[House Hearing, 108 Congress]
[From the U.S. Government Publishing Office]
FIGHTING IDENTITY THEFT--THE
ROLE OF FCRA
=======================================================================
HEARING
BEFORE THE
SUBCOMMITTEE ON
FINANCIAL INSTITUTIONS AND CONSUMER CREDIT
OF THE
COMMITTEE ON FINANCIAL SERVICES
U.S. HOUSE OF REPRESENTATIVES
ONE HUNDRED EIGHTH CONGRESS
FIRST SESSION
__________
JUNE 24, 2003
__________
Printed for the use of the Committee on Financial Services
Serial No. 108-42
92-902 U.S. GOVERNMENT PRINTING OFFICE
WASHINGTON : 2003
____________________________________________________________________________
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; (202) 512�091800
Fax: (202) 512�092250 Mail: Stop SSOP, Washington, DC 20402�090001
HOUSE COMMITTEE ON FINANCIAL SERVICES
MICHAEL G. OXLEY, Ohio, Chairman
JAMES A. LEACH, Iowa BARNEY FRANK, Massachusetts
DOUG BEREUTER, Nebraska PAUL E. KANJORSKI, Pennsylvania
RICHARD H. BAKER, Louisiana MAXINE WATERS, California
SPENCER BACHUS, Alabama CAROLYN B. MALONEY, New York
MICHAEL N. CASTLE, Delaware LUIS V. GUTIERREZ, Illinois
PETER T. KING, New York NYDIA M. VELAZQUEZ, New York
EDWARD R. ROYCE, California MELVIN L. WATT, North Carolina
FRANK D. LUCAS, Oklahoma GARY L. ACKERMAN, New York
ROBERT W. NEY, Ohio DARLENE HOOLEY, Oregon
SUE W. KELLY, New York, Vice Chair JULIA CARSON, Indiana
RON PAUL, Texas BRAD SHERMAN, California
PAUL E. GILLMOR, Ohio GREGORY W. MEEKS, New York
JIM RYUN, Kansas BARBARA LEE, California
STEVEN C. LaTOURETTE, Ohio JAY INSLEE, Washington
DONALD A. MANZULLO, Illinois DENNIS MOORE, Kansas
WALTER B. JONES, Jr., North CHARLES A. GONZALEZ, Texas
Carolina MICHAEL E. CAPUANO, Massachusetts
DOUG OSE, California HAROLD E. FORD, Jr., Tennessee
JUDY BIGGERT, Illinois RUBEN HINOJOSA, Texas
MARK GREEN, Wisconsin KEN LUCAS, Kentucky
PATRICK J. TOOMEY, Pennsylvania JOSEPH CROWLEY, New York
CHRISTOPHER SHAYS, Connecticut WM. LACY CLAY, Missouri
JOHN B. SHADEGG, Arizona STEVE ISRAEL, New York
VITO FOSSELLA, New York MIKE ROSS, Arkansas
GARY G. MILLER, California CAROLYN McCARTHY, New York
MELISSA A. HART, Pennsylvania JOE BACA, California
SHELLEY MOORE CAPITO, West Virginia JIM MATHESON, Utah
PATRICK J. TIBERI, Ohio STEPHEN F. LYNCH, Massachusetts
MARK R. KENNEDY, Minnesota ARTUR DAVIS, Alabama
TOM FEENEY, Florida RAHM EMANUEL, Illinois
JEB HENSARLING, Texas BRAD MILLER, North Carolina
SCOTT GARRETT, New Jersey DAVID SCOTT, Georgia
TIM MURPHY, Pennsylvania
GINNY BROWN-WAITE, Florida BERNARD SANDERS, Vermont
J. GRESHAM BARRETT, South Carolina
KATHERINE HARRIS, Florida
RICK RENZI, Arizona
Robert U. Foster, III, Staff Director
Subcommittee on Financial Institutions and Consumer Credit
SPENCER BACHUS, Alabama, Chairman
STEVEN C. LaTOURETTE, Ohio, Vice BERNARD SANDERS, Vermont
Chairman CAROLYN B. MALONEY, New York
DOUG BEREUTER, Nebraska MELVIN L. WATT, North Carolina
RICHARD H. BAKER, Louisiana GARY L. ACKERMAN, New York
MICHAEL N. CASTLE, Delaware BRAD SHERMAN, California
EDWARD R. ROYCE, California GREGORY W. MEEKS, New York
FRANK D. LUCAS, Oklahoma LUIS V. GUTIERREZ, Illinois
SUE W. KELLY, New York DENNIS MOORE, Kansas
PAUL E. GILLMOR, Ohio CHARLES A. GONZALEZ, Texas
JIM RYUN, Kansas PAUL E. KANJORSKI, Pennsylvania
WALTER B. JONES, Jr, North Carolina MAXINE WATERS, California
JUDY BIGGERT, Illinois DARLENE HOOLEY, Oregon
PATRICK J. TOOMEY, Pennsylvania JULIA CARSON, Indiana
VITO FOSSELLA, New York HAROLD E. FORD, Jr., Tennessee
MELISSA A. HART, Pennsylvania RUBEN HINOJOSA, Texas
SHELLEY MOORE CAPITO, West Virginia KEN LUCAS, Kentucky
PATRICK J. TIBERI, Ohio JOSEPH CROWLEY, New York
MARK R. KENNEDY, Minnesota STEVE ISRAEL, New York
TOM FEENEY, Florida MIKE ROSS, Arkansas
JEB HENSARLING, Texas CAROLYN McCARTHY, New York
SCOTT GARRETT, New Jersey ARTUR DAVIS, Alabama
TIM MURPHY, Pennsylvania
GINNY BROWN-WAITE, Florida
J. GRESHAM BARRETT, South Carolina
RICK RENZI, Arizona
C O N T E N T S
----------
Page
Hearing held on:
June 24, 2003................................................ 1
Appendix:
June 24, 2003................................................ 69
WITNESSES
Tuesday, June 24, 2003
Ansanelli, Joseph, Chairman and CEO, Vontu....................... 50
Beales, J. Howard III, Director of the Bureau of Consumer
Protection, Federal Trade Commission........................... 12
Caddigan, Tim, Special Agent in Charge, Criminal Investigative
Division, United States Secret Service......................... 17
Duncan, Janell Mayo, Legislative and Regulatory Counsel,
Consumers Union................................................ 49
Hanson, Amy, President, Financial, Administrative and Credit
Services, Inc., (FACS Group), on behalf of the National Retail
Federation..................................................... 42
Kallstrom, Jim, Senior Executive Vice President, MBNA America
Bank........................................................... 44
Lundy, Lee, Vice President, Consumer Services, Experian.......... 52
Mellott, Frank, Commander, United States Navy, victim of identity
theft, on behalf of the Identity Theft Resource Center......... 35
Mihalko, Daniel L., Inspector in Charge, Congressional & Public
Affairs, United States Postal Inspection Service............... 14
Mitchell, Maureen V., Madison, OH, victim of identity theft...... 31
Peirez, Joshua L., Senior Vice President and Assistant General
Counsel, MasterCard International Inc.......................... 46
Viverette, Mary Ann, Chief of Police, Gaithersburg, Maryland, on
behalf of the International Association of Chiefs' of Police... 19
APPENDIX
Prepared statements:
Bachus, Hon. Spencer......................................... 70
Gillmor, Hon. Paul E......................................... 74
Hinojosa, Hon. Ruben......................................... 76
Kelly, Hon. Sue W............................................ 79
Ansanelli, Joseph............................................ 80
Beales, J. Howard III........................................ 87
Caddigan, Tim................................................ 100
Duncan, Janell Mayo.......................................... 109
Hanson, Amy.................................................. 117
Kallstrom, Jim............................................... 125
Lundy, Lee................................................... 134
Mellott, Frank............................................... 161
Mihalko, Daniel L............................................ 165
Mitchell, Maureen V.......................................... 177
Peirez, Joshua L............................................. 195
Viverette, Mary Ann.......................................... 202
Additional Material Submitted for the Record
Moore, Hon. Dennis:
Version K Information Sharing Facts.......................... 210
Tiberi, Hon. Patrick:
Preserve Privacy, ``The Hill''............................... 212
Caddigan, Tim:
Written response to questions from Hon. Ruben Hinojosa....... 213
Mellot, Frank:
Written response to questions from Hon. Ruben Hinojosa....... 214
National Community Reinvestment Coalition, prepared statement.... 216
FIGHTING IDENTITY THEFT--THE
ROLE OF FCRA
----------
Tuesday, June 24, 2003
U.S. House of Representatives,
Subcommittee on Financial Institutions,
And Consumer Credit
Committee on Financial Services,
Washington, D.C.
The subcommittee met, pursuant to call, at 10:08 a.m., in
Room 2128, Rayburn House Office Building, Hon. Spencer Bachus
[chairman of the subcommittee] presiding.
Present: Representatives Bachus, LaTourette, Castle, Royce,
Lucas of Oklahoma, Kelly, Biggert, Toomey, Capito, Tiberi,
Hensarling, Barrett, Renzi, Oxley (ex officio), Shadegg, Lucas
of Kentucky, Sanders, Sherman, Moore, Hooley, Hinojosa, Lucas
of Kentucky and Crowley.
Chairman Bachus. [Presiding.] Good morning. The
Subcommittee on Financial Institutions and Consumer Credit will
come to order.
I want to welcome our witnesses. We have three panels
today, so the hearing may be quite lengthy. This is the sixth
of a series of hearings that we are having on the
reauthorization of the Fair Credit Reporting Act. The
preemptions or uniform standards that apply to our national
uniform credit reporting act are due to expire next January 1.
These hearings are being held in anticipation of either
extending those uniform standards and making them permanent, or
making any changes that need to be made in the Fair Credit
Reporting Act to make it more friendly to consumers.
Our first five hearings have revealed without a doubt that
the Fair Credit Reporting Act has led to widespread
availability of credit. Those in the low-and middle-income
classes have benefited tremendously from the Fair Credit
Reporting Act and the availability of interest and the low
interest rate in the United States. This hearing will deal with
identity theft, which is I think by far the most serious
problem facing Americans in their use of credit.
The hearing today consists of three panels. The first panel
is made up of Federal and State law enforcement officials who
will inform us about the ongoing efforts to apprehend and
prosecute identity thieves. Our second panel will actually
consist of two victims of identity theft. They will share their
personal experiences about the crime. I very much appreciate
their courage and their willingness to appear before the panel.
Our final panel includes several representatives from the
financial services industry. They will share their perspective
on FCRA and identity theft. We also have consumer groups
represented.
Identity theft is a crime committed by individuals or
organizations seeking to capitalize on the good name of an
innocent and unknowing consumer. It is a particularly heinous
crime in that it harms not only financial institutions, but
consumers and the effect can be both widespread and last for
many years. A typical incident of identity theft involves a
criminal using the personal data of another individual to
assume that individual's identity. Using that false identity,
the criminal will obtain goods and services using the victim's
credit. The identity thief may also commit additional crimes
using the victim's name, creating a false arrest record for the
victim, or a record of arrest by the victim for crimes that
they never committed.
These activities obviously tarnish the victim's reputation,
credit history and sense of security. The victim of identity
theft must then make a great effort to get his or her credit
report and personal history back in good shape. We sometimes
refer to this as credit repair. Because the financial losses
associated with identity theft are generally the burden of
financial institutions and other businesses, not the consumer,
financial institutions are also the victims of identity theft.
Existing Federal law does address the issue of identity
theft. For example, the Identity Theft and Assumption
Deterrence Act prohibits the transferring or using of another's
identity for fraudulent or other illegal activities. Federal
law also makes it illegal to use or traffic in counterfeit
credit cards or debit cards, and prohibits criminals from
attempting to obtain customer identification and other consumer
information from financial institutions under false pretenses.
The FCRA also is an important tool in addressing identity
theft issues. Financial institutions frequently find that the
consumer reports that they obtain from credit bureaus under the
FCRA provide the most useful information in attempting to
distinguish the identity theft from a legitimate consumer. For
example, discrepancies between an address or Social Security
number contained in a consumer report and the information
contained on an application can be used to identify and prevent
an identity theft before it occurs. In addition, an identity
thief who knowingly and willingly obtains a consumer report
from a consumer reporting agency under false pretenses is
subject to criminal penalties under the FCRA.
The FCRA also plays a central role in mitigating the
consumer harms associated with identity theft. Under FCRA, each
consumer has the right to review the contents of his or her
credit report at no cost, and determine whether fraudulent
activity has been attributed to the consumer's credit file. If
a consumer has been a victim of identity theft which results in
misinformation appearing on the consumer's credit report, the
FCRA establishes a mechanism whereby the consumer can notify
the credit bureau of the fraudulent information and have the
information deleted.
At this time, I am going to recognize the minority ranking
member, Mr. Sanders, for any opening statement that he may
have.
[The prepared statement of Hon. Spencer Bachus can be found
on page 70 in the appendix.]
Mr. Sanders. Thank you very much, Mr. Chairman, and thank
you for holding this important hearing, and thank you all, our
panelists, for being with us this morning. We appreciate that
very much.
Mr. Chairman, today's hearing will focus on identity theft.
Let me just mention that on this side of the aisle, we have a
number of excellent proposals that address that issue. Mr.
Gutierrez, Mr. Ackerman, Mr. Ford, Ms. Hooley, and Mr. Emanuel
have all brought forth some excellent ideas that I think will
take us a long way in addressing the crisis of identity theft.
We all know that identity theft abuses in this country are
skyrocketing. We are going to hear that from our witnesses.
According to data from the Justice Department, 500,000 people,
half-a-million people filed reports with law enforcement in
2002 for identity theft crimes, and an estimated 700,000 are
likely to file similar reports this year. A major problem now,
it is getting worse and we need some solutions to that. In
addition, the dollar losses reported by identity theft victims
have increased from $160 million in 2001 to $343 million in
2002. So this problem is accelerating and it is incumbent upon
this committee to address it. We are going to hear, I know, in
the course of the next few weeks a number of excellent ideas. I
want to bring forth one idea that I think is important. That is
that one very obvious and extremely helpful tool would be to
provide consumers free credit reports and credit scores from
all three credit bureaus at least once a year, and a
description of the key factors that may have adversely affected
the consumer's credit score. In other words, one way to deal
with this issue and many other issues as well is to make sure
that consumers all over this country have free access to their
credit reports. When they have that access, they will be able
to see, wow, who has been ripping me off; who has stolen my
identity; and they will be able to move a lot quicker than they
are at present.
I am happy to inform you, Mr. Chairman, that I have
introduced legislation in this regard which is being supported
by virtually all of the consumer organizations in this country,
including the Consumer Federation of America, Consumers Union,
and the U.S. Public Interest Research Group. Allowing consumers
free access to their credit reports could substantially improve
the accuracy of credit reports and cut down on identity theft.
I look forward to working with you, Mr. Chairman, on this
legislation.
Mr. Chairman, I would also point out a somewhat tangential
issue, but important as well, that very often we will hear
testimony from our friends in the banking industry and the
credit card industry about this and that other matter, but I
think we should be aware as we hear their testimony that in
some instances at least executive compensation in the banking
industry is getting really out of hand. According to an article
that appeared in the Philadelphia Inquirer on June 1, 2003,
``Number one on Business Week's 2020 pay scorecard was
financial giant MBNA CEO Alfred Lerner with $194.9 million.''
Mr. Lerner died in October 2002 and was replaced in November by
Charles Cawley, who managed to place number six on that list
with a total pay of $48.6 million. Not too bad. Two more MBNA
executives who were not CEOs also got megabucks. John Cochran
got $36 million and Bruce Hammonds, $28.6 million.
I raise this issue about excessive CEO compensation to
point out that there are consumers in this country today who
are being ripped off by credit card companies, who are paying
up to 29 percent a year in interest rates. So when we hear our
friends from the credit card companies or the banks telling us
just in what kind of terrible financial need they are in, we
might want to remember that number, and that the top four
executives in that particular company in 2002 earned over $300
million collectively.
Mr. Chairman, the last point that I want to make on credit
cards is that it is absolutely imperative that this committee
address the credit card bait and switch mechanisms that some of
the credit card companies are bringing forth. As we all know,
the credit card industry is hooking consumers into purchasing
credit cards by bombarding them, this is one of the more
astronomical numbers I have ever heard. In a given year, the
credit card companies send out 5 billion solicitations, 5
billion solicitations, many of them going to young people all
over this country. What they promise people is low interest
rates, 0 percent, 3 percent, 5 percent. What they forget to
tell you is that if you borrow money on another credit card, if
you were late in paying your car loan 2 years ago, your credit
card rates can soar. They are ripping off the American people,
and this is an issue that we must address.
Mr. Chairman, I thank you again for calling this important
hearing. I am going to be running in and out because of other
commitments, but I will be back. I thank you for bringing these
witnesses together.
Chairman Bachus. Thank you.
I want to especially thank Mr. Sanders, along with Chairman
Oxley and Ranking Member Frank for working very closely on the
FCRA reauthorization. At this time, I recognize the chairman of
the full committee, Mr. Oxley.
Mr. Oxley. Thank you, Mr. Chairman.
I will be brief and make my opening statement part of the
record, but I did want to commend you for this long march
through the Fair Credit Reporting Act. By my count, some 75
witnesses have testified, just about anybody that has any
opinion whatsoever on FCRA has had the opportunity in your
subcommittee to air their views. You deserve a great deal of
credit, if nothing else but for an iron-pants performance
through these long weeks of hearings that will conclude today.
We will have a voluminous record for the members to pore
through and staff to pore through as we prepare to mark up
legislation when we return after the Fourth of July recess. But
your leadership has not gone unnoticed, and we appreciate the
good bipartisan cooperation we have had on this issue. I think
most of the members understand the critical importance of
reauthorizing FCRA, what it has meant to our economy, that it
has been one of the most successful pieces of legislation ever
passed by any Congress. We want to make sure that this
continues to be able to provide credit to people all over the
country.
So with that, Mr. Chairman, and with my sincere thanks, I
yield back.
Chairman Bachus. I appreciate that, Mr. Chairman.
At this time, Ms. Hooley or Mr. Hinojosa, do you have
opening statements?
Ms. Hooley. I do, Mr. Chair.
Chairman Bachus. Okay. Ms. Hooley, you are recognized.
Ms. Hooley. Thank you.
Good morning. Although I have enjoyed our series of
hearings on FCRA, I am excited that we are finally discussing
in depth one of the core problems that has developed with our
national credit system, the problem of identity theft. Identity
theft is the fastest growing white collar crime in America, and
legislation to correct and stem the rising tide must be enacted
as soon as possible.
As you may know, the Federal Trade Commission reported that
the number of persons filing complaints of identity theft with
the agency nearly doubled from 2001 to 2002. A 2003 survey I
recently saw found that 92 percent of Americans think it is
important that the government take action on the issue of
identity theft. I have been fighting to enact common sense
legislation to fight identity theft for 5 years. For the first
time since this struggle began, I feel the momentum is
unstoppable and that legislative action on this subject is no
longer a question of if, but rather of when.
We cannot and we must not ignore the fact that Americans
throughout the country are begging us to act and to help them.
They are begging for action sooner, rather than later. When
this happens to a person, they feel violated. They are
frustrated. They are angry. It takes way too long to get
through the system, and many times they have a hard time just
proving who they are and then it takes a longer time to get
their credit report cleaned up.
Myself and Mr. LaTourette from Ohio have introduced the
Identity Theft and Financial Privacy Protection Act with nearly
50 cosponsors, many of whom are sitting in this room. If this
bill is enacted, it will go a long ways toward fighting the
rise of identity theft. It is not perfect. I know there are
other proposals that should also be enacted, but I firmly
believe that every provision of this bill will enhance our
citizens's security and improve our credit process. I know that
Mr. LaTourette shares my conviction.
As I said, I believe the time to act is now, during our
discussion of FCRA. I believe the problem of identity theft is
so severe that any extension of FCRA that I support must
include significant measures to fight identity theft. It seems
to me there is no option. We in Congress must act this year to
protect both our consumers and financial institutions from the
disastrous effects of identity theft. I want to thank each of
the witnesses for giving up your time today to talk about
identity theft and the broader issue of reauthorization of
FCRA. I look forward to continued debate on the subject and to
all your comments, and to my ranking member and to the chair,
thank you so much for everything you have done on this issue.
Thanks.
Chairman Bachus. Thank you.
I want to recognize the lady from Oregon, Ms. Hooley. You
and Mr. LaTourette have worked with other members of this panel
on identifying identity theft issue and the need for the
personal information of consumers to be more secure, and to
take steps in this legislation going forward to make our
ability to combat identity theft more effective.
At this time, I will recognize the gentleman from Ohio, Mr.
LaTourette.
Mr. LaTourette. Thank you very much, Mr. Chairman.
I want to thank you very much for having this hearing
today, together with the Ranking Member. I want to bring to the
subcommittee's attention an individual who is going to be
testifying on the second panel today, and that is Maureen
Mitchell, who hails from my hometown in Madison, Ohio. I have
known Maureen and her family for a number of years. As a matter
of fact, her son and my daughter traversed their way through
the Madison public school system together. It came as a
surprise to me when in 1999 she called and said, ``Steve, I
need your help.'' It should be noted that Maureen is usually an
unflappable registered nurse, a licensed realtor, and a wife
and mother. It was clear to me that something serious was going
on, causing her to come visit us in Painesville.
What I did not know and could not have expected was the
unbelievable saga that was about to unfold for Maureen and her
family. She had discovered that she was a victim of identity
theft. Her determined efforts to resolve the situation through
repeated calls to her creditors, law enforcement, and the FTC,
credit reporting agencies were only leading her further down a
downward spiral of frustration and financial strife. In the
years since her first visit to my office, Maureen has testified
before a number of committees here in Washington and most
recently in the Statehouse in Columbus, Ohio. One of the things
that I found interesting was that in some instances of identity
theft you say, well, you went online and you bought something
using a credit card on a computer, you had your wallet stolen
or your purse stolen, or maybe somebody broke into your
mailbox, but none of those items were present in Maureen's and
Ray's case.
The severity of Maureen's case is what inspired me, along
with my good friend Darlene Hooley, in the 106th Congress to
begin working on a bill. In this Congress, it is known as the
Identity Theft and Financial Privacy Protection Act. Mr.
Sanders will be pleased to know that one of the provisions in
that bill is in fact the provision that every consumer receive
a free credit report from the agencies, and his idea has been
adopted as well.
With reauthorization of the Fair Credit Reporting Act a
likelihood later in this year, our committee is in a unique
position to take the necessary steps to improve and continue
the fight against identity theft, which is one of the fastest
growing, most personally destructive and invasive crimes that
can be committed against an individual. I would urge all of my
colleagues to read Maureen's complete written testimony, as
hers is a compelling case for this committee to act in a swift
fashion. To give you some idea of the enormity of the extent
that the Mitchell family has been victimized, all told it is
well over $100,000. Their identities have been used to apply in
a 2-hour period for $45,000 worth of personal loans at three
different banks in Chicago, and they are the proud owners of
two luxury sport utility vehicles, neither of which they ever
purchased.
Maureen, I want to thank you for being here today and I
hope that one day you will have the opportunity to visit
Washington without an invitation to testify on your identity
theft ordeal. Hopefully this hearing and legislation will begin
to help you and the thousands of other victims of this crime
get your lives back on track.
Again, Mr. Chairman, thank you for holding these hearings,
and I very much look forward to hearing from our witnesses.
Chairman Bachus. Thank you, Mr. LaTourette. You have
chaired some of the hearings in this regard, and I very much
appreciate that.
Let me read down through the list and see if any of the
members have opening statements. This is in order of arrival.
Ms. Kelly, do you have an opening statement? I also want to say
that Ms. Kelly was the first member to hold hearings on
information security in the House of Representatives, and we
very much appreciate your early identification of the issue of
identity theft.
Mrs. Kelly. Thank you, Mr. Chairman.
I really appreciate the fact that you are holding this
hearing on the role of the FCRA in preventing identity theft.
Earlier this year, we chaired a joint hearing together on
fighting identity fraud and improving information security. In
that hearing, what we learned was that identity theft is among
the fastest growing crimes in America. It is a top consumer
complaint according to the FTC. More importantly, we discovered
that combating identity theft requires the collaborative effort
of law enforcement and regulatory agencies, as well as
consumers and financial institutions. All four need to be
involved if we are going to stop identity theft, and all of
them have to have appropriate access to appropriate
information.
As this committee continues to explore the reauthorization
of the FCRA, I would like to stress the impact that this law
has had on our ability to combat identity theft and help the
law enforcement officials in charge of tracking down illicit
money get that job done. They do that job under the USA PATRIOT
Act, this is one of the really positive things of the USA
PATRIOT Act, and the FCRA has helped do that. The FCRA and
information sharing that it has provided is essential to
protecting the American people by detecting suspicious activity
and weeding out the wrongdoers.
The national uniform standards under the FCRA have also
facilitated a financial institution's ability to utilize
additional authentications and identity verifications to
protect consumer security. The protections incorporated in the
FCRA are critically important in enabling victims to correct
the damage to their credit histories created by identity
thieves.
Over the last few weeks, we have heard testimony from many
diverse panelists from lots of different witnesses endorsing
the extension of the FCRA uniform standards. The Department of
Treasury specifically highlighted the importance of the
national credit reporting system in helping to detect identity
theft, and in creating a framework for assisting its victims. I
share these views and I think we have got to reauthorize the
FCRA to protect Americans from really truly hideous and
preventable crimes.
I thank all of the witnesses for appearing here today. I
look forward to hearing what you have to say on strengthening
our network to combat identity theft. But I am also pleased,
and I am going to take a moment here to introduce one of the
special witnesses from the great State of New York who will
appear on the third panel. His name is Joshua Peirez. He is the
Senior Vice President and Assistant General manager for
MasterCard. Mr. Peirez is the counsel for MasterCard's North
American region and he comes from my county, Westchester County
in New York. It is great to have Mr. Peirez here. I look
forward to his testimony and the testimony of all of the
witnesses.
I thank you and yield back my time.
Chairman Bachus. I appreciate that.
At this time, the Chairman recognizes the gentleman from
Texas, Mr. Hinojosa. Also, Mr. Hinojosa, I want to say that you
and I will be holding hearings Thursday on expanding
consumers's rights to obtain financial services in the low-and
middle-income communities, and the need of the underserved for
more financial services.
Mr. Hinojosa. Thank you, Mr. Chairman. I look forward to
working with you on that hearing on Thursday.
Today, I want to thank Chairman Bachus and Ranking Member
Sanders for holding this final non-legislative hearing today to
investigate the role of the Fair Credit Reporting Act in
fighting identity theft. It is necessary that we continue to
assess the importance of the national credit reporting system.
I look forward to this hearing and to hearing additional
testimony to further clarify this issue.
As I noted at the first hearing, my office was contacted
frequently by numerous individuals and groups about the Fair
Credit Reporting Act in the first half of this year. I
personally heard from industry, consumer groups and several
regulators on the issue. Lately, I have not been contacted by
industry groups nor consumer groups on what they would like
included in the legislation that likely will be crafted and
introduced in the near future. It is my hope that Treasury and
the Administration will publish its long-awaited proposals on
identity theft and the FCRA, perhaps as soon as this week.
Most of us realize that language has been available at the
Treasury Department, but the White House has been taking its
sweet time deciding what position to take on Treasury's
proposal, while also watching closely the developments in the
House and the hearings in the Senate. In 2001, more than
117,000 complaints from identity theft victims were added to
FTC's database. In 2002, those complaints increased to almost
162,000. According to FTC Chairman Beales, the dramatic
increase may reflect a growing awareness of consumers about
identity theft.
Consumers who call the FTC hotline receive telephone
counseling from specially trained personnel who provide general
information about identity theft and help guide victims through
the steps needed to resolve the problems resulting from the
misuse of their identities. Consumers are advised to contact
the three national consumer reporting agencies and have a fraud
alert place in their file, close accounts identity thieves have
accessed, dispute unauthorized charges and report the theft to
the police and get a police report.
Identity theft occurs when a consumer's Social Security
number, credit card number, or name is used without his or her
knowledge to open fraudulent credit, telecommunications or
utility accounts, or to use already existing accounts. It can
also occur when an individual's name is used unknowingly to
pass bad checks or to get loans, jobs or obtain housing. This
crime potentially affects every consumer in all sectors of the
financial services industry, including financial institutions,
credit card companies, insurance companies, mortgage companies,
and hospitals. The theft can be carried out over the telephone
by computer hacking into an individual's confidential files or
by stealing hard copies of a company's billing information. The
victim of the theft usually does not realize the information
has been stolen until sometime later. As a result, these crimes
could be used to support terrorism, among other criminal
activities.
Today, I cosponsored H.R. 2035, the Identity Theft and
Financial Privacy Protection Act of 2003, introduced by my
friend, Congresswoman Hooley, the Chair of the Democratic Task
Force on Identity Theft on which I serve. The Task Force
investigated the exploding problem of identity theft, the
fastest growing white collar crime in America, and other
financial crimes. I decided to cosponsor Congresswoman Hooley's
legislation because it contains strong provisions that will
help fight identity theft. These provisions in this bill are
extremely important to us in Texas, which ranks fifth in the
number of identity theft complaints reported to the FTC.
I have said in the past that one of the main decisions we,
as a Committee, needed to make is whether to extend all seven
exceptions to the Fair Credit Reporting Act that preempt State
law, just some of the exceptions or none of them. They all
expire January 1, 2004. On June 11, 2003, I and several new
Democrats cosigned a letter to Chairman Oxley and Ranking
Member Frank looking towards their leadership to ensure that
legislation extending the seven expiring provisions of the Fair
Credit Reporting Act is passed by the House and Senate before
their termination on January 1 of next year. I believe that
these seven provisions enhance the efficiency of the nation's
credit system, promote access to the financial industry,
protect American consumers, and I am firmly committed to
extending them.
With that said, Mr. Chairman, I ask that the rest of my
statement be included in today's record of the proceedings.
[The prepared statement of Hon. Ruben Hinojosa can be found
on page 76 in the appendix.]
Chairman Bachus. I thank the gentleman.
I now recognize subcommittee Chairman Castle and commend
him for his expertise in the matter of FCRA and your
participation in these hearings.
Mr. Castle. Thank you, Mr. Chairman.
When they write the book about pieces of legislation not
having sufficient hearings, anyone who protests that you did
not have sufficient hearings, send them to me. We have had more
hearings on this subject, more panels than anything that I
remember since I have been in the Congress of the United
States, and I came with you, on the Fair Credit Reporting Act.
And they have been informative, and I believe it has served its
purpose, Mr. Chairman. I think we have a consensus forming on
both sides of the aisle, now both sides of the Capitol, that
extending the preemption provisions in FCRA is essential to our
economy.
I am particularly interested in today's topic, the role
FCRA plays in fighting identity theft because that is at the
heart of people's concerns about their financial privacy. As we
seek to pass legislation to extend FCRA's preemptions, we need
to be careful that efforts to improve FCRA in the name of
privacy do not have unintended consequences of undermining the
ways FCRA currently prevents identity theft. I think today's
hearing will establish the foundation we need to make sure the
law of unintended consequences does not become an amendment to
future legislation in the area.
I would like to mention way down on the third panel is an
extraordinary Delawarean and American, Jim Kallstrom, who is
now living in the State of Delaware. I think it is safe to say
that when times get tough and the nation needs smart capable
people to serve, Jim Kallstrom's name rises quickly to the top.
In addition to his decades of service to our nation as a Marine
Corps captain in Vietnam and an FBI Special Agent in Charge,
Mr. Kallstrom rose to the occasion after 9-11, leaving MBNA,
where he works in Delaware, to serve as the Director of public
security for the State of New York. There he was responsible
for counterterrorism planning and operations and served as the
point of contact for the State with the then-White House Office
of Homeland Security. Now Jim splits his time among advising
the Governor of New York on counterterrorism, advising MBNA,
and hosting the Discovery Channel weekly show, The FBI Files.
So we thank him very much for being here today and look forward
to his testimony, as well as the testimony of the others.
Thank you, Mr. Chairman.
Chairman Bachus. Thank you.
Mr. Lucas or Mr. Crowley, do you have opening statements?
Mr. Crowley. Mr. Chairman, I do not have an opening
statement. I just want to welcome someone later on as well in
the second panel, Maureen Mitchell, who is nee Sullivan. She
now lives in Ohio, but was originally from Woodside, Queens.
Just for the record, I want to welcome her if I am not here
later on.
Thank you, Mr. Chairman.
Chairman Bachus. I thank the gentleman from New York.
At this time, it is my pleasure to introduce the gentleman
from Arizona, Mr. Shadegg, and to remind members of the
committee that it was Mr. Shadegg that actually introduced the
Identity Theft and Assumption Deterrence Act and was the main
sponsor of that legislation. So I commend you for that, Mr.
Shadegg, and we welcome your participation in this hearing and
your early leadership.
Mr. Shadegg. Thank you very much. Thank you, Chairman,
Bachus, for allowing me to be a part of this Financial
Institutions Subcommittee hearing on identity theft. I am
pleased to be here to listen to the testimony that will be
provided by our distinguished witnesses.
I am particularly interested in hearing the testimony from
our second panel, the victims of identity theft. I strongly
believe that we will learn the most about appropriate
legislative responses from those who have experienced this
crime first-hand and are intimately familiar with the
difficulties victims face in trying to clear their name and
repair their credit after an identity theft crime has occurred.
My personal interest in identity theft began about five
years ago when two of my constituents, Bob and JoAnn Hartle of
Phoenix, Arizona were the victims of identity theft.
Unfortunately, Mr. and Mrs. Hartle could not be here with us
today to tell their story. I am confident that we would have
benefited from their experience and expertise as independent
consultants to other consumer victims of identity theft. Mr.
Chairman, I would like to request unanimous consent to submit
for the record their written testimony.
Chairman Bachus. Without objection.
Mr. Shadegg. Bob and JoAnn Hartle were instrumental in
getting the first State law in the nation to criminalize
identity theft passed. Mr. and Mrs. Hartle suffered the
devastation of identity theft when a convicted felon took Mr.
Hartle's identity and made purchases totaling over $100,000.
This individual also used Mr. Hartle's identity to obtain a
security clearance to secure areas of Phoenix's Sky Harbor
International Airport, and to purchase handguns using Mr.
Hartle's clean record to get around the Brady gun law.
As a result of this victimization, Mr. and Mrs. Hartle were
forced to spend more than four years of their lives and more
than $15,000 of their own money to restore their credit because
there were no Federal penalties for identity theft. Their case
led me to introduce a bill in the House that was eventually
signed into law, the bill you referenced, Mr. Chairman, the
Identity Theft and Assumptions Deterrent Act of 1998. It gave
law enforcement agencies the authority to investigate and
prosecute identity theft crimes. Mr. and Mrs. Hartle turned
their experience into something positive by establishing a
nonprofit organization to assist other victims of identity
theft. Their Web site, Error! Bookmark not defined., is
available to provide guidance to identity theft victims
nationwide. Identity theft ranges from individual instances
like the Hartles involving small or large dollar amounts, to
large organized professional crime rings. TriWest Healthcare
Alliance, a company located in my district, may have been the
victim of a professional crime ring. On December 14, 2002,
computer hard drives containing their clients's sensitive,
personally identifiable information were stolen from TriWest
Phoenix's office.
The nature of identity theft has changed and threat is more
likely than ever to come from breaches of data security.
According to the Federal Trade Commission, there is a shift by
identity thieves from going after single individuals to going
after mass amounts of information. Law enforcement experts now
estimate that half of all cases come from the thefts of
business databases as more and more information is stored in
computer databases that are vulnerable to attack from hackers.
The identity theft legislation that I introduced and was
signed into law in 1998 was an important first step on the road
to crack down on identity fraud crimes. However, Mr. Chairman,
clearly more legislation is needed in this area to protect
consumers from identity theft. I am currently working on my own
draft and there have been many others discussed here today,
some of which have already been introduced. I look forward to
hearing the testimony from our witnesses and to working with
you and the other leaders in the Congress on legislation in
this area.
I thank you and I yield back the balance of my time.
Chairman Bachus. Thank you.
I would like to again thank the gentleman from Arizona for
participating in our hearing. We felt like having the author of
the first piece of Federal legislation to combat this problem
would be appropriate, and we certainly appreciate your
participation.
Mr. Shadegg. Thank you, Mr. Chairman.
Chairman Bachus. I think it is appropriate that with Mr.
Shadegg's opening statement, I understand no other members of
the subcommittee have opening statements. That being the case,
I think it is appropriate for us to move to our first panel. I
want to introduce them.
Mr. Howard Beales, III. Mr. Beales is testifying for the
third time in our series of hearings. He is the Director of the
Bureau of Consumer Protection at the Federal Trade Commission.
We always find your testimony enlightening, Mr. Beales, and we
welcome you back.
Mr. Daniel Mihalko, Inspector in Charge of the United
States Postal Inspection Service, we appreciate your assistance
with the subcommittee in preparing for these hearings. Mr. Tim
Caddigan, Special Agent in Charge, Criminal Investigation
Division, the United States Secret Service, we welcome you, Mr.
Caddigan. And last but not least, Ms. Mary Ann Viverette, who
is the Chief of Police for the City of Gaithersburg, Maryland,
which is a suburb of Washington, on behalf of the International
Association of Chiefs of Police. We welcome you to this
morning's hearing.
Mr. Beales, if you would lead off with your testimony.
STATEMENT OF J. HOWARD BEALES, III, DIRECTOR OF THE BUREAU OF
CONSUMER PROTECTION, FEDERAL TRADE COMMISSION
Mr. Beales. Thank you very much, Mr. Chairman and members
of the subcommittee. It is a pleasure to be back in front of
you again today.
I am pleased to have this opportunity to discuss identity
theft and its relationship to the Fair Credit Reporting Act.
The views expressed in the written statement are those of the
Commission, but my oral presentation and responses to questions
are my own and do no necessarily represent the views of the
Commission or any individual commissioner.
Identity theft, as you noted, can be devastating to
consumers's reputations, to their financial well-being and to
their sense of security. At the FTC, we are fighting identity
theft on many fronts. For example, in partnership with the
Justice Department and all of the agencies that are represented
at this table, the Postal Inspection Service, the Secret
Service, and the International Association of Chiefs of Police,
we are training local law enforcers on how to fight identity
theft. Today, we are holding a training session in Westchester,
New York.
We at the FTC are also providing law enforcers with case
referrals from our identity theft data clearinghouse. We are
also working to keep consumers' financial data safe through our
new safeguards rule, which took effect at the end of May, and
our enforcement actions against companies that fail to keep
their security promises to consumers. Just last week, we
announced a settlement with online retailer Guess.com for
failing to protect customer data as promised. We also released
a tip sheet for businesses on the steps they should take to
assure the security of their online systems.
Through workshops, educational campaigns and our ID theft
hotline, we are counseling consumers and businesses on how to
prevent identity theft. We are also providing consumers with
tools such as our uniform identity fraud affidavit to help them
recovery more quickly and easily from identity theft.
Today, you have asked for testimony about identity theft in
the Fair Credit Reporting Act. In addition to harming
consumers, identity theft threatens the fair and efficient
functioning of consumer credit markets. It undermines the
accuracy and credibility of the information flows that support
those markets. Credit bureaus are simultaneously a target for
identity thieves and a valuable resource for combating identity
theft. The credit reporting system can play an important role
in helping to detect identity theft, in limiting the damage
from identity theft, and in helping victims to clean up the
mess that thieves leave behind.
The Fair Credit Reporting Act helps consumers detect
identity theft by providing consumers access to credit reports
when they need them most. A credit report digests in one timely
document all accounts opened in the consumer's name, and it is
the best way to discover those accounts that may have been
opened by an impostor. Under the FCRA, consumers who believe
they may have fraudulent information in their files are
entitled to a free credit report.
Moreover, the FCRA requires that consumers who are denied
credit based on information in a credit report be notified of
the adverse action and given the opportunity to obtain a free
copy of the credit report. This adverse action notice can alert
consumers that they may have bad marks on their credit record
that they do not know about. The free credit report helps them
to pinpoint the fraudulent or erroneous accounts. Adverse
action notices provide consumers with a critical safeguard and
we are vigorously enforcing the FCRA's adverse action
provisions.
In addition to helping victims detect identity theft, the
credit reporting system helps limit the damage that identity
thieves can cause by allowing for the placement of a security
alert in a victim's credit file. Currently, the three major
credit bureaus include a standardized format security alert in
the credit reports of identity theft victims. This alert puts
potential creditors on notice that they should proceed with
caution when granting credit in the victim's name.
Finally, the credit reporting system can help identity
theft victims clean up the bad credit marks caused by a thief.
A common problem of victims is that they find it difficult to
get credit, insurance or employment in the wake of an identity
theft incident because the impostor has damaged their credit
history. The big three credit bureaus now allow victims to
block fraudulent information on their credit report with a
valid police report of the identity theft incident.
We are working with the credit bureaus to develop other
victim assistance programs. For example, this spring the credit
bureaus implemented their joint fraud alert initiative whereby
victims only need to call one credit bureau to get a security
alert and a free credit report from all three. These and other
kinds of steps can help to reduce the costs and the
consequences for identity theft victims, but there is clearly
more to be done.
I thank you for the opportunity to appear today. I look
forward to responding to your questions.
[The prepared statement of J. Howard Beales III can be
found on page 87 in the appendix.]
Chairman Bachus. I appreciate that.
Mr. Mihalko?
STATEMENT OF DANIEL L. MIHALKO, INSPECTOR IN CHARGE,
CONGRESSIONAL & PUBLIC AFFAIRS, UNITED STATES POSTAL INSPECTION
SERVICE
Mr. Mihalko. Thank you, Mr. Chairman. Good morning, members
of the subcommittee. On behalf of the Postal Inspection
Service, I would like to thank you for holding this hearing and
giving me the opportunity to discuss identity crimes and the
significant role the Postal Inspectors play in combating it.
To put things in perspective, I would like to start by
talking about three things: the mail, the Postal Service and
identity crimes. The Postal Service delivers about 200 billion
pieces of mail each year. In this country, there is an
expectation that each one of those pieces is going to get
delivered not only in a timely manner, but it is not going to
be tampered with, no one is going to take anything out of it,
no one is going to read the correspondence. The responsibility
for safeguarding those 200 billion pieces of mail rests with
the Postal Inspection Service.
As Federal law enforcement officers, we ensure the
confidence in the mail by enforcing over 200 Federal statutes
that deal with the mail. Primary among those are the theft or
possession of mail and the oldest and the still most effective
consumer protection law, the mail fraud statute. Last year,
Postal Inspectors made over 11,000 arrests, 6,000 of those were
for mail theft. Of those 6,000, 2,000 were for identity theft
crimes. In fiscal year 2003, we have already surpassed that
number of identity theft arrests.
I think this morning we have already heard some good
explanations and definitions of what identity theft is and the
way it occurs. Over the years, Postal Inspectors have developed
an expertise in working these types of cases, particularly when
they involve the use of the mail. Those that involve the use of
the mail receive swift action by Postal Inspectors. We work
hard to ensure consumers are being protected. In addition, we
work closely with the mailing and the financial industry to
develop guidelines on how best to design mailing pieces to
prevent theft. This partnership illustrates how the industry as
a whole is serious about the issue. Mail is very important to
consumers who receive it, and it is very important to the
businesses that send it.
I am sure all of you have received preapproved credit
applications in the mail. Those mailings were prime targets for
an identity thief because they simply required a signature and
the return of the form back to the company. When stolen from
the mail, the thief could redirect the response to the
application to a different address and have the credit card
sent there. But times have changed due to our efforts and
industry awareness. For example, credit card companies have
adopted our security recommendations and now automatically
discard applications when they are returned with a change of
address, making them less attractive to the identity thief.
Also, industry has changed its practices. Credit offers now
contain much less information.
Fraudulent changes of address sent through the post office
used to be another favorite vehicle for identity thieves, but
not anymore. The proactive effort by the Postal Service to
prevent false changes of address is the move validation letter.
When a change of address is filed now, the Postal Service sends
a letter to both the old and the new address. The letter
instructs the individual to call an 800 number if they have not
filed the change of address. This simple measure has virtually
eliminated the placing of false change of addresses with the
Postal Service as an avenue for committing identity theft.
As we have made it more difficult for mail theft to be a
component of identity theft, the crime has evolved to the
Internet and other electronic means. Personal information
contained in corporate and government records and computer
databases is a fertile area for dishonest employees working in
conjunction with identity thieves. Businesses understand the
need to protect their personal data. Improved data security
should be a goal of all businesses. We can measure arrests and
the effectiveness of law enforcement efforts, but it is hard to
measure the full impact on victims, and it can be devastating.
I am sure you are going to be hearing about that in your second
panel when the victims testify. A couple of interesting points,
most victims do not learn about the theft of their identity
until 14 months after it has occurred. It generally takes about
44 months to clear up their cases, and victims report that they
spend on average 175 hours actively trying to restore their
credit rating and to clear their good name. Victims run the
gamut of society. They are wealthy; they are poor; they are
old; they are young. No one is immune and everyone is a
potential victim.
Our experience has shown that enforcement laws coupled with
an aggressive education campaign, the cooperation of industry
and the interagency enforcement efforts are invaluable tools in
the fight against identity crimes. In addition to modifying
industry practices and making financial mailings less
attractive to a thief, our partnerships have resulted in a
number of fraud prevention guides. The first one is Identity
Theft, Safeguard Your Personal Information. This is a Postal
Inspection Service publication we first put out in the late
1990s. As of this point, we have printed and distributed over 2
million of these guides to businesses and consumers.
Second is a video called Identity Theft, The Game of the
Name. This is a video that is put out for law enforcement, for
consumer groups, and for corporate personnel. It talks about
the dangers of identity theft and some prevention tips. Another
guide that we put together is Detecting and Preventing Account
Takeover Fraud, a publication which goes towards credit
grantors with information for preventing takeover schemes.
Later this year, the joint law enforcement-financial industry
task force called the Financial Industry Mail Security
Initiative will issue a book on best practices developed over
the years.
As Congresswoman Kelly said, aggressive law enforcement
efforts are not enough. They are a key component of our
mission, but arrests are not the only solution. We have found
that creating awareness and prevention programs for consumers
can go a long way to lessen the impact this crime has on the
public. In addition to the two brochures and the videos
mentioned, we partnered with Showtime network in 2000 to
produce a Showtime movie on television about identity theft
based on cases of Postal Inspectors. This past year during
national consumer protection week, Postal Inspectors partnered
with the Postal Service's consumer advocate in a nationwide
awareness campaign on identity theft. This September, the
Postal Inspection Service, along with our partners the FTC and
the Postal Service, will be unveiling yet another nationwide
campaign. This one is also on identity theft.
This year, we are going to take a two-pronged approach. We
are going to be providing information to consumers as we have
in the past, but we are also going to be addressing businesses
on the need to safeguard their files and databases of
customers' information. Actor Jerry Orbach of television's Law
and Order fame, who also was a victim of identity theft, has
agreed to be the campaign spokesperson. The campaign will
include a mailing to residences in 10 States identified by the
FTC as reporting the most identity theft complaints, a public
service announcement featuring Jerry Orbach, and an identity
theft insert outlining prevention tips that will be included
with monthly financial industry statements. We will be
displaying in lobbies in all 38,000 post offices, which is
going to make people aware of identity theft and some of the
prevention tips. We are also going to produce another
informational video and we are going to place half-page
newspaper ads in the major newspapers in the 10 States that the
FTC identified as having the most complaints.
The Mullen agency of Pittsburgh has provided support for
this campaign on a pro bono basis, but what really makes this
campaign unique is the funding source. We have all heard the
saying, ``crime does not pay.'' Well, in the case of this
awareness case, it does pay. This campaign is being funded
through a unique application of fines and forfeitures paid by
criminals in a past fraud case.
Educating the public and working to reduce opportunities
where the Postal Service and the mail can be used for illegal
purposes are crucial elements in our fight against identity
crimes. As always, we will do our part to remove criminals from
society. We appreciate the subcommittee's recognition of the
importance of this issue.
Thank you, Mr. Chairman.
[The prepared statement of Daniel L. Mihalko can be found
on page 165 in the appendix.]
Chairman Bachus. Thank you.
Special Agent Caddigan?
STATEMENT OF TIM CADDIGAN, SPECIAL AGENT IN CHARGE, CRIMINAL
INVESTIGATIVE DIVISION, UNITED STATES SECRET SERVICE
Mr. Caddigan. Mr. Chairman, Mr. Sanders, thank you for
inviting me to be part of this hearing today and the
opportunity to address the committee regarding the Secret
Service's efforts to combat identity crime and protect our
nation's financial infrastructure.
The explosive growth of identity theft-related crimes has
resulted in the evolution of the Secret Service into an agency
that is recognized worldwide for its expertise in the
investigation of all types of financial crimes. Our efforts to
detect, investigate and prevent financial crimes are
aggressive, innovative and comprehensive. The burgeoning use of
the Internet and advanced technology, coupled with increased
investment and expansion, has intensified competition within
the financial sector. Although this provides benefits to the
consumer through readily available credit and consumer-oriented
financial services, it also creates a target-rich environment
for today's sophisticated criminals, many of whom are organized
and operate across international borders.
Identity crime is not targeted at any particular
demographic. Instead, it affects all types of Americans
regardless of age, gender, nationality or race. What victims do
have in common is the difficult, time-consuming and potentially
expensive task of repairing the damage that has been done to
their credit, their savings and their reputation. According to
the GAO, the average victim spends over 175 hours attempting to
repair the damage inflicted by identity crime.
Identity crimes originate when another person obtains your
personal or financial identifiers. Methods of acquiring such
information range from the so-called ``dumpster diving'' where
the criminal searches through your garbage for billing
statements or other documents that may include personal
identifiers, to insiders who purge information from their own
company's database and place it for sale on the Internet.
Since our inception in 1865, the twin pillars of the Secret
Service have been prevention and partnership building. A
central component of the Secret Service's preventive effort has
been to increase awareness of issues related to identity crime,
both in the law enforcement community and among the general
public. The Secret Service has undertaken a number of unique
initiatives aimed at increasing awareness and providing the
training necessary to combat identity crime and assist victims
in rectifying damage done to their credit. This includes the
development of a number of training tools designated to assist
our local law enforcement partners.
Mr. Chairman, I cannot emphasize enough the importance of
sharing expertise with our local and state police partners, and
empowering them with the ability to respond on the local level
to identity crimes. In a nation of thousands and thousands of
communities and a population exceeding 270 million, providing
the first responder, in this case a local police officer, with
the training and information they need to investigate an
identity crime and provide victim assistance, is imperative.
We believe the Secret Service can best service the American
people by acting as a force multiplier. In other words,
directing our efforts towards providing the 700,000-plus local
and State law enforcement officers with the tools and resources
they need to provide assistance in their communities. In
partnership with the International Association of Chiefs of
Police, the Secret Service produced the best practice guide for
seizing electronic evidence. This pocket-sized guide instructs
law enforcement officers in the seizure of evidence, from
personal computers, wireless telephones, to digital cameras. We
have also worked with this group and our private sector
partners to produce the interactive computer-based training
program known as Forward Edge, which incorporates virtual
reality features and technical support to instruct local law
enforcement officers on how to address an electronic crime
scene.
Thus far, we have distributed free of charge over 300,000
best practice guides and over 20,000 Forward Edge CDs to State,
local and Federal law enforcement officers. In addition, we are
nearing completion of an identity crime video and CD-ROM which
will contain over 50 investigative and victim assistance
resources that law enforcement officers can use when combating
identity crime. In the coming weeks, we will be sending an
identity crime CD-ROM to every law enforcement agency in the
United States. Over 25,000 identity crime CD-ROMs are being
prepared for distribution.
In short, any police department in the country, regardless
of size or resources, now has access to state-of-the-art
training as well as multiple investigative and victim
assistance resources to help them combat identity crime. In a
joint effort with the Postal Inspectors, the FTC, the
Department of Justice and the International Association of
Chiefs of Police, we are hosting identity crime training
seminars for local law enforcement. In the last year, we have
held such training seminars in Chicago, Dallas, Las Vegas, Des
Moines, Washington, D.C., and Phoenix, and seminars are planned
in the near future for Washington State and Texas. One, as
previously reported, is ongoing in New York State as we speak.
For law enforcement to properly prevent and combat identity
crimes, steps must be taken to ensure that State, local and
Federal agencies are addressing victims' concerns in addition
to actively investigating identity crime. It is essential that
law enforcement recognize that identity crimes must be combated
on all fronts, from the officer who receives the victims's
complaints to the detective or agent investigating an organized
identity crime ring. The Secret Service is prepared to assist
this committee in protecting and assisting the people of the
United States with respect to prevention, identification and
prosecution of identity criminals.
Mr. Chairman, that concludes my prepared remarks. I am
happy to answer any questions your or the committee members may
have.
[The prepared statement of Tim Caddigan can be found on
page 100 in the appendix.]
Chairman Bachus. Thank you, Agent Caddigan.
At this time, we will hear from Chief of Police Viverette.
STATEMENT OF MARY ANN VIVERETTE, CHIEF OF POLICE, GAITHERSBURG,
MARYLAND, ON BEHALF OF THE INTERNATIONAL ASSOCIATION OF CHIEFS
OF POLICE
Ms. Viverette. Good morning. I am pleased to be here this
morning on behalf of the International Association of Chiefs of
Police.
As I appear before you today, the issue of identity theft
is one of great and growing concern to the law enforcement
community. In a relatively short period of time, identity theft
has transformed from a relatively unnoticed crime to a major
problem in the United States and around the world. In the last
few years, personal information has become one of the
commodities most sought after by criminals in this country and
elsewhere.
Although identity theft is in itself a criminal act under
both Federal and most State laws, the theft is almost always a
stepping stone to the commission of other crimes such as credit
card, bank, computer and Internet fraud, designed to enable the
perpetrator to profit from the original theft. Furthermore,
funds obtained illegally as a result of the identity theft and
its resultant frauds may be used to finance other types of
criminal enterprises, including drug trafficking and other
major forms of criminal activity. As the use of technology to
store and transmit information increases, so too will identity
theft.
The ability to accurately define the financial losses of
the vast number of crimes committed by means of identity theft
is not possible at this time. Many identity theft crimes are
not reported to the police and there is no single source of
information on this issue. It is fair to say, however, that the
cumulative financial losses from identity theft and various
crimes that feed from it are staggering. However, perhaps even
more tragic than the monetary loss, is the personal cost of
identity theft. Because identity theft by definition involves
the fraudulent obtaining of funds in the name of someone else,
the victim of identity theft may sustain not only great
financial loss, but also severe damage to credit standing,
personal reputation and other vital aspects of the victim's
personal life. Even if the victim ultimately clears his or her
credit records and avoids other personal and financial
consequences of identity theft, the physical and mental toll on
the victim can be significant.
Identity theft is not perpetrated only by so-called ``white
collar'' thieves. It is committed by criminals of all types. A
recent report indicated that during the period of November 1999
to March 2001, about 12 percent of all suspected perpetrators
had a personal relationship of some sort with the victim.
However, the remaining 88 percent of suspects had no relation
to the victim of the theft. In most cases, the thieves are
geographically located far from the victim's place of work or
residence. These perpetrators may be solo operators, but more
often are members of a larger criminal organization. Such
organizations may be local, regional, national or
international.
In early years, the involvement of local police departments
in identity theft cases was typically minimal. In fact, many
local police departments did not know how to respond because
the crime was not well understood. This was caused by several
factors, including the lack of State laws making identity theft
a crime, the fact that most identity theft operations are
multi-jurisdictional enterprises with perpetrator and victims
usually widely geographically separated, and the general lack
of police expertise in investigating the crime of identity
theft.
Fortunately, the situation is now rapidly being remedied.
The passage of numerous Federal and State statutes has given
law enforcement agencies the authority to investigate and
prosecute identity theft crimes and departments everywhere are
becoming more aware of the significance of identity theft and
the availability of a means to combat it. Effectively combating
identity theft will require not only the dedication of
significant resources and personnel, but also greater
collaboration and cooperation between Federal, State, tribal
and local law enforcement agencies. This information-sharing
among agencies is essential as it may not only lead to
successful prosecution of the case in one jurisdiction, but
concurrent investigations in other areas of the country. I am
pleased to say that in recent years law enforcement agencies
have made significant strides in this area, and are increasing
our capability to investigate, track, apprehend and prosecute
these criminals.
Nevertheless, the law enforcement community cannot
effectively combat identity theft by itself. Citizens need to
take proactive steps to protect their personal information.
Businesses must act to establish safeguards that will ensure
that the personal information of their patrons is not exposed.
Policymakers at all levels of government need to review current
statutes to ensure that protection of personal information is a
priority and develop legislation that will strengthen the
penalties for identity theft. Only by acting to establish
greater protections of personal information and by aggressively
tracking down and punishing those who commit identity theft can
we hope to turn the tide in this battle.
Thank you, Mr. Chairman.
[The prepared statement of Mary Ann Viverette can be found
on page 202 in the appendix.]
Chairman Bachus. I appreciate the testimony of the panel.
At this time, I recognize the members for questions. The
gentleman from Pennsylvania, Mr. Toomey?
Mr. Toomey. Thank you very much, Mr. Chairman.
I appreciate the testimony we have just heard. It is
focused largely on enforcement of existing laws, which is
obviously a very important part of this. But I was hoping that
several of you might comment on whether better law enforcement,
better training, more resources, more education, is that really
likely, in your judgments, to reverse this really shocking
trend that we have had, this big acceleration, this upward
spike in the frequency of identity theft? Is better enforcement
of existing law going to be sufficient to reverse this trend,
in your minds, or do we need something above and beyond, in
addition, or separate and apart from that?
Mr. Beales, perhaps you would like to begin?
Mr. Beales. I think we need to address the problem on many
fronts. I think enforcement is a key part of any attempt to
solve it. I think better penalties would be something that
would certainly help and would enhance the enforcement effort.
I think there are probably also things that can be done to help
with prevention of the crime in the first place and to help
victims recover more easily. We at a staff level are hard at
work on a package of recommendations that we would bring
forward to the commission and then to the Congress, but at this
point we do not have any other recommendations.
Mr. Toomey. Anyone else care to comment?
Mr. Mihalko. Yes, I would like to comment.
Resources are always an issue. We in law enforcement never
have enough to go around. We do have plenty of good statutes,
though, at least in the Postal Inspection Service. We have
statutes that cover identity theft on both ends. If there is a
theft of mail, we have excellent Federal statutes to deal with
theft or possession of stolen mail. If the mail is not part of
the initial scheme, but is then used to either mail a phony
credit card or a counterfeit credit card, whatever it may be,
we have an excellent statute there with the mail fraud statute.
I think what we need, and what I hear from a lot of my
inspectors out in the field, is that we need more resources for
prosecutors. There seems to be a shortage of Federal
prosecution of the identity theft-type cases. But like Mr.
Beales said, we also agree that prevention and educating the
consumer is a key component of fighting this crime. We just
can't seem to get enough education out to people.
Mr. Toomey. I would like to follow up on the prevention
idea, because it seems to me there are different orders of
magnitude of identity theft. Someone can grab a credit card
carbon out of a wastebasket and identify my credit card number
and perhaps run up some charges. That is a terrible thing,
obviously. It is a serious crime, but it is something that I am
likely to discover relatively quickly and I am likely to be
able to avoid actually incurring the expense. The more serious
types of crimes, of course, are those when someone establishes
an identity, steals my identity, establishes accounts, obtains
credit through this new bogus identity, and then might run up
huge credit obligations, which I discover much, much later,
which are a huge problem now.
Are we doing enough to prevent that from happening? Are
there more things that ought to be done by the private sector
to prevent those kinds of abuses? I see, Officer, you are
nodding your head. Do you have a response to that?
Mr. Caddigan. I think we have seen in recent years the
private sector and law enforcement come together on this issue.
That has been tremendously beneficial to the consumer. I see
the credit card companies, they not only share information
among themselves, but with law enforcement. I see all law
enforcement, State, local and Federal, coming together and
sharing resources. State prosecutors are working with Federal
prosecutors. It is not a crime that is going to be completely
eliminated overnight, but from our perspective we do see growth
in cooperation on all fronts, as Mr. Beales has said, that we
have prevention, we have education, we have awareness.
One of the areas that we are most concerned about is
information security with regard to end-users and consumers.
That is something that is taking a higher priority because when
we do have, for example, a hacking situation, customer
databases are stolen in bulk, that has a tremendous impact on
the identity crime arena. When we can deal with end-users on
how to safeguard their systems and safeguard their data files,
that is going to be a huge impact. Those relationships are
being built as we speak. Those conversations are being had at
all levels with regard to security, information sharing and
safeguarding information sharing. So I think from our
perspective, that multi-front process is effective and it does
handle not only the simple carbon theft, but it also deals in
the international Internet theft or hacking case involving a
large magnitude of identity crimes.
Mr. Toomey. Does anybody else have a comment?
Ms. Viverette. Yes, sir. Local law enforcement is really
overwhelmed with investigating these, so I agree that
prevention is part of the way to solve this. There are several
recommendations by the investigators that look into these cases
every day. One of those is the availability of instant credit
tends to be a problem. They recommend requiring thumbprints or
digital photos with any credit application.
Mr. Toomey. So some kind of system for authenticating the
applicant?
Ms. Viverette. Yes, sir. And the addition of possibly a PIN
number along with the credit card to additionally verify the
user as the proper person.
Mr. Toomey. Thank you very much.
Thank you, Mr. Chairman.
Chairman Bachus. I thank the gentleman from Pennsylvania.
At this time, the Ranking Member, Mr. Sanders, is
recognized.
Mr. Sanders. Thank you, Mr. Chairman. A question for Mr.
Beales, to begin with. Mr. Beales, in your oral statement, you
mentioned that when consumers discover that they are victims of
identity theft, they may receive a free copy of their credit
report. In your judgment, wouldn't it be a good idea if all
consumers were to get a free copy of their credit report to
catch identity thieves quicker and correct errors in a prompt
manner? In other words, if people were able to gain access to
their reports, they would see aberrations and dishonest
dealings. Does that make sense to you?
Mr. Beales. The Commission has not taken a position on
that. I think that there is no question that access to the
credit report would help. I think under the existing statute,
consumers have access to a free credit report when they are
most likely to need it, which is when they think there is
fraudulent information or when they find out that there is a
problem.
Mr. Sanders. I understand that. In general, given the
significant increase in this horrendous type of crime, if
people receive the reports, they would be able to spot the
problem a lot quicker than is currently the case right now. I
think one of the problems that we are hearing is that people do
not know that they are being ripped off for, in some cases, a
relatively long period of time. Don't you think this would
expedite the process?
Mr. Beales. I think it certainly could.
Mr. Sanders. Okay. Thank you.
Mr. Caddigan, do you have thoughts on that?
Mr. Caddigan. I would agree that anything that would make
the consumer more aware of his current situation is a
preventive tool.
Mr. Sanders. Okay. Thanks.
Let me ask Chief Viverette a question. You may not want to
answer it. It may be too political, but that is okay. One of
the debates, the key debate that is going on here has to do
with Federal preemption. Some of us believe that we should have
very strong standards for identity theft and other consumer
problems in general at the Federal level, but we should allow
States to go forward in a more aggressive way if they want to.
In fact, Maryland, as I understand it, is one of six States in
the country right now which does require free credit reports.
Is that correct?
Ms. Viverette. I believe it is, yes, sir.
Mr. Sanders. Okay. Now, I am not suggesting that Congress
would take away Maryland's right to do that. I doubt that they
would. But give us your thoughts about a State that has been
proactive in trying to protect consumers, should States in your
judgment continue to have that right?
Ms. Viverette. The decision of the International
Association of Chiefs of Police is normally to keep the rights
at the State level. Yes, sir.
Mr. Sanders. Okay. Thank you.
Mr. Chairman, what you heard is from attorneys general from
all over this country who believe that they should have the
right to be aggressive in protecting consumers, and you are
hearing from police officers as well, who want strong consumer
protection. I would note the point that the chief made a few
moments ago, which is a very important point. I am sure it is
all over this country that local law enforcement is being
overwhelmed. When somebody calls you up, that takes a heck of a
lot of resources to address that problem. Is that correct,
Chief?
Ms. Viverette. Yes, sir.
Mr. Sanders. All right. So I would suggest, Mr. Chairman,
that we want to be as aggressive as we can. One way that we are
aggressive is allowing States to go further than the Federal
government.
Thank you, Mr. Chairman, and I thank the panelists.
Chairman Bachus. Thank you, Mr. Sanders.
Ms. Kelly?
Mrs. Kelly. Thank you, Mr. Chairman.
Mr. Beales, you said that there can be some things done to
help with prevention. Would you mind just expanding on that a
little bit? You made the remark and then went on with something
else.
Mr. Beales. We are working on trying to develop and to
analyze legislative ideas that we would recommend to the
commission and then the commission would offer its advice if
that was appropriate to you all. I think the one active
prevention program that I think really should be seen as a
prevention program that we are very much involved in now and
should be continued is efforts to protect information security.
Increasingly we see that as the source of the information that
turns up in identity theft cases, and we see, frankly, very
many businesses that have not taken basic precautions to
protect the security of their information.
We have brought cases in some of those instances, our guest
case, that I mentioned, which involved the failure to close a
well-known vulnerability in a system. And we have developed a
business education pamphlet to encourage businesses to look for
those kinds of known vulnerabilities and to fix them. I think
that is an important preventive effort and I think there is
more that can be done in that area in particular.
Mrs. Kelly. One of the reasons that I am concerned about
this is that we heard testimony just now about educating the
consumer, but any more the way that identity theft can happen,
there isn't any act that the consumer does necessarily. It is
not about just making sure you tear up your credit card slips
when you throw them out. Your identity can be stolen without
your knowledge by your not doing anything at all different than
you have ordinarily done. That is really tough to educate
about. People, I think, are very vulnerable and you can educate
them to do certain things, but there are limits to what we can
do to educate people to protect themselves.
I am wanting to know what kind of things we are doing with
regard to identity theft and terrorism, the movement of
terrorism money. We know that that has occurred. I really would
like to ask Mr. Caddigan, could you talk to me a little bit
about what the Secret Service is doing to put a check on
identity theft or identity use in transferring terrorism's
money?
Mr. Caddigan. When we talk terrorism, the FBI has always
taken the lead in the terrorism investigations. That includes
the financial investigations. We are an active participant in
their initiatives through their JTTFs across the country. So
what we try to do is to bring our expertise to bear in the
financial sector and apply them to ongoing initiatives that we
have in tracking terrorism in our country. That may apply to
passport fraud or counterfeit documents, to credit cards that
were used to fund individuals that are staying here. It does
run the gamut with regard to our own agency's initiatives. We
do that under the umbrella of a joint initiative led by the
FBI.
Mrs. Kelly. Maybe you and I can explore that in a little
less public venue, but I am very interested in what you are
doing. This takes me to another level, and that is with
anything that we do with regard to protecting people's identity
and anything that you do with regard to helping share
information so that people can have identity protections, that
sharing of information steps into another field, and that is
the privacy issue. I wonder if anyone on this panel would be
willing to address the problems we are going to experience as
we get deeper and deeper into the protections with regard to
privacy.
Mr. Beales?
Mr. Beales. I think that one of the great successes of the
Fair Credit Reporting Act is the way in which it balances those
concerns, the tremendous benefits of information sharing in
detecting and preventing and mitigating the consequences of bad
credit and of identity theft, and at the same time protecting
privacy. It does that by restricting uses to people who have a
permissible purpose and by trying to assure that the
information is accurate and that the consumer has a way to try
to correct it if it is not. But I think privacy is an important
component of it and is really sort of a key goal of the Fair
Credit Reporting Act.
Mrs. Kelly. Anyone else want to pick up on that? Thank you
very much. My time is up.
Thanks, Mr. Chairman.
Chairman Bachus. Thank you.
Mr. Hinojosa?
Mr. Hinojosa. Thank you, Mr. Chairman.
I want to ask a question of Mr. Beales. Did you answer the
question about or the idea that was given by Mr. Sanders,
providing consumers with a free credit report annually or
biannually at their request?
Mr. Beales. The Commission has not taken a position on
that. I think that the consumers have credit reports at the
time they are most likely to need it, at the time it is most
beneficial, which is when they think there is fraud or when
there has been an adverse action. But I think there is no doubt
that more availability of credit reports would help in
combating the problem.
Mr. Hinojosa. I disagree that you would wait until you are
applying for credit to buy a car a house or whatever, because
all the testimony says that most consumers do not find out
until about 14 months after the occurrence of that identity
theft. So it seems to me that we are going to have to address
that question and see what the costs would be and if it is
feasible.
I would like to ask Mr. Caddigan the question that I had on
trying to give training to our officers out in the field. It
seems to me it is time-consuming, but very important. The
question is, do you know if the FBI or Secret Service agencies,
are able to reach large numbers of officers in States like
Texas and California?
Mr. Caddigan. A program that is ongoing right now in the
State of New York is a collaboration with all four partners at
the table here today. We are able to reach across all law
enforcement, to include the financial institutions, anybody
that would have a need to provide assistance in the area of
identity theft, whether it is criminal or victim assistance.
The event today has several hundred officers there representing
dozens and dozens of departments in New York. We think that by
being able to provide a Federal, State and local perspective to
the problem and solutions. We are not there just to identify a
problem. We are there to provide you with skill sets in
providing real solutions to your community or your constituency
on how to deal with this epidemic.
So when we can reach out to a victim and make them aware of
what they need to do to safeguard themselves, not only from
crime that has already occurred, but for future crime that
potentially could occur, we feel that that force multiplier in
the law enforcement community has a ripple effect that is a
substantial benefit in this initiative.
Mr. Hinojosa. I understand what you said, Mr. Caddigan.
Possibly my question, then, should go to Chief Viverette. What
I heard Caddigan say is that they were training the trainers,
100 of them in New York. I am talking about reaching much
larger numbers. Could it be done through, say, video
conferencing? Could it be done through distance learning like
the universities are doing now where you could have multiple
sites listening to the presentation? If that is so, if it is
possible, how do chiefs of police give release time to large
numbers of officers so that they can be trained?
Ms. Viverette. Sir, the CD-ROM that the Secret Service has
put together is an excellent resource for local law
enforcement. Most of us have training commissions at the State
level that can require training. The CD-ROMs are perfect for
roll-call training at the beginning of a shift. And generally
what we are doing is making the patrol officer aware of what is
out there, their resources. They will never have the time to do
the follow-up. So we are training investigators at a higher
level and the patrol officer is provided the resources to know
where to go to follow up on their report.
Mr. Hinojosa. I am concerned that the numbers of identity
theft complaints are increasing rapidly, which means that there
is insufficient dissemination of information and education to
the public and those that help us. The chiefs of police and
their officers are evidently not getting enough training or
resources to get it done.
So the last question that I would have, Mr. Chairman, is to
Howard Beales. Do you support Mrs. Hooley's legislation on
identity theft?
Mr. Beales. The Commission has not taken a position on that
legislation. I think there are a number of features in that
legislation that are attractive, but the Commission has not at
this point taken a position.
Mr. Hinojosa. We are going to go into a debate on that
proposal. I hope that all four agencies would take a good close
look because we really need to stop this increase that is
occurring and being reported, and it is going to be very
important that we get the help of all four agencies.
With that, Mr. Chairman, I yield back the rest of my time.
Chairman Bachus. Thank you.
The gentleman from Texas, Mr. Hensarling?
Mr. Hensarling. Thank you, Mr. Chairman.
I think one thing we can all agree on is that identity
theft is a very serious and pervasive crime in the U.S. I
myself at an earlier hearing announced that I had been
victimized by identity theft prior to coming to Congress, when
I was a small businessman and a former employee managed to open
up a credit card in the name of my small business. When I
discovered it, there was about a $22,000 tab on the credit card
that had not been paid. Fortunately for me, with one telephone
call and one letter, I was able to take care of the matter, so
I can attest, at least in my case, occasionally the system does
work.
The question really for us today, though, as we look at the
title of this hearing, is fighting identity theft, the role of
FCRA. So really to cut to the chase, I am interested in the
opinion of the panelists, is FCRA friend or foe? Besides the
good that comes from FCRA, and we have heard some very
persuasive testimony about how we in America enjoy the greatest
availability of credit, the lowest-cost credit in the world,
and that FCRA plays a very significant role in that. But the
question today is, when it comes to identity theft, are we
better off having a paradigm that gets us closer to a national
standard of credit reporting with a central database, or are we
better off with more of an individualized state patchwork
system, just with the narrow question of combating identity
theft?
Mr. Beales, if we could start with you and receive your
opinion on the matter.
Mr. Beales. I think the uniform system and the safeguards
of the Fair Credit Reporting Act do help to reduce the risk
that credit bureaus and credit data are the source of identity
theft. The fact that the data is centralized and largely in
three large institutions I think facilitates efforts to protect
the data and facilitates efforts to prevent unauthorized access
and to control access, compared to lots of little databases in
lots of different places.
Mr. Hensarling. Mr. Mihalko?
Mr. Mihalko. I think a national standard is a huge benefit
for Federal law enforcement, if we only have to deal with one
type of standard. It is also a big benefit for the mailing
industry so that they only have to deal with one standard
nationwide and do not have to deal with 50 different standards
in their mailings across the borders.
Mr. Hensarling. Mr. Caddigan?
Mr. Caddigan. From a Federal law enforcement agency, any
standard that eliminates confusion is best for us as we cross
State lines in our investigations. The sharing of information
with regard to verification check and balance is something that
I think will show leads to a reduction in identity crimes. It
provides earlier response to potential problems.
Mr. Hensarling. Ms. Viverette?
Ms. Viverette. Yes, sir. I agree with Mr. Caddigan. It is a
situation where when we cross State lines, that is where as a
patrol officer we have problems with the follow-up on the
investigations. So his remarks are appropriate.
Mr. Hensarling. We have heard advocacy about a proposal to
ensure, I suppose, that all American citizens receive a free
copy of their credit bureau reports. Mr. Beales, my guess is
you are the expert on this subject, but I am under the
impression that free reports are made available already today,
for example, to the indigent, to those who have been denied
credit, and to those who believe they have been a victim of
identity theft. Is my understanding correct?
Mr. Beales. There are free reports available to people who
think they are victims of fraud. There are free reports
available to the indigent and the unemployed. There are free
reports available to anybody if there is an adverse action
taken based on information in the report. Those are the
circumstances and in some of those, I think, are the
circumstances where the report is most valuable, but it could
have value in other circumstances as well.
Mr. Hensarling. My guess is no one on the panel is
qualified to come up with a cost estimate of what that proposal
would indeed cost the system. I am just curious what impact
that might have on our credit availability and our credit costs
should such a plan be enacted.
I see my time is out, Mr. Chairman.
Chairman Bachus. Thank you.
Mrs. Hooley?
Ms. Hooley. Thank you, Mr. Chair.
I have a question for the entire panel, and I apologize for
not being here the entire time, and hopefully you have not
answered this question yet. One of the things we talk about
when we look at identity theft is it is really composed of five
pieces, and one of the pieces is prevention; it is education;
it is how do you get through the process; it is how do you
leave room for technology to help solve the problem. And the
last piece, and a very important piece, is law enforcement.
I have spent a lot of time talking to our law enforcement,
and one of the problems of course is you don't have to stick a
gun to somebody's head to steal their money now; you can just
take their identity and steal their money. Because a gun is not
used, frequently this crime sort of goes to the end of the list
of everything else you are doing. What is the one thing we need
to do in law enforcement that would help you prosecute the
crime and what is the solution to this obstacle? Because the
perpetrator knows that they are probably not going to be
prosecuted; they know they are very good at going across city
lines, county lines, State lines; they know how much they have
to steal before it becomes a felony.
I have known some local police officers who have arrested
the same person over and over and over again and let them go
because no one was willing to prosecute. What is the solution?
What do we do? Do we need to make the laws tougher, the
penalties larger? What do we need to do? And if each panel
member would answer that question, I would appreciate it.
Mr. Beales. I think one thing that would clearly help is
the penalty enhancement legislation that I know has been
introduced in the Senate and I believe has been introduced in
the House as well. I think prosecutors look to the length of
time that they can get by alleging a particular offense. I
think that longer penalties and the change in the structure of
penalties to make it more like the gun laws where there is an
add-on if you steal an identity in committing another crime, it
is an additional sentence added on to whatever sentence there
is for the base offense. I think those are approaches that can
make prosecutors more willing to prosecute the cases and then
enhance deterrence.
Ms. Hooley. Thank you.
Mr. Mihalko. I think one of the things that would be most
beneficial to us is an increase in probably the appropriations
for the Justice Department to hire assistant U.S. attorneys to
handle these types of prosecutions. What we have seen is that
there are different U.S. attorneys offices that have different
thresholds before they are going to accept identity theft cases
for prosecution. It may be $70,000; it may be $100,000, which
makes it less attractive to bring those cases because they are
not going to be prosecuted. There are a lot of law enforcement
resources devoted on the Federal, State and local level to
investigating identity theft crimes.
Ms. Hooley. Okay, thank you.
Mr. Caddigan. I think we are on an upswing with regard to
the enforcement and the prosecution. We have seen some
enhancements. We have seen some legislative benefits recently.
I also think we have seen a shift in the prioritization of
these type of crimes in our U.S. attorneys's and district
attorneys's offices. I have also seen where we have a better
sharing relationship between the State and the Federal with
regard to where the biggest bang, if you will, will come for
prosecution, depending upon the magnitude, the loss and all the
other factors that go into determining prosecution.
So the enhancements that I think we have seen are starting
to take effect and hopefully we will see that continue in the
future.
Ms. Hooley. Thank you.
Ms. Viverette. Yes, ma'am, having identity theft as a
specific crime has been helpful. Prior to having that in our
State, it was underreported because it was reported as a theft
and not identity crime.
Ms. Hooley. Okay.
Ms. Viverette. Enhance penalties I think would be important
and also the addition of resources for officers to follow up on
a crime. Right now, they often have the information, but they
do not have the investigative resources to go out and make the
arrest.
Ms. Hooley. Thank you very much.
Chairman Bachus. Thank you.
Ms. Capito?
Mrs. Capito. Yes, I have just two brief questions. For Mr.
Caddigan, you testified that the method of identity theft that
may be most difficult to prevent is theft by a collusive
employee. What are some possible ways to combat such theft? And
also in line with that, that many of the identity criminals use
information obtained from companies or off of Web sites, and
what can companies do to prevent such intrusions?
Mr. Caddigan. The insider threat industry will tell you it
is their number one concern, protecting not only their
database, but their systems. Again, we believe in prevention;
we believe in education. An initiative that we began about two
years ago, not quite two years ago now, is an insider threat
study. What it basically does is reach out starting with our
investigative cases that involve such type of activity. They
reach back out to the businesses and ask them to provide a
little bit more information as to the prevention methods they
use, the safeguards they use, and actually provide advice on
how they can better themselves in that arena. That initiative
is ongoing. It has reached across the country.
We already see some impact with regard to information
sharing within sectors, business sectors. We think that because
not only the identity theft portion of criminal activity to the
insider, proprietary issues, customer-based issues, there is a
lot of need for protection in that arena. Again, not overnight,
but I think the right steps are being taken to provide an
awareness and also to give viable solutions in a security-
minded atmosphere on how you can better safeguard your material
as a small, medium and large business. Those initiatives are
ongoing.
Mrs. Capito. Thank you. I just have one additional
question, and this is for anybody who thinks they have an idea.
I am curious to know the demographics of someone who could fall
prey to identity theft. Is it someone who has the information
on the Internet? Is it the elderly? Is it someone in big
cities? Is it everywhere? Has it been categorized to a point? I
am just curious to know what kind of statistics have been
gathered, understanding that identity theft has just now been
identified as a crime, or at least one that has been reported.
Mr. Beales?
Mr. Beales. In our complaint database, the victims look
pretty much like the population at large. There are not very
many children, but other than that, it pretty much mirrors the
distribution of the population. There is no one group that is
disproportionately affected. We have completed a random sample
survey of identity theft that we hope to release within the
next few weeks that will give us a more comprehensive picture
of the level of identity theft and also of the nature of who is
victimized, but what we see in our complaint data is it just
looks like the population at large.
Mrs. Capito. Any other comments?
Mr. Caddigan. From the enforcement perspective, we rely on
the FTC data and we find it to be consistent with our casework.
The vulnerabilities are again from the simple trash theft to
you dealt with a business on the Internet that was the
unfortunate victim of a hacking. It funs the full gamut. No one
is particularly targeted.
Mrs. Capito. What would be the average time that someone
would realize that their identity has been stolen? Would I find
out in a month, in a week?
Mr. Beales. In our complaint data, 48 percent find it out
within a month, and an additional number find it out within 1
to 6 months. Within a year, it is 78 percent find it out within
a year.
Mrs. Capito. I have no further questions. Thank you.
Chairman Bachus. My first question may be just to follow on
that, Mr. Beales, the postal agent testified that it was an
average of 14 months to discover?
Mr. Mihalko. Right. It is about 14 months according to our
data before it is discovered, before a victim discovers that
they have been a victim of identity theft.
Chairman Bachus. I am not sure how we square that with Mr.
Beales's testimony just moments ago. Are there a significant
number that are taking 12 to 14 months to discover, Mr. Beales?
What about Mr. Mihalko's testimony?
Mr. Beales. There certainly are some that take that long,
and I don't know the statistical basis for that. What we see in
our complaints, and it is just our complaints, is what I
reported. Now, I just don't know, in terms of what, it is about
7 percent that take between one and two years and another 8
percent that take between 2 and 4 years to discover it, and
then there is a tail of about 5 percent where it takes more
than 5 years before it is discovered. So there are some cases
that are out there in terms of it taking a long time, but most
people find out quickly in our complaint data.
Chairman Bachus. Okay. I will end the questioning with this
question to you, Mr. Beales. FTC Chairman Muris has testified
that you are considering different proposals to combat identity
theft. You testified at this hearing and previous hearings that
you are working on proposals to combat it or additional
proposals. This committee anticipates marking up FTC
reauthorization next month, at least that is what is
anticipated at this time. Will the FTC have any formal
proposals to make to this committee that can be incorporated in
legislation this month?
Mr. Beales. We would hope to not be too late, and whether
we are too late or not, we are of course willing to offer
whatever technical assistance we can in your effort.
Chairman Bachus. It would be extremely helpful if the
Federal agency that is charged with oversight and investigation
and coming up with remedies could offer us some formal
proposals prior to reauthorization.
Mr. Beales. We understand that and we will do our best.
Chairman Bachus. Thank you.
This concludes the testimony of the first panel. The first
panel is discharged and we will go immediately to consideration
of the second panel. I appreciate your testimony and you are
discharged.
The second panel is made up of two victims of identity
theft. While they are making their way to the witness table, I
might simply say that whether you go by the FTC testimony of
basically 125,000 victims of identity theft each year, or you
go by the Justice Department records which indicate as many as
500,000 victims of identity theft, we do know that those are
both significant numbers. We know that as many as 500,000
reported cases and we know that for each of those cases there
is an emotional and financial toll on the victims.
In this second panel, we will actually hear from two of
these victims, which in the one regard will be representing a
much larger group of millions of American citizens each year
who find themselves the victims of identity fraud. I want to
welcome our second panel. Our two witnesses, Ms. Maureen
Mitchell of Madison, Ohio, formerly of Queens, New York, is
that right?
Ms. Mitchell. That is correct, Mr. Chairman.
Chairman Bachus. That is correct, thank you. And also
Commander Frank Mellott, a U.S. Navy victim of identity theft.
You are also here testifying on behalf of the Identity Theft
Resource Center.
Commander Mellott. Yes, sir, I am, but principally on my
own.
Chairman Bachus. Would you tell this committee what
actually the Identity Theft Resource Center is?
Commander Mellott. The Identity Theft Resource Center is a
victim advocacy group and counseling assistance for victims of
identity theft. I am the military assistance coordinator and
also the mid-Atlantic-Virginia area regional coordinator. I see
primarily cases that involve active-duty, retired or reserve
members who are dealing with some of the unique aspects when a
military member is a victim.
Chairman Bachus. I think Mr. Sanders testified that it is a
horrendous crime, but it is particularly deplorable or
despicable when the victims of identity theft are members of
the military serving overseas in defense of our country. It is
totally reprehensible that someone would do such a thing to our
men and women in uniform. So we welcome your testimony here
today.
Also, Ms. Mitchell, I have read your testimony and it has
truly been a nightmare for you, just almost inconceivable that
someone has to go through what you have gone through. At this
time, if you will lead off the testimony.
STATEMENT OF MAUREEN V. MITCHELL, MADISON, OH, VICTIM OF
IDENTITY THEFT
Ms. Mitchell. Thank you, Mr. Chairman.
It is a pleasure and a privilege to be here and I want to
express particular appreciation to Congressman LaTourette and
Congresswoman Hooley for their efforts and the committee's
efforts. And I wanted to say just a personal hello to
Congressman Crowley. Joe Crowley and I grew up together in
Woodside, New York.
We have been the victims of identity theft and we were not
only victims once, we were victims twice. We are a typical
middle-class family. We do not have extraordinary assets and we
had always taken the normal consumer protections that we are
all advised to take to safeguard our information. We shred our
outgoing trash. We were never robbed. We were never
burglarized. We never lost our credit cards, and we had checked
our credit report in March of 1999 to ensure its accuracy.
Yet in September of 1999, we received a phone call from our
KeyBank MasterCard service provider questioning an unusual
pattern of activity on our credit card. We were very fortunate
that they noticed that unusual level of activity. It turns out
that that was the start of our identity theft nightmare when we
learned that fraudulent purchases had been made, mail-order
purchases by criminals who did not have our credit cards in
their possession because we had not lost ours, but they had
obtained our credit card number. We do not throw out our credit
card receipts intact. And in the days when we all had carbons
on our credit cards, when we used them, we obtained the carbons
and used to rip them up. We are extremely conscientious about
safeguarding our information.
We did not bank on the Internet. We did not order
merchandise via the Internet. We did not use an Internet
program to balance our checkbook. And we found ourselves
victims of this. Unfortunately for us in September of 1999 when
our MasterCard account number was compromised, our bank closed
our credit card account number and told us we would not be
responsible for the fraudulent charges. However, they did not
suggest that we put fraud alerts on our credit reports, and
they left making out a police report to our option. I did make
out a police report because if was a few thousand dollars worth
of charges that were made using our credit.
In November 1999, 2 months later, we received a phone call
from a J.C. Penney credit representative from New Mexico. We
have been residents of Ohio since 1978, finding out that
criminals in Illinois, and it was in Illinois that the
fraudulent mail order charges were made also, had used my
husband's name and Social Security number to obtain a line of
credit at the J.C. Penney store in Illinois. It was the J.C.
Penney's representative who suggested we put fraud alerts on
our credit reports, which I did immediately on November 15.
When I contacted Trans Union, Experian and Equifax, the
three major reporting bureaus, I was dismayed to learn that
there had been over 25 inquiries into our credit during that 2-
month period of time between the initial credit card account
number being compromised and the phone call from J.C. Penney's,
and criminals had changed our address six times. I did place
the fraud alerts on our credit report and I also put 7-year
consumer statements, and it took me over 400 hours of time to
dispute 30 fraudulent accounts that criminals had opened in our
names out of State. There had not been 30 inquiries into our
credit in the entire 20 some-odd years my husband and I had
been married at that point, yet 30 inquiries into our credit in
a 2-month period of time did not send up red flags to anybody
at the credit reporting agencies. I think that needs to be
addressed.
Four hundred hours, hundreds and hundreds of pages of
documentation were required by us. I found the information from
the Federal Trade Commission's identity theft clearinghouse to
be helpful to me. Kathleen Lund from the Federal Trade
Commission was the identity theft counselor whom I had spoken
to, and she did offer me some guidance and assistance and some
emotional support. I also put that in the testimony, because as
a victim of identity theft, your life is spinning out of
control and we never were able to ascertain our point of
compromise. I did meet with our Congressman Steve LaTourette,
and it was through his intervention that we were able to be in
touch with the FBI. We ultimately wound up with the United
States Secret Service, the United States Postal Inspectors, the
Office of the Inspector General of the Social Security
Administration, and the FBI, plus our local police department
as the investigating authorities.
Criminals in Illinois did a $150,000 worth of new credit
applications in our names. We had previously had an impeccable
credit report. Our FICO scores were in the low 800s; $150,000;
30 different accounts. They bought a Ford Expedition. They
bought a Lincoln Navigator. Neither of those vehicles were
sitting in my driveway. And two months after the criminals
purchased the Ford Expedition, they torched that vehicle, filed
a fraudulent insurance claim in my husband's name, and then we
had to deal with the National Insurance Crime Fraud Bureau
because there was a fraudulent insurance claim filed.
We did get good cooperation from our local police
department in Madison, Ohio. As a matter of fact, my husband
and I and both of our adult children are carrying a notarized
letter from our police chief in our wallets at all times saying
that we are the victims of these crimes and not the criminals,
because if we get pulled over for some innocuous traffic
violation, we can find out that there are warrants under our
Social Security numbers that we know nothing of.
Two years after the criminals initially victimized us, and
it was 2 years of fighting our way, it is a task made for
Hercules that requires the wisdom of Solomon, as a victim of
identity theft, to fight your way through the system. Two years
afterwards, with the security protocols in place, and I had
insisted upon security protocols on our bank accounts, we were
making a purchase of a small home for both of our adult
children who are students to live in while they were attending
medical school and college. The fraudulent purchase of the Ford
Expedition, the one that the criminals torched and filed the
fraudulent claim on, showed up on my husband's credit report as
we applied for the mortgage, lowered my husband's FICO credit
score by 118 points, and we were almost denied the loan for the
mortgage that we were legitimately applying for.
My girlfriend Cathy said to me, ``You know, Maureen, you
just should have had the criminals apply for the mortgage. They
would have gotten it with no problem.'' And there may be some
truth to that statement. We again had that remedied. This
account had bounced back onto my husband's credit report. They
knew it was a fraudulent account, yet it reappeared.
In October of 2001, we received at home a very alarming
phone call from an intercity branch of our bank asking whether
we were having trouble with our bank accounts. I had placed
security protocols on our bank accounts. I had insisted upon
them. Photo ID and password, and the password was not mother's
maiden name or anything else that would be available on a
genealogical Web site. Photo ID and password required on our
bank accounts, and our local branch of KeyBank, and they have
known us for 20 years, insisted that we use those protocols
every time we banked, and we insisted upon it also. Yet when I
received this phone call on October 30, criminals had made four
fraudulent withdrawals from our personal bank accounts. It was
upon the attempt of the fifth fraudulent withdrawal that we
were finally notified. Criminals removed $34,006.50 from our
bank accounts in spite of the fact that photo ID and password
was required on these accounts.
We had an arrest made in the State of Illinois, Lansing,
Illinois as a matter of fact. The criminal there was
prosecuted. He was sentenced to three years in the Illinois
Department of Corrections in 1999 when he was arrested. He
served less than a year. We currently have a case pending in
Cuyahoga County, Ohio. The criminal who made the KeyBank
fraudulent withdrawals a week after I received the phone call
was attempting to make a $5,000 credit application using my
name at the Circuit City store in North Randall, Ohio. When the
Illinois crimes were occurring, there were criminals
impostoring my husband. When the Ohio crimes were occurring,
there were criminals impostoring me.
She was eventually apprehended at the Circuit City store
because the fraud alerts on our credit reports did indeed work.
Why the security protocols on our bank accounts did not work
still remains to be answered. One of the hardest things in
being a victim of identity theft is that you are repeatedly
subject to having your integrity and character questioned. You
are perceived as the criminal and the scales of justice are
tipped in the wrong direction in this regard. The criminal is
assumed innocent until proven guilty, but the victim of
identity theft is assumed guilty until you prove your
innocence.
We started to receive phone calls from collection
specialists at our home, wanting to know why we were late for
the payments on our Lincoln Navigator and our Ford Expedition,
the vehicles that we had not purchased. It amazed me that the
collection specialist could find the real Ray and Maureen
Mitchell when they wanted their money. Too bad nobody bothered
to find the real Ray and Maureen Mitchell before they loaned
out that money. There are protocols that should work when they
are in place. No system is perfect. Our protocols should not
have failed. They did. We had to re-work our way through the
system. And when the criminal impostor of me was arrested at
Circuit City in North Randall, Ohio, she was found to have an
Ohio DMV-issued photo identification card that contained her
picture but all of my information.
And when that criminal had obtained that photo ID card, my
driver's license was automatically suspended in the State of
Ohio because it is illegal to have a driver's license and a
State-issued photo ID card. So as a result of that impostor's
activities, our bank accounts were frozen on October 30, 2001
and I had a suspended driver's license. I am a registered
nurse. I am a licensed realtor. We are entitled to have access
to our own monies and we are entitled to safeguard our personal
licenses. I was scared to death that my real estate or my
nursing license would be impacted by criminals because they had
already impacted my driver's license.
Our lives were turned upside down for 4 years because of
identity theft, and the only risk factor that we had of
becoming victims of this crime was that we had an impeccably
good credit report. The demographics, as we heard in previous
testimony, will show that this crime does affect all people.
But if you do not have credit-worthiness, you are not sought
out as a victim because it does not serve the purpose of the
criminals.
Words cannot begin to describe what this has been like for
us. We have fought our way through this tooth and nail. We have
received help from Congressman LaTourette. I had the privilege
of testifying in a Senate subcommittee at the request of
Senator Kyl. We have received help from the Federal Trade
Commission. This is a national epidemic and it has to be
stopped. Billions of dollars a year are being lost because of
identity theft crimes and credit fraud. The impact that it has
on victims' lives is unbelievable. Your credit score does not
only reflect your loan worthiness. It also reflects to many
entities, insurance industries, employers, et cetera, they
equate that number with your good character. To have criminals
assail that is unacceptable and incomprehensible.
I would encourage all of you to please read my full written
testimony. I do realize it is lengthy. Believe me, I compressed
four years of details into those pages. I will be happy to
answer any questions and I again thank you for the privilege of
having testified.
[The prepared statement of Maureen V. Mitchell can be found
on page 177 in the appendix.]
Chairman Bachus. Thank you, Ms. Mitchell.
Commander Mellott?
STATEMENT OF COMMANDER FRANK MELLOTT, UNITED STATES NAVY,
VICTIM OF IDENTITY THEFT, ON BEHALF OF THE IDENTITY THEFT
RESOURCE CENTER
Commander Mellott. Yes, sir, Mr. Chairman, Ranking Member
and other members of the committee, thank you very much for the
opportunity to testify today. The views and opinions I express
today are my own and do not necessarily represent the
Department of Defense or the Navy.
I am here because I am a victim of identity theft, but I am
also here because I am a victim of what I would call a blunder
by the credit reporting industry. My ordeal began back in the
summer of 2001 when my wife walked in from the mailbox carrying
a letter from the Department of Treasury. That letter said that
my $5,000 tax refund, along with all Federal payments, was
diverted to California to pay back child support. Now, my
paycheck is a Federal payment so I was a little concerned that
in less than two weeks I had zero income.
However, the more I thought about it, I became even more
concerned with the long-term consequences. As a military
member, particularly as an officer working in the field in
which I do, a security clearance is an essential component to
my ability to function. My security clearance can be affected
almost instantly by my credit history. If I lose my security
clearance, I am unable to do my job. I am unable to compete
with peers for promotion. I am unable to compete for milestone
positions such as command of a unit or a squadron, and
fundamentally it affects my ability to support my family in my
chosen vocation, service to the country.
This all began in calendar year 2000 when my half-brother
used my Social Security number and only my Social Security
number on W-2 forms he filed with the Breckenridge Group and
with Pep Boys in California. Now, I cannot say whether either
of those companies verified identity documents when they hired
him, but I would suspect that they did not.
In the end, California found out that he was working again
by name, and since he owed about $75,000 in back child support,
they sent his data off to the Federal agencies for collection.
Unfortunately, the data they pulled was the data he supplied,
my Social Security number, and the next thing you know I got
the letter.
So unfortunately, I am staring this letter in the face.
Instead of spending a summer leave period enjoying some time
catching up with my two sons after nearly six years of straight
sea duty, I am spending it fighting jurisdictional issues. I
have got three police agencies all going like this when I tried
to file a police report. I am spending hours and hours either
writing letters or on the phones with credit reporting agencies
trying to track the source of these problems and then get them
resolved. I am trying to keep my security clearance folks
flooded with information so that I do not lose my security
clearance, because quite honestly it is much easier to take one
away than it is to get it restored. Once it is gone, it is very
difficult.
Of course, I am working with the IRS to try and resolve
about $10,000 of income that was reported against my Social
Security number that I did not claim. Unfortunately, in
February 2002 the problems continued. I had already started the
cleanup effort so I had placed fraud alerts with the three
credit reporting agencies. Unfortunately, my brother was still
able to go out and get cellular phone service with AT&T
Wireless in spite of those alerts, but that was not the end of
it. The worst happened when Experian merged my credit file with
that of the criminal, my brother's. So now instead of having
one or two bad entries in my credit file from which I am trying
to correct, I now have 30 or more. I have incorrect addresses,
incorrect employers. I have two aliases. I have alternate uses
of my Social Security number, a host of collection actions,
even listing his wife as mine. Any single one of those could
have had a severe and adverse affect on my ability to function
as a naval officer by removing my security clearance.
I found the credit industry is unfortunately not quite as
responsive as I would hope. As a military member with frequent
moves I was very concerned about having specific language put
in the fraud alert. So I sent all three of them a certified
return receipt letter asking them to incorporate specific
language. Not a single one of them incorporated that language.
Not a single one of them even bothered to reply.
Now, as bad as this sounds for me that the identity theft
tarnished my image, the blunder by the industry could have done
the same thing. Although my case has been largely resolved, as
an officer responsible for the welfare of my troops I am very
concerned about how this affects the 19-year-old soldiers,
sailors, airmen, Coast Guardsmen and Marines serving around the
world right now. This problem is virtually impossible to clear
up unless you are right there. It is hard enough right here
fighting the jurisdictional issues military members face when
oftentimes three or more States are involved.
But fundamentally, our nation is at war and our military
members can be deployed anywhere in the world at a moment's
notice. We have heard this morning that it can take months for
people to find out they are victims of a crime or a mistake and
we have heard how it can take a substantially longer period of
time to correct that. How do we expect that young soldier to be
doing that from the streets of Baghdad at night? How do we
expect him to spend that 175 hours or the $1,400 in estimated
out-of-pocket costs to correct problems or mistakes?
I encourage this committee to take any action they can to
improve accountability. Obviously, I have some opinions. I
think there needs to be some increased accountability for the
accuracy of data. I think there needs to be some specific
measures targeted to protect military members on active duty. I
think the committee needs to take a good look at some of the
critical nodes in the credit reporting and credit-issuing
arena.
I do have to thank Congresswoman Loretta Sanchez for her
efforts to assist me in my case, as well as specific thanks to
Special Agent Chris Behe of the Navy Criminal Investigative
Service who was the first officer to take a police report which
subsequently opened doors and led to a prosecution.
Sir, I have completed my statement and I stand by to answer
any questions you may have.
[The prepared statement of Frank Mellot can be found on
page 161 in the appendix.]
Chairman Bachus. Commander, did your brother ever go to
jail? Was he ever prosecuted?
Commander Mellott. Yes, sir. The Navy criminal
investigative report I was able to forward to California and
then they were able to take action on it. They arrested him.
Unfortunately, he had been arrested and appeared in court once
before I was even notified, and found out that his final
hearing was going to take place the next morning, so I spent
the better part of a day putting together a victim impact
statement. He was awarded a 3-year suspended sentence on two
felony counts for falsely providing information on the W-2
forms. He spent 120 days in jail and he is out on supervised
probation.
Chairman Bachus. Has he stopped doing it?
Commander Mellott. At this point, he has, although, sir, I
continue to see lingering effects from it. About 4 or 5 months
ago I got a letter addressed to his wife at my address about a
$5,000 bill that was outstanding.
Chairman Bachus. You have never not been to California
during this period of time, is that right?
Commander Mellott. I can't say for sure during the period.
I most certainly visited at least once. I am a legal resident
of California, but I was stationed in the State of Washington
and then in Rhode Island before being transferred to Virginia
where I am at now.
Chairman Bachus. So after you reported what was going on
and then you would get your credit reports, there was nothing
on those credit reports to indicate that there was a problem,
right?
Commander Mellott. When the initial letter came from
Department of Treasury, by the end of the week I was able to
establish that it legitimately was not me they were looking
for. About a week later, I got the credit reports and then what
I found on those credit reports was that it had started much
earlier. He had applied for cable TV service in the State of
New York with Time-Warner Cable. When he defaulted on the bill,
it was reported as a collection action against me. At that
point, that was the only thing that showed up on my credit
report. It was not until the merging of the two files by, as
Experian said, the computer did it, that I encountered a
substantial problem with inaccuracies.
Chairman Bachus. When you wrote to the credit reporting
agencies and you said, ``here is what is going on,'' subsequent
to that, did you obtain your credit report? You said that none
of them listed this information?
Commander Mellott. I would have to look back in my records,
sir, to make sure I quote the exact company that had it. Of the
three credit reporting agencies, there was only one that
reflected the outstanding Time-Warner bill. Subsequent to that
was when the data files were merged. That is when the
information in those files in my credit report was
substantially incorrect. It has been months trying to get that
cleared up.
Chairman Bachus. Yes, but I am not sure you are following.
Commander Mellott. Yes, sir?
Chairman Bachus. When you wrote to the three credit
reporting agencies and you said, ``my brother is engaged in
this activity, this is the problem,'' what I am saying is
subsequent to that, you said they refused to take any action?
Commander Mellott. Yes, sir.
Chairman Bachus. They did not put your letter in the credit
report, or there is no mechanism?
Commander Mellott. What I did, sir, was I was concerned
because as a military member I move fairly frequently. It is
often difficult for credit agencies to keep the information
current because I move so often. So what I wanted to do was to
try and find a way to, much like Mrs. Mitchell here, provide a
much more secure method before somebody issues credit to
someone who may be trying to do it in my name.
Chairman Bachus. Right.
Commander Mellott. So I sent a letter that was
substantially the same letter to all three asking them to
include specific language on the fraud alert. What I wanted
somebody to do was that if anybody tried to apply for credit in
my name, that they had to cite a photocopy at a minimum, but
certainly a military identification card, for a couple of
reasons. One, that assists me with jurisdictional issues if it
happens, because now it is impersonating an active duty member,
but also it is a photo ID that has the information on it. Not a
single one of them did that. They did not put that language
into the permanent fraud alert. They put their standard
language on, which of course refers them to the phone number
and address that I have on record that, well I am sorry, three
moves in a year make it very difficult for that to keep up. I
recognized that the standard alert was not going to suit the
bill, asked them to put something specific on, and they ignored
it.
Chairman Bachus. Okay. Thank you.
Mr. LaTourette?
Mr. LaTourette. Thank you, Mr. Chairman.
Both of you talked about jurisdictional things, and I can
remember, Maureen, when you were dealing with the criminals in
Illinois, I used to be a county prosecutor and I tend to think
that States should principally deal with criminal matters and
only in extraordinary circumstances call for the Federalization
of crimes. But it was my recollection that what was described
by the first panel was existence in the different jurisdictions
and they had different thresholds. I don't remember if it was
$50,000 or $100,000, but they said they were really not going
to take a look at your case at the Federal level unless you
reach $100,000. As a result in Illinois, if I remember
correctly, they were treated with what in Ohio would be fourth
degree felonies that carry maybe a year and a half in prison,
and typically are probationable offenses where people get out.
So I think both of your stories are reasons why the
majority of the members of this committee have become convinced
that this is a national problem that needs to be addressed
nationally and can't be left to the devices or the different
States, for the reason in your case, well in both of your
cases, you lived in one State and the crimes were taking place
in different States.
Maureen, I again want to thank you for coming. You came on
your own dime from Ohio and I appreciate that. I would think
that, and I know, sort of like a softball question, I know that
your experience has probably given you the ability and the time
to think up a long list of suggestions that the government
could do to help people that find themselves in the same
position as you and Ray found yourselves in. Would you want to
share a few of those with us?
Ms. Mitchell. Thank you, Congressman LaTourette. Yes, I
would.
I cannot stress enough to the committee that we had zero
risk factors of this happening to us. However, that is not the
case for most consumers. So the truncation of the credit card
numbers on credit card receipts is indeed important. I recently
saw a receipt for a Discover card purchase that our daughter
had made using her account. It not only contained her Discover
card account number, it also contained her name. If that
receipt were inadvertently placed in the trash and a criminal
were to obtain it, they would have all of the information that
they needed from one careless disposal of a credit card receipt
to start committing crimes.
I do think that there needs to be a free annual consumer
credit report available to any consumer that requests it. We
had looked at our consumer credit reports in March of 1999. It
was a fluke that we did that because we were putting a mortgage
on a property, so I had the lender send me a copy of it. If I
were not putting a mortgage on a property, I would never have
requested that. An annual review of the credit reports by the
consumer is good for two different reasons. One, many victims
of identity theft are often unaware that they are victims and
may be unaware of it for years until the next time they apply
for credit. Consumer credit reports are also, if you are
unfamiliar with reading them, somewhat of a challenge to
decipher at first. So it would also give the American consumer
an opportunity to familiarize themselves with the verbiage in
the consumer credit report so that as they familiarize
themselves with it, they would more easily recognize in the
future if something were indeed wrong. So those would be two
things that I would strongly suggest.
Mr. LaTourette. I think that, and some of those point to
the need to hand over the credit report, but some of those
things put the burden on the customer, the consumer. The
legislation that Mrs. Hooley and I have worked up also shifts
the burden to those who extend credit a little bit. It seems to
me that most of us here, you are not only a nurse, but you are
a realtor, most of us and most of the people of our
acquaintance probably do not move six or seven times within the
course of a year. It seems to me that those who are in a
position to extend credit, and come across a credit file where
there are people moving from Ohio to California to Illinois and
to Texas during a 12-or an 18-month period, perhaps a burden
should be placed upon them as well to say maybe this is
something that is not quite right. I would assume that is
something that you would think would be a good idea as well.
Ms. Mitchell. I absolutely agree with you, Congressman.
Anything that does not match the consumer record of file on the
credit report when a new application of credit is filed should
serve as a red flag, not requiring necessarily denial of
credit, but requiring further investigation into the legitimacy
of that application before credit is indeed granted. We have
resided at the same address for well over 20 years. Yet as a
result of criminals in Illinois, and we were victimized by an
organized identity theft ring, as a result of the criminals in
Illinois we now showed six address changes on our credit
reports within a two-month period of time. We had lived at the
same address stable for 20 years. We did not hopscotch from
house to house six times in 2 months in Illinois.
Mr. LaTourette. Right. I think when we were talking a
couple of years ago, the notion, and to the commander, you as
well with the experience with your half-brother, there is a
thought that the prison sentences for people convicted of this
crime ought to be enhanced and increased from again typically
based upon the amount of money that is stolen, and if you are
in a variety of different jurisdictions you can steal a little
bit of money here, a little bit of money there, and in the
aggregate it turns out to be a lot, but under the State penal
code it may affect the classification of crime. So commander
first with you, would you like to see legislation that
increased the available penalties for people who engage in this
activity?
Commander Mellott. Sir, absolutely. To Mrs. Mitchell's
recommendations and personally, I would also like to see a
mandatory observation of fraud alerts. I think if companies
were held accountable for not observing a fraud alert that was
on an account, then they would be a lot more careful about
issuing credit to people who quite honestly are doing it
fraudulently.
Mr. LaTourette. And Maureen, is that something you wish we
would consider as well, that is the increased criminal
penalties, lock them up longer?
Ms. Mitchell. Absolutely. The criminal who was prosecuted
in the State of Illinois, who was apprehended impostoring my
husband, was eventually sentenced to 3 years in the Illinois
Department of Correction. He would have received probation, in
my opinion, had we not been assertive consumers willing to
prosecute and had not Congressman LaTourette's office
intervened in that. The damages that were done to us were
extensive. He was one of many, but if these criminals are able
to commit these crimes and count on probation instead of
incarceration, we are not offering any deterrent for these
crimes to continue. They need to be held accountable.
I would like to add, too, that some of the merchants also
need to be held accountable. When the criminals purchased the
Ford Expedition in my husband's name, there were six glaringly
obvious errors on that credit application. Our name was even
misspelled. They put down 3-0-0 as the area code to verify
their place of employment. You don't really need to be an
Einstein to know that 3-0-0 is not a valid area code in the
continental United States. Yet they received approval for a
$40,000 purchase on a vehicle. The merchants need to be held
accountable. Good business practices, common sense and due
diligence need to be used at all steps of the lending process
to ensure that the monies are indeed being loaned to the real
individual.
Mr. LaTourette. Thank you very much.
Thank you, Mr. Chairman.
Chairman Bachus. Thank you.
We have no further questions for Ms. Mitchell or Mr.
Mellott.
Ms. Mitchell, one thing, you said they misspelled your
name?
Ms. Mitchell. Yes, they did.
Chairman Bachus. Is that the name ``Mitchell'' you mean?
Ms. Mitchell. Yes, they did.
Chairman Bachus. Okay.
Ms. Mitchell. Yes, they did. And it was not only misspelled
on the application filed by the criminal, it was also
misspelled on the facts from the lender granting the car
dealership the loan approval. The only thing that matched us on
that application was my husband's Social Security number. The
Social Security number and the State driver's licenses have
become the de facto form of identification in the United
States. Safeguards need to be in place to ensure that those
numbers safeguard the real individuals from having their
identities compromised.
Chairman Bachus. Thank you.
Have you put a financial cost estimate on what this cost
you?
Ms. Mitchell. I can tell you that the criminals
fraudulently applied for $150,000 worth of lines of credit in
1999 in the Illinois area in our names. In 2001, they removed
$34,000 from our bank accounts. Those monies were eventually
restored with interest. We had our bank accounts frozen. It was
extraordinarily embarrassing. Out-of-pocket financial expenses
for us are in the $2,000 to $3,000 price range, the nearest
estimates that I could give. It is countless hours lost in
time, sleepless nights, and sprouting gray hairs. The blood,
sweat and tears that went into trying to resolve our identity
theft victimization, it is indescribable to try and put that
into words. But it was a few thousand dollars out of pocket
expense and over 500 hours of time, very dedicated time, and
hundreds of pages of documentation.
Fortunately now, and I think it was a direct result of a
Senate subcommittee testimony that Senator Kyl chaired, the FTC
now does have the uniform victim reporting identity theft
affidavit, so future identity theft victims will not have reams
of paperwork, because our experience was that the individual
merchants all required individual protocols. That is no longer
the case. It is still a daunting task for the victim of
identity theft to try and have their credit restored, and I am
not sure that it is ever restored fully.
Chairman Bachus. Thank you.
Commander, do you have any last remarks?
Commander Mellott. No, sir. Thank you for inviting me.
Anything I can do to help, I am standing by.
Chairman Bachus. Thank you. We appreciate your assistance
to the committee and your testimony in sharing your
experiences. We appreciate your testimony.
At this time, you all are discharged and we will request
that our third panel make their way to the witness table.
Mr. Tiberi. [Presiding.] I thank the panelists from our
third panel for being here today. I will quickly introduce the
panel, and then we can begin.
Starting from my far left, Ms. Amy Hanson, President of the
FACS Group, a subsidiary of Federated Department Stores; Mr.
Jim Kallstrom, Senior Executive Vice President, MBNA America
Bank; Joshua Peirez, Senior Vice President and Assistant
General Counsel, MasterCard International; Ms. Janell Mayo
Duncan, Legislative and Regulatory Counsel, Consumers Union;
Mr. Joseph Ansanelli, CEO of Vontu; and last but not least, Mr.
Lee Lundy, Vice President, Consumer Services, Experian.
Good. Thank you all for coming. We will begin with Ms.
Hanson. I remind everybody that you will see a clock that will
eventually turn red in five minutes. At that point, if you
could sum up your remarks and you will be able to submit your
written testimony as well.
Ms. Hanson, the floor is yours.
STATEMENT OF AMY HANSON, PRESIDENT, FINANCIAL, ADMINISTRATIVE
CREDIT SERVICES, INC., (FACS GROUP) ON BEHALF OF THE NATIONAL
RETAIL FEDERATION
Ms. Hanson. Thank you. Good afternoon. My name is Amy
Hanson. I am President of the FACS Group, which provides credit
and other administrative services for Federated Department
Stores and its affiliated bank. I am testifying today on behalf
of the National Retail Federation.
I would like to thank Chairman Bachus for providing me with
the opportunity to testify before the House Financial
Institutions Subcommittee about the growing problem of identity
theft and the steps that Federated is taking to protect our
customers and reduce losses from these crimes.
By way of background, Federated is comprised of seven
merchant nameplates, Macy's, Bloomingdale's, Burdine's, Rich's,
Lazarus, Goldsmith's and the Bon Marche. We issue our
proprietary credit cards under these names through our
affiliated bank. In fiscal year 2000, Federated reached a peak
for identity theft-related losses with 5,678 cases representing
a total expense of just under $8 million. In the past two
years, we have experienced a decline of approximately 33
percent in the number of identity theft cases and recognized a
$3.2 million reduction in expense. In the last six months, we
have seen a 41 percent improvement in ID theft cases compared
to last year. We feel strongly we are making progress in our
efforts to protect our customers due to our ability to optimize
technology and information, both of which are critical in this
fight.
Identity theft can occur in two basic ways in our stores:
through an application for a proprietary account or through a
takeover of an existing credit card account. Over the last
several years, we have continued to add additional verification
steps to our internal processes to prevent identity theft. This
issue is of paramount importance to us because after all, these
are our customers who expect both a high level of personalized
service and personal security in our stores.
Instant credit represents about 93 percent of all new
accounts opened by customers at Federated. This process takes
place at point of sale and relies on a highly automated and
relatively quick procedure to verify an applicant's ID and
check their credit report. In order to cut down on fraud, we
have implemented many processes to protect our customers. These
include validating applicant information against credit
reports, checking applicant data against our internal fraud
file, and checking the consumer credit bureau report for fraud
alerts placed there by the customer. If there are discrepancies
in any of the application information, the application is
declined.
Our screening does not stop there. We have a process by
which customer charges are reviewed for out-of-pattern
behavior, high velocity purchasing, making payments on their
account for significantly more than their balance due, and
high-risk merchandise purchases. We also systemically prevent
the mailing of a new credit card on a recently changed address.
In addition, our fraud prevention group utilizes technology
to crosscheck Internet orders and an affiliate fulfillment
system to search multiple orders across affiliate chains. This
ability proved very helpful in discovering an Internet fraud
ring where the perpetrators were placing several orders for the
same merchandise on different Federated Web sites, then
shipping these items to various addresses in the U.S. They then
collected the items for shipment overseas. Fortunately, we were
able to uncover and shut down this ring using our affiliate
sharing tools.
I would like to be able to say that FACS has prevented all
of the fraudulent applications this year, but I can't.
Unfortunately, sophisticated identity thieves continue to work
diligently to bypass our systems and were successful in 2002 at
a rate of 7 per every 10,000 applications processed, less than
one-tenth of 1 percent. This in my view is not the result of a
flawed system, but the result of determined criminals with
sophisticated tools like computers and the Internet. You see,
the most identity thieves know how to produce near-perfect
identity documents such as State-issued driver's licenses and
counterfeit credit cards.
For these types of criminals, there is very little else we
can do to detect and prevent the crime, and retailers, like
other businesses, are looking to the States and the Federal
government to begin producing the most secure and foolproof
identity documents possible. Our ultimate goal is to confirm
the identity of the customer and ensure their identity is not
compromised.
With identity theft representing such a small fraction of
total credit applications, it is often a case of looking for a
needle in a haystack. Further, identity thieves thrive on being
anonymous and rely on the assumption that a large retailer such
as Federated cannot put a name and face together in order to
prevent fraud. This is why it is so important for retailers to
know our customers, and the only way we can do this is through
the use of information. Information flows between FACS and the
credit bureaus or between our corporate nameplates. That,
combined with sophisticated technology and scoring models, cuts
down on fraud and allows us to offer exceptional customer
service.
As you know, identity theft is a crime with at least two
victims: the individual whose identity was stolen and the
businesses that bear the financial cost of the crime. Clearly,
it is the individual victim that is the most directly hurt, but
if identity theft crimes continue to rise, all consumers will
ultimately pay as business losses are passed back to them. As
such, it is critical that our access to information and
prevention opportunities continue. The identity theft criminals
adapt and change quickly and we need that same flexibility.
I appreciate the opportunity to testify here today and I
look forward to answering your questions, as well as those of
the committee.
Thank you.
[The prepared statement of Amy Hanson can be found on page
117 in the appendix.]
Mr. Tiberi. Thank you, Ms. Hanson.
Just as an aside, one of my first credit cards was a
Lazarus credit card.
Ms. Hanson. That is good. I hope it is still in your
wallet.
[LAUGHTER]
Mr. Tiberi. Mr. Kallstrom?
STATEMENT OF JIM KALLSTROM, SENIOR EXECUTIVE VICE PRESIDENT,
MBNA AMERICA BANK
Mr. Kallstrom. Good afternoon, Mr. Chairman. Thank you for
inviting me here today. I think I can safely speak for the
entire industry in complimenting the committee for the
thoroughness with which you are examining the issues relating
to the reauthorization of the Fair Credit Reporting Act. From
our perspective, you have constructed a compelling record from
which to legislate and we have high praise for the diligence
and dedication of the staff who have brought all of this
together.
Regarding identity theft, we are in complete agreement with
you and the other members. Identity theft, like other serious
crimes, is an attack on our customers, our businesses and on
our economy. While it accounts for only about 4 percent of the
fraud we experience, as you have just heard it often exacts a
personal cost of time, reputation and frustration that is very
hard to measure. Viable solutions likely will involve greater
participation by all of us, the credit granting industry,
retailers, the credit bureaus, law enforcement, prosecutors,
government agencies and consumers. But also recognizing that
our collective task is made much more difficult by the rampant
availability of false identification documents, which is an
epidemic in this country today.
As with many crimes, the cliche ``forewarned is forearmed''
applies to identity theft as well. Ensuring the availability of
key information, both to businesses and potential victims
alike, goes a long ways towards prevention and apprehension. As
Assistant Secretary Abernathy remarked recently, identity theft
is not caused by information; it is caused by a lack of
information.
In summarizing my statement for the record, I would like to
make four points. First, the interests of our customers and the
interests of industry are synonymous. Our business philosophy
is, find the right customers and keep them. We want our
customers to be able to use our products and use them securely.
We want our customers to have confidence that we will help
protect them against the ravages of identity theft. When fraud
does occur, our customers are not responsible for the
fraudulent charges and we provide assistance both to help stop
further damage and to help in recovering from the identity
theft. But as we have just heard, it is far more difficult to
restore the confidence of victims and to relieve the effects of
having their identity stolen. We agree with our customers who
say, reputations, good will, financial well being and consumer
confidence are all put at risk because of identity theft. In
the end, it hurts every one of us.
Second, prevention and detection of identity theft is what
we do with every application and every transaction, 7 days a
week, 365 days a year. We invest millions of dollars preventing
and detecting identity theft and other types of fraud. We
employ hundreds of people who specialize in fraud detection and
prevention, and have a sizeable cadre of people dedicated to
ensuring our customers are properly identified. We employ
extremely sophisticated neuro-networks and experience-based
automated strategies to find and reduce fraud and identity
theft, from exploring discrepancies between applicants and
credit reports, to scrutinizing hundreds of thousands of daily
transactions for anomalies. We fight identity theft from the
credit application stage through loan repayment. Our customers
are critical participants in this process, but there is no
question that the Fair Credit Reporting Act is the foundation
of this effort. To be successful, we rely upon the kind of
uniform current credit information that FCRA has given us.
The third point I would like to make is setting the record
straight on a couple of things, affiliate sharing and
prescreening. With affiliate sharing, we are aware of no
instance, not one, where affiliate sharing resulted in identity
theft. To the contrary, it helps the industry fight identity
theft. Our experience with prescreening is similar.
Prescreening results in substantially fewer fraud attempts, not
more. A study released last week by the Information Policy
Institute, the IPI, a copy of which I am submitting with my
statement for the record, confirms that the same holds true for
the entire industry. In fact, the study found that industry
losses from fraudulent prescreened applications amount to four
one-thousandths of 1 percent of total sales volume. Eliminating
prescreening would likely result in an increase in identity
theft. That is so because prescreened offers reflect only names
and addresses, less than is in the telephone book. The
prescreening process involves more filtering, not less
filtering.
One final point, Assistant Secretary of the Treasury Wayne
Abernathy understands the industry, understands the problem,
and he and others at Treasury have talked about the need for a
comprehensive approach to address the problem of identity
theft. We agree that any approach should include enhanced
prevention, detection and victim assistance. It should include
reauthorization of FCRA because, as Assistant Secretary
Abernathy says, to do otherwise creates shadows where identity
theft can occur. On the enforcement side, the solution should
include stiffer penalties, reflecting the serious and pervasive
nature of this crime.
We also agree that any solution should help consumers make
more informed decisions about information sharing. This can
happen by making privacy notices shorter, simpler and in plain
English, and making opt-out procedures easier and uniform so
that consumers can more easily exercise control of their
personal information in a meaningful way. Everyone agrees it
would be of enormous benefit to provide consumers with easily
digestible privacy notices that include easy opt-out
procedures. In fact in a recent survey, we found that our
customers overwhelmingly support a simple food label-like
notice as the kind of notice they want, a notice they will
actually read, that is easily comprehensible, and which allows
busy people an opportunity to participate in information
sharing decisions in a more meaningful way. It is simply a good
idea that will be of great benefit to consumers.
In the end, legislating more and better tools for law
enforcement, consumers and the industry to use to prevent,
detect and recovery from identity theft is a consumer issue
that will help us all. We applaud your attention to these
critical issues and I look forward to any questions you might
have.
Thank you very much.
[The prepared statement of Jim Kallstrom can be found on
page 125 in the appendix.]
Mr. Tiberi. Thank you, Mr. Kallstrom.
Mr. Peirez?
STATEMENT OF JOSHUA L. PEIREZ, SENIOR VICE PRESIDENT AND
ASSISTANT GENERAL COUNSEL, MASTERCARD INTERNATIONAL
Mr. Peirez. Good morning, Chairman Bachus, Congressman
Sanders, and members of the subcommittee.
My name is Joshua Peirez and I am Senior Vice President and
Assistant General Counsel at MasterCard International located
in Purchase, New York. MasterCard is a global organization
comprised of financial institutions that are licensed to use
the MasterCard marks. I thank the subcommittee for having a
hearing on this critically important issue and for giving me
the opportunity to provide information on combating identity
theft.
MasterCard takes its obligation to protect MasterCard
cardholders against identity theft and other forms of fraud
very seriously. In fact, this issue is a top priority for
MasterCard and we have a team of experts, including many ex-law
enforcement personnel devoted to combating fraud. We are proud
of our strong record of working closely and proactively with
Federal, State and local law enforcement agencies to apprehend
these criminals.
MasterCard believes its success in fighting fraud is
perhaps best demonstrated by noting that our fraud rates have
continuously declined over time and are at historically low
levels. MasterCard recognizes that identity theft and other
fraudulent schemes evolve constantly, and we devote substantial
resources to staying one step ahead of the criminals. We
continually develop new ways to fight fraud and identity theft.
For example, MasterCard has instituted a number of protections
against unauthorized use of MasterCard payment cards. These
include enhanced security features on the card, the risk-finder
service, the address verification service, the issuers
clearinghouse service, and our proprietary fraud reporting
system. In addition, we have voluntarily implemented a zero-
liability rule which means that a MasterCard cardholder will
generally not be liable for any fraud losses at all.
Although MasterCard has established these consumer and
anti-fraud protections, one of the most important tools in
combating identity theft is the availability of accurate,
reliable consumer reports. Providing consumer reports is the
role of the credit bureaus which gather information from
thousands of sources commonly referred to as furnishers. The
reliability of consumer reports as an identity theft prevention
tool is largely due to the uniform national standards
established by the FCRA. If States impose different obligations
on furnishers, the amount and quality of information could
substantially decrease.
The FCRA also governs two activities that greatly assist
financial institutions in fighting identity theft, affiliate
sharing and prescreening. Financial institutions rely on the
ability to share information among their affiliates in order to
detect and prevent identity theft. This happens, for example,
when an application does not match existing information about
the same consumer held by an affiliate. Additionally,
prescreening also results in fewer cases of identity theft and
other fraud than when the accounts are acquired through other
means. In this regard, prescreening and affiliate sharing are
important weapons in the fight against identity theft.
Other provisions in the FCRA are also useful in limiting
the damage to identity theft victims. For example, consumers
receive notices if they are denied credit based on information
in a consumer report. This flags for the consumer that the
consumer's report may contain negative information and allows
the consumer to follow up and investigate the matter further.
If there is information in the credit report that may be the
result of identity theft, the consumer can generally require
the credit bureau to correct any error within 30 days. In
conclusion, MasterCard is committed to working with government,
credit bureaus, our members and cardholders to ensure that we
provide the safest financial environment possible. We take our
role in fighting identity theft and fraud very seriously and
will continue to research and develop technologies and programs
to help with that fight. By making the national uniformity
under the FCRA permanent, MasterCard will be able to provide
better protection against identity theft and fraudulent
activities to its cardholders and issuers.
Thank you again for allowing me to appear before you today
on this important topic. I am happy to answer any questions you
may have.
[The prepared statement of Joshua L. Peirez can be found on
page 195 in the appendix.]
Mr. Tiberi. Thank you, Mr. Peirez.
I am going to yield just a minute to the chairman of the
subcommittee.
Chairman Bachus. I thank you, Mr. Tiberi.
I wanted to take this time to say to Mr. Kallstrom and Mr.
Peirez, Mr. Kallstrom from MBNA America and Mr. Peirez from
MasterCard, the staffs of your institutions have been very
helpful to us in the committee in reviewing legislation on
reauthorization for FCRA. They have been very timely in getting
back with us and just fully cooperative, and I want to commend
both you gentlemen for that. It has been a very good experience
for us. I think that the legislation going forward will reflect
your expertise. As you say, Mr. Kallstrom, the interest of the
consumer and the interest of your institutions are analogous.
Mr. Kallstrom. Yes.
Chairman Bachus. The National Retail Federation, Ms.
Hanson, has also been very helpful in pointing out particularly
some of the strengths of the uniform fair credit reporting
system. I don't think there was a car dealer from my home State
of Alabama who told me that he does business, about 20 percent
of his business comes from the State of Florida, about 35 to 40
percent comes from the State of Georgia. The rest comes from
the State of Alabama. He says even dealing with three sets of
conflicting information could be a detriment in extending
credit. So I think whether we are retailers or credit card
companies or Ms. Duncan with the Consumers Union, I think we
can certainly find some identity of interest because we are all
looking for the same thing, and that is the extension of credit
in a fast, expedient way.
It has been a great benefit if you look at low-and middle-
income citizens, under FCRA there has been an explosion of
available credit. At the same time, we ought to be able to find
ways to protect those consumers in this process. So I think we
all have an identity of interest there. We may have different
opinions on how we get there.
At this time, I will yield back.
Mr. Tiberi. Thank you, Mr. Chairman.
We have a series of votes on the floor and the Chairman has
asked me to recess the committee until 1:30 p.m. when we will
return with the next panelist. Thank you.
[RECESS]
Mr. LaTourette. [Presiding.] The subcommittee will come
back to order. We appreciate your patience during that series
of votes, and hopefully we will be able to complete this panel
before more mischief like that is occasioned.
Ms. Duncan, I think we are with you, and thank you for
being here. We look forward to your testimony.
STATEMENT OF JANELL MAYO DUNCAN, LEGISLATIVE AND REGULATORY
COUNSEL, CONSUMERS UNION
Ms. Duncan. Thank you.
Good afternoon, Mr. Chairman and members of the
subcommittee. Thank you for providing me with the opportunity
to come before you today. I am Janell Mayo Duncan, Legislative
and Regulatory Counsel for Consumers Union, publisher of
Consumer Reports magazine. I am pleased to be able to share our
views on the relationship between the FCRA and identity theft.
Consumers Union, an advocate for consumers, is the only
consumer representative on this panel. We are a nonprofit
organization, and as you will see from my comments today we
would strongly disagree with Mr. Kallstrom's claim that he and
MBNA are appropriate spokespersons for consumer interests.
In addition, the FCRA at its core is a consumer protection
statute, and we are here and stand ready to join MBNA,
MasterCard and the National Retail Federation in lending our
perspective as the committee crafts legislation to address
these problems, understand the impact on consumers, and to
develop solutions to this crime.
This hearing is entitled Fighting Identity Theft, the Role
of FCRA. We believe that the current operation of the FCRA,
FCRA Federal preemptions, and ongoing industry practices are to
a great extent responsible for the skyrocketing number of
identity theft cases. Consumer Reports magazine looked at this
problem in a 1997 article. At the time, the magazine described
the crime of identity theft as one of the fastest growing in
the nation.
The article chronicled stories of people victimized by the
crime and in it we identified flaws in the system that we
believed to be contributing to this problem, including lax
identification standards, where credit is granted to a thief by
creditors matching as few as two pieces of identification with
information on the credit report of an unsuspecting individual;
the granting of quick credit; the dissemination of convenience
checks; instant credit and easy replacement of reportedly lost
of stolen cards; inadequate fraud detection by credit reporting
agencies or CRAs; credit grantors that ignored fraud warnings
meant to serve as an obvious indication that an identity thief
had been actively exploiting a consumer's credit file; and
unfair correction processes where credit bureaus continue to
update files with inaccurate information or information
generated by the thief. Six years after our report, thieves
have become more sophisticated and organized and the problems
are more widespread. However, the basic elements placing
consumers at risk have not changed and continue unabated. We
believe that the solutions lie in requiring industry to better
manage and safeguard information already at their disposal. In
addition, the current preemption of State laws must be allowed
to expire so that States can act quickly to address new and
emerging identity theft crimes, because thus far States have
been the most responsive and effective source of solutions to
this growing problem.
Additionally, consumers must be empowered with more control
over the dissemination of their personal information in order
to prevent identity theft. Some of our specific recommendations
are to allow consumers to obtain yearly and at no cost a copy
of their credit report and credit score from the three major
CRAs; prohibit CRAs from releasing consumer information unless
they have made a careful matching of a minimum of four
identifiers; require CRAs to notify consumers at their original
address when an address change is made to their report; allow
victims of identity theft to freeze their credit reports to
prevent impostors from accessing any more credit in their
names; penalize creditors that grant credit to a thief without
following up on a fraud alert placed on a credit report;
require CRAs to alert consumers free of charge when suspicious
activity is observed on the report; increase penalties for
furnishers that reinsert information in a consumer's credit
file that already had been disputed by a consumer as inaccurate
and had been previously removed; and give consumers control
over the sharing of personal information among companies,
including affiliates.
We urge this subcommittee to work to pass meaningful
legislation that will address the elements of the FCRA and
industry practices that help make the commission of these
crimes possible. I have provided the subcommittee with
additional recommendations in my written testimony. In our
view, the improvements we suggest would go a long ways towards
preventing this crime.
I thank the chairman and members of the subcommittee for
this opportunity to testify and I look forward to answering any
questions.
[The prepared statement of Janell Mayo Duncan can be found
on page 109 in the appendix.]
Mr. LaTourette. I thank you very much for not only your
testimony, but your ability to complete it before the red light
went on. Thank you very much, Ms. Duncan.
Mr. Ansanelli, welcome and we look forward to hearing from
you.
STATEMENT OF JOSEPH ANSANELLI, CEO, VONTU
Mr. Ansanelli. Thank you and good afternoon.
My name is Joseph Ansanelli and I am the CEO and founder of
Vontu. We provide information security software that helps
guard against the loss of customer information. I am honored to
provide testimony in fighting identity theft and the role of
the Fair Credit Reporting Act. I commend the subcommittee for
discussing this important issue.
My testimony draws from my experience in working with chief
information security officers at some of the country's top
financial services, insurance, media and retail companies.
These security professionals are acutely aware of the
challenges in adequately protecting consumer information.
To begin, we believe it is important to help a consumer
quickly repair his or her credit when their identity has been
stolen. However, this problem will continue to grow if we do
not prevent the theft of consumer data in the first place. This
means making sure Social Security numbers, credit card numbers
and other identifiers don't get out from those companies that
have that information.
While there are many ways identity theft occurs, from a
financial report taken from the trash, a credit card receipt in
a restaurant, companies and government agencies are the
ultimate sources for large electronic databases of consumer
information. Without additional safeguards in place, millions
of Americans may be victims of identity theft by the end of
this decade.
Traditionally, organizations have focused on the hacker and
preventing people from breaking into their customer data
systems. Many organizations now realize that another
significant threat exists. With the rapid adoption of the
Internet and tools such as electronic mail, consumer
information can be leaked in a moment's notice by insiders. No
matter how secure an organization's systems are, many employees
require access to sensitive customer data, yet it is much
easier for insiders to accidentally leak or maliciously steal
information than it is for a thief to break in from the
outside.
As an example, in November of last year a customer service
employee of Teledata Communications who had easy access to
consumer credit reports, allegedly stole 30,000 customer
records. That is the first step in the identity theft process.
This theft cost millions of dollars in financial losses and
demonstrates that even though any computer system can be
hacked, it is much easier and in many cases far more damaging
for information to be stolen from the inside. Last month, we
conducted a survey with Harris Interactive of 500 employees and
managers who had access to customer data that confirms this.
Almost half of the respondents said it would be easy to take
sensitive customer information from their employers's networks.
Two-thirds believe that their coworkers pose the greatest risk
to consumer data security, while only 10 percent said hackers
were the biggest issue. In fighting identity theft, we suggest
it is important to fix the problem and to look beyond external
threats and recognize that insiders pose a fast-growing risk.
Based on our experiences, I recommend the subcommittee
weigh the following when considering revisions to the Fair
Credit Reporting Act. First, confusion is the enemy of consumer
protection. A consistent and unified national approach to our
credit system will benefit consumers the most. However well
intentioned a system of 50 different laws might be, it would
only create confusion and paralysis that would ultimately harm
consumer protection. Therefore, we believe that the preemption
provisions of the Fair Credit Reporting Act are critical and
should extend to any additions to help protect identity theft.
Second, we urge the subcommittee to ensure that any
modifications to the FCRA encourage companies to go above and
beyond any stated requirements to protect customers' data. Most
companies know it is in their self-interest to protect a
customer's data. However, I have had companies question whether
they should go beyond base Legislative and Regulatory
requirements such as GLBA for fear in doing so could
potentially reveal problems that trigger punitive actions.
Future legislation should encourage and protect organizations
that go above and beyond any base security requirements.
Third and most importantly, I suggest this committee
develop a consumer data security standard as part of the FCRA.
Ensuring a national unified and standard approach to protecting
consumer information at its source will help to stop one of the
main and growing sources of identity theft. Any such standard
should include the following principles. First, corporate
security policies should be mandated. A company security policy
should be publicly available, regularly reviewed and updated,
and audited and approved by its board of Directors. Second,
employee education is critical. In the Harris survey I
referenced earlier, almost one-third of workers and managers
had not read or did not know if their company had a written
customer data protection policy.
Third, data protection and control should require best
practices. Physical and network protection should use best
practices for all commercially reasonable solutions. And last,
companies must enforce employee compliance. Organizations
should have an obligation to regularly monitor and enforce
employee compliance with government regulations and their own
internal security policies for the use and distribution of
sensitive consumer information.
I hope these comments will be helpful to the committee and
I welcome the opportunity to answer any questions.
Thank you.
[The prepared statement of Joseph Ansanelli can be found on
page 80 in the appendix.]
Mr. LaTourette. Thank you, Mr. Ansanelli.
Mr. Lundy, thank you for being here and we would like to
hear from you.
STATEMENT OF LEE LUNDY, VICE PRESIDENT, CONSUMER SERVICES,
EXPERIAN
Mr. Lundy. Thank you, Mr. Chairman and committee members.
Good afternoon.
My name is Lee Lundy. I am Vice President, Consumer
Services, for Experian. I am responsible for managing
Experian's National Consumer Assistance Center in Allen, Texas.
Of the total consumer reports that Experian issues each
year, only about 1 percent results in a request by a consumer
for disclosure. About half of that number results in an inquiry
by a consumer relating to a dispute or a general question about
a disclosure. Only a portion of this one-half of 1 percent
results in an actual change to the consumer's file, which may
be either a correction or an update. All of this takes place
within an environment where the industry estimates that up to
30 percent of consumer contacts we receive are the result of
credit-repairing inquiries where attempts are made to remove
negative information, but it is accurate. These calls require
investigative processes that impact our ability to address true
consumer concerns. Today, I want to discuss the steps we are
taking to provide the business community with ways to prevent
ID theft, help consumers restore their reputation with victim
assistance, and discuss solutions that will not work,
specifically limiting information flows and providing free
credit reports without condition.
What works? The most effective strategy is responsibly
using the free flow of information. Experian and others are
making large investments in developing effective fraud
prevention and detection tools based on responsible information
sharing. Our national fraud database is comprised of known and
verified fraudulent activity provided by businesses from across
many different industries. Our customers use this database to
stop fraud before it happens.
Experian's Detect service takes fraud prevention to the
next level by comparing an individual's application history for
anomalies that may indicate fraud. Do they work? Just an
example, one company using Experian's fraud tools experienced a
55 percent decrease in fraud losses and reduced the time it
took to confirm fraud records by more than two-thirds. As you
can see, fraud prevention is paramount. However, in the event
that victim assistance is required, Experian has been working
with our counterparts for several years to develop uniform and
efficient processes. Recently, we announced a one-call fraud
alert program. Today, consumers who believe they are victims of
fraud need only contact one credit reporting agency to add
fraud alerts and receive complimentary reports from all three
of the agencies. Once the consumer receives the report,
Experian's consumer assistance agents are trained to personally
assist the consumer by explaining the information on the report
and initiating an inquiry to the creditors to resolve any
inaccuracies.
The question has been asked why it takes so long to resolve
identity theft issues on a consumer's file. In some cases, the
full extent of the crime may not be known for some time.
Identity theft, unlike other crimes of theft, often occurs over
a period of weeks or months. When a victim identifies
fraudulent entries on a consumer report, we work promptly with
the provider of the information to resolve the issue. So when
you hear stories in the media that it took consumers months to
unravel financial records affected by identity theft, it is
often because elements of the crime do not fully appear until
weeks or months after the criminal activity began.
What doesn't work? Restricting data access and providing
free credit reports without condition. At face value, both seem
to promise greater fraud protection. In reality, they do little
to protect consumers and in fact may make the fraud problem
worse. Access to and responsible use of information from a
broad spectrum of sources is essential to our fight against
fraud and identity theft. Effective solutions demand tools that
utilize complete, accurate and current information from
multiple sources in order to counter consistent variations of
the crime. We know that more information, not less, will reduce
fraud and ID theft. Eroding the ability of businesses to
obtain, share and compare information will increase the risk of
fraud and ID theft.
Free credit reports upon request have been touted as a
solution to the fraud problem, but actually have little impact
on fraud prevention and would impair our ability to control
costs and meet mandated service levels. Current FCRA provisions
already provide free reports for virtually all qualifying
consumers. Costs such as postage, for the average report is
approximately 13 pages long, and staff are often lost when
factoring in the actual cost of a free report. Cases involving
security breaches from systems outside of the credit allocation
stream already result in large unpredictable numbers of free
report requests. Such cases impose tremendous costs on credit
reporting agencies. They also result in flooding our assistance
centers with calls that impact those consumers who have a more
urgent service need.
Thank you for the opportunity to address the committee. I
will be happy to answer any questions you may have. I have
submitted a more detailed written statement for the record.
[The prepared statement of Lee Lundy can be found on page
134 in the appendix.]
Mr. LaTourette. I thank you, Mr. Lundy, very much. I think
I will begin with you.
Obviously, as someone, and I think Mr. Sanders talked about
legislation that he has drafted, and I know the legislation I
have drafted with Mrs. Hooley has a provision that calls for
one free credit report annually. So obviously it is
disappointing to hear you opine that it actually would increase
fraud activities. I think the only issue that I would take,
well a couple of issues I will take with that statement.
One is that I don't think that it is being touted as the
answer to identity theft. I think it is, to take another
portion of your testimony, the more information the consumer
has, I think, if it is a two-way street, if we are not only
asking those who grant credit to be more vigilant, there is a
concurrent responsibility on the individual, the consumer to
pay attention, but they can't really pay attention if they
don't know what is in their credit report. I think at least
from my perspective, Mr. Sanders I know can speak for himself,
but from my perspective that is the idea behind it.
So the question that I would have for you is, has the
industry or has your organization calculated a cost and/or the
ability to comply with such a provision should that be the
ultimate enactment of the Congress?
Mr. Lundy. Actually, I do not have those figures with me.
We know that it is a tremendous impact only by what has
happened in the recent past, as far as whenever we do have data
stolen from within a business. We then get a very big impact as
far as sending out free credit reports to consumers who really
have not truly been impacted or affected by credit fraud, but
only there is a fear that they may have been. It does create
quite a bit of staffing issues because even with those
additional calls coming in because of the literally hundreds of
thousands of credit reports going out, we still are mandated to
make sure that we handle all those calls within FCRA
requirements.
Mr. LaTourette. Ms. Duncan, as I listened to your
suggestions, I pulled some off the Web site relative to
freezing credit reports and also it mentions increased
participation by local police agencies in taking down reports.
I think you mentioned three or four other things in your
testimony today.
I am wondering if you have had a chance to review any of
the legislation that has been introduced by any member of the
Congress relative to fraud, and in particular I would think of
Mr. Sanders's bill, I would think of Ms. Hooley's bill and any
others, and whether your organization has formed an opinion as
to whether they would work or are moving in the right
direction, or we need to do more, or we are about there.
Ms. Duncan. We do agree that any additional information
that can be given to consumers is a good idea, as consumers are
being asked to take control over their credit report and their
financial well being. Yes, we have supported Mr. Sanders's
legislation asking for a free credit report. We have been very
active out in California supporting some of the laws that have
come about out there. On the Federal level, we have supported
other legislation that would require for the truncation of
credit card numbers and quite a few others.
Mr. LaTourette. Okay. And I heard you take exception with
Mr. Kallstrom's testimony, with Mr. Ansanelli sitting next to
you. How do you feel about the preemption issue, the
observation that having 50 different sets of credit regulations
actually increases the opportunity for mischief? Has your
organization taken a position on whether or not there should be
Federal preemption in these areas?
Ms. Duncan. We have supported the expiration of the
preemption provisions and we do believe that States have been
very active in these areas. As you can see, there has been a
lot of talk about the things that can be done, but as you know,
the incidence of identity theft is skyrocketing, and the
methods that criminals are using to perpetrate this crime are
changing over time. So we think that States are probably the
most appropriate body to act very quickly when these methods
change.
Mr. LaTourette. Thank you.
Ms. Hanson, that brings me to your testimony and the
question of preemption. As I understood you, you said that
Federated has been pretty successful about getting to know your
customer. One of the things I think you cited was you got to
know your customer by information that had been shared by
affiliates. If States come up with different rules and
regulations to restrict sharing among affiliates, do you have
an opinion as to whether or not that helps or hurts the problem
we are discussing here today?
Ms. Hanson. I think it would make our job much more
difficult as a retailer, to know our customer, if we have to
wade through the morass of multiple States' different
interpretation of laws. I think our job would become much more
difficult in protecting our customers.
Mr. LaTourette. And Mr. Ansanelli, when a corporation
decides to go above and beyond, or an organization decides to
go above and beyond, were you talking about a benefit that
basically would restrict them from liability should they, sort
of protecting them from the lawyers?
Mr. Ansanelli. Exactly. I don't like necessarily the
phrase, but a safe harbor which is that they are actually going
to try to find problems that they discover above and beyond
what the regulation says. They should not then be held liable
for finding out that they had a problem that they didn't have
to actually go find to begin with.
Mr. LaTourette. That is an interesting idea. There is a
company in my district that has nothing to do with what we are
talking about, but a company in my district that disinfects
things. When SARS was in the news, and it still continues to be
in the news, they developed a program to disinfect the inside
of airplanes. The airlines were reluctant to do it because by
disinfecting the inside of the airline they might be assuming a
responsibility that they don't currently have for passengers
with SARS.
Thank you all very much.
Mr. Sanders?
Mr. Sanders. Thank you, Mr. Chairman.
Before I get to identity theft, there is another issue that
I would like to talk to MBNA about, and that is what some of us
call the bait-and-switch process that many credit card
companies are currently engaged in. Mr. Kallstrom, let me just
read to you from an article that appeared in the New York
Times, well, summarize an article that appeared in the New York
Times on May 29.
The essence of the article was that it appears that all
over this country companies, including your company, do a bait-
and-switch. You send out solicitations to people asking them to
accept your credit cards at certain interest rates, and then
month after month these people pay the bill that they owe you.
Let's say they have a 5 percent interest rate and they pay you
every month the $200 that they owe you, whatever it is.
Suddenly, lo and behold, 5 months later, after having paid on
time every month what they owe you, the interest rates go sky
high. And when they inquire as to why that is so, and many of
them, of course, do not inquire. They don't notice what has
been happening. They find out that somebody will tell them,
well, yes, you paid us on time, but you borrowed additional
money. We are sorry somebody in your house was sick and you
needed additional money, and yes, you have always paid us on
time, but nonetheless we are going to double or triple your
interest rates.
Please explain to me why you think this is moral acceptable
behavior when somebody month after month has paid you on time
what they owe you? Why do you change the rules of the game and
double or triple their interest rates?
Mr. Kallstrom. I read that article in the New York Times
also. For the record, I would say that we do not bait and
switch. What we do is we assess risk and we give unsecured
loans to people to better their life and to carry on or live in
the world we live in today. I would not necessarily believe
everything I read in the New York Times.
Mr. Sanders. Well, let me ask you a question.
Mr. Kallstrom. Let me finish my answer please. People's
situations do change and we are assessing risk. There is a lot
of oversight on us. There are a lot of good reasons, there are
hundreds of reasons why we should assess risk.
Mr. Sanders. Well, let me ask. I will give you your time.
Sir, the problem here, as you know, is we are limited in time.
I wish we had time.
Mr. Kallstrom. Let me just finish the answer in 30 seconds.
Mr. Sanders. Yes.
Mr. Kallstrom. So from time to time, we do assess risk. We
always pre-notify the customer as to the conditions that are
going to change. We always give them the opportunity to just
say no. We give them the opportunity to pay off that account at
the existing rate and close their account, or keep the account
open at the new rate that the risk has brought us to. That is
good business practice, good ethical practice, and that is what
we do.
Mr. Sanders. What percentage of the people that you deal
with who have your credit cards do you change interest rates
on?
Mr. Kallstrom. We are in a competitive market, sir, that
changes all the time for competitive reasons.
Mr. Sanders. I asked you a simple question.
Mr. Kallstrom. I do not have an exact percentage.
Mr. Sanders. And what percentage of the people do you think
actually know? People get a lot of stuff. Among other things,
they get 5 billion solicitations a year from credit card
companies. What percentage of the people who you send out this
information to do you think actually know?
Mr. Kallstrom. I believe the vast majority on that point
know because we highlight it. We set it off in sharp colors.
But you are right about disclosures. People don't actually know
what a lot of those things say, particularly the Gramm-Leach-
Bliley ones because no one can understand what they say.
Mr. Sanders. But I would suspect that many people who see
their interest rates change, I want to get back. You say you
are not into bait-and-switch, but what you are into is changing
the interest rates on people even though they have paid you
every single month. Now, if I do business with you and I pay my
bill on time to you every month and I pay you what I owe you,
why do you think you have the right to double my interest rate?
Mr. Kallstrom. Because we must assess risk on the
portfolio.
Mr. Sanders. Even though I have paid you?
Mr. Kallstrom. And you might have gone and borrowed $50,000
from somebody else and you are not paying it back. So in this
day and age we live in, we have to look at the total.
Mr. Sanders. In other words, what you are doing is
punishing people who have paid their bills because you think
they may not, even though they have always kept their word and
their contract with you. I think that is wrong.
Mr. Kallstrom. We are giving unsecured loans, sir, and we
are giving them notice that if they do not want that additional
rate; in every occasion, we are giving them notice.
Mr. Sanders. Excuse me, excuse me, sir. You have not
answered me in terms of how many people do not even know that
their interest rates would change, and I suspect many do not.
Mr. Kallstrom. I agree that the vast majority do know.
Mr. Sanders. You are dealing with large numbers of people.
Excuse me. Even if the vast majority is true, there will be
many, many thousands of people who simply every month, who
assume because they pay their bills on time, do not anticipate
an increase in interest rate. I will bet you that there are
thousands of people who are paying you far higher interest
rates than they contemplated.
Mr. Kallstrom. I don't know the percentage.
Mr. Sanders. Thank you. I have limited time. I would love
to discuss the issue. I really would, but we have a limited
amount of time.
Mr. Kallstrom. I would also.
Mr. Sanders. Ms. Duncan, do you have thoughts on that
practice?
Ms. Duncan. We agree with your concerns that there are
consumers, and I read the article as well, out there who are,
regardless of their payment history with the particular lender,
are possibly seeing their rates skyrocket. Also, it is quite
possible that that increase in rates, I mean, if you look at a
consumer who has been responsible in the past, you could
possibly assume that they would be responsible in the future.
In making those rates go up like that, that could very well be
the proverbial last straw that broke the camel's back.
Mr. Sanders. Right. And there are instances, as I
understand it, that that practice has driven people into
bankruptcy. Thank you, Ms. Duncan.
Let me ask Mr. Lundy a question. When you discussed with
the Chairman your opposition to providing consumers with free
credit reports, you mentioned the cost. Obviously, there is a
cost and we don't know what the cost will be. But how can you
tell the consumers of this country that they are not entitled
to free credit reports when just in 2002, MBNA just happened to
have enough money in that year to pay their four top executives
$308 million? Don't you think that maybe if they wanted to
cover the cost of informing consumers all over this country
what their credit reports were, maybe they could take a little
bit of a cut in salary? Do you think that might be possible?
Just a little bit. We don't want to put them on welfare, but
$308 million for the top four execs, now, what can I say?
Mr. Lundy. Sir, I can't discuss, of course, the salaries at
MBNA. However, we are not opposed to free credit reports to
consumers with conditions. We believe that all consumers
knowing what is in their credit reports is very important. We
do not believe that the price that we charge a consumer, which
is $9 or less in some States, is prohibitive for consumers who
have no conditions to actually get their credit file report.
Mr. Sanders. I would certainly agree with you. It is not
prohibitive. But there will be a heck of a lot of people who
will not pay the $9 who, if they got it for free, might learn
that they were a victim of identity fraud.
Let me get back to Mr. Kallstrom. Maybe you want to tell
the people in terms of cost, what do you think about $308
million in 1 year for the top four executives?
Mr. Kallstrom. Well, look, I don't know exactly what their
compensation was.
Mr. Sanders. I can give it to you.
Mr. Kallstrom. I can tell you that is not salary.
Mr. Sanders. That is total compensation.
Mr. Kallstrom. Like Al Lerner who you talked about earlier,
who is an American patriot, who served this country in Korea,
who grew up in a back room and invested capital in a small
company.
Mr. Sanders. I am not making any disparaging remarks.
Excuse me. We hear over and over again and we heard it from Mr.
Lundy. I am not disparaging anybody or the patriotism of
anybody. But there are a lot of Americans who are a little bit
concerned, because they are going bankrupt in record numbers,
about executive salaries.
Mr. Kallstrom. Sir, with all due respect, those are not
salaries.
Mr. Sanders. Compensation packages is what I am talking
about.
Mr. Kallstrom. They are not salaries.
Mr. Sanders. I said it five times, compensation packages.
Mr. Kallstrom. They chose to sell some stock in the company
that they built at the time, and you are taking a point in time
and you are making a point.
Mr. Sanders. That is right. I am making a point that in
2002, your top four executives made over $308 million.
Mr. Kallstrom. It is not salaries.
Mr. Sanders. Thank you.
Thank you, Mr. Chairman.
Mr. LaTourette. I thank the gentleman very much.
Mr. Toomey?
Mr. Toomey. Thank you, Mr. Chairman.
Mr. Kallstrom, just to follow up on this. I can't help but
address this. I for one would be shocked and very concerned if
you made credit decisions without taking into account the
entirety of a person's credit portfolio. Just by way of
clarification, with respect, for instance, to a corporate
borrower, if you extend credit to a corporate borrower and that
borrower were then to take on some massive new amount of debt
after the fact, would the banking regulators be a bit concerned
if that didn't cause you to reevaluate the loan that you had
made, the terms of that loan?
Mr. Kallstrom. Without question, the regulators would be
extremely, well, they would find our practices outside the
boundaries of their guidance clearly, in both of those
instances. And that is why it is important to our economy that
we do not have a lot of unsecured loans out there at high risk.
There is a reason why this happens. There is a good sensible
reason why it happens.
Mr. Toomey. Right. What I would like to focus on, I just
wanted to establish that point, but I did want to focus back on
the issue at hand of identity theft. Can you tell us, for your
institution, and if this is in your testimony, I apologize, I
did not see it though, has the cost to your bank been rising or
falling with regard to incidents of identity theft and the
fraud related thereto?
Mr. Kallstrom. I think generally they have been rising.
Even though we still have some of the lowest rates in the
industry, they are still rising.
Mr. Toomey. Do you see that as just a cost of doing
business, or are you, in the face of this rising cost, and that
was the way I thought you would respond, are you developing new
procedures and systems for more aggressive prevention?
Mr. Kallstrom. We are, but as we talked about earlier, this
whole thing is geometric. It involves law enforcement. It
involves the credit bureaus. It involves retailers. It involves
the credit industry. It involves consumers. It involves the
fact that we have an epidemic of false identification in the
world and in the United States, where 8-year-old kids can make
driver's licenses on a laptop computer. So it involves a lot of
different things.
Mr. Toomey. I understand that and I acknowledge that, but
it seems to me that ultimately a lot of the problem arises from
financial institutions that extend credit to people who are
pretending to be someone that they are not.
Mr. Kallstrom. Without question, that is correct.
Mr. Toomey. So it seems to me that the point at which we
are most likely to be successful in preventing this would be
systems that defeat that attempt. Since the incidence of this
fraud is rising so much, my question is what new things are you
folks working on, is the industry working on that will cause
that graph to turn around and have the same precipitous decline
that we need to have?
Mr. Kallstrom. I think clearly the more information we
have, the fact that we have affiliates and affiliates were
created for good reason, and we can have more points of
information. Our neuro-network can be a lot more effective and
we can stop identity theft to a much larger degree. But there
are forces outside our control that must simultaneously
improve.
Mr. Toomey. I am not suggesting that this is all your
responsibility to solve this. I am acknowledging that there are
other aspects of this problem. But for instance, does it make
sense for financial institutions such as yours to have
considerably more aggressive identification verification
procedures when new accounts are established, or some
substantive change is made in an account?
Mr. Kallstrom. Yes, it does, sir. And we invest a lot of
technology in that area. We invest a lot of human resources in
that area. I would just make a point, at the point of sale, if
someone comes in an presents baseline documents that are
recognized in the United States as being prima facie evidence
of identity, birth certificates, Social Security cards et
cetera, in true name and in true address, it is very difficult
to weed those types of events out. There is technology
available today to stop that practice. I would encourage the
Federal government to deal with that issue.
Mr. Toomey. If we could just follow up on that. When people
provide that, obviously it is happening that people are
providing that information and it is all information about
someone else.
Mr. Kallstrom. Right.
Mr. Toomey. And then some portion of it is usually
inaccurate, like an address, perhaps. What about using much
more aggressive techniques to verify these things, some kind of
biometric signature or some kind of verification when this
person's name comes up?
Mr. Kallstrom. I agree, and I think our processes, our
expert systems, our neuro-network, our human beings, our fraud
experts, the way those situations get routed, we stop the vast
majority of them. Our identity theft percentage is extremely
low. But yes, we need to have biometrics. We need to have anti-
counterfeiting technology put into our baseline identification
documents. So I am agreeing with what you just said.
Mr. Toomey. Do you have any specific biometric techniques
that you think are likely to be implemented soon?
Mr. Kallstrom. Today in driver's licenses in the United
States, there are about 20 different biometric algorithms in
the licenses. There is technology available today in one black
box that can identify all of those. So we could have at a point
of sale a black box that could say green light-red light as to
whether that identification is counterfeit. I think the other
thing that helps us immensely is having many data points to
check, so that someone showing up with your driver's license
and your address with their picture on it, we are going to know
that they are phony because we are going to check other points
of reference that you cannot answer those questions.
Mr. Toomey. If the Chair would just allow for a wrap-up
comment, I thank you for that. It just strikes me that when we
hear the kind of horror stories that we are hearing and we know
that the frequency of these incidents is increasing, my concern
is that if the industry does not take very aggressive measures
to successfully change the trend, there will be legislation
which might become very onerous at some point, that may have
unintended consequences. I am just strongly encouraging you.
Mr. Kallstrom. I agree with that. I would just simply say
the industry is spending millions of dollars in this area,
hundreds of millions of dollars in this area.
Mr. Toomey. Okay. Thank you, Mr. Chairman.
Mr. LaTourette. I thank the gentleman.
Mr. Moore?
Mr. Moore. Thank you, Mr. Chairman.
Mr. Kallstrom, in your written testimony you said, and I
believe you testified this, everyone agrees it would be of
enormous benefit to provide consumers with easily digestible
privacy notices that include easy opt-out procedures. Is that
correct, sir?
Mr. Kallstrom. Yes, sir.
Mr. Moore. Why then are the notices that we receive, every
person in this country receives, from a credit card company so
hard to read and so, I am a lawyer; I practiced law for 28 year
and I do not read those. Why are they so complicated?
Mr. Kallstrom. In the 1999 Gramm-Leach-Bliley Act, the
regulators did not create a model notice for the safe harbor.
So all the lawyers from all the regulators, I mean good people
get in a room and came up with these notices that basically
talk about technical compliance, but I think they have largely
left the consumers bewildered as to what they mean. They are
four or five pages long. The type, you know, you get my age, it
is very difficult to read. They are in legalese that virtually
nobody, in my view, understands.
I think a much better solution would be to, and I would
think my friend from Vermont would agree, tell consumers what
their rights are in plain English on a short notice, and then
give them a very simple way of opting out if they do not want
to share information. That is what consumers want.
Mr. Moore. And you don't have a problem with opting out if
they make that choice, the consumers?
Mr. Kallstrom. No. I think consumers should be given their
choices in plain English and they should be allowed a simple
methodology to opt out. We would hope that the majority would
not opt out because we think some of the offers would be
compelling. If you have business with us and you manage your
business very well, your unsecured loan, and we have another
product that we are going to price you at very competitively,
we would think you would want to know that. But there will be
some people that clearly will opt out and that is fine.
Mr. Moore. And they have that right if they choose,
correct?
Mr. Kallstrom. Absolutely.
Mr. Moore. All right. Do you have any kind of form,
simplified notice?
Mr. Kallstrom. Actually, we had a working group of people
in the industry and we have come up with some examples of what
these forms would look like. They have gotten wide
distribution. I would be happy to attach them to my statement
and leave them here for the committee. But one form is sort of
modeled after a food can nutrition label.
Mr. Moore. Is this such a form?
Mr. Kallstrom. Yes.
Mr. Moore. Can you see it? It says ``version K.'' Would
that be it?
Mr. Kallstrom. Yes, sir.
Mr. Moore. Mr. Chairman, I would ask that a copy of this be
received in the record.
Mr. LaTourette. Without objection.
[The following information can be found on page 210 in the
appendix.]
Mr. Moore. Thank you.
Are you aware of any efforts by individual State
legislatures to change notice requirements? What is your
opinion about that? Of what consequence is that?
Mr. Kallstrom. As we sit here today, sir, there 39 States
considering 154 Gramm-Leach-Bliley-type related bills today.
There are 46 States considering 234 FCRA-type bills today.
Mr. Moore. What would be the consequence as far as you are
concerned for providing credit at a fair price to consumers if
that were the case?
Mr. Kallstrom. I think clearly the balkanization of our
system would have higher prices, higher interest rates. My
friend from Vermont would be more exercised than he is today
because things would be much higher. The European Community is
trying to mimic our system over there, and we are talking about
balkanizing our system. It would have dramatic negative impacts
on our economy. I think it would have the most debilitating
impacts on the lower rung of our economic population, who are
finding their way into credit, who are getting the credit card,
opening a small business with a credit card, building a credit
file. Those segments of zip codes in different areas that in
prior times were not issued good credit or good offers or
preapproved offers, where they could pick from one or two
different offers, they would be the most harmed, without
question. There are economic studies that clearly point that
out.
Mr. Moore. Would it be correct, Mr. Kallstrom, that a
populated State like California or New York or some other State
with a large population, by enactment of some of these
provisions might in effect control what happens in a lot of
other States?
Mr. Kallstrom. I think there will be standards,
congressman, in these areas. The question is, will they be
standards set here in Washington that benefit the entire
country, or will they be California standards that become the
de facto national standard. I think that would be a sad day for
business and for our economy, and would not help our country,
would not help the lower quadrant of the FICO-scored people
that are clawing their way up into the middle class. It would
have a negative impact on small business and it is not the
right thing to do for the good of this country.
Mr. Moore. You say it would hurt the economy. How so?
Mr. Kallstrom. I think it would have a dramatic impact on
credit. It would close out that community I talked about. It
would have an impact on our GNP. It would have an impact on
consumer spending. Rates would be higher. Clearly, rates would
be higher and there would be less credit available.
Mr. Moore. I am concerned about opening up GLB and the
problems that could present from the standpoint of building
bipartisan support for FCRA. I am also concerned that my
constituents could get something far worse if GLB is opened up
again and something happens there. Do you have any of these
concerns?
Mr. Kallstrom. We certainly have concerns. We think,
though, that when you talk about the whole issue of privacy,
the majority of people in focus groups talk about identity
theft. They talk about issues of simplicity of notice. We think
the way to go here is to give people plain English notice and
to give them an easy methodology to opt out. If they want to
restrict the information at businesses, that is what they
should do. I think by the government doing nothing in that area
and allowing the States to muck around and balkanize this whole
area, we are going to end up with national standards, but they
are not going to be Federal standards. And States are not going
to spend the money to cookie-cutter a little different version
of a standard in 50 different States. They are going to go with
probably the California standard, the most restrictive, and we
are going to let Sacramento decide what the Federal policy is
going to be, as opposed to the Federal government.
Mr. Moore. Thank you, sir.
Ms. Duncan. I would like to respond.
Mr. Moore. I would like to hear your response. Mr.
Chairman, is that okay?
Mr. LaTourette. Sure.
Ms. Duncan. From the perspective of opting out, the Gramm-
Leach-Bliley notices only informs people of their rights, but
for the most part consumers are only allowed to opt out of
third party sharing. I would be very surprised if what Mr.
Kallstrom is referring to in being in favor of allowing
consumers to opt out would be extended to letting them opt out
of the sharing of their information between affiliates. That is
something that I think consumers should have more power over,
the sharing of their personal information. If they share it
with an entity for one purpose, it should not be able to be
used unauthorized for other purposes.
Mr. Moore. Okay. Would you agree, though, with the general
statement that any solution should help consumers make more
informed decisions about information sharing and that everyone
agrees it would be of enormous benefit to provide consumer
easily digestible privacy notices that include easy opt-out
procedures. Would you agree with that generally?
Ms. Duncan. More comprehensible is always better. Easier is
always better. Meaningful is more important. What I am trying
to convey is that these notices, the rights are not meaningful
so the notices are not meaningful because it is not giving
consumers the ability to opt out of sharing between joint
marketing partners and affiliates.
Mr. Kallstrom. They are not meaningful because they are not
understood.
Ms. Duncan. And they are not meaningful in that what is
being conveyed are not true rights, but just a notice of how we
are going to use your information regardless of whether you
like it or not.
Mr. Moore. Have you seen the proposed sample simple notice?
Ms. Duncan. I have heard about it. I have not seen it yet.
My concern also is that regardless of simplicity, which is
important, what is more important is to have the rights be
meaningful.
Mr. Moore. If they are following the law, is that
sufficient? My question is, if they are following the law, is
that a good thing? And if it is understandable to the consumer?
Ms. Duncan. The consumers in California have been polled
and show that they do not believe they are being given enough
rights under the current law.
Mr. Moore. That is not the question. The question is, if
whoever the provider of credit is tells them what the law is
and tells them what their rights are in an understandable
fashion, is that something that is good?
Ms. Duncan. To follow the law is good, yes.
Mr. Moore. And advise them in simple language what the law
is and what their rights are, is that good as well?
Ms. Duncan. Or course. That is certainly always a positive
thing.
Mr. Moore. Thank you.
Mr. LaTourette. I thank the gentleman.
Mr. Tiberi?
Mr. Tiberi. Thank you, Mr. Chairman.
I would like to submit for the record an editorial that was
in The Hill publication today.
Mr. LaTourette. Without objection.
[The following information can be found on page 212 in the
appendix.]
Mr. Tiberi. Thank you, Mr. Chairman.
Mr. Kallstrom, I am going to continue along the lines of
questioning that Mr. Sanders started and Mr. Moore continued.
Are you familiar with the legislation that was introduced by
myself and Mr. Lucas dealing with national uniform privacy
standards?
Mr. Kallstrom. I am, sir.
Mr. Tiberi. Good. You had in answering a question that Mr.
Sanders had asked you, you started down the road of explaining
how privacy notices were complicated and confusing to consumers
under Gramm-Leach-Bliley. You did not finish. Can you expand on
that?
Mr. Kallstrom. Yes, I think the Gramm-Leach-Bliley notices,
because there was not a simple model notice created, the
lawyers, which they should do to protect everybody, created
this monster of a notice that virtually nobody can understand.
Even some lawyers can't understand it. So it is no question
that there is a lot of consternation. There are a lot of people
that think these things are created by the companies and on
purpose so people cannot understand their rights. Nothing could
be further from the truth. Those notices are created by Gramm-
Leach-Bliley and the regulators getting together and creating
this five-page notice that is written in type that you can
barely read.
So it does not surprise us that people have all this
consternation about what their rights are. We think one
solution, a simple solution is to give them a plain English
version. Not a version, we would always make available the long
notice so they could if they wanted to get a master's degree in
law, they could figure out what it means.
Mr. Tiberi. You mentioned 30 States have legislation
introduced that deal with this issue.
Mr. Kallstrom. Thirty-nine States.
Mr. Tiberi. Thirty-nine States. What happens on this
particular issue if States begin passing their legislation?
Mr. Kallstrom. What you end up getting is you get different
versions of the same thing, with separate notices that say
basically the same thing, but they are different. We have a
bill in California now, SB-1, that has a separate notice that
probably ends up saying virtually the same thing, but it says
it in California language. The cost of sending out multiple
notices would be more confusing, not less confusing. So we
think the solution is to settle on some plain simple language
on a simple meaningful way of opting out very easy. You call an
800 number. You fill out this thing, just like changing your
address, and you opt out. And to her point, we give them real
choices of what the law is to opt out of. We think that is the
solution.
At the same time, make some fixes for identity theft, which
we talked about for hours all the different things that can be
done to make that more effective. I think that is what is on
the minds of consumers.
Mr. Tiberi. I want to get to identity theft, but before we
go there expand upon your comments with respect to the current
relationship between Gramm-Leach-Bliley and FCRA as it applies
to State laws on affiliate sharing.
Mr. Kallstrom. Yes, we think that FCRA is the rule on
affiliate sharing and governs affiliate sharing. Let's
remember, we created affiliates and we let companies have
affiliates for a couple of reasons. First reason probably, to
better manage risk; to get parts of the company, and in our
company we have five affiliates. One of them is a technology or
data processing company. We have to share information with them
or else they could not process the information. So we can look
at these things and put all those entities that we really deal
with risk in one place.
Of course, we created these affiliates so that people with
good credit, even people with marginal credit, could get better
offers for other products. That was the whole idea, the idea of
a rising tide raising all ships in the harbor; that if you did
business with company X in one particular line, now you needed
a home equity loan or you needed some other product, they had
the benefit of having advantages of your ability to manage debt
and they could take that good record that hopefully you had and
they could apply it to good costing, good interest rates over
here so that people could emerge and have success in the
American dream. It was done for those reasons. It was not done
for any dastardly reason that people would paint it as today.
Mr. Tiberi. Final question, each State has a different
criminal background check system. How, in your mind, does the
reporting of that information, without a national uniform
standard, impact your customers and your employees?
Mr. Kallstrom. Well, it is complicating. I don't mean to
get involved in 9-11, my other job I have, but this business of
connecting the dots is always universally more difficult when
you have stovepipe information, when you have information that
is not easily accessible or quickly accessible. So for the
reasons that we can have a good credit system that is national,
we can therefore have the benefit of it. People have got to
remember, it was not that long ago you waited five weeks to get
a mortgage. It wasn't that long ago that if you wanted cash,
you had to go to your bank and write a check. You didn't go to
an ATM. There was no such thing. And if you drove from Vermont
to Florida, that credit didn't necessarily follow you. You had
to start all over again. So the American public, with all the
problems we have here, and identity theft is a huge problem,
but we think it is fixable. With all the problems we have, we
have the best system in the world.
Mr. Tiberi. Thank you.
Ms. Hanson. Could I add a comment on the subject of GLB and
Mr. Kallstrom's testimony on that?
Mr. LaTourette. Sure.
Ms. Hanson. Just generally speaking, all good discussion,
good ideas. I think everybody is generally in agreement that it
is a complicated notice, hard to understand for our customers,
but the FCRA and the issue that is at hand is of such high
priority to us. I share your concern that introducing another
subject at this point will just complicate an already
complicated subject. We are very concerned about that.
Mr. LaTourette. I thank you.
Mr. Kallstrom. Let me add, extending FCRA is our number one
priority, clearly, too, but we would be less than honest if we
did not talk about a companion issue that is interwoven with
FCRA. The devil is going to pay its due here in the future if
we balkanize the other half of the system.
Mr. LaTourette. Okay. I thank you, Mr. Tiberi, and the six
of you. I thank you very much.
Mr. Sanders. Are we letting them off so easily?
Mr. LaTourette. Well, we have been here a long time, Mr.
Sanders.
Mr. Sanders. I know that Mr. Kallstrom wants more
questions.
[LAUGHTER]
Mr. LaTourette. Maybe you and Mr. Kallstrom can talk in the
hallway a little bit.
Mr. Sanders. Do you have a few more minutes or do you want
to close it?
Mr. LaTourette. I really was going to close it up. If you
have a couple of questions you want to ask, I am happy to
yield.
Mr. Sanders. If you would.
Mr. LaTourette. Sure.
Mr. Sanders. Okay.
Just a few points for the record, picking up on Mr. Moore's
question, the first point that we have to deal with when we
talk about preemption and States's rights, we live in a
Federalist society. We have local government, State government
and Federal government. In fact, if we really want a very
simple effective system, we could have a dictator sitting a few
blocks away from here, wipe out State government, everything
would be nice and simple. Very few of us want to live in that
society.
We live in a society where different States have different
regulations for how fast you can drive your car and a dozen
other things. We call that American democracy. That is what we
call it. Does it cause problems sometimes? Yes, it does. But
the other side of that is that sometimes somewhere in
California or in Vermont or in New Hampshire, some attorney
general or some member of the legislature or some governor
comes up with a great idea and it works in that State, and
other States steal that idea and eventually it filters here to
Washington, D.C. and it becomes the law of the land. Many of my
conservative friends say that all the time. They say States are
the laboratories of democracy. My friend is nodding his head in
agreement.
So some of us get a little bit confused when our
conservative friends on Tuesdays or Wednesdays tell us they
want the big bad Federal government, which they knock on
Mondays and Fridays as terrible, to limit the ability of States
to protect consumers. That is one point.
Second point, just for the record, I think Mr. Kallstrom if
my memory is correct you indicated that if we have States
moving in different directions, their interest rates might be
higher. Did you say that? I think you said that.
Mr. Kallstrom. I think the impact would be that there would
be more costs in the system. Clearly, that is the case.
Mr. Sanders. Well, let me tell you what the case is. As a
result of the 1996 Fair Credit Reporting Act amendments, they
exempted stronger consumer protection statutes in California,
Massachusetts and Vermont from preemption. So we still have
those laws. What we have seen in those three States is very low
bankruptcy rates. In fact, Vermont now has the lowest rate of
consumer bankruptcies in the country. And also in terms of
mortgage rates, the most recent data indicates that the State
of California has the lowest effective rate of a conventional
mortgage in the nation, and Vermont and Massachusetts are well
below the median. Those are States that have the rights, and
you were suggesting this would be a terrible thing, but those
States have done okay.
The last question that I would ask is you suggested, Mr.
Kallstrom, that that legalese, and I certainly agree with you
that you have very complicated language that was developed by
lawyers, but those were developed by your lawyers, the
industry's lawyers.
Mr. Kallstrom. The regulators, sir.
Mr. Sanders. Well, then you will have to tell me why it is
that credit unions operating under the same law have much
simpler language.
Mr. Kallstrom. I can't answer that question. I don't know
the answer to that. Logically, I am told, and I stand to be
corrected, that the bulk of the work was done by lawyers
representing the seven different regulators. I am sure there
was input from the industry. Clearly, I am sure there was. The
bottom line is they are not understandable.
Mr. Sanders. Right. We certainly agree on that, and to the
best of my knowledge credit unions operating under the same law
and the same regulations have easily understood language. You
might want to look into that, sir.
Mr. Kallstrom. I will look that up.
Mr. Sanders. Okay. Thank you.
Thank you, Mr. Chairman.
Mr. LaTourette. I thank the gentleman very much. I would
just editorially comment that some of us on our side sometimes
wonder why members of your party are champions for the Federal
government on Monday, Wednesday and Friday and champions for
States's rights on Tuesday and Thursday.
[LAUGHTER]
Mr. Sanders. I am an Independent, so my party is always
consistent. They always do what I say.
[LAUGHTER]
Mr. LaTourette. I thank the gentleman very much.
The chair would note that some members, like Mr. Sanders or
others, may have additional questions for the panel which they
would like to submit in writing. Without objection, the hearing
record will remain open for 30 days for members to submit
written questions to these witnesses and to place their
responses in the record. Again, it has been a lengthy hearing.
We thank you for your patience and we thank you for your
participation.
The hearing is adjourned.
[Whereupon, at 2:38 p.m., the subcommittee was adjourned.]
A P P E N D I X
June 24, 2003
[GRAPHIC] [TIFF OMITTED] T2902.001
[GRAPHIC] [TIFF OMITTED] T2902.002
[GRAPHIC] [TIFF OMITTED] T2902.003
[GRAPHIC] [TIFF OMITTED] T2902.004
[GRAPHIC] [TIFF OMITTED] T2902.005
[GRAPHIC] [TIFF OMITTED] T2902.006
[GRAPHIC] [TIFF OMITTED] T2902.007
[GRAPHIC] [TIFF OMITTED] T2902.008
[GRAPHIC] [TIFF OMITTED] T2902.009
[GRAPHIC] [TIFF OMITTED] T2902.010
[GRAPHIC] [TIFF OMITTED] T2902.011
[GRAPHIC] [TIFF OMITTED] T2902.012
[GRAPHIC] [TIFF OMITTED] T2902.013
[GRAPHIC] [TIFF OMITTED] T2902.014
[GRAPHIC] [TIFF OMITTED] T2902.015
[GRAPHIC] [TIFF OMITTED] T2902.016
[GRAPHIC] [TIFF OMITTED] T2902.017
[GRAPHIC] [TIFF OMITTED] T2902.018
[GRAPHIC] [TIFF OMITTED] T2902.019
[GRAPHIC] [TIFF OMITTED] T2902.020
[GRAPHIC] [TIFF OMITTED] T2902.021
[GRAPHIC] [TIFF OMITTED] T2902.022
[GRAPHIC] [TIFF OMITTED] T2902.023
[GRAPHIC] [TIFF OMITTED] T2902.024
[GRAPHIC] [TIFF OMITTED] T2902.025
[GRAPHIC] [TIFF OMITTED] T2902.026
[GRAPHIC] [TIFF OMITTED] T2902.027
[GRAPHIC] [TIFF OMITTED] T2902.028
[GRAPHIC] [TIFF OMITTED] T2902.029
[GRAPHIC] [TIFF OMITTED] T2902.030
[GRAPHIC] [TIFF OMITTED] T2902.031
[GRAPHIC] [TIFF OMITTED] T2902.032
[GRAPHIC] [TIFF OMITTED] T2902.033
[GRAPHIC] [TIFF OMITTED] T2902.034
[GRAPHIC] [TIFF OMITTED] T2902.035
[GRAPHIC] [TIFF OMITTED] T2902.036
[GRAPHIC] [TIFF OMITTED] T2902.037
[GRAPHIC] [TIFF OMITTED] T2902.038
[GRAPHIC] [TIFF OMITTED] T2902.039
[GRAPHIC] [TIFF OMITTED] T2902.040
[GRAPHIC] [TIFF OMITTED] T2902.041
[GRAPHIC] [TIFF OMITTED] T2902.042
[GRAPHIC] [TIFF OMITTED] T2902.043
[GRAPHIC] [TIFF OMITTED] T2902.044
[GRAPHIC] [TIFF OMITTED] T2902.045
[GRAPHIC] [TIFF OMITTED] T2902.046
[GRAPHIC] [TIFF OMITTED] T2902.047
[GRAPHIC] [TIFF OMITTED] T2902.048
[GRAPHIC] [TIFF OMITTED] T2902.049
[GRAPHIC] [TIFF OMITTED] T2902.050
[GRAPHIC] [TIFF OMITTED] T2902.051
[GRAPHIC] [TIFF OMITTED] T2902.052
[GRAPHIC] [TIFF OMITTED] T2902.053
[GRAPHIC] [TIFF OMITTED] T2902.054
[GRAPHIC] [TIFF OMITTED] T2902.055
[GRAPHIC] [TIFF OMITTED] T2902.056
[GRAPHIC] [TIFF OMITTED] T2902.057
[GRAPHIC] [TIFF OMITTED] T2902.058
[GRAPHIC] [TIFF OMITTED] T2902.059
[GRAPHIC] [TIFF OMITTED] T2902.060
[GRAPHIC] [TIFF OMITTED] T2902.061
[GRAPHIC] [TIFF OMITTED] T2902.062
[GRAPHIC] [TIFF OMITTED] T2902.063
[GRAPHIC] [TIFF OMITTED] T2902.064
[GRAPHIC] [TIFF OMITTED] T2902.065
[GRAPHIC] [TIFF OMITTED] T2902.066
[GRAPHIC] [TIFF OMITTED] T2902.067
[GRAPHIC] [TIFF OMITTED] T2902.068
[GRAPHIC] [TIFF OMITTED] T2902.069
[GRAPHIC] [TIFF OMITTED] T2902.070
[GRAPHIC] [TIFF OMITTED] T2902.071
[GRAPHIC] [TIFF OMITTED] T2902.072
[GRAPHIC] [TIFF OMITTED] T2902.073
[GRAPHIC] [TIFF OMITTED] T2902.074
[GRAPHIC] [TIFF OMITTED] T2902.075
[GRAPHIC] [TIFF OMITTED] T2902.076
[GRAPHIC] [TIFF OMITTED] T2902.077
[GRAPHIC] [TIFF OMITTED] T2902.078
[GRAPHIC] [TIFF OMITTED] T2902.079
[GRAPHIC] [TIFF OMITTED] T2902.080
[GRAPHIC] [TIFF OMITTED] T2902.081
[GRAPHIC] [TIFF OMITTED] T2902.082
[GRAPHIC] [TIFF OMITTED] T2902.083
[GRAPHIC] [TIFF OMITTED] T2902.084
[GRAPHIC] [TIFF OMITTED] T2902.085
[GRAPHIC] [TIFF OMITTED] T2902.086
[GRAPHIC] [TIFF OMITTED] T2902.087
[GRAPHIC] [TIFF OMITTED] T2902.088
[GRAPHIC] [TIFF OMITTED] T2902.089
[GRAPHIC] [TIFF OMITTED] T2902.090
[GRAPHIC] [TIFF OMITTED] T2902.091
[GRAPHIC] [TIFF OMITTED] T2902.092
[GRAPHIC] [TIFF OMITTED] T2902.093
[GRAPHIC] [TIFF OMITTED] T2902.094
[GRAPHIC] [TIFF OMITTED] T2902.095
[GRAPHIC] [TIFF OMITTED] T2902.096
[GRAPHIC] [TIFF OMITTED] T2902.097
[GRAPHIC] [TIFF OMITTED] T2902.098
[GRAPHIC] [TIFF OMITTED] T2902.099
[GRAPHIC] [TIFF OMITTED] T2902.100
[GRAPHIC] [TIFF OMITTED] T2902.101
[GRAPHIC] [TIFF OMITTED] T2902.102
[GRAPHIC] [TIFF OMITTED] T2902.103
[GRAPHIC] [TIFF OMITTED] T2902.104
[GRAPHIC] [TIFF OMITTED] T2902.105
[GRAPHIC] [TIFF OMITTED] T2902.106
[GRAPHIC] [TIFF OMITTED] T2902.107
[GRAPHIC] [TIFF OMITTED] T2902.108
[GRAPHIC] [TIFF OMITTED] T2902.109
[GRAPHIC] [TIFF OMITTED] T2902.110
[GRAPHIC] [TIFF OMITTED] T2902.111
[GRAPHIC] [TIFF OMITTED] T2902.112
[GRAPHIC] [TIFF OMITTED] T2902.113
[GRAPHIC] [TIFF OMITTED] T2902.114
[GRAPHIC] [TIFF OMITTED] T2902.115
[GRAPHIC] [TIFF OMITTED] T2902.116
[GRAPHIC] [TIFF OMITTED] T2902.117
[GRAPHIC] [TIFF OMITTED] T2902.118
[GRAPHIC] [TIFF OMITTED] T2902.119
[GRAPHIC] [TIFF OMITTED] T2902.120
[GRAPHIC] [TIFF OMITTED] T2902.121
[GRAPHIC] [TIFF OMITTED] T2902.122
[GRAPHIC] [TIFF OMITTED] T2902.123
[GRAPHIC] [TIFF OMITTED] T2902.124
[GRAPHIC] [TIFF OMITTED] T2902.125
[GRAPHIC] [TIFF OMITTED] T2902.126
[GRAPHIC] [TIFF OMITTED] T2902.127
[GRAPHIC] [TIFF OMITTED] T2902.128
[GRAPHIC] [TIFF OMITTED] T2902.129
[GRAPHIC] [TIFF OMITTED] T2902.130
[GRAPHIC] [TIFF OMITTED] T2902.131
[GRAPHIC] [TIFF OMITTED] T2902.132
[GRAPHIC] [TIFF OMITTED] T2902.133
[GRAPHIC] [TIFF OMITTED] T2902.134
[GRAPHIC] [TIFF OMITTED] T2902.135
[GRAPHIC] [TIFF OMITTED] T2902.136
[GRAPHIC] [TIFF OMITTED] T2902.137
[GRAPHIC] [TIFF OMITTED] T2902.138
[GRAPHIC] [TIFF OMITTED] T2902.139
[GRAPHIC] [TIFF OMITTED] T2902.140
[GRAPHIC] [TIFF OMITTED] T2902.141
[GRAPHIC] [TIFF OMITTED] T2902.142
[GRAPHIC] [TIFF OMITTED] T2902.143
[GRAPHIC] [TIFF OMITTED] T2902.144
[GRAPHIC] [TIFF OMITTED] T2902.145
[GRAPHIC] [TIFF OMITTED] T2902.146
[GRAPHIC] [TIFF OMITTED] T2902.147
[GRAPHIC] [TIFF OMITTED] T2902.148
[GRAPHIC] [TIFF OMITTED] T2902.149
[GRAPHIC] [TIFF OMITTED] T2902.150
[GRAPHIC] [TIFF OMITTED] T2902.151
[GRAPHIC] [TIFF OMITTED] T2902.152
[GRAPHIC] [TIFF OMITTED] T2902.153
[GRAPHIC] [TIFF OMITTED] T2902.154
[GRAPHIC] [TIFF OMITTED] T2902.155
[GRAPHIC] [TIFF OMITTED] T2902.156
[GRAPHIC] [TIFF OMITTED] T2902.157
[GRAPHIC] [TIFF OMITTED] T2902.158
[GRAPHIC] [TIFF OMITTED] T2902.159
�