[House Hearing, 108 Congress]
[From the U.S. Government Publishing Office]





                      FIGHTING IDENTITY THEFT--THE
                              ROLE OF FCRA

=======================================================================

                                HEARING

                               BEFORE THE

                            SUBCOMMITTEE ON
               FINANCIAL INSTITUTIONS AND CONSUMER CREDIT

                                 OF THE

                    COMMITTEE ON FINANCIAL SERVICES

                     U.S. HOUSE OF REPRESENTATIVES

                      ONE HUNDRED EIGHTH CONGRESS

                             FIRST SESSION

                               __________

                             JUNE 24, 2003

                               __________

       Printed for the use of the Committee on Financial Services

                           Serial No. 108-42


92-902              U.S. GOVERNMENT PRINTING OFFICE
                            WASHINGTON : 2003
____________________________________________________________________________
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov  Phone: toll free (866) 512-1800; (202) 512ï¿½091800  
Fax: (202) 512ï¿½092250 Mail: Stop SSOP, Washington, DC 20402ï¿½090001

                 HOUSE COMMITTEE ON FINANCIAL SERVICES

                    MICHAEL G. OXLEY, Ohio, Chairman

JAMES A. LEACH, Iowa                 BARNEY FRANK, Massachusetts
DOUG BEREUTER, Nebraska              PAUL E. KANJORSKI, Pennsylvania
RICHARD H. BAKER, Louisiana          MAXINE WATERS, California
SPENCER BACHUS, Alabama              CAROLYN B. MALONEY, New York
MICHAEL N. CASTLE, Delaware          LUIS V. GUTIERREZ, Illinois
PETER T. KING, New York              NYDIA M. VELAZQUEZ, New York
EDWARD R. ROYCE, California          MELVIN L. WATT, North Carolina
FRANK D. LUCAS, Oklahoma             GARY L. ACKERMAN, New York
ROBERT W. NEY, Ohio                  DARLENE HOOLEY, Oregon
SUE W. KELLY, New York, Vice Chair   JULIA CARSON, Indiana
RON PAUL, Texas                      BRAD SHERMAN, California
PAUL E. GILLMOR, Ohio                GREGORY W. MEEKS, New York
JIM RYUN, Kansas                     BARBARA LEE, California
STEVEN C. LaTOURETTE, Ohio           JAY INSLEE, Washington
DONALD A. MANZULLO, Illinois         DENNIS MOORE, Kansas
WALTER B. JONES, Jr., North          CHARLES A. GONZALEZ, Texas
    Carolina                         MICHAEL E. CAPUANO, Massachusetts
DOUG OSE, California                 HAROLD E. FORD, Jr., Tennessee
JUDY BIGGERT, Illinois               RUBEN HINOJOSA, Texas
MARK GREEN, Wisconsin                KEN LUCAS, Kentucky
PATRICK J. TOOMEY, Pennsylvania      JOSEPH CROWLEY, New York
CHRISTOPHER SHAYS, Connecticut       WM. LACY CLAY, Missouri
JOHN B. SHADEGG, Arizona             STEVE ISRAEL, New York
VITO FOSSELLA, New York              MIKE ROSS, Arkansas
GARY G. MILLER, California           CAROLYN McCARTHY, New York
MELISSA A. HART, Pennsylvania        JOE BACA, California
SHELLEY MOORE CAPITO, West Virginia  JIM MATHESON, Utah
PATRICK J. TIBERI, Ohio              STEPHEN F. LYNCH, Massachusetts
MARK R. KENNEDY, Minnesota           ARTUR DAVIS, Alabama
TOM FEENEY, Florida                  RAHM EMANUEL, Illinois
JEB HENSARLING, Texas                BRAD MILLER, North Carolina
SCOTT GARRETT, New Jersey            DAVID SCOTT, Georgia
TIM MURPHY, Pennsylvania              
GINNY BROWN-WAITE, Florida           BERNARD SANDERS, Vermont
J. GRESHAM BARRETT, South Carolina
KATHERINE HARRIS, Florida
RICK RENZI, Arizona

                 Robert U. Foster, III, Staff Director

       Subcommittee on Financial Institutions and Consumer Credit

                   SPENCER BACHUS, Alabama, Chairman

STEVEN C. LaTOURETTE, Ohio, Vice     BERNARD SANDERS, Vermont
    Chairman                         CAROLYN B. MALONEY, New York
DOUG BEREUTER, Nebraska              MELVIN L. WATT, North Carolina
RICHARD H. BAKER, Louisiana          GARY L. ACKERMAN, New York
MICHAEL N. CASTLE, Delaware          BRAD SHERMAN, California
EDWARD R. ROYCE, California          GREGORY W. MEEKS, New York
FRANK D. LUCAS, Oklahoma             LUIS V. GUTIERREZ, Illinois
SUE W. KELLY, New York               DENNIS MOORE, Kansas
PAUL E. GILLMOR, Ohio                CHARLES A. GONZALEZ, Texas
JIM RYUN, Kansas                     PAUL E. KANJORSKI, Pennsylvania
WALTER B. JONES, Jr, North Carolina  MAXINE WATERS, California
JUDY BIGGERT, Illinois               DARLENE HOOLEY, Oregon
PATRICK J. TOOMEY, Pennsylvania      JULIA CARSON, Indiana
VITO FOSSELLA, New York              HAROLD E. FORD, Jr., Tennessee
MELISSA A. HART, Pennsylvania        RUBEN HINOJOSA, Texas
SHELLEY MOORE CAPITO, West Virginia  KEN LUCAS, Kentucky
PATRICK J. TIBERI, Ohio              JOSEPH CROWLEY, New York
MARK R. KENNEDY, Minnesota           STEVE ISRAEL, New York
TOM FEENEY, Florida                  MIKE ROSS, Arkansas
JEB HENSARLING, Texas                CAROLYN McCARTHY, New York
SCOTT GARRETT, New Jersey            ARTUR DAVIS, Alabama
TIM MURPHY, Pennsylvania
GINNY BROWN-WAITE, Florida
J. GRESHAM BARRETT, South Carolina
RICK RENZI, Arizona


                            C O N T E N T S

                              ----------                              
                                                                   Page
Hearing held on:
    June 24, 2003................................................     1
Appendix:
    June 24, 2003................................................    69

                               WITNESSES
                         Tuesday, June 24, 2003

Ansanelli, Joseph, Chairman and CEO, Vontu.......................    50
Beales, J. Howard III, Director of the Bureau of Consumer 
  Protection, Federal Trade Commission...........................    12
Caddigan, Tim, Special Agent in Charge, Criminal Investigative 
  Division, United States Secret Service.........................    17
Duncan, Janell Mayo, Legislative and Regulatory Counsel, 
  Consumers Union................................................    49
Hanson, Amy, President, Financial, Administrative and Credit 
  Services, Inc., (FACS Group), on behalf of the National Retail 
  Federation.....................................................    42
Kallstrom, Jim, Senior Executive Vice President, MBNA America 
  Bank...........................................................    44
Lundy, Lee, Vice President, Consumer Services, Experian..........    52
Mellott, Frank, Commander, United States Navy, victim of identity 
  theft, on behalf of the Identity Theft Resource Center.........    35
Mihalko, Daniel L., Inspector in Charge, Congressional & Public 
  Affairs, United States Postal Inspection Service...............    14
Mitchell, Maureen V., Madison, OH, victim of identity theft......    31
Peirez, Joshua L., Senior Vice President and Assistant General 
  Counsel, MasterCard International Inc..........................    46
Viverette, Mary Ann, Chief of Police, Gaithersburg, Maryland, on 
  behalf of the International Association of Chiefs' of Police...    19

                                APPENDIX

Prepared statements:
    Bachus, Hon. Spencer.........................................    70
    Gillmor, Hon. Paul E.........................................    74
    Hinojosa, Hon. Ruben.........................................    76
    Kelly, Hon. Sue W............................................    79
    Ansanelli, Joseph............................................    80
    Beales, J. Howard III........................................    87
    Caddigan, Tim................................................   100
    Duncan, Janell Mayo..........................................   109
    Hanson, Amy..................................................   117
    Kallstrom, Jim...............................................   125
    Lundy, Lee...................................................   134
    Mellott, Frank...............................................   161
    Mihalko, Daniel L............................................   165
    Mitchell, Maureen V..........................................   177
    Peirez, Joshua L.............................................   195
    Viverette, Mary Ann..........................................   202

              Additional Material Submitted for the Record

Moore, Hon. Dennis:
    Version K Information Sharing Facts..........................   210
Tiberi, Hon. Patrick:
    Preserve Privacy, ``The Hill''...............................   212
Caddigan, Tim:
    Written response to questions from Hon. Ruben Hinojosa.......   213
Mellot, Frank:
    Written response to questions from Hon. Ruben Hinojosa.......   214
National Community Reinvestment Coalition, prepared statement....   216

 
                      FIGHTING IDENTITY THEFT--THE
                              ROLE OF FCRA

                              ----------                              


                         Tuesday, June 24, 2003

             U.S. House of Representatives,
            Subcommittee on Financial Institutions,
                                And Consumer Credit
                           Committee on Financial Services,
                                                   Washington, D.C.
    The subcommittee met, pursuant to call, at 10:08 a.m., in 
Room 2128, Rayburn House Office Building, Hon. Spencer Bachus 
[chairman of the subcommittee] presiding.
    Present: Representatives Bachus, LaTourette, Castle, Royce, 
Lucas of Oklahoma, Kelly, Biggert, Toomey, Capito, Tiberi, 
Hensarling, Barrett, Renzi, Oxley (ex officio), Shadegg, Lucas 
of Kentucky, Sanders, Sherman, Moore, Hooley, Hinojosa, Lucas 
of Kentucky and Crowley.
    Chairman Bachus. [Presiding.] Good morning. The 
Subcommittee on Financial Institutions and Consumer Credit will 
come to order.
    I want to welcome our witnesses. We have three panels 
today, so the hearing may be quite lengthy. This is the sixth 
of a series of hearings that we are having on the 
reauthorization of the Fair Credit Reporting Act. The 
preemptions or uniform standards that apply to our national 
uniform credit reporting act are due to expire next January 1. 
These hearings are being held in anticipation of either 
extending those uniform standards and making them permanent, or 
making any changes that need to be made in the Fair Credit 
Reporting Act to make it more friendly to consumers.
    Our first five hearings have revealed without a doubt that 
the Fair Credit Reporting Act has led to widespread 
availability of credit. Those in the low-and middle-income 
classes have benefited tremendously from the Fair Credit 
Reporting Act and the availability of interest and the low 
interest rate in the United States. This hearing will deal with 
identity theft, which is I think by far the most serious 
problem facing Americans in their use of credit.
    The hearing today consists of three panels. The first panel 
is made up of Federal and State law enforcement officials who 
will inform us about the ongoing efforts to apprehend and 
prosecute identity thieves. Our second panel will actually 
consist of two victims of identity theft. They will share their 
personal experiences about the crime. I very much appreciate 
their courage and their willingness to appear before the panel. 
Our final panel includes several representatives from the 
financial services industry. They will share their perspective 
on FCRA and identity theft. We also have consumer groups 
represented.
    Identity theft is a crime committed by individuals or 
organizations seeking to capitalize on the good name of an 
innocent and unknowing consumer. It is a particularly heinous 
crime in that it harms not only financial institutions, but 
consumers and the effect can be both widespread and last for 
many years. A typical incident of identity theft involves a 
criminal using the personal data of another individual to 
assume that individual's identity. Using that false identity, 
the criminal will obtain goods and services using the victim's 
credit. The identity thief may also commit additional crimes 
using the victim's name, creating a false arrest record for the 
victim, or a record of arrest by the victim for crimes that 
they never committed.
    These activities obviously tarnish the victim's reputation, 
credit history and sense of security. The victim of identity 
theft must then make a great effort to get his or her credit 
report and personal history back in good shape. We sometimes 
refer to this as credit repair. Because the financial losses 
associated with identity theft are generally the burden of 
financial institutions and other businesses, not the consumer, 
financial institutions are also the victims of identity theft.
    Existing Federal law does address the issue of identity 
theft. For example, the Identity Theft and Assumption 
Deterrence Act prohibits the transferring or using of another's 
identity for fraudulent or other illegal activities. Federal 
law also makes it illegal to use or traffic in counterfeit 
credit cards or debit cards, and prohibits criminals from 
attempting to obtain customer identification and other consumer 
information from financial institutions under false pretenses.
    The FCRA also is an important tool in addressing identity 
theft issues. Financial institutions frequently find that the 
consumer reports that they obtain from credit bureaus under the 
FCRA provide the most useful information in attempting to 
distinguish the identity theft from a legitimate consumer. For 
example, discrepancies between an address or Social Security 
number contained in a consumer report and the information 
contained on an application can be used to identify and prevent 
an identity theft before it occurs. In addition, an identity 
thief who knowingly and willingly obtains a consumer report 
from a consumer reporting agency under false pretenses is 
subject to criminal penalties under the FCRA.
    The FCRA also plays a central role in mitigating the 
consumer harms associated with identity theft. Under FCRA, each 
consumer has the right to review the contents of his or her 
credit report at no cost, and determine whether fraudulent 
activity has been attributed to the consumer's credit file. If 
a consumer has been a victim of identity theft which results in 
misinformation appearing on the consumer's credit report, the 
FCRA establishes a mechanism whereby the consumer can notify 
the credit bureau of the fraudulent information and have the 
information deleted.
    At this time, I am going to recognize the minority ranking 
member, Mr. Sanders, for any opening statement that he may 
have.
    [The prepared statement of Hon. Spencer Bachus can be found 
on page 70 in the appendix.]
    Mr. Sanders. Thank you very much, Mr. Chairman, and thank 
you for holding this important hearing, and thank you all, our 
panelists, for being with us this morning. We appreciate that 
very much.
    Mr. Chairman, today's hearing will focus on identity theft. 
Let me just mention that on this side of the aisle, we have a 
number of excellent proposals that address that issue. Mr. 
Gutierrez, Mr. Ackerman, Mr. Ford, Ms. Hooley, and Mr. Emanuel 
have all brought forth some excellent ideas that I think will 
take us a long way in addressing the crisis of identity theft.
    We all know that identity theft abuses in this country are 
skyrocketing. We are going to hear that from our witnesses. 
According to data from the Justice Department, 500,000 people, 
half-a-million people filed reports with law enforcement in 
2002 for identity theft crimes, and an estimated 700,000 are 
likely to file similar reports this year. A major problem now, 
it is getting worse and we need some solutions to that. In 
addition, the dollar losses reported by identity theft victims 
have increased from $160 million in 2001 to $343 million in 
2002. So this problem is accelerating and it is incumbent upon 
this committee to address it. We are going to hear, I know, in 
the course of the next few weeks a number of excellent ideas. I 
want to bring forth one idea that I think is important. That is 
that one very obvious and extremely helpful tool would be to 
provide consumers free credit reports and credit scores from 
all three credit bureaus at least once a year, and a 
description of the key factors that may have adversely affected 
the consumer's credit score. In other words, one way to deal 
with this issue and many other issues as well is to make sure 
that consumers all over this country have free access to their 
credit reports. When they have that access, they will be able 
to see, wow, who has been ripping me off; who has stolen my 
identity; and they will be able to move a lot quicker than they 
are at present.
    I am happy to inform you, Mr. Chairman, that I have 
introduced legislation in this regard which is being supported 
by virtually all of the consumer organizations in this country, 
including the Consumer Federation of America, Consumers Union, 
and the U.S. Public Interest Research Group. Allowing consumers 
free access to their credit reports could substantially improve 
the accuracy of credit reports and cut down on identity theft. 
I look forward to working with you, Mr. Chairman, on this 
legislation.
    Mr. Chairman, I would also point out a somewhat tangential 
issue, but important as well, that very often we will hear 
testimony from our friends in the banking industry and the 
credit card industry about this and that other matter, but I 
think we should be aware as we hear their testimony that in 
some instances at least executive compensation in the banking 
industry is getting really out of hand. According to an article 
that appeared in the Philadelphia Inquirer on June 1, 2003, 
``Number one on Business Week's 2020 pay scorecard was 
financial giant MBNA CEO Alfred Lerner with $194.9 million.'' 
Mr. Lerner died in October 2002 and was replaced in November by 
Charles Cawley, who managed to place number six on that list 
with a total pay of $48.6 million. Not too bad. Two more MBNA 
executives who were not CEOs also got megabucks. John Cochran 
got $36 million and Bruce Hammonds, $28.6 million.
    I raise this issue about excessive CEO compensation to 
point out that there are consumers in this country today who 
are being ripped off by credit card companies, who are paying 
up to 29 percent a year in interest rates. So when we hear our 
friends from the credit card companies or the banks telling us 
just in what kind of terrible financial need they are in, we 
might want to remember that number, and that the top four 
executives in that particular company in 2002 earned over $300 
million collectively.
    Mr. Chairman, the last point that I want to make on credit 
cards is that it is absolutely imperative that this committee 
address the credit card bait and switch mechanisms that some of 
the credit card companies are bringing forth. As we all know, 
the credit card industry is hooking consumers into purchasing 
credit cards by bombarding them, this is one of the more 
astronomical numbers I have ever heard. In a given year, the 
credit card companies send out 5 billion solicitations, 5 
billion solicitations, many of them going to young people all 
over this country. What they promise people is low interest 
rates, 0 percent, 3 percent, 5 percent. What they forget to 
tell you is that if you borrow money on another credit card, if 
you were late in paying your car loan 2 years ago, your credit 
card rates can soar. They are ripping off the American people, 
and this is an issue that we must address.
    Mr. Chairman, I thank you again for calling this important 
hearing. I am going to be running in and out because of other 
commitments, but I will be back. I thank you for bringing these 
witnesses together.
    Chairman Bachus. Thank you.
    I want to especially thank Mr. Sanders, along with Chairman 
Oxley and Ranking Member Frank for working very closely on the 
FCRA reauthorization. At this time, I recognize the chairman of 
the full committee, Mr. Oxley.
    Mr. Oxley. Thank you, Mr. Chairman.
    I will be brief and make my opening statement part of the 
record, but I did want to commend you for this long march 
through the Fair Credit Reporting Act. By my count, some 75 
witnesses have testified, just about anybody that has any 
opinion whatsoever on FCRA has had the opportunity in your 
subcommittee to air their views. You deserve a great deal of 
credit, if nothing else but for an iron-pants performance 
through these long weeks of hearings that will conclude today.
    We will have a voluminous record for the members to pore 
through and staff to pore through as we prepare to mark up 
legislation when we return after the Fourth of July recess. But 
your leadership has not gone unnoticed, and we appreciate the 
good bipartisan cooperation we have had on this issue. I think 
most of the members understand the critical importance of 
reauthorizing FCRA, what it has meant to our economy, that it 
has been one of the most successful pieces of legislation ever 
passed by any Congress. We want to make sure that this 
continues to be able to provide credit to people all over the 
country.
    So with that, Mr. Chairman, and with my sincere thanks, I 
yield back.
    Chairman Bachus. I appreciate that, Mr. Chairman.
    At this time, Ms. Hooley or Mr. Hinojosa, do you have 
opening statements?
    Ms. Hooley. I do, Mr. Chair.
    Chairman Bachus. Okay. Ms. Hooley, you are recognized.
    Ms. Hooley. Thank you.
    Good morning. Although I have enjoyed our series of 
hearings on FCRA, I am excited that we are finally discussing 
in depth one of the core problems that has developed with our 
national credit system, the problem of identity theft. Identity 
theft is the fastest growing white collar crime in America, and 
legislation to correct and stem the rising tide must be enacted 
as soon as possible.
    As you may know, the Federal Trade Commission reported that 
the number of persons filing complaints of identity theft with 
the agency nearly doubled from 2001 to 2002. A 2003 survey I 
recently saw found that 92 percent of Americans think it is 
important that the government take action on the issue of 
identity theft. I have been fighting to enact common sense 
legislation to fight identity theft for 5 years. For the first 
time since this struggle began, I feel the momentum is 
unstoppable and that legislative action on this subject is no 
longer a question of if, but rather of when.
    We cannot and we must not ignore the fact that Americans 
throughout the country are begging us to act and to help them. 
They are begging for action sooner, rather than later. When 
this happens to a person, they feel violated. They are 
frustrated. They are angry. It takes way too long to get 
through the system, and many times they have a hard time just 
proving who they are and then it takes a longer time to get 
their credit report cleaned up.
    Myself and Mr. LaTourette from Ohio have introduced the 
Identity Theft and Financial Privacy Protection Act with nearly 
50 cosponsors, many of whom are sitting in this room. If this 
bill is enacted, it will go a long ways toward fighting the 
rise of identity theft. It is not perfect. I know there are 
other proposals that should also be enacted, but I firmly 
believe that every provision of this bill will enhance our 
citizens's security and improve our credit process. I know that 
Mr. LaTourette shares my conviction.
    As I said, I believe the time to act is now, during our 
discussion of FCRA. I believe the problem of identity theft is 
so severe that any extension of FCRA that I support must 
include significant measures to fight identity theft. It seems 
to me there is no option. We in Congress must act this year to 
protect both our consumers and financial institutions from the 
disastrous effects of identity theft. I want to thank each of 
the witnesses for giving up your time today to talk about 
identity theft and the broader issue of reauthorization of 
FCRA. I look forward to continued debate on the subject and to 
all your comments, and to my ranking member and to the chair, 
thank you so much for everything you have done on this issue. 
Thanks.
    Chairman Bachus. Thank you.
    I want to recognize the lady from Oregon, Ms. Hooley. You 
and Mr. LaTourette have worked with other members of this panel 
on identifying identity theft issue and the need for the 
personal information of consumers to be more secure, and to 
take steps in this legislation going forward to make our 
ability to combat identity theft more effective.
    At this time, I will recognize the gentleman from Ohio, Mr. 
LaTourette.
    Mr. LaTourette. Thank you very much, Mr. Chairman.
    I want to thank you very much for having this hearing 
today, together with the Ranking Member. I want to bring to the 
subcommittee's attention an individual who is going to be 
testifying on the second panel today, and that is Maureen 
Mitchell, who hails from my hometown in Madison, Ohio. I have 
known Maureen and her family for a number of years. As a matter 
of fact, her son and my daughter traversed their way through 
the Madison public school system together. It came as a 
surprise to me when in 1999 she called and said, ``Steve, I 
need your help.'' It should be noted that Maureen is usually an 
unflappable registered nurse, a licensed realtor, and a wife 
and mother. It was clear to me that something serious was going 
on, causing her to come visit us in Painesville.
    What I did not know and could not have expected was the 
unbelievable saga that was about to unfold for Maureen and her 
family. She had discovered that she was a victim of identity 
theft. Her determined efforts to resolve the situation through 
repeated calls to her creditors, law enforcement, and the FTC, 
credit reporting agencies were only leading her further down a 
downward spiral of frustration and financial strife. In the 
years since her first visit to my office, Maureen has testified 
before a number of committees here in Washington and most 
recently in the Statehouse in Columbus, Ohio. One of the things 
that I found interesting was that in some instances of identity 
theft you say, well, you went online and you bought something 
using a credit card on a computer, you had your wallet stolen 
or your purse stolen, or maybe somebody broke into your 
mailbox, but none of those items were present in Maureen's and 
Ray's case.
    The severity of Maureen's case is what inspired me, along 
with my good friend Darlene Hooley, in the 106th Congress to 
begin working on a bill. In this Congress, it is known as the 
Identity Theft and Financial Privacy Protection Act. Mr. 
Sanders will be pleased to know that one of the provisions in 
that bill is in fact the provision that every consumer receive 
a free credit report from the agencies, and his idea has been 
adopted as well.
    With reauthorization of the Fair Credit Reporting Act a 
likelihood later in this year, our committee is in a unique 
position to take the necessary steps to improve and continue 
the fight against identity theft, which is one of the fastest 
growing, most personally destructive and invasive crimes that 
can be committed against an individual. I would urge all of my 
colleagues to read Maureen's complete written testimony, as 
hers is a compelling case for this committee to act in a swift 
fashion. To give you some idea of the enormity of the extent 
that the Mitchell family has been victimized, all told it is 
well over $100,000. Their identities have been used to apply in 
a 2-hour period for $45,000 worth of personal loans at three 
different banks in Chicago, and they are the proud owners of 
two luxury sport utility vehicles, neither of which they ever 
purchased.
    Maureen, I want to thank you for being here today and I 
hope that one day you will have the opportunity to visit 
Washington without an invitation to testify on your identity 
theft ordeal. Hopefully this hearing and legislation will begin 
to help you and the thousands of other victims of this crime 
get your lives back on track.
    Again, Mr. Chairman, thank you for holding these hearings, 
and I very much look forward to hearing from our witnesses.
    Chairman Bachus. Thank you, Mr. LaTourette. You have 
chaired some of the hearings in this regard, and I very much 
appreciate that.
    Let me read down through the list and see if any of the 
members have opening statements. This is in order of arrival. 
Ms. Kelly, do you have an opening statement? I also want to say 
that Ms. Kelly was the first member to hold hearings on 
information security in the House of Representatives, and we 
very much appreciate your early identification of the issue of 
identity theft.
    Mrs. Kelly. Thank you, Mr. Chairman.
    I really appreciate the fact that you are holding this 
hearing on the role of the FCRA in preventing identity theft. 
Earlier this year, we chaired a joint hearing together on 
fighting identity fraud and improving information security. In 
that hearing, what we learned was that identity theft is among 
the fastest growing crimes in America. It is a top consumer 
complaint according to the FTC. More importantly, we discovered 
that combating identity theft requires the collaborative effort 
of law enforcement and regulatory agencies, as well as 
consumers and financial institutions. All four need to be 
involved if we are going to stop identity theft, and all of 
them have to have appropriate access to appropriate 
information.
    As this committee continues to explore the reauthorization 
of the FCRA, I would like to stress the impact that this law 
has had on our ability to combat identity theft and help the 
law enforcement officials in charge of tracking down illicit 
money get that job done. They do that job under the USA PATRIOT 
Act, this is one of the really positive things of the USA 
PATRIOT Act, and the FCRA has helped do that. The FCRA and 
information sharing that it has provided is essential to 
protecting the American people by detecting suspicious activity 
and weeding out the wrongdoers.
    The national uniform standards under the FCRA have also 
facilitated a financial institution's ability to utilize 
additional authentications and identity verifications to 
protect consumer security. The protections incorporated in the 
FCRA are critically important in enabling victims to correct 
the damage to their credit histories created by identity 
thieves.
    Over the last few weeks, we have heard testimony from many 
diverse panelists from lots of different witnesses endorsing 
the extension of the FCRA uniform standards. The Department of 
Treasury specifically highlighted the importance of the 
national credit reporting system in helping to detect identity 
theft, and in creating a framework for assisting its victims. I 
share these views and I think we have got to reauthorize the 
FCRA to protect Americans from really truly hideous and 
preventable crimes.
    I thank all of the witnesses for appearing here today. I 
look forward to hearing what you have to say on strengthening 
our network to combat identity theft. But I am also pleased, 
and I am going to take a moment here to introduce one of the 
special witnesses from the great State of New York who will 
appear on the third panel. His name is Joshua Peirez. He is the 
Senior Vice President and Assistant General manager for 
MasterCard. Mr. Peirez is the counsel for MasterCard's North 
American region and he comes from my county, Westchester County 
in New York. It is great to have Mr. Peirez here. I look 
forward to his testimony and the testimony of all of the 
witnesses.
    I thank you and yield back my time.
    Chairman Bachus. I appreciate that.
    At this time, the Chairman recognizes the gentleman from 
Texas, Mr. Hinojosa. Also, Mr. Hinojosa, I want to say that you 
and I will be holding hearings Thursday on expanding 
consumers's rights to obtain financial services in the low-and 
middle-income communities, and the need of the underserved for 
more financial services.
    Mr. Hinojosa. Thank you, Mr. Chairman. I look forward to 
working with you on that hearing on Thursday.
    Today, I want to thank Chairman Bachus and Ranking Member 
Sanders for holding this final non-legislative hearing today to 
investigate the role of the Fair Credit Reporting Act in 
fighting identity theft. It is necessary that we continue to 
assess the importance of the national credit reporting system. 
I look forward to this hearing and to hearing additional 
testimony to further clarify this issue.
    As I noted at the first hearing, my office was contacted 
frequently by numerous individuals and groups about the Fair 
Credit Reporting Act in the first half of this year. I 
personally heard from industry, consumer groups and several 
regulators on the issue. Lately, I have not been contacted by 
industry groups nor consumer groups on what they would like 
included in the legislation that likely will be crafted and 
introduced in the near future. It is my hope that Treasury and 
the Administration will publish its long-awaited proposals on 
identity theft and the FCRA, perhaps as soon as this week.
    Most of us realize that language has been available at the 
Treasury Department, but the White House has been taking its 
sweet time deciding what position to take on Treasury's 
proposal, while also watching closely the developments in the 
House and the hearings in the Senate. In 2001, more than 
117,000 complaints from identity theft victims were added to 
FTC's database. In 2002, those complaints increased to almost 
162,000. According to FTC Chairman Beales, the dramatic 
increase may reflect a growing awareness of consumers about 
identity theft.
    Consumers who call the FTC hotline receive telephone 
counseling from specially trained personnel who provide general 
information about identity theft and help guide victims through 
the steps needed to resolve the problems resulting from the 
misuse of their identities. Consumers are advised to contact 
the three national consumer reporting agencies and have a fraud 
alert place in their file, close accounts identity thieves have 
accessed, dispute unauthorized charges and report the theft to 
the police and get a police report.
    Identity theft occurs when a consumer's Social Security 
number, credit card number, or name is used without his or her 
knowledge to open fraudulent credit, telecommunications or 
utility accounts, or to use already existing accounts. It can 
also occur when an individual's name is used unknowingly to 
pass bad checks or to get loans, jobs or obtain housing. This 
crime potentially affects every consumer in all sectors of the 
financial services industry, including financial institutions, 
credit card companies, insurance companies, mortgage companies, 
and hospitals. The theft can be carried out over the telephone 
by computer hacking into an individual's confidential files or 
by stealing hard copies of a company's billing information. The 
victim of the theft usually does not realize the information 
has been stolen until sometime later. As a result, these crimes 
could be used to support terrorism, among other criminal 
activities.
    Today, I cosponsored H.R. 2035, the Identity Theft and 
Financial Privacy Protection Act of 2003, introduced by my 
friend, Congresswoman Hooley, the Chair of the Democratic Task 
Force on Identity Theft on which I serve. The Task Force 
investigated the exploding problem of identity theft, the 
fastest growing white collar crime in America, and other 
financial crimes. I decided to cosponsor Congresswoman Hooley's 
legislation because it contains strong provisions that will 
help fight identity theft. These provisions in this bill are 
extremely important to us in Texas, which ranks fifth in the 
number of identity theft complaints reported to the FTC.
    I have said in the past that one of the main decisions we, 
as a Committee, needed to make is whether to extend all seven 
exceptions to the Fair Credit Reporting Act that preempt State 
law, just some of the exceptions or none of them. They all 
expire January 1, 2004. On June 11, 2003, I and several new 
Democrats cosigned a letter to Chairman Oxley and Ranking 
Member Frank looking towards their leadership to ensure that 
legislation extending the seven expiring provisions of the Fair 
Credit Reporting Act is passed by the House and Senate before 
their termination on January 1 of next year. I believe that 
these seven provisions enhance the efficiency of the nation's 
credit system, promote access to the financial industry, 
protect American consumers, and I am firmly committed to 
extending them.
    With that said, Mr. Chairman, I ask that the rest of my 
statement be included in today's record of the proceedings.
    [The prepared statement of Hon. Ruben Hinojosa can be found 
on page 76 in the appendix.]
    Chairman Bachus. I thank the gentleman.
    I now recognize subcommittee Chairman Castle and commend 
him for his expertise in the matter of FCRA and your 
participation in these hearings.
    Mr. Castle. Thank you, Mr. Chairman.
    When they write the book about pieces of legislation not 
having sufficient hearings, anyone who protests that you did 
not have sufficient hearings, send them to me. We have had more 
hearings on this subject, more panels than anything that I 
remember since I have been in the Congress of the United 
States, and I came with you, on the Fair Credit Reporting Act. 
And they have been informative, and I believe it has served its 
purpose, Mr. Chairman. I think we have a consensus forming on 
both sides of the aisle, now both sides of the Capitol, that 
extending the preemption provisions in FCRA is essential to our 
economy.
    I am particularly interested in today's topic, the role 
FCRA plays in fighting identity theft because that is at the 
heart of people's concerns about their financial privacy. As we 
seek to pass legislation to extend FCRA's preemptions, we need 
to be careful that efforts to improve FCRA in the name of 
privacy do not have unintended consequences of undermining the 
ways FCRA currently prevents identity theft. I think today's 
hearing will establish the foundation we need to make sure the 
law of unintended consequences does not become an amendment to 
future legislation in the area.
    I would like to mention way down on the third panel is an 
extraordinary Delawarean and American, Jim Kallstrom, who is 
now living in the State of Delaware. I think it is safe to say 
that when times get tough and the nation needs smart capable 
people to serve, Jim Kallstrom's name rises quickly to the top. 
In addition to his decades of service to our nation as a Marine 
Corps captain in Vietnam and an FBI Special Agent in Charge, 
Mr. Kallstrom rose to the occasion after 9-11, leaving MBNA, 
where he works in Delaware, to serve as the Director of public 
security for the State of New York. There he was responsible 
for counterterrorism planning and operations and served as the 
point of contact for the State with the then-White House Office 
of Homeland Security. Now Jim splits his time among advising 
the Governor of New York on counterterrorism, advising MBNA, 
and hosting the Discovery Channel weekly show, The FBI Files. 
So we thank him very much for being here today and look forward 
to his testimony, as well as the testimony of the others.
    Thank you, Mr. Chairman.
    Chairman Bachus. Thank you.
    Mr. Lucas or Mr. Crowley, do you have opening statements?
    Mr. Crowley. Mr. Chairman, I do not have an opening 
statement. I just want to welcome someone later on as well in 
the second panel, Maureen Mitchell, who is nee Sullivan. She 
now lives in Ohio, but was originally from Woodside, Queens. 
Just for the record, I want to welcome her if I am not here 
later on.
    Thank you, Mr. Chairman.
    Chairman Bachus. I thank the gentleman from New York.
    At this time, it is my pleasure to introduce the gentleman 
from Arizona, Mr. Shadegg, and to remind members of the 
committee that it was Mr. Shadegg that actually introduced the 
Identity Theft and Assumption Deterrence Act and was the main 
sponsor of that legislation. So I commend you for that, Mr. 
Shadegg, and we welcome your participation in this hearing and 
your early leadership.
    Mr. Shadegg. Thank you very much. Thank you, Chairman, 
Bachus, for allowing me to be a part of this Financial 
Institutions Subcommittee hearing on identity theft. I am 
pleased to be here to listen to the testimony that will be 
provided by our distinguished witnesses.
    I am particularly interested in hearing the testimony from 
our second panel, the victims of identity theft. I strongly 
believe that we will learn the most about appropriate 
legislative responses from those who have experienced this 
crime first-hand and are intimately familiar with the 
difficulties victims face in trying to clear their name and 
repair their credit after an identity theft crime has occurred.
    My personal interest in identity theft began about five 
years ago when two of my constituents, Bob and JoAnn Hartle of 
Phoenix, Arizona were the victims of identity theft. 
Unfortunately, Mr. and Mrs. Hartle could not be here with us 
today to tell their story. I am confident that we would have 
benefited from their experience and expertise as independent 
consultants to other consumer victims of identity theft. Mr. 
Chairman, I would like to request unanimous consent to submit 
for the record their written testimony.
    Chairman Bachus. Without objection.
    Mr. Shadegg. Bob and JoAnn Hartle were instrumental in 
getting the first State law in the nation to criminalize 
identity theft passed. Mr. and Mrs. Hartle suffered the 
devastation of identity theft when a convicted felon took Mr. 
Hartle's identity and made purchases totaling over $100,000. 
This individual also used Mr. Hartle's identity to obtain a 
security clearance to secure areas of Phoenix's Sky Harbor 
International Airport, and to purchase handguns using Mr. 
Hartle's clean record to get around the Brady gun law.
    As a result of this victimization, Mr. and Mrs. Hartle were 
forced to spend more than four years of their lives and more 
than $15,000 of their own money to restore their credit because 
there were no Federal penalties for identity theft. Their case 
led me to introduce a bill in the House that was eventually 
signed into law, the bill you referenced, Mr. Chairman, the 
Identity Theft and Assumptions Deterrent Act of 1998. It gave 
law enforcement agencies the authority to investigate and 
prosecute identity theft crimes. Mr. and Mrs. Hartle turned 
their experience into something positive by establishing a 
nonprofit organization to assist other victims of identity 
theft. Their Web site, Error! Bookmark not defined., is 
available to provide guidance to identity theft victims 
nationwide. Identity theft ranges from individual instances 
like the Hartles involving small or large dollar amounts, to 
large organized professional crime rings. TriWest Healthcare 
Alliance, a company located in my district, may have been the 
victim of a professional crime ring. On December 14, 2002, 
computer hard drives containing their clients's sensitive, 
personally identifiable information were stolen from TriWest 
Phoenix's office.
    The nature of identity theft has changed and threat is more 
likely than ever to come from breaches of data security. 
According to the Federal Trade Commission, there is a shift by 
identity thieves from going after single individuals to going 
after mass amounts of information. Law enforcement experts now 
estimate that half of all cases come from the thefts of 
business databases as more and more information is stored in 
computer databases that are vulnerable to attack from hackers.
    The identity theft legislation that I introduced and was 
signed into law in 1998 was an important first step on the road 
to crack down on identity fraud crimes. However, Mr. Chairman, 
clearly more legislation is needed in this area to protect 
consumers from identity theft. I am currently working on my own 
draft and there have been many others discussed here today, 
some of which have already been introduced. I look forward to 
hearing the testimony from our witnesses and to working with 
you and the other leaders in the Congress on legislation in 
this area.
    I thank you and I yield back the balance of my time.
    Chairman Bachus. Thank you.
    I would like to again thank the gentleman from Arizona for 
participating in our hearing. We felt like having the author of 
the first piece of Federal legislation to combat this problem 
would be appropriate, and we certainly appreciate your 
participation.
    Mr. Shadegg. Thank you, Mr. Chairman.
    Chairman Bachus. I think it is appropriate that with Mr. 
Shadegg's opening statement, I understand no other members of 
the subcommittee have opening statements. That being the case, 
I think it is appropriate for us to move to our first panel. I 
want to introduce them.
    Mr. Howard Beales, III. Mr. Beales is testifying for the 
third time in our series of hearings. He is the Director of the 
Bureau of Consumer Protection at the Federal Trade Commission. 
We always find your testimony enlightening, Mr. Beales, and we 
welcome you back.
    Mr. Daniel Mihalko, Inspector in Charge of the United 
States Postal Inspection Service, we appreciate your assistance 
with the subcommittee in preparing for these hearings. Mr. Tim 
Caddigan, Special Agent in Charge, Criminal Investigation 
Division, the United States Secret Service, we welcome you, Mr. 
Caddigan. And last but not least, Ms. Mary Ann Viverette, who 
is the Chief of Police for the City of Gaithersburg, Maryland, 
which is a suburb of Washington, on behalf of the International 
Association of Chiefs of Police. We welcome you to this 
morning's hearing.
    Mr. Beales, if you would lead off with your testimony.

 STATEMENT OF J. HOWARD BEALES, III, DIRECTOR OF THE BUREAU OF 
         CONSUMER PROTECTION, FEDERAL TRADE COMMISSION

    Mr. Beales. Thank you very much, Mr. Chairman and members 
of the subcommittee. It is a pleasure to be back in front of 
you again today.
    I am pleased to have this opportunity to discuss identity 
theft and its relationship to the Fair Credit Reporting Act. 
The views expressed in the written statement are those of the 
Commission, but my oral presentation and responses to questions 
are my own and do no necessarily represent the views of the 
Commission or any individual commissioner.
    Identity theft, as you noted, can be devastating to 
consumers's reputations, to their financial well-being and to 
their sense of security. At the FTC, we are fighting identity 
theft on many fronts. For example, in partnership with the 
Justice Department and all of the agencies that are represented 
at this table, the Postal Inspection Service, the Secret 
Service, and the International Association of Chiefs of Police, 
we are training local law enforcers on how to fight identity 
theft. Today, we are holding a training session in Westchester, 
New York.
    We at the FTC are also providing law enforcers with case 
referrals from our identity theft data clearinghouse. We are 
also working to keep consumers' financial data safe through our 
new safeguards rule, which took effect at the end of May, and 
our enforcement actions against companies that fail to keep 
their security promises to consumers. Just last week, we 
announced a settlement with online retailer Guess.com for 
failing to protect customer data as promised. We also released 
a tip sheet for businesses on the steps they should take to 
assure the security of their online systems.
    Through workshops, educational campaigns and our ID theft 
hotline, we are counseling consumers and businesses on how to 
prevent identity theft. We are also providing consumers with 
tools such as our uniform identity fraud affidavit to help them 
recovery more quickly and easily from identity theft.
    Today, you have asked for testimony about identity theft in 
the Fair Credit Reporting Act. In addition to harming 
consumers, identity theft threatens the fair and efficient 
functioning of consumer credit markets. It undermines the 
accuracy and credibility of the information flows that support 
those markets. Credit bureaus are simultaneously a target for 
identity thieves and a valuable resource for combating identity 
theft. The credit reporting system can play an important role 
in helping to detect identity theft, in limiting the damage 
from identity theft, and in helping victims to clean up the 
mess that thieves leave behind.
    The Fair Credit Reporting Act helps consumers detect 
identity theft by providing consumers access to credit reports 
when they need them most. A credit report digests in one timely 
document all accounts opened in the consumer's name, and it is 
the best way to discover those accounts that may have been 
opened by an impostor. Under the FCRA, consumers who believe 
they may have fraudulent information in their files are 
entitled to a free credit report.
    Moreover, the FCRA requires that consumers who are denied 
credit based on information in a credit report be notified of 
the adverse action and given the opportunity to obtain a free 
copy of the credit report. This adverse action notice can alert 
consumers that they may have bad marks on their credit record 
that they do not know about. The free credit report helps them 
to pinpoint the fraudulent or erroneous accounts. Adverse 
action notices provide consumers with a critical safeguard and 
we are vigorously enforcing the FCRA's adverse action 
provisions.
    In addition to helping victims detect identity theft, the 
credit reporting system helps limit the damage that identity 
thieves can cause by allowing for the placement of a security 
alert in a victim's credit file. Currently, the three major 
credit bureaus include a standardized format security alert in 
the credit reports of identity theft victims. This alert puts 
potential creditors on notice that they should proceed with 
caution when granting credit in the victim's name.
    Finally, the credit reporting system can help identity 
theft victims clean up the bad credit marks caused by a thief. 
A common problem of victims is that they find it difficult to 
get credit, insurance or employment in the wake of an identity 
theft incident because the impostor has damaged their credit 
history. The big three credit bureaus now allow victims to 
block fraudulent information on their credit report with a 
valid police report of the identity theft incident.
    We are working with the credit bureaus to develop other 
victim assistance programs. For example, this spring the credit 
bureaus implemented their joint fraud alert initiative whereby 
victims only need to call one credit bureau to get a security 
alert and a free credit report from all three. These and other 
kinds of steps can help to reduce the costs and the 
consequences for identity theft victims, but there is clearly 
more to be done.
    I thank you for the opportunity to appear today. I look 
forward to responding to your questions.
    [The prepared statement of J. Howard Beales III can be 
found on page 87 in the appendix.]
    Chairman Bachus. I appreciate that.
    Mr. Mihalko?

     STATEMENT OF DANIEL L. MIHALKO, INSPECTOR IN CHARGE, 
CONGRESSIONAL & PUBLIC AFFAIRS, UNITED STATES POSTAL INSPECTION 
                            SERVICE

    Mr. Mihalko. Thank you, Mr. Chairman. Good morning, members 
of the subcommittee. On behalf of the Postal Inspection 
Service, I would like to thank you for holding this hearing and 
giving me the opportunity to discuss identity crimes and the 
significant role the Postal Inspectors play in combating it.
    To put things in perspective, I would like to start by 
talking about three things: the mail, the Postal Service and 
identity crimes. The Postal Service delivers about 200 billion 
pieces of mail each year. In this country, there is an 
expectation that each one of those pieces is going to get 
delivered not only in a timely manner, but it is not going to 
be tampered with, no one is going to take anything out of it, 
no one is going to read the correspondence. The responsibility 
for safeguarding those 200 billion pieces of mail rests with 
the Postal Inspection Service.
    As Federal law enforcement officers, we ensure the 
confidence in the mail by enforcing over 200 Federal statutes 
that deal with the mail. Primary among those are the theft or 
possession of mail and the oldest and the still most effective 
consumer protection law, the mail fraud statute. Last year, 
Postal Inspectors made over 11,000 arrests, 6,000 of those were 
for mail theft. Of those 6,000, 2,000 were for identity theft 
crimes. In fiscal year 2003, we have already surpassed that 
number of identity theft arrests.
    I think this morning we have already heard some good 
explanations and definitions of what identity theft is and the 
way it occurs. Over the years, Postal Inspectors have developed 
an expertise in working these types of cases, particularly when 
they involve the use of the mail. Those that involve the use of 
the mail receive swift action by Postal Inspectors. We work 
hard to ensure consumers are being protected. In addition, we 
work closely with the mailing and the financial industry to 
develop guidelines on how best to design mailing pieces to 
prevent theft. This partnership illustrates how the industry as 
a whole is serious about the issue. Mail is very important to 
consumers who receive it, and it is very important to the 
businesses that send it.
    I am sure all of you have received preapproved credit 
applications in the mail. Those mailings were prime targets for 
an identity thief because they simply required a signature and 
the return of the form back to the company. When stolen from 
the mail, the thief could redirect the response to the 
application to a different address and have the credit card 
sent there. But times have changed due to our efforts and 
industry awareness. For example, credit card companies have 
adopted our security recommendations and now automatically 
discard applications when they are returned with a change of 
address, making them less attractive to the identity thief. 
Also, industry has changed its practices. Credit offers now 
contain much less information.
    Fraudulent changes of address sent through the post office 
used to be another favorite vehicle for identity thieves, but 
not anymore. The proactive effort by the Postal Service to 
prevent false changes of address is the move validation letter. 
When a change of address is filed now, the Postal Service sends 
a letter to both the old and the new address. The letter 
instructs the individual to call an 800 number if they have not 
filed the change of address. This simple measure has virtually 
eliminated the placing of false change of addresses with the 
Postal Service as an avenue for committing identity theft.
    As we have made it more difficult for mail theft to be a 
component of identity theft, the crime has evolved to the 
Internet and other electronic means. Personal information 
contained in corporate and government records and computer 
databases is a fertile area for dishonest employees working in 
conjunction with identity thieves. Businesses understand the 
need to protect their personal data. Improved data security 
should be a goal of all businesses. We can measure arrests and 
the effectiveness of law enforcement efforts, but it is hard to 
measure the full impact on victims, and it can be devastating. 
I am sure you are going to be hearing about that in your second 
panel when the victims testify. A couple of interesting points, 
most victims do not learn about the theft of their identity 
until 14 months after it has occurred. It generally takes about 
44 months to clear up their cases, and victims report that they 
spend on average 175 hours actively trying to restore their 
credit rating and to clear their good name. Victims run the 
gamut of society. They are wealthy; they are poor; they are 
old; they are young. No one is immune and everyone is a 
potential victim.
    Our experience has shown that enforcement laws coupled with 
an aggressive education campaign, the cooperation of industry 
and the interagency enforcement efforts are invaluable tools in 
the fight against identity crimes. In addition to modifying 
industry practices and making financial mailings less 
attractive to a thief, our partnerships have resulted in a 
number of fraud prevention guides. The first one is Identity 
Theft, Safeguard Your Personal Information. This is a Postal 
Inspection Service publication we first put out in the late 
1990s. As of this point, we have printed and distributed over 2 
million of these guides to businesses and consumers.
    Second is a video called Identity Theft, The Game of the 
Name. This is a video that is put out for law enforcement, for 
consumer groups, and for corporate personnel. It talks about 
the dangers of identity theft and some prevention tips. Another 
guide that we put together is Detecting and Preventing Account 
Takeover Fraud, a publication which goes towards credit 
grantors with information for preventing takeover schemes. 
Later this year, the joint law enforcement-financial industry 
task force called the Financial Industry Mail Security 
Initiative will issue a book on best practices developed over 
the years.
    As Congresswoman Kelly said, aggressive law enforcement 
efforts are not enough. They are a key component of our 
mission, but arrests are not the only solution. We have found 
that creating awareness and prevention programs for consumers 
can go a long way to lessen the impact this crime has on the 
public. In addition to the two brochures and the videos 
mentioned, we partnered with Showtime network in 2000 to 
produce a Showtime movie on television about identity theft 
based on cases of Postal Inspectors. This past year during 
national consumer protection week, Postal Inspectors partnered 
with the Postal Service's consumer advocate in a nationwide 
awareness campaign on identity theft. This September, the 
Postal Inspection Service, along with our partners the FTC and 
the Postal Service, will be unveiling yet another nationwide 
campaign. This one is also on identity theft.
    This year, we are going to take a two-pronged approach. We 
are going to be providing information to consumers as we have 
in the past, but we are also going to be addressing businesses 
on the need to safeguard their files and databases of 
customers' information. Actor Jerry Orbach of television's Law 
and Order fame, who also was a victim of identity theft, has 
agreed to be the campaign spokesperson. The campaign will 
include a mailing to residences in 10 States identified by the 
FTC as reporting the most identity theft complaints, a public 
service announcement featuring Jerry Orbach, and an identity 
theft insert outlining prevention tips that will be included 
with monthly financial industry statements. We will be 
displaying in lobbies in all 38,000 post offices, which is 
going to make people aware of identity theft and some of the 
prevention tips. We are also going to produce another 
informational video and we are going to place half-page 
newspaper ads in the major newspapers in the 10 States that the 
FTC identified as having the most complaints.
    The Mullen agency of Pittsburgh has provided support for 
this campaign on a pro bono basis, but what really makes this 
campaign unique is the funding source. We have all heard the 
saying, ``crime does not pay.'' Well, in the case of this 
awareness case, it does pay. This campaign is being funded 
through a unique application of fines and forfeitures paid by 
criminals in a past fraud case.
    Educating the public and working to reduce opportunities 
where the Postal Service and the mail can be used for illegal 
purposes are crucial elements in our fight against identity 
crimes. As always, we will do our part to remove criminals from 
society. We appreciate the subcommittee's recognition of the 
importance of this issue.
    Thank you, Mr. Chairman.
    [The prepared statement of Daniel L. Mihalko can be found 
on page 165 in the appendix.]
    Chairman Bachus. Thank you.
    Special Agent Caddigan?

 STATEMENT OF TIM CADDIGAN, SPECIAL AGENT IN CHARGE, CRIMINAL 
      INVESTIGATIVE DIVISION, UNITED STATES SECRET SERVICE

    Mr. Caddigan. Mr. Chairman, Mr. Sanders, thank you for 
inviting me to be part of this hearing today and the 
opportunity to address the committee regarding the Secret 
Service's efforts to combat identity crime and protect our 
nation's financial infrastructure.
    The explosive growth of identity theft-related crimes has 
resulted in the evolution of the Secret Service into an agency 
that is recognized worldwide for its expertise in the 
investigation of all types of financial crimes. Our efforts to 
detect, investigate and prevent financial crimes are 
aggressive, innovative and comprehensive. The burgeoning use of 
the Internet and advanced technology, coupled with increased 
investment and expansion, has intensified competition within 
the financial sector. Although this provides benefits to the 
consumer through readily available credit and consumer-oriented 
financial services, it also creates a target-rich environment 
for today's sophisticated criminals, many of whom are organized 
and operate across international borders.
    Identity crime is not targeted at any particular 
demographic. Instead, it affects all types of Americans 
regardless of age, gender, nationality or race. What victims do 
have in common is the difficult, time-consuming and potentially 
expensive task of repairing the damage that has been done to 
their credit, their savings and their reputation. According to 
the GAO, the average victim spends over 175 hours attempting to 
repair the damage inflicted by identity crime.
    Identity crimes originate when another person obtains your 
personal or financial identifiers. Methods of acquiring such 
information range from the so-called ``dumpster diving'' where 
the criminal searches through your garbage for billing 
statements or other documents that may include personal 
identifiers, to insiders who purge information from their own 
company's database and place it for sale on the Internet.
    Since our inception in 1865, the twin pillars of the Secret 
Service have been prevention and partnership building. A 
central component of the Secret Service's preventive effort has 
been to increase awareness of issues related to identity crime, 
both in the law enforcement community and among the general 
public. The Secret Service has undertaken a number of unique 
initiatives aimed at increasing awareness and providing the 
training necessary to combat identity crime and assist victims 
in rectifying damage done to their credit. This includes the 
development of a number of training tools designated to assist 
our local law enforcement partners.
    Mr. Chairman, I cannot emphasize enough the importance of 
sharing expertise with our local and state police partners, and 
empowering them with the ability to respond on the local level 
to identity crimes. In a nation of thousands and thousands of 
communities and a population exceeding 270 million, providing 
the first responder, in this case a local police officer, with 
the training and information they need to investigate an 
identity crime and provide victim assistance, is imperative.
    We believe the Secret Service can best service the American 
people by acting as a force multiplier. In other words, 
directing our efforts towards providing the 700,000-plus local 
and State law enforcement officers with the tools and resources 
they need to provide assistance in their communities. In 
partnership with the International Association of Chiefs of 
Police, the Secret Service produced the best practice guide for 
seizing electronic evidence. This pocket-sized guide instructs 
law enforcement officers in the seizure of evidence, from 
personal computers, wireless telephones, to digital cameras. We 
have also worked with this group and our private sector 
partners to produce the interactive computer-based training 
program known as Forward Edge, which incorporates virtual 
reality features and technical support to instruct local law 
enforcement officers on how to address an electronic crime 
scene.
    Thus far, we have distributed free of charge over 300,000 
best practice guides and over 20,000 Forward Edge CDs to State, 
local and Federal law enforcement officers. In addition, we are 
nearing completion of an identity crime video and CD-ROM which 
will contain over 50 investigative and victim assistance 
resources that law enforcement officers can use when combating 
identity crime. In the coming weeks, we will be sending an 
identity crime CD-ROM to every law enforcement agency in the 
United States. Over 25,000 identity crime CD-ROMs are being 
prepared for distribution.
    In short, any police department in the country, regardless 
of size or resources, now has access to state-of-the-art 
training as well as multiple investigative and victim 
assistance resources to help them combat identity crime. In a 
joint effort with the Postal Inspectors, the FTC, the 
Department of Justice and the International Association of 
Chiefs of Police, we are hosting identity crime training 
seminars for local law enforcement. In the last year, we have 
held such training seminars in Chicago, Dallas, Las Vegas, Des 
Moines, Washington, D.C., and Phoenix, and seminars are planned 
in the near future for Washington State and Texas. One, as 
previously reported, is ongoing in New York State as we speak.
    For law enforcement to properly prevent and combat identity 
crimes, steps must be taken to ensure that State, local and 
Federal agencies are addressing victims' concerns in addition 
to actively investigating identity crime. It is essential that 
law enforcement recognize that identity crimes must be combated 
on all fronts, from the officer who receives the victims's 
complaints to the detective or agent investigating an organized 
identity crime ring. The Secret Service is prepared to assist 
this committee in protecting and assisting the people of the 
United States with respect to prevention, identification and 
prosecution of identity criminals.
    Mr. Chairman, that concludes my prepared remarks. I am 
happy to answer any questions your or the committee members may 
have.
    [The prepared statement of Tim Caddigan can be found on 
page 100 in the appendix.]
    Chairman Bachus. Thank you, Agent Caddigan.
    At this time, we will hear from Chief of Police Viverette.

STATEMENT OF MARY ANN VIVERETTE, CHIEF OF POLICE, GAITHERSBURG, 
MARYLAND, ON BEHALF OF THE INTERNATIONAL ASSOCIATION OF CHIEFS 
                           OF POLICE

    Ms. Viverette. Good morning. I am pleased to be here this 
morning on behalf of the International Association of Chiefs of 
Police.
    As I appear before you today, the issue of identity theft 
is one of great and growing concern to the law enforcement 
community. In a relatively short period of time, identity theft 
has transformed from a relatively unnoticed crime to a major 
problem in the United States and around the world. In the last 
few years, personal information has become one of the 
commodities most sought after by criminals in this country and 
elsewhere.
    Although identity theft is in itself a criminal act under 
both Federal and most State laws, the theft is almost always a 
stepping stone to the commission of other crimes such as credit 
card, bank, computer and Internet fraud, designed to enable the 
perpetrator to profit from the original theft. Furthermore, 
funds obtained illegally as a result of the identity theft and 
its resultant frauds may be used to finance other types of 
criminal enterprises, including drug trafficking and other 
major forms of criminal activity. As the use of technology to 
store and transmit information increases, so too will identity 
theft.
    The ability to accurately define the financial losses of 
the vast number of crimes committed by means of identity theft 
is not possible at this time. Many identity theft crimes are 
not reported to the police and there is no single source of 
information on this issue. It is fair to say, however, that the 
cumulative financial losses from identity theft and various 
crimes that feed from it are staggering. However, perhaps even 
more tragic than the monetary loss, is the personal cost of 
identity theft. Because identity theft by definition involves 
the fraudulent obtaining of funds in the name of someone else, 
the victim of identity theft may sustain not only great 
financial loss, but also severe damage to credit standing, 
personal reputation and other vital aspects of the victim's 
personal life. Even if the victim ultimately clears his or her 
credit records and avoids other personal and financial 
consequences of identity theft, the physical and mental toll on 
the victim can be significant.
    Identity theft is not perpetrated only by so-called ``white 
collar'' thieves. It is committed by criminals of all types. A 
recent report indicated that during the period of November 1999 
to March 2001, about 12 percent of all suspected perpetrators 
had a personal relationship of some sort with the victim. 
However, the remaining 88 percent of suspects had no relation 
to the victim of the theft. In most cases, the thieves are 
geographically located far from the victim's place of work or 
residence. These perpetrators may be solo operators, but more 
often are members of a larger criminal organization. Such 
organizations may be local, regional, national or 
international.
    In early years, the involvement of local police departments 
in identity theft cases was typically minimal. In fact, many 
local police departments did not know how to respond because 
the crime was not well understood. This was caused by several 
factors, including the lack of State laws making identity theft 
a crime, the fact that most identity theft operations are 
multi-jurisdictional enterprises with perpetrator and victims 
usually widely geographically separated, and the general lack 
of police expertise in investigating the crime of identity 
theft.
    Fortunately, the situation is now rapidly being remedied. 
The passage of numerous Federal and State statutes has given 
law enforcement agencies the authority to investigate and 
prosecute identity theft crimes and departments everywhere are 
becoming more aware of the significance of identity theft and 
the availability of a means to combat it. Effectively combating 
identity theft will require not only the dedication of 
significant resources and personnel, but also greater 
collaboration and cooperation between Federal, State, tribal 
and local law enforcement agencies. This information-sharing 
among agencies is essential as it may not only lead to 
successful prosecution of the case in one jurisdiction, but 
concurrent investigations in other areas of the country. I am 
pleased to say that in recent years law enforcement agencies 
have made significant strides in this area, and are increasing 
our capability to investigate, track, apprehend and prosecute 
these criminals.
    Nevertheless, the law enforcement community cannot 
effectively combat identity theft by itself. Citizens need to 
take proactive steps to protect their personal information. 
Businesses must act to establish safeguards that will ensure 
that the personal information of their patrons is not exposed. 
Policymakers at all levels of government need to review current 
statutes to ensure that protection of personal information is a 
priority and develop legislation that will strengthen the 
penalties for identity theft. Only by acting to establish 
greater protections of personal information and by aggressively 
tracking down and punishing those who commit identity theft can 
we hope to turn the tide in this battle.
    Thank you, Mr. Chairman.
    [The prepared statement of Mary Ann Viverette can be found 
on page 202 in the appendix.]
    Chairman Bachus. I appreciate the testimony of the panel.
    At this time, I recognize the members for questions. The 
gentleman from Pennsylvania, Mr. Toomey?
    Mr. Toomey. Thank you very much, Mr. Chairman.
    I appreciate the testimony we have just heard. It is 
focused largely on enforcement of existing laws, which is 
obviously a very important part of this. But I was hoping that 
several of you might comment on whether better law enforcement, 
better training, more resources, more education, is that really 
likely, in your judgments, to reverse this really shocking 
trend that we have had, this big acceleration, this upward 
spike in the frequency of identity theft? Is better enforcement 
of existing law going to be sufficient to reverse this trend, 
in your minds, or do we need something above and beyond, in 
addition, or separate and apart from that?
    Mr. Beales, perhaps you would like to begin?
    Mr. Beales. I think we need to address the problem on many 
fronts. I think enforcement is a key part of any attempt to 
solve it. I think better penalties would be something that 
would certainly help and would enhance the enforcement effort. 
I think there are probably also things that can be done to help 
with prevention of the crime in the first place and to help 
victims recover more easily. We at a staff level are hard at 
work on a package of recommendations that we would bring 
forward to the commission and then to the Congress, but at this 
point we do not have any other recommendations.
    Mr. Toomey. Anyone else care to comment?
    Mr. Mihalko. Yes, I would like to comment.
    Resources are always an issue. We in law enforcement never 
have enough to go around. We do have plenty of good statutes, 
though, at least in the Postal Inspection Service. We have 
statutes that cover identity theft on both ends. If there is a 
theft of mail, we have excellent Federal statutes to deal with 
theft or possession of stolen mail. If the mail is not part of 
the initial scheme, but is then used to either mail a phony 
credit card or a counterfeit credit card, whatever it may be, 
we have an excellent statute there with the mail fraud statute.
    I think what we need, and what I hear from a lot of my 
inspectors out in the field, is that we need more resources for 
prosecutors. There seems to be a shortage of Federal 
prosecution of the identity theft-type cases. But like Mr. 
Beales said, we also agree that prevention and educating the 
consumer is a key component of fighting this crime. We just 
can't seem to get enough education out to people.
    Mr. Toomey. I would like to follow up on the prevention 
idea, because it seems to me there are different orders of 
magnitude of identity theft. Someone can grab a credit card 
carbon out of a wastebasket and identify my credit card number 
and perhaps run up some charges. That is a terrible thing, 
obviously. It is a serious crime, but it is something that I am 
likely to discover relatively quickly and I am likely to be 
able to avoid actually incurring the expense. The more serious 
types of crimes, of course, are those when someone establishes 
an identity, steals my identity, establishes accounts, obtains 
credit through this new bogus identity, and then might run up 
huge credit obligations, which I discover much, much later, 
which are a huge problem now.
    Are we doing enough to prevent that from happening? Are 
there more things that ought to be done by the private sector 
to prevent those kinds of abuses? I see, Officer, you are 
nodding your head. Do you have a response to that?
    Mr. Caddigan. I think we have seen in recent years the 
private sector and law enforcement come together on this issue. 
That has been tremendously beneficial to the consumer. I see 
the credit card companies, they not only share information 
among themselves, but with law enforcement. I see all law 
enforcement, State, local and Federal, coming together and 
sharing resources. State prosecutors are working with Federal 
prosecutors. It is not a crime that is going to be completely 
eliminated overnight, but from our perspective we do see growth 
in cooperation on all fronts, as Mr. Beales has said, that we 
have prevention, we have education, we have awareness.
    One of the areas that we are most concerned about is 
information security with regard to end-users and consumers. 
That is something that is taking a higher priority because when 
we do have, for example, a hacking situation, customer 
databases are stolen in bulk, that has a tremendous impact on 
the identity crime arena. When we can deal with end-users on 
how to safeguard their systems and safeguard their data files, 
that is going to be a huge impact. Those relationships are 
being built as we speak. Those conversations are being had at 
all levels with regard to security, information sharing and 
safeguarding information sharing. So I think from our 
perspective, that multi-front process is effective and it does 
handle not only the simple carbon theft, but it also deals in 
the international Internet theft or hacking case involving a 
large magnitude of identity crimes.
    Mr. Toomey. Does anybody else have a comment?
    Ms. Viverette. Yes, sir. Local law enforcement is really 
overwhelmed with investigating these, so I agree that 
prevention is part of the way to solve this. There are several 
recommendations by the investigators that look into these cases 
every day. One of those is the availability of instant credit 
tends to be a problem. They recommend requiring thumbprints or 
digital photos with any credit application.
    Mr. Toomey. So some kind of system for authenticating the 
applicant?
    Ms. Viverette. Yes, sir. And the addition of possibly a PIN 
number along with the credit card to additionally verify the 
user as the proper person.
    Mr. Toomey. Thank you very much.
    Thank you, Mr. Chairman.
    Chairman Bachus. I thank the gentleman from Pennsylvania.
    At this time, the Ranking Member, Mr. Sanders, is 
recognized.
    Mr. Sanders. Thank you, Mr. Chairman. A question for Mr. 
Beales, to begin with. Mr. Beales, in your oral statement, you 
mentioned that when consumers discover that they are victims of 
identity theft, they may receive a free copy of their credit 
report. In your judgment, wouldn't it be a good idea if all 
consumers were to get a free copy of their credit report to 
catch identity thieves quicker and correct errors in a prompt 
manner? In other words, if people were able to gain access to 
their reports, they would see aberrations and dishonest 
dealings. Does that make sense to you?
    Mr. Beales. The Commission has not taken a position on 
that. I think that there is no question that access to the 
credit report would help. I think under the existing statute, 
consumers have access to a free credit report when they are 
most likely to need it, which is when they think there is 
fraudulent information or when they find out that there is a 
problem.
    Mr. Sanders. I understand that. In general, given the 
significant increase in this horrendous type of crime, if 
people receive the reports, they would be able to spot the 
problem a lot quicker than is currently the case right now. I 
think one of the problems that we are hearing is that people do 
not know that they are being ripped off for, in some cases, a 
relatively long period of time. Don't you think this would 
expedite the process?
    Mr. Beales. I think it certainly could.
    Mr. Sanders. Okay. Thank you.
    Mr. Caddigan, do you have thoughts on that?
    Mr. Caddigan. I would agree that anything that would make 
the consumer more aware of his current situation is a 
preventive tool.
    Mr. Sanders. Okay. Thanks.
    Let me ask Chief Viverette a question. You may not want to 
answer it. It may be too political, but that is okay. One of 
the debates, the key debate that is going on here has to do 
with Federal preemption. Some of us believe that we should have 
very strong standards for identity theft and other consumer 
problems in general at the Federal level, but we should allow 
States to go forward in a more aggressive way if they want to. 
In fact, Maryland, as I understand it, is one of six States in 
the country right now which does require free credit reports. 
Is that correct?
    Ms. Viverette. I believe it is, yes, sir.
    Mr. Sanders. Okay. Now, I am not suggesting that Congress 
would take away Maryland's right to do that. I doubt that they 
would. But give us your thoughts about a State that has been 
proactive in trying to protect consumers, should States in your 
judgment continue to have that right?
    Ms. Viverette. The decision of the International 
Association of Chiefs of Police is normally to keep the rights 
at the State level. Yes, sir.
    Mr. Sanders. Okay. Thank you.
    Mr. Chairman, what you heard is from attorneys general from 
all over this country who believe that they should have the 
right to be aggressive in protecting consumers, and you are 
hearing from police officers as well, who want strong consumer 
protection. I would note the point that the chief made a few 
moments ago, which is a very important point. I am sure it is 
all over this country that local law enforcement is being 
overwhelmed. When somebody calls you up, that takes a heck of a 
lot of resources to address that problem. Is that correct, 
Chief?
    Ms. Viverette. Yes, sir.
    Mr. Sanders. All right. So I would suggest, Mr. Chairman, 
that we want to be as aggressive as we can. One way that we are 
aggressive is allowing States to go further than the Federal 
government.
    Thank you, Mr. Chairman, and I thank the panelists.
    Chairman Bachus. Thank you, Mr. Sanders.
    Ms. Kelly?
    Mrs. Kelly. Thank you, Mr. Chairman.
    Mr. Beales, you said that there can be some things done to 
help with prevention. Would you mind just expanding on that a 
little bit? You made the remark and then went on with something 
else.
    Mr. Beales. We are working on trying to develop and to 
analyze legislative ideas that we would recommend to the 
commission and then the commission would offer its advice if 
that was appropriate to you all. I think the one active 
prevention program that I think really should be seen as a 
prevention program that we are very much involved in now and 
should be continued is efforts to protect information security. 
Increasingly we see that as the source of the information that 
turns up in identity theft cases, and we see, frankly, very 
many businesses that have not taken basic precautions to 
protect the security of their information.
    We have brought cases in some of those instances, our guest 
case, that I mentioned, which involved the failure to close a 
well-known vulnerability in a system. And we have developed a 
business education pamphlet to encourage businesses to look for 
those kinds of known vulnerabilities and to fix them. I think 
that is an important preventive effort and I think there is 
more that can be done in that area in particular.
    Mrs. Kelly. One of the reasons that I am concerned about 
this is that we heard testimony just now about educating the 
consumer, but any more the way that identity theft can happen, 
there isn't any act that the consumer does necessarily. It is 
not about just making sure you tear up your credit card slips 
when you throw them out. Your identity can be stolen without 
your knowledge by your not doing anything at all different than 
you have ordinarily done. That is really tough to educate 
about. People, I think, are very vulnerable and you can educate 
them to do certain things, but there are limits to what we can 
do to educate people to protect themselves.
    I am wanting to know what kind of things we are doing with 
regard to identity theft and terrorism, the movement of 
terrorism money. We know that that has occurred. I really would 
like to ask Mr. Caddigan, could you talk to me a little bit 
about what the Secret Service is doing to put a check on 
identity theft or identity use in transferring terrorism's 
money?
    Mr. Caddigan. When we talk terrorism, the FBI has always 
taken the lead in the terrorism investigations. That includes 
the financial investigations. We are an active participant in 
their initiatives through their JTTFs across the country. So 
what we try to do is to bring our expertise to bear in the 
financial sector and apply them to ongoing initiatives that we 
have in tracking terrorism in our country. That may apply to 
passport fraud or counterfeit documents, to credit cards that 
were used to fund individuals that are staying here. It does 
run the gamut with regard to our own agency's initiatives. We 
do that under the umbrella of a joint initiative led by the 
FBI.
    Mrs. Kelly. Maybe you and I can explore that in a little 
less public venue, but I am very interested in what you are 
doing. This takes me to another level, and that is with 
anything that we do with regard to protecting people's identity 
and anything that you do with regard to helping share 
information so that people can have identity protections, that 
sharing of information steps into another field, and that is 
the privacy issue. I wonder if anyone on this panel would be 
willing to address the problems we are going to experience as 
we get deeper and deeper into the protections with regard to 
privacy.
    Mr. Beales?
    Mr. Beales. I think that one of the great successes of the 
Fair Credit Reporting Act is the way in which it balances those 
concerns, the tremendous benefits of information sharing in 
detecting and preventing and mitigating the consequences of bad 
credit and of identity theft, and at the same time protecting 
privacy. It does that by restricting uses to people who have a 
permissible purpose and by trying to assure that the 
information is accurate and that the consumer has a way to try 
to correct it if it is not. But I think privacy is an important 
component of it and is really sort of a key goal of the Fair 
Credit Reporting Act.
    Mrs. Kelly. Anyone else want to pick up on that? Thank you 
very much. My time is up.
    Thanks, Mr. Chairman.
    Chairman Bachus. Thank you.
    Mr. Hinojosa?
    Mr. Hinojosa. Thank you, Mr. Chairman.
    I want to ask a question of Mr. Beales. Did you answer the 
question about or the idea that was given by Mr. Sanders, 
providing consumers with a free credit report annually or 
biannually at their request?
    Mr. Beales. The Commission has not taken a position on 
that. I think that the consumers have credit reports at the 
time they are most likely to need it, at the time it is most 
beneficial, which is when they think there is fraud or when 
there has been an adverse action. But I think there is no doubt 
that more availability of credit reports would help in 
combating the problem.
    Mr. Hinojosa. I disagree that you would wait until you are 
applying for credit to buy a car a house or whatever, because 
all the testimony says that most consumers do not find out 
until about 14 months after the occurrence of that identity 
theft. So it seems to me that we are going to have to address 
that question and see what the costs would be and if it is 
feasible.
    I would like to ask Mr. Caddigan the question that I had on 
trying to give training to our officers out in the field. It 
seems to me it is time-consuming, but very important. The 
question is, do you know if the FBI or Secret Service agencies, 
are able to reach large numbers of officers in States like 
Texas and California?
    Mr. Caddigan. A program that is ongoing right now in the 
State of New York is a collaboration with all four partners at 
the table here today. We are able to reach across all law 
enforcement, to include the financial institutions, anybody 
that would have a need to provide assistance in the area of 
identity theft, whether it is criminal or victim assistance. 
The event today has several hundred officers there representing 
dozens and dozens of departments in New York. We think that by 
being able to provide a Federal, State and local perspective to 
the problem and solutions. We are not there just to identify a 
problem. We are there to provide you with skill sets in 
providing real solutions to your community or your constituency 
on how to deal with this epidemic.
    So when we can reach out to a victim and make them aware of 
what they need to do to safeguard themselves, not only from 
crime that has already occurred, but for future crime that 
potentially could occur, we feel that that force multiplier in 
the law enforcement community has a ripple effect that is a 
substantial benefit in this initiative.
    Mr. Hinojosa. I understand what you said, Mr. Caddigan. 
Possibly my question, then, should go to Chief Viverette. What 
I heard Caddigan say is that they were training the trainers, 
100 of them in New York. I am talking about reaching much 
larger numbers. Could it be done through, say, video 
conferencing? Could it be done through distance learning like 
the universities are doing now where you could have multiple 
sites listening to the presentation? If that is so, if it is 
possible, how do chiefs of police give release time to large 
numbers of officers so that they can be trained?
    Ms. Viverette. Sir, the CD-ROM that the Secret Service has 
put together is an excellent resource for local law 
enforcement. Most of us have training commissions at the State 
level that can require training. The CD-ROMs are perfect for 
roll-call training at the beginning of a shift. And generally 
what we are doing is making the patrol officer aware of what is 
out there, their resources. They will never have the time to do 
the follow-up. So we are training investigators at a higher 
level and the patrol officer is provided the resources to know 
where to go to follow up on their report.
    Mr. Hinojosa. I am concerned that the numbers of identity 
theft complaints are increasing rapidly, which means that there 
is insufficient dissemination of information and education to 
the public and those that help us. The chiefs of police and 
their officers are evidently not getting enough training or 
resources to get it done.
    So the last question that I would have, Mr. Chairman, is to 
Howard Beales. Do you support Mrs. Hooley's legislation on 
identity theft?
    Mr. Beales. The Commission has not taken a position on that 
legislation. I think there are a number of features in that 
legislation that are attractive, but the Commission has not at 
this point taken a position.
    Mr. Hinojosa. We are going to go into a debate on that 
proposal. I hope that all four agencies would take a good close 
look because we really need to stop this increase that is 
occurring and being reported, and it is going to be very 
important that we get the help of all four agencies.
    With that, Mr. Chairman, I yield back the rest of my time.
    Chairman Bachus. Thank you.
    The gentleman from Texas, Mr. Hensarling?
    Mr. Hensarling. Thank you, Mr. Chairman.
    I think one thing we can all agree on is that identity 
theft is a very serious and pervasive crime in the U.S. I 
myself at an earlier hearing announced that I had been 
victimized by identity theft prior to coming to Congress, when 
I was a small businessman and a former employee managed to open 
up a credit card in the name of my small business. When I 
discovered it, there was about a $22,000 tab on the credit card 
that had not been paid. Fortunately for me, with one telephone 
call and one letter, I was able to take care of the matter, so 
I can attest, at least in my case, occasionally the system does 
work.
    The question really for us today, though, as we look at the 
title of this hearing, is fighting identity theft, the role of 
FCRA. So really to cut to the chase, I am interested in the 
opinion of the panelists, is FCRA friend or foe? Besides the 
good that comes from FCRA, and we have heard some very 
persuasive testimony about how we in America enjoy the greatest 
availability of credit, the lowest-cost credit in the world, 
and that FCRA plays a very significant role in that. But the 
question today is, when it comes to identity theft, are we 
better off having a paradigm that gets us closer to a national 
standard of credit reporting with a central database, or are we 
better off with more of an individualized state patchwork 
system, just with the narrow question of combating identity 
theft?
    Mr. Beales, if we could start with you and receive your 
opinion on the matter.
    Mr. Beales. I think the uniform system and the safeguards 
of the Fair Credit Reporting Act do help to reduce the risk 
that credit bureaus and credit data are the source of identity 
theft. The fact that the data is centralized and largely in 
three large institutions I think facilitates efforts to protect 
the data and facilitates efforts to prevent unauthorized access 
and to control access, compared to lots of little databases in 
lots of different places.
    Mr. Hensarling. Mr. Mihalko?
    Mr. Mihalko. I think a national standard is a huge benefit 
for Federal law enforcement, if we only have to deal with one 
type of standard. It is also a big benefit for the mailing 
industry so that they only have to deal with one standard 
nationwide and do not have to deal with 50 different standards 
in their mailings across the borders.
    Mr. Hensarling. Mr. Caddigan?
    Mr. Caddigan. From a Federal law enforcement agency, any 
standard that eliminates confusion is best for us as we cross 
State lines in our investigations. The sharing of information 
with regard to verification check and balance is something that 
I think will show leads to a reduction in identity crimes. It 
provides earlier response to potential problems.
    Mr. Hensarling. Ms. Viverette?
    Ms. Viverette. Yes, sir. I agree with Mr. Caddigan. It is a 
situation where when we cross State lines, that is where as a 
patrol officer we have problems with the follow-up on the 
investigations. So his remarks are appropriate.
    Mr. Hensarling. We have heard advocacy about a proposal to 
ensure, I suppose, that all American citizens receive a free 
copy of their credit bureau reports. Mr. Beales, my guess is 
you are the expert on this subject, but I am under the 
impression that free reports are made available already today, 
for example, to the indigent, to those who have been denied 
credit, and to those who believe they have been a victim of 
identity theft. Is my understanding correct?
    Mr. Beales. There are free reports available to people who 
think they are victims of fraud. There are free reports 
available to the indigent and the unemployed. There are free 
reports available to anybody if there is an adverse action 
taken based on information in the report. Those are the 
circumstances and in some of those, I think, are the 
circumstances where the report is most valuable, but it could 
have value in other circumstances as well.
    Mr. Hensarling. My guess is no one on the panel is 
qualified to come up with a cost estimate of what that proposal 
would indeed cost the system. I am just curious what impact 
that might have on our credit availability and our credit costs 
should such a plan be enacted.
    I see my time is out, Mr. Chairman.
    Chairman Bachus. Thank you.
    Mrs. Hooley?
    Ms. Hooley. Thank you, Mr. Chair.
    I have a question for the entire panel, and I apologize for 
not being here the entire time, and hopefully you have not 
answered this question yet. One of the things we talk about 
when we look at identity theft is it is really composed of five 
pieces, and one of the pieces is prevention; it is education; 
it is how do you get through the process; it is how do you 
leave room for technology to help solve the problem. And the 
last piece, and a very important piece, is law enforcement.
    I have spent a lot of time talking to our law enforcement, 
and one of the problems of course is you don't have to stick a 
gun to somebody's head to steal their money now; you can just 
take their identity and steal their money. Because a gun is not 
used, frequently this crime sort of goes to the end of the list 
of everything else you are doing. What is the one thing we need 
to do in law enforcement that would help you prosecute the 
crime and what is the solution to this obstacle? Because the 
perpetrator knows that they are probably not going to be 
prosecuted; they know they are very good at going across city 
lines, county lines, State lines; they know how much they have 
to steal before it becomes a felony.
    I have known some local police officers who have arrested 
the same person over and over and over again and let them go 
because no one was willing to prosecute. What is the solution? 
What do we do? Do we need to make the laws tougher, the 
penalties larger? What do we need to do? And if each panel 
member would answer that question, I would appreciate it.
    Mr. Beales. I think one thing that would clearly help is 
the penalty enhancement legislation that I know has been 
introduced in the Senate and I believe has been introduced in 
the House as well. I think prosecutors look to the length of 
time that they can get by alleging a particular offense. I 
think that longer penalties and the change in the structure of 
penalties to make it more like the gun laws where there is an 
add-on if you steal an identity in committing another crime, it 
is an additional sentence added on to whatever sentence there 
is for the base offense. I think those are approaches that can 
make prosecutors more willing to prosecute the cases and then 
enhance deterrence.
    Ms. Hooley. Thank you.
    Mr. Mihalko. I think one of the things that would be most 
beneficial to us is an increase in probably the appropriations 
for the Justice Department to hire assistant U.S. attorneys to 
handle these types of prosecutions. What we have seen is that 
there are different U.S. attorneys offices that have different 
thresholds before they are going to accept identity theft cases 
for prosecution. It may be $70,000; it may be $100,000, which 
makes it less attractive to bring those cases because they are 
not going to be prosecuted. There are a lot of law enforcement 
resources devoted on the Federal, State and local level to 
investigating identity theft crimes.
    Ms. Hooley. Okay, thank you.
    Mr. Caddigan. I think we are on an upswing with regard to 
the enforcement and the prosecution. We have seen some 
enhancements. We have seen some legislative benefits recently. 
I also think we have seen a shift in the prioritization of 
these type of crimes in our U.S. attorneys's and district 
attorneys's offices. I have also seen where we have a better 
sharing relationship between the State and the Federal with 
regard to where the biggest bang, if you will, will come for 
prosecution, depending upon the magnitude, the loss and all the 
other factors that go into determining prosecution.
    So the enhancements that I think we have seen are starting 
to take effect and hopefully we will see that continue in the 
future.
    Ms. Hooley. Thank you.
    Ms. Viverette. Yes, ma'am, having identity theft as a 
specific crime has been helpful. Prior to having that in our 
State, it was underreported because it was reported as a theft 
and not identity crime.
    Ms. Hooley. Okay.
    Ms. Viverette. Enhance penalties I think would be important 
and also the addition of resources for officers to follow up on 
a crime. Right now, they often have the information, but they 
do not have the investigative resources to go out and make the 
arrest.
    Ms. Hooley. Thank you very much.
    Chairman Bachus. Thank you.
    Ms. Capito?
    Mrs. Capito. Yes, I have just two brief questions. For Mr. 
Caddigan, you testified that the method of identity theft that 
may be most difficult to prevent is theft by a collusive 
employee. What are some possible ways to combat such theft? And 
also in line with that, that many of the identity criminals use 
information obtained from companies or off of Web sites, and 
what can companies do to prevent such intrusions?
    Mr. Caddigan. The insider threat industry will tell you it 
is their number one concern, protecting not only their 
database, but their systems. Again, we believe in prevention; 
we believe in education. An initiative that we began about two 
years ago, not quite two years ago now, is an insider threat 
study. What it basically does is reach out starting with our 
investigative cases that involve such type of activity. They 
reach back out to the businesses and ask them to provide a 
little bit more information as to the prevention methods they 
use, the safeguards they use, and actually provide advice on 
how they can better themselves in that arena. That initiative 
is ongoing. It has reached across the country.
    We already see some impact with regard to information 
sharing within sectors, business sectors. We think that because 
not only the identity theft portion of criminal activity to the 
insider, proprietary issues, customer-based issues, there is a 
lot of need for protection in that arena. Again, not overnight, 
but I think the right steps are being taken to provide an 
awareness and also to give viable solutions in a security-
minded atmosphere on how you can better safeguard your material 
as a small, medium and large business. Those initiatives are 
ongoing.
    Mrs. Capito. Thank you. I just have one additional 
question, and this is for anybody who thinks they have an idea. 
I am curious to know the demographics of someone who could fall 
prey to identity theft. Is it someone who has the information 
on the Internet? Is it the elderly? Is it someone in big 
cities? Is it everywhere? Has it been categorized to a point? I 
am just curious to know what kind of statistics have been 
gathered, understanding that identity theft has just now been 
identified as a crime, or at least one that has been reported.
    Mr. Beales?
    Mr. Beales. In our complaint database, the victims look 
pretty much like the population at large. There are not very 
many children, but other than that, it pretty much mirrors the 
distribution of the population. There is no one group that is 
disproportionately affected. We have completed a random sample 
survey of identity theft that we hope to release within the 
next few weeks that will give us a more comprehensive picture 
of the level of identity theft and also of the nature of who is 
victimized, but what we see in our complaint data is it just 
looks like the population at large.
    Mrs. Capito. Any other comments?
    Mr. Caddigan. From the enforcement perspective, we rely on 
the FTC data and we find it to be consistent with our casework. 
The vulnerabilities are again from the simple trash theft to 
you dealt with a business on the Internet that was the 
unfortunate victim of a hacking. It funs the full gamut. No one 
is particularly targeted.
    Mrs. Capito. What would be the average time that someone 
would realize that their identity has been stolen? Would I find 
out in a month, in a week?
    Mr. Beales. In our complaint data, 48 percent find it out 
within a month, and an additional number find it out within 1 
to 6 months. Within a year, it is 78 percent find it out within 
a year.
    Mrs. Capito. I have no further questions. Thank you.
    Chairman Bachus. My first question may be just to follow on 
that, Mr. Beales, the postal agent testified that it was an 
average of 14 months to discover?
    Mr. Mihalko. Right. It is about 14 months according to our 
data before it is discovered, before a victim discovers that 
they have been a victim of identity theft.
    Chairman Bachus. I am not sure how we square that with Mr. 
Beales's testimony just moments ago. Are there a significant 
number that are taking 12 to 14 months to discover, Mr. Beales? 
What about Mr. Mihalko's testimony?
    Mr. Beales. There certainly are some that take that long, 
and I don't know the statistical basis for that. What we see in 
our complaints, and it is just our complaints, is what I 
reported. Now, I just don't know, in terms of what, it is about 
7 percent that take between one and two years and another 8 
percent that take between 2 and 4 years to discover it, and 
then there is a tail of about 5 percent where it takes more 
than 5 years before it is discovered. So there are some cases 
that are out there in terms of it taking a long time, but most 
people find out quickly in our complaint data.
    Chairman Bachus. Okay. I will end the questioning with this 
question to you, Mr. Beales. FTC Chairman Muris has testified 
that you are considering different proposals to combat identity 
theft. You testified at this hearing and previous hearings that 
you are working on proposals to combat it or additional 
proposals. This committee anticipates marking up FTC 
reauthorization next month, at least that is what is 
anticipated at this time. Will the FTC have any formal 
proposals to make to this committee that can be incorporated in 
legislation this month?
    Mr. Beales. We would hope to not be too late, and whether 
we are too late or not, we are of course willing to offer 
whatever technical assistance we can in your effort.
    Chairman Bachus. It would be extremely helpful if the 
Federal agency that is charged with oversight and investigation 
and coming up with remedies could offer us some formal 
proposals prior to reauthorization.
    Mr. Beales. We understand that and we will do our best.
    Chairman Bachus. Thank you.
    This concludes the testimony of the first panel. The first 
panel is discharged and we will go immediately to consideration 
of the second panel. I appreciate your testimony and you are 
discharged.
    The second panel is made up of two victims of identity 
theft. While they are making their way to the witness table, I 
might simply say that whether you go by the FTC testimony of 
basically 125,000 victims of identity theft each year, or you 
go by the Justice Department records which indicate as many as 
500,000 victims of identity theft, we do know that those are 
both significant numbers. We know that as many as 500,000 
reported cases and we know that for each of those cases there 
is an emotional and financial toll on the victims.
    In this second panel, we will actually hear from two of 
these victims, which in the one regard will be representing a 
much larger group of millions of American citizens each year 
who find themselves the victims of identity fraud. I want to 
welcome our second panel. Our two witnesses, Ms. Maureen 
Mitchell of Madison, Ohio, formerly of Queens, New York, is 
that right?
    Ms. Mitchell. That is correct, Mr. Chairman.
    Chairman Bachus. That is correct, thank you. And also 
Commander Frank Mellott, a U.S. Navy victim of identity theft. 
You are also here testifying on behalf of the Identity Theft 
Resource Center.
    Commander Mellott. Yes, sir, I am, but principally on my 
own.
    Chairman Bachus. Would you tell this committee what 
actually the Identity Theft Resource Center is?
    Commander Mellott. The Identity Theft Resource Center is a 
victim advocacy group and counseling assistance for victims of 
identity theft. I am the military assistance coordinator and 
also the mid-Atlantic-Virginia area regional coordinator. I see 
primarily cases that involve active-duty, retired or reserve 
members who are dealing with some of the unique aspects when a 
military member is a victim.
    Chairman Bachus. I think Mr. Sanders testified that it is a 
horrendous crime, but it is particularly deplorable or 
despicable when the victims of identity theft are members of 
the military serving overseas in defense of our country. It is 
totally reprehensible that someone would do such a thing to our 
men and women in uniform. So we welcome your testimony here 
today.
    Also, Ms. Mitchell, I have read your testimony and it has 
truly been a nightmare for you, just almost inconceivable that 
someone has to go through what you have gone through. At this 
time, if you will lead off the testimony.

   STATEMENT OF MAUREEN V. MITCHELL, MADISON, OH, VICTIM OF 
                         IDENTITY THEFT

    Ms. Mitchell. Thank you, Mr. Chairman.
    It is a pleasure and a privilege to be here and I want to 
express particular appreciation to Congressman LaTourette and 
Congresswoman Hooley for their efforts and the committee's 
efforts. And I wanted to say just a personal hello to 
Congressman Crowley. Joe Crowley and I grew up together in 
Woodside, New York.
    We have been the victims of identity theft and we were not 
only victims once, we were victims twice. We are a typical 
middle-class family. We do not have extraordinary assets and we 
had always taken the normal consumer protections that we are 
all advised to take to safeguard our information. We shred our 
outgoing trash. We were never robbed. We were never 
burglarized. We never lost our credit cards, and we had checked 
our credit report in March of 1999 to ensure its accuracy.
    Yet in September of 1999, we received a phone call from our 
KeyBank MasterCard service provider questioning an unusual 
pattern of activity on our credit card. We were very fortunate 
that they noticed that unusual level of activity. It turns out 
that that was the start of our identity theft nightmare when we 
learned that fraudulent purchases had been made, mail-order 
purchases by criminals who did not have our credit cards in 
their possession because we had not lost ours, but they had 
obtained our credit card number. We do not throw out our credit 
card receipts intact. And in the days when we all had carbons 
on our credit cards, when we used them, we obtained the carbons 
and used to rip them up. We are extremely conscientious about 
safeguarding our information.
    We did not bank on the Internet. We did not order 
merchandise via the Internet. We did not use an Internet 
program to balance our checkbook. And we found ourselves 
victims of this. Unfortunately for us in September of 1999 when 
our MasterCard account number was compromised, our bank closed 
our credit card account number and told us we would not be 
responsible for the fraudulent charges. However, they did not 
suggest that we put fraud alerts on our credit reports, and 
they left making out a police report to our option. I did make 
out a police report because if was a few thousand dollars worth 
of charges that were made using our credit.
    In November 1999, 2 months later, we received a phone call 
from a J.C. Penney credit representative from New Mexico. We 
have been residents of Ohio since 1978, finding out that 
criminals in Illinois, and it was in Illinois that the 
fraudulent mail order charges were made also, had used my 
husband's name and Social Security number to obtain a line of 
credit at the J.C. Penney store in Illinois. It was the J.C. 
Penney's representative who suggested we put fraud alerts on 
our credit reports, which I did immediately on November 15.
    When I contacted Trans Union, Experian and Equifax, the 
three major reporting bureaus, I was dismayed to learn that 
there had been over 25 inquiries into our credit during that 2-
month period of time between the initial credit card account 
number being compromised and the phone call from J.C. Penney's, 
and criminals had changed our address six times. I did place 
the fraud alerts on our credit report and I also put 7-year 
consumer statements, and it took me over 400 hours of time to 
dispute 30 fraudulent accounts that criminals had opened in our 
names out of State. There had not been 30 inquiries into our 
credit in the entire 20 some-odd years my husband and I had 
been married at that point, yet 30 inquiries into our credit in 
a 2-month period of time did not send up red flags to anybody 
at the credit reporting agencies. I think that needs to be 
addressed.
    Four hundred hours, hundreds and hundreds of pages of 
documentation were required by us. I found the information from 
the Federal Trade Commission's identity theft clearinghouse to 
be helpful to me. Kathleen Lund from the Federal Trade 
Commission was the identity theft counselor whom I had spoken 
to, and she did offer me some guidance and assistance and some 
emotional support. I also put that in the testimony, because as 
a victim of identity theft, your life is spinning out of 
control and we never were able to ascertain our point of 
compromise. I did meet with our Congressman Steve LaTourette, 
and it was through his intervention that we were able to be in 
touch with the FBI. We ultimately wound up with the United 
States Secret Service, the United States Postal Inspectors, the 
Office of the Inspector General of the Social Security 
Administration, and the FBI, plus our local police department 
as the investigating authorities.
    Criminals in Illinois did a $150,000 worth of new credit 
applications in our names. We had previously had an impeccable 
credit report. Our FICO scores were in the low 800s; $150,000; 
30 different accounts. They bought a Ford Expedition. They 
bought a Lincoln Navigator. Neither of those vehicles were 
sitting in my driveway. And two months after the criminals 
purchased the Ford Expedition, they torched that vehicle, filed 
a fraudulent insurance claim in my husband's name, and then we 
had to deal with the National Insurance Crime Fraud Bureau 
because there was a fraudulent insurance claim filed.
    We did get good cooperation from our local police 
department in Madison, Ohio. As a matter of fact, my husband 
and I and both of our adult children are carrying a notarized 
letter from our police chief in our wallets at all times saying 
that we are the victims of these crimes and not the criminals, 
because if we get pulled over for some innocuous traffic 
violation, we can find out that there are warrants under our 
Social Security numbers that we know nothing of.
    Two years after the criminals initially victimized us, and 
it was 2 years of fighting our way, it is a task made for 
Hercules that requires the wisdom of Solomon, as a victim of 
identity theft, to fight your way through the system. Two years 
afterwards, with the security protocols in place, and I had 
insisted upon security protocols on our bank accounts, we were 
making a purchase of a small home for both of our adult 
children who are students to live in while they were attending 
medical school and college. The fraudulent purchase of the Ford 
Expedition, the one that the criminals torched and filed the 
fraudulent claim on, showed up on my husband's credit report as 
we applied for the mortgage, lowered my husband's FICO credit 
score by 118 points, and we were almost denied the loan for the 
mortgage that we were legitimately applying for.
    My girlfriend Cathy said to me, ``You know, Maureen, you 
just should have had the criminals apply for the mortgage. They 
would have gotten it with no problem.'' And there may be some 
truth to that statement. We again had that remedied. This 
account had bounced back onto my husband's credit report. They 
knew it was a fraudulent account, yet it reappeared.
    In October of 2001, we received at home a very alarming 
phone call from an intercity branch of our bank asking whether 
we were having trouble with our bank accounts. I had placed 
security protocols on our bank accounts. I had insisted upon 
them. Photo ID and password, and the password was not mother's 
maiden name or anything else that would be available on a 
genealogical Web site. Photo ID and password required on our 
bank accounts, and our local branch of KeyBank, and they have 
known us for 20 years, insisted that we use those protocols 
every time we banked, and we insisted upon it also. Yet when I 
received this phone call on October 30, criminals had made four 
fraudulent withdrawals from our personal bank accounts. It was 
upon the attempt of the fifth fraudulent withdrawal that we 
were finally notified. Criminals removed $34,006.50 from our 
bank accounts in spite of the fact that photo ID and password 
was required on these accounts.
    We had an arrest made in the State of Illinois, Lansing, 
Illinois as a matter of fact. The criminal there was 
prosecuted. He was sentenced to three years in the Illinois 
Department of Corrections in 1999 when he was arrested. He 
served less than a year. We currently have a case pending in 
Cuyahoga County, Ohio. The criminal who made the KeyBank 
fraudulent withdrawals a week after I received the phone call 
was attempting to make a $5,000 credit application using my 
name at the Circuit City store in North Randall, Ohio. When the 
Illinois crimes were occurring, there were criminals 
impostoring my husband. When the Ohio crimes were occurring, 
there were criminals impostoring me.
    She was eventually apprehended at the Circuit City store 
because the fraud alerts on our credit reports did indeed work. 
Why the security protocols on our bank accounts did not work 
still remains to be answered. One of the hardest things in 
being a victim of identity theft is that you are repeatedly 
subject to having your integrity and character questioned. You 
are perceived as the criminal and the scales of justice are 
tipped in the wrong direction in this regard. The criminal is 
assumed innocent until proven guilty, but the victim of 
identity theft is assumed guilty until you prove your 
innocence.
    We started to receive phone calls from collection 
specialists at our home, wanting to know why we were late for 
the payments on our Lincoln Navigator and our Ford Expedition, 
the vehicles that we had not purchased. It amazed me that the 
collection specialist could find the real Ray and Maureen 
Mitchell when they wanted their money. Too bad nobody bothered 
to find the real Ray and Maureen Mitchell before they loaned 
out that money. There are protocols that should work when they 
are in place. No system is perfect. Our protocols should not 
have failed. They did. We had to re-work our way through the 
system. And when the criminal impostor of me was arrested at 
Circuit City in North Randall, Ohio, she was found to have an 
Ohio DMV-issued photo identification card that contained her 
picture but all of my information.
    And when that criminal had obtained that photo ID card, my 
driver's license was automatically suspended in the State of 
Ohio because it is illegal to have a driver's license and a 
State-issued photo ID card. So as a result of that impostor's 
activities, our bank accounts were frozen on October 30, 2001 
and I had a suspended driver's license. I am a registered 
nurse. I am a licensed realtor. We are entitled to have access 
to our own monies and we are entitled to safeguard our personal 
licenses. I was scared to death that my real estate or my 
nursing license would be impacted by criminals because they had 
already impacted my driver's license.
    Our lives were turned upside down for 4 years because of 
identity theft, and the only risk factor that we had of 
becoming victims of this crime was that we had an impeccably 
good credit report. The demographics, as we heard in previous 
testimony, will show that this crime does affect all people. 
But if you do not have credit-worthiness, you are not sought 
out as a victim because it does not serve the purpose of the 
criminals.
    Words cannot begin to describe what this has been like for 
us. We have fought our way through this tooth and nail. We have 
received help from Congressman LaTourette. I had the privilege 
of testifying in a Senate subcommittee at the request of 
Senator Kyl. We have received help from the Federal Trade 
Commission. This is a national epidemic and it has to be 
stopped. Billions of dollars a year are being lost because of 
identity theft crimes and credit fraud. The impact that it has 
on victims' lives is unbelievable. Your credit score does not 
only reflect your loan worthiness. It also reflects to many 
entities, insurance industries, employers, et cetera, they 
equate that number with your good character. To have criminals 
assail that is unacceptable and incomprehensible.
    I would encourage all of you to please read my full written 
testimony. I do realize it is lengthy. Believe me, I compressed 
four years of details into those pages. I will be happy to 
answer any questions and I again thank you for the privilege of 
having testified.
    [The prepared statement of Maureen V. Mitchell can be found 
on page 177 in the appendix.]
    Chairman Bachus. Thank you, Ms. Mitchell.
    Commander Mellott?

   STATEMENT OF COMMANDER FRANK MELLOTT, UNITED STATES NAVY, 
   VICTIM OF IDENTITY THEFT, ON BEHALF OF THE IDENTITY THEFT 
                        RESOURCE CENTER

    Commander Mellott. Yes, sir, Mr. Chairman, Ranking Member 
and other members of the committee, thank you very much for the 
opportunity to testify today. The views and opinions I express 
today are my own and do not necessarily represent the 
Department of Defense or the Navy.
    I am here because I am a victim of identity theft, but I am 
also here because I am a victim of what I would call a blunder 
by the credit reporting industry. My ordeal began back in the 
summer of 2001 when my wife walked in from the mailbox carrying 
a letter from the Department of Treasury. That letter said that 
my $5,000 tax refund, along with all Federal payments, was 
diverted to California to pay back child support. Now, my 
paycheck is a Federal payment so I was a little concerned that 
in less than two weeks I had zero income.
    However, the more I thought about it, I became even more 
concerned with the long-term consequences. As a military 
member, particularly as an officer working in the field in 
which I do, a security clearance is an essential component to 
my ability to function. My security clearance can be affected 
almost instantly by my credit history. If I lose my security 
clearance, I am unable to do my job. I am unable to compete 
with peers for promotion. I am unable to compete for milestone 
positions such as command of a unit or a squadron, and 
fundamentally it affects my ability to support my family in my 
chosen vocation, service to the country.
    This all began in calendar year 2000 when my half-brother 
used my Social Security number and only my Social Security 
number on W-2 forms he filed with the Breckenridge Group and 
with Pep Boys in California. Now, I cannot say whether either 
of those companies verified identity documents when they hired 
him, but I would suspect that they did not.
    In the end, California found out that he was working again 
by name, and since he owed about $75,000 in back child support, 
they sent his data off to the Federal agencies for collection. 
Unfortunately, the data they pulled was the data he supplied, 
my Social Security number, and the next thing you know I got 
the letter.
    So unfortunately, I am staring this letter in the face. 
Instead of spending a summer leave period enjoying some time 
catching up with my two sons after nearly six years of straight 
sea duty, I am spending it fighting jurisdictional issues. I 
have got three police agencies all going like this when I tried 
to file a police report. I am spending hours and hours either 
writing letters or on the phones with credit reporting agencies 
trying to track the source of these problems and then get them 
resolved. I am trying to keep my security clearance folks 
flooded with information so that I do not lose my security 
clearance, because quite honestly it is much easier to take one 
away than it is to get it restored. Once it is gone, it is very 
difficult.
    Of course, I am working with the IRS to try and resolve 
about $10,000 of income that was reported against my Social 
Security number that I did not claim. Unfortunately, in 
February 2002 the problems continued. I had already started the 
cleanup effort so I had placed fraud alerts with the three 
credit reporting agencies. Unfortunately, my brother was still 
able to go out and get cellular phone service with AT&T 
Wireless in spite of those alerts, but that was not the end of 
it. The worst happened when Experian merged my credit file with 
that of the criminal, my brother's. So now instead of having 
one or two bad entries in my credit file from which I am trying 
to correct, I now have 30 or more. I have incorrect addresses, 
incorrect employers. I have two aliases. I have alternate uses 
of my Social Security number, a host of collection actions, 
even listing his wife as mine. Any single one of those could 
have had a severe and adverse affect on my ability to function 
as a naval officer by removing my security clearance.
    I found the credit industry is unfortunately not quite as 
responsive as I would hope. As a military member with frequent 
moves I was very concerned about having specific language put 
in the fraud alert. So I sent all three of them a certified 
return receipt letter asking them to incorporate specific 
language. Not a single one of them incorporated that language. 
Not a single one of them even bothered to reply.
    Now, as bad as this sounds for me that the identity theft 
tarnished my image, the blunder by the industry could have done 
the same thing. Although my case has been largely resolved, as 
an officer responsible for the welfare of my troops I am very 
concerned about how this affects the 19-year-old soldiers, 
sailors, airmen, Coast Guardsmen and Marines serving around the 
world right now. This problem is virtually impossible to clear 
up unless you are right there. It is hard enough right here 
fighting the jurisdictional issues military members face when 
oftentimes three or more States are involved.
    But fundamentally, our nation is at war and our military 
members can be deployed anywhere in the world at a moment's 
notice. We have heard this morning that it can take months for 
people to find out they are victims of a crime or a mistake and 
we have heard how it can take a substantially longer period of 
time to correct that. How do we expect that young soldier to be 
doing that from the streets of Baghdad at night? How do we 
expect him to spend that 175 hours or the $1,400 in estimated 
out-of-pocket costs to correct problems or mistakes?
    I encourage this committee to take any action they can to 
improve accountability. Obviously, I have some opinions. I 
think there needs to be some increased accountability for the 
accuracy of data. I think there needs to be some specific 
measures targeted to protect military members on active duty. I 
think the committee needs to take a good look at some of the 
critical nodes in the credit reporting and credit-issuing 
arena.
    I do have to thank Congresswoman Loretta Sanchez for her 
efforts to assist me in my case, as well as specific thanks to 
Special Agent Chris Behe of the Navy Criminal Investigative 
Service who was the first officer to take a police report which 
subsequently opened doors and led to a prosecution.
    Sir, I have completed my statement and I stand by to answer 
any questions you may have.
    [The prepared statement of Frank Mellot can be found on 
page 161 in the appendix.]
    Chairman Bachus. Commander, did your brother ever go to 
jail? Was he ever prosecuted?
    Commander Mellott. Yes, sir. The Navy criminal 
investigative report I was able to forward to California and 
then they were able to take action on it. They arrested him. 
Unfortunately, he had been arrested and appeared in court once 
before I was even notified, and found out that his final 
hearing was going to take place the next morning, so I spent 
the better part of a day putting together a victim impact 
statement. He was awarded a 3-year suspended sentence on two 
felony counts for falsely providing information on the W-2 
forms. He spent 120 days in jail and he is out on supervised 
probation.
    Chairman Bachus. Has he stopped doing it?
    Commander Mellott. At this point, he has, although, sir, I 
continue to see lingering effects from it. About 4 or 5 months 
ago I got a letter addressed to his wife at my address about a 
$5,000 bill that was outstanding.
    Chairman Bachus. You have never not been to California 
during this period of time, is that right?
    Commander Mellott. I can't say for sure during the period. 
I most certainly visited at least once. I am a legal resident 
of California, but I was stationed in the State of Washington 
and then in Rhode Island before being transferred to Virginia 
where I am at now.
    Chairman Bachus. So after you reported what was going on 
and then you would get your credit reports, there was nothing 
on those credit reports to indicate that there was a problem, 
right?
    Commander Mellott. When the initial letter came from 
Department of Treasury, by the end of the week I was able to 
establish that it legitimately was not me they were looking 
for. About a week later, I got the credit reports and then what 
I found on those credit reports was that it had started much 
earlier. He had applied for cable TV service in the State of 
New York with Time-Warner Cable. When he defaulted on the bill, 
it was reported as a collection action against me. At that 
point, that was the only thing that showed up on my credit 
report. It was not until the merging of the two files by, as 
Experian said, the computer did it, that I encountered a 
substantial problem with inaccuracies.
    Chairman Bachus. When you wrote to the credit reporting 
agencies and you said, ``here is what is going on,'' subsequent 
to that, did you obtain your credit report? You said that none 
of them listed this information?
    Commander Mellott. I would have to look back in my records, 
sir, to make sure I quote the exact company that had it. Of the 
three credit reporting agencies, there was only one that 
reflected the outstanding Time-Warner bill. Subsequent to that 
was when the data files were merged. That is when the 
information in those files in my credit report was 
substantially incorrect. It has been months trying to get that 
cleared up.
    Chairman Bachus. Yes, but I am not sure you are following.
    Commander Mellott. Yes, sir?
    Chairman Bachus. When you wrote to the three credit 
reporting agencies and you said, ``my brother is engaged in 
this activity, this is the problem,'' what I am saying is 
subsequent to that, you said they refused to take any action?
    Commander Mellott. Yes, sir.
    Chairman Bachus. They did not put your letter in the credit 
report, or there is no mechanism?
    Commander Mellott. What I did, sir, was I was concerned 
because as a military member I move fairly frequently. It is 
often difficult for credit agencies to keep the information 
current because I move so often. So what I wanted to do was to 
try and find a way to, much like Mrs. Mitchell here, provide a 
much more secure method before somebody issues credit to 
someone who may be trying to do it in my name.
    Chairman Bachus. Right.
    Commander Mellott. So I sent a letter that was 
substantially the same letter to all three asking them to 
include specific language on the fraud alert. What I wanted 
somebody to do was that if anybody tried to apply for credit in 
my name, that they had to cite a photocopy at a minimum, but 
certainly a military identification card, for a couple of 
reasons. One, that assists me with jurisdictional issues if it 
happens, because now it is impersonating an active duty member, 
but also it is a photo ID that has the information on it. Not a 
single one of them did that. They did not put that language 
into the permanent fraud alert. They put their standard 
language on, which of course refers them to the phone number 
and address that I have on record that, well I am sorry, three 
moves in a year make it very difficult for that to keep up. I 
recognized that the standard alert was not going to suit the 
bill, asked them to put something specific on, and they ignored 
it.
    Chairman Bachus. Okay. Thank you.
    Mr. LaTourette?
    Mr. LaTourette. Thank you, Mr. Chairman.
    Both of you talked about jurisdictional things, and I can 
remember, Maureen, when you were dealing with the criminals in 
Illinois, I used to be a county prosecutor and I tend to think 
that States should principally deal with criminal matters and 
only in extraordinary circumstances call for the Federalization 
of crimes. But it was my recollection that what was described 
by the first panel was existence in the different jurisdictions 
and they had different thresholds. I don't remember if it was 
$50,000 or $100,000, but they said they were really not going 
to take a look at your case at the Federal level unless you 
reach $100,000. As a result in Illinois, if I remember 
correctly, they were treated with what in Ohio would be fourth 
degree felonies that carry maybe a year and a half in prison, 
and typically are probationable offenses where people get out.
    So I think both of your stories are reasons why the 
majority of the members of this committee have become convinced 
that this is a national problem that needs to be addressed 
nationally and can't be left to the devices or the different 
States, for the reason in your case, well in both of your 
cases, you lived in one State and the crimes were taking place 
in different States.
    Maureen, I again want to thank you for coming. You came on 
your own dime from Ohio and I appreciate that. I would think 
that, and I know, sort of like a softball question, I know that 
your experience has probably given you the ability and the time 
to think up a long list of suggestions that the government 
could do to help people that find themselves in the same 
position as you and Ray found yourselves in. Would you want to 
share a few of those with us?
    Ms. Mitchell. Thank you, Congressman LaTourette. Yes, I 
would.
    I cannot stress enough to the committee that we had zero 
risk factors of this happening to us. However, that is not the 
case for most consumers. So the truncation of the credit card 
numbers on credit card receipts is indeed important. I recently 
saw a receipt for a Discover card purchase that our daughter 
had made using her account. It not only contained her Discover 
card account number, it also contained her name. If that 
receipt were inadvertently placed in the trash and a criminal 
were to obtain it, they would have all of the information that 
they needed from one careless disposal of a credit card receipt 
to start committing crimes.
    I do think that there needs to be a free annual consumer 
credit report available to any consumer that requests it. We 
had looked at our consumer credit reports in March of 1999. It 
was a fluke that we did that because we were putting a mortgage 
on a property, so I had the lender send me a copy of it. If I 
were not putting a mortgage on a property, I would never have 
requested that. An annual review of the credit reports by the 
consumer is good for two different reasons. One, many victims 
of identity theft are often unaware that they are victims and 
may be unaware of it for years until the next time they apply 
for credit. Consumer credit reports are also, if you are 
unfamiliar with reading them, somewhat of a challenge to 
decipher at first. So it would also give the American consumer 
an opportunity to familiarize themselves with the verbiage in 
the consumer credit report so that as they familiarize 
themselves with it, they would more easily recognize in the 
future if something were indeed wrong. So those would be two 
things that I would strongly suggest.
    Mr. LaTourette. I think that, and some of those point to 
the need to hand over the credit report, but some of those 
things put the burden on the customer, the consumer. The 
legislation that Mrs. Hooley and I have worked up also shifts 
the burden to those who extend credit a little bit. It seems to 
me that most of us here, you are not only a nurse, but you are 
a realtor, most of us and most of the people of our 
acquaintance probably do not move six or seven times within the 
course of a year. It seems to me that those who are in a 
position to extend credit, and come across a credit file where 
there are people moving from Ohio to California to Illinois and 
to Texas during a 12-or an 18-month period, perhaps a burden 
should be placed upon them as well to say maybe this is 
something that is not quite right. I would assume that is 
something that you would think would be a good idea as well.
    Ms. Mitchell. I absolutely agree with you, Congressman. 
Anything that does not match the consumer record of file on the 
credit report when a new application of credit is filed should 
serve as a red flag, not requiring necessarily denial of 
credit, but requiring further investigation into the legitimacy 
of that application before credit is indeed granted. We have 
resided at the same address for well over 20 years. Yet as a 
result of criminals in Illinois, and we were victimized by an 
organized identity theft ring, as a result of the criminals in 
Illinois we now showed six address changes on our credit 
reports within a two-month period of time. We had lived at the 
same address stable for 20 years. We did not hopscotch from 
house to house six times in 2 months in Illinois.
    Mr. LaTourette. Right. I think when we were talking a 
couple of years ago, the notion, and to the commander, you as 
well with the experience with your half-brother, there is a 
thought that the prison sentences for people convicted of this 
crime ought to be enhanced and increased from again typically 
based upon the amount of money that is stolen, and if you are 
in a variety of different jurisdictions you can steal a little 
bit of money here, a little bit of money there, and in the 
aggregate it turns out to be a lot, but under the State penal 
code it may affect the classification of crime. So commander 
first with you, would you like to see legislation that 
increased the available penalties for people who engage in this 
activity?
    Commander Mellott. Sir, absolutely. To Mrs. Mitchell's 
recommendations and personally, I would also like to see a 
mandatory observation of fraud alerts. I think if companies 
were held accountable for not observing a fraud alert that was 
on an account, then they would be a lot more careful about 
issuing credit to people who quite honestly are doing it 
fraudulently.
    Mr. LaTourette. And Maureen, is that something you wish we 
would consider as well, that is the increased criminal 
penalties, lock them up longer?
    Ms. Mitchell. Absolutely. The criminal who was prosecuted 
in the State of Illinois, who was apprehended impostoring my 
husband, was eventually sentenced to 3 years in the Illinois 
Department of Correction. He would have received probation, in 
my opinion, had we not been assertive consumers willing to 
prosecute and had not Congressman LaTourette's office 
intervened in that. The damages that were done to us were 
extensive. He was one of many, but if these criminals are able 
to commit these crimes and count on probation instead of 
incarceration, we are not offering any deterrent for these 
crimes to continue. They need to be held accountable.
    I would like to add, too, that some of the merchants also 
need to be held accountable. When the criminals purchased the 
Ford Expedition in my husband's name, there were six glaringly 
obvious errors on that credit application. Our name was even 
misspelled. They put down 3-0-0 as the area code to verify 
their place of employment. You don't really need to be an 
Einstein to know that 3-0-0 is not a valid area code in the 
continental United States. Yet they received approval for a 
$40,000 purchase on a vehicle. The merchants need to be held 
accountable. Good business practices, common sense and due 
diligence need to be used at all steps of the lending process 
to ensure that the monies are indeed being loaned to the real 
individual.
    Mr. LaTourette. Thank you very much.
    Thank you, Mr. Chairman.
    Chairman Bachus. Thank you.
    We have no further questions for Ms. Mitchell or Mr. 
Mellott.
    Ms. Mitchell, one thing, you said they misspelled your 
name?
    Ms. Mitchell. Yes, they did.
    Chairman Bachus. Is that the name ``Mitchell'' you mean?
    Ms. Mitchell. Yes, they did.
    Chairman Bachus. Okay.
    Ms. Mitchell. Yes, they did. And it was not only misspelled 
on the application filed by the criminal, it was also 
misspelled on the facts from the lender granting the car 
dealership the loan approval. The only thing that matched us on 
that application was my husband's Social Security number. The 
Social Security number and the State driver's licenses have 
become the de facto form of identification in the United 
States. Safeguards need to be in place to ensure that those 
numbers safeguard the real individuals from having their 
identities compromised.
    Chairman Bachus. Thank you.
    Have you put a financial cost estimate on what this cost 
you?
    Ms. Mitchell. I can tell you that the criminals 
fraudulently applied for $150,000 worth of lines of credit in 
1999 in the Illinois area in our names. In 2001, they removed 
$34,000 from our bank accounts. Those monies were eventually 
restored with interest. We had our bank accounts frozen. It was 
extraordinarily embarrassing. Out-of-pocket financial expenses 
for us are in the $2,000 to $3,000 price range, the nearest 
estimates that I could give. It is countless hours lost in 
time, sleepless nights, and sprouting gray hairs. The blood, 
sweat and tears that went into trying to resolve our identity 
theft victimization, it is indescribable to try and put that 
into words. But it was a few thousand dollars out of pocket 
expense and over 500 hours of time, very dedicated time, and 
hundreds of pages of documentation.
    Fortunately now, and I think it was a direct result of a 
Senate subcommittee testimony that Senator Kyl chaired, the FTC 
now does have the uniform victim reporting identity theft 
affidavit, so future identity theft victims will not have reams 
of paperwork, because our experience was that the individual 
merchants all required individual protocols. That is no longer 
the case. It is still a daunting task for the victim of 
identity theft to try and have their credit restored, and I am 
not sure that it is ever restored fully.
    Chairman Bachus. Thank you.
    Commander, do you have any last remarks?
    Commander Mellott. No, sir. Thank you for inviting me. 
Anything I can do to help, I am standing by.
    Chairman Bachus. Thank you. We appreciate your assistance 
to the committee and your testimony in sharing your 
experiences. We appreciate your testimony.
    At this time, you all are discharged and we will request 
that our third panel make their way to the witness table.
    Mr. Tiberi. [Presiding.] I thank the panelists from our 
third panel for being here today. I will quickly introduce the 
panel, and then we can begin.
    Starting from my far left, Ms. Amy Hanson, President of the 
FACS Group, a subsidiary of Federated Department Stores; Mr. 
Jim Kallstrom, Senior Executive Vice President, MBNA America 
Bank; Joshua Peirez, Senior Vice President and Assistant 
General Counsel, MasterCard International; Ms. Janell Mayo 
Duncan, Legislative and Regulatory Counsel, Consumers Union; 
Mr. Joseph Ansanelli, CEO of Vontu; and last but not least, Mr. 
Lee Lundy, Vice President, Consumer Services, Experian.
    Good. Thank you all for coming. We will begin with Ms. 
Hanson. I remind everybody that you will see a clock that will 
eventually turn red in five minutes. At that point, if you 
could sum up your remarks and you will be able to submit your 
written testimony as well.
    Ms. Hanson, the floor is yours.

 STATEMENT OF AMY HANSON, PRESIDENT, FINANCIAL, ADMINISTRATIVE 
 CREDIT SERVICES, INC., (FACS GROUP) ON BEHALF OF THE NATIONAL 
                       RETAIL FEDERATION

    Ms. Hanson. Thank you. Good afternoon. My name is Amy 
Hanson. I am President of the FACS Group, which provides credit 
and other administrative services for Federated Department 
Stores and its affiliated bank. I am testifying today on behalf 
of the National Retail Federation.
    I would like to thank Chairman Bachus for providing me with 
the opportunity to testify before the House Financial 
Institutions Subcommittee about the growing problem of identity 
theft and the steps that Federated is taking to protect our 
customers and reduce losses from these crimes.
    By way of background, Federated is comprised of seven 
merchant nameplates, Macy's, Bloomingdale's, Burdine's, Rich's, 
Lazarus, Goldsmith's and the Bon Marche. We issue our 
proprietary credit cards under these names through our 
affiliated bank. In fiscal year 2000, Federated reached a peak 
for identity theft-related losses with 5,678 cases representing 
a total expense of just under $8 million. In the past two 
years, we have experienced a decline of approximately 33 
percent in the number of identity theft cases and recognized a 
$3.2 million reduction in expense. In the last six months, we 
have seen a 41 percent improvement in ID theft cases compared 
to last year. We feel strongly we are making progress in our 
efforts to protect our customers due to our ability to optimize 
technology and information, both of which are critical in this 
fight.
    Identity theft can occur in two basic ways in our stores: 
through an application for a proprietary account or through a 
takeover of an existing credit card account. Over the last 
several years, we have continued to add additional verification 
steps to our internal processes to prevent identity theft. This 
issue is of paramount importance to us because after all, these 
are our customers who expect both a high level of personalized 
service and personal security in our stores.
    Instant credit represents about 93 percent of all new 
accounts opened by customers at Federated. This process takes 
place at point of sale and relies on a highly automated and 
relatively quick procedure to verify an applicant's ID and 
check their credit report. In order to cut down on fraud, we 
have implemented many processes to protect our customers. These 
include validating applicant information against credit 
reports, checking applicant data against our internal fraud 
file, and checking the consumer credit bureau report for fraud 
alerts placed there by the customer. If there are discrepancies 
in any of the application information, the application is 
declined.
    Our screening does not stop there. We have a process by 
which customer charges are reviewed for out-of-pattern 
behavior, high velocity purchasing, making payments on their 
account for significantly more than their balance due, and 
high-risk merchandise purchases. We also systemically prevent 
the mailing of a new credit card on a recently changed address.
    In addition, our fraud prevention group utilizes technology 
to crosscheck Internet orders and an affiliate fulfillment 
system to search multiple orders across affiliate chains. This 
ability proved very helpful in discovering an Internet fraud 
ring where the perpetrators were placing several orders for the 
same merchandise on different Federated Web sites, then 
shipping these items to various addresses in the U.S. They then 
collected the items for shipment overseas. Fortunately, we were 
able to uncover and shut down this ring using our affiliate 
sharing tools.
    I would like to be able to say that FACS has prevented all 
of the fraudulent applications this year, but I can't. 
Unfortunately, sophisticated identity thieves continue to work 
diligently to bypass our systems and were successful in 2002 at 
a rate of 7 per every 10,000 applications processed, less than 
one-tenth of 1 percent. This in my view is not the result of a 
flawed system, but the result of determined criminals with 
sophisticated tools like computers and the Internet. You see, 
the most identity thieves know how to produce near-perfect 
identity documents such as State-issued driver's licenses and 
counterfeit credit cards.
    For these types of criminals, there is very little else we 
can do to detect and prevent the crime, and retailers, like 
other businesses, are looking to the States and the Federal 
government to begin producing the most secure and foolproof 
identity documents possible. Our ultimate goal is to confirm 
the identity of the customer and ensure their identity is not 
compromised.
    With identity theft representing such a small fraction of 
total credit applications, it is often a case of looking for a 
needle in a haystack. Further, identity thieves thrive on being 
anonymous and rely on the assumption that a large retailer such 
as Federated cannot put a name and face together in order to 
prevent fraud. This is why it is so important for retailers to 
know our customers, and the only way we can do this is through 
the use of information. Information flows between FACS and the 
credit bureaus or between our corporate nameplates. That, 
combined with sophisticated technology and scoring models, cuts 
down on fraud and allows us to offer exceptional customer 
service.
    As you know, identity theft is a crime with at least two 
victims: the individual whose identity was stolen and the 
businesses that bear the financial cost of the crime. Clearly, 
it is the individual victim that is the most directly hurt, but 
if identity theft crimes continue to rise, all consumers will 
ultimately pay as business losses are passed back to them. As 
such, it is critical that our access to information and 
prevention opportunities continue. The identity theft criminals 
adapt and change quickly and we need that same flexibility.
    I appreciate the opportunity to testify here today and I 
look forward to answering your questions, as well as those of 
the committee.
    Thank you.
    [The prepared statement of Amy Hanson can be found on page 
117 in the appendix.]
    Mr. Tiberi. Thank you, Ms. Hanson.
    Just as an aside, one of my first credit cards was a 
Lazarus credit card.
    Ms. Hanson. That is good. I hope it is still in your 
wallet.
    [LAUGHTER]
    Mr. Tiberi. Mr. Kallstrom?

 STATEMENT OF JIM KALLSTROM, SENIOR EXECUTIVE VICE PRESIDENT, 
                       MBNA AMERICA BANK

    Mr. Kallstrom. Good afternoon, Mr. Chairman. Thank you for 
inviting me here today. I think I can safely speak for the 
entire industry in complimenting the committee for the 
thoroughness with which you are examining the issues relating 
to the reauthorization of the Fair Credit Reporting Act. From 
our perspective, you have constructed a compelling record from 
which to legislate and we have high praise for the diligence 
and dedication of the staff who have brought all of this 
together.
    Regarding identity theft, we are in complete agreement with 
you and the other members. Identity theft, like other serious 
crimes, is an attack on our customers, our businesses and on 
our economy. While it accounts for only about 4 percent of the 
fraud we experience, as you have just heard it often exacts a 
personal cost of time, reputation and frustration that is very 
hard to measure. Viable solutions likely will involve greater 
participation by all of us, the credit granting industry, 
retailers, the credit bureaus, law enforcement, prosecutors, 
government agencies and consumers. But also recognizing that 
our collective task is made much more difficult by the rampant 
availability of false identification documents, which is an 
epidemic in this country today.
    As with many crimes, the cliche ``forewarned is forearmed'' 
applies to identity theft as well. Ensuring the availability of 
key information, both to businesses and potential victims 
alike, goes a long ways towards prevention and apprehension. As 
Assistant Secretary Abernathy remarked recently, identity theft 
is not caused by information; it is caused by a lack of 
information.
    In summarizing my statement for the record, I would like to 
make four points. First, the interests of our customers and the 
interests of industry are synonymous. Our business philosophy 
is, find the right customers and keep them. We want our 
customers to be able to use our products and use them securely. 
We want our customers to have confidence that we will help 
protect them against the ravages of identity theft. When fraud 
does occur, our customers are not responsible for the 
fraudulent charges and we provide assistance both to help stop 
further damage and to help in recovering from the identity 
theft. But as we have just heard, it is far more difficult to 
restore the confidence of victims and to relieve the effects of 
having their identity stolen. We agree with our customers who 
say, reputations, good will, financial well being and consumer 
confidence are all put at risk because of identity theft. In 
the end, it hurts every one of us.
    Second, prevention and detection of identity theft is what 
we do with every application and every transaction, 7 days a 
week, 365 days a year. We invest millions of dollars preventing 
and detecting identity theft and other types of fraud. We 
employ hundreds of people who specialize in fraud detection and 
prevention, and have a sizeable cadre of people dedicated to 
ensuring our customers are properly identified. We employ 
extremely sophisticated neuro-networks and experience-based 
automated strategies to find and reduce fraud and identity 
theft, from exploring discrepancies between applicants and 
credit reports, to scrutinizing hundreds of thousands of daily 
transactions for anomalies. We fight identity theft from the 
credit application stage through loan repayment. Our customers 
are critical participants in this process, but there is no 
question that the Fair Credit Reporting Act is the foundation 
of this effort. To be successful, we rely upon the kind of 
uniform current credit information that FCRA has given us.
    The third point I would like to make is setting the record 
straight on a couple of things, affiliate sharing and 
prescreening. With affiliate sharing, we are aware of no 
instance, not one, where affiliate sharing resulted in identity 
theft. To the contrary, it helps the industry fight identity 
theft. Our experience with prescreening is similar. 
Prescreening results in substantially fewer fraud attempts, not 
more. A study released last week by the Information Policy 
Institute, the IPI, a copy of which I am submitting with my 
statement for the record, confirms that the same holds true for 
the entire industry. In fact, the study found that industry 
losses from fraudulent prescreened applications amount to four 
one-thousandths of 1 percent of total sales volume. Eliminating 
prescreening would likely result in an increase in identity 
theft. That is so because prescreened offers reflect only names 
and addresses, less than is in the telephone book. The 
prescreening process involves more filtering, not less 
filtering.
    One final point, Assistant Secretary of the Treasury Wayne 
Abernathy understands the industry, understands the problem, 
and he and others at Treasury have talked about the need for a 
comprehensive approach to address the problem of identity 
theft. We agree that any approach should include enhanced 
prevention, detection and victim assistance. It should include 
reauthorization of FCRA because, as Assistant Secretary 
Abernathy says, to do otherwise creates shadows where identity 
theft can occur. On the enforcement side, the solution should 
include stiffer penalties, reflecting the serious and pervasive 
nature of this crime.
    We also agree that any solution should help consumers make 
more informed decisions about information sharing. This can 
happen by making privacy notices shorter, simpler and in plain 
English, and making opt-out procedures easier and uniform so 
that consumers can more easily exercise control of their 
personal information in a meaningful way. Everyone agrees it 
would be of enormous benefit to provide consumers with easily 
digestible privacy notices that include easy opt-out 
procedures. In fact in a recent survey, we found that our 
customers overwhelmingly support a simple food label-like 
notice as the kind of notice they want, a notice they will 
actually read, that is easily comprehensible, and which allows 
busy people an opportunity to participate in information 
sharing decisions in a more meaningful way. It is simply a good 
idea that will be of great benefit to consumers.
    In the end, legislating more and better tools for law 
enforcement, consumers and the industry to use to prevent, 
detect and recovery from identity theft is a consumer issue 
that will help us all. We applaud your attention to these 
critical issues and I look forward to any questions you might 
have.
    Thank you very much.
    [The prepared statement of Jim Kallstrom can be found on 
page 125 in the appendix.]
    Mr. Tiberi. Thank you, Mr. Kallstrom.
    Mr. Peirez?

   STATEMENT OF JOSHUA L. PEIREZ, SENIOR VICE PRESIDENT AND 
      ASSISTANT GENERAL COUNSEL, MASTERCARD INTERNATIONAL

    Mr. Peirez. Good morning, Chairman Bachus, Congressman 
Sanders, and members of the subcommittee.
    My name is Joshua Peirez and I am Senior Vice President and 
Assistant General Counsel at MasterCard International located 
in Purchase, New York. MasterCard is a global organization 
comprised of financial institutions that are licensed to use 
the MasterCard marks. I thank the subcommittee for having a 
hearing on this critically important issue and for giving me 
the opportunity to provide information on combating identity 
theft.
    MasterCard takes its obligation to protect MasterCard 
cardholders against identity theft and other forms of fraud 
very seriously. In fact, this issue is a top priority for 
MasterCard and we have a team of experts, including many ex-law 
enforcement personnel devoted to combating fraud. We are proud 
of our strong record of working closely and proactively with 
Federal, State and local law enforcement agencies to apprehend 
these criminals.
    MasterCard believes its success in fighting fraud is 
perhaps best demonstrated by noting that our fraud rates have 
continuously declined over time and are at historically low 
levels. MasterCard recognizes that identity theft and other 
fraudulent schemes evolve constantly, and we devote substantial 
resources to staying one step ahead of the criminals. We 
continually develop new ways to fight fraud and identity theft. 
For example, MasterCard has instituted a number of protections 
against unauthorized use of MasterCard payment cards. These 
include enhanced security features on the card, the risk-finder 
service, the address verification service, the issuers 
clearinghouse service, and our proprietary fraud reporting 
system. In addition, we have voluntarily implemented a zero-
liability rule which means that a MasterCard cardholder will 
generally not be liable for any fraud losses at all.
    Although MasterCard has established these consumer and 
anti-fraud protections, one of the most important tools in 
combating identity theft is the availability of accurate, 
reliable consumer reports. Providing consumer reports is the 
role of the credit bureaus which gather information from 
thousands of sources commonly referred to as furnishers. The 
reliability of consumer reports as an identity theft prevention 
tool is largely due to the uniform national standards 
established by the FCRA. If States impose different obligations 
on furnishers, the amount and quality of information could 
substantially decrease.
    The FCRA also governs two activities that greatly assist 
financial institutions in fighting identity theft, affiliate 
sharing and prescreening. Financial institutions rely on the 
ability to share information among their affiliates in order to 
detect and prevent identity theft. This happens, for example, 
when an application does not match existing information about 
the same consumer held by an affiliate. Additionally, 
prescreening also results in fewer cases of identity theft and 
other fraud than when the accounts are acquired through other 
means. In this regard, prescreening and affiliate sharing are 
important weapons in the fight against identity theft.
    Other provisions in the FCRA are also useful in limiting 
the damage to identity theft victims. For example, consumers 
receive notices if they are denied credit based on information 
in a consumer report. This flags for the consumer that the 
consumer's report may contain negative information and allows 
the consumer to follow up and investigate the matter further. 
If there is information in the credit report that may be the 
result of identity theft, the consumer can generally require 
the credit bureau to correct any error within 30 days. In 
conclusion, MasterCard is committed to working with government, 
credit bureaus, our members and cardholders to ensure that we 
provide the safest financial environment possible. We take our 
role in fighting identity theft and fraud very seriously and 
will continue to research and develop technologies and programs 
to help with that fight. By making the national uniformity 
under the FCRA permanent, MasterCard will be able to provide 
better protection against identity theft and fraudulent 
activities to its cardholders and issuers.
    Thank you again for allowing me to appear before you today 
on this important topic. I am happy to answer any questions you 
may have.
    [The prepared statement of Joshua L. Peirez can be found on 
page 195 in the appendix.]
    Mr. Tiberi. Thank you, Mr. Peirez.
    I am going to yield just a minute to the chairman of the 
subcommittee.
    Chairman Bachus. I thank you, Mr. Tiberi.
    I wanted to take this time to say to Mr. Kallstrom and Mr. 
Peirez, Mr. Kallstrom from MBNA America and Mr. Peirez from 
MasterCard, the staffs of your institutions have been very 
helpful to us in the committee in reviewing legislation on 
reauthorization for FCRA. They have been very timely in getting 
back with us and just fully cooperative, and I want to commend 
both you gentlemen for that. It has been a very good experience 
for us. I think that the legislation going forward will reflect 
your expertise. As you say, Mr. Kallstrom, the interest of the 
consumer and the interest of your institutions are analogous.
    Mr. Kallstrom. Yes.
    Chairman Bachus. The National Retail Federation, Ms. 
Hanson, has also been very helpful in pointing out particularly 
some of the strengths of the uniform fair credit reporting 
system. I don't think there was a car dealer from my home State 
of Alabama who told me that he does business, about 20 percent 
of his business comes from the State of Florida, about 35 to 40 
percent comes from the State of Georgia. The rest comes from 
the State of Alabama. He says even dealing with three sets of 
conflicting information could be a detriment in extending 
credit. So I think whether we are retailers or credit card 
companies or Ms. Duncan with the Consumers Union, I think we 
can certainly find some identity of interest because we are all 
looking for the same thing, and that is the extension of credit 
in a fast, expedient way.
    It has been a great benefit if you look at low-and middle-
income citizens, under FCRA there has been an explosion of 
available credit. At the same time, we ought to be able to find 
ways to protect those consumers in this process. So I think we 
all have an identity of interest there. We may have different 
opinions on how we get there.
    At this time, I will yield back.
    Mr. Tiberi. Thank you, Mr. Chairman.
    We have a series of votes on the floor and the Chairman has 
asked me to recess the committee until 1:30 p.m. when we will 
return with the next panelist. Thank you.
    [RECESS]
    Mr. LaTourette. [Presiding.] The subcommittee will come 
back to order. We appreciate your patience during that series 
of votes, and hopefully we will be able to complete this panel 
before more mischief like that is occasioned.
    Ms. Duncan, I think we are with you, and thank you for 
being here. We look forward to your testimony.

  STATEMENT OF JANELL MAYO DUNCAN, LEGISLATIVE AND REGULATORY 
                    COUNSEL, CONSUMERS UNION

    Ms. Duncan. Thank you.
    Good afternoon, Mr. Chairman and members of the 
subcommittee. Thank you for providing me with the opportunity 
to come before you today. I am Janell Mayo Duncan, Legislative 
and Regulatory Counsel for Consumers Union, publisher of 
Consumer Reports magazine. I am pleased to be able to share our 
views on the relationship between the FCRA and identity theft.
    Consumers Union, an advocate for consumers, is the only 
consumer representative on this panel. We are a nonprofit 
organization, and as you will see from my comments today we 
would strongly disagree with Mr. Kallstrom's claim that he and 
MBNA are appropriate spokespersons for consumer interests.
    In addition, the FCRA at its core is a consumer protection 
statute, and we are here and stand ready to join MBNA, 
MasterCard and the National Retail Federation in lending our 
perspective as the committee crafts legislation to address 
these problems, understand the impact on consumers, and to 
develop solutions to this crime.
    This hearing is entitled Fighting Identity Theft, the Role 
of FCRA. We believe that the current operation of the FCRA, 
FCRA Federal preemptions, and ongoing industry practices are to 
a great extent responsible for the skyrocketing number of 
identity theft cases. Consumer Reports magazine looked at this 
problem in a 1997 article. At the time, the magazine described 
the crime of identity theft as one of the fastest growing in 
the nation.
    The article chronicled stories of people victimized by the 
crime and in it we identified flaws in the system that we 
believed to be contributing to this problem, including lax 
identification standards, where credit is granted to a thief by 
creditors matching as few as two pieces of identification with 
information on the credit report of an unsuspecting individual; 
the granting of quick credit; the dissemination of convenience 
checks; instant credit and easy replacement of reportedly lost 
of stolen cards; inadequate fraud detection by credit reporting 
agencies or CRAs; credit grantors that ignored fraud warnings 
meant to serve as an obvious indication that an identity thief 
had been actively exploiting a consumer's credit file; and 
unfair correction processes where credit bureaus continue to 
update files with inaccurate information or information 
generated by the thief. Six years after our report, thieves 
have become more sophisticated and organized and the problems 
are more widespread. However, the basic elements placing 
consumers at risk have not changed and continue unabated. We 
believe that the solutions lie in requiring industry to better 
manage and safeguard information already at their disposal. In 
addition, the current preemption of State laws must be allowed 
to expire so that States can act quickly to address new and 
emerging identity theft crimes, because thus far States have 
been the most responsive and effective source of solutions to 
this growing problem.
    Additionally, consumers must be empowered with more control 
over the dissemination of their personal information in order 
to prevent identity theft. Some of our specific recommendations 
are to allow consumers to obtain yearly and at no cost a copy 
of their credit report and credit score from the three major 
CRAs; prohibit CRAs from releasing consumer information unless 
they have made a careful matching of a minimum of four 
identifiers; require CRAs to notify consumers at their original 
address when an address change is made to their report; allow 
victims of identity theft to freeze their credit reports to 
prevent impostors from accessing any more credit in their 
names; penalize creditors that grant credit to a thief without 
following up on a fraud alert placed on a credit report; 
require CRAs to alert consumers free of charge when suspicious 
activity is observed on the report; increase penalties for 
furnishers that reinsert information in a consumer's credit 
file that already had been disputed by a consumer as inaccurate 
and had been previously removed; and give consumers control 
over the sharing of personal information among companies, 
including affiliates.
    We urge this subcommittee to work to pass meaningful 
legislation that will address the elements of the FCRA and 
industry practices that help make the commission of these 
crimes possible. I have provided the subcommittee with 
additional recommendations in my written testimony. In our 
view, the improvements we suggest would go a long ways towards 
preventing this crime.
    I thank the chairman and members of the subcommittee for 
this opportunity to testify and I look forward to answering any 
questions.
    [The prepared statement of Janell Mayo Duncan can be found 
on page 109 in the appendix.]
    Mr. LaTourette. I thank you very much for not only your 
testimony, but your ability to complete it before the red light 
went on. Thank you very much, Ms. Duncan.
    Mr. Ansanelli, welcome and we look forward to hearing from 
you.

           STATEMENT OF JOSEPH ANSANELLI, CEO, VONTU

    Mr. Ansanelli. Thank you and good afternoon.
    My name is Joseph Ansanelli and I am the CEO and founder of 
Vontu. We provide information security software that helps 
guard against the loss of customer information. I am honored to 
provide testimony in fighting identity theft and the role of 
the Fair Credit Reporting Act. I commend the subcommittee for 
discussing this important issue.
    My testimony draws from my experience in working with chief 
information security officers at some of the country's top 
financial services, insurance, media and retail companies. 
These security professionals are acutely aware of the 
challenges in adequately protecting consumer information.
    To begin, we believe it is important to help a consumer 
quickly repair his or her credit when their identity has been 
stolen. However, this problem will continue to grow if we do 
not prevent the theft of consumer data in the first place. This 
means making sure Social Security numbers, credit card numbers 
and other identifiers don't get out from those companies that 
have that information.
    While there are many ways identity theft occurs, from a 
financial report taken from the trash, a credit card receipt in 
a restaurant, companies and government agencies are the 
ultimate sources for large electronic databases of consumer 
information. Without additional safeguards in place, millions 
of Americans may be victims of identity theft by the end of 
this decade.
    Traditionally, organizations have focused on the hacker and 
preventing people from breaking into their customer data 
systems. Many organizations now realize that another 
significant threat exists. With the rapid adoption of the 
Internet and tools such as electronic mail, consumer 
information can be leaked in a moment's notice by insiders. No 
matter how secure an organization's systems are, many employees 
require access to sensitive customer data, yet it is much 
easier for insiders to accidentally leak or maliciously steal 
information than it is for a thief to break in from the 
outside.
    As an example, in November of last year a customer service 
employee of Teledata Communications who had easy access to 
consumer credit reports, allegedly stole 30,000 customer 
records. That is the first step in the identity theft process. 
This theft cost millions of dollars in financial losses and 
demonstrates that even though any computer system can be 
hacked, it is much easier and in many cases far more damaging 
for information to be stolen from the inside. Last month, we 
conducted a survey with Harris Interactive of 500 employees and 
managers who had access to customer data that confirms this. 
Almost half of the respondents said it would be easy to take 
sensitive customer information from their employers's networks. 
Two-thirds believe that their coworkers pose the greatest risk 
to consumer data security, while only 10 percent said hackers 
were the biggest issue. In fighting identity theft, we suggest 
it is important to fix the problem and to look beyond external 
threats and recognize that insiders pose a fast-growing risk.
    Based on our experiences, I recommend the subcommittee 
weigh the following when considering revisions to the Fair 
Credit Reporting Act. First, confusion is the enemy of consumer 
protection. A consistent and unified national approach to our 
credit system will benefit consumers the most. However well 
intentioned a system of 50 different laws might be, it would 
only create confusion and paralysis that would ultimately harm 
consumer protection. Therefore, we believe that the preemption 
provisions of the Fair Credit Reporting Act are critical and 
should extend to any additions to help protect identity theft.
    Second, we urge the subcommittee to ensure that any 
modifications to the FCRA encourage companies to go above and 
beyond any stated requirements to protect customers' data. Most 
companies know it is in their self-interest to protect a 
customer's data. However, I have had companies question whether 
they should go beyond base Legislative and Regulatory 
requirements such as GLBA for fear in doing so could 
potentially reveal problems that trigger punitive actions. 
Future legislation should encourage and protect organizations 
that go above and beyond any base security requirements.
    Third and most importantly, I suggest this committee 
develop a consumer data security standard as part of the FCRA. 
Ensuring a national unified and standard approach to protecting 
consumer information at its source will help to stop one of the 
main and growing sources of identity theft. Any such standard 
should include the following principles. First, corporate 
security policies should be mandated. A company security policy 
should be publicly available, regularly reviewed and updated, 
and audited and approved by its board of Directors. Second, 
employee education is critical. In the Harris survey I 
referenced earlier, almost one-third of workers and managers 
had not read or did not know if their company had a written 
customer data protection policy.
    Third, data protection and control should require best 
practices. Physical and network protection should use best 
practices for all commercially reasonable solutions. And last, 
companies must enforce employee compliance. Organizations 
should have an obligation to regularly monitor and enforce 
employee compliance with government regulations and their own 
internal security policies for the use and distribution of 
sensitive consumer information.
    I hope these comments will be helpful to the committee and 
I welcome the opportunity to answer any questions.
    Thank you.
    [The prepared statement of Joseph Ansanelli can be found on 
page 80 in the appendix.]
    Mr. LaTourette. Thank you, Mr. Ansanelli.
    Mr. Lundy, thank you for being here and we would like to 
hear from you.

  STATEMENT OF LEE LUNDY, VICE PRESIDENT, CONSUMER SERVICES, 
                            EXPERIAN

    Mr. Lundy. Thank you, Mr. Chairman and committee members. 
Good afternoon.
    My name is Lee Lundy. I am Vice President, Consumer 
Services, for Experian. I am responsible for managing 
Experian's National Consumer Assistance Center in Allen, Texas.
    Of the total consumer reports that Experian issues each 
year, only about 1 percent results in a request by a consumer 
for disclosure. About half of that number results in an inquiry 
by a consumer relating to a dispute or a general question about 
a disclosure. Only a portion of this one-half of 1 percent 
results in an actual change to the consumer's file, which may 
be either a correction or an update. All of this takes place 
within an environment where the industry estimates that up to 
30 percent of consumer contacts we receive are the result of 
credit-repairing inquiries where attempts are made to remove 
negative information, but it is accurate. These calls require 
investigative processes that impact our ability to address true 
consumer concerns. Today, I want to discuss the steps we are 
taking to provide the business community with ways to prevent 
ID theft, help consumers restore their reputation with victim 
assistance, and discuss solutions that will not work, 
specifically limiting information flows and providing free 
credit reports without condition.
    What works? The most effective strategy is responsibly 
using the free flow of information. Experian and others are 
making large investments in developing effective fraud 
prevention and detection tools based on responsible information 
sharing. Our national fraud database is comprised of known and 
verified fraudulent activity provided by businesses from across 
many different industries. Our customers use this database to 
stop fraud before it happens.
    Experian's Detect service takes fraud prevention to the 
next level by comparing an individual's application history for 
anomalies that may indicate fraud. Do they work? Just an 
example, one company using Experian's fraud tools experienced a 
55 percent decrease in fraud losses and reduced the time it 
took to confirm fraud records by more than two-thirds. As you 
can see, fraud prevention is paramount. However, in the event 
that victim assistance is required, Experian has been working 
with our counterparts for several years to develop uniform and 
efficient processes. Recently, we announced a one-call fraud 
alert program. Today, consumers who believe they are victims of 
fraud need only contact one credit reporting agency to add 
fraud alerts and receive complimentary reports from all three 
of the agencies. Once the consumer receives the report, 
Experian's consumer assistance agents are trained to personally 
assist the consumer by explaining the information on the report 
and initiating an inquiry to the creditors to resolve any 
inaccuracies.
    The question has been asked why it takes so long to resolve 
identity theft issues on a consumer's file. In some cases, the 
full extent of the crime may not be known for some time. 
Identity theft, unlike other crimes of theft, often occurs over 
a period of weeks or months. When a victim identifies 
fraudulent entries on a consumer report, we work promptly with 
the provider of the information to resolve the issue. So when 
you hear stories in the media that it took consumers months to 
unravel financial records affected by identity theft, it is 
often because elements of the crime do not fully appear until 
weeks or months after the criminal activity began.
    What doesn't work? Restricting data access and providing 
free credit reports without condition. At face value, both seem 
to promise greater fraud protection. In reality, they do little 
to protect consumers and in fact may make the fraud problem 
worse. Access to and responsible use of information from a 
broad spectrum of sources is essential to our fight against 
fraud and identity theft. Effective solutions demand tools that 
utilize complete, accurate and current information from 
multiple sources in order to counter consistent variations of 
the crime. We know that more information, not less, will reduce 
fraud and ID theft. Eroding the ability of businesses to 
obtain, share and compare information will increase the risk of 
fraud and ID theft.
    Free credit reports upon request have been touted as a 
solution to the fraud problem, but actually have little impact 
on fraud prevention and would impair our ability to control 
costs and meet mandated service levels. Current FCRA provisions 
already provide free reports for virtually all qualifying 
consumers. Costs such as postage, for the average report is 
approximately 13 pages long, and staff are often lost when 
factoring in the actual cost of a free report. Cases involving 
security breaches from systems outside of the credit allocation 
stream already result in large unpredictable numbers of free 
report requests. Such cases impose tremendous costs on credit 
reporting agencies. They also result in flooding our assistance 
centers with calls that impact those consumers who have a more 
urgent service need.
    Thank you for the opportunity to address the committee. I 
will be happy to answer any questions you may have. I have 
submitted a more detailed written statement for the record.
    [The prepared statement of Lee Lundy can be found on page 
134 in the appendix.]
    Mr. LaTourette. I thank you, Mr. Lundy, very much. I think 
I will begin with you.
    Obviously, as someone, and I think Mr. Sanders talked about 
legislation that he has drafted, and I know the legislation I 
have drafted with Mrs. Hooley has a provision that calls for 
one free credit report annually. So obviously it is 
disappointing to hear you opine that it actually would increase 
fraud activities. I think the only issue that I would take, 
well a couple of issues I will take with that statement.
    One is that I don't think that it is being touted as the 
answer to identity theft. I think it is, to take another 
portion of your testimony, the more information the consumer 
has, I think, if it is a two-way street, if we are not only 
asking those who grant credit to be more vigilant, there is a 
concurrent responsibility on the individual, the consumer to 
pay attention, but they can't really pay attention if they 
don't know what is in their credit report. I think at least 
from my perspective, Mr. Sanders I know can speak for himself, 
but from my perspective that is the idea behind it.
    So the question that I would have for you is, has the 
industry or has your organization calculated a cost and/or the 
ability to comply with such a provision should that be the 
ultimate enactment of the Congress?
    Mr. Lundy. Actually, I do not have those figures with me. 
We know that it is a tremendous impact only by what has 
happened in the recent past, as far as whenever we do have data 
stolen from within a business. We then get a very big impact as 
far as sending out free credit reports to consumers who really 
have not truly been impacted or affected by credit fraud, but 
only there is a fear that they may have been. It does create 
quite a bit of staffing issues because even with those 
additional calls coming in because of the literally hundreds of 
thousands of credit reports going out, we still are mandated to 
make sure that we handle all those calls within FCRA 
requirements.
    Mr. LaTourette. Ms. Duncan, as I listened to your 
suggestions, I pulled some off the Web site relative to 
freezing credit reports and also it mentions increased 
participation by local police agencies in taking down reports. 
I think you mentioned three or four other things in your 
testimony today.
    I am wondering if you have had a chance to review any of 
the legislation that has been introduced by any member of the 
Congress relative to fraud, and in particular I would think of 
Mr. Sanders's bill, I would think of Ms. Hooley's bill and any 
others, and whether your organization has formed an opinion as 
to whether they would work or are moving in the right 
direction, or we need to do more, or we are about there.
    Ms. Duncan. We do agree that any additional information 
that can be given to consumers is a good idea, as consumers are 
being asked to take control over their credit report and their 
financial well being. Yes, we have supported Mr. Sanders's 
legislation asking for a free credit report. We have been very 
active out in California supporting some of the laws that have 
come about out there. On the Federal level, we have supported 
other legislation that would require for the truncation of 
credit card numbers and quite a few others.
    Mr. LaTourette. Okay. And I heard you take exception with 
Mr. Kallstrom's testimony, with Mr. Ansanelli sitting next to 
you. How do you feel about the preemption issue, the 
observation that having 50 different sets of credit regulations 
actually increases the opportunity for mischief? Has your 
organization taken a position on whether or not there should be 
Federal preemption in these areas?
    Ms. Duncan. We have supported the expiration of the 
preemption provisions and we do believe that States have been 
very active in these areas. As you can see, there has been a 
lot of talk about the things that can be done, but as you know, 
the incidence of identity theft is skyrocketing, and the 
methods that criminals are using to perpetrate this crime are 
changing over time. So we think that States are probably the 
most appropriate body to act very quickly when these methods 
change.
    Mr. LaTourette. Thank you.
    Ms. Hanson, that brings me to your testimony and the 
question of preemption. As I understood you, you said that 
Federated has been pretty successful about getting to know your 
customer. One of the things I think you cited was you got to 
know your customer by information that had been shared by 
affiliates. If States come up with different rules and 
regulations to restrict sharing among affiliates, do you have 
an opinion as to whether or not that helps or hurts the problem 
we are discussing here today?
    Ms. Hanson. I think it would make our job much more 
difficult as a retailer, to know our customer, if we have to 
wade through the morass of multiple States' different 
interpretation of laws. I think our job would become much more 
difficult in protecting our customers.
    Mr. LaTourette. And Mr. Ansanelli, when a corporation 
decides to go above and beyond, or an organization decides to 
go above and beyond, were you talking about a benefit that 
basically would restrict them from liability should they, sort 
of protecting them from the lawyers?
    Mr. Ansanelli. Exactly. I don't like necessarily the 
phrase, but a safe harbor which is that they are actually going 
to try to find problems that they discover above and beyond 
what the regulation says. They should not then be held liable 
for finding out that they had a problem that they didn't have 
to actually go find to begin with.
    Mr. LaTourette. That is an interesting idea. There is a 
company in my district that has nothing to do with what we are 
talking about, but a company in my district that disinfects 
things. When SARS was in the news, and it still continues to be 
in the news, they developed a program to disinfect the inside 
of airplanes. The airlines were reluctant to do it because by 
disinfecting the inside of the airline they might be assuming a 
responsibility that they don't currently have for passengers 
with SARS.
    Thank you all very much.
    Mr. Sanders?
    Mr. Sanders. Thank you, Mr. Chairman.
    Before I get to identity theft, there is another issue that 
I would like to talk to MBNA about, and that is what some of us 
call the bait-and-switch process that many credit card 
companies are currently engaged in. Mr. Kallstrom, let me just 
read to you from an article that appeared in the New York 
Times, well, summarize an article that appeared in the New York 
Times on May 29.
    The essence of the article was that it appears that all 
over this country companies, including your company, do a bait-
and-switch. You send out solicitations to people asking them to 
accept your credit cards at certain interest rates, and then 
month after month these people pay the bill that they owe you. 
Let's say they have a 5 percent interest rate and they pay you 
every month the $200 that they owe you, whatever it is. 
Suddenly, lo and behold, 5 months later, after having paid on 
time every month what they owe you, the interest rates go sky 
high. And when they inquire as to why that is so, and many of 
them, of course, do not inquire. They don't notice what has 
been happening. They find out that somebody will tell them, 
well, yes, you paid us on time, but you borrowed additional 
money. We are sorry somebody in your house was sick and you 
needed additional money, and yes, you have always paid us on 
time, but nonetheless we are going to double or triple your 
interest rates.
    Please explain to me why you think this is moral acceptable 
behavior when somebody month after month has paid you on time 
what they owe you? Why do you change the rules of the game and 
double or triple their interest rates?
    Mr. Kallstrom. I read that article in the New York Times 
also. For the record, I would say that we do not bait and 
switch. What we do is we assess risk and we give unsecured 
loans to people to better their life and to carry on or live in 
the world we live in today. I would not necessarily believe 
everything I read in the New York Times.
    Mr. Sanders. Well, let me ask you a question.
    Mr. Kallstrom. Let me finish my answer please. People's 
situations do change and we are assessing risk. There is a lot 
of oversight on us. There are a lot of good reasons, there are 
hundreds of reasons why we should assess risk.
    Mr. Sanders. Well, let me ask. I will give you your time. 
Sir, the problem here, as you know, is we are limited in time. 
I wish we had time.
    Mr. Kallstrom. Let me just finish the answer in 30 seconds.
    Mr. Sanders. Yes.
    Mr. Kallstrom. So from time to time, we do assess risk. We 
always pre-notify the customer as to the conditions that are 
going to change. We always give them the opportunity to just 
say no. We give them the opportunity to pay off that account at 
the existing rate and close their account, or keep the account 
open at the new rate that the risk has brought us to. That is 
good business practice, good ethical practice, and that is what 
we do.
    Mr. Sanders. What percentage of the people that you deal 
with who have your credit cards do you change interest rates 
on?
    Mr. Kallstrom. We are in a competitive market, sir, that 
changes all the time for competitive reasons.
    Mr. Sanders. I asked you a simple question.
    Mr. Kallstrom. I do not have an exact percentage.
    Mr. Sanders. And what percentage of the people do you think 
actually know? People get a lot of stuff. Among other things, 
they get 5 billion solicitations a year from credit card 
companies. What percentage of the people who you send out this 
information to do you think actually know?
    Mr. Kallstrom. I believe the vast majority on that point 
know because we highlight it. We set it off in sharp colors. 
But you are right about disclosures. People don't actually know 
what a lot of those things say, particularly the Gramm-Leach-
Bliley ones because no one can understand what they say.
    Mr. Sanders. But I would suspect that many people who see 
their interest rates change, I want to get back. You say you 
are not into bait-and-switch, but what you are into is changing 
the interest rates on people even though they have paid you 
every single month. Now, if I do business with you and I pay my 
bill on time to you every month and I pay you what I owe you, 
why do you think you have the right to double my interest rate?
    Mr. Kallstrom. Because we must assess risk on the 
portfolio.
    Mr. Sanders. Even though I have paid you?
    Mr. Kallstrom. And you might have gone and borrowed $50,000 
from somebody else and you are not paying it back. So in this 
day and age we live in, we have to look at the total.
    Mr. Sanders. In other words, what you are doing is 
punishing people who have paid their bills because you think 
they may not, even though they have always kept their word and 
their contract with you. I think that is wrong.
    Mr. Kallstrom. We are giving unsecured loans, sir, and we 
are giving them notice that if they do not want that additional 
rate; in every occasion, we are giving them notice.
    Mr. Sanders. Excuse me, excuse me, sir. You have not 
answered me in terms of how many people do not even know that 
their interest rates would change, and I suspect many do not.
    Mr. Kallstrom. I agree that the vast majority do know.
    Mr. Sanders. You are dealing with large numbers of people. 
Excuse me. Even if the vast majority is true, there will be 
many, many thousands of people who simply every month, who 
assume because they pay their bills on time, do not anticipate 
an increase in interest rate. I will bet you that there are 
thousands of people who are paying you far higher interest 
rates than they contemplated.
    Mr. Kallstrom. I don't know the percentage.
    Mr. Sanders. Thank you. I have limited time. I would love 
to discuss the issue. I really would, but we have a limited 
amount of time.
    Mr. Kallstrom. I would also.
    Mr. Sanders. Ms. Duncan, do you have thoughts on that 
practice?
    Ms. Duncan. We agree with your concerns that there are 
consumers, and I read the article as well, out there who are, 
regardless of their payment history with the particular lender, 
are possibly seeing their rates skyrocket. Also, it is quite 
possible that that increase in rates, I mean, if you look at a 
consumer who has been responsible in the past, you could 
possibly assume that they would be responsible in the future. 
In making those rates go up like that, that could very well be 
the proverbial last straw that broke the camel's back.
    Mr. Sanders. Right. And there are instances, as I 
understand it, that that practice has driven people into 
bankruptcy. Thank you, Ms. Duncan.
    Let me ask Mr. Lundy a question. When you discussed with 
the Chairman your opposition to providing consumers with free 
credit reports, you mentioned the cost. Obviously, there is a 
cost and we don't know what the cost will be. But how can you 
tell the consumers of this country that they are not entitled 
to free credit reports when just in 2002, MBNA just happened to 
have enough money in that year to pay their four top executives 
$308 million? Don't you think that maybe if they wanted to 
cover the cost of informing consumers all over this country 
what their credit reports were, maybe they could take a little 
bit of a cut in salary? Do you think that might be possible? 
Just a little bit. We don't want to put them on welfare, but 
$308 million for the top four execs, now, what can I say?
    Mr. Lundy. Sir, I can't discuss, of course, the salaries at 
MBNA. However, we are not opposed to free credit reports to 
consumers with conditions. We believe that all consumers 
knowing what is in their credit reports is very important. We 
do not believe that the price that we charge a consumer, which 
is $9 or less in some States, is prohibitive for consumers who 
have no conditions to actually get their credit file report.
    Mr. Sanders. I would certainly agree with you. It is not 
prohibitive. But there will be a heck of a lot of people who 
will not pay the $9 who, if they got it for free, might learn 
that they were a victim of identity fraud.
    Let me get back to Mr. Kallstrom. Maybe you want to tell 
the people in terms of cost, what do you think about $308 
million in 1 year for the top four executives?
    Mr. Kallstrom. Well, look, I don't know exactly what their 
compensation was.
    Mr. Sanders. I can give it to you.
    Mr. Kallstrom. I can tell you that is not salary.
    Mr. Sanders. That is total compensation.
    Mr. Kallstrom. Like Al Lerner who you talked about earlier, 
who is an American patriot, who served this country in Korea, 
who grew up in a back room and invested capital in a small 
company.
    Mr. Sanders. I am not making any disparaging remarks. 
Excuse me. We hear over and over again and we heard it from Mr. 
Lundy. I am not disparaging anybody or the patriotism of 
anybody. But there are a lot of Americans who are a little bit 
concerned, because they are going bankrupt in record numbers, 
about executive salaries.
    Mr. Kallstrom. Sir, with all due respect, those are not 
salaries.
    Mr. Sanders. Compensation packages is what I am talking 
about.
    Mr. Kallstrom. They are not salaries.
    Mr. Sanders. I said it five times, compensation packages.
    Mr. Kallstrom. They chose to sell some stock in the company 
that they built at the time, and you are taking a point in time 
and you are making a point.
    Mr. Sanders. That is right. I am making a point that in 
2002, your top four executives made over $308 million.
    Mr. Kallstrom. It is not salaries.
    Mr. Sanders. Thank you.
    Thank you, Mr. Chairman.
    Mr. LaTourette. I thank the gentleman very much.
    Mr. Toomey?
    Mr. Toomey. Thank you, Mr. Chairman.
    Mr. Kallstrom, just to follow up on this. I can't help but 
address this. I for one would be shocked and very concerned if 
you made credit decisions without taking into account the 
entirety of a person's credit portfolio. Just by way of 
clarification, with respect, for instance, to a corporate 
borrower, if you extend credit to a corporate borrower and that 
borrower were then to take on some massive new amount of debt 
after the fact, would the banking regulators be a bit concerned 
if that didn't cause you to reevaluate the loan that you had 
made, the terms of that loan?
    Mr. Kallstrom. Without question, the regulators would be 
extremely, well, they would find our practices outside the 
boundaries of their guidance clearly, in both of those 
instances. And that is why it is important to our economy that 
we do not have a lot of unsecured loans out there at high risk. 
There is a reason why this happens. There is a good sensible 
reason why it happens.
    Mr. Toomey. Right. What I would like to focus on, I just 
wanted to establish that point, but I did want to focus back on 
the issue at hand of identity theft. Can you tell us, for your 
institution, and if this is in your testimony, I apologize, I 
did not see it though, has the cost to your bank been rising or 
falling with regard to incidents of identity theft and the 
fraud related thereto?
    Mr. Kallstrom. I think generally they have been rising. 
Even though we still have some of the lowest rates in the 
industry, they are still rising.
    Mr. Toomey. Do you see that as just a cost of doing 
business, or are you, in the face of this rising cost, and that 
was the way I thought you would respond, are you developing new 
procedures and systems for more aggressive prevention?
    Mr. Kallstrom. We are, but as we talked about earlier, this 
whole thing is geometric. It involves law enforcement. It 
involves the credit bureaus. It involves retailers. It involves 
the credit industry. It involves consumers. It involves the 
fact that we have an epidemic of false identification in the 
world and in the United States, where 8-year-old kids can make 
driver's licenses on a laptop computer. So it involves a lot of 
different things.
    Mr. Toomey. I understand that and I acknowledge that, but 
it seems to me that ultimately a lot of the problem arises from 
financial institutions that extend credit to people who are 
pretending to be someone that they are not.
    Mr. Kallstrom. Without question, that is correct.
    Mr. Toomey. So it seems to me that the point at which we 
are most likely to be successful in preventing this would be 
systems that defeat that attempt. Since the incidence of this 
fraud is rising so much, my question is what new things are you 
folks working on, is the industry working on that will cause 
that graph to turn around and have the same precipitous decline 
that we need to have?
    Mr. Kallstrom. I think clearly the more information we 
have, the fact that we have affiliates and affiliates were 
created for good reason, and we can have more points of 
information. Our neuro-network can be a lot more effective and 
we can stop identity theft to a much larger degree. But there 
are forces outside our control that must simultaneously 
improve.
    Mr. Toomey. I am not suggesting that this is all your 
responsibility to solve this. I am acknowledging that there are 
other aspects of this problem. But for instance, does it make 
sense for financial institutions such as yours to have 
considerably more aggressive identification verification 
procedures when new accounts are established, or some 
substantive change is made in an account?
    Mr. Kallstrom. Yes, it does, sir. And we invest a lot of 
technology in that area. We invest a lot of human resources in 
that area. I would just make a point, at the point of sale, if 
someone comes in an presents baseline documents that are 
recognized in the United States as being prima facie evidence 
of identity, birth certificates, Social Security cards et 
cetera, in true name and in true address, it is very difficult 
to weed those types of events out. There is technology 
available today to stop that practice. I would encourage the 
Federal government to deal with that issue.
    Mr. Toomey. If we could just follow up on that. When people 
provide that, obviously it is happening that people are 
providing that information and it is all information about 
someone else.
    Mr. Kallstrom. Right.
    Mr. Toomey. And then some portion of it is usually 
inaccurate, like an address, perhaps. What about using much 
more aggressive techniques to verify these things, some kind of 
biometric signature or some kind of verification when this 
person's name comes up?
    Mr. Kallstrom. I agree, and I think our processes, our 
expert systems, our neuro-network, our human beings, our fraud 
experts, the way those situations get routed, we stop the vast 
majority of them. Our identity theft percentage is extremely 
low. But yes, we need to have biometrics. We need to have anti-
counterfeiting technology put into our baseline identification 
documents. So I am agreeing with what you just said.
    Mr. Toomey. Do you have any specific biometric techniques 
that you think are likely to be implemented soon?
    Mr. Kallstrom. Today in driver's licenses in the United 
States, there are about 20 different biometric algorithms in 
the licenses. There is technology available today in one black 
box that can identify all of those. So we could have at a point 
of sale a black box that could say green light-red light as to 
whether that identification is counterfeit. I think the other 
thing that helps us immensely is having many data points to 
check, so that someone showing up with your driver's license 
and your address with their picture on it, we are going to know 
that they are phony because we are going to check other points 
of reference that you cannot answer those questions.
    Mr. Toomey. If the Chair would just allow for a wrap-up 
comment, I thank you for that. It just strikes me that when we 
hear the kind of horror stories that we are hearing and we know 
that the frequency of these incidents is increasing, my concern 
is that if the industry does not take very aggressive measures 
to successfully change the trend, there will be legislation 
which might become very onerous at some point, that may have 
unintended consequences. I am just strongly encouraging you.
    Mr. Kallstrom. I agree with that. I would just simply say 
the industry is spending millions of dollars in this area, 
hundreds of millions of dollars in this area.
    Mr. Toomey. Okay. Thank you, Mr. Chairman.
    Mr. LaTourette. I thank the gentleman.
    Mr. Moore?
    Mr. Moore. Thank you, Mr. Chairman.
    Mr. Kallstrom, in your written testimony you said, and I 
believe you testified this, everyone agrees it would be of 
enormous benefit to provide consumers with easily digestible 
privacy notices that include easy opt-out procedures. Is that 
correct, sir?
    Mr. Kallstrom. Yes, sir.
    Mr. Moore. Why then are the notices that we receive, every 
person in this country receives, from a credit card company so 
hard to read and so, I am a lawyer; I practiced law for 28 year 
and I do not read those. Why are they so complicated?
    Mr. Kallstrom. In the 1999 Gramm-Leach-Bliley Act, the 
regulators did not create a model notice for the safe harbor. 
So all the lawyers from all the regulators, I mean good people 
get in a room and came up with these notices that basically 
talk about technical compliance, but I think they have largely 
left the consumers bewildered as to what they mean. They are 
four or five pages long. The type, you know, you get my age, it 
is very difficult to read. They are in legalese that virtually 
nobody, in my view, understands.
    I think a much better solution would be to, and I would 
think my friend from Vermont would agree, tell consumers what 
their rights are in plain English on a short notice, and then 
give them a very simple way of opting out if they do not want 
to share information. That is what consumers want.
    Mr. Moore. And you don't have a problem with opting out if 
they make that choice, the consumers?
    Mr. Kallstrom. No. I think consumers should be given their 
choices in plain English and they should be allowed a simple 
methodology to opt out. We would hope that the majority would 
not opt out because we think some of the offers would be 
compelling. If you have business with us and you manage your 
business very well, your unsecured loan, and we have another 
product that we are going to price you at very competitively, 
we would think you would want to know that. But there will be 
some people that clearly will opt out and that is fine.
    Mr. Moore. And they have that right if they choose, 
correct?
    Mr. Kallstrom. Absolutely.
    Mr. Moore. All right. Do you have any kind of form, 
simplified notice?
    Mr. Kallstrom. Actually, we had a working group of people 
in the industry and we have come up with some examples of what 
these forms would look like. They have gotten wide 
distribution. I would be happy to attach them to my statement 
and leave them here for the committee. But one form is sort of 
modeled after a food can nutrition label.
    Mr. Moore. Is this such a form?
    Mr. Kallstrom. Yes.
    Mr. Moore. Can you see it? It says ``version K.'' Would 
that be it?
    Mr. Kallstrom. Yes, sir.
    Mr. Moore. Mr. Chairman, I would ask that a copy of this be 
received in the record.
    Mr. LaTourette. Without objection.
    [The following information can be found on page 210 in the 
appendix.]
    Mr. Moore. Thank you.
    Are you aware of any efforts by individual State 
legislatures to change notice requirements? What is your 
opinion about that? Of what consequence is that?
    Mr. Kallstrom. As we sit here today, sir, there 39 States 
considering 154 Gramm-Leach-Bliley-type related bills today. 
There are 46 States considering 234 FCRA-type bills today.
    Mr. Moore. What would be the consequence as far as you are 
concerned for providing credit at a fair price to consumers if 
that were the case?
    Mr. Kallstrom. I think clearly the balkanization of our 
system would have higher prices, higher interest rates. My 
friend from Vermont would be more exercised than he is today 
because things would be much higher. The European Community is 
trying to mimic our system over there, and we are talking about 
balkanizing our system. It would have dramatic negative impacts 
on our economy. I think it would have the most debilitating 
impacts on the lower rung of our economic population, who are 
finding their way into credit, who are getting the credit card, 
opening a small business with a credit card, building a credit 
file. Those segments of zip codes in different areas that in 
prior times were not issued good credit or good offers or 
preapproved offers, where they could pick from one or two 
different offers, they would be the most harmed, without 
question. There are economic studies that clearly point that 
out.
    Mr. Moore. Would it be correct, Mr. Kallstrom, that a 
populated State like California or New York or some other State 
with a large population, by enactment of some of these 
provisions might in effect control what happens in a lot of 
other States?
    Mr. Kallstrom. I think there will be standards, 
congressman, in these areas. The question is, will they be 
standards set here in Washington that benefit the entire 
country, or will they be California standards that become the 
de facto national standard. I think that would be a sad day for 
business and for our economy, and would not help our country, 
would not help the lower quadrant of the FICO-scored people 
that are clawing their way up into the middle class. It would 
have a negative impact on small business and it is not the 
right thing to do for the good of this country.
    Mr. Moore. You say it would hurt the economy. How so?
    Mr. Kallstrom. I think it would have a dramatic impact on 
credit. It would close out that community I talked about. It 
would have an impact on our GNP. It would have an impact on 
consumer spending. Rates would be higher. Clearly, rates would 
be higher and there would be less credit available.
    Mr. Moore. I am concerned about opening up GLB and the 
problems that could present from the standpoint of building 
bipartisan support for FCRA. I am also concerned that my 
constituents could get something far worse if GLB is opened up 
again and something happens there. Do you have any of these 
concerns?
    Mr. Kallstrom. We certainly have concerns. We think, 
though, that when you talk about the whole issue of privacy, 
the majority of people in focus groups talk about identity 
theft. They talk about issues of simplicity of notice. We think 
the way to go here is to give people plain English notice and 
to give them an easy methodology to opt out. If they want to 
restrict the information at businesses, that is what they 
should do. I think by the government doing nothing in that area 
and allowing the States to muck around and balkanize this whole 
area, we are going to end up with national standards, but they 
are not going to be Federal standards. And States are not going 
to spend the money to cookie-cutter a little different version 
of a standard in 50 different States. They are going to go with 
probably the California standard, the most restrictive, and we 
are going to let Sacramento decide what the Federal policy is 
going to be, as opposed to the Federal government.
    Mr. Moore. Thank you, sir.
    Ms. Duncan. I would like to respond.
    Mr. Moore. I would like to hear your response. Mr. 
Chairman, is that okay?
    Mr. LaTourette. Sure.
    Ms. Duncan. From the perspective of opting out, the Gramm-
Leach-Bliley notices only informs people of their rights, but 
for the most part consumers are only allowed to opt out of 
third party sharing. I would be very surprised if what Mr. 
Kallstrom is referring to in being in favor of allowing 
consumers to opt out would be extended to letting them opt out 
of the sharing of their information between affiliates. That is 
something that I think consumers should have more power over, 
the sharing of their personal information. If they share it 
with an entity for one purpose, it should not be able to be 
used unauthorized for other purposes.
    Mr. Moore. Okay. Would you agree, though, with the general 
statement that any solution should help consumers make more 
informed decisions about information sharing and that everyone 
agrees it would be of enormous benefit to provide consumer 
easily digestible privacy notices that include easy opt-out 
procedures. Would you agree with that generally?
    Ms. Duncan. More comprehensible is always better. Easier is 
always better. Meaningful is more important. What I am trying 
to convey is that these notices, the rights are not meaningful 
so the notices are not meaningful because it is not giving 
consumers the ability to opt out of sharing between joint 
marketing partners and affiliates.
    Mr. Kallstrom. They are not meaningful because they are not 
understood.
    Ms. Duncan. And they are not meaningful in that what is 
being conveyed are not true rights, but just a notice of how we 
are going to use your information regardless of whether you 
like it or not.
    Mr. Moore. Have you seen the proposed sample simple notice?
    Ms. Duncan. I have heard about it. I have not seen it yet. 
My concern also is that regardless of simplicity, which is 
important, what is more important is to have the rights be 
meaningful.
    Mr. Moore. If they are following the law, is that 
sufficient? My question is, if they are following the law, is 
that a good thing? And if it is understandable to the consumer?
    Ms. Duncan. The consumers in California have been polled 
and show that they do not believe they are being given enough 
rights under the current law.
    Mr. Moore. That is not the question. The question is, if 
whoever the provider of credit is tells them what the law is 
and tells them what their rights are in an understandable 
fashion, is that something that is good?
    Ms. Duncan. To follow the law is good, yes.
    Mr. Moore. And advise them in simple language what the law 
is and what their rights are, is that good as well?
    Ms. Duncan. Or course. That is certainly always a positive 
thing.
    Mr. Moore. Thank you.
    Mr. LaTourette. I thank the gentleman.
    Mr. Tiberi?
    Mr. Tiberi. Thank you, Mr. Chairman.
    I would like to submit for the record an editorial that was 
in The Hill publication today.
    Mr. LaTourette. Without objection.
    [The following information can be found on page 212 in the 
appendix.]
    Mr. Tiberi. Thank you, Mr. Chairman.
    Mr. Kallstrom, I am going to continue along the lines of 
questioning that Mr. Sanders started and Mr. Moore continued. 
Are you familiar with the legislation that was introduced by 
myself and Mr. Lucas dealing with national uniform privacy 
standards?
    Mr. Kallstrom. I am, sir.
    Mr. Tiberi. Good. You had in answering a question that Mr. 
Sanders had asked you, you started down the road of explaining 
how privacy notices were complicated and confusing to consumers 
under Gramm-Leach-Bliley. You did not finish. Can you expand on 
that?
    Mr. Kallstrom. Yes, I think the Gramm-Leach-Bliley notices, 
because there was not a simple model notice created, the 
lawyers, which they should do to protect everybody, created 
this monster of a notice that virtually nobody can understand. 
Even some lawyers can't understand it. So it is no question 
that there is a lot of consternation. There are a lot of people 
that think these things are created by the companies and on 
purpose so people cannot understand their rights. Nothing could 
be further from the truth. Those notices are created by Gramm-
Leach-Bliley and the regulators getting together and creating 
this five-page notice that is written in type that you can 
barely read.
    So it does not surprise us that people have all this 
consternation about what their rights are. We think one 
solution, a simple solution is to give them a plain English 
version. Not a version, we would always make available the long 
notice so they could if they wanted to get a master's degree in 
law, they could figure out what it means.
    Mr. Tiberi. You mentioned 30 States have legislation 
introduced that deal with this issue.
    Mr. Kallstrom. Thirty-nine States.
    Mr. Tiberi. Thirty-nine States. What happens on this 
particular issue if States begin passing their legislation?
    Mr. Kallstrom. What you end up getting is you get different 
versions of the same thing, with separate notices that say 
basically the same thing, but they are different. We have a 
bill in California now, SB-1, that has a separate notice that 
probably ends up saying virtually the same thing, but it says 
it in California language. The cost of sending out multiple 
notices would be more confusing, not less confusing. So we 
think the solution is to settle on some plain simple language 
on a simple meaningful way of opting out very easy. You call an 
800 number. You fill out this thing, just like changing your 
address, and you opt out. And to her point, we give them real 
choices of what the law is to opt out of. We think that is the 
solution.
    At the same time, make some fixes for identity theft, which 
we talked about for hours all the different things that can be 
done to make that more effective. I think that is what is on 
the minds of consumers.
    Mr. Tiberi. I want to get to identity theft, but before we 
go there expand upon your comments with respect to the current 
relationship between Gramm-Leach-Bliley and FCRA as it applies 
to State laws on affiliate sharing.
    Mr. Kallstrom. Yes, we think that FCRA is the rule on 
affiliate sharing and governs affiliate sharing. Let's 
remember, we created affiliates and we let companies have 
affiliates for a couple of reasons. First reason probably, to 
better manage risk; to get parts of the company, and in our 
company we have five affiliates. One of them is a technology or 
data processing company. We have to share information with them 
or else they could not process the information. So we can look 
at these things and put all those entities that we really deal 
with risk in one place.
    Of course, we created these affiliates so that people with 
good credit, even people with marginal credit, could get better 
offers for other products. That was the whole idea, the idea of 
a rising tide raising all ships in the harbor; that if you did 
business with company X in one particular line, now you needed 
a home equity loan or you needed some other product, they had 
the benefit of having advantages of your ability to manage debt 
and they could take that good record that hopefully you had and 
they could apply it to good costing, good interest rates over 
here so that people could emerge and have success in the 
American dream. It was done for those reasons. It was not done 
for any dastardly reason that people would paint it as today.
    Mr. Tiberi. Final question, each State has a different 
criminal background check system. How, in your mind, does the 
reporting of that information, without a national uniform 
standard, impact your customers and your employees?
    Mr. Kallstrom. Well, it is complicating. I don't mean to 
get involved in 9-11, my other job I have, but this business of 
connecting the dots is always universally more difficult when 
you have stovepipe information, when you have information that 
is not easily accessible or quickly accessible. So for the 
reasons that we can have a good credit system that is national, 
we can therefore have the benefit of it. People have got to 
remember, it was not that long ago you waited five weeks to get 
a mortgage. It wasn't that long ago that if you wanted cash, 
you had to go to your bank and write a check. You didn't go to 
an ATM. There was no such thing. And if you drove from Vermont 
to Florida, that credit didn't necessarily follow you. You had 
to start all over again. So the American public, with all the 
problems we have here, and identity theft is a huge problem, 
but we think it is fixable. With all the problems we have, we 
have the best system in the world.
    Mr. Tiberi. Thank you.
    Ms. Hanson. Could I add a comment on the subject of GLB and 
Mr. Kallstrom's testimony on that?
    Mr. LaTourette. Sure.
    Ms. Hanson. Just generally speaking, all good discussion, 
good ideas. I think everybody is generally in agreement that it 
is a complicated notice, hard to understand for our customers, 
but the FCRA and the issue that is at hand is of such high 
priority to us. I share your concern that introducing another 
subject at this point will just complicate an already 
complicated subject. We are very concerned about that.
    Mr. LaTourette. I thank you.
    Mr. Kallstrom. Let me add, extending FCRA is our number one 
priority, clearly, too, but we would be less than honest if we 
did not talk about a companion issue that is interwoven with 
FCRA. The devil is going to pay its due here in the future if 
we balkanize the other half of the system.
    Mr. LaTourette. Okay. I thank you, Mr. Tiberi, and the six 
of you. I thank you very much.
    Mr. Sanders. Are we letting them off so easily?
    Mr. LaTourette. Well, we have been here a long time, Mr. 
Sanders.
    Mr. Sanders. I know that Mr. Kallstrom wants more 
questions.
    [LAUGHTER]
    Mr. LaTourette. Maybe you and Mr. Kallstrom can talk in the 
hallway a little bit.
    Mr. Sanders. Do you have a few more minutes or do you want 
to close it?
    Mr. LaTourette. I really was going to close it up. If you 
have a couple of questions you want to ask, I am happy to 
yield.
    Mr. Sanders. If you would.
    Mr. LaTourette. Sure.
    Mr. Sanders. Okay.
    Just a few points for the record, picking up on Mr. Moore's 
question, the first point that we have to deal with when we 
talk about preemption and States's rights, we live in a 
Federalist society. We have local government, State government 
and Federal government. In fact, if we really want a very 
simple effective system, we could have a dictator sitting a few 
blocks away from here, wipe out State government, everything 
would be nice and simple. Very few of us want to live in that 
society.
    We live in a society where different States have different 
regulations for how fast you can drive your car and a dozen 
other things. We call that American democracy. That is what we 
call it. Does it cause problems sometimes? Yes, it does. But 
the other side of that is that sometimes somewhere in 
California or in Vermont or in New Hampshire, some attorney 
general or some member of the legislature or some governor 
comes up with a great idea and it works in that State, and 
other States steal that idea and eventually it filters here to 
Washington, D.C. and it becomes the law of the land. Many of my 
conservative friends say that all the time. They say States are 
the laboratories of democracy. My friend is nodding his head in 
agreement.
    So some of us get a little bit confused when our 
conservative friends on Tuesdays or Wednesdays tell us they 
want the big bad Federal government, which they knock on 
Mondays and Fridays as terrible, to limit the ability of States 
to protect consumers. That is one point.
    Second point, just for the record, I think Mr. Kallstrom if 
my memory is correct you indicated that if we have States 
moving in different directions, their interest rates might be 
higher. Did you say that? I think you said that.
    Mr. Kallstrom. I think the impact would be that there would 
be more costs in the system. Clearly, that is the case.
    Mr. Sanders. Well, let me tell you what the case is. As a 
result of the 1996 Fair Credit Reporting Act amendments, they 
exempted stronger consumer protection statutes in California, 
Massachusetts and Vermont from preemption. So we still have 
those laws. What we have seen in those three States is very low 
bankruptcy rates. In fact, Vermont now has the lowest rate of 
consumer bankruptcies in the country. And also in terms of 
mortgage rates, the most recent data indicates that the State 
of California has the lowest effective rate of a conventional 
mortgage in the nation, and Vermont and Massachusetts are well 
below the median. Those are States that have the rights, and 
you were suggesting this would be a terrible thing, but those 
States have done okay.
    The last question that I would ask is you suggested, Mr. 
Kallstrom, that that legalese, and I certainly agree with you 
that you have very complicated language that was developed by 
lawyers, but those were developed by your lawyers, the 
industry's lawyers.
    Mr. Kallstrom. The regulators, sir.
    Mr. Sanders. Well, then you will have to tell me why it is 
that credit unions operating under the same law have much 
simpler language.
    Mr. Kallstrom. I can't answer that question. I don't know 
the answer to that. Logically, I am told, and I stand to be 
corrected, that the bulk of the work was done by lawyers 
representing the seven different regulators. I am sure there 
was input from the industry. Clearly, I am sure there was. The 
bottom line is they are not understandable.
    Mr. Sanders. Right. We certainly agree on that, and to the 
best of my knowledge credit unions operating under the same law 
and the same regulations have easily understood language. You 
might want to look into that, sir.
    Mr. Kallstrom. I will look that up.
    Mr. Sanders. Okay. Thank you.
    Thank you, Mr. Chairman.
    Mr. LaTourette. I thank the gentleman very much. I would 
just editorially comment that some of us on our side sometimes 
wonder why members of your party are champions for the Federal 
government on Monday, Wednesday and Friday and champions for 
States's rights on Tuesday and Thursday.
    [LAUGHTER]
    Mr. Sanders. I am an Independent, so my party is always 
consistent. They always do what I say.
    [LAUGHTER]
    Mr. LaTourette. I thank the gentleman very much.
    The chair would note that some members, like Mr. Sanders or 
others, may have additional questions for the panel which they 
would like to submit in writing. Without objection, the hearing 
record will remain open for 30 days for members to submit 
written questions to these witnesses and to place their 
responses in the record. Again, it has been a lengthy hearing. 
We thank you for your patience and we thank you for your 
participation.
    The hearing is adjourned.
    [Whereupon, at 2:38 p.m., the subcommittee was adjourned.]


                            A P P E N D I X



                             June 24, 2003
[GRAPHIC] [TIFF OMITTED] T2902.001

[GRAPHIC] [TIFF OMITTED] T2902.002

[GRAPHIC] [TIFF OMITTED] T2902.003

[GRAPHIC] [TIFF OMITTED] T2902.004

[GRAPHIC] [TIFF OMITTED] T2902.005

[GRAPHIC] [TIFF OMITTED] T2902.006

[GRAPHIC] [TIFF OMITTED] T2902.007

[GRAPHIC] [TIFF OMITTED] T2902.008

[GRAPHIC] [TIFF OMITTED] T2902.009

[GRAPHIC] [TIFF OMITTED] T2902.010

[GRAPHIC] [TIFF OMITTED] T2902.011

[GRAPHIC] [TIFF OMITTED] T2902.012

[GRAPHIC] [TIFF OMITTED] T2902.013

[GRAPHIC] [TIFF OMITTED] T2902.014

[GRAPHIC] [TIFF OMITTED] T2902.015

[GRAPHIC] [TIFF OMITTED] T2902.016

[GRAPHIC] [TIFF OMITTED] T2902.017

[GRAPHIC] [TIFF OMITTED] T2902.018

[GRAPHIC] [TIFF OMITTED] T2902.019

[GRAPHIC] [TIFF OMITTED] T2902.020

[GRAPHIC] [TIFF OMITTED] T2902.021

[GRAPHIC] [TIFF OMITTED] T2902.022

[GRAPHIC] [TIFF OMITTED] T2902.023

[GRAPHIC] [TIFF OMITTED] T2902.024

[GRAPHIC] [TIFF OMITTED] T2902.025

[GRAPHIC] [TIFF OMITTED] T2902.026

[GRAPHIC] [TIFF OMITTED] T2902.027

[GRAPHIC] [TIFF OMITTED] T2902.028

[GRAPHIC] [TIFF OMITTED] T2902.029

[GRAPHIC] [TIFF OMITTED] T2902.030

[GRAPHIC] [TIFF OMITTED] T2902.031

[GRAPHIC] [TIFF OMITTED] T2902.032

[GRAPHIC] [TIFF OMITTED] T2902.033

[GRAPHIC] [TIFF OMITTED] T2902.034

[GRAPHIC] [TIFF OMITTED] T2902.035

[GRAPHIC] [TIFF OMITTED] T2902.036

[GRAPHIC] [TIFF OMITTED] T2902.037

[GRAPHIC] [TIFF OMITTED] T2902.038

[GRAPHIC] [TIFF OMITTED] T2902.039

[GRAPHIC] [TIFF OMITTED] T2902.040

[GRAPHIC] [TIFF OMITTED] T2902.041

[GRAPHIC] [TIFF OMITTED] T2902.042

[GRAPHIC] [TIFF OMITTED] T2902.043

[GRAPHIC] [TIFF OMITTED] T2902.044

[GRAPHIC] [TIFF OMITTED] T2902.045

[GRAPHIC] [TIFF OMITTED] T2902.046

[GRAPHIC] [TIFF OMITTED] T2902.047

[GRAPHIC] [TIFF OMITTED] T2902.048

[GRAPHIC] [TIFF OMITTED] T2902.049

[GRAPHIC] [TIFF OMITTED] T2902.050

[GRAPHIC] [TIFF OMITTED] T2902.051

[GRAPHIC] [TIFF OMITTED] T2902.052

[GRAPHIC] [TIFF OMITTED] T2902.053

[GRAPHIC] [TIFF OMITTED] T2902.054

[GRAPHIC] [TIFF OMITTED] T2902.055

[GRAPHIC] [TIFF OMITTED] T2902.056

[GRAPHIC] [TIFF OMITTED] T2902.057

[GRAPHIC] [TIFF OMITTED] T2902.058

[GRAPHIC] [TIFF OMITTED] T2902.059

[GRAPHIC] [TIFF OMITTED] T2902.060

[GRAPHIC] [TIFF OMITTED] T2902.061

[GRAPHIC] [TIFF OMITTED] T2902.062

[GRAPHIC] [TIFF OMITTED] T2902.063

[GRAPHIC] [TIFF OMITTED] T2902.064

[GRAPHIC] [TIFF OMITTED] T2902.065

[GRAPHIC] [TIFF OMITTED] T2902.066

[GRAPHIC] [TIFF OMITTED] T2902.067

[GRAPHIC] [TIFF OMITTED] T2902.068

[GRAPHIC] [TIFF OMITTED] T2902.069

[GRAPHIC] [TIFF OMITTED] T2902.070

[GRAPHIC] [TIFF OMITTED] T2902.071

[GRAPHIC] [TIFF OMITTED] T2902.072

[GRAPHIC] [TIFF OMITTED] T2902.073

[GRAPHIC] [TIFF OMITTED] T2902.074

[GRAPHIC] [TIFF OMITTED] T2902.075

[GRAPHIC] [TIFF OMITTED] T2902.076

[GRAPHIC] [TIFF OMITTED] T2902.077

[GRAPHIC] [TIFF OMITTED] T2902.078

[GRAPHIC] [TIFF OMITTED] T2902.079

[GRAPHIC] [TIFF OMITTED] T2902.080

[GRAPHIC] [TIFF OMITTED] T2902.081

[GRAPHIC] [TIFF OMITTED] T2902.082

[GRAPHIC] [TIFF OMITTED] T2902.083

[GRAPHIC] [TIFF OMITTED] T2902.084

[GRAPHIC] [TIFF OMITTED] T2902.085

[GRAPHIC] [TIFF OMITTED] T2902.086

[GRAPHIC] [TIFF OMITTED] T2902.087

[GRAPHIC] [TIFF OMITTED] T2902.088

[GRAPHIC] [TIFF OMITTED] T2902.089

[GRAPHIC] [TIFF OMITTED] T2902.090

[GRAPHIC] [TIFF OMITTED] T2902.091

[GRAPHIC] [TIFF OMITTED] T2902.092

[GRAPHIC] [TIFF OMITTED] T2902.093

[GRAPHIC] [TIFF OMITTED] T2902.094

[GRAPHIC] [TIFF OMITTED] T2902.095

[GRAPHIC] [TIFF OMITTED] T2902.096

[GRAPHIC] [TIFF OMITTED] T2902.097

[GRAPHIC] [TIFF OMITTED] T2902.098

[GRAPHIC] [TIFF OMITTED] T2902.099

[GRAPHIC] [TIFF OMITTED] T2902.100

[GRAPHIC] [TIFF OMITTED] T2902.101

[GRAPHIC] [TIFF OMITTED] T2902.102

[GRAPHIC] [TIFF OMITTED] T2902.103

[GRAPHIC] [TIFF OMITTED] T2902.104

[GRAPHIC] [TIFF OMITTED] T2902.105

[GRAPHIC] [TIFF OMITTED] T2902.106

[GRAPHIC] [TIFF OMITTED] T2902.107

[GRAPHIC] [TIFF OMITTED] T2902.108

[GRAPHIC] [TIFF OMITTED] T2902.109

[GRAPHIC] [TIFF OMITTED] T2902.110

[GRAPHIC] [TIFF OMITTED] T2902.111

[GRAPHIC] [TIFF OMITTED] T2902.112

[GRAPHIC] [TIFF OMITTED] T2902.113

[GRAPHIC] [TIFF OMITTED] T2902.114

[GRAPHIC] [TIFF OMITTED] T2902.115

[GRAPHIC] [TIFF OMITTED] T2902.116

[GRAPHIC] [TIFF OMITTED] T2902.117

[GRAPHIC] [TIFF OMITTED] T2902.118

[GRAPHIC] [TIFF OMITTED] T2902.119

[GRAPHIC] [TIFF OMITTED] T2902.120

[GRAPHIC] [TIFF OMITTED] T2902.121

[GRAPHIC] [TIFF OMITTED] T2902.122

[GRAPHIC] [TIFF OMITTED] T2902.123

[GRAPHIC] [TIFF OMITTED] T2902.124

[GRAPHIC] [TIFF OMITTED] T2902.125

[GRAPHIC] [TIFF OMITTED] T2902.126

[GRAPHIC] [TIFF OMITTED] T2902.127

[GRAPHIC] [TIFF OMITTED] T2902.128

[GRAPHIC] [TIFF OMITTED] T2902.129

[GRAPHIC] [TIFF OMITTED] T2902.130

[GRAPHIC] [TIFF OMITTED] T2902.131

[GRAPHIC] [TIFF OMITTED] T2902.132

[GRAPHIC] [TIFF OMITTED] T2902.133

[GRAPHIC] [TIFF OMITTED] T2902.134

[GRAPHIC] [TIFF OMITTED] T2902.135

[GRAPHIC] [TIFF OMITTED] T2902.136

[GRAPHIC] [TIFF OMITTED] T2902.137

[GRAPHIC] [TIFF OMITTED] T2902.138

[GRAPHIC] [TIFF OMITTED] T2902.139

[GRAPHIC] [TIFF OMITTED] T2902.140

[GRAPHIC] [TIFF OMITTED] T2902.141

[GRAPHIC] [TIFF OMITTED] T2902.142

[GRAPHIC] [TIFF OMITTED] T2902.143

[GRAPHIC] [TIFF OMITTED] T2902.144

[GRAPHIC] [TIFF OMITTED] T2902.145

[GRAPHIC] [TIFF OMITTED] T2902.146

[GRAPHIC] [TIFF OMITTED] T2902.147

[GRAPHIC] [TIFF OMITTED] T2902.148

[GRAPHIC] [TIFF OMITTED] T2902.149

[GRAPHIC] [TIFF OMITTED] T2902.150

[GRAPHIC] [TIFF OMITTED] T2902.151

[GRAPHIC] [TIFF OMITTED] T2902.152

[GRAPHIC] [TIFF OMITTED] T2902.153

[GRAPHIC] [TIFF OMITTED] T2902.154

[GRAPHIC] [TIFF OMITTED] T2902.155

[GRAPHIC] [TIFF OMITTED] T2902.156

[GRAPHIC] [TIFF OMITTED] T2902.157

[GRAPHIC] [TIFF OMITTED] T2902.158

[GRAPHIC] [TIFF OMITTED] T2902.159

