using a look-up service. I mean, look-up services are basically use to find current addresses. So if you had that, you wouldn't need it. You have the name, but often names -- I'm Ronald L. Plesser.

If I decided to beat child support payments -- which I'm not interested in doing and happily married with two kids. But if I did, maybe I'd change my name to Richard Plesser, or it'd become R. Plesser, or it would become Reginald Plesser. It would become some derivative that I could probably kind of work into my record that would be hard to find me.

My name is a little bit unique. But if there's somebody with a Smith, Jones, Jenkins or other name that's a little bit more common, I think the social security number is a very critical element to make sure you're dealing with the right person.

REP. HOOLEY: Thank you, Mr. Chair, for your courtesy.

REP. LEACH: Mr. Harvey, we're to you.

MR. HARVEY: Thank you, Mr. Chairman.

I would like to thank you, Mr. Chairman, for holding this hearing. Your leadership has been instrumental in passing critical legislation on identity theft, and particularly on pretext calling over the last few years. These strong laws, which ABA strongly supported, make it a federal crime to obtain customer information by false pretenses, or to use stolen identity information.

While we appreciate the continuing concern of members of Congress on this issue, we believe that these changes are so significant that no new legislation is necessary at this time. Rather, the primary focus needs to be on enforcement of these laws.

At ABA, we've developed a number of measures to provide identity theft information to our customers. The first is an identity theft communications kit. This kit contains materials to help banks educate their customers on how to prevent identity theft, and how to resolve cases of those individuals who have become victims of identity theft.

I've included in my written statement several consumer steps from this kit. We encourage you, Mr. Chairman, and your colleagues, to use these documents in your own communications with your constituents to tell them how to protect themselves from identity theft.

REP. LEACH: If the gentleman will withhold for a second. Let me instruct the staff that we ought to have their kit on our Internet too. That would be very helpful.

Please, go ahead.

MR. HARVEY: Again, we would encourage you, Mr. Chairman, and your colleagues to use these documents in your own communications with your constituents to tell them how to protect themselves from identity theft, and what to do if they should ever become a victim of such crime. The greater the awareness of the American public on this issue, the greater the hope that this crime can be prevented.

The second is a training manual for spotting and avoiding pretext calls. This manual, developed with the assistance of Rod Douglas, is designed to train bank employees about common pretext methods, and how to recognize, deal with, and stop suspected cases. ABA has also provided to members a consumer privacy training video to help educate bank employees.

The ABA has been involved in other outreach programs as well, including media tours and a video news release on preventing identity theft. These programs have reached audiences totalling well over 60 million people.

Mr. Chairman, banks have every interest in finding workable methods to preventing this crime as the losses banks suffer in these cases are staggering. In fact, $3 out of every $4 lost by a community bank to check fraud was due to some form of identity theft. The news laws enacted over the last two years are sufficient to punish criminals who benefit from stealing another's identity. While we certainly appreciate the spirit in which H.R. 4311 is offered, we believe that additional legislation is not needed to prosecute pretext and identity theft criminals at this time.

Credit cards and other financial institutions have security measures in place, such as confirmation of identity before a credit card can be activated, that are best suited for their particular circumstances. Unfortunately, criminals are always trying to outsmart my industry, and any mandated requirements will only be temporarily effective as these criminals find ways around the new rules. When that happens, all that is left is added expenses for regulatory compliance for the card issuers, drawing funds away from more effective solutions and raising the cost of credit to our customers.

Mr. Chairman, I appreciate the opportunity to appear before this committee to discuss this important subject. I look forward to answering any questions you or the committee may have.

REP. LEACH: We have little less than eight minutes on a vote, and I think it would be unfair for you to start before that, Mr. Pratt. And so, I will recess and come back after the vote.

But I did want to just underscore one point of Mr. Harvey's, and I'm looking for the testimony; I wasn't following it.

You said $3 out of $4 lost. In what context?

MR. HARVEY: That's based upon an ABA survey that was in 1998.

REP. LEACH: I'm sorry, but $3 out of $4 of what?

MR. HARVEY: Of check fraud.

REP. LEACH: Of check fraud?

MR. HARVEY: Yes, sir.

REP. LEACH: Was identity theft.

MR. HARVEY: Absolutely.

REP. LEACH: Do you have any sense what the total magnitude of that is?

MR. HARVEY: We don't have any particular numbers that we can really point to, but we're continuing to research that.

REP. LEACH: So what you're asserting to the committee that is so extraordinary, that we're looking at something that's not only a robbery of bank information; it is a robbery of the bank itself. And that is a very serious thing.

MR. HARVEY: Absolutely.

REP. LEACH: And again, why I stress this is, we have a long history in this country of disproportionate and appropriate concern for bank robberies. This is another technique of bank robbery that, in my view, has gotten less law enforcement attention than any other technique of bank robbery. And all I'm saying is that the statistics you're placing on the table are very stunning. And that does not necessarily mean that any new legislative approach is wise or unwise. It simply means that attention to compliance with the current law is very important, and that there are techniques available, and that the lack of assertiveness is self-apparent.

MR. HARVEY: We agree with you, Mr. Chairman. In fact, that's why it's so important for us to pursue this from an enforcement standpoint. Everyone loses through identity theft. And the banks are suffering tremendous losses in the area of check fraud and other fraud as a result of this. We think the laws are in place; we'd just like to see them enforced vigorously.

REP. LEACH: Well, thank you, Mr. Harvey.

Let me say, we will recess pending the vote. To my understanding, it should be a shorter recess than the last recess. It's probably about 20 minutes.

REP. LEACH: The committee will reconvene.

Our next witness is Mr. Stuart K. Pratt, who's vice president of the Associated Credit Bureaus, Inc.

Mr. Pratt.

MR. PRATT: Mr. Chairman, thank you very much for your invitation for us to be a part of your hearing today. In fact, this is one of those issues that we have been very concerned about for a number of years here within our trade association as well.

My principal reason for being here today, it's always in part, is to try and inform and explain what our industry; and in fact, it's also in part to hear what others have to say about the issue. And we always end up at the end of this experience walking back from this experience with some new information for our own members.

So I guess my first commitment to you is that we will visit with the young victim who is here today to learn more about his specific experience, how it worked, why it occurred the way that it did. And it gives us a chance to look back and see if we have systemic problems that could be fixed.

For us, this is all about fixing the issue, not just resisting progress. The best indication of that, Mr. Chairman, is the initiatives we released earlier this year. And in fact, many of these will be on line during this quarter. These initiatives were our first effort to look at and compartmentalize the issue of identity theft into various portions.

For example, we have the prevention element, law enforcement. How can we create a real deterrent that ensures that when people think about perpetrating this crime, that they really understand there's going to be a consequence, you're going to go to jail. That's not the whole solution, but we think that a very important part of this is that there's a real, robust deterrent effect out there in the marketplace. And there's really two types of efforts that Congress has taken to, I think, add to the arsenal the right elements, at least on its face.

One is the pretexting effort that you've undertaken here in this committee and passed in this committee. Pretexting is a risk that exposes our own industry to the type of crime that we're concerned about today. And the other issue's, of course, the passage, or the other effort was the passage of the Identity Theft Assumption and Deterrence Act of 1998, which established a federal crime.

And consistent with some questions Mr. LaFalce raised earlier, our industry does a lot of work in the states as well as here in Congress. And we work with many of the states. I think we have over 30 states now that have a crime statute at the state level. And it's our commitment to you we will continue to work with states. And we have been meeting with attorneys general even during the summer period to encourage the passage of additional crime statutes that will ensure that every state has an actionable point, if you will.

On the enforcement area, we're also in conversations with the U.S. postal inspectors and other law enforcement. One of the key questions, again, I think that Mr. LaFalce and you yourself were very on point with, and that is, it's a newer crime, and so it's not out there in the general law enforcement marketplace. Every officer out there doesn't really know whether or not this is a crime, doesn't know what crime statute to go to. It isn't an easy case. And so, I think that there's some efforts that the private sector can help undertake, and help to underwrite, to ensure that law enforcement is educated about the tools, even the FTC's database, which does allow aggregation of the amount of the crime that's occurring in any particular area. So I think that these are some good efforts that are going forward.

Our initiatives focused on another component of the crime, specifically the area of victim assistance. After the crime has been perpetrated, I think there's several questions-- Where do I go? How do I fix my situation? And in fact, we had a chance to meet with the ABA prior to the final product that they produced. And it's a good product. It's the kind of thing -- in fact, the FTC has produced some excellent materials on how do you go about beginning to extricate yourself from this situation.

And it is a different type of crime. It is different from credit card fraud in it's original form. It isn't just a matter of whether I'm out $50, or whether I call and cancel a card and get another one. It is longitudinal; it's time consuming. The question for us is how to reduce that. Our initiatives are our way of beginning to do that.

For example, even on a credit history, we'll look at the inquiry section of a file. And where a consumer says, "You know, I don't recognize that company. I don't know that I did business with that lender," we'll email a transmission back to that lender to make sure that they're aware that they may be at risk. They may have opened up a fraudulent credit account of some sort. This gives us, and the lender, and the consumer all a chance to fix it faster. And that's really I think elemental to all of this, is how do we fix it faster.

Another example which I think addresses some of the issues here is the longitudinal effect of the crime. We actually hired a former attorney general to work with us on this project. And one of the issues, with the interviews with victims and interviews with our own consumer relations personnel, was that we discovered consumers are seeing it happen again, and again, and again over time. And this is extraordinarily frustrating. And unlike being able to lock the doors on my house, I can't necessarily know what's happening with my credit history after it's been brought whole.

One of our initiatives addresses that. We'll re-investigate, and you're going to look at your file, and we'll pull it together under the Fair Credit Reporting Act duties that we have. And there's your file back together, and we think we've taken care of at least the initial round of the crime.

But we are committing ourselves to building better products that will then monitor activity on that file so that over a period of time, three months more, we'll be able to tell that consumer, we've seen some additional file activity on your file. Would you like another copy of your file? Would you like an 800 number to call somebody? Would you like to talk to somebody? This goes beyond the law, but actually I think it's fairly common sense. That gives everybody a chance to stay in touch with each other to make sure that the credit history that's been brought whole, remains whole.

It's a two-fold benefit. For us, it assures that we have a consumer who's satisfied. And it also assures that we have banks who are confident in the products we produce for safety, and soundness, and risk management, and all of those things that we do.

So for us, it's a practical assessment. There's other elements to this. And I visit with some of your staff, and of course, many of you up there as well. And we appreciate the fact that you gave us some time to visit about some of these.

This is just our first round. We have more work this month. We have more announcements we'll be making before the end of this year. And our whole goal here is to try to demonstrate that we're a progressive industry. We're willing to take responsibility, and to try to do things better, and to identify systems, procedures and so on.

For example -- it seems very practical -- but just hosting a quarterly conference call with our fraud unit personnel allows us to cross-pollinate everything from just different patterns of the crime, to also potentially identifying better procedures for serving consumers-- standardizing a document, for example, that might be used to validate that the consumer's been a victim.

I want to mention that in particular in the bill. In our formal statement we've run through various sections of the bill and tried to describe where our initiatives have a nexus with the proposal and the legislation. But the idea of some sort of validating document is still important to us. If there's a way to do that, we think it ought to be done as well. We don't know yet what that way is; is it a police report?

I was encouraged by some of the way the bill was structured though. It talked about various items that might be part of the validating process. And I think we're on the right track with that sort of thing. So I appreciate the fact that that was an element of the total package that you put together in this initial proposal.

We have tried to educate our customers as well. We sent out 200,000 of this brochure, which is used for employees as well, which discussed practical steps, such as you don't throw credit reports in dumpsters. We don't think that would be self-evident. But, of course, when a business is closing out, they might do that very thing. But this is the kind of effort that we're undertaking to make sure credit histories don't get into the wrong hands.

We have also hired, and have now funded, an outside certification authority, and are putting all of our outside access -- in other words, if there's a terminal, we want that terminal to shut down within a short period of time so somebody can't go and browse through credit histories, and try to pull data, and perpetrate the crime of identity theft. So this is a certification program that Grant Thornton is working with us on and that we have asked them to develop. So this is another part of our effort to do the right thing, and to make sure that we're taking preventative steps.

Our members also partner with our customers. A lot of what we do is in partnership with the customer. They're the ones who help us decide what products make sense. We have new risk management products that look at applications to try to decide even minor differences in how an application is filled out. In total, it should give the lender a red flag.

For example, a perpetrator of identity theft may not know that Stuart Pratt's address -- my street name is Hilbrooke. Hilbrooke could be one word; it could be two words. In fact, it's one word with an "e" on the end. But there might be minor discrepancies throughout an application which in and of themselves don't like much. But if you added them together, and you're able to cross-check against identifying data, you might be able to say, you know, this is just enough that we better flag that. And let our lender know that they need to cross-check that applicant before they open up that line of credit. Obviously, stopping it before it starts makes a lot of sense.

In closing, we urge you to give us an opportunity to build the kind of fraud prevention products that we are producing today. And it does tie in with header data and with social security numbers. It's a controversial issue. It's important to us. We want to explain the reasons why we would like to be able to use it in limited context. We want to put controls on it.

Similar to what Mr. Plesser said, the Associated Credit Bureaus also believes that there's no reason for social security numbers just to be there in the general public for display, that they should be sold to individuals. And our members do not sell social security numbers and lists of that sort to individuals out in the general public in any fashion.

So our commitment to you is to continue to stay engaged on this process, to be progressive, and do this in the context of this committee process. So we appreciate very much the chance to be here.

REP. LEACH: Thank you very much, Mr. Pratt.

Ms. Benner.

MS. BENNER: Good afternoon, Chairman Leach, Representative Hooley. Thank you very much for giving me the opportunity to speak with you today. I'm here with CALPIRG, the California Public Interest Research Group. And I'm also representing U.S. PIRG and the Privacy Rights Clearinghouse in San Diego.

Today we've heard statistics about the severity of the crime of identity theft, how many people it affects each year, and how much this crime has cost our economy. I'm here to talk to you about the human cost of identity theft.

There's much more to this crime than financial damage, as we've heard today. And unfortunately, Mr. Boulden's case is not unique. CALPIRG and the Privacy Rights Clearinghouse has been helping victims for years through advocacy, free guides, hotlines, monthly support group meetings. And we've communicated with thousands of victims.

We hear new unique and horrifying experiences every single day. And last year, the two groups surveyed the number of victims who contacted our organizations for help in recent years. We produced a report titled, Nowhere to Turn: Victims Speak Out on Identity Theft. It's available on our website. And I'd also be happy to make copies of it for anybody who wants it.

We basically did a survey of all these victims. And from the data compiled from the responses, we were able to quantify some startling and staggering statistics. We were able to show that cases like Mr. Boulden's, and the others that we've heard today, are not unique. And in fact, these types of experiences have happened to many people.

We found that victims said they spent an average of 175 hours and $808 in out-of-pocket costs to fix problems stemming from identity theft. The fraudulent charges made on the victim's new and existing accounts was $18,000. And in addition to lost time and money, 42 percent of the victims responding to our survey reported long-term negative impacts on their credit reports; and 36 percent were denied credit or a loan due to the fraud. And despite the placement of a fraud alert on their credit reports, almost half of the respondents' financial fraud reoccurred, meaning that creditors continued to grant credit to the imposter even after the crime was known.

And then one last appalling fact is that 12 percent of the respondents noted as a related problem that there was a criminal investigation of them, or a warrant for their arrest issued due to the identity theft.

Although the fraud committed against the victims totaled as much as $200,000 in one case, the common theme was that stress, emotional trauma, lost time and damaged credit applications, not the financial aspects of the crime, were the most difficult problems. One woman from Nevada told us, "This is an extremely excruciating and violating experience. Clearly, the most difficult obstacle I have ever dealt with."

How are we going to stop this crime and minimize its effects? We've already tried consumer education. We've produced pamphlets, fax sheet after fax sheet, and identity theft continues to escalate. The public is aware of this issue. The responsibility to prevent identity theft can no longer be placed solely on the consumer. We advise consumers to guard their information carefully, and even to buy technology, such as shredders, to destroy old records that may contain bank accounts or social security numbers. But as long as financial institutions and credit bureaus continue to be reckless with consumers' information, there's little that individuals can do to prevent identity theft.

Identity thieves are obviously the main criminals here, but banks and creditors are sometimes accomplices in the crime. Enforcement is definitely critical, but we need more effective laws to enforce in this case. Law enforcement, government, and the credit industry have failed to address the root causes of identity theft, and alleviate the problems facing its victims.

The financial industry has the ability to take simple steps to prevent identity theft happening to thousands of people each year. As consumers, we trust them with an increasingly valuable commodity-- our personal financial information. They have the responsibility to guard that information as carefully as we do.

The bill before the committee, H.R. 4311, would encourage the industry to take these important steps to check identity theft and to provide help for its victims. First of all, it provides credit bureaus to provide a free credit report annually on request so that consumers can detect identity theft early and fix any false information.

Secondly, it closes what's called the credit header loophole, which allows credit bureaus to sell demographic information found in a consumer's credit report, including their social security number, to companies and websites that are often used by thieves and stalkers.

Voluntary standards, while we appreciate the efforts, have not halted the sale of social security numbers of the Web. Privacy advocate, Beth Givens, recently was able to purchase her own social security number from the website called dosbreakbail.com (sp) for $20. It contained recently updated information.

The bill also improves change of address notification, requiring creditors to send notice of a change of address or new credit to the old address. This would alert consumers in the beginning stages of the theft.

Most consumers we found don't even find out about the crime until over a year after it happens.

Finally, the bill requires fraud alert flags which alert potential creditors that the consumer's been a victim of fraud. It would also prevent the issuance of credit on any account with a fraud flag unless the creditor confirms the identity of the consumer, and that the consumer has actually authorized the issuance of credit.

These are simple, logical steps that the credit and financial industry can take so that fewer people will be forced to go through the problems, the unpleasant, and even terrifying experiences faced by victims.

We thank Representative Hooley for introducing the bill, and Chairman Leach for calling this meeting. Thank you very much.

REP. LEACH: Thank you very much, Ms. Benner.

Mr. Hulme.

MR. HULME: Good afternoon, Mr. Chairman, Ms. Hooley. Thank you for having me here.

I am president of Special Investigations, Incorporated in New York City, and I'm appearing today on behalf of the National Council of Investigation and Security Services. And I'm also chairman of the Associated Licensed Detectives of New York State.

In the formal presentation, there are some comments regarding New York State law regarding some privacy issues there, and some regulatory matters that affect private investigators, which we'd like you to look at because a number of states have similar things.

What I'm going to discuss briefly here are those aspects that have a real world significant effect on Americans, and it's a little bit of a different take, particularly as it regards credit header information. Identity theft is not new, and it wasn't invented with the Internet. We've been battling it for years. Perhaps a little bit of pro bono for Shon might have helped too. And maybe we can still help him out.

Identity theft also has been going on through low-tech means-- the dumpster diving, picking up the garbage, stealing charge accounts. You probably have a better chance of getting ripped off by identity theft going into the wrong bar or at the wrong restaurant, and having the waiter keep a copy of the charge slip or what have you.

Congress should resist the temptation to choose only one avenue by which some criminals may gain some information by denying those tools, such as credit header information, to those of us who are out there also investigating cases, and also investigating the very cases, now and then, of identity theft.

Almost every aspect of this bill we agree with and we wholeheartedly support. Basically, there are two major things. We have concerns over the aspect regarding credit headers being eliminated, and having the same provisions for obtaining a credit header report come under the same provisions for getting a whole credit report.

And I believe that earlier Congresswoman Biggert asked the question of the FTC witness. And her answer was, it would be legitimate purposes to obtain the credit report. The way this bill will end up, there would be no real legitimate purpose for getting a header report at all.

I'd like to just go into a few anecdotes from the opposite perspective.

Credit helpers help determine the correct identity of individuals we are seeking. They help us by leading us to the correct individual verified by the social security number, the past addresses, and the like. One case, however -- in San Francisco an investigator reports, very recently, working for a successful business owner who started getting statements in the mail saying he owed tens of thousands of dollars on computers and other purchases. He'd realized somebody hijacked his identity. And he went to the San Francisco Police. And this could have happened really, after listening today, anywhere in the United States.

The San Francisco Police took the report and said basically they weren't going to do anything. And they referred him to the Secret Service. The Secret Service said we have a threshold of $100,000 in that jurisdiction. He's now up to about $80,000 as of now, so nothing happened there.

He did hire a private investigator, and he does have some resources. He had an inkling suspicion that basically it was probably a former employee that might have been doing this. And the bottom line is, utilizing credit header information and a lot of other aspects, they zeroed in on this guy. They haven't caught him, but at any rate this person has at least three names he's been using, and three definite social security numbers, and plus one transposed social security numbers -- which probably really is one of the three, so it could be three or four -- and different dates of birth on file.

So here we have the threshold aspect that's a problem, and it's not going to work.

Another example of how credit headers can be used effectively. In Tennessee a show dog breeder -- and we attached lists of a few anecdotes, but I'm just using my other anecdote. She was being basically cyber stalked and threatened by email from an unknown harasser. She was terrified because she had no idea what the subject looked like. She was often exposed in public arenas at these various dog shows. The police couldn't really help her without any identification.

She did go to an investigator. The investigator used a credit header and other sources, including criminal checks. And she went back to the police and basically identified the guy. They got the mug shot. And if nothing else, there's a mug shot that was made available to the potential victim, so she at least knows what to keep an eye out for.

I testified in 1997 at the Federal Trade Commission workshop regarding the individual reference services that Mr. Plesser earlier made reference to. When you get a chance, if you could take a look at this or have the staff study it. I think all the pros and cons regarding the availability of credit headers are in here. There's reasons why they probably should be closed; there's very good reasons why they should remain open. And I think the easiest thing is, let's have some strong -- number one -- enforcement for the improper use of this information that is bandied about. And let's put in some tight controls on the people that do have access, and I feel that should have access. And I feel licensed private investigators and others, including now and then legitimate journalists, attorneys, insurance companies, what have you, also ought to have the actions. So limited, hopefully from our standpoint, to a person that has legitimate need. The Commerce Appropriation Bill, Section 1150(a) of that measure permits only appropriate entities access to the measure. Maybe that could be referred to.

The next problem with us is Section 8 of the bill, individual reference service definition, is really too broad. That defines an individual reference service provider, to include not only credit bureaus and data banks, but anyone who gathers information. It would require providers to open their files to consumers. And that makes sense with credit bureaus, but it doesn't make sense when somebody's investigating possible crimes in the workplace or sensitive investigations.

I note that this committee right now in unrelated legislation, in H.R. 3408, is attempting to correct some deficiencies in the Fair Credit Reporting Act, one of which requires employers to give unedited, unredacted, investigative reports to employees when taking adverse action against them. Well, Section 8 of this present bill, 4311, goes further than that. It would require investigators upon request to provide not only the report given to the employer, but the entire investigative file.

That disclosure would have a chilling effect and create a climate of fear among any potential witnesses or victims. So I think it's important that somehow that be rectified. The only way I can see it is, the literal interpretation, the way the bill is drafted, would include people like me and others right into that category. And if we're in that category as being viewed as a IRSP, we're sunk.

I might also throw out that the self-regulatory organizations, such as the Index Bureau and the National Association of Securities Dealers, all of their files, the manner in which they do business, the manner in which they assemble collect and what have you, they'd fall under this same category.

Now, you also asked us to make some comments on the Gramm-Leach- Bliley provisions on pretexting.

I've listened to what everybody has to say. I take some issue with some aspect of it. And that would be the outlawing of pretexting of a criminal. I have no position against at all outlawing the pretexting of a bank in any manner. But I don't think that should apply to a criminal. And we do have a situation where if you're going to allow -- we've outlawed pretexting of a criminal that often has actually stolen our client's money. And I don't think a bank should become a safe haven for our client's money.

Under the law, we can use a pretext to get child support. Now, it would seem to me either outlaw all pretexting or if you're going to allow pretexting for child support, then extend it to spousal support.

REP. LEACH: Withhold for just a second.

MR. HULME: Sure.

REP. LEACH: It's a little more careful than that.

MR. HULME: Okay.

REP. LEACH: Pretexting is allowed for child support when there's a court order of two kinds. One is a court order in favor of a party. The second is a court order authorizing the pretexting. And that double court order is a very powerful constraint. It's an extremely limited exception. And it can only be done under the authorization of a court.

MR. HULME: All right. And I personally know of nobody that's never gotten a court order, that second order you're talking about. So I don't know what the status is as an investigator, and I've been in the business 40 years, the manner in which they're now doing it. I do know, as an investigator on some very involved crimes, I will walk into a bank with my file and sit down, and exchange information, and try to get information, usually to the bank's benefit, and definitely to my client's benefit.

The other aspect I suppose is the insurance fraud aspect on pretexting. The greatest fraud these days that's emerging is fraud against the elderly. So if we're going to expand any type of pretexting with court orders or otherwise, maybe it should extend to all fault, I don't know, or no pretexting.

Now one of our frustrations -- and I agree with Mr. Douglas wholeheartedly on this -- is that our members we feel are complying with the requirements of the law. I would like everybody to comply with the requirements of the law. I see all these advertisements, everything that was up here earlier. I mean, they were all over the place.

And I also don't think the FTC is doing necessarily what they should. I was astonished to hear -- I believe I heard it as $33 million civil judgment regarding an identity thing out in California. I have a feeling that's probably the pornography case. And it sounds to me like a $33 million judgment on charging accounts for services that weren't rendered is out and out theft, and is a criminal activity. And it's a problem that's got to be addressed. There's got to be criminal sanctions.

In my written testimony, there are a number of sanctions. We go for throwing the book on everything-- scourgement (sp) of profits, criminal sanctions, and even include it with this bill. But we feel that if you want to close up credit headers, that's going to be a tool that has a greater detrimental effect on consumers.

That's basically it. Thank you for my remarks.

REP. LEACH: Well, thank you very much. And let me just say in conclusion to your testimony, you represent the most prestigious and most reputable organization in your field. And your testimony's very appreciated. And I think one always makes a mistake when one hears testimony of a given type of activity, to apply it to everybody. And I'm personally very appreciative that there is such an association as yours that is concerned for standards.

MR. HULME: Thank you.

REP. LEACH: In thinking this through, particularly the magnitude of the problem, I want to turn to Mr. Harvey and Mr. Pratt for a second.

One reason one has congressional hearings is to bring attention to issues and to review the possibility of change in statute, and to bring attention to the issues to executive branch agencies. But it strikes me that your associations ought to be working more closely with law enforcement than I think has been the case. That is, to the degree that these statistics are anywhere near the mark, it's astonishing to me that the American Bankers and the various banking agencies throughout the country aren't all over the United States Department of Justice, the state attorneys general, demanding attention be brought to this. Because absent law enforcement and the laws that exist, there's a natural tendency to seek other laws that might become more comprehensive in other kinds of ways.

And so, I would make the strongest possible recommendation that the American Bankers Association, and other banking organizations at all levels, develop a task force of how they coordinate with law enforcement. And I think it's self-evident that the exact same applies to credit bureaus. As credit bureaus hear of problems, I think it is in your strong vested interest to try to get law enforcement orchestrated.

It's pretty clear that this is a low priority for American law enforcement. And so, one of the great questions is, if this as pervasive a crime as it appears to be, if it's growing as it appears to be growing, if the new technologies make the crime more potentially acceptable, and if Americans for some reason think that because there's no gun involved, it's not as serious as if there is a gun involved -- which has an element of self-evident truth, but still disguises the fact that very devastating consequences can follow -- I think everybody's got to get orchestrated in a new kind of way.

Now, all of you have referenced material-- Mr. Hulme, Ms. Benner, Mr. Pratt and Mr. Harvey. And I would like to ask at the end of the hearing that you provide us all of this, and I will try to put them in the record. And without objection, by the way, any full statements of all of you will be in the record as well.

And I think each of you have taken individual approaches that strike me as all being helpful, and that we're all going to have to be looking at. But I do think that one of the absence of this is the fire being led under law enforcement itself, at many different levels.

For example, reference was made earlier today to the state of Massachusetts. The Massachusetts attorney general office was approached a few years back. And the first person they approached did nothing; it sat for over a year. And then someone got a little bit interested. And then it really peaked their interest, and all of a sudden Massachusetts became very interested in a very active -- one person in the state attorney general's office took kind of a special responsibility. And I'm tempted to say that one might have a national strategy, that the ABA, for example, might ask will one person be designated in every state attorney general's office to look into this issue or take accountability for it, so you pin-point some accountability. But I think we have a real problem here.

Ms. Benner has made a very interesting point because it fits the testimony. But you're the first person that I know that has a kind of larger picture of looking at larger numbers, of statistics that, among other things, say that the people affected come to conclude that the dollar amount is a small consequence compared to the other losses-- the violations, every other effect. And that is certainly the picture of a medical doctor who appeared before us, and an individual who worked in a tire store.

And so, what it says is, that the entire spectrum of the American face gets affected. It isn't necessarily the highest income person or necessarily the lowest income person; it's just a real American.

And I think it's very interesting from your perspective. And you see it as an institution that's probably more concerned with social activism in America than anybody that's testified on this sort of issue. And I think your testimony is particularly helpful and meaningful in looking at this. And I'm very appreciative you've come across this great land to testify.

Anyway, I want to thank Mr. Hulme for coming from New York. And I want to express my great respect for his association and judgment, and Ms. Benner.

And Mr. Pratt, I appreciate very much the attitude in which you have described things.

And Mr. Harvey, your testimony was very strong. So thank you.

Ms. Hooley.

REP. HOOLEY: Thank you, Mr. Chair.

I also would like to thank all of you for testifying. It's always helpful to know what works and what doesn't work, particularly Mr. Hulme, where you specified what you thought would work, and what you thought wouldn't work. That was really helpful.

I just have some very quick questions to ask I think all of you.

Mr. Harvey, I'm going to start with you.

One thing the bill attempts to do is combat a technique used by identity thieves, whereby they change their address so the victim doesn't get her bills for a few months. And if they like me and lead busy lives -- I mean, I wouldn't know whether I received a bill or not until somebody probably called the collection service or I got several other bills in the mail.

But to prevent this from happening in mail generally, the post office now sends confirmation back to the original address to ask if the person really changed their address. And as a result, the post office has reported significant drops in mail fraud. And it seems to me almost a full proof way of making sure the person who requested that change of address is the person whose address is actually being changed.

So why is this a problem for your members?

MR. HARVEY: Well, ma'am, I'm not familiar with the post office study, although I do have some personal experience that I can share with you.

It's pretty easy to go into the post office and make a change of address. If I'm a criminal seeking to steal someone's identity, I'll go into the post office, and I'll just fill out a change of address form.

REP. HOOLEY: Yeah, but the post office now -- if you turned in a change of address form, they now confirm that with both your old address and your new address, so it's sent back to you.

MR. HARVEY: Even if they do that -- and actually I've just done this. My step-son went off to college. There was no confirmation at the old address. They changed the address for me. There was absolutely no problems with it. And at least based on my experience, I think at least this provision would not be something that would be as helpful as we might otherwise think it would be.

Financial institutions are establishing various security measures. Those security measures are based upon what we're actually seeing happening as far as fraud is concerned. As soon as a measure like this is established as a mandate, the criminals are made aware of it. And as soon as they've made aware of it, they'll find some other way to get around it. Then we've got to dedicate resources to continuing to comply with this particular law; and yet, the criminal have found a way around it.

And that's what we consistently see. Every time you start out doing something one way as a security measure, clever criminals are going to try and find a way around it. Our concern is that unless we have the flexibility that's necessary to dedicate our resources, based upon the kinds of fraud that we see, that we'll be locked into dedicating those resources in a manner that won't yield the kind of benefits that our customers need, as well as the financial institutions.

REP. HOOLEY: Yeah. And I'm just saying the post office has been very successful in reducing mail fraud by doing this. And so, it was a question of might you not want to try this, at least to see if it works.

Again, fortunately, not all thieves are clever. Today we've talked a lot about, certainly some of these are in well organized organizations that are selling it on the Internet, it may be that groups are getting into this; but a lot of this is done on an individual basis where that's what they decide to do. So it's not always organized in their effect of doing this.

One of the other things I guess is, I agree with your statements that we need to make sure that the criminals are punished, and that we probably need to do more with law enforcement in this area. And I agree wholeheartedly with you. However, I don't think that's going to be the only thing that prevents this crime from happening. All we have to do is look at our own states where we've built a lot of prisons, we've filled them up, and that particular piece hasn't necessarily reduced crime. It usually takes some prevention piece as well.

So my question is, is it unreasonable for Congress to demand that the industry take some minimal steps to prevent the crime from happening in the first place? Is that an unreasonable request?

MR. HARVEY: No, ma'am, it's not that it's unreasonable at all. As a matter of fact, financial institutions are doing just that. We are working very diligently at trying to develop preventive measures. Some of the things that I pointed out, for example, and some of the things that we have in our ABA financial privacy tool box and identity theft communications kits are just that. They point out preventative measures.

I guess what needs to be understood is this. First of all, financial institutions have every interest in preventing ID theft. We lose a lot of money to fraud. But secondly, there needs to be the education. Our customers need to be educated, our employees need to be trained and educated, and that's what we're doing. The ABA has provided very good and detailed materials, with the assistance of the likes of panelists before, Rob Douglas. And we have those things. And different institutions are looking at these as recommendations for ways that they can develop measures for prevention.

I really think it's prevention, it's providing the kind of assistance once a person's identity has been stolen, and it's also prosecution. I think we can't have one without the other in order for us to be effective. I know that customers are getting information, but I still think the free flow of that information to individuals who are identity thieves is occurring at an alarming rate.

I guess it goes back to what the chairman was mentioning earlier today, and that is the fact that the American public is pretty free in giving out that kind of information. Once we get that information, and it's presented to a financial institution, it's extremely difficult, if that information, for example -- in many instances it's freely given to the individual because the individual who's giving that information doesn't know any better. They don't know that it's going to be used for some illicit purpose.

But once we get that information presented to us in the form of a loan application, we have obligations under federal law to process that application. What we do is we build in security measures to try and ascertain whether or not we are dealing with the individual that we are supposed to be dealing with. But it's extremely complicated, and institutions need to have the flexibility to develop their own security measures to deal with their particular concerns.

REP. HOOLEY: Mr. Pratt, I have a couple of questions. First of all, Mr. Pratt, let me thank you for giving your card to Shon. That was very nice of you. I appreciate that.

I just have some questions.

How do credit bureaus assure they have the correct address on file? For example, consumers when they change address, they'll fill out all these little forms, or send little cards in, or change it with the post office. They certainly don't call you when they move, I'm assuming.

So how many new accounts need to be opened, or how much information do you need to get for you to change your files? And how do you verify that those accounts aren't fraudulent?

MR. PRATT: Well, it's a desperately important question.

It has to do with file accuracy, which is a duty that we have under the current Fair Credit Reporting Act. And it has to do with preventing fraud, and making sure, again, that we produce a product that's of value to Mr. Harvey, for example, and also nets benefits for consumers.

Context. We have it in the testimony as well, but just for the sake of viewers sitting here thinking about this. There's 42 million addresses that are changing every year; 3 million last names changed due to marriage and divorce; 6 million probably vacation homes. And you've seen all of this. And I try to walk through this just to make sure that we understand that an address changing in and of itself isn't automatically a red flag. It can be an indication of something happening. It could be separation pending divorce. It could be my son moving out of my house and moving on in life, and that sort of thing.

We're generally dependent on an accuracy standard that also extends to our customer as well. In other words, the data furnishers who provide data to us, they receive the change of address; they change it in the account. They on the next cycle of reporting to the credit bureau will report that new address.

Our systems manage multiple addresses at the same time. Many of us may have a bank card that's being paid at our work address because we use it principally for work, and then we have other cards going home. So at any given time, there's a large population. And they have at least two, if not three, live addresses, all of which are accurate and correct. So definitely we're in a situation of being dependent on maintaining accuracy in partnership with the customers that we work with.

Now, we also have access to some tools. I'm going to go back and verify this before I make a commitment to this. But I have this with our data furnishers. We do cross-checking against various data sources. For example, a social security number that comes in and is currently active; there are ranges of numbers that are not active according to the Social Security Administration. That obviously gives us a clue that something is wrong. We can't have access on the other side though for many good reasons. We don't have access to the administration number to verify that in fact this is a real number. We just know it's not a live, active number, and that's a cue. That would be one way for us to verify.

If that address is the only address that comes in, and all the others remain cycle after cycle being reported, that address probably is never used as a searchable element. It sits there for a period of time, and then it disappears; it's eliminated. But we do not have a direct consumer verification, as you point out. It's a system that starts with our customers and works in tandem with us.

REP. HOOLEY: One of the things as I became involved in this issue -- and it happened because I did a series of workshops on credit and how to protect your credit ratings -- this issue came up, and I certainly have learned a lot in this whole process.

TRW had reported huge increases of ID fraud through 1997. Are credit bureaus still keeping these records, and will they be reporting those soon?

MR. PRATT: I think that was actually information that was provided to the GAO. Is that the same data that I think we're referring to? I think it was Transunion data. But at any rate, that showed you from the beginning of the establishment of their fraud unit to I think '98 what had happened with the escalation in total phone calls. What isn't absolutely evident is, what part of that was, I lost my wallet, which is a valid call, by the way. We'll put a fraud alert on a file if a consumer says preventatively, I've lost my wallet, or somebody broke into my home, or I've misplaced a credit card. Those are valid reasons for loading a security alert on the file. That alert may stay on a shorter period of time or a longer period of time, depending on choices the consumer makes with us. But that's an element of those phone calls.

So that wasn't in its entirety just -- there was also account takeover, i.e., skimming, for example, is another type of credit card fraud, where somebody can have a belt skimmer, and they can simply swipe your card, give your card back to in a restaurant, for example. And then they have your account information off that magnetic strip date on the card. That's another form of fraud that's accounted for in those fraud units.

In fact, I've asked our members just prior to this hearing. And we're looking into what type of data we have today with regard to the size of the issue.

I just want to emphasize, it's a definitional question to though. I guess the most important thing to say is, big or small, it's big enough that it needs intention. I guess that's the most important point.

REP. HOOLEY: But I just thought it was interesting. It seemed to me somebody was keeping track, and then --

MR. PRATT: Well, we keep track in terms of -- we can't validate differently than a creditor whether this is absolute correct every time. What we can do is we can --

REP. HOOLEY: But it certainly gives you a ballpark though, which is helpful.

MR. PRATT: -- we can guess. "You sure look like you've been a victim. We're going to take some proactive steps here." That would be the best we could do until we advise them to go to their creditors, and then we have disputes processes and these sorts of things under the Fair Credit Reporting Act.

REP. HOOLEY: Mr. Pratt, you talked in your testimony about in the next few months having something that will be up and running that can verify those discrepancies in people's files.

MR. PRATT: When we looked at this issue, one of the questions we tried to ask was, why is it that consumers say it happens again and again. And, of course, by the way, that in turn means more consumer relations phone calls. But these aren't necessarily the good ones. Now the consumer's extraordinarily frustrated; this is the second time I've called you, this is the third time I've called you.

We said, what can we do longitudinally to stay with that consumer? So when that security alert goes on the file, when we take them out of pre-screened offers of credit, for example -- which is another step we can take; and it certainly is a right consumers have under the 1996 amendments to the Fair Credit Reporting Act -- when we send them their file and so on, and we bring it whole, we decided that gave us an opportunity to say, let's go beyond the law, let's use a principle, let's just look at activity on the file.

And by the way, we want to be cautious about what we tell you about what triggers might trigger a notice to the consumer. The last thing we want to do is explain to the criminals how you can avoid triggering the credit bureau notification. But trust me, there are some triggers.

REP. HOOLEY: But you're looking at doing this --

MR. PRATT: Absolutely.

REP. HOOLEY: -- and it will be on line or whatever.

MR. PRATT: This quarter, the end of this year.

REP. HOOLEY: Soon.

MR. PRATT: Yes, soon.

REP. HOOLEY: Is this going to cost the consumers money?

MR. PRATT: No.

REP. HOOLEY: So this will help everyone, but they won't have to pay $13.95 or --

MR. PRATT: No. Somebody who's been a victim -- that was one of the issues here. If we're a steward of their information -- and I think that's an important kind of mind-set to have when you think about the kind of information we have -- we said, what can we do to stay in touch with that consumer who's been a victim, or thinks they've been a victim, and stick with it? And try to establish a line of communication that extends beyond what the law requires.

The law says, okay, your job is done; you've corrected the file. But it could be new information coming in from, if you will, the other victim, the creditor victim who has underwritten more fraud. And so, the creditor victim's reporting unbeknownst to them more information. Well, this gives us a chance to stay in touch with that consumer over that period of time.

We're going to have to pilot test. We'll have to see what kinds of triggers work. This does go in synch with some of our concerns about how rigidly the law prescribes something that we do because we may discover certain triggers work, other triggers work, and that sort of thing.

REP. HOOLEY: When you put fraud flags on the file, do creditors have to change their practices when they see that? Is it required that they do something with their fraud alert?

MR. PRATT: Well, the fraud alert that we transmit -- I'm going to circle around your question. We obviously can't impose as private industry the practice on our customers. We view the fraud alert as part of the partnership with our customers. By the way, in our initiatives on the fraud alert, one of the observations we got from Beth and others was, "Boy, these aren't working as well as they should." And we said, why is that? What are we doing?

Well, there's, first of all, three major systems in this country. So we've asked ourselves, and we've answered the question, can we standardize, for example, the text message? First of all, it makes it easier for all customers who need to identify and take the action the consumer requests. So if Mr. Harvey's bank receives a text message saying, please don't grant credit, call this number, Mr. Harvey then, along with the application, can make decisions about how to process that.

On our end of it, that also makes it better for those larger institutions who have a third party data processor because there's this spiffy term "normalizing." There's normalizing of credit data. So they may pull several files, and normalize them means bring them together. In that process, we want to make sure the security alert doesn't get lost. So that's another way of trying to make it more effective.

We also are going to include an alpha numeric sequence right there in the text message so that we can tell a creditor, if you have a highly automated system, you can look for this sequence which will trigger and tell you, this is a fraud alert associated with identity theft. And that's another way for us to try and make the security alert more effective.

The goal we have is to make sure that Mr. Harvey's bank has the target to look for. And so, he doesn't have to look for three targets or two targets. And we believe that will make those security alerts more effective than they are today.

REP. HOOLEY: Will they get that fraud alert when they're just pulling up the score as opposed to the whole credit report?

MR. PRATT: Excellent question. And the answer is yes.

REP. HOOLEY: Okay. But right now that doesn't happen?

MR. PRATT: No, that's the practice today. That's a mythology. I've heard out in the marketplace that we do not transmit with scores. But because we use a field -- we actually use a field that the FCRA requires that we have in place. It's a field, meaning a section of your database, if you will. The field is a statement field that must go with every single credit file, no matter how it's issued. We would view a score as a type of consumer report. It's a very limited consumer report, but it is a consumer report. And we would transmit that message along with --

REP. HOOLEY: But they get it with a report, with the score, with --

MR. PRATT: With a highly codified version, with the full printed version.

REP. HOOLEY: Help me understand. I may not be asking the right person this question.

Why is it then when I talk to person after person who's been a victim of identity theft -- and Shon was another example -- where the credit alerts are ignored, or they're giving credit. I mean, if the person says, I want a fraud alert put on my credit report; and I say, I want you to call me before the person gives any credit to anybody else, how come those are ignored? I mean, what do we need to do to make sure that those aren't ignored?

MR. PRATT: Well, I think that what we need to do -- and it's similar to the whole pretexting issue and ID theft issue -- we need to make sure that our banking customers and our telecom customers understand what to look for, and to give them the best single target to look for. I think if we can issue a release this year -- and Richard's probably the fellow that would receive this. And we'd say, Richard, you should look for this. This is how we're going to do it, whether it's the Experian system, or the Transunion system, or the Equifax system. And then he has a better chance to say, I'm going to do this with my people internally. This is how we're going to look at the file.

But we've also talked to some lenders who've said, can't you make it more obvious to us, for example, when somebody asks for an increase in credit? So they pull a consumer report at that point -- a credit report -- to evaluate whether or not you should get an increase. And we've learned in those cases we need to work with banks.

When we deliver that, we don't have control over how that message has been presented on the screen to the consumer service person, but in talking with some of our customers they've said, "Aha, I see it." So I can program my system to make that more obvious, popping up on the screen as a more obvious message to my consumer service people so that they don't automatically just process an increase in credit because they were successful pulling a credit history.

There's no silver bullet in this type of crime; that's the great struggle. It's a layering of efforts that I think are going to make this an effective undertaking, and I think the urging of the chairman, to make sure that we have the right task force for law enforcement. In fact, we think there's some other areas where we probably need to look at a more coordinated effort as well.

REP. LEACH: Ms. Hooley, can we --

REP. HOOLEY: Yes.

REP. LEACH: Is that all right? I want to give Steve a chance, and then if we can come back.

Mr. LaTourette.

REP. LaTOURETTE: Thank you, Mr. Chairman. And I'll be pretty brief.

There's just an article in the Cleveland Plain Dealer. It doesn't have anything to do specifically with this. But there was a guy in federal prison that was successful at going to one of the finer banks in Cleveland and buying a Mercedes, and then he went out and bought an SUV. And they only caught him when he was attempting to buy three trucks. And the loan officer at the bank remembered that the reason he was in federal prison was he'd tighted $110,000 in checks a couple years ago.

And the problem that they described was that sometimes the credit application's taken at the car dealership. And then when he goes to the bank for financing there isn't always an interfacing and a communication of all of the facts necessary before there's a decision to grant credit. And it came as a big surprise to people that a fellow in federal prison was able to buy some cars that I probably couldn't buy. I'm not in federal prison yet.

I wanted to just talk to you about a couple of things though, Mr. Pratt. First of all, you were describing to Ms. Hooley the additional flag that you're going to put on to better stay in contact with those who have been identified as fraud victims. Are you also working on a program to be proactive with those who have yet to be victims of fraud?

The reason I asked you that question is, when Mr. Harvey was talking to Ms. Hooley about the change of address -- I understand a lot of people have different addresses, a lot of people move, a lot of people get divorced, but the case that brought this matter to my attention is, you had a family that lived in the same house for 20 years, and all of a sudden you had 6 change of addresses in 6 months.

You had a family who for 20 years had every year 1.5 credit inquiries, and then there were 60 hits within a 4-month period.

Now, my question is, is your technology without legislation, such as Ms. Hooley has devised -- is your technology and your industry moving to a situation where you're going to be -- that looks fishy to me; that a couple that never has moved all of a sudden has moved six times. If nothing else, it looks like the customer went nuts, and they've gone on a shopping spree.

MR. PRATT: I guess the short answer is, this next step gives us a much better understanding of what the undertaking would be to try and administer a program for 180 million credit files, where 2 billion elements of information are being loaded on a monthly basis. So I only say that we're probably managing some of the largest and most complicated private sector databases globally today. And so the challenge is to look for the unusual pattern.

But I think your point is well taken. I don't see how I could argue with the idea of continuing our work to say, how can we continue to use software and technology to in a preventative way look at the larger population. I just can't answer specifically how that would work at this time.

REP. LaTOURETTE: No, I understand that. But that's why a provision of this particular bill says that somebody should have an obligation to ask if you've really moved and you're really the person that's involved in the credit application. And I understand Mr. Harvey's observation that it's onerous, and it might cost some money, and so forth and so on. But one way -- until you get your computers to sort of key in on events like that, that would be suspicious and really aid and abet the thief -- might be to do it the old-fashioned way, and reach out and touch the customer and say, is that really you who moved. And then we can figure out the technology and let that catch up later.

Mr. Harvey, one of the criticisms that I get when I go to town meetings, especially with senior citizens, relative to the financial service industry, are all the credit card applications unsolicited that they receive in the mail. And I think Mr. Hulme described them as dumpster divers.

We did a project in conjunction with sweepstakes mailings in my district, where we asked senior citizens to save their mail for 30 days so that we could catch those who prey upon seniors and invite them to enter contests, and convince them that if they only buy that extra copy of outdoor lights, they're going to be a millionaire, pretty directly.

But one of the things we found as they collected their mail was, there's a lot of unsolicited credit card applications. And there are some who suggest that this increase, this sharp rise in identity theft is facilitated by people receiving these things that they haven't asked for at their home with personal identifiable information, and they toss it in the garbage.

I'd be interested to know the position that either your bank or the ABA has on that particular observation and criticism.

MR. HARVEY: Well, with respect to the kind of solicitations that are going out, certainly financial institutions want to be able to provide the kind of advertisement and solicitation of its services that it thinks that customers are going to be interested in.

It's very difficult sometimes to actually know which group of people are going to take you up on a particular offer. You will see more and more financial institutions -- credit card issuers -- sending out solicitations because they're not able to determine with any kind of certainty who will take advantage of the offer and who won't take advantage of those offers.

Whether or not it facilitates this crime, yeah, it certainly does. But I think there's a communication that needs to go out to the public. And that is, there are still ways to handle those types of solicitations. There are ways to cut off those type of solicitations. I can assure you that no financial institution wants to send out these solicitations to anyone that they didn't think would be interested. But you can shut off those solicitations. You can contact a direct marketing firm that's out there, and you could actually call them on the telephone you're not interested in receiving mail solicitations.

REP. LaTOURETTE: You talked about education in your testimony, and I want to go back and touch on that, I think education of the public. You also talked about education of your employees at the financial institution.

Again, when I was growing up and got my first credit card, my mom taught me that when I was done with it and I got a new one, I was suppose to take a pair of scissors and slice it. Is that what you and the ABA would recommend if I get an offer -- like I always get -- that I've been pre-approved for a $10,000 credit card from the XYZ bank, and I don't choose to take the XYZ bank up on that particular offer? What should I do with that? What should the consumer do with that solicitation?

MR. HARVEY: You should shred it. You should shred that solicitation because it certainly is something that the dumpster divers are looking at. They're going in, and they're trying to find out information about you, for various reasons.

REP. LaTOURETTE: And back to your employees for just a minute. My understanding of one of the ways that the pretext callers are successful in getting information is that they repeatedly will call a bank until they find somebody that gives them the information.

Can you tell me what your bank is doing to educate its employees to deal with that situation?

MR. HARVEY: Certainly. Some of the things that we're doing are the things that are also included in the tool box. And we've also included it in our testimony. Some of those things include, for example, making sure that we have policies and procedures in place to question very carefully, always paying attention to being customer service advocates, but questioning very carefully those who call in; to be consistent in the types of questions that we ask them, and to be leery about answers that don't seem to be responsive to those questions.

REP. LaTOURETTE: Is there a chain of command at the bank that -- again, the same question I was asking Mr. Pratt -- when something doesn't smell right, something doesn't look right, there is a procedure in place that the customer service representative can turn to someone else that is more expert or better trained than this?

MR. HARVEY: Absolutely. As a matter of fact, it's one of the recommendations that the ABA has presented. And that is, if there is something that doesn't exactly sound right, or if you're getting some resistance from the caller, that you bump that call up to a supervisor who has more experience in this area.

REP. LaTOURETTE: I thank you, and I thank the chair.

REP. LEACH: Thank you. We have a vote on the floor. Is all right to end, or do you want to come back? All right.

Well, let me thank you all very much. I'd like to ask unanimous consent to place in the record a statement by America's Financial Services Association, the Consumer Bankers Association, and the National Retail Federation. Without objection, we'll do that. I also would like to ask if my staff would come and collect some documents you have, and that we will potentially place them in the record too if their length is appropriate.

Let me thank you all for your testimony. I think it's been very helpful. And I think that whenever legislation of this nature is introduced, the thrust might be reasonable, but there also might be reasons for refinement. All of you, your testimony is very much appreciated.

Thank you very much. The committee's adjourned.

END

LOAD-DATE: September 16, 2000




Previous Document Document 27 of 261. Next Document


FOCUS

Search Terms: personal w/5 information w/5 privacy, House or Senate or Joint
To narrow your search, please enter a word or phrase:
   
About LEXIS-NEXIS® Congressional Universe Terms and Conditions Top of Page
Copyright © 2002, LEXIS-NEXIS®, a division of Reed Elsevier Inc. All Rights Reserved.