[Senate Hearing 107-728]
[From the U.S. Government Publishing Office]
S. Hrg. 107-728
IDENTITY THEFT: THE NATION'S FASTEST GROWING CRIME WAVE HITS SENIORS
=======================================================================
HEARING
before the
SPECIAL COMMITTEE ON AGING
UNITED STATES SENATE
ONE HUNDRED SEVENTH CONGRESS
SECOND SESSION
__________
WASHINGTON, DC
__________
JULY 18, 2002
__________
Serial No. 107-30
Printed for the use of the Special Committee on Aging
U.S. GOVERNMENT PRINTING OFFICE
82-327 WASHINGTON : 2002
____________________________________________________________________________
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; (202) 512-1800
Fax: (202) 512-2250 Mail: Stop SSOP, Washington, DC 20402-0001
SPECIAL COMMITTEE ON AGING
JOHN B. BREAUX, Louisiana, Chairman
HARRY REID, Nevada LARRY CRAIG, Idaho, Ranking Member
HERB KOHL, Wisconsin CONRAD BURNS, Montana
JAMES M. JEFFORDS, Vermont RICHARD SHELBY, Alabama
RUSSELL D. FEINGOLD, Wisconsin RICK SANTORUM, Pennsylvania
RON WYDEN, Oregon SUSAN COLLINS, Maine
BLANCHE L. LINCOLN, Arkansas MIKE ENZI, Wyoming
EVAN BAYH, Indiana TIM HUTCHINSON, Arkansas
THOMAS R. CARPER, Delaware JOHN ENSIGN, Nevada
DEBBIE STABENOW, Michigan CHUCK HAGEL, Nebraska
JEAN CARNAHAN, Missouri GORDON SMITH, Oregon
Michelle Easton, Staff Director
Lupe Wissel, Ranking Member Staff Director
(ii)
?
C O N T E N T S
----------
Page
Opening Statement of Senator Larry E. Craig...................... 1
Statement of Senator Susan Collins............................... 2
Panel I
Lieutenant Colonel (Retired) John T. Stevens, Jr., Upper
Marlboro, MD................................................... 4
Alice S. Fisher, Deputy Assistant Attorney General, Criminal
Division, United States Department of Justice, Washington, DC.. 11
James G. Huse, Jr., Inspector General, Office of Inspector
General, Social Security Administration, Washington, DC........ 24
Howard Beales, Director, Bureau of Consumer Protection, Federal
Trade Commission, Washington, DC............................... 34
Douglas Coombs, Deputy Special Agent in Charge, Financial Crimes
Division, United States Secret Service, Washington, DC......... 59
Panel II
Mari J. Frank, Esq., Privacy and Identity Theft Consultant,
Laguna Niguel, CA.............................................. 80
Boris F. Melnikoff, Consultant to the Regional President,
American Bankers Association (ABA), Atlanta, GA................ 100
Stuart K. Pratt, Vice President, Government Relations, Consumer
Data Industry Association, Washington, DC...................... 113
Dennis Carlton, Director of Washington Operations, International
Biometric Group, LLC, Washington, DC........................... 137
(iii)
IDENTITY THEFT: THE NATION'S FASTEST GROWING CRIME WAVE HITS SENIORS
----------
THURSDAY, JULY 18, 2002
U.S. Senate,
Special Committee on Aging,
Washington, DC.
The committee convened, pursuant to notice, at 9:30 a.m.,
in room SD-192, Dirksen Senate Office Building, Hon. Larry E.
Craig, presiding.
Present: Senators Craig, Carper, and Collins.
OPENING STATEMENT OF SENATOR LARRY CRAIG
Senator Craig. Good morning, everyone. Thank you for being
here. Let me welcome all of you and our witnesses to today's
hearing here before the Special Committee on Aging.
First and foremost, I want to thank Senator John Breaux of
Louisiana, who chairs this committee, for the opportunity to
address this most important issue. I think Senator Breaux will
attempt to join us later on, as some of our other colleagues on
the Special Committee may also.
But I do believe, and I think all of us in Congress
believe, that it is important to address the identity theft
issue and the tragedy that this besets upon our nation's
seniors. Identity theft is the nation's fastest growing white-
collar crime. It is estimated that over 700,000 Americans
become victims of identity theft each year. Several thousand of
those victims are senior citizens, who are uniquely vulnerable
to this insidious crime.
As you may recall, in June of last year, I held a hearing
on elder abuse. We heard testimony about crimes committed
against our most vulnerable senior citizens. Today, you will
hear about a different type of crime that is on the rise.
Our nation's seniors spend a lifetime working hard to
maintain their independence and develop a legacy that they and
their families can be proud of. With one fraudulent
transaction, identity theft can strip away a senior's
independence, sense of security, and dignity. Identity theft
can destroy legacies and reputations, leading to depression and
despair.
To effectively fight this crime, it is critical that law
enforcement and the private sector work together. For example,
Idaho law encourages financial institutions to report suspected
instances of elder financial crime to local authorities. Banks
in Idaho, in cooperation with State agencies, provide training
to their employees on how to identify and prevent financial
crime targeting the elderly, including identity theft. Idaho is
only one of five States to implement such a program. I say
``only.'' It should be 50 States of the Nation aggressively
pursuing this relationship between the private and the public
sector.
We also need to determine how existing State and Federal
efforts might be enhanced to promote cooperative approaches in
resolving these very complex cases. Penalties should be
enhanced when these acts ruin the lives of our most vulnerable
citizens. Existing Federal resources can and should be targeted
toward providing more technical training in the identification
and prosecution of identity theft.
I commend the Department of Justice and other key Federal
agencies here today in their efforts to combat this crime. I
support Attorney General Ashcroft's current aggressive
nationwide sweep to pursue and prosecute individuals engaged in
identity theft, including those targeting the elderly.
Finally, I would like to announce my cosponsorship of S.
2541, which lengthens prison sentences for those who would
perpetrate the insidious and destructive crime of identity
theft.
I look forward to the testimony from our witnesses today. I
also view this as an opportunity to build a record that my
colleagues will look at and consider as they encourage their
States, both private and public sector law enforcement and
crime prevention, to participate in fighting identity theft.
With that, let me invite our first panel before us. We have
a cross-section of those involved in law enforcement and the
public sector and those who have experienced this kind of
situation.
Let me first introduce to the committee and to the room
Lieutenant Colonel, Retired, John Stevens of Upper Marlboro,
MD. John is one of those who I understand has experienced this
kind of problem in his life, so John, we look forward to your
testimony. Please proceed.
Excuse me. We will hold you off for just a second. I have
just been joined by Susan Collins of Maine, a Senator, a member
of this committee, and let me allow her to make her opening
statement, John, before we proceed with your testimony. Thank
you.
Susan, welcome.
STATEMENT OF SENATOR SUSAN COLLINS
Senator Collins. Thank you very much, Senator.
Today, the Special Committee on Aging will explore the
impact of identity theft on our nation's seniors. Identity
theft is an insidious crime. Unlike many types of fraud, in
which victims are enticed by deceptive claims or lured by deals
that are too good to be true, identity theft can occur when a
victim is simply engaging in everyday activities, or in other
cases, by unwittingly providing confidential personal
information to the wrong party. Identity thieves use their
victims' personal identifiers and financial information to
commit bank and credit card fraud, insurance fraud, and a host
of other criminal acts.
While anyone can be the victim of identity fraud, seniors
are among the most vulnerable. The number of seniors who have
become the victims of identity theft is growing rapidly.
Reported incidents among those aged 60 years and older
skyrocketed by a staggering 218 percent between the year 2000
and 2001, and these figures are likely to only continue to grow
as America's elderly population increases.
Some of the very achievements that seniors have worked for
their whole lives contribute to this vulnerability. For
example, their often excellent credit ratings make the elderly
a particularly appealing target for identity theft. Many
seniors have strong credit ratings earned over the years by
faithfully paying their bills on time. This good credit is
abused by identity thieves who take out loans, sign leases, or
open bank or credit card accounts and run up bills in the
elderly person's name. In a very short amount of time, a
lifetime's worth of solid credit, along with the pride and
dignity it brings, can be ruined.
Other aspects of seniors' lives also make them more
vulnerable to the tactics used by identity thieves. Some
seniors are simply unaware of the threat. They are unaware that
perhaps by engaging in transactions on the Internet that they
may be vulnerable to identity theft. Consequently, not only are
they unable to take simple preventive measures, but they also
may be unaware that their identity has even been stolen for
some period of time.
Moreover, fraudulent telemarketers take advantage of
seniors who live alone by seeming to offer friendship when
their true purpose is to pump the elderly person for personal
information.
As the Chairman of the Permanent Subcommittee on
Investigations during my first 4 years in the Senate, I held
numerous hearings on consumer fraud. Two years ago, I chaired a
PSI hearing that examined the increasing availability of false
education and credentials, such as drivers' licenses, birth
certificates, and Social Security cards, over the Internet. One
of the subcommittee's findings was that false identification
facilitates a host of other crimes, ranging from underage
drinking to credit card and bank theft to identity theft.
One witness who used false identification documents to aid
in stealing others' identities testified that not only was he
able to gather personal information about his victims online,
but he also was able to gather all the false identification
documents he needed online, as well. Another individual used
false identification, apparently obtained from a website
operator, to perpetrate identity theft and a host of financial
crimes, eventually racking up debts of $35,000 in the victims'
name.
In December 2000, the Internet False Identification
Prevention Act of 2000, which I authored, became law, but I
still think there is a great deal more that we need to do. One
of the things that we can do is to increase public awareness
about this problem, and that is why I am pleased that the
Senate recently passed legislation, the National Fraud Against
Senior Citizens Awareness Week, which I hope will lead to
activities like this.
I also want to thank Senator Craig for his leadership in
holding this hearing this morning. Thank you, Mr. Chairman.
Senator Craig. Senator Collins, thank you, and thank you
for your leadership in this area. It is a matter of not only
seniors understanding the risks involved, but trying to plug
the holes and most assuredly going after those with effective
prosecution, so thank you again.
Now, let me turn to our panel, and once again, Lieutenant
Colonel, Retired, John Stevens from Maryland. Welcome before
the committee and please proceed. We would ask all of you to
stay with our 5-minute rule. Your full statements that you
provided for the committee will become a part of the committee
record. Thank you.
STATEMENT OF LIEUTENANT COLONEL (RETIRED) JOHN T. STEVENS, JR.,
UPPER MARLBORO, MD
Colonel Stevens. Good morning, Senator Craig, Senator
Collins. My wife, who is sitting directly behind me, and I wish
to thank this committee for your concern of the effects of
identity theft on the senior citizens of this country.
I am 74-years old and my wife is 3 years younger. We are
rapidly approaching our 49th wedding anniversary. We are still
fighting the identity theft battle that began in 1997. Our
battle now is not with the impostors that used our Social
Security numbers to open 33 fraud accounts worth $113,000, but
with the creditors, credit bureaus, and third party collection
agencies.
By working 12 to 14 hours a day, paying $6,000 in attorney
fees, and spending a small fortune in phone bills, we cleared
the fraud accounts from our credit reports in about a year.
However, this was only temporary. They would reappear, in our
credit reports, from the same creditor or a third party
collection agency. The life of these fraud accounts was
extended by the cavalier attitude of the credit bureaus and the
profit motive of creditors in failing to establish policies and
procedures that would prevent this.
This recycling of fraud accounts and other personal fraud
data has been going on now for over 4 years, with no end in
sight. We never know what we are going to find in our credit
reports. We are tired of getting threatening letters and phone
calls from collection agencies. We are tired of constantly
correcting the fraud accounts and erroneous data that keeps
appearing in our credit reports. We are tired of having to pay
cash for purchases, that would normally be financed, because of
the fraud, data that keeps reappearing in our credit reports.
We are tired of creditors and collection agencies trying to
extort money from us, with the help of the credit bureaus on
known fraud accounts. We want creditors and credit bureaus to
be held fully accountable for the time, misery and expense
involved in correcting their errors.
We are not victims of this crime. We are targets. As a
target, we will fight back, take evasive action, and employ
countermeasures against the enemy. I have already survived two
wars and intend to fight to win this one. My wife and I are
warriors. We intend to fight back for as long as it takes to
overcome the horror of this crime and regain control of our
lives.
Identity theft is only possible with the full cooperation
of the three major participants. In our opinion, the impostor,
the creditor, and the credit bureaus are all co-conspirators
and equally guilty of identity theft.
Last year, we contacted an attorney in Louisiana to take
action against the creditors and credit bureaus in an effort to
stop their harassment and attempted extortion. We found out
that there is a 2-year time limit on taking legal action. Of
course, this only benefits the co-conspirators who are
responsible for this crime and not those affected by it. This
time limit should be removed.
The credit bureaus now sell protection from identity theft.
Equifax ``Credit Watch'' and Experian's ``Credit Manager'' will
alert you to significant changes in your credit report and send
you copies to check the accuracy of the data. Protecting the
integrity and ensuring the accuracy of information contained in
a credit report should be a normal part of their operation and
not just available to those willing to pay them for
``protection.''
My wife and I continuously warn people about identity theft
and how to fight it when it happens. We also warn about other
related scams, against the elderly, such as automatically
raising auto insurance rates at age 70, rejected medical
insurance claims that are only paid upon resubmission, being
billed for magazine subscription renewals you did not order and
threats to ruin your credit if you do not pay, telemarketers
trying to sell you unwanted merchandise, merchants who demand
your Social Security number for routine purchases, and
pharmacies that routinely short your pill count on prescription
drugs.
We advise others to ``opt out'' of the exchange of personal
information by banks and other businesses. This practice needs
to be changed to ``opt in'' only.
How much longer must we put up with having our credit
ruined and being harassed and insulted by creditors and
collection agencies? Why must our personal information be
distributed to others who use it to harass us with unwanted
sales pitches and junk mail? Why must we continuously correct
errors in our credit reports caused by the incompetence and
greed of others?
We want our lives back. Enough is enough. My wife and I
would like to enjoy what time we have left to be together in
this world. Our feelings can simply be expressed by quoting a
line from the movie ``Network.'' ``I am mad as hell and I am
not going to take it anymore.'' It is time to throw the money
changers out of the temple.
Senator Craig. John, thank you. That is powerful testimony.
We appreciate it.
[The prepared statement of Colonel Stevens follows:]
[GRAPHIC] [TIFF OMITTED] 82327.001
[GRAPHIC] [TIFF OMITTED] 82327.002
[GRAPHIC] [TIFF OMITTED] 82327.003
[GRAPHIC] [TIFF OMITTED] 82327.004
[GRAPHIC] [TIFF OMITTED] 82327.005
Senator Craig. Now, let me introduce to the committee Alice
Fisher, Deputy Associate Attorney General, Criminal Division,
U.S. Department of Justice. Alice, thank you for joining us.
STATEMENT OF ALICE S. FISHER, DEPUTY ASSISTANT ATTORNEY
GENERAL, CRIMINAL DIVISION, U.S. DEPARTMENT OF JUSTICE,
WASHINGTON, DC
Ms. Fisher. Thank you, Senator Craig and Senator Collins,
and thanks for giving me the opportunity to testify about
identity theft in senior citizens and our efforts at the
Department of Justice.
As you noted, identity theft is not only a serious crime
but one of the fastest growing means of fraud in the United
States. Criminals steal personal identification information
each year in the thousands to commit crimes ranging from bank
and credit card fraud to international terrorism. Americans
lose money, houses, their good credit, et cetera. It goes on.
These crimes may work particular hardships, financial and
emotional, on the elderly. The elderly may have a harder time
recovering financially. They may be less able to withstand the
emotional toll from what you have to go through to recover your
identity, as we just heard.
Perhaps because identity theft does not usually involve
face-to-face contact between criminal and victim, we do not see
identity thieves as a group appear to be specifically targeting
senior citizens. There is no doubt, however, that some
criminals plan and carry out identity theft fraud knowing that
their victims are senior citizens. Let me give you some
examples of Federal prosecutions involving identity theft and
seniors.
In a case now under Federal indictment, the defendants and
others allegedly worked together to identify houses in the
metropolitan Detroit area that were owned free and clear by the
elderly people. The defendants would steal the identity of the
true owners of the houses. Then they would strip the equity out
of the house by faking refinancing without the owners'
knowledge or consent. Sometimes they would fake a straw sale of
the home.
In another case, a defendant in North Carolina stole mail
from senior citizens throughout the State, used the
identification information to produce fake drivers' licenses
and counterfeit checks, then used the licenses and checks to
withdraw the seniors' life savings out of bank accounts. I am
pleased to report that one such defendant was just sentenced to
over 5 years in prison.
In another Federal prosecution, the defendant took a job as
a live-in companion for an elderly woman. After the elderly
woman was hospitalized, the defendant obtained and used credit
cards in her name, stealing thousands of dollars. Here, too,
this defendant received significant jail time.
It goes without saying that identity thefts such as these
are extremely harmful to the victims, especially senior
citizens. Once an identity thief has obtained access to the
victim's bank or financial accounts, the victim may suffer
significant financial losses and considerable emotional
distress.
In a recent Federal prosecution in Texas, one of the
victims was an 80-year-old military woman whose checkbook had
been stolen from her car. After the criminals had drained
thousands of dollars from her bank account, her doctor had to
treat her for a stress disorder she experienced as a direct
result of the crime.
The Department of Justice regards identity theft as serious
criminal violation that requires a coordinated response from
all levels of law enforcement, Federal, State, and local. The
Department has, therefore, undertaken a three-pronged approach
to identity theft.
First, the Department is vigorously pursuing identity theft
prosecutions across the country. Most recently, in May, the
Department conducted a nationwide sweep of Federal prosecutions
targeting identity theft. In that sweep, the Department brought
73 criminal prosecutions against 135 individuals in 24
districts. The offenses charged included cases in which
defendants bilked Americans of millions of dollars, preyed on
the elderly, and destroyed the credit worthiness of hard-
working families.
Second, the Department is pursuing additional legislation
to address the most serious cases of identity theft and to
provide greater protection to the public through enhanced
criminal penalties, and I am pleased that, Senator Craig, you
are cosponsoring this bill introduced by Senator Feinstein, S.
2541, which would create a new crime of aggravated identity
theft. This new class of identity theft is defined by the
nature and seriousness of the crimes committed through the use
of another's identity. Individuals found guilty of identity
theft under this proposed bill will receive an additional 2
years' imprisonment over and above for their sentence for the
underlying offense, or an additional 5 years' imprisonment
where the underlying offense is terrorism-related.
Third, the Department recognizes the importance of
educating law enforcement and the general public about identity
theft. Too many people, even criminal justice professionals, do
not fully understand what identity theft is or how it can
affect their lives and assets. As a result, the Department is
sponsoring or directly supporting a number of approaches to
identity theft education and prevention.
Thank you, Senator Craig and Senator Collins. I ask that
the full text of my written remarks be entered in the record.
Senator Craig. They will be. Thank you very much for that
testimony.
[The prepared statement of Ms. Fisher follows:]
[GRAPHIC] [TIFF OMITTED] 82327.006
[GRAPHIC] [TIFF OMITTED] 82327.007
[GRAPHIC] [TIFF OMITTED] 82327.008
[GRAPHIC] [TIFF OMITTED] 82327.009
[GRAPHIC] [TIFF OMITTED] 82327.010
[GRAPHIC] [TIFF OMITTED] 82327.011
[GRAPHIC] [TIFF OMITTED] 82327.012
[GRAPHIC] [TIFF OMITTED] 82327.013
[GRAPHIC] [TIFF OMITTED] 82327.014
[GRAPHIC] [TIFF OMITTED] 82327.015
[GRAPHIC] [TIFF OMITTED] 82327.016
Senator Craig. Now, let me turn to James Huse, Inspector
General of the Social Security Administration here in
Washington. Jim, please proceed.
STATEMENT OF JAMES G. HUSE, JR., INSPECTOR GENERAL, OFFICE OF
INSPECTOR GENERAL, SOCIAL SECURITY ADMINISTRATION, WASHINGTON,
DC
Mr. Huse. Thank you, Senator Craig and Senator Collins, for
holding this important hearing this morning on identity theft
and America's senior citizens.
Criminals do not steal the identities of the elderly so
they can pretend to be old and wise. They do it because senior
citizens are more likely than most of us to have significant
assets, savings, investments, paid-up mortgages, good credit,
and Federal entitlement checks. People over age 50 control at
least 70 percent of the nation's household net worth. They are
also easier and safer to rob. Some are less sure of themselves,
more trusting, and less aware of simple precautions. Anybody
can steal candy from a baby, but criminals know our older
Americans have money for the taking and they do not cry out
loud.
Identity theft is an enabling crime, one that permits
criminals to commit other crimes more effectively. In most
cases, identity theft begins with the misuse of a Social
Security number, the SSN. No aspect of my mission of protecting
Social Security programs from fraud, waste, and abuse is more
important than our oversight of the use and misuse of the SSN.
There is an almost infinite variety to these cases. Thieves
are finding houses owned by the elderly, as Ms. Fisher
testified, assuming the identities of the true owners and
stripping the equity out of their houses without their owners'
knowledge or consent.
In San Diego, a man who had been a fugitive felon for 17
years with four prior felony convictions, including prison
escape, used a 70-year-old South Dakota woman's SSN to create
33 stolen or fictitious identities. He also took out credit
cards and loans under these assumed identities while receiving
Social Security benefits under three of his identities.
A Virginia man working under a senior citizen's SSN while
collecting disability benefits under his own number obtained
over $24,000 worth of loans and credit for goods and services.
The older man's credit was damaged and his retirement benefits
were interfered with because of the earnings posted to his
records at SSA.
Many elderly individuals who trust the Social Security
Administration are victims of scams promising more information
or additional Social Security benefits. Such victims have been
tricked into parting with their Social Security numbers and
other personal identifiers, simply assuming that SSA never
responded to their request for information.
Yesterday's Washington Post had this story by Dan Oldenburg
on a ``do not call'' registry scam that victimized the elderly.
The caller asks for personal information, a bank account or
credit card number, supposedly to verify if you are on a list,
but it was a scam. These, of course, are used and sold for
illegal purposes.
Congress has enacted helpful legislation to treat the
disease of identity theft in its later stages. The ability to
prevent identity theft is even more essential. While we cannot
return the SSN to its original limited function, we must take
workable steps to limit both its use and the expansion of its
use.
First and foremost, the time has come to make the difficult
determinations as to those uses that are appropriate and
necessary and those that are merely convenient. The SSN has
become a de facto national identifier and its daily use has, in
many instances, become a luxury we can no longer afford. The
availability of SSNs on public documents and over the Internet,
for example, must come to a stop.
Congress should consider requiring the cross-verification
of SSNs through both governmental and private sector systems of
records. Only in such a way can we combat and limit the spread
of false identification information and SSN misuse. Similarly,
all law enforcement should be provided the same SSN
verification capabilities currently granted to employers.
We need legislation that regulates the use of the SSN and
provides enforcement tools to punish its misuse. If we are to
head off the many crimes identity theft breeds, we need
legislation to restrict sale of SSNs by government agencies, to
prohibit display of SSNs on government checks, drivers'
licenses, vehicle registrations, and prohibit sale, purchase,
or display of the SSN in the private sector.
I applaud the decision of the Treasury Department to remove
SSNs from all Treasury checks, including Social Security and
Supplemental Security Income checks, to protect the privacy of
the SSN and reduce opportunities for identity theft. This good
decision needs to be codified into law.
I describe other needed legislative changes in my written
statement. With such legislation and the continuing dedication
of the government agencies involved and of this Special
Committee, I am confident that we can reverse the trend of
identity theft against older Americans. Thank you very much.
Senator Craig. Thank you very much. We will visit at length
about your suggestions about the use of the SSN and how it
ought not be used. I think those are very valuable suggestions.
[The prepared statement of Mr. Huse follows:]
[GRAPHIC] [TIFF OMITTED] 82327.017
[GRAPHIC] [TIFF OMITTED] 82327.018
[GRAPHIC] [TIFF OMITTED] 82327.019
[GRAPHIC] [TIFF OMITTED] 82327.020
[GRAPHIC] [TIFF OMITTED] 82327.021
[GRAPHIC] [TIFF OMITTED] 82327.022
[GRAPHIC] [TIFF OMITTED] 82327.023
[GRAPHIC] [TIFF OMITTED] 82327.024
Senator Craig. Now, let us turn to Howard Beales, Director,
Bureau of Consumer Protection, the Federal Trade Commission
here in Washington. Howard, welcome before the committee.
STATEMENT OF HOWARD BEALES, DIRECTOR, BUREAU OF CONSUMER
PROTECTION, FEDERAL TRADE COMMISSION, WASHINGTON, DC
Mr. Beales. Thank you, Senator Craig and Senator Collins.
Thank you for the opportunity to be here today to speak to you
today about the crime of identity theft, which is a complex and
pernicious problem in today's society. It is a crime that cuts
across all lines of our population. Last year, we received
complaints from just over 86,000 victims, including the
elderly.
In 1998, Congress recognized the seriousness of this
problem by making identity theft a Federal crime. Although the
FTC does not have criminal law enforcement authority, we play a
central role in assisting law enforcement and in helping
victims recover. Under authority given to us by Congress, we
have implemented a dedicated program to respond to ID theft.
This program has three central features: Assisting consumers
through complaint handling and steps to ease recovery;
supporting law enforcement by making these victims' complaints
available to State and Federal agencies for their use in
investigations; and educating consumers on how to prevent and
how to recover from identity theft.
The centerpiece of our program is our toll free number for
identity theft victims, 877-ID-THEFT. Callers are connected
with trained counselors who take their complaints and walk them
through the steps to repair the damage done by identity
thieves. Consumers can also enter their complaints via an
online complaint form. From both the web complaint form and
from telephone contact, we gather information about the
incident, what happened to the victim, what is known about the
suspect, and any special problems the victim may be
encountering.
These data, in turn, are used to support and to enable more
effective law enforcement investigations. Using our secure web-
based Consumer Sentinel network system, law enforcement
officers, from local sheriffs to the U.S. Secret Service, can
access the more than 189,000 complaints that are now in our
database. They can use that information to track down
witnesses, to identify trends, or to look at information
relating to their region or their ongoing cases.
Using the Secret Service's clustering software and
supported by research from other law enforcement databases, we
also develop preliminary investigative reports, which we send
out to the U.S. Secret Service's Financial Crimes Task Forces
and to other law enforcement agencies throughout the country to
both assist and encourage investigations and prosecutions.
To further support the prosecution of identity theft, we
are now training local and State law enforcement officers
throughout the country. Sponsored jointly with the Justice
Department and the Secret Service, the training focuses on how
to investigate identity theft and how to coordinate with the
Federal resources that are available to State and local
authorities.
Coordination at all levels is particularly important in
fighting identity theft because it is a crime that does not
respect geographic boundaries. We have already trained about
450 officers from over 110 agencies during the past 4 months
and more sessions are planned. We continue to develop more and
better ways to get the complaint data and other resources into
the hands of those who could best pursue investigations and
prosecutions.
Finally, consumer education plays a key role in our
identity theft program. While no one can completely protect
themselves from identity theft, there are steps we can all take
to minimize our vulnerability.
For example, we advise consumers to be mindful of exposing
their personal information, in particular, destroying financial
documents before throwing them out and not leaving behind
credit card receipts in stores and restaurants. We include such
guidance in our booklet, ``ID Theft: When Bad Things Happen to
Your Good Name,'' as well as step-by-step advice for victims on
how to repair the damage caused by identity theft. To date, we
have distributed more than 1.5 million copies, both in hard
copy and via our website. Other agencies, including the Social
Security Administration, the SEC, and the FDIC, also print and
distribute the booklet, as do many private sector
organizations. We recently released a version in Spanish.
Despite these efforts, the risk of identity theft remains
real for all Americans, including those aged 60 and over. To
determine whether the elderly are particular targets for
identity thieves, we examined the complaints in our database.
That analysis shows that older Americans experience more or
less the same types of identity theft at roughly similar rates
to others.
In 2001, our clearinghouse received 5,800 complaints from
victims who were 60 and over. That constitutes 10 percent of
the complaints where the victims provided their age. In
contrast, this age group is 16 percent of the U.S. population.
Without doing a survey of the population, we are unable to say
whether they are simply less likely to be victims of identity
theft or if they are just less likely to report it. It is very
difficult for us to separate those two possibilities in our
data.
Americans over 60 experience the same types of identity
theft and at more or less the same rates as those under 60.
While there are some variations, for example, senior identity
theft victims report slightly more credit card fraud than other
age groups, they also report less employment-related identity
theft, but there is nothing that signals that older Americans
in general are more or less vulnerable in any particular way
from other members of the population.
We do take special care in our consumer education and
outreach efforts to reach older consumers. We work closely with
the SSA, which distributes our booklet, and we have also worked
closely with AARP, which has run many stories in its
publications, referring members to our website and toll-free
numbers and using our statistics to help explain identity
theft.
In conclusion, despite the efforts of Congress and Federal
and State and local law enforcement agencies, identity thieves
remain among the most insidious and opportunistic of criminals,
preying without prejudice on all segments of our population.
The financial and emotional toll paid by the victim, however,
is likely to be particularly egregious when the victims are
elderly, who have worked a lifetime to establish good credit,
only to have it ruined by these insidious thieves. Their acts
are heinous and the FTC will continue to place a high priority
in assisting law enforcement agencies in their efforts to
identify and prosecute these criminals, as well as advising
older Americans on steps they can do to reduce the risk of this
crime.
Thank you, and I look forward to your questions.
Senator Craig. Howard, thank you very much.
[The prepared statement of Mr. Beales follows:]
[GRAPHIC] [TIFF OMITTED] 82327.025
[GRAPHIC] [TIFF OMITTED] 82327.026
[GRAPHIC] [TIFF OMITTED] 82327.027
[GRAPHIC] [TIFF OMITTED] 82327.028
[GRAPHIC] [TIFF OMITTED] 82327.029
[GRAPHIC] [TIFF OMITTED] 82327.030
[GRAPHIC] [TIFF OMITTED] 82327.031
[GRAPHIC] [TIFF OMITTED] 82327.032
[GRAPHIC] [TIFF OMITTED] 82327.033
[GRAPHIC] [TIFF OMITTED] 82327.034
[GRAPHIC] [TIFF OMITTED] 82327.035
[GRAPHIC] [TIFF OMITTED] 82327.036
[GRAPHIC] [TIFF OMITTED] 82327.037
[GRAPHIC] [TIFF OMITTED] 82327.038
[GRAPHIC] [TIFF OMITTED] 82327.039
[GRAPHIC] [TIFF OMITTED] 82327.040
[GRAPHIC] [TIFF OMITTED] 82327.041
[GRAPHIC] [TIFF OMITTED] 82327.042
[GRAPHIC] [TIFF OMITTED] 82327.043
[GRAPHIC] [TIFF OMITTED] 82327.044
[GRAPHIC] [TIFF OMITTED] 82327.045
[GRAPHIC] [TIFF OMITTED] 82327.046
Senator Craig. Our last witness on this first panel is Doug
Coombs, Deputy Special Agent in Charge, Financial Crimes
Division, U.S. Secret Service. Doug, welcome to the committee.
STATEMENT OF DOUGLAS COOMBS, DEPUTY SPECIAL AGENT IN CHARGE,
FINANCIAL CRIMES DIVISION, UNITED STATES SECRET SERVICE,
WASHINGTON, DC
Mr. Coombs. Thank you very much. Mr. Chairman, Senator
Craig, Senator Collins, thank you for the opportunity to
address this committee on the subject of identity theft and the
Secret Service's efforts to combat the problem. I am
particularly pleased to be here with my colleagues and partners
in fighting identity theft from the Federal Trade Commission,
Department of Justice, and the Social Security Administration.
With the passage of new Federal laws in 1982 and 1984, the
Secret Service was provided jurisdiction for the investigation
of the counterfeiting of identification documents and access
device fraud. The explosive growth of these crimes has resulted
in the evolution of the Secret Service into an agency that is
recognized worldwide for its expertise in the investigation of
all types of financial crime.
The burgeoning use of the Internet and advanced technology,
coupled with increased investment, has led to a great expansion
within the financial sector. Although this provides benefits to
the consumer through readily available credit and consumer-
oriented financial services, it also creates a target-rich
environment for today's sophisticated criminals, many of whom
are organized and operate across international borders.
Information collection has become a common byproduct of the
newly emerging e-commerce and has led to an entirely new
business sector being created which promotes the buying and
selling of personal information.
As a result, the information consumers provide in credit
card applications, loan applications, or with merchants they
patronize are a valuable commodity in the new age of
information trading. With the availability of this personal
information, the crime of identity theft can be perpetrated
with minimal effort on the part of even the relatively
unsophisticated criminal.
Identity theft is not typically a stand-alone crime. It is
almost always a component of one or more crimes, such as bank
fraud, credit card or access device fraud, or the passing of
counterfeit financial instruments. In many instances, an
identity theft case encompasses multiples types of fraud and
affects all Americans, regardless of age, gender, nationality,
or race.
Obviously, the impact is magnified when it affects one of
America's most valued assets, the elderly, as they represent a
generation with a trusting nature that is easy to exploit. This
group is particularly dependent on other caregivers for
assistance, such as relatives, medical staff, service
personnel, and oftentimes complete strangers. This dependency
increases their vulnerability to certain schemes involving
identity theft.
It has been our experience that criminal groups involved in
financial fraud and identity theft are increasingly diverse and
routinely operate in a multi-jurisdictional environment. This
has created problems for local law enforcement agencies that
generally act as the first responders to their criminal
activities. By working closely with other Federal, State, and
local law enforcement, we are able to provide a comprehensive
network of intelligence sharing, resource sharing, and
technical expertise bridging jurisdictional boundaries. This
partnership approach to law enforcement is exemplified by the
37 Financial and Electronic Crimes Task Forces the Secret
Service has located throughout the country.
Another important component of the Secret Service's
preventative investigative efforts has been to increase
awareness of issues related to financial crime investigations
in general and of identity theft specifically. The Secret
Service has tried to educate consumers and provide training to
law enforcement personnel through a variety of partnerships and
initiatives. The Secret Service has assigned a Special Agent to
the Federal Trade Commission on a full-time basis to support
all aspects of their identity theft program.
The International Association of Chiefs of Police and the
Secret Service have partnered to produce an ``Identity Theft
Roll Call'' video geared toward local police officers
throughout the nation. The purpose of this video is to
emphasize the need for police to document a citizen's complaint
of identity theft regardless of the location of the suspect.
The video and its companion reference guide will provide
offices with information that can assist victims with
remediation efforts.
At the request of the Attorney General, the Secret Service
joined an Interagency Identity Theft Subcommittee comprised of
Federal, State, and local law enforcement agencies, regulatory
agencies, and professional agencies. It meets regularly to
discuss and coordinate investigative and prosecutive
strategies, as well as consumer education programs.
All levels of law enforcement should be familiar with the
resources available to combat identity theft and to assist
victims in rectifying damage done to their credit. The Secret
Service has already undertaken a number of initiatives aimed at
increasing awareness and providing the training necessary to
address these issues, but those of us in law enforcement and
consumer protection communities must continue to reach out to
an even larger audience and we must continue to approach these
investigations with a coordinated effort. This is central to
providing a consistent level of vigilance in addressing
investigations that are multi-jurisdictional, while avoiding
duplication of effort.
The Secret Service is prepared to assist this committee in
protecting and assisting the nation's largest growing
population segment with respect to prevention, identification,
and prosecution of identity theft criminals.
That concludes my remarks. I will be glad to answer any
questions that Senator Craig and Senator Collins might have.
Thank you.
Senator Craig. Doug, panelists, thank you very much for
your remarks.
[The prepared statement of Mr. Coombs follows:]
[GRAPHIC] [TIFF OMITTED] 82327.047
[GRAPHIC] [TIFF OMITTED] 82327.048
[GRAPHIC] [TIFF OMITTED] 82327.049
[GRAPHIC] [TIFF OMITTED] 82327.050
[GRAPHIC] [TIFF OMITTED] 82327.051
[GRAPHIC] [TIFF OMITTED] 82327.052
[GRAPHIC] [TIFF OMITTED] 82327.053
[GRAPHIC] [TIFF OMITTED] 82327.054
[GRAPHIC] [TIFF OMITTED] 82327.055
[GRAPHIC] [TIFF OMITTED] 82327.056
Senator Craig. Let me start with a brief line of
questioning, then I will turn to Senator Collins, and then I
may have additional questions.
John, what is the best advice you might give seniors who
would be looking at this record or listening in to protect
themselves from what happened to you and Mrs. Stevens?
Colonel Stevens. First of all, so many people want your
Social Security number. Do not give it to them unless there is
a legitimate need for it, because that is the beginning of all
the identity theft and it was the beginning of ours. We
suspect----
Senator Craig. So it was the Social Security number that
was the entry to your resources?
Colonel Stevens. We suspect that they came off of the DOD
computers that have access to my wifes and my Social Security
numbers, under the DEERS and ID program that they were able to
get that information on us. But the thing is, just be aware, do
not talk to door-to-door salesmen that just happen to be in the
neighborhood. Never fall for any of the telemarketing schemes.
Always opt out whenever you have the opportunity, and if you do
not, complain anyway so that it just cuts down on a lot of the
junk mail that you have to shred. Generally, be aware of what
is happening.
The major thing that you have to do is just stop giving out
information indiscriminately. Everybody wants to find out about
you, but do not answer the questions.
Senator Craig. John, do you know if those who perpetrated
the crime against you and Mrs. Stevens were ever apprehended
and prosecuted?
Colonel Stevens. They have not been, but we suspect we know
who they are and I think it was a person that probably had
access to the DOD computers.
Senator Craig. How long ago was this? When did this start?
Colonel Stevens. It started--we found out about it in March
1997.
Senator Craig. Ninety-seven.
Colonel Stevens. This was by a phone call from then-Nations
Bank wanting me to make payments on a Jeep Cherokee that was
bought in Texas, and I am living in Maryland. I do not have a
Jeep Cherokee. We found out that there were a total of five
cars that were bought in our name and total damages--they
totaled it up to $113,000.
Senator Craig. Alice, what is the single greatest
challenges for prosecutors in obtaining a conviction in
identity theft cases?
Ms. Fisher. I think the biggest challenge for all of us, as
John said, is prevention and education of ways to prevent. But
from a prosecutorial perspective, I would say that prompt
reporting and aggressive review of financial data and reporting
to State police, local police, Federal authorities, so we can
investigate the case immediately. It gives us a better chance
to find the culprit and then prosecute them. Once we find who
did it, the prosecution actually is fairly straightforward. But
it is finding the criminals.
In one case, I think it was out of Texas, it was 20 years
before it was reported by the woman who was the victim of an
identity theft because she did not regularly use credit cards,
and the person that had committed the crime had used her Social
Security number to get drivers' license in some States, filed
bankruptcy in another State, and was arrested in yet another
State, and it was 20 years before they found it.
So I would say the challenge is to encourage people to
report any suspicious activity promptly to the authorities.
Senator Craig. In this effort, is State law a problem?
Ms. Fisher. Actually, in the last 3 years, the States have
really gotten on board in this problem and 47 States have
passed identity theft laws. So we are real pleased in the way
that they are coming along. We also coordinate through the
Attorney General's Subcommittee on Identity Theft with the
National Association of Attorneys General and the National
Association of District Attorneys and the International
Association of Chiefs of Police and reach out to chiefs of
police all over the nation.
I would say that one of the things we would hope that the
State and locals would do better is to fill out police reports
better, because not only does that get us on board for
enforcement, but it also helps victims, such as John, to use
that police report to secure and restore their identity.
Senator Craig. Thank you.
Mr. Huse, in today's world of trying to develop single-
digit, or multiple-digit but single-number IDs, we all want a
universal phone number that we can use anywhere in the world,
and in the wireless world, that is becoming increasingly the
case. I think we all want to consolidate numbers as much as we
can because we find our mind full of all kinds of access
numbers and code numbers and that type of thing. Is there any
prohibition now against the use of the SSN?
Mr. Huse. No. The SSN is pretty much the de facto national
identifier, and I think, as a people, we need to accept the
fact that it has become that. It pervades almost every aspect
of our governmental, financial, and commercial lives. We are
our number, and I think that probably as a people, we do not
want a national identity card, but we have a great ambiguity
about the fact that the number has become very convenient for
us to do business in this very complex world we have today. So
I think, to answer your question, we need to live with the
reality of what the number is and what it does and now look at
ways to make its integrity stronger. I think that is the key.
Senator Craig. You had suggested that might be done by
requiring limits in its application, I guess that is a better
way of saying it?
Mr. Huse. I think we need to look at how the number is used
and how it is displayed and how it is aggregated in different
data banks and databases by people who use it for commercial
purposes. We need to regulate that. We have to be sure that the
data in these stores, whether they are independent research
companies or financial institutions or credit bureaus, we have
to be sure that the data there is accurate and that the people
that run those are responsible for that data. I think that is
an obligation of government.
I think that those records need to be matched, not only
commercial and financial records, but also all government
records at local, county, State, and Federal records so that
their data is accurate. In that process, the anomalies will
fall out and those become key law enforcement leads. I do not
know any other way to fix this.
I have been involved in this for 32 years. I was a Secret
Service agent long before I became an Inspector General. This
is a problem that has a solution, but it involves a little bit
more action. A lot has been taken, and I think this is the last
step to really make it protected.
Senator Craig. This committee, and we will work with you,
visit with you about that at length to see where we might make
better use of your ideas.
Mr. Beales, is there a way to acquire reports of identity
theft from credit reporting agencies to supplement your current
database?
Mr. Beales. Well, what we do right now is the credit
reporting agencies refer people to us and we refer people to
them, so that when people call us, we certainly tell them to
call the credit reporting agencies to make sure that they get a
copy of their credit report and make any corrections to their
credit reports and the credit reporting agencies, when they get
a complaint, they urge the victims to call the FTC to get our
consumer education materials and also to report the offense for
law enforcement purposes.
They need somewhat different data than we do and we get
information about the nature of the crime that is useful to us
that they do not particularly need. So it is not clear that
direct sharing would be the most efficient way to go about it,
simply because of the different information needs. But we do
think we have good cooperation in referring consumers so that
we probably are picking up most of those complaints, but we
cannot tell for sure.
Senator Craig. Let me move on to Mr. Coombs and then my
other colleagues, and Senator Tom Carper has joined us, and
then I will come back to you, Mr. Beales, with another
question.
Mr. Coombs, is there a danger that funds stolen through
identity theft can become sources for funding terrorist
activities domestically, or is there any evidence that that has
ever occurred?
Mr. Coombs. Prior to my current assignment as Deputy
Special Agent in Charge in the Financial Crimes Division, I
spent numerous years supervising and running a Counterfeit
Crimes Task Force in Orange County, CA, and then a fraud squad
in Los Angeles, CA, which is among some circles considered the
identity theft capital of the world.
It is my experience that, as Senator Collins pointed out in
her opening remarks, that fraud identification, credit card
fraud, and stolen identities certainly have evolved to where
they are the tools of the criminal of the 21st century, if you
will. It is my experience that financial crimes and identity
theft, which is often a component of financial crimes, is
committed by a spectrum of the criminal element, if you will,
from the drug dealer who needs to support a habit to organized
criminal groups that it is part of their overall criminal
portfolio, to the unsophisticated criminal who utilizes
dumpster-diving as a means to compromise information, to the
sophisticated technically savvy, if you will, criminal who
utilizes hacking and maybe a scheming device to compromise this
information.
It is the vulnerability of the information that is
susceptible and is prone to identity theft. Therefore, it
certainly is possible and feasible that terrorists could
compromise information for financial gain, or more importantly,
to create that cloak of anonymity to commit other types of
crimes.
Senator Craig. Thank you very much.
Before I turn to Senator Collins for questions, let me turn
to Senator Carper to see if he has any opening statement. Tom.
Senator Carper. I do not. I am glad to be here and I am
glad you are here, as well. I really just came to hear Susan
Collins' questions. [Laughter.]
Senator Collins. Right.
Senator Craig. Here we go. Senator Collins?
Senator Collins. Thank you very much, Mr. Chairman.
Colonel Stevens, it was fascinating to hear that you first
found out that your identity had been stolen when you got a
call from a bank demanding payments on a Jeep that you did not
own, and then you found out that there were five other cars or
vehicles that had been purchased in your name.
I would like you to tell us a little bit about what you did
when you realized this had happened to you and how cooperative
were credit card companies, banks, and credit bureaus in your
quest to straighten it out, because from my experience as a
financial regulator at the State level, I know a lot of times,
consumers felt extremely frustrated in trying to straighten out
instances of just misidentity, where two people have the same
name, much less identity theft. Could you tell us whether this
has been a difficult process or not?
Colonel Stevens. It is very difficult. The first thing, I
had to get my wife down off the ceiling, because when she got
all this information, she exploded. Thank goodness, I am
partially deaf anyway, so----[Laughter.]
After the phone calls--in other words, to clear the Jeep
Cherokee, I faxed them a copy of my driver's license. They
faxed me a copy of the application. The only thing correct on
it was the Social Security number and a smattering of my first
and last name. The birthdays were wrong and everything else was
wrong. In fact, if they had checked the birthdays and the issue
date of the Social Security number, they would have found the
Social Security number was issued before they were born. You
know, just a simple check.
But we requested copies of the credit reports. Then we
started to treat it like a--well, since I was in research and
development for so long, we treated it like a project,
systematically, with notebooks tracing down these creditors,
because the credit bureaus did not have the information to
contact them. So we would have to make numerous phone calls. I
would go on the Internet and try to trace down an address and
phone number.
So we finally contacted a majority of them and we would
send them a sworn affidavit attesting to the fact that we did
not do it. In other words, we are proving the negative. We did
not do it. We are not the ones you are looking for.
So based on that, they would take that information and
clear the account, or so we thought. Anyway, it disappeared
from the credit report. Then again, they would turn up a little
while later, a couple of months later, in a third party
collection agency. We have had some that have recycled as many
as five times now. My wife just got notice of another one that
was cleared and recycled again. It just keeps going on.
Senator Collins. So it is still going on even as we speak,
5 years later?
Colonel Stevens. I described it once before as this
birthday candle you blow out and it keeps relighting itself.
[Laughter.]
It just keeps coming back.
Senator Collins. Mr. Beales, we have heard Mr. Stevens talk
about how extremely difficult it is for him to restore his good
credit and clear his name and that has been my experience in
talking with consumers in Maine, as well. Obviously, Mr.
Stevens describes himself as a warrior. He is undaunted. He is
just going to keep pursuing this. But for a lot of seniors who
are considerably older than Mr. Stevens and perhaps more
intimidated by the process, this is a real problem.
Does the FTC actually assist individual consumers in
clearing their record and restoring their good credit or are
you just a repository for information and education about this?
Mr. Beales. We are definitely a repository for information.
We assist individual consumers in providing them with
information and the steps to take, but we do not have the
resources to do it on their behalf or to go as their advocate
in dealing with the process. We try to explain the process,
talk them through the process of what they have to do so they
know what is coming, but they have to do it themselves.
Senator Collins. Mr. Chairman, I think that is a problem
for a lot of our seniors and I do want, as part of this
hearing, to let people know that most States have a Bureau of
Consumer Credit Protection or something along that line which
may be willing to intervene more directly for consumers.
Inspector General Huse, I want to follow up on the issue of
the Social Security number because Mr. Stevens' case shows that
that is the gateway to this crime in so many instances. I agree
with you that the Treasury has taken a very important step by
no longer printing the Social Security number on Social
Security checks, but could you give us other examples of either
legislative or administrative actions that you think should be
taken to better safeguard that Social Security number, because
once you have that, once the thief has that, it is very easy
for him to get the other information he needs.
Mr. Huse. It is the breeder identification, the Social
Security number, in every possible context, to include in
terrorists' activities, the use of numbers, identifying
numbers, fake Social Security numbers. In the case of the
September 11 terrorists, I think the Director of the FBI has
testified to that, that that has been a result of their
investigative efforts.
This number is so pervasively used, I think the obligation
now is to make sure that the numbers themselves have some
accuracy, and we have so many systems of records at local,
county, State, and the Federal level, on just the governmental
side. All those records should be accurate as to who I am, who
you are, and what our Social Security number is because it has
become our identification.
That can be done by the Congress requiring periodic
matching of that data so that all of those systems of records
are accurate. If you take care of that, that is one piece. The
Congress could consider making that requirement binding on the
financial and commercial sector for the legitimate reasons that
the number has been expanded to be used in commerce. We will
never be able to pull that back unless we replace it with
something else. That is a requirement, I think--that due
diligence should be part of their ability to use the number.
The Social Security Administration itself has taken
tremendous steps in the last few years to improve the business
process of issuing the number. Now we have to fix the process
of keeping the number accurate and strong in terms of integrity
through its use. I think those are places we can work and find
some solutions.
Senator Collins. Mr. Chairman, thank you. I know my time
has expired. I do want to just let Ms. Fisher know that I am
expecting a report from the Justice Department pursuant to the
law on Internet identity theft. It has been over a year and I
hope it will be forthcoming soon, because it does ask for
legislative recommendations in this area. Thank you.
Senator Craig. Thank you.
Tom, questions?
Senator Carper. Thank you. Yes, indeed.
About 5 years ago, one of our nieces down in North Carolina
had her identity stolen and what occurred after that has been
something I would not want to visit on anybody. On the one
hand, there are the financial concerns and worries, but it is
just as Mr. Stevens knows, just a huge pain in the neck to put
up with--a lot of stress, a lot of worry, and a lot of
aggravation.
I want to follow up on the question that Senator Collins
presented to Mr. Huse. One of the questions I ask of panels is
what should we do? You began to answer that question, and I
would just ask of others at the table to do so as well. What
should we do as legislators to address this problem? What is
our obligation?
Mr. Huse, you have already spoken a little bit. I do not
want to pick on you too much.
Mr. Huse. I will only add one thing and then stop. The
piece I also strongly believe in is that we have to grant law
enforcement--because this crime is so pervasive and it cuts
across all levels of government--we have to grant law
enforcement at the local, county, State, and Federal level, but
particularly those local law enforcement officers, the right to
verify Social Security numbers, just as we allow employers to
do that now on the wage and earnings side, to see if the person
has the right to work.
That tool is critical in the early investigative stages of
an identity theft case like Colonel Stevens. If local law
enforcement can establish those identities as they are working
the crime, a lot more can be done as we do now. This crime,
because of the Internet and our modern technology, works so
quickly, we need to give all of the tools we can to law
enforcement.
Senator Carper. OK, thank you. Others?
Mr. Beales. Senator, I think S. 2541 is a very good idea,
toughening the penalties and streamlining the proof
requirements for identity theft is a good way to address the
problem. I think hearings like this help to reduce the problems
because they bring them to people's attention. That encourages
people to report problems to us sooner, and we have definitely
seen that trend in our database over the last couple of years,
and that, in turn, makes it easier to prosecute.
I think that verifying Social Security numbers is a very
interesting idea that potentially raises some privacy problems,
depending on what records are being matched, that would give us
some pause, but it is certainly worth exploring.
Senator Carper. Thank you, and I recognize that. There has
to be a public policy debate over those uses, between
individual rights and the collective good. But I think it is a
debate worth having.
I, too, endorse S. 2541 in the sense that under present
laws now, a lot of sentencings in terms of identity theft are
not as strong as they could be. We have had two recent
investigations where the sentences, at least to a lay person,
seemed light in view of the severity of the crimes that were
committed. This is a bill that we really need soon.
Ms. Fisher. I would agree with that, Senator.
Senator Carper. What else would you like to offer, Ms.
Fisher?
Ms. Fisher. Well, I think this bill would increase the
penalties which not only encourages our U.S. Attorneys across
the country to prosecute these crimes, because there are harder
sentences, but hopefully will have a significant deterrent
affect when people want to steal others' Social Security
numbers or other identification information to engage in bank
fraud or credit card fraud or document fraud that relates to
terrorism or anything else like that. So for the deterrent
effect, as well, we think it is important.
Senator Carper. Mr. Coombs.
Mr. Coombs. I agree with Ms. Fisher. Any more tools that
you can give law enforcement for their tool box is a tremendous
enhancement. It is commonly known in criminal circles that the
crime of identity theft, the penalties are low and the
financial gains, the probability, are extremely high. S. 2541
has mandatory sentencing for identity theft, and if it is
terrorism-related, there are more years added, and that is a
tremendous bill and also would have the support of the Secret
Service, as well.
In regards to information and verifying information,
anything that we can do to verify businesses--verify
information, because it really is the compromise of information
that is the root cause of identity theft, and if there is any
avenues to provide banking institutions, for instance, to
verify information with good information versus the bad
information that they are getting, that would be a tremendous
asset to them.
I know the Treasury Department yesterday issued some
regulations to enhance risk assessments and ``know your
customer'' as a result of the PATRIOT Act, and the Secret
Service works closely with the financial industry in developing
protocols for knowing your customer. So, hopefully, with these
protocols and enhancements and knowing your customers, we can
do better at verifying this information.
Senator Carper. Thanks.
Colonel Stevens. I would like to take a little bit
different approach, sir. I think the creditors, the banks, and
the credit card companies, and the credit bureaus should be
held accountable for opening fraud accounts. In my case, I have
seen that just a little bit of diligence on checking an
address, a birthdate, a place of employment--for instance, I
was listed as working at Stanley Tools in Texas after I retired
from Johns Hopkins University as a physicist, so----
Senator Carper. How did you like working at Stanley Tools?
[Laughter.]
Colonel Stevens. It was enjoyable, apparently. The people
spent a lot of money who worked there. But just to hold the
people accountable to show a little bit of care in opening
these accounts, look at birthdays, or a different address. Of
course, I was told once that 15 percent of the people move
every year, so they could not disqualify them for credit on
that basis. My answer to that is, 85 percent of them do not
move, so we all have to suffer for that.
Why can they not just take more care in opening the
account, check the data, and the credit bureaus can look for
any drastic changes. In fact, they have a protection policy now
that costs, I think, $79.95 a year that they will do that. I
thought they should do that under the normal process of doing
business.
Senator Carper. One follow-up question, and it sort of
follows up to what Mr. Stevens has just said. When someone's
identity is stolen and credit card purchases are made illegally
using that stolen identity or other, whether it is credit card
purchase or others, who ends up suffering the financial loss?
Colonel Stevens. The creditor has to suffer that and that
is why they are so determined that they are going to turn that
account over to a third party collection agency, which comes
right back on me. They will hound you to death to try to make
you pay that bill. Now, some people will cave into that, and
that is a warning to senior citizens like myself. Do not pay
it, because that is an admission of guilt and that account will
remain on your credit report, I believe, for 7 years. But they
will hound you, they will call you on the phone, and if you
clear it with them, they turn it over to another one, and we
have had some recycled going on the fifth time now, with the
same account.
Senator Carper. What can we do to change the incentive so
that the incentive falls more on the issuer of, we will say,
the credit card to be more diligent in terms of the background
checks to control their underwriting losses?
Mr. Beales. Senator, I think, mostly, they have the right
incentives now, because ultimately, it is the creditor that
pays the losses and that is certainly the way it should be. If
they issue credit to the wrong person, they ought to have to
eat the loss.
The difficulty is, I think, from the creditor's perspective
and also from the way the system as a whole has to work, is
there are also people out there who do owe the money and simply
are not paying. So creditors have a legitimate interest in
trying to collect in those kinds of cases and it is hard for
creditors to distinguish the victim of identity theft from the
deadbeat in some cases.
We can try to make that process easier and encouraging
people to file police reports is one thing that helps with
that. We have developed a uniform fraud affidavit that
creditors will accept as evidence that this really is an
identity theft victim. But there is a tension there that is
inherent in the nature of the crime that I think is difficult
to get rid of entirely.
Mr. Huse. This really comes down to the accuracy of these
records, and that is the difficulty on the commercial side, is
they have information that they have aggregated through various
ways, but there is no way for them to verify that information
in a facile way, or any obligation right now, either, other
than due diligence in a business context.
If we make it, that cross-verification, a requirement, over
time, the number has better standing than it does now. Right
now, it is defeated because it is--the integrity is very
amorphous, and I think that is really an aspect there that
deserves a good look.
Senator Carper. OK, good. You have been most helpful. Thank
you for your testimony. Thank you for your response to our
questions. Mr. Stevens, good luck.
Colonel Stevens. As long the candle does not relight
itself, we will be struggling out there. We are going to fight
them, though.
Senator Carper. Thank you.
Senator Craig. Tom, thank you very much.
Mr. Beales, one last question of you. Are there factors
within the aging population that may indicate that this crime
is being under-reported relative to their general population,
or relative to the general population. You were giving us
statistics as to those victimized. In many other areas, we find
seniors under report simply because of their view of their own
personal integrity or their privacy sense or they are going to
suffer through a bit of a different attitude in a population
base compared to younger people.
Mr. Beales. We certainly see that in our fraud cases, that
the elderly are less likely to report that they are victims of
fraud than are members of the population at large. It is not
clear that translates here, although it may, because this is a
little bit more like having your wallet stolen. This is to say
you are a victim in a very different way than you are in a
fraud where you sort of have to say you are a victim and you
have to admit you were taken. But having your wallet stolen is
not quite like that. So it is not clear that it is the same
sort of a problem. It may be, and we are in the design stages
of some research to try to find out whether there really is a
difference, but at this point, we do not know.
Senator Craig. Alice, gentlemen, thank you all very much
for your testimony today. You have helped build a valuable
record. We appreciate it. Thank you.
Now, let me call our second panelists forward, if you would
please come forward.
Let me thank our second panel for being here. Let us get
started, if we could, please, and let me first introduce Mari
Frank, a Privacy and Identity Theft Consultant from Laguna
Niguel, CA. Mari, welcome before the committee.
STATEMENT OF MARI J. FRANK, ESQ., PRIVACY AND IDENTITY THEFT
CONSULTANT, LAGUNA NIGUEL, CA
Ms. Frank. Thank you very much, Senator Craig, for inviting
me and for holding this important hearing. I am the author of
the ``Identity Theft Survival Kit,'' which I have brought as a
resource to this committee to give to you.
Senator Craig. Great. Thank you.
Ms. Frank. As a member of AARP myself, several years ago,
an imposter took my identity and stole over $50,000 using my
name and my profession as an attorney. Additionally, I have
personally assisted hundreds of elderly victims myself.
There is very little that seniors can do to prevent this
crime. Law enforcement needs more resources and it needs to
investigate, which often they do not. But law enforcement will
never have the power to prevent it. The key players with the
unique opportunity to thwart this crime are governmental
agencies and businesses that collect and use our information.
Security breaches of databases, careless information handling
practices, and unscrupulous employees facilitate this fraud.
There is no control over information in the hands of others and
there is no opportunity to avoid identity theft. Once
victimized, it may take months or years to find out, and then
to remedy the situation.
Here are a couple of examples of real-life stories. Sidney,
a retired executive, learned that his identity was stolen after
he and his wife purchased a new home. His loan application with
his three-in-one credit report revealed his credit score, his
Social Security number, and all of his accounts. His
masquerader, using that loan application, was able to open new
credit card accounts, rent a new apartment, obtain utilities,
stealing over $100,000 in their name.
Allan and Marcia were retired in a mortgage-free home. They
learned that convenience checks were stolen from their mailbox
and thousands of dollars were spent in their name. Checks were
stolen, credit cards were opened, other purchases were made.
Worse yet, they learned that their mortgage-free home now had a
mortgage with a lender who was threatening foreclosure.
Steve, a 78-year-old retired policeman, was living in an
assisted care facility. His personal information was held in an
unlocked cabinet in the nursing home and later used to purchase
luxury cars and electronic equipment. He even found that he had
a criminal and fraudulent DMV record in another State.
Lorraine, a 65-year-old widow of a deceased decorated
United States Air Force General found out several months after
her husband's death that his identity was stolen to commit
security crimes. Not only is she left to deal with that
grieving, but also to clean up his tarnished reputation.
Although Federal law protects victims of credit card fraud
from paying the losses, as we know, there are still out-of-
pocket costs, which may cost thousands of dollars. Also, for
those who experience ``ATM-VISA fraud,'' and check fraud,
replacing the money in those accounts is almost impossible.
Without assistance, the elderly feel overwhelmed, give up, pay
fraudulent bills, or even file bankruptcy. Emotionally, seniors
feel very victimized, and violated, not only by the criminal
perpetrators, but even worse, by the creditors' harassment and
lack of cooperation, the frustration of the experience from the
credit reporting agencies when they fail to correct, and the
refusal of law enforcement to even investigate the crime.
The following factors make this crime easy and insidious:
Mail theft; insider theft; dirty employees; unscrupulous
relatives; hackers and high-tech fraudsters creating false
documents; dumpster-diving at businesses and hospitals;
information brokers selling personal information
indiscriminately; selling of credit reports, loan documents,
rental car applications; theft in offices, buildings, websites,
computers; pretext calling and different scams; government and
various industries' negligent information handling practices;
public record access, including birth certificates and death
certificates that have the Social Security number.
It is a myth that seniors can prevent identity theft.
Offering consumer tips like ordering your credit reports twice
yearly and guarding your personal information and shredding are
great information, but gives our aging population a sense of
false security. Precautions taken by government entities and
private industries should do the following, and by the way, I
have 17 pages in my written testimony to give many more things,
but I will just give you a few.
Senator Craig. Thank you. [Laughter.]
Ms. Frank. Because you were asking for solutions on the
last panel, I have bullet pointed all the things that we think
should be done.
Limit the use of the Social Security number, since it is
the key to identity theft. Verify, authenticate, and protect
whatever identifier is used, whether it is a number, a
password, or biometric information. Completely destroy personal
information that companies are discarding. They should truncate
credit card numbers and other unique identifiers, like Social
Security numbers, and secure all data, online and offline, and
they should notify customers and consumers or employees of
security breaches.
Rather than going any further, I just want to end with
whether a Social Security number or a biometric identifier is
used, the same issues arise. How will we protect that
information as it is stored, transferred, sold, or used? Our
nation's aging population, the fastest growing segment of our
society, is most at risk to be victimized by the fastest
growing crime. Let us set realistic guidelines for information
handling practices. Thank you.
Senator Craig. Mari, your testimony is valuable and I think
those examples and recommendations based on your experience are
extremely valuable and I thank you for that.
[The prepared statement of Ms. Frank follows:]
[GRAPHIC] [TIFF OMITTED] 82327.057
[GRAPHIC] [TIFF OMITTED] 82327.058
[GRAPHIC] [TIFF OMITTED] 82327.059
[GRAPHIC] [TIFF OMITTED] 82327.060
[GRAPHIC] [TIFF OMITTED] 82327.061
[GRAPHIC] [TIFF OMITTED] 82327.062
[GRAPHIC] [TIFF OMITTED] 82327.063
[GRAPHIC] [TIFF OMITTED] 82327.064
[GRAPHIC] [TIFF OMITTED] 82327.065
[GRAPHIC] [TIFF OMITTED] 82327.066
[GRAPHIC] [TIFF OMITTED] 82327.067
[GRAPHIC] [TIFF OMITTED] 82327.068
[GRAPHIC] [TIFF OMITTED] 82327.069
[GRAPHIC] [TIFF OMITTED] 82327.070
[GRAPHIC] [TIFF OMITTED] 82327.071
[GRAPHIC] [TIFF OMITTED] 82327.072
[GRAPHIC] [TIFF OMITTED] 82327.073
[GRAPHIC] [TIFF OMITTED] 82327.074
Senator Craig. Now, let me turn to Boris Melnikoff. Boris
is the Consultant to the Regional President of the American
Bankers Association, Atlanta, GA, and I understand has just
become the grandfather of a ninth granddaughter, is that
correct, Boris?
Mr. Melnikoff. That is correct. Thank you very much,
Senator.
Senator Craig. Congratulations.
Mr. Melnikoff. Thank you, sir.
Senator Craig. Those are special things in one's life.
Mr. Melnikoff. At 1:57 yesterday afternoon, sir.
Senator Craig. Congratulations. Please proceed, Boris.
STATEMENT OF BORIS F. MELNIKOFF, CONSULTANT TO THE REGIONAL
PRESIDENT, AMERICAN BANKERS ASSOCIATION (ABA), ATLANTA, GA
Mr. Melnikoff. Thank you, sir. Stopping identity theft
before it occurs and resolving those unfortunate cases that do
occur is of the utmost importance to the banking industry.
Banks have a long, proud history of securing their customers'
information, including those of senior citizens.
As technology and the Internet have made more information
readily available, we have redoubled our efforts to help
educate consumers about how to prevent and resolve identity
theft. Banks and our customers are partners in protecting
information.
This morning, I would like to make three key points. First,
the banking industry has been actively involved in an ongoing
effort to educate consumers on how to protect themselves from
identity thefts. Each one of us can limit vulnerabilities to
this crime.
Second, the American Bankers Association has developed
videos, articles, statement stuffers to assist in training bank
staff and educate consumers.
Third, it is important for the private and public sectors
to pursue innovations to improve identification of individuals,
beginning, for example, with the improved standards for
drivers' licenses.
Identity theft harms consumers and banks and severely
challenges law enforcement. We can only be successful in
fighting this crime if we all work together. In 1998, ABA was
very supportive of the changes made by Congress, led by Senator
Kyl, which made it easier for law enforcement to bring action
on ID theft cases. Unfortunately, at that time, there was no
appreciable increase in prosecutions, however, likely due to
the high volume of cases that law enforcement was already
engaged in. We were encouraged, however, by the Justice
Department's announcement in May that a nationwide effort has
resulted in 73 criminal prosecutions for identity theft.
Let me now turn to the educational efforts of the industry.
ABA members have been leaders in the private sector's push to
educate consumers. We realize that people need our expertise
and guidance to avoid being victimized. Of course, the first
step to combat identity theft is self-awareness and how you can
protect yourself. I have included in my written statements tips
on protecting one's personal information. Taking many small
steps, while not eliminating identity theft, will diminish the
frequency of the crime.
Let me highlight a few examples of what the ABA has done.
Just yesterday, I did a radio tour where I was interviewed on
15 radio stations from coast to coast talking about ID theft
prevention. These stations collectively reached an estimated
9.5 million listeners.
Second, the ABA has distributed to all its members a theft
communication kit. This kit contains, Senator, public service
announcements, sample statement stuffers, sample newspaper
columns that a banker could tailor to his or her community. We
have provided a copy of this kit to the committee.
Senator Craig. Thank you.
Mr. Melnikoff. ABA also offers a separate statement stuffer
for banks to use in mailing to consumers, with close to six
million distributed across the country already.
Finally, the ABA has sent 1,200 copies of a video produced
by JP Morgan Chase and Company to our members. A copy of the
tape has also been supplied to the committee, sir.
While the ABA has done a considerable amount of work in
this area, we realize the individual industry efforts must
continue. Fortunately, many of our members are engaged in
similar efforts across the country. I continue to witness
superb examples of industry's outreach, many of which I have
mentioned in my statement.
Mr. Chairman, the ABA urges government leadership directed
at improving methods of identifying individuals. There is no
better way to protect against fraud and terrorism than by
improving the identification documents used to complete
financial transactions. Specifically, we believe in the efforts
to improve how States issue drivers' licenses is of particular
importance.
Thank you for the opportunity to update the committee on
the industry efforts in this important area.
Senator Craig. Thank you.
[The prepared statement of Mr. Melnikoff follows:]
[GRAPHIC] [TIFF OMITTED] 82327.075
[GRAPHIC] [TIFF OMITTED] 82327.076
[GRAPHIC] [TIFF OMITTED] 82327.077
[GRAPHIC] [TIFF OMITTED] 82327.078
[GRAPHIC] [TIFF OMITTED] 82327.079
[GRAPHIC] [TIFF OMITTED] 82327.080
[GRAPHIC] [TIFF OMITTED] 82327.081
[GRAPHIC] [TIFF OMITTED] 82327.082
[GRAPHIC] [TIFF OMITTED] 82327.083
[GRAPHIC] [TIFF OMITTED] 82327.084
[GRAPHIC] [TIFF OMITTED] 82327.085
Senator Craig. With the indulgence of the panel and the
audience, there is a vote underway and my primary
responsibility being in this body is to vote. So we will stand
in recess for a few moments while I run and vote and I will
return as quickly as I can to proceed with the balance of the
panel and questioning.
The committee will stand in recess. [Recess.]
If I could ask everyone to take their seats and for the
panel to reassemble, please.
Boris, we just finished with you, and let me tell you that
the effort that it appears the American Bankers Association has
underway with both public outreach, but also education of
professional staff of employees sounds impressive and is
important and I am glad to hear that.
Now, let me turn to Stuart Pratt, Executive Director,
Consumer Data Industry Association here in Washington. Stuart,
welcome before the committee.
STATEMENT OF STUART K. PRATT, VICE PRESIDENT, GOVERNMENT
RELATIONS, CONSUMER DATA INDUSTRY ASSOCIATION, WASHINGTON, DC
Mr. Pratt. Mr. Chairman, thank you for inviting us here
today, and for the record, I am Stuart Pratt, Vice President,
Government Relations, for the Consumer Data Industry
Association.
Senator Craig. That is a much more impressive title than I
gave you.
Mr. Pratt. But I appreciate the promotion, actually.
Senator Craig. All right. Thank you. [Laughter.]
Mr. Pratt. We are the association which represents all of
the nation's largest credit reporting systems, check approval
systems, and mortgage reporting systems, and so, obviously, we
play a very central role in these types of debates.
In fact, we applaud you for holding this hearing because
identity theft is a pernicious crime. It is a difficult crime
for everyone involved. We all end up, as a result of the
criminals' activities, trying to untangle this snarl of
accounts and information, and sometimes it goes smoothly and
sometimes it goes very well, and then sometimes you have seen
cases where it does not go as smoothly as we would like for it
to go.
We thought we would focus on just two messages today in
terms of, first of all, what have we been doing as an industry
to try and work through and actually alter practices, business
practices, that will make it easier for victims to keep their
information safe and sound and to bring their credit history
back to whole, and also, we wanted to focus, as well, on
consumer education and how educational efforts, we think, do
play an extraordinarily important role.
We looked at this issue as far back as 1997, and by March
of 2000, we had issued a six-point program that would assist
victims. The six-point program is outlined in a press release
which is attached to the testimony today. Let me just highlight
a couple of key steps that we thought were particularly
important in this six-point program.
First, we standardized the security alert. When you contact
the credit bureau, one of the first steps we will take is to
put a security alert on your file. It is a text message and it
says, ``I have been a victim of identity theft. Please do not
grant credit. For example, here are telephone numbers you can
use to verify who I am.'' Obviously, if you have a telephone
number and you are standing in front of the consumer, unless
you have a cell phone strapped to your hip, there should be
some interplay there that allows a lender to be able to make a
better risk decision about who they are doing business with.
By standardizing the alerts, both in terms of the text
itself and also by adding an alphanumeric sequence, which is a
fancy way of saying a code, at the beginning of the security
alert, we think this better enables every one of our lender
customers to be able to look for that alert message, to look
for the code, and to take the actions that they think are
appropriate based on that information.
So that obviously gives us a way of, downstream, trying to
help the consumer stay whole, because that alert message
remains on the file and it is a decision that we make jointly
with the consumer during the consumer relations process.
We also know that consumers like standardization across the
spectrum, so there are three major credit reporting systems in
this country and most consumers we interviewed, by the way, in
our process, said, we would like to have the same kind of
treatment each time so we do not have to go through three
different versions of the treatment.
In this case, what we did is we said, we will do three
things first for the consumer. When you contact us, even if you
are just leaving a message on an automated voice attendant, we
are going to put a security alert on your file. We are going to
take you off of any direct mail offers of credit, opt you out
of any non-initiated transaction, so only when you go and apply
for credit will your credit report be used. Third, we will get
your report to you in the mail within three business days,
often quite a bit sooner than that, and obviously, there are
Internet deliverables, as well, today. But those three steps
ensure the consumer has a better continuity across the three
credit reporting systems.
Then we also designed a system on the back end which is our
attempt to be responsive to the fact that identity theft is
more longitudinal than some other types of crime. It is more
difficult for us to know, is it over? Am I finished? Or do I
still have a problem that is latent, that is out there? Is
there more credit that I just am not aware of yet that was not
yet reported to the credit bureau, for example?
So over the course of the next 90 days, once we have
brought a file back to current, we will then send the consumer
additional copies of his or her file with the 800 number, with
access to live personnel. It keeps the consumer engaged--and
this would be true for a senior or for any other consumer who
is a victim--keeps them engaged. Look at your file. Tell us if
there is something else wrong with that file so we can take
care of that.
Now, we also knew that consumers wanted escalated services.
We want to be believed. That is one of the key points that many
consumers have said. How hard is it to prove who I am? So we
agree with all the testimony that has said, get a police
report. If you get a police report, we will immediately with
that police report block the fraudulent information. We will
not wait to check with the lender. We will take your word for
it. The police report is a validating document for us. We will
block the fraudulent data. This should give a consumer a chance
to get on with their life much more quickly and to be able to
bring their credit report whole much more quickly, as well.
Finally, we do accept the FTC's standardized fraud
affidavit, which again reduces the paperwork burden, if you
will, for victims, and that is another key component of this.
How many different affidavits do I complete? How much money do
I have to pay to have them notarized, and so on and so forth.
We think consumer education is another key component of
this, and I know a lot of times we talk about consumer
education as a replacement for other actions. But as you can
see, we have taken procedural actions with our business model
to change what we do for victims. But consumer education
clearly allows us, for example, to be able to partner up, and
in our case, we committed ourselves to partnering up with a
group called Call for Action. We did produce a brochure, and
this brochure is maybe in some ways a simplified version of the
type of information that the Federal Trade Commission
promulgates. We, in fact, encourage consumers to contact the
FTC.
We also promulgate information on victims' rights under the
law and encourage consumers to understand their rights under
the law. For every citizen, by the way, the Fair Credit
Reporting Act is not obvious, and so we produce a flow chart
that says very simply, this is what should happen when you
contact the credit bureau, dispute your information, and get
that information corrected.
We have seen more data, and we have indicated this in our
testimony, where data shows that we are making progress. More
consumers are calling our fraud units, taking a preventative
step, so maybe that is the last, most important point I can
leave with you. As opposed to calling and saying, ``I am a
victim,'' the majority are calling and saying, ``I want to take
a preventative step to make sure I do not become a victim.''
That is good news in terms of the consumer education.
Let me close with that. I see my time has expired and I am
open for questions and I thank you for the time that you have.
Senator Craig. Stuart, thank you for that testimony.
[The prepared statement of Mr. Pratt follows:]
[GRAPHIC] [TIFF OMITTED] 82327.086
[GRAPHIC] [TIFF OMITTED] 82327.087
[GRAPHIC] [TIFF OMITTED] 82327.088
[GRAPHIC] [TIFF OMITTED] 82327.089
[GRAPHIC] [TIFF OMITTED] 82327.090
[GRAPHIC] [TIFF OMITTED] 82327.091
[GRAPHIC] [TIFF OMITTED] 82327.092
[GRAPHIC] [TIFF OMITTED] 82327.093
[GRAPHIC] [TIFF OMITTED] 82327.094
[GRAPHIC] [TIFF OMITTED] 82327.095
[GRAPHIC] [TIFF OMITTED] 82327.096
[GRAPHIC] [TIFF OMITTED] 82327.097
[GRAPHIC] [TIFF OMITTED] 82327.098
[GRAPHIC] [TIFF OMITTED] 82327.099
[GRAPHIC] [TIFF OMITTED] 82327.100
[GRAPHIC] [TIFF OMITTED] 82327.101
[GRAPHIC] [TIFF OMITTED] 82327.102
[GRAPHIC] [TIFF OMITTED] 82327.103
[GRAPHIC] [TIFF OMITTED] 82327.104
[GRAPHIC] [TIFF OMITTED] 82327.105
[GRAPHIC] [TIFF OMITTED] 82327.106
Senator Craig. Now, I am going to turn to Dennis Carlton.
Dennis is Director of Washington Operations for the
International Biometric Group in Washington, DC. Dennis.
STATEMENT OF DENNIS CARLTON, DIRECTOR OF WASHINGTON OPERATIONS,
INTERNATIONAL BIOMETRIC GROUP, LLC, WASHINGTON, DC
Mr. Carlton. Senator, thank you, and on behalf of our
company, I would like to thank the committee for the
opportunity to talk to you about the technology called
biometrics and describe how it can be used to combat the
problem of identity theft.
Let me begin with a brief description of the International
Biometric Group so that you better understand who we are and
our unique position in the world of biometrics. International
Biometric Group, or IBG, provides independent consulting
services to government and private industry customers
interested in biometric technology. Our organization focuses on
three primary functions: Evaluating and reporting on biometric
products and vendors, as well as the markets in which they
compete; advising clients on how to implement biometric
systems; and integrating a wide range of biometric hardware and
software to meet the security needs of our customers.
We take a practical, hands-on approach to biometrics. We
have conducted extensive comparative testing of more than 30
different biometric solutions so that we know how they are
likely to perform in the real world. IBG holds to a strict
vendor-neutral policy, which enables us to maintain close
relationships with biometrics vendors while ensuring that our
clients receive accurate and independent advice on which
biometrics systems can best meet their needs.
Let me take a few moments to review some of the basics of
biometrics. A technical definition of biometrics is the
automated measurement of behavioral or physiological
characteristics of a human being to determine or authenticate
their identity. In other words, it is the use of computers to
confirm who a person is by matching a behavior or a permanent
physical characteristic with similar records in a database.
Research has shown that behaviors, such as the way we
speak, the way we sign our names, and even the way we type on a
keyboard, are distinct and unique enough that they can be
quantified and compared by computers to existing samples. In a
similar way, physical characteristics of the human body, such
as the friction ridges on the pads of our fingers, the geometry
of our hands, the shape of our face, and the patterns of our
irises and retinas, can be measured and matched against
computer databases.
A wide range of products on the market can acquire and
match a person's biometric data in order to quickly and
accurately identify who they are. Time permitting, I hope to be
able to demonstrate some examples of these technologies to you
later.
To effectively describe how biometrics can be used to
combat identity theft and protect senior citizens, I think it
is important to address some issues that often confuse the
dialog about biometrics. First, it is important to set
practical expectations of what biometrics can and cannot do. To
date, we have not seen a biometric product that will work
accurately 100 percent of the time. Whether it is wrongly
identifying one person as somebody else, only to identify
someone it should not recognize, or preventing someone from
initially enrolling in the system, all biometrics systems make
errors. A properly designed system needs to employ biometrics
as just one of a number of interlocking layers within a
security solution and must also include a quick and efficient
exception handling process.
Second, no one biometric technology is right for every
application. For instance, while a finger scan technology may
be an excellent solution for replacing passwords to gain access
to a desktop computer system, it is not of much help trying to
pick a potential terrorist out of a crowd in an airport
terminal.
Finally, people should not automatically conclude that the
use of biometrics is an invasion of our personal privacy or a
violation of our civil liberties. Biometrics themselves are
privacy neutral. It is the way they are employed and the
protections put in place to limit misuse that makes biometrics
either private invasive or privacy protective. What is
essential is that individuals are fully informed on how their
data is shared, used, collected, and secured. For more
information about biometrics and privacy, I commend to you an
IBG-sponsored website dedicated exclusively to the subject,
www.bioprivacy.org.
Biometric technology has been employed to prevent fraud and
identity theft for several years now. I personally managed a
pilot program that began in 1998 which evaluated the use of
finger scan technology in a retail grocery store for confirming
the identity of people who paid for their purchases by personal
or payroll check.
Reaction to the system by those who used it was universally
positive. People found it much easier and faster to identify
themselves with an index finger rather than digging through a
pocket or purse for an ID, and the store found the incidence of
loss due to check fraud reduced to zero. Most interestingly,
senior citizens were some of the most enthusiastic proponents
of the system. They recognized that no one could steal their
checkbook and drain their bank account if a system like this
was widely deployed.
Several companies have now commercialized the concept of
identification at the point of sale, and I have brought some
current examples of these technologies for demonstration
purposes.
To properly serve the needs of elderly citizens, it may be
necessary to make some adjustments to standard biometric
systems. For example, the aging process can reduce the
suppleness of a person's skin, which can present problems for
finger scan technology. The use of certain moisturizers and
specially designed sensors can significantly reduce this
problem.
Another problem commonly associated with the aging process,
decreased visual acuity, can make it difficult for people to
properly position themselves for a facial scan or iris scan
system. To overcome this challenge, vendors can offer more
sophisticated camera systems that automatically locate the
subject's face or eyes with little user effort.
As I mentioned earlier, for citizens who are physically
unable to interact with the biometrics system, an efficient and
transparent exception handling process is essential.
In conclusion, biometric technologies have already been
shown to be powerful tools for combatting the growing scourge
of identity theft that afflicts Americans, young and old. Thank
you for your time, and I welcome the opportunity to demonstrate
some of these technologies if time is available.
Senator Craig. Dennis, I will question you by allowing the
demonstration at the end. How is that?
Mr. Carlton. That is great, sir.
[The prepared statement of Mr. Carlton follows:]
[GRAPHIC] [TIFF OMITTED] 82327.107
[GRAPHIC] [TIFF OMITTED] 82327.108
Senator Craig. Let me turn to our other panelists for some
questions.
Mari, obviously, you have been out on the front line, not
only a victim, but assisting victims and helping them. Who can
an elderly person go to to help them recover lost assets or fix
damaged credit histories? Who can they turn to?
Ms. Frank. Right now, there really are not many places.
There are some legal aid places. There are some consumer
agencies. But, in effect, there are not many places for people
to go. I mean, you look at John Steven's cost. Then there are
attorneys but not many will not take the cases on contingency.
The FTC will just give you advice, like Mr. Beales said. So
there really are not a lot of places that people can go unless
people like me, who do pro bono work or if they get my kit. It
is really an unfortunate thing. One of the suggestions that I
had was that States and maybe the Federal Government set up
some kind of an ombudsman center for help for people who really
need it.
Senator Craig. Do you know if State Legal Aid Services
assist seniors?
Ms. Frank. Some of them do, yes, and there are some senior
citizen programs around the country, and maybe AARP refers. But
there is not anything really around--I have tried to refer
people to others who will do the work for them and they come
back to me, so that has been a problem.
Senator Craig. Thank you.
Boris, are bank tellers typically trained to spot the signs
when someone is trying to access an account under a false ID?
Mr. Melnikoff. Yes. In fact, a lot of the training
information I shared earlier in my testimony covers not only
that, but also the unusual transactions that a senior citizen
might want to conduct, which I think is an important factor.
There have been many, many instances where a senior citizen
would come into a bank, approach a teller. The teller will
recognize the senior and the senior will want to withdraw large
sums of cash. All of that--and it is preventable, and a
majority of banks do exercise all of their rights to protect
that consumer's assets, if you will. So the answer on both
parts of the question, Senator, is yes. Bank tellers are
trained to accomplish that.
Senator Craig. Do financial institutions have the authority
to report suspicious financial activity that looks like
identity theft to local authorities?
Mr. Melnikoff. Yes, sir. Through the use of a SAR, if you
will, and additionally, here again, reverting back to the
elderly or senior citizen withdrawing large sums of money, law
enforcement in some instances is notified at once in the hopes
of talking the senior citizen out of removing that kind or
those dollar limits. In nine out of ten cases, it is nothing
but a flim-flam that the senior is about to experience. So,
yes, sir, your answer is, yes, we do do that as an industry.
Senator Craig. How do you effectively screen, because we
have obviously heard of those who are making applications for
purchasing cars using false IDs, a failure on the part of that
loan officer to make a few simple calls to double-check
addresses or anything of that nature? Is there any effort
underway to double-check, recheck, if you will, this kind of
informational flow that would establish a credit and,
therefore, allow a transaction to occur?
Mr. Melnikoff. Yes, and I think just to tie in with the
announcement made by Treasury yesterday, if you will, that
possibly would give the financial industry access to certain
data as it pertains to the individual in the Social Security
system. As we speak today, we do not have that ability to do
so. We rely on, and I hope my colleague does not take any
personal affront to this, but we rely on the credit bureaus and
other systems for verification. But as mentioned earlier, the
Colonel's date of birth or his Social Security number was
issued prior to his birth. So we need to work on that, and by
having access for legitimate reasons, that would be a
significant help to the financial industry and to verify and
reverify what we are doing.
Senator Craig. With the industry having to eat the cost
once discovered, is there an annualized cost that identity
theft is costing the banking industry of this country? Do you
know of one that has been calculated?
Mr. Melnikoff. No, sir. There is no central repository.
Now, there were statements made earlier, and I made a statement
with respect to filing a SAR. But there are limits on the SAR,
and the limits are $5,000 up to $25,000. So there is no central
repository, so we really do not know.
But I think, and my opinion is, if you take all of the
fraud that the financial industry, to include all types of
credit grantors, we are probably looking at anywhere from $15
to $18 billion a year. That is on one side only. Then coupled
with the other frauds, be it insurance fraud, Medicaid fraud,
government fraud, with due respect, you are talking about
another $10 to $15 billion. So fraud costs this nation a
significant amount of money and I think we can do a much better
job if we are allowed the tools or access to the tools to do
it.
Senator Craig. It sounds like precautionary training and
devices to detect and double-checking would be a rather
inexpensive way of solving some of those problems.
Mr. Melnikoff. It certainly would, sir, and we support it.
Senator Craig. Mari, I saw your hand come up. Yes?
Ms. Frank. Yes, sir. Thank you so much. One of the things
that the Postal Inspector did for verification of addresses--
this was after we complained about this in 1998 when I
testified before the Technology Committee for the new Identity
Theft Deterrence Act--was they started sending verification of
address. So if you put in for a change of address, they now
will send a postcard to the old address and the new address to
see if you really have moved.
We have been asking the credit grantors and the banks to do
the same, because--what has happened to John when he became a
victim, what happened to me, the fraudster will always change
the address. They have to do that so you do not find out about
it. The main step that the creditors should be doing is when
they see that the address that is on the application is
different from the credit report, that should be a key signal
that they should verify address with either a phone call or a
postcard before they issue credit, and I have been asking for
this for 6 years and I do not see this happening now with the
creditors.
Senator Craig. Well, that is a great lead-in comment,
Stuart, to turn to you. Mr. Pratt, do the credit reporting
companies have the authority to report suspicious financial
activities that look like ID theft to local authorities.
Mr. Pratt. We do not have any law like the one that permits
banks to permit, under the SAR, the system of SARs. I think
maybe the key question is, do we have the kind of information
that would allow us to even identify something suspicious? We
are loading an enormous amount of information per month into
the databases and so there is almost every variation on a theme
in terms of how files behave, if you will. Some people have
very little credit. Some people accumulate very little credit
over long periods of time. Other folks move frequently, so is
an address change an indication of a problem? Is a couple of
new credit accounts an indication of a problem?
So it may be a little bit difficult for us to pin down and
say, aha, this one looks suspicious relative to the 200 million
files we maintain, relative to the two billion items of
information updated every month over the course of any given
year, but we do not have an official authority to do so, no.
Senator Craig. You did indicate to me, though, that certain
activities cause you to trigger an account, or what was the
term you used in blocking an account or----
Mr. Pratt. Well, when a police report is submitted to us--
--
Senator Craig. When a police report is submitted.
Mr. Pratt. Yes, sir. Then we do use that as a way to
escalate service for the consumer who is a victim. It is a way
for us to----
Senator Craig. Only in that instance, then?
Mr. Pratt. Only in that instance, because today, with the
technology that is out there, if we cannot use a police report,
almost anyone can produce an affidavit. There is an awful lot
of what we call credit repair, fraudulent credit repair
activity, which is a process by which a firm may charge a
consumer hundreds of dollars to then write letters and try to
delete accurate but adverse information off the credit files.
So we have to have a way to distinguish between someone who
simply wants to eliminate important risk data for safety and
soundness of the banking system and someone who genuinely says,
I am a victim of a crime, help me quickly, help me now, and
that is what we do with the police report. That may not be the
final answer, but that is our answer today, is to say a police
report seems like a reasonably safe and sound process--
although, by the way, do not miss that a fraudulent police
report can be produced and we have already received fraudulent
police reports.
Senator Craig. I would think that if they can steal IDs,
they could steal a form and manufacture police reports that
look fairly legitimate.
Mr. Pratt. It is hard to distinguish real and falsified
documents of all kinds, and that is always the struggle for the
industry.
Senator Craig. Then there is no reason in your mind to
believe that a change of address is something that would
trigger a response to check to see if that was a legitimate
change, or is that simply going to be too costly for your----
Mr. Pratt. I do not think we are putting cost as the only
metric out there to measure a decision that we ought to make
that would help our system stay accurate----
Senator Craig. Well, I asked that--that was a legitimate
question, where you get hundreds of millions of data----
Mr. Pratt. Let me put address changes----
Senator Craig [continuing]. You have got, therefore,
probably hundreds of thousands of requests for address changes
a year----
Mr. Pratt. In fact, it is millions----
Senator Craig [continuing]. It does cost to verify.
Mr. Pratt. We receive, because of the--and this goes
actually to some of the Postal Service information as well as
information from Census--about 40 million addresses change
every year in this country. So it is difficult to use an
address on its own as an indicator.
Also, many consumers on their credit file will probably
have or may have more than one accurate address. I may use one
card for my business purposes and so I may use my corporate
address for that particular credit card. So that billing, that
report that comes in every month from that particular lender
shows my business address. Many of my other cards may be my
home address, and so I may even have two legitimate addresses
which are reporting into the system.
So admittedly, it is tough to pin it down and say, aha,
this one is unique and this one deserves some different kind of
attention.
Senator Craig. What would be some of the unintended
consequences of overly broad restrictions on the use of Social
Security numbers on credit reporting companies?
Mr. Pratt. For us, we have the Fair Credit Reporting Act
that says you must maintain reasonable procedures to assure
maximum possible accuracy. That was the law that Bill Proxmire
passed back in 1970.
Consumers have several expectations at the table at any
given time. One is, I want my information safe. Clearly,
another one is, I also want it to be accurate. My credit report
is, in large part, how I get my mortgage and how I do drive
away with my car and how I obtain credit and so on and so
forth.
So with 40 million address changes a year, with what we
estimate to be about three million last names changing in this
country due to marriage and divorce, with consumers sharing
very similar last names--for example, there are about 2.5
million Smiths in this country and another two million Jones in
this country, and so with consumers with very straightforward,
very common last names, to keep that information separate, the
SSN plays a very, very important role in the data accuracy, the
data matching part of how we build our databases.
So it really depends on the approach taken to restricting
the SSN, whether it directly applies to our business model or
the members that we represent or whether it applies more
generally out in some other dimension.
Senator Craig. Stuart, you heard Mr. Stevens testify this
morning. I am aware that you are familiar with his case to some
degree. Could you please tell me or the committee the status of
that case at this moment?
Mr. Pratt. I have committed to Mr. Stevens, and I have to
follow up with him to make sure I understand where he is in the
process, particularly in light of the fact that there
apparently is another account that showed up on his file. I
have to know which of the systems it showed up on. I have to
see whether it showed up in all three and then we will
obviously follow up with him further.
One of the points, though, that Colonel Stevens made which
is important to us, as well, and we will have to understand
this better, is if the account is being cycled through
collection agencies, the account number is not necessarily
always reported to us, and so the question is, can the credit
bureau--we want to keep that bad data off the file at all
costs. There is nothing worse than sending to the customer, the
American Bankers Association member, false information, because
obviously they are making the wrong decision. They are missing
out on a customer with whom they would like to do business,
first of all.
So one of the technical questions, which we do not have to
wade our way through here today, is, is there a collection
reporting issue that we have to look into a little bit further
based on Colonel Stevens' experience? But in terms of the
specifics, obviously, I have made a commitment to Colonel
Stevens to follow up with him and his wife and see where we
are.
Senator Craig. That would be most helpful.
Mr. Pratt. Yes, sir.
Senator Craig. Before I go into this technology
demonstration, Mari, I gave you the first word. I will give you
the last word, if it is brief. [Laughter.]
Ms. Frank. OK. Well, I guess I will say this about
biometrics or Social Security number. I am going to pick up on
this. Biometrics, or that piece of our body that we use as a
unique identifier, in and of itself, it is not good or bad. It
is how it is used.
The one thing I want to bring up that he mentioned was
this, and this is the problem we are having with the Social
Security number, if you use the Social Security number as the
gateway or the key and you really do not spend a lot of time on
other matching, like matching ages, birthdates, address, and
you just focus on that Social Security number, you are going to
get a lot of mismatches and a lot of errors and that causes
that negligent information handling practices and fraud.
The same thing will happen with the biometric information.
So if my fingerprint is used and somehow nothing else matches
and there are these fraudsters and these techno-geniuses who
can corrupt these files, and I have spoken with people in the
Secret Service who have told me it can be done and I have read
about it, so if someone is using a piece of biometric
information instead of the Social Security number and there are
still negligent information handling practices, meaning there
are not matches, then if I become a victim at that point, how
do I prove who I am?
So the issue of biometrics is the same as the issue of
Social Security number. We have to take a broader look and have
greater matching and verification. That is the issue. So I do
not have a problem with biometrics per se just how it may be
misused.
Senator Craig. I think I heard Dennis say, and I am about
to be a victim of it, in a positive sense, that it is not 100
percent accurate, and we understand it. But the application of
it effectively creates a threshold that is important, I think.
I cannot disagree and I think there is one piece of
information amongst many that have emerged out of the
testimonies today, that checking and cross-checking and being
cautious. Obviously, the message that--well, my wife and I just
went through an experience about a year ago with the loss of
her father and, therefore, working with her mother, and my wife
is the trustee of the estate and working with her mother as an
elderly person in Tucson.
Frankly, our relationship with the bank was very positive.
They worked us over good when we went in with her mother to sit
down and begin to work with her on her accounts and her
investments, and it was a cross-check and a double-check. We
were very pleased by that in the end. It was a threshold that
we had to get through. In the first instance, there was almost
an element of annoyance. Here is a daughter and a mother
sitting down together, but the bank did not know that and other
banks that they did business with wanted my daughter's
signature and her presence there, so that was a little
different.
But I was very pleased to see that, that there was a very
real caution being taken there with this elderly person,
because all of a sudden, here were two younger people who by
all appearances were going to access potentially fairly large
sums of money, so Boris, that was a pleasing experience.
I have not yet adjourned this committee. Dennis, what do
you have in mind?
Mr. Carlton. I have two demonstrations here, Senator, one
of iris scan technology and one of finger scan technology to
show you two different applications of how biometrics
identifies an individual it knows and will reject someone that
it does not recognize. So----
Senator Craig. How do I explain if my finger scan shows up
on an FBI file? [Laughter.]
To my knowledge, that will not happen.
Mr. Carlton. It will not here, Senator.
Senator Craig. All right, fine. I told staff, if I was
going to subject myself to this and it was recorded on a CD, I
got the CD. [Laughter.]
Let me come over and see what you have.
Thank you, panelists, very much for the testimony you bring
and obvious experience that you have had on identity theft. The
committee felt it was an important issue that we will continue
to pursue and try to lift visibility, too, for the seniors of
our country and, of course, if you lift it to seniors, you will
lift it to others, because it is a growing concern, as we have
said, nationwide, so we do appreciate that.
I am told that August 20 is National Senior Citizens Fraud
Awareness Week. The Attorney General and Postmaster General
will be speaking to that. I am pleased to hear that. It is
obviously time that we continue on a progressive basis to
publicize these issues, to draw public awareness to them.
I would like to insert in the record a statement submitted
by Marc Rotenberg, Executive Director of the Electronic Privacy
Information Center.
[The prepared statement of Mr. Rotenberg follows:]
[GRAPHIC] [TIFF OMITTED] 82327.109
[GRAPHIC] [TIFF OMITTED] 82327.110
[GRAPHIC] [TIFF OMITTED] 82327.111
[GRAPHIC] [TIFF OMITTED] 82327.112
[GRAPHIC] [TIFF OMITTED] 82327.113
[GRAPHIC] [TIFF OMITTED] 82327.114
[GRAPHIC] [TIFF OMITTED] 82327.115
[GRAPHIC] [TIFF OMITTED] 82327.116
[GRAPHIC] [TIFF OMITTED] 82327.117
[GRAPHIC] [TIFF OMITTED] 82327.118
[GRAPHIC] [TIFF OMITTED] 82327.119
[GRAPHIC] [TIFF OMITTED] 82327.120
Senator Craig. Again, the committee thanks you all for your
participation today and the committee will stand adjourned.
[Whereupon, at 11:49 a.m., the committee was adjourned.]
-
�