[Senate Hearing 107-728]
[From the U.S. Government Publishing Office]


                                                        S. Hrg. 107-728
 
  IDENTITY THEFT: THE NATION'S FASTEST GROWING CRIME WAVE HITS SENIORS
=======================================================================

                                HEARING

                               before the

                       SPECIAL COMMITTEE ON AGING
                          UNITED STATES SENATE

                      ONE HUNDRED SEVENTH CONGRESS

                             SECOND SESSION

                               __________

                             WASHINGTON, DC

                               __________

                             JULY 18, 2002

                               __________

                           Serial No. 107-30

         Printed for the use of the Special Committee on Aging







                           U.S. GOVERNMENT PRINTING OFFICE
82-327                          WASHINGTON : 2002
____________________________________________________________________________
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov  Phone: toll free (866) 512-1800; (202) 512-1800  
Fax: (202) 512-2250 Mail: Stop SSOP, Washington, DC 20402-0001






                       SPECIAL COMMITTEE ON AGING

                  JOHN B. BREAUX, Louisiana, Chairman
HARRY REID, Nevada                   LARRY CRAIG, Idaho, Ranking Member
HERB KOHL, Wisconsin                 CONRAD BURNS, Montana
JAMES M. JEFFORDS, Vermont           RICHARD SHELBY, Alabama
RUSSELL D. FEINGOLD, Wisconsin       RICK SANTORUM, Pennsylvania
RON WYDEN, Oregon                    SUSAN COLLINS, Maine
BLANCHE L. LINCOLN, Arkansas         MIKE ENZI, Wyoming
EVAN BAYH, Indiana                   TIM HUTCHINSON, Arkansas
THOMAS R. CARPER, Delaware           JOHN ENSIGN, Nevada
DEBBIE STABENOW, Michigan            CHUCK HAGEL, Nebraska
JEAN CARNAHAN, Missouri              GORDON SMITH, Oregon
                    Michelle Easton, Staff Director
               Lupe Wissel, Ranking Member Staff Director

                                  (ii)

  
?

                            C O N T E N T S

                              ----------                              
                                                                   Page
Opening Statement of Senator Larry E. Craig......................     1
Statement of Senator Susan Collins...............................     2

                                Panel I

Lieutenant Colonel (Retired) John T. Stevens, Jr., Upper 
  Marlboro, MD...................................................     4
Alice S. Fisher, Deputy Assistant Attorney General, Criminal 
  Division, United States Department of Justice, Washington, DC..    11
James G. Huse, Jr., Inspector General, Office of Inspector 
  General, Social Security Administration, Washington, DC........    24
Howard Beales, Director, Bureau of Consumer Protection, Federal 
  Trade Commission, Washington, DC...............................    34
Douglas Coombs, Deputy Special Agent in Charge, Financial Crimes 
  Division, United States Secret Service, Washington, DC.........    59

                                Panel II

Mari J. Frank, Esq., Privacy and Identity Theft Consultant, 
  Laguna Niguel, CA..............................................    80
Boris F. Melnikoff, Consultant to the Regional President, 
  American Bankers Association (ABA), Atlanta, GA................   100
Stuart K. Pratt, Vice President, Government Relations, Consumer 
  Data Industry Association, Washington, DC......................   113
Dennis Carlton, Director of Washington Operations, International 
  Biometric Group, LLC, Washington, DC...........................   137

                                 (iii)

  


  IDENTITY THEFT: THE NATION'S FASTEST GROWING CRIME WAVE HITS SENIORS

                              ----------                              


                        THURSDAY, JULY 18, 2002

                                       U.S. Senate,
                                Special Committee on Aging,
                                                    Washington, DC.
    The committee convened, pursuant to notice, at 9:30 a.m., 
in room SD-192, Dirksen Senate Office Building, Hon. Larry E. 
Craig, presiding.
    Present: Senators Craig, Carper, and Collins.

            OPENING STATEMENT OF SENATOR LARRY CRAIG

    Senator Craig. Good morning, everyone. Thank you for being 
here. Let me welcome all of you and our witnesses to today's 
hearing here before the Special Committee on Aging.
    First and foremost, I want to thank Senator John Breaux of 
Louisiana, who chairs this committee, for the opportunity to 
address this most important issue. I think Senator Breaux will 
attempt to join us later on, as some of our other colleagues on 
the Special Committee may also.
    But I do believe, and I think all of us in Congress 
believe, that it is important to address the identity theft 
issue and the tragedy that this besets upon our nation's 
seniors. Identity theft is the nation's fastest growing white-
collar crime. It is estimated that over 700,000 Americans 
become victims of identity theft each year. Several thousand of 
those victims are senior citizens, who are uniquely vulnerable 
to this insidious crime.
    As you may recall, in June of last year, I held a hearing 
on elder abuse. We heard testimony about crimes committed 
against our most vulnerable senior citizens. Today, you will 
hear about a different type of crime that is on the rise.
    Our nation's seniors spend a lifetime working hard to 
maintain their independence and develop a legacy that they and 
their families can be proud of. With one fraudulent 
transaction, identity theft can strip away a senior's 
independence, sense of security, and dignity. Identity theft 
can destroy legacies and reputations, leading to depression and 
despair.
    To effectively fight this crime, it is critical that law 
enforcement and the private sector work together. For example, 
Idaho law encourages financial institutions to report suspected 
instances of elder financial crime to local authorities. Banks 
in Idaho, in cooperation with State agencies, provide training 
to their employees on how to identify and prevent financial 
crime targeting the elderly, including identity theft. Idaho is 
only one of five States to implement such a program. I say 
``only.'' It should be 50 States of the Nation aggressively 
pursuing this relationship between the private and the public 
sector.
    We also need to determine how existing State and Federal 
efforts might be enhanced to promote cooperative approaches in 
resolving these very complex cases. Penalties should be 
enhanced when these acts ruin the lives of our most vulnerable 
citizens. Existing Federal resources can and should be targeted 
toward providing more technical training in the identification 
and prosecution of identity theft.
    I commend the Department of Justice and other key Federal 
agencies here today in their efforts to combat this crime. I 
support Attorney General Ashcroft's current aggressive 
nationwide sweep to pursue and prosecute individuals engaged in 
identity theft, including those targeting the elderly.
    Finally, I would like to announce my cosponsorship of S. 
2541, which lengthens prison sentences for those who would 
perpetrate the insidious and destructive crime of identity 
theft.
    I look forward to the testimony from our witnesses today. I 
also view this as an opportunity to build a record that my 
colleagues will look at and consider as they encourage their 
States, both private and public sector law enforcement and 
crime prevention, to participate in fighting identity theft.
    With that, let me invite our first panel before us. We have 
a cross-section of those involved in law enforcement and the 
public sector and those who have experienced this kind of 
situation.
    Let me first introduce to the committee and to the room 
Lieutenant Colonel, Retired, John Stevens of Upper Marlboro, 
MD. John is one of those who I understand has experienced this 
kind of problem in his life, so John, we look forward to your 
testimony. Please proceed.
    Excuse me. We will hold you off for just a second. I have 
just been joined by Susan Collins of Maine, a Senator, a member 
of this committee, and let me allow her to make her opening 
statement, John, before we proceed with your testimony. Thank 
you.
    Susan, welcome.

               STATEMENT OF SENATOR SUSAN COLLINS

    Senator Collins. Thank you very much, Senator.
    Today, the Special Committee on Aging will explore the 
impact of identity theft on our nation's seniors. Identity 
theft is an insidious crime. Unlike many types of fraud, in 
which victims are enticed by deceptive claims or lured by deals 
that are too good to be true, identity theft can occur when a 
victim is simply engaging in everyday activities, or in other 
cases, by unwittingly providing confidential personal 
information to the wrong party. Identity thieves use their 
victims' personal identifiers and financial information to 
commit bank and credit card fraud, insurance fraud, and a host 
of other criminal acts.
    While anyone can be the victim of identity fraud, seniors 
are among the most vulnerable. The number of seniors who have 
become the victims of identity theft is growing rapidly. 
Reported incidents among those aged 60 years and older 
skyrocketed by a staggering 218 percent between the year 2000 
and 2001, and these figures are likely to only continue to grow 
as America's elderly population increases.
    Some of the very achievements that seniors have worked for 
their whole lives contribute to this vulnerability. For 
example, their often excellent credit ratings make the elderly 
a particularly appealing target for identity theft. Many 
seniors have strong credit ratings earned over the years by 
faithfully paying their bills on time. This good credit is 
abused by identity thieves who take out loans, sign leases, or 
open bank or credit card accounts and run up bills in the 
elderly person's name. In a very short amount of time, a 
lifetime's worth of solid credit, along with the pride and 
dignity it brings, can be ruined.
    Other aspects of seniors' lives also make them more 
vulnerable to the tactics used by identity thieves. Some 
seniors are simply unaware of the threat. They are unaware that 
perhaps by engaging in transactions on the Internet that they 
may be vulnerable to identity theft. Consequently, not only are 
they unable to take simple preventive measures, but they also 
may be unaware that their identity has even been stolen for 
some period of time.
    Moreover, fraudulent telemarketers take advantage of 
seniors who live alone by seeming to offer friendship when 
their true purpose is to pump the elderly person for personal 
information.
    As the Chairman of the Permanent Subcommittee on 
Investigations during my first 4 years in the Senate, I held 
numerous hearings on consumer fraud. Two years ago, I chaired a 
PSI hearing that examined the increasing availability of false 
education and credentials, such as drivers' licenses, birth 
certificates, and Social Security cards, over the Internet. One 
of the subcommittee's findings was that false identification 
facilitates a host of other crimes, ranging from underage 
drinking to credit card and bank theft to identity theft.
    One witness who used false identification documents to aid 
in stealing others' identities testified that not only was he 
able to gather personal information about his victims online, 
but he also was able to gather all the false identification 
documents he needed online, as well. Another individual used 
false identification, apparently obtained from a website 
operator, to perpetrate identity theft and a host of financial 
crimes, eventually racking up debts of $35,000 in the victims' 
name.
    In December 2000, the Internet False Identification 
Prevention Act of 2000, which I authored, became law, but I 
still think there is a great deal more that we need to do. One 
of the things that we can do is to increase public awareness 
about this problem, and that is why I am pleased that the 
Senate recently passed legislation, the National Fraud Against 
Senior Citizens Awareness Week, which I hope will lead to 
activities like this.
    I also want to thank Senator Craig for his leadership in 
holding this hearing this morning. Thank you, Mr. Chairman.
    Senator Craig. Senator Collins, thank you, and thank you 
for your leadership in this area. It is a matter of not only 
seniors understanding the risks involved, but trying to plug 
the holes and most assuredly going after those with effective 
prosecution, so thank you again.
    Now, let me turn to our panel, and once again, Lieutenant 
Colonel, Retired, John Stevens from Maryland. Welcome before 
the committee and please proceed. We would ask all of you to 
stay with our 5-minute rule. Your full statements that you 
provided for the committee will become a part of the committee 
record. Thank you.

STATEMENT OF LIEUTENANT COLONEL (RETIRED) JOHN T. STEVENS, JR., 
                       UPPER MARLBORO, MD

    Colonel Stevens. Good morning, Senator Craig, Senator 
Collins. My wife, who is sitting directly behind me, and I wish 
to thank this committee for your concern of the effects of 
identity theft on the senior citizens of this country.
    I am 74-years old and my wife is 3 years younger. We are 
rapidly approaching our 49th wedding anniversary. We are still 
fighting the identity theft battle that began in 1997. Our 
battle now is not with the impostors that used our Social 
Security numbers to open 33 fraud accounts worth $113,000, but 
with the creditors, credit bureaus, and third party collection 
agencies.
    By working 12 to 14 hours a day, paying $6,000 in attorney 
fees, and spending a small fortune in phone bills, we cleared 
the fraud accounts from our credit reports in about a year. 
However, this was only temporary. They would reappear, in our 
credit reports, from the same creditor or a third party 
collection agency. The life of these fraud accounts was 
extended by the cavalier attitude of the credit bureaus and the 
profit motive of creditors in failing to establish policies and 
procedures that would prevent this.
    This recycling of fraud accounts and other personal fraud 
data has been going on now for over 4 years, with no end in 
sight. We never know what we are going to find in our credit 
reports. We are tired of getting threatening letters and phone 
calls from collection agencies. We are tired of constantly 
correcting the fraud accounts and erroneous data that keeps 
appearing in our credit reports. We are tired of having to pay 
cash for purchases, that would normally be financed, because of 
the fraud, data that keeps reappearing in our credit reports. 
We are tired of creditors and collection agencies trying to 
extort money from us, with the help of the credit bureaus on 
known fraud accounts. We want creditors and credit bureaus to 
be held fully accountable for the time, misery and expense 
involved in correcting their errors.
    We are not victims of this crime. We are targets. As a 
target, we will fight back, take evasive action, and employ 
countermeasures against the enemy. I have already survived two 
wars and intend to fight to win this one. My wife and I are 
warriors. We intend to fight back for as long as it takes to 
overcome the horror of this crime and regain control of our 
lives.
    Identity theft is only possible with the full cooperation 
of the three major participants. In our opinion, the impostor, 
the creditor, and the credit bureaus are all co-conspirators 
and equally guilty of identity theft.
    Last year, we contacted an attorney in Louisiana to take 
action against the creditors and credit bureaus in an effort to 
stop their harassment and attempted extortion. We found out 
that there is a 2-year time limit on taking legal action. Of 
course, this only benefits the co-conspirators who are 
responsible for this crime and not those affected by it. This 
time limit should be removed.
    The credit bureaus now sell protection from identity theft. 
Equifax ``Credit Watch'' and Experian's ``Credit Manager'' will 
alert you to significant changes in your credit report and send 
you copies to check the accuracy of the data. Protecting the 
integrity and ensuring the accuracy of information contained in 
a credit report should be a normal part of their operation and 
not just available to those willing to pay them for 
``protection.''
    My wife and I continuously warn people about identity theft 
and how to fight it when it happens. We also warn about other 
related scams, against the elderly, such as automatically 
raising auto insurance rates at age 70, rejected medical 
insurance claims that are only paid upon resubmission, being 
billed for magazine subscription renewals you did not order and 
threats to ruin your credit if you do not pay, telemarketers 
trying to sell you unwanted merchandise, merchants who demand 
your Social Security number for routine purchases, and 
pharmacies that routinely short your pill count on prescription 
drugs.
    We advise others to ``opt out'' of the exchange of personal 
information by banks and other businesses. This practice needs 
to be changed to ``opt in'' only.
    How much longer must we put up with having our credit 
ruined and being harassed and insulted by creditors and 
collection agencies? Why must our personal information be 
distributed to others who use it to harass us with unwanted 
sales pitches and junk mail? Why must we continuously correct 
errors in our credit reports caused by the incompetence and 
greed of others?
    We want our lives back. Enough is enough. My wife and I 
would like to enjoy what time we have left to be together in 
this world. Our feelings can simply be expressed by quoting a 
line from the movie ``Network.'' ``I am mad as hell and I am 
not going to take it anymore.'' It is time to throw the money 
changers out of the temple.
    Senator Craig. John, thank you. That is powerful testimony. 
We appreciate it.
    [The prepared statement of Colonel Stevens follows:]
    [GRAPHIC] [TIFF OMITTED] 82327.001
    
    [GRAPHIC] [TIFF OMITTED] 82327.002
    
    [GRAPHIC] [TIFF OMITTED] 82327.003
    
    [GRAPHIC] [TIFF OMITTED] 82327.004
    
    [GRAPHIC] [TIFF OMITTED] 82327.005
    
    Senator Craig. Now, let me introduce to the committee Alice 
Fisher, Deputy Associate Attorney General, Criminal Division, 
U.S. Department of Justice. Alice, thank you for joining us.

    STATEMENT OF ALICE S. FISHER, DEPUTY ASSISTANT ATTORNEY 
    GENERAL, CRIMINAL DIVISION, U.S. DEPARTMENT OF JUSTICE, 
                         WASHINGTON, DC

    Ms. Fisher. Thank you, Senator Craig and Senator Collins, 
and thanks for giving me the opportunity to testify about 
identity theft in senior citizens and our efforts at the 
Department of Justice.
    As you noted, identity theft is not only a serious crime 
but one of the fastest growing means of fraud in the United 
States. Criminals steal personal identification information 
each year in the thousands to commit crimes ranging from bank 
and credit card fraud to international terrorism. Americans 
lose money, houses, their good credit, et cetera. It goes on.
    These crimes may work particular hardships, financial and 
emotional, on the elderly. The elderly may have a harder time 
recovering financially. They may be less able to withstand the 
emotional toll from what you have to go through to recover your 
identity, as we just heard.
    Perhaps because identity theft does not usually involve 
face-to-face contact between criminal and victim, we do not see 
identity thieves as a group appear to be specifically targeting 
senior citizens. There is no doubt, however, that some 
criminals plan and carry out identity theft fraud knowing that 
their victims are senior citizens. Let me give you some 
examples of Federal prosecutions involving identity theft and 
seniors.
    In a case now under Federal indictment, the defendants and 
others allegedly worked together to identify houses in the 
metropolitan Detroit area that were owned free and clear by the 
elderly people. The defendants would steal the identity of the 
true owners of the houses. Then they would strip the equity out 
of the house by faking refinancing without the owners' 
knowledge or consent. Sometimes they would fake a straw sale of 
the home.
    In another case, a defendant in North Carolina stole mail 
from senior citizens throughout the State, used the 
identification information to produce fake drivers' licenses 
and counterfeit checks, then used the licenses and checks to 
withdraw the seniors' life savings out of bank accounts. I am 
pleased to report that one such defendant was just sentenced to 
over 5 years in prison.
    In another Federal prosecution, the defendant took a job as 
a live-in companion for an elderly woman. After the elderly 
woman was hospitalized, the defendant obtained and used credit 
cards in her name, stealing thousands of dollars. Here, too, 
this defendant received significant jail time.
    It goes without saying that identity thefts such as these 
are extremely harmful to the victims, especially senior 
citizens. Once an identity thief has obtained access to the 
victim's bank or financial accounts, the victim may suffer 
significant financial losses and considerable emotional 
distress.
    In a recent Federal prosecution in Texas, one of the 
victims was an 80-year-old military woman whose checkbook had 
been stolen from her car. After the criminals had drained 
thousands of dollars from her bank account, her doctor had to 
treat her for a stress disorder she experienced as a direct 
result of the crime.
    The Department of Justice regards identity theft as serious 
criminal violation that requires a coordinated response from 
all levels of law enforcement, Federal, State, and local. The 
Department has, therefore, undertaken a three-pronged approach 
to identity theft.
    First, the Department is vigorously pursuing identity theft 
prosecutions across the country. Most recently, in May, the 
Department conducted a nationwide sweep of Federal prosecutions 
targeting identity theft. In that sweep, the Department brought 
73 criminal prosecutions against 135 individuals in 24 
districts. The offenses charged included cases in which 
defendants bilked Americans of millions of dollars, preyed on 
the elderly, and destroyed the credit worthiness of hard-
working families.
    Second, the Department is pursuing additional legislation 
to address the most serious cases of identity theft and to 
provide greater protection to the public through enhanced 
criminal penalties, and I am pleased that, Senator Craig, you 
are cosponsoring this bill introduced by Senator Feinstein, S. 
2541, which would create a new crime of aggravated identity 
theft. This new class of identity theft is defined by the 
nature and seriousness of the crimes committed through the use 
of another's identity. Individuals found guilty of identity 
theft under this proposed bill will receive an additional 2 
years' imprisonment over and above for their sentence for the 
underlying offense, or an additional 5 years' imprisonment 
where the underlying offense is terrorism-related.
    Third, the Department recognizes the importance of 
educating law enforcement and the general public about identity 
theft. Too many people, even criminal justice professionals, do 
not fully understand what identity theft is or how it can 
affect their lives and assets. As a result, the Department is 
sponsoring or directly supporting a number of approaches to 
identity theft education and prevention.
    Thank you, Senator Craig and Senator Collins. I ask that 
the full text of my written remarks be entered in the record.
    Senator Craig. They will be. Thank you very much for that 
testimony.
    [The prepared statement of Ms. Fisher follows:]
    [GRAPHIC] [TIFF OMITTED] 82327.006
    
    [GRAPHIC] [TIFF OMITTED] 82327.007
    
    [GRAPHIC] [TIFF OMITTED] 82327.008
    
    [GRAPHIC] [TIFF OMITTED] 82327.009
    
    [GRAPHIC] [TIFF OMITTED] 82327.010
    
    [GRAPHIC] [TIFF OMITTED] 82327.011
    
    [GRAPHIC] [TIFF OMITTED] 82327.012
    
    [GRAPHIC] [TIFF OMITTED] 82327.013
    
    [GRAPHIC] [TIFF OMITTED] 82327.014
    
    [GRAPHIC] [TIFF OMITTED] 82327.015
    
    [GRAPHIC] [TIFF OMITTED] 82327.016
    
    Senator Craig. Now, let me turn to James Huse, Inspector 
General of the Social Security Administration here in 
Washington. Jim, please proceed.

 STATEMENT OF JAMES G. HUSE, JR., INSPECTOR GENERAL, OFFICE OF 
INSPECTOR GENERAL, SOCIAL SECURITY ADMINISTRATION, WASHINGTON, 
                               DC

    Mr. Huse. Thank you, Senator Craig and Senator Collins, for 
holding this important hearing this morning on identity theft 
and America's senior citizens.
    Criminals do not steal the identities of the elderly so 
they can pretend to be old and wise. They do it because senior 
citizens are more likely than most of us to have significant 
assets, savings, investments, paid-up mortgages, good credit, 
and Federal entitlement checks. People over age 50 control at 
least 70 percent of the nation's household net worth. They are 
also easier and safer to rob. Some are less sure of themselves, 
more trusting, and less aware of simple precautions. Anybody 
can steal candy from a baby, but criminals know our older 
Americans have money for the taking and they do not cry out 
loud.
    Identity theft is an enabling crime, one that permits 
criminals to commit other crimes more effectively. In most 
cases, identity theft begins with the misuse of a Social 
Security number, the SSN. No aspect of my mission of protecting 
Social Security programs from fraud, waste, and abuse is more 
important than our oversight of the use and misuse of the SSN.
    There is an almost infinite variety to these cases. Thieves 
are finding houses owned by the elderly, as Ms. Fisher 
testified, assuming the identities of the true owners and 
stripping the equity out of their houses without their owners' 
knowledge or consent.
    In San Diego, a man who had been a fugitive felon for 17 
years with four prior felony convictions, including prison 
escape, used a 70-year-old South Dakota woman's SSN to create 
33 stolen or fictitious identities. He also took out credit 
cards and loans under these assumed identities while receiving 
Social Security benefits under three of his identities.
    A Virginia man working under a senior citizen's SSN while 
collecting disability benefits under his own number obtained 
over $24,000 worth of loans and credit for goods and services. 
The older man's credit was damaged and his retirement benefits 
were interfered with because of the earnings posted to his 
records at SSA.
    Many elderly individuals who trust the Social Security 
Administration are victims of scams promising more information 
or additional Social Security benefits. Such victims have been 
tricked into parting with their Social Security numbers and 
other personal identifiers, simply assuming that SSA never 
responded to their request for information.
    Yesterday's Washington Post had this story by Dan Oldenburg 
on a ``do not call'' registry scam that victimized the elderly. 
The caller asks for personal information, a bank account or 
credit card number, supposedly to verify if you are on a list, 
but it was a scam. These, of course, are used and sold for 
illegal purposes.
    Congress has enacted helpful legislation to treat the 
disease of identity theft in its later stages. The ability to 
prevent identity theft is even more essential. While we cannot 
return the SSN to its original limited function, we must take 
workable steps to limit both its use and the expansion of its 
use.
    First and foremost, the time has come to make the difficult 
determinations as to those uses that are appropriate and 
necessary and those that are merely convenient. The SSN has 
become a de facto national identifier and its daily use has, in 
many instances, become a luxury we can no longer afford. The 
availability of SSNs on public documents and over the Internet, 
for example, must come to a stop.
    Congress should consider requiring the cross-verification 
of SSNs through both governmental and private sector systems of 
records. Only in such a way can we combat and limit the spread 
of false identification information and SSN misuse. Similarly, 
all law enforcement should be provided the same SSN 
verification capabilities currently granted to employers.
    We need legislation that regulates the use of the SSN and 
provides enforcement tools to punish its misuse. If we are to 
head off the many crimes identity theft breeds, we need 
legislation to restrict sale of SSNs by government agencies, to 
prohibit display of SSNs on government checks, drivers' 
licenses, vehicle registrations, and prohibit sale, purchase, 
or display of the SSN in the private sector.
    I applaud the decision of the Treasury Department to remove 
SSNs from all Treasury checks, including Social Security and 
Supplemental Security Income checks, to protect the privacy of 
the SSN and reduce opportunities for identity theft. This good 
decision needs to be codified into law.
    I describe other needed legislative changes in my written 
statement. With such legislation and the continuing dedication 
of the government agencies involved and of this Special 
Committee, I am confident that we can reverse the trend of 
identity theft against older Americans. Thank you very much.
    Senator Craig. Thank you very much. We will visit at length 
about your suggestions about the use of the SSN and how it 
ought not be used. I think those are very valuable suggestions.
    [The prepared statement of Mr. Huse follows:]
    [GRAPHIC] [TIFF OMITTED] 82327.017
    
    [GRAPHIC] [TIFF OMITTED] 82327.018
    
    [GRAPHIC] [TIFF OMITTED] 82327.019
    
    [GRAPHIC] [TIFF OMITTED] 82327.020
    
    [GRAPHIC] [TIFF OMITTED] 82327.021
    
    [GRAPHIC] [TIFF OMITTED] 82327.022
    
    [GRAPHIC] [TIFF OMITTED] 82327.023
    
    [GRAPHIC] [TIFF OMITTED] 82327.024
    
    Senator Craig. Now, let us turn to Howard Beales, Director, 
Bureau of Consumer Protection, the Federal Trade Commission 
here in Washington. Howard, welcome before the committee.

   STATEMENT OF HOWARD BEALES, DIRECTOR, BUREAU OF CONSUMER 
      PROTECTION, FEDERAL TRADE COMMISSION, WASHINGTON, DC

    Mr. Beales. Thank you, Senator Craig and Senator Collins. 
Thank you for the opportunity to be here today to speak to you 
today about the crime of identity theft, which is a complex and 
pernicious problem in today's society. It is a crime that cuts 
across all lines of our population. Last year, we received 
complaints from just over 86,000 victims, including the 
elderly.
    In 1998, Congress recognized the seriousness of this 
problem by making identity theft a Federal crime. Although the 
FTC does not have criminal law enforcement authority, we play a 
central role in assisting law enforcement and in helping 
victims recover. Under authority given to us by Congress, we 
have implemented a dedicated program to respond to ID theft. 
This program has three central features: Assisting consumers 
through complaint handling and steps to ease recovery; 
supporting law enforcement by making these victims' complaints 
available to State and Federal agencies for their use in 
investigations; and educating consumers on how to prevent and 
how to recover from identity theft.
    The centerpiece of our program is our toll free number for 
identity theft victims, 877-ID-THEFT. Callers are connected 
with trained counselors who take their complaints and walk them 
through the steps to repair the damage done by identity 
thieves. Consumers can also enter their complaints via an 
online complaint form. From both the web complaint form and 
from telephone contact, we gather information about the 
incident, what happened to the victim, what is known about the 
suspect, and any special problems the victim may be 
encountering.
    These data, in turn, are used to support and to enable more 
effective law enforcement investigations. Using our secure web-
based Consumer Sentinel network system, law enforcement 
officers, from local sheriffs to the U.S. Secret Service, can 
access the more than 189,000 complaints that are now in our 
database. They can use that information to track down 
witnesses, to identify trends, or to look at information 
relating to their region or their ongoing cases.
    Using the Secret Service's clustering software and 
supported by research from other law enforcement databases, we 
also develop preliminary investigative reports, which we send 
out to the U.S. Secret Service's Financial Crimes Task Forces 
and to other law enforcement agencies throughout the country to 
both assist and encourage investigations and prosecutions.
    To further support the prosecution of identity theft, we 
are now training local and State law enforcement officers 
throughout the country. Sponsored jointly with the Justice 
Department and the Secret Service, the training focuses on how 
to investigate identity theft and how to coordinate with the 
Federal resources that are available to State and local 
authorities.
    Coordination at all levels is particularly important in 
fighting identity theft because it is a crime that does not 
respect geographic boundaries. We have already trained about 
450 officers from over 110 agencies during the past 4 months 
and more sessions are planned. We continue to develop more and 
better ways to get the complaint data and other resources into 
the hands of those who could best pursue investigations and 
prosecutions.
    Finally, consumer education plays a key role in our 
identity theft program. While no one can completely protect 
themselves from identity theft, there are steps we can all take 
to minimize our vulnerability.
    For example, we advise consumers to be mindful of exposing 
their personal information, in particular, destroying financial 
documents before throwing them out and not leaving behind 
credit card receipts in stores and restaurants. We include such 
guidance in our booklet, ``ID Theft: When Bad Things Happen to 
Your Good Name,'' as well as step-by-step advice for victims on 
how to repair the damage caused by identity theft. To date, we 
have distributed more than 1.5 million copies, both in hard 
copy and via our website. Other agencies, including the Social 
Security Administration, the SEC, and the FDIC, also print and 
distribute the booklet, as do many private sector 
organizations. We recently released a version in Spanish.
    Despite these efforts, the risk of identity theft remains 
real for all Americans, including those aged 60 and over. To 
determine whether the elderly are particular targets for 
identity thieves, we examined the complaints in our database. 
That analysis shows that older Americans experience more or 
less the same types of identity theft at roughly similar rates 
to others.
    In 2001, our clearinghouse received 5,800 complaints from 
victims who were 60 and over. That constitutes 10 percent of 
the complaints where the victims provided their age. In 
contrast, this age group is 16 percent of the U.S. population. 
Without doing a survey of the population, we are unable to say 
whether they are simply less likely to be victims of identity 
theft or if they are just less likely to report it. It is very 
difficult for us to separate those two possibilities in our 
data.
    Americans over 60 experience the same types of identity 
theft and at more or less the same rates as those under 60. 
While there are some variations, for example, senior identity 
theft victims report slightly more credit card fraud than other 
age groups, they also report less employment-related identity 
theft, but there is nothing that signals that older Americans 
in general are more or less vulnerable in any particular way 
from other members of the population.
    We do take special care in our consumer education and 
outreach efforts to reach older consumers. We work closely with 
the SSA, which distributes our booklet, and we have also worked 
closely with AARP, which has run many stories in its 
publications, referring members to our website and toll-free 
numbers and using our statistics to help explain identity 
theft.
    In conclusion, despite the efforts of Congress and Federal 
and State and local law enforcement agencies, identity thieves 
remain among the most insidious and opportunistic of criminals, 
preying without prejudice on all segments of our population. 
The financial and emotional toll paid by the victim, however, 
is likely to be particularly egregious when the victims are 
elderly, who have worked a lifetime to establish good credit, 
only to have it ruined by these insidious thieves. Their acts 
are heinous and the FTC will continue to place a high priority 
in assisting law enforcement agencies in their efforts to 
identify and prosecute these criminals, as well as advising 
older Americans on steps they can do to reduce the risk of this 
crime.
    Thank you, and I look forward to your questions.
    Senator Craig. Howard, thank you very much.
    [The prepared statement of Mr. Beales follows:]
    [GRAPHIC] [TIFF OMITTED] 82327.025
    
    [GRAPHIC] [TIFF OMITTED] 82327.026
    
    [GRAPHIC] [TIFF OMITTED] 82327.027
    
    [GRAPHIC] [TIFF OMITTED] 82327.028
    
    [GRAPHIC] [TIFF OMITTED] 82327.029
    
    [GRAPHIC] [TIFF OMITTED] 82327.030
    
    [GRAPHIC] [TIFF OMITTED] 82327.031
    
    [GRAPHIC] [TIFF OMITTED] 82327.032
    
    [GRAPHIC] [TIFF OMITTED] 82327.033
    
    [GRAPHIC] [TIFF OMITTED] 82327.034
    
    [GRAPHIC] [TIFF OMITTED] 82327.035
    
    [GRAPHIC] [TIFF OMITTED] 82327.036
    
    [GRAPHIC] [TIFF OMITTED] 82327.037
    
    [GRAPHIC] [TIFF OMITTED] 82327.038
    
    [GRAPHIC] [TIFF OMITTED] 82327.039
    
    [GRAPHIC] [TIFF OMITTED] 82327.040
    
    [GRAPHIC] [TIFF OMITTED] 82327.041
    
    [GRAPHIC] [TIFF OMITTED] 82327.042
    
    [GRAPHIC] [TIFF OMITTED] 82327.043
    
    [GRAPHIC] [TIFF OMITTED] 82327.044
    
    [GRAPHIC] [TIFF OMITTED] 82327.045
    
    [GRAPHIC] [TIFF OMITTED] 82327.046
    
    Senator Craig. Our last witness on this first panel is Doug 
Coombs, Deputy Special Agent in Charge, Financial Crimes 
Division, U.S. Secret Service. Doug, welcome to the committee.

 STATEMENT OF DOUGLAS COOMBS, DEPUTY SPECIAL AGENT IN CHARGE, 
   FINANCIAL CRIMES DIVISION, UNITED STATES SECRET SERVICE, 
                         WASHINGTON, DC

    Mr. Coombs. Thank you very much. Mr. Chairman, Senator 
Craig, Senator Collins, thank you for the opportunity to 
address this committee on the subject of identity theft and the 
Secret Service's efforts to combat the problem. I am 
particularly pleased to be here with my colleagues and partners 
in fighting identity theft from the Federal Trade Commission, 
Department of Justice, and the Social Security Administration.
    With the passage of new Federal laws in 1982 and 1984, the 
Secret Service was provided jurisdiction for the investigation 
of the counterfeiting of identification documents and access 
device fraud. The explosive growth of these crimes has resulted 
in the evolution of the Secret Service into an agency that is 
recognized worldwide for its expertise in the investigation of 
all types of financial crime.
    The burgeoning use of the Internet and advanced technology, 
coupled with increased investment, has led to a great expansion 
within the financial sector. Although this provides benefits to 
the consumer through readily available credit and consumer-
oriented financial services, it also creates a target-rich 
environment for today's sophisticated criminals, many of whom 
are organized and operate across international borders. 
Information collection has become a common byproduct of the 
newly emerging e-commerce and has led to an entirely new 
business sector being created which promotes the buying and 
selling of personal information.
    As a result, the information consumers provide in credit 
card applications, loan applications, or with merchants they 
patronize are a valuable commodity in the new age of 
information trading. With the availability of this personal 
information, the crime of identity theft can be perpetrated 
with minimal effort on the part of even the relatively 
unsophisticated criminal.
    Identity theft is not typically a stand-alone crime. It is 
almost always a component of one or more crimes, such as bank 
fraud, credit card or access device fraud, or the passing of 
counterfeit financial instruments. In many instances, an 
identity theft case encompasses multiples types of fraud and 
affects all Americans, regardless of age, gender, nationality, 
or race.
    Obviously, the impact is magnified when it affects one of 
America's most valued assets, the elderly, as they represent a 
generation with a trusting nature that is easy to exploit. This 
group is particularly dependent on other caregivers for 
assistance, such as relatives, medical staff, service 
personnel, and oftentimes complete strangers. This dependency 
increases their vulnerability to certain schemes involving 
identity theft.
    It has been our experience that criminal groups involved in 
financial fraud and identity theft are increasingly diverse and 
routinely operate in a multi-jurisdictional environment. This 
has created problems for local law enforcement agencies that 
generally act as the first responders to their criminal 
activities. By working closely with other Federal, State, and 
local law enforcement, we are able to provide a comprehensive 
network of intelligence sharing, resource sharing, and 
technical expertise bridging jurisdictional boundaries. This 
partnership approach to law enforcement is exemplified by the 
37 Financial and Electronic Crimes Task Forces the Secret 
Service has located throughout the country.
    Another important component of the Secret Service's 
preventative investigative efforts has been to increase 
awareness of issues related to financial crime investigations 
in general and of identity theft specifically. The Secret 
Service has tried to educate consumers and provide training to 
law enforcement personnel through a variety of partnerships and 
initiatives. The Secret Service has assigned a Special Agent to 
the Federal Trade Commission on a full-time basis to support 
all aspects of their identity theft program.
    The International Association of Chiefs of Police and the 
Secret Service have partnered to produce an ``Identity Theft 
Roll Call'' video geared toward local police officers 
throughout the nation. The purpose of this video is to 
emphasize the need for police to document a citizen's complaint 
of identity theft regardless of the location of the suspect. 
The video and its companion reference guide will provide 
offices with information that can assist victims with 
remediation efforts.
    At the request of the Attorney General, the Secret Service 
joined an Interagency Identity Theft Subcommittee comprised of 
Federal, State, and local law enforcement agencies, regulatory 
agencies, and professional agencies. It meets regularly to 
discuss and coordinate investigative and prosecutive 
strategies, as well as consumer education programs.
    All levels of law enforcement should be familiar with the 
resources available to combat identity theft and to assist 
victims in rectifying damage done to their credit. The Secret 
Service has already undertaken a number of initiatives aimed at 
increasing awareness and providing the training necessary to 
address these issues, but those of us in law enforcement and 
consumer protection communities must continue to reach out to 
an even larger audience and we must continue to approach these 
investigations with a coordinated effort. This is central to 
providing a consistent level of vigilance in addressing 
investigations that are multi-jurisdictional, while avoiding 
duplication of effort.
    The Secret Service is prepared to assist this committee in 
protecting and assisting the nation's largest growing 
population segment with respect to prevention, identification, 
and prosecution of identity theft criminals.
    That concludes my remarks. I will be glad to answer any 
questions that Senator Craig and Senator Collins might have. 
Thank you.
    Senator Craig. Doug, panelists, thank you very much for 
your remarks.
    [The prepared statement of Mr. Coombs follows:]
    [GRAPHIC] [TIFF OMITTED] 82327.047
    
    [GRAPHIC] [TIFF OMITTED] 82327.048
    
    [GRAPHIC] [TIFF OMITTED] 82327.049
    
    [GRAPHIC] [TIFF OMITTED] 82327.050
    
    [GRAPHIC] [TIFF OMITTED] 82327.051
    
    [GRAPHIC] [TIFF OMITTED] 82327.052
    
    [GRAPHIC] [TIFF OMITTED] 82327.053
    
    [GRAPHIC] [TIFF OMITTED] 82327.054
    
    [GRAPHIC] [TIFF OMITTED] 82327.055
    
    [GRAPHIC] [TIFF OMITTED] 82327.056
    
    Senator Craig. Let me start with a brief line of 
questioning, then I will turn to Senator Collins, and then I 
may have additional questions.
    John, what is the best advice you might give seniors who 
would be looking at this record or listening in to protect 
themselves from what happened to you and Mrs. Stevens?
    Colonel Stevens. First of all, so many people want your 
Social Security number. Do not give it to them unless there is 
a legitimate need for it, because that is the beginning of all 
the identity theft and it was the beginning of ours. We 
suspect----
    Senator Craig. So it was the Social Security number that 
was the entry to your resources?
    Colonel Stevens. We suspect that they came off of the DOD 
computers that have access to my wifes and my Social Security 
numbers, under the DEERS and ID program that they were able to 
get that information on us. But the thing is, just be aware, do 
not talk to door-to-door salesmen that just happen to be in the 
neighborhood. Never fall for any of the telemarketing schemes. 
Always opt out whenever you have the opportunity, and if you do 
not, complain anyway so that it just cuts down on a lot of the 
junk mail that you have to shred. Generally, be aware of what 
is happening.
    The major thing that you have to do is just stop giving out 
information indiscriminately. Everybody wants to find out about 
you, but do not answer the questions.
    Senator Craig. John, do you know if those who perpetrated 
the crime against you and Mrs. Stevens were ever apprehended 
and prosecuted?
    Colonel Stevens. They have not been, but we suspect we know 
who they are and I think it was a person that probably had 
access to the DOD computers.
    Senator Craig. How long ago was this? When did this start?
    Colonel Stevens. It started--we found out about it in March 
1997.
    Senator Craig. Ninety-seven.
    Colonel Stevens. This was by a phone call from then-Nations 
Bank wanting me to make payments on a Jeep Cherokee that was 
bought in Texas, and I am living in Maryland. I do not have a 
Jeep Cherokee. We found out that there were a total of five 
cars that were bought in our name and total damages--they 
totaled it up to $113,000.
    Senator Craig. Alice, what is the single greatest 
challenges for prosecutors in obtaining a conviction in 
identity theft cases?
    Ms. Fisher. I think the biggest challenge for all of us, as 
John said, is prevention and education of ways to prevent. But 
from a prosecutorial perspective, I would say that prompt 
reporting and aggressive review of financial data and reporting 
to State police, local police, Federal authorities, so we can 
investigate the case immediately. It gives us a better chance 
to find the culprit and then prosecute them. Once we find who 
did it, the prosecution actually is fairly straightforward. But 
it is finding the criminals.
    In one case, I think it was out of Texas, it was 20 years 
before it was reported by the woman who was the victim of an 
identity theft because she did not regularly use credit cards, 
and the person that had committed the crime had used her Social 
Security number to get drivers' license in some States, filed 
bankruptcy in another State, and was arrested in yet another 
State, and it was 20 years before they found it.
    So I would say the challenge is to encourage people to 
report any suspicious activity promptly to the authorities.
    Senator Craig. In this effort, is State law a problem?
    Ms. Fisher. Actually, in the last 3 years, the States have 
really gotten on board in this problem and 47 States have 
passed identity theft laws. So we are real pleased in the way 
that they are coming along. We also coordinate through the 
Attorney General's Subcommittee on Identity Theft with the 
National Association of Attorneys General and the National 
Association of District Attorneys and the International 
Association of Chiefs of Police and reach out to chiefs of 
police all over the nation.
    I would say that one of the things we would hope that the 
State and locals would do better is to fill out police reports 
better, because not only does that get us on board for 
enforcement, but it also helps victims, such as John, to use 
that police report to secure and restore their identity.
    Senator Craig. Thank you.
    Mr. Huse, in today's world of trying to develop single-
digit, or multiple-digit but single-number IDs, we all want a 
universal phone number that we can use anywhere in the world, 
and in the wireless world, that is becoming increasingly the 
case. I think we all want to consolidate numbers as much as we 
can because we find our mind full of all kinds of access 
numbers and code numbers and that type of thing. Is there any 
prohibition now against the use of the SSN?
    Mr. Huse. No. The SSN is pretty much the de facto national 
identifier, and I think, as a people, we need to accept the 
fact that it has become that. It pervades almost every aspect 
of our governmental, financial, and commercial lives. We are 
our number, and I think that probably as a people, we do not 
want a national identity card, but we have a great ambiguity 
about the fact that the number has become very convenient for 
us to do business in this very complex world we have today. So 
I think, to answer your question, we need to live with the 
reality of what the number is and what it does and now look at 
ways to make its integrity stronger. I think that is the key.
    Senator Craig. You had suggested that might be done by 
requiring limits in its application, I guess that is a better 
way of saying it?
    Mr. Huse. I think we need to look at how the number is used 
and how it is displayed and how it is aggregated in different 
data banks and databases by people who use it for commercial 
purposes. We need to regulate that. We have to be sure that the 
data in these stores, whether they are independent research 
companies or financial institutions or credit bureaus, we have 
to be sure that the data there is accurate and that the people 
that run those are responsible for that data. I think that is 
an obligation of government.
    I think that those records need to be matched, not only 
commercial and financial records, but also all government 
records at local, county, State, and Federal records so that 
their data is accurate. In that process, the anomalies will 
fall out and those become key law enforcement leads. I do not 
know any other way to fix this.
    I have been involved in this for 32 years. I was a Secret 
Service agent long before I became an Inspector General. This 
is a problem that has a solution, but it involves a little bit 
more action. A lot has been taken, and I think this is the last 
step to really make it protected.
    Senator Craig. This committee, and we will work with you, 
visit with you about that at length to see where we might make 
better use of your ideas.
    Mr. Beales, is there a way to acquire reports of identity 
theft from credit reporting agencies to supplement your current 
database?
    Mr. Beales. Well, what we do right now is the credit 
reporting agencies refer people to us and we refer people to 
them, so that when people call us, we certainly tell them to 
call the credit reporting agencies to make sure that they get a 
copy of their credit report and make any corrections to their 
credit reports and the credit reporting agencies, when they get 
a complaint, they urge the victims to call the FTC to get our 
consumer education materials and also to report the offense for 
law enforcement purposes.
    They need somewhat different data than we do and we get 
information about the nature of the crime that is useful to us 
that they do not particularly need. So it is not clear that 
direct sharing would be the most efficient way to go about it, 
simply because of the different information needs. But we do 
think we have good cooperation in referring consumers so that 
we probably are picking up most of those complaints, but we 
cannot tell for sure.
    Senator Craig. Let me move on to Mr. Coombs and then my 
other colleagues, and Senator Tom Carper has joined us, and 
then I will come back to you, Mr. Beales, with another 
question.
    Mr. Coombs, is there a danger that funds stolen through 
identity theft can become sources for funding terrorist 
activities domestically, or is there any evidence that that has 
ever occurred?
    Mr. Coombs. Prior to my current assignment as Deputy 
Special Agent in Charge in the Financial Crimes Division, I 
spent numerous years supervising and running a Counterfeit 
Crimes Task Force in Orange County, CA, and then a fraud squad 
in Los Angeles, CA, which is among some circles considered the 
identity theft capital of the world.
    It is my experience that, as Senator Collins pointed out in 
her opening remarks, that fraud identification, credit card 
fraud, and stolen identities certainly have evolved to where 
they are the tools of the criminal of the 21st century, if you 
will. It is my experience that financial crimes and identity 
theft, which is often a component of financial crimes, is 
committed by a spectrum of the criminal element, if you will, 
from the drug dealer who needs to support a habit to organized 
criminal groups that it is part of their overall criminal 
portfolio, to the unsophisticated criminal who utilizes 
dumpster-diving as a means to compromise information, to the 
sophisticated technically savvy, if you will, criminal who 
utilizes hacking and maybe a scheming device to compromise this 
information.
    It is the vulnerability of the information that is 
susceptible and is prone to identity theft. Therefore, it 
certainly is possible and feasible that terrorists could 
compromise information for financial gain, or more importantly, 
to create that cloak of anonymity to commit other types of 
crimes.
    Senator Craig. Thank you very much.
    Before I turn to Senator Collins for questions, let me turn 
to Senator Carper to see if he has any opening statement. Tom.
    Senator Carper. I do not. I am glad to be here and I am 
glad you are here, as well. I really just came to hear Susan 
Collins' questions. [Laughter.]
    Senator Collins. Right.
    Senator Craig. Here we go. Senator Collins?
    Senator Collins. Thank you very much, Mr. Chairman.
    Colonel Stevens, it was fascinating to hear that you first 
found out that your identity had been stolen when you got a 
call from a bank demanding payments on a Jeep that you did not 
own, and then you found out that there were five other cars or 
vehicles that had been purchased in your name.
    I would like you to tell us a little bit about what you did 
when you realized this had happened to you and how cooperative 
were credit card companies, banks, and credit bureaus in your 
quest to straighten it out, because from my experience as a 
financial regulator at the State level, I know a lot of times, 
consumers felt extremely frustrated in trying to straighten out 
instances of just misidentity, where two people have the same 
name, much less identity theft. Could you tell us whether this 
has been a difficult process or not?
    Colonel Stevens. It is very difficult. The first thing, I 
had to get my wife down off the ceiling, because when she got 
all this information, she exploded. Thank goodness, I am 
partially deaf anyway, so----[Laughter.]
    After the phone calls--in other words, to clear the Jeep 
Cherokee, I faxed them a copy of my driver's license. They 
faxed me a copy of the application. The only thing correct on 
it was the Social Security number and a smattering of my first 
and last name. The birthdays were wrong and everything else was 
wrong. In fact, if they had checked the birthdays and the issue 
date of the Social Security number, they would have found the 
Social Security number was issued before they were born. You 
know, just a simple check.
    But we requested copies of the credit reports. Then we 
started to treat it like a--well, since I was in research and 
development for so long, we treated it like a project, 
systematically, with notebooks tracing down these creditors, 
because the credit bureaus did not have the information to 
contact them. So we would have to make numerous phone calls. I 
would go on the Internet and try to trace down an address and 
phone number.
    So we finally contacted a majority of them and we would 
send them a sworn affidavit attesting to the fact that we did 
not do it. In other words, we are proving the negative. We did 
not do it. We are not the ones you are looking for.
    So based on that, they would take that information and 
clear the account, or so we thought. Anyway, it disappeared 
from the credit report. Then again, they would turn up a little 
while later, a couple of months later, in a third party 
collection agency. We have had some that have recycled as many 
as five times now. My wife just got notice of another one that 
was cleared and recycled again. It just keeps going on.
    Senator Collins. So it is still going on even as we speak, 
5 years later?
    Colonel Stevens. I described it once before as this 
birthday candle you blow out and it keeps relighting itself. 
[Laughter.]
    It just keeps coming back.
    Senator Collins. Mr. Beales, we have heard Mr. Stevens talk 
about how extremely difficult it is for him to restore his good 
credit and clear his name and that has been my experience in 
talking with consumers in Maine, as well. Obviously, Mr. 
Stevens describes himself as a warrior. He is undaunted. He is 
just going to keep pursuing this. But for a lot of seniors who 
are considerably older than Mr. Stevens and perhaps more 
intimidated by the process, this is a real problem.
    Does the FTC actually assist individual consumers in 
clearing their record and restoring their good credit or are 
you just a repository for information and education about this?
    Mr. Beales. We are definitely a repository for information. 
We assist individual consumers in providing them with 
information and the steps to take, but we do not have the 
resources to do it on their behalf or to go as their advocate 
in dealing with the process. We try to explain the process, 
talk them through the process of what they have to do so they 
know what is coming, but they have to do it themselves.
    Senator Collins. Mr. Chairman, I think that is a problem 
for a lot of our seniors and I do want, as part of this 
hearing, to let people know that most States have a Bureau of 
Consumer Credit Protection or something along that line which 
may be willing to intervene more directly for consumers.
    Inspector General Huse, I want to follow up on the issue of 
the Social Security number because Mr. Stevens' case shows that 
that is the gateway to this crime in so many instances. I agree 
with you that the Treasury has taken a very important step by 
no longer printing the Social Security number on Social 
Security checks, but could you give us other examples of either 
legislative or administrative actions that you think should be 
taken to better safeguard that Social Security number, because 
once you have that, once the thief has that, it is very easy 
for him to get the other information he needs.
    Mr. Huse. It is the breeder identification, the Social 
Security number, in every possible context, to include in 
terrorists' activities, the use of numbers, identifying 
numbers, fake Social Security numbers. In the case of the 
September 11 terrorists, I think the Director of the FBI has 
testified to that, that that has been a result of their 
investigative efforts.
    This number is so pervasively used, I think the obligation 
now is to make sure that the numbers themselves have some 
accuracy, and we have so many systems of records at local, 
county, State, and the Federal level, on just the governmental 
side. All those records should be accurate as to who I am, who 
you are, and what our Social Security number is because it has 
become our identification.
    That can be done by the Congress requiring periodic 
matching of that data so that all of those systems of records 
are accurate. If you take care of that, that is one piece. The 
Congress could consider making that requirement binding on the 
financial and commercial sector for the legitimate reasons that 
the number has been expanded to be used in commerce. We will 
never be able to pull that back unless we replace it with 
something else. That is a requirement, I think--that due 
diligence should be part of their ability to use the number.
    The Social Security Administration itself has taken 
tremendous steps in the last few years to improve the business 
process of issuing the number. Now we have to fix the process 
of keeping the number accurate and strong in terms of integrity 
through its use. I think those are places we can work and find 
some solutions.
    Senator Collins. Mr. Chairman, thank you. I know my time 
has expired. I do want to just let Ms. Fisher know that I am 
expecting a report from the Justice Department pursuant to the 
law on Internet identity theft. It has been over a year and I 
hope it will be forthcoming soon, because it does ask for 
legislative recommendations in this area. Thank you.
    Senator Craig. Thank you.
    Tom, questions?
    Senator Carper. Thank you. Yes, indeed.
    About 5 years ago, one of our nieces down in North Carolina 
had her identity stolen and what occurred after that has been 
something I would not want to visit on anybody. On the one 
hand, there are the financial concerns and worries, but it is 
just as Mr. Stevens knows, just a huge pain in the neck to put 
up with--a lot of stress, a lot of worry, and a lot of 
aggravation.
    I want to follow up on the question that Senator Collins 
presented to Mr. Huse. One of the questions I ask of panels is 
what should we do? You began to answer that question, and I 
would just ask of others at the table to do so as well. What 
should we do as legislators to address this problem? What is 
our obligation?
    Mr. Huse, you have already spoken a little bit. I do not 
want to pick on you too much.
    Mr. Huse. I will only add one thing and then stop. The 
piece I also strongly believe in is that we have to grant law 
enforcement--because this crime is so pervasive and it cuts 
across all levels of government--we have to grant law 
enforcement at the local, county, State, and Federal level, but 
particularly those local law enforcement officers, the right to 
verify Social Security numbers, just as we allow employers to 
do that now on the wage and earnings side, to see if the person 
has the right to work.
    That tool is critical in the early investigative stages of 
an identity theft case like Colonel Stevens. If local law 
enforcement can establish those identities as they are working 
the crime, a lot more can be done as we do now. This crime, 
because of the Internet and our modern technology, works so 
quickly, we need to give all of the tools we can to law 
enforcement.
    Senator Carper. OK, thank you. Others?
    Mr. Beales. Senator, I think S. 2541 is a very good idea, 
toughening the penalties and streamlining the proof 
requirements for identity theft is a good way to address the 
problem. I think hearings like this help to reduce the problems 
because they bring them to people's attention. That encourages 
people to report problems to us sooner, and we have definitely 
seen that trend in our database over the last couple of years, 
and that, in turn, makes it easier to prosecute.
    I think that verifying Social Security numbers is a very 
interesting idea that potentially raises some privacy problems, 
depending on what records are being matched, that would give us 
some pause, but it is certainly worth exploring.
    Senator Carper. Thank you, and I recognize that. There has 
to be a public policy debate over those uses, between 
individual rights and the collective good. But I think it is a 
debate worth having.
    I, too, endorse S. 2541 in the sense that under present 
laws now, a lot of sentencings in terms of identity theft are 
not as strong as they could be. We have had two recent 
investigations where the sentences, at least to a lay person, 
seemed light in view of the severity of the crimes that were 
committed. This is a bill that we really need soon.
    Ms. Fisher. I would agree with that, Senator.
    Senator Carper. What else would you like to offer, Ms. 
Fisher?
    Ms. Fisher. Well, I think this bill would increase the 
penalties which not only encourages our U.S. Attorneys across 
the country to prosecute these crimes, because there are harder 
sentences, but hopefully will have a significant deterrent 
affect when people want to steal others' Social Security 
numbers or other identification information to engage in bank 
fraud or credit card fraud or document fraud that relates to 
terrorism or anything else like that. So for the deterrent 
effect, as well, we think it is important.
    Senator Carper. Mr. Coombs.
    Mr. Coombs. I agree with Ms. Fisher. Any more tools that 
you can give law enforcement for their tool box is a tremendous 
enhancement. It is commonly known in criminal circles that the 
crime of identity theft, the penalties are low and the 
financial gains, the probability, are extremely high. S. 2541 
has mandatory sentencing for identity theft, and if it is 
terrorism-related, there are more years added, and that is a 
tremendous bill and also would have the support of the Secret 
Service, as well.
    In regards to information and verifying information, 
anything that we can do to verify businesses--verify 
information, because it really is the compromise of information 
that is the root cause of identity theft, and if there is any 
avenues to provide banking institutions, for instance, to 
verify information with good information versus the bad 
information that they are getting, that would be a tremendous 
asset to them.
    I know the Treasury Department yesterday issued some 
regulations to enhance risk assessments and ``know your 
customer'' as a result of the PATRIOT Act, and the Secret 
Service works closely with the financial industry in developing 
protocols for knowing your customer. So, hopefully, with these 
protocols and enhancements and knowing your customers, we can 
do better at verifying this information.
    Senator Carper. Thanks.
    Colonel Stevens. I would like to take a little bit 
different approach, sir. I think the creditors, the banks, and 
the credit card companies, and the credit bureaus should be 
held accountable for opening fraud accounts. In my case, I have 
seen that just a little bit of diligence on checking an 
address, a birthdate, a place of employment--for instance, I 
was listed as working at Stanley Tools in Texas after I retired 
from Johns Hopkins University as a physicist, so----
    Senator Carper. How did you like working at Stanley Tools? 
[Laughter.]
    Colonel Stevens. It was enjoyable, apparently. The people 
spent a lot of money who worked there. But just to hold the 
people accountable to show a little bit of care in opening 
these accounts, look at birthdays, or a different address. Of 
course, I was told once that 15 percent of the people move 
every year, so they could not disqualify them for credit on 
that basis. My answer to that is, 85 percent of them do not 
move, so we all have to suffer for that.
    Why can they not just take more care in opening the 
account, check the data, and the credit bureaus can look for 
any drastic changes. In fact, they have a protection policy now 
that costs, I think, $79.95 a year that they will do that. I 
thought they should do that under the normal process of doing 
business.
    Senator Carper. One follow-up question, and it sort of 
follows up to what Mr. Stevens has just said. When someone's 
identity is stolen and credit card purchases are made illegally 
using that stolen identity or other, whether it is credit card 
purchase or others, who ends up suffering the financial loss?
    Colonel Stevens. The creditor has to suffer that and that 
is why they are so determined that they are going to turn that 
account over to a third party collection agency, which comes 
right back on me. They will hound you to death to try to make 
you pay that bill. Now, some people will cave into that, and 
that is a warning to senior citizens like myself. Do not pay 
it, because that is an admission of guilt and that account will 
remain on your credit report, I believe, for 7 years. But they 
will hound you, they will call you on the phone, and if you 
clear it with them, they turn it over to another one, and we 
have had some recycled going on the fifth time now, with the 
same account.
    Senator Carper. What can we do to change the incentive so 
that the incentive falls more on the issuer of, we will say, 
the credit card to be more diligent in terms of the background 
checks to control their underwriting losses?
    Mr. Beales. Senator, I think, mostly, they have the right 
incentives now, because ultimately, it is the creditor that 
pays the losses and that is certainly the way it should be. If 
they issue credit to the wrong person, they ought to have to 
eat the loss.
    The difficulty is, I think, from the creditor's perspective 
and also from the way the system as a whole has to work, is 
there are also people out there who do owe the money and simply 
are not paying. So creditors have a legitimate interest in 
trying to collect in those kinds of cases and it is hard for 
creditors to distinguish the victim of identity theft from the 
deadbeat in some cases.
    We can try to make that process easier and encouraging 
people to file police reports is one thing that helps with 
that. We have developed a uniform fraud affidavit that 
creditors will accept as evidence that this really is an 
identity theft victim. But there is a tension there that is 
inherent in the nature of the crime that I think is difficult 
to get rid of entirely.
    Mr. Huse. This really comes down to the accuracy of these 
records, and that is the difficulty on the commercial side, is 
they have information that they have aggregated through various 
ways, but there is no way for them to verify that information 
in a facile way, or any obligation right now, either, other 
than due diligence in a business context.
    If we make it, that cross-verification, a requirement, over 
time, the number has better standing than it does now. Right 
now, it is defeated because it is--the integrity is very 
amorphous, and I think that is really an aspect there that 
deserves a good look.
    Senator Carper. OK, good. You have been most helpful. Thank 
you for your testimony. Thank you for your response to our 
questions. Mr. Stevens, good luck.
    Colonel Stevens. As long the candle does not relight 
itself, we will be struggling out there. We are going to fight 
them, though.
    Senator Carper. Thank you.
    Senator Craig. Tom, thank you very much.
    Mr. Beales, one last question of you. Are there factors 
within the aging population that may indicate that this crime 
is being under-reported relative to their general population, 
or relative to the general population. You were giving us 
statistics as to those victimized. In many other areas, we find 
seniors under report simply because of their view of their own 
personal integrity or their privacy sense or they are going to 
suffer through a bit of a different attitude in a population 
base compared to younger people.
    Mr. Beales. We certainly see that in our fraud cases, that 
the elderly are less likely to report that they are victims of 
fraud than are members of the population at large. It is not 
clear that translates here, although it may, because this is a 
little bit more like having your wallet stolen. This is to say 
you are a victim in a very different way than you are in a 
fraud where you sort of have to say you are a victim and you 
have to admit you were taken. But having your wallet stolen is 
not quite like that. So it is not clear that it is the same 
sort of a problem. It may be, and we are in the design stages 
of some research to try to find out whether there really is a 
difference, but at this point, we do not know.
    Senator Craig. Alice, gentlemen, thank you all very much 
for your testimony today. You have helped build a valuable 
record. We appreciate it. Thank you.
    Now, let me call our second panelists forward, if you would 
please come forward.
    Let me thank our second panel for being here. Let us get 
started, if we could, please, and let me first introduce Mari 
Frank, a Privacy and Identity Theft Consultant from Laguna 
Niguel, CA. Mari, welcome before the committee.

 STATEMENT OF MARI J. FRANK, ESQ., PRIVACY AND IDENTITY THEFT 
                 CONSULTANT, LAGUNA NIGUEL, CA

    Ms. Frank. Thank you very much, Senator Craig, for inviting 
me and for holding this important hearing. I am the author of 
the ``Identity Theft Survival Kit,'' which I have brought as a 
resource to this committee to give to you.
    Senator Craig. Great. Thank you.
    Ms. Frank. As a member of AARP myself, several years ago, 
an imposter took my identity and stole over $50,000 using my 
name and my profession as an attorney. Additionally, I have 
personally assisted hundreds of elderly victims myself.
    There is very little that seniors can do to prevent this 
crime. Law enforcement needs more resources and it needs to 
investigate, which often they do not. But law enforcement will 
never have the power to prevent it. The key players with the 
unique opportunity to thwart this crime are governmental 
agencies and businesses that collect and use our information. 
Security breaches of databases, careless information handling 
practices, and unscrupulous employees facilitate this fraud. 
There is no control over information in the hands of others and 
there is no opportunity to avoid identity theft. Once 
victimized, it may take months or years to find out, and then 
to remedy the situation.
    Here are a couple of examples of real-life stories. Sidney, 
a retired executive, learned that his identity was stolen after 
he and his wife purchased a new home. His loan application with 
his three-in-one credit report revealed his credit score, his 
Social Security number, and all of his accounts. His 
masquerader, using that loan application, was able to open new 
credit card accounts, rent a new apartment, obtain utilities, 
stealing over $100,000 in their name.
    Allan and Marcia were retired in a mortgage-free home. They 
learned that convenience checks were stolen from their mailbox 
and thousands of dollars were spent in their name. Checks were 
stolen, credit cards were opened, other purchases were made. 
Worse yet, they learned that their mortgage-free home now had a 
mortgage with a lender who was threatening foreclosure.
    Steve, a 78-year-old retired policeman, was living in an 
assisted care facility. His personal information was held in an 
unlocked cabinet in the nursing home and later used to purchase 
luxury cars and electronic equipment. He even found that he had 
a criminal and fraudulent DMV record in another State.
    Lorraine, a 65-year-old widow of a deceased decorated 
United States Air Force General found out several months after 
her husband's death that his identity was stolen to commit 
security crimes. Not only is she left to deal with that 
grieving, but also to clean up his tarnished reputation.
    Although Federal law protects victims of credit card fraud 
from paying the losses, as we know, there are still out-of-
pocket costs, which may cost thousands of dollars. Also, for 
those who experience ``ATM-VISA fraud,'' and check fraud, 
replacing the money in those accounts is almost impossible. 
Without assistance, the elderly feel overwhelmed, give up, pay 
fraudulent bills, or even file bankruptcy. Emotionally, seniors 
feel very victimized, and violated, not only by the criminal 
perpetrators, but even worse, by the creditors' harassment and 
lack of cooperation, the frustration of the experience from the 
credit reporting agencies when they fail to correct, and the 
refusal of law enforcement to even investigate the crime.
    The following factors make this crime easy and insidious: 
Mail theft; insider theft; dirty employees; unscrupulous 
relatives; hackers and high-tech fraudsters creating false 
documents; dumpster-diving at businesses and hospitals; 
information brokers selling personal information 
indiscriminately; selling of credit reports, loan documents, 
rental car applications; theft in offices, buildings, websites, 
computers; pretext calling and different scams; government and 
various industries' negligent information handling practices; 
public record access, including birth certificates and death 
certificates that have the Social Security number.
    It is a myth that seniors can prevent identity theft. 
Offering consumer tips like ordering your credit reports twice 
yearly and guarding your personal information and shredding are 
great information, but gives our aging population a sense of 
false security. Precautions taken by government entities and 
private industries should do the following, and by the way, I 
have 17 pages in my written testimony to give many more things, 
but I will just give you a few.
    Senator Craig. Thank you. [Laughter.]
    Ms. Frank. Because you were asking for solutions on the 
last panel, I have bullet pointed all the things that we think 
should be done.
    Limit the use of the Social Security number, since it is 
the key to identity theft. Verify, authenticate, and protect 
whatever identifier is used, whether it is a number, a 
password, or biometric information. Completely destroy personal 
information that companies are discarding. They should truncate 
credit card numbers and other unique identifiers, like Social 
Security numbers, and secure all data, online and offline, and 
they should notify customers and consumers or employees of 
security breaches.
    Rather than going any further, I just want to end with 
whether a Social Security number or a biometric identifier is 
used, the same issues arise. How will we protect that 
information as it is stored, transferred, sold, or used? Our 
nation's aging population, the fastest growing segment of our 
society, is most at risk to be victimized by the fastest 
growing crime. Let us set realistic guidelines for information 
handling practices. Thank you.
    Senator Craig. Mari, your testimony is valuable and I think 
those examples and recommendations based on your experience are 
extremely valuable and I thank you for that.
    [The prepared statement of Ms. Frank follows:]
    [GRAPHIC] [TIFF OMITTED] 82327.057
    
    [GRAPHIC] [TIFF OMITTED] 82327.058
    
    [GRAPHIC] [TIFF OMITTED] 82327.059
    
    [GRAPHIC] [TIFF OMITTED] 82327.060
    
    [GRAPHIC] [TIFF OMITTED] 82327.061
    
    [GRAPHIC] [TIFF OMITTED] 82327.062
    
    [GRAPHIC] [TIFF OMITTED] 82327.063
    
    [GRAPHIC] [TIFF OMITTED] 82327.064
    
    [GRAPHIC] [TIFF OMITTED] 82327.065
    
    [GRAPHIC] [TIFF OMITTED] 82327.066
    
    [GRAPHIC] [TIFF OMITTED] 82327.067
    
    [GRAPHIC] [TIFF OMITTED] 82327.068
    
    [GRAPHIC] [TIFF OMITTED] 82327.069
    
    [GRAPHIC] [TIFF OMITTED] 82327.070
    
    [GRAPHIC] [TIFF OMITTED] 82327.071
    
    [GRAPHIC] [TIFF OMITTED] 82327.072
    
    [GRAPHIC] [TIFF OMITTED] 82327.073
    
    [GRAPHIC] [TIFF OMITTED] 82327.074
    
    Senator Craig. Now, let me turn to Boris Melnikoff. Boris 
is the Consultant to the Regional President of the American 
Bankers Association, Atlanta, GA, and I understand has just 
become the grandfather of a ninth granddaughter, is that 
correct, Boris?
    Mr. Melnikoff. That is correct. Thank you very much, 
Senator.
    Senator Craig. Congratulations.
    Mr. Melnikoff. Thank you, sir.
    Senator Craig. Those are special things in one's life.
    Mr. Melnikoff. At 1:57 yesterday afternoon, sir.
    Senator Craig. Congratulations. Please proceed, Boris.

  STATEMENT OF BORIS F. MELNIKOFF, CONSULTANT TO THE REGIONAL 
   PRESIDENT, AMERICAN BANKERS ASSOCIATION (ABA), ATLANTA, GA

    Mr. Melnikoff. Thank you, sir. Stopping identity theft 
before it occurs and resolving those unfortunate cases that do 
occur is of the utmost importance to the banking industry. 
Banks have a long, proud history of securing their customers' 
information, including those of senior citizens.
    As technology and the Internet have made more information 
readily available, we have redoubled our efforts to help 
educate consumers about how to prevent and resolve identity 
theft. Banks and our customers are partners in protecting 
information.
    This morning, I would like to make three key points. First, 
the banking industry has been actively involved in an ongoing 
effort to educate consumers on how to protect themselves from 
identity thefts. Each one of us can limit vulnerabilities to 
this crime.
    Second, the American Bankers Association has developed 
videos, articles, statement stuffers to assist in training bank 
staff and educate consumers.
    Third, it is important for the private and public sectors 
to pursue innovations to improve identification of individuals, 
beginning, for example, with the improved standards for 
drivers' licenses.
    Identity theft harms consumers and banks and severely 
challenges law enforcement. We can only be successful in 
fighting this crime if we all work together. In 1998, ABA was 
very supportive of the changes made by Congress, led by Senator 
Kyl, which made it easier for law enforcement to bring action 
on ID theft cases. Unfortunately, at that time, there was no 
appreciable increase in prosecutions, however, likely due to 
the high volume of cases that law enforcement was already 
engaged in. We were encouraged, however, by the Justice 
Department's announcement in May that a nationwide effort has 
resulted in 73 criminal prosecutions for identity theft.
    Let me now turn to the educational efforts of the industry. 
ABA members have been leaders in the private sector's push to 
educate consumers. We realize that people need our expertise 
and guidance to avoid being victimized. Of course, the first 
step to combat identity theft is self-awareness and how you can 
protect yourself. I have included in my written statements tips 
on protecting one's personal information. Taking many small 
steps, while not eliminating identity theft, will diminish the 
frequency of the crime.
    Let me highlight a few examples of what the ABA has done. 
Just yesterday, I did a radio tour where I was interviewed on 
15 radio stations from coast to coast talking about ID theft 
prevention. These stations collectively reached an estimated 
9.5 million listeners.
    Second, the ABA has distributed to all its members a theft 
communication kit. This kit contains, Senator, public service 
announcements, sample statement stuffers, sample newspaper 
columns that a banker could tailor to his or her community. We 
have provided a copy of this kit to the committee.
    Senator Craig. Thank you.
    Mr. Melnikoff. ABA also offers a separate statement stuffer 
for banks to use in mailing to consumers, with close to six 
million distributed across the country already.
    Finally, the ABA has sent 1,200 copies of a video produced 
by JP Morgan Chase and Company to our members. A copy of the 
tape has also been supplied to the committee, sir.
    While the ABA has done a considerable amount of work in 
this area, we realize the individual industry efforts must 
continue. Fortunately, many of our members are engaged in 
similar efforts across the country. I continue to witness 
superb examples of industry's outreach, many of which I have 
mentioned in my statement.
    Mr. Chairman, the ABA urges government leadership directed 
at improving methods of identifying individuals. There is no 
better way to protect against fraud and terrorism than by 
improving the identification documents used to complete 
financial transactions. Specifically, we believe in the efforts 
to improve how States issue drivers' licenses is of particular 
importance.
    Thank you for the opportunity to update the committee on 
the industry efforts in this important area.
    Senator Craig. Thank you.
    [The prepared statement of Mr. Melnikoff follows:]
    [GRAPHIC] [TIFF OMITTED] 82327.075
    
    [GRAPHIC] [TIFF OMITTED] 82327.076
    
    [GRAPHIC] [TIFF OMITTED] 82327.077
    
    [GRAPHIC] [TIFF OMITTED] 82327.078
    
    [GRAPHIC] [TIFF OMITTED] 82327.079
    
    [GRAPHIC] [TIFF OMITTED] 82327.080
    
    [GRAPHIC] [TIFF OMITTED] 82327.081
    
    [GRAPHIC] [TIFF OMITTED] 82327.082
    
    [GRAPHIC] [TIFF OMITTED] 82327.083
    
    [GRAPHIC] [TIFF OMITTED] 82327.084
    
    [GRAPHIC] [TIFF OMITTED] 82327.085
    
    Senator Craig. With the indulgence of the panel and the 
audience, there is a vote underway and my primary 
responsibility being in this body is to vote. So we will stand 
in recess for a few moments while I run and vote and I will 
return as quickly as I can to proceed with the balance of the 
panel and questioning.
    The committee will stand in recess. [Recess.]
    If I could ask everyone to take their seats and for the 
panel to reassemble, please.
    Boris, we just finished with you, and let me tell you that 
the effort that it appears the American Bankers Association has 
underway with both public outreach, but also education of 
professional staff of employees sounds impressive and is 
important and I am glad to hear that.
    Now, let me turn to Stuart Pratt, Executive Director, 
Consumer Data Industry Association here in Washington. Stuart, 
welcome before the committee.

   STATEMENT OF STUART K. PRATT, VICE PRESIDENT, GOVERNMENT 
 RELATIONS, CONSUMER DATA INDUSTRY ASSOCIATION, WASHINGTON, DC

    Mr. Pratt. Mr. Chairman, thank you for inviting us here 
today, and for the record, I am Stuart Pratt, Vice President, 
Government Relations, for the Consumer Data Industry 
Association.
    Senator Craig. That is a much more impressive title than I 
gave you.
    Mr. Pratt. But I appreciate the promotion, actually.
    Senator Craig. All right. Thank you. [Laughter.]
    Mr. Pratt. We are the association which represents all of 
the nation's largest credit reporting systems, check approval 
systems, and mortgage reporting systems, and so, obviously, we 
play a very central role in these types of debates.
    In fact, we applaud you for holding this hearing because 
identity theft is a pernicious crime. It is a difficult crime 
for everyone involved. We all end up, as a result of the 
criminals' activities, trying to untangle this snarl of 
accounts and information, and sometimes it goes smoothly and 
sometimes it goes very well, and then sometimes you have seen 
cases where it does not go as smoothly as we would like for it 
to go.
    We thought we would focus on just two messages today in 
terms of, first of all, what have we been doing as an industry 
to try and work through and actually alter practices, business 
practices, that will make it easier for victims to keep their 
information safe and sound and to bring their credit history 
back to whole, and also, we wanted to focus, as well, on 
consumer education and how educational efforts, we think, do 
play an extraordinarily important role.
    We looked at this issue as far back as 1997, and by March 
of 2000, we had issued a six-point program that would assist 
victims. The six-point program is outlined in a press release 
which is attached to the testimony today. Let me just highlight 
a couple of key steps that we thought were particularly 
important in this six-point program.
    First, we standardized the security alert. When you contact 
the credit bureau, one of the first steps we will take is to 
put a security alert on your file. It is a text message and it 
says, ``I have been a victim of identity theft. Please do not 
grant credit. For example, here are telephone numbers you can 
use to verify who I am.'' Obviously, if you have a telephone 
number and you are standing in front of the consumer, unless 
you have a cell phone strapped to your hip, there should be 
some interplay there that allows a lender to be able to make a 
better risk decision about who they are doing business with.
    By standardizing the alerts, both in terms of the text 
itself and also by adding an alphanumeric sequence, which is a 
fancy way of saying a code, at the beginning of the security 
alert, we think this better enables every one of our lender 
customers to be able to look for that alert message, to look 
for the code, and to take the actions that they think are 
appropriate based on that information.
    So that obviously gives us a way of, downstream, trying to 
help the consumer stay whole, because that alert message 
remains on the file and it is a decision that we make jointly 
with the consumer during the consumer relations process.
    We also know that consumers like standardization across the 
spectrum, so there are three major credit reporting systems in 
this country and most consumers we interviewed, by the way, in 
our process, said, we would like to have the same kind of 
treatment each time so we do not have to go through three 
different versions of the treatment.
    In this case, what we did is we said, we will do three 
things first for the consumer. When you contact us, even if you 
are just leaving a message on an automated voice attendant, we 
are going to put a security alert on your file. We are going to 
take you off of any direct mail offers of credit, opt you out 
of any non-initiated transaction, so only when you go and apply 
for credit will your credit report be used. Third, we will get 
your report to you in the mail within three business days, 
often quite a bit sooner than that, and obviously, there are 
Internet deliverables, as well, today. But those three steps 
ensure the consumer has a better continuity across the three 
credit reporting systems.
    Then we also designed a system on the back end which is our 
attempt to be responsive to the fact that identity theft is 
more longitudinal than some other types of crime. It is more 
difficult for us to know, is it over? Am I finished? Or do I 
still have a problem that is latent, that is out there? Is 
there more credit that I just am not aware of yet that was not 
yet reported to the credit bureau, for example?
    So over the course of the next 90 days, once we have 
brought a file back to current, we will then send the consumer 
additional copies of his or her file with the 800 number, with 
access to live personnel. It keeps the consumer engaged--and 
this would be true for a senior or for any other consumer who 
is a victim--keeps them engaged. Look at your file. Tell us if 
there is something else wrong with that file so we can take 
care of that.
    Now, we also knew that consumers wanted escalated services. 
We want to be believed. That is one of the key points that many 
consumers have said. How hard is it to prove who I am? So we 
agree with all the testimony that has said, get a police 
report. If you get a police report, we will immediately with 
that police report block the fraudulent information. We will 
not wait to check with the lender. We will take your word for 
it. The police report is a validating document for us. We will 
block the fraudulent data. This should give a consumer a chance 
to get on with their life much more quickly and to be able to 
bring their credit report whole much more quickly, as well.
    Finally, we do accept the FTC's standardized fraud 
affidavit, which again reduces the paperwork burden, if you 
will, for victims, and that is another key component of this. 
How many different affidavits do I complete? How much money do 
I have to pay to have them notarized, and so on and so forth.
    We think consumer education is another key component of 
this, and I know a lot of times we talk about consumer 
education as a replacement for other actions. But as you can 
see, we have taken procedural actions with our business model 
to change what we do for victims. But consumer education 
clearly allows us, for example, to be able to partner up, and 
in our case, we committed ourselves to partnering up with a 
group called Call for Action. We did produce a brochure, and 
this brochure is maybe in some ways a simplified version of the 
type of information that the Federal Trade Commission 
promulgates. We, in fact, encourage consumers to contact the 
FTC.
    We also promulgate information on victims' rights under the 
law and encourage consumers to understand their rights under 
the law. For every citizen, by the way, the Fair Credit 
Reporting Act is not obvious, and so we produce a flow chart 
that says very simply, this is what should happen when you 
contact the credit bureau, dispute your information, and get 
that information corrected.
    We have seen more data, and we have indicated this in our 
testimony, where data shows that we are making progress. More 
consumers are calling our fraud units, taking a preventative 
step, so maybe that is the last, most important point I can 
leave with you. As opposed to calling and saying, ``I am a 
victim,'' the majority are calling and saying, ``I want to take 
a preventative step to make sure I do not become a victim.'' 
That is good news in terms of the consumer education.
    Let me close with that. I see my time has expired and I am 
open for questions and I thank you for the time that you have.
    Senator Craig. Stuart, thank you for that testimony.
    [The prepared statement of Mr. Pratt follows:]
    [GRAPHIC] [TIFF OMITTED] 82327.086
    
    [GRAPHIC] [TIFF OMITTED] 82327.087
    
    [GRAPHIC] [TIFF OMITTED] 82327.088
    
    [GRAPHIC] [TIFF OMITTED] 82327.089
    
    [GRAPHIC] [TIFF OMITTED] 82327.090
    
    [GRAPHIC] [TIFF OMITTED] 82327.091
    
    [GRAPHIC] [TIFF OMITTED] 82327.092
    
    [GRAPHIC] [TIFF OMITTED] 82327.093
    
    [GRAPHIC] [TIFF OMITTED] 82327.094
    
    [GRAPHIC] [TIFF OMITTED] 82327.095
    
    [GRAPHIC] [TIFF OMITTED] 82327.096
    
    [GRAPHIC] [TIFF OMITTED] 82327.097
    
    [GRAPHIC] [TIFF OMITTED] 82327.098
    
    [GRAPHIC] [TIFF OMITTED] 82327.099
    
    [GRAPHIC] [TIFF OMITTED] 82327.100
    
    [GRAPHIC] [TIFF OMITTED] 82327.101
    
    [GRAPHIC] [TIFF OMITTED] 82327.102
    
    [GRAPHIC] [TIFF OMITTED] 82327.103
    
    [GRAPHIC] [TIFF OMITTED] 82327.104
    
    [GRAPHIC] [TIFF OMITTED] 82327.105
    
    [GRAPHIC] [TIFF OMITTED] 82327.106
    
    Senator Craig. Now, I am going to turn to Dennis Carlton. 
Dennis is Director of Washington Operations for the 
International Biometric Group in Washington, DC. Dennis.

STATEMENT OF DENNIS CARLTON, DIRECTOR OF WASHINGTON OPERATIONS, 
       INTERNATIONAL BIOMETRIC GROUP, LLC, WASHINGTON, DC

    Mr. Carlton. Senator, thank you, and on behalf of our 
company, I would like to thank the committee for the 
opportunity to talk to you about the technology called 
biometrics and describe how it can be used to combat the 
problem of identity theft.
    Let me begin with a brief description of the International 
Biometric Group so that you better understand who we are and 
our unique position in the world of biometrics. International 
Biometric Group, or IBG, provides independent consulting 
services to government and private industry customers 
interested in biometric technology. Our organization focuses on 
three primary functions: Evaluating and reporting on biometric 
products and vendors, as well as the markets in which they 
compete; advising clients on how to implement biometric 
systems; and integrating a wide range of biometric hardware and 
software to meet the security needs of our customers.
    We take a practical, hands-on approach to biometrics. We 
have conducted extensive comparative testing of more than 30 
different biometric solutions so that we know how they are 
likely to perform in the real world. IBG holds to a strict 
vendor-neutral policy, which enables us to maintain close 
relationships with biometrics vendors while ensuring that our 
clients receive accurate and independent advice on which 
biometrics systems can best meet their needs.
    Let me take a few moments to review some of the basics of 
biometrics. A technical definition of biometrics is the 
automated measurement of behavioral or physiological 
characteristics of a human being to determine or authenticate 
their identity. In other words, it is the use of computers to 
confirm who a person is by matching a behavior or a permanent 
physical characteristic with similar records in a database.
    Research has shown that behaviors, such as the way we 
speak, the way we sign our names, and even the way we type on a 
keyboard, are distinct and unique enough that they can be 
quantified and compared by computers to existing samples. In a 
similar way, physical characteristics of the human body, such 
as the friction ridges on the pads of our fingers, the geometry 
of our hands, the shape of our face, and the patterns of our 
irises and retinas, can be measured and matched against 
computer databases.
    A wide range of products on the market can acquire and 
match a person's biometric data in order to quickly and 
accurately identify who they are. Time permitting, I hope to be 
able to demonstrate some examples of these technologies to you 
later.
    To effectively describe how biometrics can be used to 
combat identity theft and protect senior citizens, I think it 
is important to address some issues that often confuse the 
dialog about biometrics. First, it is important to set 
practical expectations of what biometrics can and cannot do. To 
date, we have not seen a biometric product that will work 
accurately 100 percent of the time. Whether it is wrongly 
identifying one person as somebody else, only to identify 
someone it should not recognize, or preventing someone from 
initially enrolling in the system, all biometrics systems make 
errors. A properly designed system needs to employ biometrics 
as just one of a number of interlocking layers within a 
security solution and must also include a quick and efficient 
exception handling process.
    Second, no one biometric technology is right for every 
application. For instance, while a finger scan technology may 
be an excellent solution for replacing passwords to gain access 
to a desktop computer system, it is not of much help trying to 
pick a potential terrorist out of a crowd in an airport 
terminal.
    Finally, people should not automatically conclude that the 
use of biometrics is an invasion of our personal privacy or a 
violation of our civil liberties. Biometrics themselves are 
privacy neutral. It is the way they are employed and the 
protections put in place to limit misuse that makes biometrics 
either private invasive or privacy protective. What is 
essential is that individuals are fully informed on how their 
data is shared, used, collected, and secured. For more 
information about biometrics and privacy, I commend to you an 
IBG-sponsored website dedicated exclusively to the subject, 
www.bioprivacy.org.
    Biometric technology has been employed to prevent fraud and 
identity theft for several years now. I personally managed a 
pilot program that began in 1998 which evaluated the use of 
finger scan technology in a retail grocery store for confirming 
the identity of people who paid for their purchases by personal 
or payroll check.
    Reaction to the system by those who used it was universally 
positive. People found it much easier and faster to identify 
themselves with an index finger rather than digging through a 
pocket or purse for an ID, and the store found the incidence of 
loss due to check fraud reduced to zero. Most interestingly, 
senior citizens were some of the most enthusiastic proponents 
of the system. They recognized that no one could steal their 
checkbook and drain their bank account if a system like this 
was widely deployed.
    Several companies have now commercialized the concept of 
identification at the point of sale, and I have brought some 
current examples of these technologies for demonstration 
purposes.
    To properly serve the needs of elderly citizens, it may be 
necessary to make some adjustments to standard biometric 
systems. For example, the aging process can reduce the 
suppleness of a person's skin, which can present problems for 
finger scan technology. The use of certain moisturizers and 
specially designed sensors can significantly reduce this 
problem.
    Another problem commonly associated with the aging process, 
decreased visual acuity, can make it difficult for people to 
properly position themselves for a facial scan or iris scan 
system. To overcome this challenge, vendors can offer more 
sophisticated camera systems that automatically locate the 
subject's face or eyes with little user effort.
    As I mentioned earlier, for citizens who are physically 
unable to interact with the biometrics system, an efficient and 
transparent exception handling process is essential.
    In conclusion, biometric technologies have already been 
shown to be powerful tools for combatting the growing scourge 
of identity theft that afflicts Americans, young and old. Thank 
you for your time, and I welcome the opportunity to demonstrate 
some of these technologies if time is available.
    Senator Craig. Dennis, I will question you by allowing the 
demonstration at the end. How is that?
    Mr. Carlton. That is great, sir.
    [The prepared statement of Mr. Carlton follows:]
    [GRAPHIC] [TIFF OMITTED] 82327.107
    
    [GRAPHIC] [TIFF OMITTED] 82327.108
    
    Senator Craig. Let me turn to our other panelists for some 
questions.
    Mari, obviously, you have been out on the front line, not 
only a victim, but assisting victims and helping them. Who can 
an elderly person go to to help them recover lost assets or fix 
damaged credit histories? Who can they turn to?
    Ms. Frank. Right now, there really are not many places. 
There are some legal aid places. There are some consumer 
agencies. But, in effect, there are not many places for people 
to go. I mean, you look at John Steven's cost. Then there are 
attorneys but not many will not take the cases on contingency. 
The FTC will just give you advice, like Mr. Beales said. So 
there really are not a lot of places that people can go unless 
people like me, who do pro bono work or if they get my kit. It 
is really an unfortunate thing. One of the suggestions that I 
had was that States and maybe the Federal Government set up 
some kind of an ombudsman center for help for people who really 
need it.
    Senator Craig. Do you know if State Legal Aid Services 
assist seniors?
    Ms. Frank. Some of them do, yes, and there are some senior 
citizen programs around the country, and maybe AARP refers. But 
there is not anything really around--I have tried to refer 
people to others who will do the work for them and they come 
back to me, so that has been a problem.
    Senator Craig. Thank you.
    Boris, are bank tellers typically trained to spot the signs 
when someone is trying to access an account under a false ID?
    Mr. Melnikoff. Yes. In fact, a lot of the training 
information I shared earlier in my testimony covers not only 
that, but also the unusual transactions that a senior citizen 
might want to conduct, which I think is an important factor. 
There have been many, many instances where a senior citizen 
would come into a bank, approach a teller. The teller will 
recognize the senior and the senior will want to withdraw large 
sums of cash. All of that--and it is preventable, and a 
majority of banks do exercise all of their rights to protect 
that consumer's assets, if you will. So the answer on both 
parts of the question, Senator, is yes. Bank tellers are 
trained to accomplish that.
    Senator Craig. Do financial institutions have the authority 
to report suspicious financial activity that looks like 
identity theft to local authorities?
    Mr. Melnikoff. Yes, sir. Through the use of a SAR, if you 
will, and additionally, here again, reverting back to the 
elderly or senior citizen withdrawing large sums of money, law 
enforcement in some instances is notified at once in the hopes 
of talking the senior citizen out of removing that kind or 
those dollar limits. In nine out of ten cases, it is nothing 
but a flim-flam that the senior is about to experience. So, 
yes, sir, your answer is, yes, we do do that as an industry.
    Senator Craig. How do you effectively screen, because we 
have obviously heard of those who are making applications for 
purchasing cars using false IDs, a failure on the part of that 
loan officer to make a few simple calls to double-check 
addresses or anything of that nature? Is there any effort 
underway to double-check, recheck, if you will, this kind of 
informational flow that would establish a credit and, 
therefore, allow a transaction to occur?
    Mr. Melnikoff. Yes, and I think just to tie in with the 
announcement made by Treasury yesterday, if you will, that 
possibly would give the financial industry access to certain 
data as it pertains to the individual in the Social Security 
system. As we speak today, we do not have that ability to do 
so. We rely on, and I hope my colleague does not take any 
personal affront to this, but we rely on the credit bureaus and 
other systems for verification. But as mentioned earlier, the 
Colonel's date of birth or his Social Security number was 
issued prior to his birth. So we need to work on that, and by 
having access for legitimate reasons, that would be a 
significant help to the financial industry and to verify and 
reverify what we are doing.
    Senator Craig. With the industry having to eat the cost 
once discovered, is there an annualized cost that identity 
theft is costing the banking industry of this country? Do you 
know of one that has been calculated?
    Mr. Melnikoff. No, sir. There is no central repository. 
Now, there were statements made earlier, and I made a statement 
with respect to filing a SAR. But there are limits on the SAR, 
and the limits are $5,000 up to $25,000. So there is no central 
repository, so we really do not know.
    But I think, and my opinion is, if you take all of the 
fraud that the financial industry, to include all types of 
credit grantors, we are probably looking at anywhere from $15 
to $18 billion a year. That is on one side only. Then coupled 
with the other frauds, be it insurance fraud, Medicaid fraud, 
government fraud, with due respect, you are talking about 
another $10 to $15 billion. So fraud costs this nation a 
significant amount of money and I think we can do a much better 
job if we are allowed the tools or access to the tools to do 
it.
    Senator Craig. It sounds like precautionary training and 
devices to detect and double-checking would be a rather 
inexpensive way of solving some of those problems.
    Mr. Melnikoff. It certainly would, sir, and we support it.
    Senator Craig. Mari, I saw your hand come up. Yes?
    Ms. Frank. Yes, sir. Thank you so much. One of the things 
that the Postal Inspector did for verification of addresses--
this was after we complained about this in 1998 when I 
testified before the Technology Committee for the new Identity 
Theft Deterrence Act--was they started sending verification of 
address. So if you put in for a change of address, they now 
will send a postcard to the old address and the new address to 
see if you really have moved.
    We have been asking the credit grantors and the banks to do 
the same, because--what has happened to John when he became a 
victim, what happened to me, the fraudster will always change 
the address. They have to do that so you do not find out about 
it. The main step that the creditors should be doing is when 
they see that the address that is on the application is 
different from the credit report, that should be a key signal 
that they should verify address with either a phone call or a 
postcard before they issue credit, and I have been asking for 
this for 6 years and I do not see this happening now with the 
creditors.
    Senator Craig. Well, that is a great lead-in comment, 
Stuart, to turn to you. Mr. Pratt, do the credit reporting 
companies have the authority to report suspicious financial 
activities that look like ID theft to local authorities.
    Mr. Pratt. We do not have any law like the one that permits 
banks to permit, under the SAR, the system of SARs. I think 
maybe the key question is, do we have the kind of information 
that would allow us to even identify something suspicious? We 
are loading an enormous amount of information per month into 
the databases and so there is almost every variation on a theme 
in terms of how files behave, if you will. Some people have 
very little credit. Some people accumulate very little credit 
over long periods of time. Other folks move frequently, so is 
an address change an indication of a problem? Is a couple of 
new credit accounts an indication of a problem?
    So it may be a little bit difficult for us to pin down and 
say, aha, this one looks suspicious relative to the 200 million 
files we maintain, relative to the two billion items of 
information updated every month over the course of any given 
year, but we do not have an official authority to do so, no.
    Senator Craig. You did indicate to me, though, that certain 
activities cause you to trigger an account, or what was the 
term you used in blocking an account or----
    Mr. Pratt. Well, when a police report is submitted to us--
--
    Senator Craig. When a police report is submitted.
    Mr. Pratt. Yes, sir. Then we do use that as a way to 
escalate service for the consumer who is a victim. It is a way 
for us to----
    Senator Craig. Only in that instance, then?
    Mr. Pratt. Only in that instance, because today, with the 
technology that is out there, if we cannot use a police report, 
almost anyone can produce an affidavit. There is an awful lot 
of what we call credit repair, fraudulent credit repair 
activity, which is a process by which a firm may charge a 
consumer hundreds of dollars to then write letters and try to 
delete accurate but adverse information off the credit files.
    So we have to have a way to distinguish between someone who 
simply wants to eliminate important risk data for safety and 
soundness of the banking system and someone who genuinely says, 
I am a victim of a crime, help me quickly, help me now, and 
that is what we do with the police report. That may not be the 
final answer, but that is our answer today, is to say a police 
report seems like a reasonably safe and sound process--
although, by the way, do not miss that a fraudulent police 
report can be produced and we have already received fraudulent 
police reports.
    Senator Craig. I would think that if they can steal IDs, 
they could steal a form and manufacture police reports that 
look fairly legitimate.
    Mr. Pratt. It is hard to distinguish real and falsified 
documents of all kinds, and that is always the struggle for the 
industry.
    Senator Craig. Then there is no reason in your mind to 
believe that a change of address is something that would 
trigger a response to check to see if that was a legitimate 
change, or is that simply going to be too costly for your----
    Mr. Pratt. I do not think we are putting cost as the only 
metric out there to measure a decision that we ought to make 
that would help our system stay accurate----
    Senator Craig. Well, I asked that--that was a legitimate 
question, where you get hundreds of millions of data----
    Mr. Pratt. Let me put address changes----
    Senator Craig [continuing]. You have got, therefore, 
probably hundreds of thousands of requests for address changes 
a year----
    Mr. Pratt. In fact, it is millions----
    Senator Craig [continuing]. It does cost to verify.
    Mr. Pratt. We receive, because of the--and this goes 
actually to some of the Postal Service information as well as 
information from Census--about 40 million addresses change 
every year in this country. So it is difficult to use an 
address on its own as an indicator.
    Also, many consumers on their credit file will probably 
have or may have more than one accurate address. I may use one 
card for my business purposes and so I may use my corporate 
address for that particular credit card. So that billing, that 
report that comes in every month from that particular lender 
shows my business address. Many of my other cards may be my 
home address, and so I may even have two legitimate addresses 
which are reporting into the system.
    So admittedly, it is tough to pin it down and say, aha, 
this one is unique and this one deserves some different kind of 
attention.
    Senator Craig. What would be some of the unintended 
consequences of overly broad restrictions on the use of Social 
Security numbers on credit reporting companies?
    Mr. Pratt. For us, we have the Fair Credit Reporting Act 
that says you must maintain reasonable procedures to assure 
maximum possible accuracy. That was the law that Bill Proxmire 
passed back in 1970.
    Consumers have several expectations at the table at any 
given time. One is, I want my information safe. Clearly, 
another one is, I also want it to be accurate. My credit report 
is, in large part, how I get my mortgage and how I do drive 
away with my car and how I obtain credit and so on and so 
forth.
    So with 40 million address changes a year, with what we 
estimate to be about three million last names changing in this 
country due to marriage and divorce, with consumers sharing 
very similar last names--for example, there are about 2.5 
million Smiths in this country and another two million Jones in 
this country, and so with consumers with very straightforward, 
very common last names, to keep that information separate, the 
SSN plays a very, very important role in the data accuracy, the 
data matching part of how we build our databases.
    So it really depends on the approach taken to restricting 
the SSN, whether it directly applies to our business model or 
the members that we represent or whether it applies more 
generally out in some other dimension.
    Senator Craig. Stuart, you heard Mr. Stevens testify this 
morning. I am aware that you are familiar with his case to some 
degree. Could you please tell me or the committee the status of 
that case at this moment?
    Mr. Pratt. I have committed to Mr. Stevens, and I have to 
follow up with him to make sure I understand where he is in the 
process, particularly in light of the fact that there 
apparently is another account that showed up on his file. I 
have to know which of the systems it showed up on. I have to 
see whether it showed up in all three and then we will 
obviously follow up with him further.
    One of the points, though, that Colonel Stevens made which 
is important to us, as well, and we will have to understand 
this better, is if the account is being cycled through 
collection agencies, the account number is not necessarily 
always reported to us, and so the question is, can the credit 
bureau--we want to keep that bad data off the file at all 
costs. There is nothing worse than sending to the customer, the 
American Bankers Association member, false information, because 
obviously they are making the wrong decision. They are missing 
out on a customer with whom they would like to do business, 
first of all.
    So one of the technical questions, which we do not have to 
wade our way through here today, is, is there a collection 
reporting issue that we have to look into a little bit further 
based on Colonel Stevens' experience? But in terms of the 
specifics, obviously, I have made a commitment to Colonel 
Stevens to follow up with him and his wife and see where we 
are.
    Senator Craig. That would be most helpful.
    Mr. Pratt. Yes, sir.
    Senator Craig. Before I go into this technology 
demonstration, Mari, I gave you the first word. I will give you 
the last word, if it is brief. [Laughter.]
    Ms. Frank. OK. Well, I guess I will say this about 
biometrics or Social Security number. I am going to pick up on 
this. Biometrics, or that piece of our body that we use as a 
unique identifier, in and of itself, it is not good or bad. It 
is how it is used.
    The one thing I want to bring up that he mentioned was 
this, and this is the problem we are having with the Social 
Security number, if you use the Social Security number as the 
gateway or the key and you really do not spend a lot of time on 
other matching, like matching ages, birthdates, address, and 
you just focus on that Social Security number, you are going to 
get a lot of mismatches and a lot of errors and that causes 
that negligent information handling practices and fraud.
    The same thing will happen with the biometric information. 
So if my fingerprint is used and somehow nothing else matches 
and there are these fraudsters and these techno-geniuses who 
can corrupt these files, and I have spoken with people in the 
Secret Service who have told me it can be done and I have read 
about it, so if someone is using a piece of biometric 
information instead of the Social Security number and there are 
still negligent information handling practices, meaning there 
are not matches, then if I become a victim at that point, how 
do I prove who I am?
    So the issue of biometrics is the same as the issue of 
Social Security number. We have to take a broader look and have 
greater matching and verification. That is the issue. So I do 
not have a problem with biometrics per se just how it may be 
misused.
    Senator Craig. I think I heard Dennis say, and I am about 
to be a victim of it, in a positive sense, that it is not 100 
percent accurate, and we understand it. But the application of 
it effectively creates a threshold that is important, I think.
    I cannot disagree and I think there is one piece of 
information amongst many that have emerged out of the 
testimonies today, that checking and cross-checking and being 
cautious. Obviously, the message that--well, my wife and I just 
went through an experience about a year ago with the loss of 
her father and, therefore, working with her mother, and my wife 
is the trustee of the estate and working with her mother as an 
elderly person in Tucson.
    Frankly, our relationship with the bank was very positive. 
They worked us over good when we went in with her mother to sit 
down and begin to work with her on her accounts and her 
investments, and it was a cross-check and a double-check. We 
were very pleased by that in the end. It was a threshold that 
we had to get through. In the first instance, there was almost 
an element of annoyance. Here is a daughter and a mother 
sitting down together, but the bank did not know that and other 
banks that they did business with wanted my daughter's 
signature and her presence there, so that was a little 
different.
    But I was very pleased to see that, that there was a very 
real caution being taken there with this elderly person, 
because all of a sudden, here were two younger people who by 
all appearances were going to access potentially fairly large 
sums of money, so Boris, that was a pleasing experience.
    I have not yet adjourned this committee. Dennis, what do 
you have in mind?
    Mr. Carlton. I have two demonstrations here, Senator, one 
of iris scan technology and one of finger scan technology to 
show you two different applications of how biometrics 
identifies an individual it knows and will reject someone that 
it does not recognize. So----
    Senator Craig. How do I explain if my finger scan shows up 
on an FBI file? [Laughter.]
    To my knowledge, that will not happen.
    Mr. Carlton. It will not here, Senator.
    Senator Craig. All right, fine. I told staff, if I was 
going to subject myself to this and it was recorded on a CD, I 
got the CD. [Laughter.]
    Let me come over and see what you have.
    Thank you, panelists, very much for the testimony you bring 
and obvious experience that you have had on identity theft. The 
committee felt it was an important issue that we will continue 
to pursue and try to lift visibility, too, for the seniors of 
our country and, of course, if you lift it to seniors, you will 
lift it to others, because it is a growing concern, as we have 
said, nationwide, so we do appreciate that.
    I am told that August 20 is National Senior Citizens Fraud 
Awareness Week. The Attorney General and Postmaster General 
will be speaking to that. I am pleased to hear that. It is 
obviously time that we continue on a progressive basis to 
publicize these issues, to draw public awareness to them.
    I would like to insert in the record a statement submitted 
by Marc Rotenberg, Executive Director of the Electronic Privacy 
Information Center.
    [The prepared statement of Mr. Rotenberg follows:]
    [GRAPHIC] [TIFF OMITTED] 82327.109
    
    [GRAPHIC] [TIFF OMITTED] 82327.110
    
    [GRAPHIC] [TIFF OMITTED] 82327.111
    
    [GRAPHIC] [TIFF OMITTED] 82327.112
    
    [GRAPHIC] [TIFF OMITTED] 82327.113
    
    [GRAPHIC] [TIFF OMITTED] 82327.114
    
    [GRAPHIC] [TIFF OMITTED] 82327.115
    
    [GRAPHIC] [TIFF OMITTED] 82327.116
    
    [GRAPHIC] [TIFF OMITTED] 82327.117
    
    [GRAPHIC] [TIFF OMITTED] 82327.118
    
    [GRAPHIC] [TIFF OMITTED] 82327.119
    
    [GRAPHIC] [TIFF OMITTED] 82327.120
    
    Senator Craig. Again, the committee thanks you all for your 
participation today and the committee will stand adjourned.
    [Whereupon, at 11:49 a.m., the committee was adjourned.]

                                   - 
