- THE FAIR CREDIT REPORTING ACT AND ISSUES PRESENTED BY REAUTHORIZATION OF THE EXPIRING PREEMPTION PROVISIONS

[Senate Hearing 108-579]
[From the U.S. Government Publishing Office]

S. Hrg. 108-579

THE FAIR CREDIT REPORTING ACT AND
ISSUES PRESENTED BY REAUTHORIZATION
OF THE EXPIRING PREEMPTION PROVISIONS

=======================================================================

HEARINGS

before the

COMMITTEE ON
BANKING,HOUSING,AND URBAN AFFAIRS
UNITED STATES SENATE

ONE HUNDRED EIGHTH CONGRESS

FIRST SESSION

THE HISTORY, PURPOSE, AND FUNCTION OF THE FAIR CREDIT
REPORTING ACT AND PROVISIONS SUBJECT TO THE EXPIRING PREEMPTION
PROVISIONS SPECIFICALLY; THE GROWING PROBLEM OF IDENTITY THEFT;
AFFILIATE SHARING PRACTICES; ACCURACY OF CREDIT REPORT INFORMATION;
CONSUMER AWARENESS AND UNDERSTANDING THE CREDIT GRANTING PROCESS AND
ADDRESSING MEASURES TO ENHANCE THE ACT

----------

MAY 20, JUNE 19, 26, JULY 10, 29, AND 31, 2003

----------

Printed for the use of the Committee on Banking, Housing, and Urban
Affairs

S. Hrg. 108-579

THE FAIR CREDIT REPORTING ACT AND
ISSUES PRESENTED BY REAUTHORIZATION
OF THE EXPIRING PREEMPTION PROVISIONS

=======================================================================

HEARINGS

before the

COMMITTEE ON
BANKING,HOUSING,AND URBAN AFFAIRS
UNITED STATES SENATE

ONE HUNDRED EIGHTH CONGRESS

FIRST SESSION

__________

MAY 20, JUNE 19, 26, JULY 10, 29, AND 31, 2003

__________

Printed for the use of the Committee on Banking, Housing, and Urban
Affairs

U.S. GOVERNMENT PRINTING OFFICE
95-254 WASHINGTON : DC
____________________________________________________________________________
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; (202) 512�091800
Fax: (202) 512�092250 Mail: Stop SSOP, Washington, DC 20402�090001

COMMITTEE ON BANKING, HOUSING, AND URBAN AFFAIRS

RICHARD C. SHELBY, Alabama, Chairman

ROBERT F. BENNETT, Utah PAUL S. SARBANES, Maryland
WAYNE ALLARD, Colorado CHRISTOPHER J. DODD, Connecticut
MICHAEL B. ENZI, Wyoming TIM JOHNSON, South Dakota
CHUCK HAGEL, Nebraska JACK REED, Rhode Island
RICK SANTORUM, Pennsylvania CHARLES E. SCHUMER, New York
JIM BUNNING, Kentucky EVAN BAYH, Indiana
MIKE CRAPO, Idaho ZELL MILLER, Georgia
JOHN E. SUNUNU, New Hampshire THOMAS R. CARPER, Delaware
ELIZABETH DOLE, North Carolina DEBBIE STABENOW, Michigan
LINCOLN D. CHAFEE, Rhode Island JON S. CORZINE, New Jersey

Kathleen L. Casey, Staff Director and Counsel

Steven B. Harris, Democratic Staff Director and Chief Counsel

Peggy R. Kuhn, Senior Financial Economist

Mark A. Calabria, Senior Professional Staff

Dean V. Shahinian, Democratic Counsel

Lynsey N. Graham, Democratic Counsel

Joseph R. Kolinski, Chief Clerk and Computer Systems Administrator

George E. Whittle, Editor

(ii)

C O N T E N T S

----------

TUESDAY, MAY 20, 2003

Page

Opening statement of Chairman Shelby............................. 1

Opening statements, comments, or prepared statements of:
Senator Crapo................................................ 2
Senator Dole................................................. 7
Prepared statement....................................... 44
Senator Carper............................................... 10
Senator Johnson.............................................. 13
Prepared statement....................................... 44
Senator Bunning.............................................. 15
Prepared statement....................................... 45
Senator Sarbanes............................................. 17
Senator Bennett.............................................. 19
Senator Miller............................................... 22
Senator Dodd................................................. 22
Senator Stabenow............................................. 25
Prepared statement....................................... 46
Senator Schumer.............................................. 34

WITNESSES

J. Howard Beales, III, Director, Bureau of Consumer Protection,
U.S. Federal Trade Commission, Washington, DC.................. 3
Prepared statement........................................... 46
Response to written questions of:
Senator Crapo............................................ 59
Senator Sarbanes......................................... 61
Senator Bennett.......................................... 65
Senator Miller........................................... 67

----------

THURSDAY, JUNE 19, 2003

Opening statement of Chairman Shelby............................. 69

Opening statements, comments, or prepared statements of:
Senator Johnson.............................................. 70
Senator Dole................................................. 71
Senator Corzine.............................................. 72
Senator Crapo................................................ 73
Senator Dodd................................................. 74
Senator Allard............................................... 76
Senator Schumer.............................................. 77
Senator Bunning.............................................. 78
Senator Sarbanes............................................. 79
Senator Bennett.............................................. 80
Senator Miller............................................... 81
Senator Enzi................................................. 125

WITNESSES

J. Howard Beales, III, Director, Bureau of Consumer Protection,
U.S. Federal
Trade Commission, Washington, DC............................... 81
Prepared statement........................................... 125
Response to written questions of:
Senator Dole............................................. 207
Senator Miller........................................... 207
Timothy Caddigan, Special Agent in Charge, Criminal Investigative
Division, U.S. Secret Service.................................. 83
Prepared statement........................................... 133
Response to written question of Senator Miller............... 207
Michael D. Cunningham, Senior Vice President, Credit and Fraud
Operations, Chase Cardmembers Services......................... 99
Prepared statement........................................... 138
Response to written questions of:
Senator Dole............................................. 208
Senator Miller........................................... 208
John M. Harrison, Captain, U.S. Army (Retired), Rocky Hill,
Connecticut.................................................... 101
Prepared statement........................................... 157
Respsonse to written questions of:
Senator Dole............................................. 208
Senator Miller........................................... 210
Stuart K. Pratt, President and Chief Executive Officer, Consumer
Data Industry Association...................................... 104
Prepared statement........................................... 160
Linda Foley, Executive Director, Identity Theft Resource Center.. 108
Prepared statement........................................... 171
Response to written question of Senator Miller............... 211
William Hough, Vice President of Credit Services, The Neiman
Marcus
Group, on behalf of the National Retail Federation............. 111
Prepared statement........................................... 187
Response to written question of Senator Miller............... 214
Michael W. Naylor, Director of Advocacy, AARP.................... 113
Prepared statement........................................... 189
Response to written question of Senator Miller............... 214

----------

THURSDAY, JUNE 26, 2003

Opening statement of Chairman Shelby............................. 217

Opening statements, comments, or prepared statements of:
Senator Johnson.............................................. 218
Senator Bennett.............................................. 219
Senator Sarbanes............................................. 220
Senator Allard............................................... 221
Senator Carper............................................... 222
Senator Dole................................................. 222
Senator Bunning.............................................. 247

WITNESSES

Joel R. Reidenberg, Professor of Law, Fordham University School
of Law......................................................... 223
Prepared statement........................................... 247
Ronald A. Prill, former President, Target Financial Services, on
behalf of
the National Retail Federation................................. 227
Prepared statement........................................... 256
Terry Baloun, Regional President and Group Head, Wells Fargo Bank 229
Prepared statement........................................... 260
Response to written questions of:
Senator Shelby........................................... 314
Senator Bunning.......................................... 317
Senator Sarbanes......................................... 319
Senator Dole............................................. 321
Senator Johnson.......................................... 322
Julie Brill, Assistant Attorney General, the State of Vermont.... 230
Prepared statement........................................... 263
Martin Wong, General Counsel, Global Consumer Group, Citigroup... 233
Prepared statement........................................... 291
Response to written question of:
Senator Shelby........................................... 326
Senator Bunning.......................................... 331
Senator Johnson.......................................... 334
Senator Dole............................................. 338
Edmund Mierzwinski, Consumer Program Director, U.S. Public
Interest
Research Group................................................. 235
Prepared statement........................................... 294
Angela L. Maynard, Chief Privacy Executive and Counsel, KeyCorp,
on behalf
of the Financial Services Roundtable........................... 237
Prepared statement........................................... 308

Additional Material Supplied for the Record

Letter to Chairman Shelby and Ranking Member Sarbanes from Chris
Jay Hoofnagle, Deputy Counsel, Electronic Privacy Information
Center, dated June 24, 2003.................................... 340

----------

THURSDAY, JULY 10, 2003

Opening statement of Chairman Shelby............................. 349
Prepared statement........................................... 399

Opening statements, comments, or prepared statements of:
Senator Sarbanes............................................. 350
Senator Dole................................................. 352
Senator Johnson.............................................. 352
Senator Enzi................................................. 353
Senator Carper............................................... 355
Senator Bennett.............................................. 355
Senator Dodd................................................. 357
Prepared statement....................................... 402
Senator Crapo................................................ 358
Senator Stabenow............................................. 358
Prepared statement....................................... 402
Senator Allard............................................... 359
Prepared statement....................................... 403
Senator Corzine.............................................. 360
Senator Schumer.............................................. 360

WITNESSES

Timothy J. Muris, Chairman, U.S. Federal Trade Commission........ 361
Prepared statement........................................... 404
Response to written questions of Senator Sununu.............. 506
Stephen Brobeck, Executive Director, Consumer Federation of
America........................................................ 381
Prepared statement........................................... 422
Stuart K. Pratt, President and CEO, Consumer Data Industry
Association.................................................... 383
Prepared statement........................................... 437
Richard F. LeFabvre, President and CEO, AAA American Credit
Bureau, Inc.................................................... 385
Prepared statement........................................... 459
David A. Jokinen, Sugar Land, Texas.............................. 387
Prepared statement........................................... 477
Evan Hendricks, Editor and Publisher, Privacy Times.............. 390
Prepared statement........................................... 481

Additional Material Supplied for the Record

Letter to David A. Jokinen from the Social Security
Administration................................................. 507

----------

TUESDAY, JULY 29, 2003

Opening statement of Chairman Shelby............................. 509

Opening statements, comments, or prepared statements of:
Senator Sarbanes............................................. 510
Senator Bennett.............................................. 511
Senator Stabenow............................................. 512
Senator Enzi................................................. 512
Prepared statement....................................... 549
Senator Miller............................................... 532
Senator Allard............................................... 539
Prepared statement....................................... 549

WITNESSES

Dolores S. Smith, Director, Division of Consumer and Community
Affairs,
Board of Governors of the Federal Reserve System............... 514
Prepared statement........................................... 549
Response to written question of Senator Sarbanes............. 585
Donna Gambrell, Deputy Director for Compliance and Consumer
Protection,
Division of Supervision and Consumer Protection, Federal
Deposit
Insurance Corporation.......................................... 515
Prepared statement........................................... 554
Joel Winston, Associate Director, Financial Practices Division,
Bureau of Consumer Protection, U.S. Federal Trade Commission... 517
Prepared statement........................................... 558
Travis B. Plunkett, Legislative Director, Consumer Federation of
America........................................................ 518
Prepared statement........................................... 560
Stacey D. Stewart, President and Chief Executive Officer, Fannie
Mae
Foundation..................................................... 520
Cheri St. John, Vice President of Global Scoring Solutions, Fair
Isaac
Corporation.................................................... 522
Prepared statement........................................... 566
Scott Hildebrand, Vice President, Direct Marketing Services,
Capital One Financial Corporation.............................. 524
Prepared statement........................................... 579

----------

THURSDAY, JULY 31, 2003

Page

Opening statement of Chairman Shelby............................. 587

Opening statements, comments, or prepared statements of:
Senator Sarbanes............................................. 592
Senator Bennett.............................................. 594
Senator Johnson.............................................. 596
Senator Crapo................................................ 597
Senator Carper............................................... 599
Senator Dole................................................. 601
Prepared statement....................................... 627
Senator Corzine.............................................. 602
Senator Bunning.............................................. 603

WITNESSES

John W. Snow, Secretary, U.S. Department of the Treasury......... 588
Prepared statement........................................... 627
Response written questions of Senator Dole................... 653
Michael F. McEneney, Partner, Sidley Austin Brown & Wood LLP; on
behalf
of the U.S. Chamber of Commerce................................ 611
Prepared statement........................................... 630
Edmund Mierzwinski, Consumer Program Director, U.S. Public
Interest
Research Group; on behalf of: ACORN, Center for Community
Change, Consumer Action, Consumer Federation of America,
Consumers Union, Electronic Privacy Information Center,
Identity Theft Resource Center, Privacy Rights Clearinghouse,
Privacy Times, and U.S. Public Interest Research Group....... 614
Prepared statement........................................... 634

Additional Material Supplied for the Record

Letter from Senator Jim Bunning to John W. Snow, Secretary, U.S.
Department of the Treasury, dated August 6, 2003............... 654
Consumer Credit: Limited Information Exists on Extent of Credit
Report Errors and Their Implications for Consumers, by Richard
J. Hillman, Director, Financial Markets and Community
Investment, U.S. General Accounting Office..................... 655
The Development and Regulation of Consumer Credit Reporting in
America by Robert M. Hunt, Senior Economist, Federal Reserve
Bank of Philadelphia, dated November 2002...................... 675

THE FAIR CREDIT REPORTING ACT AND
ISSUES PRESENTED BY REAUTHORIZATION
OF THE EXPIRING PREEMPTION PROVISIONS

----------

TUESDAY, MAY 20, 2003

U.S. Senate,
Committee on Banking, Housing, and Urban Affairs,
Washington, DC.

The Committee met at 2 p.m., in room SD-538 of the Dirksen
Senate Office Building, Senator Richard C. Shelby (Chairman of
the Committee) presiding.

OPENING STATEMENT OF CHAIRMAN RICHARD C. SHELBY

Chairman Shelby. The Committee will come to order.
I would just like to thank everyone for being here today.
At the end of this year, the State law preemption provisions of
the Fair Credit Reporting Act expire. This Committee has the
responsibility of reviewing these provisions and making a
determination as to whether they should be extended, altered,
or be allowed to lapse.
The task before us is no small endeavor.
The preemption provisions are a part of a much larger,
highly complex law, a law that governs crucial aspects of the
consumer credit system. This national system is huge, involving
trillions of dollars and millions of people, and is at the
heart of the economic well-being of this country.
This system is also fundamentally dependent on the
collection and dissemination of data that involves some of our
most sensitive personal information.
We do want to point out, however, that balancing these
various interests is not a new challenge for Congress. At
enactment, when it was significantly amended in 1996, and now,
the calculus behind the FCRA has always required consideration
of the broad issues relating to the operation of the credit
markets and consumer privacy.
The statement of purpose of the Act bears this point out.
It highlights the banking system's dependence upon fair and
accurate credit reporting, the vital function consumer
reporting agencies perform in supplying this information, and
the need to ensure that reporting agencies exercise the grave
responsibilities with fairness, impartiality, and respect for
the consumer's right to privacy.
As we review the expiring preemption provisions of the law,
it is my hope that the provisions are considered in the context
of the law's purpose.
To this end, we have already held numerous staff briefings
covering many of the key topics associated with the Fair Credit

Reporting Act. Additionally, and more importantly, while
working within the limited timeframe we have available, it is
my intention to develop a comprehensive hearing record to
inform the Committee's debate.
We are now moving to the hearing phase and are beginning at
what I feel is the best point of departure--consideration of
the fundamental issue implicated in the debate--operation of
the consumer credit system and the Fair Credit Reporting Act's
role in that system.
We do this by first hearing from the Federal Trade
Commission, the Agency with the most responsibility for
enforcement of the Fair Credit Reporting Act. Our first witness
is Howard Beales, Director of the Federal Trade Commission's
Division of Consumer Affairs. From Mr. Beales, we should obtain
more information about the history, the purpose, and function
of this important law. I look forward to his testimony.
As we move forward, I plan to use these hearings to provide
content that will enable the Committee to focus its
consideration on the discrete issues and particular
applications of the law.
It is my hope and intent that, at the end of this process,
we will have obtained a full sense of the value of our national
system and we will be able to balance the various issues
presented by contemporary information use practices.
Our overarching goal should then be to ensure that the law
produces the most effective, efficient, balanced and fair
system that is achievable.
Senator Crapo.

STATEMENT OF SENATOR MIKE CRAPO

Senator Crapo. Thank you very much, Mr. Chairman. I
appreciate your comments and share them, and I appreciate the
attention you are giving to this critical issue.
As you indicated, we have a short timeframe within which to
address the reauthorization of the Fair Credit Reporting Act's
preemption authority. And I believe that there is an
increasingly strong consensus in terms of that need.
The other issues that surround this issue as well are those
which we need to have a solid record developed on and which I
appreciate your encouragement and support in developing that
record.
I intend to work with you and the other Members who are
interested in this issue to prepare solutions to those issues,
such as the privacy issues, the identity theft issues, and
other related issues that are involved, not only in FCRA, but
also in the application of the Gramm-Leach-Bliley legislation
and our entire approach to how credit and the information
surrounding credit is basically collected and utilized in our
society.
We want to make sure that the protections are in place to
protect privacy, but at the same time, we want to make sure
that our system of credit in the United States, which has been
such a strength to our economy and to our people, is not
interfered with.
And I think that that task is one that is achievable and I
look forward to working with you on it.
Thank you.
Chairman Shelby. I just want to make an announcement.
Concurrent with this hearing today, when we get a quorum,
the Committee will conduct a vote on a lot of nominations:
Nicholas Gregory Mankiw, of Massachusetts, to be a Member of
the Council of Economic Advisors, the Executive Office of the
President; Steven B. Nesmith, of Pennsylvania, to be Assistant
Secretary for Congressional and Intergovernmental Relations,
U.S. Department of Housing and Urban Development; Jose Teran,
of Florida, to be a Member of the Board of Directors, the
National Institute of Building Sciences; James Broaddus, of
Texas, to be a Member of the Board of Directors, the National
Institute of Building Sciences; Lane Carson, of Louisiana, to
be a Member of the Board of Directors of the National Institute
of Building Sciences; and Morgan Edwards, of North Carolina, to
be a Member of the Board of Directors of the National Institute
of Building Sciences.
I just wanted to make that announcement at the beginning.
Mr. Beales, we welcome you to the Committee. Your written
statement in its entirety has been reviewed and it will be made
part of the Senate Banking Committee's record.
You proceed as you wish. As I told you, we are going to get
a vote on the floor about 2:20 p.m., or whenever we get it, and
I will recess the Committee for the vote at the proper time.
You proceed as you wish.

STATEMENT OF J. HOWARD BEALES, III
DIRECTOR, BUREAU OF CONSUMER PROTECTION
U.S. FEDERAL TRADE COMMISSION

Mr. Beales. Thank you very much, Mr. Chairman and Members
of the Committee. I am pleased to have this opportunity to
provide background on the Fair Credit Reporting Act.
Although the views expressed in the written statement
represent the views of the Commission, my oral presentation and
my responses to questions are my own and do not necessarily
reflect the views of the Commission or any individual
Commissioner. The Commission has played a central role in
interpreting and enforcing the FCRA since the law was enacted
in 1970. I really appreciate the opportunity to discuss the Act
and its role in regulating credit report information.
After World War II, the American population grew and became
vastly more mobile. A national consumer reporting system
developed in response to this new mobility. Since that time,
consumer credit outstanding has grown exponentially. Indeed,
consumer spending accounts for over two-thirds of U.S. gross
domestic product and consumer credit markets drive U.S.
economic growth.
Early on, credit reporting was local or regional and, the
amount of information collected was limited and not
standardized. The credit bureaus, also known as consumer
reporting agencies, manually recorded consumer information on
index cards, updated the information irregularly, and often
retained it indefinitely. Over time, however, small credit
bureaus grew to become large repositories of consumer
information, relying on sophisticated computer systems to
store, process and transit large amounts of data.
Today, the credit reporting system, consists primarily of
three nationwide credit bureau repositories, containing data on
as many as 1.5 billion credit accounts held by approximately
190 million
individuals. Creditors and other so-called furnishers provide
information to credit bureaus voluntarily. There is no direct
payment to furnishers for providing this data, but the
cooperative database enables credit grantors to make more
expeditious and accurate credit decisions. Quick credit
decisions are important to many consumers who are in the market
for new credit. A recent Federal Reserve Board study found that
one in five active credit accounts was opened within the last
year.
Because of the national credit reporting system we have,
the credit application process has evolved from a relatively
time-consuming individualized procedure that relied on loan
officers' case-by-case estimates, to a more sophisticated and
partial system that relies on consistent assessment of credit
history information.
Because of the prevalence of credit reports, consumers
today can use the Internet to comparison-shop for a wide array
of credit products and get a virtually instantaneous offer. Or
they can get a five-figure loan from a car dealer they have
never seen before and drive a car out of the showroom the same
day.
Let me briefly review some of the key elements of the FCRA
as it stands today, 33 years after its original passage.
It is important to keep in mind that notwithstanding its
title, the Fair Credit Reporting Act has always covered more
than what are conventionally termed ``credit reports.'' It
applies to any information that is collected and used for the
purpose of evaluating consumers' eligibility for products and
services they want. Thus, the FCRA has always applied to
insurance, employment, and other noncredit consumer
transactions. My focus today will be on credit reporting, but
the same basic regulatory structure applies to all consumer
reports.
The FCRA provides consumer protections in two vital areas--
privacy and accuracy. The Act is designed to protect privacy in
a number of ways. Primarily, it limits distribution of credit
reports to those with specific ``permissible purposes.''
Generally, reports may be provided for the purposes of making
decisions involving credit, insurance, or employment, and
certain other consumer-initiated transactions.
Also, Congress has given consumers the right to opt out of
the use of their credit information for prescreening and opt
out of the sharing of certain information, including credit
reports among affiliated companies.
In addition to privacy, credit report accuracy is a core
goal of the FCRA. Accurate reports benefit not only consumers,
but also credit grantors who need accurate information to make
optimal decisions.
The FCRA uses two major avenues to achieve the goal of
optimal accuracy. First, it provides that the consumer
reporting agencies must follow ``reasonable procedures to
assure maximum possible accuracy of the information'' they
report. Second, the FCRA gives consumers the right to know what
information the credit bureau maintains on them and the right
to dispute errors, facilitated by the Act's adverse action
notice requirements. Since 1970, the FCRA has required that
when credit is denied based, even in part, on a consumer
report, the creditor must notify the consumer of the identity
of the credit bureau from which the report was obtained, of the
right to obtain a free copy of the report, and the right to
dispute the accuracy of the information in the report.
A consumer can initiate a dispute by notifying a credit
bureau of incomplete or inaccurate information in his or her
credit report. The credit bureau and creditor who furnished the
information must reinvestigate the dispute, generally within 30
days, record the current status of the information and delete
it if it is found to be inaccurate or unverifiable. The credit
bureau must report the results of the investigation to the
consumer.
The self-help mechanism embodied in the FCRA's scheme of
adverse action notices and the right to dispute is a critical
component in the effort to maximize the accuracy of consumer
reports, and the Commission has given high priority to assuring
compliance with these provisions.
Let me briefly discuss the Commission's efforts to
administer and
enforce the FCRA since 1970. When Congress first passed the
Act, it provided that the Commission would be the principal
agency to enforce the statute.
The Commission brought a number of formal actions to
enforce the FCRA, including cases to assure compliance with the
adverse action notice requirements on the part of creditors and
employers, to assure compliance with privacy and accuracy
requirements by the major nationwide credit bureaus, and to
assure compliance by resellers of consumer reports, which are
agencies that purchase consumer reports from the major bureaus
and then resell them.
The Commission's enforcement efforts since 1996 have
focused on the new requirements added by the amendments in that
year. For example, the Commission settled cases against the
three major repositories charging that they failed to have
adequate personnel available to answer FCRA-mandated toll-free
telephone numbers. The Commission has also settled cases
against furnishers of information to consumer reporting
agencies alleging that they falsely reported delinquency dates,
causing adverse information to remain on credit reports past
the 7-year limit provided by the Act.
Recently, the Commission settled an action against an
Internet mortgage lender that failed to give adverse action
notices to consumers who did not qualify for online pre-
approval because of information in their credit reports.
The Commission is also engaged in extensive consumer and
business education, including the Commission's 1990 commentary
on the FCRA. After the 1996 Amendments, our informal guidance
expanded to meet the interpretive needs that were prompted by
the amendments. We are now focused on a revision of the 1990
commentary which has been rendered partly obsolete by the
passage of time and the amendments. The Commission will
continue to use a combination of education initiatives and
vigorous enforcement to foster compliance with the FCRA.
We see several ongoing developments in the consumer
reporting marketplace that may have significant impact on
consumers. First, more types of businesses are using credit
reports to make decisions in consumer transactions. For
example, telephone service providers routinely use consumer
reports to make decisions on whether to provide service and
what deposit requirements, if any, to impose. Insurance
companies are increasingly using the information from
consumers' credit histories when underwriting homeowners and
auto insurance policies.
Second, we are seeing new types of consumer credit
providers and products in the marketplace. For example, the
growing use of prescreened offers for the marketing of credit
cards has led to the development of credit card banks that rely
almost entirely on prescreening to sell their cards.
Prescreening has also led to the widespread availability of
credit cards with no annual fee and other attractive benefits,
and has enhanced competition.
Third, businesses increasingly are using consumer reports
to undertake risk-based pricing of products or services. Many
creditors and other businesses no longer merely approve or deny
applications, but, rather, they use credit report data to
finely calibrate the terms of their offer. Consumers benefit
from the more efficient consumer credit market that is made
possible by these developments.
Any reference to the consumer reporting system should
recognize the problem of identity theft. The range, accuracy,
and timeliness of information in consumer reporting data bases
makes them unique resources. They are, therefore,
simultaneously a target for identity thieves and a valuable
resources for combatting identity theft. Identity theft
threatens the fair and efficient functioning of consumer credit
markets by undermining the accuracy and credibility of the
information flow that supports these markets.
As I recently detailed before the House Financial Services
Committee, the Commission is working actively to combat
identity theft in a number of areas. We will continue to
explore avenues for combatting identity theft and assisting
victims.
In conclusion, the 33 years since passage of the Act have
fully demonstrated the wisdom of Congress in enacting the FCRA.
The FCRA makes possible the vitality of modern consumer
credit markets. The consumer reporting industry, furnishers,
and users can all rely on the uniform framework of the FCRA in
what has become a complex, nationwide business of making
consumer credit available to a diverse and mobile American
public.
The 1970 Act, along with the 1996 Amendments, provided a
carefully balanced framework, making possible the benefits that
result from the free, fair, and accurate flow of consumer data.
All of these benefits depend on the consumer reporting system
functioning as intended. That is why the FTC continues to
emphasize the importance of educating consumers and businesses,
and of enforcing the law to assure compliance by all who have a
role in making the system work.
Thank you for this opportunity to present the Commission's
views, and I would be happy to respond to your questions.
Chairman Shelby. Thank you. I believe at this point would
be a good time--Senator Dole, we are having a vote at 2:20
p.m., unless it has been vitiated.
Does anybody know? It hasn't hit yet.
[Pause.]
I believe I will recess the hearing--Senator Dole, do you
have an opening statement or any comments?

COMMENTS OF SENATOR ELIZABETH DOLE

Senator Dole. No. In the interest of time, I will submit my
statement for the record.
Chairman Shelby. It will be made a part of the record in
its entirety.
Senator Dole. But I welcome you. As a former Member of the
Federal Trade Commission, I am delighted to have your testimony
today and look forward to the questions.
Chairman Shelby. Thank you, Senator Dole. Your opening
statement will be made a part of the record.
Senator Dole. Thank you, Mr. Chairman.
Chairman Shelby. We will recess the Committee until we get
back from the vote.
[Recess.]
Chairman Shelby. The Committee will come to order.
Mr. Beales, starting at the most basic level, just for the
record--this is our first hearing regarding the Fair Credit
Reporting Act, as you know--I want to establish for the record
what is covered by the Fair Credit Reporting Act.
The law identifies certain kinds of personal information
and it establishes how and by whom such information can be
collected, transferred, and used.
Is that correct?
Mr. Beales. Yes, sir.
Chairman Shelby. What would be an example of the kind of
information that is covered under the statutory scheme?
Mr. Beales. It could be any information if it bears on
eligibility for credit or employment. That is the basic
definitional constraint.
Chairman Shelby. Give us an example.
Mr. Beales. The typical example is how well you repay your
bills, so your repayment history.
Chairman Shelby. Sure. It certainly does has probative
value, doesn't it?
Mr. Beales. It certainly does. It is ultimately what the
creditor is interested in.
Chairman Shelby. Right. And should be.
Mr. Beales. Right. It may also include, and typically does,
public record information, like mortgages and liens against
your property.
Chairman Shelby. Tax liens, if any.
Mr. Beales. Tax liens, any other kind of information,
bankruptcy information.
Chairman Shelby. Lawsuits?
Mr. Beales. Lawsuits that may be picked up from public
records, yes, any of that might be there.
Chairman Shelby. The law restricts, as I understand it, who
can access and use the contents of a consumer report. In other
words, not just anyone can use it for any reason.
Could you elaborate on that, about how use of such
information or report is restricted, for the record?
Mr. Beales. The fundamental restriction is that you have to
have a permissible purpose under the statute to access the
report.
Chairman Shelby. Is permissible purpose defined in the
statute?
Mr. Beales. There is a definition. A permissible purpose
would be to assess your eligibility for credit.
Chairman Shelby. Okay.
Mr. Beales. Or for insurance purposes. Or for employment.
Probably the broadest of the permissible purposes is in
connection with a business transaction initiated by the
consumer.
Any of those would be permissible purposes under the
statute.
Chairman Shelby. Not a fishing expedition.
Mr. Beales. Not a fishing expedition. Not idle curiosity.
Chairman Shelby. That is prohibited, is it not?
Mr. Beales. That is prohibited. From the beginning, it has
been prohibited for a credit reporting agency to provide
information to somebody without a permissible purpose.
The 1996 Amendments also prohibited obtaining, the act of
obtaining a report without a permissible purpose.
Chairman Shelby. So that begs the question--why do you
think access to credit reports was limited to those with
permissible purposes?
Mr. Beales. I think this is sensitive information.
Chairman Shelby. Sensitive information. Basically, private
information.
Mr. Beales. Basically, private information. And in order to
protect the consumer's privacy interests, and to balance the
consumer's privacy interests against the legitimate needs of
creditors in trying to assess whether or not to grant credit,
Congress made the decision to enumerate the kinds of purposes
for which this was a worthwhile use and an acceptable invasion
of privacy, and eliminate the kinds of uses where there is less
benefit, but the same invasion of privacy.
Chairman Shelby. Is target marketing generally considered a
permissible use?
And if so, why?
Mr. Beales. The only circumstance in which target marketing
is a permissible use is prescreened offers of credit or
insurance.
Other than that, target marketing is not a permissible use.
Chairman Shelby. The structure of the Fair Credit Reporting
Act reflects decisions of earlier Congresses what weighed and
balanced--tried to balance--various factors, such as privacy,
accuracy, and commercial need for credit information.
Could you revisit the portions of your testimony where you
identified these considerations and discuss them just for the
record a bit further?
Privacy, accuracy, and the commercial need for credit
information.
Mr. Beales. The fundamental restriction to protect privacy
is to restrict the use of information to people who have a
permissible purpose. Without a permissible purpose, you cannot
get access to information in credit reports because of the
concern about privacy.
To preserve accuracy of the information, the Act has two
basic provisions, two basic mechanisms. One that requires the
credit reporting agency to use reasonable procedures to assure
maximum possible accuracy.
And two, and maybe more important, it has a notification
mechanism to consumers. If an adverse decision is based on
information in a credit report, the consumer, who is in the
best position to know whether that information is accurate or
not, is given a notice and is given the opportunity to get
access to their report in order to determine whether or not
there are errors that need to be corrected.
Chairman Shelby. In your written testimony, you cite a 1996
D.C. Circuit Court case where the court held that a major
purpose of the Fair Credit Reporting Act, and I will quote:
``Is the privacy of a consumer's credit-related data.''
Do you believe that this is an accurate characterization?
Is privacy a critical concern underlying the Fair Credit
Reporting Act?
Mr. Beales. Absolutely.
Chairman Shelby. Okay.
Mr. Beales. To balance the privacy interests against the
legitimate needs for credit reporting and to assure that the
information is accurate.
Chairman Shelby. In your written testimony, you point out
that the 1996 Amendments that you alluded to earlier permitted
greater sharing of consumer report information by affiliated
companies.
To what degree was information-sharing occurring before the
amendments were passed? And why were the 1996 affiliate-sharing
amendments needed?
If you go back prior to 1996, and then after, post-1996.
Mr. Beales. I think around 1996, and I do not know
precisely what is before or what is after----
Chairman Shelby. Okay.
Mr. Beales. --but it seems to me that the structure of the
financial services industry was undergoing a lot of change and
a lot more change was anticipated.
Those changes in structure led to a lot more affiliation
relationships where there is common ownership or control of
different parts of the same, but separate, corporation.
Chairman Shelby. Also, national in scope, too, wouldn't it
be?
Mr. Beales. Absolutely. A lot more national in scope and a
lot more combinations of what had previously been unrelated
businesses or businesses that were separated by regulatory
requirements.
I think it was that greater combination that led to more
sharing among affiliates because, from one perspective, there
is no distinction between being an affiliate and being
different divisions of the same company.
In the different divisions case, there is no restriction on
sharing.
Chairman Shelby. A legal distinction?
Mr. Beales. Excuse me?
Chairman Shelby. A legal distinction?
Mr. Beales. Sure. There is a legal and organizational
distinction and it is useful for regulatory purposes like
confining risks from a particular kind of business or limiting
the scope of deposit insurance, for example, to the deposit
base in a bank.
It is very useful for that purpose.
Chairman Shelby. What new powers did affiliates obtain
under the 1996 Amendments that did not exist previous to the
1996 Amendments?
Just off the top of your head.
Mr. Beales. Previous to the 1996 Amendments, if you shared
information among affiliates, and the information was enough to
amount to a credit report, then the affiliate that was the
source would itself be a credit reporting agency and would have
to comply with the full panoply of requirements of the statute.
So if the banking arm shared an application with the
subprime lending arm of the same company, it would itself be a
consumer reporting agency and subject to all of the other
requirements of the FCRA.
After the 1996 Amendments, that kind of information sharing
was exempted as long as the consumer has the right to say no
and prevent the information sharing.
It was exempted from the definition of a consumer report.
Chairman Shelby. How does that work? You say the consumer,
as long as the consumer has the right to say no to the sharing.
Is that at the outset or is it when something comes up?
Mr. Beales. It could be at either point. What the statutory
requirement is, is that the consumer be given the right to opt
out and that opt out or that giving of the right either occur
up front at the time the relationship is initiated, or it could
occur at any subsequent point.
What has happened with Gramm-Leach-Bliley, since Gramm-
Leach-Bliley, is that many companies have provided the notice
and the opt out for the Fair Credit Reporting Act as part of
the annual Gramm-Leach-Bliley notice.
Chairman Shelby. I will get back in another round.
Senator Carper.

STATEMENT OF SENATOR THOMAS R. CARPER

Senator Carper. Thank you, Mr. Chairman.
And to our witness--do you pronounce your name ``beals''?
Mr. Beales. Yes, sir.
Senator Carper. Welcome aboard. As you know, probably
better than us, when the FCRA was passed by Congress, there was
a sunset provision that causes us to come back and to revisit
the issue. That sunset gives us the opportunity to do so.
I missed your testimony. And I am just going to ask, if you
will, just to take maybe one minute and say, if there is
nothing else that you walk out of here remembering that I have
said, this would be the one or two or three things.
Can you start with that?
Mr. Beales. I think this is an important decision. I think
the way the credit reporting system functions is really vital
to the functioning of credit markets. And that, in turn, is
vital to the functioning of the American economy. Consumer
spending is a huge chunk of the economy.
I think that this is an important statute that struck a
very reasonable and time-tested balance between the conflicting
interests of consumer privacy and the legitimate needs of
businesses for information. I think it is a balance that has
stood the test of time since the statute was originally
enacted. I think the accuracy provisions of the statute are a
key component. That has been a crucial aspect of our----
Senator Carper. Could you talk a little bit about that,
please?
Mr. Beales, could you hold the microphone--usually, we ask
people to bring it closer. I am going to ask you to bring it
further away.
Thank you. You have a booming voice.
[Laughter.]
You could probably get by here without that mic.
[Laughter.]
Mr. Beales. Too much time in a classroom.
[Laughter.]
Yes, there is two key provisions about accuracy, two key
mechanisms for providing accuracy.
The credit reporting agencies themselves are required to
have reasonable procedures to assure maximum possible accuracy.
And that is one of the key requirements, to make sure that
information is correct.
Maybe more important is the requirement for adverse action
notices to consumers when a decision is based on information in
a credit report. That lets the consumer know the source of the
information was a credit report, where that credit report is,
and it gives the consumer access to that credit report to
examine it and see if there is any mistakes.
And it is the consumer, after all, who is in the best
position to know and has absolutely the right incentives to try
to make sure that the information is accurate and reflects
their credit history
appropriately.
Once the consumer indicates that there is a problem, or
disputes an item, credit bureaus have to reinvestigate,
furnishers have to reinvestigate, and unless the information
can be verified as accurate, it has to be deleted.
But I think that those are the two key mechanisms that
address accuracy.
Senator Carper. Let me ask your thoughts on whether or
not--if we permit December 31 to come and go and we do not
restore the preemption provisions, what do you think are the
downsides to our failure to act, and what, if any, are the
upsides?
Mr. Beales. The Commission hasn't taken a position on what
you should do.
I think that the failure to renew the preemptions runs the
risk that what is now a national system begins to fragment,
that it does so in ways that make it harder to share
information across state lines and within what are increasingly
national credit markets.
I believe the potential benefit of allowing the preemption
to expire, would be letting States innovate with different
approaches and try out different schemes to try to protect
consumers or to try to balance these conflicting interests in
slightly different ways.
And as I say, the downside of that is we may not like some
of those experiments and they may interfere with the uniformity
that we currently enjoy in credit markets.
Senator Carper. Looking back, I was not here when the
preemption language was adopted. But why was it adopted?
Mr. Beales. I was not involved in that debate, either, and
I do not know.
Why was it adopted? I think it was in order to assure the
uniformity of some key aspects of the system. And it certainly
has accomplished that.
Senator Carper. Is the rationale for taking that action any
less relevant or correct today?
Mr. Beales. I think that remains the benefit of extending
preemption, is that you assure the continued uniformity of the
system.
That, however, limits the ability of States to try other
approaches and experiment with other approaches that may teach
us something.
Senator Carper. All right. My time is expired. Mr. Chairman
will there be another round?
Chairman Shelby. Sure.
Senator Carper. Thank you.
Chairman Shelby. Senator Dole.
I think she was here first.
Senator Dole. Thank you. The average American moves, I am
told, every 6 years. That is more than two-thirds higher than
any other country.
I think you would agree that our national uniform credit
system plays a significant role in increasing the mobility of
labor and the ability of consumers to move, while they preserve
the opportunity to get cheap credit through the portable credit
system.
But tell me how important do you think this is to our
economy?
Mr. Beales. It is hard to know, and actually, we are very
much looking forward to some research that is in the works on
what the consequences would be of losing some kinds of
information out of the credit reporting system.
And I think that will be very interesting to see, and we
will be able to have a much firmer assessment once that
research is concluded.
But I think it clearly makes it easier to be able to move
to a new town and it doesn't matter that there is no one there
who knows you and can vouch for you, that there is access to a
credit report from elsewhere with a system that creditors know
they can depend on to provide accurate and complete information
upon which to base a decision.
If you had to go to a separate State or systems, it would
be far more difficult and far more uncertain for the creditor,
which in turn would likely get reflected in worse terms offered
to the consumer.
Senator Dole. Now, I have heard the case made that other
modern economies throughout the world, in Europe, in Latin
America, and Asia, do not have credit reporting systems like
ours, and that some countries are considering right now
adapting our system, our credit reporting system, the
preemptions.
Can you provide the Committee with some details of how our
credit reporting information or information-sharing system
would contrast with other countries', in the G8, for example?
Mr. Beales. Just speaking generally, and not about any
particular country, probably, there is two kinds of differences
between the U.S. system and various foreign systems.
One, our system is voluntary. In some countries, credit
reporting is essentially a public utility or provided by the
government, even in some instances. Our system is voluntary,
market-driven. It depends on what information furnishers are
willing to provide to credit bureaus and what information
credit bureaus think it is important to try to get and provide
to their customers.
Second, ours is a system of full-file reporting. Both
positive and negative information about the consumer is
reported. A number of other countries only have negative
information reported.
What is important about full-file reporting is there is a
real difference between someone who has no negative information
because they have never had credit before, and someone who has
no negative information because they have had credit
extensively, they have used numerous different accounts, and
they have always paid them off. Those two people aren't the
same. But in a system that only reports negative information,
you cannot tell them apart.
So the full-file reporting is a really useful feature of
the American system.
Senator Dole. And finally, could you just give us a run-
through of what credit card pricing might look like without
prescreening? Say prior to 1990, compared to today.
Mr. Beales. It is difficult to attribute causality to any
of the changes that have happened since 1990. But what credit
card pricing looked like in 1990 was essentially everybody
offered an interest rate that was at the legal usury ceiling.
Cards generally had relatively high annual fees. There were
no, or virtually no, ancillary benefits. You did not get
airline miles. You did not get discounts. You did not get free
insurance.
What you see today is a wide variety of rates, of credit
limits, numerous cards with no annual fees, a lot of different
benefits, whether it is contributions to your favorite charity
or the ability to display the logo of your school or even cash
discounts in some cases. And interest rates that reflect much
more closely the risk that a particular consumer creates or
poses for the creditor.
I think prescreening has been an important part of that
shift. It has been an important competitive weapon, as people
have entered credit card markets with different kinds of terms.
But there is also obviously a lot of other changes that
have happened that have likely influenced those developments as
well.
Senator Dole. Okay. Thank you, Mr. Chairman. I think my
time is expired.
Chairman Shelby. Thank you.
Senator Johnson.

COMMENTS OF SENATOR TIM JOHNSON

Senator Johnson. Thank you, Mr. Chairman. I have a full
statement that I would like to submit for the record.
Chairman Shelby. It will be made a part of the record,
without objection.
Senator Johnson. I want to thank the Chairman for holding
this hearing. Thank you, Mr. Beales, although I have to express
disappointment that the Administration has, so far, been
unwilling to exert greater effort at pushing for passage of
legislation to extend the preemption.
My own view is that a failure to act on the preemption by
January 1, 2004, will be utterly disastrous for the economy of
this country and for consumers all over America.
A uniform reporting system that could break into as many as
50 reporting systems, all with different standards, different
requirements, different procedures, and a credit reporting
system which in many ways has become a model for the world,
would be degraded significantly.
I think that while there are those who want to utilize this
necessary legislation as a vehicle for taking up other issues,
and I respect that, I would hope that the Senate will keep a
close eye on the notion that what is at stake here is access to
credit.
And that is the principal reason why we are having this
debate, and the uniform system, in fact, in full-file reporting
has enhanced citizens' ability to secure credit, has enhanced
the ability of financial institutions to make intelligent
decisions relative to lending.
Now, Mr. Beales, can you tell us whether this evolution of
the credit reporting industry and the FCRA has resulted in
personal credit histories being more portable?
In other words, if someone applies for credit out of State,
or moves a residence and applies for credit in their new home
State, does that create any problems related to credit
histories or obtaining reliable credit report information under
what we have now--a uniform, full-file reporting system?
Mr. Beales. No. I think the current system clearly
facilitates exactly that kind of transaction. It facilitates a
bank in California competing for the business of a consumer in
Florida or Maine, and having reliable information about whether
that consumer is a good risk or a bad risk.
It facilitates the ability of that consumer to move from
Florida or Maine to California and reestablish credit with new
accounts, with merchants that have never heard of them before,
because there is a uniform system that provides reliable
information and creditors know that they can rely on that
information to make an accurate risk assessment.
Senator Johnson. So this system, better than a 50 different
standards system, best facilitates dealing with the problems of
a very mobile society.
Would you say that that is a fair statement?
Mr. Beales. Yes. I mean, I think the uniformity really
facilitates mobility. I think that is probably right. And that
is the benefit side of having a uniform system.
Senator Johnson. And you note in your testimony that a
Federal Reserve study of credit bureau files found that nearly
20 percent of currently reported active accounts have been open
for fewer than 12 months. And you concluded that this number
illustrates how a national credit system enables creditors to
make better credit-granting decisions.
Could you explain that conclusion a bit more and elaborate
a bit on why those statistics and that uniformity is so key for
credit-granting decisionmaking?
Mr. Beales. What we have heard, and I think the point we
are trying to make was simply this--what we have heard in the
context of identity theft debates in particular is maybe credit
shouldn't be so easy.
I think the point of that statistic is that for a large
fraction of the population, because they are opening new
accounts all the time, easy access to credit is an important
issue, that you do not want to make access to credit more
difficult, given how many people are opening accounts on an
ongoing basis.
Senator Johnson. Do you think there has been enough done to
investigate and prosecute identity theft crimes? And what are
some of the impediments to investigating and prosecuting
identity theft crimes?
Mr. Beales. We are continuously working to do more to
provide information to assist law enforcement in prosecuting
identity theft.
We are also active in trying to educate consumers as to how
they can reduce the risks and how they can reduce the
consequences, and I think that is an important part of it.
And we are very involved in assisting businesses to try to
reduce the risks, both from a business education perspective,
to try to reduce the risks that information that is entrusted
to them would be used to compromise somebody's identity.
We have also gone after businesses on security grounds,
where we thought that there was not sufficient security in
place to protect sensitive information about the consumer. And
that, too, has implications for identity theft.
And we have an ongoing program of training law enforcement
officials in order to help them better bring identity theft
kinds of cases.
Senator Johnson. I notice my time is expired, Mr. Chairman
I have some other things that I am interested in in terms of
prescreening and credit cards and how a national system
facilitates that.
Chairman Shelby. We will have other rounds.
Senator Johnson. But I will wait for a later time, and I
yield back.
Chairman Shelby. Senator Bunning.

STATEMENT OF SENATOR JIM BUNNING

Senator Bunning. Thank you, Mr. Chairman. I have an opening
statement that I would like to submit for the record.
Chairman Shelby. It will be made part of the record in its
entirety, without objection.
Senator Bunning. Thank you. Since FCRA enactment in 1996,
did the same number of complaints on FCRA-related issues to the
FTC increase, decrease, or stay the same?
Mr. Beales. Our reporting system has changed so much over
that time period, that I am not sure you could draw comparisons
from that.
I do not know, but we would be happy to supply that
information for the record of what the numbers of complaints
have been like.
Senator Bunning. Okay.
Mr. Beales. But I do want to note that the changes in our
information system have really made it harder to make those
comparisons over time.
Senator Bunning. Do you believe nonpassage of FCRA will
lead to a Balkanization of privacy laws?
Mr. Beales. I think it depends on what the States do. One
can imagine a scenario in which there is no preemption and no
State action and nothing changes.
I think it is crucially dependent on what the States do as
to what the likely impact of not having preemption would be.
Senator Bunning. In other words, each individual State
could do their own thing, then.
Mr. Beales. Right. In the absence of preemption----
Senator Bunning. Yes.
Mr. Beales. --each individual State could do their own
thing. But each individual State could also choose to maintain
the status quo. And that is the sense in which the consequence
of not having preemption depends on what kinds of changes
States try to make, are interested in making, and actually do
make.
Senator Bunning. Would you like to venture a guess----
[Laughter.]
--about States and preemption?
Mr. Beales. I think the likelihood is that they would try
to do various things. Some more sensible than others.
Senator Bunning. Thank you.
[Laughter.]
Do you receive prescreening complaints? If so, did you
receive more before FCRA enactment, or after?
Mr. Beales. Prescreening--we do get prescreening
complaints. My recollection is that we do not get very many of
them.
Prescreening is something that, although it was codified in
1996, under FTC interpretations going back to 1973,
prescreening was permissible under the Fair Credit Reporting
Act.
So there really wasn't any change or wasn't much of a
change to give rise to a before and after.
In fact, what the 1996 Amendments did was to codify the
ability to prescreen and to make it a little bit less
restrictive in terms of how firm the offer had to be than the
FTC's staff opinions had been.
Senator Bunning. Okay. A follow-up--do you believe
prescreening has helped or hurt the consumer in regards to the
credit card market?
Mr. Beales. I think that prescreening has facilitated more
competitive credit markets, and that that has been very good
for consumers.
Senator Bunning. Do you think that it is helped?
Mr. Beales. Yes, I do.
Senator Bunning. And you offer as fact, what?
Mr. Beales. The changes that have occurred in the nature of
credit card offers----
Senator Bunning. If you could stop them from coming once a
day, I would really appreciate it.
[Laughter.]
Mr. Beales. You can do that because there is an opt out
number that will let you opt out of prescreening offers.
Senator Bunning. That is done statewide, though.
Mr. Beales. It is done nationwide.
Senator Bunning. It is done nationwide now?
Mr. Beales. It is done nationwide. That was part of the
deal for the codification of the ability to prescreen, was
every one of those prescreening offers, if you read all the
fine print in it, tells you that you can opt out and lists the
numbers.
It is 888-5-OPTOUT.
Senator Bunning. 888----
Mr. Beales. 5-OPTOUT.
Senator Bunning. --5-OPTOUT.
Mr. Beales. And that will get you out of all prescreened
offers.
Senator Bunning. Thank you.
[Laughter.]
Mr. Beales. Glad to be of assistance.
[Laughter.]
Senator Bunning. I really appreciate that because once a
day is too often.
[Laughter.]
Thank you, Mr. Chairman.
Chairman Shelby. Senator Sarbanes.

STATEMENT OF SENATOR PAUL S. SARBANES

Senator Sarbanes. Thank you very much, Mr. Chairman.
First of all, I want to commend you for holding this
hearing. I know you are planning to hold a comprehensive series
of hearings on this subject and invite a wide variety of
interested parties to testify and I look forward to hearing
from them. But I think it is important to comprehensively
review this important issue.
I also should express thanks to the thorough approach at
the staff level. There have been a number of staff briefings in
preparation for examining these issues.
Of course, the preemption provisions of the Fair Credit
Reporting Act, not the Act itself, just the preemption
provisions, sunset on January 1, 2004.
The Fair Credit Reporting Act itself serves an important
purpose. It helps to ensure privacy of consumer financial data,
accuracy of credit report information, and fair practices in
the collection and use of credit information and in credit
granting.
This, of course, affects millions of Americans as they
purchase homes, obtain insurance, seek new lines of credit,
even apply for some types of jobs.
Actually, the Fair Credit Reporting Act itself, at its
core, is a consumer protection statute. Obviously, that is why
I think it comes under the jurisdiction of the Bureau of
Consumer Protection of the Federal Trade Commission, which Mr.
Beales heads up.
It protects the consumers by regulating the activities of
credit reporting agencies, defining the responsibilities of
both the users of consumer reports and those who furnish
consumer information to credit reporting agencies. And of
course, it provides important rights to consumers affected by
such reports.
The preemption provisions, of course, cover a number of
areas and as a consequence, some important issues that I
anticipate we will be addressing during these hearings and
throughout the reauthorization process, will be the protection
of consumers' financial privacy, accuracy of credit reports,
marketing practices of creditors, credit scoring and the use of
credit scores, fraud and identity theft, and of course, the
availability and cost of credit.
Mr. Chairman, I look forward to working with you as we
embark on this comprehensive set of hearings.
Now I would like to ask just a couple of questions of the
witness. I am going to ask some very elemental questions. You
are the professional. I want you to take us through the
process.
I want to get a copy of my credit report and my credit
score. How do I do it?
Mr. Beales. To get your credit report, you call one or more
of the national credit reporting agencies and ask for a copy.
There is a verification procedure to go through. In some
cases, it may be easier if you write. And under Federal law,
you can obtain that report for a fixed price that is set by
regulation of the Federal Trade Commission, and they will send
it to you.
Senator Sarbanes. What is that price?
Mr. Beales. Nine dollars----
Senator Sarbanes. Nine dollars.
Mr. Beales. --is the Federal requirement. Now in some
States, that report is free. But in other States, the Federal
law sets the price at $9.
Senator Sarbanes. And would you counsel me to get a copy of
my credit report from each of the credit-rating agencies?
Mr. Beales. If you are facing a major financial decision
where the quality of your credit is going to be important--if
you are going to refinance, if you are going to buy a home for
the first time--I certainly would.
It is well worthwhile to look at all three credit reports
and make sure that the information in there is accurate.
On a routine basis, it depends on whether--absent some
impending transaction where you know this is going to matter,
it depends on--it is up to you. It depends on how risk-adverse
you are and how much you want to worry about how you want to
balance the difficulty of going through the report and the
hassle of getting it, against the risks of some inaccurate
information that might be there.
If you get notified unexpectedly that there was an adverse
action, then surely, it is worth your while to look at that
report.
Then it is free. And make sure the information is accurate.
Senator Sarbanes. And how do I get my credit score?
Mr. Beales. Your credit score may or may not be disclosed.
It depends on the practices of the credit reporting agency.
Your credit score, although we talk about it that way, may
be actually any one of a variety of different proprietary
products with different lenders, different creditors having
their own scoring systems that they think work better for them.
Senator Sarbanes. When I get this instantaneous credit that
people refer to, that keep the wheels of commerce moving, is it
the credit score that the creditor relies upon?
Mr. Beales. The credit score is likely a key part of that.
Senator Sarbanes. Because it is all--you know, they tell
you that it is done right away. You are there. You want to make
this purchase. You want to get a car, so you tell the guy and
they check it out and the next thing you know, they come back
and they say, okay, you can go ahead.
But they must just be working off the credit score in a
situation like that, aren't they? Or not?
Mr. Beales. Not necessarily. The way the system works,
essentially, in all probability, the whole credit report goes--
it is clearly an automated process that the creditor is using
to decide on the spur of the moment whether to approve or not.
But that may be an automated system based on the credit
score. Or it may be a system that is based on a computer
program that looks at all the information in the file and says,
yes or no.
That can happen pretty quickly as well.
Senator Sarbanes. Mr. Chairman, I see my time has expired.
Chairman Shelby. If we can suspend for a minute. I told you
earlier that we are going to proceed with marking up the
nominations.
We have a quorum.
We have before the Committee now some nominations. The
Committee will meet in Executive Session to consider and
hopefully vote on a number of nominations pending before the
Committee.
The nominees are: Nicholas Mankiw, to be Member of the
Council of Economic Advisors; Steven B. Nesmith, to be
Assistant Secretary for Congressional and Intergovernmental
Relations, U.S.
Department of Housing and Urban Development; Jose Teran, James
Broaddus, Lane Carson and Morgan Edwards, to be Members of the
Board of Directors of the National Institute of Building
Sciences.
Each of the nominees appeared before the Committee on May
13.
Is there any comment or debate about the nominations?
[No response.]
If not, I ask unanimous consent that the nominations be
considered en bloc.
[No response.]
Hearing no objection, so ordered.
All those in favor of the nominations, say aye.
[A chorus of ayes.]
Those opposed, no.
[No response.]
The ayes appear to have it and the nominations will be
favorably reported to the full Senate.
Thank you for your indulgence.
Senator Sarbanes. Mr. Chairman, my time has expired.
Chairman Shelby. Senator Crapo, do you have any questions?
Senator Crapo. Thank you, Mr. Chairman. I will pass.
Chairman Shelby. Senator Bennett.

STATEMENT OF SENATOR ROBERT F. BENNETT

Senator Bennett. Thank you, Mr. Chairman. And thank you for
holding this hearing.
I do not know of many issues quite like this one where a
number of people whose judgment I respect have come to me and
said, if we do not extend the preemption section of the Fair
Credit Reporting Act, there will be serious, serious economic
consequences. Some have said to me, failure to do that will
throw the economy back into a recession. No one has been to
lobby me on the other side, which I find kind of interesting.
And so, if indeed it is that serious, and Chairman
Greenspan has indicated that he thinks it might be that
serious, although he stopped short of predicting a recession--
Chairman Greenspan always stops short of predicting anything
that specific one way or the other.
My first question, then, Mr. Beales, is we have had this
Act in place for 30 years, it was updated 7 years ago in 1996,
is there any problem that has come up, particularly since 1996
forward, since that is the most recent change that cries out
for mediation or that says we have had all of these
difficulties and it is absolutely essential that we let this
thing lapse in order to avoid these difficulties?
Have the last 7 years of history told us that we have a
challenge here?
Mr. Beales. I do not see anything in the last 7 years that
would indicate a significant problem or a compelling reason to
change, except that the clock has run and the statutory
provision is expiring.
There is certainly thing that I would point to to say,
based on this experience, there is something that you need to
do differently.
There may well be places where the balance that the Act
strikes between privacy and the needs of commerce could be
struck differently or fine-tuned in various ways. At this
point, the Commission hasn't made any recommendations for
changes.
But there are certainly things that I see that would lead
me to say that there is a pressing need for change.
Senator Bennett. When I first came to the Banking
Committee, one of the issues that we spent a good deal of time
on was the challenge of making more credit available,
particularly to minorities.
We had experts who came in here who had organized banks
that loaned almost exclusively to minorities. We have had many
somewhat heated discussions in this Committee about CRA and its
role in making credit available to minorities.
If indeed we got the Balkanization you were discussing with
Senator Bunning, and which many people think would happen,
wouldn't one side effect of that be to reduce the availability
of credit to minorities?
Mr. Beales. If you got significant Balkanization, I think
it would likely reduce the availability of credit. How
selective that would be, whether there would be a differential
impact on minorities versus everybody else, is harder to
assess, and I think it would ultimately depend on the kinds of
actions States took and the kinds of restrictions that were put
in place.
I am sure there are some restrictions that likely would
differentially affect minorities or lower-income people and
their access to credit. There is probably other restrictions
that States might adopt that would have differential effects
the other way.
Senator Bennett. My own sense of things based on all of the
previous discussion that I referred to is that this probably
would, in fact, have a chilling effect on credit being
available to minorities.
I have a chart here which you cannot discern that far away,
if for no other reason than that the difference between the
light gray and the dark gray is absolutely indistinguishable
more than 10 inches away from the chart.
So, I have a hard time seeing it myself.
Senator Sarbanes. That is a very helpful chart.
Senator Bennett. Yes, very helpful.
[Laughter.]
You can see the top bars going up and that is the total
amount of household credit. And in 1960, it was just under 60
percent. Now it is over 100 percent.
However, the lighter area underneath shows the amount of
consumer credit. The darker part of the bar is mortgage credit.
And the consumer credit has remained relatively stable in that
period.
In 1960, it was at the lowest percentage of household
income. Looking at this, I would say it was probably at about
16 percent. It went up maybe to 17 or 18 percent in 1970 and
stayed there all the way through.
But now, it has gone up in 2002, a 12-year period, from
1990 to 2002, to just over 20 percent.
But mortgage, which is the top part of the bar, has gone up
very dramatically. In 1960, mortgage credit as a percentage of
disposable income was less than 40 percent and now it is more
than 80 percent. So the mortgage portion of household credit
has gone up enormously.
Now, I am not suggesting there is a cause-and-effect
relationship here with the Fair Credit Reporting Act just
because this is done during that period. We get into trouble
with that around here because we put up charts that show cause-
and-effect relationship depending upon what point we want to
make on the floor.
However, the final question I would ask you is whether or
not the ability to get a mortgage in a timely fashion would be
affected adversely if we did not renew the preemption part of
this bill?
Mr. Beales. I think it depends. It depends in part on what
states do. It depends, in part, on the kind of a consumer you
are.
If you have never moved and you have lived in one area your
whole life, then even a completely State-specific system is not
necessarily going to make much difference to you.
If you have lived in 20 different places in the last 20
years, and your credit history is scattered all over across
lots of different States, and is not accessible across State
lines because of different State restrictions, it is going to
have a much more dramatic impact in that circumstance.
I think what may be the most important part of the statute
in terms of how it is impacted minority credit in particular,
or credit at lower incomes, is prescreening that lets creditors
identify consumers who are good risks and compete for that
business.
Senator Bennett. I see my time is expired. But I had
exactly the experience that Mr. Beales is discussing, Mr.
Chairman.
I bought a house in California, having lived in California
previously, and it was approved virtually in an afternoon.
Then I had reason to move to the State of Utah, and it took
me close to 60 days to get this thing approved in the State of
Utah. And I finally had to have my father go down and wave his
credit record, which was sterling compared to mine, and cosign
the loan before we got it taken care of.
That was before we had the legislation that we are all
living under.
So, I have had personal experience with how difficult this
can be.
Senator Sarbanes. They are very careful there in Utah.
[Laughter.]
Chairman Shelby. Very careful.
Senator Bennett. Well, they were.
[Laughter.]
Chairman Shelby. Senator Miller.

STATEMENT SENATOR OF ZELL MILLER

Senator Miller. Thank you, Mr. Chairman.
Thank you, Mr. Beales.
This is something that I should know, but I do not.
There is a lot of things like that.
[Laughter.]
But this is one. And I may be the only one in this room
that doesn't.
What I am asking is, what exactly is the jurisdiction that
the FTC--I know what it stands for, Federal Trade Commission--
but what jurisdiction do you have over the Fair Credit
Reporting Act?
I know people can call up and get answers to questions and
that you provide education on the FCRA. I know that you can
give guidance and advice.
I assume that somewhere in there, there is also some
enforcement jurisdiction.
Is that correct?
Mr. Beales. That is correct.
Senator Miller. And if so, talk to me a little bit about
that.
Mr. Beales. We are, I would say, the principal enforcement
agency under the Fair Credit Reporting Act. The credit
reporting agencies themselves are subject to our jurisdiction.
Banks that are regulated by other agencies are regulated
under the Fair Credit Report by those other agencies. But for
other creditors, we are the chief enforcement agency and the
chief regulatory agency.
Senator Miller. And I think you answered this question a
while ago. You say that you have no legislative remedy that you
would recommend to the Senate Banking Committee when it comes
to looking at the FCRA bill.
Mr. Beales. The Commission has not made any recommendations
at this point.
That is correct.
Senator Miller. Thank you.
Chairman Shelby. Senator Dodd.

STATEMENT OF SENATOR CHRISTOPHER J. DODD

Senator Dodd. Thank you, Mr. Chairman. And thank you for
holding this hearing. And I support the notion that Senator
Sarbanes raised and we are going to hear some more later on.
But I think this is very helpful.
And I want to commend Mr. Beales, too. Your testimony is
very, very good, very helpful as well. And I am quite confident
that we can craft a good piece of legislation.
On balance, Mr. Chairman, the FCRA has done much to improve
a formerly fragmented situation that was basically a regional
system, but now, of course, a national system of credit
reporting.
But like several of my colleagues, we have some concerns
about how consumers are treated under this regime.
And at least I hope that the Committee will closely examine
how to better protect consumers as part of this and any
discussion of reauthorization.
I am going to send around to my colleagues, the major
newspaper in my State, the Hartford Courant, has just run a
series of articles, Mr. Chairman, on the whole credit question.
I do not know if you have seen these or not at all. Have
you seen them?
Mr. Beales. I have, yes.
Senator Dodd. They are rather good articles, I thought.
I would be interested, at some point, in your response to
the suggestions in them, the comments in them. They are rather
comprehensive.
Two reporters spent months looking at the issue of fair
credit reporting, a 4-month investigation, culminating in the
series I mentioned, which detailed the day-to-day problems that
consumers face with the current system.
I am going to send around a package of these articles for
my colleagues to look at.
Chairman Shelby. Good.
Senator Dodd. The articles focus on the devastating effects
that inaccurate information in credit reports can have on the
lives of millions of people. Individuals are finding that it
can take years of time and money to clear the mistakes that
credit reporting agencies are making. And after finally
improving the inaccuracy of their reports, many consumers are
then left footing the bill in recovering from the damages
caused from their records.
As America's financial consumers have more credit options
available to them, and as the mass of improvements in
technology have occurred, I am concerned that the credit
reporting system and the regulations that govern it may not
have kept pace to ensure a corresponding level of accuracy.
I think we can do a better job ensuring the consumer's
financial picture is more accurately kept and that the process
to correct mistakes is faster and easier for consumers.
Additionally, I think that we can improve the current
privacy protections available to consumers.
Consumers are concerned that no significant changes will be
made to the current system. According to the same article that
I mentioned, cracks in the system continue to put millions at
risk.
We need to fill those cracks. I think we all want to do
that, with the national credit reporting system, and shore up
its foundation.
I thank the Chairman again for holding the hearing.
Let me ask, if I can, a couple of things. One is, in
response to Senator Miller and I guess previous questions, you
have indicated that you do not believe there is any greater
statutory needs that you would have to address the inaccuracy
issue.
Is that correct?
Mr. Beales. I think the fundamental accuracy mechanisms in
the statute have, by and large, worked pretty well. I think it
is just in the processes, as many transactions as the credit
reporting system does, is almost inevitably going to sometimes
make mistakes. And what is really important is to have a
mechanism to correct those mistakes when they occur.
I think the mechanism that is there, by and large, works
pretty well, although, it doesn't work perfectly in every
instance.
Senator Dodd. How many complaints does the FTC get a month,
roughly, of this kind?
Mr. Beales. I do not have a specific number. We get
probably--well, this is probably annual. We probably get
several thousand complaints about each of the three credit
bureaus.
Senator Dodd. On a monthly basis?
Mr. Beales. That is probably annual.
Senator Dodd. Several thousand.
Mr. Beales. Yes.
Senator Dodd. What categories do they fall into, roughly
speaking? Identity theft? Credit card? Inaccuracies?
Mr. Beales. Those are accuracy complaints.
What you have to understand in thinking about the accuracy
complaints that we get, and we do not have any independent
assessment of whether the information is really accurate about
who's right in this dispute. We know there is a dispute.
And we do know because we get complaints from them, that
there are some consumers who do not understand the way the
system works. They think that if they were behind on their
payments and that was reported, but they are now current, that
the fact that they were behind should go away.
But that is not inaccurate. They were, in fact, behind.
That information is part of the credit report, and stays there,
but it sometimes leads to disputes because consumers do not
understand that that is the way the system works, and is
designed to work.
Senator Dodd. Is there a breakdown between credit
furnishers and the reporting agencies themselves? Do you see
any evidence of that?
Mr. Beales. We have been very interested in what the
furnishers are doing. We have brought the first furnisher cases
that are based on furnisher liability, in order to assure that
furnishers are providing accurate information.
Where we, frankly, have seen the most difficulties is with
the information reported by debt collectors, rather than the
information reported by other kinds of creditors.
But we are quite interested in furnisher issues across the
board as an enforcement priority.
Senator Dodd. And you say that you have had a chance to
look at those articles in the Hartford Courant.
What is your reaction to them?
Mr. Beales. The potential consequences of mistakes in
credit reports are very severe. I think that is why this
statute is important and why the set of statutory protections
to correct mistakes is very important.
It is why we have made the enforcement of those mechanisms,
both furnisher liability and of the adverse action notices, why
we have made those key priorities in our FCRA enforcement
efforts.
I think that is the main point, that the accuracy is really
a critical issues.
Senator Dodd. I appreciate that. I might, Mr. Chairman ask
if maybe we could get some numbers, if you could. I would just
be curious about the number of complaints you get and if you
could give a little more accurate breakdown of what categories
they'd fall, it might be helpful to the Committee.
Mr. Beales. Sure. We would be happy to do that.
Chairman Shelby. I think that is an excellent suggestion.
Senator Dodd. Thank you.
Thank you very much, Mr. Chairman.
Chairman Shelby. Senator Stabenow.

STATEMENT OF SENATOR DEBBIE STABENOW

Senator Stabenow. Thank you, Mr. Chairman.
First, I do have an opening statement that I would
appreciate be made a part of the record.
Chairman Shelby. It will be made a part of the record in
its entirety, without objection.
Senator Stabenow. Thank you very much for holding this
hearing. And thank you, Mr. Beales. It is an important topic.
I wonder if I might just follow up on the questions as it
relates to consumers. Earlier, Senator Bunning was asking you
for the toll-free number.
I am wondering, that really leads me to a question
concerning the opt out provisions. And we know, for every
prescreened credit offer, there has to be a notice of the
consumer's right to opt out.
Could you speak a little bit about how that is working? Do
people understand it? Do others, other than Senators, not know
the toll-free number?
I did not know it, either.
But, also, do they understand how to do it correctly? How
is this working, overall?
Mr. Beales. We do not have any systematic assessment of how
many consumers know or do not know. Or how much they know about
exactly how to go about it.
There are disclosures that are supposed to be provided with
every prescreened offer that you get of how to do it and what
number to call. But there is a lot of information there, and a
lot of other information about the offer and the terms of the
offer that probably makes it hard to find in a great many
circumstances.
It is not something where we get a lot of complaints, I do
not believe. From that perspective, the system seems to be
working.
But I am sure there are consumers who do not know that they
can opt out, some of whom may prefer to opt out.
Senator Stabenow. And what percentage of consumers are
opting out?
Mr. Beales. That I do not know.
Senator Stabenow. So, you do not have any way of tracking
this point, how many opt out, what percentage?
Mr. Beales. The system is maintained by the three credit
bureaus and they would be able to tell you how many people have
in fact opted out, I mean, how many people are on the list.
But we do not have that information.
Senator Stabenow. Okay. And would you make any changes from
your perspective in how that is working, that whole process for
consumers?
Mr. Beales. As I say, the Commission doesn't have
legislative recommendations at this time. I do not think we
have seen anything that has seemed to us to be a particular
problem in that area, that really needs to be fixed.
Senator Stabenow. Okay. Thank you very much.
Chairman Shelby. Thank you, Senator.
I want to go back to the issue of credit report accuracy.
Is there an acceptable tolerance level for errors, and what
is that, if there is? In a risk-based system, there has to be
some tolerance, but what is the threshold?
Mr. Beales. The statutory standard focuses on procedures,
reasonable procedures to assure the maximum possible accuracy.
It doesn't set a numerical threshold. Even if the error
rate is very low, if it is cheap to fix, you should fix it. But
if it is really difficult to fix or really expensive to fix, if
there is no reasonable way to correct it, or no reasonable
procedure that would prevent it, then that would be acceptable
under the statutory standard.
But it is not a numerical threshold. It is a balance of----
Chairman Shelby. How would you--excuse me a minute. You
said if there is no reasonable way to fix it. But what if it
were so prevalent, it called for fixing?
I am not saying it is, but you said if there is no
reasonable way to fix it. First of all, assuming that the
number of errors are small, we understand that.
Mr. Beales. Let me back up because I think what I should
have said is, there is no reasonable way to prevent it.
Chairman Shelby. Okay.
Mr. Beales. Because if there is an error and it is called
to your attention, you have to fix it.
Period. End of story.
Chairman Shelby. That is correct.
Because accuracy is important.
Mr. Beales. Because accuracy is important. Absolutely.
Chairman Shelby. Right.
Mr. Beales. But the reasonable procedures focus on what
kinds of steps can you put in place to keep that from happening
in the first place?
Chairman Shelby. Is there any way to gauge what is or
should be an acceptable error rate? You said that they do not
do it statistically.
In other words, you do not do it numerically. You do not
say that the error rate is--I am just throwing this out there--
3 percent or 5 percent or one-half of 1 percent or one-
hundredth of 1 percent.
Is that what you were saying a minute ago, that you do not
gauge that?
Mr. Beales. There is no bright-line standard in the statute
of what is acceptable. Even if the error rate was a hundredth
of a percent, if you could avoid that for free, then under the
statute, you have to do that.
It is a question of what kinds of costs do you have to
incur, what is reasonable to do to avoid that particular error.
Chairman Shelby. I think Senator Dodd asked you the
question of, something to the effect, how many complaints did
you have at the Federal Trade Commission a year? And you said,
around 2,000, more or less, on a yearly basis.
Mr. Beales. Per credit bureau.
Chairman Shelby. Per credit bureau. Six thousand? Three
credit bureaus?
Mr. Beales. I think it is probably a bigger number than
that.
Chairman Shelby. A larger number.
Mr. Beales. Let us get you the precise number.
Chairman Shelby. Can you furnish that for the record
because we are building on it.
Mr. Beales. Yes, sir.
Chairman Shelby. What are the considerations or trade-offs
involved in the calculation of an acceptable rate of error?
For example, maintaining as much participation as possible
within a voluntary furnisher system versus accurate record of
consumer credit history, and ultimately, the appropriate
pricing of credit.
Accuracy goes to the very heart of all of this. And it
would seem to me that not only would the credit bureau, or
whatever, but also the credit-checker, would want their reports
to be accurate.
The user of that information--let's say it is a mortgage
company or a bank or something--they would certainly want it to
be accurate, wouldn't they?
Mr. Beales. They certainly would. I think everybody in the
system, consumers, users, credit bureaus, benefits from
accuracy.
I think that is absolutely right.
Chairman Shelby. Benefits from accuracy, starting with the
consumer on.
Risk-based credit pricing--I think Senator Sarbanes alluded
to that earlier. I think that we all recognize the many
positive, and there are many, developments associated with
technological advancement.
Technology has made our credit markets remarkably
responsive to consumer demand, as Senator Bennett would have
shown us with a bigger chart, right?
[Laughter.]
Senator Bennett. Right. Colored chart.
Chairman Shelby. Yes, a larger chart. That said, just to
get a handle on just where technology has taken our credit
markets, could you explain or expand a little on the use of
risk-based pricing and how much more prevalent its use today
versus 1996 and 1971, if you could?
Mr. Beales. I cannot do it in a quantitative way, but
clearly, qualitatively, there has been substantial change. I
think particularly in 1970, at the time the statute was first
passed, the dominant model and the way most credit decisions
were made was you applied for credit that was available on a
fixed set of terms and you were either approved or denied on
that same fixed set of terms.
I think probably the predominant model today is you apply
for credit. The terms--sometimes you are accepted or rejected.
But with growing frequency, the terms you are offered, whether
it is the interest rate or the credit limit or some other
aspect of the credit arrangement, depend on the risk that that
individual borrower presents.
And the higher the risk, the worse the terms.
Chairman Shelby. Sure.
Mr. Beales. That is a much more common model today than it
was. Certainly in 1970, the information-processing technology
and the information-sharing technology simply wasn't in place
to support that kind of system on any very large scale.
Now it is. Now it is done. It is much more differentiated
pricing of credit and insurance products based on the risks
that a particular consumer may pose.
Chairman Shelby. I think the use of risk-based pricing
offers numerous benefits to consumers. You alluded to that.
Credit is now offered to many people who were previously deemed
unqualified. Hence, his chart a minute ago, I think.
And credit pricing is much more tailored now to each
individual, more so than it used to be.
Would that be a fair assessment.
Mr. Beales. I think that is correct, yes.
Chairman Shelby. But the use of risk-based pricing also
raises issues about the continued effectiveness of some aspects
of the Fair Credit Reporting Act.
You mentioned, if you want to refer to your written
testimony, how accuracy, and I will quote:``Was, and remains a
core goal of the Fair Credit Reporting Act.''
You then indicate and I will quote:``Adverse action
notices. . .are a key mechanism for maintaining accuracy.''
With the use of risk-based scoring, however, a consumer may
qualify for credit, but not at the best terms.
By not making an outright rejection, creditors as I
understand the system--do not have to send an adverse action
notice and credit applicants may then never become aware of the
need to examine their credit reports.
Does this cause you any concern about the continuing
relevance of the adverse action process?
For example--let me see if I understand it.
Let's say they check my credit and I do not have A number
one credit like Senator Bennett's father or like he would have
liked to have had. Right? And they come back and instead of
telling me that, they say, we will offer you something based on
the risk.
Is that the way they do that? The credit risk as they
perceive my credit, rather than an outright rejection.
Mr. Beales. Yes. And that is a counter-offer.
Chairman Shelby. Yes, it is a counter-offer. Explain how
that works. That avoids the necessity of the adverse----
Mr. Beales. It depends on what you do with it at that
point.
Chairman Shelby. Sure.
Mr. Beales. If you reject the counter-offer, then that is
adverse action.
Chairman Shelby. That is right.
Mr. Beales. And if it is based, in part, on a credit
report, they have to tell you.
Chairman Shelby. Sure.
Mr. Beales. If you accept the counter-offer, then, because
adverse action is tied to the definition of adverse action
under the Equal Credit Opportunity Act, then there is no
adverse action because you got the credit that you wanted.
Chairman Shelby. You got the credit maybe not that you
initially wanted, but you got a deal and took it.
Right?
Mr. Beales. That is right. I think that raises a difficult
trade-off. We are thinking about the issue, but we do not have
a recommendation.
Chairman Shelby. Tell us how you are thinking about it.
Mr. Beales. Yes, sir.
Chairman Shelby. Just for the record.
Mr. Beales. On one hand, if you are not getting the best
terms, and that is based on the credit report, you need to get
notice.
Chairman Shelby. Maybe I wouldn't deserve the best terms.
Mr. Beales. That is right. You may not get the best terms
based on accurate information rather than inaccurate
information.
But if it is based on inaccurate information, you need the
notice to trigger your right to look at the file.
But in a pure, risk-based system, where the best person out
there gets the best price, and everybody else gets somewhat
worse terms--if you think of it at that extreme----
Chairman Shelby. But everything's a risk. It should be
based--if it is based on risk, somebody's more creditworthy and
has worked hard, diligently to pay their bills, as opposed to,
say I hadn't, they should be rewarded, should they not?
Mr. Beales. They should. I agree with that completely.
Chairman Shelby. Because they are less of a risk, say, than
I would be.
Mr. Beales. I agree with that completely. But if you say,
well, giving less than the best terms is in some sense an
adverse action, and we have said that about insurance where
there is not the linkage--if you get insurance on less than the
best terms, we have said that is adverse action and you have to
give notice.
But in a completely risk-based system, that means everybody
gets notice all the time, except the best risk. And that
degrades the notice because it no longer serves the function of
saying, there may be something unusual here, which it does now,
and it does under the present system.
And there is a balance between giving notice when people
need it and not overwhelming people with notices that say there
might be something in your credit report, because you could say
that to everybody all the time.
Chairman Shelby. Sure. But going back to what I mentioned,
and you mentioned in your testimony earlier, risk must be
gauged accurately, as best we can.
Mr. Beales. Certainly.
Chairman Shelby. That is what the system is about, is not
it?
Mr. Beales. Certainly.
Chairman Shelby. Is gauging the risk as accurately--and you
gauge it accurately based on the information that you pull up,
do not you?
Mr. Beales. That is right.
Chairman Shelby. Or should.
Mr. Beales. That is why the availability of information is
important and it is why the accuracy of the information that is
provided is important, because it gives you a better gauge of
what the risk really is.
Chairman Shelby. Are there more or less adverse action
notices now than before?
In other words, are there more counter-offers?
Mr. Beales. there is offsetting influences. I think there
is more counter-offers that are accepted and that would push it
down. But there is more credit, and that would mean more
denials.
Chairman Shelby. Can you furnish that information for the
record to the Committee?
Mr. Beales. I doubt if we have it. But if we know, we will
be happy to furnish it for the record. We will see if we have
it.
Senator Bennett. Than before what?
Chairman Shelby. We are talking about before, let's say,
1971. Let's say 1996, the 1996 Amendments.
The timeframe. Before the 1996.
Senator Bennett. No. I want to see the benchmark.
Chairman Shelby. I amended my question.
Before 1996 and after 1996.
Mr. Beales. Okay. My suspicion is that we do not have any
information to answer that question. But we will look, and if
we do, we will certainly provide it.
Chairman Shelby. The use of risk-based pricing is what we
are getting at.
Technology has made it much easier to transfer, as we all
know, massive amounts of information and data, thereby
increasing the capability of credit reporting systems in many
ways.
We benefit from that.
Can you comment on whether or not technology has enhanced
the overall accuracy of credit reports? And do you have
anything at the FTC--have you done a study on that?
Mr. Beales. We have not done a study on that.
Chairman Shelby. It should be more accurate, shouldn't it?
Mr. Beales. I think technology has clearly enhanced the
speed of the reinvestigation process. It is made it possible to
reinvestigate, I mean, just the automated information exchange.
Chairman Shelby. It is the reaction to something.
Mr. Beales. Yes, yes. But the technology has made possible
automated information exchange both to get the information, to
report back to the furnisher that there is a dispute, and then
for the furnisher to report back the truth.
That can all happen much quicker than it used to.
We do not know of any objective measure of how accurate the
information is in credit reports that would be available over
time to say firmly whether it is more or less accurate, what is
actually been the trend in accuracy.
Chairman Shelby. Senator Sarbanes.
Senator Sarbanes. I will be very brief. I just want to make
sure that I understand the statutory framework that we are
dealing with here.
As I understand it, under FCRA, most State credit reporting
laws are not preempted unless there is a specific inconsistency
between the FCRA and the State law. And that we have also
enumerated certain exceptions in which there is a preemption of
any State law differing with the Federal provision.
Is that correct?
Mr. Beales. Yes, sir.
Senator Sarbanes. Okay. Now, if the preemption were allowed
to expire, you testified earlier that you might anticipate that
States might act in one or another of these areas in which they
heretofore have been preempted.
Presumably, if you were asked, you could indicate the areas
that you thought were most likely in which State action might
take place if they weren't blocked out from doing so because of
the preemption requirements.
Would that be the case?
Mr. Beales. One could look--there is an analysis like this
that has been done that I am not familiar with the details of.
One could look at the kinds of proposals that have been
made in State legislatures and get some sense of where the
States might be active and where they might not.
Senator Sarbanes. Who did that analysis to which you made
reference?
Mr. Beales. It was done by the Information Policy
Institute. This is the study that is ongoing on the effects of
losing different kinds of information from the credit reporting
system.
Senator Sarbanes. Could you provide that study to us?
Mr. Beales. It is not complete yet. I believe their
intention is to provide it to you as soon as it is complete.
Senator Sarbanes. And one could take this list of what
might be anticipated if there were not preemption and look it
over and make some judgment as to which of those possible
actions seem to be worthy in terms of protecting the consumer
interest.
And those standards could be incorporated into the Federal
law, could they not?
Mr. Beales. Certainly. Certainly.
Senator Sarbanes. That would maintain a national uniform
system with respect to credit, so you would not have this
fractionating that people are talking about, but would, in
effect, constitute a reexamination of the preemption areas in
terms of making a judgment whether we were fully keeping ahead
of what needed to be done to provide reasonable consumer
protection.
Could we not engage in such a process?
Mr. Beales. You certainly could.
Senator Sarbanes. Does the FTC have any plans to do so?
Mr. Beales. We have had an ongoing process of trying to
look at what kinds of changes might make sense, where balances
might be struck differently.
And at this point, the staff has not made any
recommendations to the Commission and the Commission doesn't
have any recommendations.
But it is something that we are very interested in. It
certainly is an alternative to change nothing, is to strike a
slightly different but still uniform national balance between
the conflicting interests.
Senator Sarbanes. This supposed conflict between the
consumer protection, particularly responding to new and changed
circum-
stances, and a uniform national market, need not be any
conflict at all if the consumer protection is provided to a
national standard.
Would that be correct?
Mr. Beales. I think if it is done uniformly by Congress,
and preemptively, so that it is not subject to another round of
changes that States would make subsequently, then, clearly,
that would preserve the uniform market and the question would
be, is that particular change a good change or not?
Senator Sarbanes. Yes, the reasonableness of the change.
Mr. Beales. Right.
Senator Sarbanes. But that would get you away from this, it
seems to me, some effort that is being made as though we only
have a Hobson's choice here.
Chairman Shelby. Right. Exactly.
Senator Sarbanes. Between fractionating the uniform market
or addressing some of the problems that consumers are
encountering, which, upon a reasonable examination, one could
conclude something needs to be done about them. And that would
be a way of doing something about them and sustaining the
uniform national market.
Is that not the case?
Mr. Beales. That is the case. For Congress to make a
different but uniform change would certainly do that.
Senator Sarbanes. Thank you very much, Mr. Chairman.
Chairman Shelby. Senator Bennett.
Senator Bennett. Thank you. Mr. Beales, I do not quite
understand the market for the services of the three providers.
There are now only three credit bureaus that you go to?
Mr. Beales. There are three large repositories. There are
hundreds of credit bureaus. Most of them are small credit
bureaus for purposes of the Act. Most of them are small and
local or specialized in some particular market in some way.
But there are three that qualify under the Act as,
``national credit bureaus.''
Senator Bennett. So as far as we are concerned, there are
really only three.
Mr. Beales. For most purposes, that is right.
Senator Bennett. You do not oversee the others.
Mr. Beales. We do.
Senator Bennett. Oh, you do.
Mr. Beales. We do. And we have brought cases involving some
of the others. Resellers, for example, are regulated as credit
bureaus.
I think, in thinking about the statute, it is important to
remember that there are all the others because sometimes things
that would make sense for the big three wouldn't work at all
for some of the other people.
And that is why they are important.
Senator Bennett. That is very helpful. And I hadn't
understood that before.
Can you provide us for the record with a breakdown of
volume between the big three, if we can call them that, and
then all of these others?
What percentage of the volume of credit reporting is
involved with the others, if you have it off the top of your
head? If not, you can provide it.
Mr. Beales. I do not. We will look and see if we can
provide it.
If it we can provide it, it will be from industry data and
not from anything we know.
Senator Bennett. Okay.
Mr. Beales. But we would be happy to look and see whether--
--
Senator Bennett. What would you be surprised if it were
more than?
Mr. Beales. I do not know if there is a more than that
would surprise me.
[Laughter.]
In terms of volume, it clearly is dominated by the big
three.
Senator Bennett. Okay.
Mr. Beales. The others are specialized and important in
their own way, but they are small players in the overall
market.
Senator Bennett. Okay. Let's deal with those three, then.
All right. I am a retailer. In addition to taking Visa
cards and MasterCard and Discover card and all of these others
who have taken a lot of the burden of my credit operation away
from me, I nonetheless maintain an in-house credit operation. I
offer credit to my customers.
On what basis would I make a choice between the three? Is
there, indeed, viable competition between them? And does that
competition--to tell you where I am going--does that
competition drive them, each one, to be more accurate than the
other two, more responsive than the other two, prettier
reports, fancier colors? What is the competition between the
three of them?
Mr. Beales. I think the competition is mostly about the
breadth and depth of the information that they can provide,
that it is based on--and different bureaus have made different
choices about where they try hardest to build relationships
with furnishers, who are ultimately the source of data.
One bureau may have stronger relationships in one
geographic area than in another and a different bureau may have
adopted a different competitive strategy.
Senator Bennett. Is there any evidence of users switching
from one to the other, deciding that the services from credit
reporting agency A somehow do not meet my needs as well? Are
there salesmen calling on users to say, switch to my brand?
Again, what I am driving toward is that if there is,
indeed, a market competition here, it is going to drive each
one to be as accurate as possible because the worst thing you
could do, it would seem to me, would be to be in the business
of reporting credit information and be wrong and thus lose
customers.
Now, do, in fact, customers shift and move from one to the
other?
Mr. Beales. I think customers do shift and move. I think
there is competition in this market in a very effective way. I
think there are market incentives for accuracy and the
competitive pressures are part of it.
However, I also think creditors care much more about some
kinds of mistakes than others. They really do not want to miss
bad information because, if they do, then they are going to get
burned with losses.
It matters less to the creditors who are buying the reports
if they are missing good information about you because they are
not going to suffer losses in the same magnitude.
So, I think there is a role for Federal oversight, for
regulatory oversight of accuracy. But I think there are also
important market incentives to keep the information as accurate
as possible.
Senator Bennett. Okay. Thank you very much. I am a great
believer in the market and the power of the market. And I think
that may be a greater policeman--I am going to lose this user
if I do not do a good job--than, gee, I have to check with my
lawyer to make sure that I am complying with every one of the
regulations out of the FTC.
Chairman Shelby. Senator Schumer.

STATEMENT OF SENATOR CHARLES E. SCHUMER

Senator Schumer. Thank you, Mr. Chairman. I want to thank
you for holding these hearings. You have been involved in this
issue a long time.
Back in 1995, I guess, you and Senator Bond, the bill that
you sponsored, set the stage for all of this. And I thank you
for that.
This area seems dull to people. But the bottom line is that
probably the credit markets have more effect on people than the
equity markets, even though we spend a lot more time on the
equity markets around here.
So, I think it is an important hearing and we have to be
really careful about it.
Just to make a point, I think it would be really bad to
fractionalize these markets. We all know that. There should be
a national market.
My view, an attempt to make it better, that risks
fractionalizing them, and you have to be real careful. But that
doesn't mean that, as you keep the markets national, you cannot
improve a bit of regulation.
I do not think we have that much variation here, although I
would warn my colleagues, in an attempt to open up, to move
into new areas, if we risk not keeping this Act intact, we run
a real danger.
I take it that you would agree with that.
Mr. Beales. The Commission hasn't taken a position on
preemption or not. I think the risks of fractionalization are
very real.
Senator Schumer. What would outweigh them in a national
credit market, other than the fact that the Commission hasn't
taken a position?
[Laughter.]
Mr. Beales. I think there are benefits from State
experimentation, if you will, in different approaches that may
work better in some particulars. And I think that is the trade-
off.
And as I say, the staff hasn't made a recommendation. The
Commission hasn't taken a position on how we think that balance
should be struck at this point.
Senator Schumer. And do you think the two are
irreconcilable, that you cannot have a national law and still
allow some State experimentation?
Mr. Beales. no, I do not think they are irreconcilable. And
I think the existing statute allows State experimentation in
many areas. But not in some.
Senator Schumer. And are there any that come to mind where
we should allow experimentation where we do not now?
Mr. Beales. Among the existing preemptions?
Senator Schumer. Yes.
Mr. Beales. No, there is none in particular I would single
out.
Senator Schumer. Good. You also, I guess, and this relates
to the question I was asking--I think you would agree--well,
let's quote Chairman Greenspan, somebody I have a lot of
respect for.
He says:

Limits on the flow of information among financial market
participants or increased costs resulting from restrictions
that differ based on geography, may lead to an increase in
price or a reduction in the availability of credit, as well as
a reduction in the optimal sharing of risk and reward.
As a result, I would support making permanent the provision
currently in the Fair Credit Reporting Act that provides for
uniform Federal rules governing various matters covered by the
FCRA and would not support allowing different State laws in
this area.

Now, as a careful student of Greenspan-speak, on that one,
there is not a lot of Paul Volcker cigar smoke floating around.
[Laughter.]
He's pretty clear. Do you--again, I am not asking you to
the outcome here, given the constraints of the Commission. But
do you share his concern that limits on information flow could,
``Lead to an increase in price or a reduction in the
availability of credit?''
Mr. Beales. That is certainly the risk. The Commission's
testimony quotes Chairman Greenspan saying essentially that,
minus the conclusion.
I think we agree that that is the risk. That is what is at
stake here.
Senator Schumer. Okay. Let me ask you about two specific
issues that I care about, that we might, as we look forward on
FCRA, want to involve ourselves with. I, at least, will be
careful about the admonition that we do not want to let this
whole deal lapse.
Identity theft. On this one, I have been very concerned
with identity theft. We have had a lot of problems in my State
with it.
But you can look at the glass being half full or half empty
in terms of FCRA as it relates to identity theft. Some would
say that our credit reporting system makes it easy to steal
identities. And others would say that the system makes it
easier to detect, catch, and remedy identity theft.
Do you have a view on that?
Mr. Beales. I think there is important senses in which they
are both right.
I think the regulatory approach that the FCRA strikes is, I
think, exactly the right approach that we need to take to think
about identity theft.
We need to be able to share this information. It is
important in many areas. But we need to try to restrict the
uses to which that information is put.
The problem of identity theft is the wrong people get
information and use it for the wrong purposes. But, I think
that the need to share that information for legitimate
purposes, including to prevent and detect identity theft, is
crucial.
Senator Schumer. Okay. And what about on making more
transparent the credit score?
Senator Allard and I, in the last Congress, introduced
legislation to do this. It was supported by lots of the
lenders, and we are planning to do it again. So that if a
mistake is made on your credit score or something is wrong with
it, that you get to see it, can get to challenge it, like we do
in so many other areas.
What is your view on that kind of improving, in my
judgment, that would improve legislation to allow people to see
what goes into their credit score?
Right now, they have no way of even knowing if there is a
mistake. It befuddles lots of people, and lots of lenders.
Mr. Beales. I think the key is the accuracy of the
underlying information because the algorithm that converts the
information in your file into a score is essentially a little
bit of computer code that does what it is going to do and
weighs the different information appropriately.
Senator Schumer. Sure.
Mr. Beales. And consumers can look at the information that
is the basis for that and correct the inaccuracies at that
level. And that, in fact, is ultimately what they have to do.
Whether they know the score or not, whether or not they
know the algorithm or not, the only way to fix it is to correct
the mistake in the underlying information that gave rise to the
erroneous score.
I think what is hard about more information about scores is
scores are different. You may have different scores for
different creditors and provided in different ways.
Senator Schumer. Different scores sometimes for the same
creditor, too.
Mr. Beales. Perhaps.
Senator Schumer. For different groups.
Mr. Beales. For different models or different groups,
absolutely.
Senator Schumer. But the system really is not working well
now, I do not think.
Do you think it is? Do you think consumers right now, under
the present system, really have the ability to correct errors,
unless they spend a whole lot of time and effort on it and it
is beyond their ken?
Mr. Beales. I believe there is some difficulty in
correcting errors. It is not the easiest thing in the world to
do. I think that is right.
I think it is a system that, as best we can tell, mostly
works. It doesn't work perfectly all the time. The mechanisms
to provide and assure accuracy we think are really important.
And we have worked very hard on the enforcement side to try to
make sure that they are in place and followed.
Senator Schumer. Okay. I had one more question, Mr.
Chairman I am trying to find it here.
[Pause.]
Oh, yes. One of the great debates we have always had in
this Committee is privacy rights, which again is a lot easier
to talk about in the abstract. And when you get into the
specifics and see the push and pull, I do not think it is as
clear and as easy.
But it has been a great concern, I know, to the Chairman
and to me. We had this debate on Gramm-Leach-Bliley.
And so, my final question to you is, should we, do you
think, address larger issues in a reauthorization of FCRA, like
identity theft, which I mentioned, but privacy in particular?
Or should we not?
You know, we could say, Gramm-Leach-Bliley is new. We
struck a balance there. Let's not go into other areas or let's
not change what we have done.
Mr. Beales. We have always thought that the FCRA is
fundamentally a privacy statute. And in that sense, you cannot
avoid addressing those parts of privacy because that is what
the FCRA is all about. That is one of its key objectives.
I think, frankly, that that part of privacy is complicated
enough, that it will likely keep you very busy in trying to
figure out what is the best answer here.
There are some parts and some of the identity theft issues
may be like this, that are so intimately related to the FCRA,
that they should be part of that process.
But from my own perspective, the more it can be kept
confined, the easier it is to deal with. And it is hard enough
to deal with as it is.
Senator Schumer. Do you know if the Administration has a
view on this? This is a key national issue and it is hard to
figure out what they think in terms of FCRA and privacy.
Mr. Beales. I do not believe that the Administration has
taken a position as yet.
Senator Schumer. Do you think they ever will?
Mr. Beales. Yes, I think they will.
Senator Schumer. Okay. Good.
Thank you, Mr. Chairman.
Chairman Shelby. Thank you. What is your sense as to the
general level of public awareness with regard to things like
the content of credit reports?
This is picking up a little on what Senator Schumer was
into.
In other words, you are the average person in America. What
is your general awareness regarding the content of their credit
report?
Mr. Beales. I think it is something that most people
probably never think about. I think if you ask them questions,
most people would have a reasonable sense of some of the core
elements, that their payment history is in there.
Chairman Shelby. If they do not, they should.
Mr. Beales. If they do not, they should. We have a wide
variety of consumer educational materials to try to enhance
consumers' understanding of what is there and why it matters.
But we do not have any measures of what they actually know.
Chairman Shelby. How can you disseminate information to the
consumer--that is all of us, not just in this room, but all of
us--to let us understand what credit scores are and how they
are used?
You have a computer model out there to rate all of this.
This is risk-based credit-scoring, in a way.
Right?
Mr. Beales. Yes, it is.
Chairman Shelby. You have a risk-based system. And the more
the consumer knows about how they are being rated, even if it
is complicated, the better off they'd be, wouldn't they, in the
long run?
The more information a consumer knows about things that are
rated that affects their lives, their credit and so forth.
Mr. Beales. In general, I certainly think that is right. I
mean, I think the complication in credit-scoring kinds of
models in particular is--you do not want consumers to be able
to play games with the system.
Chairman Shelby. Absolutely.
Mr. Beales. That would affect the validity of the
underlying model.
Chairman Shelby. I am not talking about playing games. I am
talking about just being aware.
Senator Schumer. Mr. Chairman.
Chairman Shelby. Yes, sir.
Senator Schumer. I just want to back him up. From what I am
told, some credit scores, if you have 10 credit cards, even
though you paid each one, you will end up with a different
credit score than if you have two.
Why shouldn't the consumer know that and let it go in? Yes,
when you ask consumers or even the people representing them,
why they got the following credit score, nobody has any idea.
Sure, you can get all your data about everything, but you
do not know what went into it or where there might be a mistake
and where there is not.
I am glad you brought it up, Mr. Chairman.
Chairman Shelby. The scoring, Senator Schumer, as you well
know, affects millions and millions of Americans' credit.
Senator Schumer. Yes.
Chairman Shelby. And I would say the average American, for
lack of better information on my part, has no clue as to how
their credit is rated, based on this computer model.
Senator Schumer. And they cannot get it.
Chairman Shelby. And they cannot get it.
Senator Schumer. That is the bill that Senator Allard and I
are trying----
Chairman Shelby. That is what we are both talking about.
Mr. Beales. Yes, I understand that. And I think there have
been a variety of changes in the industry to try to provide
consumers with more information about what goes into that score
in a big-picture sense and how it is computed and why it
matters.
We certainly have consumer education that tries to do the
same thing.
But I think, as you point out, the specifics of what goes
into a score depends on which score you are talking about
because different people use different models.
Chairman Shelby. That is exactly the point he was making.
Mr. Beales. That look at different information.
Chairman Shelby. Do the three credit, the big credit
houses, do they score--do they have a different model to score?
Mr. Beales. There is an industry leader, Fair Issacs, that
produces the FICO score. That is probably what most people
think of as credit scores.
Both users and I believe, I am not sure to what extent, but
both users and some credit bureaus have their own proprietary
scoring models that do things a little differently that they
think give a better perspective on risk.
Chairman Shelby. But it depends. If a consumer depends on
what credit house that evaluated their credit, depends on how
their credit is rated, perhaps, based on the model of assessing
their risk?
Mr. Beales. people differ--I mean, creditors differ. And
the extent to which they use just the score, there are
creditors who build their business around what they think is
their ability to differentiate the risks they face and the
risks that customers pose more finely than the standard scoring
model.
Chairman Shelby. That is underwriting, is not it, to a
certain extent. You are evaluating this risk here based on the
credit, based on, say if there is a property or something, a
mortgage, location of the property, everything that goes with
it, the appraisal of the property.
Mr. Beales. In a sense, it is underwriting. It is also the
initial credit decision.
Chairman Shelby. Yes.
Mr. Beales. And to take a group of consumers--and there are
powerful competitive incentives to do this--but to take a group
of consumers who may have the same credit score and to try and
spread them out in terms of those consumers, which ones are the
higher risk and which ones are the lower risk.
So it is really difficult to talk about. Your payment
history at this store over this period of time is an objective
fact that doesn't change. And we can make sure that that is
accurate in the credit report, and we can.
But your credit score depends on the model, depends on the
creditor, and it depends on the underlying information.
I agree consumers should understand much more about how it
is done. But it is much more complicated to try to explain and
to try to verify than the straightforward fact about a
particular piece of paper.
Chairman Shelby. Should we have some type of uniform model
adopted in the industry or industry-wide, rather than two or
three different ones that bring different results?
Mr. Beales. I think not. I mean that would, in essence, be
regulating the degree of credit risk that different lenders can
take on.
Senator Schumer. But----
Chairman Shelby. Go ahead, Senator.
Senator Schumer. Thank you. I would agree with you that we
shouldn't say what model. That is competition. But I do not see
why it shouldn't be transparent how the score came out.
My experience is, and you have said something a little
contradictory, so maybe I do not understand it well enough. I
apply for a mortgage. My neighbor applies for a mortgage. And I
just happen to know that I did not get it because my credit
score wasn't good enough, and he did. We live on the same
street in, let's say, Levittown, identical house. And I go over
my mistakes in my credit history and I ask him, and it seems
the same. And there is no way to really find out why I got
lower than him and what I could do to correct it.
And I go a step further. I also think that if a mistake was
made, like they say I missed a payment, but it was Jon Smith,
not John Smith, that there is virtually no way that I can
figure that out unless I have more information than the law
allows me to.
Am I wrong about that?
Mr. Beales. I think you can figure out the payment because
you know, and presumably, can verify from your own records,
hey, wait a minute. I wasn't late. I made my mortgage payment
on time, or I made that payment on time.
Senator Schumer. The credit company, if they are using the
last 5 years of mortgage payments and not the last ten, will
tell me?
At least my experience with this is it is a little more
complicated than you are making it out.
Yes, I know I did not miss a payment in 1992. But I do not
know if that is part of the formula and my credit score thinks
I did.
Mr. Beales. Okay.
Senator Schumer. Follow me?
Mr. Beales. I guess what I am saying is, if you have the
payment history right, if the payment history shows up in the
credit report correctly, and that information is all accurate
and you know whether that information is accurate or not, then
I do not think we have ever heard of a case where the numerical
calculation to convert that information to a score had an error
in it.
Computers are pretty good at arithmetic.
Senator Schumer. No, no, that is not what I am saying.
Mr. Beales. The problems are the accuracy of the underlying
data.
Senator Schumer. Yes, and there is no way of you knowing
whether that underlying data is correct or not right now.
Isn't that true?
Mr. Beales. No. The underlying data is your credit report.
And that information, you can know whether it is correct or
not.
Senator Schumer. But I don't know what exactly is going
into it.
Mr. Beales. You do not know exactly which pieces matter.
That is certainly correct. But if all of the information there
is accurate, then it is not going to affect your credit score.
The other thing, in the credit denial, if you get denied,
under the Equal Credit Opportunity Act, you get an adverse
action notice for that purpose as well. And it will identify
the top four reasons for that denial, the four things that most
contributed to your credit score being too low.
Senator Schumer. And then if I find one of them is
inaccurate and I wrote the credit company, they will correct
it?
Mr. Beales. When you notify the credit reporting agency,
that triggers the reinvestigation requirement. They have to go
back to whoever furnished that information. The furnisher
either has to verify the information or delete it.
Senator Schumer. And does that happen?
Mr. Beales. Yes, sir, it does.
Senator Schumer. Are there times when it doesn't?
Mr. Beales. Undoubtedly.
Senator Schumer. Which is more?
[Laughter.]
Mr. Beales. We think it happens far more often than it
doesn't.
Senator Schumer. Do we have data on that to know?
I am sorry, Mr. Chairman.
Chairman Shelby. No. I think what you are getting into is
very important.
Mr. Beales. I have seen data--there is an enormous number
of corrections that get made, of changes that get made.
Senator Schumer. I just find when you talk to your typical
mortgagor, when you talk to his real estate broker, his bank,
her bank, there is huge dissatisfaction with the mystery of
this system.
And it is not just some theoretical need to know, that it
creates--everyone scratches their head and cannot figure out a
whole lot of the outcomes here.
Am I wrong about that? The realtors made this one of their
big issues. They weren't doing it because everything is working
right.
Mr. Beales. I think what has tended to happen in response
to participants in the process being frustrated by not
understanding as much as they wanted to, is that more
information has been provided over time.
Whether that frustration is still there or not, I do not
know. That is not something that we experience on an ongoing
basis. But I think the fundamental answer of trying to explain
this system to consumers better, is exactly the right one. And
that is what we try to do in our consumer education materials.
Senator Schumer. Thank you, Mr. Chairman.
Chairman Shelby. Could we say, as far as scores go, there
is pervasive use and limited consumer understanding?
Obviously, I bet there is not two people in this room,
maybe five, that would explain--maybe the credit bureau people
here--but that could explain that scoring.
Senator Schumer. Maybe one of them brought the little black
box.
Chairman Shelby. Yes, the little black box.
[Laughter.]
So, I think the case has been made for very limited, at
least at this period--we will have more hearings--but for
limited consumer understanding of how they are scored.
Mr. Beales. I think they certainly do not understand the
details of how their scores are calculated.
What credit scoring replaced was a system that was
essentially judgmental, which I think was, if anything, less
transparent to consumers.
Chairman Shelby. This is judgmental, too. It is just done
by computer.
Right? It is based on a model of so and so.
Mr. Beales. It is based on objective data, as opposed to
being based on my personal assessment of you and whether you
are a good credit risk or not.
Chairman Shelby. I did not say it was good or bad. It may
be a big improvement. I am just saying it is still a judgment
is made.
Mr. Beales. Yes, I think that is right.
Chairman Shelby. By an individual or by a computer.
Mr. Beales. The judgment is made based on actual experience
analyzed in a statistically rigorous fashion.
Chairman Shelby. And no human flesh.
Mr. Beales. Right, as opposed to my opinion based on
whatever it might be based on.
Chairman Shelby. Senator Sarbanes mentioned earlier that we
balance all interest legislatively, or try to balance.
That is part of the legislative process.
We have talked about preemption, the merits of it, the
problems with it, and so forth. But he asked you, as I
understood it, could this be balanced?
Could the case be made--I am talking up here and later--for
preemption which would benefit the creditors, benefit the
consumers, ultimately, our national system, and at the same
time, a standard for the consumers, you know, improve the
standard for the consumers on notice and a lot of other things.
Identity theft concerns and so forth.
Mr. Beales. I think, certainly, that that can be done.
Chairman Shelby. Balancing the interest, is it not?
Mr. Beales. It is a balancing of the interests. And we have
tried on an ongoing basis to assess whether there are problems,
where there may be the possibility for improvements that would
make the system work better.
That, presumably, if you did not extend preemption,
presumably, that is the process that individual States would go
through.
But you can do that here, too.
Chairman Shelby. And the possibility of Balkanization,
doesn't it?
Mr. Beales. Yes, it does. You can do it here and have it
uniform and an improvement as well, if in fact the particular
change is an improvement.
Chairman Shelby. Your testimony is made part of the record
and then some of your oral testimony here, is full of
references to the dynamic nature of the credit markets.
How do you make sure that the FCRA, the Fair Credit
Reporting Act, legal regime and the interests that it is
supposed to balance and protect, stays abreast, stays up with
the real-world developments in these markets?
And what are your views as to the adequacy of the current
regulatory structure? Is the Commission that you work with, the

enforcement authority enough, or is there a need to expand your
role to provide you with rulemaking authority? Are there other
ways that we should consider to build in greater flexibility to
help you do your job?
Mr. Beales. The Commission has not taken a position at this
point about rulemaking authority for the Commission. I think,
generically, it is a good practice for regulators and it is
good practice for the Congress to periodically review how
regulations and regulatory schemes fit with the real world and
whether they need to be adapted in light of underlying changes.
Chairman Shelby. Okay. We appreciate your appearance here
today. We look forward to working with you, and we thank you.
Mr. Beales. We thank you.
Chairman Shelby. The hearing is adjourned.
[Whereupon, at 4:35 p.m., the hearing was adjourned.]
[Prepared statements, response to written questions, and
additional material supplied for the record follow:]

PREPARED STATEMENT OF SENATOR ELIZABETH DOLE

I would like to thank both you and Ranking Member Sarbanes for
agreeing to hold this hearing on the issues raised by the
reauthorization of the Fair Credit
Reporting Act. Enacted in 1970, the Fair Credit Reporting Act has
served an important role in this Nation. In the time since its first
passage it is astounding to consider the fundamental changes which have
occurred in our credit system. In 1970, credit card charges over $20
required the store owner to call the creditor and have a staffer go
through a card catalog system to approve the transaction. Today, it
takes just seconds, even when you are on the other side of the world.
While we take this innovation for granted it demonstrates how
fundamentally our system of payments has changed.
In addition, the benefits of the Fair Credit Reporting Act have
also been responsible for many of the advancements in how we choose
financial products which best meet our needs. A system of fairly and
rapidly assessing an individuals financial responsibility ensures that
people can have quick access to competitive offers for credit,
insurance, or other financial products. Clearly, our current credit
system has been one of our Nation's best assets to benefiting
individuals at every level of the economic ladder. This unprecedented
access to credit combined with the low cost for credit realized through
the efficiencies produced by law have created new opportunities for
people who have never had access to credit before. No longer is
collateral essential in qualifying for a loan, people can now raise
themselves on the ladder of economic success simply by proving that
they can responsibly handle their financial affairs.
Given this opportunity to reauthorize the Fair Credit Reporting
Act, we must
ensure that our actions do not result in increases in the cost of
credit and lower access to credit. To do so could have harmful effects
on our recovering economy. At the same time we must ensure that the law
applies to everyone fairly and that the system to protect consumers
against questionable material on credit reports operates efficiently
and effectively.
I look forward to hearing the thoughts and observations of our
witness and to working with all of my colleagues on the Committee as we
reauthorize this very important law this year.
Thank you.

----------

PREPARED STATEMENT OF SENATOR TIM JOHNSON

Chairman Shelby, thank you for holding today's hearing on the Fair
Credit
Reporting Act. While FCRA is not exactly a household name, our Nation's
credit-granting system is one of the bright points in our otherwise
lackluster economy. Outstanding consumer credit has grown from $556
billion in 1970 when FCRA was
enacted to $7 trillion today, accounting for over two-thirds of U.S.
gross domestic product. Which is why today's hearing is so timely.
Unless we act by the end of the year to reauthorize FCRA's preemption
provisions, we risk striking a terrible blow to our economy by our
inaction.
As today's witness has noted in his very thoughtful written
testimony, ``the consumer reporting industry, furnishers, and users can
all rely on the uniform framework of the FCRA in what has become a
complex, nationwide business of making consumer credit available to a
diverse, mobile American public.'' Yet if we fail to act by January 1,
2004, this uniform reporting system could break into as many as 50
credit reporting systems, all with different standards, different
requirements, and different procedures.
Most people do not know much about our credit reporting system
because it works so well. It does not occur to people to learn about
what goes into a credit report until they get turned down for credit.
And under the FCRA, those who do get turned down receive all the
protections that come with a so-called ``adverse action.'' They have
the right to a free credit report; they have the right to dispute what
information is contained in that report; they have the right to a quick
investigation of the information; and they have the right to a timely
correction. And those rights apply to everyone, regardless of whether
they live in South Dakota or Alabama.
Full-file credit reports are unique to the United States. Unlike
other countries, where only consumers with negative credit history have
any kind of record, our system encourages data furnishers to report
both negative and positive credit history, all on a voluntary basis.
This information allows lenders to make informed decisions about a
given consumer's credit risk and to make better lending decisions.
These decisions are good for consumers in a variety of ways. For
some, full-file reporting may allow a lender to take a chance on a
consumer whose positive credit history may offset a past credit
impairment. For others, more complete information may help a lender to
decide not to extend more credit than a consumer can handle.
By the same token, full-file reporting helps lenders make sensible
decisions that keep our financial institutions safe and sound. Poor
lending decisions affect all of us through institutional instability
and an increased cost of credit.
Other elements of FCRA are also critical to our credit-granting
system. For example, in the modern economy, it's important to maintain
a nationwide standard under which corporate affiliates may share
information. Experts such as Chairman Greenspan have emphasized the
need for national businesses, which serve customers in all 50 States,
to have uniform standards across those 50 States. Failure to maintain
this uniformity would jeopardize many of the efficiencies gained
through information technology and wider consumer choice.
Mr. Chairman, I believe that a uniform national credit reporting
system must be maintained, which is why I introduced the Economic
Opportunity Protection Act of 2003, S. 660, which would extend the
preemption provisions currently contained in FCRA.
At the same time, I commend you for holding the first in what I
hope will be a series of hearings on the FCRA. As Congress noted when
it created the FCRA, consumer credit ``is dependent upon fair and
accurate credit reporting.'' Therefore, it is appropriate for Congress
to look at whether the statute is working properly and whether any of
the provisions need to be amended to reflect changes in the
marketplace.
I understand many on this Committee and in the Administration have
a particular interest in identity theft, and I share this concern. In
fact, I believe that a uniform national credit reporting system, if
used properly, can be one of our most effective weapons to combat this
growing problem. I hope as part of this year's discussion about FCRA,
we can work together to develop solutions to what is a relatively new,
yet extremely damaging, crime.
That said, I am disappointed that the Administration has yet to
develop a position on this critical issue. It appears the Federal Trade
Commission is also unwilling to tell this Committee its position on
whether it is important to maintain a uniform national standard for our
credit reporting system. I would urge the Administration over the
coming weeks to devote more attention to the imminent expiration of
FCRA preemption provisions and to develop a recommendation that can
inform Congress' deliberation on this issue.
Mr. Chairman, I look forward to today's testimony.

----------

PREPARED STATEMENT OF SENATOR JIM BUNNING

I would like to thank you, Mr. Chairman, for holding this very
important hearing and I would like to thank our witness for testifying
today.
Today, we have the first of a number of hearings on the Fair Credit
Reauthorization Act. As we all know, FCRA is a huge issue for the
financial industry and consumer groups. There are some who think we
need to pass a clean FCRA, some who think we should pass FCRA but with
additional privacy and identity theft protections and some who think
privacy decisions would be left to the States. I believe these hearings
will be a great help to Members in deciding which is the best course of
action to take.
I have been involved in the privacy debate for a number of years.
During the early 1990's, I worked with the Kentucky General Assembly to
remove the Social Security number for Kentucky drivers' licenses. In
the House, as Chairman of the Social Security Subcommittee of the Ways
and Means Committee, I led the effort to stop the Social Security
Administration from posting SSA earnings online. And of course, all of
us who were on this Committee in 1999 were deeply involved in privacy
issues during Gramm-Leach-Bliley.
I certainly believe more can be done to prevent identity theft. I
would like to see more restricted use of the Social Security number. I
would like to see those who have had the privacy stolen to have better
means to get their credit problems fixed. And I, like everyone else,
would like to stop getting flooded with mail and getting solicitation
calls during dinner.
But I have another concern. I am very concerned about this economy.
I am very worried about the possibility of a double-dip recession. I
know that puts me at odds with more optimistic economic experts, like
Chairman Greenspan, but we have disagreed before. We are not growing
like we can, and we are not creating jobs. There are many reasons for
this. I believe Chairman Greenspan acted way to slow to cut rates back
in early 2001. He should have cut them in the fall of 2000. The
corporate governance scandals have hurt trust in the markets. Sarbanes-
Oxley and other actions have helped, but it will take a long time for
corporate America to rebuild that trust. September 11, had a
devastating effect on our economy. The two wars we have had since then
have also not helped.
The reason why most of these events have been so harmful to this
economy is because they have created uncertainty in our markets. If
there is one thing that shakes the markets, it is uncertainty. I am
afraid that talk of not renewing FCRA is creating a lot of uncertainty
in the financial markets. If we have 50 different privacy standards, it
will be difficult for financial companies to sell their products
nationwide. If counties and municipalities get in the act, and some
already have, it will be even more difficult.
I think it is crucial that we pass an FCRA extension this year. We
must bring some certainty back to the markets if we are ever going to
grow this economy and prevent a double-dip.
Again, Mr. Chairman, thank you for holding this important oversight
hearing.

----------

PREPARED STATEMENT OF SENATOR DEBBIE STABENOW

Thank you, Mr. Chairman. I will be brief because I want to get
quickly to our witness today. I appreciate your calling this hearing
and I hope that we, as a Committee, will move quickly to address the
expiring provisions of the Fair Credit Reporting Act.
This session of Congress is going to move quickly and with just
over 14 actual work weeks left before our target adjournment, the
sooner we can began to move, the greater chances of having a thorough
debate and passing the must-do legislation behind today's hearing.
The FCRA has served our country well over the past 33 years.
Indeed, as a result of the statue, the improved access to consumers'
previous credit-related behavior has allowed creditors all over the
country to extend credit more quickly and priced on appropriate risk.
People with low-credit risks as a result of FCRA can now get lower
rates and those with higher risks can now get credit with higher rates
when previously they would have probably just been denied any credit at
all. In addition, we no longer have to wait days and days or even weeks
to get credit decisions. We can get them instantaneously. Furthermore,
credit scoring models have taken much of the arbitrariness and guess
work out of extending credit. All of this makes our economy more
efficient saving time and allowing us to allocate the costs of
borrowing appropriately.
Mr. Chairman, I believe we should do everything we can to bolster
the system we have in place today. I hope as we reexamine the FCRA we
will be careful to take no actions that would undermine or limit the
effective and appropriate sharing of credit information. I also hope
that we would make sure that consumers have full information about and
absolute control over their personal credit information. We should also
ensure that there are appropriate privacy safeguards under our law.
I commend you for your leadership on this issue, Mr. Chairman, as
well as others on our Committee such as Senator Tim Johnson who has
taken an active interest and has his own legislation dealing with FCRA.
I look forward to working with all of my colleagues as we take up the
reauthorization of the expiring provisions of the FCRA and I look
forward to our FTC witness, before us today.
Thank you.

----------

PREPARED STATEMENT OF J. HOWARD BEALES, III
Director, Bureau of Consumer Protection, U.S. Federal Trade Commision
May 15, 2003

Introduction
Mr. Chairman and Members of the Committee, my name is Howard
Beales, and I am Director of the Bureau of Consumer Protection of the
Federal Trade Commission (Commission or FTC). I am pleased to have this
opportunity to provide background on the Fair Credit Reporting Act
(FCRA).\1\ The Commission has played a central role in interpreting and
enforcing the FCRA since the law was enacted in 1970. I appreciate the
opportunity to discuss the FCRA and its role in regulating credit
report information.
---------------------------------------------------------------------------
\1\ While the views expressed in this statement represent the views
of the Commission, my oral presentation and responses to questions are
my own and do not necessarily reflect the views of the Commission or
any individual Commissioner.
---------------------------------------------------------------------------
Consumer Credit Reporting
The development of consumer credit was a phenomenon of the post-
World War II years. Prior to that time, consumer credit relationships
were largely personal because many consumers lived in one place all
their lives and dealt only with local merchants and banks. After World
War II, the American population grew and became vastly more mobile.
Consumer credit also exploded for many reasons, including pent-up
demand for consumer goods and services and fading of the cash-only
Depression psychology. At the same time there was an increased demand
for homeownership. In response, the Government supported the growth of
a long-term consumer credit market. For all these reasons, the amount
of consumer credit outstanding has grown exponentially.\2\ Indeed,
consumer spending accounts for over two-thirds of U.S. gross domestic
product and consumer credit markets drive U.S. economic growth.\3\
---------------------------------------------------------------------------
\2\ In 1946, the beginning of the post-war period, total
outstanding consumer credit stood at $55 billion; by 1970, the time of
enactment of the FCRA, it had grown to $556 billion. [Figures adjusted
for inflation.] Today it is $7 trillion. See Fred H. Cate, Robert E.
Litan, Michael Staten, and Peter Wallison, ``Financial Privacy,
Consumer Prosperity, and the Public Good: Maintaining the Balance,''
AEI-Brookings Joint Center for Regulatory Studies, March 2003, at 1.
\3\ Id. at 8.
---------------------------------------------------------------------------
The credit reporting industry developed in tandem with the
burgeoning of consumer credit. Early on, credit reporting was local or
regional and relatively unsophisticated; the amount of information
collected was limited and not standardized. Credit bureaus (consumer
reporting agencies) \4\ manually recorded consumer information on index
cards, updated irregularly, and often retained indefinitely. Over time,
however, small credit bureaus grew to become large repositories of
information on consumers.\5\
---------------------------------------------------------------------------
\4\ ``Consumer reporting agency'' is the term used in the FCRA, and
reflects the fact that consumer information is collected and reported
for a variety of purposes in addition to credit transactions. In common
terminology, however, the agencies are known as ``credit bureaus'' or
``credit reporting agencies.'' (Similarly, ``credit report'' and
``credit history'' are commonly used nontechnical terms for ``consumer
report.'') The term ``repository'' is most often reserved for the
large, national bureaus that collect and store information on over 190
million consumers. The ``repository'' agencies, in turn, are sometimes
referred to as the ``big three,'' in recognition of the three major
companies that have predominated for several years--Equifax, Experian,
and TransUnion. A fourth company, Innovis Data Services (an affiliate
of CBC Companies), also maintains ``a national database of consumers
with unfavorable current or past credit histories.'' See http://
www.innovis-cbc.com/products.htm.
\5\ For a more complete recitation of the early history of the
consumer reporting industry, see Retail Credit Co., 92 F.T.C. 1 at 134-
36 (1978).
---------------------------------------------------------------------------
Today, the credit reporting system, consisting primarily of three
main credit bureau repositories, contains data on as many as 1.5
billion credit accounts held by approximately 190 million
individuals.\6\ Creditors and others voluntarily submit this
information to centralized, nationwide repositories. Lenders analyze
this data and other information to develop sophisticated predictive
models to assess risk, as reflected in the consumer's credit score.\7\
The flow of information enables credit grantors to make more
expeditious and accurate credit decisions, which benefits consumers as
a whole. These benefits are illustrated by a study of credit bureau
files that found that nearly 20 percent of the currently reported
active accounts had been open for less than 12 months.\8\
---------------------------------------------------------------------------
\6\ See ``An Overview of Consumer Data and Credit Reporting,''
Federal Reserve Bulletin, February 2003, at 49.
\7\ Scoring products are based on analyses of historical consumer
credit data, which allow creditors to develop models that help them
predict the risk of default of a particular consumer. (The products are
thus sometimes referred to as ``risk scores'' or ``credit scores.'')
When the consumer applies for credit or other goods or services, the
scoring programs that are developed from the complex analysis of past
data compare the scoring factors to the individual information of the
particular consumer, with the result reflected in a score that is
generated for that application.
\8\ See ``An Overview of Consumer Data and Credit Reporting,''
Federal Reserve Bulletin, February 2003, at 52, table 2 (``All credit
accounts and balances. . .'').
---------------------------------------------------------------------------
The modernization of credit reporting has played a key role in
providing American consumers rapid access to consumer credit. It was
not that many years ago that applying for credit required a personal
visit to a loan officer. The loan officer, if he did not know you
personally, contacted your references, including other creditors,
before making a decision on your application. If you were new to the
community or applying for credit for the first time, you might get
turned down or be approved for only a small, entry-level loan. The
decision would often take days and would be based solely on the
judgment of the loan officer.
By contrast, consumers today can use the Internet from the comfort
of their home to comparison shop for a wide array of credit products
and get a virtually instantaneous offer, including rate and other
terms. Or, they can obtain a five-figure loan from an auto dealer they
have never been to before and drive a car away from the showroom the
same day. In each instance, their eligibility for the lowest rate or
most favorable terms depends on a sophisticated credit scoring system
that produces rapid, reliable scores based on information from a
consumer report.
Chairman Greenspan of the Board of Governors of the Federal Reserve
System put it well when he recently testified that ``. . .there is just
no question that unless we have some major sophisticated system of
credit evaluation continuously updated, we will have very great
difficulty in maintaining the level of consumer credit currently
available because clearly, without the information that comes from
various credit bureaus and other sources, lenders would have to impose
an additional risk premium because of the uncertainty before they make
such loans or may, indeed, choose not to make those loans at all. So it
is clearly in the interests of consumers to have information
continuously flowing into these markets. It keeps credit available to
everybody, including the most marginal buyers. It keeps interest rates
lower than they would otherwise be because the uncertainties which
would be required otherwise will not be there.'' \9\
---------------------------------------------------------------------------
\9\ Remarks following testimony by Alan Greenspan, Chairman of the
Board of Governors of the Federal Reserve System, April 30, 2003, House
Financial Services Committee, at 12.
---------------------------------------------------------------------------
Before describing some of the primary elements of the FCRA, let me
describe briefly how the consumer reporting system works in this
country today. Creditors voluntarily report account histories to
consumer reporting agencies.\10\ Typically, creditors report full
account payment information, both ``positive'' information that the
account is current, as well as ``negative'' information, such as
delinquencies and collection accounts.\11\ This contrasts with
practices in some other countries (and, indeed, with some credit
bureaus in the early years of their development in this country) where
only negative payment history is reported.\12\
---------------------------------------------------------------------------
\10\ Each of the three national credit reporting companies receives
more than 2 billion items of information each month. See ``An Overview
of Consumer Data and Credit Reporting,'' Federal Reserve Bulletin,
February 2003, at 49.
\11\ Although the majority of creditors report full account
information, some types of accounts are typically reported only when
the payment history turns negative, most often when the debt is
transferred to a debt collector. Accounts related to medical debts,
telecommunications, and power companies are the most common examples.
See ``An Overview of Consumer Data and Credit Reporting,'' Federal
Reserve Bulletin, February 2003, at 50, 68. To the extent that
consumers have positive payment history only from nontraditional credit
such as rent and utilities, this may limit their access to credit.
\12\ See, e.g., The World Bank, ``World Development Report 2002,''
at 95 (2002); John M. Barron and Michael Staten, ``The Value of
Comprehensive Credit Reports: Lessons from the U.S. Experience,'' at
14, available online at http://www.privacyalliance.org/resources/
staten.pdf (2000) (comparing the United States comprehensive credit
reporting system to the Australian negative-information-only system).
---------------------------------------------------------------------------
Although the credit reporting industry has developed uniform
reporting formats and methods,\13\ not all creditors necessarily report
to all major repositories. Moreover, credit reporting agencies have
different schedules and procedures to augment individual consumer files
with updated data from creditors. Consumer reporting agencies also
obtain information from other sources, such as public record data. For
all of these reasons, at any given point in time, each of the credit
reports on an individual as supplied by the three major repositories
may contain somewhat different information.\14\ As a result, in the
residential mortgage market, for example, creditors use credit reports
produced by resellers who consolidate the data available from the three
major repositories.
---------------------------------------------------------------------------
\13\ See http://www.cdiaonline.org/data.cfm for information on the
uniform reporting format utilized by most creditors and other
furnishers of information to consumer reporting agencies.
\14\ See ``An Overview of Consumer Data and Credit Reporting,''
Federal Reserve Bulletin, February 2003, at 50-51, 70-71.
---------------------------------------------------------------------------
When a consumer applies for credit, lenders obtain consumer reports
by providing identifying information on the consumer to the credit
bureau. The credit bureau provides a full report listing all accounts
and payment histories and/or a credit score, which is a numerical
classification based on information in the consumer report.\15\ The
credit agencies also handle other functions (including those required
by the FCRA, such as responding to consumer disputes) through uniform
industry
processes.\16\ The importance of these additional functions has grown
along with concerns about identity theft,\17\ because credit reporting
agencies play a major role in limiting the damage and correcting the
fraudulent records that identity thieves leave behind.
---------------------------------------------------------------------------
\15\ Between 2 and 3 million consumer reports are issued by credit
bureaus each day. See http://www.cdiaonline.org/about.cfm. For a brief
description of scores, see Note 7, supra.
\16\ The Consumer Data Industry Association (CDIA) is a trade
association for major consumer reporting agencies. Among other steps to
promote standardized automated procedures between and among consumer
reporting agencies and furnishers of information to agencies, CDIA
oversees a system for credit bureaus to forward consumer disputes to
furnishers for investigation. Disputes are forwarded on standardized
Automated Consumer Dispute Verification (ACDV) forms. The system now
has a web-based component, E-OSCAR, that is intended to further enhance
the flow of consumer disputes, update information, and other data. The
automated dispute system not only provides a uniform format for
conveying the disputes, it also serves an implicit authenticating
function--a creditor who receives a consumer dispute via the system
knows that the forwarding entity has been approved by CDIA for use of
the system.
\17\ Identity theft occurs when someone commits fraud by using
another person's identifying information, such as date of birth, Social
Security number, or credit account numbers. The fraud could include
applying for or using credit in another's name, obtaining bank loans,
employment, utility services (including cell phones), or similar
illegal conduct in the ``true name'' identity of the consumer whose
information was misappropriated.
---------------------------------------------------------------------------
FCRA Overview
Background
Along with the growth of consumer credit, and the parallel
development of consumer reporting agencies, concerns began to surface
about the treatment of consumer information in credit reporting. The
credit reporting industry had evolved piecemeal, and there was little
consistency in methods of data collection or, before the FCRA,
standards of retention or accuracy. For example, there were no Federal
legal restrictions on access to consumer credit data, so reporting
agencies were free to share a wide range of information with credit
grantors and others, without regard to the purpose for which the
information was sought. Consumer awareness of credit reports was low
due, in part, to the fact that users of reports were contractually
prohibited by credit bureaus from disclosing the reports to
consumers.\18\ Even if a consumer could learn what was in his or her
credit report, there was no way for the consumer to challenge erroneous
information.
---------------------------------------------------------------------------
\18\ Congress was especially concerned about this lack of awareness
in the context of ``investigative consumer reports''--reports on a
consumer's character, general reputation, personal characteristics, or
mode of living, obtained through personal interviews with neighbors,
friends, or associates of the consumer--and thus provided special notice
and disclosure requirements, together with other provisions, for
investigative reports. Section 606 of the FCRA; 15 U.S.C. Sec. 1681d.
---------------------------------------------------------------------------
In response to rising concerns about the consumer reporting system,
and recognizing its importance to business and consumers, Congress held
hearings that
resulted in passage of the FCRA to provide a framework for the industry
and to secure protections for consumers. In enacting the FCRA, Congress
specifically recognized that consumer credit ``is dependent upon fair
and accurate credit reporting.'' \19\
---------------------------------------------------------------------------
\19\ Section 602(a)(1), the Congressional findings and statement of
purpose for the FCRA. 15 U.S.C. Sec. 1681(a)(1).
---------------------------------------------------------------------------
The 1970 FCRA imposed duties primarily on consumer reporting
agencies, with very limited requirements on those that use credit
reports, and no provisions aimed at those who furnished information to
the reporting agencies.
The consumer reporting industry and the consumer credit economy
changed tremendously in the decades following the enactment of the FCRA.
The computerization of credit histories into vast databases accelerated
markedly. The industry further consolidated, eventually comprising
three major credit bureau repositories that maintain large, automated
databases of consumer information, and a limited number of other
agencies.\20\ Logistical challenges associated with increased
computerization and further changes in the industry led to an increase
in complaints about mixed files--inclusion in a single file of
information belonging to two or more different individuals--and other
consumer report inaccuracies. More generally, the American public has
become increasingly aware of privacy issues related to personal
information.
---------------------------------------------------------------------------
\20\ At present, the three largest bureaus are TransUnion, Experian
(formerly owned by TRW), and Equifax. Although some local bureaus still
remain, most are affiliated in some fashion with one of the ``big
three'' repositories. The industry has also witnessed the emergence of
companies that collect and report specialized information such as check
writing histories, rental records, and employment applications. The
1990's saw the growth of ``resellers,'' consumer reporting agencies
that purchase consumer information from one or more of the major
repositories and then resell it, usually after reformatting,
categorizing, or otherwise treating the information. All of these
entities are covered by the FCRA.
---------------------------------------------------------------------------
In 1996, after several years of legislative consideration, Congress
passed significant amendments to the FCRA. The amendments built on the
core elements of the original FCRA and provided added protections to
consumers in several key areas. The amendments also permitted greater
sharing of consumer report information by affiliated companies under
certain conditions,\21\ and granted more flexibility to creditors and
insurers in making prescreened offers, for example, obtaining lists of
consumers based on consumer report information, in order to make offers
of credit or insurance to consumers who the offeror deems
qualified.\22\ Let me briefly review some of the important elements of
the FCRA as it stands today, 33 years after its original passage.
---------------------------------------------------------------------------
\21\ Section 603(d)(2)(A)(iii) exempts from the FCRA communication
of information among affiliates, if it is clearly and conspicuously
disclosed to the consumer that the information may be communicated and
the consumer is given the opportunity to opt out of such information
sharing. 15 U.S.C. Sec. 1681a(d)(2)(A)(iii).
\22\ Prescreened offers, which are discussed in more detail below,
are unsolicited ``firm offers'' of credit or insurance that are based
on information from consumer reports. Generally they take the form of
lists of consumers to whom credit grantors make offers of credit--the
most obvious example is mailed promotions of credit cards. These lists
are assembled by credit bureaus based on criteria set by the credit
grantor; the bureau screens its consumer files (except those that have
opted out of prescreened offers) for all consumers who meet the
creditor's criteria. Generally speaking, the FCRA requires that all
consumers who survive the prescreen must receive a ``firm offer'' of
credit. Prescreened lists are thus an exception to the general rule
that credit reports can be furnished only when a consumer initiates a
transaction or has a preexisting relationship with the creditor seeking
a copy of the report. See H. Rep. 103-486, 103rd Cong., 2nd Sess., 32-
33 (1994).
---------------------------------------------------------------------------
Key FCRA Provisions
As I discussed earlier, the FCRA establishes a framework that
enables businesses to engage in the information exchanges necessary for
the proper functioning of the credit markets. At the same time, it
provides corresponding consumer protections in two vital areas--privacy
and accuracy. It is important to keep in mind that, notwithstanding its
title, the Fair Credit Reporting Act has always covered more than what
are conventionally termed ``credit reports.'' It applies generally to
any information collected and used for the purpose of evaluating
consumers' eligibility for products and services that they want. Thus,
the FCRA has always applied to insurance, employment, and other
noncredit consumer transactions.\23\ The focus here will be on credit
reporting, but the same basic regulatory structure applies to all
consumer reports.
---------------------------------------------------------------------------
\23\ ``It is the purpose of this title to require that consumer
reporting agencies adopt reasonable procedures for meeting the needs of
commerce for consumer credit, personnel, insurance, and other
information. . .'' Section 602(b) of the FCRA; 15 U.S.C. Sec. 1681(b).
---------------------------------------------------------------------------
Privacy
As recognized by Congress in its initial passage of the FCRA, the
confidentiality of consumer report information is a fundamental
principle underlying the statute.\24\
---------------------------------------------------------------------------
\24\ The Congressional findings note the ``. . .need to insure that
consumer reporting agencies exercise their grave responsibilities with
fairness, impartiality, and a respect for the consumer's right to
privacy.'' Section 602(a)(4); 15 U.S.C. Sec. 1681(a)(4). Under the
``reasonable procedures'' portion of the statement of purpose for the
FCRA, Congress noted the importance of the ``confidentiality'' of
consumer report information. Section 602(b); 15 U.S.C. Sec. 1681(b).
---------------------------------------------------------------------------
Permissible purposes. The FCRA is designed to protect consumer
privacy in a number of ways. Primarily, it limits distribution of
credit reports to those with specific, statutorily defined ``permissible purposes.'' \25\ Generally, reports may be provided for the purposes of
making decisions involving credit, insurance, or employment.\26\ Consumer reporting agencies may also provide reports to persons who have a
``legitimate business need'' for the information.\27\ Under the FCRA, Government agencies are treated like other parties--that is, they must
have a permissible purpose to obtain a credit report.\28\ The written instructions of the consumer may also provide a permissible purpose for a consumer reporting agency to furnish a credit report.\29\ Under the FCRA, target marketing--making unsolicited mailings or telephone calls to
consumers based on information from a credit report--is generally not a
permissible purpose.\30\ In a 1992 Commission action to enforce the
FCRA against a consumer reporting agency that sold target marketing
lists assembled using consumer report information, the court of appeals
held that ``. . .a major purpose of the Act is the privacy of a
consumer's credit-related data.'' \31\ If consumer information is ``so
sensitive as to rise to the level of a consumer report,'' then it must
``. . .be kept private except under circumstances in which the consumer
could be expected to wish otherwise or, by entering into some
relationship with a business, could be said to implicitly waive the
Act's privacy to help further that relationship.'' \32\
---------------------------------------------------------------------------
\25\ What constitutes a ``consumer report'' is a matter of
statutory definition (Section 603(d); 15 U.S.C. Sec. 1681a(d)) and case
law. Among other considerations, to constitute a consumer report,
information must be collected or used for ``eligibility'' purposes.
That is, the data must not only ``bear on'' a characteristic of the
consumer (such as credit worthiness, credit capacity, character,
general reputation, or mode of living), it must also be used in
determinations to grant or deny credit, issue insurance, make
employment decisions, or make other determinations regarding
permissible purposes. TransUnion Corp. v. FTC, 81 F.3d 228, 234 (D.C.
Cir. 1996).
\26\ Section 604(a)(3); 15 U.S.C. Sec. 1681b(a)(3). Credit reports
may also be furnished for certain on-going account-monitoring and
collection purposes.
\27\ 15 U.S.C. Sec. 1681b(a)(3)(F). See also Note 33, infra, and
text accompanying.
\28\ Under Section 608 of the FCRA, Government entities may obtain
limited identifying information (name, address, employer) without a
``permissible purpose.'' 15 U.S.C. Sec. 1681f. The FCRA, additionally,
now contains express provisions on Government use of consumer reports
for counterintelligence and counter-terrorism. Sections 625 and 626,
respectively; 15 U.S.C. Sec. Sec. 1681u, 1681v.
\29\ Other permissible purposes specified in the FCRA include (1)
in response to an order of a court or a Federal grand jury subpoena;
(2) in connection with a determination of the consumer's eligibility
for a license or other benefit granted by a governmental
instrumentality required by law to consider an applicant's financial
responsibility or status; and (3) in response to a request by the head
of a State or local child support enforcement agency if the person
making the request certifies to the credit bureau that certain
conditions are met (and in certain other child support circumstances).
Section 604(a); 15 U.S.C. Sec. 1681b(a).
\30\ Prescreening, discussed more fully below at notes 35-41 and
accompanying text, is a form of target marketing for firm offers of
credit or insurance, for which the FCRA now provides an explicit
permissible purpose keyed to adherence to statutory procedures,
including affording consumers the opportunity to opt out of future
prescreened solicitations. See also Note 22, supra.
\31\ TransUnion Corp. v. FTC, 81 F.3d 228, 234 (D.C. Cir. 1996).
The TransUnion case has a long history. The Commission issued an
administrative complaint in 1992, and a Commission administrative law
judge (ALJ) granted summary judgment to complaint counsel, and was
affirmed by the full Commission. 118 F.T.C. 821 (1994). On appeal, the
case was remanded back to the ALJ for a trial. TransUnion Corp. v. FTC,
81 F.3d 228 (D.C. Cir. 1996). After a trial, the ALJ issued another
decision in the Commission's favor, which was affirmed by the full
Commission.____F.T.C.____ (2000). This decision was affirmed by the
U.S. Court of Appeals for the D.C. Circuit, and certiorari was denied
by the Supreme Court. TransUnion Corp. v. FTC, 245 F.3d 809, reh.
denied 267 F.3d 1138 (D.C. Cir. 2001), cert. denied, 122 S. Ct. 2386
(June 10, 2002).
\32\ Id.
---------------------------------------------------------------------------
The 1996 Amendments added provisions that reflected Congress'
awareness of increased public concern about the privacy of personal
information. For example, Congress added, for the first time, an
express provision stating that the ``legitimate business need''
permissible purpose requires that the transaction be ``initiated by the
consumer.'' \33\ Congress also added express language prohibiting any
person from obtaining a consumer report without a permissible
purpose.\34\
---------------------------------------------------------------------------
\33\ Section 604(a)(3)(F)(i); 15 U.S.C. 1681b(a)(3)(F)(i). The
review of an account ``to determine whether the consumer continues to
meet the terms of the account'' supplies the other ``legitimate
business need'' of this permissible purpose. Section 604(a)(3)(F)(ii);
15 U.S.C. 1681b(a)(3)(F)(ii).
\34\ The 1970 FCRA prohibited consumer reporting agencies from
furnishing consumer reports to those who do not have a permissible
purpose, but there was no analogous provision aimed at those who
obtained consumer reports (with the exception of a criminal provision
imposed on those who obtained information on a consumer ``under false
pretenses.'' Section 619, 15 U.S.C. Sec. 1681q).
---------------------------------------------------------------------------
Consumer right to opt out of prescreening. The 1996 Amendments also
added an express permissible purpose for prescreening. As noted above,
prescreened offers are unsolicited offers of credit or insurance that
are made (typically in mass mailings) to consumers who were selected
for the offer based on information in their credit reports. Prior to
the 1996 Amendments, the FCRA did not specifically address the use of
consumer reports for such unsolicited offers. The Commission, however,
had issued an interpretation of the FCRA in 1973 that permitted the use
of consumer reports by creditors for unsolicited offers of credit if
creditors followed guidelines set forth in the Commission's
interpretation.\35\ Those guidelines required every consumer on any
list resulting from the use of consumer reports to receive a firm offer
of credit--for example, the offer must be unconditional; all the
consumer had to do to receive the credit was to accept the offer.
---------------------------------------------------------------------------
\35\ 16 CFR Sec. 600.5 (withdrawn in 1990 when the Commission
Commentary was published; see notes 52-53, infra). The Commission's
rationale for permitting prescreening was that the minimal invasion of
consumer privacy involved in prescreening was offset by the fact that
every consumer received an offer of credit. The four banking regulatory
agencies also interpreted the FCRA to sanction prescreening for the
entities under their jurisdiction.
---------------------------------------------------------------------------
In the 1996 Amendments, Congress added a number of provisions to
the FCRA to provide an explicit statutory framework for
prescreening.\36\ The legislative
process leading to the 1996 Amendments included an extensive
consideration of prescreening issues. Congress ultimately chose to
permit prescreening for both
credit and insurance purposes, and to permit certain postscreening \37\
to protect the
safety and soundness of the financial industry.
---------------------------------------------------------------------------
\36\ Sections 603(l); 604(c) and (e); and 615(d); 15 U.S.C.
Sec. Sec. 1681a(l), 1681b(c) and (e), and 1681m(d), respectively.
``Firm offer of credit or insurance,'' the term used by Congress for
what is commonly known as ``prescreening,'' is defined in Section
603(l), which also contains much of the operable language governing
prescreening. The permissible purpose is set out in Section 604(c) and
the opt out scheme is contained in Section 604(e). Section 615(d)
recites the disclosures required of those who use consumer reports to
make prescreened offers. See H. Rep. 103-486, 103rd Cong., 2nd Sess.,
32 (1994)(``The bill permits a consumer reporting agency to furnish
limited information, commonly referred to as a prescreened list, in
connection with such transactions only if the transaction consists of a
`firm offer of credit,' the consumer reporting agency has established a
notification system whereby consumers can opt out to have their names
excluded from consideration from such offers of credit, and the
consumer has not elected to be so excluded. Under the bill, a
prescreened list, furnished by a consumer reporting agency in
connection with a credit transaction that is not initiated by the
consumer, may contain only certain types of information.'').
\37\ Section 603(l) limits permissible postscreening to verifying
that consumers continue to meet the criteria used in the prescreening
and to verify any application information (such as income or
employment) that is used in the process of granting credit or
insurance. Credit grantors are also permitted to require that consumers
furnish collateral so long as the collateral requirement is established
before the prescreening is conducted and is disclosed to the consumer
in the solicitation that results from the prescreening. 15 U.S.C.
Sec. 1681a(l). See also H. Rep. 103-486, 103rd Cong., 2nd Sess., 33
(1994)(``The Committee recognizes that the furnishing of consumer
reports for such credit solicitation is an exception to the general
rule in Section 604(a)(3)(A) that consumer reports may be furnished by
consumer reporting agencies only for credit transactions that are
initiated by the consumer. Consequently, the Committee has established
a special rule which permits the furnishing of consumer reports by a
consumer reporting agency for credit transactions not initiated by the
consumer, but only if the agency complies with strict limitations to
ensure privacy protections for consumers. This special rule is a
liberalization of an FTC interpretation of the FCRA.'').
---------------------------------------------------------------------------
At the same time, Congress provided an important mechanism for
consumers to safeguard their privacy. Every written prescreened offer
must provide notice of the consumer's right to ``opt out'' of future
prescreen lists.\38\ Credit bureaus must have a system, including a
toll-free telephone number, that consumers can use to opt out,\39\ and
they cannot include consumers who opt out on any subsequent prescreened
list.\40\ The FCRA requires nationwide bureaus to maintain an opt out
notification system, so that a notification by a consumer to one bureau
is sufficient to have the consumer excluded from prescreened offers at
all of the bureaus.\41\
---------------------------------------------------------------------------
\38\ Section 615(d) requires that written prescreen offers make a
clear and conspicuous statement that (i) information in the consumer's
credit report was used in the prescreen; (ii) the consumer was selected
because the consumer met criteria for credit worthiness or
insurability; (iii) the credit or insurance may not be extended if,
after the consumer responds to the offer, the consumer does not
continue to meet the criteria used to select the consumer for the
offer; (iv) the consumer has the right to opt out of further
unsolicited offers; and (v) the methods by which the consumer can
notify the credit bureau of a decision to opt out. 15 U.S.C.
Sec. 1681m(d).
\39\ Section 604(e)(5); 15 U.S.C. Sec. 1681b(e)(5).
\40\ Section 604(c)(1)(B)(iii); 15 U.S.C. Sec. 1681b(c)(1)(B)(iii).
\41\ Section 604(d)(6); 15 U.S.C. Sec. 1681b(d)(6). The opt out is
effective for 2 years if conveyed by telephone, or permanently (unless
revoked) if conveyed in writing. Section 604(d)(4)(B); 15 U.S.C.
Sec. 1681b(d)(4)(B).
---------------------------------------------------------------------------
Accuracy
Credit report accuracy was, and remains, a core goal of the FCRA.
Because even small differences in a consumer's credit score can
influence the cost or other terms of the credit offer, or even make the
difference between getting approved or denied, accuracy of the
information underlying the score calculation is paramount. Accurate
reports benefit not only consumers but also credit grantors, who need
accurate information to make optimal decisions. These considerations
provide significant incentives for all parties to maintain a high level
of accuracy in consumer credit files. Congress recognized, however,
that decisions based on inaccurate information can impose potentially
severe consequences to individual consumers. Consequently, Congress
enacted the FCRA accuracy protections.\42\
---------------------------------------------------------------------------
\42\ Section 602(a)(1) of the FCRA, Congressional findings and
statement of purpose, notes that ``Inaccurate credit reports directly
impair the efficiency of the banking system. . ..'' 15 U.S.C.
Sec. 1681(a)(1).
---------------------------------------------------------------------------
The FCRA uses two major avenues to achieve the goal of optimal
accuracy. First, it provides that consumer reporting agencies must
follow ``reasonable procedures to assure maximum possible accuracy of
the information'' they report.\43\ Second, the FCRA establishes
mechanisms for consumers to learn about possible errors in their credit
reports and have them corrected. The statute gives consumers both the
right to know what information the credit bureau maintains on them, and
the right to dispute errors.
---------------------------------------------------------------------------
\43\ By its terms therefore (``reasonable procedures. . .maximum
possible accuracy''), the statute itself recognizes that absolute
accuracy is impossible. Section 607(b); 15 U.S.C. Sec. 1681e(b).
Pragmatic consideration of the large volume of data that credit bureaus
must store and process also bears on this issue. See Notes 2, 5, 6, 10
and 15, supra, and text accompanying.
---------------------------------------------------------------------------
Consumer right to know. Under Section 609 of the FCRA, consumers
have a right to know all information in their files (except risk
scores) upon request and proper identification. They also have the
right to learn the identity of all recipients of their report for the
last year (2 years in employment cases).\44\ In addition, the
consumer's right to learn about and dispute inaccuracies is facilitated
by the FCRA's ``adverse action'' notice requirements. Adverse action
notices--sometimes called ``Section 615 notices''--are a key mechanism
for maintaining accuracy. Since 1970, the FCRA has required that when
credit is denied based, even in part, on a consumer report (or, in some
cases, when the consumer is offered less-advantageous terms than would
be the case in the absence of the consumer report information), the
creditor must notify the consumer and provide certain key information,
including (1) the identity of the consumer reporting agency from which
the creditor obtained the report; (2) the right to obtain a free copy
of the report; and (3) the right to dispute the accuracy of information
in the report.\45\
---------------------------------------------------------------------------
\44\ 15 U.S.C. Sec. 1681g.
\45\ Section 612 provides that consumer reporting agencies must
make free disclosure if a consumer makes a request within 60 days of
receipt of an adverse action notice, and may charge a maximum of $8 in
other cases. 15 U.S.C. Sec. 1681j. The Commission is charged in the
FCRA with modifying the maximum amount, based proportionally on changes
in the Consumer Price Index. The latest annual finding on the matter
raised the maximum allowable charge to $9. 67 Fed. Reg. 77282 (Dec. 17,
2002); see also http://www.ftc.gov/opa/2002/12/fyi0265.htm.
---------------------------------------------------------------------------
Under the 1970 FCRA, adverse action notices were required only when
consumer reports were used for credit, insurance, or certain employment
purposes. In the 1996 Amendments, Congress broadened the circumstances
under which adverse action notices are required in connection with
insurance and employment decisions. It also required notices of adverse
action when consumer reports are used in other situations, such as
opening savings or checking accounts, apartment rentals, and retail
purchases by check.\46\
---------------------------------------------------------------------------
\46\ In the original FCRA, adverse action notices were required
only when ``credit or insurance. . .or employment. . .is denied or the
charge for such credit or insurance is increased. . ..'' After changes
enacted in the 1996 Amendments, adverse action for purposes of credit
transactions is tied to the interpretation of ``adverse action'' in the
Equal Credit Opportunity Act. For use of consumer reports in insurance,
the scope of ``adverse action'' was expanded to include ``a denial or
cancellation of, an increase in any charge for, or a reduction or other
adverse or unfavorable change in the terms of coverage or amount of,
any insurance, existing or applied for. . ..'' Similar expansion of the
scope of ``adverse action'' was enacted for employment purposes (``a
denial of employment or any other decision for employment purposes that
adversely affects any current or prospective employee'') and other
permissible purposes. See Section 603(k); 15 U.S.C. 1681a(k).
---------------------------------------------------------------------------
The Commission believes that the ``self-help'' mechanism embodied
in the FCRA's scheme of adverse action notices and the right to dispute
is a critical component in the effort to maximize the accuracy of
consumer reports. Consumers are most likely to recognize the errors in
their credit history and are more highly motivated to raise their
concerns once they know that an adverse action was based on their
credit
report. The Commission has given high priority to assuring compliance
with this provision.\47\
---------------------------------------------------------------------------
\47\ See, e.g., Quicken Loans Inc., D-9304 (April 8, 2003) at Note
67, infra, and text accompanying.
---------------------------------------------------------------------------
Consumer dispute rights. The consumer initiates a dispute by
notifying the consumer reporting agency of an error in the completeness
or accuracy of any item of information contained in the file. The
consumer reporting agency must reinvestigate the dispute, generally
within 30 days, record the current status of the information and delete
it if it is found to be inaccurate or unverifiable. The consumer
reporting agency is required to provide ``all relevant information'' to
the original furnisher of the disputed information, to help ensure that
the furnisher fully investigates the dispute. The agency must report
the results of the investigation to the consumer. If the investigation
does not resolve the dispute, the consumer may file a statement with
his or her version of the facts, which must then be furnished with the
credit report.
For the first time, the 1996 Amendments imposed certain accuracy
and reinvestigation duties on furnishers of information to credit
bureaus. These requirements recognize that furnishers--the original
source of the information--have a critical role to play in the overall
accuracy of consumer report information.
The 1996 Amendments also sought to address the problem of recurring
errors by prohibiting consumer reporting agencies from reinserting into
a consumer's credit file previously deleted information without first
obtaining a certification from the furnisher that the information is
complete and accurate, and then notifying the consumer of the
reinsertion.
Other important FCRA provisions. Under the FCRA, adverse items of
information may, with certain exceptions, be reported for only 7 years.
The 1996 Amendments clarified the date from which the 7 years should be
calculated.
The 1996 Amendments expanded the obligations of certain users of
consumer reports. In the employment context, these changes were quite
significant; they include requirements that an employer obtain the
consent of a job applicant or current employee before obtaining a
consumer report and, before taking adverse action based on the report,
provide a copy of it to the individual.\48\
---------------------------------------------------------------------------
\48\ Because the new employer obligations imposed by the 1996
Amendments apply also to investigative consumer reports and Congress
removed a prior exemption for use of investigative reports in certain
employment circumstances, employers may encounter difficulties when
using outside entities to assist by preparing reports based on
interviews in investigations of alleged workplace misconduct. Concerns
arose because such investigations might be hampered by FCRA
obligations, such as the requirement that an employer obtain the
authorization of an employee before obtaining a consumer report, and
the requirement that the employee be provided a copy of the report
before the employer can take adverse action. Several Congressional
proposals to amend the FCRA to meet the workplace investigation
concerns have been introduced. In 2000, the Commission commented (see
http://www.ftc.gov/os/2000/03/ltrpitofskysessions.htm) and testified
with respect to one such proposal (see http://www.ftc.gov/os/2000/05/
fcratest
imony.htm). The Commission remains of the opinion that a legislative
remedy of the type endorsed by the Commission in 2000 is the most
appropriate response to these concerns.
---------------------------------------------------------------------------
The 1996 Amendments also made changes in the relationship between
the FCRA and State laws. As originally enacted in 1970, the FCRA
provided that the Federal statute did not exempt persons from complying
with State laws ``with respect to the collection, distribution, or use
of any information on consumers, except to the extent that those laws
are inconsistent'' with the FCRA. The 1996 Amendments retained this
language, but significantly modified the provision to preempt State
laws in certain specified areas covered by the amended FCRA.\49\
---------------------------------------------------------------------------
\49\ Thus, both before and after the 1996 preemptions, States were
free to legislate in areas covered by the FCRA but not specifically
preempted. See, e.g., Colo. Rev. Stat. Sec. 12-14.3-104 (providing for
free annual credit reports).
---------------------------------------------------------------------------
Section 624 of the FCRA (``Relation to State Laws'') now provides
that no State laws may be imposed in the areas of (i) prescreening
(including the definition of the term ``firm offer of credit or
insurance'' and the disclosures which must be made in connection with
prescreened offers), (ii) the time within which a consumer reporting
agency must complete its investigation of disputed information, (iii)
the adverse action notice requirements of Section 615, (iv) the
obsolescence limitations and other provisions of Section 605, (v)
furnisher obligations under Section 623, (vi) the consumer summary of
rights required by Section 609(c) to be provided by consumer-
reporting agencies to consumers who obtain disclosure of their files,
and (vii) information sharing by affiliates.\50\ The specific
preemptions are qualified in a number of respects, including specifying
particular preexisting State enactments to which the preemptions do not
apply.\51\ The primary proviso with respect to the preempted
provisions, however, is that after January 1, 2004, States may enact
laws that (i) are specifically intended to supplement the FCRA, and
(ii) give greater protection to consumers than is provided under the
FCRA.
---------------------------------------------------------------------------
\50\ Section 624(b); 15 U.S.C. Sec. 1681t(b).
\51\ Section 624(d); 15 U.S.C. Sec. 1681t(d). There is, moreover, a
blanket ``grandfathering'' of State laws relating to the obsolescence
limits of Section 605. Section 624(b)(1)(E); 15 U.S.C.
Sec. 1681t(b)(1)(E). An example is N.Y. Gen. Bus. L. Sec. 380-
j(f)(1)(ii)(paid judgments may not be reported for more than 5 years).
---------------------------------------------------------------------------
Finally, other significant additions of the 1996 Amendments include
authorizing States to enforce the FCRA, and adding civil penalty
authority for the Federal Trade Commission.
FTC Interpretive Guidance and Enforcement
When it enacted the FCRA in 1970, Congress provided that the
Commission would be the principal agency to enforce the statute. To
help foster understanding and ensure compliance with the law, the
Commission engaged in extensive business education and guidance,
including, in the first two decades, publishing over 350 staff opinion
letters, a staff guidance handbook, and six formal Commission
interpretations.\52\ All of this material was then brought together in
the Commission's 1990 Commentary on the FCRA.\53\ The Commentary was
well received and has served as a valuable explanatory and enforcement
guide to industry and other
affected parties. It also has assisted the staffs of the Commission and
other regulatory agencies in interpreting the Act efficiently and
consistently.
---------------------------------------------------------------------------
\52\ The interpretations were published at 16 CFR Sec. 600 and were
withdrawn when the Commission published the 1990 Commentary.
\53\ 55 Fed. Reg. 18804 (May 4, 1990). The 1990 Commentary was the
culmination of a proposal published in August 1988 and the Commission's
review of over 100 submissions it received in response to its request
for public comments on that proposal. 53 Fed. Reg. 29696 (August 8,
1988).
---------------------------------------------------------------------------
After the 1996 Amendments, the Commission intensified its long-
standing program of consumer and industry education.\54\ In view of the
extension of enforcement authority to the States, the Commission
conducted a nationwide series of training sessions on the FCRA for
State officials. The Commission's informal guidance expanded to meet
the interpretive needs prompted by the amendments. As one result of
that effort, the Commission staff published an additional 85 opinion
letters. The letters can be found on the Commission's website, which
also features easy access to other useful FCRA information for both
business and consumers.\55\ The Commission and its staff maintain
active participation in many industry and consumer outreach efforts and
respond daily to callers with FCRA questions.\56\
---------------------------------------------------------------------------
\54\ The Commission also drafted and published language for the
three notices required by the 1996 Amendments to be distributed by
credit bureaus: (1) a notice to consumer report users of their FCRA
responsibilities; (2) a notice to furnishers explaining their new
obligations; and (3) a notice to consumers, describing their FCRA
rights, which must be included with any credit report requested by the
consumer. The Commission believes that Congress' aim in requiring these
notices has been achieved--the notices seem to be effective in
conveying to consumers and businesses their rights and obligations
under the Act.
\55\ See, e.g., the Commission's FCRA ``home page,'' http://
www.ftc.gov/os/statutes/fcrajump.htm, and plain-English consumer
information, http://www.ftc.gov/bcp/conline/edcams/fcra/index.html.
\56\ To achieve compliance, the Commission has also periodically
worked with industry and self-regulatory groups where appropriate.
---------------------------------------------------------------------------
Current interpretive efforts at the Commission are focused on a
revision to the 1990 Commentary.\57\ The passage of time generally, and
the 1996 Amendments specifically, have rendered the 1990 Commentary
partly obsolete. The new Commentary will draw on the staff opinion
letters that post-dated the 1990 effort, as well as other Commission
enforcement and interpretive experience.
---------------------------------------------------------------------------
\57\ See Commission press release at http://www.ftc.gov/opa/2003/
01/fyi0302.htm, and ``Notice of intent to request public comments'' at
http://www.ftc.gov/os/2003/01/16cfr1frn.htm.
---------------------------------------------------------------------------
Over the entire period of the FCRA, the Commission has engaged in
extensive consumer education.\58\ The Commission continues to regard
consumer education as particularly vital to the FCRA because the
statute contains self-enforcing elements, such as the right to dispute
inaccurate or incomplete information.
---------------------------------------------------------------------------
\58\ Over the past 7 years, 3.9 million of the five most popular
FCRA brochures were distributed by the Commission. The information is
duplicated on the Commission's web site, where the same brochures have
registered over 1.6 million visits during the past 5 years. FCRA
brochures such as ``Building a Better Credit Record,'' ``How to Dispute
Credit Report Errors,'' and ``Fair Credit Reporting'' have each been
distributed in numbers exceeding 100,000 per year over the past 5
years.
---------------------------------------------------------------------------
The Commission has also brought a number of formal actions to
enforce the FCRA. These actions have included cases to ensure (1)
compliance with the adverse action notice requirements on the part of
creditors \59\ and employers; \60\ (2) compliance with privacy and
accuracy requirements by the major nationwide credit bureaus; \61\ (3)
compliance by resellers of consumer reports (agencies that purchase
consumer reports from the major bureaus and resell them); \62\ as well
as cases addressing a number of other FCRA issues.\63\
---------------------------------------------------------------------------
\59\ Hospital & Health Services Credit Union, 104 F.T.C. 589
(1984); Associated Dry Goods, 105 F.T.C. 310 (1985); Wright-Patt Credit
Union, 106 F.T.C. 354 (1985); Federated Department Stores, 106 F.T.C.
615 (1985); Winkleman Stores, Civ. No. C 85-2214 (N.D. Ohio 1985);
Strawbridge and Clothier, Civ. No. 85-6855 (E.D. Pa. 1985); Green Tree
Acceptance, Civ. No. CA 4 86 469 K (M.D. Tex. 1988); Quicken Loans
Inc., D-9304 (April 8, 2003). See also, Aristar, Civ. No. C-83-0719 (S.
D. Fla. 1983); Allied Finance, Civ. No. CA3-85-1933F (N.D. Texas 1985);
Norwest Financial, Civ. No. 87 06025R (C.D. Cal. 1987); City Finance,
Civ. No. 1:90-cv-246-MHS (N.D. Ga. 1990); Tower Loan of Mississippi,
Civ. No. J90-0447 (J) (S.D. Miss. 1990); Barclay American Corp., Civ.
No. C-C-91-0014-MU (N.C. 1991); Academic International, Civ. No. 91-CV-
2738 (N.D. Ga. 1991); Bonlar, Civ. No. 97C 7274 (N.D. Ill. 1997);
Capital City Mortgage, Civ. No. 1:98CV00237 (D.D.C. 1998).
\60\ Electronic Data Systems, 114 F.T.C. 524 (1991); Kobacker, 115
F.T.C. 13 (1992); Keystone Carbon, 115 F.T.C. 22 (1992); McDonnell
Douglas Corp., 115 F.T.C. 33 (1992); Macy's, 115 F.T.C. 43 (1992);
Marshall-Field, 116 F.T.C. 777 (1993); Bruno's, Inc., 124 F.T.C. 126
(1997); Aldi's, 124 F.T.C. 1354 (1997); Altmeyer Home Stores, Inc., 125
F.T.C. 1295 (1998).
\61\ TransUnion Corp., 102 F.T.C. 1109 (1983); FTC v. TRW Inc., 784
F. Supp. 362 (N.D. Tex. 1991); TransUnion Corp. 116 F.T.C. 1357
(1993)(consent settlement of prescreening issues only in 1992 target
marketing complaint; see also TransUnion Corp. v. FTC, 81 F.3d 228
(D.C. Cir. 1996) ); Equifax Credit Information Services, Inc., 130
F.T.C. 577 (1995). Each of these ``omnibus'' orders differed in detail,
but generally covered a variety of FCRA issues including accuracy,
disclosure, permissible purposes, and prescreening.
\62\ See I.R.S.C., 116 F.T.C. 266 (1993); CDB Infotek, 116 F.T.C.
280 (1993); Inter-Fact, Inc., 116 F.T.C. 294 (1993); W.D.I.A., 117
F.T.C.___(1994)(consents against resellers settling allegations of
failure to adequately ensure that users had permissible purposes to
obtain the reports). See also First American Real Estate Solutions,
LLC, C-3849, January 27, 1999, 1999 FTC LEXIS 137 (consent with a
reseller concerning the dispute obligations of consumer reporting
agencies).
\63\ Howard Enterprises 93 F.T.C. 909 (1979)(bad check lists);
Equifax, Inc. (formerly Retail Credit Company), 96 F.T.C. 844
(1980)(investigative consumer reports);. MIB, Inc., d/b/a Medical
Information Bureau, 101 F.T.C. 415 (1983)(prohibits a nonprofit medical
reporting agency from conditioning the release of information to a
consumer on his/her execution of a waiver of claims against the firm;
requiring timely reinvestigations of disputed information; contact,
when possible, the source(s) of disputed information or other persons
identified by the consumer who may possess information relevant to the
challenged data and modify its files accordingly).
---------------------------------------------------------------------------
The Commission's enforcement efforts since 1996 have focused on the
new requirements added by the amendments. For example, the amendments added
a requirement that the nationwide credit bureaus have ``personnel
accessible'' at toll-free numbers printed on a consumer's credit
report.\64\ The Commission settled cases against the three major
repositories charging that they failed to have adequate personnel
available to answer FCRA-mandated toll-free telephone numbers. The
orders required the repositories to (1) maintain adequate personnel;
(2) establish auditing requirements to ensure future compliance, and
(3) pay a total $2.5 million in civil penalties.\65\ The Commission
also has settled cases against furnishers of information to consumer
reporting agencies alleging that they reported inaccurate dates for
when consumers' delinquencies had begun, with the result that adverse
information remained on the consumers' reports past the 7-year limit
provided by the FCRA.\66\
---------------------------------------------------------------------------
\64\ Section 609(c)(1) of the FCRA, 15 U.S.C. Sec. 1681g(c)(1),
requires a consumer reporting agency that compiles and maintains files
on consumers on a nationwide basis to establish a toll-free telephone
number, at which personnel are accessible to consumers during normal
business hours. This telephone number must be provided with each
written disclosure of information in the consumer's file, by the
consumer reporting agency to the consumer.
\65\ Equifax, No. 1:00-CV-0087 (N.D. Ga. 2000); Experian, No. 3-
00CV0056-L (N.D. Tex. 2000); TransUnion, 00C 0235 (N.D. Ill. 2000).
\66\ DC Credit Services, Inc., No. 02-5115 (C.D. Cal.
2002)(furnishing information to a consumer reporting agency knowing or
consciously avoiding knowing that the information is inaccurate,
failure to notify consumer reporting agencies when previously reported
information is found to be inaccurate and to provide corrections,
failure to provide accurate delinquency dates, failure to report
accounts as ``disputed'' to consumer reporting agencies; $300,000 civil
penalty); Performance Capital Management, Inc., 2:01cv1047 (C.D. Cal.
2000)(providing inaccurate delinquency dates, failure to properly
investigate disputes, failure to report accounts as ``disputed'' to
consumer reporting agencies; $2 million civil penalty).
---------------------------------------------------------------------------
Recently, the Commission settled an action against an Internet
mortgage lender that failed to give adverse action notices to consumers
who did not qualify for online preapproval because of information in
their credit reports.\67\
---------------------------------------------------------------------------
\67\ Quicken Loans Inc., Docket No. D-9304 (April 8, 2003); see
also http://www.ftc.gov/opa/2002/12/quicken.htm.
---------------------------------------------------------------------------
The Commission staff recently conducted an investigation of fifteen
landlords in five cities across the United States. The staff found a
high level of compliance with the adverse action requirements of the
FCRA.\68\ To a significant degree, landlords do notify applicants when
they turn them down for rentals based on information from a consumer
report. The Commission will continue this type of compliance review in
other industries, and bring law enforcement actions as appropriate. The
Commission will continue to use this combination of education
initiatives and vigorous enforcement to foster compliance with the
FCRA.
---------------------------------------------------------------------------
\68\ The Commission's January 15, 2002 press release on the
investigation and resulting business education brochure can be found at
http://www.ftc.gov/opa/2002/01/fcraguide.htm.
---------------------------------------------------------------------------
Current Issues: The FCRA and the Expanded Use of Consumer Reports
Based on the Commission's experience interpreting and enforcing the
FCRA, we see several ongoing developments in the consumer reporting
marketplace that may have significant impact on consumers. First, more
types of businesses are using credit reports to make decisions in
consumer transactions. For example, telephone service providers
routinely use consumer reports to make decisions on whether to provide
service and what deposit requirements (if any) to impose. Insurance
companies have long considered consumer reports when underwriting
homeowners and auto insurance policies. While insurers once looked
primarily at consumers' claims history to determine risk of loss, it
appears that they are increasingly using information from consumers'
credit histories to make underwriting decisions.\69\
---------------------------------------------------------------------------
\69\ See, e.g., Sabrina Jones and Sandra Fleishman, ``One Claim Too
Many? Insurance's New Policy: Use It and Lose It,'' The Washington
Post, November 10, 2002, at H01; Dan Oldenburg, ``Car Insurers Take
Credit Into Account,'' The Washington Post, October 15, 2002, at C10;
Albert Crenshaw, ``Bad Credit, Big Premiums; Insurers Using Bill-
Payment History to Help Set Rates,'' The Washington Post, June 18,
2002, at E01.
---------------------------------------------------------------------------
Second, we are seeing new types of consumer credit providers and
products in the marketplace. For example, the growing use of
prescreened offers for marketing credit cards has led to the
development of credit card banks that rely almost entirely on
prescreened offers to market their cards.\70\ Prescreening, in
combination with other direct marketing and advertising, has led to the
widespread availability of credit cards with no annual fee and other
attractive benefits, and has enhanced competition.\71\ Of course, some
consumers may object to what may seem like a flood of prescreened
offers in their mail boxes, or have concerns about the increased risk
of identity theft that may occur in the same context. The 1996
Amendments to the FCRA allow these consumers to opt out of future
offers.
---------------------------------------------------------------------------
\70\ See Fred H. Cate, Robert E. Litan, Michael Staten, and Peter
Wallison, ``Financial Privacy, Consumer Prosperity, and the Public
Good: Maintaining the Balance,'' AEI-Brookings Joint Center for
Regulatory Studies, March 2003, at 11.
\71\ See ``An Overview of Consumer Data and Credit Reporting,''
Federal Reserve Bulletin, February 2003, at 72-73. See also Note 8
supra, and text accompanying.
---------------------------------------------------------------------------
Third, businesses increasingly are using consumer report data to
undertake risk-based pricing of products or services.\72\ In many
areas, the decisionmaking of creditors and other businesses has moved
away from a simple approval or denial model, and toward using consumer
report data in a more finely calibrated evaluation of what terms to
offer.\73\ Consumers whose credit histories warrant more favorable
treatment benefit from access to products and terms that are more
tailored by risk evaluations based on their actual performance.
Consumers with poorer credit histories who in the past might have been
turned down, may now qualify for credit, but on less favorable terms
commensurate with the risk. Consumers benefit from a more efficient and
competitive consumer credit market.\74\
---------------------------------------------------------------------------
\72\ Id. See also Fred H. Cate, Robert E. Litan, Michael Staten,
and Peter Wallison, ``Financial Privacy, Consumer Prosperity, and the
Public Good: Maintaining the Balance,'' AEI-Brookings Joint Center for
Regulatory Studies, March 2003, at 12.
\73\ See, e.g., ``An Overview of Consumer Data and Credit
Reporting,'' Federal Reserve Bulletin, February 2003, at 70
(``[consumer report] data and the credit-scoring models derived from
them have substantially improved the overall quality of credit
decisions and have reduced the costs of such decisionmaking''), citing
Gates, Perry and Zorn, ``Automated Underwriting in Mortgage Lending:
Good News for the Underserved?'' Housing Policy Debate, vol. 13, issue
2, 2002, pp. 369-91; and Barron and Staten, ``The Value of
Comprehensive Credit Reports: Lessons from the U.S. Experience,''
Credit Research Center, Georgetown University, 2002.
\74\ Some commentators suggest that using credit score cards built
with data supplied by credit bureaus results in delinquency rates 20-30
percent lower than lending decisions based solely on judgmental
evaluation of applications for credit. See Peter McCorkell, ``The
Impact of Credit Scoring and Automated Underwriting on Credit
Availability,'' in Thomas A. Durkin and Michael E. Staten, eds., The
Impact of Public Policy on Consumer Credit (2002).
---------------------------------------------------------------------------
Credit report scoring products are used in a variety of other
contexts, including on-going monitoring and servicing of consumer
accounts that can result in adjustments in terms, such as credit limits
and finance changes. Rapid access to credit scores also permits
retailers and others to offer ``instant credit'' to consumers.
Overall, developments in the consumer credit marketplace have
increased consumer choice and provided financial benefits to
consumers.\75\ The Commission believes that the growth of the consumer
credit market has also increased public awareness and interest in
credit reports and credit scores, and that the FCRA made this
information more timely, accurate, and accessible. The consumer
reporting system, and the obligations and protections of the FCRA, make
it possible for creditors and other businesses to have access to
timely, accurate consumer data.
---------------------------------------------------------------------------
\75\ See, e.g., ``An Overview of Consumer Data and Credit
Reporting,'' Federal Reserve Bulletin, February 2003, at 70; Fred H.
Cate, Robert E. Litan, Michael Staten, and Peter Wallison, ``Financial
Privacy, Consumer Prosperity, and the Public Good: Maintaining the
Balance,'' AEI-Brookings Joint Center for Regulatory Studies, March
2003, passim.
---------------------------------------------------------------------------
Any reference to the consumer reporting system should also
recognize the increasing problem of identity theft. The range,
accuracy, and timeliness of information in consumer reporting databases
make them unique resources. They are therefore simultaneously a target
for identity thieves and a valuable resource for combating identity
theft. Identity theft threatens the fair and efficient functioning of
consumer credit markets by undermining the accuracy and credibility of
the information flow that supports the markets.
As I detailed recently before the House Financial Services
Committee, the Commission is working actively to combat identity theft
in a number of areas.\76\ As awareness of the FTC's role in identity
theft has grown, businesses and organizations who have suffered
compromises of personal information have begun to contact the FTC for
assistance. For example, in the cases of TriWest \77\ and Ford/
Experian,\78\ in which massive numbers of individuals' personal
information was taken, the Commission provided advice on notifying
those individuals and what steps they should take to protect
themselves. From these experiences, the FTC developed a business record
theft response kit that will be posted shortly on the identity theft
website. The kit includes the steps to take in responding to an
information compromise and a form letter for notifying the individuals
whose information was taken. The kit provides advice on the type of law
enforcement agency to contact, depending on the type of compromise,
business contact information for the three major credit reporting
agencies, suggestions for setting up an internal communication
protocol, information about contacting the FTC for assistance, and a
detailed explanation of what information individuals need to know.
Organizations are encouraged to print and include copies of Identity
Theft: When Bad Things Happen to Your Good Name with the letter to
individuals.
---------------------------------------------------------------------------
\76\ See http://financialservices.house.gov/media/pdf/040303hb.pdf.
\77\ Adam Clymer, Officials Say Troops Risk Identity Theft After
Burglary, The New York Times, Jan. 12, 2003, Sec. 1 (Late Edition), at
12.
\78\ Kathy M. Kristof and John J. Goldman, 3 Charged in Identity
Theft Case, The Los Angeles Times, Nov. 6, 2002, Main News, Part 1
(Home Edition), at 1.
---------------------------------------------------------------------------
Conclusion
In 1970, Congress recognized that ``consumer reporting agencies
have assumed a vital role in assembling and evaluating consumer credit
and other information on consumers.'' \79\ While Congress in 1970 may
not have envisioned the specific ways in which consumer report
information would facilitate the development of products and services
that ultimately benefit the American consumer, the 33 years since
passage of the Act have fully demonstrated the wisdom of Congress in
enacting the FCRA.
---------------------------------------------------------------------------
\79\ Section 602(a)(3) of the FCRA.
---------------------------------------------------------------------------
The FCRA helps make possible the vitality of modern consumer credit
markets. The consumer reporting industry, furnishers, and users can all
rely on the uniform framework of the FCRA in what has become a complex,
nationwide business of making consumer credit available to a diverse,
mobile American public.
The 1970 Act, along with the 1996 Amendments, provide a carefully
balanced framework, making possible the benefits that result from the
free, fair, and accurate flow of consumer data. All of these benefits
depend on the consumer reporting system functioning as intended. That
is why the Federal Trade Commission continues to emphasize the
importance of educating consumers and businesses, and of enforcing the
law to ensure compliance by all who have a role in making the system
work.

RESPONSE TO WRITTEN QUESTIONS OF SENATOR CRAPO
FROM J. HOWARD BEALES, III

Q.1. Can you please describe whether prescreening increases
consumers choice and lowers the cost of credit in traditionally
underserved markets, such as rural areas that may have only one
or two banks with a physical presence?

A.1. Although I am aware of no hard data with respect
specifically to benefits of prescreening for rural areas, there
is evidence that greater competition in consumer credit (which
includes the competitive benefits attributable to prescreening)
has benefitted other underserved markets. For example, the
percentage of minority families with bank-type credit cards has
more than doubled over the past 20 years, growing from 26
percent in 1983 to more than 54 percent in 2001.\1\ Certainly,
given the overall increases in availability of consumer credit
and competitiveness in the market, it stands to reason that
consumers who have more limited access to competing credit
sources, whether it be in rural areas or even thinly served
urban and suburban areas, would benefit from prescreened offers
and other marketing innovations (such as Internet applications)
that reduce the importance of convenient physical access in
establishing a credit relationship.
---------------------------------------------------------------------------
\1\ See statement by Michael A. Turner before the House Committee
on Financial Services, Subcommittee on Financial Institutions and
Consumer Credit, May 8, 2003, http://financial
services.house.gov/media/pdf/050803mt.pdf, at 4.

Q.2. How fair is the current system of consumer credit
reporting? Is there evidence to suggest that any demographic
segments have been subject to exclusion, predation, excessive
costs, or other indicators of bias as a result of the pervasive
use of credit scores and automated underwriting by consumer
---------------------------------------------------------------------------
credit lenders?

A.2. In the burgeoning of consumer credit during the mid-20th
century, there was persistent evidence that judgmental credit
systems--that is, processes that depended upon individuals
reviewing and deciding consumer applications for credit--
resulted in discrimination against protected classes.\2\ Credit
scoring and automated underwriting work in significant ways to minimize
the bias--intentional or incidental--that can be introduced into credit
decisions in a judgmental system, because credit scoring models
and automated underwriting systems are based on actual
performance data, not assumptions about potential risk.\3\
There are significant market incentives to create risk models
that are the most predictive possible using available
performance and other data. Because these data are objective
and neutral, we believe that the current scoring systems treat
consumers more fairly. The significant expansion in credit
availability to minorities that has been associated with the
growth of credit scoring suggest scoring indeed has reduced
bias.
---------------------------------------------------------------------------
\2\ See, e.g., U.S. General Accounting Office Report, ``Fair
Lending'' (August 1996); United States v. Shawmut Mortgage Company,
Civ. No. 3:93CV-2453 AVC (D. Ct. 1993).
\3\ Development of scoring models has shown, for example, that
criteria often relied upon in judgmental systems--the most frequently
cited example is income--are not, in fact, predictive of future
repayment risk.

Q.3. Is there evidence that explains the major sources and
causes of identity theft? Does this evidence point to the
consumer credit information system? Do you have any data
suggesting that prescreening is a major factor of identity
theft: What about the point that FCRA and the smooth flow of
information-sharing it provides, helps financial institutions
---------------------------------------------------------------------------
prevent and combat identity theft?

A.3. From information provided by law enforcement, victim
complaints, and news reports, we know a great deal about how
identity theft happens and we can stay current with evolving
methods. What we do not have is a statistical breakout showing
which methods contribute the most to identity theft. Because
consumers' information is accessible in a wide variety of
situations, identity thieves can usually obtain it in a way
that makes it difficult for victims to make a direct causal
link. Thus, we have found that most victims do not know how
their information was obtained. Law enforcement agencies, as
the investigators of the crimes, are often in a better position
to know how the information was stolen in particular instances.
The consumer credit information system has undoubtedly been
used as a source of information for identity theft; the Ford/
Experian case appears be the prime example.\4\ But, consumers'
personal information is also used in universities, the health
care system, all employment situations, and in a wide variety of
Government programs from the Federal to the local level, and
any survey of news articles in the last year can bring up
examples of theft in all of these situations. As a result, the
FTC places a premium on the importance of information security
so that organizations that hold consumer information take
appropriate steps to prevent this information from falling into
the wrong hands.\5\
---------------------------------------------------------------------------
\4\ Kathy M. Kristof and John J. Goldman, 3 Charged in Identity
Theft Case, The Los Angeles Times, Nov. 6, 2002, Main News, Part 1
(Home Edition), at 1.
\5\ For example, last month the Commission's settled charges with
Guess?, Inc., and Guess.com, Inc. that the companies exposed consumers'
personal information, including credit card numbers, to commonly known
attacks by hackers, contrary to the companies' promises. See http://
www.ftc.gov/os/2003/06/guessagree.htm.
---------------------------------------------------------------------------
To the extent that information does get into the wrong
hands, the next opportunity to thwart identity thieves is at
the point of commission of the fraud. Good authentication of
credit applicants by credit issuers is the key. To that end, it
is important that credit issuers know more about the real
consumer than the identity thief. Information sharing is the
means of providing credit issuers with this knowledge. However,
this use of information only underscores again the importance
of information security, to prevent identity thieves from
accessing this same information in order to perfect their false
identities.
We have little evidence as to any links between
prescreening and identity theft. To the extent that hard data
exist, they suggest identity theft growing out of prescreened
offers is somewhat lower than identity theft associated with
conventionally opened accounts.\6\
---------------------------------------------------------------------------
\6\ See, e.g., statement by Michael A. Turner before the House
Committee on Financial Services, Subcommittee on Financial Institutions
and Consumer Credit, May 8, 2003, http://financial
services.house.gov/media/pdf/050803mt.pdf, at 9-10.

Q.4. In explaining the reasoning behind the broad preemptive
language ultimately reflected in the 1996 Amendments to the
FCRA, the Senate report on the matter states that ``[t]his
section recognizes the fact that credit reporting and credit
granting are, in many respects, national in scope, and that a
single set of Federal rules promotes operational efficiency for
industry, and competitive prices for consumers.'' Please
identify and address any developments since 1996 rendering the
---------------------------------------------------------------------------
statement by the Senate less relevant.

A.4. I am not aware of any developments that would make these
considerations less relevant today. Indeed, as the consumer
credit system has become more national in scope, and given the
continued mobility of the American consumer, these observations
have continuing validity.

RESPONSE TO WRITTEN QUESTIONS OF SENATOR SARBANES
FROM J. HOWARD BEALES, III

Q.1. What are the typical consumer complaints regarding FCRA
issues that the FTC receives on an everyday basis? What are the
issues that arise most frequently?

A.1. The FTC receives complaints directly from consumers
through our toll-free hotline (877-FTC-HELP), our online
complaint form (www.ftc.gov), or by mail sent directly to the
Commission. The following statistics regarding FCRA complaints
are drawn from the Federal Trade Commission's Consumer
Information System (CIS) database, an aggregation of consumer
complaints received by the Commission. FTC contractors enter
the complaint data into the CIS, and provide the callers with
information and educational material that will help them to
resolve their complaint. Commission lawyers and investigators
use the complaint database to identify trends and targets for
law enforcement action.
The statistics are derived solely from self-reported
complaints, and have not been verified. All complaints are
coded according to the information provided by the consumer,
under the appropriate categories. FTC data analysts sort the
data according to product/service codes, which are generic
categories for the complaints. The searches can be further
defined by the statute or rule that is alleged to have been
violated, for example the Fair Credit Reporting Act (FCRA).
Finally, the complaint can be further coded for the specific
law violation, such as the failure to reinvestigate disputed
information under the FCRA. Not all complaints are coded in all
categories. For example, a complaint may be coded with a rule
or statute, but not have a product/service code associated with
it. Thus, complaints designated generally as FCRA complaints
may include complaints about credit reporting agencies, credit
report users, and information furnishers. The precision of the
coding depends on the information provided by the consumer and
the ability of the phone counselor or the consumer to enter
that information precisely.
In calendar year 2002, the total number of complaints
reported directly to the FTC and entered into the CIS was
376,301. Of those, 23,740 related to the FCRA (coded according
to statute at issue in the complaint). The five top categories
of complaints, among those coded as involving the FCRA, were
``Provides Inaccurate Information'' (13,188 complaints);
``Fails to Reinvestigate Disputed Information'' (3,030
complaints); ``Knowingly Supplies Inaccurate Information to
Credit Bureau'' (2,486 complaints); ``Provides Inadequate Phone
Help'' (1,614 complaints); and ``Discloses Incomplete/Improper
Credit File to Consumer'' (1,414 complaints). The complete
report of FCRA complaints for 2002 is attached as Appendix A.
In assessing the number and type of consumer complaints, it
is also important to keep in mind several additional factors.
First, there is no ``typical'' consumer complaint. There is a
wide range of issues about which consumers contact the FTC.
That said, the data consistently reflect accuracy and accuracy-
related issues as a leading area of complaint about credit
bureaus.
Not all complaints necessarily establish an FCRA violation.
For example, some consumers, in an effort to ``repair'' their
credit, file with credit bureaus multiple, repeated disputes of
accurate information, and will sometimes complain to the
Commission that the bureaus are rejecting their disputes. In
fact, the bureaus are authorized under the FCRA to reject such
``frivolous'' disputes, and Commission staff likewise does not
consider these complaints to reflect FCRA violations. Other
consumers file complaints because they have a mistaken belief
that once a delinquency is brought up to date (a lien
satisfied, collection account paid, etc.) the preceding record
of past payment history is no longer reported; when they see it
on their report, they dispute it as ``inaccurate.'' In this
circumstance, however, the FCRA requires that the consumer
report be ``complete''--that is, up to date, showing current
status correctly--but does not require the deletion of the
preceding payment history.
Although the Commission generally cannot make an
independent judgment about whether each complaint (asserting
inaccuracies, for example) is valid, we are concerned that
complaints about accuracy continue to figure prominently.
Accordingly, as discussed in the Commission's testimony, the
Commission's FCRA enforcement efforts have included a number of
actions related to accuracy issues.\7\
---------------------------------------------------------------------------
\7\ See TransUnion Corp., 102 FTC 1109 (1983); FTC v. TRW Inc., 784
F. Supp. 362 (N.D. Tex. 1991); Equifax Credit Information Services,
Inc., 130 FTC 577 (1995). Each of these ``omnibus'' orders differed in
detail, but generally covered a variety of FCRA issues including
accuracy, disclosure, permissible purposes, and prescreening.
Within the last 5 years, we have brought cases concerning the
failure of CRA's to investigate consumer complaints, see First American
Real Estate Solutions, LLC, C-3849 (January 27, 1999); the failure of
lenders to provide adverse action notices, see Quicken Loans Inc., D-
9304 (April 8, 2003) and U.S. v. Unicor Funding, Inc., Civ. No. 99-1228
(C.D. Cal. 1999); and the failure of furnishers to report accurate
information to CRA's, see U.S. v. DC Credit Services, Inc., Civ. No.
02-5115 (C.D. Cal. 2002) and U.S. v. Performance Capital Management,
Inc., No. 01-1047 (C.D. Cal. 2001). We also have sued the three major
national credit bureaus for failing to answer their toll-free
telephones to take consumer disputes, see U.S. v. Equifax, No. 1:00-CV-
0087 (N.D. Ga. 2000); U.S. v. Experian, No. 3-OOCV0056-L (N.D. Tex.
2000); U.S. v. TransUnion, OOC 0235 (N.D. 111. 2000), and just
recently, the Commission settled allegations that Equifax violated the
consent decree the Commission obtained in 2000, see Commission press
release of July 30, 2003, available at www.ftc.gov/opa/2003/07/
equifax.htm. All of these cases are directed at credit report accuracy:
the adverse action notice and the consumer dispute right are key
mechanisms enhancing credit report accuracy, and furnishers'
obligations to report accurate data to CRA's also serve to make credit
reports more accurate.

Q.2. Are there any marketing abuses that fall within the
subject matter of the FCRA that have been brought to your
attention? Please include specific descriptions of any such
---------------------------------------------------------------------------
abuses.

A.2. I am currently aware of relatively few abuses associated
with impermissible use of consumer reports for marketing. In
the 1990's, the Commission undertook enforcement efforts
against major consumer reporting agencies to prohibit the use
of consumer reports for target marketing.\8\ More recently, in
FTC v. Citigroup Inc., et al., 1:01-CV-00606- JTC (N.D. Ga.
Mar. 6, 2001), the Commission alleged that a mortgage lender
used consumer reports imper-
missibly to target market new or different types of loans. We
are also aware of complaints about some companies selling
credit reports or credit monitoring services. These complaints
allege inadequate disclosure of the consumer's negative-option
right to cancel the service.
---------------------------------------------------------------------------
\8\ FTC v. TRW, Inc., No. 3-31-CV266-H (N.D. Tex. Jan. 14, 1993);
TransUnion Corp. v. FTC, 81 F.3d 228, 234 (D.C. Cir. 1996). See also,
TransUnion Corp. v. FTC, 245 F.3d 809, reh. denied 267 F.3d 1138 (D.C.
Cir. 2001), cert. denied, 122 S. Ct. 2386 (June 10, 2002).

Q.3. Many consumers complain about invasion of their privacy
caused by unsolicited calls from telemarketers. Clearly,
consumers have not gotten the message about the ways in which
to terminate such unwanted solicitations. What does a consumer
need to do to prevent such solicitations? How can that
information be conveyed more effectively to consumers? Please
include specific recommendations as to how this information
---------------------------------------------------------------------------
could best be conveyed.

A.3. The Commission has amended the Telemarketing Sales Rule to
give consumers a choice about whether they want to receive most
telemarketing calls.\9\ Consumers can now put their telephone
numbers on a national ``Do Not Call'' registry. Consumers can
register for free either online or by telephone. Telemarketers
must access the national registry beginning September 11, and
beginning October 1, it will be illegal for most telemarketers
to call a number listed on the registry.
---------------------------------------------------------------------------
\9\ Concurrent with the Federal Trade Commission rule, the Federal
Communications Commission issued its own rule that requires banks,
common carriers, and others to comply with DNC requirements, including
using the FTC's national registry. See http://hraunfoss.fcc.gov/
edocs_public/attachmatch/DOC-235841A1.doc.
---------------------------------------------------------------------------
Since the National ``Do Not Call'' registry opened on June
27 it has been immensely popular; nearly thirty million
consumers have already signed on. The Commission is presently
engaged in a vigorous consumer education effort to further
publicize the availability of the registry.\10\ More generally,
the Commission has undertaken comprehensive consumer education
efforts in the privacy arena.\11\
---------------------------------------------------------------------------
\10\ See, e.g., http://www.ftc.gov/bcp/conline/edcams/donotcall/
index.html.
\11\ See, e.g., http://www.ftc.gov/bcp/conline/pubs/credit/
privchoices.htm#yourright.
---------------------------------------------------------------------------
The FCRA is relevant to telemarketing only to the degree
that telemarketers obtain consumer names and telephone numbers
from consumer reporting agencies for prescreened offers of
credit or insurance.\12\ When telemarketing lists are derived
from FCRA-approved prescreening, telephone solicitors are not
required to give consumers notification of their right to opt
out of future prescreened solicitations because Congress limited
the FCRA requirement that consumers be notified of their opt out
right to written prescreen offers.\13\
---------------------------------------------------------------------------
\12\ The vast majority of prescreened solicitations are by mail.
\13\ Section 615(d)(1) of the FCRA requires that written
solicitations include a ``clear and conspicuous'' statement of certain
information, including that the consumer's credit report was used in
the prescreen, various limitations on the offer, and disclosure of the
consumer's right to opt out of future prescreen solicitations. 15
U.S.C. Sec. 1681m(d)(1). The Commission engaged in an enforcement
action to assure that consumers are given disclosure of their opt out
rights. In Unicor Funding, Inc. (October 1999), the Commission obtained
a $100,000 civil penalty from Unicor for failing to provide required
notices to consumers receiving ``prescreened'' offers [Sec. 615(d)],
and failing to provide adverse action notices [Sec. 615(a)]. I am also
aware of complaints that raise a question whether disclosure notices
are sufficiently ``clear and conspicuous.'' The Commission has
therefore endorsed Administration recommendations that the Commission
and bank regulators be authorized to clarify and strengthen the opt out
notice requirements.
---------------------------------------------------------------------------
Whether they have received the written opt out disclosure
or not, consumers can opt out of receiving prescreened offers
by calling 1-888-567-8688. Once a consumer has opted out, his
or her name cannot be supplied in a prescreened list for future
offers, whether those offers are made in writing or by
telephone.

Q.4. If a consumer elects to opt out of such unwanted
solicitations by contacting the credit reporting agencies by
telephone, why is that opt out effective for only 2 years,
whereas it is effective permanently, unless revoked, if done in
writing?

A.4. Congress created this distinction in the 1996 Amendments
to the FCRA. For consumers who exercise their opt out rights
under the FCRA, the 1996 Amendments provide that an opt out
conveyed through the telephone notification system required by
Section 604(e)(5) should be effective for a 2-year period after
notification.\14\ The 1996 Amendments further provided that,
for a consumer who submits a signed notice of election to opt
out in a form issued by the consumer reporting agency under
Section 604(e)(2), the exclusion from prescreened lists shall
be effective until revoked by the consumer.\15\
---------------------------------------------------------------------------
\14\ Section 604(e)(4)(B)(i); 15 U.S.C. Sec. 1681b(e)(4)(B)(i).
\15\ Section 604(e)(4)(B)(ii); 15 U.S.C. Sec. 1681b(e)(4)(B)(ii).

Q.5. Free credit reports are made available to consumers in
several States, including Colorado, Georgia, Maryland,
Massachusetts, New Jersey, and Vermont. What have been the
results of this provision with respect to the availability of
credit in these States? Has the provision of free credit
reports had an adverse impact on the credit system in these
---------------------------------------------------------------------------
States?

A.5. The FTC's information to date on the comparative number of
reports supplied to consumers is inconsistent. Some information
indicates a mere marginal increase; other information indicates
that the number of reports supplied to consumers nearly
doubles. I am unaware of any data that demonstrate any impact
from free availability either on the availability of credit or
on the credit systems of these States.

Q.6. Very few consumers understand the prescreening process.
Should the FTC establish standards within the FCRA that clearly
delineate the prescreening process?

A.6. The FCRA itself delineates the prescreening process in
some detail. \16\ The Commission lacks rulemaking authority
under the FCRA, and thus cannot establish standards delineating
the prescreening process.
---------------------------------------------------------------------------
\16\ Sections 603(l), 604(c), 604(e), and 615(d) of the FCRA codify
procedures that must be followed by creditors and insurers when using
(and by CRA's when providing) consumer reports to make unsolicited
offers of credit or insurance to consumers, a process known as ``pre-
screening.'' Section 604(c) provides a limited permissible purpose for
consumer reporting agencies to furnish consumer report information for
prescreening. Section 603(l) defines a ``firm offer of credit or
insurance'' as an offer that will be honored if a consumer meets the
consumer report criteria used to create the list of consumers to
receive the offer. Section 603(l)(1) permits a business to use
information in a consumer's application (such as the consumer's income)
to determine whether a consumer meets specific application criteria
bearing on credit worthiness or insurability so long as the criteria
were established before the prescreened list was created. Section
603(l)(2) permits businesses to verify that a consumer continues to
meet the credit worthiness or insurability criteria that were used in
the prescreening to select the consumer to receive the solicitation,
and permits businesses to also verify the application information
provided by the consumer and used in any Section 603(l)(1)
postscreening. Finally, Section 603(l)(3) permits credit grantors and
insurers to require that consumers furnish collateral so long as any
required collateral is established before the prescreening is conducted
and is disclosed to the consumer in the solicitation that results from
the prescreening.
Section 604(e) sets forth consumers' rights to opt out of
prescreening, and CRAs' duties to honor such opt outs. Section 615(d)
sets forth duties of credit grantors and insurers when making
prescreened offers.

Q.7. What additional statutory or regulatory authority does the
---------------------------------------------------------------------------
FTC need to effectively implement the FCRA?

A.7. The Commission's testimony on Thursday, July 10, set forth
specific recommendations for additional FTC authority.

RESPONSE TO WRITTEN QUESTIONS OF SENATOR BENNETT
FROM J. HOWARD BEALES, III

Q.1. Is credit prescreening simply a tool that makes it easier
to market loan products to consumers? Some say that it serves
other goals such as helping lenders reduce risk, increasing the
availability of consumer credit, or fostering competition among
lenders. Please comment.

A.1. I believe that prescreening, in combination with other
direct marketing and advertising, has enhanced competition and
led to the widespread availability of credit cards with no
annual fee and other attractive benefits.\17\ For example, the
use of prescreened offers for marketing credit cards has led to
the development of credit card banks that rely almost entirely
on prescreened offers to market their cards.\18\ There is also
some evidence that prescreened offers help lenders manage risk,
and do not contribute to identity theft--indeed, may even help
prevent identity theft to some degree.\19\
---------------------------------------------------------------------------
\17\ See also statement by Michael A. Turner before the House
Committee on Financial Services, Subcommittee on Financial Institutions
and Consumer Credit, May 8, 2003, http://financial
services.house.gov/media/pdf/050803mt.pdf, at 7-9.
\18\ See http://www.senate.gov/banking/_ files/beales1.pdf at
notes 70-71 and accompanying text.
\19\ Id. at 9-10.

Q.2. Expiration of the FCRA's prescreening preemption language
would allow States to prohibit prescreening, or require
consumer reporting agencies or lenders to obtain the prior
consent of the customer before their credit file could be
accessed for prescreening. How would such requirements impact
---------------------------------------------------------------------------
consumers?

A.2. As explained above, prescreening benefits consumers by
enhancing competition. State restrictions on prescreening would
interfere with these benefits.

Q.3. Is there a linkage between prescreening and identity
theft? Some say that prescreening increases consumers' exposure
by making it easier for lenders to flood consumers with
preapproved applications that can be stolen and submitted by
identity thieves. Lenders say that prescreening reduces
opportunities for identity theft, because it allows them to
make smaller numbers of targeted offers rather than mail
volumes of applications. They also claim that because
preapproved offers are preprinted with the consumer's address
and other information, it becomes easier to foil identity
thieves when would-be identity thieves change the preprinted
information before submitting the application, changes that
alert the lender to suspicious activity. What is the FTC's
experience?

A.3. There is scant evidence of a linkage, one way or the
other. To the extent that hard data exist, they suggest that
identity theft growing out of prescreened offers is somewhat
lower than identity theft associated with conventionally opened
accounts.\20\
---------------------------------------------------------------------------
\20\ Id.

Q.4. What has the Commission's experience been with regard to
consumer complaints about prescreening? Describe the volume and
---------------------------------------------------------------------------
subject matter of these complaints.

A.4. The FTC's consumer complaint database and the limitations
of the information it provides is described above in response
to Senator Sarbanes. With respect to this inquiry, out of the
376,301 complaints received directly by the FTC in 2002, 39
concerned prescreening. Twenty-two of these stated that the
prescreening bureau failed to honor the consumer's request for
removal from their list. Ten complaints concerned the failure
of a prescreening service to provide notice of the opt out
procedure. Four complaints concerned a prescreening service
that failed to make a firm offer of credit, and three
complaints alleged a false representation that an offer was
preapproved.

Q.5. Have State officials used their authority under the FCRA
to enforce the FCRA's prescreening provisions? What is the
volume and nature of consumer complaints about credit
prescreening that state officials have handled?

A.5. Section 621(c)(2) of the FCRA requires States to serve
prior written notice upon the Commission of intended State
actions to enforce the FCRA. The Commission has received only
one such notification from any State, and the case did not
involve pre-
screening.\21\ We know of no other case where a State has
exercised its enforcement authority under the FCRA. Similarly,
we have no information concerning consumer complaints at the
State level, if any, about prescreening.
---------------------------------------------------------------------------
\21\ The Attorney General's Office of the State of Minnesota
charged US Bank with false advertising, deception, and other violations
of Minnesota law, as well as FCRA counts. See Hatch v. US Bank Nat'l
Ass'n, No. 99-872 (D. Minn. filed June 8, 1999).

Q.6. Does the FTC believe that changes are needed in the FCRA's
prescreening rules? Would consumers be affected differently if
changes identified by the FTC or others are made by Congress,
---------------------------------------------------------------------------
rather than by state or local officials?

A.6. The Commission addressed these issues directly in its
testimony on July 10. The Commission recommended that the
preemption of State action on prescreening be made permanent
and that the Commission and bank regulators be granted
rulemaking authority to address the prominence and
understandability of disclosures to consumers of their right to
opt out of prescreen offers. The Commission has not taken any
position with respect to changes or amendments to the
prescreening provisions of the FCRA. Any needed revisions to
this or other sections of the FCRA that are subject to
preemption should be made by Congress and should apply
uniformly.

RESPONSE TO WRITTEN QUESTIONS OF SENATOR MILLER
FROM J. HOWARD BEALES, III

Q.1. Mr. Beales, what is the FTC's jurisdiction over the Fair
Credit Reporting Act? Is it mainly education and guidance?
Enforcement? Answering callers with FCRA questions or all of
the above?

A.1. The FTC has a role to play in each of these areas. The
Commission's jurisdiction under the FCRA reaches firms other
than those expressly assigned to another Federal regulator,
such as banks and savings associations.\22\ Unlike the banking
regulators, the Commission lacks rulemaking authority.\23\
Within those limits, the Commission has been active in all of
the areas you identified. My testimony described many of the
Agency's efforts in consumer and industry education and
guidance.\24\ The FTC continues aggressively to pursue ongoing
consumer and business education initiatives.\25\ The Agency
continues to advance compliance with the FCRA, both through
investigations of possible law violations and through informal
means such as workshops, participation in public programs, and
liaison with industry and other interested parties. The Agency
has an active program to respond to telephone inquiries,
through our Consumer Response Center described above and other
avenues.
---------------------------------------------------------------------------
\22\ Section 621 of the FCRA, 15 U.S.C. Sec. 1681s.
\23\ Section 621(e) of the FCRA, 15 U.S.C. Sec. 1681s(e).
\24\ See http://www.senate.gov/banking/_ files/beales1.pdf at
notes 52-58 and text accompanying.
\25\ See, e.g., the Commission's recently posted alert regarding an
email campaign containing false and misleading information about the
use of consumers' personal information, posted at http://www.ftc.gov/
bcp/conline/pubs/alerts/optalrt.htm, and linked prominently on the
Commission's Internet home page, http://www.ftc.gov.

Q.2. Based upon the daily callers with FCRA questions, what
kinds of problems are they mostly asking about as it relates to
the FCRA? Is there a trend?
A.2. The FTC's consumer complaint database and the limitations
of the information it provides are described above in response
to Senator Sarbanes. As noted there, the FTC received 376,301
complaints in 2002. The five top categories of complaints
related to the FCRA were ``Provides Inaccurate Information''
(13,188 complaints);'' Tails to Reinvestigate Disputed
Information'' (3,030 complaints); ``Knowingly Supplies
Inaccurate Information to Credit Bureau'' (2,486 complaints);
``Provides Inadequate Phone Help'' (1614 complaints); and
``Discloses Incomplete/Improper Credit File to Consumer.''
(1,414 complaints) The complete report of FCRA complaints is
attached as Appendix A.
Appendix B lists the number of FCRA complaints received by
the FTC for the past 6 years. These data do not allow us to
detect trends in FCRA issues. First, 1997 was the first year we
began a systematic approach to complaint handling. With each
passing year, we have improved our ability to collect and enter
the data. For example, our phone counselors are more highly
trained, and we are able to use technology to better handle and
process calls. Thus, our complaint volume has increased.
Similarly, over the course of this time, we have pursued an
aggressive outreach program, which has resulted in higher
awareness of the FTC's consumer assistance program. Put another
way, we receive more complaints because more people know about
our consumer program. For example, in 1997, the FTC received a
total of 13,362 consumer complaints. By 2002, as noted above,
that number had grown to 376,301. Thus, while the data show a
dramatic increase in the number of FCRA complaints over the
past 6 years, there has also been a dramatic increase in the
overall number of complaints received by the FTC during the
same time period. As a fraction of total complaints we receive,
FCRA complaints fell from 11.1 percent in 1997 to 3.5 percent
in 2002.
Finally, as discussed earlier, because this data is self-
reported we cannot conclude that they reflect either the actual
or a projectable incidence of FCRA violations.
Despite the various considerations that preclude explicit
conclusions from the numbers and types of complaints alone, the
most common subject areas of consumer complaints (accuracy,
reappearance of previously deleted items) have typically led
the list of subject areas complained of over the years.

Q.3. Will your updated Commentary that you are working on
reflect the more recent problems raised by callers?

A.3. The Commentary is intended to give guidance to all parties
who are subject to the requirements of the FCRA. The Commentary
will reflect a wide range of Commission experience in enforcing
the FCRA. Additionally, the Commission staff undertook an
informal outreach effort prior to drafting the updated
Commentary. The staff received views from a variety of sources,
including consumer groups, consumer advocates, trade groups,
and industry and public interest lawyers.

Q.4. Of the seven 1996 preemption amendments to the FCRA, which
ones have callers raised the most issues with? Have there been
any problems with the treatment of affiliate information
sharing?

A.4. Consumers have not typically complained about areas
subject to the preemptions in ways that implicate any issue
relevant to preemption itself. We are aware of no complaints
regarding the treatment of information sharing by affiliates.

THE GROWING PROBLEM OF
IDENTITY THEFT AND ITS RELATIONSHIP
TO THE FAIR CREDIT REPORTING ACT

----------

THURSDAY, JUNE 19, 2003

U.S. Senate,
Committee on Banking, Housing, and Urban Affairs,
Washington, DC.

The Committee met at 10:02 a.m., in room SD-538, Dirksen
Senate Office Building, Senator Richard C. Shelby (Chairman of
the Committee) presiding.

OPENING STATEMENT OF CHAIRMAN RICHARD C. SHELBY

Chairman Shelby. The Committee will come to order.
Today, the Committee returns to considering the expiring
preemption provisions of the Fair Credit Reporting Act. As part
of this process, I believe it is essential that we undertake a
thorough review of the larger context in which the Act
operates. And, in this regard, the first thing worth noting is
the truly dynamic nature of the credit markets in our economy.
In just the 6 years since the Fair Credit Reporting Act was
last amended, significant changes have occurred. There are new
participants, new technologies, new information use practices,
and new products. Indeed, there is more that has changed than
has remained the same in the operation of the credit markets
since the last time Congress considered the Fair Credit
Reporting Act.
While many of these changes introduced positive features,
such as more credit and an expedited process for obtaining
credit, not every new development has been positive.
Unfortunately, as our economy has grown more automated,
allowing more and more depersonalized transactions to occur,
and, as the transfer of personally identifiable information has
become much more frequent, a new type of crime that takes
advantage of these circumstances has emerged--identity theft.
Identity theft involves a person using someone else's
personal
information without their knowledge to commit fraud or theft.
Practically speaking, the crime involves misappropriation of
such personal information as a victim's name, date of birth,
and Social Security number. Identity thieves then use this
information to open new credit card accounts, to divert current
accounts from victims to themselves, and to open bank accounts
in victims' names, among other things. The bad charges and the
hot checks usually happen while the victims, banks, credit card
companies, and other firms are unaware that something is amiss.
After all the activity and the skipped payments, businesses
usually take action to get compen-
sated and ultimately cut the thief off.
In most instances, this is when the victims first become
aware of the fact that they have been targeted. It is also when
they begin to experience the negative consequences--dealing
with law enforcement and collection agencies. Soon thereafter,
when the criminals' handiwork shows up on their credit reports,
they face the considerable task of restoring their good name
and credit. Plainly, this crime has many victims. Firms lose
profits. Individuals lose time, money, and peace of mind when
their good name and reputation are tarnished.
In light of the serious nature of the consequences of
identity theft, this issue would merit attention even if there
were only a limited number of victims. Unfortunately, there are
thousands of victims whose numbers are growing at an
increasingly faster pace. Indeed, it has been asserted that
identity theft is the fastest growing crime in America.
This issue tracks across credit reporting in so many ways
that it is essential that we consider it in the context of the
reauthorization of the preemption provisions of the Fair Credit
Reporting Act.
Identity theft prevention, restoration of accurate reports,
and victim assistance, among many other areas, are things that
were not on the radar screen when the 1996 Amendments were
passed into law. These are things we need to be thinking about
as we go forward, things we must be considering if we are going
to meet our goal of ensuring that the law produces the most
effective, efficient, balanced, and fair system possible.
I want to thank the witnesses for appearing this morning
andwe look forward to hearing from them.
Senator Johnson.

STATEMENT OF SENATOR TIM JOHNSON

Senator Johnson. Thank you, Chairman Shelby, for convening
this hearing on identity theft. Identity theft is a growing
problem and yet one that is not well understood. While most
people know where to go in the case of more traditional crimes,
victims of identity theft are particularly hard-pressed to know
where to turn. A call to the local police department,
unfortunately, rarely points the consumer in the right
direction.
Clearly, we need to create a framework to address identity
theft. Back in 1995, when Sandra Bullock starred in ``The
Net,'' a feature film about identity theft, the movie was
classified as science fiction. After reading the testimony of
the witnesses before us today, I think it is clear that we must
confront the reality of this crime.
Today's hearing is on the relationship between identity
theft and the Fair Credit Reporting Act, and, Mr. Chairman, I
believe this is an important hearing. As we know, our credit
reporting system has created a national credit marketplace, and
I think that we are all familiar with the enormous benefits
that come from increased credit opportunities. However, a
national marketplace has created new opportunities for remote
economic crimes where the thief can be thousands of miles away
from the location of the victim.
A couple of days ago, Assistant Secretary of the Treasury
Wayne A. Abernathy, who is well-known to many of us here for
his long service as Committee Staff Director under Senator Phil
Gramm, said something in a speech that struck a chord with me.
He noted that identity theft is not a problem of too much
information. It is a problem of too little information. And by
this, he meant that identity theft happens when creditors lack
the necessary information to assess the credibility of an
applicant.
It is often argued that a uniform national credit system is
our best tool in the fight against identity theft, and in some
sense, Mr. Harrison, who will testify before the panel today,
confirms this by describing the additional problems he
encountered in trying to sort out fraud related to his checking
account where no centralized system similar to the Big Three
credit bureaus is in place.
On the other hand, I am deeply troubled by the apparent
conflict between Mr. Harrison's written testimony and the
claims that the credit bureaus and national credit system are
the answer to identity theft. He appears to have done
absolutely everything right, followed all the rules, contacted
the right organizations, and the
results have, nevertheless, been devastating. I am also
troubled by reports that even when a consumer takes the time to
put a fraud alert on his or her account, those alerts may
sometimes be ignored.
So, I want to make it perfectly clear that I continue to
believe that a single national system provides a critical
opportunity to
address identity theft. And yet we have a responsibility to the
hundreds of thousands of victims of identity theft to make sure
that we fine-tune our system so that it does not take years to
correct a credit record. That is wrong, and that is not what
Congress intended.
What I think is most important, though, is that we do not
make FCRA the straw man for identity theft. The worst thing we
can do is jeopardize millions of Americans' access to credit so
we can claim to have done something about this terrible crime.
So, Mr. Chairman, I look forward to hearing today's
witnesses, and I thank you once again for holding this hearing.
Chairman Shelby. Thank you, Senator Johnson.
Senator Dole.

STATEMENT OF SENATOR ELIZABETH DOLE

Senator Dole. Mr. Chairman, I want to thank you for holding
this hearing today on identity theft and its relationship to
the Fair Credit Reporting Act. Identity theft, as you
mentioned, is frequently cited as the fastest growing crime in
the Nation. However, precise statistics are not available to
properly gauge the full extent of the problem since an
estimated 40 percent of identity theft cases are believed to
involve friends or family members and are never
reported.
Identity theft is a problem that has grown increasingly
more prevalent in the past few years. According to the Federal
Trade Commission, my alma mater, identity theft was the top
consumer complaint received last year, with the rate of
complaints and inquiries increasing at an alarming rate with
the widespread use of Internet technology. There are currently
over 1,700 cases of stolen identity per week that are being
reported.
Fighting fraud and protecting the security of personal
information is a topic that unites financial institutions and
consumers. Each group is harmed by fraudulent use of personal
information. Financial institutions are the victims of fraud
because the financial institution is usually liable for any
losses suffered as a result of the fraud. Consumers obviously
suffer unnecessary inconvenience and insecurity as a result of
fraud, and they can be exposed to additional crimes such as
identity theft. Furthermore, at least a portion of financial
institutions' fraud losses can be expected to be passed on to
consumers in the form of higher prices. There can be no doubt
that when fraud is committed, everyone loses.
With the December 31 expiration of important provisions of
the Fair Credit Reporting Act, we have the responsibility to
examine problems within the system that have been harming both
consumers and financial institutions. It is my hope that in
addition to reauthorizing the Fair Credit Reporting Act, we can
take strong steps toward combatting and preventing identity
theft.
I certainly want to thank our witnesses for joining us here
today. I look forward to working with my colleagues to address
the problem of identity theft in our work to reauthorize the
Fair Credit Reporting Act this year.
Thank you.
Chairman Shelby. Thank you, Senator Dole.
Senator Corzine.

STATEMENT OF SENATOR JON S. CORZINE

Senator Corzine. Thank you, Mr. Chairman, and I commend you
for holding this hearing. I welcome our witnesses and look
forward to hearing their testimony and responses to questions.
This is an important juxtaposition, the Fair Credit
Reporting Act and identity theft, which is one of the many
issues that we need to address here. Identity theft, I think,
plays a central role, if not vital part, in this
reauthorization, which I fully support. I think this problem
has been acknowledged by just about everyone--consumers and
most financial institutions and others who look at it from a
law enforcement standpoint--that there is a real stake that we
need to address inside the concept of FCRA. And I think
everyone acknowledges that identity theft is one of the single
largest sources of consumer-related problems that the FTC deals
with on a regular basis.
The numbers bear that out. According to the FTC, reported
instances of identity theft rose phenomenally, 88 percent in
2002, to 380,000 from 220,000 in 2001. And almost everyone
acknowledges those numbers understate the reality of the
problem that exists. The costs are staggering. Out-of-pocket
costs for victims of identity theft skyrocketed from $160
million in 2001 to $343 million last year. Those are numbers
that are based on reported elements.
I can tell you that in New Jersey there have been multiple
instances of organized crime-related elements involved in
identity theft as well as the individual consumer being put at
risk, several rings that worked up and down the East Coast, and
it is actually quite a recognized concern of consumers in my
community.
Simply put, our consumers are losing the battle against
identity thieves, and when they lose, I think we all lose in
our economy. And I think all of us know that about 70 percent
of our economy is driven by consumers.
While Congress has taken some important steps in this area,
most notably by making it a Federal crime in 1998, some
individuals in financial services have taken voluntary
initiatives--the truncating of credit card numbers, for
instance, which I commend. I think there is more that can be
done.
Next week, I plan on introducing legislation to address the
problem of identity theft. The Identity Theft Notification and
Credit Restoration Act is based on three key principles--
disclosure, prevention, and credit restoration. By the way, I
hope to be able to work with others in refining this and making
it meet the needs of what, I think, is a major problem in our
Nation.
First, it requires financial institutions to make timely
disclosures to individuals, credit reporting agencies, and law
enforcement when their information has been breached, either
computerized or paper records, and compromises that personal
information of those financial institutions' customers.
Second, the bill requires credit reporting agencies, upon
notification of the breach, to place ``fraud alerts'' in the
credit files of
affected individuals. This red flag will alert issuers of
credit to undertake enhanced preauthorization procedures prior
to issuing credit in the name of the individual who has a fraud
alert on their credit file.
Finally, the bill provides victims of identity theft with
access to four credit reports the year following the theft of
their identity to ensure that inaccurate and credit damaging
information resulting from the identity theft does not end up
on their credit file, ruining their ability to operate in our
economic system. The bill improves the ability of all consumers
to monitor the content and accuracy of the information
contained in their individual credit file by providing them
with access to one free credit report per year.
Mr. Chairman, many, including some of the witnesses here,
have articulated that one of the best ways to fight identity
theft is by empowering consumers with more information and
greater awareness of the risks and that this problem is
growing. I think the bill that I am suggesting will do just
that.
I look forward to working with you and the other Members of
the Committee with regard to this very important issue.
Chairman Shelby. Thank you, Senator Corzine.
Senator Crapo.

STATEMENT OF SENATOR MIKE CRAPO

Senator Crapo. Thank you, Mr. Chairman. I, too, want to
thank you for holding this hearing.
As I am sure everyone here knows, the Fair Credit Reporting
Act and the issues that surround it are going to be very
central to the activity of this Committee this year and
critical to our efforts to make sure that the proper protection
of our credit system in this country is accomplished. And part
of that is going to be addressing the question of identity
theft.
I suspect that that may be one of the easier parts that we
address because it may be one where we find the most consensus
among us as to whether there is an issue and how to approach
it. But, nonetheless, it will be one of the more important
aspects of what we do.
This last weekend, I happened to be in a hotel, and late at
night I was flipping through channels, and it is interesting
that Senator Johnson mentioned Sandra Bullock in ``The Net''
because, lo and behold, there it was on television. And at the
time, I wondered, if the media is picking up on the issue of
identity theft by either noticing what we are doing in Congress
and following our lead, or whether we are following their lead
and they are bringing the public's attention to it. Then I
wondered perhaps it was just a coincidence, but I doubt it.
The fact is that across this country, whether it is here in
Congress, among the consuming public, or in financial
institutions, identity theft is becoming an increasingly large
issue. I think as we approach the issue, we want to make
certain that we do it in the context of recognizing the value
of our system of credit in this country today, and not blaming
our system of credit but recognizing that the strength of the
Fair Credit Reporting Act and what we have in America in terms
of the way we approach and manage credit is a strong part of
our system that needs to be protected and that can be used as
the system by which we achieve the objectives to protect
against identity theft.
It seems to me that the Fair Credit Reporting Act and our
credit system in this country is a big part of the solution,
not a part of the problem that we are facing here. And I look
forward to working with the other Members of the Committee on
this issue. I, too, am putting together an approach to this
issue legislatively, and I look forward to working with Senator
Corzine and others who are going to be addressing this because
it will be one piece of a very big part of our approach to the
credit system of our country this year that is critical to
consumers, financial institutions, and, frankly, to the
strength of our economy.
Thank you.
Chairman Shelby. Thank you, Senator Crapo.
Senator Dodd.

STATEMENT OF SENATOR CHRISTOPHER J. DODD

Senator Dodd. Thank you very much, Mr. Chairman, not only
for holding this hearing, but also for your leadership on this
issue. I have enjoyed working with the distinguished Chairman
of this Committee on issues involving privacy for a long time,
and I am grateful, along with others here. But the people who
may be most grateful are the ones who are not sitting on this
panel but others out there, and you are going to hear from some
of them today. Some witnesses have been through almost Kafka-
esque situations in terms of their credit problems and the
like.
You are going to hear from a constituent of mine, Captain
John Harrison, retired from the U.S. Army, a story that will be
hard for you even to imagine what he has gone through, but
rather remarkable what has happened to him and others. So, I
thank you very, very much.
Just to share a couple of thoughts, identity theft is a
matter, obviously, of great concern to consumers across the
country, and it is clear to me that we have to do more to help
consumers safeguard their financial and personal identities.
Being financially secure used to mean, in the United States,
that you had enough money in the bank to see you through a
rainy day. Unfortunately, today being financially secure has
another meaning as well. It means that you have the ability to
stop the improper use of your financial records, and you have
the power to prevent misuse of your name, your financial
history, and your good reputation.
I understand that there are more than 1,300 identity theft
victims in my State alone, a small State, 3.5 million people
each year. As the story you will hear from Captain Harrison
will attest, identity theft can have devastating consequences
on the personal and professional lives of its victims. For
those who have been caught in the tangled web of other people's
lies, the need for reforming the financial system so that it
can better respond to identity fraud is perfectly clear. I want
to publicly thank Captain Harrison. It is not easy. It is hard
enough to go through what he has been through, but now to come
to a public place and talk about what happened to you requires
a certain amount of courage. And I admire people who are
willing to do that, to stand before us and tell us what has
happened to them.
I also want to thank Mike Naylor, Mr. Chairman, and thank
you for asking him to be a witness here today. Mike works with
AARP and has done some excellent work in identifying possible
solutions to the current identity fraud problem. And for truth
in advertising, Mike Naylor is my former Legislative Director,
many, many years ago. He has been in the private sector for a
lot of years and just recently joined AARP. But I think you
will find his testimony worthwhile.
In my view, consumers should be able to seek financial
services without fear. Consumers should be able to rest assured
that their private financial information will be responsibly
maintained by those who have been entrusted with that
information. Companies that collect consumer financial
information must be able to responsibly handle that
information, and such information should not be negligently
published or even intentionally shared without consumers'
consent.
Furthermore, consumers should not only have the right to
know how their personal financial information is being used,
but should also have the right to say no to sharing that
information.
In recent years, we have taken steps to empower consumers
with control over their own financial information. The
Financial Services Modernization Act, also known as Gramm-
Leach-Bliley, for example, enhanced consumer protections and
for the very first time made financial institutions accountable
for notifying consumers about their right to opt out of sharing
nonpublic, personally identifiable information with
nonaffiliated third parties.
The Gramm-Leach-Bliley Act requires financial institutions
to notify consumers of their privacy policies and any plans to
share personal information with another party. And while these
safeguards are an important step toward ensuring consumers'
financial security, I believe much more must be done to afford
consumers greater control over their own financial privacy.
Let me also underscore the point that our colleague from
Idaho, Senator Crapo, has made. I think it is also the balanced
side of this thing. The credit system has worked tremendously
well to ensure us a strong economy in this country, and
striking the balance here is not easy to do, but it must be
done. And I think we can do that. It is going to be a challenge
for this Committee.
Mr. Chairman, thank you immensely for holding these
hearings.
Chairman Shelby. Thank you.
Senator Allard.

STATEMENT OF SENATOR WAYNE ALLARD

Senator Allard. Mr. Chairman, I, like many of my colleagues
on this Committee, want to thank you for your diligence on this
particular issue, both for holding today's hearing as well as
your support for improvement of the Fair Credit Reporting Act.
While
national statistics tend to focus on crimes such as homicides
and burglaries and robberies, the crime of stealing one's
identity is a serious and widespread crime that too often goes
overlooked. Identity theft takes advantage of hard-working
citizens in a situation they simply cannot prevent. Many of
these hard-working citizens, Mr. Chairman, will not even
realize that they have been a victim of identity theft until
they go to apply for a car loan or a loan for their home. Then
suddenly they discover that for some reason or another, they do
not qualify.
This is almost a subject for another hearing, but part of
the problem is that on credit scores, for example, a lot of
consumers do not even realize that there is a system out there
that has an impact on their credit ratings. This system is
based on how frequently a credit card is used; how many credit
cards one has; how many inquiries there are on your name. All
of these actions have an impact on one's credit. So why should
we worry about it? Well, it has an impact on the interest rate
that you might pay on a loan, so there is a hidden cost
associated with this system.
If you talk to victims, there are also issues as far as
legal jurisdiction, and which law enforcement agency is
responsible for enforcing certain laws pertaining to identity
theft. This may need to be covered in another committee, but it
is something this Committee should think about.
The other important question that comes up: Are our
penalties tough enough? When you look at what happens to a
victim of something like this, I think the question that we
need to ask is: Are the penalties tough enough for the
perpetrators?
And so, Mr. President--Mr. Chairman, I hope that you
continue to hold hearings on this important issue.
Chairman Shelby. I support President Bush.
Senator Allard. Yes, sorry about that, Mr. Chairman.
[Laughter.]
Senator Allard. I think we need to look at a number of
different cases to fully understand this problem. The bottom
line is that of the more than one million inquiries that the
Federal Trade Commission received in 2001, 86,680 of them were
identity fraud complaints. This presents a grave situation for
unsuspecting Americans and a challenge for all financial
institutions and businesses in the United States.
While there is an apparent need to protect sensitive
personal information from getting into the wrong hands, there
is also a need for a certain degree of transparency in order
for the U.S. financial and business systems to function.
I would like to thank the witnesses for agreeing to testify
today on this important issue, and I look forward to all of
your testimony.
Chairman Shelby. Thank you, Senator Allard.
Senator Schumer.

STATEMENT OF SENATOR CHARLES E. SCHUMER

Senator Schumer. Thank you, Mr. Chairman, and thank you for
holding this hearing.
Again, this is a really important issue. I have been
concerned and involved in it for over a year, and there is
nothing worse than when your identity is stolen through no
fault of your own and then it takes you years and years to
restore your credit rating. It is an impossible situation. And
it used to be a small situation. You know, this was not done en
masse before the days of computers. Somebody might reach into a
garbage can and find somebody's credit card number and do it.
But we have had instances in New York where whole databases
were stolen by employees selling for 30 bucks an identity or
something like that and making huge amounts of money. Our U.S.
Attorney, Mr. Comey, had a major indictment of this.
So, I certainly agree with what some of my colleagues have
said, I think Mike Crapo, that our credit system and this new
digital age have brought huge benefits. It also brings some
liabilities, and it is our job to focus on those liabilities,
and I think FCRA is an appropriate place to do it.
As I mentioned, Mr. Chairman, this issue is of specific
concern to New York. The city where I live, my hometown, has
the unfortunate distinction of being the identity theft capital
of the United States. We suffer more identity theft than any
other place. My State, New York, has the second highest amount.
And this is mushrooming.
Last year, the FTC nationally received twice as many
complaints about identity theft as in 2001. Many people predict
that by 2006 there are going to be half a million to 700,000
Americans victimized. And this is not just a casual thing. It
changes your life. You cannot get credit. Some people hound
you. It is a huge mess.
So, I think we have to move, and we have to move quickly.
When you destroy a person's credit rating, you not only
jeopardize an honest person's ability to get a credit card,
receive approval for a loan, obviously, but also to get a job,
or to buy a house. Those are ones that go to the core of who
each of us are and what matters to us in our lives.
We should do a number of things, and like some others here,
I have a proposal that I have been floating and circulating.
Before I do that, I do want to mention a couple of other people
who have had--Senator Cantwell has a bill that I have
cosponsored that makes it easier to restore your rating once it
has been stolen. And in the Judiciary Committee, we are working
together with Senator Feinstein in terms of toughening up the
penalties. But there are five or six things I would recommend
to this Committee to look at.
One is to make sure that the credit databases are much more
secure. You do that in a few ways. You make sure that the
people who have access to those credit databases are bona fide
people; make sure they do not have a criminal record; make sure
they have had no other bad histories in the past. All too many
companies do not do that now. Two, let people go into those--
even the employees go into those credit databases on a need-to-
know basis. Most of the companies we found, including the big
case in New York which affected people throughout the country,
any employee could just punch in and get the whole database,
whether they needed it for their job or not. And so the credit
companies should do this on a need-to-know basis. Let the
employees go in there on a need-to-know basis. So those two
things are important.
At the core of the proposal I have made is credit account
notification. Credit reporting agencies should notify a
consumer when a new credit account is opened in his or her name
because we know what happens. They take your name, they take
your birth date, they take your Social Security number, and
they just put in a different address. If the minute, you know,
Chuck Schumer, 05--I should not use my Social Security number--
Chuck Schumer, Social Security number, 123-45-6789, birth date,
January 1, 2001--make myself a little younger. But the minute
that happens, and someone opens up a credit card at a new
address, they should immediately send a notification to my old
address where I really live, and I would say, hey, I did not
move to Evanston, Illinois. And you could stop a whole lot of
identity theft with that simple notification provision. I think
we should do that.
And two other things, Mr. Chairman. I am sorry. I
appreciate the indulgence. We should truncate credit card
receipts. Some companies do this. In other words, the receipt,
the part you discard, does not show the whole number on there
so people cannot go into the garbage can, pick it up, and
duplicate your credit card number. That is easy to do, and some
companies have it and some do not.
Finally, as I mentioned earlier--Senator Cantwell has
worked on this--make it easier if once it is proven bona fide
that you are a victim of identity theft, make it easier to get
your financial life back because that is a real hard thing to
do.
So, I would like to work with you, Mr. Chairman, and others
on this Committee and try to get these changes and maybe put
them in the Fair Credit Reporting Act. I really thank you for
having a hearing on a very much needed topic.
Chairman Shelby. Thank you, Senator Schumer.
It is obvious, I think, here today that there is great
interest on the Republican and Democratic side to do something
about this issue, do something for the consumer, and I believe
we can do it working together.
Senator Bunning.

STATEMENT OF SENATOR JIM BUNNING

Senator Bunning. Thank you, Mr. Chairman, and I want to
thank all our witnesses who are about to testify. It is a very
important hearing and a very important issue.
The technology boom has made most Americans live easier.
With the Internet, we can get information that a few years ago
it would have taken hours to research in just a matter of
seconds. Workers are more efficient. It provides multiple
entertainment options, and people can shop from home.
Unfortunately, the technology boom has also provided many
opportunities for another class of Americans: criminals. We
have all heard the horror stories of identity theft, all of us.
We will hear much more about it today. It is a problem, and we
have to deal with it. Many have had their lives destroyed, and
it has taken years for them to recover. We must make it harder
for the criminal to steal. We must make the punishment fit the
crime. And we must help victims recover quicker.
I think we can accomplish all of these goals. Fighting
identity theft is not a partisan issue, and in the tradition of
this Committee, I am sure we will tackle it in a bipartisan
manner.
I am also pleased to note that the Administration has been
working extensively on this problem. I look forward to working
with them and all of the Members of this Committee so that we
can get a good bill that we can all support and that will help
solve this growing problem.
I am very impressed with the diversity of opinion we have
before us today. Once again, we have the FTC and others who are
about to testify. We have the Secret Service to tell us how to
recognize how identity theft works and how they investigate it.
We have witnesses from the finance and retail industries to let
us know what they are trying to do to prevent identity fraud.
And we have consumer groups here to let us know how the average
consumer is affected and what victims can do.
This is a very important subject, and I applaud the
Chairman for holding this hearing. Once again, thank you, Mr.
Chairman, and all of our witnesses for testifying.
Chairman Shelby. Thank you, Senator Bunning.
Senator Sarbanes.

STATEMENT OF SENATOR PAUL S. SARBANES

Senator Sarbanes. Mr. Chairman, I want to commend you for
holding this hearing. I think identity theft is a very serious
national problem. It is an issue of great concern, obviously,
on both sides of the aisle. Here in the Senate, a number of
Senators actually have already in one way or another indicated
their interest in seeking legislative improvements in this
area. Senator Bennett actually held a hearing 5 or 6 years ago
on the subject of financial instrument fraud. I know that
Senators Bunning, Crapo, Kyl, Cantwell, Daschle, Corzine,
Leahy, Feinstein and many, many others have offered and
supported legislation. I could go on and on. So there is
obviously very keen interest in it.
It is obvious why. Identity theft has become an
increasingly growing problem in recent years. Business Week
recently stated in an article entitled ``To Catch an Identity
Thief,'' ``Identity theft is one of the fastest-growing crimes
in the United States'' The Federal Trade Commission reported
that in 2002, they received over 380,000 consumer fraud
complaints, of which about 162,000, or 43 percent, were about
identity theft. Identity theft complaints far exceeded
complaints about other types of consumer fraud at the FTC. The
number of complaints about identity theft--and many of these
are not reported incidentally, so this is only to some extent
the tip of the iceberg--was 88 percent more in 2002 than in
2001.
Obviously, Americans have strong concerns about protecting
their confidential information. This is an area, Mr. Chairman,
in which you have shown a great deal of concern and leadership.
Honest citizens who are victims of identity theft incur a high
cost in money, time, anxiety, and efforts to correct and
restore their spoiled credit histories and their good credit
name.
I look forward to hearing the testimony of the witnesses
today about ongoing enforcement efforts and what additional
measures can be taken to bring identity theft under control.
I am very frank to tell you that I do think that, in the
context of working on the Fair Credit Reporting Act, this is an
opportunity to encompass within that initiative serious and
effective measures to come to grips with this problem of
identity theft. It is reaching epidemic proportions out there.
It is devastating honest, hard-working, law-abiding people who
become the victims of these, in many instances, very ingenious
schemes, and in some instances brutally simple schemes. And, I
think, as we address the FCRA issue, this is the right
opportunity to address this identity theft question as well.
Chairman Shelby. Thank you, Senator Sarbanes.
Senator Bennett.

STATEMENT OF SENATOR ROBERT F. BENNETT

Senator Bennett. Thank you, Mr. Chairman, and as Senator
Sarbanes has noted so graciously, we did hold a hearing on this
subject back in the days when Senator D'Amato was the Chairman
of the Committee and I had a Subcommittee focusing on financial
services and high technology. I discovered that, at least at
that time, it was not high technology that was the principal
source of identity theft. People would steal mail, and upon
stealing mail they would hope they would get lucky and get some
piece of information that could then be useful to them. And, of
course, the real bonanza would be if they could find a credit
card in the mail.
So, I will be very interested to hear what has happened in
the time since then, and I agree with Senator Sarbanes that it
is very appropriate that these hearings be held in the context
of reviewing the Fair Credit Reporting Act. The Fair Credit
Reporting Act has been attacked by some as being a challenge to
the privacy of individuals, and ironically, the system that has
been created under the Fair Credit Reporting Act in the past
also provides the greatest bulwark against identity theft,
because if you have sound information in a number of different
places, you have the building blocks with which you can rebuild
your credit background and history. And without that
information, without the flow that comes between the various
credit reporting agencies, you have a much more difficult time
reclaiming your true identity.
There was once a movie called ``The Net'' where the heroine
of the movie had her entire identity stolen, and there was no
place she could go to prove who she was because, given the
magic of Hollywood, they were even able to ascribe her
fingerprints to somebody else. Being Hollywood, of course, they
figured it out before the last reel, and she emerged
triumphant. But if there were someplace where she could go to
say this is the sound information about me that has been
accumulated that I can tap into, it would have killed the
premise for the movie in the beginning, which is probably why
nobody went to it. But it is something we should consider as we
are addressing the Fair Credit Reporting Act.
I am very strongly in favor of reauthorizing the Fair
Credit Reporting Act so that we do not get an interruption in
the progress that we have made in the years that it has been
established. But I think a hearing like today's, where we are
brought up to date on the extent of identity theft, the
technological challenge of fighting it, and the various
progress that has been made is a very salutary thing to do.
Chairman Shelby. Thank you, Senator Bennett.
Senator Miller.

COMMENTS OF SENATOR ZELL MILLER

Senator Miller. Thank you for holding this hearing. It is
very timely, Mr. Chairman, and I thank our witnesses for being
here, and I have no opening statement.
Chairman Shelby. Thank you.
On our first panel today we have Mr. Howard Beales,
Director of the Consumer Protection Bureau, Federal Trade
Commission; and Mr. Timothy Caddigan, Special Agent in Charge,
Criminal Investigative Division, U.S. Secret Service.
Gentlemen, we welcome you both here. Your written
statements will be made part of the record in their entirety.
Mr. Beales, we will call on your first. Proceed as you wish.

STATEMENT OF J. HOWARD BEALES, III

DIRECTOR, BUREAU OF CONSUMER PROTECTION

U.S. FEDERAL TRADE COMMISSION

Mr. Beales. Thank you, Mr. Chairman and Members of the
Committee. My name is Howard Beales, and I am the Director of
the Bureau of Consumer Protection at the Federal Trade
Commission. I am pleased to have this opportunity to discuss
identity theft and its relationship to the Fair Credit
Reporting Act. The views expressed in the written statement
represent the views of the Commission, but my oral presentation
and responses to questions are my own and do not necessarily
reflect the views of the Commission or any individual
Commissioner.
Identity theft can be devastating to consumers'
reputations, to their financial well-being, and to their sense
of security. At the FTC, we are fighting identity theft on many
fronts. We are training local law enforces on how they can
fight identity theft, and we are providing local law enforcers
with case referrals from our Identity Theft Data Clearinghouse.
We are also working to keep consumers' financial data safe
through our new safeguards rule, which took
effect at the end of May, and our enforcement actions against
companies that fail to keep their security promises to
consumers.
Just yesterday, we announced a settlement with online
retailer Guess.com for failing to protect consumer data as
promised. We also released a tip sheet for businesses on steps
they should take to assure the security of their online
systems.
Through workshops, educational campaigns, and our identity
theft hotline, we are counseling consumers and businesses on
how to prevent identity theft. We are also providing consumers
with tools such as the uniform identity fraud affidavit to help
them recover more quickly and easily from identity theft when
it occurs.
Today, you have asked for testimony about identity theft
and
the Fair Credit Reporting Act. In addition to harming
consumers, identity theft also threatens the fair and efficient
functioning of consumer credit markets. It undermines the
accuracy and the credibility of the information flows that
support those markets.
Credit bureaus are simultaneously a target for identity
thieves and a valuable resource for combatting identity theft.
The credit reporting system can play an important role in
helping to detect identity theft, in limiting the damage from
identity theft when it occurs, and in helping identity theft
victims clean up the mess that the thieves leave behind.
The Fair Credit Reporting Act helps consumers detect
identity theft by providing consumers access to credit reports
when they need them most. A credit report digests in one timely
document all accounts opened in a consumer's name, and it is
the best way to discover those accounts that may have been
opened by an impostor.
Under the FCRA, a consumer who believes that he may have
fraudulent information in his or her file is entitled to a free
credit report. Moreover, the Fair Credit Reporting Act requires
that a consumer who is denied credit based on his credit report
be notified of the adverse action and given the opportunity for
a free copy of his credit report. This adverse action notice
can alert consumers that they may have bad marks on their
credit record that they do not know about, and the free credit
report helps them to pinpoint the fraudulent accounts. Adverse
action notices provide consumers with a critical safeguard, and
we are vigorously enforcing the statute's adverse action
provisions.
In addition to helping victims detect identity theft, the
credit
reporting system helps limit the damage that identity thieves
can cause. It allows for the placement of a security alert in a
victim's credit file. Currently, the three major credit bureaus
include a standardized format security alert in the credit
reports of identity theft victims. This alert puts potential
creditors on notice that they should proceed with caution when
granting credit in the victim's name.
Finally, the credit reporting system can help identity
theft victims clean up the bad marks caused by an identity
thief. A common problem of victims is that they find it
difficult to get credit, insurance, or employment in the wake
of an identity theft incident because the impostor has damaged
their credit history. The Big Three credit bureaus now allow
victims to block fraudulent information on their credit report
with a valid police report of the identity theft incident.
We are also working with the three credit bureaus to
develop other victim assistance programs. For example, this
spring, the Big Three credit bureaus implemented their joint
fraud alert initiative whereby victims need only make a call to
one credit bureau to get a security alert and a free credit
report from all three. There is always more we can do, and we
are always looking for new opportunities and new ways that we
can make recovery easier for victims when this crime occurs.
I thank you very much for the opportunity to appear today,
and I will be happy to respond to your questions.
Chairman Shelby. Thank you, Mr. Beales.
Mr. Caddigan.

STATEMENT OF TIMOTHY CADDIGAN
SPECIAL AGENT IN CHARGE
CRIMINAL INVESTIGATIVE DIVISION
U.S. SECRET SERVICE

Mr. Caddigan. Thank you, Mr. Chairman and Senator Sarbanes.
Thank you for inviting me to be part of this hearing today, and
the opportunity to address the Committee regarding the Secret
Service's efforts to combat identity crime and protect our
Nation's financial infrastructure.
For over two decades, the Secret Service has been the
leading Federal law enforcement agency for the investigation of
access device fraud, including credit and debit card fraud. We
also continue to share jurisdiction with other law enforcement
agencies in identity crime cases. The explosive growth of these
crimes has resulted in the evolution of the Secret Service into
an agency that is recognized worldwide for its expertise in the
investigation of all types of financial crimes. Our efforts to
detect, investigate, and prevent financial crimes are
aggressive, innovative, and comprehensive.
The burgeoning use of the Internet and advanced technology,
coupled with increased investment and expansion, has
intensified competition within the financial sector. Although
this provides benefit to the consumer through readily available
credit and consumer-oriented financial services, it also
creates a target-rich environment for today's sophisticated
criminals, many of whom are organized and operate across
international borders.
Simply stated, identity crime is the theft or misuse of an
individual's personal or financial identifiers in order to gain
something of value or to facilitate other criminal activity.
Types of identity crime include identity theft, credit card
fraud, bank fraud, check fraud, false identification fraud, and
passport /visa fraud. Identity crimes are almost always
associated with other crimes such as narcotics and weapons
trafficking, organized crime activity, mail theft and fraud,
money laundering, immigration fraud, and terrorism.
Identity crime is not targeted at any particular
demographic; instead, it affects all types of Americans,
regardless of age, gender, nationality, or race. Victims
include everyone from restaurant workers, telephone repair
technicians, and even police officers, to corporate and
Government executives, celebrities, and high-ranking military
officers.
What victims do have in common is the difficult, time-
consuming, and potentially expensive task of repairing the
damage that has been done to their credit, their savings, and
their reputation. According to the General Accounting Office,
GAO, the average victim spends over 175 hours attempting to
repair the damage inflicted by identity criminals.
Identity crimes originate when another person obtains your
personal or financial identifiers. The methods of acquiring
such information can range from so-called ``dumpster diving,''
where the criminal searches through your garbage for billing
statements or other documents that may include personal
identifiers, to insiders who purge information from their own
company's database and place it for sale on the Internet.
The events of September 11 have altered the priorities and
actions of law enforcement throughout the world, including the
Secret Service. As part of the new Department of Homeland
Security, the Secret Service will continue to be involved in
collaborative efforts to analyze the potential for identity
crime to be used in conjunction with terrorist activities
through our liaison efforts with the Bureau of Immigration and
Customs Enforcement, Operation Direct Action, FinCEN, the
Diplomatic Security Service, and the Terrorist Financing
Operations Section of the FBI.
Since our inception in 1865, the twin pillars of the Secret
Service have been prevention and partnership building. We
simply could not fulfill our dual mission of protecting our
Nation's elected leaders and safeguarding our financial
infrastructure without two essential elements: Incorporating
preventive strategies and training, and building cooperative,
trusted relationships with our local, State, and Federal law
enforcement partners.
A central component of the Secret Service's preventive and
investigative efforts has been to increase the awareness of
issues related to financial crimes investigations in general,
and of identity crimes specifically, both in the law
enforcement community and the general public. The Secret
Service has worked to educate consumers and provide training
and resources to law enforcement personnel through a variety of
partnerships and initiatives.
The Secret Service has already undertaken a number of
unique initiatives aimed at increasing awareness and providing
the training necessary to combat identity crime and to assist
victims in rectifying damage done to their credit. This
includes the development of a number of training tools designed
to assist our local law enforcement partners.
Mr. Chairman, I cannot emphasize enough the importance of
sharing our expertise with our local and State police partners
and empowering them with the ability to respond on the local
level to identity crimes. In a Nation of thousands and
thousands of communities and a population exceeding 280
million, providing the first responder--in this case, the local
police officer--with the tools and resources they need to
investigate an identity crime and provide victim assistance is
imperative.
So, in partnership with the International Association of
Chiefs of Police, the Secret Service produces the ``Best
Practices Guide to Searching and Seizing Electronic Evidence.''
The pocket-size guide instructs law enforcement officers in the
seizure of evidence from personal computers, wireless
telephones, to digital cameras.
We have also worked with this group and our private sector
partners to produce the interactive, computer-based program
known as ``Forward Edge,'' which takes the next step in
training officers to conduct electronic crimes investigations.
The ``Forward Edge'' CD-ROM incorporates virtual reality
features as it presents different investigative scenarios to
the trainee as well as provide investigative options and
technical support to develop the case. Thus far, we have
distributed, free of charge, over 300,000 ``Best Practices
Guides'' and over 20,000 ``Forward Edge'' CD's to local and
Federal law enforcement.
In addition, we are nearing the completion of the Identity
Crime Video and CD-ROM which will contain over 50 investigative
and victim assistance resources that local and State law
enforcement
officers can use when combatting identity crime. This CD-ROM
also contains a short identity crime video that can be shown to
police officers at their roll call meetings, which discusses
why identity crime is important, what other departments are
doing to combat identity crime, and what tools and resources
are available to those officers.
Next week, we will be sending an Identity Crime CD-ROM to
every law enforcement agency in the United States. Departments
can make as many copies as they wish and distribute the
resources to their officers to use in investigations. Over
25,000 CD-ROM's are being prepared for distribution.
In short, any police department in the country, regardless
of size or resources, now has access to state-of-the-art
training as well as multiple investigative and victim
assistance resources to help them combat identity crime.
As part of a joint effort with the Department of Justice,
the U.S. Postal Inspection Service, and the Federal Trade
Commission, as well as the International Association of Chiefs
of Police, we have been hosting Identity Crime Training
Seminars for law enforcement officers. In the last year and a
half, we have held such training seminars in Chicago, Dallas,
Las Vegas, Des Moines, Iowa, and Washington, DC. In the coming
months, we have training seminars scheduled in New York, the
State of Washington, and Texas. These training seminars are
focused on providing local and State law enforcement officers
with the tools and resources that they can immediately put into
use in their investigations of identity crime.
For law enforcement to properly prevent and combat identity
crime, steps must be taken to ensure that local, State, and
Federal agencies are addressing victim concerns in addition to
actively investigating identity crime. All levels of law
enforcement should have access to the resources used to combat
identity crime and to assist victims in rectifying the damage
inflicted. It is essential that law enforcement recognize that
identity crimes must be combatted on all fronts, from the
officer who receives a victim's complaint, to the detective or
the Special Agent investigating an organized identity crime
ring.
The U.S. Secret Service is prepared to assist this
Committee in protecting and assisting the people of the United
States, with respect to the prevention, identification, and
prosecution of identity criminals.
Mr. Chairman, that concludes my prepared remarks, and I
will be happy to answer any questions that you or the Members
of the Committee may have.
Chairman Shelby. Thank you very much.
Mr. Beales, one of the outstanding issues in this debate is
determining the actual scope of the identity theft problem. In
a report issued last year, the GAO indicated that, ``It is
difficult to fully or accurately quantify the prevalence of
identity theft. Nevertheless, the prevalence and cost of
identity theft seems to be increasing,
according to the data we reviewed and the many officials of the
public and private sector entities we contacted.'' Do you agree
with that sentiment? Is that an understatement?
Mr. Beales. I think there is no question it is a serious
problem. I think there is also no question that we do not have
a good fix right now on exactly how big a problem it is.
We have been conducting a survey in a random sample of
people to try to find out how many victims there really are. We
are in the process of analyzing that data now and expect to be
able to release it at some point next month. And then we should
have, I think for the first time, a good, solid estimate of
what really is the incidence of identity theft.
Chairman Shelby. Are you working, in that regard, with the
FBI, the Secret Service, and local people to get all that
information?
Mr. Beales. On the survey, no. This was a consumer survey
to figure out how many people have been victims. It is akin to
the victim surveys that are sometimes done in other criminal
areas. And that is what we are doing here.
Chairman Shelby. What is the total number of staffers that
you have involved at the Federal Trade Commission in this
effort? And if identity theft is getting worse, as we all seem
to believe, are you dedicating more and more staff resources to
this area? Or are you standing pat or what?
Mr. Beales. We have a somewhat unusual role in identity
theft because we do not have a direct enforcement role because
it is a criminal problem and we are not a criminal agency.
Where we have substantially increased resources is in
handling the calls. As the call volume has grown, then the
resources that we have to devote to it have grown
correspondingly. And we have really made a significant increase
in the resources that we have devoted to security enforcement
to try to protect data that businesses keep that could become
the source of identity theft. So it is a law enforcement effort
that is really focused on preventing access to the kinds of
data that identity thieves need.
Chairman Shelby. That is your role at the FTC?
Mr. Beales. Yes, sir.
Chairman Shelby. Mr. Caddigan, or Special Agent Caddigan,
excuse me, what is your view as to the level of sophistication
of identity thieves and identity theft practices? In other
words, is there any indication that the thieves are becoming
more organized? I know a lot of them are very sophisticated.
Mr. Caddigan. Yes, sir, they have. I think a simple analogy
would be: I do not need to go to the business to rob it
anymore, I do not need to be in the same town, I do not need to
be in the same State, and, quite frankly, I do not need to be
in the same country.
So when you look at it, that the access to the information
that makes up the predicate offenses of identity crime can be
obtained globally, they move globally----
Chairman Shelby. They can rob without a gun.
Mr. Caddigan. That is correct, sir. And the anonymity that
the access to the Internet provides makes the enforcement
effort that much more difficult.
We do see an increase in organized groups, for example,
gang-related. We do see typical street crimes that would have
been committed by groups that are now using a computer or the
Internet or access to the Internet to get the same kind of
profit return.
Chairman Shelby. Are the identity thieves generally
sophisticated enough to determine weaknesses in the system, in
other words, do the thieves evolve?
Mr. Caddigan. They do evolve, sir. We find that the
organized hacking groups that hack systems, whether it be
business, public, or private, they hack for the thrill of the
hacking. It is a personal challenge. But the rewards are the
database files that they can get out of a business or an
enterprise that are readily sellable on the Internet market.
Chairman Shelby. Kind of high value to the thieves.
Mr. Caddigan. Yes, sir.
Chairman Shelby. Help us understand what an identity thief
could do, for example, if he or she obtained, a name, a Social
Security number, and a mother's maiden name; the full contents
of a credit report. I know you can speak to all of it.
Mr. Caddigan. With that information, you can pretty much
have--well, assuming a good name that you have collected----
Chairman Shelby. You can ruin somebody, can't you?
Mr. Caddigan. You can definitely ruin somebody, and there
are many case examples of where that has occurred.
Chairman Shelby. How do thieves routinely go about
obtaining these pieces of information? I know that they do not
all go to the dumpster.
Mr. Caddigan. They all do not. That would be, obviously,
the low-tech aspect.
Chairman Shelby. But some do.
Mr. Caddigan. The low-tech aspect are just thieves, and
thieves steal mail and information and anything they can get
their hands on. The higher-tech, then we get into the hacking
groups that work internationally, and there is a trade in the
product. The end user typically would buy--it is very simple to
buy that information over the Internet.
Chairman Shelby. Are the older people in America, people
like me, 39 and older, are they generally a lot of the victims?
Mr. Caddigan. You know, I do not know that we find that to
be the case. I think the demographics----
Chairman Shelby. Cuts across everything?
Mr. Caddigan. Cuts across the whole spectrum.
Chairman Shelby. With what you know about criminal
activity, do you have any ideas that you can share today about
the steps that all of us as consumers can take to protect
ourselves? And, also, how can the industry protect itself ?
Because, you know, we are
interested in both.
Mr. Caddigan. There is a tremendous need to identify you as
a consumer to a business, and that is readily recognized. So
that information is necessary to affect trade.
Where you can safeguard yourself is simple things at home.
If you receive the preapproved credit applications in the mail,
do not just throw them in the trash. Shred them. Your bank
statements, shred them. That sounds a little drastic, but,
again, the dumpster diving does occur. It not only occurs at
your curb; but also it occurs at the facilities that trash
companies use and the dumps that they go to. So the more you
can safeguard the information at your level, the better.
The other thing, be very wary of anyone that might call or
reach out to you, Internet, telephone, e-mail, or otherwise,
asking for your identifiers. If you have not solicited that
information or that service, you should not be giving anyone
anything.
Also, be very wary of companies that use spam. We have many
examples on the Internet to where an Internet provider has been
victimized because someone has accessed their system, provided
a questionnaire under the head of that Internet provider, and
people readily give it thinking it is valid.
So there are a lot of good anecdotal data that the less you
give out, the better protected you are.
Chairman Shelby. Thank you.
Senator Corzine.
Senator Corzine. Thank you, Mr. Chairman.
I think the scope of questions that you raised are highly
valuable so that we understand the nature of the problem. But
when we are speaking about understanding it, one of the
disciplines of financial markets is the information that people
have about their own information that is involved in the
system. That gets at a question that I think was asked to Mr.
Beales in the House Financial Services Subcommittee. Do
financial institutions have any requirement to notify a
consumer if there is a security breach? Is that a weakness or a
strength of our system?
Mr. Beales. There is not at the present time, as far as I
know, a requirement to notify consumers if the information has
been breached. We think in many circumstances that notice to
consumers clearly makes sense.
There may be some circumstances where you are fairly sure
about how the information was lost, where there is not much of
a risk and not much benefit to notifying the consumer. But we
think in most cases certainly the best practice is to notify
consumers when the information has been compromised in a way
that puts them at risk.
Senator Corzine. It is hard for me to imagine circumstances
where personal information is breached without authorization
that it would be a positive. Maybe it is a neutral, but I
certainly can imagine situations where breaching poses a risk
and certainly limits the individual's ability to clean up their
credit history.
Is there a voluntary program on the part of the credit
reporting agencies or credit-monitoring agencies, the Big
Three, or any of the financial institutions? Has there been a
survey taken about how much notification of consumers is
actually taking place with regard to breaches?
Mr. Beales. We know of notification in a number of
incidents. We do not know systematically as to how frequently
that happens or what fraction of all incidents it occurs. It
clearly happens in many cases, but we do not know what
fraction.
Senator Corzine. And do you have any sense of the
proportion or the awareness or how quickly even in those
instances where
institutions do notify, how quickly individuals know that so
that damage is not done? This is, by the way, costly both to
the industry and to the individual, I presume, if someone has
stolen an identity. Is there any sense or timing with respect
to how people become aware? Since there is no requirement, I
guess there is no deadline on that process.
Mr. Beales. No, and there is no systematic monitoring of
how long it takes. I think the big question is how long does it
take to discover the breach. In many cases, that is maybe the
main determinant of how much consumers are at risk is how much
time went by before the breach was discovered at all.
I think one thing that is really important in those
circumstances is for the financial institution or whoever it
was that was the source of the information to make contact with
the credit bureau, because that is in many ways the promptest
way to get the information into the right places, to give it
directly to the credit bureau that these accounts may have been
compromised.
Senator Corzine. So the primacy of the credit bureau to the
individual?
Mr. Beales. What the individual has to do in order to
reduce the risk is to call the credit bureau, and by making
contact with the credit bureau in the first place, A, the
credit bureau knows that they are going to get a lot of calls
and what is going on and can be ready to handle that volume
without being disrupted; and, B, in some circumstances, the
fraud alert can be placed quicker and the risk reduced quicker
rather than waiting for a letter to go to the consumer and the
consumer to respond to the letter and place the fraud alert.
Senator Corzine. They could do that simultaneously, I
presume, both the individual and the credit bureau.
Mr. Beales. Sure. There is no reason for contacting a
credit bureau to delay a notice to the individual, but it is an
important part of the process.
Senator Corzine. Access to credit reports--and I apologize
for running over here--conceptually, do you believe that this
is an important element in being able to have an individual
maintain certainty about their credit status and ability to
manage their credit profile in this complex but important and
well-functioning system in many ways?
Mr. Beales. I think it is a critical part of the system,
and the way the system functions now with notice when there is
an adverse decision based on a credit report or when there is
fraud, in either of those circumstances the consumer is
entitled to a free credit report that will let them identify
the problems and start the process of correcting them. And I
think that is a crucial component for maintaining the accuracy
of the data that is in credit reports.
Senator Corzine. Thank you.
Chairman Shelby. Senator Dole.
Senator Dole. Mr. Beales, I would like to ask you about the
affiliate-sharing preemption in the Act. In efforts to prevent
identity theft and to detect it, is this preemption helpful or
does it harm efforts?
Mr. Beales. I think information sharing is really a key in
the fight against identity theft. I think it is important for
the creditor to know more about the real you than the thief
knows, and that way the creditor can ask you a question that
only the real you can answer and the thief cannot answer.
Some of that information comes from affiliates, and some of
it may come from databases from outsiders, and some of it may
come from credit reporting agencies.
All of those sources are important to the overall sharing
of information that makes it possible to detect that the
identity thief is, in fact, a thief.
Senator Dole. Let me just ask you the same question about
the prescreening preemption.
Mr. Caddigan. I think information----
Senator Dole. How do you see--go ahead.
Mr. Caddigan. I would concur with Mr. Beales. Anytime there
is information sharing that you can more quickly identify fraud
or the potential for fraud, the easier it is to eliminate the
problem as an individual. And I think as a total problem, the
education and information sharing is critical from the
enforcement perspective.
Senator Dole. What about the prescreening preemption?
Mr. Beales. We do not think that, based on the data we have
seen, there are clearly instances where prescreening may lead
to identity theft in that particular case. In the data we have
seen, though, the overall losses to identity theft seem to be
lower on prescreened accounts than they are on just general
applications for credit. So, we do not think that prescreening
in any systematic way contributes to identity theft or
contributes to the problem.
Senator Dole. And with regard to the widely reported cases
of credit reports being stolen, I would like to ask both of
you: Do you think the problem is primarily due to a lack of
security in the system? Or is it just a cost of doing business,
a fact of business in this technological age? Which would you
say is primarily responsible?
Mr. Caddigan. I think on the user end of the consumer
information. If you talk about the credit bureaus, speaking
again from the enforcement perspective, we have very sound
relationships with them, and we have worked extensively over
the years. They take great measures in safeguarding their
information. So when a person is violated, it is usually at the
user end, and that is part of the education process that I
think not only law enforcement does, but also I know the FTC
does with businesses, is to teach them better safeguards with
regard to their IT systems that control access to these credit
reports.
There are many examples of someone who legitimately has
access to report files who, for whatever reason, left his
computer on when he walked away or granted access to others not
knowing that they then could have access. So there are
safeguards that are evolving, but we still find instances where
they are not safeguarded.
Senator Dole. Mr. Beales.
Mr. Beales. Our safeguards rule that went into effect at
the end of May really views security as a process. It asks
companies to identify the risks they face and then look for the
steps that they can take to reduce those particular risks.
I think one thing that is clear about security, though, is
that the threats evolve, and that as you put in place a
mechanism to deal with the last problem, identity thieves and
other thieves will try to find ways around that. So businesses
need to be constantly alert to adjust the precautions that they
take in order to deal with new and emerging threats and adjust
their plans accordingly.
When we see a breach, and particularly if it is a credit
bureau, it is something we are very interested in as to whether
there may have been a law violation in that particular case or
a violation of our rule. We work with other law enforcement
authorities and determine, you know, who can best take
appropriate action in any particular case.
Senator Dole. Agent Caddigan, could you just give us an
idea of the percentage of identity theft cases that are
perpetrated from outside the country over the Internet?
Mr. Caddigan. I don't know that I can give an accurate
percentage. I can say that we see more and more case examples
of where we have traced the origin of the crime to overseas
sources, all four corners. I cannot pick a country or a sector.
But we do see a tremendous rise in Internet hacking activity
that leads us overseas.
Senator Dole. Thank you. I believe that my time has
expired, Mr. Chairman.
Chairman Shelby. Senator Sarbanes.
Senator Sarbanes. Gentlemen, we are pleased to have you
here. I really want to get beyond where we are, telling about
the problem and how it is expanding and all that, and find out
what we can do about it. It seems to me the burden is on the
two of you and your respective agencies to give us a list of
things. I am going to ask you for that in a moment, but I want
to run through some questions with you first.
Do you think a consumer getting their credit report is
helpful in checking identity theft? Is that a helpful,
preventive technique?
Mr. Caddigan. Yes, sir, I do.
Senator Sarbanes. Some States now require that the consumer
get a free report, right?
Mr. Caddigan. Yes, sir.
Senator Sarbanes. What would be the problem if the Federal
law required everyone would be able to get a free report if
they requested it?
Mr. Caddigan. From an enforcement perspective, I do not see
a problem.
Senator Sarbanes. Wouldn't that be a pretty common-sense
thing to do?
Mr. Caddigan. Correct.
Senator Sarbanes. Now it puts a little extra burden on the
agencies, but it seems to me if we are going to be serious
about doing something like this, that is a common-sense thing
to do. Georgia actually, I think, is the one State that
requires that you can get two free reports in a year. In a
number of other States, including my own, you can get one every
year. But we have left it to the States to do it. They want
preemption from State law on the Federal credit reporting which
we are now considering. We need some standards if we are going
to preempt from the Federal level. It seems to me an obvious
standard, just as a starter, would be a free credit report. Do
you disagree with that?
Mr. Caddigan. I do not, no, sir.
Senator Sarbanes. Mr. Beales.
Mr. Beales. The Commission has not taken a position on free
credit reports.
Senator Sarbanes. Why not?
Mr. Beales. The staff is continuing to analyze that and a
variety of other suggestions that----
Senator Sarbanes. We are going to push the staff hard to
get some suggestions up here.
Now, let me ask another question----
Chairman Shelby. Senator Sarbanes, our staff will not need
to be pushed.
Senator Sarbanes. No, not our staff. Their staff.
Chairman Shelby. That is what I meant.
[Laughter.]
Our staff will be helping us with the legislation.
Senator Sarbanes. All right. Now some have suggested that
the practice of mailing out preapproved credit card
solicitations may increase the incidence of identity theft, and
also sending out these unsolicited credit card convenience
checks. Does that increase the risk of identity theft?
Mr. Caddigan. I think over the years we have seen a change
in those type of mailings, where it used to be basically an
application was sent to you completed, you signed it and sent
it back. So the mail theft or the dumpster diving or that type
of activity made vulnerable to identity theft.
The later documents that we see, name and address, and the
focal point would be if you signed it and sent it back and
changed your address, that is an automatic decline. The product
itself, if handled appropriately at both ends, does not lead to
potential identity crime. I think the misuse of it or the
mishandling of it has potential for identity crime.
Senator Sarbanes. We are going to have to look at that
because we are sympathetic to expanding commerce and so forth
and so on, but it may be at some point this expansion opens up
vulnerabilities. And then you have to trade off the question between
curtailing the vulnerabilities and perhaps losing some
expansion of commerce.
Now, I know that is going to raise a problem to those who
send out these preapproved credit card solicitations or these
unsolicited credit card convenience checks. But we need to look
at that and see how much it is contributing to the problem,
whether this is something that can be checked.
There is a notion here that any technique can be used to
kind of draw the consumer in, and then if they become a victim
of identity theft, it is kind of, well, it is too bad for the
consumer and maybe some way we will catch up with it or somehow
or other and things will get corrected. But we may need to take
steps up front to reduce the exposure to the identity theft
happening.
Now let me ask you this question. A May 2003 survey
conducted by the Harris Interactive Service Bureau of employees
and managers with access to sensitive customer information--
this raises a problem that I think is very difficult to deal
with--shows that 66 percent say their coworkers, not hackers,
pose the greatest risk to consumer privacy. The Washington Post
had an article, ``Identity Theft More Often an Inside Job,''
and they are raising the question that it comes from insiders.
What is your view of that?
Mr. Caddigan. I would agree wholeheartedly. The insider is
the greatest threat to business today. One of the things that
the Secret Service has undertaken over the last year, year and
a half, is an insider threat study. We have gone to businesses,
we have gone to financial institutions, we have gone to victims
of that type activity in order to determine whether we can
develop indicators to try to prevent that.
At the same time, we are working with those private sector
enterprises and helping them design safeguards to their system
that can better secure against the insider threat. So, I would
agree wholeheartedly that that is a major problem in business
today, the safeguard of that personal information from business
to business, and there are no standards.
Senator Sarbanes. Do you have proposals or suggestions that
you make to businesses of measures they could take to guard
against this. Is that right?
Mr. Caddigan. That is correct.
Senator Sarbanes. And you seek their cooperation to do that
on a voluntary basis.
Mr. Caddigan. That is correct.
Senator Sarbanes. Is that right?
Mr. Caddigan. Yes, sir.
Senator Sarbanes. If the measures have been carefully
vetted and thought through, and if it is the judgment of law
enforcement and other objective people that these measures
would be effective, should not thought be given to requiring
that these measures be taken?
Mr. Beales. Senator, if the business is a financial
institution, under Gramm-Leach-Bliley there is a requirement
that they take security steps, either under FTC rules or under
the corre-
sponding----
Senator Sarbanes. Do you have rules that would implement
what Mr. Caddigan just told me he is trying to get them to do
voluntarily on this issue?
Mr. Beales. Our rule requires a process rather than
specific approaches. The rule requires businesses to identify
the risks they face and take appropriate steps to reduce those
risks. The risks are different for different companies and in
different circumstances.
Senator Sarbanes. We have to get at this problem.
Mr. Beales. I agree completely.
Senator Sarbanes. We have to get at this problem. We cannot
continue to pussyfoot around with it. And there is an
opportunity here, as we shape this legislation, I think at
least, to do something about this identity theft--this is
ruining the lives of a fair number of people across the
country. And it is a matter of growing concern in the public's
mind.
You are on the battlefront. We need to hear from you. Let's
go beyond the great divide and hear from you about things that
you think should be done, requirements that we can put into the
law. Otherwise, one of the pressures that will come up from the
State level and the consumers not to extend this legislation
and the preemption will be the argument that this issue is not
being
addressed, and if you would just let us get at it, we will take
measures to deal with this.
Now if you want the national system--and there are economic
arguments for it that I recognize, then you have to give some
thought to some national standards that bring this problem
under control. And we need from you a list of possibilities.
Maybe it is in your dream world, you never thought it would be
possible. All of a sudden here you are, you have some Senators
asking you to give us the list.
So, Mr. Chairman, I hope they will go away from here today
and come back to us with some detailed suggestions in this
regard.
Chairman Shelby. Senator Sarbanes, I think you are
absolutely right. But I think rather than possible, I think it
is probable.
Senator Sarbanes. Yes.
Chairman Shelby. Senator Miller, I am going to recognize
you. We would be interested in what Georgia does.
Senator Miller. Senator Sarbanes has already stated it, and
we have had that for some time.
I think I am asking the same question Senator Sarbanes was
getting at, but I would phrase it this way. This is to Mr.
Beales. Do you think any new legislation is needed on identity
theft, or can it be handled with the current rules and
regulations?
Mr. Beales. The one piece of legislation that the
Commission has taken a position on is the penalty enhancements.
I think that would be appropriate and useful in attacking this
problem.
We are looking, as I said, at a variety of possible
proposals, and we will come back at some point with a list of
possibilities that we think are good. But we are not ready to
do that yet.
Senator Miller. You are going to have to get in a hurry to
get in front of this Committee. You realize that, don't you?
Mr. Beales. Yes, sir.
[Laughter.]
We actually left people behind to work on it, sir.
Senator Miller. That is all I have.
Chairman Shelby. Senator Sarbanes.
Senator Sarbanes. I just want to make one comment about the
penalty enhancement. The Commission has to get moving. The
penalty enhancement is important but it is not enough, and I
know there is--but I am reminded of John Coffee's statement
when we were working on the securities issues, he is a
Professor of Securities Law at Columbia University School of
Law. And they asked him, ``What about all these penalty
enhancements that the Congress is doing?'' He said, ``Well,
they are fine, but they need to do other things, preventive
things in terms of the system that prevent it from happening in
the first place.'' The penalty enhancement, the damage has been
done. You are just coming along trying to punish the person and
create a deterrent, and there is a certain effect from that,
obviously. I do not deny, although Coffee told the story, that
in 18th Century London the penalty for pickpocketing was
hanging. That was the penalty. And, of course, the hangings
were public in the public square, and huge crowds would
assemble to see the hanging.
They caught this pickpocket, they tried him, they convicted
him, and they sentenced him to hanging. So the day of the
hanging, thousands of people gathered to see the hanging of the
pickpocket. And working the crowd of thousands of people were
hundreds of pickpockets.
Chairman Shelby. That is exactly right.
[Laughter.]
Senator Sarbanes. So, I want to prevent it from happening
in the first place.
Chairman Shelby. Senator Sarbanes, I think you are very
much on track, you and, I believe, people on both sides of the
aisle here.
One or two of the main objects here in the renewal of this
legislation or to make it permanent, one is preemption, second
is affiliate sharing. I agree with Senator Sarbanes. I think we
would be derelict in our duty if we did not address the
consumer problems in this bill, especially today, how to
prevent and tighten up on identity theft. And I believe this
Committee has already sent a message on both sides of the aisle
that we are going to do this.
Mr. Beales, you mentioned the benefit of adverse action
notices in making consumers aware of problems with their credit
reports and possibly detecting identity theft. In light of the
movement of our credit system to an automated risk-based
pricing system, do consumers, all of us, still receive adverse
action notices when there is negative information on their
credit report? Or do they simply receive a counter-offer at a
higher price of credit?
Mr. Beales. In many instances, in the credit area, they
receive a counter-offer at a higher price. Under the law, if
the consumer accepts that counter-offer, there is no adverse
action because the FCRA definition is coupled to the definition
under the Equal Credit Opportunity Act. If the consumer rejects
that counter-offer, then there is adverse action and the
adverse action notice goes.
Chairman Shelby. Okay. Do adverse action notices still
effectively serve this purpose if creditors do not reject
credit applicants but simply offer them credit at a higher
rate? In other words, how would a consumer know to look at
their credit report without the adverse action notice? They
would not know, would they?
Mr. Beales. They would not know that that was the source of
the information that it was based on. I think that is right.
Chairman Shelby. That is a flaw here, is it not?
Mr. Beales. It is a concern.
Chairman Shelby. Wait a minute. It is a concern. It is
something that should be correct, isn't it?
Mr. Beales. Well, the difficulty--the balance of the
adverse action notices----
Chairman Shelby. We will deal with the difficulties. Just
say is it a concern, is it a concern, it is something that
needs to be corrected?
Mr. Beales. It is a problem, but like all problems, it has
costs to fix it. And that is what the balance is.
Chairman Shelby. We are not talking about that. We are
talking about trying to prevent identity theft, trying to
protect the consumer here. And you have been waffling here all
morning.
Mr. Beales. As I said, the Commission has not taken a
position. I think that there is--adverse action notices have
narrowed as we have moved to risk-based pricing. But, on the
other hand, if you give notices too widely and in too many
circumstances, then it no longer--I mean, it becomes something
that people ignore. The adverse action notice, as it was
originally envisioned, fit well in the set of circumstances
where consumers needed to pay attention to the credit report
and did not raise a lot of false alarms. I think how to
preserve that balance of doing both jobs is definitely an issue
and one that we are looking at.
Chairman Shelby. Senator Sarbanes, do you have anything?
Senator Sarbanes. I think Senator Bennett----
Chairman Shelby. Senator Bennett, do you have any
questions?
Senator Sarbanes. I do not think he had a turn yet.
Senator Bennett. Yes, my constituents come to see me, and
important as you are, the voters in Utah who need to get their
pictures taken sometimes have a higher sense of urgency.
As I deal with this issue over time, I have a reaction that
I would like to share with you. First, let me say, going back
to that first hearing that we held in my Subcommittee some
years ago, I am very heartened at the progress that has been
made. We were basically in this room looking at each other
throwing up our hands and saying, ``What can we do?'' And the
hearing highlighted a whole
series of problems and very, very few, if any, strategies with
which to deal with the problem. So, I am heartened by the
degree of involvement both of the Secret Service and the FTC.
We have come a long way, and I think we should not lose sight
of that fact.
There seems to me to be a very interesting paradox here.
The more information we can get in the hands of what I would
call the good guys--that is, people who want the information
for legitimate purposes, they want to improve their service to
the customer, they want to be more efficient in offering
products that the customer might use, and they use the
information, therefore, for benign purposes--the better off we
are.
At the same time, the more information that we get in the
hands of a wider number of people, by definition, the more
vulnerable we are. And there is the paradox. We want affiliates
sharing information, your response to Senator Dole. We want
people at a wide range to have the information so they can
check against each other when something seems to be going
wrong. And at the same time, we do not want anybody to see
this, for fear they might steal it.
And that, I think, is the challenge that is facing the
Congress, how to see to it that we take steps to prevent people
from stealing information, but do it in a way that does not
harm the beneficial effect of having this information in the
hands of a fairly large number of good guys, people who will
use it for benign purposes rather than evil purposes. Is that a
fair characterization of the challenge we face here?
Mr. Beales. I think it is. I think that is exactly the
nature of the problem. I believe the challenge is to try to
control access in a way that keeps information from getting to
the bad guys but makes as much information as possible
available to the good guys. There are inherent risks that
remain of the information being there, but if you hide the
information, then you can pretend to be anybody.
Senator Bennett. So paradoxically, if I am understanding
exactly what you are saying, you could make identity theft
easier if you restricted too tightly the use of this
information on the part of the good guys?
Mr. Beales. Yes, sir, I think that is right. In fact, one
claim that has been made to me in my discussions of this issue
is that one of the reasons for identity theft is that now you
have to make up a real person because the information sharing
system means you cannot just make up a name and an address
because that will not work. The information sharing system will
let us tell that there is no such person. So the name and
address has to be a real somebody in order to apply for credit
under a false identity.
Senator Bennett. In an attempted to block identity theft,
it seems to me the privacy advocates and the users of
information are really on the same side. That is, the people
who use the information to make marketing decisions and credit
decisions do not want the information to leak because that will
destroy their opportunity to serve a customer whom they hope
will become a repeat customer. And the privacy advocates also
do not want the information to leak.
I make that point because I feel, at least in the press,
which loves to create controversy, the standard of the schools
of journalism is you fight about it, we will write about it.
And if you are not fighting, I have discovered since I got into
politics, they will precipitate the fight and create
antagonisms that they can write about even if those antagonisms
do not exist.
So in the press, there is an antagonism between the
business community that says we need this information, and the
privacy advocates who say no it is bad if you get that
information. In fact, the real alliance should be the business
committee and the privacy people together saying it is good for
there to be a widespread background of information, as long as
it is protected properly. Because if there is a leak, that
reservoir of data becomes very helpful in reconstructing the
real identity of the individual and fighting the evil effects
of having that leak out there.
Once again, is that a fair summary of what the real world
is or am I reaching too hard for something?
Mr. Beales. No, I think there should be some commonality on
the identity theft issues of looking for sensible restrictions
to prevent access by the wrong people. Identity theft is a
problem that happens where information is used for ways that
nobody ever contemplated, nobody ever intended, where in a
great many instances the information is simply stolen and it is
in everybody's interest to try to control that problem.
Senator Bennett. Thank you, Mr. Chairman.
Chairman Shelby. Senator Sarbanes, any questions?
Senator Sarbanes. I do not, but I want to follow up on what
Senator Bennett has said, the line he has just been pursuing,
because I have some concern about it and I do it with reference
to Mr. Caddigan's statement. You say, ``The burgeoning use of
the Internet and advanced technology, coupled with increased
investment and expansion, has intensified competition within
the financial sector. With lower costs of information-
processing, legitimate companies have found it profitable to
specialize in data mining, data warehousing, and information
brokerage. Information collection has become a common by-
product of newly emerging e-commerce.''
Only you go on to say, ``This has led to a new measure of
growth within the direct marketing industry that promotes the
buying and selling of personal information. In today's market,
consumers routinely provide personal and financial identifiers
to companies engaged in business on the Internet. They may not
realize that the information they provide in credit card
applications, loan applications, or with merchants they
patronize are valuable commodities in this new age of
information trading. Consumers may be even less aware of the
illegitimate uses to which this information can be put. This
wealth of available personal information creates a target-rich
environment for today's sophisticated criminals, many of whom
are organized and operate across international borders.''
One of the questions, it seems to me, we have to face is
whether this information gathering and warehousing and
databanks that are created for marketing strategies are
extending or enhancing the availability of information which
opens it up even more to identity theft. That is a purpose that
is probably beyond the consumers horizon of why he or she is
providing the information in the first-place, and goes beyond
the purpose they sought to achieve.
I am with Senator Bennett up to a point. In other words,
you are providing this information. You need checks on it and
so forth, and you provide it in order to let us say get a
credit card. And then you use the credit card. The question is
whether that information is taken and merchandised for other
purposes and whether the merchandising of it for other purposes
creates a vulnerability which can then be exploited for
identity theft. Whereas if it had been more limited, although
you need the exchange of information within the limitation, but
if it had been more limited, you would not have had the same
exposure. Do you see the question I am asking?
Mr. Caddigan. Yes, sir, I do and I agree wholeheartedly. I
think the information, when it is used in a check and balance
situation, actually does prevent fraud. The institutions that
work in this arena can site example and statistics to that
effect. I think once that information is passed on again, every
time it is resent or reprovided, you increase the risk of
identity theft greatly.
So from a law-enforcement perspective, I concur exactly.
The dividing line is the issue. Where should it be used and
where is it marketed to where it becomes vulnerable, accessible
to organized groups, and thus causes a problem.
Senator Sarbanes. Thank you, Mr. Chairman.
Chairman Shelby. Senator Dole, do you have other questions?
Senator Dole. No.
Senator Bennett. Mr. Chairman, can I follow up with just
one quick question?
Chairman Shelby. Yes, Senator Bennett.
Senator Bennett. I will not prolong this. As I hear your
answer, Mr. Caddigan, I just in my own mind, just to get it on
the record, see a difference between selling the information to
some outside group whose purposes you really do not understand
or know anything about, and using the information within your
own organization. We are back to Senator Dole's question about
an affiliate sharing. Would you agree that there is a
difference between sharing that information within the umbrella
of say a large financial services organization, from one
affiliate to the other? That that would be a lesser degree of
vulnerability than say selling it to somebody whose business
purposes you really do not understand?
Mr. Caddigan. Yes, sir, I would agree with that.
Chairman Shelby. Senator Sarbanes.
Senator Sarbanes. Let me just continue here for a moment.
It was noted here at one hearing that Citicorp has hundreds of
affiliates, just to leave that point with you, hundreds, maybe
thousands.
Chairman Shelby. Several thousand.
Senator Sarbanes. Was it several thousand affiliates of
Citicorp?
Chairman Shelby. Yes.
Senator Sarbanes. Thank you.
Chairman Shelby. Senator Miller.
Senator Miller. No questions.
Chairman Shelby. Thank you, gentlemen, for your appearance
today. We appreciate you testifying.
Senator Sarbanes. Mr. Beales, we are going to keep after
the FTC here. I don't know. You keep telling us they have not
decided, they have not decided. They have to start deciding
pretty soon.
Chairman Shelby. They are going to be behind the Committee.
Senator Sarbanes. That is a sorry state of affairs.
Chairman Shelby. Thank you.
Our second panel will be composed of Michael D. Cunningham,
Senior Vice President, Chase Cardmember Services; Captain John
M. Harrison, U.S. Army Retired, consumer witness; Stuart K.
Pratt, President and CEO, Consumer Data Industry Association;
Linda Foley, Executive Director, Identity Theft Resource
Center; William Hough, Vice President of Credit Services, The
Neiman Marcus Group; and Michael W. Naylor, Director of
Advocacy, AARP.
We appreciate all of you appearing here today, if you will
take your seats as soon as you can.
In the meantime, I will announce again that your written
statements, which will be made a part of the record in their
entirety without objection, and these hearings are well
attended, as you know, and very interesting. There are a lot of
consequences, so you see the interest here.
If you could sum up, just briefly, your top points because
we have your written testimony, as I have just indicated, we
would appreciate it in the interest of time.
Mr. Cunningham, we will start with you.

STATEMENT OF MICHAEL D. CUNNINGHAM
SENIOR VICE PRESIDENT, CREDIT AND FRAUD OPERATIONS
CHASE CARDMEMBER SERVICES

Mr. Cunningham. Thank you, Mr. Chairman, Members of the
Committee. My name is Michael D. Cunningham and on behalf of
J.P. Morgan Chase & Co., we greatly appreciate this opportunity
to appear before the Committee and share our experience with
the issue of identity theft. I ask that my written statement be
placed in the record.
Chairman Shelby. It has been.
Mr. Cunningham. I serve as the Senior Vice President for
Credit and Fraud Operations for Chase Cardmember Services.
Protecting our customers from identity theft and fraud is a
major priority for our company. We utilize both leading-edge
technology and hands-on intervention by over 750 specially
trained Chase employees. And we detect over 70 percent of all
fraud before the customer even knows it has occurred, and we
continue to improve on that number every year.
While identity theft and what we call credit card fraud
both constitute fraud, we would like to distinguish the two for
policy purposes. We place identity theft into two basic
categories: Fraudulent applications and account takeovers.
Together these types of identity theft account for 4 percent of
our total fraud cases.
Fraudulent applications constitute 3 percent of our total
fraud cases. This involves the unlawful acquisition and use of
another person's identifying information to obtain credit, or
the use of that information to create a fictitious identity to
establish an account.
This requires that the perpetrator possess a great deal of
detailed information about a person and their credit history.
This is why more than 40 percent of the identity theft cases
that we see are committed by someone familiar to the victim,
frequently a family member or someone in a position of intimacy
or trust.
Account takeovers constitute 1 percent of our total fraud
cases. This occurs when someone unlawfully uses another
persons's identifying information to take ownership of an
existing account. This would typically occur by making an
unauthorized change of address followed by a request for what
we call a new product, such as a card, a check, or a PIN
number.
Non-identity theft fraud constitutes the other 96 percent
of our total fraud cases. This type of fraud would include such
events as lost or stolen cards, intercepted cards in the mail,
or counterfeited cards.
During the course of the debate on identity theft and
fraud, critics have alleged that the process known as
prescreening is somehow a major contributor to identity theft
and other types of fraud. This is not the case. In fact,
prescreening is a major underwriting tool that accomplishes
just the opposite.
Prescreened offers have a very low incidence of fraud,
especially when compared with other forms of new account
generation. At Chase, we have 17 million active accounts.
During 2002, prescreened accounts subject to identity theft involved
approximately 600 accounts. Total fraud cases of all types in
2002 numbered about 75,000, which includes the 600 prescreening
cases I just mentioned. Last year, prescreening resulted in 1.6
million new accounts to us out of a total of 4 million new
accounts, or about 40 percent of all of our new accounts.
Why do prescreened cards result in less identity theft?
Prescreened offers of credit come from a pool of consumers
selected from credit bureau files that have already undergone a
verification process. Prescreened credit card offers do not
contain any personal information other than name and address,
and contain none of the other personal information necessary to
apply for credit. Identity thieves do not find prescreened
offers of credit very useful because even if they intercept
one, they have to submit a change of address, which under our
system would trigger an alert and subsequent analysis.
Finally, Mr. Chairman, we recognize that consumers may need
help once they learn of the identity theft or fraud. Once a
problem is identified, this sets in motion a series of consumer
education and assistance as detailed in the two appendices in
my written statement. And I also have with me a list of
recommendations that we take great pride in. This is an
identity theft kit that we mail to all consumers as well as
customers that we determined are victims of identity theft.
Also in the written statement is a list of recommendations
to assist in combating identity theft and assisting victims.
Thank you for considering our views on this issue, and I
look forward to your questions.
Chairman Shelby. Captain Harrison.

STATEMENT OF JOHN M. HARRISON

CAPTAIN, U.S. ARMY (RETIRED)

ROCKY HILL, CONNECTICUT

Mr. Harrison. Thank you very much.
Mr. Chairman, Ranking Member Sarbanes, and Members of the
Committee, I appreciate this opportunity to appear before you
this morning to talk about my experiences as an identity theft
victim. My name is John Harrison. I am 42 years old, a retired
U.S. Army Captain, and I have resided in Rocky Hill,
Connecticut, since my retirement in December 1999. I was, until
recently, employed as a corrugated salesperson in Connecticut.
My introduction to the crime of identity theft began on
November 5, 2001. That is the day I learned that someone had
stolen my identity and had already used my name and Social
Security number to open numerous accounts.
I immediately began taking those steps recommended by the
FTC. On December 12, 2001, Jerry Wayne Phillips was arrested in
Burke County, North Carolina. He was indicted on Federal
charges in Texas. He pled guilty to one count of identity
theft, and is currently serving 41 months in a Federal prison
in Minnesota.
What I learned after that was that Jerry Wayne Phillips had
gained control of my identity when Army officials at Fort
Bragg, North Carolina, issued him an active duty military
identity card in my name and Social Security number. That
happened about a year-and-a-half after my retirement. With that
identity, and at the time I had very good credit, he was able
to open what I have discovered was $260,000 worth of accounts.
There are 61 of them at this point that were opened in my name.
They are accounts of all different types. There are
personal and auto loans, regular credit accounts with credit
card companies, and also stores, checking and savings accounts,
and utility accounts. He bought two trucks through Ford Credit
for $85,000. He bought a motorcycle from Harley-Davidson for
$25,000. He rented a house in Virginia and bought a time-share
in Hilton Head, South Carolina.
It has been 20 months since I found out I was a victim.
Chairman Shelby. How did you find out?
Mr. Harrison. I was called by a police officer in Beaumont,
Texas, who was investigating the Harley-Davidson motorcycle for
Harley-Davidson. He tracked me down through my credit reports
and he could already tell that I was a victim of identity
theft.
And when he called me, he told me and he set me on the
right track. He sent me to the FTC's webpage, told me to
contact the repositories, and he was the one that got me
started on the track to recovery.
As I said, it has been 20 months since I found out about
it. My imposter has been in jail 19 of those months, and there
have been no new accounts opened since he was incarcerated. So
everything that I am dealing with still, to this day, are
accounts that were opened between July and December 2001. I
still have new accounts coming in. The latest was May, last
month. I had a new account that I learned of.
From the first day, I have been very aggressive about
restoring the damage done in my name. I have sought out the
fraudulent accounts, and in most cases I have gotten hold of
them before they were able to get hold of me. I have
encountered a great many difficulties. Two of the repositories
have done what I consider to be a fair job in assisting me and
allowing me to dispute the accounts with them. One of them,
Equifax, quite frankly, almost failed to meet any of the
requirements of the Fair Credit Reporting Act. It took me 11
months and three dispute letters to get my second report from
the Equifax. And when I did get that report, it was a different
report to what they were sending out to all my creditors. There
are fraudulent accounts on both reports and there are good
accounts on both reports. Some are the same and some are
different. So, I cannot even begin to dispute accounts until I
get the report that has the accounts on it. That has been a
difficulty.
Senator Sarbanes. I want to be clear. You asked for your
credit report and they sent you a report that differed from the
credit report they were sending to your creditors?
Mr. Harrison. Completely different, yes, sir.
I had an inkling of that because I had been declined credit
from my bank. I was getting married and I was trying to get a
home equity loan, and I declined was I called my bank and the
loan officer talked to me about some of the accounts that were
on the report. And I was like I am not seeing those. I thought
those accounts were gone. But it turned out that there was a
second report that they have that was different from the one
that I had.
Chairman Shelby. But they did not share that with you?
Mr. Harrison. No, sir. I have since gotten it. Actually, I
was able to get it because one of the things that happens when
an imposter steals your identity and starts using different
addresses and different birth dates, is all that information on
your credit reports changes, because the creditors are the ones
who control your personal information, not you.
So because all that information was different, I look like
the fraudster to Equifax. When I was asking for my credit
report, I was asking for it from Connecticut. What was on my
credit report at the time was an address in North Carolina or
South Carolina. He used 17 different addresses, all of them
made it through my credit reports at one time or another. There
was six different phone numbers. And like I said, even my date
of birth changed on the personal information on my credit
report.
I did want to mention the emotional impact. The emotional
impact from identity theft is embarrassing to me because I have
always been a very strong person. The 20 years that I spent in
the military, it was always noted that I was a person that
worked better under stress. But what you go through as a victim
in trying to clear this up, I mean the repetitiveness of
telling companies over and over again, explaining your story,
sending out all your documentation, having accounts come back.
It would drive anybody nuts. It really will.
In my particular case, about 11 months into this, in
September, I started having some anxiety problems and sleeping
problems. So, I went to my doctor and I got some medicine. And
that seemed to help me out for a few months.
In January 2003, I had a lot of bad things happen. Besides
the identity theft, I had the military trying to garnish my
retirement pay because of one of the debts. And at the same
time, I had my own credit card companies taking adverse actions
against me because of what was in my credit reports. I guess it
just overwhelmed me and it became a real distraction for work.
I went to my boss, explained it to him. I started doing
therapy. The doctor told me I had Post Traumatic Stress
Disorder because my flight or fight got stuck on fight, which
made a lot of sense to me because that is pretty much the way I
felt, like fighting everything. That eventually led to my
termination in April. I was fired from my job. I was a
salesperson. Identity theft almost conflicts 100 percent with
our job as a salesperson because you have to make phone calls,
you have to write letters. You have to deal with rejection. And
it was affecting my performance and I think my bosses felt they
had to let me go because of it.
I have two recommendations that I have made in my written
statement and I would like to bring those up. Especially now,
since I was listening to Mr. Beales and what he was talking
about with the information sharing.
The thing that I would say, one of my recommendations is,
if I want to order my credit report I have to provide my name,
my date of birth, my Social Security number, my current
address, my previous address. And if that is not enough, if
there may be a problem, then they start going through accounts
on me and I have to verify some of the accounts that are on my
credit report. That is what I have to do. What a creditor has
to do is give the Social Security number of the person that is
standing in front of them. The information, there is
information there for them to use, they just are not using it.
They have an application and obviously they have asked this
person to give their address and their telephone number, their
date of birth. But all they are doing is putting in a Social
Security number and they are getting back a FICO score,
probably in a lot of cases not even the credit report to see
the fraud alert. They are just seeing a high number and they
are making a deal.
I really think that if creditors were held to the same
standards we were, if they had to input four or five different
pieces of personal information into the credit bureaus, and if
that information was wrong they got the same message I would
get, that we cannot identify this person and you are not going
to see the credit file,
everything in my situation would not have happened.
The person did not know where I lived. He did not know how
old I was. He did not know anything about me. He just had my
name and Social Security number and a military identity card.
So that would have prevented all of my situation.
The second recommendation that I made in my written
statement, and I am not doing this to get back at the credit
bureaus, but I think that it is a good idea if the credit
bureaus were rated for their proficiency, especially when it
comes to accuracy of credit reports.
My personal opinion is that the credit bureaus, while
publicly they say identity theft is a bad thing, I think they
are making a lot of money. In my situation alone there are over
100 inquiries on my credit reports from these fraudulent
accounts. It is money they would not have made if someone had
not stolen my identity.
Also, the credit monitoring systems, as identity theft gets
more and more out there, I do not think that there is a lot of
monetary incentive to be aggressive about fixing this problem.
If there was a rating system that was released, I think that
accurate credit reports are as important to the creditors and
soon to be insurance companies. And I think that the
competition would help the industry repair itself.
Chairman Shelby. Thank you.
Mr. Pratt.

STATEMENT OF STUART K. PRATT
PRESIDENT AND CHIEF EXECUTIVE OFFICER
CONSUMER DATA INDUSTRY ASSOCIATION

Mr. Pratt. Chairman Shelby, Senator Sarbanes, Members of
the Committee, thank you very much for this opportunity to
appear before you today. For the record, I am Stuart Pratt,
President and CEO of the Consumer Data Industry Association.
And we commend you all for holding this hearing on the crime of
identity theft and its relationship to the Fair Credit
Reporting Act.
Identity theft is an equal opportunity crime that can
affect any of us individually. This crime is particularly
invasive where consumers, consumer reporting agencies, and
creditors are all tasked with untangling the snarl of
fraudulent accounts and information that results from the
criminal's actions. This task can be frustrating, and as we
have heard, time consuming for all concerned.
The Committee has asked us to comment on the crime itself
and on its relationship to the FCRA. In this regard, let me
focus briefly on three points: The first of which is the FCRA
does provide the basic framework of rights and duties that
consumers need in order to be able to work with their credit
histories, in order to have confidence in the credit reporting
system, in order to ensure the data is accurate, and so on.
Second, our members have been at the forefront, however, of
efforts to understand the nature of the crime, and have
established a range of victim assistance procedures, which go
beyond the requirements of any law because there does need to
be some customization, some tailoring of procedures for victims of
identity theft that are different than what you or I might go through
as an average consumer.
Third, consumer education remains, I think, a mainstay,
something that is essential in dealing with identity theft. It
is not the silver bullet that stops the crime, but it is
essential in terms of how we as consumers both try to prevent
the crime from occurring in the first place, and it is also
obviously very important to how we as victims would then deal
with the crime subsequent to being made aware of the fact that
you are, in fact, a victim.
The FCRA is, as I said, an essential framework. It
provides, for example, that consumers are made aware of the
fact that their information was used in an adverse decision.
This, in many cases, will allow the consumer to then call the
toll-free number, order a copy of their file free of charge,
work their way through the process. And in a large percentage
of cases this is easily done, this is quickly done, and this is
done within the prescriptive 30-day period that the FCRA
establishes for consumer reporting agencies.
That is our task, our mission. And that is what we have to
do under the law when it comes to resolving a consumer's
dispute.
Consumers obviously expect their information to be
accurate. We are tasked with that chore, not only because of
what consumers expect, and that is important to us, but also
because that is what our customers expect. They expect accurate
information. In fact, the law itself expects us to be accurate
and we must employ reasonable procedures to assure the maximum
possible accuracy in the file.
Consumers, when they do dispute information on the file,
obviously expect to be notified of the results of the
reinvestigation. They expect to have that opportunity to
comment further on the results of that reinvestigation. And
those are rights that they have under the law today.
We think that framework is in place. I think the goal here
today, certainly for us, is to continue that process of
discussing how this framework works for victims of identity
theft. And to provide a little more context for that, let me just
talk about some of the initiatives that we have undertaken, because
there certainly are instances where the basic framework is not
sufficient. Identity theft is a longitudinal crime that occurs
over a period of time. It is quite a bit different than
burglary or other forms of crimes where I walk up and I see the
empty parking lot, so I know my car is gone. Or I walk up to my
home and I can see my home is burglarized.
So, we have standardized security alerts to make sure that
downstream crime does not occur when an alert is on your file.
And we have standardized the three steps we take for consumers
when they contact us initially.
This year we announced a single call point of entry, so a
consumer has an easier time of notifying all consumer reporting
agencies. The one phone call to any one of the national
agencies results in that same data being transferred to all of
the consumer reporting agencies. Each agency takes the first
three steps for that consumer getting the file disclosure to
the consumer, opting them out of prescreened offers of credit,
putting an alert on the file for the consumer.
We have also used police reports to try to expedite removal
of information from credit reports and we do think that is an
essential step for consumers. They want information off the
file quickly. They would like to have it done once and for all,
I am sure the first time through, no doubt about it.
My time is running out, and what I would like to do is----
Chairman Shelby. I will not let your time run out yet, but
Mr. Harrison brought up some very serious questions that he
experienced himself. I was out of the room for a minute. Can
you address those questions?
Mr. Pratt. Yes, sir, I would be happy to.
Chairman Shelby. He went through a horrible experience.
Mr. Pratt. What I will have to do, Mr. Chairman, is of
course, I suspect, talk with Mr. Harrison a little bit more to
learn more about the details.
What I have heard is that the creditor had different
information than the information that he had in his hands
through the file disclosure. I have to better understand what
that means, or what the circumstances were around that.
Here is what the law says, and here is what should have
happened. The law says we are obligated to disclose all
information about that consumer at the time the consumer makes
the request. That was actually an amendment to the law in 1996,
to make it absolutely clear that we must disclose everything so
that Mr. Harrison does, in fact, have the same information that
a lender would have, so that Mr. Harrison would understand
precisely what was in the file and the lender would have the
very same information.
So, I cannot explain it further than that, but that is what
the law requires. That is what the law always requires, and it
makes sense to all of us in the industry that that is what the
law should require.
In terms of the experiences he has had individually, I have
two reactions to it. I took a lot of notes, because every time
I come to a hearing and hear about an experience, or spend time
visiting with Linda or others, we do learn sometimes about
practices that are not perfect in our industry. One, industries
are big and sometimes they do not get it right with every
single consumer.
I do believe Mr. Harrison's experience is the aberration
rather than the norm because of the incredible effective
criminal that perpetrated the crime against him. This is not as
common in identity theft. But where it does occur, it does take
more time, it is more frustrating, it is harder to pull it all
back.
Lenders certainly have the same challenge that we have and,
of course, concurrent with servicing the consumer who is a
victim, we have to make sure that we are not closing down
accounts that are not otherwise valid accounts, because a
consumer just did not want to pay a bill. So it is a wheat and
chaff process. You are trying to make sure you deal effectively
with every legitimate claim, and at the same time try to deal
effectively with the illegitimate claims.
Thirty-five percent of the consumer relations process that
we deal with through credit bureaus today is tied to something
called credit repair. Credit repair is the process by which a
consumer is either advised or somebody on their behalf simply
disputes every item of information in the file that they would
like to have removed. They do this, in some cases, every 15
days in order to try to beat down an accurate credit report.
And so one of our challenges is to try to make sure that we
are always identifying Mr. Harrison properly, and at the same
time trying to identify where we have a circumstance that might
be credit repair related.
It is not an excuse. I want you to understand the dynamic--
--
Chairman Shelby. But you are not there yet. You have not
solved all that, have you?
Mr. Pratt. We have not solved all of those problems, no,
sir. We are progressively, when you look at our testimony, we
have outlined a whole series of steps we have taken which I
think indicate that we recognize that you cannot look at your
law and say well, the law said this and so we are done. That is
it. We are finished with this. Our job is done if we did it the
way the law required.
We found a lot of things that we needed to change over
time, the most recent of which is this one-call service because
consumers said I do not even know necessarily what all the
credit bureaus are that are out there. It would sure be nice if
I could just call one and know that everybody does the same
thing for me. So that was a new service that we launched for
consumers who are victims of identity theft at the beginning of
this year.
Is that the final word? No, sir, I suspect that is not the
final word. That is the best word I can give you right now, in
terms of where we are.
If I could just outline some things that I think would help
us, one of which is the FTC needs the support to continue
developing the sentinel system. Law enforcement uses the
sentinel system to investigate and to bring together those
cases that can then be worked at the local, municipal, and the
State levels by enforcement agencies at those levels. The
sentinel system is a compilation of data about identity theft
crimes from all over the country. So the FTC needs that
support, and we believe very strongly that is an essential
ongoing element.
I think the FTC needs to receive a lot of support in terms
of continuing to educate consumers. Mr. Harrison received
information that I hope was helpful to him. Obviously, it was
not helpful enough to solve the entirety of the problem for
him, but it was hopefully a good enough stopping-off point.
Groups like Ms. Foley's certainly cannot always address
everything in the marketplace on their own, and the FTC does a
great job of educating consumers.
We need to work toward resolving the multi-jurisdictional
problems we have with this crime. We cannot get consumers to
get
police reports everywhere in this country. If we could, we
could expedite a lot of data removal from files because we
could use the police report to remove data from files today.
That is our initiative today. That is our voluntary standard
today.
We would like to get the fraudulent data off the file once
and for all. We would like to get it off just as much as the
consumer does, and candidly just as much as our lending
customers would, as well, so they are making good lending
decisions and they are saying yes rather than no.
And we would like to ensure that there are national
standards for our reinvestigation processes. It is one of those
provisions of the uniform standards that we are now discussing
here in the larger context. We believe that those national
standards do help us to build databases and build systems that
allow us to effectively serve the consumer wherever they are in
the country.
With that, I will close my remarks. Thank you, Mr.
Chairman.
Chairman Shelby. Ms. Foley.

STATEMENT OF LINDA FOLEY
EXECUTIVE DIRECTOR
IDENTITY THEFT RESOURCE CENTER

Ms. Foley. Thank you very much, Mr. Chairman. My name is
Linda Foley, and I am the Founder and Executive Director of the
Identity Theft Resource Center. We are a nonprofit, national-
based organization. We work with a national clientele and are
based in San Diego.
Sitting behind me, and you might have seen him passing me a
couple of notes already, is our Co-Executive Director, Jay
Foley, who also happens to be my husband.
I found out about identity theft when I became the victim
of identity theft. In the last few years, our program has
grown, unfortunately, due to experiences like John Harrison.
And through learning from John Harrison and many, many other
victims of identity theft. This chair is actually filled with
the 700,000 victims of identity theft this year that we
abstractly represent, that is the number we use--so we have
learned a lot about this crime.
I have provided testimony for the Members. I am not going
to repeat any of it. I trust you will all read it when you have
time. What I would like to address is some of the things that I
have been hearing today.
If anyone in this room thinks they are immune to identity
theft, especially any of the Senators, let me please point out
that you have a book downstairs in the gift shop called the
Capitol Guide. It is a little long book--you even get a $5
phone card in it now--which lists your birth date and your
place of birth. Depending on whether you have an open or closed
access State, I could get your birth certificate without much
effort. From that it is a hop to calling the Social Security
Administration and getting your Social Security number.
Basically, they ask a few questions based on your birth
certificate information. I now have your Social Security
number. With this I now have access to your credit and to your
lives. I can open up credit cards in your names. I happen to
know what States you are from. It probably would not take much
effort to find out an address. With that I can also commit
criminal identity theft in your name.
No one is immune from identity theft from birth, since we
now give Social Security numbers to infants, to beyond death.
In our testimony you will find 20 case histories from our
records that I have itemized, including cases of child identity
theft. It includes a 6-year-old who owes over $60,000,
including almost $5,000 in child arrears to himself, by the
way, and has three DUI's. He cannot even see over the steering
wheel yet. Daddy dearest is an illegal immigrant who, now
divorced from his American wife, must use his child's identity
in order to somehow figure out a way to stay legally here in
the United States.
Last year you all probably read in the New Jersey Star
Ledger, the article of the woman who was contacted by an
insurance company. They wanted information about her husband's
auto accident. Interesting. Her husband had died 10 months
earlier on September 11, on the 80th floor.
Those are some of the more poignant stories.
One of the remarks made today is that John is not the norm.
We get about 40,000 visitors to our website per month. Those
are numbers of people who come and read information, gather
information, and hopefully have enough to go on and work on
their own. ITRC gets about 100 to 150 telephone calls or e-mail
letters each week from people like John who we call extreme
cases.
His is typical of our extreme cases. This is not an
aberration. In fact, we have cases much worse than John's,
unfortunately, that we deal with.
Family identity. Senator Dole, you mentioned that, 40
percent are family oriented. Those are the ones I get. No one
in the office wants to take them because they have to deal
with, ``what do I do?'' Do I turn my mother over to the police?
Would I be a bad child to do that? Am I a bad daughter? Am I a
bad parent if I turn my child over to the police? How do I deal
with this within the family? How do I convince the credit
reporting agencies? How do I convince credit issuers I did not
open up these accounts if I am not willing to file a police
report?
We have a problem in that in many jurisdictions throughout
the United States, the police are still reluctant to take
police reports. California has a law, Penal Code 530.6, which
says that a police report must be taken in the jurisdiction
where the victim lives. That is not true in many cases, and
these victims get bounced from place to place. They live in
Alabama and the crime is occurring in Kentucky. Who is going to
take the police report? Alabama is not going to send someone to
go investigate.
And I will go back to one other thing. A lot of times
victims need these police reports to help clear up the credit
issue. The reality is when I speak with victims, I am trying to
explain to them you may never see an arrest out of this case.
In fact, very few are.
We have talked about penalties several times. Increasing
penalties is important, but we are basically increasing
penalties for all those people who are never arrested, which
could be in excess of 90 percent.
Chairman Shelby. Ms. Foley, the question Senator Sarbanes
has proposed, how do we prevent it, right?
Ms. Foley. Correct.
Chairman Shelby. How do we tighten down on it?
Ms. Foley. I think it comes down to three areas. We need to
stop letting criminals get information by better business
handling. I just finished writing a book on that and we are
talking about it with businesses. Not everything needs to be
legislated. I think a lot of it is common sense. Why are
businesses throwing information in dumpsters behind their
stores that has personal identifying information? Do we really
need to legislate against it? I know we have in Georgia. We
have in California. We have shredding laws now in both of these
States. But must we really tell a business, do not carelessly
throw away a piece of paper that has someone's Social Security
number on it. You would not want that done to you. It is called
the Golden Rule.
I think we need to understand this crime links to other
crimes. We need to consider that if they are going to get the
information, we need to prevent them from being able to use it
as readily as they do. I have provided for Senator Sarbanes'
benefit as well as all of yours, almost 20 recommendations for
laws that I think are necessary and that we need to see. I
would like to see them on a national basis. We have seen more
flurry of activity and talk at the Federal level in the last
few months since we have been talking about FCRA than we have
in the last 6 years since I have been a victim of identity
theft. Yet, I see very few laws being passed.
Senator Feinstein has a bill, S. 1399, which has been
around since 2000. It is a mandatory observation of fraud
alerts. The credit reporting agencies do allow us to put a
fraud alert on their credit reports. There is no law that says
that a credit grantor must honor it, however. We have victim
after victim who says, ``I put a fraud alert on my credit
report. I even sent a letter in to them asking for the 7-year
alert,'' because they have been gracious enough to do this
without being Federally mandated to do so. But the credit
issuers are not observing them.
Someone mentioned the movie ``The Net.'' I happen to be
partial to the movie ``Class Action,'' an old Gene Hackman
movie. It is more financially beneficial to these companies to
ignore those fraud alerts and to quickly get the money, to open
up the line of credit within 30 seconds--our microwave
society--than it is to take the time to call and verify that
application.
We just recently got cell phones. We have fraud alerts,
both of us. That fraud alert took an extra 10 minutes for us to
get that cell phone. That is all it took, one phone call. My
husband, he got it--and if we had had our cell phones already
we could have had them just call the cell phone and I would
have waved at the car dealer across the table from me and said,
hi, this is me. Yes, go ahead and approve the application. It
is as simple as that.
You asked about our position regarding FCRA and the
preemptions and the sunsetting. I think I would like to
summarize it in a couple of ways. Yes, there is a need for
strong national laws. There is no question about it. However,
the framers of our Constitution said this is a framework. The
FCRA was devised as a framework for privacy as well as ways
information is being handled. It was never supposed to deal
with every single issue.
If you are asking us to say, shall we go ahead and renew
the preemptions, without having the laws already in place that
are going to resolve all of the problems that you are all
talking about already, how can we do that without knowing
whether it is going to take care of the problem? Will we need
to rely on the States, who are more responsive at this moment
and have passed more laws, and have been dealing with the issue
on a continual basis in many cases? We do come from California.
Unfortunately, we do have the most number of victims. But we
have also passed a great number of laws. We also have high
population groups which attract these criminals.
We are going to take a position right now which is--we want
to see what these laws are that you are going to pass, and that
are going to get signed and put into action. To discuss
preemptions in FCRA--we are not talking about renewing the
whole FCRA but just those seven areas of preemption right now--
is premature. How can we say that we do not want affiliate
sharing? How can we talk about any of these other areas when we
do not know how the laws are going to deal with it?
We have another problem. If we have a Federal law about
identity theft, then why did we have to pass laws in every
State? It is because local law enforcement, local jurisdictions
need some latitude for them to be able to prosecute as well. So
if we are going to create national laws, we need to also keep
in mind that we have to be able to enable local law enforcement
and local district attorneys to be able to work with the
Federal system. Otherwise you are going to have every U.S.
Marshal, every U.S. Attorney, and probably half the Army, the
Navy, and the Marine Corps working to investigate identity
theft and prosecute. We do not have the staff to do it all on
the Federal level. We have to expand that all.
I do have a couple of questions, first Stuart, please. I
know that you have the one-call shop now. I also know that we
have a problem because each of the credit reporting agencies
have different standards of information that they ask for on
their automated systems or through their live person, in one
case. How have you resolved that? Have you finally come to an
agreement on what data is going to be needed, or if I call
Equifax are they going to ask for one set of information and
then Experian may contact me later on and ask me for a couple
more pieces of information before they send my credit report?
Chairman Shelby. We generally do not let our panelists ask
questions.
[Laughter.]
Ms. Foley. Sorry.
Chairman Shelby. Except that was a good question.
Ms. Foley. It is a problem we are hearing about.
Chairman Shelby. Why don't we finish the panel before we--
--
Ms. Foley. I would appreciate that.
Chairman Shelby. We are going to go to Mr. Hough.

STATEMENT OF WILLIAM HOUGH
VICE PRESIDENT OF CREDIT SERVICES
THE NEIMAN MARCUS GROUP
ON BEHALF OF THE
NATIONAL RETAIL FEDERATION

Mr. Hough. Thank you, Mr. Chairman. Good afternoon. My name
is Bill Hough and I am Vice President of Credit Services for
The Neiman Marcus Group. I am testifying today on behalf of the
National Retail Federation. I would like to thank Chairman
Shelby and Ranking Member Sarbanes for providing me with the
opportunity to testify about the growing problem of identity
theft and the steps that Neiman Marcus, like so many other
members of the retail community, is taking to curb our losses
and protect our customers from these crimes.
By way of background, The Neiman Marcus Group is head-
quartered in Dallas, Texas, and it is comprised of two
operating segments, Special Retail, which includes the Neiman
Marcus stores and the Bergdorf Goodman stores, and Direct
Marketing, which includes the catalogue and online operations
of our Neiman Marcus, Horshow, and Chef 's brands. We issue our
proprietary credit cards under the Neiman Marcus and Bergdorf
Goodman names.
In fiscal 2001, Neiman's reached the high-water mark for
identity theft related losses with over 520 cases representing
a total expense of $1.3 million. In the past 2 years, we have
experienced a decline of 70 percent in the number of identify
fraud cases with less than 150 cases projected for the current
year. It is important to note that other fraud related cases
such as lost or stolen credit cards have remained constant over
the last couple years.
Mr. Chairman, instant credit applications represent about
85 percent of all accounts open at Neiman Marcus. These are
handled at the point of sale. In order to cut down on fraud and
identity theft during the application process, Neiman's
developed a custom fraud detection model that analyzes certain
specific attributes of every credit application. This system
isolates certain variables on an application and double-checks
them against information found on the applicant's credit
report. Where discrepancies and inconsistencies occur, the
model sends the application to our credit department for
review. Clearly, the model has worked well for us over the last
couple years. This year we know we have prevented about 800
fraudulent accounts from being opened.
Occasionally, we are able to definitively detect an
attempted fraud and arrest an identity thief in the store. This
usually occurs if our credit office, after being alerted during
the application process, can quickly get in touch with the
victim. We will then ask them if they want to pursue an arrest
of the person attempting to open the account in their name. If
they agree, we will detain the suspect and contact the police.
We have had 33 such arrests this year and 80 last year.
Currently, Neiman Marcus Direct, our catalogue division,
and our stores send out 15,000 packages a day delivering items
to customers. By using customer information-sharing, we were
able to develop an address delivery cross-check within our
Delivery Manifest system. What that does is it double-checks
against any negative
addresses that may be out there to detect possible bad
deliveries. Additionally, we have edits in place to identify
unusual buying patterns that may be forwarding merchandise to
certain addresses multiple times. These controls have stopped
about 500 fraudulent shipments in the last year.
Neiman's also does special edits to focus on the hottest
selling merchandise. In fact, a savvy salesclerk in our Neiman
Marcus White Plains store helped expose one of the largest
identity theft rings in U.S. history involving a former
employee of Teledata and over 30,000 stolen credit reports from
the three major bureaus. The incident began when a woman called
in an order for $6,000 in trendy shoes to the White Plains
store. She told the salesclerk she did not care what size the
shoes were and where they were to be shipped. The salesclerk
realized this was suspicious, notified our Loss Prevention
department. They, in turn, set up a controlled delivery with
local law enforcement and the postal authorities.
Mr. Chairman, I would like to be able to tell you that
Neiman's has prevented 100 percent of all fraudulent credit
applications this year, but I cannot. Successful identity
thieves still slip by our systems at the rate of 7 for every
10,000 applications processed--less than one-tenth of 1
percent. This, in my view, is not the result of a flawed
system, but the result of determined criminals with
sophisticated tools like computers and the Internet. The most
successful identity thieves know how to replicate an
individual's identity perfectly. They also know how to get a
hold of what I would call perfectly identifiable pieces of
information which may be a driver's license or a counterfeit
credit card.
For these types of criminals there is very little else we
can do to detect and prevent the crime, and retailers, like
other businesses, are looking to the States and the Federal
Government to begin producing the most secure identity
documents possible.
The need for tougher law enforcement statutes is also
critical. While we will arrest approximately 250 perpetrators
of fraud this year, many of these criminals are out on the
street the next day with a slap on the wrist. Identity thieves
are treated as a harmless pickpocket instead of a serious
criminal who has created havoc for an innocent victim. These
people, especially those that become multiple offenders, must
face stiffer sentences if we are going to stop this type of
crime.
Further, identity thieves thrive on anonymity and rely on
the assumption that large retailers such as Neiman's cannot put
a name and face together in order to prevent fraud. This is why
it is so important for retailers to know their customers, and
why it is so important that we have to do this by the efficient
use of information. Information flows between Credit Services
and the bureaus, or between Retail Divisions and Marketing
Divisions, combined with sophisticated technology and scoring
models, cut down on fraud and allow us to offer better customer
service.
In conclusion, if there was one thing I want to point out
as I leave, it is oftentimes our efforts to provide customer
service have led to new mechanisms by which we do stop fraud.
Identity theft is a crime with at least two victims: The
individual whose identity was stolen and the business from
which money and merchandise was stolen. Clearly, it is the
individual victim that is most directly hurt. But if identity
theft crimes continue to rise at the rate reported by the FTC,
all consumers will ultimately pay as much of these business
losses are passed back to the consumer.
Mr. Chairman, I ask that Congress think carefully before
blocking information flows or constraining businesses to
specific prevention techniques or responses. We, in business,
must continue to have the leeway to innovate to respond to
constantly changing variables. Criminals always find a way and
we need to maintain the ability to find a response. I thank you
for your time.
Chairman Shelby. Mr. Naylor.

STATEMENT OF MICHAEL W. NAYLOR
DIRECTOR OF ADVOCACY, AARP

Mr. Naylor. Thank you, Mr. Chairman, Senator Sarbanes, and
other Members of the Committee. I am the last batter in the
bottom of the ninth and I can feel the palpable hope in this
room that I will pop up on the first pitch. So let met at
least----
Senator Sarbanes. Or hit a home run.
Chairman Shelby. The bases are loaded.
[Laughter.]
Mr. Naylor. Let me just, in a fragmentary way, touch the
high points here.
First of all, I am new to the position at AARP and I hope
that if there is anything we can do on this issue, or any other
issue, to help you with your important responsibilities, you
will not hesitate to call on us.
Second, I enjoyed Senator Bennett's asides with regard to
some of the popular culture forays in Hollywood and others into
this issue. You might want to add to that, Senator, the New
Yorker cartoon from about 2 months ago where a man is
disconsolately telling his friend, my wife ran away with the
guy who stole my identity, which is maybe a problem that has
not surfaced yet.
At AARP, we suspect that our members may be more prone to
be victimized by these crimes than others. They control more of
the Nation's wealth. They have a longer credit history, which
permits more forms of access. Many of them are in the position
where caretakers, custodians, or family members could take
advantage of them. It is difficult for us to confirm that
though from existing files. The best database is maintained by
the FTC, the complainants database, which shows us no more
likely, our members no more likely than others. But there are
some problems with that.
Number one, to get into that database you have to be a
complainant. Our long experience is that older Americans are
less likely to complain to a Federal agency than others.
Number two, you have to offer your name. About 30 percent
of complainants--not name, age. About 30 percent of
complainants do not offer their age. Both from our experience
and the lighthearted remarks by the Chairman and by Senator
Schumer earlier would confirm that it is the case that once you
get into AARP territory you are less likely to volunteer your
age as well. So, we are trying to address that issue.
Despite those biases, or omissions which under-report the
experience of senior Americans as victims, still that database
shows us that there are six specific identity theft crimes
where older Americans are statistically more likely to be the
victim of a crime. Number one, these are, the use of a victim's
existing credit card account. Number two, the establishment of
a new credit card account in the victim's name. Number three,
the opening of a wireless telephone account in the victim's
name. Number four, the use of a victim's information to commit
credit fraud. Number five, the taking out of a personal or
business loan in the victim's name. And number six, the theft
of a victim's identifying information and then the use of it in
attempts to commit fraud.
There were some questions about solutions. Frankly, so far
the AARP has spent more time in terms of trying to make its
members aware of what is going on, and provide them practical
information about how to avoid identity theft, and how to deal
with it when it occurs. But we are beginning to inventory some
possible solutions. While I cannot endorse them fully, I think
there are things that we will continue to explore and we hope
that the Committee will take that into account. Some of them
include, Senator Sarbanes, first, the ability to get a free
credit report once a year. That is something that we will
support, and my enthusiasm for it grew with every question you
asked Mr. Beales, so we would like to press ahead on that
count.
Second, I do not know if we are in favor of hanging either
pickpockets or identity thieves, but looking at the statute of
limitations in this regard I think is important. It may not
fall under the jurisdiction of this Committee, but it is
essentially 2 years. The way the courts have interpreted it,
that statute starts ticking from the date of the event. Now
maybe that makes sense where someone walks up to you, sticks a
gun in your ribs and relieves you of your wallet. As Mr.
Harrison's case explains, it could take weeks, months, even
years in many cases before you know that the crime has
occurred. So having the statute of limitations start ticking
from the discovery of the purported crime as opposed to the
date of the alleged crime would make a lot more sense in this
regard.
Third, Mr. Harrison's commentary did it a lot more
graphically than I can, but we are also very sensitive to the
notion that, in general, it is much harder for almost anyone
other than you yourself to get a copy of your credit report.
You have to provide much more information to find out your
credit report than almost anyone else, and it generally costs
you more to get it. Something that addresses that issue I think
is well within the realm of things this Committee could do.
I do not know, maybe that was a scratch single, but the
inning is over and thank you very much.
Chairman Shelby. Thank you very much, Mr. Naylor. I will
try to be as quick as I can.
Captain Harrison, we heard your story here and I think it
is compelling. Things still worked out terribly. Would you say
that, at a minimum, Congress has a responsibility to take steps
to help future victims like yourself ?
Mr. Harrison. Absolutely, sir. I do.
Chairman Shelby. Ms. Foley, I am going to let him answer
your question on somebody else's time.
Ms. Foley. He does it all the time.
Chairman Shelby. Ms. Foley, we have heard testimony that
the credit card companies employ numerous antifraud measures. I
think this is definitely positive. However, the larger question
does not bear on how much they do, it relates to how successful
they are in this undertaking. Who is ahead of whom here, the
people who commit fraud or the credit card companies, in your
judgment?
Ms. Foley. The criminals are always ahead. This is an
evolving, changing crime. They are, at least, several years
ahead of us on the learning curve. There is no question about
that. I think that if credit issuers would start to accept some
of the business solutions that are out there as far as
verification of the application, applications can be verified
in 30 seconds. We are, again, that microwave society. People
want it done quickly.
But I have seen credit applications where only half the
information is filled in. I know part of the problem Stuart is
having and some of what you were talking about is--we have all
done it. We have filled out an application halfway because we
wanted the free gift that they were giving. What do the credit
reporting agencies do with that information? It doesn't quite
match anybody's real credit report. They do the best match
possible. That is where some of what we call those suppressed
files come from, which is where there is some inaccurate
information that they do not know where to put it. Does it go
to your credit report, my credit report, Senator Sarbanes'
credit report. They do not know.
Chairman Shelby. Mr. Pratt and Mr. Cunningham, I will
direct this question to you. How does someone open 61 accounts
in light of the precautions that the credit card companies and
the credit bureaus take?
Mr. Pratt, how do they do it?
Mr. Pratt. Apparently they are good criminals in terms of
what they do. I do not mean that flippantly----
Chairman Shelby. I know that.
Mr. Pratt. --but there are some who are very good at it.
Chairman Shelby. It is a very serious question.
Mr. Pratt. Precisely. I think the short answer is, we do
not know how often that criminal--and Ms. Foley references
something that is a challenge. When data comes into the credit
reporting system, we cannot cross-check a Social Security
number against a name, against the Social Security
Administration's database. There are lots of good reasons why
the private sector does not have access to that database. But
that data comes in, so there may be a credit
report under a different name but the same Social and a
different address. There may be actually accounts opening up on
several different reports, so they are actually not being
opened up solely on a single report.
Chairman Shelby. Shouldn't that trigger something, maybe a
watch or caution, a little yellow light there?
Mr. Pratt. Only if there is something connected together in
all of that would there be some caution flag, if you will, that
would come up in all of that for a lender, for example. But
today, to give you some idea of the scale of change in the
database, 40 million consumers are moving every year so it is
difficult to say an address change alone is enough. We have 3
million marriages and divorces, a majority of those end up with
a change in your last name. We have about 6 million consumers
with a second home in this country. That again results in a
second address on your file. We have tens of millions of
consumers in this country that use one of their credit cards
for billing purposes at work, so they have a work address
associated with their personal information.
Managing 200 million files and 2 billion data elements----
Chairman Shelby. You are not saying that is impossible, are
you? You are in the business.
Mr. Pratt. I suppose with enough time and money, anything
is possible, Senator. But I just wanted to set the context here
because sometimes we react viscerally to this and we go, how
could you not have seen that? The answer is, in some cases,
because we are managing an extraordinarily large volume of
data, so the pattern that you and I see here today, this seems
very obvious something was happening, is not nearly as obvious
in the large-scale sense when you are building a nationwide
system.
Chairman Shelby. Ms. Foley wants to respond.
Ms. Foley. My understanding is that the repositories are
not in the business of looking for these alerts. They are not
sitting there looking to see, have 61 applications come through
in the last month. That is the job of the lenders.
Unfortunately, the lenders do not see the full credit reports
in most cases. They get a score. They say, gee, this person
seems to have a good credit status. Let's go ahead and give
them a credit card. Or in John's case, his score went down. It
varies from credit report to credit by 150 points.
Chairman Shelby. Mr. Pratt, I do not want proprietary
information, but your people get a lot of money to manage this
information.
Mr. Pratt. It is a successful business, yes, sir.
Chairman Shelby. It is a successful business. We know that.
Captain Harrison, again, of the 61 fraudulent accounts that
were opened on your file, how many creditors sought to pursue
criminal sanctions against Mr. Phillips?
Mr. Harrison. The only one I know of is Harley-Davidson. A
lot of them that I talked to, especially after he was caught, I
let them know who the guy was, what his name was, what jail he
was in. Even the timeshare in South Carolina, which was $21,000
said, we are not going to go after the guy. It does not make
sense for us to press any charges against him.
Chairman Shelby. We have some very patient Senators here
but I want to get in one more question if I can. This would be
to Mr. Pratt, Mr. Cunningham, and Mr. Hough. Do you think
consumers should be able to take steps to protect themselves
against identity theft? It is what we are talking about. If
they want to take measures but those measures may have
consequences that bear on the availability of credit, who do
you think is best able to gauge those consequences, the
companies you represent or the consumers themselves? Go ahead.
You all first and then Ms. Foley.
Mr. Pratt. Our reaction is, of course, we all should know
how best to protect ourselves, and I think there are a lot of
different ways to do that. Some are voluntary. If you believe
you have been a victim of a crime and you are concerned, we
will put a security alert on your file. That is a protective
measure. It will work downstream to alert subsequent users of
the fact that something has happened to the file. So in that
case, yes, sir, we think that is a good step. But there is a
consequence to that. I have actually had consumers complain to
me that the alerts worked too well. That is the flip side of it
as well, I guess.
Chairman Shelby. I do not believe they are working too
well.
Mr. Pratt. I can respond to that, actually, if I may. That
is, we have looked at 5,500 credit reports recently with
security alerts on them because of the concerns that have been
raised about how ineffective they may be or how often there
might be a problem. We looked at those files in terms of how
many of those files had, after the alert was added, additional
activity, meaning new accounts, how many did not, and then how
many went through a reinvestigation, which would be our best
indication that a consumer had said, I have to pick up the
phone, I have to dispute something, something is wrong with
that file.
Less than one-half of 1 percent of all of those 5,500 files
had a subsequent reinvestigation after the alert was added to
the file. So that was our first look at this question because
we were concerned about alerts on the file and whether or not
they worked properly. That gives us one barometer which is,
there is a very, very low rate of dispute, even when the alert
has been on the file as much as 12 months, and even when a file
with an alert has had credit activity subsequent to the alert
being placed.
Chairman Shelby. Ms. Foley, do you want to respond?
Ms. Foley. There should not be any activity once an alert
has been placed, at all. If I say, I want to be called every
time an application is submitted in my name, I should have that
right. That prevents me from having to purchase a credit
monitoring service for $79.95. It also prevents me from having
to reorder credit reports over again at a cost of $8 each in
order to do that, and to see what is going on. And I do not
have to wait 12 to 15 months to find out if I am a victim yet
again.
There is a trade-off with a fraud alert. I did it with the
exact knowledge that this was going to slow down the issuance
procedures and process. I am a victim of identity theft. Take 2
or 3 days, or take a week to grant me credit, please. Just do
not grant it to my imposter again.
Mr. Pratt. To be clear, Mr. Chairman, I think that the file
activity that we see with new accounts is, in fact, tied to the
fact that some consumers who are victims continue to have a
need for credit and apply for credit, and they go through the
process and the verification takes place, including the kind of
reverification--and in other cases consumers are inactive, and
they do remain inactive and that is their choice in the
marketplace, and that is why some files have activity and some
do not. In all of those cases, less than one-half of 1 percent
ever had an additional reinvestigation, even as long as 12
months after the initial alert was placed on the file.
Chairman Shelby. Senator, thank you for your indulgence.
Senator Sarbanes. Thank you. Mr. Chairman. I will be brief.
I just want to try to clear away a few things that may appear
somewhat minor, but let me see if I can get it settled. Is
there any one at the table who would be opposed to a
requirement that people be able to get their credit report free
at least once a year?
Ms. Foley. I have no objection. In fact, I would encourage
it.
Mr. Hough. I do not know what the overall expense or impact
it would be to the credit bureaus, but I think the information
is valuable if the person can get to it.
Senator Sarbanes. Everyone is supportive.
Mr. Pratt. No, sir, we are not.
Senator Sarbanes. You are not supportive. Why not?
Mr. Pratt. We are supportive of access. The 1996 Amendments
provided what we thought was the right balance for access.
Consumers who suspect fraud can get access to a free file. If
you are unemployed and seeking employment, if you are on public
assistance and you wish to have your file, or if you have been
declined
credit, if you are potentially going to have adverse action
taken under employment circumstances, you have access. The 1996
Amendments created a much larger set of what we thought were
discrete populations of consumers with a higher level of need
where you would not want the price to be an impediment.
Senator Sarbanes. So, you do not think that I should be
able to get a credit report free once a year?
Mr. Pratt. We think your right of access is unquestioned.
The fee that we are getting right now is not to create a
revenue stream for us but just to offset the administrative
expense.
Senator Sarbanes. Now, Maryland requires you to give me a
free credit report every year, correct?
Mr. Pratt. Yes, sir, absolutely.
Senator Sarbanes. So, I can get it.
Mr. Pratt. Yes, sir.
Chairman Shelby. I cannot.
Senator Sarbanes. Would you be in favor of dropping the
preemption requirements in this statute?
Mr. Pratt. We hope that that is not what we are moving
toward here in the deliberative debate, but I would be happy to
share with you the one risk that----
Senator Sarbanes. It is related to the substantive
standards of protection for the consumer, is it not?
Mr. Pratt. We believe access is certainly related to the
substantive standards.
May I have a minute to just try and lay out at least one of
the reasons for our concern, sir? That would be, for example,
we have talked a little bit about security breaches. Credit
bureaus right now are much more exposed--one of our reasons for
concerns with free files has to do not so much with a principle
of cost, if you will, but with a reality in the business world.
That is, for example, when TriWest had its hard drives stolen
in Arizona, which was a medical provider for the military, at
least a health care service provider, TriWest sent out a letter
to the 500,000 families. Of the 500,000 families, at least
365,000 of them responded, calling the credit bureaus asking
for various services, which the credit bureaus provided 100
percent free of charge for every one of those security breach
victims.
The same thing happened with 200,000 in California. There
was a DPI case recently with 8 million potential breaches of
account numbers; 50,000 consumers at the University of Texas.
Our concern is that in some ways credit bureaus are now
being asked to bear the burden of someone else's failure to
protect their information in the marketplace. That really is
the issue of unfairness that concerns us most. It makes it
almost impossible for us to manage our consumer relations
process for all the average consumers who are calling us every
day. In fact with the TriWest case, each of the credit bureaus
incurred approximately $1.5 million worth of cost even though
they had no involvement, even though it was not credit bureau
data, and even though the TriWest company is not, in fact, even
a customer of the credit bureaus.
So our concern with that is that it is exposing us to a
different level of risk in the marketplace.
Senator Sarbanes. Mr. Pratt, do you favor changing the
statute of limitations? The statute of limitations now is that
a victim must bring legal action under the existing statute of
limitations from 2 years after occurrence of the fraud. Do you
support that standard or would you be in favor of changing it
as has been suggested here this morning?
Mr. Pratt. We have been involved, certainly in the last
Congress and I suspect heading into this Congress as well, in a
constructive discussion with Senator Cantwell's staff. You will
see in that bill a proposal which is much closer to one we feel
we could work with.
Senator Sarbanes. Which is what?
Mr. Pratt. Well, it establishes a different time mechanism
for an identity theft victim versus the average consumer in the
marketplace because there may be unique circumstances for
identity theft victims.
Senator Sarbanes. What is your time frame for the identity
theft victim?
Mr. Pratt. The time frame that Senator Cantwell was
proposing was, I think it was a 3- or 4-year standard rather
than a 2-year standard.
Senator Sarbanes. From when?
Mr. Pratt. From the date the event occurred.
I would like to clarify, however, that unlike many other--
--
Senator Sarbanes. On the one hand, you will not let me get
a free credit report, and on the other hand you put me into a
statute of limitations framework which is when the event
occurred, not when I found out about the event.
Mr. Pratt. Could I clarify that, Mr. Chairman?
Actually, the triggering of your liability for a credit
report is when you are harmed, not when I put the data in the
file. I could have data in the file that is inaccurate for 3
years, but the date of the event that gave rise to your harm is
the date that the credit report was produced and you were
declined or otherwise harmed. So, you often learn about the
event, meaning your harm, through the adverse action notice.
Senator Sarbanes. Do you always learn about it?
Mr. Pratt. The world is not perfect, sir, but our belief is
that because of the way the consumer----
Senator Sarbanes. Who should the burden be upon to make the
world more perfect in this regard--the lonely consumer or the
business network that is engaged in these practices?
Mr. Pratt. In our review of case law, a very small
percentage ever deal with the statute of limitations. Consumers
appear to be successful in bringing cases. They do bring cases
every year, and certainly litigation has ensued since the 1996
Amendments.
Senator Sarbanes. I take it one of the AARP's lead
recommendations is on the statute of limitations. Is that
correct, Mr. Naylor?
Mr. Naylor. That is correct, Senator.
Senator Sarbanes. Mr. Cunningham, what is your view on this
free report once a year?
Mr. Cunningham. I believe that it is a question that should
be answered by the credit bureaus more than by myself. I am not
necessarily in a position to say whether or not it is the right
thing to do economically or not.
Senator Sarbanes. Mr. Chairman, I have another question.
Chairman Shelby. You go ahead.
Senator Sarbanes. Just a week ago in the American Banker
there was an article, ``Setting New Policies To Catch Identify
Thieves.'' It reports that starting July 1 all businesses in
California will have to tell customers when the security of
their personal information has been breached. If a bank
suspects that someone could have stolen a Social Security
number, a driver's license, or bank account numbers, it must
inform the customer. Is there anyone at the table who feels it
is undesirable to enact such a law
nationally?
Ms. Foley. We supported, Senator, a piece in that bill. But
I would like to see it expand, and not that it just be limited
to computer information but any information breach because of
the dumpster diving issue as well.
Senator Sarbanes. Anyone else who might oppose that?
Mr. Pratt. Maybe there is just a policy question and that
is to make sure that if a law like that were to be considered
you would want to make sure that you did not have a cry wolf
event. You would want to make sure that there were measurements
in place to ensure that there was a real breach and that there
was a real extraction of data because otherwise consumers will
be flooded with notices because of the requirement of the law
and that might be ineffective as well. So the key would be that
you would need to balance the requirements such that breach
notices would occur when there appears to be a real substantive
material reason to have that breach notice delivered. I think
that is just reasonable in terms of how a law like that would
operate.
Ms. Foley. That was built into the law when it was passed.
Chairman Shelby. Senator Bennett.
Senator Sarbanes. Thank you, Mr. Chairman.
Senator Bennett. One of the things we live with in this
world are pop-ups and advertisements on the Internet all the
time. One that, at least shows up on my computer a lot, is
click here for a free credit report. Can we reconcile that with
this conversation? What do I get if I click that? I have never
done it. Frankly, I have an irrational fear that doing so would
somehow compromise my identity and that somebody is after me.
So, I never click there for a free credit report. What do you
get when you do that?
Ms. Foley. You will be charged $79.95 after a 3-month trial
period of a credit monitoring service.
Senator Bennett. But I would get a free credit report and
then I would, after 3 months, be able to say, I do not want to
spend the $79.95?
Ms. Foley. Correct. But they are also working on the idea
that most of us do look at these free offers. We go for our
free 3 months of trial and then we forget to discontinue.
Senator Bennett. In other words, a free report can be
supplied pretty quickly if somebody asks for it. Now there is
an economic reason to say, we will give it to you as a teaser
to get you to sign up for something else, and I will not
discuss whether the something else is wise or not wise, whether
it is good business or bad business, or an improper offering to
a customer. I think the customer should make that decision.
Ms. Foley. Excuse me, Senator Bennett, here is one other
problem with that free pop-up. We do not know if it is a
legitimate offer or if it is a scam fraud or it is trying to
mine information from you.
Senator Bennett. I understand that. That is why I do not
click on them because I do not want to see my credit report
because
everything is going fine. Now, I have been, I will not say a
victim of identity theft by any means on the scale that Captain
Harrison has suffered, but I have had some really tough
conversations with some lenders that told me that I had filed
for bankruptcy and I had had default on major property, none of
which I had owned, and all of the rest of this. And it was not
fun to try to get it straightened out. They finally figured out
there was another Robert Bennett and it was not me.
My daughter has had a fairly serious experience with
identity theft. Again, nowhere near the level that Captain
Harrison has, but I am sympathetic with this statute of
limitation thing because years later she keeps running into
problems even after she long since had thought she had gotten
it all cleaned up. Every once in awhile something pops up and,
gee, I have to deal with this. It has been 3 years since my
wallet was stolen.
Captain Harrison, do you have any idea how they got your
military identity card? That is the breach that caused this
whole thing. It was not dumpster dipping or the stealing of
mail. They went to a military installation and here is a fellow
who has received an honorable discharge and years after you
have left the military they walk away with your identity card.
How did they do that?
Mr. Harrison. He had my name and Social Security number. I
do not know exactly how he got it because I cannot get access
to the investigation under the Freedom of Information Act
unless I get his permission, the imposter, to release that
information. But it is not difficult to get a name and a Social
Security number from someone in the military. Those two things
are on almost every piece of paper I have ever filled out in
the military, because your Social Security number is also your
service number.
Senator Bennett. The Senate identity card I carry has my
Social Security number on it, and my driver's license has my
Social Security number on it. When I was running a business and
we would assign customer numbers, the fellow who ran our IT
program came to me after a little while and he said, we have to
stop using the company-generated customer numbers. I said, why,
and he said, they are far too cumbersome. Let's go to industry
standard and ask everybody for their Social Security number,
and we did.
People would open an account with us and we would say,
name, Social Security number. They would give us the Social
Security number, and that was the whole database of the
company. Whether we like it or not, the Social Security number
has become the national identity number that is in so many
databases right now that I shudder to think of what it would
cost if suddenly everybody had to come up with a new number. So
yes, your Social Security number was your service number. I
remember I had to memorize it when I was in the Army in the
1950's. I cannot tell it to you now but I can tell you my
Social Security number.
The control in the military is so lax that they would give
out to somebody a military identity card for somebody who has
retired? I think we should hold a hearing with the Armed
Services and say, what are you doing here when you are this lax
with something of that kind.
Mr. Harrison. I believe that the person that issued the
card was in on it. I believe that. I spoke with the Secret
Service agent that did this and no one else was arrested. But
my name and my Social Security number was used. They changed my
date of birth on the identity card. They changed the color of
my eyes, my hair, my height, and my weight.
Senator Bennett. That makes sense.
Mr. Cunningham. You cannot do that unless----
Senator Bennett. That makes sense if the fellow or young
lady who delivered the military identity was part of the
conspiracy. That is beyond the jurisdiction of this Committee,
but that might be another criminal activity that might be
considered. Yes, the fellow who bought the Harley-Davidson went
to jail, but the person who aided and abetted probably should
in some manner be considered a co-conspirator and just as
liable.
You talk about family identity theft. Internal to the
military or whatever, that is a form of family theft. We should
take a long look at spreading the pain around if somebody aids
and abets, and it is not just the criminal that goes to jail.
Thank you very much for the hearing, Mr. Chairman. I think
this has been very helpful.
Chairman Shelby. Thank you, Senator Bennett.
Ms. Foley, out of fairness, you did ask him a question.
Everybody has had their time, so quickly, what was the
question, and quickly I hope he will answer it.
Ms. Foley. We have the one-stop-shop now. Have we resolved
the problem that the three different repositories want
different types of information in order to get your credit
reports, and that, in some cases, I can get it out of two but
not the third because each one of them has different
information and maybe the third one has the imposter's address
instead of my address and now the computer system would not
tilt.
Mr. Pratt. The data exchange has a standard set of data and
they all agreed on what data elements would have to be provided
so it could go to each company and each company would use the
same data elements to pull the file. That is the data exchange
part of it. There is no doubt each company still has an
individual obligation to make sure the data matches with a file
so they can release a file and they can comply with the law and
properly identify the consumer.
So, yes, there might be an instance where the data cannot
be matched properly within an individual company, but the data
is standard and the data standard is transferred between each
of the companies.
Chairman Shelby. Captain Harrison, you are the victim here,
and a horrible victim. What is your last word to us?
Mr. Harrison. I guess I will make my last word about the
Fair Credit Reporting Act. I said this before when I was before
the State legislature in Connecticut. I think the intent of the
Fair Credit
Reporting Act is very good and I understand it, and I think
that everybody that put it together understands it. It makes a
lot of sense.
Chairman Shelby. It works well in a lot of ways.
Mr. Harrison. It works well in a lot of ways. I think the
problem that I have encountered is that a lot of people are not
obeying the intent. They are only obeying the word. Everything
that says may might as well say, do not do it. That is why this
thing is so difficult. People are not understanding the intent.
I really think that has to be firmed up. Less of the intent
taken out and more of the, you have to do this put in it.
Chairman Shelby. Thank you very much.
I thank all of you. It has been a long morning.
The hearing is adjourned.
[Whereupon, at 1:04 p.m., the hearing was adjourned.]
[Prepared statements and responses to written questions
supplied for the record follow:]

PREPARED STATEMENT OF SENATOR MICHAEL B. ENZI

Thank you Mr. Chairman for holding this hearing.
Identity theft is a very serious issue that affects not only
individuals, but also our economy as a whole. As the fastest growing
crime in America, it is not neatly confined to one State or county. And
that is the problem with identity theft. People from every corner of
the country can and do become victims of this invasive crime.
Even small States like Wyoming are adversely affected. Although
there are only 493,000 people in Wyoming, we have the same rate of
identity theft per capita as anywhere else in the country. That is why
we have to approach this issue from a holistic perspective. We have to
look at prevention, enforcement, and assistance to victims who are
recovering from identity theft.
Last year, I cosponsored a bill with Senator Cantwell that focused
on the recovery part of the issue. Our bill would have made it easier
for victims to get the information they need to clear their good name.
Senator Gramm and I worked with Senator Cantwell for months to find a
balance between the needs of consumers and the needs of small
businesses, banks, and other credit agencies.
Our bill included key provisions that would have allowed victims to
work with businesses to obtain false records and block false
information on credit reports. This is critical for somebody who is
trying to put his or her life back together after the trauma of
identity theft.
I am encouraged by the interest my colleagues have shown here
today. There are a number of bills out there that I think we need to
consider in Congress before this crime hurts the hundreds of thousands
of working people and families that are
expected to become victims this year.
I am confident we can make headway on this issue during the debate
on reauthorization of the Fair Credit Reporting Act and I thank the
Chairman for addressing this issue today.

----------

PREPARED STATEMENT OF J. HOWARD BEALES, III
Director, Bureau of Consumer Protection, U.S. Federal Trade Commission
June 19, 2003

Introduction

Mr. Chairman and Members of the Committee, I am Howard Beales,
Director of the Bureau of Consumer Protection, Federal Trade Commission
(FTC or Commission).\1\ I appreciate the opportunity to present the
Commission's views on the impact of identity theft on consumers and the
importance of information security in preventing identity theft.
---------------------------------------------------------------------------
\1\ The views expressed in this statement represent the views of
the Commission. My oral presentation and responses to questions are my
own and do not necessarily represent the views of the Commission or any
Commissioner.
---------------------------------------------------------------------------
The Federal Trade Commission has a broad mandate to protect
consumers, and controlling identity theft is an important issue of
concern to all consumers. The FTC's primary role in combating identity
theft derives from the 1998 Identity Theft Assumption and Deterrence
Act (Identity Theft Act or Act).\2\ The Act directed the Federal Trade
Commission to establish the Federal Government's central repository for
identity theft complaints and to provide victim assistance and consumer
education. The Commission also works extensively with industry on ways
to improve victim assistance, including providing direct advice and
assistance in cases when information has been compromised. The
Commission can take enforcement action when companies fail to take
adequate security precautions to protect consumers' personal
information.
---------------------------------------------------------------------------
\2\ Pub. L. No. 105-318, 112 Stat. 3007 (1998) (codified at 18
U.S.C. Sec. 1028).

---------------------------------------------------------------------------
The Federal Trade Commission's Role in Combating Identity Theft

The Identity Theft Act strengthened the criminal laws governing
identity theft \3\ and focused on consumers as victims.\4\ Congress
also recognized that coordinated efforts are essential to best serve
the needs of identity theft victims because these fraud victims often
need assistance both from government agencies at the national and State
or local level and from businesses. As a result, the FTC's role under
the Act is primarily one of facilitating information sharing among
public and private entities.\5\ Specifically, Congress directed the
Commission to establish procedures to: (1) log the receipt of complaints
by victims of identity theft; (2) provide identity theft victims with
informational materials; and (3) refer complaints to appropriate
entities, including the major national consumer reporting agencies and
law enforcement agencies.\6\ To fulfill the Act's mandate, the
Commission has implemented a plan that focuses on three principal
components: (1) a toll-free telephone hotline; (2) the Identity Theft
Data Clearinghouse (Clearinghouse), a centralized database used to aid
law enforcement; and (3) outreach and education to consumers, law
enforcement, and private industry.
---------------------------------------------------------------------------
\3\ 18 U.S.C. Sec. 1028(a)(7). The statute broadly defines ``means
of identification'' to include ``any name or number that may be used,
alone or in conjunction with any other information, to identify a
specific individual,'' including, among other things, name, address,
Social Security number, driver's license number, biometric data, access
devices (i.e., credit cards), electronic identification number or
routing code, and telecommunication identifying information.
\4\ Because individual consumers' financial liability is often
limited, prior to the passage of the Act, financial institutions,
rather than individuals, tended to be viewed as the primary victims of
identity theft. Setting up an assistance process for consumer victims
is consistent with one of the Act's stated goals: To recognize the
individual victims of identity theft. See S. Rep. No. 105-274, at 4
(1998).
\5\ Most identity theft cases are best addressed through criminal
prosecution. The FTC itself has no direct criminal law enforcement
authority. Under its civil law enforcement authority provided by
Section 5 of the FTC Act, the Commission may, in appropiate cases,
bring actions to stop practices that involve or facilitate identity
theft. See, e.g., FTC v. Assail, Inc., W03 CA 007 (W.D. Tex. Feb. 4,
2003) (order granting preliminary injunction) (defendants alleged to
have debited consumers' bank accounts without authorization for
``upsells'' related to bogus credit card package) and FTC v. Corporate
Marketing Solutions, Inc., CIV- 02 1256 PHX RCB (D. Ariz. Feb. 3, 2003)
(final order) (defendants ``pretexted'' personal information from
consumers and engaged in unauthorized billing of consumers' credit
cards). In addition, the FTC brought six complaints against marketers
for purporting to sell international driver's permits that could be
used to facilitate identity theft. Press Release, Federal Trade
Commission, FTC Targets Sellers Who Deceptively Marketed International
Driver's Permits over the Internet and via Spam (Jan. 16, 2003) (at
http://www.ftc.gov/opa/2003/01/idpfinal.htm).
\6\ Pub. L. No. 105-318, Sec. 5, 112 Stat. 3010 (1998).

---------------------------------------------------------------------------
Assisting Identity Theft Victim

The most immediate way in which the FTC assists victims is by
collecting complaints and providing advice on recovery through a
telephone hotline and a dedicated website. On November 1, 1999, the
Commission began collecting complaints from consumers via a toll-free
telephone number, 1-877-ID-THEFT (438-4338). Every year since has seen
an increase in complaints. In 2002, hotline counselors added almost
219,000 consumer complaints to the Clearinghouse, up from more than
117,000 in 2001. Of the 219,000 reports, almost 162,000 (74 percent)
were complaints from identity theft victims, and almost 57,000 (26
percent) were general inquiries about identity theft. Despite this
dramatic growth in reports of identity theft, the FTC is cautious in
attributing it entirely to a commensurate growth in the prevalence of
identity theft. The FTC believes that the increase is, at least in
part, an indication of successful outreach in informing the public of
its program and the availability of assistance.
Callers to the hotline receive telephone counseling from specially
trained personnel who provide general information about identity theft
and help guide victims through the steps needed to resolve the problems
resulting from the misuse of their identities. Victims are advised to:
(1) Contact each of the three national consumer reporting agencies to
obtain copies of their credit reports and request that a fraud alert be
placed on their credit reports; \7\ (2) contact each of the creditors
or service providers where the identity thief has established or
accessed an account, to request that the account be closed and to
dispute any associated charges; and (3) report the identity theft to
the police and get a police report, which is very helpful in
demonstrating to would-be creditors and debt collectors that the
consumers are genuine victims of identity theft.
---------------------------------------------------------------------------
\7\ These fraud alerts indicate that the consumer is to be
contacted before new credit is issued in that consumer's name. See
Section II.B.(3)(a) infra for a discussion of the credit reporting
agencies new ``joint fraud alert'' initiative.
---------------------------------------------------------------------------
Counselors also advise victims having particular problems about
their rights under relevant consumer credit laws including the Fair
Credit Reporting Act,\8\ the Fair Credit Billing Act,\9\ the Truth in
Lending Act,\10\ and the Fair Debt Collection Practices Act.\11\ If the
investigation and resolution of the identity theft falls under the
jurisdiction of another regulatory agency that has a program in place
to assist consumers, callers also are referred to those agencies.
---------------------------------------------------------------------------
\8\ 15 U.S.C. Sec. 1681 et seq.
\9\ Id. Sec. 1666. The Fair Credit Billing Act generally applies to
``open end'' credit accounts, such as credit cards, revolving charge
accounts, and overdraft checking accounts. It does not cover
installment contracts, such as loans or extensions of credit that are
repaid on a fixed schedule.
\10\ Id. Sec. 1601 et seq.
\11\ Id. Sec. 1692 et seq.
---------------------------------------------------------------------------
The FTC's identity theft website, located at www.consumer.gov/
idtheft, provides equivalent service for those who prefer the immediacy
of an online interaction. The site contains a secure complaint form,
which allows victims to enter their identity theft information for
input into the Clearinghouse. Victims also can read and download all of
the resources necessary for reclaiming their credit record and good
name. One resource in particular is the FTC's tremendously successful
consumer education booklet, Identity Theft: When Bad Things Happen to
Your Good Name. The 26-page booklet, now in its fourth edition,
comprehensively covers a range of topics, including the first steps to
take for victims, how to correct credit-related and other problems that
may result from identity theft, tips for those having trouble getting a
police report taken, and advice on ways to protect personal
information. It also describes Federal and State resources that are
available to victims who may be having particular problems as a result
of the identity theft. The FTC alone has distributed more than 1.2
million copies of the booklet since its release in February 2000.\12\
Last year, the FTC released a Spanish language version of the identity
theft booklet, Robo de Identidad: Algo malo puede pasarle a su buen
nombre.
---------------------------------------------------------------------------
\12\ Other Government agencies, including the Social Security
Administration, the SEC, and the FDIC also have printed and distributed
copies of Identity Theft: When Bad Things Happen to Your Good Name.

---------------------------------------------------------------------------
Outreach and Education

The Identity Theft Act also directed the FTC to provide information
to consumers about identity theft. Recognizing that law enforcement and
private industry play an important part in the ability of consumers
both to minimize their risk and to recover from identity theft, the FTC
expanded its mission of outreach and education to include these
sectors.

Consumers

The FTC has taken the lead in coordinating with other Government
agencies and organizations in the development and dissemination of
comprehensive consumer education materials for victims of identity
theft and those concerned with preventing this crime. The FTC's
extensive consumer and business education campaign includes print
materials, media mailings, and radio and television interviews. The FTC
also maintains the identity theft website, which includes the
publications and links to testimony, reports, press releases, identity
theft-related State laws, and other resources.
To increase identity theft awareness for the average consumer, the
FTC recently developed a new primer on identity theft, Identity Theft:
What's It All About? This publication discusses the common methods of
identity thieves, how consumers can best minimize their risk of being
victimized, how to identify the signs of victimization, and the basic
first steps for victims. Taken together with the detailed victim
recovery guide, Identity Theft: When Bad Things Happen to Your Good
Name, the two publications help to fully educate consumers.

Law Enforcement

Because law enforcement at the State and local level can provide
significant practical assistance to victims, the FTC places a premium
on outreach to such agencies. In addition to the training described
below (see infra Section II.C.), the staff joined with North Carolina's
Attorney General Roy Cooper to send letters to every other attorney
general letting him or her know about the FTC's identity theft program
and how each Attorney General could use the resources of the program to
better assist residents of his or her State. The letter encourages the
Attorney General to link to the consumer information and complaint form
on the FTC's website and to let residents know about the hotline,
stresses the importance of the Clearinghouse as a central database, and
describes all of the educational materials that the attorney general
can distribute to residents. North Carolina took the lead in availing
itself of the Commission's resources in putting together for its
resident victims a package of assistance that includes the Identity
Theft Affidavit (see Section II.B.(3)(a)), links to the FTC website and
www.consumer.gov/idtheft. Through this initiative, the FTC hopes to
make the most efficient use of Federal resources by allowing States to
take advantage of the work the FTC has already accomplished and at the
same time continuing to expand the centralized database of victim
complaints and increase its use by law enforcement nationwide. Other
outreach initiatives include: (1) Participation in a ``Roll Call''
video produced by the Secret Service, which will be sent to thousands
of law enforcement departments across the country to instruct officers
on identity theft, investigative resources, and assisting victims; and
(2) redesigning of the FTC's website to include a section for law
enforcement with tips on how to help victims, as well as resources for
investigations. The FTC will launch the new website this summer.

Industry

(a) Victim Assistance: Identity theft victims spend significant
time and effort
restoring their good name and financial records. As a result, the FTC
devotes significant resources to conducting outreach with the private
sector on ways to improve victim assistance procedures. One such
initiative arose from the burdensome requirement that victims complete
a different fraud affidavit for each different creditor with whom the
identity thief had opened an account.\13\ To reduce that burden, the
FTC worked with industry and consumer advocates to create a standard
form for victims to use in resolving identity theft debts. From its
release in August 2001 through April 2003, the FTC has distributed more
than 293,000 print copies of the Identity Theft Affidavit. There have
also been more than 356,000 hits to the web version. The affidavit is
available in both English and Spanish.
---------------------------------------------------------------------------
\13\ See Identity Theft: When Bad Things Happen to Your Good Name.
Hearing Before the Subcommittee on Technology, Terrorism, and
Government Information of the Senate Judiciary Committee, 106th
Congress (2000) (statement of Mrs. Maureen Mitchell, Identity Theft
Victim).
---------------------------------------------------------------------------
The three major credit reporting agencies (CRA's) recently
launched a new initiative, the ``joint fraud alert.'' After receiving a
request from an identity theft victim for the placement of a fraud
alert on his or her consumer report and for a copy of that report, each
CRA now shares that request with the other two CRA's, thereby
eliminating the requirement that the victim contact each of the three
major CRA's separately.
(b) Information Security Breaches: Additionally, the FTC is working
with institutions that maintain personal information to identify ways
to help keep that information safe from identity theft. Last year, the
FTC invited representatives from financial institutions, credit
issuers, universities, and retailers to an informal roundtable
discussion of how to prevent unauthorized access to personal
information in employee and customer records. The FTC will soon publish
a self-assessment guide to make businesses and organizations of all
sizes more aware of how they manage personal information and to aid
them in assessing their security protocols.
As awareness of the FTC's role in identity theft has grown, the
businesses and organizations that have suffered compromises of personal
information have begun to contact the FTC for assistance. For example,
in the cases of TriWest \14\ and Ford/Experian,\15\ in which tens of
thousands of consumers' files were compromised, the Commission advised
how to notify those individuals and how to protect the data in the
future. To provide better assistance in these types of cases, the FTC
developed a kit, Responding to a Theft of Customer or Employee
Information, that will be
posted on the identity theft website in the coming weeks. The kit
provides advice on which law enforcement agency to contact, depending
on the type of compromise, business contact information for the three
major credit reporting agencies, with
suggestions for establishing an internal communication protocol,
information about contacting the FTC for assistance, and a detailed
explanation of what information individuals need to know. The kit also
includes a form letter for notifying the individuals whose information
was taken. Organizations are encouraged to print and include copies of
Identity Theft: When Bad Things Happen to Your Good Name with the
letter to individuals.
---------------------------------------------------------------------------
\14\ Adam Clymer, Official Say Troops Risk Identity Theft After
Burglary, The New York Times, Nov. 6, 2002, Main News, Part 1 (Home
Edition), at 12.
\15\ Kathy M. Kristof and John J. Goldman, 3 Charged in Identity
Theft Case, Los Angeles Times, Nov. 6, 2002, Main News, Part 1 (Home
Edition), at 1.
---------------------------------------------------------------------------
The FTC particularly stresses the importance of notifying
individuals as soon as possible when information has been taken that
may put them at risk for identity theft. They can then begin to take
steps to limit the potential damage to themselves. Individuals who
place a fraud alert promptly have a good chance of preventing, or at
least reducing, the likelihood that the release of their information
will turn into actual misuse. The prompt notification also alerts these
individuals to review their credit reports and to watch for the signs
of identity theft. In the event that they should become victims, they
can quickly take action to clear their records before any long-term
damage is done. Besides providing Responding to a Theft of Customer or
Employee Information, FTC staff can provide individual assistance and
advice, including a review of consumer information materials for the
organization and coordination of searches of the Clearinghouse for
complaints with the law enforcement
officer working the case.

Identity Theft Data Clearinghouse

The final mandate for the FTC under the Identity Theft Act was to
log the complaints from victims of identity theft and to refer those
complaints to appropriate entities such as law enforcement agencies.
Before launching this complaint system, the Commission took a number of
steps to ensure that it would meet the needs of criminal law
enforcement, including meeting with a host of law enforcement and
regulatory agencies to obtain feedback on what the database should
contain. Access to the Clearinghouse via the FTC's secure website
became available in July 2000. To ensure that the database operates as
a national clearinghouse for complaints, the FTC has solicited
complaints from other sources. For example, in February 2001, the
Social Security Administration-Office of Inspector General (SSA-OIG)
began providing the FTC with complaints from its fraud hotline,
significantly enriching the FTC's database.
The Clearinghouse provides a much fuller picture of the nature,
prevalence, and trends of identity theft than was previously
available.\16\ The FTC data analysts aggregate the data to develop
statistics about the nature and frequency of identity theft. For
instance, the Commission publishes charts showing the prevalence of
identity theft by States and by cities. Law enforcement and
policymakers at all levels of government use these reports to better
understand the challenges identity theft presents.
---------------------------------------------------------------------------
\16\ Charts that summarized 2002 data from the Clearinghouse can be
found at www.consumer.
gov/idtheft and www.consumer.gov/sentinel.
---------------------------------------------------------------------------
Since the inception of the Clearinghouse, 62 Federal agencies and
574 State and local agencies have signed up for access to the database.
Within those agencies, over 4,200 individual investigators have the
ability to access the system from their desktop computers 24 hours a
day, 7 days a week. The Commission actively encourages even greater
participation.
One of the goals of the Clearinghouse and the FTC's identity theft
program is to provide support for identity theft prosecutions
nationwide.\17\ Last year, in an effort to further expand the use of
the Clearinghouse among law enforcement, the FTC, in cooperation with
the Department of Justice and the U.S. Secret Service, initiated a full
day identity theft training seminar for State and local law enforcement
officers. Sessions were held in Washington, DC, Des Moines, Chicago,
San Francisco, Las Vegas, Dallas, and Phoenix. The Phoenix program was
held May 22. More than 730 officers have attended these seminars,
representing more than 170 different agencies. Additional training
seminars will occur later this year in Seattle, New York, and Houston--
cities the FTC has identified as having high rates of identity theft.
Also, the FTC is a member of an identity theft task force in Kansas
City and is helping coordinate a training seminar there later this
summer.
---------------------------------------------------------------------------
\17\ The Commission testified last year in support of S. 2541, the
Identity Theft Penalty Enhancement Act of 2002, which would increase
penalties and streamline proof requirements for prosecution of many of
the most harmful forms of identity theft. See Testimony of Bureau
Director J. Howard Beales, III, Senate Judiciary Committee,
Subcommittee on Terrorism, Technology, and Government Information (July
11, 2002). S. 2541 has been reintroduced in the 108th Congress as S.
153.
---------------------------------------------------------------------------
The FTC staff also helps develop case leads. Now in its second
year, the Commission runs an identity theft case referral program in
coordination with the U.S.
Secret Service. The Secret Service has assigned a special agent on a
full-time basis to the Commission to assist with identity theft issues
and has provided the services of its Criminal Research Specialists.\18\
Together, the FTC and Secret Service staff develop preliminary
investigative reports by examining significant patterns of identity
theft activity in the database and refining the data through the use of
additional investigative resources. Thereupon, the staff refer the
investigative reports to appropriate Financial Crimes Task Forces and
other law enforcers located throughout the country for further
investigation and potential prosecution.
---------------------------------------------------------------------------
\18\ The referral program complements the regular use of the
database by all law enforcers from their desktop computers.

---------------------------------------------------------------------------
The Federal Trade Commission's Role in Information Security

In addition to providing assistance to victims of identity theft,
the Commission also examines security precautions involving consumers'
personal information to determine whether law enforcement may be
appropriate. If so, the Commission has two valuable legal tools to work
with: Section 5 of the FTC Act,\19\ which prohibits unfair and
deceptive acts or practices, and the Commission's Gramm-Leach-Bliley
Safeguards Rule (the Safeguards Rule or the Rule).\20\
---------------------------------------------------------------------------
\19\ 15 U.S.C. Sec. 45.
\20\ 16 CFR Part 314, available online at http://www.ftc.gov/os/
2002/05/67fr36585.pdf.

---------------------------------------------------------------------------
Law Enforcement Under Section 5

One of the mainstays of the Commission's privacy program is the
enforcement of promises that companies make to consumers about privacy,
including, the precautions they take to ensure the security of
consumers' personal information. The Commission enforces such promises
both online and offline. One area of particular concern involves
breaches of sensitive information because they put consumers at the
greatest risk of identity theft and other harms.
Last August, the Commission announced a settlement with Microsoft
regarding misleading claims made by the company about the information
collected from consumers through its Passport services--Passport,
Passport Wallet, and Kids Passport. \21\ Passport is a service that
collects information from consumers and then allows them to sign in at
any participating site using a single name and password. Passport
Wallet collects and stores consumers' credit card numbers, and billing
and shipping addresses, so that consumers do not have to input this
information every time they make a purchase from a site. Kids Passport
was promoted as a way for parents to create accounts for their children
that limited the information that could be collected from them.
---------------------------------------------------------------------------
\21\ The Commission's final decision and order in the Microsoft
case is available at http://www.ftc.gov/os/2002/12/
microsoftdecision.pdf. The Commission's complaint is available at
http://www.ftc.gov/os/2002/12/microsoftcomplaint.pdf.
---------------------------------------------------------------------------
The Commission's complaint alleged that Microsoft misrepresented
the privacy afforded by these services, including the extent to which Microsoft kept the information secure. For example, in various online statements, Microsoft said that the Passport service ``achieves a high
level of web security by using technologies and systems designed to
prevent unauthorized access to your personal information.'' The Commission
alleged that Microsoft, in fact, failed to employ reasonable and
appropriate measures to protect the personal information collected in
connection with these services because it failed to: (1) implement
procedures needed to prevent or detect unauthorized access; (2) monitor
the system for potential vulnerabilities; and (3) perform appropriate
security audits or investigations.
The Commission's order against Microsoft contains strong relief
that will provide significant protections for consumer information.
First, it prohibits any misrepresentations about the use of and
protection for personal information. Second, it requires Microsoft to
implement a comprehensive information security program similar to the
program required under the FTC's Gramm-Leach-Bliley Safeguards Rule,
which is discussed below. Finally, to provide additional assurances
that the information security program complies with the consent order,
every 2 years Microsoft must have its program certified by an
independent professional that it meets or exceeds the standards in the
order. The provisions of the order will continue for 20 years and the
Commission is systematically monitoring compliance.
Microsoft is an important case because the settlement required that
the company adhere to its security promises even in the absence of a
known breach of the system. The Commission found even the potential for
injury actionable when sensitive information and security promises were
involved, and when the potential for injury was significant. This
determination is an extremely important principle. It is not enough to
make promises about protecting personal information, and then just hope
that nothing bad happens or, if it does, that nobody finds out.
Fulfilling privacy promises requires affirmative steps to ensure that
personal information is appropriately protected from identity theft and
other risks to consumers' personal information.
The Microsoft case followed a similar case the Commission settled
earlier last year against Eli Lilly.\22\ The Lilly case also involved
alleged misrepresentations regarding the security provided for
sensitive consumer information--in this instance, consumers' health
information. Like Microsoft, Lilly made claims that it had security
measures in place to protect the information collected from consumers
on its website. As in Microsoft, the Commission charged Lilly with
failing to have reasonable measures in place to protect the
information.
---------------------------------------------------------------------------
\22\ The Commission's final decision and order against Eli Lilly is
available at http://www.ftc.
gov/os/2002/05/elilillydo.htm. The complaint is available at http://
ww.ftc.gov/os/2002/elilillycmp.htm.
---------------------------------------------------------------------------
Specifically, in sending an e-mail to Prozac users who subscribed
to a service on the site, Lilly put all of the consumers' e-mail
addresses in the ``To:'' line of the e-mail, essentially disclosing to
all users the identities of all of the other Prozac users. The
Commission's complaint alleged that this happened because Lilly failed,
among other things, to provide appropriate training and oversight for
the employee who sent the e-mail and to implement appropriate checks on
the process of using sensitive customer data. The order in the Lilly
case prohibits the misrepresentations and, as in Microsoft, requires
Lilly to implement a comprehensive information security program.
Just this week, the Commission settled alleged violations of
Section 5 in connection with statements made by Guess, Inc. concerning
the security provided for sensitive consumer information collected
through its website www.guess.com. According to the Commission's
complaint, by conducting a ``web-based application'' attack on the
Guess, Inc. website, an attacker gained access to a database containing
191,000 credit card numbers. The complaint alleged that, despite
specific claims that it provided security for the information collected
from consumers through its website, Guess did not: (1) employ commonly
known, relatively low-cost methods to block web-application attacks,
which are well-known in the technology industry; (2) adopt policies and
procedures to identify these and other vulnerabilities; or (3) test its
website and databases for known application vulnerabilities, which
would have alerted it that the website and associated databases were at
risk of attack. Essentially, the company allegedly had no system in
place to test for known application vulnerabilities, or to detect or to
block attacks once they occurred.
In addition, the complaint alleged, Guess misrepresented that the
personal information it obtained from consumers through www.guess.com
was stored in an unreadable, encrypted format at all times; but in
fact, after launching the attack, the attacker could read the personal
information, including credit card numbers, stored on www.guess.com in
clear, unencrypted text. The order prohibits misrepresentations about
the security and confidentiality of any information collected from or
about consumers online and, as in Microsoft and Lilly, requires Guess
to implement a comprehensive information security program.
This case highlights a crucial but often neglected aspect of
information security: The security of web-based applications and the
databases associated with them. Databases frequently house sensitive
data such as credit card numbers, and web-based applications are often,
as with Guess, the ``front door'' to these databases. It is critical
that online companies take reasonable steps to secure these aspects of
their systems, especially when they have made promises about the
security they provide for consumer information.
It is important to note that the Commission is not simply saying
``gotcha'' for security breaches. While a breach may indicate a problem
with a company's security, breaches can happen even when a company has
taken every reasonable precaution. In such instances, the breach will
not violate the laws the FTC enforces. Instead, the Commission
recognizes that security is an ongoing process of using reasonable and
appropriate measures in light of the circumstances. That is the
approach the Commission took in these cases and in its Gramm-Leach-
Bliley Safeguards Rule, and the approach it will continue to take.

GLB Safeguards Rule

In May 2002, the Commission finalized its Gramm-Leach-Bliley
Safeguards Rule, which requires that financial institutions under the
FTC's jurisdiction to develop and implement appropriate physical,
technical, and procedural safeguards to protect customer information.
The Rule became effective on May 23 of this year, and the Commission
expects that it will quickly become an important tool to ensure greater
security for consumers' sensitive financial information. Whereas
Section 5 authority derives from misstatements particular companies
make about security, the Rule
requires a wide variety of financial institutions to implement
comprehensive protections for customer information--many of them for
the first time. The Rule could go a long way to reduce risks to this
information, including identity theft.
The Safeguards Rule requires financial institutions to develop a
written information security plan that describes their program to
protect customer information. Due to the wide variety of different
entities covered, the Rule requires a plan that takes into account each
entity's particular circumstances--its size and its complexity, the
nature and scope of its activities, and the sensitivity of the customer
information it handles.
As part of its plan, each financial institution must: (1) designate
one or more employees to coordinate the safeguards; (2) identify and
assess the risks to customer information in each relevant area of the
company's operation, and evaluates the
effectiveness of the current safeguards for controlling these risks;
(3) design and implement a safeguards program, and regularly monitor
and test it; (4) hire the appropriate service providers and contract
with them to implement safeguards; and (5) evaluate and adjust the
program in light of relevant circumstances, including changes in the
firm's business arrangements or operations, or the results of testing
and monitoring of safeguards. The Safeguards Rule requires businesses
to consider all areas of their operation, but identifies three areas
that are particularly important to information security: employee
management and training; information systems; and management of system
failures.
The Commission has already issued guidance to businesses covered by
the Safeguards Rule to help them understand the Rule's
requirements.\23\ Commission staff have met with a variety of trade
associations and companies to learn about industry's experience in
coming into compliance with the Rule, to discuss areas in which
additional FTC guidance might be appropriate, and to gain a better
understanding of how the Rule is affecting particular industry
segments. Now that the Rule is effective, the Commission plans to
conduct sweeps to assess compliance within various covered industry
segments.
---------------------------------------------------------------------------
\23\ Financial Institutions and Customer Data: Complying with the
Safeguards Rule, available at http://www.ftc.gov/bcp/conline/pubs/
buspubs/safeguards.htm.

---------------------------------------------------------------------------
Education and Workshops

Finally, the Commission recently hosted two workshops focusing on
the role that technology plays in protecting personal information.\24\
At the first workshop, which focused on the technologies available to
consumers, we heard that many of these technologies have failed because
they were too difficult to use; also, consumers did not want to pay
separately for a ``fix'' many assumed was already integrated into the
computers and applications they purchased. Panelists generally agreed
that, to succeed in the marketplace, these technologies must be easy to
use and built into the basic hardware and software consumers purchase.
---------------------------------------------------------------------------
\24\ Additional information about the workshops are available at
http://www.ftc.gov/bcp/workshops/technology/index.htm.
---------------------------------------------------------------------------
At the second workshop, which focused on the technologies available
to businesses, we learned that businesses, like consumers, need
technology that is easy to use and compatible with their other systems.
We also heard that technology should be viewed as just one part of an
overall information management system that also relies heavily on
people and the use of appropriate processes and procedures.
Unfortunately, we also heard that too many technologies are sold before
undergoing adequate testing and quality control, frustrating progress
in this area.
On June 18, the Commission hosted a public workshop to examine the
costs and benefits to consumers and businesses of the collection and
use of consumer information. Five CEO's made presentations about how
their companies use and value data. Two case studies related to credit
transactions and targeting marketing provided specific examples.\25\ In
addition, we considered the possible methodologies for further
measuring and analyzing the costs and benefits to consumers of these
information practices.
---------------------------------------------------------------------------
\25\ Additional information about the workshop is available at
http://www.ftc.gov/bcp/workshops/infoflows/index.html.

---------------------------------------------------------------------------
Conclusion

Identity theft and large scale security breaches place substantial
costs on individuals and on businesses. The Commission, through its
education and its enforcement capabilities, is committed to reducing
these breaches as much as possible. The Commission will continue its
efforts to assist criminal law enforcement with their investigations.
Prosecuting perpetrators sends the message that identity theft is not
cost-free. Finally, the Commission knows that as with any crime,
identity theft can never be completely eradicated. Thus, the
Commission's program to assist victims and work with the private sector
on ways to facilitate the process for regaining victims' good names
will always remain a priority.

PREPARED STATEMENT OF TIMOTHY CADDIGAN

Special Agent in Charge, Criminal Investigative Division
U.S. Secret Service
June 19, 2003

Mr. Chairman, Senator Sarbanes, and Members of the Committee, thank
you for inviting me to be part of this hearing today, and the
opportunity to address the Committee regarding the Secret Service's
efforts to combat identity crime and protect our Nation's financial
infrastructure.
The Secret Service was originally established within the Department
of the Treasury in 1865 to combat the counterfeiting of U.S. currency.
Since that time, this Agency has been tasked with the investigation of
financial crimes, as well as the protection of our Nation's leaders,
visiting foreign dignitaries and events of national significance.
Although, we have moved to the Department of Homeland Security, the
Secret Service has maintained historic relationships with the
Department of the Treasury in our ongoing efforts to ensure a secure
financial services infrastructure.
With the passage of new Federal laws in 1982 and 1984, the Secret
Service was provided primary authority for the investigation of access
device fraud, including credit card and debit card fraud, and parallel
authority with other law enforcement agencies in identity crime cases.
The explosive growth of these crimes has resulted in the evolution of
the Secret Service into an agency that is recognized worldwide for its
expertise in the investigation of all types of financial crimes. Our
efforts to detect, investigate, and prevent financial crimes are
aggressive, innovative, and comprehensive.
The burgeoning use of the Internet and advanced technology, coupled
with increased investment and expansion, has intensified competition
within the financial sector. With lower costs of information-
processing, legitimate companies have found it profitable to specialize
in data mining, data warehousing, and information brokerage.
Information collection has become a common byproduct of newly emerging
e-commerce. Internet purchases, credit card sales, and other forms of
electronic transactions are being captured, stored, and analyzed by
businesses seeking to find the best customers for their products. This
has led to a new measure of growth within the direct marketing industry
that promotes the buying and selling of personal information. In
today's markets, consumers routinely provide personal and financial
identifiers to companies engaged in business on the Internet. They may
not realize that the information they provide in credit card
applications, loan applications, or with merchants they patronize are
valuable commodities in this new age of information trading. Consumers
may be even less aware of the illegitimate uses to which this
information can be put. This wealth of available personal information
creates a target-rich environment for today's sophisticated criminals,
many of whom are organized and operate across international borders.
But legitimate business can provide a first line of defense against
identity crime by safeguarding the information it collects. Such
efforts can significantly limit the opportunities for identity crime,
even while not eliminating its occurrence altogether.
Simply stated, identity crime is the theft or the misuse of an
individual's personal or financial identifiers in order to gain
something of value or to facilitate other criminal activity. Types of
identity crime include identity theft, credit card fraud, bank fraud,
check fraud, false identification fraud, and passport /visa fraud.
Identity crimes are almost always associated with other crimes such as
narcotics and weapons trafficking, organized crime, mail theft and
fraud, money laundering, immigration fraud, and terrorism.
According to statistics compiled by the FTC for the year 2002, 22
percent of the 161,819 victim complaints reported involved more than
one type of identity crime. The complaints were broken down as follows
(note that some complaints involved more than one of the listed
activities):

42 percent of complaints involved credit card fraud--for
example, someone either opened up a credit card account in the
victim's name or ``took over'' their existing credit card account;
22 percent of complaints involved the activation of telephone,
cellular, or other utility service in the victim's name;
17 percent of complaints involved bank accounts that had been
opened in the victim's name, and /or fraudulent checks had been
negotiated in the victim's name;
9 percent of complaints involved employment-related fraud;
8 percent of complaints involved Government documents /
benefits fraud;
6 percent of complaints involved consumer loans or mortgages
that were obtained in the victim's name; and
16 percent of complaints involved some type of miscellaneous
fraud, such as medical, bankruptcy, and securities fraud.

Identity crime is not targeted against any particular demographic;
instead, it affects all types of Americans, regardless of age, gender,
nationality, or race. Victims include everyone from restaurant workers,
telephone repair technicians, and police officers, to corporate and
Government executives, celebrities, and high-ranking military officers.
What victims do have in common is the difficult, time-consuming, and
the potentially expensive task of repairing the damage that has been
done to their credit, their savings, and their reputation. According to
a report by the General Accounting Office, the average victim spends
over 175 hours attempting to repair the damage done by identity
criminals.
In past years, victims of financial crimes such as bank fraud or
credit card fraud were identified by statute as the person, business,
or financial institution that
incurred a financial loss. All too often the individuals whose credit
was ruined through identity theft were not even recognized as victims.
As a result of the passage of the Identity Theft and Assumption
Deterrence Act in 1998, this is no longer the case. This legislation
represented the first comprehensive effort to rewrite the Federal
criminal code to address the insidious affects of identity theft on
private citizens. This new law amended Section 1028 of Title 18 of the
United States Code to provide enhanced investigative authority to
combat the growing problem of identity theft. These protections
included:

The establishment of the Federal Trade Commission (FTC) as the
central clearinghouse for victims to report incidents of identity
theft. This centralization of all identity theft cases allows for
the identification of systemic weaknesses and provides law
enforcement with the ability to retrieve investigative data at one
central location. It further allows the FTC to provide victims with
the information and the assistance that they need in order to take
the steps necessary to correct their credit records.
The enhancement of asset forfeiture provisions to allow for
the repatriation of funds to victims.
The closing of a significant gap in then-existing statutes.
Previously, only the production or possession of false
identification documents was unlawful. However, with advances in
technology such as e-commerce and the Internet, criminals did not
need actual, physical identification documents to assume an
identity. This statutory change made it illegal to steal another
person's personal identification information with the intent to
commit a violation, regardless of actual possession of identity
documents.

We believe that the passage of this legislation was the catalyst
needed to bring together both the Federal and State government
resources in a focused and unified response to the identity crime
problem. Today, law enforcement, regulatory, and community assistance
organizations have joined forces through a variety of working groups,
task forces, and information sharing initiatives to assist victims of
identity crime.
As you know, Mr. Chairman, the Senate recently passed the Identity
Theft Penalty Enhancement Act of 2002. The intent of this Act is to
establish increased penalties for aggravated identity theft--for
example, identity theft committed during and in relation to certain
specified felonies. This Act, in part, provides for 2 years
imprisonment for the identity crime, in addition to the punishment
associated with the related felony and 5 years imprisonment if the
related felony is associated with terrorism. Additionally, the Act
prohibits the imposition of probation and allows for consecutive
sentences. While this particular legislation cannot be expected to
completely suppress identity theft, it does recognize the impact
identity theft has on consumers and the need to punish those engaging
in criminal activity for personal or financial gain. The Secret Service
supports these ideas and believes that they represent additional tools
that law enforcement can utilize to the fullest extent in protecting
the American people.
Identity crime violations are investigated by Federal law
enforcement agencies, including the Secret Service, the U.S. Postal
Inspection Service, the Social Security Administration (Office of the
Inspector General), and the Federal Bureau of Investigation. Schemes to
commit identity crime may also involve violations of other statutes,
such as computer crime, mail theft and fraud, wire fraud, or Social
Security fraud, as well as violations of State law. Because most
identity crimes fall under the jurisdiction of the Secret Service, we
have taken an aggressive stance and continue to be a leading agency for
the investigation and the prosecution of such criminal activity.
Although financial crimes are often referred to as ``white collar''
by some, this characterization can be misleading. The perpetrators of
such crimes are increasingly diverse and today include both domestic
and international organized criminal groups, street gangs, convicted
felons, and terrorists.
The personal identifiers most often sought by criminals are those
generally required to obtain goods and services on credit. These are
primarily Social Security numbers, names, and dates of birth. Identity
crimes also involve the theft or misuse of an individual's financial
identifiers such as credit card numbers, bank account numbers, and
personal identification numbers.
The methods of identity criminals vary. It has been determined that
many ``low tech'' identity criminals obtain personal and financial
identifiers by going through commercial and residential trash, a
practice known as ``dumpster diving.'' The theft of both incoming and
outgoing mail is a widespread practice employed by both individuals and
organized groups, along with thefts of wallets and purses.
With the proliferation of computers and increased use of the
Internet, many identity criminals have used the information obtained
from company databases and websites. A case investigated by the Secret
Services that illustrates this method involved an identity criminal
accessing public documents to obtain the Social Security numbers of
military officers. In some cases, the information obtained is in the
public domain while in others it is proprietary and is obtained by
means of a computer intrusion.
The method that may be most difficult to prevent is theft by a
collusive employee. The Secret Service has discovered that individuals
or groups who wish to obtain personal or financial identifiers for a
large-scale fraud ring will often pay or extort an employee who has
access to this information through their employment at workplaces such
as a financial institution, medical office, or Government agency.
In most of the cases that our Agency has investigated involving
identity theft, criminals have used an individual's personal
identifiers to apply for credit cards or consumer loans. Additionally,
these identifiers were also used to establish bank accounts, leading to
the laundering of stolen or counterfeit checks or were used in a check-
kiting scheme.
The majority of identity crime cases investigated by the Secret
Service are initiated on the local law enforcement level. In most
cases, the local police department is the first responder to the
victims once they become aware that their personal or financial
identifiers are being used unlawfully. Credit card issuers as well as
financial institutions will also contact a local Secret Service field
office to report possible criminal activity.
The events of September 11, 2001, have altered the priorities and
actions of law enforcement throughout the world, including the Secret
Service. Immediately following the attacks, Secret Service assisted the
FBI with their terrorism investigation through the leveraging of our
established relationships, especially within the financial sector, in
an attempt to gather information as expeditiously as possible.
As part of the new Department of Homeland Security, the Secret
Service will continue to be involved in a collaborative effort with the
intention of analyzing the potential for identity crime to be used in
conjunction with terrorist activities through our liaison efforts with
the Bureau of Immigration and Customs Enforcement, Operation Direct
Action, the FinCEN, the Diplomatic Security Service, and the Terrorist
Financing Operations Section of the FBI.
The Secret Service continues to attack identity crime by
aggressively pursuing our core Title 18 investigative violations,
including access and telecommunications device fraud, financial
institution fraud, computer fraud, and counterfeiting. Many of these
schemes are interconnected and depend upon stealing and misusing the
personal and financial identifiers of innocent victims.
Our own investigations have frequently involved the targeting of
organized criminal groups that are engaged in financial crimes on both
a national and international scale. Many of these groups are prolific
in their use of stolen financial and personal identifiers to further
their other criminal activity.
It has been our experience that the criminal groups involved in
these types of crimes routinely operate in a multi-jurisdictional
environment. This has created some problems for local law enforcement
agencies that generally act as the first responders to their criminal
activities. By working closely with other Federal, State, and local law
enforcement, as well as international police agencies, we are able to
provide a comprehensive network of intelligence sharing, resource
sharing, and technical expertise that bridges jurisdictional
boundaries. This partnership approach to law enforcement is exemplified
by our financial and electronic crime task forces located throughout
the country, pursuant to our Section 1030 computer crime authority.
These task forces primarily target suspects and organized criminal
enterprises engaged in financial and electronic criminal activity that
falls within the investigative jurisdiction of the Secret Service.
Members of these task forces, who include representatives from local
and State law enforcement, prosecutors offices, private
industry and academia, pool their resources and expertise in a
collaborative effort to detect and prevent electronic crimes. The value
of this crime fighting and crime prevention model has been recognized
by Congress, which has authorized the Secret Service (pursuant to the
USA PATRIOT Act of 2001) to expand our electronic crime task forces to
cities and regions across the country. Recently, four new Electronic
Crimes Task Forces were established in Dallas, Houston, Columbia (SC),
and Cleveland bringing the total number of ECTF's to 13.
While our task forces do not focus exclusively on identity crime,
we recognize that stolen identifiers are often a central component of
other electronic or financial crimes. Consequently, our task forces
devote considerable time and resources to the issue of identity crime.
Another important component of the Secret Service's preventative
and investigative efforts has been to increase awareness of issues
related to financial crime investigations in general, and of identity
crime specifically, both in the law enforcement community and the
general public. The Secret Service has tried to educate consumers and
provide training to law enforcement personnel through a variety of
partnerships and initiatives.
For example, criminals increasingly employ technology as a means of
communication, a tool for theft and extortion, and a repository for
incriminating information. As a result, the investigation of all types
of criminal activity, including identity crime, now routinely involves
the seizure and analysis of electronic evidence. In fact, so critical
was the need for basic training in this regard that the Secret Service
joined forces with the International Association of Chiefs of Police
and the National Institute for Justice to create the ``Best Practices
Guide to Searching and Seizing Electronic Evidence,'' which is designed
for the first responder, line officer, and the detective alike. This
guide assists law enforcement officers in recognizing, protecting,
seizing, and searching electronic devices in accordance with applicable
statutes and policies.
We have also worked with these same partners in producing the
interactive, computer-based training program known as ``Forward Edge,''
which takes the next step in training officers to conduct electronic
crime investigations. Forward Edge is a CD-ROM that incorporates
virtual reality features as it presents three different
investigative scenarios to the trainee. It also provides investigative
options and technical support to develop the case. Copies of State
computer crime laws for each of the fifty States, as well as
corresponding sample affidavits are also part of the training program
and are immediately accessible for instant implementation.
Thus far, we have distributed over 300,000 ``Best Practices
Guides'' to local and Federal law enforcement officers and have
distributed, free of charge, over 20,000 Forward Edge training CD's.
In April 2001, the Secret Service assisted the FTC in the design of
an identity theft brochure, containing information to assist victims on
how to restore their ``good name,'' as well as how to prevent their
information and identities from becoming compromised.
In addition, we have just completed the Identity Crime Video/CD-ROM
which contains over 50 investigative and victim assistance resources
that local and State law enforcement officers can use when combating
identity crime. This CD-ROM also contains a short identity crime video
that can be shown to police officers at their roll call meetings which
discusses why identity crime is important, what other departments are
doing to combat identity crime, and what tools and resources are
available to officers. The Identity Crime CD-ROM is an interactive
resource guide that was made in collaboration with the U.S. Postal
Inspection Service, the Federal Trade Commission, and the International
Association of Chiefs of Police.
Next week, we will be sending an Identity Crime CD-ROM to every law
enforcement agency in the United States. Departments can make as many
copies of the CD-ROM as they wish and can distribute this resource to
their officers to use in identity crime investigations. Over 25,000
Identity Crime CD-ROM's have been produced and are being prepared for
distribution.
The Secret Service is also actively involved with a number of
Government-sponsored initiatives. At the request of the Attorney
General, the Secret Service joined an interagency identity theft
subcommittee that was established by the Department of Justice. This
group, which is comprised of Federal, State, and local law enforcement
agencies, regulatory agencies, and professional agencies meets
regularly to discuss and coordinate investigative and prosecutive
strategies, as well as consumer education programs.
In a joint effort with the Department of Justice, the U.S. Postal
Inspection Service, the Federal Trade Commission, and the International
Association of Chiefs of Police, we are hosting Identity Crime Training
Seminars for law enforcement
officers. In the last year and a half, we have held seminars for
officers in Chicago, Dallas, Las Vegas, Iowa, Washington, DC, and
Phoenix. In the coming months, we have training seminars scheduled in
New York, Seattle, and Texas. These training seminars are focused on
providing local and State law enforcement officers with tools and
resources that they can immediately put into use in their
investigations of identity crime. Additionally, officers are provided
resources that they can pass on to members of their community who are
victims of identity crime.
The Secret Service's Criminal Investigative Division assigned a
special agent to the Federal Trade Commission (FTC) as a liaison to
support all the aspects of their program to encourage the use of the
Identity Theft Data Clearinghouse as a law enforcement tool. The FTC
has done an excellent job of providing people with the
information and assistance they need in order to take the steps
necessary to correct their credit records, as well as undertaking a
variety of ``consumer awareness'' initiatives regarding identity theft.
It is important to recognize that public education efforts can only
go so far in combating the growth of identity crime. Because Social
Security numbers, in conjunction with other personal and financial
identifiers, are used for such a wide variety of record keeping and
credit related applications, even a consumer who takes the appropriate
precautions to safeguard such information is not immune from becoming a
victim.
The Secret Service recommends that consumers take the following
steps to protect themselves from identity crime:

Maintain a list of all credit card accounts and corresponding
phone numbers. Keep this list in a place other than your wallet or
purse so that immediate notification can occur if any cards are
lost or stolen;
Avoid carrying any more credit cards in a wallet or purse than
is actually needed;
Cancel any accounts that are not in use;
Be conscious of when billing statements should be received,
and if they are not received during that window, contact the
sender;
Check credit card bills against receipts before paying them;
Avoid using a date of birth, Social Security number, name, or
similar information as a password or PIN code, and change passwords
at least once a year;
Shred or burn preapproved credit card applications, credit
card receipts, bills, and other financial information that you do
not want to save;
Secure your incoming and outgoing mail;
Establish passwords where possible with credit card companies
or financial institutions that you have accounts with in order to
avoid unauthorized change of
address, transfer of funds, or orders of additional cards;
Order a credit report once a year from each of the three major
credit bureaus to check for inaccuracies and fraudulent use of
accounts; and
Avoid providing any personal information over the telephone
unless you initiated the call, and be aware that individuals and
business contacted via the Internet may misrepresent themselves.

Should an individual become the victim of identity theft, the
Secret Service recommends the following steps:

Report the crime to the police immediately and get a copy of
the police report;
Immediately notify your credit card issuers and request
replacement cards with new account numbers. Also request that the
old account be processed as ``account closed at consumers'
request'' for credit record purposes. Ask that a password be used
before any inquiries or changes can be made on the new account.
Follow up the telephone conversation with a letter summarizing your
requests;
Call the fraud units of the three credit reporting bureaus,
and report the theft of your credit cards and/or numbers. Ask that
your accounts be flagged, and add a victim's statement to your
report that requests that they contact you to verify
future credit applications. Order copies of your credit reports so
that you can review them to make sure no additional fraudulent
accounts have been opened in your name;
File a complaint with the Federal Trade Commission (FTC) by
calling 1-877-ID-THEFT or writing to them at Consumer Response
Center, Federal Trade Commission, 600 Pennsylvania Ave., NW,
Washington, DC 20580. Complaints can also be filed via their
website at www.ftc.gov/ftc/complaint.htm; and
Follow up with the credit bureaus every 3 months for at least
a year and order new copies of your reports so that you can verify
that corrections have been made, and to make sure that no new
fraudulent accounts have been established.
Conclusion
For law enforcement to properly prevent and combat identity crime,
steps must be taken to ensure that the local, State, and Federal
agencies are addressing victim concerns in a consistent manner. All
levels of law enforcement should be familiar with the resources
available to combat identity crime and to assist victims in rectifying
damage inflicted on their credit. It is essential that law enforcement
recognize that identity crimes must be combated on all fronts, from the
officer who receives a victim's complaint, to the detective or special
agent investigating an organized identity crime ring.
The Secret Service has already launched a number of initiatives
aimed at increasing awareness and providing the training necessary to
address these issues, but those of us in the law enforcement and
consumer protection communities need to continue to reach out to an
even larger audience. We need to continue to approach these
investigations with a coordinated effort--this is central to providing
a consistent level of vigilance and addressing investigations that are
multi-jurisdictional while avoiding duplication of effort. The Secret
Service is prepared to assist this Committee in protecting and
assisting the people of the United States, with respect to the
prevention, identification, and prosecution of identity criminals.
Mr. Chairman, that concludes my prepared remarks and I would be
happy to
answer any questions that you or other Members of the Committee may
have.

----------
PREPARED STATEMENT OF MICHAEL D. CUNNINGHAM

Senior Vice President, Credit and Fraud Operations
Chase Cardmember Services
June 19, 2003

Mr. Chairman, Members of the Committee, my name is Michael D.
Cunningham and on behalf of J.P. Morgan Chase & Co., we greatly
appreciate this opportunity to appear before the Committee and share
our experience with the issue of identity theft. I serve as Senior Vice
President for Credit and Fraud Operations for Chase Cardmember
Services. Protecting our customers from identity theft and fraud is a
major priority for our entire company. We have devoted the resources
necessary to play a leading role for the industry by utilizing leading
edge technology and hands on intervention by over 750 specially trained
Chase employees. The personal security and well-being of our customers
is a top priority at Chase.
Below, please find a discussion of the problem, the nuts and bolts
of what we at Chase do about it, followed by some ideas for changes and
improvements for all parties involved.

Elements of Identity Theft and Credit Card Fraud
Identity Theft
While identity theft and what we call credit card fraud are both
pernicious crimes, and both constitute fraud, we would like to
distinguish the two for policy purposes. We place identity theft into
two basic categories:

Fraudulent Applications--Three Percent of Our Total Fraud Cases
This involves the unlawful acquisition and the use of another
person's identifying information to obtain credit, or the use of that
information to create a fictitious identity to establish an account.
In order to commit identity theft by means of fraudulent
application, the perpetrator needs to acquire not just a name, address,
or credit card number but unique identifiers such as the mother's
maiden name, Social Security number, and detailed information about a
person's credit history such as the amount of their most recent
mortgage payment. This is why more than 40 percent of the identity
theft cases that we see are committed by someone familiar to the
victim, frequently a family member or by someone in a position of
intimacy or trust. This variety of identity theft represents 3 percent
of our total fraud cases.

Account Takeover--One Percent of Our Total Fraud Cases
This occurs when someone unlawfully uses another person's
identifying information to take ownership of an account. This would
typically occur by making an unauthorized change of address followed by
a request for a new product such as a card or check, or perhaps a PIN
number. This variety of identity theft represents less than 1 percent
of our total fraud cases.

Non-Identity Theft Fraud--The Other 96 Percent of Our Total Fraud Cases
This type of fraud constitutes the vast majority of occurrences and
falls under four basic headings:

(1) Lost or Stolen Cards: The card is actually in possession of the
customer and is subsequently lost or stolen.
(2) Non-Receipt: The card is never received by the customer and is
intercepted by the perpetrator prior to or during mail delivery.
(3) Counterfeiting: The card is in possession of an actual customer
and a fraudulent one is subsequently created by a variety of forgery or
counterfeiting techniques. The customer does not know that the theft
has occurred.
(4) Fraudulent Mail or Telephone Order: The card is in possession
of the customer and the account number and expiration date is
compromised permitting purchases by phone, mail, or Internet.
Who Bears the Liability for Fraud?
By law, the liability of the consumer who has suffered credit card
fraud is limited to a maximum of $50 up to the time of notification to
the creditor, after which it is zero. As a practical matter, with the
advent of the Internet and other mediums, to promote consumer
confidence, MasterCard and Visa simply accept full liability for the
fraud, as do many individual card issuers.
The Role of Credit Delivery Systems in Fraud
Variation in Fraud Rates by Application Channel

Table 14: Cost of Credit Card Fraud\1\
------------------------------------------------------------------------
Percent
Year 2000 of Percent
Type Cost Credit of
(Millions) Card Sales
Fraud Volume
------------------------------------------------------------------------
False Applications........................ $46.1 4.5 0.004
Other Fraud............................... $976.1 95.5 0.078
Total................................. $1,013.2 100.0 0.082
------------------------------------------------------------------------

During the course of the debate on identity theft and fraud,
critics have alleged that the process known as ``prescreening'' or
``prescreened offers of credit'' somehow are major contributors to
identity theft and other types of fraud. This is not the case. In fact,
prescreening is a major underwriting tool integral to safety and
soundness and the lower cost of credit.
---------------------------------------------------------------------------
\1\ The Fair Credit Reporting Act: Efficiency & Opportunity, The
Econonic Importance of Fair Credit Reauthorization, Information Policy
Institute, June 2003, p. 60.
---------------------------------------------------------------------------
Prescreening Greatly Enhances the Ability of Credit Grantors to
Accurately Assess Risk and Avoid Losses and Lower Costs
Prescreened offers have a very low incidence of fraud, and
especially so when compared with other forms of new account generation.
At Chase, for 2002, prescreened accounts subject to identity theft
involved approximately 600 accounts measured against 17 million total
active accounts. Total fraud cases of all types for 2002 amounted to
about 75,000, including the 600 prescreening cases. Last year,
prescreening resulted in 1.6 million new accounts out of a total of 4
million new accounts, or 40 percent of all new accounts. Again, the
majority of fraud arising from prescreened accounts is committed by
someone familiar to the victim. One of our competitors, Capital One, a
large user of prescreening, recently testified before the House
Committee that they had similar experience, reporting rates of identity
theft that are ``5 to 15 times lower for credit generated through
prescreening than from credit generated through other channels (that
is, the Internet, in-store ``take ones'').''
Why do prescreened cards result in less identity theft? Prescreened
offers of credit come from a pool of consumers selected from credit
bureau files that have already undergone a substantial verification and
underwriting process. An identity thief or fraudster that is not a
family member always chooses the most anonymous method of application
such as the Internet, or an in-store ``take one'' application. Choosing
a prescreened credit card application is the most difficult route by
far for the thief. Prescreened credit card offers do not contain any
personal information other than name and address, and contain none of
the other personal information necessary to apply for credit. Identity
thieves do not find prescreened offers of credit very useful because
even if they intercept one, they have to submit a change of address,
which under Chase's system (and others that we know of ) would trigger
an alert and subsequent analysis.
The reduced risk of identity theft and other types of fraud has
benefits far beyond enhancing the personal security of our customers.
This enhancement to the underwriting process lowers the cost of capital
and hence the cost of credit and permits more credit to be extended.
Without prescreening and other techniques for accurately assessing
risk, the costs to credit grantors of raising capital in the secondary
financial markets would be increased. In order to minimize their costs
of capital, major credit card issuers and other credit grantors (for
example, auto lenders) sell a large percentage of their receivables to
secondary bond market investors. Many issuers sell up to one half of
their receivables to investors in the secondary markets. The models
used to price these securities are largely based on the assessment of
credit risk. Without the credit enhancements of prescreening (and other
national credit standards), these models would almost certainly have to
be changed to factor in additional risks of default, resulting in an
increase in costs to the issuers of these securities.
The Role of the Credit Card Industry as the Early Warning System for
Identity Theft and Fraud--Detection, Prevention, and Resolution
Industry Practices in General
The recently released report by the Information Policy Institute
contains an excellent description of industry practices in general: \2\
---------------------------------------------------------------------------
\2\ Ibid p. 60 -61.

Credit card issuers also have authentication procedures in
place at many stages of the process to limit the ability of
criminals to open fraudulent credit card accounts. The vast
majority of credit card issuers (if not all of them) review the
application, using a variety of automated tools (Appendix F)
based upon credit file data to authenticate the identity of the
applicant. In some cases, if the lender has any degree of
uncertainty about the applicant's identity, additional
documentation (such as a State-issued driver's
license or a utility bill) is requested before approval is
granted. Even after the card has been physically delivered to
the applicant, the account is not activated until the applicant
again verifies his or her identity, usually by calling from his
or her home phone.
Issuers undertake these procedures because they are generally
liable for the cost of fraudulent charges. MasterCard and Visa,
for example, have zero liability policies that significantly
limit the consumer's responsibility for fraudulent charges.
Issuers will soon legally be required to authenticate identity
when opening accounts as well. Given the cost to issuers, it is
no surprise that losses from fraudulent applications account
for significantly less than one-hundredth of 1 percent of
credit card sales volume and less than 5 percent of all credit
card fraud.
The vast majority of credit card issuers further review the
application using a variety of sophisticated automated tools.
These authentication tools check the applications for
inconsistencies, compare information from the
application to that in credit files and other national
databases, and check applications against databases on known
fraud. If inconsistencies are detected, or if the application
is identified as being high risk for fraud, the tools instruct
the issuer to decline the application or perform a thorough
manual review.
For example, if the applicant attempts to change the address
and the new address is different than in these databases, the
products indicate the possibility that the application is
fraudulent and that an identity thief is trying to open an
account and divert mail away from the victim's address to avoid
being detected. These products are very successful, identifying
the majority, from 60 to 80 percent, of fraudulent applications
before the accounts are ever opened. The success of these tools
also serves as a powerful deterrent to potential identity
thieves.

Prevention and Detection at Chase Cardmember Services
Chase uses a multilayered system of technology, manual analysis,
and consumer education and assistance to prevent, detect, and resolve
all types of fraud. In fact, we detect approximately 70 percent of all
fraud before the customer even knows it has occurred, and we continue
to improve every year. The first step in this effort is to assess the
risk at the application level. Below are some examples of high-risk
attributes for an application:

1. Discrepancies between credit bureau and application data. For
example, we compare, Social Security number, address, name, and date of
birth--discrepancies cause rerouting to our manual system.
2. Credit bureau fraud alerts and victims' statements.
3. Internal fraud file matches, which entail matches against key
personal identification data in a file that contains prior victims of
identity theft.
4. Issuer's Clearinghouse Services (ICS) alerts. The ICS is a
shared issuer database of reported identity theft victims.

Low-risk applications are automatically approved and monitored for
suspicious activity by a specialized unit. High-risk applications are subject to manual verification. This includes:

1. Address validation using a variety of databases.
2. Direct contact with the true person whose name is being used to
apply for
credit at the location verified for that person.
3. Authentication using ``out of wallet'' information such as a
person's most recent mortgage payment or similar types of information
that typically is not found in a person's wallet and that only the true
customer would know.
4. Request for documentation from the applicant in situations where
we are unable to verify the applicant's identity.

In addition to the above, we have also developed an address change
model that utilizes demographic techniques and a file of known
fraudulent addresses. Additionally, we have a security verification
methodology for special cases such as when an applicant has no home
phone number. Utilizing all of these technologies and human resources,
Chase frequently provides the first notice to the consumer of identity
theft or fraud. Below is an excerpt from a letter from one of our
customers:

I would like to take this opportunity to praise the
performance of (Chase employee) . . . Over 6 months ago, Mr. X
called me at home because he
noticed a discrepancy in a credit application that had my name
and Social Security number. He gave me valuable information
that minimized the damage to my credit and ultimately led to
the arrest of a ring of identity thieves.

Consumer Assistance and Education
At Chase, we recognize that consumers may need help once they learn
of the identity theft or fraud. Once a problem is identified, Chase
provides consumer education and assistance programs, as detailed in the
two documents in the appendices to this statement. As you can see, we
try to be as proactive as possible in dealing with consumers who are
victims of identity theft or fraud. We also actively work with law
enforcement to try and apprehend the perpetrators. We employ our own
investigators who provide a summary report to law enforcement officials.
We then file a ``Suspicious Activity Report'' (SAR) in accordance with
Federal regulations, and we provide testimony to aid in the prosecution
of specific cases.

Technological Tools To Prevent Identity Theft
In addition to the detection and prevention methodologies outlined
above, we employ three important technical tools for prevention of
identity theft. First, we use Falcon, a so-called neural network
technology, which calculates a ``fraud score'' for transactions based
on data from a consortium of creditors and customer/merchant profiles.
Based on this system, we have adopted strategies to approve, decline,
or refer a transaction for further analysis. Some of the events that
may trigger further scrutiny of a transaction or an account include new
accounts showing cash advance and jewelry type transactions or a recent
address change accompanied by a high dollar cash or mail/phone order
activity, just to name two examples.
Second, we also employ a system that we call ``link analysis'' that
utilizes known fraud information to stop subsequent occurrences. This
is composed of a caller identity database combined with addresses, home
and business phone numbers, Social Security numbers, and a variety of
other relevant information to stop identity theft before the
perpetrator can assume the identity of an innocent consumer. The third
technology that we apply is a fraud application-scoring model that
relies on patterns and other criteria to generate a fraud score for a
particular transaction. No one approach is a cure-all, but taken
together, these applications have enabled a continual improvement in
our performance.

Recommendations To Enhance Consumer Protection from
Identity Theft and Fraud
In conclusion, despite everything that Chase and others in the
industry are doing to combat these types of fraud, we have identified
some areas that would benefit from legislative changes. Please find
below an outline of technical changes to the law by category that we
feel would assist everyone concerned in the fight against these crimes.
Prevention (Applicable to Financial Institutions)

Financial institutions must establish risk-based policies and
procedures to verify customer identification information.
Such policies and procedures used to comply with the
requirements imposed under Section 326 of the USA PATRIOT Act shall
suffice for purposes of account
opening.
Such policies and procedures must include the evaluation of a
``fraud alert'' obtained in connection with a consumer report.
Such policies and procedures must include the address change
verifications, as appropriate.
To the extent not already permitted or authorized, authorize
financial institutions and associations of financial institutions
to share information with other financial institutions, or
associations of financial institutions, regarding individuals,
entities, organizations, or transactions that may involve identity
theft or possible identity theft. A financial institution or
association that transmits, receives, or shares such information
for the purposes of identifying and reporting identity theft
activities shall not be liable to any person under any law,
regulation, or agreement. Extend the same flexibility and the
protections to other businesses
affected by identity theft, such as retailers.
Require disclosure (at same time as ``initial'' TILA
disclosures) to inform consumers that the financial institution may
report information to a consumer reporting agency regarding the
consumer's behavior on the account. Disclosure must also provide
contact information to consumer reporting agencies that operate on
a nationwide basis.
Allow access to Social Security Administration database in
order to verify Social Security numbers on applications.

Prevention (Applicable to Consumer Reporting Agencies)

Nationwide consumer reporting agencies must establish a method
of recording and reporting ``fraud alert'' data.
Consumer reporting agencies may truncate an individual's
Social Security number on copies of the individual's credit report
provided to the individual so long as the Social Security number
provided by the individual to obtain the credit report matches the
Social Security number included in the credit report.

Other Prevention Related Measures

To the extent not already permitted under the FCRA, include
fraud prevention and identity theft prevention as a permissible
purpose to obtain a consumer report under the FCRA.
Ensure continued availability of consumer reports as
envisioned under the FCRA.
Prohibit display or sale of an individual's Social Security
number to the general
public. Such prohibition shall not interfere with legitimate
business-to-business or business-to-government transfers of Social
Security numbers, or public record information.
Prohibit merchants from printing more than the last four
digits and the expiration date of a credit card number on a
receipt.
Prohibit States from printing Social Security numbers on
driver's licenses and other government-issued form of
identification.

Apprehension
Have postal service hire additional postal inspectors for
purposes of identity theft and related investigations.
Increase penalties and prosecution for identity theft crimes.
Require the Department of Justice to develop a training
program for State and local law enforcement with respect to
identity theft crimes.
Require the Department of Justice to develop model
definitions, reporting forms, and affidavits for use by State and
local law enforcement in connection with identity theft
investigations.
Improve civil forfeiture provisions related to identity theft.

Mitigation
Require consumer reporting agencies to block tradelines
allegedly the result of identity theft if the consumer provides a
valid police report regarding the identity theft [or other valid
indicia of the crime] and provides appropriate identification.
Require a business to provide information to a consumer
pertaining to an alleged identity theft if consumer provides a
valid police report regarding the identity theft [or other valid
indicia of the crime] and provides appropriate identification. This
provision must be crafted to ensure it does not create additional
opportunities for identity theft, and businesses may not be held
liable for complying with this provision.

Victims Assistance
Develop a simplified standardized document, for example,
Uniform Affidavit for consumers' initiation of investigations of
claims related to identity theft.
Simplify the way consumers can contact their financial
institution to make a claim of identity theft, that is, call a toll
free number on their account statement.
Be responsive to identity theft claims in a timely fashion.
Require local law enforcement to accept the simplified
standardized form and to assist the consumer and to produce a
police report.

PREPARED STATEMENT OF JOHN M. HARRISON

Captain, U.S. Army (Retired), Rocky Hill, Connecticut
June 19, 2003

Mr. Chairman, Ranking Member Sarbanes, and Members of the
Committee, I appreciate this opportunity to appear before your
Committee to share my experiences as an identity theft victim. My name
is John Harrison. I am 42 years old, a retired Army Captain and have
resided in Rocky Hill, Connecticut, since my retirement in December
1999. Until recently, I have been working as a corrugated salesperson
since leaving the military.

Background
My introduction to the crime of identity theft began on November
5, 2001. On that day, I was contacted by a detective from Beaumont,
Texas, who was investigating a Harley-Davidson motorcycle which had
been purchased in my name and Social
Security number. He tracked me down through my credit report. From that
same credit report, the detective realized I was a victim of identity
theft and he explained to me that someone had been using my name and
Social Security number to open credit accounts and he pointed me in the
right direction.
On that very same day, I reported my identity stolen to the FTC
through their website. I also contacted all three repositories, ordered
my credit reports, initiated fraud alerts, and began contacting
creditors immediately. Once I received my credit reports, I filed a
police report with the Army's Criminal Investigation Division which
luckily had a branch near Hartford, Connecticut. Just 1 month later, on
December 12, 2001, Jerry Wayne Phillips was arrested in Burke County,
North Carolina during a traffic stop. He was riding the Harley-Davidson
motorcycle the police officer in Texas was investigating. Phillips was
indicted on Federal charges in Texas, pled guilty to one count of
identity theft, and is currently serving a 41-month sentence at a
Federal prison in Minnesota.
What I have learned since November 5, 2001 is that Phillips gained
control of my identity on July 27, 2001 when Army officials at Fort
Bragg, North Carolina issued him an active duty military identity card
in my name and Social Security number. In a taped interview, Phillips
claimed the identity was easy to get. That occurred about 1\1/2\ years
after my retirement as an Army Captain.

Damages
The military identity card combined with my once excellent credit
history allowed Phillips to go on an unhindered spending spree lasting
just 4 months. From July to December 2001, Phillips had acquired goods,
services, and cash in my name valued at over $260,000. None of the
accounts were opened in my home State of Connecticut. He opened
accounts as far south as Florida, as far north as Virginia, and as far
west as Texas. I have identified more than 60 fraudulent accounts of
all types: Credit accounts; personal and auto loans; checking and
savings accounts; and utility accounts. He purchased two trucks through
Ford Credit valued at over $85,000. A Harley-Davidson motorcycle for
$25,000. He rented a house in Virginia and purchased a time-share in
Hilton Head, South Carolina.
One of the accounts opened by Phillips was with the Army & Air
Force Exchange Service (AAFES). He also wrote bad checks in these
exchanges. I originally disputed this account in March 2002 when AAFES
attempted to garnish my military retirement pay. I was able to stop the
garnishment by providing supporting documentation to AAFES. They made a
second attempt to garnish my retirement in January 2003 for the same
debt. Unfortunately, my letter to AAFES went ignored the second time
and the garnishment began the end of January. Eventually and with the
assistance of Congressman Larson's office, the garnishment was stopped
in March 2003 and AAFES refunded the money that had been taken from my
retirement pay. I have always been somewhat distressed at the
military's involvement in the theft of my identity. They issued the
fraudulent identity card that allowed Phillips to open all these
accounts and quite obviously, someone was very negligent in their
duties. The garnishment greatly added to that distress.

FCRA Relationship
While Phillips made creditors, banks, and willing merchants the
monetary victims of this crime, it has been those same creditors and
credit reporting agencies that made me a victim. I have struggled with
the repositories, creditors, and debt collectors for 20 straight months
now and still have many accounts and debts incorrectly reported in my
name and Social Security number. My imposter has been in jail for 19 of
those 20 months and no accounts have been opened in my name since his
incarceration at the end of 2001. I have overwhelming documentation to
verify I did not open any of these accounts and I have willingly
provided those documents to all creditors I have found, as well as the
credit bureaus. I have discovered it is more cost effective for
creditors to write the debt off in the victim's name than go after the
real criminal, even after you tell them who and where the real criminal
is.
The credit bureaus hide behind the fact that they are only
reporting what creditors tell them while at the same time, victims are
repeatedly sending affidavits, police reports, and detailed dispute
letters proving the creditors are wrong. That is why it takes identity
theft victims years instead of months to recover from this crime.
From that first day in November 2001, I have been very aggressive
about restoring the damage done in my name. I have sought out the
fraudulent accounts and in most cases; I have contacted them before
they have contacted me. I have dispute all accounts directly with the
creditors following that up by disputing the accounts through the
repositories. I have encountered a great many difficulties. While two
of the repositories have done what I consider to be a fair job
assisting me and responding to my disputes, one of them, Equifax, has
failed to meet nearly all the provisions of the FCRA. It took 11 months
and three dispute letters to get a second report from Equifax. Further,
I found the report they sent to me was not the same report they were
sending to creditors. Both reports that Equifax has in their system
still contain as many as fifteen fraudulent accounts.
I also found that when I disputed accounts to any of the
repositories, whether the results of the reinvestigation come back with
deleted or verified accounts, the accounts were rarely resolved.
Creditors were either not accepting my dispute through the repositories
or the dispute was not being sent to them. In either event, the
majority of creditors continue to seek me out directly or through a
debt collector. In some instances, I have had accounts deleted from one
repository only to have it show up with another one. I have also
encountered creditors that after I have initiated contact with them to
dispute an account, sold the debt to or hired debt collectors that seek
me out at a later time. I have also had difficulties with accounts that
return months after I have successfully disputed them, like AAFES.
Finally, there have also been accounts that I have contacted and could
find no record of a debt in my name and then months later their debt
collectors are calling my home or showing up on my credit reports. It
has been and continues to be a nightmare.
I have accounted for over 100 bad checks drafted from four
different fraudulent checking accounts. Phillips wrote bad checks in
eight different States and they account for nearly $60,000 of the total
debt. Unfortunately, the checking accounts have created significantly
more complications for me than the credit accounts. While creditors
have just three reporting agencies to choose from, banks and vendors
that accept checks have a multitude of reporting agencies.
Additionally, the majority of those reporting agencies, which maintain
both positive and negative information on consumers, do not provide
consumer reports nor are there systems in place to dispute negative
information. I have spent a great deal of time trying to understand the
checking situation to learn how to properly dispute each bad check that
was written. My conclusion is, there is no system in place to assist an
identity theft victim when banking accounts are opened in your name and
Social Security number, but are completely removed and unrelated to
your own banking accounts. This industry is well behind the progress
that has been made in the credit industry.

Personal Impact
There is still a misconception by some that creditors, merchants,
banks, and others that sustain monetary losses are the only victims of
identity theft. So often when speaking to someone about my situation,
the comment is made, ``At least you are not responsible to pay these
fraudulent debts.'' Somehow, that makes my situation seem less tenuous.
I have invested over 1,100 hours of my time defending myself and
working to restore my credit and banking histories. I have filled eight
notebooks with over 1,500 pages of documentation. I can account for
about $1,500 in out of pocket expenses directly related to my identity
theft. Higher interest rates have cost me over $4,000. I have been
unknowingly sued by at least one of the creditors. I have had my
military retirement garnished. I am not creditworthy enough to open any
new accounts and bad checks reported in my name prevent me from opening
any deposit accounts with banks.
It was also during January 2003, that my own creditors began
taking adverse actions against me as a result of the negative information contained in my credit reports. I lost $25,000 in available credit as my creditors closed accounts with zero balances or lowered my credit limit to
existing balances. I had been with some of those creditors over 10
years, but my history of always paying on time did not influence their
decisions.

Emotional Impact
I have always considered myself to be a very strong individual.
During the 20 years that I spent in the military, I was often singled
out as someone that worked extremely well under stress. The length of
time it takes to resolve a stolen identity, the frustration in dealing
with companies that do not understand the crime or its impact and do
not take the correct actions, repeatedly having to clear up the same
accounts, the constant phone calls and letters from debt collectors is
enough to cause anyone emotional distress.
In September 2002, 11 months into my struggle, I began to have
difficulties with anxiety and insomnia and my physician prescribed a
mild antidepressant. In January 2003, the problems with my identity
were causing serious distractions for my work as a salesperson. I spoke
with my supervisor about the problems and began weekly therapy in
February 2003 through our Employee Assistance Program. I was diagnosed
with Post Traumatic Stress Disorder. As the doctor put it, my fight or
flight instincts were stuck on ``fight.'' Those problems eventually led
to my termination at the end of April 2003. I was given no notice of
the termination nor was there a severance offered. I simply had the rug
pulled from underneath me. At present, I find myself unemployed for the
first time since I was 14 years old, being treated for what now has
become depression, in the worst job market in 9 years, and stilling
dealing with the same situation that got me here in the first place.
Sadly, even as I look back over the last 20 months and retrace my
steps, I cannot identify a single thing I could have done differently
that may have prevented the situation I am currently in.

Recommendations
I have two suggestions that I feel would greatly impact the number
of identity theft victims.
First, I believe that we need to focus on those sections of the
consumer reports titled Personal Identification Information. Currently,
if I need to order a copy of my report, I have to accurately provide my
name, Social Security number, address, date of birth, and sometimes
several account numbers from my credit report. If I do not provide the
correct information; I am not allowed to have my credit report.
Creditors, however, are not held to this same standard. Merely by
providing a Social Security number, they can access the consumer's credit score and/or credit report. Additionally, it is the creditors that control what is reported in the personal information section; not the consumer. I found seventeen different addresses on my various credit reports that were
used by my imposter. Six different phone numbers. Even my date of birth
was changed on my credit reports as a result of information provided by
the creditors that allowed these fraudulent accounts to be opened. I
believe the consumer is the best source for personal and identifying
information; not creditors. We should identify essential elements of
personal information such as name, Social Security number, current
address, phone number, sex, current employer, and date of birth. A
creditor making an inquiry in regards to an application should have to
correctly provide key and essential identifying information in order to
complete the inquiry; not just a Social Security number. If incorrect
data is provided, the creditor should be returned a message from the
credit bureau that the customer cannot be identified and the inquiry
cannot be completed. Had this system been in place when my identity was
stolen, not a single account could have been opened in my name.
Second, I believe a system should be put in place to annually
evaluate the credit bureaus. While I am not expert enough on the credit
bureaus to identify all criteria for such an evaluation, I am certain
that credit report accuracy should be one of them. I do not want to
make unfounded accusations, but it is my belief through common sense
that credit bureaus do not lose money as a result of identity theft,
they make money. Over a hundred inquiries have been made to my credit
reports as a result of fraudulent accounts. These are inquiries the
repositories are paid for that would not otherwise have been made.
Additionally, with the public becoming more informed about the
seriousness and growth of identity theft, I am certain that sales of
credit monitoring systems are doing quite well also. Monetarily
speaking, there is not much incentive for the repositories to be
aggressive about preventing identity theft or correcting inaccurate
reports resulting from identity theft. An evaluation system would
provide that incentive. Accurate reports are as important to the
creditors that use them as they are to the consumers they belong to. A
repository that was not doing an adequate job would be penalized
through fair competition and my feeling is those penalties would invoke
positive changes in order to stay competitive.
The burden of prevention and correction has been placed squarely on
the consumers' shoulders and yet we have very little control over
either. We cannot prevent our identities from being bought and sold
both legally and illegally by the thousands. We cannot prevent the
sales manager who is excited by a high FICO score from opening an
account in our name without verifying the identity. Once the mistakes
have been made and the fraudulent accounts opened, the consumer victim
is caught between the credit bureaus and creditors. It is a life
changing experience.
Again, I want to thank you for your time and this opportunity to
share my story with your Committee. I hope in some way by sharing my
experiences here today, we can bring about the needed changes in
combating the crime of identity theft.

----------

PREPARED STATEMENT OF STUART K. PRATT

President and Chief Executive Officer
Consumer Data Industry Association
June 19, 2003

Chairman Shelby, Senator Sarbanes, and Members of the Committee,
thank you for this opportunity to appear before the Committee on
Banking, Housing, and Urban Affairs. For the record, I am Stuart Pratt,
President and CEO for the Consumer Data Industry Association.
CDIA, as we are commonly known, is an international trade
association repre-
senting approximately 500 consumer information companies that are the
Nation's leading institutions in credit and mortgage reporting
services, fraud prevention and risk management technologies, tenant and
employment screening services, check fraud prevention and verification
products, and collection services.
We commend you for holding this hearing on the crime of identity
fraud and its relationship to the Fair Credit Reporting Act (15 U.S.C.
Sec. 1681 et seq.). Identity fraud is an equal-opportunity crime that
can affect any of us. This crime is a particularly invasive form of
fraud where consumers, consumer reporting agencies, and creditors must
untangle the snarl of fraudulent accounts and information resulting
from a criminal's actions. The task can be frustrating, and, in severe
cases, time-consuming for all concerned.
The Committee has asked us to comment on the crime itself and on
its relationship to the FCRA. In this regard, let me focus on three
points:

The FCRA provides the essential framework of duties for
consumer reporting agencies and data furnishers and key rights of
which all consumers can avail themselves, including victims of
identity theft.
CDIA members have been at the forefront of efforts to
understand the nature of this crime for years and they have
established victim assistance procedures, which go beyond the
requirements of any law.
Consumer education is a mainstay of any successful campaign to
reduce the incidence of identity fraud. Though preliminary, some
data indicate that industry and governmental efforts to reach
consumers is working.

The FCRA as an Essential Framework of Duties and Rights
Amended materially in 1996, the FCRA now has a well-balanced set of
rights and protections for consumers. In particular, the 1996
Amendments focused on reinvestigations and service to consumers. For
example, the amendments included codification of time frames for the
completion of a consumer's dispute, which apply to both data furnishers
and to consumer reporting agencies. The law now ``defaults'' in favor
of the consumer where a furnisher of information is unable to respond
to a dispute by requiring the consumer reporting agency to delete the
disputed information at the close of the 30-day reinvestigation period.
Following is a summary of many key provisions of the FCRA that benefit
consumers and victims of identity theft.

Can anyone see a consumer's report?
No. Consumer reports may be provided and used for only the
following permissible purposes: Credit transactions involving the
extension of credit or collection of an existing account; account
reviews (for safety and soundness); employment purposes; insurance
underwriting; license eligibility; child support and limited judicial
inquiries. Users of consumer reports are required to identify
themselves, certify the purposes for which the report is sought, and
certify that it will be used for no other purposes. Criminal sanctions
result from fraud and misuse.
Consumers can opt out of prescreened offers of credit with just a
toll-free call. The FCRA codified the practice of direct mail offers of
credit and insurance in the 1996 Amendments. However, recognizing
consumers' privacy interests, the Act provides consumers a single toll-
free number for all nationwide credit reporting systems to opt out of
all prescreened offers of credit or insurance for either 2 years or
permanently (888-5opt-out or 888-567-8688).

How is data accuracy ensured?
Credit reporting agencies are subject to liability unless they
follow reasonable procedures to assure the maximum possible accuracy of
the information regarding the consumer. Also, competitive marketplace
forces among the consumer reporting agencies provide a strong
institutional incentive to maximize accuracy.

Consumers always have a right to their file.
At any time, a consumer may obtain a copy of his or her entire
credit file from an agency. The report must be provided at a low cost
capped by the FCRA (at time of enactment, $8.00, currently, based upon
CPI indexing, $9.00). The agency must include in such a disclosure a
summary of the extensive consumer's rights under the FCRA. Consumers
also always have a right to be notified of all persons who have
requested a copy of their files. Note that consumers who are victims of
fraud and suspect that fraudulent data is on their file are entitled to
a free disclosure.

What happens when a user of a report takes an adverse action based on
the report?
If any adverse action is taken with respect to a consumer based
upon a consumer report (for example, a denial of credit or employment),
the person taking the action must notify the consumer and identify the
name, address and toll-free telephone number of the agency that issued
the report. If there is an adverse action, the consumer is entitled,
upon request, to a free consumer report from the agency that issued the
report.

What happens when a consumer feels information in a report is
inaccurate?
Any time a consumer disputes the accuracy of any information
contained in the agency's file, the agency must within 30 days either
reinvestigate the information free of charge and note the dispute in
the file or delete the information from the file. The agency must give
the consumer notice of the results of the investigation within 5 days
of its conclusion. If the agency finds that the information is either
inaccurate or not verifiable after the reinvestigation, it must delete
the information from the file.

Who has enforcement authority over the FCRA?
The provisions of the FCRA are enforced vigorously by the Federal
Trade Commission, Federal banking regulators and the State attorneys
general. Additionally, consumers have private rights of action against
users, data furnishers, and consumer reporting agencies for
noncompliance with the Act (see below).

Consumers have private rights of action against users, data furnishers,
and consumer reporting agencies.
A consumer has a right to sue users, furnishers, and reporting
agencies under the FCRA for noncompliance with the Act if
reinvestigation procedures are violated. While a plaintiff can recover
actual damages (including noneconomic damages), as well as attorneys'
fees, he or she need not prove actual damages because the FCRA provides
for liquidated damages in cases where there has been a violation.

CDIA Voluntary Victim Assistance Programs
While the FCRA provides a robust framework of protections for all
consumers, including victims of identity theft, our members have long
recognized that the crime presented unique problems for victims and to
this end we have been actively pursuing progressive voluntary
initiatives to ensure that victims of identity theft can recover from
the crime and get on with their lives. Attached to this testimony is an
appendix, which provides a short timeline of our efforts and which also
includes the news release discussing our most recent initiative
announced this past April 2003. Following is a discussion of some of
our efforts:
In March 2000, the CDIA issued a news release (included with this
testimony), which outlined the credit reporting industry's six-point
victim assistance program. Ours was the first industry to step forward
and not merely educate its members about the problems consumers
experienced, but to seek specific changes in business practices. These
identity fraud victim assistance initiatives were the culmination of
internal reviews of current processes by senior fraud personnel,
interviews with law enforcement, victims, and privacy advocates, and
input from our Association's outside counsel on this effort, former
Vermont Attorney General, Jerome M. Diamond. The industry's voluntary
initiative became effective on January 1, 2001, and while our attached
news release outlines all six initiatives, let me highlight a few for
the Committee.

Standardizing Security Alerts
Prior to the CDIA's initiative, the three credit reporting systems
were already voluntarily administering a system of security alerts,
which are text messages (often accompanied by a code) included in a
consumer's credit report these alerts notify lenders and other users of
the report of the fact that a consumer has contacted the credit
reporting system and believes that he or she is a victim of identity
fraud. The alerts contain, at the consumer's request, one or two
telephone numbers for the lender to use in contacting the consumer to
verify that he or she is truly seeking a new line of credit or other
service.
The CDIA's initiative sought to improve the effectiveness of these
alerts in two important ways:

The text of the security alerts is now standardized with the
goal of ensuring that the consumer's request is honored regardless
of which credit reporting system is used by a lender;
The text message is now preceded by an alphanumeric code that
ensures that even in a computer-to-computer transmission, the fact
that a security alert is part of a consumer's file is easily
identified by the lender's system.

The security alert is transferred with any consumer credit report,
whether it is a highly codified version, merely summarized or otherwise
formatted for a particular lender's system.
Standardizing the First Three Steps
In our interviews with consumer victims, we learned that
consistency of experience is important. When consumers learn that they
are victims of identity fraud, they are often advised to order a copy
of their file disclosure (that is, credit report) from each of the
three nationwide credit reporting systems. Under the CDIA initiative,
when consumers call any one of the automated systems to order their
file disclosures, they can now have confidence that the same three key
steps will be taken:

A security alert will be added to the consumer's file ensuring
that if a criminal is still active, subsequent lenders will know
that the consumer may be a victim of identity fraud.
The consumer's file will be opted out of any direct-mail
offers of credit or insurance, thus ensuring that only where the
consumer initiates a transaction will the consumer's file be
accessed.
The consumer's file will be placed in the mail within three
business days of the consumer's request.

Following Up
Consumer victims expressed frustration with the difficulty of
knowing whether or not the crime was ``over.'' In an effort to help
consumer victims stay actively involved with our members when identity
fraud has occurred, CDIA's credit reporting members altered their
practices. Specifically, after a consumer's file has been corrected and
the fraudulent data has been removed through a traditional
reinvestigation process, our members will then continue to send the
identity fraud victim additional copies of his or her file for the next
90 days. With each file, the consumer will have a toll-free number,
which provides access to live personnel and, thus, if the consumer
spots additional problems with the file, he or she can contact our
members quickly and have the problem resolved. This 90-day service
extends beyond the requirements of the Fair Credit Reporting Act (15
U.S.C. Sec. 1681 et seq.) and helps mitigate the effects of this
longitudinal crime.

New Victim Assistance Procedures and Police Reports
Victims of identity fraud want to be believed when they claim that
they are victims of the crime, and they want their situation addressed
quickly. Our members looked for a safe and sound process to meet this
need and as you can see in our attached letter to the Federal Trade
Commission, our members have not only committed themselves to removing
fraudulent data upon request of a victim who has a police report, but
we have coordinated this effort with the FTC's Identity Theft
Clearinghouse. Following are the comments of J. Howard Beales, III,
Director of the FTC's Bureau of Consumer Protection, regarding our
members' program.

Another collaborative effort with tremendous promise is your
new police report initiative. Through this program, the three
agencies have agreed to block any credit line when they
receive, from the consumer, a copy of the police report
documenting the identity theft. And, last year the IACP passed
a resolution encouraging local law enforcement to issue police
reports to identity theft victims.\1\ We are doing our part
too, developing a training video with IACP to encourage the
police to issue the reports. I appreciate that certain
consumer-based initiatives require you to balance accuracy
issues--knowing that the consumer's report contains all
relevant credit information, including derogatory reports--
against customer service. From my perspective, your police
report initiative strikes just the right balance. You have an
assurance of the consumer's good faith, evidenced through the
official police report, and the consumer will be untouched by
the false negative information. I encourage the ACB and its
members to continue developing programs and systems that ease
the burden on identity theft victims.'' \2\
---------------------------------------------------------------------------
\1\ International Association of Chiefs of Police, Curbing Identity
Theft, (November 15, 2000) available at www.theiacp.org.
\2\ Excerpts from a speech delivered to the members of the Consumer
Data Industry Association by FTC Director Beales on January 17, 2002.

Acceptance of the FTC Fraud Affidavit
The FTC undertook a complex and laudable task of trying to simplify
an identity fraud victim's paperwork burden by creating a single
affidavit for multiple uses. A number of our members participated in
the work group discussions which led to the creation of this new form
and all of the CDIA's nationwide credit reporting system members accept
this affidavit.

A Single Call Reaches All Nationwide Consumer Reporting Agencies
Included with this testimony is our news release wherein we discuss
a very new initiative that should help victims by reducing the number
of phone calls they have to make. As of April of this year, consumers
can make a call to any of the nationwide consumer reporting agencies
and in doing so, their information will be transferred to all
nationwide agencies, each of which will add a security alert to the
victim's file, opt them out of prescreened offers of credit or
insurance and issue a file disclosure. This is truly a progressive step
that makes it easier for a victim to notify our members that they have
been a victim of identity fraud.

CDIA and Consumer Education
Any time a crime is identified, we all want to find the one
``silver bullet'' which will stop it in its tracks. In reality, layers
of efforts and, in some cases, years of work are necessary to truly
reduce the incidents of a particular type of crime. In our visits with
law enforcement and with consumer groups, it was evident to the members
of the CDIA that procedural changes are important, but that consumer
education, focused on prevention and post-victim assistance, was
essential.

A Commitment to Call for Action
The CDIA committed financial resources and technical expertise to
support the efforts of Call for Action, a consumer educational
organization, which is reaching out aggressively to consumers and
identity fraud victims. Enclosed with this testimony is a practical,
easily understood brochure * developed by Call for Action with the
assistance of the CDIA. The brochure has been distributed to:
---------------------------------------------------------------------------
* Held in Senate Banking Committee files.

National and State law enforcement agencies;
States attorneys general and consumer protection offices;
Military barracks and educational institutions;
Call for Action regional affiliate offices; and
CDIA members.

Call for Action reports that more than 200,000 identity fraud
brochures have been distributed and another 100,000 are going to print.
Further, the information in the brochure is also available on their
website and Call for Action reports that they have had more than
125,000 visitors view their identity fraud information. The brochure,
produced by Call for Action, is available at www.callforaction.org.
Call for Action's efforts also include production of a video news
release (VNR). Their VNR reached 6.7 million viewers nationwide. The
VNR included interviews with the FTC and, again, highlighted a message
of steps for prevention and for post-victim assistance.

Making sure victims understand their rights
In addition to the many voluntary steps members of the CDIA have
taken on behalf of consumer victims, our members must also comply with
specific duties under the Fair Credit Reporting Act (15 U.S.C. Sec.
1681 et seq.). As important as it is for our members to comply with the
law, it is equally important that victims of identity fraud are fully
aware of their rights. To help accomplish this goal, the CDIA produced
a brochure entitled ``The Credit Reporting Dispute Resolution
Process.'' A simple flow chart, which is color coded, ensures consumers
understand what must be done with their dispute of fraudulent
information each step of the way. It has been an effective educational
tool and it won the National Association of Consumer Agency
Administrators' Print Media--Private Sector Category Award in 2000.
Each year the CDIA sends letters to State consumer protection and State
attorneys general offices offering free bulk supplies of this brochure.
Are the efforts of Government and the private sector paying off ?
There are some trends which are encouraging and which show that our
Nation is making progress on this issue. The efforts of the FTC, our
industry, and others to educate consumers about identity fraud appear
to be making headway.
First, our own members report that the majority of consumers who
contact our credit reporting members' fraud units are taking
preventative steps and are not reporting an actual crime. This is a
strong indicator that the message is getting out to the consumers to
exercise caution and quickly take the right actions to protect
themselves.
Regarding victims of the crime, the FTC's own identity fraud trend
data shows that 42 percent \3\ of the consumers who contacted the FTC
learned about the occurrence of the crime in less than a month. This
percentage is fully 10 percentage points higher than the statistic
cited in the FTC's previous report. Here too, we see that where
consumers are educated, they are learning how to spot the crime, and
take steps to limit the extent of the criminal's activity. Ultimately,
consumer education remains one of the best crime-prevention efforts on
which we can continue to focus.
---------------------------------------------------------------------------
\3\ Federal Trade Commission Report produced by the Identity Theft
Clearinghouse entitled ``Identity Theft Complaint Data, Figures and
Trends on Identity Theft,'' November 1999 through June 2001, page 4.
---------------------------------------------------------------------------
Summary
In conclusion, we believe that since this crime began being debated
publicly, a great deal has changed. Our members have voluntarily
adjusted their practices to better assist victims. The educational
efforts of the private sector and the efforts of Government are making
progress with consumers, both in terms of a improving a consumer's
understanding of prevention and post-victim assistance steps that can
be taken. New laws have been enacted to define this crime and to
clarify that consumers are clear victims. This point may seem to be
less significant today. At one time 1 victims' top complaint was merely
that law enforcement did not consider them to be victims under a crime
statute. We continue to applaud the enactment of the ``Identity Theft
and Assumption Deterrence Act of 1998'' (Pub. L. 105-318) and the more
than 30 State laws which our members have actively supported.
In all of this, while procedures will help victims and reduce
application fraud, and while consumer educational efforts will
continue, we believe that it is critical is that Congress ensure that
law enforcement has the resources necessary to enforce the law.
Ultimately, identity fraud is not a consumer protection issue begging
for new laws. It is a crime prevention issue in need of large-scale,
coordinated efforts to investigate and prosecute criminals. Law
enforcement needs the financial support of Congress to get the job
done. Everyone who even considers perpetrating identity fraud, should
also know that they will be pursued, prosecuted, and incarcerated.
These criminals deserve nothing less.
Finally, we believe that the FCRA does have the basic framework of
rights that all consumers need and deserve. Time frames for the
completion of the reinvestigation of a consumer's or victim's dispute
are particularly important and this is one of the seven provisions of
the FCRA that operates as a uniform national standard. The benefit of
having a national standard is that we can design our systems for
assisting consumers and victims on a nationwide basis and we can be
much more successful in encouraging national and local lenders to use
our automated systems for dispute resolution which allow us to often
resolve disputes in less than the FCRA standard of 30 days. It would be
vastly more difficult to build a nationwide dispute resolution network
if we had competing State requirements and this would work against
servicing the needs of identity theft victims, as well. We believe that
the standard time frames for completion of reinvestigations and all of
the uniform standards found in Section 624(b) of the FCRA should be
made permanent.
Thank you for the opportunity to appear before this Committee and
to share our views. I am happy to answer any questions you may have.

PREPARED STATEMENT OF LINDA FOLEY

Executive Director, Identity Theft Resource Center
June 19, 2003

Members of the Committee, thank you for the opportunity to provide
both written and oral testimony for your Committee today and for your
interest in the topic of identity theft.
The Identity Theft Resource Center (ITRC) is passionate about
combating identity theft, empowering consumers and victims, assisting
law enforcement, reducing business loss due to this crime, and helping
victims. We are honored by your invitation and will continue to make
our opinions available upon request to your representatives over the
next few months as you grapple with this complex crime and the FCRA
sunsetting.

About ITRC
The Identity Theft Resource Center's (ITRC) mission is to research,
analyze, and distribute information about the growing crime of identity
theft. It serves as a resource and advisory center for consumers,
victims, law enforcement, legislators, businesses, media, and
governmental agencies.
In late 1999, Linda Foley founded this San Diego-based nonprofit
program after becoming a victim of identity theft. In her case, the
perpetrator was her employer. ITRC's work with thousands of victims (by
e-mail and by phone), credit granters, representatives from the CRA's,
law enforcement officers, governmental agencies, and business has
taught us much.
Jay Foley, ITRC Co-Executive Director and Co-Writer of this
testimony has spent hundreds of hours speaking with victims while
assisting in their recovery, listening as they discuss their
revictimization by ``a system that doesn't care, understand, or
listen.'' As one of the few groups that deal with a victim throughout
recovery process, we have a unique perspective on the crime. Our
information is not just moment of discovery statistics. Our information
comes at the cost of minutes, hours, days, weeks, months, and years of
a victim's life.
Through our testimony we will introduce you to some of the victims
who have helped us to understand the changes that must be made in the
areas of prevention and recovery. We hope their stories illuminate the
issues as clearly for you as they have for us. To protect their
privacy, they will be referred to as initials only.
The ITRC has worked for a number of years to make changes in laws,
policies, business practices, and trends to combat this crime. As a
result, we have composed a list of recommendations that we feel will
make a difference both in crime prevention (keeping the information
from the hands of criminals and the issuance of credit) and in victim
recovery.

Our Testimony
ITRC has been asked to address the following points:

The Crime: Who are these criminals and what is identity theft?
The Victim: What are some of the crimes we hear about?
Crime Expansion: crime trends, numbers, stats, anecdotes and
articles?
Victim Recovery: What steps must victims take?
Recommendations about areas that need change?
Provide your perspective as to the value of State involvement.
Our opinion of the FCRA battle.

Identity Theft
The Crime
There are four recognized main categories of identity theft:

In financial identity theft the imposter uses personal
identifying information, primarily the Social Security number, to
establish new credit lines in the name of the victim. This person
may apply for telephone service, credit cards, loans, buy
merchandise, or lease cars and apartments. Subcategories of this
crime include credit and checking account fraud.
Criminal identity theft occurs when a criminal gives another
person's personal identifying information in place of his or her
own to law enforcement. In relation to your Committee and focus,
this type of crime might occur in relationship to checking account
fraud. Many States do prosecute on bad checks or on opening
accounts fraudulently.

Case history: One of our recent cases involved a woman who lives in
Pittsburgh. Her imposter had several warrants in Kentucky for opening a
fraudulent checking account and writing bad checks on it. The victim
was 8 months pregnant at the time of the crime, restricted by her
doctor to bed (in Pittsburgh), and clearly incapable of committing this
crime. The bank finally cleared her but forgot to tell the DA to cancel
the warrant. She has incurred legal expenses, as well as other expenses
in clearing her name and rectifying the inaccurate records from various
databases.

Identity cloning is the third category. This imposter uses the
victim's information to establish a new life. He or she actually
lives and works as you. This crime may also involve financial and
criminal identity theft as well. Types of people who may try this
fraud include undocumented immigrants, wanted felons, people who do
not want to be tracked (that is, getting out of paying child
support or escaping from an abusive situation), and those who wish
to leave behind a poor work and financial history and ``start
over.''
Commercial identity theft is similar to financial identity
theft and cloning except the victim in this type of case is a
commercial entity. Criminals open checking and credit accounts as
that company, order product, and may even try to conduct business
as that entity. Unfortunately, this has yet to be explored topic
and good answers for these victims are few.

The Victims
Identity theft is a dual crime and no one is immune, from birth to
beyond death. Who are these victims? It could be you, unknown at this
very moment. Let us introduce you to some of our clients/victims who
have turned to us for assistance. Some of these cases are cut/paste of
e-mails we have received from victims. We present them to you so that
you can see what we work with on a daily basis.
Case 1: Child Identity Theft. Victim owes about $65,000, $4,700 in
child arrears and has 3 DUI warrants in his name. One problem. Jose is
only 6 years old now and those arrears are to himself. The perpetrator
is his father, now divorced from Jose's mother, an illegal immigrant,
and subject to deportation when found.
Case 2: Identity Theft of the Deceased. Perhaps one of the most
poignant stories we have heard (New Jersey Star Ledger reported it) is
the theft of a man's identity who died in the World Trade Center attack
on September 11, 2001. His widow was notified about 10 months after the
event to discuss her husband's recent auto accident. She went through
hours of turmoil only to discover that an illegal immigrant had created
a false driver's license and was living and working as her deceased
husband. Unfortunately, this is only one of more than several dozen
cases that we have worked on involving the deceased. In some cases, the
imposter has purchased the information, in others the perp is a family
member or even a caregiver. Some may ask what is the harm in using the
Social Security number of the deceased. Not only can this affect the
estate but the survivors still dealing with the grief of losing a loved
one. In one other case, a mother has had to fight collectors trying to
collect money from accounts opened in her daughter's name, a daughter
who died several years ago. Each new call opens up the wound again.
Case 3: Information Breach, Workplace Identity Theft. T's identity
was stolen by her doctor's receptionist. She found out when applying
for her first home loan, her dream home. Months later, after clearing
her records, spending her own time to research how her thief got her
information and used it, and seeing another family move into her home,
she was able to convince authorities to prosecute her offender. The
result--the thief is now living in a halfway house, driving the car she
bought with T's identity, and working for another doctor as a staff
member. T was finally able to buy a house almost 2 years later, at a
higher purchase cost, with a higher interest rate due to the multiple
accounts that had been opened in her name after the placement of a
fraud alert.
Case 4: Victim Recovery Issue. Victim owns her own business. For
the past 3 years, she has been in a fight with her bank. They
repeatedly open new accounts and grant access to her existing accounts,
even generating dual credit cards sending them to the imposters as well
as herself. At one point, she went to the local branch of her bank to
once again put to rights the transfer of her account information. With
multiple pieces of identification in her possession she was devastated
by the bank officers who would not acknowledge her right to discuss the
accounts in question or accept her identifying documents including
passport, driver's license, utility bills, business license, and Social
Security card. To date she still has problems with her bank and her
accounts. She is currently talking to an attorney and plans to sue the
multiple companies who continue to torment her and refuse to correct
their errors. She believes that lawsuits are her only option left.
Case 5: Financial identity Theft Turns into Criminal Case. Two
nights ago, I was arrested as part of a 4-year ongoing theft of my
identity. The arrest was over bad checks written in Lincoln, Nebraska
near where I reside.
The issue, other than the arrest and all that goes with it, is the
fact that JPM was able to open fraudulent accounts because the Nebraska
DMV had issued her a license with her picture and my information. I do
not know what documentation she provided them, but we clearly do not
have the same physical features. This should have sent up a red flag to
the DMV. As a result, JPM illegally used my identity to spend almost
$40,000, with new credit cards and with fraudulent checks.
I am doing the best I can to be compensated for the money spent on
bail, loss of work time, personal stress, which all occurred while I
was finishing my undergraduate degree and throughout my master's
degree. Needless to say, this has interfered with my performance in
school because of the time it takes to free myself as a citizen and as
a consumer. The arrest was the last straw, and I have been told that
the statute of limitations to sue the woman who stole my identity has
expired. I am looking for help.
Case 6: Social Security Number Used as Driver's License Number.
Victim had car broken into just prior to a move from Hawaii to
Delaware. A file with all identity and information was stolen in Hawaii
including her driver's license which used her Social Security number as
the identity number. Since then a fraudulent cell phone account was
setup with VoiceStream generating a bill for $10,000.00. The victim has
made some payments during the course of the account dispute due to the
bullying action of the collectors threatening to attach to possessions.
Because of that VoiceStream refuses to acknowledge the account is
fraudulent.
Case 7: Security Breach. Victim was referred to ITRC by the FBI
Victim/Witness Coordinator. The victim is a 72-year-old retired Air
Force Major. His dentist told him his identity was stolen. The dentist
had befriended a man who saw the victim's dental records. This man then
copied and used all of victim's info. The dentist found out when he saw
files out of place. This befriended man/handyman was the only person
who had access. The imposter purchased a condo, a BMW, and used the
victims HMO for medical services. The victim's HMO paid for this. Upon
arrest it was discovered that the imposter had a prior record of fraud.
The imposter is now in jail on nonrelated charges.
Case 8: Cloning. Victim lives in San Diego on disability. The
imposter is living and working in Illinois. Fraud is impacting her
disability. IRS and SSA have been contacted. Victim is fearful of
losing housing and being unable to cover living expenses due to the
lengthy time of recovering her good name and clearing the records.
Case 9: Workplace Identity Theft. The victim recently found out of
the identity theft. In 1999, a co-worker stole her credit card. The
victim went through all the necessary procedures with her credit card
company to remove the charges including filing a police report. In
January 2002, the victim applied for a loan with a small finance
company. The victim was told her Social Security number had already
been used to apply for a loan with this company. The victim retrieved
the application and found it was used back in 1999 by the same lady who
stole her credit card. The victim had never been contacted by this
company. The company's reply: We denied the application. Unfortunately
in doing so, they did not indicate that it was denial due to fraud but
due to not enough income.
I did go to the company with this, I even spoke with the Vice
President in South Carolina and she was useless. I still have not
received a copy of my credit report so I am not sure if she has not
done any real damage or not. I am sure she used my Social Security
number and I am not sure how else I can file a report if the police are
not helpful. Thank you again.
Case 10: Extreme Case. Victim's identity stolen by co-worker 10
years ago. She knows who the perp is and he has been questioned but
released by police (refusal to take action due to ``extenuating family
circumstances''). In the meantime, the victim has been unable to stop
the perp from opening credit and checking accounts, fraudulently
applying for welfare, etc. She has had to change her Social Security
number, driver's license number, and name, essentially recreating
herself in order to separate and protect her from the actions of the
perp.
Case 11: Reoccurrence. My wife was a victim of identity theft in
1999. After many letters, a police report, and an affidavit of forgery,
we thought everything was settling. We were reassured that the loan and
credit that was taken out in our name was removed from our reports and
that our credit restored. We asked several times for correspondence
that this was taken care of but no one returned a letter. As time
passed and we received no bills, we forgot about it. That is until we
received an Equifax on June 2, 2002 showing it still on the report. I
tried to contact the office that I communicated with before but no one
would return my call. The date reported was after we had notified them
of the dispute. Are they in violation of the FCRA? Please advise or
direct.
Case 12: Family Identity Theft. Victim's relative used victim's
identity to clear out victim's bank accounts. This relative has
victim's Social Security number and stole checks. Victim has filed
police report and is in contact with the managers at her bank. LEA is
not investing a great deal of time on case, usually claiming that this
is a family dispute. Family identity theft is one of the most difficult
crimes we work on, in part, due to lack of police action and, in part,
due to the emotional impact of this crime. How does one turn one's own
mother in to the police? Unfortunately, we receive about 3-5 of these
types of cases each week.
Case 13: Domestic Abuse, Harassment. The victim was divorced in
1987, she now lives in Florida. The ex-husband is operating here in San
Diego. Due to the actions of her ex, the victim is having IRS, SSA
problems and is dealing with 3 accounts under her name. Unfortunately,
identity theft is the perfect tool to harass another person and to
perpetuate domestic abuse after a divorce or separation.
Case 14: Stolen Wallet. I live in Texas. On June 2, 2002, my wallet
was stolen in New York City. On June 6, 2002, a woman began using my
identity from the wallet including driver's license, Social Security
number from a medical insurance card, place of employment, and stolen
cards to establish instant credit at 9 different stores in 3 different
States. I have placed a credit alert fraud with the three credit
reporting agencies but there has already been theft totaling in excess
of $16,000. I am now having difficulty getting anyone to follow through
with a report and also changing my drivers license number. Because the
theft occurred out of my home State, I have to follow up on the phone
and not getting much response or help.
Case 15: Military Spouse. I have had the frustrating and
humiliating experience of somebody taking my maiden name and Social
Security number in order to open numerous fraudulent utility accounts
leaving my credit reports a mess. I am also a military wife who is
required to show my Social Security number on my identity card, which
is used for everything.
Case 16: Enable Credit Granting Behavior. I was a victim of credit
fraud/identity theft beginning in November 2001, and continuing until
approximately April 2002. All of the many fraudulent credit
applications using my name and identifying information were done in the
Los Angeles area. Somehow, my personal identifying information (Social
Security number, name, birth date, etc.) were obtained and used to
apply for instant store credit at Radio Shack, Gateway Computers, and
approximately a dozen other merchants. Additionally, my personal credit
card was ``taken over'' by these criminals. By calling Visa and posing
as me, they changed my billing address, and claimed that they had lost
the credit card. They then received my new Visa card in the mail at the
fraudulent address. They applied for many credit cards under my name
and were even successful at getting a few, then charging the cards up
to the maximum very quickly.
Case 17: Mail Theft by an Acquaintance. I just found out on June
14, 2002, that I am the victim of identity theft by my housekeeper/
babysitter. Since she had access to my mail it was easy. She opened the
first account in April 2001. She has charged over $10,000 that I am
aware of and I have jewelry, etc. missing from my home. This is so
recent that I do not even know what I am up against yet, what I do know
is that this has hurt my 11-year-old daughter very badly. My daughter
sang in the housekeeper's wedding last May, I wonder now if the wedding
was all charged to me! I would be happy to talk to anyone about this. I
live in a small town of 12,000 people, right now I know 4 people,
personally, that this has happened to including the President of one of
the banks here in town. Something must be done!! She is having trouble
getting creditors off her back.
Case 18: Domestic Abuse, Insurance Fraud. My ex-husband and his
employer used my Social Security number to file medical claims on my
health insurance. My ex has not been covered on my insurance since
1999, and I have changed employers and insurance carriers since that
time. However, claims for February 2002 through May 2002 have been
filed on my current insurance. He has obtained the information without
my knowledge. I found out about the claims after receiving Explanation
of Benefit forms from my insurance provider. The claims have been
denied, so the insurance provider states that they are doing their job. The insurer will not file a report with the police.
Case 19: IRS Complications. I have had my identity stolen. Someone
has gotten hold of my Social Security number and, from that, cause me
to have false credit bureau claims and a warning from the IRS that I
had underreported my income. Creditors have harassed me and required me
to go to extraordinary lengths to prove that I could not have incurred
the debt in question. The IRS has required extensive documentation as
well. Right now the activity has settled down, but anytime the next
shoe could fall. Even though there is a certain person I suspect of
engaging in this identity theft, law enforcement authorities turn a
deaf ear. I really do not blame them, it is not a high-priority crime
to them. To me, it is a major theft and closely akin to rape. This
whole situation has been aided by the use of computers and the overuse
of the Social Security number. I understand that the original law
establishing the issuance of Social Security numbers stated that that
number should only be used for Social Security, but indeed, that has
not been the case.
Case 20: Victim Frustration--Complex Case. I became a victim of
identity theft in March 2001. I found out when the person who had my
Social Security number tried to open a credit card with a bank that I
already had a card with. The woman was not able to give my correct
birthday. They contacted me but they gave me a hard time saying that it
was my daughter. They suggested that I contact the credit agencies
about a fraud alert. That is when I found out that the person had many
credit cards and a cell phone and they even bought a computer from
Dell. Since I found out early, I was able to stop almost everything
before it was way out of hand. I filed a report with the Dallas police
department and talk to a detective all the time. Only to find out they
would do nothing. They had the address the cards and computer was sent
to but they would not go there. They even had another address where the
person used a credit card in my name to buy a pizza. I found a lot of
information on the Internet and started writing letters and sending
them certified return receipt. I also made a file that I have with
everything I did and all the copies. It took many months to clear
everything up and I still have the fraud alert on my report for 7
years. This is a crime that is too easy for someone to do and they get
away with it because our laws are too easy and the officers are not
trained on this type of crime. I feel I am luckier than most because I
found out early and was able to clear up the damage within a year.
While you know my story, that only tells part of the picture. What
I discovered disturbed me greatly:

Fraud alerts only help a little. Most places do not even honor
them. So, I am not sure they help very much.
After I put the fraud alert on, they still opened a few more
credit cards. All of the accounts they opened were done on the
Internet.
I found that the credit card companies did not care much, they
just closed the accounts. But before they will close the accounts,
you have to prove to them it was not you who opened the account.
They also made you wait on the phone a long time and you are
transferred to many people before you found one that could help
you. Most of the people I talked with acted like they were not
educated enough on the subject.
They treat you like it was your fault and most of them need
more training on this issue.
The police are no help at all.
The credit agencies take forever to remove the fraud accounts
from your file.
The victim spends hundreds of hours writing letters and making
phone calls trying to remove the damage that the thief caused while
they were free to go to the next victim.
Laws should help the victims, but you are alone when it comes
to identify theft.

Victim Impact: The Good, The Bad, and The Ugly
While the victims are not usually held liable for the bills
accumulated by the imposters, many do suffer significant financial and
emotional harm from this crime. According to studies done by the
Privacy Rights Clearinghouse (PRC)/CALPIRG in 2000 and Federal Trade
Commission (FTC), the average victim spends about 175 hours and $1,100
in out-of-pocket expenses. These expenses include notarizing, postage,
telephone, travel, photocopying, costs involved in getting police
reports and fingerprints, and resource materials. ITRC is in the
process of completing an updated study. We believe that the numbers
will be significantly higher due to the complexity of the crimes
committed.
In many situations this does not cover time lost from work, loss in
productivity while working or loss of personal or vacation time. Some
victims never truly regain their financial health and find credit
issuers and even employers are reluctant to deal with someone with
``baggage.''
To have someone use your good name, a reputation in which you have
invested much time, energy, and money, is a deeply felt violation--
financially, emotionally, and on that has the power to affect your
decisions, relationships, and financial/criminal history from that
point forward in your life.
The emotional impact of identity theft can be extremely traumatic
and prolonged due to the extensive amount of time it can take to clear
one's name. Some victims can be dealing with the crime for 3-7 years
after the moment of discovery.
Victims face many challenges in cleaning up the mess left by the
thief. In the best case scenario:

Law enforcement takes a report and provides a copy to the
victim.
The victim discovers the case early enough to prevent it from
being sold to a collection agency.
The initial contact with the creditor is not misleading nor
ignored.
The creditor freezes the account based on telephone contact
and closes it completely when presented with a police report
identifying the account as fraudulent.
The victim is provided with information that when provided to
law enforcement makes the case and supports the arrest and
prosecution of the thief.
The victim is given a letter of clearance and the entries and
inquiries are removed from the credit report.
The creditor works with the victim and the police to complete
the case.

In the bad version, the victim:

Victim fights with police to get a report taken.
Has to deal with the creditor and one or more collection
agencies.
The creditor's staff is unhelpful. They provide inaccurate
information.
Creditors refuse to make account and transaction information
available to the victim claiming privacy concerns of the
accountholder/criminal. The victim is burdened with proving
innocence without the benefit of knowing where the charges were
made, how the account was opened, dates of purchases, etc.
Too often victims are told to have the police request this
information but when requests are made by law enforcement they are
denied access as well without a stack of paperwork at best.
They make statements to the victim that the account is cleared
up but do not take the actions necessary to close or clear the
account.
Accounts are resold after the victim has provided proof of the
fraudulent nature of the account.
Victims are told that they are still responsible for the
account when a family member did it fraudulently.
Accounts are not removed from the credit report by the
creditor when proven to be fraudulent.
Victim is mislead to believe that the CRA will respond to
their requests to have information removed or corrected on the
credit report. The CRA passes the fact that a dispute over the
validity of an account exists to the creditor but does not present
any of the evidence submitted by the victim.

In the ugly version, the victim:

Faces all of the problems from the bad version plus.
The victim is sued by the creditor without the victim's
knowledge and a judgment rendered against the accountholder--the
victim. (The imposter is served.)
The victim is arrested for the crimes of the thief.
Property is seized by court order leaving the victim to
attempt to have the court reverse the order.
Homeless people and minors face many unique problems getting
copies of their credit reports.
Despite all efforts, the victim is unable to stop the thief
from using his/her Social Security number, name and other
information. In these cases the ultimate solution is to change
one's identifying information--name, Social Security number,
driver's license number, etc. The problem: This solution creates
more problems then it solves. You are now a person without a
credit, work, college, or life history. You are nothing more than a
blank slate.

Identity Theft's Negative Economic Ripple Effect
In terms of economic impact, a recent Florida Grand Jury report
stated: ``The average loss to the financial industry is approximately
$17,000 per compromised identity. For criminals, identity theft is an
attractive crime. An identity thief can net $17,000 per victim, and
they can easily exploit numerous victims at one time, with relatively
little risk of harm. By comparison, the average bank robbery nets
$3,500 and the criminal faces greater risk of personal harm and
exposure to a more serious prison sanction if convicted.'' (reprinted
at www.idtheftcenter.org under Speeches.)
The Privacy Rights Clearinghouse 2000 Report found the average
economic loss per victim to be $18,000, ranging from $250 to in excess
of $200,000 (footnote 1). While the FTC study, so far, shows a
different number, their numbers are based primarily on moment of
discovery. In identity theft, it sometimes takes months before the
total damage can be assessed.
Using the number of $17,000 per victim and the estimate of 700,000
victims, the economic loss could total $11.9 billion to merchants,
credit issuers, and the financial industry in 1 year alone.
ITRC would like to further add that that $11.9 billion loss is just
the beginning. You also have to add the cost of law enforcement and
criminal justice time, costs to victims (including expensive attorney
time) and secondary economic losses to merchants when merchandise
``bought'' by imposters is resold resulting in a lessening of customer
trade. Finally, there is the cost of investigating and prosecuting
secondary illegal activities (drug trafficking, etc.) funded with the
money made by imposters or information brokers who sell the documents
used by some imposters and those wishing to identity clone.

Identity Theft Trends
There are clear indications that identity theft is not only a crime
that is committed by your garden-variety type of thief but is also used
by organized crime groups. ITRC's new study will help to show the
complexity of the crimes that are committed, the impact financially and
emotionally and to help us track this crime even more effectively.
Dumpster diving: Digging through trash is not glamorous but can be
very profitable especially when that dumpster sits behind a mortgage
broker, dentist's office, rental office, insurance company, or even a
market or governmental agency. The papers there are a wealth of
information including account number, Social Security number, names,
unlisted phone numbers, and even mother's maiden name. The value of
these dumpsters is that the thief doesn't leave with one document but
with dozens at a time.
Scams: Creative writing teachers would be proud with the types of
both telephone and Internet scripts that have been written to separate
you from your information. Some, including that apparently come from
governmental agencies or from credit providers even seem to fool
experts. ITRC receives at least a dozen requests each week from people
asking us to verify a ``legitimate'' looking scam. One DMV Director
even forwarded an urban legend to us that contained only partially
correct information. He received it ``from a reliable source.''
Mail theft: In a recent conversation with a postal inspector in
California, we were told that a good portion of identity theft cases
involves the post office. Not only is it a way to move information,
receive ``stolen'' good and cards but also the mail is a rich source of
sensitive information. Preapproved credit offers are but one of the
problem areas. Convenience checks (that come with credit statements--
ready to use by anyone), any bank/credit/financial statement with an
entire account number imprinted on the bill, health benefit statement,
payroll stubs and statements, literally hundreds of sheets that make
their way to your home could be intercepted and used for identity
theft. And the problem is that the post office is not the only location
to steal this mail. It could be intercepted in a variety of locations--
print shop, mail room (either outgoing or incoming if returned to
sender), postal office and then finally your own either locked or
unlocked mailbox. Your own roommate, friend, caregiver, or family
member could look at the mail, steal it, or just use the information.
Checking account takeover: Checking account takeover is a heinous
crime in that it can be accomplished in many ways. Your account can be
accessed electronically, checks that you issue can be reused, and
checks can be computer generated using your information on the top but
a different bank routing and account number on the bottom. To date, the
financial community and consumer groups have yet to find a good
solution to this issue.
Identity theft and other illegal activities: The reality is that
identity theft is a way to make a lot of money quickly. This
automatically draws the attention of narcotic dealers, manufacturers
and junkies, gamblers, alcoholics, those who compulsively spend money
and those who sell information (like selling drugs) to make large
quantities of money to live the lifestyle they wish to enjoy.
Gang behavior, information trafficking and identity theft: Several
law enforcement groups have now shared that their large cities have
given rise to organized identity theft rings. These groups control the
information selling, teach others how to commit identity theft, and
find the ``targets'' that will become their mules or information
gatherers. They may have a division that helps to sell ``stolen''
merchandise or to traffic merchandise on the black market.
These groups are also setting themselves up as businesses, allowing
them access to information from groups like the CRA's and datahouses
like ChoicePoint. They are finding ways to target groups of people
based on a variety of fields--address, economic status, last name,
ethnicity--so that they can customize the information for sale.
Level of sophistication: Just when we think we have heard the very
worst-case scenario, another person contacts our office with an even
more difficult case. Gangs are working smart and even teach each other
about our law enforcement and business weak links. There is a reason
that some companies are regularly hit and others are rarely hit.
Instead of opening 5 new credit cards, they open 30. In fact, skimmers
may be found with more than 10,000 ``new'' credit cards ready to sell
or use. These criminals have become bold and brazen. Why?--why not,
especially when so few are caught and the crime is so profitable?
Three other areas of concern:

1. Non-English Language Victims: Identity theft is an equal
opportunity crime. It can strike anyone with a Social Security number.
According to the latest census, in California one-third of our
population is non-English speaking. However, even the simpliest task of
ordering your credit report is difficult. In both of the CRA's that use
automated systems, neither provide an option for even Spanish. Should
the victim have another person call in for their report on their behalf
(trusting their Social Security number to yet another stranger/friend),
the information sheets which include consumer rights, how to understand
the report or what to do, come in one language only--English. These
same victims face similar situations in contacting credit issuers and
collection agencies. ITRC has worked with some of these victims--in
part through a translator and partly in the victim's native tongue. The
frustration level is high and their dissatisfaction with the system
even higher. Some have given up and just paid the bills, fearful of the
consequences and not understanding their rights.

2. Deployed Active Duty Military: It is difficult enough to clear
up a problem of identity theft if you have the time and ability to do
so. But you cannot deal with a case in a timely manner while deployed--
either into a battle zone or in an overseas duty station. At this time
we are working with about 20 military personnel.
ITRC has proposed a plan for a Military Victim Support Program to
several legislators, asking the Department of Defense to consider
creating a trained body of JAG aides/victim liaison officers who will
work with these members, almost as a one-stop shop. This program will
save money, help to highlight security issues, and assist deployed
military members as they serve our country, sometimes at great physical
risk. ITRC will make that plan available to any Committee Member who
will help us to move this program forward.

3. Identity Theft and Dominance/Domestic Abuse: Identity theft is
the perfect tool to dominate, abuse, and harass another individual.
More and more we are seeing cases like this.
Recommendations for Laws
It is our goal in the next section to illuminate problems reported
by victims and law enforcement and to provide recommendations for
consideration. ITRC has always been known as a problem-solver and not a
finger-pointer.
The Finding section of each recommendation is based on ITRC's
research, studies widely available, and input by victims, law
enforcement, and businesses. For text recommendations, please contact
the ITRC national office. A * denotes areas of highest priority.
A final comment. Many of these ideas are common sense, and ITRC
hopes that the involved entities voluntarily absorb these concepts as
standard practices. Legislative solutions should be a last resort. In
fact, voluntary acceptance can be used to an advantage as illustrated
in the following anecdote:
Three weeks ago we bought our cell phones from Cingular. Both of us
have fraud alerts on our reports. We explained to the salesperson at
Best Buy that he might encounter a delay. He never had heard of fraud
alerts through he specializes in one of the items that thieves are more
likely to buy. Indeed, Cingular did notice the fraud alert, my husband
went home to answer the telephone call to approve the transaction, and
with no more than a 15-minute delay we had our phones. Cingular
voluntarily did the right thing and has a loyal customer due to that.

1. Police Reports
Finding: One of the biggest victim complaints is that law
enforcement refuses to take a crime report in identity theft cases.
``You are not the victim, the business is.'' A secondary problem is
jurisdiction, since many of these crimes cross lines both
geographically and by agency. The victim's mail may have been stolen in
Houston, but credit purchases are being made in Virginia and in
Oklahoma. Who handles this case? The Post Office fraud investigation
team, the Houston police, or the sheriff in Virginia?
The other problem facing victims is that without a police report,
credit issuers simply do not believe you. Bank fraud investigators have
stated at legislative hearings and at conferences that a main
determining factor in separating victims from those avoiding paying a
bill is a crime report. The belief is that a ``deadbeat'' will not file
a false police report and take the chance that they will be arrested
for that action.
Recommendation: Legislation declaring a person who has learned or
reasonably suspects that another has unlawfully used his or her
personal identifying information may initiate a law enforcement
investigation in his or her own local jurisdiction and shall receive a
copy of said report. For recommended text, see California P.C. 530.6
(www.leginfo.ca.gov).

2. Victim Access to Records on Accounts Opened in His/Her Name
Finding: The burden of proving one's innocence lies on the
shoulders of the victim. In a sense, you must prove a negative--that
you did not open the account or make the purchases. This requires
knowing the application and transaction information. If purchases were
made in person in New York and you were working in Houston that day,
you have a chance at being taken seriously. In some cases, victims
recognize the handwriting on an application or know who made the
purchase because they personally know the perpetrator.
Recommendation: Legislation that allows the victim of identity
theft and the investigating law enforcement agency to receive
application and transaction information on fraudulent accounts opened
in his or her name. Language recommendations: California P.C. 530.8 or
S. 1742 (Federal bill--author Senator Cantwell).

3. Declaration of Innocence--Criminal Identity Theft
Finding: Cases of criminal identity theft are especially difficult
because even after proving you were not the person who committed the
crime (or got the tickets), your name remains the ``alias'' on record.
Every time a police officer stops you, when a potential employer does a
criminal background check or you go out of the country on vacation, you
wonder if you will be accused of the imposter's crime yet again.
Recommendation: Legislation and/or policies to allow a person to
petition the court for a ``factual declaration of innocence.'' We
recommend that the victim not only be issued an official record of that
declaration, but also for the State to establish a database that would
keep these records. If the person loses the paper (most carry copies
for life), this database would contain the order and a copy of the true
person's fingerprint(s) for comparison in the case of another instance
of mistaken identity.

4. Statute of Limitations for Lawsuits Involving Identity Theft
Finding: Identity theft is an unusual crime. Most victims of other
types of crime are involved from the moment the crime began. If your
car is stolen, your house is robbed, or you are mugged and your purse
taken, you know about the crime almost immediately. This is not true in
identity theft. In three studies (FTC, Florida Grand Jury, Privacy
Rights Clearinghouse), the average victim did not find out until 12-16
months after the crime first began. By Federal law, the clock starts
when the crime began, giving identity theft victims only a few months
to investigate, assess the damage, and find out how the crime may have
begun. Many victims take a year or more to get to this point.
Recommendation: Legislation to allow victims of identity theft and
financial fraud at least a 2-year window to initiate a lawsuit against
involved parties, starting from time of discovery and not time of when
the crime(s) occurred.

5. Confirmation of Change of Address--Account Takeover
Finding: Account takeover has been a problem for many years. It is
fairly easy to find out the credit card number of an individual: Via
mail interception, shoulder surfing, skimming, register receipts, and
scams both by telephone and over the Internet. The U.S. Postal Service
introduced a successful program that mirrors the one recommended in
this legislation. It mandates that when an address change is requested
that a card be sent to the current address on record and to the new
address, informing the consumer of the requested change. The card
directs the consumer to notify a toll-free hotline should they dispute
the change of address request.
Recommendation: Legislation mandating that a company must notify
the cardholder when a change of address is submitted. This change of
address notification should be mailed by postal mail (not postcards) to
the current address on the account, as well as the new address. The
notice should inform the account holder of the request and give a toll-
free number to call if the account holder had not submitted the change.

6. Mandatory Observation of Fraud Alerts
Finding: Current identity theft victims want to stop the
perpetrator from opening yet another account. Many fear (with good
reason) that unless they immediately lock the door to credit, the
perpetrator will continue to attack them for years to come. Even if the
imposter is arrested, there is no guarantee that he or she will not
sell the information to another individual, who in turn will try to
open credit using the consumer's information. While California is also
experimenting with a credit freeze, ITRC believes that the mandatory
observation of fraud/security alerts is the ultimate credit monitoring
service.
The only measure of control over the establishment of new credit
lines is through a fraud or security alert placed with the three major
credit reporting agencies. Unfortunately, at this time, the notice of a
fraud alert--``Do not issue credit without my express permission. I may
be reached at 555-555-5555 or please contact me at the following e-mail
address:___''--is advisory in nature only. Language for this bill has
been already written by Senator Feinstein.
Recommendation: Legislation that would require all credit reporting
agencies to indicate to credit issuers that there is a fraud/security
alert and the entire text of that alert, whether a credit score,
summary, or full report is requested. AND that all credit issuers must
check for and observe security alert request as written on credit
reports. This legislation should include penalties and civil remedies
for failure to comply.

7. Truncation of Credit Card Account Numbers on Credit Card Receipts
Finding: Many merchants print your entire credit card number on
merchandise receipts. Unfortunately, this is an excellent way for
thieves to gather information and enjoy a shopping spree at your
expense. The scenario: It is a busy time, perhaps a white sale or
during the holidays. As Mary wanders from store to store, she doesn't
notice the gray-haired woman walking behind her. She also doesn't
notice the woman slipping her hand into Mary's purchase bag and pulling
out the receipt for the sweater she bought a few minutes ago. By the
time Mary gets home a few hours later, this woman (minus the gray-
haired wig) has hit two nearby shopping centers and charged about
$3,000 in merchandise to Mary's account.
Recommendation: Legislation that states that a person or an entity
that accepts credit cards for the transaction of business may not print
more than the last 5 digits of the credit card account number or the
expiration date upon any receipt provided to consumers. A 2-year phase
out deadline can be included to allow stores to adjust programs as they
replace or alter machines and software programs.

8. Free Annual Credit Reports upon Request
Finding: Credit reporting agencies (CRA's) collect credit
information provided by credit issuers, merchants, and others and then
resell it to their customers--credit issuers, merchants, and employers.
That information is not verified for accuracy, and may even reflect
addresses used by imposters or misread by clerks. The irony is that if
this information is not accurate, not only does the consumer suffer,
but the businesses that purchase this information and use it to
determine whether to extend credit lines can also be harmed.
Information distributed by the CRA's seems to take on a life of its
own. These reports are replicated and distributed by resellers (for
example, real estate industry). Errors in reports spread like a
malignant growth throughout the system, affecting a person's ability to
get credit, buy a house or car, obtain a job, and secure rental
housing.
The only way to confirm the database information is to allow the
consumer to check it over on a regular basis. Currently, the credit
reporting agencies charge a fee to look at one's credit report, arguing
that they shouldn't be forced to give anything away for free. Yet, the
only person who can authenticate information is the consumer. Why
should they be forced to pay to verify information they did not provide
to the CRA in the first place?
Recommendation: We recommend following the lead of several other
States (Colorado, Georgia, Massachusetts, Maryland, New Jersey, and
Vermont) in allowing each consumer one free copy of all three credit
reports per year, upon request and expand upon it to also follow
California's lead in allowing multiple credit reports for victims of
identity theft within the first TWO years after the discovery of the
crime (perhaps one every 3 months). This bill is smart business, good
for consumers, and good for a State's economy.

9. Victim's Right Act
Finding: Victims of financial fraud must be given full rights under
the law. These include the right to reasonable and timely notice of any
public proceeding involving the crime and of any release or escape of
the accused; the rights not to be excluded from such public proceeding
and reasonably to be heard at public release, plea, sentencing,
reprieve, and pardon proceedings; and the right to adjudicative
decisions that duly consider the victim's safety, interest in avoiding
unreasonable delay, and just and timely claims to restitution from the
offender.
Recommendation: Legislation that would require the victim to be
notified of all steps of the criminal process including the trial date
and the release of the perpetrator from custody. Provisions should be
made to allow for victim input prior to sentencing and for restitution
when appropriate. Victims of white-collar crimes should be afforded the
same rights as those of violent crimes.

10. Information Trafficking
Finding: As identity theft has grown, suspects have become actively
engaged in the collection of personal profiles for purposes of identity
theft. These suspects often steal mail and trash in search of new
identities to use. They compile lists of victims' names, birth dates,
Social Security numbers, maiden names, addresses, and other pieces of
information that can be used to open fraudulent accounts or take over
existing legitimate accounts. These profiles have become commodities
that can be sold or traded for drugs or cash. Often the person
compiling the profile is not directly involved in the actual use of the
identifiers, thereby avoiding prosecution as an ``identity thief.'' In
some cases, suspects have retained victim profiles for years, knowing
they can be used again and again.
Recommendation: Legislation making the action of information
trafficking illegal and punishable as a felony or felony/misdemeanor
(wobbler) depending on judicial discretion. Possible language includes:
Every person who, with the intent to defraud, acquires, transfers, or
retains possession of the means of identification of another person
without the authorization of that person, is guilty of a public
offense, and upon conviction therefore, shall be punished (terms equal
to type of crime). The term ``means of identification'' means any name
together with one or more other pieces of information which can be used
to identify a specific individual, including a Social Security number,
date of birth, State or Federal issued driver's license or
identification number, taxpayer identification number, or unique
biometric data, such as fingerprint, voice print, retina or iris image.

11. Confidentiality and Protection of the Social Security Number (SSN)
Finding: The Social Security number is the golden key to financial
identity theft. However, it is used by so many entities that it is
nearly impossible for consumers to adequately protect it. New standards
and laws need to be adopted that dictate collection, use, display,
security, and confidentiality of the Social Security number. It should
not be used as an identifier by schools, insurance companies,
employers, utility companies, or businesses. Social Security numbers
should not be publicly displayed (that is, printed on timecards or
badges) or shared with other companies or organizations except where
required by law. ITRC would hope that business groups would voluntarily
adopt many of the recommendations in this section and that legislation
be a last resort.
Finding: Companies often ask for information that is not necessary
for the transaction of business. They claim that they may need it at a
future time or for statistical purposes. There should be some
restriction of the type of information asked on applications. For
example, a self-storage company and a health club were recently asked
why they requested the person's Social Security number. The response
was that it was a convenient identity number to use as a member number.
Recommendation: Legislation prohibiting the use of the Social
Security number as an identifier, except for specified governmental
purposes. Entities that should not be using the Social Security number
as an identifier include: Schools, insurance companies, employers,
utility companies, or businesses. Both civil and business code
penalties may need to be imposed on those who do not comply with these
standards. Again, a phase-out program can be implemented to minimize
costs to those entities that now use the Social Security number as the
customer identity number.
Recommendation: Legislation restricting circumstances in which a
company/governmental agency may ask for certain identifying information
including Social Security number, birth date, and driver's license
number. This recommendation includes the requirement that all States
convert to non-Social Security number for driver's license number use
rather than allowing the consumer an option.
Finding: Information is often exchanged in an unsafe manner. Those
individuals collecting information must be trained on how to collect
data in a manner that does not compromise the security of consumers or
employees. That means that information should not be exchanged verbally
in a public place, where the conversation may be overhead. How many
times have you seen a pharmacist ask for a Social Security number in
order to process a prescription? Who is overhearing that conversation?
How many times have you seen a retail clerk phone in a credit
application while standing in a workstation surrounded by shoppers?
Even once is too often.
Finding: Personal information on databases should be encrypted and
accessed only on a ``need-to-know'' basis. These people should have
access audited and their computers must be password controlled.
Ideally, these people should all have criminal and financial background
checks performed on a regular basis.
Recommendation: Only the personal information relevant to the
purpose to be used should be requested. It must be limited to ``need-
to-know'' personnel, and access of information strictly audited and
controlled. Consumers and employees must be notified in advance as to
the purposes of the data collection, to whom it will be distributed,
and the subsequent use after the fulfillment of the original purpose.
Legislation should include anticoercion language so that consumers will
not be penalized if they wish to ``opt out'' of additional services/
lists or denied services if they do not wish to provide sensitive
information not essential to business operations.
Recommendation: No person or entity shall sell, give away, or in
any way allow distribution or use of information collected or provided
to governmental agencies other than the original purpose for which the
information was requested.
Recommendation: Personal data should be protected by reasonable
security safeguards against such risks as loss or unauthorized access,
destruction, use, modification, or disclosure of data. If this occurs,
legislation should be in place to allow for civil litigation and
possible punitive actions by the courts.

12. Effective Disposal of Records No Longer Needed
Finding: The privacy and financial security of individuals is
increasingly at risk due to the widespread collection of personal
information by both the private and public sectors. Credit transactions
and applications, magazine subscriptions, telephone numbers, real
estate records, automobile registrations, consumer surveys, warranty
registrations, credit reports, employee records, pharmacy records,
mortgage or banking applications, and Internet sites are all sources of
personal information and form the source material for identity thieves.
Consumers must trust that companies are adequately destroying
information no longer stored. Unfortunately, investigative reporters
around the country are finding compromising information in dumpsters
behind buildings on a regular basis.
Recommendation: Legislation requiring businesses to take all
reasonable steps to destroy, or arrange for the destruction of a
customer's or employee's records within its custody or control
containing personal information which is no longer to be retained by
the business by shredding, erasing, or otherwise modifying the personal
information in those records to make it unreadable or undecipherable
through any means. This should include records on paper and those
stored electronically.

13. Security Breaches (Workplace Identity Theft)
Finding: The concealment and notification delay to concerned
parties of information breaches involving the theft or possible theft
of identifying information must stop. The incidents at the Stephen P.
Teale Data Center and the University of Texas/Austin in which the
personal financial information of hundreds of thousands fall into the
hands of computer hackers is a dramatic demonstration of an all too
common event. This bill MUST include both computer breaches and paper
breaches of information or it will not be complete.
Recommendation: Legislation needs to be considered that would
require a timely notification to all parties involved in a breach
containing their personal identifying information.
Recommendation: An individual should have the right to verify the
accuracy of information collected about him or her without charge and
in a form that is readily intelligible to him or her. They should be
able to challenge data recorded in error, and if the challenge is
successful to have the data erased, rectified, completed, or amended.

14. Protecting Information from Mail Theft
Finding: Mail theft is a major source of information for identity
thieves. When consumers do not know that an item is being sent to them,
they are unable to report its loss. We also have to make sure that any
document being sent via mail does not include a full Social Security
number or account number.
Recommendation: Require prior consumer consent via an opt in
program for preapproved credit card offers and convenience/balance
forward checks sent through the mail. This program would also require
that consumers be notified of expected mailings so they can monitor in
the event it is not received. Another way to tackle this problem is to
prohibit any changes in the original form sent to the consumer or allow
any forms that are incomplete (In other words, a thief may not know my
birth date and leave it blank). In terms of other documents, the Social
Security number must be eliminated from mailings, including paycheck
stubs. The employee identity number (other than Social Security number)
could be used in its place.

15. Consumer Notification of Excessive Applications or Negative
Information on Credit Reports
Finding: Credit granters are aware that there are recognized
warning signals that indicate possible financial identity theft:
Multiple applications within a short period of time, multiple
applications with the same Social Security number but different
addresses, etc. The problem has been that no one credit issuer sees all
the applications. The only entities that have access to this
information are the CRA's.
Recommendation: Legislation that requires the CRA to notify a
consumer at all the addresses on record for the past 6 months of a
possible fraud situation should more than four (4) credit applications
be submitted within a 30-day period of time.
Finding: Consumers do not often find out about negative information
on a credit report until the worst possible time--when applying for
credit, a job, or tenancy. And this may be due to the consumer's own
actions, those of an imposter, or clerical errors.
Recommendation: Legislation that requires the CRA's to notify a
consumer of any negative information submitted to the CRA at the time
of submission. This legislation may stipulate that no more than four
(4) notifications are required in any one calendar year unless a fraud
or security alert is currently on that credit report.

ITRC's Position About Identity Theft and FCRA Sunsetting
1. Identity theft crosses State borders and many of the crimes we
hear about are both cross-geographic and multi-jurisdictional in
nature. This creates a loophole in which identity thieves thrive. It is
one that we can, by working as a unit, finally close. National
standards supported and aided by State involvement is essential.
2. A cohesive, uniform set of laws that would keep sensitive
information out of criminal's hands, strengthen credit issuing
standards and assist victims is badly needed. The question that has not
yet been answered is whether a single set of Federal laws can do the
job.
3. While strong national laws will reduce the need or desire for
fine-tuning via State laws there may always be a need for the States to
address individual issues--in response to consumer/business needs of
that State and to enhance the ability for local law enforcement and
prosecutors to pursue actions on behalf of those who live in that
State.
4. We do not agree with the concerns on businesses and other groups
that they will need to conform to 50 different standards. That is
speculative at best and prior to 1996 was not an issue. A dual
regulatory system has worked well in other areas and can work to the
betterment of all in regards to FCRA as well if needed.
5. We are well aware that as a victim resource center that
interacts with business that to take a diehard approach that would
drastically impair or negatively impact business ability to function
will be just as devastating to the victims we assist. We seek a
cooperative meeting point between the business, consumer, and victims
so that we can defeat the one true enemy of all of us--the thieves.
6. To discuss FCRA preemptions is premature until we see the set of
new, signed laws that are adopted as national laws. As in the last 5
years, there has been much talk but little action in the last 6 months,
since the preemption discussion was opened and identity theft was
thrust into the spotlight. Once those laws are signed, then we can
discuss preemption. Until that time, this is like filing for retirement
before you have been offered your first job.

Conclusion
Crime, like most things in our society grows, evolves, and
constantly changes. In 1970, the writers of the FCRA could not have
predicted that credit transactions would be conducted via the Internet.
All business was conducted in person, in communities where people were
known and applications could be verified.
When President Franklin Delano Roosevelt expanded the use of the
Social Security number as an identifier, he could not have anticipated
the Pandora's box that he would open. It was impossible to predict the
impact of the information age and how computer technology would allow a
crime like identity theft to flourish.
The FCRA preemption discussion has created more activity and talk
of action in the last 6 months than in the last 5 years combined. In
2000, the FTC held a hearing on identity theft in which we
participated. They have continued to monitor this crime through their
database and through victim panels. The information has not changed,
just the number of victims which has increased.
ITRC's staff members have attended hearings and provided
information for years now to Federal legislators and governmental
agencies about changes that need to be made--to no avail. Few, if any,
bills have been passed. The most recent was passed because of its link
to Homeland Security (higher penalties--for all those criminals who are
not caught in the first place).
While the Federal Government shows an interest in identity theft,
it has been the States that have led the way in restricting information
access and victim recovery. These legislative bodies have shown a
responsiveness that is unmatched to date at the Federal level. (See
addendum.)
If you are serious about identity theft and feel you can address it
sufficiently on a national basis, this is your opportunity to prove it.
But keep in mind, we (consumers, victims, law enforcement, advocates,
and the business community who cares about combating this crime) have
high standards for the laws that you pass. We will not accept weak laws
that either do little to help the situation or weaken existing laws
that have a proven history.
ITRC's sole purpose is to combat this crime and to help victims.
Our fear is that the public will be promised new laws, strong laws that
allow for expansion and redirection as this crime grows and evolves but
will never see them. Our fear is that the promise will be made but once
groups interested in renewing the FCRA preemptions wins, these news
laws will cease to be discussed, let alone passed.
At this time, ITRC wants to see some action. We want to see what
the new laws say, who they protect, what they address, and how they
will affect both businesses and consumers, neither of which can be
disregarded nor harmed. Until those laws are passed and signed by the
President, discussing preempting States from passing laws is premature.
Thank you for your time and consideration.

* * *
Addendum

California vs. Federal laws that have been passed in the last 3
years in response to consumer/victim/law enforcement feedback.

California State Laws
Confidentiality of Social Security Numbers--California Civil Code
Section 1798.85-1798.86 and 1786.6. This law restricts businesses from publicly posting or displaying Social Security numbers. The law takes
effect gradually from July 1, 2002 through July 1, 2005.
Consolidation of Identity Theft Cases--Penal Code Section 786. The
jurisdiction for a criminal action for identity theft offenses may be the county where the theft occurred or the county where the information was
illegally used. If similar identity theft offenses occur across
multiple jurisdictions, any one of those jurisdictions is a proper
jurisdiction for all of the offenses.
Consumer Credit Reporting Agencies Act Civil Code Section 1785.1-
1785.36. This law, the State counterpart of the Fair Credit Reporting
Act, regulates consumer credit reporting agencies. It requires them,
among other things: (1) to provide free copies of credit reports to
consumers who have been denied credit or who are identity theft
victims, (2) to block information that appears on a report as the
result of identity theft, (3) to place security alerts (effective July
1, 2002) or freezes (effective January 1, 2003) on the files of
consumers who request them, and (4) to provide, for a reasonable fee,
credit score information to consumers who request it.
Credit Card Number Truncation--California Civil Code Section
1747.9. No more than the last five digits of a credit card number may
be printed on the electronic receipts. Effective on January 1, 2001 for
machines put in use on or after that date. Effective on January 1, 2004
for all machines that electronically print credit card receipts.
Credit Card ``Skimmers''--Penal Code Section 502.6. The knowing and
willful possession or use, with the intent to defraud, of a device
designed to scan or reencode information from or to the magnetic strip
of a payment card (a ``skimmer'') is punishable as a misdemeanor. The
devices owned by the defendant and possessed or used in violation may
be destroyed and various other computer equipment used to store
illegally obtained data may be seized.
Destruction of Customer Records--California Civil Code Sections
1798.80 -1798.84. This requires businesses to shred, erase, or
otherwise modify the personal information in records under their
control.
Employment of Offenders--Penal Code Sections 4017.1 and 5071 and
Welfare and Institutions Code Section 219.5. Specified prison and
county jail inmates may not have access to personal information. The
same prohibitions apply to specific offenders performing community
service in lieu of a fine or custody.
Identity Theft: Access to Financial Records on Fraudulent
Accounts--California Civil Code Section 1748.95, California Financial
Code Sections 4002 and 22470. Similar to Penal Code Section 530.8,
these laws require certain types of financial institutions to release
(to a victim with a police report or to the victim's law enforcement
representative) information and evidence related to identity theft.
Identity Theft--California Penal Code Sections 530.5-530.8. These
code sections define the specific crime of identity theft, require the
law enforcement agency in the victim's area to take a police report,
allow a victim to get an expedited judicial ruling of factual
innocence, require the Department of Justice to establish a database of
identity theft victims accessible by law enforcement and victims, and
require the financial institutions to release information and evidence
related to identity theft to a victim with a police report or to the
victim's law enforcement representative.
Identity Theft Conspiracy/DMV--Penal Code Sections 182 and 529.7.
Courts can impose fines of up to $25,000 on individuals convicted of
felony conspiracy to commit identity theft. This law also makes it a
misdemeanor for any unauthorized person to obtain (or assist another
person in obtaining) a driver's license, identification card, vehicle
registration certificate, or other official document issued by the
Department of Motor Vehicles, with the knowledge that the person
obtaining the document is not entitled to it.
Identity Theft Victim's Rights Against Claimants--Civil Code
Section 1798.92-1798.97. This law protects identity theft victims who
are being pursued for collection of debts which have been created by
identity thieves. The law gives identity theft victims the right to
bring an action against a claimant who is seeking payment on a debt NOT
owed by the identity theft victim. The identity theft victim may seek
an injunction against the claimant, plus actual damages, costs, a civil
penalty, and other relief.
Information Practices Act of 1977--California Civil Code Sections
1798 and following. This law applies to State government. It expands
upon the constitutional guarantee of privacy by providing limits on the
collection, management, and dissemination of personal information by
State agencies.
Insurance Information and Privacy Protection Act, Insurance Code
Section 791 et seq. This law limits most insurance companies from
disclosing personal information about a consumer that is collected or
received in connection with an insurance transaction, for example, (1)
when a consumer provides written authorization for a disclosure, or (2)
when a disclosure is necessary for conducting business. The law permits
the disclosure of nonsensitive information for marketing purposes
unless the consumer opts out.
Investigative Consumer Reporting Agencies Act, California Civil
Code Sections 1786 -1786.60. This law regulates the activities of
agencies that collect information on consumers for employers, insurance
companies, and landlords.
Legal and Civil Rights of Persons Involuntarily Detained--Welfare &
Institutions Code Section 5328. This law provides for the
confidentiality of the records of people who are voluntarily or who are
involuntarily detained for psychiatric evaluation or treatment.
Mandated Blood Testing and Confidentiality to Protect Public
Health--California Health & Safety Code Sections 120975-121020. This
law protects the privacy of individuals who are the subject of blood
testing for antibodies to the probable causative agent of acquired
immune deficiency syndrome (AIDS).
Notice of Security Breach--Civil Code Sections 1798.29 and 1798.82.
This law requires a business or a State agency that maintains
unencrypted computerized data that includes personal information, as
defined, to notify any California resident whose unencrypted personal
information was, or is reasonably believed to have been, acquired by an
unauthorized person. The type of information that triggers the notice
requirement is the name plus one or more of the following: Social
Security number, driver's license, or State identity card number, or
financial account numbers. The law's intention is to give affected
individuals the opportunity to take proactive steps to protect
themselves from identity theft. These provisions take effect July 1,
2003.
Office of Privacy Protection--California Business and Professions
Code Section 350-352. A State law enacted in 2000 created the Office of
Privacy Protection, with the mission of protecting and promoting the
privacy rights of California consumers. http://www.leginfo.ca.gov/cgi-
bin/displaycode?section=bpc&group=00001-01000&file=350-352.
Payment by Check or Credit Card--Civil Code Sections 1725 and
1747.8. Any person accepting a check in payment for most goods or
services at retail is prohibited from recording a purchaser's credit
card number or requiring that a credit card be shown as a condition of
accepting the check (Section 1725). Any person accepting a credit card
in payment for most goods or services is prohibited from writing the
cardholder's personal information on forms associated with the
transaction (Section 1747.8).
Patient Access to Medical Records--California Health & Safety Code
Section 123110 et seq. With minor limitations, this law gives patients
the right to see and copy information maintained by health care
providers relating to the patients' health conditions. The law also
gives patients the right to submit amendments to their records, if the
patients believe that the records are inaccurate or incomplete.
Personal Information Collected on Internet--California Government
Code Section 11015.5. This law applies to State government agencies.
When collecting personal information electronically, agencies must
provide certain notices. Before sharing an individual's information
with third parties, agencies must obtain the individual's written
consent.
Public Records Act--California Government Codes Sections 6250-6268.
This law applies to State and local government. It gives members of the
public a right to obtain certain described kinds of documents that are
not protected from disclosure by the Constitution and other laws. It
also requires that State and local agencies be ``mindful'' of the laws
that confer privacy rights. This law also provides some specific
privacy protections.
Spam Laws--California Business and Professions Code, Section
17538.4 and 17538.45--Penal Code Section 502. These code Sections
establish the guidelines relating to unsolicited e-mail and faxes.
State Agency Privacy Policies, Government Code Section 11019.9.
This law requires State agencies to enact and to maintain a privacy
policy and to designate an employee to be responsible for the policy. The policy must describe the agency's practices for handling personal
information, as further required in the Information Practices Act.
Substitute Credit Cards--Civil Code Section 1747.05. A credit card
issuer that issues a substitute credit card must provide an activation
process where consumers are required to contact the card issuer to
activate the credit card before it can be used.
Supermarket Club Card Act--Civil Code Title 1.4B. This law
prohibits supermarket club card issuers from requesting drivers license
number or Social Security number and from selling or sharing personal
customer information; limited exemption for membership card stores.
Telemarketing: State Do-Not-Call List--Business and Professions
Code Sections 17590-17595. Effective April 1, 2003, Californians can
put their residential and cellular telephone numbers on a State do-not-
call list. For program details, visit the Attorney General's website at
http://caag.state.ca.us/donotcall/index.htm.
Unsolicited Cell Phone/Pager Text Ads--Business and Professions
Code Section 17538.41. This law prohibits the sending of unsolicited
text advertisements to cell phones or pagers.
Warranty Cards--Civil Code Section 1793.1. Product warranty cards
must clearly state that the consumer is not required to return the card
for the warranty to take effect.

Federal Laws
Children's Online Privacy Protection Act (COPPA)--15 U.S.C. 6501 et
seq. The Act's goal is to place parents in control over what
information is collected from their children online. With limited
exceptions, the related FTC Rule requires operators of commercial
websites and online services to provide notice and get parent's consent
before collecting personal information from children under 13.
Driver's Privacy Protection Act of 1994--18 U.S.C. 2721 et seq.
This law puts limits on disclosures of personal information in records
maintained by departments of motor vehicles.
Fair Credit Reporting Act (FCRA)--15 U.S.C. 1681-1681u. This
Federal law is designed to promote accuracy, fairness, and privacy of
information in the files of every ``consumer reporting agency,'' the
credit bureaus that gather and sell information about consumers to
creditors, employers, landlords, and other businesses. www.ftc.gov/bcp/
conline/edcams/fcra/index.html.
Family Educational Rights and Privacy Act of 1974 (FERPA)--20
U.S.C. 1232g. This law puts limits on disclosure of educational records
maintained by agencies and institutions that receive Federal funding.
Federal Identity Theft Assumption and Deterrence Act of 1998--18
U.S.C. 1028. The Act makes it a Federal crime to use another's identity
to commit an activity that violates Federal law or that is a felony
under State or local law. Violations are investigated by Federal
agencies including the Secret Service, the FBI, and the Postal
Inspection Service and prosecuted by the U.S. Department of Justice.
www4.law.cornell.edu/uscode/18/1028.html.
Federal Privacy Act of 1974 --5 U.S. Code 552a. This law applies to
the records of Federal Government executive and regulatory agencies. It
requires such agencies to apply basic fair information practices to
records containing the personal information of most individuals.
Financial Services Modernization Act, Gramm-Leach-Bliley (GLB),
Privacy Rule--15 U.S.C. 6801 -6827. The 1999 Federal law permits the
consolidation of financial services companies and requires financial
institutions to issue privacy notices to their customers, giving them
the opportunity to opt out of some sharing of personally identifiable
financial information with outside companies. www.ftc.gov/privacy/
glbact/index.html.
Health Information Portability and Accountability Act of 1996
(HIPAA), Standards for Privacy of Individually Identifiable Health
Information, Final Rule --45 CFR Parts 160 and 164. HIPAA includes
provisions designed to save money for health care businesses by
encouraging electronic transactions and also regulations to protect the
security and confidentiality of patient information. The privacy rule
took effect on April 14, 2001, with most covered entities (health plans,
health care clearinghouse, and health care providers who conduct
certain financial and administrative transactions electronically)
having until April 2003 to comply. http://aspe.hhs.gov/admnsimp/
bannerps.htm#privacy.
Telephone Consumer Protection Act (TCPA)-- 47 U.S.C. 227. This law
puts restrictions on telemarketing calls and on the use of autodialers,
prerecorded messages, and fax machines to send unsolicited
advertisements.
Video Privacy Protection Act of 1998--18 U.S.C. 2710. The Act
strictly limits the conditions under which a video rental or sales
outlet may reveal information about the outlet's patrons. The Act also
requires such an outlet to give patrons the opportunity to opt out of
any sale of mailing lists. The Act allows consumers to sue for money
damages and attorney fees if they are harmed by a violation of the Act.

----------

PREPARED STATEMENT OF WILLIAM HOUGH

Vice President of Credit Services, The Neiman Marcus Group
On Behalf of the National Retail Federation
June 19, 2003

Good afternoon. My name is Bill Hough. I am Vice President of
Credit Services for The Neiman Marcus Group. I am testifying today on
behalf of the National
Retail Federation. I would like to thank Chairman Shelby and Ranking
Member Sarbanes for providing me with the opportunity to testify before
the Banking Committee about the growing problem of identity theft and
the steps that Neiman Marcus is taking to curb our losses and protect
our customers from these crimes.
By way of background, The Neiman Marcus Group is headquartered in
Dallas, Texas, and is comprised of two primary operating segments:
Specialty retail (which includes 35 Neiman Marcus stores nationwide and
two Bergdorf Goodman stores in New York City) and direct marketing
(which includes the catalogue and online operations for our Neiman
Marcus, Horchow, and Chef 's brands). We issue our proprietary credit
cards under the Neiman Marcus and Bergdorf Goodman names.
The National Retail Federation (NRF) is the world's largest retail
trade association with membership that comprises all retail formats and
channels of distribution including department, specialty, discount,
catalogue, Internet, and independent stores. NRF members represent an
industry that encompasses more than 1.4 million U.S. retail
establishments, employs more than 20 million people--about 1 in 5
American workers--and registered 2002 sales of $3.6 trillion.
In fiscal 2001, Neiman Marcus reached a high-water mark for
identity theft related losses with just over 520 cases representing a
total expense of $1.3 million. In the past 2 years, we have experienced
a decline of approximately 70 percent in the number of identity theft
fraud cases with less than 150 cases projected for the current year. It
is important to note that cases involving other forms of fraud, such as
lost or stolen cards have remained constant over the past 2 years.
Mr. Chairman, instant credit represents about 85 percent of all
new accounts opened at Neiman Marcus. As you know, this process is most
likely to take place at the point of sale and relies on a highly
automated and relatively quick procedure to verify an applicant's
identity and check that individual's credit report. In order to cut
down on fraud and identity theft during the instant credit application,
Neiman Marcus developed a custom fraud detection model that analyzes
certain specific attributes of every credit application. This system
isolates certain variables on an application and double-checks them
against the information found on the applicant's credit report. Where
discrepancies or inconsistencies occur, the model sends the application
to our credit department for further review. Clearly, the model we
developed works well and has reduced our losses significantly over the
past 2 years. Additionally, another positive byproduct of the model is
that it has identified and prevented many more identity theft cases
(about 800 in the past year).
Occasionally, we are able to definitively detect an attempted
fraud and arrest the identity thief in our store. This usually occurs
if our credit office, after being alerted during the application
process, can quickly get in touch with the victim by calling a phone
number provided through the credit bureau information. We will then ask
if they want to pursue an arrest of the person attempting to use their
personal
information to open a credit account. If they agree, we will authorize
a credit card number and allow the clerk to open the account and
complete the transaction. At that point, Neiman Marcus Loss Prevention
will detain the suspect and contact the police. We have had 33 such
arrests this year, and 80 in 2002.
Another program that Neiman Marcus has used to dramatically cut
down on fraud is administered through our direct marketing division.
Currently, Neiman Marcus Direct packs and ships approximately 10,000
packages per day for our Neiman Marcus, Horchow, and Chef 's brands. We
also ship about 5,000 packages from our specialty retail stores each
day. By using customer information-sharing we were able to develop an
address delivery cross-check within our Delivery Manifest System. Thus,
each package is passed through this address verification to make sure
it is not going to a known bad delivery address. Additionally, edits
are in place to identify unusual buying patterns that may be forwarding
merchandise to a certain address. These controls stopped over 500
fraudulent shipments last year.
Neiman Marcus also does special edits to focus on the hottest
selling merchandise, knowing that these items often have the highest
street sale value. In fact, a savvy sales clerk at the Neiman Marcus in
White Plains, New York, helped to expose one of the largest identity
theft rings in U.S. history involving a former employee of Teledata and
over 30,000 stolen credit reports from the three major credit bureaus.
The incident began when a woman called in an order for $6,000 in trendy
shoes to the White Plains store and told the sales clerk she did not
care what size shoes were shipped to her. The sales clerk realized this
was a suspicious transaction and notified the Loss Prevention
Department at Neiman Marcus who helped set up a controlled delivery
with the local law enforcement and the U.S. Postal Service.
Mr. Chairman, I would like to be able to tell you that Neiman
Marcus has prevented 100 percent of all fraudulent credit applications this year, but I cannot. Successful identity thieves still slip by our systems at
a rate of 7 per every 10,000 applications processed--less than one-
tenth of 1 percent. This, in my view, is not the result of a flawed
system, but the result of determined criminals with sophisticated tools
like computers and the Internet. You see, the most successful identity
thieves know how to replicate an individual's verifiable identity
characteristics, including producing near-perfect identity documents such as State-issued driver's licenses and counterfeit credit cards.
Thieves are always looking for the weakest link in any system in
order to perpetrate a crime. Today, identity theft and unauthorized
access to existing accounts (such as unauthorized account look-up or
account takeover) seem to be the name of the game. Both of these crimes
rely on being able to present yourself using someone else's identity
information. For these types of criminals there is very little else we
can do to detect and prevent the crime, and retailers, like other
businesses, are looking to the States and the Federal Government to
begin producing the
most secure and fool-proof identity documents possible. Some have
proposed the use of biometrics or magnetic strip authentication to
verify an individual's identity. Whatever the mechanism, it behooves
retailers, banks, and governmental bodies alike to make identity
security a top priority. In fact, the NRF is in the beginning stages of
creating a public-private partnership to focus on identity security and
its implications for both preventing identity theft, as well as helping
victims put their credit records back together again.
The need for tougher law enforcement statutes is critical. While
we will arrest approximately 250 fraud perpetrators this year, many of
these criminals are out on the street the next day with a slap on the
wrist. It is almost as though they are being treated as a harmless
pickpocket versus a serious criminal who has created havoc for an
innocent victim. These people, especially those that become multiple
offenders, must face stiffer sentences if we are going to stop this
type of crime.
With identity theft representing such a small fraction of total
credit applications, it is often a case of looking for a needle in a
haystack. Further, identity thieves thrive on anonymity and rely on the
assumption that large retailers such as Neiman Marcus cannot put a name
and face together in order to prevent fraud. This is why it is so
important for retailers to know their customers, and the only way we
can do this is through the use of information. Information flows
between Credit Services and the credit bureaus or between our Retail
Division and Direct Marketing Division, combined with sophisticated
technology and scoring models, cuts down on fraud and allows us to
offer exceptional customer service. These two benefits are not mutually
exclusive and the type of information we collect from each customer and
its uses is explained clearly in the Neiman Marcus Security and Privacy
policy that can be found online at www.NeimanMarcus.com.
At Neiman Marcus, we also have a Fraud Unit that specializes in
handling all types of fraud claims. These associates are specially
trained to assist and guide identity fraud victims through a very
complicated ordeal. In fact, a call from our Fraud Unit can be the
first indication that a consumer may have of suspicious activity on
their account or of a potential identity theft in progress. You can be
sure that if an identity thief is trying to open accounts in our store,
they are probably attempting to do the same thing at several other
locations as well.
Identity theft is a crime with at least two victims, the
individual whose identity was stolen and the business from which money
or merchandise was stolen. Clearly, it is the individual victim that is
most directly hurt, but, if identity theft crimes continue to rise at
the rate reported by the FTC, all consumers will ultimately pay as
business losses are passed back to customers. We, at Neiman Marcus, are
convinced that our systems are making a difference, but we also do not
intend to sit on our hands waiting for criminals to find the next
weakest link. Mr. Chairman, I ask that Congress think carefully before
blocking information flows or constraining businesses to specific
prevention techniques or responses. We, in business, must continue to
have the leeway to innovate to respond to constantly changing
variables. Criminals always find a way and we need to maintain the
ability to find a response.
In closing, I would like to emphasize the retail industry's strong
support for the permanent reauthorization of the seven areas of
preemption contained in Section 624 of the Fair Credit Reporting Act.
The current uniform national standards allow retailers and lending
institutions to get a complete and accurate picture of a person's
credit history, as well as prevent fraud and identity theft. Consumers
have come to expect efficient and secure access to credit when
purchasing everything from an automobile to consumer goods such as
furniture, appliances, and apparel. In the final analysis, we in the
retail industry have a real concern that a more fragmented approval
processes for credit would negatively impact consumers in many
different levels and, as a consequence, retail sales, ultimately
costing jobs and hurting the economy as a whole.
I appreciate the opportunity to testify here today. I look forward
to answering your questions, as well as those of the Committee. Thank
you.

----------

PREPARED STATEMENT OF MICHAEL W. NAYLOR
Director of Advocacy, AARP
June 19, 2003

Good morning, Chairman Shelby, Ranking Member Sarbanes, and other
distinguished Members of the Senate Banking, Housing, and Urban Affairs
Committee. My name is Michael Naylor. I am the new Director of Advocacy
at AARP.
I want to take advantage of my first appearance before the
Committee to introduce myself to you in my new role at AARP. I also
want to take a moment to stress my strong desire to work closely with
you on the full range of issues that come before this Committee which
are of interest to our Members--and to midlife and older Americans
generally.
Let me begin by offering our views regarding the important subject
of this hearing: ``The growing problem of identity theft and its
relationship to the Fair Credit Reporting Act.'' I will summarize some
important research that we have conducted which has guided AARP's
thinking about these important issues. I have attached as appendices to
my written remarks the results of two key studies that underpin today's
testimony.\1\
---------------------------------------------------------------------------
\1\ See attached: ``Identity Theft: Experience of Older
Complainants,'' and ``The Fair Credit Reporting Act: Issues and Policy
Options.''
---------------------------------------------------------------------------
Identity theft is the co-opting of names, Social Security numbers,
credit card numbers, or other pieces of personal information for
fraudulent purposes. The fraud most often perpetrated takes the form of
using someone else's account identity for purposes of financial theft.
It can also take the form of an impostor--that is, someone assuming
another person's identity in order to seek payment under false
pretenses for provision of professional or other services--and to avoid
accurate identification or detection.
Identity theft occurs when an individual's personal identifying
information (for example, name, Social Security number, date of birth,
or mother's maiden name) is stolen by another person and used to commit
fraud or engage in other unlawful
activities. Often this stolen information is used to establish credit,
run up debt, or take over existing financial accounts. Typically,
identity theft damages the victim's credit, making it difficult for the
victim to buy a home or car, rent an apartment, obtain employment, or
purchase insurance.
Victims can often spend substantial amounts of time and money
resolving problems created by identity theft. Common problems include
the victim's having to contact credit bureaus repeatedly in an attempt
to clear his or her credit reports of fraudulent accounts, being turned
down for credit based on the incorrect information contained in the
victim's credit report, and receiving calls from creditors seeking to
collect on the fraudulent accounts.
I mentioned two studies. The first study confirms the seriousness
of the identity theft problem for older persons. With a membership of
over 35 million persons, AARP views, with alarm, the risk that identity
theft poses to the personal security of all Americans, young and old,
well-educated or not. However, our research does indicate a greater
vulnerability of older Americans, based on the higher proportion of
those age 50 years and older who report being victimized by identity
theft, compared to the proportion of all age groups making such
reports. The second study represents an extensive review of the
research literature on the Fair Credit Reporting Act. This AARP report
describes the range of risks faced by consumers that result from
erroneous information (elements)--some resulting from identity theft. A
variety of policy options for reform of FCRA emerged from this
examination.
We should recognize that all Americans are vulnerable to the
fraudulent use of their--or someone else's--personal information. After
all, we are known as the information society. But mid-life and older
Americans are particularly vulnerable targets for this type of criminal
activity because they control a proportionately larger share of the
Nation's financial assets, and because there are likely to be more
access points to a longer personal history that can be tapped into and
exploited. For those near or in retirement, the costs of identity theft
under any guise are particularly high, bringing a sense of violation
and a loss of individual security that cannot easily be recovered.
The magnitude of the Nation's problem with identity theft is just
now coming to light. Identity theft has been listed by the U.S. Federal
Trade Commission (FTC) as the fastest growing form of crime in the
Nation. Depending on the reporting source and the manner in which the
information was collected, the estimates range from 500,000 to 1.1
million victims for the year 2001 alone. Even the lower estimate seems
staggering.
Estimates also vary as to the financial losses incurred, and the
time and effort it takes to reestablish a victim's proper credit and
community standing. For example, according to studies done by the FTC
and by the Privacy Rights Clearinghouse, the average victim spends
about 175 hours and $1,100 in out-of-pocket expenses. Once victimized,
an individual may never completely recover his or her ``good name.''
The risk of being victimized has been amplified through the
availability and use of today's high-tech information resources and
tools.
The Identity Theft and Assumption Deterrence Act of 1998--known by
short-hand as the Identity Theft Act--made it a Federal crime to
knowingly transfer or use a means of identification of another person
with the intent to commit, aid or abet any unlawful activity under
Federal law, or any activity that represents a felony under State or
local law. Most States have passed similar laws related to identity
theft--that is, most State laws make identity theft a criminal offense.
Thousands of impostors have been caught and prosecuted, most often
by the U.S. Postal Service Inspection Service (which investigates mail
fraud) and the U.S. Secret Service's Financial Crime Division. Also
important are the efforts of State and local law enforcement agencies--
although all law enforcement resources are being heavily taxed by
homeland security and antiterrorism responsibilities. Notwithstanding
these efforts, it appears that identity theft remains a high-profit,
low-risk, and--until recently at least--a low-penalty crime.

Identity Theft: The Experience of Older Complainants
The Identity Theft and Assumption Deterrence Act of 1998 made the
actual theft of an individual's identifying information a specific
Federal crime, and authorized the creation of the FTC's Identity Theft
Data Clearinghouse and database--which has been in existence since
1999.
The complaint data are based on self-reporting by the complainant
either to the FTC or to another agency that subsequently forwarded the
complaint to the FTC.\2\ Since inception of the database, the FTC has
reported major increases in the number of telephone calls from
consumers to its Clearinghouse hotline. Calls from
consumers increased from an average of 445 calls per week in the first
month the hotline was in operation (November 1999), to an average of
3,000 calls per week in December 2001. In addition to the toll-free
hotline, consumers can file a complaint online or by mail.
---------------------------------------------------------------------------
\2\ The question may arise regarding how to appropriately interpret
consumer complaints data. We take the perspective that consumer
complaints can serve as an early-warning function leading to increased
accountability and safer, more effective, high-quality processes,
products, and services.
---------------------------------------------------------------------------
In order to get a sense of the vulnerability among those 50 and
older to identity theft, AARP requested that the FTC prepare two sets
of tabulations based on complaint data gathered through the Identity
Theft Data Clearinghouse for the year 2001. The 2001 data report on
86,168 identity theft complainants, with 72 percent of these (61,956
complainants) reporting age information.
For the year 2001, more than three-quarters (78 percent) of
complainants who
reported their age (n=61,956) were under 50 years old, while 22 percent
of complainants were 50 years of age or older. We then asked the FTC to
group its data for complainants on identity theft crimes, for those
that provided their ages, into their classification system for
different types of fraud.

Key Results
Credit Card Fraud
Among the general types of fraud identified by the FTC, 42 percent
of all complainants reported having their stolen information used in an
effort to commit credit card fraud. Of complainants reporting this type
of fraud, 62 percent reported that their information was used in an
attempt to establish new credit, while 24 percent reported their
information was used in an effort to access existing credit accounts.
Half (51 percent) of complainants age 50 and older reported having
their stolen information used in an attempt to commit credit card
fraud. Of complainants reporting attempts at this type of fraud, two-
thirds (66 percent) reported their information had been used in an
effort to establish new credit, while one-third (33 percent) reported
their information was used in an attempt to access existing credit
accounts.

Telephone or Utilities Fraud
Twenty percent of all complainants reported having their stolen
information used in an effort to commit telephone and utilities fraud.
Nearly half (48 percent) of complainants experiencing this type attempt
at fraud reported their information had been used in an effort to
establish new wireless telephone service. Seventeen percent of
complainants age 50 and older reported having their stolen information
used in an effort to commit telephone and utilities fraud. Almost two-
thirds (64 percent) of complainants in this age group experiencing this
type of attempt at fraud reported their information had been used in an
effort to establish new wireless telephone service.

Bank Fraud
Thirteen percent of all complainants reported having their stolen
information used in an effort to commit bank fraud. Nearly half (47
percent) of complainants experiencing this type of attempted fraud
reported their information had been used in an effort to commit check
fraud. Eleven percent of complainants age 50 and older reported having
their stolen information used in an effort to commit bank fraud. Sixty-
three percent of older complainants experiencing this type of attempt
at fraud reported their information had been used in an effort to
commit check fraud.

Loan Fraud
Six percent of all complainants reported having their stolen
information used in an effort to commit loan fraud. Half (53 percent)
of complainants experiencing this type of attempted fraud reported
their information had been used in an effort to secure a personal or
business loan. Seven percent of complainants age 50 and older reported
having their stolen information used in an effort to commit loan fraud.
Of complainants experiencing this type of attempt at loan fraud, 56
percent reported their information had been used in an effort to secure
a personal or business loan.
Overall, 10 percent of all complainants that reported their
personal information had been stolen indicated that it was used in an
attempt to commit some type of fraud. However, nearly double that
proportion, 18 percent of complainants age 50 and older, reported
attempted identity theft fraud. We believe further collection and
analysis of complaint data are necessary to better understand the
nature of identity theft crimes and to devise more effective prevention
and enforcement policies.

Implications for the Fair Credit Reporting Act
The Fair Credit Reporting Act (FCRA), enacted in 1970, is the
foundation of our national credit system. consumer reporting agencies
(CRA's) collect and compile information on consumers' creditworthiness
from financial institutions, public records, and other sources. FCRA
applies to the personal credit records maintained by CRA's. The FCRA
also outlines a consumer's rights in relation to his or her credit
report, as well as permissible uses for credit reports and disclosure
requirements. In 1996, the FCRA was amended and now contains seven
specific Federal preemptions (due to sunset on January 1, 2004, unless
Congress extends them) that prevent States from overriding or changing:

The responsibilities of organizations and businesses that
furnish information to reporting agencies.
The duties of organizations and businesses to notify consumers
when they have been denied credit or employment based on
information in their credit reports.
Procedures that a consumer reporting agency must use if a
consumer disputes the accuracy of information.
The information that may be included in consumer reports,
including the time during which consumer reporting agencies are
permitted to report adverse data.
The form or content of the summary of rights that a consumer
reporting agency is required to provide to a consumer along with
information in the consumer's file.
The exchange of information among affiliated institutions.
Prescreening procedures that provide consumers with credit or
other financial services or product lines.

The consumer credit reporting industry is a $6 billion industry
that provides information about consumers to a wide variety of businesses.
Information on consumers is purchased by lenders, credit sellers,
insurance companies, and landlords, and by employers seeking
information on prospective or current employees. The largest sources of
credit reports are the three national consumer reporting agencies
(CRA's) that collectively maintain an estimated 570 million files on
U.S. consumers. Each CRA collects its own data on an individual
consumer and maintains its own file on that consumer. It should come as
no surprise that the credit reporting industry is the most extensive
user of consumer data in the private sector.
In addition to selling credit reports, CRA's sell prescreened lists
of consumers to providers of credit and insurance products.
Prescreening involves CRA's creating a list of consumers who meet
criteria specified by purchasers of the list. For example, credit card
companies use prescreened lists to identify and solicit consumers who
qualify for ``preapproved'' offers of their credit card product.
As a result of the large amounts of data involved, the credit
reporting industry relies heavily on computer automation, and
information is transferred, sorted, stored, and retrieved
electronically. To facilitate this automation, many creditors and other
furnishers of information to CRA's use a standardized computer program
to report data to CRA's. Information provided to CRA's is usually
received monthly and downloaded into their databases.
The widespread use of credit reports for an increasing variety of
purposes, and the large amount of information processed by CRA's, raise
a number of issues regarding the FCRA's uses and effects. One of the
major goals of the FCRA is to promote accuracy in credit reporting by
requiring CRA's to use reasonable procedures. Despite FCRA protections,
available data suggest that assuring the accuracy of the information in
credit reports continues to be a concern. Incorrect information has too
often been included in consumer credit reports.\3\
---------------------------------------------------------------------------
\3\ A 2000 study examining consumer credit reports found that over
half of the credit reports examined contained errors. A 1998 study
found that 70 percent of credit reports investigated contained
incorrect information. Of these reports, 29 percent contained errors
significant enough to have serious adverse consequences for the
consumer's credit, and 41 percent contained personal identifying
information that was either incorrect or obsolete. See Appendix 2.
---------------------------------------------------------------------------
Another accuracy issue is that information creditors provide to
CRA's may be incomplete and positive information may be missing. The
FCRA does not require creditors to report account payment information
to any CRA. Rather, creditors are free to report to none, one, two, or
all three of the national CRA's.
Additionally, some companies apparently intentionally withhold
positive credit information to prevent the loss of customers to
competitors. As a result, the credit reports of these consumers will
not reflect positive payment history, and the consumer will be unable
to access less costly products and services.
Inaccuracies can also occur when a creditor sells a delinquent
account to a debt collector. Once the original creditor sells the
account to a debt collector, the debt collector becomes the furnisher
of information on this account to the CRA's. The main source of
inaccuracy in this case results from incorrect reporting of the date of
initial delinquency on the account.\4\
---------------------------------------------------------------------------
\4\ One concern is that debt collectors may report the date they
purchased or received the
account as the date of initial delinquency, even though the actual date
of initial delinquency was likely much earlier. Because the FCRA
stipulates that most negative information remains on a consumer credit
report for 7 years from the date of initial delinquency, establishing
this date is important to consumers attempting to restore their credit.
---------------------------------------------------------------------------
A further source of inaccurate information is error in the
electronic merging of files that occurs when one consumer's credit
information is mixed with another consumer's file. This typically
occurs with consumers who have similar identifying
information such as a similar name or Social Security number.
Yet another source of inaccuracy occurs when CRA subscribers
request information on one consumer from a CRA database, and obtain
data on another consumer instead. This problem occurs because the
accuracy of the information received from a CRA is inversely related to
the specificity of the identifying data elements that are used to
search the database. That is, subscribers who use fewer identifying
elements are more likely to receive credit information unrelated to the
consumer about whom they are seeking credit information. For example, a
subscriber who uses only name and address information will likely
receive more matches (and consequently less accurate information) than
a subscriber who uses additional identifiers (such as Social Security
number and date of birth).
Consumers are typically required to pay a fee when obtaining a copy
of their credit report. The FCRA allows CRA's to charge consumers a fee of up to $9 (plus applicable State tax) for a copy of their credit report. Six
States entitle consumers to one free credit report from each CRA
annually, while other States cap the cost of credit reports below the
Federally mandated level.
Because most consumers have separate files at all three national
CRA's, consumers are well-advised to purchase their credit report from
all of them to ensure that each of their credit reports are accurate.
They are used by potential lenders to provide an instant summary of
information contained in the consumer's credit
report and may be used to rank consumers to determine whether they
qualify for a loan, how much they should be lent, and at what rate.
Then there is the problem of identity theft that I raised earlier.
At issue here is the role of the FCRA in preventing identity theft and
assisting victims of this crime. Previously, I noted that older persons
can be an appealing target for such theft
because they typically have significant available credit to draw on.
They can also be victimized by family members or caregivers who have
access to their personal information. It appears that all too often,
the identity thief takes the individual's personal information and uses
it to open fraudulent accounts based on the unknowing victim's credit
report information.
FTC complaint data show that consumers often experience substantial
difficulty in correcting information they dispute. One concern is that
reinvestigation procedures used by CRA's are inadequate. Another
problem is the reappearance of incorrect information previously deleted
from a consumer's credit report. In addition,
victims of identity theft have reported difficulty in removing
fraudulent items from their credit reports even after the identity
theft has been discovered.
Another FCRA issue involves the preemption of some aspects of
existing State credit reporting laws. Most States have laws relating to
credit reporting, and generally the FCRA does not preempt State laws
that provide greater consumer protections. Should the State preemptions
expire on January 1, 2004, as required under the FCRA, States would be
allowed to enact legislation governing the sharing of such information.
Our survey of issues concludes with the 2-year statute of
limitations provided by the FCRA. This issue is the result of a 2001
Supreme Court decision involving an identity theft victim's suit
against a CRA for failing to take reasonable steps to ensure the CRA
was issuing a credit report for the right person. The Court's ruling is
a major concern for identity theft victims and their counsels because
it takes an average of 14 months for victims to learn of the theft and
subsequent damage to their credit reports. As a result, consumers who
do not learn of problems in their credit reports quickly enough may
have no legal recourse.

Some Recommendations
To address these concerns, we recommend that Congress and the
Administration:

Provide stronger enforcement of rules requiring the date of
initial delinquency to be reported correctly by debt collectors.
The FCRA requires furnishers of such information to verify the
accuracy of the data reported when challenged by a consumer. This
proposal is intended to prevent the reporting of negative
information beyond the time limits provided by the FCRA.
Require subscribers who purchase credit reports from CRA's to
provide the same standard of identification to retrieve a
consumer's credit report as is required of consumers seeking their
own credit report. Because CRA's have procedures in place for
consumer access, these same procedures can be applied to
subscribers requesting credit reports.
Require CRA's to provide consumers with at least one annual
free credit report a year to make it easier and less expensive for
consumers to monitor their credit reports. Prohibitions need to be
enacted that protect consumers from fraudulent ``credit-repair''
practitioners.
Allow consumers to place a security freeze on their credit
report, and issue to consumers a password to prevent their credit
report from being accessed without their express authorization.
California recently enacted such a provision. This procedure slows
down the process for retrieving a consumer's credit report because
the consumer must first contact the CRA's and give permission for
the release of his or her credit report to the specified individual
or business, thereby providing an extra check to prevent fraud.
Require CRA's to permanently block fraudulent accounts on the
credit reports of identity theft victims. Such blocking is required
under California law and has been proposed under Federal
legislation. This requires CRA's to correctly identify that the
account is fraudulent despite the fact that the account may have
been sold to a debt collector and been reported as a separate
account.
Require the FTC to monitor how effectively consumer disputes
with CRA's are
resolved.
Allow the Federal preemptions to expire as originally intended
under the FCRA unless Federal legislation providing greater
consumer protections can be enacted.
Change the statute of limitations to allow consumers more time
to discover potential problems in their credit reports. Federal
legislation has been proposed to extend the statute of limitations.
Changing it to 2 years from the time the violation is discovered,
or should have been discovered by the exercise of due diligence by
the consumer, would give consumers a longer time frame in which to
act.

Conclusion
AARP supports strengthened Federal, State, and local efforts to
hold the perpetrators of identity theft and fraud accountable. We are
prepared to work with you, Chairman Shelby, Senator Sarbanes, and with
the other Members of this Committee in this regard. However, we also
believe that efforts to improve accountability should be complemented
with effective measures to provide victim assistance.
And we believe that the practices of credit reporting agencies
should be reformed to protect consumers and businesses against
erroneous information, provide greater consumer access to credit files,
enable consumers to correct erroneous information more easily, require
that credit reports be more user-friendly, and require the purging of
files after a reasonable time. We would be very happy to work with the
Committee in updating and upgrading the FCRA.
I would be pleased to answer any questions that you may have.

REPONSE TO WRITTEN QUESTION OF SENATOR DOLE
FROM J. HOWARD BEALES, III

Q.1. Mr. Beales, while there is always room for improvement, do
you believe that the credit reporting agencies are doing enough
to combat identity theft?

A.1. I am gratified by the credit reporting agencies' adoption
of several new programs to assist victims of identity theft.
The police
report blocking initiative, the joint fraud alert, and their
endorsement of our uniform identity theft affidavit all
demonstrate a willingness on the part of the agencies to work
with the Federal Trade Commission in finding ways to relieve
the burden on victims of identity theft. As discussed in the
Commission's July 10, 2003 testimony, the Commission supports
legislative codification of these practices.
As further outlined in the Commission's testimony, we
believe that there are areas where the consumer reporting
agencies can do more to help in the area of identity theft.
Providing consumers with access to free credit reports may
alert them to possible identity theft. In addition, free
reports will enable consumers to keep a closer watch on their
credit history.

RESPONSE TO WRITTEN QUESTION OF SENATOR MILLER
FROM J. HOWARD BEALES, III

Q.1. What legislative remedies would you recommend that the
Senate Banking Committee include in a FCRA bill?

A.1. The Commission's July 10 testimony set forth specific
legislative recommendations to the Committee.

RESPONSE TO WRITTEN QUESTION OF SENATOR MILLER
FROM TIMOTHY CADDIGAN

Q.1. In Mr. Harrison's testimony he discusses the fact that
Army officials at Ft. Bragg, North Carolina, issued his
identity theft perpetrator an active duty military identity
card in his name and Social Security number and that he has had
trouble clearing up his identity issues. Is the Secret Service
also working with the military to combat identity theft? If so,
to what degree?

A.1. The Secret Service works with many different State and
local law enforcement agencies, as well as military law
enforcement units, through our local field offices across the
country. In cases involving military personnel as either
victims or perpetrators, the
individual military units (Army CID, Navy CIS, or Air Force
OIG) and our local field offices collaborate on the
investigation.
On a national level, the new Identity Crime Video/CD-ROM
the Secret Service has produced in partnership with the
International Association of Chiefs of Police and others is
being distributed to every local and State law enforcement
agency in the country, including each military law enforcement
office on every military base in the United States. In
addition, the Secret Service provides resources on counterfeit
checks, counterfeit documents, credit cards, and fictitious
instruments to military investigators, all of which can be
highly useful to an identity crime investigation.

RESPONSE TO WRITTEN QUESTIONS OF SENATOR DOLE
FROM MICHAEL D. CUNNINGHAM

Q.1. Mr. Cunningham, how does affiliate sharing assist in your
business' efforts to combat identity theft?

A.1. From a fraud perspective, affiliate sharing allows us to
prevent our customers from becoming identity theft victims
through address verification and fraud files. For example, a
mortgage can be used to verify the address on a credit card
application. Imagine having a mortgage with a company that
contacts you because they need to verify your address on a
credit card application. Affiliate sharing also allows us to
expedite processing and avoid the inconvenience customers may
experience if we required them to submit documentation.
Furthermore, if a customer becomes a victim of identity theft,
through affiliate sharing we can prevent additional account
compromises and facilitate a quicker recovery of funds and the
victim's identity. Affiliate sharing also provides us with
enhanced servicing opportunities by offering targeted products
to our customers.

Q.2. After our last hearing on the Fair Credit Reporting Act
Authorization my friend, Senator Dodd, was good enough to send
me a copy of a series of articles written by the
HartfordCurrent recently which detailed some very distressing
charges of errors the paper says have been built into the
credit reporting system. One such charge was that credit
reporting agencies have the incentive to put false information
in a credit report because a potential creditor is more likely
to buy a report with more information in it because they assume
that it must be more accurate. I find that hard to believe. Mr.
Cunningham, since you represent a bank which purchases credit
reports, would you comment on that charge?

A.2. We value the data integrity, not the quantity of data,
when contracting with the credit bureaus.

RESPONSE TO WRITTEN QUESTION OF SENATOR MILLER
FROM MICHAEL D. CUNNINGHAM

Q.1. Do you think that the credit bureaus are doing enough to
help victims of identity theft clear and correct their
information?

A.1. I believe the credit bureaus are focused on assisting
victims in recovering their identity and preventing additional
occurrences.
Please feel free to contact me if I can be of any
additional assistance to the Committee on this very important
issue.

RESPONSE TO WRITTEN QUESTION OF SENATOR DOLE
FROM JOHN M. HARRISON

Q.1. Mr. Harrison, your testimony was excellent and I believe
it gave us a new appreciation for the ordeal victims of
identity theft go through. I would like to clarify a few of
your points for the record. In your written testimony you
state, ``My conclusion is, there is no system in place to
assist an identity theft victim when banking accounts are
opened in your name and Social Security number, but are
completely removed and unrelated to your own banking accounts.
This industry is well behind the progress that has been made in
the credit industry.'' You appear to be holding up the credit
bureaus, even though they admittedly have problems, as an
example for banks. Is that accurate?

A.1. Thank you for allowing me the opportunity to clarify part
of my testimony for you. Your question is in regards to my
comment about fraudulent banking accounts, the system
surrounding those accounts and whether I am holding up the
credit bureaus as an example for banks.
In fact, it is not the credit bureaus I am holding up as an
example, it is the system surrounding the credit industry as a
whole that I am comparing to the banking industry's system. In
my own situation, I have dealt with both types of fraud and I
am in a good position to make the comparison. The problems that
do exist within the credit system are a result of the
participants not meeting their responsibilities; not the system
itself.
Creditors have a choice between three credit reporting
agencies for account authorization and also to report both
positive and negative information on consumers. Even after my
identity was stolen and the many fraudulent accounts were
opened, it could have been a manageable situation for me had
the repositories, creditors, and debt collectors simply
followed the rules within the system. That happens less than
most people would think and the consequences they face for
repeatedly making the same mistakes are minimal. Still . . .
within that system a victim can maintain their hope. The
fraudulent information is contained within those three
repositories. Through persistence, through repetitiveness, a
victim can order the reports, dispute the fraudulent accounts
and continue to do that until one day, the updated reports have
no more erroneous information on them.
It did not take me long to learn that this same process
cannot be used when dealing with savings and checking accounts
fraudulently opened in my name. That system, or lack thereof,
is far more complex, less cooperative, and not consumer-
friendly. Banking accounts and bad checks get reported in many
more databases than credit accounts. The majority of companies
that maintain these databases do not consider themselves
reporting agencies and therefore do not adhere to the FCRA.
These companies feel no responsibility to assist victims or
send them consumer reports. This creates a problem getting
information and also makes it difficult for a victim to verify
the negative information has actually been removed from the
database.
An identity theft victim dealing with bank fraud must
communicate with banks, merchant's that accept checks, the
merchant's check service company, and national databases to
resolve their situation. Literally, there are hundreds of
companies storing information on consumers and all that
information is shared between those companies. Additionally,
not all the information that is stored in those databases is
listed under the victim's Social Security number. Companies
that maintain databases of bad check writers store that
information under driver's license numbers and routing/account
numbers for each check. The average consumer would not have an
understanding of how information is stored in these databases
or how they relate to one another. Without that understanding,
a victim of check fraud cannot get to the information contained
in these databases to dispute it.
The second great difficulty that I discovered is when a
fraudulent credit account is opened in your name and you are
successful in
resolving the account with the creditor and the credit bureau
reporting it, all transactions associated with that account are
also resolved. This is not the case with checking accounts.
Even if you are successful in removing the fraudulent
information from the reporting agency, even if you successfully
dispute the account directly with the bank that opened it; each
check written on that account has already become its own
individual debt. There is still a merchant, his/ her debt
collector, or the merchant's check management company
attempting to collect on the bad check.
Still another difference between credit fraud and checking
fraud: When a creditor suspects fraud and closes the account,
the credit account is no longer useable by the imposter. When a
bank closes an account for cause, the imposter can still
continue using those checks for weeks or even months.
My belief is the hundreds or even thousands of these check
management companies are credit reporting agencies. They
maintain information files on consumers. That information is
sold to their customers and used in the legitimate business
transaction of whether a check is accepted or declined by the
merchant. Further, they share consumer information with their
affiliates and some of their websites indicate they also sell
consumer information to third parties. A great deal of
attention has been paid to the three major repositories and the
credit industry themselves has at least acknowledge the problem
of identity theft and are addressing it. The banking/checking
industries are virtually silent on the issue of identity theft
and have not even begun to put procedures in place to assist
victims of identity theft.
I hope this sufficiently clarifies my comment and again I
appreciate this opportunity to further address the issue of
banking/checking fraud. Through default, I have a great deal
of' knowledge and experience with the systems victims encounter
in attempting to restore their names and reputations. Please
feel free to call upon me at any time to answer questions or
inquiries about the reality of those systems.

RESPONSE TO WRITTEN QUESTION OF SENATOR MILLER
FROM JOHN M. HARRISON

Q.1. Mr. Harrison, I am sorry to hear about your personal
situation regarding your identity theft. It does sound like it
has been a challenge. Let me ask you, in your statement you
say, ``Equifax has failed to meet nearly all the provisions of
the FCRA.'' Could you tell me what you mean by that statement
so I can understand your point of view better?

A.1. Thank you for allowing me the opportunity to clarify part
of my testimony for you. You have asked me to provide
additional understanding of the statement in my written
testimony, ``Equifax has failed to meet nearly all the
provisions of the FCRA.''
I can begin by giving you a snapshot of what appears on my
repository reports 21 months after learning I was an identity
theft victim. There are no fraudulent accounts appearing on
either my TransUnion or Experian reports presently. At times,
new debts related to my identity theft appear on my Experian
report, but the situation is manageable and I can generally
have those accounts removed with an online dispute to Experian.
TransUnion allowed me to take advantage of a new California law
to freeze my credit report. They offered this to me free of
charge and since my report was frozen, I have had no accounts
related to my identity theft appear on my TransUnion report.
In contrast, there are still 30 fraudulent accounts being
reported by Equifax presently. Those 30 accounts are being
reported on 2 separate reports that Equifax has in their system
in my name and Social Security number. Equifax consistently
sends one of those reports to my creditors and it contains 18
fraudulent accounts. Many of those accounts were disputed and
thought resolved in November and December 2001. There are also
110 inquiries on that report from companies that requested my
file. The second report, which Equifax sends to me when I
request my consumer file, only contains 12 fraudulent accounts.
There are 26 inquiries from companies on this file.
While both TransUnion and Experian responded to each of my
dispute letters, it took 11 months and three dispute letters to
get my report from Equifax. When I finally received that report
and the results of my reinvestigation, Equifax had failed to
delete the accounts which they said would be deleted as a
result of that investigation and those accounts still remain on
my report. Equifax still has my current address, current
employer, and phone number wrong in their system despite my
efforts to correct them. They also refused to investigate any
of the inquiries they were generated as a result of fraudulent
accounts claiming they are a factual repre-
sentation of my consumer file.
For certain I have had some difficulties with the other two
repositories and they have made mistakes that are clear
violations of the FCRA. However, I have always felt they were
at least making an effort to comply with FCRA and those
mistakes were easy for me to overlook. Equifax in my opinion
has made no effort on my behalf. I do not believe they have
taken the time to read any of my dispute letters or review the
18 pages of supporting documentation I included with those
letters. If someone at Equifax had set out to deliberately make
a mess of my credit file; I do not believe they could have done
a better job of it than exists right now.
I hope this sufficiently clarifies my statement about
Equifax and again I appreciate this opportunity to be a part of
the process. Through default, I have a great deal of knowledge
and experience with the systems victims encounter in attempting
to restore their names and reputations. Please feel free to
call upon me at any time to answer questions or inquiries about
the reality of those systems.

RESPONSE TO WRITTEN QUESTION OF SENATOR MILLER
FROM LINDA FOLEY

Q.1. Do you think the credit bureaus are doing enough to help
victims of identity fraud clear and correct their information?
If not, what should they do?

A.1. ITRC does not think that the CRA's are doing enough. While
we recognize that the CRA's are just data collectors, they have
also accepted the role of helping in dispute and information
management and that is where they tend to fall down.

1. Failure to follow established dispute process--ITRC has
heard from victims that use the designated CRA dispute process
(fill out the dispute form, attach police report and evidence).
Only it appears that the evidence or items submitted with the
dispute form is not forwarded to the credit issuer or
collection agency. This results in the dispute being denied and
forcing the victim to try to contact the issuer directly,
creating more delays and time consumed by the victim in
resolving issues. Due to this problem, ITRC is now advising
victims to deal directly with the issuers rather than the CRA's
to avoid these delays. The only exception is in California
where the CRA is required to block the item. In this State, the
ITRC recommends that the consumer contact both the CRA's and
the issuers which results in additional costs and time for the
consumer.
2. Blocked line items--When the CRA blocks a line item, it
needs to be blocked from everyone. ITRC has heard from too many
consumers that an entity requesting a report sees items that
were blocked or suppressed. In other words, the report the
consumer receives shows that the item has been removed /blocked
but the item is still shown on the report sent to the
commercial requester.
3. Misinformation and half matches--The CRA's appear to
include information either in a report or on a ``suppressed''
file that was from an application that partially matches the
consumer. For example, the name is the same but spelled
differently (Swanson v. Swansson) and the Social Security
number matches 7 of the 9 numbers. That application is included
in the consumer's file even though it is only a partial match.
This results in misinformation affecting credit decisions. This
misinformation may be the result of an identity theft attempt--
shoulder surfers or dumpster divers who did not quite remember
or see the full information.
4. Non-English speakers--The CRA's require all consumers to
use automated phone systems or the mail to request a credit
report. The automated systems are in English only. We need to
allow all consumers access to this vital information. The
automated systems must have a Spanish language option and
perhaps the ability to access an AT&T language translator for
help in ordering his/her credit report. In addition, the CRA's
must send instructions on how to read a report in the
requesting languages or at least in maybe 5 of the languages
that the national census shows are the largest population
groups.
5. Access to fraud specialists--Due to the automated
systems, consumers can only speak with a CRA consumer rep when
they have a report and then only for about 3 months after
receiving the report. They call a special number, type in the
report number and are connected. If that 90-day window has
ended, they cannot access a person to ask questions. Due to the
complexity of this crime, victims need longer access to CRA
personnel. ITRC would recommend that period of time be extended
to 180 days, minimum.
6. Access to fraud specialists--It has also been reported
by some of the victims that once they get their reports, they
are only allowed one phone call to a fraud investigator at a
bureau and then that report number no longer allows them access
to the bureau's fraud division.
7. Two files-one Social Security number--Recently a victim
called ITRC with the following complaint. It is one that we
have heard numerous times before. The car dealer asked for a
credit check using the man's Social Security number only. A
report came in with his Social Security number but with another
person's name and information. When the dealer asked for a
report with the victim's name and Social Security number a
totally different report came back. In other words, there are
two reports with the same Social Security number. The second
report with the different name is an imposter (in this case a
family member) who stole the victim's identity when he was a
child. In fact, it even says on the report that credit was
established prior to the age of 18 and includes a bankruptcy.
This man is in the military and this problem may affect his
entire career.
8. Time issues--In some cases of identity theft, clearing
up the problem is time sensitive. A park ranger called today.
She was just told that a financial check showed a collection
notice from First Premier Bank. She now must wait about 2 weeks
for her credit reports and is unable to get beyond a customer
rep at the bank to find out about this credit card she never
opened. What she does know is that it is in her name and Social
Security number but with an address she never lived at. She
cannot wait several weeks to clear up this problem. The job
will be gone tomorrow unless she can deal with this today. With
the automated systems, there is no one to talk with for a line-
block during investigation at the bureaus until she gets her
report--which will be too late to help her. This is a common
problem for those dealing with job background checks, loans for
purchasing homes/car, or checks done for tenancy.
9. CRA cross-linking files--Some victims of extreme
identity theft situations change their Social Security number.
It is a last ditch
effort to disassociate from a thief that is unstoppable. It
brings severe consequences since so much of our personal
history is linked to that number. You lose your college
records, credit history, and more. It is as if you were born
yesterday. People question you--are you a thief who has just
made up the information, an illegal immigrant, etc.? ITRC only
recommends this step in the worst of cases.
It has been brought to ITRC's attention that in some cases
the CRA is cross-linking the old and new Social Security
number--an action that negates the changing of the Social
Security number. Old and new numbers must remain separate
(except with SSA and IRS per policy) or this extreme measure is
ineffective. The purpose of changing one's Social Security
number is to stop the thief from using your information. If the
CRA cross-links the numbers, the thief 's actions appear on the
new Social Security number and credit report. This means the
victim is once again compromised. The CRA report is also a
source of information for bail bondsmen and law enforcement.
Unfortunately, many of these severe cases had thieves who broke
the law while using the victim's Social Security number. This
cross-linking may also result in the arrest of an innocent
person.
We would also like to address a couple other topics that
were brought up by other panel members:

1. Mandatory Fraud Alert Observation: This has been a topic
that is a sore spot for many victims and consumers. Far too
many victims have placed alerts on their credit reports only to
have companies ignore them. The bottom line is this: Why does a
company have the right to ignore my warnings or requests,
placed for their benefit to protect both the company and the
consumer from fraud?
2. In the current version of the House Bill H.R. 2622,
there is a mandatory observation section. There are two
problems with this bill. First, it includes only those who
already are victims. Consumers who wish to place a ``security
alert'' as a proactive measure are unable to do so. It is vital
that we act proactively and not just help in remediation.
Second, the bill allows retailers to decide
either to honor the ``alert me notice in the following manner''
which was placed by the consumer or to decide an alternate
method. The problem with this is that info usually used is from
the credit report. Once an imposter has become active in your
life your credit report no longer represents your true
information and only the thief would be able to answer any
questions based on the report.
Thank you for the opportunity to work with your Committee.

RESPONSE TO WRITTEN QUESTION OF SENATOR MILLER
FROM WILLIAM HOUGH

Q.1. Do you think the credit bureaus are doing enough to help
the victims of identity fraud clear and correct their
information? If not, what should they do?

A.1. The current system of reporting identity theft problems to
the credit bureau could be improved by providing one toll-free
800 number that would allow the consumer to notify all bureaus
of their situation. Thus, through centralized notification, all
bureaus would place an identity theft alert on the consumer's
files with one call. This 1-800 process, I believe, is
currently being developed and would be a significant benefit.
On the subject of clearing and correcting consumer
information, over the past few years the credit bureaus and the
industry have developed several tools to handle the information
correction process more efficiently. For example, the E-OSCAR
system (Online Solution for Complete Accurate Reporting) allows
both merchants and credit bureaus to respond quickly (via
Internet access) to these consumer inquiries and get them
resolved faster.
While any process can always be enhanced, the credit
bureaus have and continue to make significant progress to aid
identity theft victims.

RESPONSE TO WRITTEN QUESTION OF SENATOR MILLER
FROM MICHAEL W. NAYLOR

Q.1. Do you think the credit bureaus are doing enough to help
the victims of identity fraud clear and correct their
information? If not, what should they do?

A.1. We believe credit bureaus can do more, and act more
efficiently and effectively, to prevent identity theft from
occurring, and to help victims recover their good credit and
name after the fact.
The AARP's recommendations for increasing the involvement
of consumer credit reporting agencies (CRA's) to help solve
this problem, include:

Requiring CRA's to provide consumers with at least one
annual free credit report a year to make it easier and less
expensive for consumers to monitor their credit reports.
Requiring subscribers who purchase credit reports from
CRA's to provide the same standard of identification to
retrieve a consumer's credit report as is required of
consumers seeking their own credit report. Because the
CRA's have procedures in place for consumer access, these
same procedures can be applied to subscribers requesting
credit reports.
Allowing consumers to place a security freeze on their
credit report, and issue to consumers a password to prevent
their credit report from being accessed without their
express authorization.
Requiring CRA's to permanently block fraudulent
accounts on the credit reports of identity theft victims.

AFFILIATE SHARING PRACTICES
AND THEIR RELATIONSHIP WITH
THE FAIR CREDIT REPORTING ACT

----------

THURSDAY, JUNE 26, 2003

U.S. Senate,
Committee on Banking, Housing, and Urban Affairs,
Washington, DC.

The Committee met at 10:07 a.m. in room SD-538, Dirksen
Senate Office Building, Senator Richard C. Shelby (Chairman of
the Committee) presiding.

OPENING STATEMENT OF CHAIRMAN RICHARD C. SHELBY

Chairman Shelby. The hearing will come to order.
First of all, I want to thank the witnesses for being here
today. This morning, we are examining the provisions of the
Fair Credit Reporting Act which established the rules for
information sharing among affiliated entities.
I believe that this is an area which deserves particularly
close scrutiny in the reauthorization process because of the
considerable changes that have occurred in the financial
service sector since the passage of the 1996 Fair Credit
Reporting Act amendments.
Frankly, activities which were once strictly prohibited now
commonly occur within the industry. The changes made to the
financial services laws permit financial services firms to
engage in new lines of business and to operate using larger and
much more complex corporate structures.
The purpose of this hearing is to consider this
contemporary landscape and assess how well the Fair Credit
Reporting Act operates in the context of current practices. To
do this, I believe we must consider the types of affiliate
structures firms use and look at the kinds of information they
share and ascertain the purposes for which they share it.
We must also examine the level of consumer understanding of

information-sharing practices--are the consumers aware that
their financial information is shared, do they recognize the
range of entities it is shared with, does such sharing pose any
threats to them, do they have concerns about such sharing, do
they have choices regarding controlling the sharing?
Hopefully, through the course of today's hearing, we can
address these issues. As we go forward, we will have to closely
measure these issues in order to be able to develop a product
that achieves the most effective, efficient, balanced, and fair
system possible.
Senator Johnson.

STATEMENT OF SENATOR TIM JOHNSON

Senator Johnson. Well, thank you, Chairman Shelby, for
holding today's hearing on affiliate sharing and the Fair
Credit Reporting Act. I would like to welcome today's witnesses
whose thoughtful written testimony has been helpful in laying
out both the benefits of information sharing and some concerns
that we should keep in mind as this debate goes forward.
I would also like to extend a special welcome to Terry
Baloun, who is a Regional President and Group Head of Wells
Fargo Bank in South Dakota, North Dakota, Montana, and Western
Minnesota. Terry has spent a good deal of time in communities
throughout our State, and he knows firsthand the challenges of
bringing meaningful credit opportunities to rural America. We
face particular challenges, from low population density to
specialized issues related to agricultural lending, and Wells
Fargo plays an important role in the financial services sector
in the Upper Midwest.
In fact, national firms like Wells Fargo and Citigroup,
which is also represented here today, are critical to the
economic vitality of rural States like South Dakota. While
smaller local banks and credit unions are the lifeblood of our
communities, and provide critical lending services to people
throughout rural States, their services are complemented by
larger financial conglomerates like Wells and Citi. Some people
prefer to patronize small banks, some prefer credit unions, and
some prefer the one-stop shopping they find at larger financial
services firms.
The point is that people have choice. And in rural America,
we do not take that for granted. For example, in the area of
health insurance, by August, we will have only two insurance
companies left in my State offering individual policies, and
the lack of competition has had devastating results on farmers,
ranchers and other self-employed workers. But the nationwide
system of credit that now permits companies to operate around
the country with one set of rules overcomes the negative
economics of a small population living across a large State.
The expanded choice in the financial services marketplace
extends beyond simply the type of financial institution to an
exploding array of financial products now available to retail
customers, ranging from complex to the simple. For example,
Citigroup allows mortgage customers to pledge from a Smith
Barney brokerage account to collateralize the loan rather than
liquidate the portfolio to come up with a downpayment. By the
same token, Wells Fargo customers can pay their mortgage at any
local branch or ATM, even though the mortgage company and the
bank are separate entities within the same corporate family.
Neither of these services would be possible without information
sharing among affiliates.
On the retail side, affiliate sharing has benefits as well
as Mr. Prill notes in great detail in his written testimony.
These range from making computerized returns without a receipt,
to storage and retrieval of warranty information, to returns of
Internet purchases to a brick-and-mortar storefront, to
screening for bad checks through an instant authorization
system. And of great relevance to our discussion last week,
customer information is critical in preventing identity theft
in both the retail and the banking sectors. In fact, Special
Agent Caddigan of the Secret Service and Mr. Beales of the
Federal Trade Commission stated unequivocally that information
sharing, and in particular information sharing among
affiliates, can play a critical role in our enforcement efforts
against identity theft.
Are these financial services absolutely necessary? Well,
probably not. The world does not come to an end in a cash
economy. And I want to make clear that I take seriously the
concerns some of today's witnesses raise about affiliate
sharing. But the impact of product innovation on economic
growth, consumer choice, and the democratization of credit have
been undeniable.
It is this very balance between growth and innovation on
the one side, and individual privacy rights on the other, that
drove Congress' decision in 1996 to preempt seven critical
provisions of the FCRA from State action. We wanted to
encourage a national marketplace for credit that maximizes
appropriate consumer access to affordable credit and, to a
remarkable degree, we have succeeded.
Again, I believe this issue fundamentally is about consumer
choice. And that includes a consumer's right to choose not to
be part of an affiliate-sharing arrangement. The first
opportunity to choose comes when a consumer decides to
establish a relationship with a company: in some sense, the
decision to do business with a larger or smaller institution is
the ultimate opt in. The second opportunity to choose comes
when the consumer is presented with an opportunity to opt out
of affiliate sharing. To be effective, this option must be
clear and meaningful. I am interested in hearing from the
witnesses what steps, if any, they would suggest beyond the
mandatory privacy notices to give customers a meaningful opt
out opportunity.
So thank you, Chairman Shelby. I thank you, Senator
Sarbanes, for your leadership on this issue, and I look forward
to the opportunity to hear more from this panel. I have several
other conflicting obligations, and I will likely have to excuse
myself prior to entire panel being concluded.
Thank you, Mr. Chairman.
Chairman Shelby. Senator Bennett.

STATEMENT OF SENATOR ROBERT F. BENNETT

Senator Bennett. Thank you, Mr. Chairman.
I remember from my own business experience that one does
not seek a bank, one seeks a banker. One seeks a relationship
where you are known, your background is known, and therefore
you can deal with a sense of confidence, and the banker can
deal with a sense of confidence about your background.
If we put up artificial barriers within financial
institutions to the sharing of information, we create a
situation where one cannot be known. As Senator Johnson has
said, the first opt in is the choice you make as to the
organization with whom you deal, and once you have made that
choice, it seems to me, as a consumer, you want everyone in
that organization to know all about you so that the good
reasons they have to give you credit or offer you products in
one part of the organization will go with you to the other part
of the organization, and you will not have to reintroduce
yourself again and again to try to get those services.
If you find, as some witnesses have suggested in previous
hearings, that you are being badly dealt with as a result of
the way that information is shared, this is America, and you
can walk out the door and take your business someplace else. I
am always interested that many of the people who get upset
about activities that businesses engage in assume that the
business exists to fleece you. I can assure you that business
exists to get a consumer to come back.
Business exists to try to have as much repeat business from
reliable consumers as it possibly can. I am using the wrong
pronouns here. Business people, there is no such thing as a
business, business people want to have as many repeat customers
as they possibly can. They want to build brand loyalty and
customer loyalty, and as I have heard some horror stories that
said a bank did this or bankers did this or that with my
information, the immediate reaction I had was why would any
customer ever deal with that banker again if, in fact, that was
done? The ultimate opt out is the one to which Senator Johnson
has referred, that you take your business, and you go someplace
else.
So intelligent businessmen and women will do everything
they can to use the information within affiliates in a way that
will benefit the consumer so that the consumer will want to
come back, will want to stay with that institution and all of
its affiliates, and that is the way successful businesses are
built, and that is the way consumers want it, and that is one
of the magic aspects of American commerce.
We have more flexibility, consumers have more choices, they
have more opportunities to expand their purchasing options in
America than anyplace else, and I think the sharing of
information intelligently and for the purpose of trying to
build repeat business is one of the reasons that American
consumers are so well-served.
So, I will look forward to the testimony from the
witnesses, and hope that the prejudices and preconceptions that
I have just outlined will either be confirmed or corrected,
depending on the information the witnesses have to share with
us today.
Thank you, Mr. Chairman.
Chairman Shelby. Senator Sarbanes.

STATEMENT OF SENATOR PAUL S. SARBANES

Senator Sarbanes. Mr. Chairman, thank you very much. I
commend you for holding what I regard to be quite an important
hearing on affiliate sharing practices and regulation.
I think it is fair to say an affiliate used to be one of a
small group of companies performing a similar business. Today,
an affiliate could be one of hundreds or more companies, many
of which engage in different businesses, and the question, of
course, is in the minds of many consumers, that broad scope of
affiliates are often thought of as third parties. So there has
been a quantum expansion, I think, in the concept of
affiliates, and we need to bear that in mind.
Of course, we are looking now at the problem of whether to
extend the Federal preemption of State law which governs
affiliate sharing and, if so, under what conditions, and that
poses important questions about the right of consumers, in
terms of what can be done with their confidential financial
information.
The information under current law which can be disclosed is
really quite far-reaching: savings and checking account
balances, certificate of deposit maturity dates and balances,
checks individuals write, checks deposited in a customer's
account, stock and mutual fund purchases and sales, life
insurance payouts and so forth.
So that the universe of confidential and sensitive
financial information that is being shared or sold has not only
increased dramatically over the past several years, but I am
not sure consumers are fully abreast of how widespread it is.
This is underscored, of course, because every survey shows
considerable sensitivity on the part of people with respect to
the privacy of their financial information. In California,
where privacy has become a major issue, statewide polls show
from 75, 85, 90 percent say consumers should provide their
permission for the use of the financial information. There have
been efforts at legislation. In California, I understand that
this issue may go to initiative. So it may be put to the
electorate in a very different form than the ability to work at
it, as one can do, in a legislative context.
Hopefully, this hearing will help to develop what specific
consumer data financial institutions circulate to affiliated
businesses, for what purposes the affiliates use such data, the
awareness of consumers as to which businesses are receiving
their information. These are all important questions, and
obviously the sensitivity across the country, I think, to the
question of the privacy of financial information is growing and
growing. And I think we have to figure out some way to address
it. I hope we will hear, in that regard, from the panel,
including the representatives of the financial institutions,
which after all have a major interest in this question as well,
but I do not think the issue in the country has reached
anything approaching equilibrium, where people are satisfied
with a situation. Therefore, until that occurs, there are going
to be continuing calls for action of one sort or another,
whether it be regulatory, legislative, or even, as California
is considering, actually initiated right from the electorate to
try to deal with this issue.
Thank you, Mr. Chairman.
Chairman Shelby. Senator Allard.

STATEMENT OF SENATOR WAYNE ALLARD

Senator Allard. Thank you, Mr. Chairman. I will be brief. I
just want to thank you right at the start for holding this
hearing. I want to thank the witnesses for agreeing to be on
the panel. You being a part of this discussion is really
important. It is not always easy to get away from your jobs and
businesses to be here, but I look forward to hearing your
comments.
Information sharing is a vital part of the U.S. financial
and business systems and it has contributed to the vibrancy of
the U.S. economy. While it is necessary to protect a consumer's
personal information, certain sharing of information is
necessary for U.S. financial and business systems to function
and operate smoothly.
Affiliate sharing allows the operation of our national
credit reporting system by enabling lenders to perform
effective credit underwriting and credit monitoring. This
ability is important for the industry to reduce their overall
risk of loss. At the same time, customers deserve protection of
certain information. I look forward to today's discussion of
affiliate sharing and how this Committee can facilitate
striking the appropriate balance between consumer protection
and business needs.
Again, I would like to thank the witnesses for agreeing to
testify and thank you, Mr. Chairman.
Chairman Shelby. Senator Carper.

COMMENTS OF SENATOR THOMAS R. CARPER

Senator Carper. Thanks, Mr. Chairman.
To all of our witnesses, welcome. I am pleased I get to
spend at least a little bit of time with you. We have got a
whole bunch of things going on this morning. I will be in and
out of the hearing.
One of the things I would hope that will come out here for
us, as we try to move forward on the question of FCRA and the
preemption provisions, a focus on how are consumers better
served by the sharing of information across the company and
through affiliates, and how are consumers better off because of
that.
Also, I would add that, we have a good mix of witnesses
here, people with a lot of different perspectives, and I think
very helpful perspectives. And for me, for a hearing like this
to be really successful, I walk away from the hearing finding
common ground and listening to thoughts of each of our
witnesses, from their own perspectives, the world in which you
live, to try to weave it together into some kind of a
consensus, and I would ask that you keep that in mind, and to
the extent I get to ask a question, I am going to be asking you
where you see the common ground emerging on this issue among
this disparate panel.
Thank you very much.
Chairman Shelby. Thank you. I want to welcome our
distinguished panel of witnesses.
Oh, Senator Dole. We cannot forget her.

STATEMENT OF SENATOR ELIZABETH DOLE

Senator Dole. Thank you, Mr. Chairman. I know I am way down
here on the end.
Chairman Shelby. I had your name here. Sorry.
You have been waiting patiently.
Senator Dole. Thank you.
In the past two hearings on the issues pertaining to the
reauthorization of the Fair Credit Reporting Act, I have
discussed the importance of affiliate sharing with some of our
witnesses. In each instance, the witness agreed that affiliate
sharing is vitally important. Today, we have the opportunity to
more fully explore the numerous advantages that affiliate
sharing provides to consumers, financial institutions, and
public policy objectives. We all benefit now that judgments
based on race and gender have been taken out of the equation of
credit worthiness, and one can now walk into a store and obtain
a line of credit in minutes. Consumers clearly benefit when
they are able to call a single person, as has been mentioned
several times this morning in their bank, and that customer
service agent is able to access each of their different
accounts at once. We all know the frustration of being
transferred from person-to-person when we are attempting to get
our questions answered at a bank. With affiliate sharing,
increasingly more institutions are able to develop systems to
minimize the need to transfer customers from department-to-
department.
In addition, affiliate sharing allows financial
institutions to realize greater efficiencies by permitting them
to consolidate customer service and administrative functions
for their affiliate businesses. A loss of all or part of the
affiliate-sharing preemption would result in an increase of
time and money wasted by consumers across the country, not to
mention the increased frustration caused by being passed from
person-to-person at their bank. Let me be clear: Privacy of
personal information is very important, and I will work to
implement reasonable protections. However, we must strive for a
balance and should not sacrifice the efficiency of our credit
system in the name of privacy. In many ways, I believe our
responsibility is like that of doctors in the Hippocratic Oath:
``First, do no harm.''
Just as importantly, affiliate sharing assists financial
institutions in antiterrorism efforts and in detecting and
preventing money laundering. A customer service agent who can
review all of a customer's accounts is more likely to spot
potential problems or concerns. The value of this added benefit
is extremely important, especially when we rely so heavily on
the vigilance of our financial institutions and their
cooperation with law enforcement officials.
It is my hope that today's hearing will give us an
opportunity to further explore these issues with our witnesses
and that it will lead us all to greater appreciation of the
advantages that consumers, industry, and the Government receive
from the practice. Finally, I want to thank our distinguished
panel of witnesses for taking the time to join us here today,
and I look forward to working with my colleagues as we move
closer to reauthorizing the important preemptions contained in
the Fair Credit Reporting Act.
Thank you, Mr. Chairman.
Chairman Shelby. Thank you, Senator Dole.
Now, I want to welcome, again, our distinguished panel.
First, Professor Joel Reidenberg, Professor of Law at
Fordham University; Ronald Prill, Former President, Target
Financial Services; Terry Baloun, Regional President and Group
Head, Wells Fargo Bank; Julie Brill, Assistant Attorney General
of Vermont; Martin Wong, General Counsel, Global Consumer
Group, Citigroup, Inc.; Edmund Mierzwinski, Consumer Program
Director, U.S. Public Interest Research Group; and Angela
Maynard, Chief Privacy Executive and Counsel, KeyCorp.
We will start with you, Professor.
All of your written statements will be made part of the
record, in their entirety, and if you would briefly sum up your
top points.

STATEMENT OF JOEL R. REIDENBERG

PROFESSOR OF LAW, FORDHAM UNIVERSITY SCHOOL OF LAW

Mr. Reidenberg. Thank you, Mr. Chairman, Ranking Member
Sarbanes, and distinguished Members of the Committee.
I commend you for convening the hearing today on this
important issue and for the leadership you have shown in this
area. I also thank you for the honor and privilege to appear
before you.
I am Professor of Law at Fordham University School of Law,
where I teach courses in information privacy law. I have
written extensively on the regulation of fair information
practices in the private sector and have written specifically
on Fair Credit Reporting Act issues. I have also advised
Federal and State Government agencies on some FCRA litigation
matters.
I am appearing today as an academic expert on privacy law,
and I am not representing any organization or institution. I am
glad that you will be able to include the submitted statement
for the record. I should also mention that my prepared
statement draws, in part, on testimony I gave last month to the
House Subcommittee on Financial Institutions.
What I would like to do this morning is highlight three
points in the testimony and then make several recommendations.
The first point is a context-setting point, specifically that
strong privacy protections are absolutely essential for the
credit reporting system in the United States. As I will discuss
in a few moments, I think the affiliate sharing provisions and
practices undercut this basic principle for privacy law.
When Congress enacted the FCRA in 1970, Congress acted in
response to significant abuses in the credit reporting
industry. The documented abuses included the release of credit
information to noncredit granters, the dissemination of
inaccurate credit information, the inability of consumers to
gain access to their credit reports and the difficulty in
making corrections.
Scandals and distrust were harming the marketplace then. I
think the affiliate sharing provisions will send us back to
that era.
The FCRA was a novel statute at the time of enactment
because it established the basic principle that information
collected for one purpose would be used for statutorily defined
permissible purposes. Any other use needed consent. It included
other important fairness criteria--like rights of access, and
an ability to dispute inaccurate information and have it
corrected. The FCRA included important safeguards for American
citizens related to law enforcement such as due process
requirements for access to credit report information. Overall,
it provided a bedrock set of standards for fair information
practices.
I think it is also important to recognize that the FCRA
never created an overall uniform national standard, as we have
heard numerous times in the various hearings during the past
month. In fact, at the original enactment, Congress and this
Committee, in particular, endorsed the position of State
officials when they testified that we needed essentially a
Federal floor to be supplemented by future State legislation.
In the 1996 Amendments, the temporary and partial
preemption clauses grandfathered three States. As a result, we
have had differences from the start and even after 1996. The
State differences have not impeded credit reporting or
financial decisionmaking. Indeed, if we look at some of the
statistics from the grandfathered States in 1996, we find that
the lowest bankruptcy rates in the country are coming out of
those three States and mortgage loan interest rates tend to be
lower there than in other States. So we have not seen any
problems arising from the fact that there are different
standards.
Weakening of the privacy protections, on the other hand, is
a major problem. Surveys show that 95 percent of Americans
object to the secondary use of their personal information, and
that is exactly what affiliate sharing is allowing to happen
today.
My second point is that there are some unintended
consequences of the affiliate-sharing loophole that enable the
complete circumvention of all of the other protections in the
Fair Credit Reporting Act.
Congress, in allowing affiliate sharing, exempted affiliate
sharing from the definition of a consumer report. By exempting
it in that fashion, key protections of the statute then are
lost for information shared among affiliates although there is
a notice requirement and a one-time opportunity to opt out.
Large groups of affiliated financial and nonfinancial
organizations can easily engage in the same behavior that
Americans found troubling and that caused the enactment of the
Fair Credit Reporting Act in the first place.
To illustrate, let us take a look at some of the specific
affiliate sharing provisions.
The blanket exemption given for experience and transaction
data opens a Pandora's box. An organization can disseminate
experience and transaction data, such as credit card
performance information, insurance status, brokerage account
activity among related companies without the protections of the
FCRA applying such as accuracy or correction. If data is shared
with affiliates, once the affiliates obtain the information and
start using it and resharing it with other affiliates down a
chain of companies, accuracy will disappear and the protections
do not apply.
It is very hard to tell right now the significance of this
exemption. Because of the size of organizations, the scope is
very poorly understood. I think it is very important that we
learn about the specific data transfers that take place and the
specific purposes for which they are being used. Consumers do
not have access to this information. Consumers cannot simply
walk out of the bank and start up a relationship with another
bank in the hopes that their privacy is preserved because they
cannot find out.
More sweepingly, the affiliate-sharing provisions allow the
complete circumvention of basic clauses. Communication to
persons related by common ownership are exempted from the
definition. So we see some examples. It means storage
limitations, the types of uses, all of those protections
disappear.
The industry has already testified at hearings that they
are using this exemption in ways that subvert the original
protections of the Act. TransUnion testified that they promote
affiliate sharing to make underwriting decisions. Citibank
testified earlier this month that it shares information among
affiliates, including credit application, credit bureau data,
information on transactions with customers. MBNA indicated it
shares credit eligibility information, including credit reports
among affiliates.
Once their affiliates have the data--data that has been
exempted from the definition of consumer reports--the other
protections then do not apply to those affiliates. The
potential circumventions are particularly disturbing when we
consider the affiliations of some of the large groups.
TransUnion, for instance, belongs to the Marmon Group. Marmon
has a large series of businesses, including a
syringe needle business, and a residential water treatment
plant. TransUnion provides a notice of affiliate sharing and an
opt out. They can transfer credit reports wholesale to those
companies.
Experian is in the same situation. Experian is owned by a
British company, Great Universal Stores. Great Universal Stores
also owns Metromail and Burberry's. If Experian were to provide
notice of affiliate sharing and an opt out, Experian could
transfer the entire credit reporting database to Metromail,
which is a direct marketing company. Well, as it turns out,
Experian does just that. If you order a credit report from
Experian online or if you subscribe to Experian's service that
provides the credit watch function, Experian gives a notice,
and an opt out of affiliate sharing. I do not think there is
any way a consumer would recognize that Metromail is now
entitled to receive their credit report, could do anything with
that credit report and none of the protections of the statute
would apply.
Affiliate sharing also allows the Government to engage in
surveillance outside the due process protections of the FCRA.
Equifax, for example, operates through a number of changing
groups. It is a little hard to figure out exactly how their
corporate structure is defined from reading their annual
reports, but their apparent group of affiliates includes one
that provides information services to the Government. Equifax's
Online Privacy Policy and Fair Information Principles statement
informs consumers who request copies of their credit reports
that they may disclose the information to affiliates.
Well, what that suggests is that Equifax would have an
ability to transfer the credit report database to an affiliate
that provides information services to the Government. Once the
affiliate receives it, the permissible purposes and the due
process restrictions would not apply.
Now, in each of these examples, I do not have any specific
information to suggest that these companies are, in fact,
exploiting this loophole because, again, it is not possible for
a consumer to learn that information.
What you find, though, is these practices are clearly
authorized by the statute, and the companies disclose that they
intend to do these sorts of activities. We simply do not have
the specific details of what they are doing.
The last point that I would like to raise is that the
affiliate sharing provisions raise very significant security
risks and threats to the soundness of the credit reporting
system. The problem is really the leakage of credit information
to affiliates for secondary purposes; in other words,
information being shared for purposes that were not the
original permissible purposes. I believe such sharing enhances
identity theft risks.
This Committee heard last week from U.S. Secret Service
Agent Timothy Caddigan that insider jobs are a significant
source of identity theft risk. To the extent that wide-ranging
affiliate sharing starts moving this sensitive personal
information across companies, down the chain from one to
another, affiliate sharing magnifies the number of insiders who
have access to personal data, without restrictions on how it is
used, and without the obligations that the banking law imposes
on banks, for instance, to maintain information security. Those
protections are lost.
Fraud detection, which we have heard about, certainly
appears as an authorized purpose under the Fair Credit
Reporting Act, a ``legitimate business need.'' It does not seem
that the affiliate sharing exception is necessary for that
purpose.
I think, also, that affiliate sharing introduces a homeland
security risk. The global reach of American companies and their
affiliates means that sensitive data can be transferred to
affiliates in countries that are presently on State Department
watch lists and warning lists. We have examples that illustrate
processing activities appear to be taking place in countries
such as Malaysia and the Philippines.
Once the data goes off-shore, not only do the consumers
lose protection, but at the same time U.S. law enforcement
loses the ability to engage in legitimate law enforcement
activity because the processing is no longer within the
jurisdiction of the United States.
I would like to conclude with two recommendations for
Congress to consider. Congress needs to restore the Fair Credit
Reporting Act to the higher level of its original protection.
And to do that, I would recommend, first, the elimination of
the exemption for affiliate sharing from the definition of
consumer report or at least allow the partial preemption clause
to sunset on January 1. Let the States protect their citizens
and experiment on how best to protect their citizens.
The second recommendation is a process issue: investigate
the actual sharing practices of credit report information among
affiliated companies, and the specific uses of that data by the
affiliated recipients that escapes the protection. This hearing
is really the first part of this process.
To this end, I think Congress should instruct the
functional bank regulators and the Federal Trade Commission to
investigate, audit, and report back exactly how organizations
are using the affiliate sharing exemption. It is not sufficient
to say a company uses the exemption to develop products and
services or to provide better customer service. That does not
tell us much. It does not give consumers the ability to talk
with their feet and change their business relationships to
those companies that protect their privacy.
Thank you.
Chairman Shelby. Thank you, Professor.
Mr. Prill.

STATEMENT OF RONALD A. PRILL
FORMER PRESIDENT, TARGET FINANCIAL SERVICES
ON BEHALF OF THE NATIONAL RETAIL FEDERATION

Mr. Prill. Good morning, Mr. Chairman and Members of the
Committee.
Chairman Shelby. Put your mike in front of you.
Mr. Prill. My name is Ronald Prill, and given the makeup of
other Members of this Committee, I thought I should emphasize
that my name is ``Prill,'' with a ``P.'' Until I retired about
3 weeks ago, I was President of Target Financial Services, and
I was also CEO of Retailers National Bank, Target Corporation's
credit card bank subsidiary. I am presently employed by Target
as a consultant to our management as I transition into
retirement. I appreciate this opportunity to speak to you today
on behalf of my company, as well as all of the members of the
National Retail Federation.
Many retailers, like Target, have evolved, for a variety of
reasons, into organizations having multiple-affiliated
entities. Having affiliates enables us retailers to operate
differentiated retail store formats, to operate efficiently and
to be able to compete effectively. Besides running individual
retail companies, a retailer's individual affiliates might
source merchandise, administer retail credit card programs,
deliver warrantee and repair services or perform other
functions that are necessary to the success of the retail
business.
Among Target Corporation's affiliates are our 1,100 Target
stores in each of the 48 contiguous States, except Vermont;
Mervyn's, our chain of about 250 stores, serving the middle
market and located mostly in Western States; Marshall Field's,
62 full-line department stores in 8 Midwestern States;
Target.direct, our direct marketing and dot.com affiliate; and
Retailers National Bank, which issues all Target, Mervyn's, and
Marshall Field's credit cards.
I hope you have had the opportunity to review my written
testimony which I submitted to the Committee. In it, I covered,
in
detail, some of the many ways in which affiliates in a retail
organization must share information about their customers in
order to carry out the core business functions that are
dependent on that sharing. These core functions include things
like retail credit card programs, controls and protections
against loss from fraudulent merchandise returns and bad
checks, and the lifeblood of a retailer, the capability to
reach and know its customers, to communicate with them, and to
send them advertising and targeted offers.
My written testimony also explains how many of the benefits
that America's retail customers have come to expect are
frequently possible only because of affiliate information
sharing. These benefits include protection against identity
theft, receiptless returns of merchandise, the convenience of
returning or exchanging merchandise that was purchased at a
retailer's website at any of its stores without a trip to the
post office and without paying a return shipping fee, more
customer-friendly check acceptance policies and procedures, the
savings and other perks of customer loyalty programs, and the
benefit which so many of our customers are so vocal about--
receiving sale catalogues and other advertising at home, on
time, and before the sale starts.
These are all examples of truly benign sharing of
information among affiliates whether viewed from the retailer's
perspective or from our customers' perspective. Not all
retailers are structured the same, not all have affiliates or
the same number of affiliates or the same kinds of affiliates,
but we all have pretty much the same core business processes
and the same need to serve our customers well.
To accomplish these things, retailers are dependent on
having readily available information about their customers, and
that availability should be the same for all retailers and all
of their customers, regardless of organizational structure. Our
customers want it to be that way.
In closing, I would like to take this opportunity to
emphasize the retail industry's strong support for the
permanent reauthorization of the seven areas of preemption
covered in Section 624 of the Fair Credit Reporting Act.
Without the extension of the Uniform
National Standards, retailers and the customers we serve may be
subject to a confusing patchwork of new State laws, rules, and
regulations concerning important areas such as dispute
resolution and the information contained in credit reports. And
as today's hearing reflects, services that millions of
customers have come to rely on and that they routinely take
advantage of would be disrupted if information flows are
interrupted.
Mr. Chairman and Members of the Committee, consumers have
come to expect instant access to credit when purchasing
everything from an automobile to furniture, appliances, and
apparel. In the final analysis, we in the retail industry have
a real concern that a more fragmented process for information
sharing and credit approval would negatively impact consumers
in many different levels and, as a consequence, retail sales,
ultimately costing jobs and hurting the economy as a whole.
Thank you. I will be happy to answer any questions.
Chairman Shelby. Thank you, Mr. Prill.
Mr. Baloun.

STATEMENT OF TERRY BALOUN
REGIONAL PRESIDENT AND GROUP HEAD
WELLS FARGO BANK

Mr. Baloun. Thank you, Mr. Chairman.
My name is Terry Baloun, and I am the Regional President
and Group Head for Wells Fargo Banks in South Dakota, North
Dakota, and Montana. Thank you, Chairman Shelby and Committee
Members for the invitation to testify and respond to your
questions.
Our Wells Fargo Banks work in concert with other Wells
Fargo business affiliates in providing financial service
products to our customers. The service customers expect,
requires that Wells Fargo have integrated information systems
to give customers what they want--when, where, and how they
want it. Subject to the Fair Credit Reporting Act, Wells Fargo
shares customer information internally to meet these goals.
Providing a new mortgage, providing rural or remote small
businesses with credit, offering consolidated statements for
customers with multiple Wells Fargo products requires
information about their financial affairs. Applying
inappropriate restrictions on transfers of information among
affiliates would impede customer service.
The 1996 Amendments to the Fair Credit Reporting Act
recognize the value to customers of the ability to transfer
information among affiliates. This ability is wholly consistent
with our customers' expectations that their questions will be
answered and their needs will be met with a single call or e-
mail, whether their financial products are provided by a single
company or several companies in the same affiliated group.
In Wells Fargo's view, it is customer expectations and
needs that should shape public policy that regulate information
use--not legal structure. This is especially critical to our
mortgage business. Since passage of the 1996 Amendments to the
Fair Credit Reporting Act, mortgage servicing has become more
efficient. Wells Fargo customers have more channels through
which they can apply for a mortgage and get assistance or
conduct transactions related to a mortgage, as well as the
complete array of financial products offered by Wells Fargo. In
California, 40 to 50 percent of our Wells Fargo mortgages
originated this year are the result of referrals from our Wells
Fargo Banks to Wells Fargo Home Mortgage. Many are first-time
homeowners in Hispanic market areas. With affiliate transfers
and the use of customer information, mortgage customers can
make mortgage payments at their local branch bank, obtain
balances, get consolidated statements, and get the support of
24-hour call centers that serve an entire affiliated
enterprise. Our customers have found these services valuable.
Sharing of customer information also benefits our small
business customers. The basis for small business lending over
the last 10 years has been direct-mail offers of preapproved
credit. Wells Fargo has extended nearly 500,000 small business
loans since the mid-1990's. FCRA allows Wells Fargo to provide
such credit, based on Wells Fargo's own experiences with the
customer and the most current credit report. Generally, small
businesses no longer need to submit tax returns or financial
statements, providing easier and cheaper credit for the
business customer.
Actions by multiple States to enact their own State
versions of the Fair Credit Reporting Act will frustrate
customers who do routine transactions across State lines. Wells
Fargo provides services to thousands of customers who may have
accounts domiciled in one State yet reside or do business with
a Wells Fargo Bank in another State. Nearly half a million
Wells Fargo customers have made teller or ATM transactions out
of State within the last 5 months. In my banking States of
South and North Dakota and Montana, nearly 10 percent of Wells
Fargo customers live in one State, but use Wells Fargo banks or
ATM's in a bordering State.
Finally, Wells Fargo believes that the current uniform
national standard for information use as provided by the 1996
Amendments to the FCRA is vital and ask that this Congress
provide clarity and stability by removing the sunset provision
that affects affiliate sharing and other segments of credit
granting. Congress should also address identity theft and set
new standards for notification about information use to
customers.
Availability of financial services, such as mortgages for
our customers, and the flows of information required to meet
those services available don't stop at State borders or
corporate structures.
Thank you. I will be happy to answer any questions that
you, Chairman Shelby, or the Committee may have.
Chairman Shelby. Ms. Brill.

STATEMENT OF JULIE BRILL
ASSISTANT ATTORNEY GENERAL
THE STATE OF VERMONT

Ms. Brill. Thank you. Good morning.
My name is Julie Brill. I am an Assistant Attorney General
from the State of Vermont. Thank you very much, Chairman
Shelby, Ranking Member Sarbanes, and other distinguished
Members of this panel for inviting me here today. I would like
to make four points this morning.
The first point that I would like to make is that the
economies of Vermont and other States with more protective laws
in this area of affiliate sharing and financial privacy,
generally have not been harmed as a result of those laws.
The second point that I would like to make is that States
need to enact more protective laws because the Federal system
for regulating affiliate sharing of information is inadequate.
The third point that I would like to make is that States
currently provide important protections in the affiliate
sharing arena that are not provided in Federal law.
The fourth point that I would like to make is that Congress
should sunset the affiliate sharing provisions so that States
can serve as laboratories of democracy in this arena, as
Congress has done in so many other areas involving privacy,
credit, and important consumer protection issues.
With respect to my first point, the economies of Vermont
and other States with more protective laws have not been
harmed. As you may have heard earlier and you will certainly
know by now, Vermont is the only State that has an affiliate
sharing law that was grandfathered into the Fair Credit
Reporting Act. That is because we were the only State as of
1996 that had a law affecting affiliate sharing.
Vermont also has more protective laws with respect to
credit reporting generally and also with respect to financial
privacy. Vermont took advantage of Section 507, which was put
forward by this Committee in the GLB enactment in order to have
more protective opt in laws with respect to third-party
sharing.
As Professor Reidenberg has demonstrated, not only has
Vermont's economy not been harmed but also the State economies
in other States that have more protective laws. Those State
economies have also not been harmed. Professor Reidenberg has
shown that our bankruptcy rates are among the lowest in the
Nation, and our mortgage interest rates are among the lowest in
the Nation.
In addition, our office has examined auto loan rates in the
States that have more protective laws. Vermont ranks 50th. That
means we have among the absolute lowest auto loan rates in the
country. California is 31st, Massachusetts is 24th.
In addition, we examined whether credit is readily
available in Vermont--in other words, is instant credit
available? Is it available at very low interest rates to a
broad group of consumers?
What you see over here on the poster boards, if you can see
them--I apologize, Senator Dole, if you cannot see them, but
they are over there--what is over there are advertisements that
appeared----
Chairman Shelby. Could you turn them just a little bit so
that everybody from this angle can pick them up?
Ms. Brill. Copies of these ads are also in my testimony.
What these advertisements show is that credit is available
instantly, at extremely low rates, to broad numbers of
consumers in our State. We believe that an examination of
advertisements in California and Massachusetts would
demonstrate the same thing.
So, just to refer to what Senator Johnson described with
respect to the importance of the democratization of credit, we
think the democratization of credit is thriving in Vermont.
With respect to my second point, the Federal laws governing
affiliate sharing are simply inadequate. Corporate groups are
vast and amorphous. We have included in my testimony lists of
affiliate groups for three financial institutions, two of which
are here this morning.
Citigroup lists over 1,600 affiliates. KeyCorp, which
considers itself a midsize bank, lists over 800 affiliates.
Bank of America lists in official records over 1,300
affiliates. These affiliates are involved in a surprisingly
wide variety of activities--insurance, securities,
international banking, real estate holdings, and development.
To answer your question, Senator Shelby--are consumers
aware that these corporate groups are so vast and amorphous; do
they understand the information flows among these affiliate
groups; do they have choices with respect to these information
flows--I think the answers to these questions are: ``No,''
``No,'' and ``No.''
Federal law provides no notice and no choice with respect
to sharing of transaction and experience information within an
affiliate group or with respect to joint marketing by the
affiliate group with respect to its joint marketing partners.
It is quite simply the case that consumers do not expect that
their Citibank account number will be shared with Travelers or
a Citibank's affiliates for marketing purposes; nor do they
expect that their health information that Travelers may hold as
a result of a property or casualty claim will be shared with
Citibank for credit decisions. Under Federal law--that is, if
it were not for State laws protecting this kind of sharing of
health information--that would occur.
We believe that consumers should be notified with respect
to this kind of affiliate sharing information when it is being
used for marketing purposes or for credit decisions--that is,
not for servicing the consumer's original account.
Where Federal law does provide for notice and choice--that
is, with respect to the sharing of credit information within an
affiliate group--the notice and choice is woefully inadequate.
The same problems that exist with respect to GLB notices also
exist with respect to the notices that go out for affiliate
sharing.
With respect to my third point, States provide important
protections in the affiliate sharing arena that are not
provided by Federal law. GLB calls upon the States to regulate
sharing of insurance information. The National Association of
Insurance Commissioners has created a model that requires that
health information can only be shared within an affiliate group
if the consumer consents.
Thirty-five States have adopted this law. States also have
laws with respect to the sharing of health information that
relates to specific diseases such as HIV testing, cancer, or
genetic testing. These State laws prevent life and property and
casualty insurers from sharing this critical information with
banking and other affiliate groups for the making of credit
decisions. The Health Insurance Portability and Accountability
Act, or HIPAA, does not cover these financial institutions.
In the absence of State laws, there would be no protections
for this kind of information being used to determine whether a
mortgage should be granted by an affiliate of the insurance
company.
And finally, with respect to my last point, the National
Association of Attorneys General urges Congress to allow the
limited
preemption provisions in the FCRA to sunset. This is
particularly true with respect to the affiliate sharing
preemption provision.
We request that Congress follow what it has done with
respect to GLB, with respect to HIPAA, and with respect to
other important consumer protection laws, and that is to set a
Federal floor and allow the States to serve as laboratories of
democracy as they have done so well in the past.
Thank you very much.
Chairman Shelby. Mr. Wong.

STATEMENT OF MARTIN WONG
GENERAL COUNSEL, GLOBAL CONSUMER GROUP
CITIGROUP, INC.

Mr. Wong. Good morning, Chairman Shelby, Ranking Member
Sarbanes, and Members of the Committee.
On behalf of Citigroup, I want to thank Chairman Shelby for
holding these hearings on the Fair Credit Reporting Act, and I
appreciate the opportunity to speak before you today to discuss
how FCRA, and particularly the affiliate sharing provisions,
impacts, our ability to operate efficiently and serve our over
200 million customer accounts.
FCRA provides a national framework for the credit reporting
system, which has been shown to work well and to provide
substantial economic benefits to consumers, including
affordable and convenient credit, wide credit availability, and
prevention of fraud and identity theft. FCRA also facilitates
the free flow of information that allows modern financial
services companies to work efficiently.
While Citigroup believes that maintaining national uniform
standards for all seven of the expiring provisions of FCRA is
crucial, I will focus my testimony on the topic of today's
hearing--information sharing among affiliates.
Information sharing among affiliates is an ingrained part
of how we meet our customers' needs and expectations on a daily
basis. Affiliate sharing is necessary for effective credit
underwriting and credit monitoring which are the heart of the
national credit report system. The sharing of information among
affiliates enhances the ability of lenders to accurately assess
credit risk, thereby reducing their overall risk of loss.
Citigroup is able to use the credit information and transaction
histories that we collect from our affiliates to create
internal credit scores and models that help determine a
customer's eligibility for credit. This information supplements
credit reports and FICO scores to paint the most accurate
picture possible of a customer. For example, CitiMortgage
underwriters have access to information from affiliates that
includes a customer's account balances, payment history, and
available lines of credit. This allows our credit analysts to
verify a customer's creditworthiness quickly and efficiently,
minimizing the burden to the customer associated with providing
this documentation.
Sharing information among affiliates greatly assists in the
prevention and detection of identity theft and fraud. Although
some have argued that sharing information increases
opportunities for identity theft, our experience is that
information sharing among affiliates actually reduces identity
theft. Through affiliate sharing, they are able to maintain an
internal fraud database, which helps prevent the opening or
maintenance of fraudulent accounts. This kind of information
sharing also allows us to alert customers to potential fraud or
identity theft at an earlier stages.
Affiliate sharing allows us to provide one-stop shopping
for our customers in a way that is seamless and consistent with
our customers' expectations. Affiliate sharing allows companies
like Citigroup to better service our customers' diverse
financial needs through affiliates that have appropriate
products and services. Our customers want and expect the
convenience of having one-stop-shopping for all of our
products--banking, insurance, home mortgage, credit cards, and
securities. They also expect the ability to access information
about all of their accounts in one statement, with one phone
call, or on one website.
Additionally, consolidated relationships allow our
customers to move money seamlessly between accounts and to pay
their Citibank credit card balances at any Citibank ATM, as
well as, on the Internet, simply by making a transfer between
accounts.
Customers do not view us as different legal entities, but
instead as a single source of multiple financial products. When
a Citibank customer who has an account in Connecticut through
our Federal thrift enters a Citibank branch in New York, our
national bank, to cash a check or open another account, the
customer expects to be recognized and receive the same level of
service. The legal distinction between the two affiliated
Citibanks is not relevant to the customer, and it should not
affect his or her ability to obtain products and services.
Affiliate sharing provides the customer with pricing
discounts and products tailored to their needs. For customers
who have multiple account relationships with us, the sharing of
information between affiliates allows us to provide financial
benefits in the form of relationship pricing and special
offers. For example, many customers benefit from no-fee
checking through a Citibank N.A. or Citibank FSB based upon
their total combined balances, in their mortgage from
CitiMortgage, credit card from Citibank South Dakota, and
investments through Citicorp Investment Services.
Sharing information among affiliates also permits us to
service our customers on an individualized or tailored basis.
For example, customers who have a Smith Barney brokerage
account are eligible for a mortgage from CitiMortgage without a
down payment by pledging their securities as collateral.
In 1996, Congress struck the appropriate balance between
consumer protection and business needs by allowing customers to
opt out of having certain information shared among affiliate
entities, but continuing to allow information about a company's
own experiences with a customer to be shared among affiliates.
The FCRA national standard is particularly reasonable now that
the business of providing financial services, especially
lending, is no longer restricted by State borders, which means
that consumers have the same opportunities for credit,
regardless of where they live.
If different States were allowed to pass laws governing the
exchange of information among affiliates, it would
significantly disrupt our seamless, nationwide system of
serving our customers. It could lead to a never-ending process
as States and localities impose different regimes. Compliance
with this patchwork of laws would be extremely burdensome and
costly for lenders, and ultimately for consumers.
Thank you for the opportunity to appear before this
Committee.
Chairman Shelby. Mr. Mierzwinski.

STATEMENT OF EDMUND MIERZWINSKI
DIRECTOR, CONSUMER PROGRAM
U.S. PUBLIC INTEREST RESEARCH GROUP

Mr. Mierzwinski. Thank you, Mr. Chairman and Senator
Sarbanes. I also want to recognize Senator Allard, who has been
a sponsor of important legislation on the transparency of
credit scores in the past, and Senator Bunning, for his
important contributions on Social Security Number protection in
the past. These are important privacy bills that I hope the
Committee will move on as well.
The U.S. Public Interest Research Group is pleased to
testify again on the important matter of affiliate sharing and
the Fair Credit Reporting Act. In 1970, Congress passed a
comprehensive statute to regulate the use of credit reports. It
gave these third-party companies, credit reporting agencies,
tremendous ability to collect and disseminate comprehensive
dossiers on individual consumers and to sell them onto the
market. That Fair Credit Reporting Act since 1970 has served a
very important purpose. It is a very important law despite the
problems that we have with it. But the important thing about
the Fair Credit Reporting Act is that it regulated the use of
those credit reports. It gave consumers comprehensive rights.
When your credit report was used for an adverse action, you
gained the right to learn that it had been used for an adverse
action--the right to look at, the right to dispute, the right
to correct, and then the right to enforce all of those rights
if they would not correct your report.
In 1996, when Congress amended the Fair Credit Reporting
Act to deal with a number of problems in the Act, industry
insisted on a ``stealth'' amendment to the Act. I was there.
Assistant Attorney General Brill was there----
Chairman Shelby. Explain ``stealth'' amendment.
Mr. Mierzwinski. I am unaware that Congress held any
hearings, Senator, as this hearing is being held today, on the
issue of affiliate sharing. I am unaware of any record
testimony on why industry needed an exception to the definition
of ``credit report'' for affiliate sharing.
There was one big markup in the House Banking Committee at
the time where it was debated extensively, but we lost--
industry had the horses, they had the votes--but really, the
Federal Trade Commission, consumer groups, the attorneys
general, NAAG, we all opposed this, and we thought there would
be significant problems posed by creating an exception. And as
Professor Reidenberg has pointed out, under the affiliate
sharing regime, information collected by affiliates becomes
exempt from the Fair Credit Reporting Act. It is not regulated
in any meaningful way, if at all, by the Fair Credit Reporting
Act, and it is not regulated by the Gramm-Leach-Bliley Act.
The Gramm-Leach-Bliley Act was passed in 1999. It has Title
V, a private title, and Title V simply says that if you provide
notice of your affiliate sharing practices, your information
practices, you have the right to do whatever you want within
your affiliates and even with, as Assistant Attorney General
Brill pointed out, some third parties who are treated as if
they are part of your corporate family.
You do have a limited right to opt out of the sharing of
your comprehensive experience and transaction information only
if it is going to be shared with telemarketers who are selling
nonfinancial products.
Now, as Mr. Wong pointed out, the biggest companies--the
ones with hundreds or thousands of affiliates--are able to
develop databases of information that has been laundered
outside the protection of the Fair Credit Reporting Act. Even
credit reports, not just the experience information, but credit
reports and information from your applications, information
from your references, can also be collected in these corporate
entities, although that so-called ``other'' information, as
opposed to the experience information, is subject to an opt
out. They can use that information to create an unregulated in-
house credit bureau.
Chairman Shelby. How widespread is that?
Mr. Mierzwinski. I think the biggest companies have the
biggest databases. I think they are all doing it. We talk about
this as a privacy issue, Senator, but really, the potential is
that it is a consumer protection issue. And I cannot stress
enough that when we have unregulated use of affiliate
information, consumers do not gain the comprehensive bundle of
rights that they gain under the Fair Credit Reporting Act.
In the debate that has occurred over the continuation or
extension--what industry calls ``reauthorization''--of the
temporary preemption amendments, I think there has been a lot
of misleading information out there.
First, of course, the notion that industry is for opt out,
and consumers are for a harsh opt in--industry is actually for
no opt. That is what we have under Gramm-Leach-Bliley, is no
opt, and that is what they vastly prefer--no choice for
consumers.
Second, this representation that information sharing will
come to a grinding halt if we give consumers privacy rights is
fallacious as well. Gramm-Leach-Bliley provides a number of
exceptions for underwriting, for fraud control, for the public
safety, for completing a consumer's own account requests. You
can have a call center even with financial privacy. You can
have multiple accounts with one database even with financial
privacy. It is just flat-out wrong to claim that if consumers
have the right to control their information for secondary
purposes, all information would grind to a halt, and we would
be living in caves.
That is basically the summary of my testimony. I know I
have run out of time. There is a lot more in my testimony. I
also want to point out my House testimony from 2 weeks ago goes
into great detail about other problems with the Fair Credit
Reporting Act.
I want to say finally, of course, that the Sarbanes
Amendment to the Gramm-Leach-Bliley Act is a very critical
amendment. That is the amendment that was added in conference
that allowed the States to enact stronger financial privacy
laws; and California is considering a stronger law.
California's champion, Jackie Spear, has compromised with the
industry, yet the industry still opposes her bill. She has even
agreed that industry could have some information kept in no opt
silos, other information would be under an opt out, some third-
party sharing would be under an opt out, and some would be
under an opt in. She has compromised, yet industry still
opposes her reasonable bill. Consumers Union, CalPERG, and
other groups are prepared to go to the ballot.
But I think it is important that this Committee look at
what industry is doing to chill efforts by other States around
the country to emulate what California is trying to do by
claiming that the Gramm-Leach-Bliley Act's preservation of the
Fair Credit Reporting Act trumps the explicit provision giving
States greater financial privacy rights. We think that that is
wrong. We think that the Fair Credit Reporting Act's exception
simply says that they are not a credit bureau when they share
information. We do not like that, but it should not go any
further than that.
I want to conclude by saying that we would appreciate the
Committee continuing its detailed deliberations on this issue
and to consider this--if you extend the preemption and take
away States' rights forever, it would be very difficult for the
States, who are more nimble, to find local problems, identify
them, and react to them quickly, as Vermont did, as
Massachusetts did, as California did, before Congress ever
acted in 1996.
Remember that last year, even Enron was not enough to
guarantee passage of the corporate reform bill. Sarbanes-Oxley
legislation was only passed after Worldcom came to our door as
well.
Thank you very much.
Chairman Shelby. Ms. Maynard.

STATEMENT OF ANGELA L. MAYNARD
CHIEF PRIVACY EXECUTIVE AND COUNSEL, KEYCORP
ON BEHALF OF THE FINANCIAL SERVICES ROUNDTABLE

Ms. Maynard. Mr. Chairman and Members of the Committee, my
name is Angela Maynard, and I am the Chief Privacy Executive
and Counsel for KeyCorp, or Key, an $86 billion financial
services company headquartered in Cleveland, Ohio. Key is a
member of the Financial Services Roundtable, and I am appearing
on behalf of the Roundtable today, as well as the customers,
employees, and shareholders of Key.
I appreciate the opportunity to testify before the
Committee on the role of affiliate sharing under the Fair
Credit Reporting Act. FCRA is central to our national credit
system.
The Roundtable and Key support the affiliate sharing
provisions of FCRA, and we urge the Committee to renew the
provisions of FCRA that are scheduled to expire.
The Roundtable has found that failure to renew key
provisions of FCRA will result in higher credit costs for
consumers, decreased credit availability for those least
advantaged, and reduced customer spending.
The Roundtable has found that the customers of its member
companies have saved an estimated $8 billion as a result of
information sharing within affiliates. Moreover, the Roundtable
has found that contrary to common perception, targeted
marketing reduces the number of solicitations consumers
receive.
Like many other financial services companies, Key owns a
number of subsidiary companies, all of which qualify as
affiliates for purposes of FCRA. However, less than 20
companies that Key owns provide products and services directly
to consumers. Moreover, we have diligently tried to reduce this
number, and it is only due to regulatory and tax laws that we
continue to operate with multiple affiliates.
To our customers, however, Key is not a collection of
separate companies. It is a single entity that offers a variety
of financial products and services. Key uses the affiliate
sharing provisions of FCRA in many ways that help consumers.
Affiliate information sharing permits us to provide
products and services that meet specific needs of our
customers. To do this, we must understand a consumer's
financial needs and financial profile. Affiliate sharing allows
us to gather that data. Once we have an understanding of our
customers' needs and financial profile, we can determine what
products and services are the best fit for that customer.
Affiliate sharing allows us to deliver financial products
and services efficiently. It eliminates the need for customers
to deal separately with different Key employees at different
locations. Affiliate sharing accelerates account application
and approval procedures. When we can use existing customer
information that is maintained by a Key company, we can reduce
the need for a customer to spend time gathering papers and
finding information necessary to complete an application. Using
existing customer information also enables us to accelerate our
review process.
Key offers several products that straddle affiliates. For
example, Key's Total Access Account connects a brokerage
account with a bank deposit account. Customer information must
be shared between our brokerage and our bank to allow this and similar
cross-affiliate products to coexist. Combined statements and
online account aggregation services are other examples of
services that are a direct result of affiliate sharing.
Key uses affiliate sharing to maintain and grow customer
relationships. One way we achieve this is through relationship-
based pricing and discounts for customers who maintain multiple
accounts across Key. Affiliate sharing allows Key to determine
which customers qualify for discounts and other pricing breaks.
Affiliate sharing helps us to respond to customer inquiries
and to update customer information. With access to shared
information, a single Key employee can assist a customer with
almost any request. This saves the customer the time and
nuisance of separate visits and multiple telephone calls.
Affiliate sharing also helps Key manage data quality across the
organization, and maintaining the accuracy of customer
information is critical in our fight against identity theft.
Centralized functions--such as call centers, operations
centers, analytics, and product development--all require
information sharing across affiliates. Consolidating functions
improves expertise, allows us to better manage risks, and
significantly reduces operating expenses. These benefits are
passed on to the customer in the form of better service and
lower costs.
In order to ensure that our marketing efforts benefit our
customers, we use affiliate sharing to understand our
customers' needs. We do not market products to consumers who
have requested us not to solicit them.
Information sharing among affiliates is critical in our
efforts to fight fraud. Gathering and sharing information on
the accounts across the organization is the only means to
effectively address this serious problem. Having access to
information across affiliates increases the speed with which
Key can assist a victim of fraud and identity theft.
Finally, affiliate sharing is a critical component to Key's
compliance efforts with antimoney laundering laws.
In conclusion, the Roundtable and Key support the affiliate
sharing provisions of FCRA. We firmly believe that the statute
strikes an appropriate balance between consumer protection and
corporate structure, and we urge the Committee to make the
existing provisions of FCRA permanent and thereby reaffirm our
national credit system.
Chairman Shelby. Thank you very much.
As an initial matter, I think it is worth noting that many
of the information sharing practices that have been identified
here today by the witnesses from the financial service firms
are, in fact, practices that I believe have statutory authority
to conduct independent of the Fair Credit Reporting Act.
For example, doesn't Gramm-Leach-Bliley authorize
information sharing, for example, to combat identity theft or
customer request, among many others, and if this is the case,
can some of you from the financial service industry help us
understand why the Fair Credit Reporting Act affiliate sharing
provisions are so important?
Mr. Wong.
Mr. Wong. Senator, I believe that the Gramm-Leach-Bliley
law does deal with sharing of information but more in the
context of third parties and not affiliate sharing.
The FCRA is important because it deals with affiliate
sharing of information, information that is needed for us to
render services, products, to a customer in the manner that he
or she expects.
Chairman Shelby. Mr. Baloun.
Mr. Baloun. Mr. Chairman, I am not an expert in the
compliance area, but my understanding is that the Fair Credit
Reporting Act allows affiliate sharing explicitly for financial
institutions as Wells Fargo which is not a credit bureau. There
is a tremendous investment that we make in gathering the
information, and if we segregate that, I do not think we could
spend the amount of money and the technology that we do to
gather it all.
FCRA allows us to use that technology to give more
information to our customers; so we get to leverage it in
additional sales and additional opportunities for our customers
along with notification. That would be my interpretation.
Chairman Shelby. Thank you.
Ms. Brill, of the seven preemption provisions up for
reauthorization, six involve, I believe, substantive national
standards. I would like to review just briefly the standard in
terms of the rules regarding affiliate sharing.
Could you explain the standard again?
Ms. Brill. Thank you. Yes, I will try the best I can.
It is a confusing standard.
Chairman Shelby. First, what are the practical differences
between what we call ``experience'' and ``nonexperience''
information?
Ms. Brill. First of all, the standard is contained in a
definition that excludes from the definition of ``consumer
reports'' certain types of information. As was pointed out by
Mr. Mierzwinski, there were no Congressional hearings of which
I am aware that went into really what this exclusion to the
definition actually meant.
Chairman Shelby. Some of us have been on the Committee for
a long time. I have been here for 17 years, and Senator
Sarbanes has been longer than I have. I do not remember any
hearings, do you?
Senator Sarbanes. No.
Chairman Shelby. Okay. Go ahead.
Ms. Brill. Okay. So our research was accurate. We were not
able to find any.
So it is unclear--there is not a lot of work out there by
the Congress to help us understand what these words mean, so we
are left with the actual words in the statute.
What the statute provides is that information that is known
as, ``transaction and experience information,'' which I will
describe in a second, is automatically excluded from the
definition of a ``consumer report.'' Other information which
the Federal regulatory agencies including the OCC have defined
as basically credit-related information is excluded from the
definition of ``consumer report'' but only if financial
institutions provide an opt out. That is more or less what it
is.
Now, the difference between transaction and experience and
other information is that ``transaction and experience
information'' include not only your account balance on your
credit card, your payment history, and things like that, but it
even goes into what you are actually purchasing. I believe that
financial institutions and other retailers are collecting and
mining the information about your actual purchases. That is
transaction and experience information. In other words, it is
information that the financial institution holds as a result of
having an account with you.
In contradistinction, the other information for which the
financial institutions have to give a notice and opt out is
information they obtain from third parties. Primarily and
foremost among that is credit reporting information. Also, it
is information that they might have as a result of an
employment investigation if they are going to hire you; that
information is also considered other information.
Have I answered your question?
Chairman Shelby. You have.
Mr. Mierzwinski, do you want to comment on that briefly?
Mr. Mierzwinski. I would agree with all of that, and just
to restate what I said earlier, the definitions create these as
exceptions. They really actually do not provide a scheme of
regulation. And even though there is an opt out for the other
information, as the professor pointed out earlier, if Affiliate
1 obtains your credit report and uses it for an adverse action,
it must provide you with an adverse action notice. However, if
Affiliate 1 shares your credit report--if you had not opted
out, if you did not understand the opt out----
Chairman Shelby. Does this distinction make sense to you?
Mr. Mierzwinski. They get the credit report totally clean
of any consumer rights if they give it to Affiliate 2.
Chairman Shelby. Senator Sarbanes.
Senator Sarbanes. Thank you very much, Mr. Chairman.
This has obviously been a very interesting panel, and we
appreciate the participation by the various panelists. This is
an issue with some complexity and some great importance.
Professor Reidenberg, I would like to ask you first--I want
to make sure I understand this--is it the case that under the
current system, if the data moves from the main enterprise to
whom the consumer provides it to an affiliate, that affiliate
then is free of some of the limitations or protections that
apply to the data as far as its receipt by the main enterprise?
Mr. Reidenberg. I believe that is correct. There would be
one caveat to it. Take the case, for example, that I fill out a
credit application that includes all sorts of financial data
and other data about me, and I am given credit by the grantor.
Ordinarily under the definitions, my application would have to
be treated as a ``consumer report'' by the credit grantor. If
that company shares my loan application data with an affiliate,
the definition in Section 603 of affiliate sharing says that
the credit grantor does not have to comply with all the
protections in the statute to share the data with the
affiliate.
So if the affiliate wants to use the data for just general
marketing purposes--a use that ordinarily would be prohibited--
the affiliate at that point--who acquired the personal
information for marketing purposes--can do whatever it wants
with the data. None of the protections apply.
Senator Sarbanes. Whereas the enterprise that I provided it
to to begin with could not; is that correct?
Mr. Reidenberg. That is correct.
Senator Sarbanes. All right. I just wanted to be clear on
that.
Mr. Reidenberg. There is one caveat that is important to
recognize. If the affiliate acquired the data for credit
decisions, then what the affiliate could then do with respect
to third parties, unaffiliated companies, might come back
within some of the protections of the statute. It is the
initial transfer from Company 1 to Company 2 that is exempted
under the definition.
Senator Sarbanes. I want to be very clear about this. I am
the consumer. I provide the information to Company 1. There are
limitations on what Company 1 can do with it.
Mr. Reidenberg. Correct.
Senator Sarbanes. Company 1 then provides it to Company 2
which is an affiliate, and Company 2 is then free of those
limitations, or at least some of those limitations. Is that
correct?
Mr. Reidenberg. By and large, that is correct; they are
free of most of the limitations.
Senator Sarbanes. Well, I have difficulty seeing the
rationale for that, but I will defer because I have a number of
other questions I want to ask, and my time is very short.
Attorney General Brill, I would like to ask you--the
Partnership to Protect Consumer Credit is running ads--
presumably, you have seen them. I understand that the
Partnership to Protect Consumer Credit--a lot of work goes into
picking the names of these groups--but I gather the National
Retail Federation played a part in that; is that right, Mr.
Prill?
Mr. Prill. I do not know--yes.
Senator Sarbanes. Yes. In this ad, they have a house with
red tape all over it, and they say: ``Without a national
consumer credit system, a new home could be a lot harder to
move into.'' And then, they say it is going to be a
bureaucratic nightmare of red tape with these States laws, and
``As a result, many Americans would face costly delays in
purchasing a home, financing a car, or buying a big-ticket
item.''
Now, of course, Vermont is able, with the grandfather
clause, to provide extra protections. Have Vermonters
encountered these costly delays referred to here in purchasing
a home, financing a car, or buying a big-ticket item?
Ms. Brill. No, absolutely not. Credit is very widely
available in Vermont and at extremely low rates. Instant credit
is available. We are able to go to ATM's across the Nation and
obtain cash. We are able to obtain free checking----
Senator Sarbanes. That is enough; I have got to keep moving
because my time----
Ms. Brill. Sorry. The answer to your question is no.
Senator Sarbanes. Mr. Baloun, Wells Fargo's privacy policy
states--this is off the Internet--``You have choices regarding
how information about you is shared. If you would like to opt
out of information sharing with outside financial companies
and/or within the Wells Fargo family, your preferences will be
honored and will apply to all accounts linked to your Social
Security Number. If you choose to opt out of information
sharing, please call the toll-free number that appears at the
end of this disclosure.''
I gather that that obviously means you permit your
customers to opt out of affiliate sharing; is that correct?
Mr. Baloun. That is correct, Senator.
Senator Sarbanes. If so, what problem would you have with
the right of consumers to opt out of affiliate sharing under
the Federal Credit Reporting Act? I take it it would not be a
problem for you; it would only open up an opportunity for
consumers who deal with institutions that do not provide this
kind of privacy power. Would that be correct?
Mr. Baloun. Senator, we grant our customers--at the time
that an account is open, an opt out option and give them the
materials. Then, we have set up the 800-number where they can
contact--and let me go a step further. Once a year, we mail to
our customers another notification, again giving them the
opportunity to do a simple tear-off sheet if they want to opt
out.
Now, as a businessperson dealing with my three regions, we
do talk with our customers and talk to them about the
advantages of not opting out so we can share information with
them. There are times when we may have mortgage products or
something that is advantageous, and we will call our customers
and talk to them about that, where they will actually end up
getting cheaper rates or better deals. We cannot do that if
they opt out. If they opt out, they have the right to do that,
but we do not encourage them to because I can serve my
customers better by being able to communicate with them--but
they have the right.
Senator Sarbanes. Do you think, generally speaking, that
consumers should have this option that Wells Fargo offers to
them?
Mr. Baloun. It works for us. I do not really have a
position for the industry.
Senator Sarbanes. Let me very quickly ask Mr. Wong--you
work in Europe and elsewhere, internationally, right?
Mr. Wong. Yes, sir. We operate in over 100 countries.
Senator Sarbanes. And you have to abide by the privacy
provisions that apply in the European Union with respect to
consumers there, do you not?
Mr. Wong. Yes, sir, we do.
Senator Sarbanes. Those privacy provisions are
significantly more protective of the consumers' information
than what exists in this country; would you say that that is
generally the case?
Mr. Wong. With some caveats, Senator.
Senator Sarbanes. But you have been able to do business
under those requirements.
Mr. Wong. That is correct.
Senator Sarbanes. Why does providing additional protections
for consumers in this country seem to cause you so much
concern? If you provide it over there so a European gets better
protection, and if you can work, apparently, profitably and so
forth under that circumstance, why does this create a problem
for you?
Mr. Wong. Senator, as I understand the European model,
which people have described as an opt in model, the way it
works is that if you are applying for credit, and should the
lender offer you credit, the lender will condition the offer of
that credit with you opting in to sharing of information. So
the majority of customers seeking to obtain those products from
that lender would in essence be opting in and therefore
agreeing to sharing of that information.
Senator Sarbanes. I have run over my time, and I know that
Senator Bennett wants to ask some questions, and we have a
vote.
Chairman Shelby. Thank you, Senator Sarbanes.
Senator Bennett.
Senator Bennett. Have any of you ever applied for a home
mortgage in a different State from the one in which you were
previously employed prior to the passage of the Fair Credit
Reporting Act? I have. It applies--I am sorry--to the red tape
involved in the ad.
It took me a month, moving from California to Utah, prior
to the information sharing, even though I was dealing with the
same bank, as they went through all of the red tape and all the
rest of it. It was a nightmare. I got the home mortgage, I got
the thing done, but I would be delighted to have had my bank in
California to be able to tell the bank in Utah, ``We know this
man; he is legitimate; his income is proper.'' I would have
been thrilled with that experience.
Is there any connection, Prill and Brill, with Vermont's
position and the fact that that is the only State where you do
not have a Target store--or is it pure coincidence? Just a
quick ``yes'' or ``no.''
Mr. Prill. Senator, there are probably several factors
there.
Ms. Brill. I would say it has more to do with our
environmental laws than anything, probably.
Senator Bennett. Never mind. I do not want to get into
that. I just thought it was very interesting that you were
operating everywhere but Vermont, and Vermont talks about the
grandfathered situation.
Senator Sarbanes. Is it because of this privacy issue?
Mr. Prill. No, Senator Sarbanes, I am not saying that. It
is to that extent a coincidence, but we have no plans to build
in Vermont, either.
Senator Sarbanes. All right.
Senator Bennett. All right. Well, the time is gone, and let
me just share with you my reactions.
Professor Reidenberg, you said ``We do not know.'' You gave
us a lot of potentially difficult situations, and then you said
``We do not know.'' And the industry witnesses gave us concrete
examples of things they had been able to do that had been
better for the customer.
My question would be this: Can anybody give me--among those
who are opposing the extension of the affiliate provision--a
concrete example, other than a single anecdote, that is, that
can be quantified into some kind of analysis of how there has
been definite consumer damage, because we have gotten concrete
examples from the industry of consumer benefits. The consumer
benefits have been fairly consistent between the different
institutions, and we have a concrete number of the amount of
money that has been saved by virtue of the affiliate sharing--
money which I presume in today's economic environment
translates into lower consumer costs, because pricing power is
very much absent in the present economy.
So if companies are saving in the billions of dollars--and
it can be documented--I assume you would not have put it in
your testimony if it could not have been--companies are saving
in the billions of dollars, and that is being translated into
lower consumer costs by virtue of competitive pressures that
says when you have that kind of savings, you pass it on
competitively to try to get people to be with you rather than
with your competition--if we have all of these documented
benefits which consumers like--as I said, from my personal
experience, I certainly would have liked getting that
mortgage--can we get any concrete examples from the opponents
of how consumers have been damaged?
I have heard very careful legal arguments of things that
could happen, but I have not heard any examples of things that
have happened or people who have been damaged. And we have to
run off to a vote, but if you could supply that for the record,
I assure you I will read it very carefully. But that is where I
come down on this.
Chairman Shelby. And we will all read it if they will
supply any of these answers.
Senator Bennett. Yes. That is where I come down on this. It
strikes me as a theoretical argument of this is what could
happen and that could be bad versus this is 6 years of
experience of things we have done that have been good. And my
own background leads me to go with that which has happened
rather than that which could happen.
Thank you.
Chairman Shelby. We have three stacked votes; that means we
are going to have to accelerate this.
Senator Sarbanes.
Senator Sarbanes. Thank you very much, Mr. Chairman. I will
be very brief, because I know the votes are pressing.
In the course of responding to the question that Senator
Bennett just asked, Mr. Baloun, I would particularly appreciate
it if you would focus on the following situation.
The Association of Community Organizations for Reform Now
has written to Comptroller Hawke at the Currency about
predatory lending issues involving Wells Fargo. In that letter,
they say: ``We have seen various examples of referrals and
other similar connections back and forth between the
institutions embracing the affiliate institutions,
unfortunately not in the direction of assuring A credit for A
borrowers. One borrower family we know, for example, long-time
customers of Wells Fargo Bank, went into a Wells Bank branch
looking to refinance their home loan. After they provided the
loan officer with information about themselves''--and
apparently, the loan officer talked about a loan at about 5
percent and without closing costs--``they then got a call back
from Wells Fargo Financial''--which I understand is your
subprime lender; is that correct?
Mr. Baloun. That is correct. They do make subprime loans.
Senator Sarbanes. Yes. They are your subprime lending unit
as I understand it.
And contrary to these terms that at least had been put out
to them originally as real possibilities, they ended up at a
variable rate at 9\1/2\ percent and closing costs of 4 percent
of their lender.
Now, obviously, the information that came in to the bank
then went out to the subprime lending affiliate subsidiary at
Wells Fargo, and they then got in touch with these people.
Could you look into that situation in the course of
responding to the question that Senator Bennett put to you?
Mr. Baloun. Yes.
Senator Sarbanes. Thank you, Mr. Chairman.
Chairman Shelby. Thank you.
As I told you, we have three stacked votes, and it will
take an hour or so before it is over, but I have a number of
questions for the record, and other Members who were not here
and in other hearings probably will. This has been a very
interesting panel today, and I hope you would respond to those.
I just want to touch on a few of them, but we will submit them.
I'd be interested--I know you do not have time to answer
this now--in what level of understanding does the average
consumer have with respect to affiliate sharing? I think that's
important. Does the number of affiliates a firm has affect this
understanding?
What about situations where the affiliates are engaged in
entirely different lines of business? In other words, does it
matter that a person recognizes that they have a relationship
with a bank but may not know that the bank also owns a retail
securities brokerage firm or a direct-mail operation where this
information would be used, and other things?
How important is a firm's brand to consumers in
establishing their expectations with respect to the kind of
relationship that they have with a company? How important is
that brand? Should there be safeguards or best practices for
sharing information within
affiliates?
Of course, I am also interested--and I think the Committee
is for the record--that while called ``affiliate sharing
provisions,'' some of these provisions actually allow companies
to share information with entities that are outside their
affiliate structures. Why is this necessary, and does it
actually make sense? And do consumers have different concerns
with respect to affiliate sharing versus third-party sharing?
Should there be greater control over sharing information
outside an affiliate structure than within an affiliate
structure? In other words, should this provision be limited so
that the only type of information sharing permitted is sharing
with affiliate entities and so forth?
We are going to submit other questions to you.
Chairman Shelby. We appreciate very much you coming today
and preparing. This is a very important piece of legislation.
Thank you very much.
[Whereupon, at 11:48 a.m., the hearing was adjourned.]
[Prepared statements, response to written questions, and
additional material supplied for the record follow:]

PREPARED STATEMENT OF SENATOR JIM BUNNING

Thank you, Mr. Chairman, for holding this very important hearing
and I would like to thank our witnesses for testifying today. This is
the third in a series of hearings on the Fair Credit Reauthorization
Act. As we all know, the FCRA is a important issue for the financial
industry and to consumers. There are differing opinions on the
direction the FCRA should take. There are some who think we need to
pass the FCRA with no changes, some who think we should pass the FCRA
but with additional privacy and identity theft protections and some who
think privacy decisions would be better left to the States. These
hearings will be a great help to Members in deciding which is the best
way to go.
Affiliate sharing was something we addressed extensively during
Gramm-Leach-Bliley and it seems to still be a point of contention.
There are many questions being asked. Do consumers benefit from the
flow of information between affiliates, or are there too many risks
with this practice to warrant it? Is an ``opt in'' plan better than the
current ``opt out'' program? Are the privacy statements too long and do
they contain too much legalese? Or are consumers simply throwing the
privacy notices out? What responsibilities do consumers have to keep
themselves informed of the information sharing policies of the
companies they do business with? What are the unintended consequences
of legislation to change the current affiliate sharing status quo? I am
looking forward to hearing these issues be hashed out.
But I have another concern. I am very concerned about this economy.
I am very worried about the possibility of a double-dip recession. I
know that puts me at odds with more optimistic economic minds, like
Chairman Greenspan, but contrary to popular belief, Chairman Greenspan
is not always right. In fact, I think his decision to lower the prime
interest rate yesterday by a quarter point was not nearly aggressive
enough. He should have lowered the rate by a half point to further give
the economy the shot in the arm it needs. Right now, the economy is
just not where it should be, we are not growing like we can, and we are
not creating jobs.
If there is one thing that shakes the markets, it is uncertainty. I
am afraid that the talk of not renewing the FCRA is creating a lot of
uncertainty in the financial markets. If we have 50 different privacy
standards, it will be difficult for financial companies to sell their
products nationwide. If counties and municipalities get in the act, and
some already have, it will be even more difficult. In this economic
climate we need to promote a uniform standard for consumer reporting
and not add more confusion and chaos.
It is crucial we pass an FCRA extension this year. We must bring
some certainty back to the markets if we are ever going to get this
economy to grow and prevent a double-dip.
Again, Mr. Chairman, thank you for holding this important oversight
hearing.

----------

PREPARED STATEMENT OF JOEL R. REIDENBERG

Professor of Law, Fordham University School of Law
June 26, 2003

Mr. Chairman, Ranking Member, and distinguished Members of the
Committee, I commend you for convening this hearing on affiliate
sharing practices and their relationship to the Fair Credit Reporting
Act and I thank you for the honor and privilege to appear before you.
My name is Joel R. Reidenberg. I am a Professor of Law at Fordham
University School of Law where I teach courses in information privacy,
international trade, and comparative law. As a law professor, I have
written and lectured extensively on the regulation of fair information
practices in the private sector. My bibliography includes scholarly
articles and two co-authored books on data privacy.\1\ Of relevance to
today's hearing, I have studied and written about the Fair Credit
Reporting Act (FCRA) and have advised both Federal and State Government
agencies on FCRA litigation issues. I am a former Chair of the
Association of American Law School's Section on Defamation and Privacy
and have served as an expert advisor on data privacy issues to State
and local governments, to the Office of Technology Assessment in the
103rd and 104th U.S. Congresses and, at the international level, to the
European Commission and foreign data protection agencies. I appear
today as an academic expert on data privacy law and policy and do not
represent any organization or institution which I am or have been
affiliated.
---------------------------------------------------------------------------
\1\ Paul M. Schwartz & Joel R. Reidenberg, Data Privacy Law
(Michie: 1996); Joel R. Reidenberg and Paul M. Schwartz, Online
Services and Data Protection Law: Regulatory Responses (Eur-OP: 1998);
Joel R. Reidenberg, Privacy Wrongs in Search of Remedies, 54 HASTINGS
L. J.--(forthcoming); Lorrie Cranor & Joel R. Reidenberg, Can User
Agents Accurately Represent Privacy Notices?, TPRC 30th Research
Conference Paper #65 (2002) available at http://papers.ssrn.com/sol3/
papers.cfm?abstract_id=328860; Joel R. Reidenberg, E-commerce and
Trans-Atlantic Privacy , 38 HOUSTON L. REV. 717 (2001); Joel R.
Reidenberg, Resolving Conflicting International Data Privacy Rules in
Cyberspace, 52 STANFORD L. REV. 1315 (2000); Joel R. Reidenberg,
Restoring Americans' Privacy in Electronic Commerce, 14 BERKELEY TECH.
L. J. 771 (1999): Joel R. Reidenberg, Setting Standards for Fair
Information Practice in the U.S. Private Sector, 80 IOWA L. REV. 497
(1995); Joel R. Reidenberg & Francoise Gamet-Pol, The Fundamental Role
of Privacy and Confidence in Networks, 30 WAKE FOREST L. REV. 105
(1995); Joel R. Reidenberg, Rules of the Road on Global Electronic
Highways: Merging the Trade and Technical Paradigms, 6 HARVARD J. LAW &
TECH. 287 (1993); Joel R. Reidenberg, The Privacy Obstacle Course:
Hurdling Barriers to Transnational Financial Services, 60 FORDHAM L.
REV. S137 (1992); Joel R. Reidenberg, Privacy in the Information
Economy--A Fortress or Frontier for Individual Rights?, 44 FED. COMM.
L. J. 195 (1992). Copies of most of my articles may currently be found
on my website at: http://reidenberg.home. sprynet.com.
---------------------------------------------------------------------------
My testimony will focus on three points: (1) the U.S. credit
reporting system needs strong privacy protections to preserve a robust
national information economy; (2) the affiliate sharing provisions of
the 1996 Amendments create significant unrecognized loopholes that
eviscerate the protections of the FCRA; and (3) the affiliate sharing
loopholes pose that security risks and a threat to the soundness of the
U.S. credit reporting system.
I recommend that Congress either eliminate the affiliate sharing
loopholes or leave the 1996 sunset clauses alone so that States are
reauthorized to protect their citizens against abusive practices under
the affiliate sharing loopholes. I further recommend that, before
taking any other type of legislative action, Congress should
investigate thoroughly these broader implications of affiliate sharing.
Congress must have a much deeper factual knowledge of the specific
types of credit report data that is shared among affiliated companies
and a much deeper knowledge of the specific uses, disclosures, and
onward transfers that are made by the affiliated recipients outside the
protections of the FCRA for citizens' privacy.

Strong Privacy Protections are Essential for the Credit Reporting
System
The FCRA was enacted in 1970 as a response to significant abuses in
the nascent credit reporting industry. Decisions affecting citizens'
lives were being made in secret with bad data. Congress heard extensive
testimony during the late 1960's on the unfair and abusive information
practices that voluntary industry guidelines failed to prevent. These
included the release of credit information to noncredit grantors, the
dissemination of inaccurate credit information, the inability of
consumers to gain access to their credit reports, and the difficulty of
consumers to obtain correction of erroneous information.\2\ Scandals
and distrust were harming the marketplace.
---------------------------------------------------------------------------
\2\ See e.g. S. Rep. 91-517, 91st Cong., 1st Sess. (1969); Hearings
on Commercial Credit Bureaus before the House Special Subcommittee on
Invasion of Privacy of the Committee on Government Operations, 90th
Cong., 2nd Sess., March 12-14, 1968; Hearings on Fair Credit Reporting
S. 823 before the Senate Subcommittee on Financial Institutions of the
Committee on Banking and Currency, 91st Cong., 1st Sess. (May 19-23,
1969).
---------------------------------------------------------------------------
In enacting the original FCRA, Congress wanted to assure the
efficiency and integrity of the U.S. banking system. The statute became
the cornerstone of U.S. privacy law. Congress recognized fair
information practices were essential for vibrant credit markets and
expressly sought, ``to prevent an undue invasion of the individual's
right of privacy in the collection and dissemination of credit
information.'' \3\
---------------------------------------------------------------------------
\3\ S. Rep. 91-517, 91st Cong., 1st Sess. 1 (1969).
---------------------------------------------------------------------------
The FCRA Established the Principles of Opt In Consent and the Fair
Treatment of Personal Information
At the time of enactment, the FCRA was an extraordinary and unique
statute precisely because the law set a new standard for strong privacy
protection. The FCRA established a then-novel system of opt in
permission for the dissemination of credit report information. The
statute defined a specific set of permissible purposes for which the
disclosure of credit report information was authorized. These purposes
related directly to the reasons for which collected data was gathered
and were generally limited to the extension of credit, insurance, or
employment. Any other disclosure of credit report information required
the written consent of the consumer.
Among other important innovations for fairness, the law created
transparency in the industry by granting a consumer the right of access
to credit report information and by requiring the industry to identify
the recipients of credit reports. The law further provided rights for
consumers to dispute inaccurate information contained in their credit
reports. Finally, the FCRA included due process safeguards before a
consumer reporting agency could disclosure credit report information to
Government agencies or law enforcement. This overall framework provided
a bedrock set of standards for fair information practices.

The FCRA Never Created an Overall ``Uniform National Standard''
From the start, however, Congress recognized that the credit
reporting industry would be likely to evolve significantly and that
even greater privacy and fairness could benefit the banking industry.
As a result, Congress permitted the States to enact stronger privacy
protections for credit reporting since stronger State statutes promoted
the main goals of the original FCRA. In fact, at the time of enactment,
this Committee specifically endorsed the position of State officials
who testified at Senate hearings expressing, ``a need for Federal
legislation to supplement any future State legislation which may be
enacted.'' \4\
---------------------------------------------------------------------------
\4\ S. Rep. 91-517, 91st Cong., 1st Sess. 3, 8 (1969).
---------------------------------------------------------------------------
The major subsequent fair information practice laws similarly
adopted this policy and waived Federal preemption. For example, the
Financial Services Modernization Act, the Health Insurance Portability
and Accountability Act, the Cable Communications Policy Act, and the
Video Privacy Protection Act, each expressly waived, in whole or in
part, Federal preemption. Despite industry's wishful repetition at a
plethora of hearings this spring,\5\ the FCRA never intended nor did it
create an overall ``uniform national standard.'' Instead, the statute
established a minimum set of Federal standards that have always been
supplemented by varying State laws.
---------------------------------------------------------------------------
\5\ See e.g. Hearing on ``The Growing Problem of Identity Theft and
Its Relationship to the Fair Credit Reporting Act'' before the Senate
Banking Committee, 108th Cong., 1st Sess. (June 19, 2003); Hearing on
``Fair Credit Reporting Act: How It Functions for Consumers and the
Economy'' before the Subcommittee on Financial Institutions and
Consumer Credit of the House Committee on Financial Services, 108th
Cong., 1st Sess. (June 4, 2003); Hearing on ``the Importance of the
National Credit Reporting System to Consumers in the U.S. Economy''
before the Subcommittee on Financial Institutions and Consumer Credit
of the House Committee on Financial Services, 108th Cong., 1st Sess.
(May 8, 2003).
---------------------------------------------------------------------------
By 1996, when Congress adopted a number of significant amendments
to the FCRA, the credit reporting industry had grown dramatically and,
indeed, operated nationwide in a seamless fashion notwithstanding
diversity at the State level. In testimony earlier this month before
the House Subcommittee on Financial Institutions and Consumer Credit,
Vermont Assistant Attorney General Julie Brill thoroughly documented
the significant variations among State laws.\6\
---------------------------------------------------------------------------
\6\ Hearing on ``Fair Credit Reporting Act: How It Functions for
Consumers and the Economy'' before the Subcommittee on Financial
Institutions and Consumer Credit of the House Committee on Financial
Services, 108th Cong., 1st Sess. (June 4, 2003) (Statement of Julie
Brill, Assistant Attorney General for Vermont).
---------------------------------------------------------------------------
Nevertheless, among the 1996 FCRA Amendments, Congress included a
temporary and partial preemption clause that prevents States for
another 6 months from implementing certain types of stronger credit
reporting provisions. Notwithstanding the temporary and narrow
preemption, the 1996 Amendments explicitly exempted the stronger
California, Massachusetts, and Vermont statutes from specific elements
of the narrow preemption.\7\ Hence, even the 1996 Amendments did not
create an overall ``uniform national standard.''
---------------------------------------------------------------------------
\7\ 15 U.S.C. 1681t(b)(1)(F).
---------------------------------------------------------------------------
State Differences Do Not Appear To Impede Credit Reporting or Financial
Decisionmaking
The fairness rules and opt in approach contained in the FCRA
enabled the credit reporting industry to progress from its fragmented,
chaotic, and abusive period in the late 1960's to a successful,
respected component of the U.S. information-based economy. The FCRA
obligations coupled with the ability of States to enact stronger
protections, in effect, created today's thriving national
infrastructure of credit reporting.
Industry-funded projects, however, assert the imminence of a
``parade of horribles'' should Congress not support industry's desire
to preclude stronger State privacy laws. Key ``findings'' from these
projects are based on ideological hyperbole rather than comprehensive
and accurate analysis. For example, some have argued that strong credit
reporting rules overseas substantially hinder the ``miracle of instant
credit'' and result in much higher interest rates or more onerous
borrowing conditions.\8\ These arguments have no apparent basis in fact
or analysis. No other major country to my knowledge has a comparable
statute governing only credit report information. Comprehensive data
privacy laws applicable to most processing of personal information do
exist outside the United States such as those in Canada, in the United
Kingdom and throughout Europe under European Directive 95/46/EC. These
laws typically apply to credit reporting and are generally more
protective of consumers than the FCRA. However, foreign consumer credit
markets are structured by banking law, bankruptcy law, real estate law,
and consumer protection laws that often deviate significantly from
those in the U.S. legal system. The attribution of differences in
credit markets to general data privacy laws without examination of the
direct regulatory constraints on credit relationships such as interest
rate regulation, down payment restrictions, or legal protections for
security interests is specious and a misrepresentation of foreign
privacy law.
---------------------------------------------------------------------------
\8\ Hearing on ``the Importance of the National Credit Reporting
System to Consumers in the U.S. Economy'' before the Subcommittee on
Financial Institutions and Consumer Credit of the House Committee on
Financial Services, 108th Cong., 1st Sess. (May 8, 2003) (Statement of
Michael E. Staten, Director, Credit Research Center, McDonough School
of Business, Georgetown University), at p. 6.
---------------------------------------------------------------------------
Others have even argued that, ``increased competition, driven in
part by prescreening, has caused [credit card] interest rates today to
be . . . lower overall'' \9\ as compared to 1990. Yet, the ``analysis''
omitted any mention of the dramatic drop in the prime rate that many
card issuers use to calculate their credit card interest rates. In
fact, between 1990 and 2002, the prime rate declined from 10.01 percent
to 4.67 percent.\10\ Most rational observers would give Chairman
Greenspan and the Federal Reserve the acclaim for declines in credit
card rates rather than prescreening.
---------------------------------------------------------------------------
\9\ See Michael Turner, The Fair Credit Reporting Act: Access,
Efficiency and Opportunity--The Economic Importance of Fair Credit
Reauthorization, at 65 (Information Policy Institute: June 2003).
\10\ See Federal Reserve System, Rate of interest in money and
capital markets: Prime rate (not seasonally adjusted, 12 months ending
in December) available at http://www.federalreserve. gov/releases/h15/
data/a/prime.txt.
---------------------------------------------------------------------------
To my knowledge, there is no study or evidence that examines the
actual, existing differences among State protections and that shows
these stronger protections demonstrably impede the credit reporting
system. Indeed, to my knowledge, no industry group has examined the
effects of the three stronger State statutes recognized by Congress
under the 1996 Amendments on either the credit markets in those States
or on the nationwide industry. This is not surprising. A rudimentary
look at Federal statistics suggests that credit decisions in these
States benefit both lenders and consumers. Consumer bankruptcy filings
per household, a basic sign of bad credit decisions, are markedly
better for the three States with statutes recognized by Congress as
more protective of consumer information. Vermont ranks 50th with the
lowest rate of consumer bankruptcies in the Nation, Massachusetts is
49th and California comes in below the median at 27th.\11\
---------------------------------------------------------------------------
\11\ American Bankruptcy Institute, U.S. Bankruptcy Filing
Statistics: Households per filing, Rank (2003) (using ``statistics
based on data from the Administrative Office of the U.S. Courts (2002
bankruptcies) and the U.S. Bureau of the Census.'') available at http:/
/www. abiworld.org/stats/householdrank.pdf.
---------------------------------------------------------------------------
Similarly, Federal statistics on interest rates seem to indicate
that States with stronger credit reporting laws have lower rates. The
most current annual Federal mortgage loan data indicates that the
effective rate on a conventional mortgage for 2002 was 6.25 percent in
California, 6.43 percent in Massachusetts and 6.59 percent in
Vermont.\12\ All were below the national median and California had the
lowest rate in the Nation. Vermont Assistant Attorney General Julie
Brill has also noted in testimony presented to the House Subcommittee
on Financial Institutions and Consumer Credit that Vermont has the
second lowest auto loan rates in the country and the other more privacy
protective States rank well with low rates.\13\
---------------------------------------------------------------------------
\12\ Federal Housing Finance Board, Periodic Summary Tables: Table
IX--Terms on Conventional Home Mortgages 2002 available at http://
www.fhfb.gov/MIRS/mirstbl9.htm.
\13\ Hearing on ``Fair Credit Reporting Act: How It Functions for
Consumers and the Economy'' before the Subcommittee on Financial
Institutions and Consumer Credit of the House Committee on Financial
Services, 108th Cong., 1st Sess. (June 4, 2003) (Statement of Julie
Brill, Assistant Attorney General for Vermont).
---------------------------------------------------------------------------
While these statistics leave out important elements for a thorough
assessment of the impact of stronger State laws such as a correlation
with State unemployment data for bankruptcy filings and noninterest
transaction costs for home mortgage loans, the data does show that the
horror stories circulating about the preemption provisions make good
theater, but reflect poor research.\14\
---------------------------------------------------------------------------
\14\ See also, Robert Gellman, No Fair Fight over FCRA Provisions,
DM News, May 5, 2003, pp. 12-13.
---------------------------------------------------------------------------
In fact, other countries with comprehensive data protection
statutes such as Canada, demonstrate that robust credit information
services can co-exist with strong, comprehensive data privacy laws. For
example, one major U.S. credit reporting agency operating in Canada
offers a typical credit report for Canadians that contains information
strikingly similar to the typical report for Americans. In the United
Kingdom where a comprehensive data privacy law also applies, major
credit card companies offer instant approvals for platinum cards just
as they do in the United States.

Weakening of Privacy Protections Raises Uncertainty and Decreases
Confidence
The bottom line is that strong privacy protections are essential
for public confidence in the integrity of financial services in the
United States. Without adherence to strict fair information practices,
financial markets will face uncertainty because the risk of newsworthy
privacy scandals increases such as those commited by Citibank,\15\ U.S.
Bancorp,\16\ Fleet Bank,\17\ or Chase Manhattan.\18\ The weakening of
fair information practice standards at the Federal level or the
preclusion of stronger State protections puts companies at greater risk
for privacy scandal and diminishes public trust in the fairness of
industry treatment of personal information.
---------------------------------------------------------------------------
\15\ See National Assoc. of Attorneys General, Press Release:
Multistate Actions: 27 States and Puerto Rico Settle With Citibank
(Mar. 1, 2002) available at http://www.naag.org/issues/20020301-multi-
citibank.php.
\16\ See Minn. Attorney General Press Release, Minnesota Attorney
General and U.S. Bancorp Settle Customer Privacy Suit (July 1, 1999)
available at http://www.ag.state.mn.us/consumer/privacy/pr/
pr_usbank_07011999.html.
\17\ See N.Y. Attorney General Press Release, Fleet Bank Agrees to
New Privacy Protections (Jan. 16, 2001) available at http://
www.oag.state.ny.us/press/2001/jan/jan16b_01.html.
\18\ See N.Y. State Dept. of Law, Annual Report 2000, at 24 (2000)
available at http://www.oag.state.ny.us/2000AnnualReport.pdf.
---------------------------------------------------------------------------
The Affiliate Sharing Loophole Eviscerates FCRA Protections
The FCRA created fundamental fairness in the treatment of personal
information through adherence to the basic principle that information
collected for one purpose should not be used for different purposes
without the individual's written consent. Surveys show that 95 percent
of Americans object to secondary use of personal
information.\19\ For information used to make financial decisions about
consumers, citizens believe that fairness requires opt in permission.
In 2001, citizens in North Dakota had the first and only opportunity in
the Nation to take a real position at the polls on the dissemination of
their personal financial information. The North Dakota State
legislature had just watered down financial privacy from an opt in rule
on third-party data sharing to an opt out rule. The citizens of North
Dakota revolted. By an overwhelming 72 percent majority, the voters of
North Dakota approved a referendum restoring the old opt in rule and
rebuking the legislature's weakening of privacy standards.
---------------------------------------------------------------------------
\19\ Harris Interactive/Privacy & American Business Poll, Privacy
On and Off the Internet: What Consumers want (Feb. 7, 2002) available
at http://www.aicpa.org/download/webtrust/priv_rpt_21mar02.pdf. (53
percent of those polled reported a ``major concern'' while only 5
percent were ``not concerned'' if ``the company will use my information
outside of the specific transaction for which it was intended (for
example, to offer me other products and services)'').
---------------------------------------------------------------------------
Previous to these expressions of public opinion, Congress
introduced in 1996 a significant deviation from the FCRA's historical
commitment to this fundamental permissible purpose principle. Congress
amended the definition of a ``consumer report'' in Section 603(d) to
exclude information shared among companies affiliated by common
ownership or control. This deviation allows organizations to escape the
fair information practice obligations of the FCRA for information that
would otherwise be covered when such data is disseminated to
affiliates. Those affiliated companies will not be subject to important
FCRA requirements including those of use only for a permissible
purpose, access, accuracy, and civil liability.
Congress permitted this departure from the core principle only if
the company provided consumers with notice of affiliate sharing and an
opportunity to opt out. The far-reaching consequences of this deviation
as a result of the successful liberalization of the financial services
sector have not, however, been recognized or subject to public
scrutiny. Large groups of affiliated financial and nonfinancial
organizations can now easily engage in exactly the same behavior that
Americans find troubling--the dissemination of confidential credit
report information for a wide range of activities unrelated to the
purpose of collection--and escape the obligations of consumer reporting
agencies and the opt in rule.

The Blanket Exemption for Experience and Transaction Data Opens a
Pandora's Box
The 1996 Amendments first create a blanket exemption from FCRA
protection for experience and transaction data. Section
603(d)(2)(A)(ii) excludes from the definition of ``consumer report''
any communication of experience or transaction data among ``persons
related by common ownership or affiliated by corporate control.'' This
means that organizations may disseminate experience and transaction
data such as credit card performance information, insurance status, or
brokerage account activity among related companies without key
protections under the FCRA such as accuracy. If, however, the
organization qualifies as a financial institution under the Gramm-
Leach-Bliley Act, then the GLBA will require the organization to
provide notice of its sharing practices to the consumer. But, under the
GLBA, consumers will not have any right to dispute erroneous
information, access the information, or even opt out of the sharing.
The breadth of this exemption is likely to be very large with
organizations such as Citibank that have an extraordinary array of
related companies. At the same time, the scope of this exemption is
also poorly understood. Industry practices are not transparent and
consumers do not have access to specific information on the types of
transaction and experience data that is shared nor do they have access
to the identities of the actual recipients of such data and nor do they
have information about the specific purposes for which the data is
actually used by an identified affiliate. If this exemption is
retained, I believe that Congress needs to investigate the reach of
this exemption.

Affiliate Sharing Allows the Circumvention of Basic Protections
The most sweeping damage to the FCRA's fairness principles comes
from the next part of the affiliate sharing exemption. Section
603(d)(2)(A)(iii) excludes ``communications . . . [to] persons related
by common ownership or by corporate control'' from the definition of
``consumer report.'' To qualify for the exemption, the company must
provide a one-time ``clear and conspicuous'' notice and must provide a
single opportunity to opt out. Experience with the GLBA teaches that
this limitation, however, is not likely to be particularly informative
or useful for consumers.
Some companies justify this affiliate sharing provision by arguing
that corporate families should be treated as one unit for consumer
privacy purposes because corporate organizational structure does not
have an effect on consumers.\20\ This claim is simply not credible. The
existence of separate entities to avoid consolidated legal liability
confuses operational responsibility for privacy, impacts consumers
seeking to assure the fair treatment of their personal information, and
undermines consumers seeking legal redress for violations. A confusing
maize of companies helped Enron obscure its true behavior. The same
holds true for affiliates sharing personal information.
---------------------------------------------------------------------------
\20\ Hearing on ``The Role of FCRA in the Credit Granting Process''
before the House Committee on Financial Services Subcommittee on
Financial Institutions and Consumer Credit, 108th Cong., 1st Sess.
(June 12, 2003) (Statement of Martin Wong, General Counsel, Citigroup
Global Consumer Group) (testifying that, ``Corporate structure is
usually driven by concerns that do not affect the customer, such as the
company's history of acquisitions or by corporate tax, legal, and
accounting concerns.'')
---------------------------------------------------------------------------
The exemption for affiliate sharing means that credit report
information loses protection when shared with far-flung related
companies. Affiliated recipients can use and disseminate credit report
information and ignore the fairness principles of use only for
permissible purposes, consumer access (when no adverse credit,
employment, or insurance decision is made), storage limitations for
obsolete data or obligations for the correction of erroneous
information. A consumer reporting agency might, for example, sell
credit score information to one company as a permissible disclosure
under the FCRA. If that purchaser were to transfer the score to an
insurance affiliate, the transferred score would be excluded from the
definition of ``consumer report'' and most of the consumer protection
provisions would not apply.
In effect, the exemption undermines the entire philosophy of the
FCRA. Industry statements indicate that this mechanism is already being
used to subvert the original protections of the FCRA: Decisions are
made once again from data outside the general reach of consumers and
without any consumer recourse. For example, TransUnion promotes the use
of affiliate sharing for underwriting decisions.\21\ Citibank reported
to Congress earlier this month that it, ``shares information among our
affiliates . . . [including] credit application and credit bureau data,
as well as information on our transactions with the customer.'' \22\
MBNA indicates that it shares credit eligibility information including
credit reports among affiliates.\23\ These are precisely the uses of
personal information that the original FCRA sought to cover.
---------------------------------------------------------------------------
\21\ Hearing on ``The Role of FCRA in the Credit Granting Process''
before the House Committee on Financial Services Subcommittee on
Financial Institutions and Consumer Credit, 108th Cong., 1st Sess.
(June 12, 2003) (Statement of Harry Gambil, CEO, TransUnion), at p. 8.
\22\ Hearing on ``The Role of FCRA in the Credit Granting Process''
before the House Committee on Financial Services Subcommittee on
Financial Institutions and Consumer Credit, 108th Cong., 1st Sess.
(June 12, 2003) (Statement of Martin Wong, General Counsel, Citigroup
Global Consumer Group), at p. 4.
\23\ See MBNA Privacy Notice, http://www.mbna.com/privacy.html
(visited June 23, 2003).
---------------------------------------------------------------------------
The enormous scope of this exemption can be illustrated by a few
examples of possible practices among related companies. U.S. Bancorp
included in its cardholder agreement a disclosure that said, ``We share
customer information within our organization . . . to better meet your
needs'' and provided instructions to opt out of affiliate sharing. At
the same time the company was settling a claim brought by the Minnesota
Attorney General for disclosures of customer information to third
parties, the company purchased Gargoyles--a company that designs and
markets sunglasses.\24\ Would any consumer reasonably understand that
Gargoyles might receive copies of the customer's credit application or
transaction history? While information is not available to determine if
U.S. Bancorp actually transferred client data to Gargoyles, the
affiliate sharing provisions would disturbingly allow the transfer of
credit report data to Gargoyles for sunglass marketing purposes.
Gargoyles would then be free to redisseminate the information outside
the confines of the FCRA.
---------------------------------------------------------------------------
\24\ See Minnesota v. U.S. Bank (Settlement dated June 6, 1999)
available at http://www.ag.state.mn.us/consumer/privacy/PR/pr_usbank_
06091999.html (visited June 23, 2003); U.S. Bank, SEC Form Schedule 13D
for Gargoyles (filed with the SEC, June 11, 1999) available at http://
www.sec.gov/Archives/edgar/data/1016278/0001047469-99-023944-index.
html.
---------------------------------------------------------------------------
The potential circumventions are similarly disturbing when the
affiliations of consumer reporting agencies are considered. TransUnion,
for example, belongs to the Marmon Group.\25\ The group affiliates
companies in a wide range of businesses
including one in the syringe needle business and another in residential
water treatment.\26\ If TransUnion provided notice of affiliate sharing
and an opt out, the company could transfer credit reports to these affiliates. Experian is in the same situation. Great Universal Stores, a British company owns Experian, as well as Metromail and Burberry.\27\ If Experian were to
provide notice of affiliate sharing and an opt out, Experian could
share the credit reporting database with Metromail, a marketing company
that paid $15 million to settle a lawsuit because the company was
caught disclosing sensitive personal information to jailed convicts for
processing.\28\ Burberry could also supply credit report information to
Metromail outside the protections of the FCRA.
---------------------------------------------------------------------------
\25\ See The Marmon Group: Companies, http://www.marmon.com/
Companies.html (visited June 19, 2003).
\26\ See The Marmon Group: Companies, http://www.marmon.com/
Companies.html (visited June 19, 2003).
\27\ See Great Universal Stores Interim Report 2002, at p. 2. (Nov.
21, 2002); GUS plc News: Great Universal Stores completes acquisition
of Metromail Corporation, Apr. 4, 1998 available at http://
www.gusplc.co.uk/gus/news/gusarchive/gus19998/1998-04-28.
\28\ See Dennis v. Metromail, No. 96-04451 (Travis Cty D. Tex.,
June 7, 1999). Settlement agreement available at http://www.entwistle-
law.com/news/cases/settled/pdf/newmetronot.pdf.
---------------------------------------------------------------------------
As it turns out, both Experian provides notice of affiliate sharing
and opt out choices to a growing number of consumers. The company
offers consumers online access to their credit reports and monitoring
services. Experian appears to use registration for these services as a
means in the legal boilerplate to provide notice and opt out for
affiliate sharing.\29\ In other words, consumers particularly concerned
about the sanctity of their credit reports are likely to enable
inadvertently the sharing of their data by the credit reporting agency
with affiliates outside the protections of the FCRA. No information,
however, is readily available to determine whether Experian actually
shares data with these affiliates or others.
---------------------------------------------------------------------------
\29\ See Experian's Scorecard Privacy Policy, http://
scorecard.experian.com/creditexpert/common/privacy__policy.asp (visited
June 24, 2003) (``We may disclose any of the information that we
collect to our affiliated companies. . . . If you prefer that we do not
share information with affiliated companies, you may opt out of these
disclosures.'').
---------------------------------------------------------------------------
If these uses are or become widespread, then the FCRA loses both
effectiveness and credibility. Since affiliate sharing generally
escapes the transparency and accuracy obligations of the FCRA, there is
no way for a consumer to learn the magnitude of this problem. Even for
those organizations regulated by the GLBA, affiliate sharing notices
under the GLBA would not provide sufficient detail for a consumer to
realize that a company like Experian might share with Metromail or that
U.S. Bancorp might share with Gargoyles.
If this loophole is closed, Congress can and should investigate
whether companies have begun to circumvent the FCRA in this fashion.

Affiliate Sharing Allows the Government To Engage in Surveillance
Outside the FCRA Due Process Protections
Sections 604 and 625 of the FCRA provide due process safeguards
against Government surveillance of credit report information. Briefly,
Government and law enforcement agencies may obtain credit report
information for specified purposes with
procedural safeguards or pursuant to a court order or a Federal Grand
Jury subpoena or, in the case of counterintelligence investigations, a
statutorily defined FBI certification.\30\ However, affiliate sharing
means these due process protections for access by law enforcement can
easily be circumvented. If consumer report information is shared with
an affiliate, the data loses its ``consumer report'' status and the
FCRA protections would not apply to subsequent disclosures by the
affiliate. This loophole would be one way for the ``Total Information
Awareness'' program, an effort already the subject of Congressional
concern,\31\ to obtain detailed sensitive personal data on U.S.
citizens and escape the need for compliance with privacy obligations.
---------------------------------------------------------------------------
\30\ 15 U.S.C. Sec. Sec. 1681b(a)(3)(D), 1681b(a)(4), 1681f, 1681u.
\31\ See e.g. Department of Defense, DARPA Report to Congress
Regarding the Terrorist Information Awareness Program (May 20, 2003)
http://www.darpa.mil/body/tia/TIA%20ES.pdf.
---------------------------------------------------------------------------
A simple example of the possible sharing between two affiliated
companies illustrates the magnitude of this potential problem. Equifax,
the credit reporting agency, operates through a number of changing
groups including the currently named U.S. Consumer Services Group.\32\
This apparent group of affiliates provides information services to
Government clients. Equifax includes a statement in its Online Privacy
Policy & Fair Information Principles informing consumers who request
copies of their credit reports that, ``we may disclose any of the
information, as described above [including Equifax credit file
information], to affiliates which are companies that are related to us
by common ownership or affiliated with us by common control'' and
describing for consumers several opt out choices.\33\ Although the
specific language of the current opt out choices might be insufficient
to qualify for the affiliate sharing exemption, a simple clarification
would clearly enable Equifax to transfer the credit report information
to members of the U.S. Consumer Services Group who, in turn, could sell
the data to Government agencies without an otherwise permissible
purpose or court order.
---------------------------------------------------------------------------
\32\ See Equifax, Annual Shareholders Report Form 10-K for the
Fiscal Year Ended Dec. 31, 2002 (filed with the SEC on Mar. 23, 2003).
\33\ Equifax Online Privacy Policy & Fair Information Principles
(U.S. only) available at https://www.econsumer.equifax.com/consumer/
forward.ehtml?forward=privacypolicy (visited June 24, 2003)
---------------------------------------------------------------------------
At present, I have no information to suggest that Equifax engages
in this practice or that Government agencies or law enforcement
officials are currently exploiting this loophole. I do, however,
believe that this possible practice needs to be investigated if
Congress does not eliminate this loophole.

States May Not Protect their Citizens Prior to January 1, 2004
According to Section 624 of the FCRA, stronger State laws
applicable to experience and transaction data and to affiliate sharing
are temporarily preempted, with the exception of Vermont's affiliate
sharing rule. If Congress allows these preemptions to sunset, the
States will be reauthorized to protect their citizens against the
circumvention of FCRA protections. The States can play a useful role
experimenting and fine tuning workable solutions to the affiliate
sharing loopholes.

Security Risks and Threats to the Soundness of the Credit Reporting
System
The leakage of credit report information to affiliates for
secondary purposes outside the protections of the FCRA increases
security risks and threatens the integrity of the credit reporting
system.

Affiliate Sharing Enhances Identity Theft Risk
The circulation of credit report information to affiliates outside
the core permissible purposes and outside the overall protection of the
FCRA increases the risk of identity theft. Reports indicate that
identity theft often occurs as an ``inside job.'' In testimony to this
Committee last week, U.S. Secret Service Special Agent Timothy Caddigan
stated: ``The method that may be most difficult to prevent is theft by
a collusive employee. The Secret Service has discovered that
individuals or groups who wish to obtain personal or financial
identifiers for a large-scale fraud ring will often pay or extort an
employee who has access to this information through their employment at
workplaces such as a financial institution, medical office, or
Government agency.'' \34\ Wide ranging affiliate sharing increases the
exposure of credit report information to the risk that a malevolent
insider will steal data for identity theft.
---------------------------------------------------------------------------
\34\ Hearing on ``The Growing Problem of Identity Theft and Its
Relationship to the Fair Credit Reporting Act'' before the Senate
Banking Committee, 108th Cong., 1st Sess. (June 19, 2003) (Statement of
Timothy Caddigan, Special Agent In Charge Criminal Investigation
Division, U.S. Secret Service).
---------------------------------------------------------------------------
Not surprisingly, some lobbyists deny that the wider circulation of
personal information through secondary use of credit report data
facilitates identity theft.\35\ Yet, in the context of prescreening,
the overwhelming consensus among those involved in identity theft
prevention is that preapproved credit card offers are one of the most
common resources for identity thieves. The U.S. Postal Inspection
Service, the U.S. Department of Justice, the U.S. Secret Service, and
each of the major credit reporting agencies warn consumers that
discarded, preapproved credit card offers are one of the most common
sources of personal information for identity thieves.\36\ A lobbying
paper sponsored by an industry group, the Privacy Leadership
Initiative, admits that the average response rate to credit card offers
in 2000 was only 0.6 percent.\37\ In other words, American consumers
are not interested in 99.4 percent of these purportedly targeted offers
and throw them away. There is no credible, public evidence to suggest
that product or service offers generated through affiliate sharing will
be of any greater interest to consumers. Yet, this type of secondary
use of credit information creates an important leakage of data from
confidential and secure credit reporting.
---------------------------------------------------------------------------
\35\ See e.g. Hearing on ``The Growing Problem of Identity Theft
and Its Relationship to the Fair Credit Reporting Act'' before the
Senate Banking Committee, 108th Cong., 1st Sess. (June 19, 2003)
(Statement of Michael D. Cunningham, Sr. Vice President, Credit and
Fraud Operations, Chase Cardmember Services), at p. 3-4.
\36\ See Criminal Gangs Hitting Mailboxes for Credit Offers,
Personal Data, Privacy Times, June 16, 2003, at 2; U.S. Dept. of
Justice, Identity Theft and Fraud, available at http://www.usdoj.gov/
criminal/fraud/idtheft.html (visited May 28, 2003) (``What are the most
common ways to commit identity theft or fraud? . . . If you receive
applications for `pre-approved' credit cards in the mail, but discard
them without tearing up the enclosed materials, criminals may retrieve
them''); Hearing on ``The Growing Problem of Identity Theft and Its
Relationship to the Fair Credit Reporting Act'' before the Senate
Banking Committee, 108th Cong., 1st Sess. (June 19, 2003) (Statement of
Timothy Caddigan, Special Agent In Charge Criminal Investigation
Division, U.S. Secret Service) (the Secret Service advises Americans to
``shred or burn pre-approved credit card applications''), at p. 8;
Experian, All about Credit: Fraud Prevention Tips, available at http://
www.experian.com/consumer/help/fraud/prevention.html (visited May 28,
2003); TransUnion, Avoiding Fraud available at http://
www.transunion.com/content/page.jsp ?id=/personalsolutions/general/
data/AvoidingFraud.xml (visited May 28, 2003); Equifax, How Identity
Theft Strikes, available at https://www.econsumer.equifax.com/consumer/
forward. ehtml?forward=identitytheft_fraud (visited June 24, 2003).
\37\ Michael E. Staten & Fred H. Cate, Paper prepared for the
Privacy Leadership Initiative ``The Adverse Impact of Opt In Privacy
Rules on Consumers: A Case Study of Retail Credit,'' at p. 25. (April
2002).
---------------------------------------------------------------------------
The exemption for affiliate sharing also appears unnecessary for
the purpose of fraud detection and prevention. Fraud detection and
prevention would in most cases qualify as a ``legitimate business
need'' under Section 604(a); the disclosure of credit report
information for that purpose should be a permissible purpose. If
legitimate reasons justify affiliate sharing outside the protections of
the FCRA to detect or prevent fraud, a more narrowly drawn exemption
for that specific purpose would
reduce the risk of identity theft from wide circulation.

Affiliate Sharing Introduces Homeland Security Risks
The global reach of U.S. corporate groups means that affiliate
sharing may send credit report information on U.S. consumers to
countries with high risk of political instability or terrorist action.
As a consequence, U.S. consumer data may be subject to compromising
risks. For example, banks may share credit report information with
affiliates in India or the Philippines where no privacy rights apply
and where local concerns for the safety of U.S. data are
substantial.\38\ Indeed, unconfirmed reports suggest that many United
States financial institutions transfer client data to India, but take
careful steps not to reveal the existence of these off-shore
arrangements.
---------------------------------------------------------------------------
\38\ See e.g. U.S. Dept. of State, Public Announcement: Philippines
(March 7, 2003) (``The terrorist threat to Americans in the Philippines
remains high'') available at http://travel.state.gov/
philippines_announce.html; U.S. Dept. of State, Public Announcement:
India (Mar. 27, 2003) available at http://travel.state.gov/india.html.
---------------------------------------------------------------------------
One specific example illustrates this potential risk. Fair Isaacs
offers a ``decisioning process'' that handles ``30 percent of U.S.
credit card applicants, as well as auto loans, mortgages, loans, and
lines of credit around the world'' and offers a fraud detection system
that monitors ``more than 400 million payment card accounts
worldwide.'' \39\ Fair Isaacs appears to have an affiliated distributor
in Malaysia,\40\ a country for which the U.S. Department of State has
issued a warning about the possibility of terrorist attacks against
American citizens and American interests.\41\ While the exact ownership
relationship between Fair Isaacs and the Malaysian partner is unclear,
the point remains that if these companies are under common control,
then the United States data may be sent there. In this particular case,
there is also no readily available information that would suggest
whether Fair Isaacs does indeed transfer United States credit report
information to Malaysia.
---------------------------------------------------------------------------
\39\ See Fair Isaac, New Product Releases: Capstone Decision
Manager, Falcon Fraud Manager for Issuers available at http://
www.predictive.com.au/whatsnew.html (visited June 11, 2003).
\40\ See http://www.predictive.com.au/contacts.html (visited June
11, 2003).
\41\ U.S. Department of State, Public Announcement: Malaysia (May
14, 2003) available at http://travel.state.gov/malaysia_announce.html.
---------------------------------------------------------------------------
Without specific information on where affiliates are located and
what information they receive, the magnitude of this risk cannot be
evaluated. If Congress does not eliminate the affiliate sharing
loopholes, I believe that this risk needs further investigation.

Recommendations for Future Action
When Senator Proxmire introduced the original FCRA, he sought to
preclude ``the furnishing of information to Government agencies or to
market research firms or to other business firms who are simply on
fishing expeditions.'' \42\ The implications of the affiliate sharing
loopholes seem to return consumers to the unfair and unsafe data
handling practices of the pre-FCRA era.
---------------------------------------------------------------------------
\42\ Cong. Rec. Senate, Jan. 31, 1969 (statement of Senator
Proxmire) reprinted in Hearings on Fair Credit Reporting S. 823 before
the Senate Subcommittee on Financial Institutions of the Committee on
Banking and Currency, 91st Cong., 1st Sess., at 436 (May 19-23, 1969).
---------------------------------------------------------------------------
In sum, I believe that Congress needs to restore the FCRA to the
higher level of its original protections for consumer privacy.
To do so, I recommend the following:

1. Eliminate the exemption for affiliate sharing from the
definition of ``consumer report'' in the FCRA or allow the partial
preemption clause in Section 624 to sunset on January 1, 2004.
2. Investigate the actual sharing practices of credit report
information among affiliated companies and the uses of such data by the
affiliated recipients that escape the protections of the FCRA. To this
end, Congress should instruct each of the functional bank regulatory
agencies and the Federal Trade Commission to investigate, audit and
report to Congress on the actual sharing of consumer report information
among affiliated companies and on the actual, unprotected uses of such
data by the affiliated recipients.

----------

PREPARED STATEMENT OF RONALD A. PRILL

Former President, Target Financial Services, Target Corporation
on Behalf of the National Retail Federation
June 26, 2003

Introduction and Background
Good morning Mr. Chairman and Members of the Committee. My name is
Ronald Prill. Until 3 weeks ago, I served as President of Target
Financial Services, and also as Chairman and CEO of Retailers National
Bank, Target Corporation's credit card bank subsidiary. I am presently
employed by Target as a consultant to our corporate management as I
transition into retirement. I appreciate having been given this
opportunity to speak to you today on behalf of both my company and the
National Retail Federation.
Target Corporation, with annual sales of $44 billion, is the
Nation's fourth largest retailer. Like many other retailers, it has
evolved to include many affiliated entities. Our divisions include
1,100 Target Stores (located in each of the lower 48 States except for
Vermont), Mervyn's (our chain of about 250 stores that sells moderately
priced family fashion and home merchandise in primarily western
States), Marshall Field's (our oldest affiliate, with 62 full line
department stores in 8 midwestern States) and Target.direct (our direct
marketing affiliate which operates all of our e-commerce sites and
direct marketing catalogs). Further, Retailers National Bank was
established in 1994 as our limited purpose credit card bank affiliate.
The bank presently has about 46 million credit cards in circulation,
each of which carries the Target, Mervyn's, or Marshall Field's brand.
Target Corporation, as well as many other retailers, use multiple
affiliated entities to execute critical business processes like
sourcing merchandise, transacting the retail sales of goods and
services, administering credit card programs, and delivering other
expected services and conveniences to their customers. Retail shoppers
bring these expectations to every retailer they choose to patronize.
Good retailers are attentive to the shopping habits, brands, styles,
sizes, and price points their customers prefer. For consumers, the
benefits they receive as a result of the sharing of information among a
retailer's affiliates are essential to their having a positive shopping
experience. Further, the critical business processes that require the
sharing of information among affiliates are essential to the success of
the retail business.
Mr. Chairman, retail affiliates use the sharing of information in
ways that are unique to our industry in order to fulfill important
business needs and to deliver real benefits to our customers. The list
of the ways in which retailers share information among affiliates is a
lengthy one, and I would like to briefly describe some of them for you
today.

Retail Credit Card Programs
The sharing of information among affiliates is critical to offering
credit through an in-store credit card program. Many retailers,
including Target Corporation, have a chartered credit card bank, or
other financial institution, that issues their company's credit cards.
This entity is often set up as an affiliate of one or more retail
divisions. Frequently, the servicing of these credit card accounts is
provided by yet another affiliate of the bank. At Target Corporation
for example, customer service for Target, Mervyn's, and Marshall
Field's cards is provided by an affiliate of Retailers National Bank at
two call center locations. The customer service representatives who
answer these calls need access to detailed account information in order
to answer cardholder questions. In fact, the customer service
representatives first use information to verify that the caller is, in
fact, the true cardholder, and not someone attempting to perpetrate a
fraud. Neither this customer protection nor subsequent servicing of the
account would be possible without information sharing.

Merchandise Returns
Another example of affiliate information sharing that results in
customer benefits is receiptless returns. Many retailers, including
Target Corporation stores, generally require that customers who are
returning merchandise present a sales receipt that reflects the
purchase. Frequently, however, retail customers throw away, misplace,
or forget their receipts. To remedy this problem, we, as well as other
retailers, have developed receipt look-up systems, so that customers
can return merchandise without presenting their original receipt.
Specifically, a Target cardholder can simply present their Target
credit card and a Target store team member will use our computerized
returns system to look up and verify the original purchase then accept
the return and issue a credit.
The benefits of this system are clear: The cardholder does not have
to return home, hunt for their original receipt, and then make another
trip back to the store to make their return. They also do not have to
keep merchandise they do not want in the event they cannot find the
original receipt. As you might expect, our customers absolutely love
this convenience. This service is made possible only because Retailers
National Bank shares Target credit card purchase history information
with its affiliated Target Stores.
This return system also uses the same information to protect us
from losses due to fraudulent returns. Because each item purchased and
returned is so noted in this system, an item that was purchased once
will be accepted as a return only once. Shoplifters who repeatedly
steal the same item from our stores and attempt repeated returns for
repeated credit, sometimes even using counterfeit receipts, are stopped
by the use of shared information.

Warranties, Repairs, and Servicing
Many retailers also have affiliated or third-party warranty or
servicing departments. The sharing of information about their customers
among these affiliates makes each part of their business operationally
efficient and also provides real benefits to customers.
For example, in one case that I am aware of, a customer needed a
specific part to repair his Craftsman lawn mower. After making the
drive to the retail store he learned that the service department needed
to know the specific model number of the lawn mower in order to find
the exact part he needed. Unfortunately, this customer did not know the
model number. Fortunately, however, since the mower had been purchased
on his store credit card, an original purchase look-up could be done
instantly and the correct model number, and the correct repair part
number were quickly determined. Because the retail credit card
affiliate shares information with the service department, this business
process can not only exist, but can be used to deliver great customer
service. This very satisfied customer had to make only one round trip,
rather than two.

E-Commerce Affiliates
As you know, many brick-and-mortar retailers that have e-commerce
websites established their ``dot.com'' business organizations as
separate entities. However, the sharing of information allows customers
who make purchases at a retailer's website to return or exchange those
purchases by just bringing them into a brick and mortar store. These
returns are more convenient, and save the customer the cost of a
return-shipping fee. Our e-commerce retail channels continue to grow at
an amazing rate and the need to share information with the store
affiliate in the brick-and-mortar channel is growing just as rapidly.

Bank Check Authorization
Many retailers have also developed in-house bank check
authorization systems. These systems contain the MICR number sequence
from customer checks that have been returned to the retailer unpaid by
the customer's bank, and which are still outstanding. This file of MICR
numbers from returned checks is usually called the ``negative'' file.
Some retailer's negative files even include a list of MICR numbers from
currently outstanding checks that have been returned unpaid to other
businesses. This supplemental information can be purchased from third
party services. If a consumer whose check MICR number is in the
negative file should attempt to write a new check to the retailer to
pay for a new purchase, these check authorization systems will reject
that check and protect the retailer from greater loss. Ultimately, the
prevention of losses helps keep prices down for all of our customers.
Many check authorization systems also include a ``positive'' file.
This file consists of the MICR number sequence from checks previously
written to the retailer that are now known to have been good checks.
The positive file typically includes a record for each MICR number of
how many good checks have been written to the retailer, over what
length of time, and for what amounts. If a consumer whose check MICR
number is in the positive file with a lengthy history of writing good
checks should present a new check, the authorization system can
instantly approve that check, even if it might be written for a large
amount.
Target Corporation is among those retailers who have such check
authorization systems. To prevent larger losses by accepting new checks
written at one of our retail affiliates by check writers who already
have outstanding bad checks at another affiliate, we have a larger,
common negative file that includes negative MICR number information
from Target, Mervyn's, and Marshall Field's. This sharing of affiliate
information supports a critical business process--authorization of bank
checks--and helps us control our bad check losses. This protection
against loss is especially important in cities where we have multiple
stores including two, or all three, of our retail affiliates.
Target Corporation retail affiliates also share their positive
check writing data. As a result, we have a much larger common positive
check file as well. This sharing of affiliate information benefits many
of our check-writing customers as they shop in our retail chains.
Checks written at one store can be instantly approved because our
common positive check file includes the positive history information
from an affiliated store.
Further, our Retailers National Bank affiliate mails over 9 million
statements each month. Most payments on Target, Mervyn's, and Marshall
Field's accounts are made by check and, of course, most of those checks
are good. In fact, through their account with us, many of our store
credit cardholders also have a long and excellent check writing history
with our Retailers National Bank affiliate. Our credit card bank shares
these positive check-writing histories with its retail affiliates by
passing these MICR numbers to the common positive check file. As a
result, millions more customers can write checks for substantial
amounts in all of our affiliated stores and have their checks approved
instantly.

Preventing Identity Theft
Information is also a retailer's best weapon against identity
theft. As you know, identity theft is one of the fastest growing crimes
in the United States. At Target, we have implemented a number of
safeguards to help protect our business and our customers--all of which
require information sharing.
Identity thieves thrive on anonymity and rely on the assumption
that large retailers such as Target cannot put a name and face together
in order to prevent fraud. This is why it is so important for retailers
to know their customers, and the only way we can do this is through the
use of information. Information flows between Retailers National Bank
and the credit bureaus or between our retail affiliates, combined with
sophisticated technology, cuts down on fraud and allows us to offer
exceptional customer service.

Customer Loyalty Programs
Retailers today have to work hard to keep their best customers. In
recognition of this, many retailers have developed customer loyalty
programs to help them identify and reward their best customers. Loyalty
program participants typically receive benefits such as discounts on
their purchases, free gift-wrapping, free alterations, and other free
or discounted offers. Many of these programs are offered only to store
credit cardholders and are based on cumulative purchase levels. Often,
some or all of the purchase history data for a retailer's customer
resides with an affiliate, and the sharing of information among
affiliates becomes essential to coordinate and administer a successful
rewards program.

Communicating With Our Customers
In addition to protecting customers and providing customer
services, affiliate information is also used for marketing. Some
retailers depend heavily on direct mail to reach their customers.
Clearly, some of this is general advertising. The catalog for a large
storewide sale, for example, is mailed to a large share of customers.
However, some advertising is targeted to specific customer groups. For
instance, a retailer might send advertising about an upcoming semi-
annual home sale event to its most recent home furnishings customers,
or offer a free gift with purchase to its customers who buy a
particular brand of cosmetics. Retail customers expect to receive such
advertising and information. In fact, many retail credit cardholders
cite getting these mailings as among the key reasons they opened their
account in the first place. Additionally, the most frequent and vocal
complaints that retailers receive from their customers usually involve
catalogs and sale information that did not arrive at a customer's home,
or arrived late.
Many retailers today depend on their credit card bank affiliate, or
their direct marketing affiliate, as the repository of the names and
addresses and the purchase histories of their customers. They further
depend on affiliate sharing of this information to communicate
effectively with their customers. These retailers would be unable to
market their goods and services or even reach their customers without
these information flows. Retail customers not only accept this sharing,
they expect this sharing. They are very aware of the benefits they get
because of the availability of information where it is needed, and when
it is needed. The type of information we collect from each customer and
its uses are also explained clearly to our customers in our Privacy
Policy.

Organizational Structure Should Not Matter
In order for retailers to give our customers the service they
expect, information sharing among our affiliates is absolutely
necessary. This complex business structure is in place for many
technical, legal and accounting reasons, however the structure is
completely transparent to our guests. Through information sharing with
these entities we can not only market more specifically to our
customers and provide them exceptional customer service, but we can
also do things such as prevent fraud and combat identity theft in our
stores.
Mr. Chairman, retail stores take on many different corporate
structures. Some retailers issue their own credit cards in-house. Other
retailers use a credit card bank, or other financial services
affiliate, to issue store credit cards. Other retailers have
contractual arrangements with unaffiliated, third party credit card
service providers like GE Capital who own and operate the retailer's
customer credit card function.
Further, some retailers have established their e-commerce business
as a separate entity, while others have not. Some retailers have a
separate catalog and/or direct mail affiliate. Others have made these
functions part of the advertising or merchandising departments within
each of their retail entities. Some retailers own all of their retail
store departments and businesses. Other retailers have third party
lease arrangements for some merchandise or service categories (such as
cosmetics, fine jewelry, or a beauty salon), while others have
selectively established separate affiliated entities as part of their
store.
All retailers, regardless of organizational structure, need to
reach their customers. They need to have access to and use the same
kinds of customer information to run their business and compete in an
efficient manner, regardless of how they are structured. Retail
customers expect to receive the same kinds of services, recognition,
conveniences, amenities, and advertising from their favorite retailers,
regardless of structural differences. They expect to be able to write a
check as easily in one department of a store as in any other. They also
expect to be able to use their credit card in every department in which
they shop. Finally, customers expect to be protected from identity
theft and, as we are always hearing, they want to receive retail sale
catalogs and other promotional materials.
The amount of information about our customers that retailers share
among our business, control and operating functions, or our various
computer subsystems, is the same, whether this sharing at a particular
retailer ever crosses an affiliate line or not. This information is
treated with the same care and control and used to satisfy similar
business requirements or deliver similar customer benefits regardless
whether we may have chosen different business structures. Therefore,
our ability to access information about our business relationships with
our customers should not be dependent on what structure we have chosen.
Finally, many people have asked what affiliate sharing has to do
with the granting of credit. The answer is: A lot. Retailers use the
data and transaction histories that they collect from their stores and
affiliates to create internal credit scores and models that predict the
credit habits of their customers. This information supplements credit
reports and FICO scores to paint the most accurate picture possible of
a customer. In fact, retailers most often use this type of proprietary
information to grant credit to people on the margins, in lower- to
middle-income households who do not have prime FICO scores, or to those
who are just entering the credit market. Mr. Chairman, retailers want
to help our customers make purchases to meet their needs. And many
times, this means emergency purchases such as a new hot-water heater or
refrigerator--both big-ticket items that require credit approval.
In closing, I would like to take this opportunity to emphasize the
retail industry's strong support for the permanent reauthorization of
the seven areas of preemption contained in Section 624 of the Fair
Credit Reporting Act. Without the extension of the uniform national
standards, retailers and the customers we serve may be subject to a
confusing patchwork of new State laws, rules, and regulations governing
fundamental and important areas such as dispute resolution and the
information contained in credit reports. And, as today's hearing
reflects, services that millions of customers have come to rely on, and
that they routinely take advantage of, could be disrupted if
information flows are interrupted.
Mr. Chairman, Members of the Committee, consumers have come to
expect instant access to credit when purchasing everything from an
automobile to consumer goods such as furniture, appliances, and
apparel. In the final analysis, we in the retail industry have a real
concern that a more fragmented process for information sharing and
credit approval would negatively impact consumers in many different
levels and, as a consequence, retail sales, ultimately costing jobs and
hurting the economy as a whole.
Thank you again for the opportunity to testify here today. I look
forward to working with all the Members of this Committee to
permanently reauthorize the FCRA preemptions before they expire on
December 31 of this year.
I would be happy to answer any questions you may have.

----------

PREPARED STATEMENT OF TERRY BALOUN

Regional President and Group Head, Wells Fargo Bank
June 26, 2003

My name is Terry Baloun and I am the Regional President and Group
Head for Wells Fargo banks located in South Dakota, North Dakota, and
Montana. Wells Fargo, our parent company, is a diversified financial
services company, offering mortgage, securities, insurance, real estate
services, online banking, institutional and retail banking products
under the Wells Fargo brand through a number of separately incorporated
affiliates to 15 million customers nationwide. Wells Fargo's
headquarters is in San Francisco; the company has 130,000 employees,
has mortgage offices nationwide, and has a retail banking presence in
23 States.
Thank you, Chairman Shelby and Committee Members for the invitation
to testify and respond to your questions. I would like to share with
you some of my experiences in providing banking services to communities
within the framework established by the Fair Credit Reporting Act.
Our Wells Fargo banks work in concert with other Wells Fargo
business affiliates in providing financial services products to
customers. Marketplace experience shows that consumers expect the
financial services companies they do business with to know about their
accounts, to respond quickly to their questions, and to advise them
about products and services that will help them reach their financial
goals. The service consumers expect requires that Wells Fargo have
integrated information systems to give customers what they want--when,
where and how they want it. Subject to the Fair Credit Reporting Act,
Wells Fargo shares customer information internally to meet these goals.
Information Integration by Affiliates in the Same Corporate Family
Providing a new mortgage, providing rural or remote small
businesses with credit, offering consolidated statements for customers
with multiple Wells Fargo products requires information about their
financial affairs. Applying inappropriate restrictions on transfers of
information among affiliates would impede customer service.
The 1996 Amendments to the Fair Credit Reporting Act recognize the
value to customers of the ability to transfer information among
affiliates. This ability is wholly consistent with consumer
expectations that their questions will be answered and their needs will
be met with a single call or a single e-mail message, whether their
financial products are provided by a single company or several
companies in the same affiliated group. To put it another way,
customers do not care whether for technical, regulatory, or management
reasons Wells Fargo chooses to organize itself into a particular series
of affiliates of a holding company or subsidiaries of one bank. What
customers do care about is the seamless delivery of the products Wells
Fargo offers regardless of how we choose to distribute them.
In Wells Fargo's view, it is consumer expectations and needs that
should shape the public policy that regulates information use, not
legal structure. Because of legal requirements that prohibited or
restricted bank branching, Wells Fargo at one time owned numerous
separately incorporated banks. The Riegle-Neal Act of 1994 allowed bank
holding companies to consolidate banks into as few as a single charter.
Today, for business reasons rather than legal reasons, Wells Fargo owns
28 separately chartered banks. But the number of separate banks that a
holding company chooses to have should not affect public policy
relating to information use. If a bank holding company conducts its
banking business in a single bank entity that bank would have all the
information about a customer who had deposits, a mortgage, a credit
card, and a home equity loan from that bank. As a single corporate
entity, it could use this information without restriction to serve its
customer.
If, on the other hand, the bank holding company chooses to conduct
its mortgage, credit card, and home equity loan businesses in three
separately incorporated banks and the law restricted the sharing of
information among affiliates, a customer who supplied the same
information for the same products to three affiliated institutions
instead of a single institution would not receive the same level of
service from its financial services company. To use customer
information to provide the same level of service that could be provided
by a single entity with the same information about the same customer, a
holding company like Wells Fargo that provides services through
multiple bank and nonbank charters would have to consolidate its
operations into as few charters as legally possible. If the FCRA debate
remains unresolved, institutions like Wells Fargo will likely change
their corporate structures to reduce the number of separate entities
rather than risk restrictions on information sharing among affiliates.
It is our view the corporate structure should not be a factor in
setting public policy regarding information use. The touchstone,
instead, should be consumer expectation.
This is especially critical to our mortgage business. Since passage
of the 1996 Amendments to the Fair Credit Reporting Act, mortgage
servicing has become more efficient. Wells Fargo customers have more
channels through which they can apply for a mortgage and get assistance
or conduct transactions related to a mortgage, as well as the complete
array of financial products offered by Wells Fargo. In California, 40-
50 percent of Wells Fargo's mortgages originated this year are the
result of referrals from Wells Fargo Banks to Wells Fargo Home
Mortgage. Many are first-time homebuyers in Hispanic market areas. With
affiliate transfers and use of customer information, mortgage customers
can make a mortgage payment at their local bank branch, obtain
balances, get consolidated statements, and get the support of 24-hour
call centers that serve an entire affiliated enterprise. Our customers
have found these services valuable.
Sharing of customer information also benefits our small business
customers. The basis for small business lending over the last 10 years
has been direct mail offers of preapproved credit. Wells Fargo has
extended nearly 500,000 small business loans since the mid-1990's. The
FCRA allows Wells Fargo to provide such credit, based on Wells Fargo's
own experiences with the customer and the most current credit report.
Generally, small businesses no longer need to submit tax returns or
financial statements, providing easier and cheaper credit for the
business owner.
Actions by multiple States to enact their own State versions of the
Fair Credit Reporting Act will frustrate customers that do routine
transactions across State lines. Wells Fargo provides services to
thousands of customers that may have accounts ``domiciled'' in one
State, yet reside or do business with a Wells Fargo bank in another
State. Nearly half a million Wells Fargo customers have made teller or
ATM transactions out of State within the past 5 months. In my banking
States of South and North Dakota and Montana, nearly 10 percent of
Wells Fargo's customers live in one State, but use Wells Fargo banks or
ATM's in a bordering State.
Uniform National Standard
Finally, Wells Fargo believes the current uniform national standard
for information use, as provided by the 1996 Amendments to the FCRA, is
vital and asks that this Congress provide clarity and stability by
removing the sunset provisions that affect affiliate sharing and other
segments of credit granting. Congress should also address identity
theft and set new national standards for notices about information use
to customers. The problem of identity theft and complicated notices
about information use are frustrating to both customers and financial
service providers.
The availability of financial services, such as mortgages for our
customers and the flows of information required to make those services
available, do not stop at State borders or corporate structures.
Thank you and I would be happy to answer any questions that you,
Chairman Shelby, or the Committee may have.

PREPARED STATEMENT OF MARTIN WONG

General Counsel, Global Consumer Group, Citigroup
June 26, 2003

Good morning, Chairman Shelby, Ranking Member Sarbanes, and Members
of the Committee. My name is Martin Wong and I am the General Counsel
of Citigroup's Global Consumer Group. On behalf of Citigroup, I want to
thank Chairman Shelby for holding these hearings on the Fair Credit
Reporting Act (FCRA) and I appreciate the opportunity to speak before
you today to discuss how the FCRA, and particularly the affiliate
sharing provisions, impact our ability to operate efficiently and serve
our over 200 million customer accounts.
As one of the largest diversified financial services companies in
the United States, Citigroup has extensive experience with the FCRA and
has a significant interest in seeing that it continues to operate
successfully. Citigroup currently serves customers in all fifty States
and over 100 countries. Citigroup has long been a leader in using the
information available through the credit reporting system to provide
credit opportunities to customers at all income levels through a
diverse range of financial products and services, including credit
cards, mortgages, consumer finance, student loans, and auto loans. We
also offer noncredit products, including retail banking, private
banking, life insurance and annuities, asset management, and investment
products.
Today, I want to emphasize the importance that Citigroup attributes
to making permanent the national standards contained in the FCRA. The
FCRA provides a national framework for the credit reporting system,
which has been shown to work well and to provide substantial economic
benefits to consumers, including affordable and convenient credit, wide
credit availability, and prevention of fraud and identity theft. The
FCRA appropriately balances consumer protections with the crucial need
for creditors to have access to a uniform national database on which to
make credit decisions. The FCRA also facilitates the free flow of
information that allows modern financial services companies to work
efficiently. It is essential, therefore, that Congress act to preserve
all of the provisions of this uniform national framework that are
scheduled to expire at the end of this year.
While Citigroup believes that maintaining national uniform
standards for all seven of the expiring provisions of the FCRA is
crucial, I will focus my testimony on the topic of today's hearing--
information sharing among affiliates--and why preserving the uniform
national standards for affiliate sharing is critical to our continued
ability to serve our customers well.

Reasons for Affiliate Structure
From a technical perspective, Citigroup is, indeed, a financial
services holding company comprised of approximately 1,900 legal
entities. However, the majority of these entities are established or
retained for legal, regulatory, or tax purposes. For example, in the
insurance agency and mortgage businesses, State registration
requirements make it prudent and convenient to be separately
incorporated in most States for licensing purposes. Additionally, many
of our affiliates do business only with Government or corporate
entities or exist solely to house certain assets. Only a small number
of these entities actually transact business with customers, and all of
them are limited by the Gramm-Leach-Bliley Act (GLB) to the provision
of financial services in one of three lines of business--banking,
insurance, and securities. For the customers who conduct business with
us, the existence of these affiliates is invisible and irrelevant.
Therefore, when viewed from the customer's perspective, Citigroup is a
single provider of financial services.

How We Share Information to Better Serve Our Customers and Run Our
Business More Efficiently
Information sharing among affiliates is an ingrained part of how we
meet our customers' needs and expectations on a daily basis. The
process is so seamless that customers are often unaware of the
connection between the free flow of information and the significant
benefits they receive.

Affiliate Sharing Is Necessary for Effective Credit Underwriting and
Credit Monitoring, Which Are at the Heart of the National Credit Reporting System
The sharing of information among affiliates enhances the ability of
lenders to accurately assess credit risk, thereby reducing their
overall risk of loss. Citigroup is able to use the credit information
and transaction histories that we collect from affiliates to create
internal credit scores and models that help determine a customer's
eligibility for credit. This information supplements credit reports and
FICO scores to paint the most accurate picture possible of a customer.
For example, CitiMortgage underwriters have access to information from
affiliates that includes a customer's deposit, loan, and brokerage
account balances, as well as the customer's payment history and
available lines of credit. This allows our credit analysts to verify
the customer's creditworthiness quickly and efficiently, minimizing the
burden on the customer associated with providing this documentation.
Sharing of credit information and transaction histories also allows
us to extend credit to traditionally underserved populations and
reduces the costs for those with better credit histories. The quality,
quantity, and timeliness of customer credit information available
through affiliate sharing greatly reduces the opportunities for
mistakes in the granting of credit to the benefit of customers and
lenders.
Affiliate sharing is also important for credit monitoring. Many of
our credit card customers have multiple cards with us and those cards
will often be issued by more than one affiliate. We can order a single
credit report to monitor credit behavior across all cards, leading to
increased efficiencies and lower costs. This cross-affiliate monitoring
allows us to reach out to customers who are starting to have problems
and offer appropriate assistance.

Sharing Information Among Affiliates Greatly Assists in the Prevention
and Detection of Identity Theft and Fraud
Although some have argued that sharing information increases
opportunities for identity theft, our experience is that information
sharing among affiliates actually reduces identity theft. Through
affiliate sharing, we are able to maintain an internal fraud database,
which helps prevent the opening or maintenance of fraudulent accounts.
This kind of information sharing also allows us to alert customers to
potential fraud or identity theft at an earlier stage. The sooner we
detect the fraud, the sooner we can notify the customer, minimizing the
effect on the victim. Finally, sharing information among affiliates
makes it easier to assist law enforcement to build a strong case for
prosecution
Additionally, Citigroup has policies and procedures in place to
reduce the threat of internal misuse of this information. For example,
most of our businesses have
internal fraud investigation units; access to sensitive information is
given to employees only on a ``need to know'' basis; we have policies
concerning the handling of sensitive information by our employees; and
we separate certain key responsibilities among employees to reduce the
potential for fraud.

Affiliate Sharing Allows Us To Provide One-Stop-Shopping for Our
Customers in a Way That Is Seamless and Consistent with Our Customers' Expectations
Affiliate sharing allows companies like Citigroup to better serve
our customers' diverse financial needs through affiliates that have
appropriate products and services. Consumers who choose to do business
with Citigroup expect easy access to the full array of financial
products we offer. Our customers want and expect the convenience of
having one-stop-shopping for all of our products--banking, insurance,
home mortgage, credit cards, and securities. They also expect the
ability to access information about all of their accounts on one
statement, with one phone call, or on one website. For example,
customers who use our Financial Centers can link their checking account
from Citibank, N.A., credit card account from Citibank South Dakota,
mortgage account from CitiMortgage, and brokerage account from Citicorp
Investment Services, Inc.
Additionally, consolidated relationships allow customers to move
money seamlessly between accounts and to pay their Citibank credit card
balances at any Citibank ATM, as well as on the Internet, simply by
making a transfer between accounts. The amount will be credited that
same day, which allows customers to avoid additional interest and late
fees. Customers can also execute trades and transfer money from their
checking account to their investment-linked money market products
online.
Affiliate sharing also allows us to provide seamless service for
our customers. Customers do not view us as different legal entities,
but instead as a single source of multiple financial products. When a
Citibank customer who has an account in Connecticut (through our
Federal thrift--Citibank FSB) enters a Citibank branch in New York (our
national bank--Citibank, N.A.) to cash a check or open another account,
the customer expects to be recognized and receive the same level of
service. The legal distinction between the two affiliated Citibanks is
not relevant to the customer and it should not affect his or her
ability to obtain products and services.

Affiliate Sharing Provides Customers with Pricing Discounts and
Products Tailored to Their Needs
For customers who have multiple account relationships with us, the
sharing of information between affiliates allows us to provide
financial benefits in the form of relationship pricing and special
offers. For example, many customers benefit from no-fee checking
through Citibank, N.A. or Citibank FSB based upon their total combined
balances in their mortgage from CitiMortgage, credit card from Citibank
South Dakota, and investments through Citicorp Investment Services,
Inc. The combined balance also permits customers to receive better
rates on investment products. After recent acquisitions, we reached out
to customers to help them link their accounts for this benefit. We
could not have done that without the ability to share information
across affiliates.
Sharing information among affiliates also permits us to service our
customers on an individualized or tailored basis. Information about our
experience with a particular customer can be used among our affiliates
to provide the customer with more suitable products and services. For
example, customers with a Smith Barney brokerage account are eligible
for a mortgage from CitiMortgage without a down payment by directly
pledging securities in their account as collateral. This allows the
customer to avoid having to sell at what may be an inopportune time and
to continue to receive the interest or dividends on the securities.
Similarly, a customer who maintains a high balance on a Citibank credit
card may be informed that he can reduce the interest rate he is paying
and possibly get tax benefits by transferring the balance to a secured
home equity loan through an affiliate bank.
In the absence of affiliate sharing, Citigroup would know decidedly
less about our customers' financial needs, making it more difficult to
identify and service those needs.

FCRA Contains the Appropriate Balance
In 1996, Congress struck the appropriate balance between consumer
protection and business needs by allowing customers to opt out of
having certain information shared among affiliated entities, but
continuing to allow information about a company's own experiences with
a customer to be shared freely among affiliates. This national standard
has worked well for 7 years. The FCRA national standard is particularly
reasonable now that the business of providing financial services,
especially lending, is no longer restricted by State borders, which
means that consumers have the same opportunities for credit, regardless
of where they live.
Given the fact that 16 percent of the U.S. population moves every
year, and that many of our customers work in one State and live in
another, have vacation houses in different States, or attend college in
a different State for part of the year, it would be a significant
technical challenge to determine the appropriate treatment of customer
information in the face of inconsistent State laws.
Our experience has shown that opt outs provide our customers with
all the choice they need to control the use of their personal
information. Citigroup has been providing customers with the ability to
opt out of information sharing, in one form or another, for over 15
years. Citigroup businesses have significantly different opt out rates
depending on a variety of factors, including products and services
offered and the length and nature of the customer relationship. This
significant variation demonstrates that opt outs work. Our customers
are making informed choices about the kinds of information they want to
share, and the kinds they do not.
However, the majority of our customers still prefer the free flow
of information that results in enhanced products and services. Opt ins
function as de facto prohibitions on information sharing, particularly
for existing customers. They do not promote customer choice--rather,
they eliminate it.

Conclusion
If different States were allowed to pass laws governing the
exchange of information among affiliates, it would significantly
disrupt our seamless, nationwide system of serving our customers. It
could lead to a never-ending process as States and localities impose
different regimes. Compliance with this patchwork of laws would be
extremely burdensome and costly for lenders, and ultimately for
consumers.
We believe that Congress must act this year to make permanent the
uniform standards established under the FCRA. It has created more
competition in the financial services industry and allowed companies to
better serve their customers through more widely available, affordable,
and convenient credit.
Thank you again for the opportunity to appear before this
Committee. I would be pleased to answer any questions you may have.

PREPARED STATEMENT OF EDMUND MIERZWINSKI

Consumer Program Director
U.S. Public Interest Research Group
June 26, 2003

Chairman Shelby, Senator Sarbanes, and Members of the Committee, on
behalf of the nonprofit, nonpartisan, State-based Public Interest
Research Groups, U.S. PIRG is pleased to offer you this testimony on
affiliate sharing practices and the Fair Credit Reporting Act (FCRA).
Among the most important matters before this Congress is review of the
impact of the 1996 exception to the definition of credit report
allowing companies to share customer experience and transaction
information among corporate affiliates outside the major consumer
protections of the FCRA.
Our testimony also discusses the relationship between the FCRA and
the 1999 Gramm-Leach-Bliley Financial Services Modernization Act (GLB)
and attempts by industry to chill efforts by cities and States to enact
stronger financial privacy laws, as GLB clearly allows under the
Sarbanes States' Rights Amendment.
In addition to presenting our views on the problems caused by
unregulated and under-regulated information sharing by and among
corporate affiliates and unaffiliated third parties, we urge the
Congress not to extend the FCRA's temporary 1996 partial preemption
provisions. The FCRA itself does not need to be reauthorized; extension
of preemption is an optional decision by the Congress that, in our
view, reverses clear Congressional intent from 1996 that preemption be
temporary.

Summary
Congress enacted in 1970 a comprehensive scheme for regulating the
sharing of detailed information by credit bureaus under the Fair Credit
Reporting Act. Yet, through a 1996 exception, it created a new class of
unregulated affiliate sharing transactions. Sharing of confidential
consumer information among affiliates is not regulated under the FCRA
nor under the Gramm-Leach-Bliley Act. The latter Act simply requires
notice of affiliate and third party information sharing practices and
provides a modest opt out in an extremely limited subset of third-party
transactions. In the post-GLB marketplace, this failure to regulate a
growing class of transactions involving confidential consumer
information and decisionmaking is troubling. While we have enacted
comprehensive standards for regulating credit reports, we have no
standards for regulating affiliate sharing.
Industry, in a series of hearings before this Committee and the
House Financial Services Committee, has failed to make the case for a
continued exception from regulation for affiliate information sharing.
Industry has also claimed, without proof, that unregulated
information sharing provides billions of dollars of benefits to the
economy and, again with proof, that providing consumers with greater
privacy rights will eliminate those alleged benefits. Industry has also
claimed that providing consumers with privacy protection will prevent
them from stopping fraud or completing transactions on consumer
accounts. Neither claim is true. The industry also infers that consumer
groups are for ``harsh'' opt in rules, but that the pro-consumer
industry would support a more reasonable opt out privacy mechanism. In
fact, sharing under the Gramm-Leach-Bliley Act is largely based on a
notice only, no opt regime. The vast majority of the financial services
industry prefers no opt even to modest opt out protections.

The Fair Credit Reporting Act Strictly Regulates Information-Sharing
by Credit Bureaus under The Fair Information Practices, But Allows
Companies A Sweeping Affiliate-Sharing Exception to the Definition
of Credit Report The Fair Credit Reporting Act, Its History and the Fair Information Practices
I want to state clearly at the outset that the FCRA is an important
consumer protection and privacy law. It plays a critical role in
helping consumers obtain opportunities in the marketplace. The 1970 Act
recognized the importance to the economy of the third-party credit
reporting system, but it also recognized the importance of accurate
credit reports and the protection of privacy. Yet, despite the 1996
attempts to update the law to improve it, the law still suffers from
numerous problems\1\ in addition to its affiliate-sharing exception,
the subject of today's hearing.
---------------------------------------------------------------------------
\1\ For example, other problems with the FCRA include a lack of
adequate Federal agency enforcement, unacceptable limits on private
enforcement, an utter disdain for compliance by many creditors when
they furnish information to credit bureaus, the failure by the consumer
reporting industry to maintain adequate accuracy standards, and the
disconnect in the credit granting process that has led to the identity
theft epidemic. See U.S. PIRG's testimony before the House Subcommittee
on Financial Institutions, 4 June 2003, at http://
financialservices.house.gov/media/pdf/060403em.pdf.
---------------------------------------------------------------------------
The FCRA was enacted \2\ in 1970 in the wake of a series of
scandals involving unfair insurance investigations. Congress also
recognized an increasing inability of consumers to obtain redress when
credit mistakes were made. The 1970 Act created a broad structure for
regulating consumer reporting agencies (CRA's, or credit
bureaus).
---------------------------------------------------------------------------
\2\ 15 U.S.C. 1681 et seq.
---------------------------------------------------------------------------
The FCRA's general structure is based on the Code of Fair
Information Practices,\3\ which were later described by a 1973 Health,
Education, and Welfare (HEW) task force and embodied into the 1974
Privacy Act,\4\ which regulates Government uses of information. The
Fair Information Practices require data collectors to collect only
limited information; to use it only for specified purposes, unless
consent of the data subject is granted for secondary uses; to protect
the security, accuracy, and privacy of that information; to make
information practices transparent to subjects; to grant data subjects
the rights to inspect, correct, and dispute records about them; and to
grant data subjects the right to enforce these rights.
---------------------------------------------------------------------------
\3\ Ideally, consumer groups believe that all privacy legislation
enacted by either the States or Congress should be based on Fair
Information Practices, which were originally proposed by a Health,
Education, and Welfare (HEW) task force and then embodied into the 1974
Privacy Act and into the 1980 Organization for Economic Cooperation and
Development (OECD) guidelines. The 1974 Privacy Act applies to
Government uses of information. Consumer and privacy groups generally
view the following as among the key elements of Fair Information
Practices: (1) Collection Limitation Principle: There should be limits
to the collection of personal data and any such data should be obtained
by lawful and fair means and, where appropriate, with the knowledge or
consent of the data subject. (2) Data Quality Principle: Personal data
should be relevant to the purposes for which they are to be used, and,
to the extent necessary for those purposes, should be accurate,
complete and kept up-to-date. (3) Purpose Specification Principle: The
purposes for which personal data are collected should be specified not
later than at the time of data collection and the subsequent use
limited to the fulfillment of those purposes or such others as are not
incompatible with those purposes and as are specified on each occasion
of change of purpose. (4) Use Limitation Principle: Personal data
should not be disclosed, made available or otherwise used for purposes
other than those specified in accordance with the Purpose Specification
Principle except: (a) with the consent of the data subject; or (b) by
the authority of law. (5) Security Safeguards Principle: Personal data
should be protected by reasonable security safeguards against such
risks as loss or unauthorized access, destruction, use, modification,
or disclosure of data. (6) Openness Principle: There should be a
general policy of openness about developments, practices, and policies
with respect to personal data. Means should be readily available of
establishing the existence and nature of personal data, and the main
purposes of their use, as well as the identity and usual residence of
the data controller. (7) Individual Participation Principle: An
individual should have the right: (a) to obtain from a data controller,
or otherwise, confirmation of whether or not the data controller has
data relating to him; (b) to have communicated to him, data relating to
him within a reasonable time; at a charge, if any, that is not
excessive; in a reasonable manner; and in a form that is readily
intelligible to him; (c) to be given reasons if a request made under
subparagraphs (a) and (b) is denied, and to be able to challenge such
denial; and (d) to challenge data relating to him and, if the challenge
is successful to have the data erased, rectified, completed, or
amended. (8) Accountability Principle: A data controller should be
accountable for complying with measures which give effect to the
principles stated above. This analysis derived from Robert Gellman,
``Privacy, Consumers, and Costs: How The Lack of Privacy Costs
Consumers and Why Business Studies of Privacy Costs are Biased and
Incomplete,'' March 2002, http://www.epic.org/reports/dmfprivacy.html
or http://www.cdt.org/publications/dmfprivacy.pdf which also discusses
in detail the OECD Council Recommendations Concerning Guidelines
Governing the Protection of Privacy and Transborder Flows of Personal
Data, 20 I.L.M. 422 (1981), O.E.C.D. Doc. C (80) 58 (Final) (Oct. 1,
1980), at http://www.oecd.org//dsti/sti/it/secur/prod/PRIV-EN.HTM.
\4\ 5 U.S.C. 552a.
---------------------------------------------------------------------------
For example, the FCRA allows credit bureaus--which are clearly
third parties without a direct relationship with consumers--to obtain
detailed information from public records, creditors, and even
subjective interviews and then to engage in widespread trafficking in
detailed credit dossiers containing a consumer's most intimate
financial details.
But, the FCRA strictly regulates that trafficking through its
comprehensive structure, based on the Fair Information Practices. It
requires credit bureaus to employ reasonable procedures to ensure the
``maximum possible accuracy'' of credit reports. It limits the use of
credit reports only to users with a permissible purpose. It gives
consumers a series of rights, including a right to inspect the reports
(for free after denial of credit) and to dispute errors. It gives
consumers a right to learn when their reports have been used adversely,
for example to deny them credit or insurance. It gives consumers the
right to sue bureaus that make mistakes or refuse to fix them, but it
tempers that right with strong affirmative defenses and defamation
immunity for the CRA's.
Although the Act was not and is not perfect, most experts agree
that the FCRA was the first comprehensive privacy law enacted in the
United States and that its general framework is soundly based on the
Fair Information Practices.
In 1989, in response to a series of complaints about credit
reporting errors, Congress began a series of hearings that culminated
in the 1996 Amendments to the FCRA. Three matters of extreme
controversy--pitting consumer groups, State attorneys general and, on
all major issues joined by the Federal Trade Commission, against the
financial industry--delayed final passage of the Amendments from 1992
until 1996.\5\
---------------------------------------------------------------------------
\5\ In the interim, a number of States, including Vermont (1992),
California (1994), and Massachusetts (1995) acted more quickly to
address credit reporting problems.

First, industry insisted that the FCRA's longstanding floor
preemption provision (States can enact stronger laws) be reversed
and that the Federal FCRA become a ceiling. The final 1996
Amendments preempted only some provisions of the FCRA, and then
only for 8 years.
Second, industry fiercely resisted efforts to add a new
provision to the Act imposing duties on creditors that furnish
information to credit bureaus to ensure accuracy and imposing
liability when those duties were violated. The final provision
imposed only limited duties. Liability for making errors was
subjected only to agency enforcement, with consumers only having a
private right of action to enforce violations of the Act's
reinvestigation provisions.
Third, industry insisted that a new exception to the
definition of credit report be carved out, for the sharing of
experience and transaction information among companies affiliated
by common control. In addition, the new exception was included in
the list of provisions subject to the temporary preemption of State
action.

The Affiliate Sharing Exception to the FCRA
Although numerous hearings were held from 1989-1996 during
consideration of the FCRA Amendments, we are unaware of any specific
hearing on affiliate sharing, nor any record testimony of any
significance, if any at all, provided by the industry about the
subject. Yet, among State attorneys general, consumer groups, and the
FTC, there was grave concern that Congress was acting precipitously to
create a sweeping exception that could limit consumer access to the
wide panoply of rights granted by the FCRA.
The affiliate sharing exception allows detailed experience and
transaction information to be shared and used for adverse actions
without triggering the FCRA's consumer protection rights,\6\ in the
circumstance where the information is shared among corporate
affiliates. Experience and transaction information could include
details from credit card and checking account purchases, mortgage
balances and payment histories, bank account and brokerage balances and
other deposit account usage information, relationships with co-signers,
if any, etc.
---------------------------------------------------------------------------
\6\ The 1996 Amendments do provide that consumers be provided an
extremely limited notice if affiliate shared information is used
adversely, but provision of the notice triggers no additional rights.
See FCRA Section 615(b)(2). Compare with notice under 615(a) (adverse
action based on credit report), which triggers comprehensive rights and
duties under Sections 609, 610, 611.
---------------------------------------------------------------------------
As the FTC, in an official position paper,\7\ stated on affiliate
sharing:
---------------------------------------------------------------------------
\7\ The FTC took an official position on the proposed FCRA
Amendments in 1994. U.S. PIRG has archived a (scanned) copy of the
document, ``H.R. 1015, Federal Trade Commission Analysis and
Recommendations, 25 July 1994,'' at http://www.pirg.org/consumer/
credit/ftcanalysis hr1015.pdf.

Because the subject of information sharing with affiliates
has not been the subject of Congressional hearings, the factual
basis for the provision is not necessarily available and the
Commission cannot easily evaluate its pros and cons. The
Commission believes, however, that caution is the best approach
in considering whether to create what may become a significant
exception to the consumer protections provided by the FCRA. It
may be preferable to defer creation of any exceptions to the
FCRA's protections for affiliate sharing until Congress has an
opportunity to study this issue and its implications more
---------------------------------------------------------------------------
carefully.

Congress did not debate affiliate sharing prior to 1996. Prior to
enactment of the 1999 Gramm-Leach-Bliley Act, however, Congress finally
became acutely aware of the problems posed by unfettered information
sharing.

The Costs To Consumers of Under-Regulated Affiliate Sharing
In 1999, while it was considering enactment of GLB, a sweeping
deregulation of the financial services industry that would encourage
the establishment of affiliate-based financial services supermarkets--
with banks, brokerages, and insurance companies all under one roof--
Congress became aware of the first two in a series of privacy
nightmares involving banks and their affiliates.

First, NationsBank (now Bank of America) had recently paid
civil penalties totaling $7 million to the Securities and Exchange
Commission and other agencies, plus millions more in private class
action settlements, over its sharing of confidential bank
accountholder information with an affiliated securities firm.
``Registered representatives also received other NationsBank
customer information, such as financial statements and account
balances.'' \8\ In this case, conservative investors who held
maturing certificates of deposits (CD's) were switched into risky
financial derivative products. Some lost large parts of their life
savings.
---------------------------------------------------------------------------
\8\ See the SEC's NationsBbank Consent Order http://www.sec.gov/
litigation/admin/337532.txt.
---------------------------------------------------------------------------
Second, Minnesota Attorney General Mike Hatch had recently
sued U.S. Bank and its holding company, accusing them of having
``sold their customers' private, confidential information to
MemberWorks, Inc., a telemarketing company, for $4 million dollars
plus commissions of 22 percent of net revenue on sales made by
MemberWorks.'' \9\ Memberworks and other nonaffiliated third party
telemarketers sign credit card customers up for add-on ``membership
club'' products and bill their credit cards as much as $89 or more
if they do not cancel within 30 days. The catch? The consumer never
gave the telemarketer her credit card number; her bank did, in a
scheme known as preacquired account telemarketing. General Hatch
has settled with both U.S. Bank and Memberworks.
---------------------------------------------------------------------------
\9\ See the complaint filed by the State of Minnesota against U.S.
Bank http://www.ag.state. mn.us/consumer/privacy/pr/
pr%5Fusbank%5F06091999.html.

While industry continues to claim that these were isolated pre-GLB
incidents, many of the Nation's largest banks have since been involved
in enforcement actions and private litigation over their similar sloppy
information practices. Capital One,\10\ Chase Manhattan,\11\
Citibank,\12\ First U.S.A.,\13\ GE Capital,\14\ MBNA America\15\ are
other banks or bank affiliates that have provided their customers'
personal and confidential information to fraudulent telemarketers.
---------------------------------------------------------------------------
\10\ Office of the Washington State Attorney General, ``Settlement
with Discount Buying Club Highlights Privacy Concerns,'' Aug. 4, 2000,
http://www.wa.gov/ago/releases/rel_brand
direct_080400.html.
\11\ Id.
\12\ National Association of Attorneys Generals, ``Multistate
Actions: 27 States and Puerto Rico Settle with Citibank,'' Feb. 27,
2002, http://www.naag.org/issues/20020301-multicitibank.php; Settlement
document available at http://www.oag.state.ny.us/press/2002/feb/
feb27b_02_
attach.pdf.
\13\ Office of the New York Attorney General, ``First USA to Halt
Vendor's Deceptive Solicitations,'' Dec. 31, 2002, http://
www.oag.state.ny.us/press/2002/dec/dec31a_02.html.
\14\ Supra, note 1.
\15\ Id.
---------------------------------------------------------------------------
While some cynical consumers might expect tawdry marketing behavior
from a credit card company, Minnesota Attorney General Mike Hatch also
brought an action against a mortgage company, in this case a subsidiary
of a national bank. In December 2000, the Minnesota Attorney General
filed a complaint against Fleet Mortgage, an affiliate of FleetBoston,
for substantially the same types of violations as U.S. Bank had engaged
in. Incredibly, the firm was allowing telemarketers to add bills for
buying club and roadside assistance plan memberships to consumer
mortgage payments after making deceptive telemarketing calls based on
confidential information derived from account relationships.\16\ That
complaint was settled in June 2001.\17\ The State's complaint explains
the problem with sharing confidential account information with third
party telemarketers.
---------------------------------------------------------------------------
\16\ See testimony of Minnesota Attorney Mike Hatch before this
Committee, 19 September 2002 at http://banking.senate.gov/02_09hrg/
091902/index.htm.
\17\ Minnesota v. Fleet Mortgage Corp., 158 F. Supp. 2d 962 (D.
Minn. 2001), available at http://www.ag.state.mn.us/consumer/PR/
Fleet_Opinion_61901.html.

Other than a cash purchase, providing a signed instrument or
a credit card account number is a readily recognizable means
for a consumer to signal assent to a telemarketing deal.
Preacquired account telemarketing removes these short-hand
methods for the consumer to control when he or she has agreed
to a purchase. The telemarketer with a preacquired account
turns this process on its head. Fleet not only provides its
telemarketing partners with the ability to charge the Fleet
customer's mortgage account, but Fleet allows the telemarketing
partner to decide whether the consumer actually consented. For
many consumers, withholding their credit card account number or
signature from the telemarketer is their ultimate defense
against unwanted charges from telemarketing calls. Fleet's
sales practices remove this defense.\18\
---------------------------------------------------------------------------
\18\ 28 December 2000, Complaint of State of Minnesota vs. Fleet
Mortgage, see http://www.ag. state.mn.us/consumer/news/pr/
Comp_Fleet_122800.html.

Another bank, Charter Pacific, was caught selling its database
containing 3.6 million valid credit card account numbers to a convicted
felon who then fraudulently billed the accounts for access to Internet
pornography sites that victims had never visited.\19\ In fact,
approximately 45 percent of the victims did not even own a
computer. Charter Pacific did not develop the database from its own
customers' information. Instead, it compiled the information from
credit cardholders who had purchased goods and services from merchants
that had accounts at Charter Pacific. The information included the date
of sale, account number, and dollar amount of every credit card
transaction processed by the bank's merchant customers. The
unrestricted sharing of this information resulted in over $44 million
of unauthorized charges.
---------------------------------------------------------------------------
\19\ Federal Trade Commission, ``FTC Wins $37.5 Million Judgment
from X-Rate Website Operator; Bank Sold Defendants Access to Active
MasterCard, Visa Card Numbers,'' Sept. 7, 2000, http://www.ftc.gov/opa/
2000/09/netfill.htm.
---------------------------------------------------------------------------
When data collectors do not adhere to Fair Information Practices,
consumers face numerous privacy risks. A summary of significant privacy
costs includes the
following:

Consumers pay a much higher price than dinner interruptions
from telemarketers. Many unsuspecting consumers may still be paying
$89/year or more for essentially worthless membership club products
they did not want and did not order. Although the Federal Trade
Commission has enacted amendments to the Telemarketing Sales Rule
\20\ (TSR) in an attempt to regulate the tawdry bank practices
described above, additional amendments may be necessary to ensure
that banks and their affiliates and subsidiaries comply fully with
the amendments, since they may run to the OCC for protection from
the FTC otherwise.
---------------------------------------------------------------------------
\20\ The amendments took effect 31 March 2003. http://www.ftc.gov/
opa/2003/01/tsrfrn final.htm.
---------------------------------------------------------------------------
Easy access to confidential consumer identifying information
leads to identity theft. Identity theft may affect 500,000-700,000
consumers each year. Identity theft victims in a recent PIRG/
Privacy Rights Clearinghouse survey \21\ faced average out-of-
pocket costs of $808 and average lost time of 175 hours over a
period of 1-4 years clearing an average $17,000 of fraudulent
credit off their credit reports. It is difficult to measure the
costs of higher credit these consumers pay, let alone attempt to
quantify the emotional trauma caused by the stigma of having their
good names ruined by a thief who was aided and abetted by their
bank and credit bureau's sloppy information practices. The
Committee need only review last week's compelling testimony of
Captain John Harrison \22\ (Ret.). In his oral statement, in
particular, Harrison described how he had gone from a high-
achieving military officer to a failed salesman who recently lost
his job due to, in his view, his loss of confidence caused by his
inability to cope with the frustration and emotional distress of
being a victim of identity theft and his subsequent inability to
clear his name of 61 fraudulent credit accounts.
---------------------------------------------------------------------------
\21\ See ``Nowhere To Turn: A Survey of Identity Theft Victims, May
2000, CALPIRG and Privacy Rights Clearinghouse, http://calpirg.org/
CA.asp?id2=3683&id3=CA&.
\22\ Senate Banking Committee Hearing On Identity Theft, 19 June
2003. See Captain Harrison's testimony at http://banking.senate.gov/
03_06hrg/061903/harrison.pdf.
---------------------------------------------------------------------------
The Easy access to Social Security numbers by Internet
information brokers and others also leads to stalking.
The failure to safeguard information and maintain its accuracy
leads to mistakes in credit reports and consequently consumers pay
higher costs for credit or are even denied opportunities.
Researchers at Michigan State University recently studied over
1,000 identity theft cases and found that victims in 50 percent of
the cases specifically reported that the theft was committed by an
employee of a company compiling personal information on
individuals.\23\ Many identity fraud cases stem from the
perpetrator's purchase of consumers' personal information from
commercial data brokers. Financial institutions information sharing
practices contribute to the risk of identity theft by greatly
expanding the opportunity for thieves to obtain access to sensitive
personal information.
---------------------------------------------------------------------------
\23\ Personal communication from author to Chris Hoofnagle of EPIC.
Study forthcoming; results provided in e-mail from Judith M. Collins,
Ph.D., Associate Professor, Leadership and Management Program in
Security School of Criminal Justice, Michigan State University to EPIC
(Apr. 22, 2003, 18:13:35 EST) (on file with EPIC).
---------------------------------------------------------------------------
The unlimited collection and sharing of personal data poses
profiling threats. Profiles can be used to determine the amount one
pays for financial services and products obtained from within the
``financial supermarket'' structure. As just one example,
information about health condition or lifestyle can be used to
determine interest rates for a credit card or mortgage. Even with a
history of spotless credit, an individual, profiled on undisclosed
factors, can end up paying too much for a financial service or
product. Because there are no limits on the sharing of personal
data among corporate affiliates, a customer profile can be
developed by a financial affiliate of the company and sold or
shared with an affiliate that does not fall within the broad
definition of ``financial institution.'' A bank, for instance, that
has an affiliation with a travel company could share a customer
profile resulting in the bank's customer receiving unwanted
telephone calls and unsolicited direct mail for offers of
memberships in travel clubs or the like that the individual never
wanted or requested. A negative credit decision based on this
profile would not trigger the vast consumer protection rights that
would be triggered by use of a strictly regulated credit
report.\24\
---------------------------------------------------------------------------
\24\ For additional discussion of the profiling issue, and related
privacy threats posed by information sharing, see 1 May 2002 comments
of EPIC, U.S. PIRG, Consumers Union, and Privacy Rights Clearinghouse
on the GLBA Information Sharing Study (Federal Register: February 15,
2002 (Volume 67, Number 32)) available at http://www.epic.org/privacy/
financial/glb_comments.pdf.
---------------------------------------------------------------------------
Further, the lack of any regulation of experience and
transaction information may pose risks for the privacy of health
data. Confidential medical records held by any health insurer or
hospital are strictly regulated by the Health Insurance Portability
and Accountability Act (HIPAA)'s medical privacy rules. If that
information is obtained by any GLB entity, it could be freely
shared outside of HIPAA.\25\
---------------------------------------------------------------------------
\25\ See testimony on medical privacy of Joy Pritts, Georgetown
University and Marc Rotenberg, EPIC, House Financial Institutions
Subcommittee, 7 June 2003 at http://financialservices. house.gov/
hearings.asp?formmode=detail&hearing=231.

In response to the public uproar over the NationsBank and U.S. Bank
cases, Congress included a privacy title, Title V, in GLB.\26\
---------------------------------------------------------------------------
\26\ 15 U.S.C. Sec. Sec. 6801-09.
---------------------------------------------------------------------------
While the FCRA Is Based on Comprehensive Protections, The Gramm-Leach-Bliley Financial Services Modernization Act's No Opt Regime Conversely Fails to Adequately Regulate Either Affiliate or Third Party Information Sharing
The GLB's No Opt Regime
Much of the debate over affiliate sharing and financial privacy has
not been over whether financial institutions protect information under
the Fair Information Practices. Rather, the debate has been over
whether banks and other institutions should provide consumers with an
express consent right (affirmatively say yes, or opt in, before
sharing) or whether information sharing should be allowed automatically
unless the consumer says no (OK to share as long as consumer does not
opt out). Industry documents and materials assert that the debate is
over opt out or opt in, falsely implying that they are for opt out, but
that opt in goes too far and would cost too much.
Actually, the vast majority of the financial services industry has
yet to agree that even an opt out is acceptable--most companies are
actually for no opt.
Many observers are unaware that the primary protection Congress
established in Gramm-Leach-Bliley is provided only by notice (no opt),
not by opt out. The Fair Credit Reporting Act is based broadly on the
Fair Information Practices, but GLB is, at best, based on FIP's-Lite.
Notice is not enough. When comprehensive databases of information are
held and used by companies, consumers need all of the rights provided
by the Fair Information Practices. GLB does not regulate in any way
affiliate sharing of experience and transaction. It does not close the
loophole established in the FCRA.
Under GLB, sharing of experience and transaction information with
either affiliates or with any third party providing joint marketing
services is unregulated under a no opt regime. The rationale for
treating marketing partners as affiliates was ostensibly to create a
level playing field for smaller institutions that might not have in-
house affiliates selling every possible product larger firms might
sell. Of course, large firms use joint marketing partners, too.
The limited consumer right to opt out Congress established only
applies in the circumstance where the bank shares experience and
transaction information with other third parties selling nonfinancial
services, primarily telemarketers. Even Congressional Research Service
reports have misunderstood the modest effect of the limited opt out
provisions of GLB.\27\
---------------------------------------------------------------------------
\27\ See for example, ``Financial Privacy--The Economics of Opt In
vs Opt Out. (Updated 16 Apr 2003) by CRS's Loretta Nott. It repeats a
mischaracterization of GLB that I believe has been made in other CRS
reports. The third sentence states: ``A consumer's financial
information may be shared among the (affiliates of the same corporate)
group as long as the person has been notified and has the opportunity
to decline, or `opt out.' '' The paragraph goes on to wrongly say that
the Johnson S. 660/Tiberi H.R. 1766 proposals are intended, among other
things to, ``maintain the opt out policy for affiliate information
sharing.''
---------------------------------------------------------------------------
GLB should have closed the affiliate sharing exception in the FCRA.
It did not. The failure of the GLB to regulate or require any form of
consumer consent for the vast majority of information sharing
transactions affected is one example of how GLB--unlike the broader
FCRA as it applies to credit reports--fails to meet the Fair
Information Practices. GLB fails to adequately protect consumer
privacy.

Notice is Not Enough
The result of this defective scheme is that most information-
sharing is only regulated or ``protected'' by notice. Sharing of
confidential consumer information with
either affiliates or joint marketing partners continues regardless of a
consumer's privacy preference. Although we have no way of knowing how
many joint marketing partners a company may have, we do know how many
affiliates some of the largest financial services holding companies and
bank holding companies have. For their recent joint comments to the
Treasury Department on GLB, State Attorneys General accessed the
Federal Financial Institutions Examination Council and Federal Reserve
websites and counted affiliates for Citibank (2,761), Key Bank (871)
and Bank of America (1,476).\28\
---------------------------------------------------------------------------
\28\ See 1 May 2002 Attorneys General Comments http://
www.ots.treas.gov/docs/r.cfm ?95421.pdf or http://www.epic.org/privacy/
financial/ag_glb_comments.html on the GLBA Information Sharing Study
(Federal Register: February 15, 2002 (Volume 67, Number 32)).
---------------------------------------------------------------------------
In 2001, a coalition of consumer and privacy groups filed a
petition \29\ with the agencies responsible for enforcing the GLB
Privacy Rule. On an encouraging note, many of the petitioners have
recently been informally contacted to watch for agency actions in
response to that petition calling for better privacy notices. Some
industry members are even supporting improvements to the privacy
notices. Of course, improving the notices does not change the flawed
GLB approach to the sharing of information among affiliates and third
parties.
---------------------------------------------------------------------------
\29\ The petition is available at http://www.privacyrightsnow.com/
glbpetition.pdf. See the website http://www.privacyrightsnow.com for
additional information about the coalition.
---------------------------------------------------------------------------
A Comparison of the Regulated and Unregulated Information Sharing of
FCRA and GLB
Categories of information regulated by the FCRA and GLB are treated
in several different ways. The FCRA strictly regulates consumer credit
reports. Credit bureaus sell certain other products, known as credit
headers, under an unregulated regime, although recent court decisions
have narrowed the credit header exception. Credit bureaus also sell
under-regulated, prescreened lists of consumers derived from credit
reports, for credit and insurance related purposes. Prescreened opt out
notices are hard to find and harder to read; the opt out mechanism is
overly complex and, for a permanent opt out, a consumer must make a
call, receive a notice in the mail, sign it, stamp it, and return
it.\30\
---------------------------------------------------------------------------
\30\ See PIRG's testimony before the House Financial Institutions
Subcommittee, 4 June 2003 for a detailed analysis. http://
financialservices.house.gov/media/pdf/060403em.pdf.
---------------------------------------------------------------------------
Information obtained by corporate affiliates, however, is known as
either ``experience and transaction'' information or ``other''
information and regulated by exception to the FCRA. Title V of GLB
provides that once companies have provided customers with notice of
their information sharing policies, they can share experience and
transaction under the extremely permissive GLB regime, with consumer
protection provided primarily by notice only (no opt).
---------------------------------------------------------------------------
\31\ The DC Circuit is 2001 decision is F. 3d 809 (2001). http://
laws.findlaw.com/dc/001141a.html. The Supreme Court also denied cert.
(536 U.S. ___(2002) 01-1080, 10 June 2002) in TransUnion I vs. FTC,
which ended 10 years of litigation over TransUnion's illegal use of
credit reports for target marketing.
\32\ TransUnion II vs. FTC, See http://laws.findlaw.com/dc/
015202a.html. This important appellate decision upheld the
constitutionality of the GLB privacy regulations and restricted the
sale of nonpublic personal information, including Social Security
numbers, by credit bureaus outside of the strict FCRA regime.
\33\ The prescreening opt out does not stop the flow of credit card
solicitations, it only slows it down. Now, many retailers, airlines,
organizations, and others routinely send credit card solicitations to
their customers. Yet, these offers are based on affiliate sharing--
under the Gramm-Leach-Bliley Act, not the FCRA. No credit report was
used for prescreening, so no opt out is provided on the mailings. Under
Gramm-Leach-Bliley, affiliate sharing of ``experience and transaction''
information is subject to a no opt rule. The FCRA opt out does not
apply, nor does the limited GLB opt out. Congress should create a ``no
credit card offers'' list and apply the 1-call opt out to all credit
card solicitations not only prescreened solicitations.

Information Sharing Under The FCRA and The GLB
------------------------------------------------------------------------
Type of Information Shared or Sold By Protection Scheme
------------------------------------------------------------------------
Consumer credit reports Credit Bureaus FCRA: Comprehensive
and investigative regulation under
consumer reports FIP's.
------------------------------------------------------------------------
Credit headers Credit bureaus FCRA: Previously sold
(Demographic, under exception to
noncredit related, FCRA, but under
information derived recent decisions by
from credit reports) the DC Circuit, U.S.
Court of Appeals,
dates of birth\31\
and Social Security
numbers\32\ can no
longer be sold as
part of credit
headers.
------------------------------------------------------------------------
Prescreened lists of Credit bureaus FCRA: Moderately
consumers with certain regulated, with weak
characteristics\33\ right for consumers
to opt out. Lists
cannot be used for
general target
marketing, only sold
for marketing credit
or insurance
products.
------------------------------------------------------------------------
``Experience and Banks, brokerages, FCRA provides that
Transaction'' insurance companies, this information is
Information (credit and other financial not regulated as a
card and checking institutions credit report. GLB:
account purchases, Can be shared with
mortgage balances, any affiliate or any
bank account and third party in a
brokerage balances, joint marketing
and other deposit relationship with
account usage bank to sell
information, financial products
relationships with co- regardless of
signers, etc.) customer's privacy
preference (no opt).
Customer has right to
opt out only if
information will be
shared with or sold
to other third
parties, primarily
telemarketers.
------------------------------------------------------------------------
``Other'' information Banks, brokerages, FCRA: Affiliates can
obtained from a insurance companies, share this
consumer's and other financial information with
application, a institutions affiliated companies
consumer's credit provided consumer is
report or a consumer's given a notice and a
references right to opt out.
------------------------------------------------------------------------
GLB exceptions to opt Banks, brokerages, Under numerous
out rights insurance companies, exceptions, opt outs
and other financial do not apply to
institutions experience and
transaction
information shared
with any affiliate or
third party for
completion of
consumer's
transaction, fraud
control, Government
purposes, secondary
market underwriting,
etc.
------------------------------------------------------------------------

How the Gramm-Leach-Bliley Act Falls Short of the Fair Information
Practices
First, GLB fails to require any form of consent (either opt in or
opt out) for most forms of information sharing for secondary purposes,
including experience and transaction information shared between and
among either the affiliates or certain affiliated third parties with
``joint marketing agreements.'' These outside firms are treated as if
they were affiliates, under the no opt regime.
Second, while institutions point out consumers generally have
access to and dispute rights over their financial account statements,
they have no knowledge of, let alone rights to review or dispute, the
development of detailed profiles on them created by financial
institutions. California is considering a PIRG-backed proposal to
address the problem that consumers have neither knowledge of nor a
right to inspect marketing profiles.\34\
---------------------------------------------------------------------------
\34\ Proposed California legislation, SB 27, offered by State
Senator Liz Figueroa, would require a business that discloses a
consumer's personal information to a third party for direct marketing
purposes to provide to a customer, upon request, a written description
of the sources and recipients of that information and copies of the
information disclosed. See http://www.leginfo.ca.gov/pub/bill/sen/
sb_0001-0050/sb_27_cfa_20030507_132723_sen_comm.html.
---------------------------------------------------------------------------
Third, while GLB does require disclosure of information practices,
numerous reviews of these privacy policies, by outside experts,\35\
CALPIRG,\36\ and others has documented that the policies are unreadable
and incomprehensible. None fully explain all uses of information,
including the development of consumer profiles for marketing purposes.
None list all the affiliates, or even all the types, that they might
share information with. None describe the specific products, most of
which are of minimal or even negative value to consumers, that third
party telemarketers might offer for sale to consumers who fail to opt
out. Yet all the privacy policies make a point of describing how
consumers who elect to opt out will give up ``beneficial''
opportunities.
---------------------------------------------------------------------------
\35\ Mark Hochhauser, readability consultant to the Privacy Rights
Clearinghouse, analyzed dozens of the initial notices: ``Readability
analyses of 60 financial privacy notices found that they are written at
a 3rd-4th year college reading level, instead of the junior high school
level that is recommended for materials written for the general public.
See ``Lost in the Fine Print: Readability of Financial Privacy
Notices'' by Mark Hochhauser at http://www.privacyrights.org/ar/GLB-
Reading.htm.
\36\ See the CALPIRG report Privacy Denied: A Survey Of Bank
Privacy Policies, 15 Aug 2002, http://calpirg.org/
CA.asp?id2=7606&id3=CA&.
---------------------------------------------------------------------------
Fourth, GLB does not give consumers a private right of action to
enforce the law as the FCRA generally does.
GLB's Preservation of States' Rights: The Sarbanes Amendment
Congress recognized that GLB did not adequately protect privacy and
that Title V was only a modest first step. Indeed, Chairman Shelby
pointed this out in his floor remarks in opposition to the bill's
enactment in 1999.

We are about to pass this afternoon a financial modernization
bill that represents industry interests in a big way. However,
we have forgotten the interests of the most crucial market
participant of all in America--the consumer, the American
citizen. Under this bill, the consumer has little, if any,
ability to protect the transfer of his or her personal
nonpublic financial information. . . . I can assure Members
these large financial conglomerates will have more information
on citizens than the IRS, but we have done virtually nothing to
protect the sharing of such nonpublic personal financial
information for the American people. . . . First, the opt out
requirement does not apply to affiliate sharing. . . . Second,
the bill includes an exception to the porous opt out provision
that allows two or more financial institutions to share their
customers' nonpublic personal information with telemarketers to
market financial products or services offered under a so-called
joint agreement. . . . I believe these privacy provisions are a
sham. I have said it before.\37\
---------------------------------------------------------------------------
\37\ 145 CR S13895 Floor remarks of Senator Richard Shelby (R-AL),
4 Nov 1999, during consideration of S. 900, which became GLB.

In recognition of the concerns of a bi-partisan group of Members,
led by Senators Shelby (R-AL) and Sarbanes (D-MD) and Representatives
Barton (R-TX) and Markey (D-MA), the Congress took the exceedingly rare
step of affirmatively and specifically granting the States the right to
enact stronger financial privacy laws. In conference committee, the
Congress inserted an amendment offered by Senator Sarbanes granting
---------------------------------------------------------------------------
States the right to enact stronger financial privacy laws:

Sec. 6807. Relation to State laws
(a) In general
This subchapter and the amendments made by this subchapter
shall not be construed as superseding, altering, or affecting
any statute, regulation, order, or interpretation in effect in
any State, except to the extent that such statute, regulation,
order, or interpretation is inconsistent with the provisions of
this subchapter, and then only to the extent of the
inconsistency.
(b) Greater protection under State law
For purposes of this section, a State statute, regulation,
order, or interpretation is not inconsistent with the
provisions of this subchapter if the protection such statute,
regulation, order, or interpretation affords any person is
greater than the protection provided under this subchapter and
the amendments made by this subchapter, as determined by the
Federal Trade Commission, after consultation with the agency or
authority with jurisdiction under Section 6805(a) of this Title
of either the person that initiated the complaint or that is
the subject of the complaint, on its own motion or upon the
petition of any interested party. (Pub. L. 106-102, Title V,
Sec. 507, Nov. 12, 1999, 113 Stat. 1442.)

The GLB Conference Report illustrates the final statement of the
terms agreed to by both Houses, which confirms what GLB states
explicitly: The States are free to adopt laws regarding the privacy of
consumer financial information provided to financial institutions. On
the floor, Senator Sarbanes \38\ emphasized protection of the States'
authority to legislate in the area of consumer privacy:
---------------------------------------------------------------------------
\38\ 145 Cong. Rec. S13789 (1999) Statement of Senator Sarbanes on
final passage of GLB.

[W]e were able to include in the conference report an
amendment that I proposed which ensures that the Federal
Government will not preempt stronger State financial privacy
laws that exist now or may be enacted in the future. As a
result, States will be free to enact stronger privacy
---------------------------------------------------------------------------
safeguards if they deem it appropriate.

Likewise, Senator Grams \39\ said the savings clause of GLB,
``preserves all existing and all future State privacy protections above
and beyond the national floor established in this bill.'' House Members
similarly interpreted the amended bill. As Representative John LaFalce
\40\ said, ``[T]he conference report totally safeguards stronger State
consumer protection laws in the privacy area.''
---------------------------------------------------------------------------
\39\ 145 Cong. Rec. S13889 (1999) Statement of Senator Grams.
\40\ 145 Cong. Rec. E2310 (1999) Statement of Representative
LaFalce.
---------------------------------------------------------------------------
Industry's Claim That The FCRA's Preemption Provision Trumps
GLB's States' Rights Provision Is False, But Its Propaganda Campaign
Has Had a Chilling Effect on State Action To Enact Stronger
Financial Privacy Laws
The FCRA regulates credit reports. As discussed above, a narrow
exception states that when companies share information among corporate
affiliates, the sharing does not make the sharing entity a credit
bureau, with a credit bureau's concomitant responsibilities and duties.
Although that exception is troubling, since it means that companies are
able to make credit decisions on the basis of unregulated internal
databases, nothing in the legislative history suggests that Congress
intended more than that when it exempted affiliate sharing from the
FCRA in 1996.
But while the substantial legislative history and the plain
language of Section 6807 of the GLB grants States greater rights to
enact stronger privacy laws, industry has alleged that a different
provision of GLB, Section 6806, renders the Sarbanes Amendment
meaningless.

The Sarbanes Amendment and the FCRA Savings Clause
Section 6806 is the so-called FCRA savings clause and is intended
to preserve the greater protections of the FCRA strictly regulating
credit reports from being weakened by GLB's lesser protections.
Industry claims that the FCRA savings clause creates a safe harbor
preventing the Sarbanes Amendment from applying to affiliate sharing,
by allowing the preemptive affiliate sharing exception of the FCRA to
trump GLB's Sarbanes Amendment.
Yet, as former FTC Chairman Pitofsky testified before Congress on
financial services modernization, in a 1999 hearing on H.R. 10, the
House bill which became GLB:

Finally, the bill should make it clear that its privacy
provisions do not limit the FCRA's protections to the extent
they apply to financial institution files. . . . If construed
to supersede the FCRA, the H.R. 10 privacy provisions would be
a major retreat in privacy protections for consumers. Credit
reports could be distributed to firms that had no permissible
purpose to see them if the consumer did not take the
affirmative step of stopping that practice. The Commission
believes it essential to eliminate the potential for such an
interpretation by adding a savings clause indicating that,
notwithstanding any provisions of H.R. 10, the full protections
of the FCRA continue to apply where applicable.\41\ [Emphasis
added]
---------------------------------------------------------------------------
\41\ Testimony of FTC Chairman Robert Pitofsky before the House
Financial Institutions Subcommittee on HR 10, 21 July 1999, at http://
financialservices.house.gov/banking/72199pif.htm.

Industry argues that the FCRA savings clause inserted following the
FTC Chairman's request instead acts to limit consumer protection.
Industry argues that somehow the purpose of the clause is to allow the
FCRA's one weaker exception--not its myriad greater protections--to
prevail. War is peace. Up is down.

State and Local Action under the Sarbanes Amendment
Industry's threats that the Sarbanes Amendment is meaningless have
had a chilling effect on State efforts to enact stronger financial
privacy laws governing affiliate sharing. Although numerous States have considered financial privacy legislation since 1999, only California has
come close to enactment of legislation. In California, a compromise version
of SB 1, proposed by State Senator Jackie Speier, has passed the State
Senate but is currently mired in the Assembly Banking Committee due to
industry opposition. The bill would greatly strengthen consumer rights
in information sharing. Anticipating that the bill will not pass,
consumer groups including CALPIRG and Consumers Union have already
collected over 200,000 signatures toward a proposed ballot initiative
for March 2004. The ballot initiative is even stronger than SB 1.
Although it remains the consumer group view that the FCRA savings
clause of GLB's effect on the Sarbanes Amendment should be construed
narrowly, it should be noted that the groups planned the ballot
referendum for 2004, after the scheduled sunset of FCRA preemption, to
clear one additional procedural hurdle: Predicted bank litigation.
Indeed, tired of waiting for the State or Congress to act, several
California cities and counties led by San Mateo and Daly City, have
enacted local financial privacy ordinances modeled after SB 1. The
ordinances will take effect on 1 September 2003, but first they must
survive court challenges by Bank of America and Wells Fargo, joined by
the Nation's chief national bank regulator, the Office of the
Comptroller of the Currency.\42\
---------------------------------------------------------------------------
\42\ For more information about OCC's abusive preemption positions
generally, see http://www.pirg.org/occwatch.

If the cities lose in court, despite the clear legislative history
in their favor, particularly under a National Bank Act preemption
argument, it may be appropriate for the Congress to consider a narrow
clarifying amendment to GLB that makes it clear that the Sarbanes
Amendment is the paramount Federal rule on financial privacy, all other
laws notwithstanding.

Industry Has Misrepresented the Goal and the Effect of State Financial
Privacy Laws
Throughout the debate over financial privacy and the FCRA
preemption, industry has engaged in a two-part strategy to confuse the
public and decisionmakers.
First, Industry Claims To Be For Opt Out, When It Is In Favor Of No Opt
As discussed above in the section on GLB, industry muddles the
issue of no opt versus opt out. For example, a white paper prepared for
the industry that is routinely cited by industry witnesses before
Congress states the following:

Congress struck a critical balance in the 1996 FCRA
Amendments between consumers' interest in reaping the benefits
of accessible credit files and their interest in privacy. That
balance is reflected in the combination of preemption and opt
out provisions for prescreening and affiliate-sharing. Efforts
to fundamentally alter that balance by not reenacting
preemption and/or by conditioning prescreening and affiliate-
sharing on opt in threaten to impose considerable costs on
consumers, business, and the economy, while not increasing
privacy protection.\43\
---------------------------------------------------------------------------
\43\ Financial Privacy, Consumer Prosperity, and The Public Good:
Maintaining The Balance. Fred Cate, Robert E. Litan, Michael Staten,
Peter Wallison. Mar 2003. See http://www.aei. brookings.org/
publications/abstract.php?pid=313.

The paper is wrong on the affiliate sharing opt out, unless it is
cleverly hedging behind the limited ``other'' information opt out.\44\
It fails to accurately describe the actual no opt regime in place for
affiliate sharing of experience and transaction information. For this
and numerous other reasons, one expert observer, an independent privacy
consultant, called this paper ``shockingly incompetent.'' \45\
---------------------------------------------------------------------------
\44\ See FCRA, Section 604 (d)(2)(A)(iii) concerning information
obtained from ``other'' sources, such as a consumer's credit report or
application or references.
\45\ ``No Fair Fight Over FCRA Provision,'' by Robert Gellman, DM
News, 6 May 2003.
---------------------------------------------------------------------------
Industry witnesses refer to a number of other white papers and
pseudo-academic documents \46\ purporting to prove that either
eliminating State preemption or providing greater financial privacy
protections will cost the economy ``billions of dollars.'' In our view,
these papers are based on specious assumptions.
---------------------------------------------------------------------------
\46\ Harvard Law School Professor Elizabeth Warren, co-author of
several major peer-reviewed studies of the impact of bankruptcy on
consumers, has written an extensive article criticizing the use of
``proprietary'' research (data not available or peer-reviewed, paid for
by industry associations that hire academic ``research'' centers) to
make public policy. Wisconsin Law Review Vol. 2002, No. 1, ``The Market
For Data: The Changing Role of Social Sciences in Shaping The Law,''
Public Law Research Paper No. 038 See http://papers.ssrn.com/sol3/
papers.cfm ?abstract_id=332162.

None of the papers measure the costs of not protecting
privacy, including the costs of identity theft.
None of the papers measure the cost to society of inaccurate
credit reports caused by mistakes due to lack of enforcement of the
Federal FCRA.
None of the papers separate the impact, if any, of the 1996
preemption provisions from other dependent variables or attempts to
evaluate the effect of other factors on the credit economy.

None of the industry studies attempt to quantify the costs of not
protecting privacy. One contrary study finds, ``In fact, the costs
incurred by both business and individuals due to incomplete or
insufficient privacy protections reach tens of billions of dollars
every year.'' \47\
---------------------------------------------------------------------------
\47\ ``Privacy, Consumers, and Costs: How The Lack of Privacy Costs
Consumers and Why Business Studies of Privacy Costs are Biased and
Incomplete,'' by Robert Gellman, March 2002, See http://www.epic.org/
reports/dmfprivacy.html.
---------------------------------------------------------------------------
None of the industry studies measures the costs of inaccurate
credit reports. According to just one key finding of a major recent
study of 500,000 credit files:

Misclassification into the subprime mortgage market can
require a borrower to overpay by tens of thousands of dollars
in interest payments on a typical mortgage. For example, over
the life of a 30-year, $150,000 mortgage, a borrower who is
incorrectly placed into a 9.84 percent subprime loan would pay
$317,516.53 in interest, compared to $193,450.30 in interest
payments if that borrower obtained a 6.56 percent prime loan--a
difference of $124,066.23 in interest payments.

That study,\48\ by the Consumer Federation of America and National
Credit Reporting Association, found that at least 8 million consumers
are at risk of being misclassified into subprime credit due to sloppy
information handling practices by credit reporting agencies.
---------------------------------------------------------------------------
\48\ ``Credit Score Accuracy and Implications for Consumers,''
December 17, 2002, Consumer Federation of America and the National
Credit Reporting Association http://www.consumer fed.org/
121702CFA_NCRA_Credit_Score_Report_Final.pdf.
---------------------------------------------------------------------------
None of the industry studies measures the costs of a post-GLB
credit economy where adverse decisions are made without consumers
gaining the right to know about, look at, dispute, or correct their
file.

Industry Falsely Claims That Financial Privacy Laws Will Stop All
Information Sharing, not Simply Sharing for Secondary Purposes
Perhaps even more importantly, industry's white papers and
testimony and press releases have made a wide variety of false and even
wild claims about the goal and effect of financial privacy laws:

Industry alleges that stronger financial privacy laws will
prevent firms from using one telephone call center for all of a
consumer's accounts.
Industry claims that financial privacy laws ``will hinder
their efforts to spot terrorists.'' \49\
---------------------------------------------------------------------------
\49\ ``Privacy Laws Under Attack,'' Associated Press, 19 Feb 2002.
The article quotes executives of two powerful industry associations
opposing State privacy laws on terrorism grounds: The Financial
Services Roundtable (``We would have trouble communicating with law
enforcement . . .'') and the Financial Services Coordinating Council
(``I do not think that explicitly a legislator would try to hurt the
exchange of information that would allow law enforcement to do what
they need to do . . .'')
---------------------------------------------------------------------------
Industry claims that information sharing is critical to
stopping fraud and identity theft.

Actually, the goal of consumer financial privacy laws is not to
prevent these uses. SB 1 (California) would simply limit information
sharing for secondary purposes without consent. The goal of SB 27
(California) is to give consumers access rights in GLB that modestly
approach those of the FCRA.
Here is the antifraud, anti-identity theft, exception to the opt
out in existing Federal law:

GLB Section 6802(e)(3)(A) to protect the confidentiality or
security of the financial institution's records pertaining to
the consumer, the service or product, or the transaction
therein; (B) to protect against or prevent actual or potential
fraud, unauthorized transactions, claims, or other liability;
(C) for required institutional risk control, or for resolving
customer disputes or inquiries; (D) to persons holding a legal
or beneficial interest relating to the consumer; or (E) to
persons acting in a fiduciary or representative capacity on
behalf of the consumer;

Similar provisions exist for completing a consumer's transaction,
underwriting, to comply with Government requirements, or to protect the
``public safety.''
In addition, each of the proposed State and local laws and ballot
initiatives, to our knowledge, includes similar exceptions.
It is worse than disingenuous to claim that financial privacy laws,
intended to give consumers control over the use of their confidential
information for secondary marketing and profiling purposes, will
completely close the spigot of information sharing for laudable
purposes.

Does Information Sharing Prevent Identity Theft? No
Industry has claimed that information sharing is critical to
identity theft prevention. From 1989 through 1996, while Congress
considered the strengthening of the FCRA, identity theft was not a
significant issue in the debate. While it turns out that the problem
was growing, the industry had been keeping it quiet and absorbing the
costs of fraud without providing Congress or the FTC with significant
information. In 1996, the State PIRG's released the first national
report on the problem, ``The Consumer X-Files,'' documenting the cases
of several identity theft victims and attempting to quantify the
problem.
In 1997, the State PIRG's released a follow-up, ``Return To The
Consumer
X-Files.'' \50\ In 2000, the State PIRG's and Privacy Rights
Clearinghouse released a detailed survey of identity theft victims,
``Nowhere To Turn.'' \51\ In 2003, CALPIRG released the first analysis
of police officer views on identity theft, ``Policing Privacy.'' \52\
It found that police share consumer groups' views that creditor
practices must be reined in to stop identity theft.
---------------------------------------------------------------------------
\50\ See http://www.pirg.org/reports/consumer/xfiles/index.htm.
\51\ See http://calpirg.org/CA.asp?id2=3683&id3=CA&.
\52\ See http://www.pirg.org/alerts/route.asp?id2=9791.
---------------------------------------------------------------------------
In 1998, Congress took its one step to stop identity theft,
criminalizing it without reining in the creditor and credit bureau
practices that aid and abet the thieves.
The FTC has recently reported that identity theft was the leading
complaint to the Agency for the years 2000, 2001, and 2002. The number
of cases doubled in 2002, according to the FTC. Based on figures
reported to the GAO by the credit bureaus themselves, identity theft
may strike as many as 500,000-700,000 consumers annually.
Criminalization has not worked. Do industry's unbelievable allegations
that identity theft is being slowed by information sharing mean the
problem would be even worse without information sharing?
Misuse, overuse, and easy access to Social Security numbers is what
drives the identity theft epidemic. Fundamentally, this nation needs to
wean the private sector of its over-reliance on Social Security numbers
(SSN) as unique identifiers and database keys. Creditors issue credit
based on a match between an applicant's Social Security number and a
credit bureau Social Security number, with no additional verification
in many cases that the applicant is actually the consumer whose credit
bureau file is accessed. Getting Social Security numbers out of
circulation and improving sloppy credit granting practices, not
unfettered information sharing, are the real solutions to the identity
theft menace.

Changing Industry Practices Limiting Information Sharing, not The
Threat of State Action, Are the Real Threat To the Economy
Failure To Report Completely To Game Credit Score Results
This spring, the Federal Reserve Board of Governors released a
major study \53\ of credit reports. Among its key findings, based on a
review of 248,000 credit reports held by one unnamed repository, was
the following: Fully 70 percent of consumers had at least one trade
line account with incomplete information. The Fed finds this
problematic.
---------------------------------------------------------------------------
\53\ See ``An Overview of Consumer Data and Credit Reporting,''
Avery et al, February 2003, Pages 47-73, Federal Reserve Bulletin
http://www.Federalreserve.gov/pubs/bulletin/2003/0203lead.pdf.

A key measure used in credit evaluation--utilization--could
not be correctly calculated for about one-third of the open
revolving accounts in the sample because the creditor did not
report the credit limit. About 70 percent of the consumers in
the sample had a missing credit limit on one or more of their
revolving accounts. If a credit limit for a credit account is
not reported, credit evaluators must either ignore utilization
(at least for
accounts without limits) or use a substitute measure such as
the highest-balance level. The authors' evaluation suggests
that substituting the highest-balance level for the credit
limit generally results in a higher estimate of credit
utilization and probably a higher perceived level of credit
risk for affected consumers. [Emphasis added] \54\
---------------------------------------------------------------------------
\54\ See page 71, ``An Overview of Consumer Data and Credit
Reporting,'' Avery et al, February 2003, Pages 47-73, Federal Reserve
Bulletin http://www.Federalreserve.gov/pubs/bulletin/2003/0203lead.pdf.

Although industry witnesses will testify to a vast ``free flow of
information'' driving our economy that should not be constrained, more
and more firms are choosing to stifle the flow of information
themselves--to maintain their current customers as captive customers.
We expect industry witnesses to claim this problem has been
resolved. According to the Fed and CFA studies it has not. This month,
a major lender told the American Banker newspaper it does not report
credit limits: ``Capital One has never reported credit limits, for
proprietary reasons,'' Diana Don, a spokeswoman for the McLean, VA,
card issuer, said Wednesday. ``We feel that it is part of our business
strategy and provides competitive advantage.'' \55\
---------------------------------------------------------------------------
\55\ ``FCRA Hearing to Shine Spotlight on Credit Process,''
American Banker, 12 June 2003 by Michele Heller.
---------------------------------------------------------------------------
When a bank intentionally fails to report a consumer's complete
credit report information to a credit bureau, that consumer is unable
to shop around for the best prices and other sellers are unable to
market better prices to that consumer. Even the Comptroller of the
Currency, Mr. Hawke, has condemned the practice.\56\ So has the FFIEC:
``The Agencies are aware that over the last year some financial
institutions have stopped reporting certain items of customer credit
information to consumer reporting agencies (credit bureaus).
Specifically, certain large credit card issuers are no longer reporting
customer credit lines or high credit balances or both.'' \57\
---------------------------------------------------------------------------
\56\ See speech by Comptroller of the Currency John Hawke at http:/
/www.occ.treas.gov/ftp/release/99-51.txt 7 June 1999: ``Some lenders
appear to have stopped reporting information about subprime borrowers
to protect against their best customers being picked off by
competitors. Many of those borrowers were lured into high-rate loans as
a way to repair credit histories.'' According to U.S. PIRG's sources in
the lending industry, this practice continues.
\57\ See advisory letter of 18 January 2000 at http://
www.ffiec.gov/press/pr011800a.htm Testimony of U.S. PIRG, 26 June 2003,
p.20.
---------------------------------------------------------------------------
Affiliate Sharing Regime Provides Fewer Consumer Rights
As we have indicated above, the FCRA is an important privacy and
consumer protection law. It provides consumers with substantive rights.
Yet the growing use of affiliate sharing under GLB for profiling and
credit decisionmaking may lessen the public benefits of the FCRA. If
credit decisions are made on the basis of affiliate-shared information,
consumers do not have the same bundle of rights as they would under the
FCRA. As internal creditor databases increase in size and predicative
value, either credit decisions or other profiling decisions (whether to
even offer a consumer a certain class of product, for example) may more
and more be made under the GLB regime. These adverse actions will not
result in triggering the same disclosures and rights that consumers
obtain under the FCRA. These changes in the marketplace, which are
already occurring, mean that consumers may not have the same credit
rights in the future. Congress should carefully scrutinize issues
related to the lack of consumer rights in the affiliate sharing world,
compared to the significant consumer protections provided by the FCRA.

Conclusion
Our complex national credit system, which relies on
interrelationships between and among furnishers of information
(creditors), consumer reporting agencies (credit bureaus) and numerous
other information providers, secondary market players and, finally,
consumers, was not created by the temporary 1996 preemption compromise
to the FCRA and will not be destroyed by letting it expire. Nor was
that complex national credit system created by the affiliate sharing
regime of GLB which has resulted in a growing number of unregulated
transactions and credit decisions.
The FCRA worked well before 1996, as the testimony of the Vermont
Attorney General's office and other consumer witnesses has made clear
today. Industry's lobbying campaign urging you to simply extend the
temporary preemption and extend the nonregulation of affiliate sharing
is merely an attempt to preserve the unacceptable status quo that has
resulted in unacceptable levels of credit report errors and an epidemic
of identity theft. We hope to work with the Committee on solutions to
these problems as well.
We generally agree with industry that a uniform national law would
be the most efficient, provided it is adequate. But the best way to get
to adequate uniformity is to retain States' rights. Congress has not
demonstrated a propensity for enacting uniform consumer protection laws
that are adequate, except when driven by the threat of State actions.
If Congress fails to solve the problem, or new problems arise, the
States can act more quickly to resolve the problem and provide a
template for additional Federal action by the Congress.
Retaining States' right to enact stronger laws is the best way to
guarantee an eventual strong uniform Federal law. The States are
rational actors; they will not act to balkanize our financial system.
Instead, they will respond to new threats with new and innovative
ideas, which will eventually be adopted by other States. The notion of
50 different, conflicting laws is absurd and not even worth debate.
In the area of consumer protection, without ideas from the States,
typically the only way the inertia of Congress is ever overcome is by a
stark crisis--such as Enron. Remember, the Enron fiasco was not even
enough to guarantee passage of last year's Sarbanes-Oxley corporate
reforms--we had to wait for Worldcom.
We appreciate the opportunity to provide our views on the Fair
Credit Reporting Act and affiliate sharing. We look forward to working
with you in the future on these and other solutions to the problems
consumers face in dealing with creditors, furnishers, and identity
theft.

----------

PREPARED STATEMENT OF ANGELA L. MAYNARD

Chief Privacy Executive and Counsel, KeyCorp
on behalf of the Financial Services Roundtable
June 26, 2003

Mr. Chairman and Members of the Committee, my name is Angela
Maynard, and I am the Chief Privacy Executive and Counsel for KeyCorp
(Key), an $86 billion financial holding company headquartered in
Cleveland, Ohio. As the nation's 11th largest banking company, Key
conducts business throughout the United States in States spanning from
Maine to Alaska.
Key is a member of the Financial Services Roundtable (Roundtable),
and I am appearing today on behalf of the Roundtable as well as the
customers, employees and shareholders of Key. The Roundtable represents
100 of the largest integrated financial services companies providing
banking, insurance, and investment products and services to consumers.
Member companies participate through their chief executive officer and
other senior executives nominated by the CEO.
I appreciate the opportunity to testify before the Committee on the
role of affiliate information sharing under the Fair Credit Reporting
Act (FCRA). The FCRA has become central to our Nation's credit system,
and the Committee is to be commended for undertaking a thorough review
of the Act and its impact on consumers, businesses, and the economy.
The Roundtable and Key support the affiliate information sharing
provisions of the FCRA, and urge the Committee to renew those and the
other provisions of the Act that are scheduled to expire at the end of
the year. The Importance of the FCRA and the Consumer Benefits of Information
Sharing
Before I explain how Key uses the affiliate information sharing
provisions of the FCRA, I thought it might be useful to provide the
Committee with some insight into the importance of the FCRA to the
economy and the consumer benefits associated with affiliate information
sharing.

Economic Consequences of Failing to Renew the FCRA
The Roundtable has found that the failure to renew key provisions
of the FCRA will impose substantial costs on consumers and the economy,
and will raise barriers to the least advantaged segments of our
population.\1\ More specifically, the Roundtable has found that the
failure to renew key provisions of the FCRA will result in higher costs
for interest on mortgages, credit cards, and other debt; reduced credit
access; and higher costs for insurance, electric power (in competitive
markets), mail-order and e-commerce purchases, and third-party
offerings by financial services companies.
---------------------------------------------------------------------------
\1\ ``The Economic Consequences of Failing to Renew Current
Provisions of the Fair Credit Reporting Act (FCRA) Which Promote
Uniform National Standards,'' a study prepared for the Financial
Services Roundtable by the Perryman Group, 2003.
---------------------------------------------------------------------------
The additional costs consumers would pay on mortgages and other
forms of credit are estimated to total over $20 billion each year. This
amount includes $1.7 billion in new mortgage expenses, $1.7 billion in
additional home equity and refinancing costs, and over $11 billion in
increased credit card charges. The increased annual costs for
insurance, electric power, e-commerce sales, and third party services
are estimated to total another $20 billion.
Additionally, approximately $170 billion in total funds from home
equity loans and refinancings would no longer be available to
households. Of this amount, approximately $100 billion would otherwise
have been spent and circulated through the economy.
When these and other cost factors are combined, the net direct loss
in annual aggregate spending from the failure to renew the FCRA is
estimated to be over $180 billion.

Consumer Benefits of Information Sharing
The Roundtable also has found that the customers of its member
companies obtain significant benefits from information sharing.\2\
These benefits include increased convenience, personalized service, and
real savings of time and money.
---------------------------------------------------------------------------
\2\ ``Customer Benefits from Current Information Sharing by
Financial Services Companies,'' a study prepared for the Financial
Services Roundtable by Ernst & Young, December 2000.
---------------------------------------------------------------------------
Information sharing saves the customers of Roundtable companies, on
average, $195 per household per year. For all customers of Roundtable
companies, the total dollar savings due to information sharing is
estimated to be $17 billion. About $9 billion of this total comes from
sharing information with third parties, and the remaining $8 billion is
due to information sharing with affiliates. The dollar savings for
customers result from the outsourcing of services to third parties,
relationship pricing, and proactive offers. Obviously, these savings
would be greater for the entire financial services industry.
Information sharing also saves time for the customers of Roundtable
companies. The average household saves close to 4 hours per year
because of the convenience provided by information sharing. This
amounts to a savings of about 320 million hours per year for all
customers of Roundtable companies. About 115 million hours are saved
because of information sharing with affiliates and 205 million hours
are saved because of information sharing with third parties. The
timesavings for customers are a result of centralized call centers,
Internet-based services, third party services, proactive offers, and
prefilled applications.
The Roundtable also has found that, contrary to common perception,
the ability to share information reduces identity theft and fraud, and
that it reduces the number of solicitations consumers actually receive.
Identity theft and fraud are reduced because information sharing allows
organizations to better identify and respond to fraud and identity
theft. Solicitations are reduced as a result of targeted marketing.
Roundtable members save about $1 billion per year through the use of
targeted marketing, as opposed to mass marketing, and those costs
savings can be passed forward to customers. Failure to renew the FCRA
could result in a shift back to mass marketing and cause Roundtable
members to send out over three times as many solicitations to achieve
the same level of sales.

How Key Uses Information Sharing To Benefit its Customers
Like many other financial services companies, Key is a holding
company that owns a number of subsidiary companies, all of which would
qualify as affiliates for purposes of the FCRA. At present, KeyCorp
owns approximately 20 companies that provide products and services
directly to individuals, including: KeyBank, N.A.; Key Bank U.S.A,
N.A.; McDonald Investments, Inc.; Victory Capital Management, Inc.; Key
Bank Life Insurance, Ltd.; KeyTrust Company, N.A.; and SecoLink
Settlement Services, LLC.
Key has worked diligently to consolidate the legal affiliates under
which we conduct business. Key was the first large multibank holding
company to consolidate bank charters under the authority provided by
the Riegle-Neal Act. Despite our efforts, we still must operate under
multiple legal affiliates due to State and Federal legal requirements,
tax and accounting considerations, and operational considerations. For
example, the Gramm-Leach-Bliley Act (GLBA) requires many of Key's
financial activities be conducted separate and apart from our banking
subsidiaries.
However, to our customers, Key is not a collection of separate
companies; it is a single entity that offers a variety of financial
products and services. These include retail and commercial banking;
investment banking and management; residential mortgages; home equity
and installment loans; financial, estate, and retirement planning;
asset management; and, for our business customers, real estate finance
and equipment leasing.
Despite this structure, Key has a single privacy policy that covers
all of our businesses. This policy discloses our practices regarding
the collection and sharing of information with both affiliated and
nonaffiliated companies. Key has had a privacy policy in existence for
6 years, which predates GLBA's privacy policy requirements.
Through our privacy policy, any consumer who provides information
to Key can learn the types of information we may collect, from whom,
how that information may be used, and how he or she can restrict the
use of this information across our company and with third parties. We
provide a copy of our privacy policy at the time a consumer first
provides the information to Key, whether or not an account is opened,
and annually, so long as a relationship exists with Key. Disclosed in
the privacy policy is a toll-free number that is dedicated solely to
recording privacy elections and answering privacy related questions.
Once recorded, a privacy election is applied corporate-wide, covering
all Key affiliates, and stays in effect until changed by the
individual.
The FCRA has two provisions related to the sharing of information
among affiliated companies. One provision relates to information about
a customer that is based on a company's own transactions with the
customer (so-called ``transaction and experience'' information). The
other provision relates to any other information about a consumer,
including information based on the consumer's transactions with other
institutions (so-called ``other'' information).
Transaction and experience information is information that relates
to a company's own experiences and transactions with a consumer. It
would include, for example, the length of time that a customer has held
a credit card, the number of times the customer has been late in making
a payment on the credit card, or the average monthly balance in the
customer's savings account. Under the FCRA, transaction and experience
information that is shared with an affiliate is not treated as a credit
report. Also, a customer does not have the ability to elect not to
allow Key to share such information within the Key family of companies.
Key's affiliates share this type of information for many purposes,
including customer risk assessments, the servicing of accounts, fraud
control, and targeted marketing.
Examples of other information, that is nontransaction and
nonexperience information, include information on an application, lists
of a consumer's assets and liabilities with other companies, and lists
of the names of companies from whom the
customer has purchased other financial products and services. Under the
FCRA, such other information that is shared with an affiliate is not
treated as a credit report as long as a consumer is notified that such
information may be shared and is given the opportunity to opt out of
having this information shared. This provision permits Key's affiliated
companies to share all types of information maintained on customers,
not just information on our own transactions or experiences with the
customer, provided the customer does not ``opt out'' of the sharing.
These two provisions were added to the FCRA in 1996 to accommodate
the flow of information within organizations, such as Key, which
provide products and services to consumers through multiple legal
entities. Absent these exceptions to the definition of what constitutes
a consumer report, Key's affiliates would be treated as consumer
reporting agencies under the FCRA and would be able to share consumer
information only in limited circumstances, such as a credit
transaction, the underwriting of insurance, or for employment purposes.
Key uses the affiliate information sharing provisions of the FCRA in
many other ways to help consumers. It relies upon affiliate information
sharing to help consumers obtain needed products and services and
service customer accounts. It also uses affiliate sharing to fight
fraud and identity theft, and to comply with anti-money laundering and
anti-terrorist financing laws. The following is a summary of the many
ways in which Key uses affiliate information sharing to benefit
consumers.

Appropriate Product and Services
Our customers expect us to help them identify appropriate financial
products and services. Affiliate information sharing permits us to
efficiently and effectively provide products and services that meet the
specific needs of our customers. To do so, we first must understand a
customer's financial needs and risk profile. Affiliate information
sharing allows us to gather this data. Once we have an understanding of
a customer's financial needs and risk profile, including an
understanding of the existing product and service relationships the
customer maintains across Key, we can determine what products and
services are best for the customer, from both a product function and
cost perspective. Without affiliate information sharing, our customers
would be at a disadvantage in terms of product selection and cost.

One-Stop-Shopping
Our customers want to minimize the time it takes to conduct
business. Affiliate information sharing allows us to deliver financial
products and services efficiently. It eliminates the need for our
customers to deal separately with different Key employees at multiple
locations in order to obtain products and services that are offered by
Key through separate legal affiliates. For instance, if a customer goes
to a Key branch to open a deposit account, the same employee can assist
that individual with other products, such as a home equity line that is
offered by a separate Key affiliate. Affiliate information sharing also
accelerates account approval and opening processes by leveraging
information Key already maintains on the customer to process the
customer's request. This eliminates the need for a customer to spend
time gathering papers and finding information necessary to proceed with
a product request.

Integrated Products and Services
Key offers several products that straddle affiliates. For example,
Key's Total Access Account connects a brokerage account to a bank
deposit account. This enables us to swap funds back and forth to
maximize the return on a customer's funds. Customer information must be
shared between our brokerage and bank to allow these products to co-
exist. Combined statements and online account aggregation services are
other examples of services that benefit our customers, and that are a
direct result of affiliate information sharing.

Relationship-Based Discounts
Key strives to maintain and grow customer relationships. One way we
achieve this goal is through relationship-based pricing and discounts
for customers who maintain multiple accounts across Key. The number and
mix of products and services a customer maintains across Key impacts
the profitability of a customer, which allows Key to provide certain
customers with discounts and preferential pricing. Affiliate
information sharing allows Key to perform the analysis necessary to
determine which customers qualify for discounts or other pricing
breaks. The benefit to the customer in this case is clear: Advantageous
pricing. This benefit is a direct result of affiliate information
sharing.

Ease for Clients
Affiliate information sharing supports our ability to effectively
service customers. It allows us to respond to customer inquires. With
access to shared information, a bank branch representative can assist a
customer who may have questions concerning the customer's brokerage and
deposit accounts. Information sharing also enables a centralized
department to update customer information for accounts held at any Key
affiliate. This saves the customer the time and nuisance of separate
visits and multiple telephone calls. Furthermore, information sharing
helps Key manage data quality. When personal information related to a
customer is changed at one affiliate, information sharing enables us to
reflect that change in other accounts held throughout the organization.
Maintaining the accuracy of customer information is critical in the
fight against identify theft.

Effective Solutions
Information sharing helps Key provide the best possible financial
solutions to its customers. For example, when determining the best
source for funds needed by a customer, a Key representative can
identify more opportunities with a full understanding of the client's
relationship across Key. Utilizing information sharing, the Key
representative may discover that the customer has a home equity line
with a Key company and may conclude that the home equity line is a less
expensive source of funds than the credit card limit extension the
customer may have requested.

Increased Efficiencies/Decreased Costs
Centralizing functions--such as call centers, operations centers,
analytics, and product development--all require information sharing
across affiliates. The centralized functions enable the same Key
employees to effectively and efficiently perform nearly identical
functions for different affiliates within our organization.
Consolidating functions across affiliates improves expertise, allows us
to better manage risks, and significantly reduce operating expenses.
These benefits are passed on to the customer in the form of better
service and lower costs. If affiliate information sharing is
restricted, it would force Key to decentralize and duplicate functions
within the organization, with no benefit to customers.

Well-Suited Offers
Key uses information sharing to determine which products or
services to market to our customers. We strive not to annoy our
customers with offers for products or services that do not fit their
needs. We know that customers only will choose new products or services
if those products or services fill a specific need. Efforts to market
the wrong products and services to our customers benefit no one. In
order to ensure that our marketing efforts benefit our customers, we
conduct the necessary analysis of the information we have available to
us to understand our customers' needs. This does not mean that we will
market products to those who have requested us not to solicit them. For
many years, Key has provided its retail and business customers the
option to not receive marketing from Key if they chose.

Uncovering Fraud
Information sharing among affiliates is critical in our efforts to
fight fraud. Organized crime groups conduct the majority of fraud
committed against financial institutions. These groups know the
requirements under which we operate and ``game'' the system. They know
where and how we can share information, and play that against us. They
know the legal restrictions we operate under and the technology we
utilize. When a financial institution is the target of fraud, it
generally is not an isolated incident; criminals strike at multiple
points across the organization. Gathering and sharing information on
the impacted accounts across the organization is the only means to
effectively address this problem. In these situations, information must
be retrieved from employees in closest contact with the accounts, as
well as the individuals who established the accounts. The information
must be shared with those involved throughout the organization involved
to help uncover the totality of the fraud.

Preventing Fraud
Key uses information sharing to help prevent fraud before it
occurs. Some of our processes check existing information we have on a
customer against information we receive when an account is established.
If the information appears suspicious upon comparison, our employees
take a closer look to uncover attempted fraud. By sharing information
across the entire organization, not just within an affiliate, we have a
much greater opportunity to stop fraud before it happens.
Affiliate information sharing is also a critical component of Key's
compliance efforts with OFAC requirements, suspicious activity
reporting requirements, and anti-money laundering and anti-terrorist
financing requirements.

Easing the Impact on Victims
Having access to information across affiliates increases the speed
with which Key can react when assisting a victim of fraud or identity
theft. Systems that house information across the company are a
tremendous tool in aiding an identity theft
victim. By placing one call to our fraud unit, a customer can, within a
few minutes, have confirmation that a check was fraudulently passed,
and can obtain credit to his or her account. This is possible through
access to an imaging system that contains copies of checks that can be
searched and viewed within seconds to compare signatures on checks and
an accounting system that permits accounts to be adjusted. Our fraud
unit is centralized to support this function corporate-wide. In order
for the unit to work properly, it is necessary for all affiliates to
share information with the unit.
Our centralized fraud unit also allows a customer one point of
contact within our organization. This avoids the need for the customer
to make separate phone calls to the different affiliates that may be
involved. Additionally, our centralized fraud unit benefits the company
by making us more effective in successfully investigating the crimes
and quickly getting information to law enforcement to aid in potential
recoveries.
When identity theft does occur, affiliate information sharing
enables us to ease the victim's burden of clearing the many difficult
issues that are often encountered. For instance, in the process of
reestablishing a customer's accounts after an identity theft has
occurred, it is essential to quickly access information across
affiliates on the affected accounts. This is critical in lessening the
hardship that would otherwise linger for the victim.

Consumer Protections
I have described how Key shares information among affiliates for
the benefit of its customers. Key is equally concerned about protecting
customers from unwanted distribution of information:

Key has stringent information access restrictions across the
company.
We train our employees (23,000+) annually on the importance of
privacy and its requirements.
Key does not share medical information among affiliates for
any reason not related to the servicing of the account or product.
Any consumer who provides personal information to Key is
informed of our information sharing practices.
Consumers can opt out of the sharing of nontransaction and
experience information among affiliates. We inform consumers of
this right, and provide them with our toll-free Privacy Line number
to exercise the right.
Consumers are notified of any adverse decisions based upon
information contained in a credit report, and given the opportunity
to dispute that information.

Conclusion
In conclusion, the Roundtable and Key support the affiliate sharing
provisions of the FCRA. We firmly believe that the statute strikes an
appropriate balance between consumer protection and corporate
structure. It permits financial services companies, like Key, to offer
a full range of products and services to consumers in a convenient and
efficient manner resulting in real benefits and savings for our
customers. At the same time, it permits consumers to block unwanted
information sharing and helps protect against identity theft. We urge
the Committee to make the existing provisions of the FCRA permanent and
thereby reaffirm our national credit system.

RESPONSE TO WRITTEN QUESTIONS OF SENATOR SHELBY
FROM TERRY BALOUN

Q.1. What level of understanding does the average consumer have
with respect to affiliate sharing?

A.1. The average consumer has little understanding of affiliate
sharing. The consequences of that misunderstanding may vary
considerably, depending on how a particular business is
organized. Wells Fargo, for example, has a separate banking
affiliate in almost every State in its banking footprint, and
separate credit card and home mortgage entities. Few, if any,
customers want to be treated as a stranger if they try to
conduct business in a branch outside their home State.
Customers expect to be able to make payments on their Wells
Fargo credit cards and mortgages in any Wells Fargo branch,
even though those products are offered by different legal
entities. Even when the affiliates are in different lines of
business, for example banking and securities brokerage, most
customers expect that their overall relationship with ``Wells
Fargo'' will be considered in determining whether they qualify
for certain benefits; they would not want the value of their
relationship measured based solely on the balances in bank
accounts if they also maintain a sizable securities portfolio
with us. Indeed, to provide intelligent financial solutions for
many customers, it is necessary to understand their overall
financial picture--including investments and insurance, as well
as banking relationships. In most cases, when consumers ``opt
out'' of information sharing--with affiliates or with third
parties--what they are really trying to achieve is a reduction
in direct marketing solicitations. That concern is already
addressed by State and Federal laws establishing ``opt out''
mechanisms for telemarketing calls, fax and e-mail advertising,
and prescreened solicitations.

Q.2. Does the number of affiliates a firm has affect this
understanding?

A.2. See #1 above. The sheer number of affiliates is less
important than the complexity of the organization in terms of
different lines of business. In many cases, the number of
affiliates is a red herring. For example, more than two-thirds
of Wells Fargo's affiliates have no consumer-oriented business
and thus are unlikely to have any use for consumer data; we
believe the same is true for most other large financial
institutions.

Q.3. What about situations where the affiliates are engaged in
entirely different lines of business? Does it matter that a
person recognizes that they have a relationship with a bank but
may not know that the bank also owns a retail securities
brokerage operation or a direct mail operation where this
information would be used and other things?

A.3. See #1 above. Few customers would be well served if any
financial institution tried to meet all their financial needs
in a single entity or line of business. Insurance and
securities investments are an important part of the overall
financial security of most customers but, for regulatory
reasons, insurance and securities brokerage activities cannot
be conducted by banks. The main purpose of the Gramm-Leach-
Bliley Act was to facilitate coordinated offerings of different
types of financial products by integrated financial
institutions. Cutting off the flow of customer information
among the various parts of such an institution would largely
undo the benefits foreseen in the GLBA.

Q.4. How important is a firm's brand to consumers in
establishing their expectations with respect to the kind of
relationship they have with a company?

A.4. Branding is extremely important in setting consumer
expectations, and this is reflected in the branding policies of
most consumer-oriented businesses. For example, it may make
economic sense for the same hotel chain to operate very
different level hotels in the same market, but it would be
madness to operate a $500 per night hotel under the same brand
as a $59 per night hotel. Both serve the needs of important
market segments, but someone walking into a Best Western does
not expect the amenities--or the prices--of the Ritz, and
someone walking into the Ritz does not expect the amenities or
the prices of a Best Western. The same is true in financial
services. Wells Fargo, like most other large financial
institutions, uses a common brand name for its mainstream
consumer financial businesses. (In the case of acquired
businesses, there is often a transition period during which the
old name is retained.) If a different brand is used for a part
of the business, it is usually because that segment serves a
specialized market segment, for example, investment advisory
services for high net worth individuals. Different brands may
also be used for some nonconsumer businesses. Even where
separate brands are employed, the corporate family name is
often identified as well; that is, ``XYZ Corp., a Wells Fargo
company.''

Q.5. How important is that brand?

A.5. Brand reputation is extremely important to any consumer-
oriented business. See #4 above and #6 below.

Q.6. Should there be safeguards, or best practices for sharing
information within affiliates?

A.6. Yes, but such ``safeguards'' and ``best practices'' do NOT
need to be imposed by legislative mandate. Misuse of customer
information almost always comes to light, usually sooner rather
than later. Businesses such as financial service providers have
substantial motivation to maintain the trust and goodwill of
their customers, and they know that nothing will erode that
trust and goodwill faster or more permanently than misuse of
customer information. If any Wells Fargo business is discovered
to have misused customer information, the reputation of the
entire enterprise will be sullied. We have substantial
information to ensure that all our businesses use customer
information responsibly without legislative mandates around the
sharing of information with affiliates. The existence of such
mandates would provide little additional incentive to use
customer information responsibly, but would stifle innovation
and competition.

Q.7. While called ``affiliate'' sharing provisions, these
provisions actually allow companies to share information with
entities that are outside their affiliate structures, don't
they? Why is this necessary and does this make sense?

A.7. The ``affiliate sharing'' provisions of the FCRA in no way
permit sharing of information outside of the ``affiliate
structure'' or ``corporate family'' at least with respect to
financial institutions. Sharing with nonaffiliates is governed
by Title V of the GLBA. If the affiliate where the information
originates could not share it with a nonaffiliated third party,
an affiliate who receives that information will also be
prohibited from sharing it with a nonaffiliated third party.

Q.8. Do consumers have different concerns with respect to
affiliate sharing versus third party sharing?

A.8. Clearly their concerns are different in degree, if not in
kind; far fewer customers opt out of affiliate sharing than opt
out of third party sharing. Most customers are unaware of the
corporate entity structure of most businesses. If anything,
they expect that legal
entity boundaries will be transparent to them. In our case, a
California bank customer expects to be treated as a Wells Fargo
customer and not a stranger in a Wells Fargo Bank in another
State, or if s/he applies for a Wells Fargo mortgage or credit
card, even though those are all different legal entities. That
seamless customer experience simply would not be possible if
customer information could not flow freely among Wells Fargo
affiliates.

Q.9. Should there be greater control over sharing information
outside of an affiliate structure than within? In other words,
should this provision be limited so that the only type of
information sharing permitted is sharing within affiliated
entities?

A.9. This is already the case for financial institutions:
Sharing of information within the ``corporate family'' is
governed by the FCRA while sharing of information with
unaffiliated third parties is governed by Title V of the GLBA
and, if applicable, State or local laws which may be even more
restrictive than Federal law.

Q.10. Do financial institutions make underwriting decisions
without using credit reports?

A.10. Generally, no. In most cases internal information and
information obtained from affiliates--which may be much more
detailed than the information in credit reports--is used to
supplement the credit report when an existing customer applies
for credit. In some limited instances, a long-standing
relationship with the institution (including its affiliates)
may be considered sufficient to forego the use of a credit
report for certain products.

Q.11. There are a range of sharing activities that you are
permitted to engage in under the law. Have any of your firms
decided NOT to take advantage of the full range of these
sharing activities--are there things you could do but don't do,
and if so, why don't you do these things?

A.11. Wells Fargo does not share information with nonaffiliated
third parties for marketing nonfinancial products or services
without the customer's explicit consent, even though the GLBA
and almost all State laws permit doing so subject to notice and
opt out. Wells Fargo also permits its customer to opt out of
information sharing with other financial institutions under
``joint marketing agreements'' even though the GLBA permits
such sharing without an opt out opportunity. (However, we
recognize the importance of the joint marketing agreement
exception to smaller institutions which cannot provide the same
range of financial products internally.) Wells Fargo permits
its customers to opt out of sharing any information with
affiliates for marketing purposes, even though the FCRA permits
sharing identifying and ``transaction and experience''
information with no opt out. Wells Fargo also permits its
customers request solicitation restrictions in addition to
those required by law; for example do not mail and do not e-
mail, even for current customers.

RESPONSE TO WRITTEN QUESTIONS OF SENATOR BUNNING
FROM TERRY BALOUN

Q.1. Are there simple ways to make the opt out notice clearer
to the consumer without having to send out the long and drawn
out privacy notices. I think that if it was clear, whether that
means bold print, a larger check off box, or a simple and
precise explanation, it would eliminate some of the
apprehension some have. Do you agree/disagree?

A.1. Since enactment of Gramm-Leach-Bliley, Wells Fargo has
undergone a process to evaluate content and style of its
privacy notices and have made improvement. We believe that
there are steps that each company can take to ensure the ready
availability of notices and opt out opportunity, for example
brochures available on bank branch counters. Wells Fargo would
recommend that Congress provide sufficient flexibility to
regulators to allow for simpler notices.
If there is a problem with consumer privacy notices, it is
that they are too long and too complex. Virtually all the
experts in this area agree that privacy notices should be
shortened, simplified, and standardized (to enhance
comparability). For many--perhaps most--financial institutions,
it would be extremely cumbersome and expensive to maintain and
distribute 50 different notices (even small, local institutions
are likely to have some customers who reside in different
States). Thus the likely response to different requirements in
different States would be an attempt to develop ``one-size-
fits-all'' notices that would meet the requirements of all the
States, and which would be neither short nor simple.

Q.2. What unintended consequences do you foresee for some of
the proposals that would change the current affiliate sharing
status quo?

A.2. Wells Fargo's customers expect seamless service across
business lines. A change to the existing framework would hamper
that service, if not bring it to a halt. As I mentioned in my
testimony, new homeowners and small business owners have access
to credit available to them as a result of our analysis of
data. Products are offered on a timely and nationwide basis.
Wells Fargo is a financial services provider and should be
allowed to structure itself in a way that allows the company to
offer financial products to its customers.
The United States currently enjoys historically low
interest rates on almost all credit products, and greater
access to credit for all economic segments than has ever been
true in the past. While the Fed's monetary policy due to the
economic slump has been a factor, the decline in consumer
interest rates began long before the economic downturn.
Interest rates in the United States are also lower than in
almost any other country on earth. Long-term, the decline in
consumer interest rates in the United States has been driven by
three primary factors:

Better risk assessment.
National competition.
An active and efficient secondary market for consumer
credit receivables.

Q.3. What are some of the difficulties financial services
companies might have in marketing to a community where there
are multiple privacy standards?

A.3. If California's nine pending local ordinances go into
effect, Wells Fargo will not be able to automatically service/
contact customers in those local markets.
Our experience in North Dakota shows that Wells Fargo now
has a customer base in rural markets of North Dakota that do
not see information related to insurance products. Conforming
with Gramm-Leach-Bliley, the North Dakota legislature changed
its opt in law to opt out with respect to information sharing
with outside third parties for financial purposes. But this was
reversed by a 2002 referendum election to return to an opt in
standard--requiring banks to get customer approval before
providing financial services offered by a third party financial
services company. Wells Fargo expects that the result will have
an impact on North Dakota's rural communities. To ensure
compliance, Wells Fargo has, in effect, placed all the
residents of North Dakota on a do-not-contact list regarding
insurance products and is not providing any unsolicited
information. Customers have opportunities for a broad array of
financial products and North Dakota's State action has the
result of preventing rural access to that product list.

Q.4. Do you think that a company that has stringent privacy
practices (the good guys) would open itself up to unnecessary
litigation if it has to adhere to multiple privacy standards?

A.4. Yes.

Q.5. Do you think that a company that does business in an area
that institutes multiple privacy standards will choose to stop
doing business in that area?

A.5. Again, we would refer to our experience in North Dakota.
Conforming with Gramm-Leach-Bliley, the North Dakota
legislature changed its opt in law to opt out with respect to
information sharing with outside third parties for financial
purposes. But this was reversed by a 2002 referendum election
to return to an opt in standard--requiring banks to get
customer approval before providing financial services offered
by a third party financial services company. Wells Fargo
expects that the result will have an impact on North Dakota's
rural communities. To ensure compliance, Wells Fargo has, in
effect, placed all the residents of North Dakota on a do-not-
contact list regarding insurance products and is not providing
any unsolicited information. Our customers outside of North
Dakota have opportunities for a broad array of financial
products and North Dakota's State action has the result of
preventing rural access to that product list.

Q.6. How many customers actually opt out of information sharing
with affiliates?

A.6. Wells Fargo has had a very small percentage. I would note
that Wells Fargo offers an annual opt out opportunity for a
customer--which is over and above what is currently required by
the Fair Credit Reporting Act. Opt out rates have not increased
significantly over the past 5 years, despite annual notices and
extensive media attention.

RESPONSE TO WRITTEN QUESTIONS OF SENATOR SARBANES
FROM TERRY BALOUN

Q.1. Please identify the specific types of transaction/
experience information about its customers that the bank keeps
on file. Which types of data does your bank share with one or
more affiliates for purposes other than servicing an account or
fraud prevention? Does your bank or a bank affiliate combine
your customer data with information purchased from other
sources to create a fuller picture of your customer? If so,
what specific types of information do you receive from these
other sources and for what purposes is the composite
information used?

A.1. Information is generally made available to affiliates by
granting access to the centralized customer information system
which contains primarily account-level information or, in some
cases, to systems of record with more detailed transaction
information. For example, employees who answer customer service
telephone calls may need access to detailed transaction
information in order to respond to questions about specific
checking or credit card transactions. Access to all customer
information, whether within the same legal entity or across
affiliates is restricted on a ``need to know'' basis; employees
of affiliates which do not provide consumer products and
services would not have access to any information about any
consumer customers. Extensive physical, technical, and
procedural safeguards are employed to protect customer
information at all stages. These safeguards, in turn, are
reviewed and approved by our respective Federal regulators.
Wells Fargo obtains information from credit bureaus as part
of an application/credit granting process. Wells Fargo needs to
have the most complete and current financial picture of an
individual applying for credit. As a general matter, Wells
Fargo supports full and equal reporting of credit information,
and we support the efforts of the credit reporting agencies and
the financial regulators to encourage full reporting. However,
we also recognize that the United States has a voluntary system
of credit reporting that has worked very well over many years.
A change as fundamental as mandatory credit reporting would
undoubtedly have many unforeseen consequences. Therefore, we
urge Congress to encourage full voluntary credit reporting,
which it best can do by maintaining the existing limits on the
liability of reporting entities.

Q.2. Professor Reidenberg in his testimony wrote ``The FCRA
created fundamental fairness in the treatment of personal
information through adherence to the basic principle that
information collected for one purpose should not be used for
different purposes without the individual's written consent.''
Do you agree or disagree that ``information collected for one
purpose should not be used for different purposes without the
individual's written consent''? Why?

A.2. I am not sure how you define ownership in the context of a
company that wants to provide services of value to customers.
``Ownership'' is not a very useful concept when applied to
information. ``Ownership'' of a physical object implies total
control to the exclusion of others. The same piece of
information, on the other hand, can be used by many people,
often without diminishing the value to any other user. Thus the
question should be, ``What uses should a particular party be
allowed to make of a particular piece of information.'' The
information of interest to financial institutions primarily
arises from the relationship between the institution and its
customer, and secondarily from information each furnishes to
the other--directly, for example on an application, or
indirectly, for example from a credit report--in connection
with that relationship. It seems that both parties should have
the right to use information.

Q.3. What is the total number of affiliates that the bank has
and what lines of business are the affiliates engaged in? Does
the bank disclose to customers the identities of the affiliates
which it may share their confidential financial data and their
lines of business?

A.3. Wells Fargo has roughly 800 legal entities--so-called
affiliates--but only 38 are considered to be national
businesses (per Wells Fargo's annual report); approximately one
quarter of the 800 number actually uses consumer data.
Moreover, Wells Fargo is structured so that data is available
based on what is relevant to a particular business line and if
other affiliates want access, the entity has to prove business
use/need and request clearance by Wells Fargo Information
Security. These firewalls and processes are examined by our
Federal banking regulators. The Committee should also keep in
mind that as we acquire other financial companies, we may elect
to keep them operating in their existing structures, so our so-
called affiliate number fluctuates.

Q.4. On June 19, 2003, at the Banking Committee's hearing on
identity theft, a witness from the Secret Service wrote, ``With
lower costs of information processing, legitimate companies
have found it profitable to specialize in data mining, data
warehousing, and information brokerage. . . . This has led to a
new measure of growth within the direct marketing industry that
promotes the buying and selling of personal information.'' He
went on to write that such data are ``valuable commodities.''
How valuable is this data? If a bank were to buy such data on
customers, how much would it cost?

A.4. Wells Fargo cannot judge the value of collected data and
cannot speculate on the cost. Wells Fargo is a financial
services company and for credit granting, relies on the most
current available credit report in order to complete a
transaction/approve credit.

Q.5. Do your affiliates use transaction/experience data from
your customers in making decisions of whether to grant credit,
for purposes other than fraud prevention? If so, please
describe with specificity what information is used and how it
is used in deterring whether to extend credit?

A.5 Wells Fargo maintains one centralized database. The cost of
developing systems, plus a mobile customer base, and the need
to comply with multiple State rules--will result in confusion
for both the customer and our employees if a separate database
is required for fraud control and another database for credit
granting.
Because of a centralized database, affiliate sharing does
control fraud perpetrated against Wells Fargo businesses. Our
tellers are our front line of defense in controlling fraud and
can only do that because they have a full screen of information
in front of them.
A centralized database also allows relevant businesses to
provide credit along with the most current credit bureau
report. In general, with affiliate sharing of information, my
company can offer beneficial rates and streamlined services to
individuals with their brokerage accounts, to mortgage
customers, to small businesses. For example, credit card
issuers today provide credit on a nationwide basis and
instantly--in contrast to 5-10 years ago, when such credit
granting required a relationship with a banker; mortgage
companies can offer its existing customers beneficial rates and
quick turnaround on refinancings; with low interest rates,
investment/financial planners can advise customer on safe
financial products to get better return for their investments.

RESPONSE TO WRITTEN QUESTIONS OF SENATOR DOLE
FROM TERRY BALOUN

Q.1. Some of my colleagues have made the point that some banks
have thousands of affiliates. Ms. Brill also lists the number
of affiliates for Keycorp and Citigroup in her prepared
statement. Can you explain why this is and how many of these
affiliates actually deal in customer information?

A.1. Yes. Wells Fargo has roughly 800 legal entities--so-called
affiliates--but 38 are considered to be national businesses
(per annual report) and roughly a quarter of the 800 number
actually use consumer data. Moreover, Wells Fargo is structured
so that data is available based on what is relevant to a
particular business line and if other affiliates want access,
the entity has to prove business use/need and request clearance
by Wells Fargo Information Security. These firewalls, in turn,
are examined by our Federal banking regulators. The Committee
should also keep in mind that as we acquire other financial
companies, we may elect to keep them operating in their
existing structures, so our so-called affiliate number
fluctuates.

Q.2. Last week we heard from both the FTC and the U.S. Secret
Service that information sharing helps prevent identity theft.
In Ms. Brill's statement, she states that this practice likely
facilitates identity theft. Mr. Baloun, does sharing
information among affiliates increase or help prevent identity
theft?

A.2. Yes, affiliate sharing does control fraud perpetrated
against Wells Fargo businesses. Our tellers are our front line
of defense in controlling fraud and can only do that because
they have the necessary information in front of them.
In Omaha, Nebraska, Teller Sara Locke compared the out-of-
State account information in her computer with the identity
provided by a customer in Omaha, and stopped her from
fraudulently cashing a check for $2,700 drawn on a Wells Fargo
California bank account. Locke noticed that the real
accountholder's birth date did not match the age of the person
standing in front of her. The real accountholder was in her
70's, while the person standing in front of the teller looked
no more than 30. The police were contacted, and the information
provided by the woman helped them uncover a nationwide fraud
ring.

RESPONSE TO WRITTEN QUESTIONS OF SENATOR JOHNSON
FROM TERRY BALOUN

Q.1. Professor Reidenberg has made some assertions in his
testimony that variation in State laws has had little to no
impact on the availability of financial services in those
States. You run Wells Fargo in North Dakota, which had a high
profile referendum on opt in versus opt out. Would you comment
on what impact this referendum has had on your ability to serve
people in North Dakota.

A.1. Wells Fargo's experiences with the outcome of the North
Dakota referendum show that Wells Fargo customers do not get
information about certain Wells Fargo products. That same
customer may get information from another provider or may not
receive as large a variety as individuals in other States.
Conforming with Gramm-Leach-Bliley, the North Dakota
legislature changed its opt in law to opt out with respect to
information sharing with outside third parties for financial
purposes. But this was reversed by a 2002 referendum election
to return to an opt in standard requiring banks to get customer
approval before providing financial services offered by a third
party financial services company. Wells Fargo expects that the
result will have an impact on North Dakota's rural communities.
To ensure compliance, Wells Fargo has, in effect, placed all
the residents of North Dakota on a do-not-contact list
regarding insurance products and is not providing any
unsolicited information. Customers outside of North Dakota have
opportunities for a broad array of financial products and North
Dakota's State action has the result of preventing rural access
to that product list.

Q.2. I think a lot of us here are surprised to learn how many
affiliates can be included in a corporate family. Would you
please explain why your companies are structured the way they
are and how many affiliates actually have access to consumer
information? For example, it is my understanding that while
Bank of America has over 1,100 affiliates, only 20 or so of
those affiliates actually deal with consumer information.

A.2. Wells Fargo has roughly 800 legal entities--so-called
affiliates--but 38 are considered to be national businesses
(per annual report) and roughly a quarter of the 800 number
actually use consumer data. Moreover, Wells Fargo is structured
so that data is available based on what is relevant to a
particular business line and if other affiliates want access,
the entity has to prove business use/need and request clearance
by Wells Fargo information security. The Committee should also
keep in mind that as we acquire other financial companies, we
may elect to keep them operating in their existing structures,
so our so-called affiliate number fluctuates.

Q.3. It has been noted today that information shared within an
affiliated structure does not constitute a consumer report and
is therefore not protected by the FCRA with respect, for
example, to adverse action notices and reinvestigation
timeframes. Would you please describe how you might use
internal credit information, and whether this lack of
protection might adversely affect your customers? For example,
how might you use experience information of a credit card
customer if that customer applies for a mortgage through your
mortgage affiliate?

A.3. It is simply not true that information provided by
affiliates is not subject to adverse action and reinvestigation
protections. The FCRA Section 615(b)(2) requires that when
adverse action is taken because of information provided by an
affiliate, the consumer is entitled to an adverse action notice
that is substantially similar to that required when adverse
action is taken based on information provided by a consumer
reporting agency. In most cases, including the example given in
the question, the information used in connection with an
application for new credit, will have been reflected in a
billing statement provided to the customer by the institution,
and subject to the protections of the Fair Credit Billing Act
(FCBA), including the right to dispute information. Unlike the
FCRA, when a dispute is lodged directly with the institution
under the FCBA, the institution is required to not report the
disputed amount as delinquent to any consumer reporting agency
until the reinvestigation has been completed and the
information verified. (Under the FCRA, the reporting
institution must note that a dispute has been lodged, but it
may continue to report the disputed information pending
resolution of the dispute.)

Q.4. What steps do you take with new customers to help them
understand their rights to opt out of information sharing among
affiliates? Do you do more than just send them the privacy
notice? Are tellers, for example, trained in any particular
manner to help customers understand their rights?

A.4. All employees go through annual privacy training. Our
Wells Fargo bankers that set up new accounts for customers are
trained to provide privacy notices and help customers that have
elected to opt out--if a customer would like to opt out, they
are given options, including a toll-free number. In addition,
Wells Fargo goes over and above current FCRA requirements by
providing an annual opportunity to opt out.
Opting out of affiliate sharing is easy at most large
financial institutions. Wells Fargo, for example, provides an
800 number that customers can call to opt out (and register
other privacy preference) in addition to a simple tear-off form
attached to the privacy disclosures given to all new customers
and annually to existing customers--which is over and above
what the Fair Credit Reporting Act requires.
Financial institutions maintain centralized customer
information systems--which are the key to detecting and
preventing identity theft--primarily to provide seamless
service to our customers, and to inform customers about other
products and services that we believe might be of interest to
them. Merely exempting fraud prevention uses from restrictions
on information sharing will not provide the incentive needed to
develop and maintain such complex and expensive systems.
As I indicated in my statement, without affiliate sharing,
Wells Fargo will be unable to provide service to bank customers
across State lines, or service across legal entity lines (that
is, paying mortgage or credit card bills at bank branches,
offer combined statements, and provide our business direct
loans to small business owners.)
Information is generally made available to affiliates by
granting access to the centralized customer information system
which
contains primarily account-level information or, in some cases,
to systems of record with more detailed transaction
information. For example, employees who answer customer service
telephone calls may need access to detailed transaction
information in order to respond to questions about specific
checking or credit card transactions. Access to all customer
information, whether within the same legal entity or across
affiliates is restricted on a ``need to know'' basis; employees
of affiliates which do not provide consumer products and
services would not have access to any information about any
consumer customers. Extensive physical, technical and
procedural safeguards are employed to protect customer
information at all stages.

Q.5. There seems to be some disagreement about whether
affiliate sharing is more about benefits to the company or the
consumer. What benefits specifically flow to the customer, and
I do not mean getting marketing fliers that are often included
in a credit card statement.

A.5. With affiliate sharing of information, Wells Fargo
mortgage has provided close to 200,000 new mortgages as a
result of referrals from a Wells Fargo bank. Specifically,
Wells Fargo can offer beneficial rates and streamlined services
to mortgage customers. For example:

Wells Fargo mortgage can offer its existing mortgage
customers beneficial rates and quick turnaround on
refinancings. Mortgage can quickly gather needed data from
all Wells Fargo businesses with which the customer may have
a relationship. Process keeps Wells Fargo customers away
from other predatory mortgage lenders that make it tough
and costly to refinance.
Pack pricing: Wells Fargo regions offer new mortgage
customers a $300 discount on closing costs if customer
opens up a package relationship with Wells Fargo, which
includes: Bank account, credit card, discounts on brokerage
fees/Wells Trade, and a free consultation with a financial
consultant.
Customers who want to open a home equity line
simultaneously with getting their mortgage only have to
provide their information once because we are able to share
their information across affiliates.

Generally, Wells Fargo's ability to compete against other
companies--``our secret sauce''--is to be able to find
creditworthy customers in a population that would not appear
creditworthy just on credit bureau/credit score information
alone--that is, our own experience with the customer.
This allows us to qualify more customers and to extend
credit to those we otherwise in the absence of this internal
information would have turned down.
If we cannot aggregate our own customer experience info,
our ability to identify good customers based on internally
generated information would be eliminated. Competitors who
collect information about customers and operate in a single
enterprise would not be impacted.

Q.5. Do you have any data to share with the Committee on how
information sharing has impacted your lending practices in
traditionally underserved communities? In particular, have you
seen an impact on mortgage lending in underserved communities?

A.5. The United States currently enjoys historically low
interest rates on almost all credit products, and greater
access to credit for all economic segments than has ever been
true in the past. Long-term, the decline in consumer interest
rates in the United States has been driven by three primary
factors:

Better risk assessment.
National competition.
An active and efficient secondary market for consumer
credit receivables--especially mortgages.

All three of these forces depend on accurate, complete, and
consistent credit information on a nationwide basis, and thus
would be endangered if different States had different laws on
information sharing and credit reporting. In California, data
on our mortgage market shows that 40 percent of new Hispanic
Wells Fargo mortgage customers became homeowners as a result of
a Wells Fargo bank referring the customer to an affiliates
Wells Fargo Home Mortgage office.

Q.6. I am interested in something Mr. Prill has noted in his
statement related to customer demand for mailings announcing
sales and other promotions. Some people might view this as junk
mail. Do you have any statistics anecdotes relating to how
these promotional materials might be viewed?

A.6. In all direct marketing, the response rate increases when
you are able to target the message more closely to consumers
who are likely to be interested in the product. When interest
rates on mortgages are low, we know our customers appreciate
hearing from us, especially if we are able to offer them a
preapproved loan or a streamlined process for refinancing their
loans as a result of the relationship they have with us.

Q.7. Do you have statistics to opt out rates among customers
that might show that customers understand their rights? Are opt
out rates the same among all customer groups?

A.7. Wells Fargo customer opt out rates have remained fairly
low (about 5 percent) for over 5 years, despite annual
disclosures and extensive media attention to the subject. When
Wells Fargo conducted research among customers and noncustomers
to assess the readability of privacy disclosures, we learned
that the respondents understood the disclosures easily when
they took the time to read them, but most stated that they had
not opted out and did not plan to because they trusted their
banks.
Wells Fargo's privacy policy goes beyond the GLBA in that
we offer our customers separate choices to opt out of internal
and external sharing, even though the only external sharing we
do is with other financial institutions as permitted by the
GLBA. The number of customers who opt out of external sharing
is more than double the number who opt out of internal sharing
only, indicating that there is a clear distinction between the
two types of sharing and that our customers feel significantly
more comfortable with internal sharing than with external
sharing.
Not all customers have a high level of concern about opting
out, and even fewer opt out from sharing within a company with
which they have a relationship. National consumer research
indicates that, in general, about 26 percent of Americans have
been identified as ``privacy fundamentalists'' (Privacy &
American Business/Harris Poll, March 2003). Ten percent are
classified as ``unconcerned'' and 64 percent are labeled
``pragmatists.'' These statistics do not necessarily pertain to
established business relationships, where the number of people
concerned enough to take action and opt out would be expected
to be much lower. Therefore, if the universe of consumers who
have expressed concerns about privacy in any venue is 26
percent, and that number is significantly reduced to eliminate
those consumers who are less concerned or unconcerned about
companies with which they have an established business
relationship, then the rate of opt outs experienced within the
financial services industry seems reasonable and appropriate.

RESPONSE TO WRITTEN QUESTIONS OF SENATOR SHELBY
FROM MARTIN WONG

Q.1. What level of understanding does the average consumer have
with respect to affiliate sharing?

A.1. The average consumer has many opportunities, from life
experience and now from Fair Credit Reporting Act (FCRA) and
Gramm-Leach-Bliley Act (GLB) notices, to become aware that
financial information may be shared with affiliates for
customer service, operational, and marketing purposes.
Consumers expect prompt and efficient delivery of products or
services from their financial institution and seem to
understand that information must be shared among affiliates to
meet those needs. Consumers also have some awareness that many
U.S. financial service companies, for historical reasons, have
a large number of affiliates. Consumers may become aware of
this when they move between States and need to change homeowner
or auto policies, or when they must take additional steps in
order to make bank deposits from outside their home State.
Recognizing that customers want seamless service, affiliate
sharing programs are focused on enabling a group of affiliates
to serve their customers in an integrated, cohesive fashion
rather than interacting with customers in a seemingly
disjointed and customer-unfriendly way. While some of the
affiliate sharing is obvious to consumers, other affiliate
sharing is not. For example, if customers access all of their
accounts through a combined statement, transfer funds among
accounts at different affiliates through a single ATM
transaction, or manage their money through a consolidated web-
site, they understand--and want--information to be shared among
affiliates. The customer may not be aware of all the legal
vehicles that operate jointly to provide retail banking
products to individual depositors and borrowers. For example,
the Citibank retail banking business in the United States
operates under 10 separate charters. Nor may customers feel a
need to know that each of these entities may have a number of
subsidiaries and affiliates that provide servicing for the
loans or back office systems support, hold foreclosed property
taken in satisfaction of debts, or act as agent in the sale of
insurance to bank customers.
However, customers generally expect these affiliates to
work together and share information so that a customer from a
Connecticut branch (Citibank, F.S.B.) can receive the service
he or she expects when coming to a New York City branch
(Citibank, N.A.). This service is based on the ability of the
customer service representative to access the customer's
deposit accounts and outstanding lines of credit on a screen in
the branch of the affiliate, to validate the customer's
identity, and to have efficient procedures for processing the
request.

Q.2. Does the number of affiliates a firm has affect this
understanding?

A.2. Customers who deal with Citigroup are aware of the fact
that we are a global brand with many affiliated businesses.
Citigroup promotes our ability to offer comprehensive financial
services to customers through our affiliated business lines and
believes that many customers choose to do business with us for
that reason. Customer understanding is less a function of the
number of affiliates a firm has and more a function of whether
or not the affiliates interact directly with customers.

A.3. Citigroup, as a financial holding company, only has
financial affiliates. Citigroup's reputation is enhanced by the
affiliates we have assembled to serve customers with banking,
insurance, and securities products. Many of our customers have
chosen a Citigroup company due to the breadth and
sophistication of our product offerings. As part of each brand,
we identify the business as a ``member of Citigroup.''
Moreover, GLB notices are required to make customers aware that
affiliates may be in these other business lines.
We understand that there are some customers who may not
want to be solicited for products by other Citigroup companies.
For that reason, Citigroup provides our customers with an
opportunity to opt out so that a business does not provide that
customer's name for solicitations to other Citigroup business
lines. This opt out opportunity goes significantly beyond the
FCRA and GLB opt out choices. We and other institutions offer
these and other choices to customers as a matter of responding
to customer needs.

Q.4. How important is a firm's brand to consumers in
establishing their expectations with respect to the kind of
relationship they have with a company?

A.4. Our research on our GLB privacy notice indicates that
having a notice in line with consumer's perception of the brand
is very important. For example, consumers know Citigroup as a
large global company with many financial affiliates. Citigroup
is known as a leader in marketing, as well as in information
security and consumer choices. Consumers have found our notice
to be in line with this perception. Citigroup may even hurt our
reputation and stock price if we said that the company no
longer believed in cross-selling. On the other hand, an
institution with fewer cross-sell opportunities may use such a
market position as a competitive difference for its own
particular segment of consumers.
Citigroup has found that brand names are important to
consumers and serve as a shorthand way by which consumers can
identify companies from whom they have received good or bad
service in the past. This encourages them to seek those
companies for services in the future, or to avoid them, as
appropriate.
Because of this, Citigroup makes a serious effort to ensure
that our brand is well known to consumers, and that the
attitude that consumers adopt when they see this brand is a
positive one. From the consumer perspective, a company with one
of the Citigroup brands is expected to perform the service the
consumer wants regardless of what legal entities may be needed
to provide that performance. To the consumer, it is the quality
of the service that is crucial, not the numbers or kinds of
affiliates involved in delivery of the product.
Generally, it really does not make a difference to a
customer with a Citibank credit card that his or her bill is
processed in a legal entity designed to meet State law
requirements in any of a dozen different States, as long as the
company has proper controls for privacy, security, and quality.
This is also true for nonaffiliated third parties who are
working strictly under the company's control.
We also find that customers expect certain performances by
Citigroup once a customer relationship has been established.
For example, customers expect that Citigroup would recognize
them as a customer in whatever part of Citigroup that they
enter, or that Citigroup can do so quickly once the consumers
identify themselves as a customer.

Q.5. How important is that brand?

A.5. The reputation of the brand is extremely important to any
company. That is why ``reputation risk'' is a key regulatory
concern within financial services. This, more than specific
laws and regulations, may drive a company's privacy practices
within the financial services sector, which usually go well
beyond the law. In the case of Citigroup, we put a major stake
in the ground with our Citigroup Privacy Promise for Consumers
as an element of our brand.
Regardless of the numbers of affiliated entities or the
businesses in which they engage, the consumer will remember the
brand. If we provide good service in any of the businesses, the
customer may be more likely to consider purchasing products of
another Citigroup business. If we provide poor services, the
customer will be less inclined to use the service of that
entity or any other institution that carries our brand.
Customers may even cancel products that they have with other
affiliates if they are disappointed with one of them.

Q.6. Should there be safeguards, or best practices for sharing
information within affiliates?

A.6. In addition to the restrictions on affiliate sharing
contained in the FCRA, there are many other laws and
regulations, as well as industry-wide and internal company
safeguards and best practices, that govern information sharing
for financial firms. We feel that it is most appropriate for
specific standards to be adopted at the individual company
level since this provides the greatest ability to
respond to external threats that can change rapidly. If laws or
regulations are required, these will be most useful to
consumers if they are directed to specifically identified
harms.
From a sharing perspective, the most important provisions
may fall under the information security requirements now
required under GLB for a very broad set of financial services
companies. For banks, these require written information
security safeguards that are formalized and included as part of
the regulatory examination process. These apply within business
units and departments, as well as across third parties and
affiliates.
Regulators are also able to provide guidance through broad
reputation risk and safety and soundness requirements.

Q.7. While called ``affiliate'' sharing provisions, these
provisions actually allow companies to share information with
entities that are outside their affiliates structures, don't
they? Why is this necessary and does this make sense?

A.7. We understand that this question relates to the FCRA
provision concerning the sharing of transaction and
experiential information. However, GLB provides customers an
opt out right for any sharing of such information with third
parties by any entity that provides services that are
``financial in nature.'' Our understanding is that this term
covers any provider financial services, whether or not they
hold a specialized license or charter to engage in banking,
securities, insurance, consumer finance, or other financial
activity. Thus, we are not sure that the ``loophole'' suggested
by this question actually exists. In any event, if such a
``loophole'' does exist, it is not one that Citigroup or any
other entity covered by GLB could use.

Q.8. Do consumers have different concerns with respect to
affiliate sharing versus third party sharing?

A.8. We do not have any special information on this. We think
the answer is probably ``no'' when third parties are acting as
our agents and marketing our own financial products. We think
the answer may be ``yes'' when third parties are not acting as
our agents and are marketing their own products, but this is
likely to depend on whether the third party has appropriate
information security standards.

A.9. For financial services companies, there is already more
control over third party sharing than there is for affiliate
sharing. Under GLB, the notice and opt out choice covers more
data and more purposes--even the fact that a person is a
customer is included. In the event of an opt out, the ability
to share transaction and experience data with third parties
becomes very limited. There is also a ban on sharing credit
bureau reports with third parties. Most of the sharing of
customer information in which Citigroup engages is with
affiliates. There are many instances, however, in which
Citigroup has found that utilizing third parties to assist us
in meeting certain customer requests or providing certain
services provides a better and less expensive product for the
customer. These third parties have legally binding contractual
commitments to Citigroup to perform these services with the
same confidentiality and security that Citigroup provides to
our customers. We monitor these companies on their compliance
with these provisions.

Q.10. Do financial institutions make underwriting decisions
without using credit reports?

A.10. In making decisions about whether to extend credit, we
always look for a credit report when providing unsecured loans
or credit lines since this offers the most timely, consistent,
and full view of the consumer.
However, many consumers with a ``thin file'' or no credit
report could be expected to perform well. To be fair to these
consumers, Citigroup and other companies establish special
programs to make credit available. The obvious case is a client
who has done a good job of managing a checking account over a
period of time. Another customer may meet other application
criteria that we can confirm such as owning a home or having a
steady job, This may qualify the customer for an appropriate
product, perhaps starting with a small value overdraft credit
line.
There are also relatively rare cases in which we do not use
a credit report, such as when executives from certain other
countries are relocated to work in the United States for some
period of time. Our retail bank branch may make arrangements
with our credit card company to provide credit cards for these
executives, since a credit card has become a necessity in the
United States for making reservations, renting a car, or
engaging in other consumer transactions. As a matter of
interest, this, like any other interaffiliate agreement within
a bank holding company, is subject to arms length negotiations
between affiliates.

Q.11. There are a range of sharing activities that you are
permitted to engage in under the law. Have any of your firms
decided NOT take advantage of the full range these sharing
activities--are there things you could do but do not do, and if
so, why don't you do these things?

A.11. Citigroup and other companies focus their limited
resources on items of value to their consumers and efficiencies
to the company. This means that we share very little of what we
are permitted to share for reasons of business efficiency, as
well as for
information security reasons. ``Need-to-know'' procedures and
similar rules cause companies like Citigroup to require a good
reason for sharing before allowing it to happen.
Customer relationships, including information about these
customers, are often a company's most important asset. Even
within a large institution, each broker or banker is likely to
be very protective of his or her clients since it may have
taken years to build up the current level of trust.
In terms of efficiency, when designing screens that display
information to our staff, it is difficult enough to clearly
show a banker or broker the volume of information they need to
see without having screens cluttered with information from
other internal or external sources that are not relevant to
their business.
In terms of marketing, a business that is focused on a
particular portion of the population is not likely to have any
interest in information from affiliates about consumers who are
not part of that population because of the increased costs that
follow processing of additional information.
In our credit card business, we pull credit reports very
regularly to monitor open-ended accounts. While we could reduce
costs by pulling one report for a customer and applying it to
all of that customer's accounts, we actually pull a report for
each separate account. This is because the value of the credit
bureau information starts dropping almost instantly after it is
obtained, since the consumer may have engaged in activity that
compromises the information that is on the report. The lost
value from a short delay would be greater than the cost of
pulling separate reports for these additional accounts. This is
the case within the credit card affiliate, as well as across
affiliates.

RESPONSE TO WRITTEN QUESTIONS OF SENATOR BUNNING
FROM MARTIN WONG

Q.1. Are there simple ways to make the opt out notice clearer
to the consumer without having to send out the long and drawn
out privacy notices. I think that if it was clearer, whether
that means bold print, a larger check off box, or a simple and
precise explanation, it would eliminate some of the
apprehension some have. Do you agree or disagree?

A.1. Citigroup agrees. However, we would like to note that we
have received very few complaints from our customers about our
privacy notices. Clearly, not all customers have difficulties
understanding notices, because we have a fair amount of
customer inquiries and opt outs, which shows that customers are
reading and reacting to our notices.
We also would like to note that before a company can share
information among affiliates or with nonaffiliated third
parties, a company must provide the consumer with a clear and
conspicuous disclosure and opportunity to opt out. Citigroup,
like other companies, takes this clear and conspicuous
requirement seriously and has expended significant time and
effort in making our own privacy choices clear and easy to
respond to. For example, on our credit card applications, we
currently have the selection for affiliate sharing in bold type
next to the signature line. This is prime space on the brochure
and is quite prominent. When the consumer chooses to open a
credit card account by phone, we make the same clear choices
available in our scripts. We also make the FCRA choice very
clear in our privacy brochures that we provide at account
opening and once per year.
That said, we have been working with several industry
groups to come up with ways to improve the notices to make them
more clear and concise. This is an issue that should be
discussed more fully in the future outside of the context of
FCRA reauthorization. For example, there may be a benefit in
having a consistent framework for notices that are used by both
financial and nonfinancial companies. This may promote customer
understanding of these notices and their use of these
disclosures in deciding whether or not to open a particular
account or to provide particular information.

Q.2. What unintended consequences do you foresee for some of
the proposals that would change the current affiliate sharing
status quo?

A.2. If a number of States would adopt opt in laws or
requirements, it would increase the complexity of the notice
and the difficulty of obtaining customer choice. The unintended
consequence might well be an effective ban on information
sharing.
Another unintended consequence is likely to be a coerced
reduction in the number of their affiliates simply to protect
current methods of doing business. While this would have
virtually no consumer benefits, it could reduce positive
benefits that companies get from their current structure, as
well as benefits that local communities may receive from
locally organized affiliates.
Those who lived through the interstate banking era may well
remember the difficulty of managing a central back office so
that calls from a particular area code were answered by a
person who reported to the particular business unit in that
State. The rules in effect at that time may have required the
call to be transferred if the customer actually held accounts
in a different State. Even then, there was often the need to
ask the customer to separately call back other affiliates if
there were multiple accounts. While some of this still occurs,
it is generally something that customers would prefer to avoid.
Another likely State-mandated change would be longer and
more complex privacy notices or separate notices to customers
in different States. Currently, for example, California
requires a different notice to insurance customers. States are
likely to insist on differing information in the disclosure.
If these changes reduced the quality or consistency of
data, these would be likely to impact many different types of
models that depend upon the data, whether fraud scores or
credit scores. Companies may respond by tightening lending or
increasing borrowing costs. There are, as yet, no good opt in
models that are likely to work for the affiliate structure that
currently exists for U.S. financial services or for the large
portfolios of existing customers that most established
financial service companies have. Changes in State or Federal
laws at this time could easily stop the developments of certain
products. Most laws and regulations that have worked well have
been adopted only after the market has ceased its
experimentations and settled upon a process or a product that
works. An example where that was not done was the short time
frame GLB provided for companies to adopt opt out systems. Many
companies simply abandoned third party sharing after passage of
GLB because they were unable to meet those times frames, with
the resulting detrimental impact on their customers and upon
the companies' competitive position.

Q.3. What are some of the difficulties financial service
companies might have in marketing to a community where there
are multiple privacy standards?

A.3. In 2003, we have seen dozens of bills introduced in the
States that would vary from the national standards established
by the FCRA. The cost to comply with each variation would be
significant for companies that operate nationally. Multiple
privacy standards essentially destroy the economies of scale
associated with national markets, which means that the benefit
of these economies of scale cannot be passed on to consumers.
Depending upon the significance of the market in a State, some
companies might not find it economically feasible to market in
some States with requirements too different or stringent.
Additionally, we have seen an increase in municipalities and
counties that seek to adopt their own privacy standards, making
it even more difficult to market to consumers and serve our
customers. Multiple standards also degrade the accuracy and
compatibility of credit reports, which would raise the price of
credit and limit credit availability.

Q.4. Do you think that a company that has stringent privacy
practices (the good guys) would open itself up to unnecessary
litigation if it has to adhere to multiple privacy standards?

A.4. Yes. Litigation is often driven by the complexity of well-
intentioned legal requirements. For example, we often face
requirements from a statute or regulation to delete particular
records after a short period of time. Another statute or
regulation may require us to retain those records for a longer
period of time. In another case, one regulator may want to give
an advantage to local companies that do most of their business
through branches, while another regulator may be trying to
entice diversified national companies to enter the market. A
single account may be under two different sets of contradictory
regulations if one regulator focuses on where the company has
its charter and another on where the customer lives. This can
be further complicated as lifestyles change over time and more
and more customers have multiple primary addresses, which
change regularly throughout the year.
If companies need to communicate multiple policies, these
policies are more likely to be misunderstood by employees and
customers, and the risk of failing to comply is exacerbated.
This is
especially true in the case of disclosure requirements where
the notices may be complicated by a need to include differing
requirements and to use different model notices. The credit
card billing disclosures of 25 years ago included multiple
footnotes with the differing requirements of each State and
would be criticized today as an ineffective disclosure tool.
This is a reasonable model of where unfettered State action
could take us in the privacy area.
We have already seen in the case of privacy that even
localities, such as Daly City and the unincorporated portions
of Santa Clara County, have imposed local requirements.
Companies whose practices are universally recognized as
``best'' practices may be caught off guard by variations in
local requirements that result in expensive or impossible
choices.

Q.5. Do you think that a company that does business in an area
that institutes multiple privacy standards will choose to stop
doing business in that area?

A.5. In our experience in States like Vermont, most of our
businesses have continued to do business in the State but have
opted customers out of information sharing which, in the
process, has eliminated many choices for Vermont customers that
we provide to customers in other States. At some point, this
may result in unprofitable or unsatisfying relationships for us
or for the customer. These could make companies consider
terminating business in the area and prevent new competition
from entering.

Q.6. How many consumers actually opt out of information sharing
with affiliates?

A.6. Among Citigroup companies, the range of cumulative opt
outs over time for affiliate sharing varies from percentages in
the low single digits to the mid-30's. These differences are
driven by many factors. The higher opt outs are generally found
where the opt out has been offered for a longer period of time
and the relationship is remote rather than face-to-face.

RESPONSE TO WRITTEN QUESTIONS OF SENATOR JOHNSON
FROM MARTIN WONG

Q.1. I think a lot of us here are surprised to learn how many
affiliates can be included in a corporate family. Would you
please explain why your companies are structured the way they
are, and how many affiliates actually have access to consumer
information? For example, it is my understanding that while
Bank of America has over 1,100 affiliates, only 20 or so of
those affiliates actually deal with consumer information.

A.1. Citigroup has never felt that consumers care about the
number or kinds of affiliations that exist in the Citigroup
corporate family, nor do they care why they exist. They want
good service provided in a timely manner, and if we can provide
that, we feel our customers will be satisfied.
Citigroup is a financial holding company comprised of
approximately 1,900 affiliates, more than half of which are
incorporated in the 100 foreign countries in which Citigroup
operates. The majority of these affiliates are established or
retained for legal, regulatory, or tax purposes and the number
includes entities that are historical vestiges of outdated
banking laws or recent mergers. Many affiliates do business
only with Government or corporate entities or exist solely to
house certain assets.
Only a small percentage of these entities actually transact
business with individual consumers, and much of the number of
legal vehicles is the result of State licensing requirements in
such lines of business as insurance and consumer finance
companies. Moreover, Citigroup is limited by GLB to the
provision of financial services in one of three lines of
business--banking, insurance, and
securities. For the customers who conduct business with us, our
affiliate structure is invisible and irrelevant. Therefore,
when viewed from the customer's perspective, Citigroup is a
single provider of financial services.

Q.2. It has been noted today that information shared within an
affiliated structure does not constitute a ``consumer report''
and is therefore not protected by the FCRA with respect, for
example, to adverse action notices and reinvestigation
timeframes. Would you please describe how you might use
internal credit information, and whether this lack of
protection might adversely affect your customers? For example,
how might you use experience information of a credit card
customer if that customer applies for a mortgage through your
mortgage affiliate?

A.2. First, it should be noted that where Regulation B and the
Equal Credit Opportunity Act (ECOA) apply, we are required to
provide an adverse action notice whenever we take an adverse
action. This notice must include the principal reasons for why
this action was taken. If the basis for the adverse action came
from information provided by an affiliate, the customer would
be required to receive written notice in accordance with
Section 615(b)(2) of the FCRA. On the rare occasion that
customers want to dispute information provided by an affiliate,
they have the opportunity to contact the affiliate directly to
resolve the dispute.
It also should be noted that a consumer may have more
protection in the sharing of consumer reports among affiliates
than they do with credit reporting agencies, since they can opt
out of the sharing among affiliates, at least to the extent
that the information is other than internal experience
information. And to the extent that internal experience
information is involved, this is the same information routinely
shared by different departments within a single financial
institution.
As an example of the use of internal experience
information, if a customer applies for a mortgage through our
mortgage affiliate, we always pull one or more reports from the
credit reporting agencies. If the application is by phone, we
may use recent ``application information'' from some affiliates
to complete the application or verify the information provided
by the customer to reduce the time the customer may need to
spend on the phone.

Q.3. What steps do you take with new customers to help them
understand their right to opt out of information sharing among
affiliates? Do you do more than just send them the privacy
notices? Are tellers, for example, trained in any particular
manner to help customers understand their lights?

A.3. Discussion of the affiliate opt out choice is a required
part of the account opening process in our Citibank retail
branches and is included in account opening scripts when credit
card accounts are opened on the phone. We use Citibank
financial consultants rather than tellers to explain this to
customers. Most of our businesses have training and scripts for
phone customer service staff who may get these questions. In
other cases, the customer may be referred to their account
officer, agent, or broker for an explanation.
Citigroup spends a substantial amount of time and money,
including on consumer focus groups to test draft notices, to
ensure that customers do, in fact, see and understand their opt
out rights. In some businesses, this has led us to a prominent
display of the ``opt out'' box rather than a description of
rights. The fact that significant numbers of our customers do
opt out provides good evidence that customers are aware of
their choices.
As with other disclosures, Citigroup's success as a
financial services company will be determined, in great part,
by whether or not our customers trust us. If we are not
trusted, we will lose customers, so we make every effort to
make sure that customers understand all of our communications
with them.

Q.4. There seems to be some disagreement about whether
affiliate sharing is more about benefits to the company or the
consumer. What benefits specifically flow to the customer, and
I do not mean getting marketing fliers that are often included
in a credit card statement.

A.4. Overall, consumers who value convenience and efficiency
get tremendous benefits when their financial institutions can
share transaction and experience information across affiliates.
For example, customers can see all of their information on one
statement, access all of their accounts at one time at the ATM
or online, and get lower ``combined balance'' fees. Customers
may be able to add new accounts without filling out forms and
may easily transfer money between brokerage, banking, and
credit accounts to minimize interest paid or as their needs or
the market changes. As customers move from one State to
another, they are able to keep their same financial
relationship rather than closing all accounts and starting over
again.
On an operational level, institutions, like Citigroup, can
use affiliate sharing to place holds against savings accounts
or credit lines rather than bounce checks, saving the customer
embarrassment and fees. The institution may be able to update
phone numbers and addresses of multiple accounts at the same
time. The institution also may be able to validate the customer
across accounts using one card and one password for the
consumer to remember.
These efficiencies may also save the institution money,
some or all of which may flow back to the customer. The ability
to share information also increases competition since the
barriers to entry are reduced. This can broaden offerings and
offer alternatives for better service or lower prices.
In terms of credit granting, one useful example may be a
customer who picks up a credit card brochure in a convenient
location and applies for the product offered. While the
customer may have an immediate need for credit, he or she may
apply for a product that is not appropriate to that customer's
qualifications or needs. If, on the application, the customer
does not opt out from affiliate sharing, the financial
institution may be able to provide a better offer of credit
without asking the customer to fill in a new application and
without adding another enquiry to the customer's credit report.
This may get customers the credit they need quickly and put
them on the path of building a good credit rating. At Citigroup
and at many other institutions, these different credit products
are provided by different affiliates.
Consumers also benefit from being able to apply for
multiple credit products at the same time--with one application
and one enquiry at the credit bureau. This may be a home equity
line of credit or a credit card opened in conjunction with
obtaining a mortgage. It also may be a credit card and an
overdraft credit product included in the sales process when a
customer opens a new checking account. These products are
provided by different affiliates at Citigroup. The customer
saves time, has fewer ``enquiries'' at the credit bureau, and
gets a set of products that better meets his or her needs.
Financial planning and awareness is made easier and more
complete with an account opening procedure that looks at needs
across deposit products, credit products, insurance, and
securities to develop a consolidated financial plan. In the
same way, periodic statements that include information about
the current status of all of the products and services provided
makes it easier for customers to see how they are doing.
Shifting funds between various accounts and services from
anywhere in the world as the customer determines would be
nearly impossible without affiliate sharing.

Q.5. Do you have any data you can share with the Committee on
how information sharing has impacted your lending practices in
traditionally underserved communities? In particular, have you
seen an impact on mortgage lending in undeserved communities?

A.5. To the degree that the underserved market is characterized
by more frequent moves and thinner credit reports, the more
accurate information we obtain, including information on
relationships with affiliated companies, the more likely we are
to be able to give underwriting approval.
The Committee received much information in the recent
hearings on how the various FCRA provisions, including
affiliate sharing, reduce the cost of credit. Affiliate sharing
allows us and other companies to provide lower limit credit
cards and credit lines that can pull underserved consumers into
the market. It should be noted that even the cost of a privacy
brochure could be the difference between a small profit and a
small loss on products that generate low returns. Requirements
that lead to longer, more complex, or differing State notices
may raise the break-even point.
We also have programs that allow us to provide offers of
credit to applicants who have applied for an inappropriate
product. For example, someone may have applied for a premium
credit card when all they want is a loan or a low limit credit
line. We can offer applicants who have not opted out of
affiliate sharing a product that they qualify for. This may
start them on the path to building a solid credit history so
that they can qualify, over time, for that premium product.

Q.6. I am interested in something Mr. Prill has noted in his
testimony related to customer demand for mailings announcing
sales and other promotions. Some people might view this as junk
mail. Do you have any statistics or anecdotes relating to how
these promotional materials might be viewed?

A.6. Response rates are, indeed, low even for true zero percent
credit offers that could save a consumer a significant amount
of money. Ideally, companies could better use information to
reduce this mail volume by better identifying consumers at the
precise times that they are ready to buy. It often takes a
number of mailings to get a consumer to take action, even where
the offer involves a product or service in which they have
significant interest. Therefore, simple lack of action does not
make this ``junk mail.''
Companies make a significant effort to reduce the
unnecessary volume of general solicitations through the mail.
This could change dramatically if there were a reduction in the
ability to share information with affiliates. For example, a
credit card company may currently suppress mailings about
brokerage accounts for their sister company to customers who
already have such an account. Consumers appear to be very
annoyed to see their company wasting money by sending offers
for things they already have.

Q.7. Do you have statistics relating to opt out rates customers
that might show that customers understand their rights? Are opt
out rates the same among all customer groups?

A.7. Some of our Citigroup businesses have unique experience
because they have had marketing opt outs in place for more than
15 years. This has been in the form of an annual notice and opt
out form sent to credit card customers providing a method to
opt out from promotional phone calls or mail. While the
response to a particular notice may be low, this accumulates,
over time, to a significant portion of the portfolio.
In the case of Citigroup's opt out for information sharing
across affiliates and third parties, the wide variations in opt
out rates for different Citigroup affiliates show that
customers are aware of their rights and take an action that is
appropriate to the relationship with the company. Among
Citigroup companies, the range of cumulative opt outs over time
for affiliate sharing varied from percentages in the low single
digits to the mid-30's. These differences are driven by many
factors. The higher opt outs are generally found where the opt
out has been offered for a longer period of time and the
relationship is remote rather than face-to-face.

RESPONSE TO WRITTEN QUESTIONS OF SENATOR DOLE
FROM MARTIN WONG

Q.1. In Ms. Brill's statement she mentioned that Vermont law
does not allow for affiliate sharing except for ``transactions
or experiences.'' Can you tell me how this affects the service
you provide to your customers in Vermont? Do your institutions
actively seek customers in Vermont?

A.1. The relevant regulations in Vermont only became applicable
to Citigroup and other national lenders in 2001. The response
of Citigroup and other national creditors to these regulations
has been to automatically opt out all Vermont customers from
programs that would require affiliate sharing or third party
sharing, because the cost of an opt in regime is prohibitive.
Thus, the new regulations, rather than enhancing the privacy
choices of Vermont customers, have, in fact, ended up limiting
their choices.

Q.2. Ms. Brill mentions that despite extensive regulation in
this area by Vermont and several other States, the economies
have not been adversely affected. Indeed, Vermont consumers
face some of the most favorable conditions for loan rates in
the country. Can you explain why the restrictive laws in
Vermont have not resulted in higher loan rates?

A.2. The new Vermont regulations have only been in place for
about 16 months, so it is too early to draw any conclusions
about the long-term effect of the change. From our perspective,
as we have said, we do not provide offers to Vermont customers
that require affiliate sharing. Therefore, Vermont consumers
have fewer choices available to them. As for the loan rates
that Vermont residents are paying, it appears likely that
Vermont residents have so far continued to enjoy the benefits
of a national uniform credit market. However, if every State
made significant and inconsistent changes to the way this
national market functioned, it is likely that none of the
citizens of the U.S. could enjoy the benefits of a national
uniform credit market.

Q.3. Some of my colleagues have made the point that some banks
have thousands of affiliates, Ms. Prill also lists the number
of affiliates for KeyCorp and Citigroup in her statement. Can
you explain why this is and how many of these affiliates
actually deal in customer information?

A.3. Citigroup has never felt that customers care about the
number or kinds of affiliations that exist in the Citigroup
corporate family, nor do they care why they exist. They want
good service provided in a timely manner, and if we can provide
that, we feel our customers will be satisfied.
Citigroup is a financial holding company comprised of
approximately 1,900 affiliates operating in more than 100
companies. Of those subsidiaries, fewer than 50 percent operate
in the United States. The majority of these affiliates are
established or retained for legal, regulatory, or tax purposes
and the number includes entities that are historical vestiges
of outdated banking laws or recent mergers. Many affiliates do
business only with Government or corporate entities or exist
solely to house certain assets.
Only a small number of these entities actually transact
business with individual consumers, and all of them are limited
by GLB to the provision of financial services in one of three
lines of business--banking, insurance, and securities. For the
customers who conduct business with us, our affiliate structure
is invisible and irrelevant. Therefore, when viewed from the
customer's perspective, Citigroup is a single provider of
financial services.

ACCURACY OF CREDIT REPORT
INFORMATION AND THE
FAIR CREDIT REPORTING ACT

----------

THURSDAY, JULY 10, 2003

U.S. Senate,
Committee on Banking, Housing, and Urban Affairs,
Washington, DC.

The Committee met at 10:02 a.m. in room SD-538 of the
Dirksen Senate Office Building, Senator Richard C. Shelby
(Chairman of the Committee) presiding.

OPENING STATEMENT OF CHAIRMAN RICHARD C. SHELBY

Chairman Shelby. Good morning.
The Committee will come to order. Today, we take up one of
the most important issues, if not the most important,
associated with the Fair Credit Reporting Act: The accuracy of
the information contained in consumer credit reports. Changes
in our financial services industry have made accuracy more
important than ever. Credit report information is increasingly
used as the key determinant of the cost of credit or insurance.
By way of risk-based pricing, gone are the days when lenders
merely lumped borrowers into the ``qualified'' or
``unqualified'' category. The use of risk-based pricing allows
lenders to extend credit to a broader range of borrowers
predicated on the assumption that borrowers receive credit
terms which are commensurate with the credit risk that they
pose. As a result, credit report information has a direct
impact on the amount and the interest rates at which credit is
offered.
With respect to large credit transactions, such as
mortgages, rate differences can translate into hundreds of
thousands of dollars over the course of a loan. Even in smaller
dollar credit transactions, such as credit cards, rate
differences can mean large amounts of money. Furthermore, with
the practice of credit card companies reviewing credit reports
and adjusting rates in real time becoming more prevalent, the
application of risk-based pricing to consumer finances is
practically an everyday event.
Let me try to further illustrate these points, and we have
some charts here. The first chart, Chart 1 *, provides some
rough indication as to the effects that particular entries on a
credit report can have on a person's credit score or
creditworthiness. As indicated, some entries, such as
bankruptcy filing, can greatly reduce a person's
creditworthiness. You can see the numbers from the chart here
that Mr. Oesterle is holding.
---------------------------------------------------------------------------
* This chart is included in Chairman Shelby's prepared statement on
pg.400.
---------------------------------------------------------------------------
There is nothing wrong with this. Consumers who have failed
to pay their debts, again, do pose a considerable risk to
creditors, and we need to acknowledge that. But what if a bad
rating is based on inaccurate information? What if you had
never been bankrupt and such an item appeared on your credit
report?
Now I just want to reference Chart 2 *. The second chart
highlights the spreads in interest rates that people with
differing credit scores would pay for some sample products. As
the chart shows, the differences are very real. So are the
financial consequences. For example, consider the cost
differences for a $200,000, 30-year fixed mortgage. A borrower
classified as a ``marginal risk'' pays almost $90,000 more in
interest than someone with an excellent credit rating. Someone
classified as a ``poor'' credit risk would pay $124,000 more in
interest than the person with excellent credit.
---------------------------------------------------------------------------
* This chart is included in Chairman Shelby's prepared statement on
pg.401.
---------------------------------------------------------------------------
Credit rating matters for other transactions as well.
Someone financing a $24,000 new car with a ``marginal'' rating
can expect to pay 127 percent more in interest, about $3,300,
than a person with excellent credit. Someone with ``poor''
credit can expect to pay 255 percent more in interest, about
$6,700 more. Again, what if the information that leads to a bad
credit rating is inaccurate?
With the rewards for good credit so meaningful and the
penalties for bad credit so severe, it is absolutely critical
that credit reports accurately portray consumers' true credit
histories, thus the focus of today's hearing: Examining the
Fair Credit Reporting Act and the operation of our credit
markets to determine whether or not the present system provides
optimum accuracy.
With a system as large and complex as ours, involving the
transfer of billions of pieces of information, it is almost a
certainty that there are going to be some errors which occur.
On the other hand, the credit reporting agencies are paid to
properly handle the data. And furnishers, who also happen to be
the largest consumers of credit report information, take
advantage of the efficiencies provided by the system. Both
derive significant benefits from this system. Both also have a
significant responsibility to get things right.
So let us consider: How and why do errors occur in credit
reporting? Can more be done to prevent errors in the first
place? If some errors are not preventable, does the system
enable them to be quickly recognized? Who most efficiently
recognizes them? And once recognized, does the system work to
ensure that errors are quickly corrected?
I look forward to examining these questions with the
witnesses.
Senator Sarbanes.

STATEMENT OF SENATOR PAUL S. SARBANES

Senator Sarbanes. Mr. Chairman, thank you very much, and
thank you for holding this hearing on accuracy in credit
reporting. Accuracy of credit report information is integral to
our reporting process. In fact, the Fair Credit Reporting Act's
first finding is that, ``The banking system is dependent upon
fair and accurate credit reporting.'' The Act goes on to say,
``Inaccurate credit reports directly impair the efficiency of
the banking system, and unfair credit reporting methods
undermine the public confidence which is essential to the
continued functioning of the banking system.''
That is right out of the Act itself. And yet, credit report
inaccuracies continue to plague consumers. The U.S. Public
Interest Research Group has conducted several studies with
respect to credit report accuracy, and in their most recent
study in 1998, found that 29 percent of the credit reports
which they studied contained serious errors that could result
in a denial of credit. Now, this morning we will hear, on the
second panel, from the Consumer Federation of America, who, I
understand, examined credit scores and reports from all three
major credit repositories and found that inaccuracies remain a
significant problem in consumer credit reports.
The fact is, we need much better information regarding the
accuracy of credit reports.
Erroneous negative information on credit reports can often
take a significant investment of time and money to remove.
Errors can also be very costly to consumers by significantly
raising borrower costs. Not only do such inaccuracies raise the
cost of borrowing, but they may also actually cost the consumer
the loan. Insurers, mortgage banks, and other financial
institutions rely heavily on credit scores to make credit
decisions. Inaccuracies in the underlying credit reports can,
therefore, make it more difficult and significantly more
expensive for Americans to purchase insurance, homes, cars, and
other big-ticket items.
Our first witness this morning is Chairman Muris from the
FTC. As you may know, Chairman Muris, Mr. Beales, the Director
of the FTC's Consumer Protection Division, has testified at two
of our previous hearings. At our identity theft hearing, I
mentioned to him that I considered it essential that we hear
some recommendations from the FTC on ways to improve some of
the problems that we have been hearing about with respect to
the Fair Credit Reporting Act. There are a number of interested
parties who believe that additional regulatory and enforcement
authority is needed by the FTC to administer the FCRA. In
addition to credit report accuracy, I hope that you will
address this issue, as well as a number of other issues that
have been brought to the Committee's attention, including:
Alleged marketing abuses, the prescreening process, lack of
financial privacy, risk-based pricing, and the use of credit
scores for insurance purposes, among other issues.
Mr. Chairman, I look forward to FTC Chairman Muris'
testimony, and I also look forward to the testimony that will
come from the second panel. And in case I am not here at the
moment that second panel begins, I want to take a moment to
welcome Evan Hendricks, a resident of the State of Maryland.
Mr. Hendricks was the Founder of the Privacy Times newsletter,
has been its Editor for 23 years, and has testified before
Congress a number of times on Fair Credit Reporting Act issues.
His expertise has been helpful in the past, and I am sure will
continue to be helpful as the Committee examines the
functioning of the credit reporting system and the ways in
which consumers' credit reports are affected.
Thank you very much.
Chairman Shelby. Senator Dole.

STATEMENT OF SENATOR ELIZABETH DOLE

Senator Dole. Thank you, Mr. Chairman.
The accuracy of credit reports is a key issue, of course,
for us to examine as we consider reauthorizing the Fair Credit
Reporting Act. And I thank you, Mr. Chairman, for giving us
this opportunity to review and discuss these issues in greater
detail.
Under the Fair Credit Reporting Act, credit bureaus must,
``Assure the maximum possible accuracy of the information
concerning the individual about whom the report relates.''
However, in recent hearings, we have heard anecdotes about the
harm caused to consumers who have had false information on
their credit reports as a result of mistakes or fraud. It is my
hope that as part of this effort, we can agree upon positive
steps to ensure greater accuracy in credit reports.
Recently, my staff and I purchased copies of our credit
reports, as well as sample credit scores as preparation for our
work on this issue. I was pleased to discover that my credit
reports were entirely accurate and easy to understand. All of
the information contained in the report was, in my opinion,
appropriate and necessary. In addition, the sample FICO credit
score gave simple and understandable explanations for the
factors used in its determination.
We have, of course, heard testimony before this Committee
on the problems some consumers have faced with respect to the
credit bureaus. And, particularly, Captain John Harrison, a
victim of identity theft, described to us on June 19 how
information that had been removed from his credit report
reappeared later. One of our goals here should be to do all we
can to prevent such things from happening in the future. These
errors can truly wreak havoc in a person's life, with effects
that can linger for years or for a lifetime.
One positive sign that we are making progress was the truly
bipartisan Fair Credit Reporting Act reauthorization bill that
was recently introduced in the House. This proposal contains
provisions that address many of the concerns voiced by consumer
groups and the industry. The Administration also recently
announced that it supports much of this approach, leading me to
believe that we are well within sight of being able to sign off
on a positive, consensus-based approach to reauthorization.
I want to take a moment to welcome Chairman Muris from the
Federal Trade Commission who is with us today. As an alumnus of
the FTC, it is a special pleasure to hear from you this
morning.
And, Mr. Chairman, I stand ready to work with you and the
rest of our colleagues as we move toward achieving our goal of
reauthorization this year.
Thank you.
Chairman Shelby. Senator Johnson.

STATEMENT OF SENATOR TIM JOHNSON

Senator Johnson. Mr. Chairman, thank you for holding
today's hearing on the accuracy of credit reporting information
and the Fair Credit Reporting Act. Welcome to Chairman Muris
and the second panel.
As I have noted in past hearings, the last thing our
weakened economy needs is a blow to the credit-granting system.
In fact, Treasury Secretary Snow stated yesterday that if the
national standards were to expire and States adopted new laws
currently under consideration, a minimum of 3.5 percent of
loans now approved would be denied to maintain the same level
of credit risk. That translates to at least $270 billion of the
current total of just under $8 trillion in consumer credit
outstanding could be in jeopardy, according to Secretary Snow.
So, Mr. Chairman, I thank you for focusing our attention on
America's credit-granting system. The reason credit is so
widely available and so affordable is due in large part to the
amount of data available to lenders and other users of credit
reports. Quantity is no substitute for quality, and I hope we
can work together to make any adjustments to the underlying
statute to increase the quality of the data without creating
unintended consequences that deter data furnishers from
participating in the system.
I am very pleased that the Administration and the FTC have
now taken a public position in favor of permanently extending
the preemption provisions of FCRA. I think a number of us on
the Committee were beginning to feel a little sorry for Mr.
Beales who appeared before us a couple times to tell us about
how well FCRA is working, but was unable to say whether it
might be better to let the California Legislature write the
statute for us.
I hope that Chairman Muris will spend some time today
talking about how our system would change if we lose uniformity
of credit data. However, I am sure we all agree that the last
thing we want is a uniformly bad system, which is why we need
to look hard at the current statute to determine whether
changes need to be made.
I have read Mr. Jokinen's testimony, and I am pleased to
see him alive and well before us. And while Mark Twain might
have chuckled over reports of his untimely death, it is no
laughing matter when those reports deprive you of historically
low mortgage rates and cause very real emotional damage in the
process of correcting the information.
I regret that we do not have any data furnishers with us
today. It sounds to me as if the breakdown in Mr. Jokinen's
case may have had more to do with the data furnisher than with
the credit bureau. But what is clear is that the system failed
this witness, and we need to figure out if the statute itself
is at fault or if we need to focus on enforcement. Clearly,
there is enough blame to go around, and the fact is everyone
benefits from accurate data.
So, I look forward to working with you, Mr. Chairman, and
other Members of the Committee on a quick and responsible
reauthorization process. Again, I have conflicting, overlapping
committee hearings, including markups going on. I may not be
able to stay as long as I would like. But, I thank you for
conducting this hearing.
Chairman Shelby. Senator Enzi.

STATEMENT OF SENATOR MICHAEL B. ENZI

Senator Enzi. Thank you, Mr. Chairman. I appreciate your
holding this hearing and the other hearings that you are
holding to steadily move us toward a consensus on getting this
important reauthorization done. The accuracy of financial
information collected, maintained, and delivered by the credit
reporting agencies is vital to ensuring the integrity of our
entire financial system. I was very pleased to hear Secretary
Snow of the Department of the Treasury announce last week that
the Administration supports making free credit reports
available annually to consumers.
This will go a long way to helping consumers to understand
what information is retained by the credit reporting agencies,
to see if there are any inaccuracies in the information, and to
correct that information. The accuracy and timeliness of the
information will help consumers, merchants, and financial
institutions to stem the explosion of identity theft crimes.
I also want to mention two articles that I believe
highlight the problems that we face with identity thefts. The
first article was a front-page article in The Wall Street
Journal on May 1 entitled, ``A Tussle Over Who Pays For Credit
Card Theft--Retailers Stuck With the Bill, Say Issuers Lack a
Reason To Fight.'' The second appeared recently--in fact, last
weekend--in Parade magazine.
I am concerned about the situations highlighted in The Wall
Street Journal article where victims of identity theft struggle
to retain their identities and the credit card industry appears
to offer little help in pursuing the criminals. Further, it is
troublesome that the retailers, most likely small business
retailers, may get stuck with the cost of the crime. The
financial cost of identity theft is growing at a very alarming
rate, and we have to find ways to encourage credit card
companies to track down fraudsters and help retailers recover
damages. Therefore, I would like to hear from Chairman Muris as
to what the Federal Trade Commission is doing to bring credit
card companies to the table and what the Commission is doing to
help small retailers cope with identity theft.
With regard to the Parade magazine article, my colleagues
will remember--and Senator Dole already mentioned--Captain John
Harrison who had testified at the June 19 hearing. The article
illustrates the trauma that Captain Harrison has experienced as
a victim of identity theft since July 27, 2001. For nearly 2
years, Captain Harrison has been trying to clear his good name.
That means closing over 60 fraudulent accounts that range from
credit cards to checking accounts to utilities. And, those are
just the ones he knows about. Captain Harrison is still
learning about open and damaging accounts.
He is just one individual whose life has been turned upside
down. There are a hundreds of thousands more out there, and we
have to do something to help these victims.
Last year, Senator Cantwell and I introduced a bill that
would assist victims in reclaiming their identities. The bill
passed unanimously in the Senate last November. It did not pass
the House, however, and I would like to work with our esteemed
Chairman to ensure that parts of that bill are reauthorized in
the Fair Credit Reporting Act. Some of these parts may be
similar to the changes proposed by the Administration relating
to accuracy of information in a consumer's file. I am
particularly interested in the Administration's proposal
related to the blocking of files and reinvestigations by
resellers. Senator Cantwell and I worked last year with all of
the stakeholders to address these issues in our bill, and I
would appreciate the opinion of Chairman Muris and the other
panelists on the Administration's proposal.
In addition, I believe we need to discuss the accuracy of
consumer's data when the consumer is also a small business.
According to the Small Business Administration, there are
millions of small businesses that are sole proprietors. Over
the past decade, there has been a very good campaign on the
part of financial institutions to market products and services
to small business owners. This has made credit available to
many sole proprietors that otherwise would not have been able
to obtain credit elsewhere. I would like to hear from today's
witnesses as to how we can maintain the accuracy of consumers'
financial information if the consumer also owns a business.
Thank you, Mr. Chairman, for holding this hearing. I look
forward to hearing from the witnesses.
Chairman Shelby. Senator Carper.

COMMENTS OF SENATOR THOMAS R. CARPER

Senator Carper. Mr. Chairman, thank you. To my colleagues,
to our witnesses, and other guests, welcome. Chairman Muris,
good to see you. Thank you for joining us today.
I just want to mention briefly three principles that I
think we will all be able to subscribe to as we approach
today's hearing. One of those principles is the need for
accuracy of credit reports and something that is essential,
first of all, to consumers. The second principle would be that
accurate reports are also of a great benefit to those who grant
credit. And, finally, the belief that absolute accuracy cannot
be achieved; however, the system should have as few errors as
possible. And the system that we are working with here and
refining here should make it easier for consumers to correct
errors in their credit reports.
I think those are three good principles that we can all
subscribe to, and I am encouraged with the announcement by the
Administration of their position on these issues. Today, we are
going to make a step forward toward reaching those principles.
I am encouraged that the House legislation has been introduced
and is starting to move. It will be helpful toward that end.
Finally, we have had quite a few hearings with respect to
FCRA, and they have been enlightening and educational. And I
suspect that this will be true today.
Thank you, Mr. Chairman.
Chairman Shelby. Senator Bennett.

STATEMENT OF SENATOR ROBERT F. BENNETT

Senator Bennett. Thank you very much, Mr. Chairman. All of
us are very much in favor of accuracy within the credit bureaus
and the information that is reported. I want to change the
focus just a little in my opening statement to accuracy of
studies.
Senator Sarbanes quoted a study that said 29 percent of the
credit records contained errors. There is a 1992 study
commissioned by the Consumer Data Industry, which is the trade
association group, that says the error rate is 0.2 percent.
There is a 1998 study conducted by the U.S. Public Interest
Research Group that says the error rate is 70 percent.
That is a pretty wide range, a 0.2-percent error rate or a
70-percent error rate or a 29-percent error rate. If we are
going to legislate to try to bring down the error rate, we have
got to know what the error rate really is. And these kinds of
studies are all over the place. To go from 0.2 percent, some
will say that is suspect because it was a study commissioned by
the industry itself; to 70 percent, I frankly think that is
obviously suspect, commissioned by someone who may hate the
industry. We need to know exactly what the error rate is.
Furthermore, Mr. President--Mr. Chairman. Sorry, a Freudian
slip with all the other colleagues around here.
[Laughter.]
We need to know accurately what an error is. I will give
you an example out of my own life. We moved in Salt Lake City,
and when you do that, you call people up and tell them that you
have moved, and they put a new address on your bill. No matter
how hard I try, I am unable to get the Salt Lake City
Corporation to bill Robert F., as in Frank, Bennett. They
insist on billing Robert S., as in Sam, Bennett. Someone heard
that as an ``S'' over the telephone when we changed our
address, and that constitutes an error.
Now, it could be a very serious error in that there might
be a Robert S. Bennett out there who is rampaging around the
credit world and I do not want to be associated with him. On
the other hand, I really do not think that the fact that my
water bill is addressed to Robert S. Bennett at 1224 11th
Avenue, Salt Lake City, Utah, when it really is Robert F.
Bennett at that address constitutes an error that justifies
Federal legislation.
So as we examine this whole question of the error rate in
these databases, we need to know what kind of errors we are
talking about, and we need to be able to separate those that
are incidental from those that do constitute a threat to our
identities.
The only piece of data that I have been able to find out
that I think moves in the direction of giving us an accurate
picture of what is going on is information that we have had
from the FTC, and I simply repeat it here. The FTC reports that
they receive approximately 2,000 complaints per year per
bureau--since there are three bureaus, that is 6,000 error
complaints--out of a database of 600 million.
Now, I realize that not every error by any means gets
reported to the FTC. But those that felt concerned enough about
the errors that they contacted the FTC gives us 6,000 on a
database of 600 million, which is 0.001 percent. Perhaps more
significant than this number is the fact that in 1990, the FTC
was receiving 10,000 complaints per year per bureau. So over a
decade, we have seen the complaints on errors go from a total
of 30,000 down to 6,000 as far as the Feds are concerned.
Now, this is not a survey. This is not a study. This is not
a poll. These are actual complaints coming into the Federal
Government that signify the trend is going in the right
direction. Six thousand is one-fifth of 30,000. So, in 10
years, we have had an 80-percent improvement rate in the
complaints to the FTC while the granting of credit has gone up
dramatically. I think that says that the Fair Credit Reporting
Act has done a pretty good job.
Now, having said that, I am as concerned about making sure
that the database is accurate as anyone else on this Committee.
But I think as we pursue the goal of getting a higher rate of
accuracy, we need to do so against the background of accurate
information about what the problem really is and how bad it is.
Thank you.
Chairman Shelby. Senator Dodd.

STATEMENT OF SENATOR CHRISTOPHER J. DODD

Senator Dodd. Thank you, Mr. Chairman. I ask that my
prepared statement be included in the record.
Chairman Shelby. Without objection, it is so ordered.
Senator Dodd. I think most of the comments that I would
make have been included, just striking the balance. Thank you,
Mr. Chairman, for holding this hearing. It is extremely
important. All of us as we travel around, no matter where we
go, the issue comes up about whether or not we are going to
reauthorize the FCRA, when we are going to do it, and what is
it going to look like. I think these hearings are tremendously
helpful, and I want to commend you. We have already listened to
a lot of people and we are going to hear from some wonderful
witnesses today who will share with us their views and thoughts
on this very important subject, and that is tremendously
worthwhile. As we move into an economy that requires some
straightening out, credit is going to be even more important in
terms of getting back on its feet again. So having a level of
confidence that people will need is going to be essential.
I appreciate my colleague from Wyoming mentioning Captain
Harrison, my constituent from Connecticut, who gave eloquent
testimony. His is certainly an incredible case. What he has
been through is just stunning to identity theft issues. We know
this may be an extreme case, but I think most people recognize
that it probably occurs far more often than we all like to
admit, even though studies may vary about the percentage of
incidences.
I just want to end on the note that the Treasury Department
is moving in the right direction, and I want to commend them. I
spend a lot of time saying what I think the Treasury Department
is doing wrong, but in this case, I think the Treasury
Department deserves some credit for its recent recommendations
dealing with consumer protections. For example, it is right, I
think, to suggest that consumers should have the right to free
copies of their credit reports and credit scores so that they
can identify the problems for themselves. Obviously, you can
solve a lot of problems if you can have a chance to look at
your own stuff and think something is wrong. That would seem to
be helpful and positive, and I commend them for it.
I also agree that we need to strengthen the protections
against fraud, identity theft, and the like that they have made
recommendations on. So, I am anxious to hear what other
thoughts can be offered to us as we try and fashion this
legislation. I think what Senator Carper said makes a lot of
sense. Those are pretty good standards by which to judge how we
are progressing here. There is the realization you are not
going to have a perfect system, and any hopes of achieving that
should be put aside immediately. But today with our technology
and sophistication, we can do a better job all the time in
guaranteeing that, to the extent possible, the consumers are
being protected by accuracy of information that determines
whether or not they are creditworthy.
Again, Mr. Chairman, I thank you for your efforts.
Chairman Shelby. Senator Crapo.

STATEMENT OF SENATOR MIKE CRAPO

Senator Crapo. Thank you, Mr. Chairman. As Senator Dodd
indicated, most of--in fact, all of my thoughts have been very
well stated by other Members of the Committee, so I will be
brief.
I want to thank you for not only this hearing, but the
series of hearings that you are holding on this legislation
because I think they have helped us to focus very well on the
issues at hand.
I have said before that I think our primary obligation here
as we approach this legislation is to make certain that we
protect the credit reporting system that we have in the United
States today, which is the envy of the world and is the
backbone and a strong part of our economy. In fact, I think the
statistics I have seen indicate that something like three-
fourths of all American households are involved in some way
with the credit system in this country, and that frankly to me
sounds like it might be a little bit low, either in the
mortgage credit system or in the consumer loan system.
As I approach this, we have already had hearings on
identity theft and a number of other issues that directly
relate to the issues we have before us here today. But it seems
to me that we want to make sure that the information that we
are dealing with in our credit reporting system is complete,
that it is accurate, that it is accessible by consumers, that
it is understandable by consumers so that those who are dealing
with their own credit information--whether it is in the context
of identity theft or just in terms of a report that they are
getting in terms of a credit transaction or just in terms of
checking their credit rating--that they understand what it is
that they are dealing with, and that it is fixable when errors
occur. So that when a consumer finds that there has been a
problem, whether it is a minor problem like Senator Bennett has
identified or a major problem like an identity theft problem,
or simply poor reporting or poor standards or poor procedures
by the reporting agency, that it is fixable. And I think that
means we might need to look at modernizing our dispute
resolution process and some of the other ways that we address
these issues.
Finally, I think we need to make sure that the adequate
protections are in place to assure that we do not have identity
theft or fraud or inappropriate reporting mechanisms and that
the entire industry, including the consumers, understand how
the system works and are able to work with it easily.
So, again, Mr. Chairman, I thank you for holding these
hearings, and I look forward to working with you as we craft
this legislation.
Chairman Shelby. Thank you, Senator Crapo.
Senator Stabenow.

STATEMENT OF SENATOR DEBBIE STABENOW

Senator Stabenow. Thank you, Mr. Chairman. I have a
complete statement that I would ask to have placed into the
record.
Chairman Shelby. Without objection, it is so ordered. It
will be in the record.
Senator Stabenow. Thank you. Just a couple of comments.
First, welcome, Mr. Chairman. We appreciate your being here
and your work, and I would share the same concerns my
colleagues have and as Senator Crapo just indicated in terms of
what this is all about: accuracy of information for consumers,
the ability to maintain a system that is the envy of the world.
And we certainly want to extend, I believe, not only the
existing provisions of the Act in a timely manner, but we also
need to use this opportunity to look for ways to improve areas
where there may be problems and concerns. So, I welcome your
thoughts on that today. This is really our opportunity to do
that. And when there is a problem for consumers, we want to
make sure that it can be addressed quickly, that there is a way
for us to remedy problems with our own credit reports or others
that we represent.
Mr. Chairman, I did just want to also mention on another
front that one of the best ways, I think, in the long run that
we can help on these issues is through making sure that we all
have the education and financial literacy that we need in order
to be educated, active consumers. Senator Enzi and I are
working together on some legislation that we hope to bring to
you and work with the Committee on. I know Senator Corzine is
working on this issue, and other Members of the Committee. But
I think it is important that provisions that move us forward on
financial literacy are also a part of what we are doing in
making sure that we are all educated consumers in using
information in order to protect our own interests and our own
financial situation.
Thank you, Mr. Chairman.
Chairman Shelby. Senator Allard.

STATEMENT OF SENATOR WAYNE ALLARD

Senator Allard. Mr. Chairman, thank you. I have a full
statement I would like to make a part of the record.
Chairman Shelby. It will be made part of the record.
Senator Allard. I want to just make a couple of brief
comments.
First of all, I would like to associate myself with the
comments of the Senator from Idaho, but I would add a couple of
things. We are all human, and errors do occur. I think when
errors do get into a credit report, we need to find ways that
those errors can be expeditiously purged from the public
record. So often an error is recorded by one group but it gets
dispersed throughout the entire system. Other systems record
this error and, it reemerges again. I hope that some time and
thought is given to recorded errors. I also hope we can look at
how that error can be readily purged so the consumer gets that
mistake eliminated from the record and is able to move on with
their own personal lives and investments.
The second comment I would make is that earlier this week,
Senator Schumer and I drew up a piece of legislation on
disclosure of credit scores. I think full transparency of
credit scores is important so that the consumer--if there is
something impacting their credit, can respond to it. There are
things that go into a credit score that, frankly, when I found
out about them, I was surprised. I think a lot of consumers are
unaware of the factors that make up their credit score. For
example, if a customer is informed that their interest rate is
higher than ordinary; or they get turned down, they do not know
how to take the necessary steps to make themselves qualify
again for a lower interest rate or a loan.
These are two additional comments I wanted to make, and
thank you, Mr. Chairman.
Chairman Shelby. Senator Corzine.

COMMENTS OF SENATOR JON S. CORZINE

Senator Corzine. Thank you, Mr. Chairman.
I want to congratulate you on the thoughtful way of
approaching this overall issue. I think it is important that it
get fleshed out in its fullness. I think we all recognize how
important this is to each individual life. I think about two-
thirds of our economy is driven by consumer activities. It even
rises at certain points in time. And this is an enormous area
of concern, and when you have the range of variables that
Senator Bennett talked about of errors, I think we should
understand how much that actually translates into individual
life experience.
I think the only other comment I would make--and I hear
this over and over. This is an interconnected element of
activity. Accuracy ties to identity theft, which ties to
financial literacy, which ties to credit scores. And we should
be thinking about this in a comprehensive way as opposed to
piecemeal. And I think like many other Senators, I have pieces
of this with respect to financial literacy, and with respect to
questions on identity theft. Frankly, I think there is a need
for this to be brought together in a comprehensive format so
that we aid the consumer on a complete basis.
Thank you.
Chairman Shelby. I appreciate your remarks.
Senator Schumer.

STATEMENT OF SENATOR CHARLES E. SCHUMER

Senator Schumer. Thank you, Mr. Chairman. Again, I want to
add my kudos to you and Ranking Member Sarbanes for the
careful, thoughtful, and thorough way these hearings are being
conducted on one of the most important pieces of legislation
that will be before us, the FCRA.
I think of all the hearings we have had, this one may be
the most important, at least in terms of its impact on the
average person's life, and that is the accuracy of the
information in his or her credit report. Our laws and
principles make it clear that the reporting agencies have a
responsibility to maintain accurate information. And on top of
this obligation, there is the pressure of the market. Companies
want accurate information. They do not want it to be too high
or too low. It does not lead to their best economic interest.
But as Senator Allard mentioned, there is an additional
check and balance that we must have in the system. Consumers
should have a right to review their credit information and the
right to have that information corrected when it needs to be.
After all, they have the most at stake from inaccurate
information, and we have found that in our financial systems,
when there is transparency, the opportunity for abuse is lower.
And that is why Senator Allard and I introduced this week
legislation that will provide our national credit system with
more transparency. Our bill is called S. 1370, the Consumer
Credit Score Disclosure Act of 2003. Hopefully we can add it to
FCRA at some point and not move it along separately. But
whatever the Chairman would please--I think I speak for Wayne,
as well--would be fine with us.
Let me just give my colleagues a little bit of detail about
this, and I will be quick.
Right now, people get a credit report, and it is a complex
formula, but it is the credit score that matters most. The
score determines whether a loan is made and at what rate.
Often, people only know the number of their score. They do not
know the factors that went into the number, how different
information in their credit report was weighed. It is like a
black box. And the stakes are very high here. Nearly 80 percent
of all mortgage lending decisions now use credit scores.
Specifically, lenders use the score to determine whether to
extend a loan to an applicant and to make pricing decisions
regarding the terms of the loan. For most families, we all know
buying a home is the biggest financial move they make. Credit
score, the principal factor in determining the creditworthiness
and loan terms, is shrouded in mystery, and the simple purpose
of our legislation is to lift the veil of secrecy.
There is a huge difference. Let me take an example, a
modest Syracuse mortgage of $80,000. If you shave three points
from that loan, it would save the homeowner about $140 a month,
$1,600 a year. And so if the credit score is wrong, people pay
for 15, 20, or 30 years, depending on the term of their
mortgage. And up until this year, even the outline of how these
scores, mysterious scores, have been determined was kept a
secret. In fact, most consumers, for instance, have no idea
that having a whole lot of credit cards, even if you pay every
one on time, lowers your credit score. Well, if consumers knew
this was part of the credit score, they could make a decision
whether they wanted to have that fifth, seventh, or tenth
credit card.
So things are beginning to move into the right direction.
E-LOAN, one company, is offering a free Web-based service that
allows real estate agents, bankers, and consumers to instantly
determine the credit rating. But we think this should be
available for everybody. And I hope that our colleagues will
pay some attention to this legislation as we move it along. It
requires lenders to supply consumers with their credit score
and an invoice that describes how it was calculated, the source
of who calculated the score, and the four factors negatively
affecting the score. It is simple Adam Smith free market
disclosure, and it is something we would like to discuss,
Senator Allard, and I would like to discuss as we move this
bill along.
Thank you.
Chairman Shelby. Thank you, Senator Schumer.
Our first panel will just be one gentleman. Mr. Timothy
Muris, he is the Chairman of the Federal Trade Commission.
We welcome you to the Committee. We appreciate your
indulgence through our opening statements. Your written
statement will be made part of the record in its entirety,
without objection. You may proceed as you wish.

STATEMENT OF TIMOTHY J. MURIS

CHAIRMAN, U.S. FEDERAL TRADE COMMISSION

Chairman Muris. Thank you very much, Mr. Chairman. I want
to thank you for holding this important hearing, and I
particularly want to thank you and your staff for working so
closely with us. I know, as has been mentioned, the Director of
the FTC's Bureau of Consumer Protection, Howard Beales has
testified before the Committee, and it is a particular pleasure
since your Staff Director, Kathy Casey, is a former student of
mine. And it has been a pleasure to see her and her staff 's
professionalism and skill in working through this process.
Chairman Shelby. You taught her well.
Chairman Muris. Thank you. I am not sure she will agree
with that, but that is another subject.
As we testified--Howard presented the Commission's
testimony in May--the statute, the FCRA, has been a remarkably
effective law. It helps make possible what I call the miracle
of instant credit, which occurs all over America every day.
For example, you can walk into a car dealership, and if you
have good credit, in less than an hour you can borrow $10,000
from a complete stranger, or more, and drive out with a new
car, which, when you think about it, I think is really a
remarkable fact. And it exists really only in the United
States.
In the over 30 years since the FCRA was enacted, with the
leadership of this Committee and Senator Proxmire, consumer
credit has expanded exponentially. It accounts for over two-
thirds of our Nation's GDP. It has been particularly important,
this expansion of credit, for the least affluent Americans.
Thirty years ago, for example, 5 percent of low- and moderate-
income Americans had credit cards. Today, half have those
cards, nearly half. The FCRA has facilitated this growth while
at the same time protecting sensitive financial data.
The FTC supports the package of proposed legislation that
the Administration and Secretary Snow announced on June 30. We
believe these proposals, along with a couple of additional ones
in our testimony, will help improve credit report accuracy and
fight identity theft, while preserving the benefits to
consumers of the national credit reporting system.
To begin, the Commission recommends that Congress renew the
uniform national standards in Section 624 of the FCRA. The
national character of our credit markets is a powerful argument
for retaining these standards. This is not to say that the FCRA
is perfect, but any improvement should be made by changes to
the national standard and not through a patchwork of different
State laws.
The changes we support focus on getting more credit reports
in consumers' hands, streamlining the dispute process,
detecting and preventing identity theft, and easing the burden
on identity theft victims.
Turning more specifically to accuracy, we have several
proposals that I believe will enhance the accuracy of credit
reports. One proposal that I believe is particularly important
is our recommendation to expand adverse action notices to
consumers, and it builds on your charts, Mr. Chairman. A key
element of the FCRA's protection of consumers is the
requirement that when credit, insurance, employment, or other
benefits are denied, based even in part on a credit report, the
creditor must notify the consumers of their rights to a free
copy of the report and to dispute the accuracy of information
in the report.
This self-help mechanism is a critical component in an
effort to maximize the accuracy of consumer reports, and it is
a quite ingenious part of this statute. It puts credit reports
in consumers' hands when they are the most motivated to inspect
their report for inaccuracies--that is, after they have been
denied benefits based on the report.
We are vigorously enforcing FCRA's adverse action
provisions through industry compliance sweeps and enforcement
actions against users of credit reports. Nonetheless, this is
an area where we believe an important improvement is needed in
the statute.
The FCRA generally requires an adverse action notice when a
consumer is offered less advantageous terms because of his
credit report with respect to credit offers. But if the
consumer is offered and accepts those less advantageous terms,
he gets no adverse action notice.
Now, in the modern world, this counteroffer exception makes
no sense. Ten years ago, credit decisions were usually pass-
fail. You either got the credit you applied for or were
rejected. Today, with the prevalence of risk-based pricing,
which was your point, Mr. Chairman, consumers more often are
offered a higher rate or worse terms. Those consumers may pay
for a loan or credit card based on inaccurate information in
their credit report, but they will never learn about it. This
gap frustrates achievement of the FCRA's basic consumer
protection goals. For this reason, we recommend that Congress
give the FTC rulemaking power to expand the circumstances under
which consumers get adverse action notices.
Again, it is crucial to the working of the system that
consumers be notified when there is a problem in their credit
report. For most consumers, most of the time, it is not worth
their time to go read their credit reports. They have a lot of
busy things to do in life. An ingenious part of the system is
you are notified when you are denied a benefit because of what
is in the report. But because of changes since the law was
enacted with this risk-based pricing, there is now a
significant loophole which we think should be closed.
We also have recommendations that will make it easier for
consumers to dispute inaccurate information. For example, there
is an anomaly in the law whereby resellers of consumer reports
are responsible for investigating consumer disputes. We think
that the credit repositories should share some of that burden.
In addition, we recommend amendments that would make it harder
for furnishers to reintroduce fraudulent information in the
credit reports.
Finally, we believe the law should be amended to require
furnishers of information to investigate consumer disputes when
consumers contact them directly. Consumers do not know
necessarily that under current law they are supposed to contact
the credit reporting agency. We see no reason why, when they
contact the furnisher, that should not trigger the
reinvestigation requirement.
It is a pleasure to be here, and I will be happy to respond
to any of your questions about our recommendations or any of
the other issues.
Thank you.
Chairman Shelby. Thank you, Chairman Muris.
The very first section of the Fair Credit Reporting Act
highlights the importance of the accuracy of credit reports
that we have been talking about today. Let me just briefly
quote from the law. ``Inaccurate credit reports directly impair
the efficiency of the banking system.'' It might be fitting,
Mr. Chairman, to expand that sentence so that it reads,
``Inaccurate credit reports directly impair the efficiency of
our whole economy.''
Chairman Muris. I certainly think that one of the reasons
that our economy is so strong, particularly compared to the
rest of the world, is the flexibility of our credit system.
Chairman Shelby. Absolutely.
Chairman Muris. And that credit system relies on these
national credit standards, and this law is essential, I think,
to making those standards work.
Chairman Shelby. Would you agree that inaccuracy in credit
report information could create inefficiencies in the economy?
Chairman Muris. Absolutely. And I certainly agree with the
comments that others are making, you know, that not all
inaccuracies are created equal.
Chairman Shelby. Sure.
Chairman Muris. But, again, that is why it is so important
to put this information in the hands of consumers.
Chairman Shelby. What is your understanding, Mr. Chairman,
as to the level of inaccuracy found in credit reports?
Chairman Muris. We have no way of knowing the precise level
of inaccuracy. Again, the ingenious nature of this system and
why we want to expand the adverse action notices is that when
you are denied a benefit because of what is in the credit
report, you need to be told. And that puts you on notice,
particularly if you think there must be a mistake, to see what
the problem is.
The statute obviously understands that you are dealing with
something like, with these big credit bureaus, 2 billion
transactions a month. Perfect accuracy is neither possible nor
desirable.
Chairman Shelby. But accuracy is very desirable, maybe not
perfect.
Chairman Muris. Absolutely. That is why we take lots of
steps to deal with accuracy, and that is why we think, although
you should extend the preemptions in the national system, that
you should improve the statute, particularly in terms of
accuracy.
Chairman Shelby. A lot of things that Senators Corzine,
Crapo, Allard, Schumer, and others have been talking about as
far as accuracy, is putting together a comprehensive bill here
which could improve the accuracy and the efficiency of credit
reporting, could it not?
Chairman Muris. Absolutely, and that is what our package of
proposals is aimed for. We look forward to working with you on
developing such a package.
Chairman Shelby. You do not have a specific number, you
know, statistically, as to the errors. Is there any way to get
a specific number? Because numbers do matter.
Chairman Muris. Well, they do matter. I am not sure that it
is worth the cost of getting a specific number. I do think that
easing the ability of consumers to have the information is the
best route to take, and that is why we made several proposals,
including free credit reports----
Chairman Shelby. That would be good for the consumer by a
long way, but also good for business, would it not?
Chairman Muris. Well, yes. I do think that a more accurate
system, assuming it can be achieved without undue cost, would
be better. And I think the proposals that we have made take us
a significant way down that road.
Chairman Shelby. Mr. Chairman, do you think that the
Federal Trade Commission should have a responsibility to obtain
information regarding the accuracy of the information contained
in consumer reports on an ongoing basis?
Chairman Muris. I would be particularly concerned--and I
know there is a provision in the House bill--if we were asked
to spend a lot of resources trying to come up with, trying to
determine what the level of accuracy is. I think our resources
would be better spent on consumer education, on developing new
laws such as we have talked about, on enforcement, because--
although, again, accuracy is a key to this statute, but trying
to find out and deal with some of the issues that people have
raised here about accuracy, I am not sure that is the best----
Chairman Shelby. Well, accuracy is going at the truth of
whatever the information is.
Chairman Muris. Yes, that is certainly true. But I think
Senator Bennett's point about levels of accuracy is very well
taken.
Chairman Shelby. Absolutely. Does the Federal Trade
Commission, currently have the authority and the resources
necessary to ensure that the highest level of accuracy possible
is achieved? Do you need more resources? Or do you think, as
you alluded to, you are going to work with us toward better
legislation?
Chairman Muris. I think the preferable route is better
legislation. We received our mark from the House appropriators
yesterday. If we get that amount of money from the Senate, I
think we can very admirably carry out our responsibilities,
including whatever new responsibilities you would give us.
Chairman Shelby. Especially if we put together a good bill
overall, one that is good for business, good for the economy,
and good for the consumer?
Chairman Muris. Yes, sir, absolutely.
Chairman Shelby. Senator Sarbanes.
Senator Sarbanes. Thank you very much, Mr. Chairman.
Chairman Muris, I am going to try to run through some
questions with you very quickly. As you know, our time for
questioning is limited. But, first, I do want to note the
front-page article in today's New York Times on the FTC's Do
Not Call Registry. This article says that there has been an
outpouring of public interest in the registry far exceeding the
Government's initial expectation. According to the article,
Americans have submitted 23 million phone numbers in the last 2
weeks for the registry, and the FTC expects at least 60 million
Americans to sign up by October 1.
What does this tell you about the way people are feeling
about the invasions of their privacy?
Chairman Muris. Well, I think the reason that we have
adopted the national Do Not Call Registry is in response to
concerns over privacy. And, indeed, the reason that we are
making several proposals here is in response to concerns about
privacy.
I am not sure that it is accurate that we have received a
lot more initial sign-ups than we expected. We thought this
would be a very popular initiative. The Commission has never
received anything like the comments and the response in its
history to anything we have done like the Do Not Call
Initiative.
I do think people care about privacy, and what they care
about, I think, is when their information is misused in ways
that bother them. And the interruption of their dinnertime is a
perfect example, and I also think, to transfer that to this
context, when sensitive information is misused or it is
inaccurate, those are the kinds of things that bother people
the most rather than abstract notions of, you know, privacy. I
think people are very practical, and when it is misused and
causes them consequences, that is when they really care. And I
think Do Not Call demonstrates that.
Senator Sarbanes. One of the witnesses on the next panel,
Mr. Brobeck, from the Consumer Federation, recommends
broadening the Federal enforcement of FCRA in two ways. He
recommended, ``An appropriate Federal Agency such as the FTC
should audit the repositories' records on a regular basis to
identify data furnishers who report incomplete or incorrect
information to the repositories.'' He also recommended that the
FTC should collect and analyze information about credit
reporting disputes on a quarterly basis and report this
information to Congress annually.
Would you support those recommendations?
Chairman Muris. Well, I have welcomed our cooperation and
support on many issues from the consumer movement and the CFA
in the past. I have trouble with some of their recommendations
here. The idea of an audit bothers me in the following sense. I
think we need to focus on the key trigger point of the statute,
which is letting consumers know when there is a problem. I
think in terms of furnishers, it is a voluntary system. We have
sued furnishers for supplying inaccurate information. There are
duties dealing with furnishers. In fact, we are proposing to
trigger the reinvestigation process, as I mentioned, when a
consumer contacts the furnisher.
So, I think there are some more things that furnishers can
do. There are already duties on furnishers. But I am concerned
about shifting our focus from the consumer and the consumer
getting notified to a more abstract idea of auditing and
studying the procedures of the credit reporting agencies.
Senator Sarbanes. You used the instant credit example in
your own statement. Does the store receive a complete credit
report, or does it simply receive a credit score when it acts
in that instance?
Chairman Muris. Well, I think it depends. In the case of
the real instant credit, they are receiving often just an
approval. I am not even sure----
Senator Sarbanes. And if the consumer is denied credit in
the instant credit scenario and then requests a credit report
as a result of that adverse action, what would the credit
reporting agency provide to the consumer? Just what the store
got?
Chairman Muris. My understanding is no. Well, I am not sure
what the store gets, and----
Senator Sarbanes. Well, shouldn't the consumer----
Chairman Muris. Yes, I agree the consumer should get the
full----
Senator Sarbanes. Shouldn't the consumer, at least, get
what the store got? And if that is not the full report,
probably get the full report as well, should he not?
Chairman Muris. Absolutely. I agree, Senator. What they are
supposed to get now, this is triggered by the so-called Equal
Credit Opportunity Act notice. They are supposed to be told the
four leading reasons why there was a problem with their credit
report.
I agree that just giving them a very simple piece of
information would not be useful, but I believe under current
law they are required to get more than that.
Senator Sarbanes. My time is up. Let me just ask you, is it
the intention of the FTC to provide to the Committee draft
statutory language to carry out the recommendations that you
have presented to us in your statement here this morning?
Chairman Muris. Yes, sir.
Senator Sarbanes. And how promptly can you do that?
Chairman Muris. Well, we have been working with the
Committee, and I think we would be able to do this very
promptly. And we have been working with the other body as well.
Senator Sarbanes. What is ``very promptly?''
[Laughter.]
Chairman Muris. Well, I am not even sure what day of the
week it is. It is Thursday, I think. I would be very surprised
if we cannot sit down and do something--next week?
I am checking with the people who have to do the work
before I make a promise.
Yes, next week would not be a problem at all.
Senator Sarbanes. Thank you, Mr. Chairman.
Chairman Shelby. Senator Dole.
Senator Dole. Mr. Chairman, as an alumnus of the FTC, I
take a great deal of interest in your testimony, which I find
very credible, because I know that these recommendations
represent a bipartisan consensus approach.
Now, currently, the Federal Trade Commission has four
Commissioners appointed by President Clinton, and then you, an
appointment of President Bush. Isn't that correct?
Chairman Muris. Yes, Senator.
Senator Dole. You are clear in your testimony the FTC
supports the permanent reauthorization of the Fair Credit
Reporting Act preemptions contained in the 1996 Act with some
modest amendments. Is this the unanimous position of all the
Commissioners?
Chairman Muris. Yes, it is.
Senator Dole. Mr. Chairman, do you agree with the statement
of Director Beales who stated earlier that affiliate sharing
assists in the prevention of identity theft?
Chairman Muris. Yes. Yes, I think that it is important that
financial institutions have access to more information than the
crooks have to stop the fraud. And in that sense, I think the
information is helpful.
Senator Dole. Inasmuch as affiliate sharing prevents
identity theft, would you agree, then, that affiliate sharing
leads to more accurate credit reports?
Chairman Muris. Yes, I would, and we do support it and
think that affiliate sharing is an important part of this
process.
Senator Dole. And while there is always room for
improvement, do you believe that the credit reporting agencies
are doing enough to ensure accurate credit reports?
Chairman Muris. We have had several opportunities to engage
in enforcement against the credit reporting agencies. That
process continues. We are their primary regulator. I think, you
know, with a rare misstep, which I think we have corrected, I
think that they have done a good job.
I do believe that some additional legislative protections,
particularly in terms of accuracy, which I have outlined, would
be helpful.
Senator Dole. In your prepared statement, you give the
example that if States are able to pass differing laws on
reinvestigation times, furnishers might determine that their
reinvestigation duties are too onerous and simply exit the
system. Do you believe the 30-day period in the Fair Credit
Reporting Act is the appropriate one?
Chairman Muris. Well, Senator, I do think the 30 days has
worked well, and I think there are a couple of important points
to make. The one that you are referring to about the voluntary
nature of the system and the furnishers' cooperation is very
important. And a second point is we have frequently brought
cases against scams that involve credit repair. And one of the
things that some of these scams tell you to do is to challenge
everything, ask for a reinvestigation on everything, with the
idea that maybe you can run out the clock. And if the period
was shortened particularly dramatically--I know some people
have proposed 15 days--I think that would be a serious problem
in terms of these scams.
Senator Dole. You also give an example in your prepared
statement as to the problems that may arise from shorter
obsolescence periods governing how long negative information
can continue to be reported. Do you believe the 7-year period
included in the Fair Credit Reporting Act is the appropriate
time period?
Chairman Muris. Well, I think the 7 years has worked well.
I have seen no reasons at all to change, and that is the basis
of our recommendation.
Senator Dole. Senator Dodd sent me a copy of a series of
articles that were written in the Hartford Courant, and this
detailed some very distressing charges of errors the paper says
have been built into the credit reporting system. One such
charge was that credit reporting agencies have the incentive to
put false information in a credit report because the potential
creditor is more likely to buy a report with more information
in it because they assume that it must be more accurate.
I find this hard to believe. Would you comment on that
charge?
Chairman Muris. I find that very hard to believe as well
Senator, and I am not aware of any evidence that this has
occurred. The credit bureaus are in the business of selling not
only information, but also accurate information, and that is
why I am surprised by that allegation.
Senator Dole. In your written testimony, you state that,
``Prescreened offers provide many benefits for consumers, and
can enhance competition, leading to greater credit
availability, better terms, and lower costs for consumers.''
Some of the witnesses in previous hearings have stated that
prescreened offers have one of the lowest rates of fraud. Do
you agree with this observation?
Chairman Muris. I do not think that there are systematic
problems in terms of fraud with prescreened offers. I have seen
evidence certainly consistent with the statement that you are
making. I think the prescreened system has worked well. I do
think that giving us the ability to make the opt out more
prominent and easier for consumers to use would be a useful
thing, and that is why we have recommended that.
Senator Dole. And I just want to make it clear for the
record. All of the Commissioners at the Federal Trade
Commission support the continuation of the prescreening
preemption, of course, with better disclosure for the opt out.
Chairman Muris. Yes, yes.
Senator Dole. What can Congress do to improve the accuracy
of information in credit reports?
Chairman Muris. I do think it would be helpful to implement
the proposals that we made. We do not have a monopoly on the
best way to approach this, of course, and I am certainly
looking forward to working with you.
And I just want to add on a personal note that it is a
pleasure to be working with you again after all these years.
The years have treated me a little worse than they have treated
you, but it is a pleasure to be working with you again,
Senator.
Senator Dole. Thanks very much.
My time has expired. Thank you, Mr. Chairman.
Chairman Shelby. Senator Corzine.
Senator Corzine. Thank you, Mr. Chairman.
I do not really know how to follow that up.
[Laughter.]
Let me see. The idea that you are going to give an
opportunity for a consumer who has an adverse notice is the
major response that you are suggesting--do I hear this
correctly--with regard to making sure that consumers are aware
of deterioration in their credit?
Chairman Muris. I think the key to the system that Senator
Proxmire set up is that the consumers are put on notice when
there is a problem, when they are denied a benefit because of
something in their credit report, and I think we can improve
that system.
Senator Corzine. But you are suggesting at the point of a
transaction, being turned down?
Chairman Muris. I think that for most consumers, that is
when they would care. Now, I do think that there are several
things that we propose that--if a consumer is really interested
in the absence of a transaction, I think we should make it
easier for them to get the information about their credit
report and about how the system works, and----
Senator Corzine. Secretary Snow's once-a-year credit report
and the detail in the way that Senator Sarbanes and others were
talking about--information that might have changed from year to
year, or adverse factors, so that individuals would know when
they are going to change jobs that they may have adverse
information in a credit report, or if they are contemplating
buying a car, they know that they are going to get a lower
credit score. I am presuming you are incorporating the once-a-
year----
Chairman Muris. Yes, sir.
Senator Corzine. And for the record, that is part of your
recommendations, not just a notification of an adverse factor
at the time of----
Chairman Muris. Oh, absolutely. We are proposing that they
be able to get the one free consumer report. We are proposing
that consumers have the option of receiving more information.
Now, I think it is important to add that it needs to be up
to the consumer. We are certainly not proposing a blanket
mailing to everyone of their consumer report. I am not
suggesting, and we do not suggest, that everybody needs to look
at their consumer report on a routine basis. That should be up
to the individual.
Senator Corzine. I just--and I guess this is a basic
philosophy issue--but an individual who is in contemplation of
buying a car, in contemplation of taking out a mortgage, or
accessing credit may be already dependent on having that
transaction take place, and if they are not aware of
deterioration in their credit, there can be serious
circumstances that are attributed to it. So, I am a little
troubled with that tension.
Chairman Muris. Well, I am not sure that there is a
tension. It is really up to the individual. If the individual
is particularly risk-averse, or if they have some reason to
believe there is a problem, we think it should be easier than
it is now for them to investigate.
On the other hand, I do not think--for a lot of people who
have not had any problems in their lives, they have a lot of
things to do with their lives, and I am not going to recommend
to such a person that they spend their precious time reading
and investigating their credit. But we want to make it easier
for the individual, and we particularly want to make it easier
at that crucial time if you are denied a benefit to get the
information.
Senator Corzine. One specific on that. I do not know if
other Senators feel this way, but I would like to understand in
practical terms, if you request a credit report on yourself,
what that would look like. What would the requirements actually
be that would be sent out by one of the reporting agencies so
that the practical elements of it are actually what we are
talking about?
Chairman Muris. Yes, that is an excellent question. Right
now, in some States, you can get them for free, and in other
places, you can buy them. We would be glad to work with you and
show you how that works.
Senator Corzine. I find it troubling that you have to buy
them.
Chairman Muris. And that is one of the reasons that, under
our recommendation, that would no longer be true.
Senator Corzine. I think that under Secretary Snow's, if
individuals knew they had the availability, they would put in
an annual request.
Chairman Muris. Well, in the States, again, it depends on
the consumer. In six States, they have that right, and more
exercise the right than if they had to pay for the report, but
obviously, it takes some time to digest and understand, and for
some people, that might not be worth their time, and I can
understand that.
Senator Corzine. Three other points, quickly. First, I
think that you just gave an absolute recommendation of
financial literacy ties to this.
Chairman Muris. Oh, absolutely.
Senator Corzine. That, without education, these things
are----
Chairman Shelby. Senator Corzine, our next hearing is going
to dwell on financial literacy.
Senator Corzine. Second, I think the identity theft issue
makes this even more important. Once you have been invaded as
an individual, the idea of whether this thing gets cleaned up
on an accuracy basis is one of the reasons we are introducing
the nature of the legislation, but I again go back to this
comprehensive nature.
And finally, I am really struck with the range of
statistical variation that Senator Bennett talked about and
others recognized, and I am not sure that I agree that it is
not worth the cost of having some kind of understanding of what
the nature of the problems are. Even though it is a big and
complicated system, having some readout on the nature and the
gradation of the nature of the problems--is it an ``S'' or an
``F'' or is it the kinds of things that come with identity
theft. I am a little troubled that we make policy decisions
when we are not sure what the nature of the problem is because
we are not accumulating all the data.
So, I will ask a simple question and then I will shut up.
What is the range? Are we closer to 0.2 percent, or 29 percent,
or 0.70 percent?
Senator Bennett. Not ``point''--70 percent.
Senator Corzine. Yes, yes. Excuse me.
Chairman Muris. I will say this--that the studies with the
higher numbers, I believe their methodology is seriously
flawed. I would be very surprised--and I do not know as much
about the methodology of the 0.2. The question which Senator
Bennett's ``F'' and ``S'' illustrates is the significance of
the benefits, which is again why I think it is so important to
expand the adverse action notice, and for those consumers who
want, even outside the context of a particular transaction, to
look at their credit report and understand the system. I think
we should increase that availability as well.
Senator Corzine. Thank you.
Chairman Shelby. Thank you, Senator Corzine.
Senator Bennett.
Senator Bennett. Thank you very much, Mr. Chairman.
Chairman Muris, have you or your staff looked into two
issues with respect to the free credit report--and let me say
right up front that I applaud the idea that someone should be
able to access their report at their own instigation, not only
when there is a notice of an adverse action--but have you
looked at two aspects of providing the free report--number one,
the cost, and number two, the opportunity for identity theft.
Let me tell you what I mean on the second one. We had, at
our last hearing, a passionate appeal for Congress to do
something--I am not quite sure what we could do--about
``dumpster diving.''
During the hearings on identity theft that I held when I
was Chairman of the Subcommittee that dealt with this, we were
told that one of the standard ways of people who went after
identity theft in a serious fashion was to steal mail. They
would hope they would find in the mail a credit card. If they
did not find in the mail a credit card, they would hope they
would find a bank statement or some other document that would
give them information about some individual whose identity they
could then steal.
Isn't there a possibility that some clever criminal listens
to all this and says, ``Boy, this is terrific; I am going to
request the free credit report for Robert S. Bennett''----
Senator Schumer. How about Robert F. Bennett?
Senator Bennett. --I will do that, too, and I will do
Charles Schumer, and I will do John Corzine and all the rest of
it--and see what I get, and particularly if there is a flood of
these coming in, and you talk about errors, and a flood of mail
coming back, is there a possibility that in our effort to
prevent identity theft, we facilitate it?
Chairman Muris. Well, a couple of responses to that, and
particularly to the last point. The CRA's right now require
various steps to make sure it is the right person. If you are a
successful criminal, if this tactic really worked, I am not
sure the $9 that it costs now would be much of a deterrent.
Obviously, it is $9 more than free.
Senator Bennett. I will get back to cost in a minute. I am
not talking about the cost right now.
Chairman Muris. No. But I am saying that if this is a way
to engage in identity theft, you can do it now for $9 per
credit report.
Senator Bennett. I see.
Chairman Muris. I do think that identity theft is a serious
problem--a very serious problem. I know that you had a hearing
on it; FTC Bureau of Consumer Protection Director Howard Beales
testified. Many of our proposals deal with identity theft. We
are going to release a survey sometime this summer about the
incidence of identity theft, and we are still trying to digest
those numbers now. But I do not think this proposal, based on
the experience that we have seen just in the small number of
States that allow free reports and the experience with the $9
now, has been a major source of identity theft.
Senator Bennett. Okay. I have discussed this with the
industry, and they tell me that if the request is made online--
if this is an Internet request--they are almost certain that
they can prevent anybody from requesting this information. If
it is mailed out, they say the chance of somebody getting the
information and using it improperly is substantially better.
So, I would like to pursue in the legislation, Mr.
Chairman, the whole question of how the report--if we are
indeed going to see a significant rise in requests for
reports--is formed. I do not know if we can absolutely insist
that it always be an electronic request and an electronic
response, but that, I am told, is far more secure than
responding in the mail.
Now, back to this issue of cost. I am not talking about the
cost to the consumer. I am talking about the cost to the credit
bureau.
Chairman Muris. I understand.
Senator Bennett. And the question arises--do we have any
statistics as to how more requests they will get, how much
additional costs they will incur, and life being what it is,
therefore, costs that will be ultimately passed on to the
consumer?
Chairman Muris. You are absolutely correct that the costs
will be passed on. From various parts of the industry, I have
heard two different estimates of the costs in the handful of
States that allow it now. One is that not very many more people
requested free reports. Another is that a significant increase
off a very small base requested reports. And I do think it is
important--and this may be somewhat of a tension in the
previous questions--I personally would oppose something that
really pushed people to look at their credit reports unless
they had some reason--if they were very risk-averse, were about
to enter an important transaction, or they had some particular
suspicion about their report.
Most people do not look at their credit reports. Most
people have good credit. I think it should obviously be the
choice of the consumer, but we should not encourage or frighten
people to do something that is not necessarily in their
interest.
Senator Bennett. Thank you.
Thank you, Mr. Chairman.
Chairman Shelby. Senator Schumer.
Senator Schumer. Thank you, Mr. Chairman.
I want to thank you, Mr. Muris, for always being available
to this Committee and for your forthright answers.
I would like to focus on the legislation that Senator
Allard and I talked about earlier today. First--and I know you
have not seen it; we just dropped it in yesterday, so you
probably have not seen the details--but what do you think of
the general concept?
Chairman Muris. We support the concept of giving people
information, the right to a free credit report, information on
how the credit scoring system works, certainly having a credit
score. I think it is important to understand there is no one
``the credit score,'' so I am hoping you have some flexibility.
I am a little bit concerned--we do antitrust and
competition--this is an industry with not very many players,
and I would not want to do anything inadvertently that gave one
player an advantage. I do not think you would do this or are
proposing to do this, but if somebody wanted to say one kind of
credit score was more preferable than another, that would cause
us problems.
Senator Schumer. But all we do is allow people to see how
they got the credit score from that particular agency. It is
obviously the bank or whoever is hiring the company that is
going to----
Chairman Muris. Sure. That is fine.
Senator Schumer. We do not want to determine what the
credit score should be.
Chairman Muris. But there are different kinds of credit
scores. That is all I am saying.
Senator Schumer. No question, no question. But we are not
going to mandate how you create a credit score. We just want
people to know--right now, they give you your score, and that
is it. So it is like saying you flunked, or you got a ``D,'' or
you got a ``B,'' and you ask which questions did I get right,
and which questions did I get wrong, and they say, ``We cannot
tell you.'' That is the frustration that people feel.
Chairman Muris. Yes. You can certainly get more detailed
information in terms of adverse actions already now, but we
think that that should be available more widely; it should be
available without cost, and if that is the concept of your
bill, then that is certainly completely consistent with what we
are proposing.
Senator Schumer. Well, I had a lot of other questions in
case you said ``No,'' but you said ``Yes,'' so I will yield
back my time. I know we have a vote, so my colleague can
proceed.
Chairman Shelby. Senator Allard.
Senator Allard. Thank you.
I want to delve a little bit into enforcement. Sometimes
constituents have contacted me when they have had problems with
jurisdictional issues concerning the enforcement of fraud. For
example, the victim may live in one State, and the act occurred
at a retail store in another State, and both enforcement
agencies say it is the others' responsibility.
My question to you is what enforcement actions are at your
disposal, and how often have you exercised that authority?
Chairman Muris. Well, we certainly engage in a wide variety
of enforcement, and we have enforcement, obviously, interstate,
and when it comes to fraud, that is particularly the mainstay
of what we do.
Because more and more problems are international, and we
have a proposal before the Congress, which has passed the
Commerce Committee as part of the FTC reauthorization, to
approve our ability to deal with cross-border fraud.
In terms of the credit reporting agencies, we are their
primary regulator and, as I have mentioned, from time to time
over the years, we have brought cases against them, including
very recently.
Senator Allard. How would you bring a case against a
reporting agency, because this is an enforcement problem. It
may come to light because it went through the Agency, so the
Agency tells you to contact the local law enforcement in each
State. When the State refuses to take action--what alternative
does that individual have?
Chairman Muris. One of the ways which we have recently--and
this is still an ongoing issue in some ways--dealt with the
credit reporting agencies is making sure that they are
answering the phones. They are supposed to have a process that
consumers can reasonably use to deal with problems on their
credit report.
Obviously, if you are talking about some kind of fraud or
problem with a credit card company, or if there is a dispute
about a bill, that is not the responsibility of the credit
reporting agencies. We also enforce the Fair Credit Billing
Act, which provides procedures for dealing with those disputes.
In terms of fraud, I mentioned with Senator Dole the credit
repair scams. We have brought a large number of those cases. We
have recently seen people--you know, when money is involved and
financial information is involved, there is a lot of
opportunity for scams. There are people online right now who
are scamming people, trying to get sensitive information from
them, and it is to misuse the information, and we have a lot of
those investigations and have brought a lot of those cases.
Senator Allard. So you have the capability to investigate
and to prosecute?
Chairman Muris. Absolutely.
Senator Allard. How often have you exercised that
authority?
Chairman Muris. Let me just give you one statistic. In
terms of telemarketing fraud, for example--we were talking
about the telemarketing issue--between the FTC and the States
in the 8 years or so of the Telemarketing Sales Rule, there
have been over 1,000 cases. When consumers are ripped off--and
fraud is the worst example--that is the mainstay of what we do,
and many more of our resources go there than anyplace else.
Senator Allard. One other question just to follow up on
Senator Schumer's line of questioning--he did not ask if you
believe that the credit scores should be provided free of
charge?
Chairman Muris. Yes, yes. Again, it is not just the score,
but we believe that people should be able to get their report,
they should be able to get an explanation----
Senator Allard. What goes into it, right.
Chairman Muris. Right, how the system works.
Senator Allard. Do you think that whole report should be
provided?
Chairman Muris. Right, and I think that is more important,
quite frankly, than the score itself. The steps that you can
take to improve--these scores can be confusing since different
people use different systems.
Senator Allard. Thank you, Mr. Chairman.
Chairman Shelby. Senator Sununu.
Senator Sununu. Thank you, Mr. Chairman.
Chairman Muris, I want to talk a little bit more
specifically about access to free reports, and I apologize for
being the last questioner, so you might have touched on some of
this already.
Currently, consumers can get access to a free credit report
if they are denied credit. What is the percentage of consumers
that have been denied credit who actually take advantage of the
opportunity for a free report?
Chairman Muris. You know, I do not know that number. Even
my experts do not know that number, but we would be glad to try
to get you something.
Chairman Shelby. Can you do that--find out for the record
and furnish that to us?
Chairman Muris. Sure. Yes, sir.
Senator Sununu. That would be good. It would seem to me to
be a pretty important figure, especially if ensuring full
access for everyone to free credit reports is part of the
proposal, because if it is 10 million people getting free
credit reports, and it is costing a tremendous amount of money,
then obviously, we would want to at least give some extra
consideration----
Chairman Muris. The number of people who seek free credit
reports even in areas where they are allowed to get free credit
reports does not appear to be, percentage-wise, a large number.
Senator Sununu. Which brings me to my next question. There
are six States that allow that, correct?
Chairman Muris. I think that is right.
Senator Sununu. What are those States, or what is the
largest of those States, and what are the take-up rates for
those States that allow free credit reports?
Chairman Muris. The more recent evidence that we have
received is that people--somewhere around double. It was a
fairly small number.
Georgia, Massachusetts, Colorado, and Vermont, I am told. I
received a statistic yesterday it was somewhere in the
neighborhood of--I think it was Colorado--it was something like
100,000 reports.
Senator Sununu. Okay. I would appreciate it if you could go
ahead and provide that information for those six States that
allow full access to credit reports and the number of credit
reports that are provided to those consumers who do not have a
problem.
Chairman Muris. Right, and the number that sticks in my
head, and I think it was for Colorado, even with free reports,
was something under a couple of hundred thousand a year.
Senator Bennett. Do you want the numbers?
Chairman Muris. Yes. Do you have the numbers?
Senator Bennett. I have them, yes.
Chairman Muris. Okay.
Senator Bennett. New Jersey, 2.37 percent, which is a 35
percent increase over the national average of 1.7 percent;
Massachusetts, 2.21 percent, a 25 percent increase over the
national average; Maryland, 5.53 percent, a 204 percent
increase over the national average--Senator Sarbanes'
constituents are more curious; Georgia, 6.14 percent, a 250
percent increase over the national average; and Colorado, 4.45
percent, or a 153 percent increase over the national average.
So the average increase for all of these States is 144
percent. So you are operating off of a small base. The national
average is 1.76 percent, and it goes up to 4 or 5 percent in
the highest.
Senator Sununu. And I would simply appreciate it if you
could verify those numbers, and Mr. Chairman, if we could
include the numbers in the record
Chairman Shelby. Absolutely.
Senator Sununu. And I would ask a question of my colleague,
which is how can there be a national average if there is not a
uniform requirement that people have access to their credit
reports.
Senator Bennett. Well, by ``national average,'' that means
the national average of people who get reports when there is an
adverse action.
Senator Sununu. So it is 20, 50, or 250 percent more than
the percentage that take advantage when there is an adverse
action.
Senator Bennett. That is right.
Chairman Muris. And again, the absolute numbers are not
very large. But one thing that is interesting is I suspect,
Senator Bennett--and I do not know for sure whether we are
getting numbers from the same sources, and they do not
completely agree, but we will figure out whatever the
discrepancy is.
Senator Sununu. I would appreciate the best possible
numbers being provided to the Committee.
Senator Bennett. These are the numbers from a single credit
bureau.
Chairman Muris. A single credit bureau, okay. We have them
from the three.
Senator Sununu. How many of the three major credit bureaus
provide information about scoring methodology on their credit
reports now?
Chairman Muris. I believe that you can get information from
all of them.
Senator Sununu. I am sure you can get information from all
of them----
Chairman Shelby. Do you believe it, or do you know it?
Senator Sununu. --but is it provided----
Chairman Shelby. Will you furnish that for the record?
Chairman Muris. Yes. My understanding is that they do that,
but I will double-check to make sure.
Senator Sununu. And being able to get information if you
ask for specific information is one thing; being given
information in conjunction with your credit report is another.
Chairman Muris. Correct. And my understanding again is that
you get that information, but I will verify that.
Senator Sununu. A final question. I think one of the most
frustrating that I have seen, both seen personally and heard
about, is when a consumer addresses a problem in their credit
report, a piece of inaccurate information, and they deal with
this issue, and then it comes back, and the next time they are
dealing with a credit report, it is back on there, and then
they call and fix it again, and then it is back on there again.
What, if anything, is the FTC doing to try to address or
alleviate this problem?
Chairman Muris. We have taken several steps. There is on
occasion a situation where the consumer and the creditor simply
disagree. There are also private rights of action available,
and there is something of a cottage industry involved in these
sorts of cases. But we have, in the aggregate, been worried
over the years and have taken steps, including suing the
companies to make sure that their complaint resolution process
provides the kinds of reasonable procedures that the law
requires.
Senator Sununu. Is it your perception that where private
right of action or other enforcement mechanisms--penalties,
fines, what-have-you--exist, are they substantive enough and
appropriate to actually discourage the activity, and if not,
where are they short?
Chairman Muris. Well, you have two different levels of
issues here. One is between the consumer and the creditor, and
the other is the credit reporting agency. In terms of the
latter, we are not recommending as a Commission, and I
certainly would not recommend personally, any change in the
remedial structure.
In terms of the former, although I have not focused on it
particularly for this hearing, I am not aware of any systematic
problems. Obviously, in a system where you have 2 billion
transactions a month going to the credit reporting agencies, it
would be shocking if you could not find examples of mistakes,
and mistakes that are hard to correct.
I do believe that the incentives of the system are good,
and I also believe they can be improved some, which is the
basis of our recommendations.
Senator Sununu. Thank you very much.
Thank you, Mr. Chairman.
Chairman Shelby. Thank you.
Mr. Chairman, maybe I misheard you a few minutes ago. I
believe you were answering Senator Corzine's observation or
question. But you said you would oppose one--for example,
myself--wanting to look at my credit report? Did I mishear you?
Chairman Muris. No. What I would oppose is you requiring a
mass mailing to everyone of their credit reports.
Chairman Shelby. Oh, okay. I am glad you corrected that.
You are talking about a mass mailing without it being
requested.
Chairman Muris. Right, right.
Chairman Shelby. Okay.
Chairman Muris. And I am saying I can understand if Senator
Corzine wants to look at his credit report a lot; I can
understand that. I can understand if Senator Bennett or
somebody else does not. And I think it should be at the--
Chairman Shelby. Yes. But just a mass mailing--we do not
have mass mailings by the States now, do we?
Chairman Muris. No, no, no.
Chairman Shelby. Okay. I am glad you corrected that. That
was bothering me, because after these hearings that we have
been holding for the record, gosh, I have just ordered a credit
report on myself. I do not intend to borrow any money today or
buy something, but maybe tomorrow--and with identity theft and
the horror stories, I am going to look at my credit report and
see how accurate it is. I had not thought about it before these
hearings, but----
Senator Bennett. I am afraid to look at mine.
Chairman Shelby. Oh, I might be afraid, but I think it
might be smart, especially if you are contemplating buying
something, because of this.
Let me see if I am right in this from what I have heard
from the record over a series of hearings. Let us say, Mr.
Chairman, that I apply for a loan that is advertised at 5
percent on a house for 30 years, or whatever it is, 5\1/4\, and
they run a credit check on me, and they come back and say,
``You do not qualify for that, but I am making you a
counteroffer. I will make you a counteroffer for 6\3/4\ or 7\1/
4\.'' And I am desperate for the money--like everyone, time is
of the essence--so I say okay, I will take it, because the
payments are dragged out. But I still do not know what is in
the credit report, because they have made a counteroffer to me,
as I understand it now, that may have deemed my credit score to
be lower than ordinary. And the ordinary person--gosh, I would
not have known anything about the scoring of credit until we
had these hearings--you know they do not know what that is
based on. The average American citizen would not know.
That is why we are going to have our next hearing on
financial literacy, which I think is important.
Chairman Muris. Oh, absolutely, I agree.
Chairman Shelby. So, I guess what bothers me some is that
by making a counteroffer to me, they do not have to disclose
what is in my--or, give me a copy of my--credit report. Now, if
they turn me down--in other words, they are not turning me
down; they are just making me a counteroffer--that bothers me.
Chairman Muris. I agree, and that is why we think in that--
Chairman Shelby. How do we work around that somehow?
Chairman Muris. We have recommended that you change the law
so in that situation, they need to get an adverse action
notice.
Chairman Shelby. Okay. You see where I am coming from.
Chairman Muris. Oh, absolutely, absolutely.
Chairman Shelby. We had the horror story of the young man
that Senator Dodd talked about, the young army captain, and his
life has been ruined because of identity theft and everything
that goes with it.
Chairman Muris. Look, I completely agree about the horrors
of identity theft. We spend a lot of time working on identity
theft. I think this system is ingenious, and because of the
adverse action notice, because of the risk-based pricing that
you are talking about, there has developed a large situation
which did not exist when the statute was passed, and we need to
fix that.
I personally have a less risk-averse attitude about looking
at consumer reports--until I went through the confirmation
process, when it turned out there was a wrong address in my
credit report which was not relevant for credit, but it was
relevant for my confirmation. That was the first time I had
ever looked at it. And I think that is a fine rule for me, and
if somebody else wants to have a different rule of their life
and spend more of their precious time reading their credit
report, I think they should be able to do that.
Chairman Shelby. I want to ask these questions for the
record, because we are going to have votes, and we are going to
have another panel, quickly. And you can do it, Mr. Chairman,
for the record, as soon as you can.
Chairman Muris. Yes, sir.
Chairman Shelby. Do you believe the consumer has the
ultimate responsibility for ensuring his or her credit report
is accurate?
Would providing consumers access to free credit reports
enable them to be more proactive in ensuring accuracy?
Doesn't greater accuracy ultimately benefit consumers, the
credit reporting agencies, and credit providers--all of them.
Do you consider a consumer credit report that contains
incomplete information to be accurate?
What is your understanding as to the efforts credit bureaus
make to get furnishers to provide full-file reporting? I
believe this was brought up earlier today--in other words, not
to game the system and so forth.
What incentives are there for furnishers to withhold
information that we have read about at times?
Do you think that the average consumer understands that
they can suffer negative consequences because a firm they have
a credit relationship with decides to--yes--underreport
information regarding their credit history? Do you think they
should be made aware of the underreporting activities of these
companies?
These questions we are interested in getting to.
Chairman Muris. We would be glad to answer those.
Chairman Shelby. At the end of the day and at the end of
these hearings, which we are hoping to get to, we are
interested in accuracy--which is very important on both sides
of the aisle to everybody--because we should do everything to
have the credit report accurate, because accuracy depends on
money, doesn't it, and the cost, among other things.
So, we are going to be working with you on this, and we
appreciate your appearance here today.
Chairman Muris. Thank you very much.
Chairman Shelby. Thank you.
Senator Bennett.
Senator Bennett. The bells have not gone off for the votes
yet, and I would just like a quick second round as well.
I have been denied credit because of a credit report, and
the credit report was entirely accurate. I have had some rough
patches in my life where I have missed some payments and all
the rest, and that is the only time I have seen my credit
report. And yes, there were some errors in it, and frankly,
there was difficulty getting them cleared up.
But that was 20 years ago, and I have the feeling now that
things are a whole lot better than they were because the
bureaus understand that their livelihoods depend upon their
being accurate. There was almost an adversarial relationship
when I got involved in my situation. They did not care whether
it was accurate or not; they were just selling it. And I think
that the culture has changed rather dramatically from that time
until now.
I am a little concerned about the score, because I think we
have a sense that the score is an absolute number. That is, it
is an ``A,'' ``B,'' ``C,'' ``D,'' ``E,'' or ``F,'' and
everybody knows what that means. I think the score is a guess
from the credit bureau, and then the credit grantor puts his
own score, based on his analysis, and marries it to the score,
and pretty soon you have scores on top of scores, and it is not
an ``A,'' ``B,'' ``C,'' ``D,'' ``E,'' or ``F;'' it is a
reasoned judgment on the part of the grantor. And we may be
opening the door of trying to turn something into an automatic,
``Yes, I have a right because your score is 73, and 73 is a
good enough score that I have a right to this credit.''
And the credit grantor says, ``I do not care what the
bureau score is. I have looked at the report, and I have put a
different score on it, and I have put a different weighting
here, and I am not going to give you the credit.''
``Oh, you have an obligation to give me the credit, and I
will be back to Congress saying as long as I get a score that
is above 65, I deserve this, that, and the other.''
Is that concern well-placed on my part, or am I seeing
demons here that do not really exist?
Chairman Muris. Well, there are several different issues,
Senator, and I would certainly be concerned with a fixation on
the number and the score, because different companies use
different models and different predictions, and if the
information were presented to consumers in a way that
overemphasized the number and overemphasized the importance and
underemphasized the explanation of how the system works and,
most important, we need to provide people with information
about how to maintain good credit.
So, I can see some misuses, probably unintended, in how we
present that information. I think we have got to be careful in
how we present it, and we would certainly be glad to work with
you.
But if we are going to provide people information about
their credit report and how the system works, it seems odd to
me that we would withhold the score. There is no one score, of
course, but I think it is important, very important, crucially
important, that we not overemphasize the significance of the
number, and that we put the thing in context.
Senator Bennett. Okay. We are on the same page here,
because we all want the consumer to be able to get accurate
information and complete transparency. My concern is that if we
focus on the score, we run the risk of distorting the
information so that the consumer then starts to argue, as I
said, that he has rights. And this is a guess--the score is an
estimate--and if we surround the score with the kinds of
caveats that you have talked about, I get a little less
concerned about revealing it to----
Chairman Muris. We certainly do not want to encourage
people to spend a lot of their time correcting ``S's'' and
``F's''--unless it has some particular consequence, which it
may--given the last name ``Bennett,'' there could be confusion
between two people.
Senator Bennett. Thank you.
Chairman Shelby. Senator Sarbanes.
Senator Sarbanes. Chairman Muris, there has been enough
testimony. There are real problems that exist, and the FTC has
got to step up to this challenge, and we are looking for you
all to do that. I think it is imperative that that be the case.
I just want to leave you with that observation, that is all--I
am not seeking an answer--well, the answer I am seeking would
be in your actions.
Chairman Shelby. Absolutely.
Mr. Chairman, we thank you for coming.
I am now going to introduce the second panel before we
start our votes. We apologize for the length of the hearing,
but I think it is very, very important.
Chairman Shelby. Our second panel will consist of Mr.
Stephen Brobeck, Executive Director, Consumer Federation of
America; Mr. Stuart Pratt, President and Chief Operating
Officer, Consumer Data Industry Association; Mr. Richard
LeFebvre, President and Chief Executive Officer, AAA American
Credit Bureau; Mr. David Jokinen, a consumer witness; and Mr.
Evan Hendricks, Editor of Privacy Times, which Senator Sarbanes
alluded to earlier.
We appreciate all of you appearing today. Your written
testimony will be made part of the hearing record in its
entirety, and if you could sum up your best points quickly, we
would appreciate it.
Mr. Brobeck, we will start with you.

STATEMENT OF STEPHEN BROBECK

EXECUTIVE DIRECTOR, CONSUMER FEDERATION OF AMERICA

Mr. Brobeck. Thank you, Chairman Shelby, Senator Sarbanes,
and Members of the Committee.
My name is Stephen Brobeck, and I am Executive Director of
the Consumer Federation of America. We very much appreciate the
opportunity to give testimony about the need for the Fair
Credit Reporting Act to ensure accurate credit report
information.
Let me begin by saying that considering the challenges it
faces, our credit reporting system functions relatively well.
These challenges include keeping track of billions of important
changes in the credit histories of nearly 200 million
Americans, and doing so when the furnishing of information by
lenders is voluntary.
Yet these challenges have to be met because of the growing
influence of this information and the related credit scores.
Increasingly, these credit scores determine whether a consumer
can purchase a mortgage loan, a consumer loan, auto insurance,
homeowners
insurance, a rental unit and utilities, and at what price; and
increasingly, these scores influence whether Americans can
obtain and retain a job.
As well as being secure, credit report information and
scores must be accurate. This is especially important for those
millions of consumers near availability and pricing points. For
those individuals, relatively small errors can mean the
difference, for example, between credit offers and denials and
between prime and subprime loans.
Our research, for example, estimated that millions of
Americans who should qualify for conventional mortgages are,
because of inaccuracies, offered subprime mortgages instead.
Here, it is important to stress that errors of omission can
be just as damaging to consumers as are errors of commission.
If credit files, for example, do not include a credit account
in good standing or even just the related credit limit, the
loss of points could be just as great as if the file included
an erroneous 30-day delinquency.
So what evidence do we have of the accuracy of the
information in credit files? There are really two methods of
usefully assessing accuracy. The first is observing consumer
complaint behavior or surveying their experience. While useful
in assessing consumer satisfaction, this method is not always
reliable in assessing accuracy because of consumer lack of
knowledge or inertia. The absence of consumer complaints, or
even perception of credit report accuracy, could reflect
numerous factors including lack of understanding of how to
access or understand credit report information such as credit
limits, or how to correct any inaccuracies.
The second method is independent evaluation of the credit
report information. An assessment by Government agencies or
nonprofit organizations represents the most objective, unbiased
type of evaluation. While these groups usually lack access to
the credit files, during the past year, both the Federal
Reserve Board and the Consumer Federation of America, in
cooperation with an industry group, the National Credit
Reporting Association, were able to assess the accuracy of
information in many credit files.
The Fed studied nearly 250,000 credit files from a single
national repository, while CFA compared the scores from all
three major repositories, reviewed more than 1,700 files in
three regions of the country, and examined in great detail
consistencies and inconsistencies in 51 representative files
containing information from the three repositories.
The findings of the two studies are generally consistent.
Most important, both concluded that there was important
information missing from many files that unfairly lowered
credit scores. The Fed found, for example, that more than two-
thirds of the files it studied contained at least one revolving
account that did not include information about the credit
limit. This error of omission prevents a determination of the
level of credit utilization which would lower a consumer's
credit score.
After the industry provided a newer dataset, the Fed still
found that the files of about one-third of people with a
revolving account failed to include information about the
credit limit.
In addition, the Fed cited evidence that some creditors
report only derogatory information. The CFA study also
discovered the absence of much positive information from many
files. The principal reason for the frequently wide variance in
credit scores among the three repositories, which for 4 percent
of consumers studied was greater than 100 points, was
significant differences in the information contained in the
three files.
Errors of omission tending to lower credit scores included
the failure to report credit limits on revolving accounts,
revolving accounts in good standing, and mortgage accounts with
no late payments.
Less frequent errors of commission that we did detect,
however, included the inclusion of an account not belonging to
the consumer, a false collection, or a false indication of
bankruptcy.
One way that lenders minimize the risk of using inaccurate
information in credit files is to use only the middle credit
score provided by the three repositories. But in general, only
first mortgage lenders consider all three credit scores.
Usually second mortgage lenders, consumer lenders, insurers,
and others use the scores of only one repository.
If these scores tracked median scores, potential biases
would be minimized--but they do not. The scores of one
repository are far more variable than are the median scores of
the three major repositories, and in addition, even the median
scores reflect errors of omission and commission that could
result in the unfair denial or overpricing of credit or some
other important services.
I have exhausted my time so I will save my recommendations
for responses to your questions.
Thank you.
Chairman Shelby. Thank you so much.
Mr. Pratt.

STATEMENT OF STUART K. PRATT

PRESIDENT AND CHIEF OPERATING OFFICER

CONSUMER DATA INDUSTRY ASSOCIATION

Mr. Pratt. Chairman Shelby, Senator Sarbanes, and Members
of the Committee, thank you for this opportunity to appear
before you again. I guess I am trying to compete with Mr.
Beales in terms of how many times I get to come back.
Chairman Shelby. We will probably get you back again if you
will come.
Mr. Pratt. Thank you, sir.
We are the Consumer Data Industry Association, and for the
record, I am Stuart Pratt, President and CEO of that
organization, and we do commend you for holding this hearing on
accuracy. Accuracy is the lifeblood of how the credit reporting
system works, and I thought, Mr. Chairman, that what you said
in the beginning was right on--the law says that maintaining an
accurate credit reporting system benefits everyone, and in
fact, I think Senator Johnson said the same thing in his
opening remarks.
Accuracy is dealt with in the law in a couple of ways. We
have heard about that. Consumer reporting agencies have to have
reasonable procedure to assure maximum possible accuracy. In
1996, data furnishers were included under the law for the first
time, and they were also given an accuracy standard by which
they must live.
The marketplace drives accuracy for us, and it is one means
by which we can try to measure the general success of consumer
reporting. We have a better credit market than ever before, and
we have safety and soundness well in hand, I think, and those
are certainly good metrics, I think, by which to measure the
general performance of the consumer reporting system in this
country.
The marketplace also drives the consumer reporting agencies
to compete on accuracy. This is what lenders do. They look at
us carefully, and they expect us to produce accurate reports,
and they expect us to produce reports that will allow them in
turn to allow the consumer to drive off the car lot with a car
with nothing more than, really, a promise and the consumer
report.
There is no doubt that ``accuracy'' is a tough term to
define. I think we circled around that a little bit in some of
the previous testimony. For example, inaccuracy is, as Mr.
Brobeck testified, missing information, or at least that is a
term that has been applied to it.
I think it is a good time to remind all of us that in fact
the consumer reporting system is voluntary. We cannot compel
any lender in the country to report information. So, of course,
while we do have data acquisition people out there every day of
the week trying to convince every lender in the country or
every furnisher to report to that particular consumer reporting
system, there is no doubt that there will be some missing
information because a small lender may just choose not to
report to any or may just choose to report to the one with
which they are most familiar, and that can happen in the
marketplace.
There is also no doubt that some consumers, because of how
calibrated the decisions become with scoring, desire their file
to be almost instantaneously updated so that if they wrote a
check in a given month and paid down a balance, they would love
for that balance to be immediately reported to the bureau. Most
lenders report on a 30-day cycle. It is voluntary. The three
bureaus cannot force a lender to report on a more frequent
cycle. So the file is accurate as of the date reported, but may
not be accurate in the eyes of the consumer, who says, ``Well,
my gosh, I paid something down.''
There are times when consumers misunderstand divorce
decrees, there are times when consumers misunderstand how a
court may make a decision about whether or not a contractual
credit obligation is severable or not, and we do run into those
sorts of perception issues with consumers and actually spent
quite a bit of time with consumers on the phone when we look at
their files, and they are looking at their files, talking to
them about that. And there are times when consumers at the end
of the day will say, ``You know, I guess that is right. That is
how the law works. I may not be happy about how that law
worked, but you are right in terms of my file; the information
is accurate.''
We have tried to put some contexts that are more metrics-
driven than all of this. For example, let us just set up a
larger context. Two billion files are sold every year in this
country, and interestingly enough, about 2 billion updates are
reported to the credit reporting systems. There are 200 million
consumer files in each of the nationwide consumer credit
reporting agencies, and there are 30,000 data furnishers
providing data into this system.
Every year, about 16 million consumers obtain their file
disclosure from the consumer reporting systems. That is the
aggregate number for all three. That is their right under the
law, and about 95 percent of those are free-of-charge. That is
about eight-tenths of 1 percent of all files sold in the
marketplace when you take that 16 million and put it into the
context of how many files were sold.
We do try to look at how consumers review their files.
Sixteen million look at it every year. A little more than half
those consumers never call us back. Our full statement for the
record includes the fact that when you look at smaller
populations, sometimes the contact rate--not the dispute rate,
but the contact rate--is about 5 or 10 percent, which means
that about 90 or 95 percent of the consumers who looked at
these sets of files, as far as we can tell, thought that they
were working well.
We did look at the marketplace, in closing, and we asked
some of our resellers, who are also members of the CDIA, to
take a look at the mortgage marketplace. So, we had a review of
about 189 merged reports--that is over 500 consumer in-files
from the three national systems--and out of that, we asked them
to identify when were they updated information to make sure it
was as current as possible, and when was the data just
absolutely wrong, and it was wrong as of the date reported.
About 1 percent of the time, the data was wrong, at least in
this study, and about 32 percent of the time, they were
updating something in the record.
I see my time has expired, and I appreciate the opportunity
to be here and would be happy to answer any questions.
Chairman Shelby. Thank you, Mr. Pratt.
Mr. LeFebvre.

STATEMENT OF RICHARD F. LeFEBVRE

PRESIDENT AND CHIEF EXECUTIVE OFFICER

AAA AMERICAN CREDIT BUREAU, INC.

Mr. LeFebvre. Good afternoon, Chairman Shelby, Ranking
Member Sarbanes, and distinguished Members of the Committee.
My name is Richard LeFebvre, and I am President of AAA
American Credit Bureau, a CRA reseller of consumer reports. I
thank you for the opportunity to testify before you today on an
issue that is fundamentally important to the American economy,
as well as to individual Americans.
The FCRA is a consumer statute--not an industry statute, as
some would like you to believe. We are here to discuss
accuracy, but first we have to define what an error is. An
error is any misleading, incomplete, and/or outdated data which
fails to convey the full and true picture of the consumer's
credit reputation, credit risk, and creditworthiness.
Accuracy comes in three facets--first, accuracy at the
national repository level; second, at the CRA reseller level;
and third, at the user level. This is explained in my prepared
statement.
Let me define rescoring. Rescoring is not credit repair. In
a nutshell, rescoring is the updating of credit information
that is in error, for a very large fee. This is not meant to
say that all reports have inaccuracies and significantly reduce
credit scores and increase credit risk.
On repository error rates, the CFA/NCRA study, and a study
that AAA conducted in 1999 through 2000 confirmed what we all
knew. Please remember that these two studies only cover
comparing data under 1681(e)(b) and not under 1681(i)
reinvestigation. So the numbers would more likely be higher if
a true reinvestigation were done.
Industry will attack the study, but just remember that the
two studies were conducted on consumers who were involved in a
mortgage process, which many times is the better credit risk
consumer.
It astonishes me to this day how the same credit furnisher
can report different information about the same account to all
three repositories, but it is the common problem. Perhaps it is
a ``Tower of Babel'' problem. CRA resellers stop performing.
CRA resellers are supposed to follow reasonable procedures to
assure maximum possible accuracy. This means that if any
reseller sees differences in the reporting, they must verify
the accuracy with the furnisher of the information to assure
maximum possible accuracy. The reseller is now on notice that
he cannot rely on the data coming from the repositories. The
bar is raised to even a higher standard the minute the consumer
disputes for a reinvestigation. The users of both GSE's must
stop preventing CRA resellers from doing their duty under the
FCRA. If not, consumers do not get the benefit of the bargain
or the protection of the FCRA. If the FCRA requires CRA
resellers to perform, but Fannie Mae and Freddie Mac will not
accept that performance through their AU systems, then the FCRA
is being undermined every day.
Consumers cannot fight what they cannot see, and by not
allowing transparency for consumers during the mortgage process
by disclosing copies of their consumer reports, credit reports,
and/or adverse action notices, we truly do not have
transparency, at least on behalf of all consumers.
Efficiencies in processing applications and increasing
sophistication in credit underwriting rules should not be
mistaken for assuring maximum possible accuracy. Indeed,
automated systems must not be allowed to interfere with these
requirements of the FCRA and/or the opportunity of consumers to
dispute.
For example, Mr. Smith applies to buy a home, puts into
escrow his entire life savings as a nonrefundable deposit, as
required in most real estate transactions. He knew when he
checked his credit report 6 months ago that it was great; but
now he finds out he is a victim of identity theft, fraud, or
inaccuracies. This is where many times, consumers find out for
the first time they are victims.
He calls ABC reseller, who is prohibited from helping him
under H.R. 2622, or currently in any AU system. This changes
the FCRA and the FTC's consent order with Credco. So the
consumer is faced with two options--first, walk away from the
property he selected and lose his deposit because the real
estate contracts do not allow refunds unless you have been
turned down; or, second, he would take the subprime A-minus
loan, which changes the rate considerably, the terms may
require more down payment and may even include a prepayment
penalty.
This is a decision that consumers should not have to face
when buying a home, which is many times the largest consumer
purchase, their life savings and their future financial nest
egg.
Does the consumer deserve adverse action in this example?
Yes.
In closing, inaccuracy leads to higher rates and terms. It
also leads to increased credit risk for new lenders, lowering
consumers' creditworthiness, credit reputation, and harming the
consumer and the lender who lost the chance to do a good loan.
Lenders, the GSE's, and the repositories are taking away
consumer choice because they are forcing consumers to check
their credit files in advance, or buyer beware and/or be ready
to pay extremely high fees for rescoring or higher fees and
costs for a mortgage. It is a position that consumers should
not have to face. All consumer reporting agencies are to assure
maximum possible accuracy, or are we just giving lip service to
the banking industry and to the consumer whom we are trying to
protect?
I thank you, Mr. Chairman, for the opportunity to testify
and present my views, and I would be happy to answer any
questions you may have.
Thank you.
Chairman Shelby. Thank you.
We have about 50 seconds left on a vote, and there may be
two votes. So, we are going to come back--I know I will--and we
will try to let you two testify and then probably have some
questions for the record.
We will stand in recess until we can get back in a few
minutes.
[Recess.]
Chairman Shelby. The Committee will come back to order.
We will continue with our panelists. Mr. Jokinen, we
welcome you here today. Your written testimony, as I said
earlier, will be made part of the record. You can tell we are
dragging the hearing on all day, but please sum up your
pertinent points.

STATEMENT OF DAVID A. JOKINEN

SUGAR LAND, TEXAS

Mr. Jokinen. Thank you very, very much. I appreciate it.
It is not my desire to be here today, but I do have a story
about being declared a ``dead man walking'' for over 2 years
that I think is important.
Chairman Shelby. You look alive today, though.
Mr. Jokinen. Yes. On certain days, I have to check my
pulse.
Chairman Shelby. I want to hear your story.
Mr. Jokinen. I have a little background information in my
testimony that simply says that I have a dual master's from MIT
and Harvard, and I have been a professor in Europe, so I am not
unsophisticated in trying to resolve this, but it has taken me
over 2\1/2\ years, and I still do not have it resolved.
Chairman Shelby. Tell us what happened.
Mr. Jokinen. Yes. My mother died on April 30, 2001. She was
95 years old. She had three credit cards with three different
banks which I was a cosigner on, because at the end, her hand
was too shaky to sign, and I was cosigner for her Social
Security checks.
I contacted all three banks immediately, sent death
certificates, and said, ``Please, I will honor any bills that
she has, but please clear this up. And since I was a cosigner,
if it is agreeable with you, I would like to be able to use
these as cards of my own after your time period--whatever you
need.''
All three said fine. The Bank One card got cleared up in 2
weeks; People's Bank, a little company in Connecticut, got
cleared up in 2 weeks; and Chase Bank has been an ongoing sore.
Right now, I have two cards with me from the Chase account
that is disputed, and I have two more cards at home that they
keep sending me, with my name on them, and they have extended
my credit on that account 10 grand--but I am still declared
dead. So it is a case of the left hand at Chase Bank not even
knowing what the right hand is doing.
Chairman Shelby. Have you gone to the doctor lately to see
if you are really alive?
Mr. Jokinen. Yes. Every now and then, I have a checkup--
about as often as I read the credit bureau reports.
But really, when it starts to hurt is when you go for
refinancing--and you have talked about home mortgaging--and
that is when I really discovered the problem.
Chairman Shelby. Absolutely. That was our point earlier
today.
Mr. Jokinen. Yes, exactly. You have to get three bureau
scores; but only one score showed up when I went for
refinancing 2 years ago, much to my surprise. I said, ``Oh,
what is going on here?'' I had no idea that this was possible.
I grew up in the Midwest, and I honestly assumed that Federally
regulated systems work. I read all the nice platitudes about
the Fair Credit Reporting Act, and I said something is crazy
here--this does not make any sense.
So, I got a copy of the FTC rules, and I filled everything
out and sent it in. I have done that 12 times in 2 years.
Chairman Shelby. Twelve times?
Mr. Jokinen. Twelve times, to the credit provider, plus to
the three bureaus. There used to be a Book-of-the-Month Club--
now we have David's Death-of-the-Month Club. I have no idea
from month to month whether I will have one bureau, two
bureaus, or three bureaus saying I am dead. Sometimes none of
them delcare I am dead that month.
Chairman Shelby. And how many years has this been going on?
Mr. Jokinen. Over 2 years. We used to have a 30-day rule
that I heard about someplace. I am on the 714th day with this
problem. I do not know where the 30-day rule applies.
I have communicated with Chase Bank, in writing or fax, 12
times. It is such an obvious error that I have been able to get
the staff at Chase and at the three bureaus--which I now call
``the Three Stooges''--to talk to me candidly because they know
the story. They know it is so ridiculous on its face, that they
start to tell me what is really going on in their own corporate
back yards.
So, all of a sudden, I am no longer naive. I have become
very wise--or battle-scarred, I should say--as to what really
goes on.
A mortgage banker friend of mine 2 months ago said,
``David, before the rates go up, you have got to get your house
refinanced.'' So he found a sophisticated lender to whom I
explained the whole story of the Death-of-the-Month Club. He
said, ``Well, we have to get a letter from the Federal
Government saying you are alive.''
I said, ``How do you do that?'' He said, ``That's our
problem. We'll figure it out, and you just do it.''
Chairman Shelby. How would they know you are alive?
Mr. Jokinen. Well, I will tell you the story--I have the
letter right here--I did not include it in my report.
Chairman Shelby. Go ahead, sir.
Mr. Jokinen. What happened was that particular month, I had
two credit bureau scores that we could not get. The idea was
that since the secondary market is now controlled by Freddie
Mac and Fannie Mae with guidelines, if they got somebody from
the Government to say that I was alive their underwriters would
approve my loan. This is like the old story about Santa Clause
having the post office endorse him for being alive, that old
``Miracle on 34th St.'' movie classic from years ago.
They said why don't you go to the Social Security office--
because I am older than 65. They know me down there. I walked
into the Social Security office and said I would like a letter
saying I am alive. They looked at me totally nonplussed. It
kept going higher up their management ladder until finally, the
office manager in the Houston office came and said, ``It is not
in our Federal handbook how to do this. Do you mind if I call
Washington?'' I said, ``No. I can stay here all day.''
That man from Washington wanted to talk to me to make sure
that I was a live person talking. Afterward, they started
laughing, because it just became obviously ridiculous.
So, I now have this letter from Social Security--which they
said they had never written before--saying that I am alive. I
did not put it as part of the evidence, but I think it is a
classic document.
Chairman Shelby. It is good.
Mr. Jokinen. I got my mortgage.
Chairman Shelby. Can you furnish a copy of that letter for
the record?
Mr. Jokinen. Oh, yes, sir, absolutely, absolutely.
So, I finally got my mortgage. When I look at my out-of-
pocket costs, hard dollars, it is about 250,000 hard dollars
that this credit mistake has cost me in the last 2\1/2\ years.
Chairman Shelby. Two hundred fifty thousand dollars.
Mr. Jokinen. Yes, sir, yes, sir.
Chairman Shelby. Oh, gosh.
Mr. Jokinen. Yes. And I have documented that in my written
report as far as where it went.
And then, the emotional truama--my mother was the longest
living tuberculosis victim from World War II who lived on half
a lung. She was in a TB sanitarium for a couple years when I
was a little kid in elementary school. I did not see her for 3
years. She had one lung removed; this was called the
``pneumonectomy,'' and it was a standard medical procedure back
then. They do not do it anymore; it is rather barbaric for a
medical procedure.
But when she was being released, the doctor said, ``Mrs.
Jokinen, you have about 2 to 5 years of life-expectancy,
because you will now be overworking the other remaining half of
your lung with your whole body's use. It wears out very
quickly. That is what the survival averages are, and we just
want you to be aware of that.''
She looked at the doctor and said, ``Sir, I will decide
this matter with my maker, and just because you have `M.D.'
after your name does not mean that you are going to tell me
when I am going to leave this earth.''
When I contacted the TB Association and the American Lung
Association, they had never heard of anybody living that long
with half of a lung. They are now checking the world records.
They have told me that she probably outlived anybody.
But at the end, she had a couple of years where she was
really in pain, coughing up blood, living in a wonderful
nursing home. I relived her agony every time I get a notice
that I am dead this month. I go through this sad memory, and it
is really excruciating--I can feel my bones shiver.
Chairman Shelby. There has to be a better way, doesn't
there?
Mr. Jokinen. Oh, I think so. And I am at your mercy to do
so. I made a suggestion as to how to solve the problem.
Chairman Shelby. Go ahead, sir.
Mr. Jokinen. To me it is a very simple problem to solve.
When I started getting the real story from the back office of
``the Three Stooges'' and Chase Bank, their own people told me
what would stop this ridiculous stuff. It is a faceless,
nameless person to whom you ``The Consumer'' talk to. You never
have that person's name the next time you call in, the consumer
contact staff at Chase Bank and the 3 credit bureaus said, ``We
have to be made accountable, but nobody in management wants to
do it.''
So, I thought about this process when I was asked to come
here. I have been a stockbroker licensed by the NASD and the
SEC. That is what this FCRA needs. What I suggest is that the
FTC or somebody stronger than them have the same power that the
SEC has. Take this credit industry and make a self-regulatory
agency within the industry; and paid for by the industry. Every
human being who has contact with the consumer must be trained.
They are not licensed or trained professionally at the moment.
I asked them what their backgrounds were. Once they are
licensed, they must also take continuing education programs. If
they are licensed, they can lose their license to work in that
industry. Not only will they be individually licensed, but also
the three bureaus and all the information furnishing people and
companies will be licensed. This is a much more precise and
easy way to enforce accuracy. What we have now is industry
promoted fairy tales. I feel the ``Fair'' Act is a ``fairy
tale'' Act. It has wonderful words, it sounds great; but 95
percent of the players do not follow it. There are no teeth in
the existing Act. I am just trying to create a sense of
consumer accountability. It is a real simple and inexpensive
solution.
Thank you so much for your time.
Chairman Shelby. We appreciate your experience, and I
believe you are alive, too, sir.
Mr. Jokinen. Yes, last time I looked.
Chairman Shelby. Mr. Hendricks, thank you for your
patience. We also thank you for what you have done over the
years.

STATEMENT OF EVAN HENDRICKS

EDITOR AND PUBLISHER, PRIVACY TIMES

Mr. Hendricks. Thank you.
I want to start by thanking my Senator from Maryland,
Ranking Member Sarbanes.
Chairman Shelby. Absolutely. Senator Sarbanes has another
meeting, and I do not know if he can get back, but he wanted to
express his regrets.
Mr. Hendricks. It was a kind introduction, and over the
years, he has made us proud by consistently doing so well for
our State.
And I have to thank you, Mr. Chairman, because you are
giving hope to the American public that we might actually make
some improvements in the system that has such a deep and
profound impact on their lives, so thank you for your
leadership.
Chairman Shelby. I will tell you, Mr. Hendricks, you can
tell from the record we are building, and both sides of the
aisle, Republicans and Democrats on this Committee, that we are
going to make some changes. We are going to make some good
changes, and I think it will be good for industry, and it is
going to be good for the American people, because it is too
important to ignore.
I think Mr. Pratt, Mr. Brobeck, all of you, would think
that. Now the question is to do it, and as Senator Corzine,
Senator Crapo, Senator Allard, Senator Enzi--we all want to do
it right, and this is the time to do it, is it not?
Mr. Hendricks. Oh, we could not agree more, and you being
in this position reaffirms my faith in God. Thank you.
Chairman Shelby. Oh, do not go that far.
[Laughter.]
Mr. Hendricks. Well, we have miracle of credit, and we have
the FTC Chairman granting other miracles, and thanks to Mr.
Jokinen, because he can show us that just because thousands of
lives are being ruined, we can still have a few good laughs,
too; right?
Chairman Shelby. He has the humor; he has not lost that, so
you know he is alive.
Mr. Hendricks. Yes. Let us walk through the accuracy
problem. In a practical sense, accuracy is not necessarily the
priority of the credit reporting system.
The credit bureau's job is to make sure they do not miss
anything in your credit history, because if they disclose a
credit report, and they miss something bad, the credit granter
will blame them. So, they have to maximize the amount of
information they possibly disclose about a consumer, and to do
that, they use what is known as partial matches--partial
matches of names, partial matches of Social Security numbers.
This can work, and it can also be a major cause of inaccuracy.
At the end of my testimony, I printed out some examples of
how Judy Thomas of Klamath Falls, Oregon was mixed with Judith
Upton of Stevens, Washington, because their Social Security
numbers were one digit different, and the algorithm just
assumed it was a mistake and they were the same person.
Myra Coleman of Itta Bena, Mississippi was mixed with Maria
Gaytan of Madera, California. The person had used Ms. Coleman's
Social Security number, so it was an exact match on that, and
that wiped out all the differences in their names and locations
and allowed Ms. Gaytan to basically have a joyride in an
identity theft situation.
It is maddening when they mix files; it is more maddening
when they cannot seem to unmix them, and that gets us into the
reinvestigation and the problems with----
Chairman Shelby. Excuse me. Why can't they unmix them--and
we have heard stories here last week, 2 weeks ago. Go ahead.
Mr. Hendricks. There are several reasons. One, I think the
volume of these partial matches creates such great volume--and
if Senator Bennett were here, he would hear me say that there
are approximately 7,000 to 10,000 disputes a day at a credit
bureau. Capital One has seen its disputes go from 1,000 a day
18 months ago to 4,000 a day currently. That creates volume. So
they have to create an automated system to deal with this, and
the automated system boils down to the person you described at
the credit bureau, reducing the dispute to a two-number or two-
letter code that they transmit--let us say Judy Thomas writes
in and says ``This is not mine; I never had a credit card with
you''--and the credit bureau then, instead of relaying all the
relevant information, just transmits a two digit code to say,
``Consumer says not mine.''
The credit granter then responds with a code to the credit
bureau saying, yes, we reported that Judith Upton was
responsible for this account, and then the credit bureau says
it is ``verified as reported.'' That is how they define a
``reinvestigation,'' and that is how they define ``verified.''
So, it is extremely problematic, and that is why this loop
continues. And also, in terms of why does information get
reinserted, when the subscribers or their furnishers submit
their tapes every month, again, the credit bureaus use many of
the same algorithms, and those algorithms will throw the
information back into the file, unbeknownst to the consumer.
The thing about the system is that the credit bureaus to my
knowledge have an official policy that if you sue or you
threaten to sue, you get priority status. So, we have created a
system where pretty much if you want to get your credit report
corrected, and you have a situation like this--and many other
consumers have--you have to litigate. That is why we think we
need to have minimum statutory damages per violation, the right
to go to small claims court and stay there, and a catalyst
theory for attorney's fees. And also, the FTC has now endorsed
the reinvestigation duties extended to the credit granters.
The thing about damages is that every time they get into
court and hear the story about Mr. Jokinen or people like him,
the credit bureaus say, ``That is too bad, but you were not
really damaged.'' So there are a lot of things we can do to
specify what every Committee Member here has said, that this is
extremely damaging to people.
Another good study that Mr. Brobeck cited is the Federal
Reserve Board study which said that they could not rely on
credit bureau data to predict the economy. But the Federal
Reserve Board said, ``What do we do about this?'' Well, we can
improve access to people's own credit reports and consumers
have to be more vigilant about access.
That is why the free access one per year is a good idea,
but I think we can take it to the next level. I think we have
to have the goal of plugging people into their own consumer
reports the way that all the credit granters are plugged into
all consumer reports. And the good news is that the credit
reporting agencies have created the infrastructure for this
with their monitoring and alert services.
The bad news is they charge excessively for it--$80 to $120
a year to sell back to you your own data--but the advantage of
this kind of system is fantastic, because it reduces the cost
of getting notice and a bunch of other things which I will not
go into.
But I think also here is a win-win in Mr. Pratt--may I call
you Stuart----
Mr. Pratt. Stuart is good.
Mr. Hendricks. --okay--this is where we can actually get a
win-win, because if they have a million people paying $80 a
year, that is $80 million; but if we get 30 million people at
$10 a year, that is $300 million. And then they can hire enough
dispute handlers so they can have a better dispute process.
So, I think there is clearly a win-win here, and I think
the Act can do this by capping the price of these services just
as it does the price of a credit report.
In conclusion, I would like to say a note about the
prescreening issue. I think Senator Sarbanes cited our study
from Privacy Times from a few weeks ago, that now we know
criminal gangs are systematically targeting mailboxes and
stealing mail for preapproved credit offers, convenience
checks, whatever personal information they can get. If they
cannot turn the instrument into cash itself, they sell the
information to a fence.
I talked to five postal inspectors. It is very
authoritative stuff and very scary.
I think now that the FTC has demonstrated that the Do Not
Call Registry is something that is very important to Americans
with junk phone calls, I think the next thing we have to look
at, and that we recommend, is that we need to have a ``Do Not
Mail Me Financial Data and Offers Registry'' for people who
know they do not want the risk of having their mailbox hit.
So just strengthening the preapproved, prescreening process
is important, but I think we need to take it to the next level
to handle the problem.
Thank you.
Chairman Shelby. I thank all of you for your testimony.
I am going to ask some questions now--and you can tell we
are really pressed for time--and then we are going to have a
number of questions for the record that I hope we can submit to
you.
Mr. Pratt--as fast as I can go--you provided a lot of
information to the General Accounting Office that touches on
inaccuracy in consumer disputes. From this submission, I have
not been able to make out any definitive information with
respect to the total--yes, total--number of disputes consumers
lodged with the three big credit repositories.
Is the number the same as the 16 million file disclosures
that are made each year, or is it something more, something
less? Could you tell us quickly the total number of disputes
that are made to the credit bureaus--and when I say ``the total
number of disputes,'' for the record, we want you to include
disputes made over the phone, through the Internet, through the
mail, and by way of other means by which consumer dispute
communications can be made.
Can you answer that now, or do you want to answer that for
the record?
Mr. Pratt. I think because of the particular detail of the
question--there are many parts to it--I would like to answer in
writing for you, Senator Shelby.
Chairman Shelby. That would be good.
Mr. Pratt. But Mr. Chairman, just very quickly, out of the
16 million consumers who look at their files, we estimate that
probably a little less than half of those consumers pick up the
phone and call us back. You have seen some populations in our
testimony where we said people who looked at their files--many
of those consumers are adverse action consumers; 84 or 85
percent of the files we issue for adverse action, which is one
of the reasons why you can get a free file. So the rate of
calls seems to be higher, because I think a lot of people call
so they can ask, ``Why was I declined?''
So, we do educate consumers, and I am drilling down to try
to get you a better number on that, and we will be happy to do
that. I recognize that in our testimony, we are not absolutely
black and white. We did try to drill down and say that we get
about half again as many calls, and then--it depends--25 to 30
percent are disputes, and then the nature of those disputes,
and as we have said before in our testimony, disputes do not
always equal inaccuracies. Disputes are sometimes actually
about information that is accurate as to the time reported--but
I would like to get that updated a little bit.
Chairman Shelby. But it seems to me that whether you
represent industry or consumers, or just a citizen consumer
like most of us, that the key to all of this is the accuracy--
what goes in and what comes out has to be as accurate as we can
possibly make it to improve the system. That is in the interest
of the industry as well as, but ultimately, it affects the
consumer greatly.
Mr. Pratt. There are instances where--and obviously, I have
had a couple of conversations with Mr. Jokinen and similarly
with Captain Harrison when he was here as well--those are
learning moments where you learn something about the system.
There are some contexts that I could share with you about some
of that along the way, but there is no doubt the goal is learn
from that, Mr. Chairman--not to simply say, well, gosh, that is
one instance, and let us just move past that one.
Chairman Shelby. That is why we are holding these hearings
for the record, because we have never done it before.
Mr. Pratt. Yes, sir.
Chairman Shelby. Would everyone agree that an error as
significant as yours, as to whether or not a person is alive or
dead, should be quickly recognized and permanently resolved--
yes or no?
Mr. Pratt. Yes.
Chairman Shelby. Everybody says yes.
Mr. Jokinen. Yes.
Mr. LeFebvre. Yes.
Mr. Pratt. May I just add--if we can verify it. We were
last year in hearings--
Chairman Shelby. There has to be a way to do it and do it
quickly, though, doesn't there?
Mr. Pratt. If we can do it quickly. Let me just add that
one of the keys--and I am not at all denigrating in any way or
trying to in any way reframe Mr. Jokinen's testimony.
Chairman Shelby. It has to be difficult. He is well-
educated.
Mr. Pratt. My gosh, yes, a lot more than I am. Last year
and in the year prior, with September 11, we were asked why
could a Social Security number still be used when it was part
of the death master file of the Social Security Administration.
So then we had hearings on the death master file, and we heard
about how the NTIS could escalate the data to us, and then we
learned that State agencies do not report data quickly enough
to the Social Security Administration.
One of the challenges for us is to be able to pull away the
wheat from the chaff and make sure that we absolutely get it
right the first time with Mr. Jokinen and then also absolutely
get it right when the Social Security number should not be in
circulation. Those are the two challenges.
Chairman Shelby. Mr. Hendricks and Mr. Jokinen, quickly,
what do you think--and I know you have already made some
statements--what do you think it says about a system such as
ours today that reports an obviously living person as dead, and
then you cannot get the error corrected?
Mr. Jokinen. I even asked Chase on the phone if they could
prove that I was dead. I can prove that I am alive. And I asked
them if they had a corpus delicti in a coldroom someplace,
because I would like to come and match fingerprints, because I
have been fingerprinted for 40 to 50 years, with all kinds of
files, and they are always the same, so what do they have?
Chairman Shelby. A writ of habeas corpus would produce a
body, wouldn't it?
Mr. Jokinen. Yes, that is right.
Chairman Shelby. If you were breathing, you would be all
right.
Mr. Jokinen. Yes, exactly, and it got to that point, and
still they did not correct it.
Mr. Hendricks. And Senator, I think it raises serious
concerns. The truism is circulating that this is the best
system, which it is, or as Churchill said, ``the worst except
for all the rest.''
I am seeing signs of breakdowns like this on such a regular
basis that I think we need a really deep, drilled-down look
into the accuracy problem, and you have to wonder if there is a
correlation to skyrocketing bankruptcy. Aren't these systems
supposed to predict that so we do not have it, yet from the
mid-1990's on, the bankruptcy rate has really gone up, and we
need research on that.
Mr. Pratt. Again, I would just like to add that in our
testimony, we talk about how 16 million consumers look at their
files every year, and less than half of them ever call back. So
one of my concerns is about the difference between how we learn
from certain patterns or even individual experiences, and the
difference between that and the performance of the industry on
a day-to-day basis, a week-to-week basis, a year-to-year basis
in terms of how well the system does work.
You do not have to try to reconcile those, because each is
true. We need to learn from those individual experiences and
make changes and improvements. And every year, the industry at
the association level, through data format standards, which can
be changed--for example, bankruptcy issues, Evan, that you
raised in your testimony, the new format allows for better,
more precise reporting. Some of that cannot be anticipated--we
cannot be absolutely prescient about the future--so it is
evolutionary, and you change over time with that thing.
Now, if we could get everybody on the new format, we would
have better data than the data on the old format. I think
Richard would agree with that as well.
Mr. LeFebvre. Absolutely.
Mr. Pratt. But it is a voluntary system, and there are
certain aspects of this, Mr. Chairman, that we can control. We
cannot have access to the Social Security Administration--there
are lots of good reasons for that--but that would allow us to
authenticate whether or not somebody's Social Security number
is really correct.
Chairman Shelby. Then we would need IRS records, right?
Mr. Pratt. It is dangerous to ask for access to a lot of
Government data.
Chairman Shelby. Resellers see each report that the big
three bureaus prepare on consumers. This provides them a unique
vantage point to get an understanding with respect to the
accuracy of reports. The Banking staff contacted some resellers
to get a sense as to some of the issues they come across. In a
period of less than a week, the resellers found 13 files that
contained inaccurate, delinquency information. Correcting these
inaccuracies resulted in FICO score changes that ranged between
6 and 80 points. They found 13 files that required correction
of information related to bankruptcy filings. These corrections
resulted in FICO score changes that ranged from 18 to 108
points. They found a file with a fraudulent credit card account
that, when removed, resulted in a 105-point FICO score
increase.
While these are some anecdotes collected over a limited
period of time, the results are interesting. From your
experience, sir, how representative do you think these reports
are?
Mr. LeFebvre. Senator Shelby, I was one of the first
resellers back in 1998 who was allowed to rescore. In 5 years,
the numbers that you have quoted are absolutely right on, if
not higher. If you can remove the inaccuracy or get all three
bureaus to agree on the same thing, scores dramatically go up.
The more recent the inaccuracy removed, the more positive
impact it has.
Chairman Shelby. If the consumers whose credit reports I
was referencing containing these errors had not been trying to
obtain, let us say, mortgages on their homes or business, and
had not had merged files prepared, is it likely they would have
come across these errors?
Mr. LeFebvre. Absolutely not.
Chairman Shelby. Mr. Pratt, I want to come back to you
again. In your written testimony, you indicate that--and I will
quote--``Accuracy of reports is elemental.'' That is true. It
is elemental. The whole system requires accurate reports. We
all, I think, agree to that.
Later in your testimony, Mr. Pratt, you indicate--and I
quote again--``We could do an even better job if everyone used
our newest data standard and also if every one of the 30,000
furnishers of information would also use the online system for
processing consumer disputes.'' I believe those were your
words.
Mr. Pratt. Yes, sir.
Chairman Shelby. I assume that by ``we,'' you mean the
credit repositories.
Mr. Pratt. Yes--although when you look at-large at the
community of furnishers who are providing data, I do not think
you would find a single executive in a company who will say,
``My goal is to report bad data'' or to declare somebody dead.
But in the bigger picture, yes, the more we can run through the
automated process--and I think Evan has made a couple of
comments about one of the challenges of automation is that you
have to automate, you have to communicate--in fact, the law
required in 1996 that we build an automated system under FCRA
to allow for error correction so that I could correct my error
just once. It used to be historically that I could correct it
in one file, and then it would be in another file, and I would
not find out until later.
So one of the challenges was to--and, in fact, lenders were
obligated to report corrections to all nationwide consumer
reporting agencies--it is always a challenge to try to convey
with absolute precision the nature of the consumer's dispute,
at the same time to do it quickly, at the same time to get it
done in 30 days, and at the same time to handle----
Chairman Shelby. Quickly and accurately.
Mr. Pratt. Yes, sir, quickly and accurately--do not work
coterminously all the time. We do have that challenge of doing
both, yes, sir.
Chairman Shelby. By the word ``better,'' I also assume you
mean more accurate.
Mr. Pratt. We definitely could be more accurate if that
were the case.
Chairman Shelby. Okay.
Mr. Brobeck, I have raised the issue that we do not have a
firm handle on the true level of accuracy in the system at this
point in time. While your study provides--and I thought your
study was very interesting--a sense of where things are right
now, don't we need to be better-informed about this issue in
the future?
Mr. Brobeck. Yes. We know that at least a significant
minority of consumers can be adversely impacted by inaccurate
scores, even annually. We cannot at this point assign a
specific number--
Chairman Shelby. An inaccurate score will cost you over
time possibly hundreds of thousands of dollars.
Mr. Brobeck. Yes, sir, it could--if, for example, you
purchase a subprime mortgage instead of a conventional
mortgage, it could cost you well over $100,000.
We would agree with the recommendation that a Federal
Agency, perhaps the FTC, should be given the authority and the
responsibility to continuously monitor this issue and also
assume some responsibility for reviewing the dispute resolution
process.
Chairman Shelby. I think it is very, very important.
Gentlemen, we have a lot of questions, as I said, for the
record as we build this record. And I think we have a great
opportunity here in the Banking Committee, here in the Senate
and the House, to put together a comprehensive bill that will
be good for the economy, that will be good for the financial
services industry, but will be good for the American people.
Mr. Jokinen. Mr. Shelby, if I may.
Chairman Shelby. Yes, sir.
Mr. Jokinen. This has been the best day I have had in over
2 years. Thank you.
Chairman Shelby. Thank you--and I want to say this--I will
sign an affidavit--I believe you are very alive.
[Laughter.]
Chairman Shelby. The hearing is adjourned.
[Whereupon, at 1:12 p.m., the hearing was adjourned.]
[Prepared statements, response to written questions, and
additional material supplied for the record follow:]
PREPARED STATEMENT OF SENATOR RICHARD C. SHELBY
This morning, we take up one of the most important issues, if not
the most important, associated with the FCRA: The accuracy of the
information contained in consumer credit reports.
Changes in our financial services industries have made accuracy
more important than ever. Credit report information is increasingly
used as the key determinant of the cost of credit or insurance.
By way of risk-based pricing, gone are the days when lenders merely
lumped borrowers into the ``qualified'' or ``unqualified'' category.
The use of risk-based pricing allows lenders to extend credit to a
broader range of borrowers predicated on the assumption that borrowers
receive credit terms which are commensurate with the credit risk they
pose.
As a result, credit report information has a direct impact on the
amount and the interest rates at which credit is offered. With respect
to large credit transactions, such as mortgages, rate differences can
translate into hundreds of thousands of dollars over the course of a
loan.
Even in smaller dollar credit transactions, such as credit cards,
rate differences can mean large amounts of money. Furthermore, with the
practice of credit card companies reviewing credit reports and
adjusting rates in real time becoming more prevalent, the application
of risk-based pricing to consumer finances is practically an every day
event. Let me try to further illustrate these points.
This first chart provides some rough indication as to the effects
that particular entries on a credit report can have on a person's
credit score or credit worthiness. As is indicated, some entries, such
as a bankruptcy filing can greatly reduce a person's credit worthiness.
There is nothing wrong with this; consumers who have failed to pay
their debts DO pose a considerable risk to creditors.
But what if a bad rating is based on inaccurate information? What
if you had never been bankrupt and such an item appeared on your credit
report? The second chart highlights the spreads in interest rates that
people with differing credit scores would pay for some sample products.
As the chart shows, the differences are very real. So are the financial
consequences. Consider the cost differences for a $200,000, 30-year
fixed mortgage. A borrower classified as a ``marginal'' risk pays
almost $90,000 more in interest than someone with an ``excellent''
credit rating. Someone classified as a ``poor'' credit risk would pay
$124,000 more in interest than the person with ``excellent'' credit.
Credit rating matters for other transactions as well. Someone
financing a $24,000 new car with a ``marginal'' rating can expect to
pay 127 percent more in interest (about $3,300) than a person with
``excellent'' credit. Someone with ``poor'' credit can expect to pay
255 percent more in interest (about $6,700). Again, what if the
information that leads to a bad credit rating is inaccurate?
With the rewards for good credit so meaningful, and the penalties
for bad credit so severe, it is absolutely critical that credit reports
accurately portray consumers' true credit histories.
Thus, the focus of today's hearing--examining the FCRA and the
operation of our credit markets to determine whether or not the present
system provides optimum accuracy.
With a system as large and complex as ours, involving the transfer
of billions of pieces of information, it is almost a certainty that
there are going to be some errors which occur. On the other hand, the
credit reporting agencies are paid to properly handle the data.
And furnishers, who also happen to be the largest consumers of
credit report information, take advantage of the efficiencies provided
by the system. Both derive significant benefits from this system. Both
also have a significant responsibility to get things right.
So let us consider: How and why do errors occur in credit
reporting? Can more be done to prevent errors in the first place? If
some errors are not preventable, does the system enable them to be
quickly recognized? Who most efficiently recognizes them? Once
recognized, does the system work to ensure that errors are quickly
corrected?
I look forward to examining these questions with the witnesses.

PREPARED STATEMENT OF SENATOR CHRISTOPHER J. DODD
Mr. Chairman, I want to thank you for conducting this hearing.
Accurate credit reporting is essential to the proper functioning of our
credit system and to the financial security of American consumers. Your
strong leadership on this issue is greatly appreciated.
Since its enactment in 1970, the Fair Credit Reporting Act has
provided the framework within which our credit system has flourished.
The vast majority--more than 75 percent of all U.S. households, I am
told--participate in credit transactions that are likely to be the
subject of credit checks and credit reports. If it weren't for the
ability of credit issuers to quickly determine a consumer's
creditworthiness, there is no doubt that less credit would be available
to American consumers in general and the economy would suffer. Our
modern consumer reporting system serves a purpose that benefits both
consumers and businesses.
However, to say that something is useful is not to say that it
cannot be improved. The credit reporting system can be improved and I
look forward to working with my colleagues to identify the best ways to
ensure that credit reports do not contain avoidable errors. What is at
stake is too important. Consumer's financial lives can literally be in
the hands of the credit reporting agencies and the creditors who
provide information to those agencies. I believe consumers have a right
to expect that the information compiled about their financial dealings
will be as accurate as is humanly possible. People will make mistakes--
we recognize that. But consumers must have a clearly articulated remedy
for correcting errors when they to occur.
A few weeks ago, we heard from a witness named John Harrison, a
retired Army Captain from Connecticut who was the victim of identity
theft. His credit reports very clearly contained erroneous information,
misinformation that was deliberately planted there by a criminal--but
Captain Harrison found it very difficult to get the bad data out of his
reports. He was required to spend hundreds of hours and eventually had
to leave his job because trying to clean up his credit was taking so
much time. That is wrong and we need to fix that problem.
I am encouraged by some of the Treasury Department's recent
recommendations to strengthen the consumer protections contained in the
Fair Credit Reporting Act. I think, for example, that the Department is
right to suggest that consumers should have access to free copies of
their credit reports and credit scores so they can identify problems
for themselves. I also agree that we need to strengthen protections
against fraud, identity theft, and the misuse of consumer credit
information.
Mr. Chairman, thank you for bringing this important issue before
the Committee. Again, your leadership is greatly appreciated. I look
forward to hearing from all of our witnesses, and I thank them for
being here today.

----------

PREPARED STATEMENT OF SENATOR DEBBIE STABENOW

Thank you, Mr. Chairman. Let me begin by saying that I appreciate
the very thorough and methodical approach you have taken to examining
the Fair Credit Reporting Act. I believe it is important that we move
in a timely fashion to extend the expiring provisions of the Act to
ensure that our credit system remains the envy of the world. But, I
also strongly believe that we must be open to necessary modifications
and improvements in the Act. We have an important opportunity to look
at what has worked and what hasn't and to respond to changes in
technology, our economy, and our ever-evolving understanding of
consumers' needs.
Today, we are going to be examining the issue of accuracy of credit
reports. In many ways this is the linch pin in the entire credit-
granting system. If we cannot assure that this information is correct,
it could cost consumers thousands and thousands of dollars through
improperly inflated interest rates. It is, therefore, absolutely
imperative that the companies who furnish credit data be certain that
the
information they keep on all of us is accurate.
In addition, when that information is not accurate, consumers need
a quick and easy resolution process. In a fast-paced society like ours,
unnecessarily long delays in correcting inaccurate credit reports have
profound consequences. They can lead to denial of a mortgage to buy a
home or the steering into a subprime loan. They can lead to the
inability to get a credit card or an unwarranted increase in interest
rates on an existing credit card. They can also create reduced work
productivity and extreme stress as consumers must take off work and
spend countless hours trying to correct mistakes that occurred through
no fault of their own.
I believe that it is important to ensure that consumers have fair
and expedient means to address inaccuracies in their credit reports,
and I look forward to hearing some of the solutions proposed by our
witnesses today.
Let me also take a moment, Mr. Chairman, if I might, to say that as
we prepare to mark up FCRA legislation, one other thing that I believe
is absolutely essential in enhancing the way our credit system works is
elevating the financial literacy of America's consumers. While laws and
regulations can protect people, one of the most powerful weapons we
have to protect ourselves from fraud and inaccurate information about
our finances is education. I want to work with all of my colleagues to
ensure that, as part of this process, the Federal Government is taking
steps to improve its efforts on financial literacy.
Again, I commend you and the Ranking Member, Senator Sarbanes, for
your leadership on this issue. I look forward to hearing from our
witnesses today and working with all of my colleagues to ensure a
timely reauthorization and improvement of the Fair Credit Reporting
Act.
Thank you.

----------

PREPARED STATEMENT OF SENATOR WAYNE ALLARD

I would like to thank Chairman Shelby for holding this hearing on
the accuracy of credit report information and the Fair Credit Reporting
Act. I am sure it will be a helpful part of our ongoing work to
reauthorize FCRA.
Americans have unparalleled access to goods and services, much of
which stems from the fact that we have the most successful consumer
credit system in the world. The Fair Credit Reporting Act has been
instrumental in expanding the availability of consumer credit, which
has in turn played a vital role in the U.S. economy.
The 1996 Amendments improved FCRA's framework, allowing the free,
fair, and accurate flow of consumer data. It is now important for us to
evaluate and assess the successes of, and possible improvements to,
this important legislation.
Examining the accuracy of credit information may be one of the key
issues that we consider. Inaccurate information is, perhaps, even more
problematic than no information, for both consumer and lenders. It
doesn't matter if FCRA allows quicker, easier, simpler credit decisions
if it yields the wrong decisions.
Further, an inaccurate record of one's credit history can make even
the most simple financial transaction or inquiry burdensome or even
impossible. Consumers deserve to have their credit history reflected
accurately, and credit furnishers and credit reporting agencies have
the obligation to provide and report accurate information.
While there may be things we can do to improve the accuracy of the
credit reporting system, we will realistically never reach a state of
absolutely no errors. I believe that one of the strongest antidotes to
errors is an informed consumer. In particular, I believe that consumer
access to credit reports and credit scores will help catch the
inaccuracies that occur.
I was pleased to join with Senator Schumer in introducing the
Consumer Credit Score Disclosure Act of 2003 earlier this week. Our
bill would allow mortgage applicants to receive their credit score,
along with other information such as specific factors that adversely
affected their score. This information will help consumers better
understand the importance of accuracy in the credit reporting process.
I would encourage my colleagues to take a look at the bill and consider
adding their name as a cosponsor.
I look forward to hearing from our witnesses today on ways to
enhance our current system and ensure the accuracy of people's credit
information.

PREPARED STATEMENT OF DAVID A. JOKINEN
Sugar Land, Texas
July 10, 2003

Mr. Chairman, Ranking Member, and Committee Members. Thank you for
allowing me to appear today. I will share with you my 2-year nightmare
of being declared a ``dead man walking.'' It is a little harder to get
credit when the depositories report you as ``deceased.''
Personal Background
I am a self-employed suburban businessman running my own real
estate development firm. I am 67 years old. In the past, I have been a
guest professor at 2 european universities, plus two graduate schools
here in the States. I authored 3 books on engineering and architecture.
They were published in Holland. I wrote them in a foreign language. I
have also been an urban affairs/town planning consultant to numerous
Governments in Canada, Europe, and the United States.
I have also been a senior executive with a major department store
chain. For the last 35 years, I have been a self-employed businessman.
The Day My World Turned Upside Down
My 95-year-old mother passed away on April 30, 2001, in a Houston
nursing home. I later discovered that because of a clerical error I
also ``died'' that day.
My mother had credit cards with 3 banks, (Chase Bank, Bank One, and
People's Bank). I was also a signer on all three cards. Within 24 hours
of her death I called all 3 banks to say I would honor my mother's
bills; and would send them each a death certificate as soon as I got
it. Two weeks later, I contacted all 3 banks to verify they received
their copy of mom's death certificate. I also asked if it was now
``okay'' for me to begin reusing their card solely in my name. All 3
said ``fine.''
Much to my surprise, I received a form letter from Chase Bank, 1
month later, asking for a copy of mom's death certificate. I called and
asked Chase Bank what they did with both the hard copy I mailed and the
fax copy I sent weeks earlier. They casually said, both probably got
lost in their huge filing system. Could I resend them another? This
cavalier attitude prompted me to formally ask Chase Bank for a written
confirmation that they had removed my mother's name and her Social
Security number off this Chase Bank Visa card. I made that request more
than 2 years ago. I have still not received their promised written
confirmation. How long should I wait.
Five months after mom's death, Chase Bank did send a different form
letter. It said I was now the sole name on this Visa card. They also
sent me 2 additional cards, (for this account) with my name on them,
why? I do not know? I never asked for them? Both, Bank One and People's
Bank had sent me their letters more than 4 months earlier.
Cascading Consequences of One Clerical Error
Suddenly, this whole other world of credit bureau problems came
crashing into my life. After some detective work, I discovered Chase
Bank was the sole culprit reporting me dead to all 3 credit
depositories. They ``mixed up'' my mother's death with my Social
Security number.
The 3 bureaus seemed to have embedded this error in different
locations on their recirculating data loops. It seems that on each
different month my death notice shows up from a totally different
depository's report. They seem to be playing a perverted version of the
``book of the month club.'' Only now, it is ``David's Death of the
Months.'' It was becoming ghoulish. The whole thing was starting to
send chills down my spine.
Two Out of Three
The first time we noticed that 2 credit bureaus had declared me
``deceased'' on the same month was later in the fall of 2001.
Mortgage interest rates had been falling dramatically, so my wife
and I decided to refinance our house. The mortgage broker called back a
few days later, and said, ``We have a strange problem.'' Only one
bureau gave her a credit score. Experian claimed they could not
calculate a Fair Isaac score because David was dead. Equifax said their
Beacon score was not available because the subject was deceased. Today,
without 2 out of 3 credit scores, no one gets a residential mortgage,
we certainly did not.
I immediately purchased copies of my credit reports from both
bureaus. Both showed Chase Bank reported me dead on one Visa Card.
Ironically, I was still alive as far as my other Chase Bank credit card
with them was concerned.
I followed the FTC printed consumer guidelines for correcting these
errors. I mailed in my corrections and waited 30 days. I then purchased
new copies of my reports from both Experian and Equifax. I naively
expected them to be clean. When the same dirt was still there, I called
both bureau's and said ``Hello people, I am really not dead.'' Help me
correct this.
Both bureaus said the same thing. ``They had forwarded my complaint
to Chase Bank, and Chase has not responded.'' I asked what is next?
They said case closed. They harshly explained that I, as a little
consumer, was not their client or customer. I was just another number
for them to make money off. In this case, their client was Chase, (a
rich bank); and their customers were all the other banks, retailers,
etc., who regularly paid them big dollars for thousands of reports at a
time.
They just did not care if I was dead or alive, on paper, or in
reality. Equifax told me to quit bothering them, and go away. Experian
lost their temper. They threatened me by saying they would put more
dirt on my report (so they could make more money) if I did not hang up.
Deal Directly With The Source
Chase Bank was the only creditor reporting this problem. So, on the
very next business day (in November 2001) I called, and faxed, Chase
Bank. I asked them how a responsible and ethical bank could report such
a malicious lie. Their only response was ``They were sorry if it
bothered me.'' They said they would communicate with both Equifax and
Experian saying that my death was an error and inaccurate. I said thank
you. I thought that finally would be the end of it. That was how the
Fair Credit Reporting Act was supposed to work. I finally slept sound
that night, after months of agony.
A few days later, I called to verify their correction process was
in the works. I was shocked when the supervisor at Chase Bank gave me a
noncommittal answer--saying, ``it was routinely handled.'' This
supervisor refused to give me his name. Later, when I told a depository
employee this conversation--they laughed. They said that it was
``insider code'' for throwing my correction request into the trash can.
It was at this moment of anger, plus insight, that I truly realized
what a ``toothless paper tiger'' all the Federal legislation on credit
protection really was. None of the ``Big Players'' in this industry
obey any of these rules and guidelines set forth by Congress. They have
told me, ``since there are no tough policemen daily watching their
actions it was still ``business as usual.''
Sure, the FTC makes a headline now and then with consent
settlements against each of the big 3 depositories. But, they said that
was only a minor irritant. The only action they might fear is
legislation making their individual managers personally responsible for
their groups' error rates, under penalty of hefty personal fines, and/
or jail time. They mentioned the SEC's forced collapse of Arthur
Anderson and other firms.
A Serious Disconnect Between Words and Results
I am a living case example of how our current fair credit reporting
laws still do not work as intended. They sure sound great on paper.
I remember reading (in 1994), the Senate finally shifted the
``Burden of Proof'' for the accuracy of information off the back of
individual consumers, and onto the shoulders of the 3 giant credit
bureaus, and their associated creditors. That sounded wonderful. It was
the fair thing to do. However, it is now 9 years later, and hardly
anything has really changed. We, the consumer, are still stuck with the
``burden of proving'' any ``error'' on our report is a fabrication, or
``mix up'' from some other file.
Over the last 26 months I have asked Chase Bank to either prove I
am dead, or quit reporting that lie. ``Off the record,'' people at
Chase Bank have told me that: (A) Until there is either a financial
incentive, to correct errors, or (B) Until the penalty on both a
company and it's staff is so severe it cannot be ignored ``little''
inaccuracies like mine will never be given the proper attention or time
to get corrected.
I Had To Prove I Was Alive
After 2 years of struggling to find any courageous lender to
refinance my home, a friend took pity on me. He is a mortgage banker.
He found a sophisticated national lender who was willing to work
outside the box. Now, when that nasty message: ``Only 1 bureau this
month will give me a Fair-Isaac score popped up,'' he was prepared.
Most mortgages today end up in the secondary market. Either ``Freddie
Mac'' or ``Ginnie Mae'' typically sets the guidelines for that. So, why
not try to get some Federal Government Agency (on paper) to declare,
``Jokinen is alive.''
A Visit To The Government
Last month, I walked into the Houston Regional Office of the Social
Security Administration, and begged them to write a Government letter
saying that I was not dead. Under Federal law, this is Chase Bank's or
the 3 credit bureaus responsibility to prove, or disprove. But, those
fat cats only ``yawned in my face'' every time I requested they correct
this glaring inaccuracy.
At first, the employees in the Social Security office did not know
what to do with my request. There was not a sample letter on this topic
in their Federal handbook. They decided to call their supervisor in
Washington, DC. I also had to talk to some higher official in the
national capital, who then asked to speak again to the Houston Office
Manager. These two talked some more, and then started laughing. Soon,
all the clerks in this entire Social Security office started whispering
to each other and then laughing. A few minutes later my human interest
story spread out into the waiting room.
My request for this unusual letter was being translated into
Chinese, Vietnamese, Spanish, etc. As people started hearing my strange
story in their language, they started laughing too. Soon the entire
floor in this high rise was laughing. I was now the object of much
pity.
When the Social Security Manager finally presented me with my
``Living Letter,'' the entire waiting room broke out into applause. It
was like ``little David going out to slay the Goliath Bank.'' Yes, my
wife and I finally got our home's mortgage refinanced. But, it was not
from any help given by the Federal Fair Credit Reporting Act.
What Happened To The 30-Day Rule?
The 1994 Act required creditors and depositors to furnish only
``accurate'' information. Who enforces this? When consumers dispute any
data these bureaus have 30 days to theoretically correct those errors.
Is this a fairy tale? I have never seen it happen in real life.
Chase Bank has ``inaccurately,'' reported me dead for more than 26
months. They still have not lifted one finger to update or to correct
their inaccuracy. Then, 1 year after Chase Bank had declared me
``deceased,'' they mailed me an offer to raise the credit limit on that
same Visa card in dispute, to $10,500, with ``zero'' interest on
balance transfers for 9 months.
Is this a question of their right hand not knowing what the left
hand is doing? Or, was it just a profit-hungry bank looking to make a
buck off a dead man's account? Chase Bank, also, sent me an unsolicited
$5,000 preprinted check to pay off competitor bank card accounts. This
was beginning to look like the old ``Abbott and Costello'' comedy
routine: ``What's on first, who's on second?'' Except this bank is no
longer funny to me. What a phony slogan Chase Bank claims to have:
``The right relationship is everything.'' The only relationship Chase
Bank has ever given me is ``dead man walking.''
Ten years ago, Congress was moved to considering new fair credit
reporting laws. This move came after research revealed ``in 1991
consumers had to complain an average of 23 weeks before getting minor
corrections on their credit reports.'' By 1993, it got worse. Consumers
had to now complain for a longer average of 31 weeks before getting any
satisfaction.
My 30 Days Has Grown To 784 Days
I have been complaining to all 3 Giant Credit Bureaus, (plus Chase
Bank) for over 112 weeks--and still, I get no satisfaction? Rodney
Dangerfield described America's current consumer plight best--``We get
no respect!'' How many more weeks do I have to ``ask'' these giants to
grant me my consumer credit rights that were supposedly authorized by
Congress 9 years ago?
My Damages
The costs of this credit bureau screw-up to me keep mounting
monthly. It is an ever-increasing financial burden. I discovered I have
been spending an average of 7 hours each week, just keeping these
mounting credit errors under control. This comes to 364 hours a year
with my finger stuck in this ``Dyke of Inaccurate Data.'' I am afraid
if I pulled my finger out, I would be totally inundated in a swirling
sea of paper lies. If their flood of bogus reports became more
overwhelming it will impair my ability to economically support my
family. For the last dozen years, my minimum rate for consulting has
been $50 per hour. So far, I have expended 798 hours on just trying to
keep Chase Bank and the ``3 Stooges'' (the 3 bureaus) under control.
That has cost me $39,900, so far.
Paying much higher monthly mortgage payments over the last 2 years
than I now have has already cost me an additional $11,000. Also the
higher interest rate slapped on us when we purchased my wife's used car
has already cost us another $2,500.
I am currently trying to raise money from investors. I am starting
a new type of Home Building Company. We will build new modular homes in
6 weeks, instead of the regular 6 months. These new homes will also be
hurricaneproof (up to wind speeds of 130 mph), floodproof (up to 2 feet
above your neighbor's living room floors), and mold resistant. These
new homes look identical to any conventional stick built homes on the
same block. One of my potential investors (a $200,000 prospect) told me
he pulled a merged credit file on me, and it scared him off. That is an
additional $200,000 investment that should have been generating profits
for my new corporation. These itemized monetary damages today add up
to, more than $250,000, and counting.
Emotional Suffering
I was my mother's only child. We were quite close. My mother had
Tuberculosis during World War II. She was confined to a TB sanitarium
in Detroit for 3 years. My mother left our house when I was 5 years
old. I never saw her in person again until I was 8 years old. In 1943,
the TB doctors removed half of my mother's lung. During her recovery,
the TB doctor told my mother she probably only had 2 to 5 more years to
live. That is because she was now living on only half a lung, and it
would eventually wear out. That was when she was 39 years old. She
actually lived to 95. Because of Chase Bank's stupidity, I have now
relived her last few painful years over and over again--while trying to
get this mess cleared up.
Suggested Legislation
It seems most consumer complaints are the same: The majority of
errors on their credit report do not get corrected. And, when some did,
it wasn't in a timely fashion.
Solution
Give the FTC the same licensing and oversight powers the SEC
currently has over stock and bond brokers.
That way, all future credit reports would go out under a full name
and FTC license of the bureau's assigned manager for that specific
account. Then consumers would not be unfairly negotiating with
nameless, faceless, customer services clerks they will never speak to
again, the next time they call in or write. Under this reform, trained
and licensed persons on the other side would be fully responsible for
handling consumer corrections in 30 days.
Then, if major mistakes are made or not corrected, the FTC should
be granted the same SEC powers of serious fines against individuals,
and/or their employing firms. The FTC should be able to take away an
individual's license to work in this credit industry. The FTC should
also be able to set jail time for those found guilty in court.
Solution Continues
Not only should the 3 depositories be required to license various
levels of their staffs--this should also apply for all creditors who
regularly supply the 3 credit bureaus with their information.
That means all future credit reports would also carry another set
of contact names of licensed people after: (1) Each bank's entry (like
Chase), (2) Each retailers entry (like Sears), (3) Each lender's entry
(like Countrywide), (4) Each insurers entry (like State Farm), and so
forth. The best way to reduce complaints in any industry is to
professionally train all staff who must deal with the consumer. Then
hold each of those licensed staff people individually accountable for
their own report corrections, or lack of corrections.
Thank you for your time and courtesy today.

FROM TIMOTHY J. MURIS

Q.1. Currently, consumers can get access to a free credit
report if they are denied credit. What is the percentage of
consumers that have been denied credit who actually take
advantage of the opportunity for a free report?

A.1. There are tens of thousands of credit report users who are
obligated to send notices when taking an adverse action. We do
not have data on how many consumers receive adverse action
notices. However, a July 21, 2003 Report from CRS states that
13.4 million consumers each year request a free report
following adverse action. This represents 88 percent of all
annual free file disclosures by CRA's to consumers.

Q.2. What States currently provide full access to free credit
reports and what are the take up rates for those States? In
other words, how many consumers that have not been denied
credit take advantage of their free reports?

A.2. Massachusetts, Colorado, New Jersey, Georgia, Maryland,
and Vermont require access to free reports. (Some other States
require access to reports for less than the $9 Federal
maximum.) We have heard varying reports on the take-up rate in
the free States. The July 21, 2003 CRS Report states that it is
2 to 4 times the take-up rate in States where consumers must
pay $9. CDIA tells us that the rate of free reports per capita
in the free report States is 218.5 percent that of the States
without a free report requirement. But we have no absolute
numbers--CDIA's members are reluctant to disclose those numbers
to us because they do not want their competitors to be able to
figure out their market share.

Q.3. Which of the three major credit reporting agencies
currently provide information about scoring methodology on
their credit reports? Specifically, what information is
provided? Do the credit reporting agencies provide this
information only on request by the consumer, or do they provide
it automatically in conjunction with a consumer's credit
report?

A.3. This is a question best addressed to the credit bureaus.
Our understanding is that non-CRA subsidiaries of the three
major national credit bureaus sell scores to users of credit
reports and also sell scores directly to consumers, along with
educational material. We are told that none of those bureaus
provide scores as a routine matter, either with a free credit
report or a credit report for which the consumer paid the $9
statutory charge--that is, there is an extra charge for the
credit score. In some States (California and Colorado), credit
bureaus are required to provide scores, but are permitted to
charge for them.

CONSUMER AWARENESS AND
UNDERSTANDING OF THE
CREDIT GRANTING PROCESS

----------

TUESDAY, JULY 29, 2003

U.S. Senate,
Committee on Banking, Housing, and Urban Affairs,
Washington, DC.

The Committee met at 10:06 a.m. in room SD-538 of the
Dirksen Senate Office Building, Senator Richard C. Shelby
(Chairman of the Committee) presiding.

OPENING STATEMENT OF CHAIRMAN RICHARD C. SHELBY

Chairman Shelby. Good morning. I want to thank the
witnesses for appearing today.
Over the course of the last few months, the Banking
Committee has held numerous hearings on various issues relating
to the Fair Credit Reporting Act.
We have heard testimony regarding the positive changes
which have resulted in cheaper and more widely available
credit. We have also heard from witnesses who have highlighted
some of the troubling practices which occur in today's
marketplace. As a general matter, I think a common element
deserving our careful consideration has emerged from our
hearing process.
Regardless of whether we are talking about the positive or
negative developments in the credit markets, consumer
understanding of these developments, as well as their awareness
of the overall operation of the credit markets, I believe, is
the key. Simply, what people know and understand about finances
I think truly matters.
Considering that informed, knowledgeable consumers have the
best opportunity to take advantage of new credit-related
products and services and are also best able to reduce the
likelihood of falling prey to the negative developments, such
as identity theft or predatory lending. It is very important
for this Committee to get an understanding as to just how much
consumers know and understand about the general operation of
the credit markets.
Furthermore, as the Fair Credit Reporting Act assigns
consumers significant responsibilities with respect to the
content and the control of their credit reports, the Committee
needs to get a better understanding as to the level of consumer
knowledge and understanding of these specific matters.
That is the purpose of today's hearing: Providing Members
of this Committee an opportunity to examine consumer awareness
and understanding of financial and credit-related matters,
generally, and consumer awareness and understanding of their
FCRA rights and responsibilities specifically.
In the end, it is my hope that the record established today
will help guide the Committee's FCRA reauthorization effort. I
want to thank you for coming and appearing today, and we look
forward to your testimony.
Senator Sarbanes.

STATEMENT OF SENATOR PAUL S. SARBANES

Senator Sarbanes. Thank you, Mr. Chairman, for holding this
hearing on consumer awareness and understanding of the credit
granting process. Last year, when I was privileged to chair
this Committee, we held a series of hearings relating to the
issues of financial literacy and education. So, I am
particularly appreciative of the attention you are giving to
this matter.
The credit scoring and reporting system plays a significant
role in most consumers' lives. However, consumer awareness and
understanding of the credit granting process is less than it
should be. I believe that all consumers should have the
knowledge to access their credit score, the ability to access
their score with ease, and the understanding necessary to
realize the importance of their credit score and the impact it
may have on consumer choices they seek to make.
Yesterday, the Consumer Federation of America issued a
study which found the following: 61 percent of all Americans
say their knowledge of credit scores is either fair or poor,
and this figures increases to nearly 70 percent among
households with incomes under $35,000 a year; 75 percent of
Americans, 80 percent of those with incomes below $35,000, say
they do not know what their credit score is; and when asked a
true or false question as to whether applying for a credit card
may lower your credit score, only 37 percent of Americans
answered correctly.
This is indicative that there is a serious need to increase
financial literacy and education among consumers. Actually, a
number of Members of the Senate have taken a strong interest in
this issue, and I particularly want to acknowledge the efforts
of Senators Stabenow and Enzi, as well as Senators Corzine and
Akaka. I know that Senators Stabenow and Enzi are actually
working on a bill right now, as I understand it, and I look
forward to working closely with them and with you, Mr.
Chairman, as well as other Members of the Committee.
Yesterday, I introduced legislation with Senator Corzine,
the Financial Literacy and Education Coordination Act, which,
if passed, would create a more unified and comprehensive
framework to improve the state of financial literacy and
education amongst American consumers. This is a first step.
This would be an effort to have a coordinating committee within
the executive branch of the Government to address the issues of
financial literacy and education. We established such a
committee with respect to the Trade Promotion Coordinating
Committee, and it has worked quite well and brought a
significant improvement, we think, in the coordinated effort
within the executive branch of the Federal Government on trade
promotion. And I am hopeful we could accomplish the same thing
with respect to financial literacy and education.
I thank the witnesses who are here today. Many of them
represent agencies and organizations that have long been
actively involved in efforts to increase financial literacy and
education, and I look forward to their testimony.
Thank you very much.
Chairman Shelby. Thank you.
Senator Bennett.

STATEMENT OF SENATOR ROBERT F. BENNETT

Senator Bennett. Thank you, Mr. Chairman. I recognize that
this is just one in a series of hearings that you have been
holding on this particular issue and this bill, and I
congratulate you for the thoroughness with which you are
examining it. We need to get this one right, and the
opportunity to mess it up in the name of good intentions is
very high.
I remember as a brand new Member of this Committee in 1993,
one of the main issues that we discussed during the time when
Don Riegle was the Chairman of the Committee was credit
availability, particularly to those at the lower end of the
economic scale. And there was a great deal of concern that
financial institutions were not making credit available to
those in the minority community or in the lower economic end of
the scale because they wanted to protect the safety and
soundness of their institutions. Burned by the savings and loan
experience, they wanted to make sure that every loan they made
was absolutely safe, to the point that they were not making
loans. And they preferred to put their money into Government
securities and earn money that way without taking the risk in
the marketplace of making loans.
So the focus of the Committee at that time was on the
question of how loans could be made available, how credit could
be made available across the spectrum of America. My concern,
as I sit through these hearings and listen to some of the
requests being made in the name of more consumer information,
is that we might inadvertently get into the position where we
are once again shutting off credit to that portion of the
economy that badly needs it.
I have often said that the best place to hide a leaf is on
the floor of the forest in open sight, surrounded by all of the
other leaves. It becomes impossible for you to pick it up. Much
of the problems that I have found in life with respect to
disclosure of consumer rights is that we end up hiding a whole
bunch of leaves. We end up with documents that are very thick
and procedures that are very onerous, and we say, well, we are
just making sure they get full disclosure. And that kind of
full disclosure becomes, in effect, nondisclosure because you
cannot pick out of it what really matters and understand what
is really going on.
I am looking forward in this hearing to hear from the
regulators and from the consumer advocates as to what would be
the most meaningful disclosure that would give us transparency
so that the customer understands what is going on and at the
same time not clog up the system with so many ``consumer
protections'' that would end up taking us back to the bad old
days when credit was not available to people who desperately
need it.
I think you have assembled a panel that can address that
issue, and I appreciate your leadership in this entire effort.
Chairman Shelby. Thank you.
Senator Stabenow.

STATEMENT OF SENATOR DEBBIE STABENOW

Senator Stabenow. Thank you, Mr. Chairman, for holding this
hearing. I apologize in advance for having to leave to go to
the floor in a moment, but I did want to be here to say thank
you to those who are speaking, and I look forward to your
testimony and having an opportunity to review your testimony.
As our Ranking Member, Senator Paul Sarbanes mentioned,
there are a number of us that are working on the issues not
only of understanding the credit system but also understanding
financial literacy in total. And I thank Senator Sarbanes, as
well as the Chairman and others for their efforts. Senator Enzi
and I have been working now for a number of months on an
approach to, in fact, bring together all those who provide
financial literacy programs of some kind, as well as a website
and a 1-800 number and other opportunities for people to be
able to go to one spot and be able to get information so that
they can not only get their credit reporting information in
terms of how to access it, but also additional information as
well.
I think it is an important hearing, and hopefully we can
all work together to put this concept into law and be able to
make information more readily available to consumers to be able
to access information and empower them with knowledge that they
need in order to manage their own financial affairs.
Thank you, Mr. Chairman.
Chairman Shelby. Senator Enzi.

STATEMENT OF SENATOR MICHAEL B. ENZI

Senator Enzi. Thank you, Mr. Chairman. I have a complete
statement that I would like to submit for the record.
Chairman Shelby. Without objection, it will be made part of
the record.
I want to thank you so much for holding this hearing today.
We are finally to the heart of fair credit reporting: The
consumer. I really prefer to call them ``customers.'' I think
that elevates them to----
Chairman Shelby. They were your customers, weren't they?
Senator Enzi. Yes.
[Laughter.]
That elevates them to being the heart of the economic
engine, which is what they really are. Without the customer
there isn't an economy. This will bring out some things that
will help us a lot in designing some bills that will help the
customer to get both the credit they need and the credit for
what they do.
There have already been some significant steps in this
area, and I appreciate Senator Sarbanes' efforts last year at
promoting financial literacy. I had an opportunity to do a
little bit of research, and in Wyoming, we have a significant
effort that is being done by Fannie Mae, the Wyoming Community
Development Association, which provides low-cost housing, the
realtors, the bankers, and the credit unions. And that is a
special program that is done on compressed video to a number of
sites around the State at one time so that people can learn the
intricacies of buying a house. If you take the course, you also
get a discount on your loan, so there is some real big
incentive for doing it.
Several thousand people have already taken that, and now
they are looking at moving that down into the high schools as a
part of the curriculum. I think it will make a tremendous
difference to young people, particularly.
I was Mayor of Gillette when it was a boom town. We had a
lot of young people coming to take on the jobs, and even clear
back then they were making $50,000, $60,000 a year, and going
broke. And they did because their parents had all these
different things that they owned, and they were making a lot
less, so the kids went out and bought all of those things at
once, and then found out that the payments were more than their
income.
I tried to find some way to get some credit counseling for
them, and we did that through some associations and through the
credit unions, who have even gone into the schools and put on
classes for kids and organized many banks so that they can have
an emphasis on savings and get a little bit of information on
how credit cards affect them.
So there are some efforts out there, and Senator Stabenow
and I have been working on a bill trying to figure out a way--
and I think we have got it--that people can have an entry ramp
to the information that the Federal Government has on financial
literacy, and that we can make that available to these
customers so that they can be better customers.
I thank you for the part that this will play in the
activity that we are doing.
Thank you.
Chairman Shelby. Thank you, Senator Enzi.
Our panel today, we want to welcome you all again. We have
Ms. Dolores Smith, Director, Division of Consumer and Community
Affairs, the Board of Governors of the Federal Reserve System;
Ms. Donna Gambrell, Deputy Director of Compliance and Consumer
Protection, Federal Deposit Insurance Corporation; Mr. Joel
Winston, Associate Director, Financial Practices Division,
Bureau of Consumer Protection, Federal Trade Commission; Mr.
Travis Plunkett, Legislative Director, Consumer Federation of
America; Ms. Stacey D. Stewart, President and Chief Executive
Officer of the Fannie Mae Foundation; Ms. Cheri St. John, Vice
President of Global Scoring Solutions, Fair Isaac Corporation;
Mr. Scott Hildebrand, Vice President of Direct Marketing
Services, Capital One Financial Corporation.
I welcome all of you here. All of your written statements
will be made part of the record in their entirety. There are
seven of you here. We have six microphones, so somebody will
have to share a little bit. But if you will quickly sum up your
top points, that will enable us to ask you some questions.
Ms. Smith, we will start with you.

STATEMENT OF DOLORES S. SMITH

DIRECTOR, DIVISION OF CONSUMER AND

COMMUNITY AFFAIRS

BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM

Ms. Smith. Thank you, Mr. Chairman.
Mr. Chairman and Members----
Chairman Shelby. Bring your microphone up. You can share it
with her later.
Ms. Smith. Okay. Is that better?
Senator Sarbanes. It would be better if you pulled it quite
close.
Chairman Shelby. A little closer.
Ms. Smith. All right. Mr. Chairman and Members of the
Committee, I appreciate the opportunity to testify on the
significance of maintaining a reliable national credit
reporting system, on the importance of the Fair Credit
Reporting Act to that system, and on the need for consumer
awareness of how the credit reporting system functions and how
it relates to their ability to obtain credit.
As the financial services industry has grown larger,
financial products and services more complex, and the U.S.
population more mobile, it is no longer feasible for
institutions to evaluate the credit standing of consumers based
solely on their direct experiences with consumers. Centralized
consumer reporting agencies have evolved to provide a
repository of credit history information that can be accessed
by creditors to evaluate prospective borrowers. This national
credit reporting system provides creditors with an efficient
and cost-effective method of obtaining data for credit
decisionmaking and consumers with increased credit
availability.
The data are limited on what consumers understand about the
national reporting system, the credit granting process, and how
their credit report relates to that process. There is anecdotal
evidence that consumers are generally aware of the terms
``credit scoring'' or ``credit rating,'' but they are less
clear how credit scores are used in credit granting. The
national credit reporting system has become invaluable to
creditors for assessing consumers' creditworthiness. Thus, it
is crucial that consumers understand how this system operates
and how it impacts their access to credit. Educated consumers
who make informed decisions about credit are essential to an
efficient and effective marketplace. Consumers who understand
how their credit-risk profile relates to credit rates and terms
can better determine which credit product best suits their
needs.
Participation in the U.S. credit reporting system is
voluntary. Creditors are not required to obtain consumer
reports before making credit decisions, although most creditors
rely on consumer reports for risk management. Creditors are not
required to furnish information to consumer reporting agencies.
But if they do, the information they furnish must be accurate.
The Fair Credit Reporting Act contains important consumer
rights and protections. Several are designed to promote
accuracy in consumer reports. For example, the right to receive
notice if information in a consumer report has resulted in
adverse action enables consumers to check the accuracy of
information in their credit reports and to dispute the accuracy
or completeness of any items of information. Other consumer
rights and protections are designed to protect consumer
privacy.
The ready availability of accurate, up-to-date credit
information from consumer reporting agencies benefits both
creditors and consumers. Information from credit reports gives
creditors the ability to make credit decisions quickly and in a
fair, safe and sound, and cost-effective manner. Consumers
benefit from access to credit from different sources, the
competition among creditors, quick decisions on credit
applications, and reasonable costs for credit.
The FCRA promotes the national credit system in important
ways. Perhaps most significantly, the availability of
standardized consumer reports, containing nationally uniform
data, allows banks to make prudent credit decisions efficiently
wherever they do business and wherever their customers live and
work.
Consumer financial education plays an important role in
helping consumers understand the national credit system. In
particular, consumers need to be more aware that the accuracy
and completeness of information in their credit files affects
the pricing and availability of credit. Markets operate more
efficiently when consumers are well-informed.
The Federal Reserve System recently launched a financial
education initiative to encourage consumers to learn more about
personal financial management. The objective of this nationwide
initiative is to highlight the benefits of financial education
and provide information on resources available to consumers for
assistance in managing their finances.
The Committee is to be commended for undertaking an
examination of the Fair Credit Reporting Act and related issues
at this important juncture. In conducting this examination, it
is important to work to maintain a viable national credit
system that preserves and expands reasonable access to credit
and to promote consumers' understanding and awareness of the
credit reporting system and of its impact on their ability to
obtain credit and the pricing of that credit.
Thank you.
Chairman Shelby. Ms. Gambrell.

STATEMENT OF DONNA GAMBRELL

DEPUTY DIRECTOR FOR COMPLIANCE AND

CONSUMER PROTECTION

DIVISION OF SUPERVISION AND CONSUMER PROTECTION

FEDERAL DEPOSIT INSURANCE CORPORATION

Ms. Gambrell. Chairman Shelby, Senator Sarbanes, and
Members of the Committee, thank you for inviting me to testify
on behalf of the Federal Deposit Insurance Corporation. The
FDIC has been closely following the hearings of the Fair Credit
Reporting Act and related issues. At stake are matters that
affect both individual consumers and the manner in which the
Nation's economy operates. FDIC Chairman Don Powell has stated
his support for making the expiring FCRA preemption provisions
permanent. We thank you for your careful consideration of these
important issues.
We also commend the Committee's attention to the difficult
problems associated with combating identity theft. For its
part, the FDIC is coordinating an effort among the Federal
financial institution regulators to publish guidance on
measures that should be taken when security breaches occur that
may lead to identity theft.
It is the FDIC's commitment to consumer protection that
compelled the Agency to assess ways in which a segment of our
society could gain greater access to the financial mainstream.
Policymakers and financial institutions alike have made
commendable
efforts to broaden the scope of banking products for low- and
moderate-income people. However, many families still fall
outside of the financial mainstream and do not maintain
traditional bank credit, savings, or investment accounts.
According to conservative figures, nearly 10 percent of U.S.
families do not have banking
relationships.
Several studies have shown that financial education efforts
can raise consumer awareness, foster positive changes in
behaviors, and better equip consumers to operate within the
financial arena. We share that point of view.
The FDIC introduced Money Smart, a 10-module training
curriculum, in the summer of 2001 to help low- and moderate-
income adults better understand the basics of banking. We
designed Money Smart to be easy to teach and easy to learn. It
can be taught in its entirety or in single units. Money Smart
is free and has no copyright restrictions, so organizations
desiring to use the program can reproduce and use the training
materials as needed. Also, banks can get Community Reinvestment
Act credit for their involvement in offering Money Smart
classes in their communities.
Because immigrant populations represent a significantly
underserved market, we have translated Money Smart into
Spanish, Chinese, and Korean, and we will have a Vietnamese
translation by the end of this year.
To date, we have provided more than 22,000 organizations
across the country with over 75,000 copies of Money Smart.
While we are pleased with these numbers, Chairman Powell has
set an even more aggressive goal for the next 4 years,
including: one, exposing 1 million consumers to our financial
education program; and, two, linking Money Smart to wealth-
building and asset accumulation programs, such as homeownership
initiatives and individual development accounts. We are
committed to meeting this goal.
We believe that a critical factor in the success of Money
Smart has been our emphasis on working through our regional
community affairs staff with local organizations that are best
situated to bring Money Smart to those who can benefit from it.
To date, over 340 organizations throughout the country, in both
urban and rural communities, have joined our Money Smart
Alliance as local partners, and 20 major private and public
sector organizations have joined as national partners. These
entities represent a wide spectrum of delivery systems for our
financial education program: Housing and social service
agencies, financial institutions, colleges and universities,
community organizations, as well as Government, faith-based,
and employment organizations.
As an example, under a partnership agreement with the
Neighborhood Reinvestment Corporation, Money Smart has been
used to train over 5,500 students in 39 cities over the past
year. These students primarily are low-income consumers,
minorities, or women who are potential homebuyers or existing
homeowners having problems making ends meet.
We recognize the long-term success of Money Smart is
largely dependent on our ability to set measurable goals for
the program and monitor our results on an ongoing basis.
Recently, we completed a large-scale survey effort. Based on
preliminary results, we estimate that the number of
participants who have completed at least one Money Smart module
to date exceeds 100,000. The survey also indicates that over
13,000 Money Smart participants went on to initiate a banking
relationship as a result of the program.
We have a great banking system in this country. We also
have a credit market that is the envy of the world, and we
believe everyone should have an opportunity to participate.
With Money Smart, we believe we have the means to raise
consumer awareness about bank services, credit, budgeting, and
savings, and to offer financial alternatives to the most needy
in our society.
Thank you for giving me the opportunity to testify before
you this morning on this critically important topic. I look
forward to answering any questions you might have. I also make
the offer on behalf of Chairman Powell to assist any Senator
interested in looking into establishing Money Smart programs
for their communities.
Thank you.
Chairman Shelby. Mr. Winston.

STATEMENT OF JOEL WINSTON
ASSOCIATE DIRECTOR, FINANCIAL PRACTICES DIVISION
BUREAU OF CONSUMER PROTECTION

U.S. FEDERAL TRADE COMMISSION

Mr. Winston. Mr. Chairman, Senator Sarbanes, Members of the
Committee, I am pleased to appear today to discuss financial
literacy as it relates to credit reporting and credit granting.
As others have said, this is a vitally important subject
because our economic system and the welfare of our consumers
depend on knowledgeable consumers making well-informed
decisions about their finances.
I should note that the views expressed in my written
testimony represent those of the Commission, but my oral
presentation and answers to questions are my own.
The Commission has a great deal of experience through its
law enforcement and education activities in assessing the level
of consumer knowledge in this area. Unfortunately, what we have
observed is consistent with the Consumer Federation study that
came out yesterday; that is, many consumers have limited
knowledge of how our credit system works. They may not realize
that their
financial information is compiled and used not only by just
creditors but also by employers, insurers, landlords, and
others. They may not know how this information affects their
ability to get a loan, insurance, or a job. They may not
understand what rights they have to ensure that the information
is accurate. And as you mentioned earlier, Mr. Chairman,
knowledgeable consumers are especially important here because
the Fair Credit Reporting Act relies, in important ways, on the
vigilance of consumers in protecting their rights. Uninformed
consumers may not take the steps they should to improve their
credit ratings or correct errors.
I would like to talk briefly about the FTC's consumer
education program, and I brought along some samples, including
our most recent publication called ``Getting Credit,'' a primer
that will be distributed to community colleges around the
country, as well as in many other venues. And we have other
things which are available in the back ranging from
refrigerator magnets to bookmarks to brochures of every type on
credit topics.
Senator Sarbanes. Where are those located?
Mr. Winston. I believe they are just outside on the table,
and we have a number of copies.
Consumer education is among our most important tools in the
fight against fraud and deception. Overall, we have over 30
publications on credit issues available directly from the FTC
and through a variety of partner organizations. Many of them
are in Spanish, as well as English.
Credit publications have consistently been among our most
popular items with annual distribution in the millions. At the
same time we have partnered with many outside organizations to
improve consumers' understanding of credit, ranging from the
CFA to the Jump$tart Coalition to the Department of Defense.
For example, our Northeast Office works with colleges and
universities in an effort called Project Credit Smarts, in
which we make presentations and distribute credit-related
publications during student orientation sessions.
Our identity theft program is another way in which we
educate consumers about credit. One of the most devastating
consequences of identity theft is the damage that it causes to
the victim's credit record. We offer publications with tips on
how to avoid identity theft and what to do if it happens, and
these publications have been extremely popular.
We should also remember that the FCRA itself serves an
important educational function. Perhaps most important, the law
requires that users of credit reports notify consumers when
they take adverse action based on information in a report. The
notice must tell consumers what credit bureau supplied the
report, and advise consumers of their rights to a free copy of
that report, and to dispute the accuracy of the information in
it. Consumers get this information when they are motivated to
act on it.
The FTC's legislative recommendations about which Chairman
Muris testified before this Committee on July 10, would result
in better educated consumers. Our proposals would put more
information in consumers' hands by first expanding consumers'
rights to adverse action notices when they are offered less
favorable credit terms; second, making annual credit reports
available at no charge; third, giving consumers more
information about their credit scores, along with explanatory
materials; and fourth, making it easier for consumers to
correct errors in their report.
Thank you for the opportunity to discuss this important
subject, and I will be happy to answer any questions you may
have.
Chairman Shelby. Mr. Plunkett.

STATEMENT OF TRAVIS B. PLUNKETT

LEGISLATIVE DIRECTOR

CONSUMER FEDERATION OF AMERICA

Mr. Plunkett. Good morning. Chairman Shelby, Ranking Member
Sarbanes, and the Members of this Committee, my name is Travis
Plunkett, and I am the Legislative Director of the Consumer
Federation of America. I applaud the Committee for conducting a
hearing on such an important and little understood subject.
In response to the invitation to testify here today, the
Consumer Federation of America commissioned a study about
consumer knowledge of credit reports and credit scores, and
about the level of public support for a variety of protections
that this Committee may consider. More than a thousand adults
were interviewed. Overall the survey found that a large number
of Americans not only do not understand basic facts about
credit scores and reports, but also admit their lack of
knowledge about this subject. That is a finding that you
sometimes do not find in these kinds of public surveys, that
people acknowledge their lack of understanding and then show
it. An important finding of the survey is that low- and
moderate-income Americans--who tend to pay the highest price
for credit and are the most vulnerable to inaccurate credit
scores--are the least knowledgeable about credit reports and
credit scores.
We also found that a breathtaking number of Americans
believe they need greater credit reporting rights. They want
easier access to their credit reports and scores, greater
protections against privacy and credit reporting abuses, and
the right to go after lenders in court who repeatedly make
grievous reporting errors.
Let me give you some details. First, in questioning
Americans about what they say they know, 50 percent said their
knowledge of credit reports was fair or poor. While, 61 percent
said they had a fair or poor awareness of credit scores. Lower-
income Americans are the most likely to believe that their
understanding is not good. More than 60 percent of those in
households with incomes under $35,000 a year said their
knowledge of credit reports was fair or poor. That number rose
to 70 percent for credit scores. Young adults were also likely
to say that their knowledge was not good. Sixty two percent
said their awareness of credit reports was fair or poor, 78
percent for credit scores.
Now we get to the second part. We tested actual consumer
knowledge about credit reports and scores, and the results were
no better. Only 25 percent of Americans and less than 20
percent with incomes below $35,000 said they knew what their
credit score was. Forty three percent of Americans, and only 35
percent of those with incomes under $35,000 a year, said they
had obtained a copy of their credit report from the three
credit bureaus in the past 2 years. On the pop quiz portion of
the survey, only 3 percent of Americans could, unprompted, name
the three main credit bureaus. I am not sure we'd get a better
response in this room either.
The survey also tested consumer knowledge using a series of
true/false questions. The good news is that large majorities
know that consumers have the right to see their credit report,
and that consumers who fail to qualify for a loan have the
right to a free credit report. Now the bad news, a majority of
Americans did not know several important facts: That in most
States they must pay a fee to obtain their credit report; that
their credit score may be lowered if they use all of the credit
available on their credit card; that their credit score may be
lowered if they apply for a credit card; and that they are not
required to contact their lenders if they believe their credit
report or score is inaccurate. As you all know, they must go to
the credit bureau. Also, 27 percent incorrectly believe that
their credit score mainly measures their knowledge of consumer
credit as opposed to their creditworthiness.
We also found that a large number of Americans are unaware
that credit scores are increasingly being used by electric
utilities, insurers, landlords, and cellular telephone
companies to decide whether they can purchase a service and at
what price. By comparison, only 13 percent did not know that
credit cards used credit scores, credit card companies I should
say.
Finally, we questioned Americans about their opinions on
new consumer protections that are being floated in Congress. We
found overwhelming support, generally at the 80 to 95 percent
level for a number of reforms, requiring credit bureaus to
better verify identities on credit applications in order to
reduce identity theft; allowing consumers to obtain a free
credit report and credit score once a year from the three main
credit bureaus upon request; requiring lenders to give
consumers who are denied a loan or charged a high rate, a free
copy of the credit report and the score used as the basis for
the lender's decision; requiring banks to obtain a consumer's
permission before sharing financial information with
affiliates; prohibiting the use of medical information to make
credit decisions without a consumer's consent; and allowing
consumers to sue lenders who knowingly provide credit bureaus
with incorrect, damaging information. When quizzed about the
practice of credit card companies raising interest rates for a
problem, a credit problem with another lender, Americans
overwhelmingly opposed that practice.
I have summarized the findings of this survey. My written
testimony also includes a number of public policy
recommendations on how to deal with some of the findings of the
survey and what they lead to.
Let me close by talking about one other finding and
conclusion based on our survey. The survey also points to the
need for a long-term strategy to boost general financial
awareness and to improve financial decisionmaking by Americans.
Thankfully, Senators Sarbanes, Shelby, Stabenow, Enzi, and
Akaka have all shown a great deal of interest in improving
financial education efforts in this country. For instance,
Senator Sarbanes recently introduced his bill to create a
Financial Literacy and Education and Coordinating Committee
within the Department of the Treasury. We think this proposal
has great merit, and we support it. We would also encourage
this Committee to look at broader solutions to improving
financial literacy throughout this country over the long term.
Thank you.
Chairman Shelby. Ms. Stewart.

STATEMENT OF STACEY D. STEWART

PRESIDENT AND CHIEF EXECUTIVE OFFICER

FANNIE MAE FOUNDATION

Ms. Stewart. Mr. Chairman, Ranking Member Sarbanes, and
Members of the Committee, good morning. My name is Stacey
Stewart. I am the President and CEO of the Fannie Mae
Foundation. As you may know, the Fannie Mae Foundation is a
separate organization from Fannie Mae, though funded
exclusively by Fannie Mae. It is an honor to have this
opportunity to address the Committee.
The mission of the Fannie Mae Foundation is to give more
Americans access to homeownership and all Americans access to
decent, safe, and affordable housing. We are driven by the
conviction that the expansion of homeownership is both an
economic and ethical imperative. It is a matter of both fiscal
health and social justice.
We are, therefore, grateful for this opportunity to discuss
the Foundation's activities in promoting financial literacy. As
we guide people down the pathway to homeownership, we try hard
to help them understand the critical importance of acquiring
and maintaining good credit.
Research, anecdotal evidence, and reports from the many
national and community-based organizations with which we work
all tell us the same unsettling story. Far too many consumers,
and far too many aspiring homeowners, do not understand the
link between good credit and their ability to get a home
mortgage.
In a survey the Fannie Mae Foundation commissioned in 1999,
almost 70 percent of African-Americans and Hispanic-Americans
expressed a belief that paying their bills late would represent
only a minor problem or no problem at all in obtaining a
mortgage.
More recent research tells us that 40 percent of all
African-Americans and 60 percent of Hispanic-Americans believe
you need a perfect credit rating in order to qualify for a
mortgage, and roughly 40 percent of minorities believe that you
need a 20 percent downpayment in order to buy a home. As those
of you before me know, of course, none of these beliefs are
true.
Yet the problems run even deeper. The sunshine provisions
of the Fair Credit Reporting Act also are not well understood.
In 2002, the Fannie Mae Foundation helped fund research among
high school seniors to understand where and how to start
encouraging financial literacy. Sixty percent of the
respondents did not know the conditions under which they could
access their credit report. I think you might find this
particularly interesting, Mr. Chairman: more than 12 percent of
those graduating seniors expressed the view that one's credit
record is the property of the U.S. Government and can be viewed
only by the FBI and lenders.
This suggests a problem that goes far beyond fair credit
reporting. It suggests we must do more to overcome the
information deficit that remains the most formidable barrier to
financial literacy.
Up to this point, I have focused on consumers who
misunderstand credit, how it is reported, and what that means
for them. But there is a large and growing number of our
citizens who are simply excluded from the credit reporting
system.
This is a huge concern. Millions of Americans are operating
outside of the country's mainstream financial system. They do
not have meaningful credit records, and they do not have the
opportunity to benefit from timely payment of crucial monthly
charges, such as rent and utility bills.
Without a record of their responsible payment history,
these Americans cannot secure credit from mainstream financial
institutions. As a result, many turn to high-cost, alternative
financial services. In fact, according to the GAO, 22 million
households lack as basic a financial service as a bank account.
How likely is it that consumers who lack even a basic bank
account understand credit reporting systems? These consumers
pay high fees for credit from alternative lenders and then
receive no benefit in mainstream financial institutions for
repaying those loans on time because such transactions are not
captured by the mainstream credit reporting system.
Information such as this defines our challenge, and it
explains why consumer education initiatives are at the heart of
the Fannie Mae Foundation's agenda. Our financial literacy
efforts are designed to give Americans the information they
need to take control of their financial future.
In 2002 alone, more than 800,000 individuals requested or
downloaded our free instructional guides on credit and the
homebuying process. Since 1993, we have made these guides
available in 9 languages and have delivered them to more than
14 million Americans. Our 30-minute instructional video,
``Knowing and Understanding Your Credit,'' and its Spanish-
language counterpart that aired on Black Entertainment
Television and Telemundo affiliates, respectively, throughout
the Nation in 2002. Our foundation invests $3 million annually
in the most effective homeownership and credit education
providers around the country. We have also launched research to
improve the design and the delivery of these services. And we
are funding promising research aimed at producing innovative
strategies for bringing mainstream financial services into
underserved and overlooked communities.
At the Fannie Mae Foundation, we are very proud of our
consumer outreach initiatives, but we know we must do more, and
we are committed to doing so with an abiding understanding of
our responsibility to lift Americans out of the darkness of
financial illiteracy into the light of financial opportunity. I
am confident that this Committee shares our commitment.
To expand homeownership and help millions of low- and
moderate-income Americans build assets. We must enhance their
understanding of credit and the relationship between credit
reporting and their ability to secure a mortgage. This is an
essential step in helping all of our citizens become active and
knowledgeable participants in the financial life of our Nation.
It is also the first in helping low- and moderate-income
Americans fully participate in the American economy and,
ultimately, the American Dream.
Mr. Chairman, I thank you, and I will be happy to answer
any questions the Committee may have.
Chairman Shelby. Ms. St. John.

STATEMENT OF CHERI ST. JOHN

VICE PRESIDENT OF GLOBAL SCORING SOLUTIONS

FAIR ISAAC CORPORATION

Ms. St. John. Mr. Chairman, Members of the Committee, my
name is Cheri St. John, and I am the Vice President of Global
Scoring Solutions for Fair Isaac Corporation. Thank you for the
opportunity to testify about what Fair Isaac is doing to
improve consumer understanding and awareness of the credit
granting process and what can be done to make even more usable
information available to consumers.
Fair Isaac invented statistically based credit risk
evaluation systems, commonly called credit scoring systems.
Thousands of credit grantors use the scores known as FICO
scores, generated by Fair Isaac scoring systems, implemented at
the three national credit reporting agencies.
There are many different kinds of credit scores. The most
well known are the credit risk scores, developed by Fair Isaac,
known as FICO scores and widely distributed to lenders by the
three national credit bureaus. In addition, there are broad-
based credit scores developed by each of the three bureaus and
third-party developers. There are custom scores, scores for
specific industries, and there are scores distributed primarily
to the consumer market.
There are three main points I would like to highlight
today. Point one: Although there is a lot of educational
information already available to consumers, we need to work
together to let them know it is there. As credit scoring has
grown, Fair Isaac has responded by providing consumers with the
information they need to understand credit scoring and to use
that to take control of their credit health. We started in June
2000 by publicizing all of the factors used in the FICO scores.
Nine months later, consumers could get their own FICO score and
the accompanying underlying credit report, as well as a
complete explanation of their personal FICO score. Since then,
our FICO score simulator and many additional services have been
added to Fair Isaac's website, www.myfico.com.
Free information has been available to consumers at that
website since its inception, including a weighting of the
credit report factors in the FICO scores so that consumers know
what events or behaviors have the greatest influence on the
scores in general. It indicates what information is not
included in the FICO scores and offers free advice on what
actions consumers should take or avoid taking to improve FICO
scores over time. There is too much information on the website
to describe here, or even in our written statement, so I urge
you to visit www.myfico.com to see for yourselves the breadth
and quality of the information available there.
Fair Isaac also makes information available about FICO
scores by U.S. Mail, and collaborates with Equifax and
TransUnion to make information available to consumers directly
from those two agencies. The information is there. We all need
to work together to help consumers know where to get the
information that will help the most.
Point two: To be well-educated, consumers must know and
understand the credit score lenders are using to evaluate them.
Colleges typically use the SAT score to evaluate students who
apply for admission. Students know this, and use that same
score to decide where to apply or which colleges might accept
them. Although a different aptitude test might provide the
student with some useful information, prospective students get
the greatest benefit from knowing their own SAT score,
empowering them to judge for themselves how they may be viewed
by a college admissions office. The same is true for credit
scores. Consumers should know and understand the credit score
that lenders use.
Point three: Score disclosure legislation should require
agencies to provide the broad-based credit score the agency
most widely distributes to lenders and give consumers the right
to choose a different score that is widely distributed.
We have made a good start at educating the American
consumer about the credit granting process, but more can be
done. Credit scoring can be confusing and it becomes more
confusing if the consumer gets one score when the lender uses
something else. If, as we suggest, mandatory score disclosure
gives the consumer the choice and defaults to the score that
the agency distributes most widely to lenders, the consumer is
in charge rather than the agency or the score developer.
Furthermore, the uninformed consumer who needs help the most is
likely to get a useful score, by defaulting to the score the
agency distributes most widely to lenders.
In conclusion, there is much valuable information about
credit scoring available to consumers as a paid service and
free. Consumer education will be improved if consumers can get
the scores most widely distributed to lenders or another score
of their choice.
I thank you for the opportunity to share Fair Isaac's
expertise and experience in this important area and I would be
happy to answer your questions.
Chairman Shelby. Mr. Hildebrand.

STATEMENT OF SCOTT HILDEBRAND

VICE PRESIDENT, DIRECT MARKETING SERVICES

CAPITAL ONE FINANCIAL CORPORATION

Mr. Hildebrand. Chairman Shelby, Ranking Member Sarbanes,
Members of the Committee, my name is Scott Hildebrand, and I am
appearing before you on behalf of the Capital One Financial
Corporation, where I serve in the capacity as Vice President of
Direct Marketing Services. On behalf of Capital One, let me
express my thanks to you for your leadership you have shown on
this issue.
Capital One is one of the 10 largest credit card issuers in
the Nation, and a diversified financial services company with
over 45 million customers and $60 billion in loans outstanding.
At Capital One, we believe that a thorough understanding of
financial matters not only helps consumers to make better
decisions, but also helps to ensure the continued health of the
financial services industry. We are not successful if our
customers fail to manage their personal finances effectively,
and thus are unable to meet their credit obligations.
Capital One believes that clear communications about its
products and services is important to maintaining successful
relationships. Our best channel and our most direct vehicle for
reaching out to our cardholders is their monthly statement. We
include financial tips that are pertinent to their account in
prominent locations on the statement where it is likely to be
noticed.
Understanding that Capital One may be the first credit card
for many cardholders, we built financial education into all
product touchpoints. Upon activation of the card, these
cardholders receive a welcome booklet explaining the ins and
outs of credit. Our message focuses on the importance of
building a positive credit history.
During the first year with Capital One, cardholders receive
quarterly reminders about the importance of maintaining good
credit habits. Created with Myvesta.org and Jump$tart Coalition
for Personal Finance, these reminders provide more detailed
information on numerous personal finance topics. For other
customers we place the financial toolbox on Capital One's
website, which includes guides, articles, and calculators to
give consumers a better understanding of how to use our
products.
We also believe it is important to reach out beyond our
customer base. Several years ago, we undertook a major
corporate initiative to develop a financial education program.
Following the Capital One method of doing business, we started
by surveying the market to assess the delivery and methodology
used by financial education programs. As a result of our
research, we initially decided to focus on those most in need,
lower-income and underbanked populations. As a result, we
decided the best approach would be to find a strong, nonprofit
organization with who we could partner. We contacted Consumer
Action.
Since beginning our partnership, we have developed a highly
effective collaboration that has produced measurable results.
Capital One has donated approximately $1\1/4\ million to create
and implement MoneyWi$e, a program that offers straightforward
easy-to-read information to address financial responsibility.
Together, we have created a four-part series of MoneyWi$e
educational materials that provide the basic building blocks
for developing and honing personal finance skills. These
include: Building good credit, credit repair, basic banking,
and basic budgeting.
Capital One's financial support of this program ensures
that these materials are provided to nonprofit organizations
and consumers free of charge. The materials are also available
in four languages in addition to English including Spanish,
Chinese, Korean, and Vietnamese. This ensures that we are able
to reach immigrant groups, many of which have had negative
experiences with banks in their home countries and are
vulnerable to unscrupulous financial service providers.
Five years ago, we joined Jump$tart. The premise behind our
support of this program is simple. We believe in their mission
to teach financial education in the public schools. Based on
this belief, we provided financial support for the integration
of Jump$tart's Money Math Curriculum into the Virginia school
standards.
Capital One has developed a unique method to reach college
students. We decided to experiment with a method that utilizes
students' relationships with their peers. Last year, we piloted
MoneyWi$e for college students, a train-the-trainer program
that teaches college students how to become ``money mentors''
and to deliver personal finance curricula to other students.
Currently, the program is delivered on three college campuses,
including the University of South Florida, Texas A&M, and
Washington State. Because of the success of this test, we are
currently in talks to expand the program to additional schools
this fall including the University of Maryland, Penn State and
the University of Alabama.
The workshops cover a broad range of topics from how to
maintain a checking account to understanding credit reports.
The program results have been impressive with 100 percent of
participants willing to recommend the program to other
students.
At Capital One, we believe in the principle that knowledge
is power. Our products work best if our consumers manage their
finances responsibly. For us, educated consumers, customers who
know their annual percentage rate they are paying, who know
when their bills are due, and who know and understand how to
manage the products we offer, are our best customers.
Mr. Chairman, Ranking Member Sarbanes and Members of the
Committee, thank you again for the opportunity to testify
before you today. I will be happy to answer any questions you
may have.
Chairman Shelby. I want to thank all of you.
Mr. Plunkett, I am going to ask you this question. First, I
am going to make a statement.
The Consumer Federation survey results indicate that there
is a troubling lack of awareness regarding many crucial
financial matters. One of the things that I am concerned about
is the seeming lack of understanding consumers have about the
fact that creditors make decisions about them based on their
entire credit profile. I think the results of one of your
survey questions indicate that most consumers do not recognize
that simply applying for or obtaining an additional credit card
can have negative consequences for their credit score.
Mr. Plunkett, how can we improve consumer understanding of
the fact that creditors look beyond their credit history and
examine their whole credit profile?
Mr. Plunkett. Senator, we have two suggestions in our
written testimony, one broad and one narrow. The first is to
get consumers more information up front so that they can
prevent problems before they occur, and this goes to their
recommendations for a free credit report annually upon request
and a free credit score annually upon request. This is a slow
process, but as access to this information is improved, as
consumers use it more, as they are allowed to prevent problems
before they occur, they will slowly learn more about the
factors that are used in considering their credit history.
The second set of recommendations are very targeted, and
they go to improving the dispute resolution process so that
when consumers have what educators might call a teachable
moment, that is, they are about to be denied credit, they get
information at that time from the lender about this situation.
They get their credit report. They are allowed to look at that
and correct errors.
You are touching on an even broader issue, which is that
experience and transaction information is used as part of a
credit profile to market to consumers, to develop new products,
et cetera. My view is that the more consumers get access to
their actual credit report and score, the more we engage them
in this information, the more we talk about the variety of
purpose for which creditors use this information, as you are
intimating, it is not just the granting of credit that is
involved, the more we can raise awareness of consumer knowledge
there.
And also, the thing to do of course is to give them the
protection that you have been advocating for years, which is
the ability to say no to the sharing of this information,
especially among financial affiliates. That more than anything
is going to confront them with a choice. The financial
institution is going to make the pitch. They are going to say,
this is why this information is good for us to share. This is
how it helps you. And whether it is an opt in or an opt out,
that decision, more than anything, will educate the consumer
about what this information is being used for, and then they
will be able to make a decision about whether they want it
shared or not.
Chairman Shelby. Ms. Stewart, what do you think is the best
method to expand consumer awareness of how the credit system
evaluates them?
Ms. Stewart. Obviously, the need to increase awareness
among consumers is vital. It is important for those that are
particularly not in the credit reporting system right now to
understand what it would take for them to actually get into the
credit reporting system, and not only establish good credit but
also maintain good credit over the long term. That is why we
invest so much of our resources into building educational
support systems that would provide this kind of information to
consumers.
The thing that is most important for the Fannie Mae
Foundation though is making the distinction between having an
established credit record and people that are creditworthy.
What we find----
Chairman Shelby. Two different things.
Ms. Stewart. Those are two different things. As I mentioned
earlier in my testimony, there are 22 million households who
are unbanked, who have no relationship with a financial
institution, and therefore have a much more difficult time
establishing a credit record. That is 56 million individuals in
this country. We believe it is very important to figure out how
to move those 56 million people into the mainstream of
financial activity in this country. One of the things that we
provide in our ``Knowing and Understanding Your Credit''
brochure, which we provided copies of to the Committee, * is
how to begin talking to a lender about nontraditional sources
of credit, rent, utilities, other kinds of sources of credit
that could actually bolster one's own discussion with a lender
or a credit provider about one's creditworthiness, so that in
case some credit information is not captured in a credit
history, there is still a way for an individual to make a case
that they are still a creditworthy individual. So there is a
bit of awareness in education that is provided, but there is
also some empowerment by consumers that we think we can do more
of.
---------------------------------------------------------------------------
* Held in Senate Banking Committee files.
---------------------------------------------------------------------------
Chairman Shelby. Thank you.
Senator Sarbanes.
Senator Sarbanes. Thank you, Mr. Chairman. This has been an
extremely interesting panel, and I think it underscores in many
respects the difficulty of the problem we are trying to deal
with.
Actually, Ms. St. John, I like the logical construct you
used in your statement. You said first, the information is
there, but we have to show the consumer how to get it, and
obviously we need to look at the premise of that, whether the
information is there in all instances or whether there is more,
but it is quite a reasonable point. It is there. Are they
gaining access to it? And then your next logical point which I
thought was extremely important is, how can the consumer
understand the information that they get? I am struck by all of
this material from the FTC that is in that plastic bag there,
that we have a set of. I note that identity theft is obviously
a fast-growing problem because there is a lot of material in
here on identity theft. So, I think that underscores that
issue.
There is an awful lot of material here. But, one, how does
a consumer get it, and then what use is a consumer able to make
of it? I mean do they really understand it? How do we do that
education process?
I just want to ask first though some questions about the
information they can get to begin with, to go right back to the
premise. Mr. Winston, you stated in your testimony that FCRA
itself serves an important educational function. Perhaps, most
important, the law requires that lenders and other users of
credit reports notify consumers when they take adverse action
based on information from a credit report. So then the consumer
knows that they are getting an adverse action because of their
credit report. They are able to check their credit report to
see whether the information upon which this is based is
accurate.
But Ms. Smith noted when a consumer accepts a creditor's
offer of credit, even on different terms from those that were
requested, an adverse action notice is not required. Of course,
that raises a question whether an adverse action notice should
be required when a consumer is denied the best credit rate
offered by a company. In that situation, it is not a rejection
of credit. It is putting them in a higher credit payment
situation. What is your view on if they are offered less credit
at less than most favorable terms, whether that is an adverse
offer and should require an adverse notice.
Mr. Winston. Under current law, it would require an adverse
action notice if you got less favorable terms unless there were
a counteroffer that you accepted in the credit situation. There
is that caveat there. We have proposed that that be changed,
that the Commission be given rulemaking authority to close that
loophole because we believe it is a loophole. We think that in
an era of risk-based pricing where very few consumers are
actually turned down any more, but instead you get a higher
rate or less favorable terms, that is the adverse action
consumers should be informed of and given a right to look at
their credit report and dispute any errors.
Senator Sarbanes. Mr. Plunkett, did you want to add to
that?
Mr. Plunkett. That is an extremely important proposal. It
goes to the heart of modernizing the Fair Credit Reporting Act
for consumers given the trend in risk-based pricing. These days
people with slightly blemished credit are much more likely to
be offered a credit card or a mortgage loan at a higher
interest rate, maybe with higher fees, than they are to be
turned down. This goes to Senator Bennett's point. Instead of
throwing information at consumers, let us let them know that
they are not being offered the most favorable rate because of a
blemish on their credit. Let us eliminate the counteroffer
loophole and tell them this up front. Then that will trigger
their FCRA rights to get the credit report and to check for
problems.
Senator Sarbanes. Is there anyone at the table who
disagrees with this?
Ms. Smith. I have a question as to the implementation of
such a rule. Let me say that this rule comes from Regulation B
because the application of the adverse action notice
requirements on Fair Credit Reporting parallel, by law, the
ones that we have under the Board's Regulation B. Basically,
the position that is taken in the Regulation is one that was
set certainly in the days before risk-based pricing, and it was
set both to give a bright-line test for when is an adverse
action notice required or when is it triggered? Then also to
avoid confusion on the part of a consumer who might receive a
credit card, for example, in the counteroffer situation, and
then simultaneously receive an adverse action notice saying
your credit was granted but it somehow suffered because of
information in your credit report or information about you and
your credit experiences. So that is the context in which it was
established.
If the rule is changed, I think that there would be some
practical difficulties in determining what exactly represents
an adverse or an unfavorable term in the sense that with risk-
based pricing, where you do have complexity in the pricing
structure, where you have ranges--the example I used in the
statement was from 7.9 to 14.9. And if someone receives the
8.9, because it is not the most favorable, the person would
receive an adverse action notice.
I guess I also have a question as to practical impact in
the sense that if someone receives a notice saying that they
did not receive the most favorable rate based on information in
their credit report, how likely is that individual to follow
up? They will have the opportunity and be alerted that there is
information in their credit report. The question is how likely
is someone who knows that he or she has a credit history that
is not stellar, that does have some blemishes, to follow up by
asking for the credit report? It is only an issue of the likely
impact that it might have, so certainly making credit reports
available is something that would be valuable to the consumer.
Mr. Winston. If I might just respond to that. I agree with
Ms. Smith that there are complexities, and we want to avoid a
situation where in essence everyone is getting an adverse
action notice because no one ever gets the absolute best rate,
but I think those are complications that can be resolved
through a fact-gathering process and a rulemaking.
I do not think it is necessary that the adverse action
notice be negative in the sense of we have done something bad
to you. It can simply be a statement of fact that we looked at
your credit report, and something in that report resulted in
you getting the offer that you got. It just triggers in the
consumer's mind that this factored into their decision, and
that is where I think the educational function comes in. I
think there are a lot of consumers out there who apply for a
loan, are offered 7 percent, and have no idea that it was not 6
percent because of their credit report. It would never even
occur to them. I think consumers in that situation should be
told that the credit report was factored in, you have a right
to get it, and here are your rights, so that particular
consumer can check and make sure there are not mistakes. I
think that can be done through a rulemaking in a way that makes
sense and balances these different interests.
Senator Sarbanes. Of course, the other thing is even if
they check it and there is no mistake, it drives home to the
consumer the lesson that they need to pay attention to their
credit record. Otherwise, it is going to have an adverse impact
on their financial situation. That is part of the educational
function, as well I would assume.
Mr. Winston. Absolutely.
Mr. Plunkett. Senator, I would just add that then the
consumer, at that point, once they get the notice, can look at
the difference in the rate that is being offered, for example,
if it is a slight increase in a credit card, and this consumer
is inclined to pay their balances every month, then they do not
request their report, they do not sweat it. But if it is a 3
percent difference on a mortgage loan, that can obviously be
hundreds of thousands of dollars over the course of a 30-year
fixed loan, then they are going to want to look at their credit
report. Leave the decision to the consumer.
Senator Sarbanes. Ms. Stewart.
Ms. Stewart. We would just agree that it is very important
for consumers to have the information so that they can make an
informed decision. When it comes to mortgage credit, for
example, the fact that they may get a notice that they are
paying a slightly higher rate, if they do have truly damaged
credit, might not be a bad thing. If they have credit extended
to them at all, it might be a good thing. But it is not a good
thing if they do not know, going into the process, that they
may not have good credit or that there may be problems in their
credit report that may lead to a higher interest rate.
The reason that is important for them to know is that
obviously the whole purpose of homeownership is not just to
provide a shelter over your head. It is to provide a wealth-
building opportunity. To the extent that they have to pay more
in financing costs, it reduces that opportunity to build wealth
over time, and therefore eliminates one of their biggest
priorities in terms of acquiring a home and having and building
home equity over time.
Senator Sarbanes. Mr. Chairman, my time is up. It shows the
complexity. One question and we run out of time.
Chairman Shelby. Absolutely.
Senator Bennett.
Senator Bennett. Thank you very much, Mr. Chairman. I agree
with Senator Sarbanes that this has been a very useful and
interesting panel.
I wish we had had some representatives of the industry that
provides credit scoring. I know Fair Isaac does, but I am
talking about Equifax and the others, to address some reactions
to some of the proposals that have been made. One of them that
I would want to know is clearly cost. What is it going to cost
to give a free credit report to everybody who asks for it? We
have got some indication in those States where it is available
now, but when I have asked that question of representatives of
the industry, they say, well, it depends on the advertising
campaign. I am not sure it is fair to put it on you, Mr.
Plunkett, but groups say, get your credit report. They start
advertising this. People say, you know, the cost is de minimis
unless there is an advertising campaign whipping everybody up
to please write in for their credit report. Then the number of
credit reports goes up. The number of free credit reports goes
up very dramatically. And the free credit report, while free to
the individual, is not free to the credit bureau that is
providing it. We might inadvertently go down the line of
saying, gee, free credit reports for everybody is wonderful,
and by the way, we have just added X amount of cost to the
overall system which will then fall back on the consumer
because ultimately the consumer has to pay the cost.
If any of you have any information about that, I hope you
would furnish it to the Committee.
Let me get specifically, Ms. St. John, to the area that you
talked about that I found really fascinating and frankly, a
little bit confusing. One of the concerns that I have, take
your reference to the SAT scores as an analogy here, is that
some overactive trial lawyer will try to turn the score into an
entitlement. We have seen that with respect to colleges, of
people saying, I have an SAT score of X. Someone else has an
SAT score that is not as good as mine. The college made a
choice to choose them for reasons other than just the score,
and I am going to bring lawsuit saying I am entitled to that
spot in this law school, or this university because my SAT
scores were higher than his.
You see the problem here. Now, you have indicated that a
customer can choose the score by which he wants to be judges,
as opposed to the score that is widely distributed, and I need
to have you explain that to me a little better. I do not quite
understand that statement.
Ms. St. John. Senator, your point is well taken. One of the
things that we make very clear on the website and in the
consumer booklets that we publish, is that the score is just
one factor that lenders use in making their decision, and that
lenders use a number of different factors, depending on the
type and the nature of the credit decision that is being made.
Having said that, we recognize that there is a variety of
different kinds of scores available. One of the biggest
concerns that we actually have with some of the score
disclosure legislation that is in place today is that it simply
requires disclosure of a score by the credit reporting
agencies, not necessarily the one that is most widely used.
Consumers may not recognize that the score information they are
getting in those States is not necessarily a widely distributed
score. In some cases, it may be a general consumer education
score. It may be other scores that the credit reporting
agencies distribute. But the point that we were really trying
to make is that we feel consumers are best served if they know
and understand the scores that lenders are using. Lenders use a
wide variety of scores, including a lot of custom, proprietary
scores. But to the extent that there is a widely distributed
score, we feel that is the most useful score for consumers to
know and understand.
Senator Bennett. Then why would a consumer say, well, I
want to choose another score to be disseminated about me? If it
is the most widely distributed score that people use, aren't
you de facto creating a national norm here?
Ms. St. John. To the extent that there is a widely used
score, I agree. We would think that that would be the default.
However, recognizing that there are other generally available
scores, there may be a general consumer education score, at the
end of the day we feel that consumer choice, if they have the
information to understand the types of scores that are
available, if they are allowed to at least choose the score
most widely used, would serve them best. Today, in the State of
California, consumers do not necessarily even have access to
the score most widely distributed by all three credit reporting
agencies.
Senator Bennett. My time is up, but I would like to come
back to this on a second round if I could, Mr. Chairman.
Chairman Shelby. Thank you.
Senator Miller.

COMMENTS OF SENATOR ZELL MILLER

Senator Miller. Thank you, Mr. Chairman.
I would like to thank the panel. I particularly would like
to thank Ms. Gambrell for including that information about the
Money Smart model site and the Dekalb workforce center in
Georgia and also what is going on at Decatur High School. I did
not know that until I read your testimony, and that is good
work and I am glad you included it.
I grew up in a home where the head of the household was a
woman, and back in those days of antiquity, I can remember how
she dreaded to go to the bank to try to borrow some money. Back
then, a woman being the head of a household was a rarity. Of
course today it is commonplace. I am wondering though, do we
lump these women who head households under the title of
consumer, that we use so freely, or should there be any kind of
special effort to educate this group in particular somewhat
better? Anybody have any thoughts on that?
Ms. Gambrell. Senator, just some quick observations. I
think certainly we have found at the FDIC that there are
specific populations that have an even greater need, and
certainly the panelists have talked about that today. When you
look at underserved communities, when you look at unbanked
populations, there are in particular groups within those
categories: Minorities, women, those who are in low- and
moderate-income categories. So as you look at the wide range,
quite honestly, of financial education curricula, you will see
that there are some very excellent programs that are geared
specifically toward women, sometimes toward older women,
sometimes toward women who are heads of household. That
information is critical. It is crucial to help them understand
how to get a foothold into the financial structure, how to
better manage their money, and how to better manage their
household. But I think we can all say certainly today that
there continues to be the need for even greater education. And
more than just education and awareness, that there has to be a
link between that education and specific products, services,
and programs, so that as people move through the educational
track, there is something on the other end, there is an
incentive that will bring them into a bank, a financial
institution, or to use other types of products and services
that will, in essence, lift them from their current financial
situation.
Senator Miller. Thank you.
Ms. Stewart. Senator Miller, we have done research at the
Fannie Mae Foundation on issues around women and their comfort
level with financial matters, and some of our research shows
that women in general are less comfortable dealing with
financial issues, less comfortable with financial terms like
IRA's, IDA's, and other kinds of financial jargon. So, we
believe at the Fannie Mae Foundation we have to do a
particularly good job in reaching out to lots of different
communities, and in particular to women, to help them better
understand issues around financial literacy and get them better
prepared to manage their financial life for themselves and
their families.
We know that the homeownership rates among women, single-
family headed households are particularly low, but they are
growing. We believe there is a huge opportunity in this country
if we invest more in education and information among women,
that we will be able to do more to push the homeownership rate.
One of the things that we found in terms of the delivery of
financial services information for lots of different groups,
African-Americans, Hispanics, minority groups, and immigrants,
is that if you present information in the language and in a way
that they understand and feel comfortable with, you actually
have more success in getting information through. For example,
with the Native American population, we have actually produced
financial literacy information that is culturally specific to
their population so that they can receive the information in a
way that they feel comfortable and can understand. We think
this can be tailored for women, as well as other groups that
are particularly in need and are particularly underserved and
overlooked by the financial services industry.
Senator Miller. Thank you very much. I think they face a
special challenge, and I am glad to hear there are some special
programs that try to zero in on this.
I do not have any other questions, Mr. Chairman.
Chairman Shelby. Thank you.
Ms. St. John, just a quick question here, and then I will
move on. Would it be fair to say that FICO scores can only be
as good as the baseline information used to develop them, that
is, accuracy is everything here, is it not?
Ms. St. John. Yes. The FICO scores use all of the factors
proven predictive of credit risk based on the credit reports
information.
Chairman Shelby. You need accuracy. You need the
information in the report to do it right, don't you?
Ms. St. John. Well, you certainly need a base level of
information for those scores to be predictive, definitely.
Chairman Shelby. Right.
Mr. Hildebrand, I assume that Capital One wants to have a
good understanding about the credit history of its potential
customers. In other words, your underwriters need information
to make underwriting decisions like everybody that extends
credit.
Mr. Hildebrand. Absolutely.
Chairman Shelby. So as consumers of information, you are
fully supportive of its widespread availability?
Mr. Hildebrand. Yes.
Chairman Shelby. But as providers of information, you seem
to have adopted a different perspective from what the staff has
told us. They say you deliberately withhold furnishing to
credit bureaus important customer information, information
which has a material bearing on your customers' eligibility for
credit. Some have claimed that Capital One, your company, is
gaming the system to prevent its customers from appearing like
worthwhile marketing targets to your competitors in the
marketplace. Do you think your customers know of, let alone
understand, Capital One's policy with respect to furnishing
information to the credit bureaus? Quick answer.
Mr. Hildebrand. So you speak about our reporting of credit
lines?
Chairman Shelby. Yes, under reporting stuff. Our staff has
said----
Mr. Hildebrand. One specific variable that has been cited
is the reporting of credit lines, Senator.
Chairman Shelby. You said you do that because if you report
it all, then the customer might have a better shot in the
market.
Mr. Hildebrand. We have not seen any research yet that
indicates that this is in any way impactful on consumers. we
have agreed to team up with Fair Isaac to actually look into
this.
Chairman Shelby. But you do not deny doing it, I would
hope?
Mr. Hildebrand. No, no, we do not report customer's credit
line, that is correct.
Chairman Shelby. Well, why don't you report it, because
accuracy is so important?
Mr. Hildebrand. It is a proprietary issue for us. At
Capital One, one of the ways we manage risk, quite
appropriately, is through the granting of credit lines, and the
way that we manage that is called ``credit line sloping.'' We
believe that is a competitive tool that we use better than
anybody else in America. Our concern is that if we were to
report that, our competitors could reverse engineer our credit
policies and replicate that. It is an advantage that we have in
the marketplace.
Chairman Shelby. But on the other hand, what about
accuracy? If I was doing business with you or anybody, I would
want my report coming from Ms. St. John's company or whoever
does this, to reflect everything I have to be accurate. In
other words, how can the other people determine the report that
comes out to be accurate if you do not, as a creditor, furnish
that information to the credit bureau or if you skew the
information?
Mr. Hildebrand. We do not yet----
Chairman Shelby. I know you do it for proprietary reasons,
but the customers out there, which is all Americans, do not
know that.
Mr. Hildebrand. No, they do not. And as I said, Senator, we
do not yet have any evidence that it actually has an impact on
the accuracy of their credit score. If we receive that, we will
certainly reconsider our policy.
Chairman Shelby. But it could have some impact on whether
or not the customers can go somewhere to shop for better.
Mr. Hildebrand. That is possible.
Chairman Shelby. Could it not? Sure.
Mr. Plunkett, do you think the average consumer in America
understands that they can suffer negative consequences because
a firm they have a credit relationship with decides to
underreport information regarding their credit history?
Mr. Plunkett. Senator, the answer is no. Our survey shows
that, we asked a specific question here, that the majority of
Americans do not understand.
Chairman Shelby. Do you think that the average consumer
understands that they may suffer, yes, suffer negative
consequences because a firm they obtained credit from decides
to underreport information regarding their credit history, same
fact?
Mr. Plunkett. Same answer, Senator. They do not understand
they can suffer and this actually harms their overall credit
score.
Chairman Shelby. Would you agree that firms, that everybody
that is in the marketplace, with credit so available, and
accuracy so important, need to either furnish complete and
accurate information to the credit bureaus or they need to
inform their customers about their policy of limiting
reporting?
Mr. Plunkett. Senator, we think the first is absolutely
essential. We need a requirement for complete reporting. As for
informing customers on this one, this is an unethical practice.
The experts on credit reporting and credit scoring tell us that
it is very, very likely that this is a ding on the credit
report. We know that if you look maxed out on your credit card,
that is, you have a $500 balance and it looks like your credit
line is $500, that that almost certainly is used as a negative
factor in some way in calculating your credit score.
Absolutely, it should be required that this information be
reported. Telling consumers about it after the fact, I do not
know that that helps them very much on this one, because the
point of the whole credit reporting system is to have accurate
and complete information.
Chairman Shelby. Senator Sarbanes.
Senator Sarbanes. Mr. Chairman, I want to take a moment or
two to follow up on your line of questioning that you were
pursuing. I think it is important.
Ms. St. John, in your statement you say that 30 percent of
your FICO score is determined on the basis of amount owed.
Ms. St. John. Yes.
Senator Sarbanes. And you list as one of the factors under
amounts owed proportion of credit lines used, proportion of
balances to total credit limits on certain types of revolving
accounts. So you would look to see--maybe you have a $5,000
limit--whether you would use $500 of it or $4,500 of it. Is
that correct?
Ms. St. John. Yes.
Senator Sarbanes. Okay.
Ms. St. John. The amount of available credit line that is
actually used and the balance owing been proven to be
predictive factors.
Senator Sarbanes. And the higher percentage of the
available credit on a particular credit line a consumer is
using could hurt their credit score. Is that correct?
Ms. St. John. In general, the pattern that we see is the
higher the percentage of the line utilized, the greater the
risk of nonpayment in the future, yes.
Senator Sarbanes. How do you determine what a consumer's
credit limit is on any given line of credit?
Ms. St. John. There are several different fields that are
available that vary by the different credit reporting agencies.
Some have a specific credit limit amount. Others represent a
high credit amount that has been reached. The scoring systems
use a variety of information to determine that high credit
amount. If the credit limit is missing, it may look to see if
there is other information that is available that can be used
that has been proven predictive in the calculation of that
ratio.
Senator Sarbanes. The credit limit reported by the
creditor, is that where that information comes from,
presumably?
Ms. St. John. Yes.
Senator Sarbanes. All right. Now, is the creditor required
to report that information?
Ms. St. John. No.
Senator Sarbanes. What happens if a creditor does not
report a credit limit maximum for a particular credit line?
Ms. St. John. It depends on the specific algorithm or the
predictive variable that is being calculated. In some cases,
the variables may default to a high credit amount or another
field that is available. In other cases, it may bypass that
particular account from the calculation altogether if it cannot
contribute to the calculation overall. The end result is that
the individual score for any given consumer in that situation
could be higher or could be lower, depending on the ratio of
credit used relative to the limits on all their other accounts.
Senator Sarbanes. On the particular credit line, isn't the
highest amount charged reported as the maximum?
Ms. St. John. Depending on the credit reporting agency,
yes, the highest amount actually reported is----
Senator Sarbanes. So if the creditor did not report the
maximum score, that could artificially depress a consumer's
credit score because it would make it appear he had maxed out
or was close to maxing out, when, in fact, that was not the
case. Is that right?
Ms. St. John. It actually depends on what the current
balance is at the time relative to whatever the maximum balance
may have been. If they are carrying a very low balance at the
time relative to the highest amount reached historically on
that file----
Senator Sarbanes. Let's assume that----
Ms. St. John. --it could be lower.
Senator Sarbanes. --the maximum balance they ever had was
far short of what the credit limit was. So you could end up--
let's say my maximum balance has been $500. I have $400 on my
card. My limit is $5,000. But I am going to get reported as
though I am at 80 percent of my usable money, as I understand
what you are telling me, rather than getting reported at 8
percent. Is that right?
Ms. St. John. It actually depends on what the total limits
outstanding are across all revolving trade lines and the total
balance is across all. So it's not calculated on an individual
account or trade line basis, but across all revolving accounts
on the credit report.
Senator Sarbanes. If that is my only revolving account?
Ms. St. John. If that is your only revolving account and is
the maximum balance reached, then, yes, it would be lower. It
would likely result in a higher calculation.
Senator Sarbanes. Well, I just want to ask Mr. Hildebrand.
Does Capital One report the maximums on the credit limits?
Mr. Hildebrand. We do not report the credit limit, the
credit line that has been granted. We report the amount
outstanding.
Senator Sarbanes. Yes, so the person, this hypothetical
person I have been describing, would really get a black mark
when they do not deserve it. Isn't that the case?
Mr. Hildebrand. To paraphase Ms. St. John, it depends on
the broad spectrum of the credit that you are looking at as the
score is developed. The score is developed looking at the
entire credit profile coming from the bureau.
Senator Sarbanes. I understand that, but this is one factor
in there.
Mr. Hildebrand. It is one factor.
Senator Sarbanes. As far as this factor is concerned,
clearly a negative mark is going to register against the
consumer when they do not deserve that negative mark.
Mr. Hildebrand. Senator, there are other scenarios that
could be constructed that it is just as positive for consumers.
And that is the research we are trying to do, to understand the
impact that this would have. We certainly do not want to do
anything detrimental to American consumers. We have a business
to run as well. That is what we are trying to protect here. And
so we have to balance those two. Right now it is a voluntary
system.
Senator Sarbanes. Are you unique amongst businesses in
following this path?
Mr. Hildebrand. I do not know.
Mr. Plunkett. Senator, I can tell you from our survey and
our study in December, from the Federal Reserve study in
February of this year in which they looked at 248,000 credit
reports. Capital One is likely not the only one using this
practice. The Fed study, one of their conclusions, by the way,
was that the use of this positive information does overstate
risk for particular consumers.
The other point I would make is that one of the standard
generic explanations that consumers get when they get that
adverse notice we have been talking about is, ``Proportion of
debt to available credit.'' That means this is one of the
reasons why your credit history, your credit report and your
credit score, is not as high as it could be.
Senator Sarbanes. I have used a lot of time on that, but
I----
Chairman Shelby. It has been very informative.
Senator Sarbanes. It is an important point.
Chairman Shelby. Senator Bennett.
Senator Bennett. Thank you. I think it is an important
point as well, and I think we should dig a little further into
it.
Where it leads is where I am not quite sure I want to go,
which is legislation laying out the requirement as to what the
provider of information has to provide by law. Currently, it is
entirely voluntary, is it not?
Mr. Hildebrand. Yes, it is.
Senator Bennett. Now, everybody who participates in the
system has a vested interest in seeing that the system works.
And, therefore, you are going to be as cooperative as you
possibly can in providing information that you think will help
the system work.
If legislation comes in and says, okay, we are going to
determine, by the wisdom of Congress, that the following things
must be reported by every provider, with fines or other kinds
of punitive action taken by the Government against a provider
that does not fill in every single aspect of the blank, it
conjures up, for me, a world that I am not really comfortable
with because it means the Government virtually has taken
ownership of this process, and the next step, Mr. Winston, is
that the FTC runs it, Fair Isaac goes out of business, the FTC
is giving scores, Congress is mandating what will be considered
and what will not. And I think somebody out there is going to
figure out a way to game that and get around it because this
was not listed, so we can start to make decisions here, there,
and everywhere.
Am I overreacting?
Mr. Plunkett. Senator, I would just respond to say we would
not recommend that kind of micromanaging in the statute. There
are obligations placed on credit bureaus and credit furnishers
in the statute on accuracy. The statute is not explicit in
terms of what is accurate and what is not. The agencies enforce
it. We need an explicit standard on completeness, you know,
just a definition, without micromanaging what is and what is
not complete. We will leave that to the agencies.
I will just add one more point. My understanding is that
Fannie Mae and Freddie Mac require complete reporting, and I
have not heard any reports that it has led to a problem in
terms of people leaving the system.
Senator Bennett. That is voluntary.
Mr. Plunkett. When it comes to mortgage lending.
Senator Bennett. That is voluntary.
Mr. Plunkett. Yes, but it goes to your point that this kind
of requirement would result in people fleeing, you know,
furnishers fleeing the credit reporting system. What this shows
us is that scenario probably would not happen.
Senator Bennett. Could you furnish us with a list of the
things you think should be required?
Mr. Plunkett. In a definition of completeness?
Senator Bennett. Right.
Mr. Plunkett. Yes. Absolutely, Senator.
Senator Bennett. Okay. We can take a look at that and get a
reaction to it.
You made mention earlier on, Mr. Plunkett, in one of your
answers to opt in or opt out on the affiliate sharing issue,
and we have not gotten into that issue with this panel. But
since you made a mention of opt in or opt out, at least as you
said it there was the implication that you really did not care
one way or the other, just so long as the consumer has an
opportunity at that particular point that the adverse action is
triggered by something other than the present definition of
adverse action, you would prefer to go in the direction of
adverse action being defined as something less than the optimum
rate. And at that point the consumer can say, well, I do not
want my information shared with somebody in an opt in or opt
out situation.
I am pretty firmly in the opt out camp on this because I
believe that if you have opt in, simple inertia will prevent
the whole system from getting the information it needs. The
analogy I give is if the phone book was opt in or opt out, you
would probably have only about 20 percent of the phone numbers
that are currently available to you in the phone book because
the other 80 percent of the people would not get around to
opting in. But if you do not want to get phone calls with the
phone book, you can opt out and say I want an unlisted number.
And I have discovered for those who say, yes, but an unlisted
number costs money and I would prefer an opt out that is free,
I have discovered it is very easy to get an opt out that is
free, simply list your name in a way that nobody is going to
recognize but your friends and relatives.
My wife has an aunt who is listed by the initials, her
first initial, then the initial of her maiden name and her
married name, and nobody knows who she is in the phone book
except her friends and relatives. Therefore, she has an
unlisted number if somebody is trying to look for her, and it
did not cost her anything.
Could you address this question of opt in and opt out and
what might very well happen if we go to an opt in and a large
number of people say, well--not say, but by simple inertia stay
out of it and thereby deprive affiliates of information that,
in fact, can be, as we have heard in other panels, very, very
useful to consumers?
Mr. Plunkett. Senator, we support an opt in approach, but
let me say this: Right now nationally, and at the State level,
an opt in does not exist and an opt out does not exist. Neither
exists for consumers regarding the sharing of this affiliate
information. So either would be an improvement.
We support the opt in approach because consumers again and
again in polling have said that they are extremely concerned
about the sharing of this information, this transaction and
experience information because we should respect that, and also
because the institutions you are talking about, even with an
opt in, I have no doubt we are going to see a lot of marketing.
The financial institutions in this country are masters of
marketing. They are going to do everything in their power to
explain the good purposes that they talk about for which this
information is used. And so, even if it is an opt in, they are
going to have their best shot at convincing consumers to use
that opt. Consumers will have an opportunity to make that
decision, to weigh the factors, and to decide whether it is
worth their while to allow that information to be shared.
Senator Bennett. My time is up. I would join you in
supporting an opt out. I would suggest to you that the opt in
process that you have described, which is a massive marketing
plan to get those 80 percent of the people who would not
otherwise do it unless they got convinced, would be really
quite expensive and raise costs for everybody, and even if it
were successful, end up hurting the consumer in higher costs
for the services that were provided.
Mr. Chairman. Thank you.
Chairman Shelby. Senator Allard.

STATEMENT OF SENATOR WAYNE ALLARD

Senator Allard. Thank you, Mr. Chairman, I apologize I was
not here at the start of the hearing, but I do have a full
statement I would like to make part of the record.
Chairman Shelby. It will be made part of the record in its
entirety, without objection.
Senator Allard. I hope this is not duplicative of a
question previously asked, but I would like to direct this to
Ms. St. John. In your testimony, you explain that there are
many different kinds of credit scores ranging from the Fair
Isaac's-developed, broad-based FICO scores, widely distributed
to lenders, to custom models that are developed for use by
individual lenders. The last kind of credit score you mention
are those distributed primarily to the consumer market. I am
curious how the credit scores distributed to lenders are
different than those distributed to consumers.
Ms. St. John. In many cases, credit scores are being made
available to consumers in States that have required score
disclosure. California was the first and Colorado has recently
passed a law. We have cooperated with one of the credit
reporting agencies to ensure that the FICO scores are indeed
provided to consumers in those States when they request them.
That is not necessarily the case, though, with all the credit
reporting agencies. It is really up to the credit reporting
agency to simply provide a score which may or may not be the
one that is actually the scores that lenders are using in a
number of cases.
As I mentioned in the written testimony, there are general
consumer education scores that have been developed that
describe scores in general and give an idea. There are scores
that the credit reporting agencies have developed on their own
that are proprietary to those agencies. There is the FICO
score. And then, of course, there are custom proprietary scores
that the lenders would use that the credit reporting agencies
would not have access to.
Our point in our written testimony is simply that it is
important when score disclosure comes up as a topic to be clear
on what score. We certainly would indicate that the consumer's
knowing and understanding what scores lenders use and having
access to the scores most widely distributed at a particular
point in time is what would serve the consumers best. And at
the end of the day, if there is a choice of different widely
distributed scores, it puts consumers in charge by giving them
the choice.
Senator Allard. All those scores, though, impact
decisionmaking by the lender, whether or not they are
distributed to the consumer. Is that correct?
Ms. St. John. They may or may not. My understanding is that
generally developed consumer scores for consumer education
purposes may not even be something that is provided to lenders
or that lenders are using. I do not really know in many cases,
and I think that is one of the biggest issues that we have
found, that it is difficult for consumers to necessarily know
what score they are actually being provided with.
Senator Allard. Okay. So the score that the lender has is
not necessarily comparable to that which has been provided to
the consumer. Is that correct?
Ms. St. John. That is correct in the sense that, again,
there are many different kinds of scores that are available.
And the best way to indicate if there is understanding and
access to credit scores is by ensuring that if there is a
widely distributed score, it makes sense that that would be the
one that is provided most often as opposed to, say, lenders'
own proprietary scores. As I indicated, the credit reporting
agencies would not even have access to those.
Senator Allard. We have three main credit bureaus, I guess
is the best way to describe it. Do credit scores vary among
those three credit bureaus?
Ms. St. John. Yes, they do.
Senator Allard. In what way?
Ms. St. John. Well, the FICO scores, as we indicated, are
the most commonly used. In fact, there are different underlying
credit scoring algorithms at each of the three credit reporting
agencies. The reason for that is because there are different
underlying data elements that are maintained by those credit
bureaus, and Fair Isaac has sought to develop the most
predictive scores available for each of those three credit
repositories.
We do scale them so that the same score represents the same
degree of risk, regardless of which credit reporting agency it
is obtained from. But the actual underlying statistical
algorithms are slightly different between the three.
Senator Allard. Mr. Chairman, I see my time has expired.
Chairman Shelby. Thank you, Senator Allard.
Ms. Smith, in your written testimony, you have highlighted
that the development of risk-based pricing has reduced the
number of adverse action notices, which is a key accuracy
device that consumers receive. You also point out that, at
present, there are significant questions as to the overall
accuracy of credit reports.
You then indicate that the outmoded adverse action notice
should not be updated. This is troubling to me, and probably
others. In other words, it seems to me if you are looking for
accuracy rather than just making--and Senator Sarbanes, I
believe, raised the question--them another offer, but always at
a higher rate of interest, always, without them being jolted.
Ms. Smith. Okay. I was not intending to suggest that this
is an area that should not be looked at or should not be
updated.
Chairman Shelby. By ``looked at,'' you mean----
Ms. Smith. Considered as far as----
Chairman Shelby. This is the time to deal with it, isn't
it?
Ms. Smith. Right.
Chairman Shelby. Okay. All right.
Mr. Winston, the FTC favors updating the adverse action
notice process. Is that support for updating based on the
notion that consumers will never be more aware of the need to
review their credit report than after they have been jolted to
that awareness by some kind of credit-related problem?
For example, if I were to apply for a credit card with
Capital One, or anybody, and----
Senator Sarbanes. Well, Capital One is at the table, so
that is a good example.
Chairman Shelby. It is.
Mr. Hildebrand. And we appreciate you applying, too,
Senator.
[Laughter.]
Chairman Shelby. I may have one from them. Who knows?
Mr. Hildebrand. I hope you do.
Chairman Shelby. But if I did, shouldn't they have all the
information that goes on me to evaluate my credit risk? Do you
agree with that?
Mr. Winston. Yes, that is the ultimate teachable moment.
Chairman Shelby. Now, on the other hand, if they did not
have all the accuracy, all the information, and they might not
give me the credit card with the lowest rate of interest, they
might make a counteroffer of 3 percent more interest, or
whatever it is. But I still would not know why, would I? I
would just know they made me a counteroffer. Is that correct?
Mr. Winston. You would not know that this is a
counteroffer, necessarily. You may not even know that there is
a lower rate available to people with better credit. They give
you a number. You may think that is what they offer, that is
their best rate.
I think a lot of consumers do not understand this notion of
different rates for different credit risks.
Chairman Shelby. Well--and I am speaking for myself--I
think there should be different rates for different credit
risks.
Mr. Winston. Of course.
Chairman Shelby. I mean, that is how the market works. You
know, you have to have that, I believe. On the other hand, the
accuracy of that credit report is key to all the scoring, is it
not?
Mr. Winston. Yes. I think the fact that there are different
rates for different credit risks is a terrific thing. That is
good for our economy. That is good for consumers. But that
heightens the need for an accurate report, and it heightens the
need for consumers to understand how that report is being used.
Chairman Shelby. Absolutely. Thank you.
Senator Sarbanes.
Senator Sarbanes. This has obviously been a very
interesting session. I wanted to just add an addendum to that
last point. At some point for the different rates for different
risks, we reach the point where the person is being called upon
to pay rates that they cannot sustain by any reasonable
measure. That is when we get into, in my judgment, predatory
lending and similar practices. And it is one of the reasons I
have been so concerned about that, because beyond a certain
reasonable point people are being led into a situation which is
very apparent that this is well beyond their means to sustain.
Usually that happens when there is real estate that can then be
stripped away from them, so this wealth-building, whatever was
done in the equity, is all taken out away from the people. So,
I just want to add that extra dimension to it.
I am not clear on the answer to Senator Allard's question,
which I thought was a good line of questioning. As I
understand, it is possible, under the way the current system
works, that a creditor can deny me credit as a consumer. I get
an adverse notice. I ask for the credit report to see what went
wrong. And the credit report that I am given is different from
the credit report used by the creditor to deny me credit. Is
that correct?
Ms. St. John. Senator, I was speaking in the case where it
was proactive--a request by the consumer to obtain a copy of
their credit score from a credit reporting agency. I think
there are others on the panel who are better equipped to
address the situation in the case of an adverse action, when an
adverse action has been taken. Lenders have always been
provided with the top reasons behind the score in order to
provide the key underlying reasons for that adverse action to
the consumer.
Senator Sarbanes. Well, but that may be reformulated by the
creditor. I want to know whether, if I am a consumer and I get
an adverse notice, I ask for my credit report, whether I am
going to get exactly what the creditor got when he denied me
credit.
Mr. Plunkett. Senator, here is a circumstance where that
could happen. The creditor only submits a couple of points of
identifying information on the potential--on the applicant, on
the consumer: Name, Social Security number. We know that the
system is imperfect and that it pulls up information that does
not always pertain to that particular person.
The consumer, when they ask for their report, they use four
or five pieces of identifying information. So the credit bureau
gets it right. The consumer gets the right information for
them. But the creditor's report may contain mixed files. It may
contain information about John Smith, Sr., instead of John
Smith, Jr. And the information then used by the lender to make
a credit decision is wrong, is inaccurate.
That is why the consumer needs to see, in the case of an
adverse action, that actual report that the lender used.
Senator Sarbanes. Yes.
Mr. Hildebrand. May I, Senator?
Senator Sarbanes. Yes, certainly.
Mr. Hildebrand. As a lender here, the case that Mr.
Plunkett just cited could indeed happen, although the credit
bureaus and all the lenders strive to make sure that the
individual who has applied to us is the one whose credit record
we are pulling. And there are mountains of information and
pieces of technology that are used to do that.
When an adverse action is issued, what we are trying to do
there--we receive a large amount of information about a
consumer electronically, machine-read, virtually unintelligible
to a human, when those credit records are passed. So when we
actually ask a bureau for a record so that we can approve an
application, it comes in a format that is readily available to
computers, not easily deciphered by people.
The report that is issued to a consumer out of the credit
bureaus puts that into understandable language and context. The
adverse action letters do the exact same thing.
We may be looking at large amounts of information, but the
salient points, the reason for the issuance of the adverse
action letter is really what is important to the consumer. It
is that they, you know, have had too many late payments, for
instance. That is why. The specifics of what we looked at and
all those things, that is available on the report, but it is
made in a format that is much different than what we see.
Senator Sarbanes. Of course, Mr. Plunkett posits a
situation in which the consumer is being denied credit on the
basis of a faulty report.
Mr. Hildebrand. And as I said, that is a very rare
circumstance.
Senator Sarbanes. Well, it should not occur at all,
presumably.
Mr. Hildebrand. Agreed, and the credit bureaus, that is
what they spend most of their time trying to do, is make sure
that, you know, we do not walk around with identifying numbers
that sort of--you know, a national security identification
number that we use readily that makes all that information easy
to capture and compile. That is what they spend their time
doing.
Senator Sarbanes. All right. Let me ask, Ms. Smith, in your
testimony you speak of the efforts at the Federal Reserve to
promote enhanced financial education. Ms. Gambrell and Mr.
Winston also spoke of their agencies' efforts. And it is my
understanding--in fact, knowledge--that many other agencies,
departments, and regulators have financial literacy and
education initiatives underway. Of course, there are extensive
efforts at the State and local level, in the private sector,
and by the nonprofit community as well.
It is my strong view that there is a lack of coordination
with respect to all these efforts, and particularly amongst the
various Federal agencies. I think we need a comprehensive
strategy to promote financial literacy and education for all
Americans.
Do you think that increased coordination between the
various Federal entities who are working on this problem, along
with strong cooperation with State and local governments and
nonprofit and private entities, to develop and implement a
coordinated strategy would be a beneficial undertaking?
Ms. Smith. It certainly would be valuable to coordinate and
collaborate in terms of having the agencies know what each of
the others is doing. Generally, some of this is already taking
place in the sense that I know that in the case of the Federal
Reserve, when we enter into the financial education arena, we
look at where it is that the Federal Reserve can add value
rather than approaching it from ground zero and thinking that
we need to produce brochures or that we need to produce
programs.
We, for example, would not attempt to replicate what the
FDIC is doing, knowing the wonderful job that they have done
with their Money Smart program. So that what we do attempt to
do within the Federal Reserve is to see where there are
segments of the population where we might add value, so that,
for example, some of our Federal Reserve districts, if they
have Native American populations, have placed their efforts
there, not in the sense of educating them necessarily in a
direct sense, but working with Native American tribes,
partnering with banking organizations and with community groups
to bring the different elements together and to leverage
resources.
Senator Sarbanes. Ms. Gambrell, do you think we need a
coordinated strategy?
Ms. Gambrell. Senator, I would support and the FDIC would
support a stronger coordination of financial literacy efforts,
and certainly at the FDIC we have seen from our own efforts the
importance of the grass-roots collaboration with community
organizations, with financial institutions, and others. There
are, as I said earlier, excellent programs out there, and we
certainly see the benefit to an even more structured and strong
coordination among the programs.
Senator Sarbanes. Mr. Winston.
Mr. Winston. Coordination is certainly a good thing. There
is a lot of it that goes on now. I agree with Ms. Smith. And
what we have learned in our educational efforts generally is
that consistency of message is critical, that everybody be
saying the same thing, be on the same page. And the more we can
do that, the better.
Senator Sarbanes. Ms. Stewart, do you want to add anything?
Ms. Stewart. We think the coordination would be very
important. But one thing I would just add to it is that one of
the other important institutions to include in that
conversation would be the public education system. One of the
things that we found in researching the likelihood of consumers
to even seek out financial literacy information is that it
usually comes when there is a crisis going on, when there is an
important goal that a family may want to reach, like
homeownership or some other goals, or when a family has to
comply with some requirements or some regulations. I dare say
that I think for some younger people, younger Americans who
need access to more information on financial literacy, a
requirement of school would prompt them to actually learn more
about financial literacy. Actually, we would be able to do more
in terms of increasing the understanding of credit and
financial literacy to educate people younger in their lives, so
that before they get through college and certainly when they
start working in the workplace, they have a much better
understanding of how to establish good financial practices for
themselves that will start them on the path to creating wealth
and building wealth over time.
Senator Sarbanes. Good. Thank you.
Chairman Shelby. Senator Bennett.
Senator Bennett. Thank you, Mr. Chairman.
Back to this issue of score disclosure, Ms. St. John, I
have gone into it and Senator Allard has gone into it. You are
aware, of course, that what you are proposing here is different
from what the House bill suggests and different from what is
being done in both Colorado and California, where the credit
reporting agency has latitude to choose. You have talked about
latitude on the part of the consumer to choose, and I am still
not quite sure I understand how that works here. The experience
in the States that have this is the experience that the House
bill has adopted, which means that the credit reporting agency
can choose between the widely used scores, which presumably is
yours--and I can understand you have a brand you would like
everybody to use. But either that or educational scores, which
in their view might go farther toward helping the consumer
understand why an adverse action was taken.
I will not ask you to say, gee, we prefer somebody other
than our company to be the one that is chosen, but this whole
question of latitude, if I understand your testimony, you think
the customer should make the decision as to which score he gets
rather than the credit reporting agency being permitted to
determine which score they give.
Ms. St. John. That is correct. We feel the information is
out there about scoring in general. It is a matter of simply
trying to get the word out. In some cases, though, we feel like
what is proposed under the House bill, if it follows what some
of the States are doing could actually be confusing or
misleading. It has been debated well, is it the score most
widely used at any given time? That may or may not be the FICO
score at some point in the future. A general education score
that could be more valuable.
At the end of the day, we simply feel that if the consumer
had sufficient information to understand, they could choose,
and at least have the right to be able to get the score that
lenders are using widely at any given time. So what we were
trying to propose was simply more flexibility in some of the
wording or the language that would allow for greater consumer
choice, and at least allow access to the score that is widely
used by lenders at any given time.
Senator Bennett. Okay. Not to prolong it, my problem is
that many times the score may be the most widely distributed
score, but it is not the score that a particular lender uses,
in which case the customer is getting a score that is
irrelevant to the fact that he has had an adverse action from
that particular lender. And, you know, that becomes more
confusing.
Let me just close my comments here--we have got a vote
coming up--to put into the record, not to ask any particular
question or raise any particular issue, but just put into the
record that I think might help in our perspective of this. The
FDIC is responsible for ensuring compliance at 5,400-plus FDIC-
insured, State, nonmember banks, literally millions and
millions of consumers. I think the following set of numbers is
interesting.
In 2000, the FDIC received a total of 600 Fair Credit
Reporting Act complaints and 194 inquiries. When they examined
the 600 complaints, 90 percent, 540, were found not to involve
an error; only 60 were found to have involved an error or
violation. So think of the millions of transactions that took
place. Out of those millions, 600 produced something that
somebody decided they wanted to complain to the Federal agency
about, and out of that 600, 60 were found to involve an error.
That was in 2000.
In 2001, the FDIC received 100 complaints, down from 600 to
100, and of them, 65 percent--easy, the raw numbers--65 were
found not to have involved an apparent bank error violation.
In 2002, the FDIC received a total of 452. We got off the
round numbers in 2002. Of these, 391, or 86 percent, were found
not to involve an apparent bank error or violation; only 61, or
14 percent.
That does not mean this is a trivial issue, and that does
not mean we should not be having this hearing and looking at it
as carefully as we are. But it does mean that the Fair Credit
Reporting Act is performing an awful lot better than some of
the rhetoric around it might suggest. And we should be very
careful, Mr. Chairman, as we draw up the specifics of this
legislation, to fix some of the problems that have been
outlined here. I am particularly intrigued by Mr. Winston's
suggestion that we change the definition of adverse action when
a credit report is triggered. I agree with you that is a
teaching moment. And the fact that I am not getting the best
rate that I could have otherwise have gotten might be the time
that it gets my attention. I would prefer that to be the
trigger of the free report than an advertising campaign to be
the trigger of a free report.
But as we go through all of these possibilities, we should
remember that this process has served America extremely well,
has served minorities and those who are economically
disadvantaged extremely well, has served entrepreneurial
activity on the part of those who could not otherwise get
credit to start businesses extremely well. And we should be
very careful not to mess up a good thing while we are in the
process of trying legitimately and properly to make it better.
Chairman Shelby. Senator Allard.
Senator Allard. Thank you, Mr. Chairman. Just briefly, I am
just curious to know, of those of you who provide financial
literacy information, do you also provide information on how to
improve your credit score?
Mr. Winston. Yes.
Mr. Plunkett. Yes.
Senator Allard. How many? All of you?
Ms. Gambrell. We do.
Senator Allard. Let's see. I see four out of seven? Five
out of seven? Okay. And obviously you think this is an
important follow-up on a credit score.
When you talk about how a consumer can improve their credit
score and then discuss their credit report, do consumers
understand the difference?
Mr. Plunkett. Well, funny you ask, Senator. We just did a
survey on this. We found that only a quarter of consumers had
seen their credit score--this does not go exactly to your
question--and that just under 50 percent had looked at their
credit report. So we can assume for the rest of the population
that they may not understand the difference. In fact, I
mentioned this earlier. A small percentage of consumers think
the credit score actually measures their knowledge of credit as
opposed to their creditworthiness.
Senator Allard. Interesting.
Ms. Gambrell. Senator, we certainly have found, as well,
that in the Money Smart classes that we have taught, there are
questions that are raised by those participants. And, in fact,
one of our modules actually walks people through a credit
report to help them better understand what they need to look
at, and in many of those classes, they have the reports right
in front of them. But, clearly, there is still some confusion
over the differences between that credit report and the credit
scoring and how it may impact a person's credit history.
Ms. St. John. And if I could, for those who have visited
myfico.com and actually purchased the basic service, which is
their FICO score, the underlying credit report, and a detailed
explanation of the factors that go into it, as well as some
general advice as to how they can improve their score over
time, we have had over 3 million customers who have purchased
that basic service, and they understand the difference from the
standpoint that they can see their score, but then go back and
forth between the score explaination and the underlying credit
report. And many of the statistics that we have gathered where
we have surveyed visitors to myfico.com have indicated that
over 80 percent have taken steps to try to improve their credit
score over time following that, and roughly 80 percent would
continue to monitor their score at least once a year. At least
for those people that have visited the site, and gotten that
information, including both the score and the report, it is
quite clear what the differences are.
Senator Allard. Yes, ma'am.
Ms. Stewart. I would just add to it that our consumer
education brochures on credit give general advice on how one
can improve one's credit score, credit profile, or credit
report in general. But we do not feel that we have the
information that would provide specific advice to a consumer on
specifically the things that would drive a credit score up. We
just give general advice that would improve one's credit
profile altogether.
Senator Allard. I would suspect that most of you, if you
get an adverse action, somebody applying for credit who got
turned down, you would recommend to them at some point in time
to come back and get another credit report to see if their
credit history is accurately reflected. Under current law,
consumers are provided one free credit report. If there is
adverse action determined and they correct it, do they have to
pay for that second follow-up to see if that correction is
there?
Mr. Winston. Yes, except in those States where it is free.
Senator Allard. Oh, some States provide that free of
charge?
Mr. Winston. Colorado is one.
Senator Allard. Colorado is one of those.
Senator Sarbanes. How many such States are there?
Mr. Winston. I believe there are six.
Ms. Stewart. Senator Allard, one other thing that I would
just add to that is we actually advise in our outreach material
that people actually get their credit report before they even
enter the process and that people understand their credit
profile before they actually apply for a mortgage so that they
do not get down the road and have to face a situation where
they may end up having to pay more for a mortgage that may
actually reduce their wealth-building opportunity. And so we
actually advise people to even start the process with looking
at a credit report before even applying for the mortgage in the
first place.
Senator Allard. Thank you, Mr. Chairman.
Chairman Shelby. I want to thank all of you for being here
today. I think this has been a very important and lively
hearing.
Senator Sarbanes. I agree with that, Mr. Chairman.
Chairman Shelby. This hearing is adjourned.
[Whereupon, at 12:22 p.m., the hearing was adjourned.]
[Prepared statements and response to written questions
supplied for the record follow:]
PREPARED STATEMENT OF SENATOR MICHAEL B. ENZI
Mr. Chairman, I commend you for holding this important hearing
today.
Our credit market has been extremely important to the health of our
economy. During the past few weeks, many individuals before our
Committee have discussed that it is vital for consumers to understand
the credit process before getting involved and the consequences that
happen when people do not. In an ideal world, the primary tools of
financial literacy would be taught to children at a very young age. I
firmly believe that the fundamental basics of how to save, to invest,
and to put money away for retirement are more important now than ever.
There is a tremendous amount of excellent information out there,
both in the public and private sectors, to help consumers comprehend
how to handle money and credit. However, I also recognize that
consumers can get confused easily by all of the information that is
available, especially when trying to determine what information is
right for a particular consumer. To help in the process, Senator
Stabenow and I will be introducing legislation this week to help give
consumers an entry point for this information within the Federal
Government.
Whether a consumer is searching for financial information about
starting a savings account, to open a credit card, to start investing
in the stock market, to purchase a home, or to put away money in a
retirement account or pension plan, all consumers should have all of
the information at their fingertips without having to hunt down
specific information for just one purpose. We hope that this bill will
help the Federal Government bring the right information, in the proper
perspective, in one spot for consumers.
As we will hear today, there are many excellent Federal programs
and public/private partnerships out there. We just have to make sure
that people can find them.
I also want to single out Senator Sarbanes for all his hard work on
financial literacy. I know that he has worked very hard over the years,
as Chairman and as ranking member, to bring this issue to the
forefront. Mr. Chairman, I am very grateful that you also are making
financial literacy a part of the Committee's overview of the Fair
Credit Reporting Act. I look forward to working with you and Senator
Sarbanes and other Members of the Committee on this important issue.
----------
PREPARED STATEMENT OF SENATOR WAYNE ALLARD
I would like to thank Chairman Shelby for holding this hearing on
consumer awareness and understanding of the credit granting process.
There are certain responsibilities a consumer has in finding out the
status of his or her credit, by purchasing or retaining a credit
report. However, customers are often not aware of the factors that
inhibit or enhance their ability to receive credit. Regulators and the
credit industry have an important role to play in making sure that
consumers are educated on the factors that determine their credit
status, and what steps they can take to improve their credit score.
Maintaining a good credit report is essential as it can determine a
customer's ability to get a mortgage, a car loan, or insurance. Senator
Schumer and I recently introduced S. 1370, the Consumer Credit Score
Disclosure Act of 2003. This bill would provide consumers with their
numerical credit score and an explanation of the factors that
determined that score when they apply for a mortgage or a loan. S. 1370
would ensure that customers are made aware of their credit score, how
it was created, and what they can do to repair it. Our bill would
ensure that consumers have the tools they need to ensure they are
getting the best rate and terms when applying for financing.
Thank you again, Mr. Chairman for convening this important hearing.
I would like to thank the witnesses for agreeing to testify today, and
look forward to your testimony.
----------
PREPARED STATEMENT OF DOLORES S. SMITH
Director, Division of Consumer and Community Affairs
Board of Governors of the Federal Reserve System
July 29, 2003
Mr. Chairman and Members of the Committee, I appreciate the
opportunity to testify on the significance of maintaining a reliable
national credit reporting system, the importance of the Fair Credit
Reporting Act to that system, and the need for consumer awareness of
how this system functions and relates to their ability to obtain
credit.
Background and Overview of the Fair Credit Reporting Act
Background
In the past, local banking institutions knew the credit capacity of
individuals in their community. As the financial services industry has
grown larger, financial products and services more complex, and the
U.S. population more mobile, it is no longer feasible for institutions
to evaluate the credit standing of consumers based solely on their
direct experiences with such consumers. Centralized credit bureaus, or
consumer reporting agencies, have evolved to provide a repository of
credit history
information that can be accessed by creditors to evaluate the
creditworthiness of prospective borrowers. This national credit
reporting system provides creditors with an efficient, competitive, and
cost-effective method of obtaining data for credit decisionmaking and
consumers with increased credit availability.
The data on what consumers understand about the credit granting
process, and how their credit report relates to that process, are
limited. There is some anecdotal evidence consumers are generally aware
of the terms ``credit scoring'' and ``credit rating,'' but that they
are not clear on how credit scores are used in credit granting. Because
information obtained through the national credit reporting system has
become invaluable to creditors in determining the creditworthiness of
consumers, it is crucial that consumers understand how this system
operates and impacts their ability to obtain credit and the pricing of
credit. Educated consumers who make informed decisions about credit are
essential to an efficient and effective marketplace. Consumers who
understand how their credit-risk profile relates to credit rates and
terms can better determine which credit product suits their needs.
Today, each of the three national consumer reporting agencies--
Experian, Equifax, and TransUnion--maintains records on as many as 1.5
billion credit accounts held by approximately 190 million individuals.
Each of the consumer reporting agencies receives more than 2 billion
items of information per month and issues roughly 2 million credit
reports each day.\1\
---------------------------------------------------------------------------
\1\ See ``An Overview of Consumer Data and Credit Reporting,''
Federal Reserve Bulletin, February 2003, at 49-50.
---------------------------------------------------------------------------
The information that is gathered by the consumer reporting agencies
is obtained from banks, savings associations, credit unions, finance
companies, retailers, other creditors, and collection agencies, as well
as from public records. A consumer report generally consists of five
types of information: Identifying information, such as the consumer's
name and address; detailed information reported by creditors regarding
individual credit accounts; public record information, such as records
of bankruptcies, foreclosures, and tax liens; information reported by
collection agencies, mostly regarding nonpayment of bills; and
information regarding inquiries about a consumer's credit record.
Consumer reports are used for credit, insurance, employment, and
certain other limited purposes.
Overview of the Fair Credit Reporting Act
The Congress adopted the Fair Credit Reporting Act (FCRA) in 1970
to regulate credit reporting systems in the United States, and passed
significant amendments in 1996. The primary purposes of the FCRA are to
ensure fair and accurate credit reporting and to protect consumers'
privacy. Among other things, the FCRA imposes certain obligations on
consumer reporting agencies, on users of consumer reports, and, since
1996, on furnishers of information.
A person may obtain a consumer report only for a permissible
purpose. The FCRA specifies the permissible purposes, which include
using the information contained therein for a transaction involving an
extension of credit to a consumer. If a creditor takes any action that
is adverse to a consumer based on information in a consumer report, the
creditor generally must give the consumer a notice of the adverse
action. This notice informs consumers about their rights under the
FCRA.
Participation in the U.S. credit reporting system is voluntary.
Creditors are not required to obtain consumer reports before making
credit decisions, although most creditors rely on consumer reports for
risk-management purposes. Creditors also are not required to furnish
information to consumer reporting agencies. But if they do, the
information they furnish must be accurate. They must correct and update
erroneous information, and must investigate any disputed information.
Consumer reporting agencies have extensive responsibilities under
the FCRA. Those responsibilities include: Maintaining reasonable
procedures to ensure that consumer reports are furnished only to
persons having a permissible purpose; following reasonable procedures
to ensure the maximum possible accuracy of consumer reports;
reinvestigating the accuracy or completeness of any disputed
information and notifying the consumer of the results of the
reinvestigation; omitting certain obsolete information from consumer
reports after specified periods of time; and providing consumers with a
copy of their consumer reports upon request.
The FCRA contains important consumer rights and protections.
Several are designed to promote accuracy in consumer reports. For
example, the right to receive notice if information in a consumer
report has resulted in adverse action enables consumers to check the
accuracy of information in their credit reports. An adverse action
notice must inform the consumer of the name, address, and telephone
number of the consumer reporting agency that furnished the report, the
consumer's right to obtain a free copy of the consumer report, and the
consumer's right to dispute the accuracy or completeness of any
information in the consumer report. Consumers have a right to obtain a
copy of their consumer reports, upon request; currently this right does
not extend to getting their credit score.\2\ Consumers also have the
right to dispute the accuracy or completeness of any information in
their consumer reports with a consumer reporting agency, to have such
information deleted or corrected, and to have a statement of dispute
included in the report if the dispute is not resolved. Consumers may
also dispute the accuracy of items with the furnisher of the
information.
---------------------------------------------------------------------------
\2\ A credit score is a numerical representation of a consumer's
overall credit profile arising from mathematical procedures that weight
attributes in the way that best distinguishes between preferred and not
preferred accounts.
---------------------------------------------------------------------------
Other consumer rights and protections are designed to protect
consumer privacy. Consumers have a right to be excluded from
prescreened solicitation lists. The three national consumer reporting
agencies maintain a toll-free telephone number that consumers can call
to exercise this right. Limiting access to consumer reports to persons
that have certified a permissible purpose under the FCRA also protects
consumer privacy. In general, the FCRA restricts the sharing of certain
information among affiliates unless the consumer is given the
opportunity to opt out of that sharing. Additional privacy protections
apply in circumstances where consumer reports are provided to
prospective employers or contain medical information, and where
investigative consumer reports are prepared or obtained.
The Importance of the National Credit Reporting System
Maintaining a reliable national credit reporting system is
essential to ensure the continued availability of consumer credit at
reasonable cost. As Federal Reserve Board Chairman Greenspan has
observed, ``unless we have some major sophisticated system of credit
evaluation continuously updated, we will have very great difficulty in
maintaining the level of consumer credit currently available[.]'' \3\
Without the information that comes from various credit bureaus and
other sources, lenders would have to impose higher costs on consumers
to compensate for the increased risk and uncertainty associated with
the credit they extend.
---------------------------------------------------------------------------
\3\ Remarks following prepared testimony by Alan Greenspan,
Chairman of the Board of Governors of the Federal Reserve System, April
30, 2003, House Financial Services Committee.
---------------------------------------------------------------------------
The readily availability of accurate, up-to-date credit information
from consumer reporting agencies benefits both creditors and consumers.
Information from consumer reports gives creditors the ability to make
credit decisions quickly and in a fair, safe and sound, and cost-
effective manner. Consumers benefit from access to credit from
different sources, the competition among creditors, quick decisions on
credit applications, and reasonable costs for credit.
The Importance of Credit Scoring
Credit scoring has become an important tool in the credit granting
process. Credit scoring models, which typically are proprietary to
individual institutions or individual consumer reporting agencies, use
credit bureau information and other data to construct mathematical
scorecards that can accurately predict levels of creditworthiness
across various populations. These models assign positive and negative
weights to items of information that have demonstrated statistical
usefulness for the evaluation of credit risk. Credit scoring enables
creditors to evaluate, quickly and inexpensively, the risk of lending
to credit applicants, and promotes the making of expedited credit
decisions in a safe and sound manner. Consumers benefit from the
increased availability and lower cost of credit made possible by the
use of credit scoring models. Credit scoring also may help to reduce
unlawful discrimination in lending to the extent that these systems are
designed to evaluate all applicants objectively and thus avoid issues
of disparate treatment.
As Chairman Greenspan has noted, the emergence of credit scoring
technologies, ``has proven useful in expanding access to credit for us
all, including for lower-income populations and others who have
traditionally had difficulty obtaining credit. It has also enabled
financial institutions to offer a wide variety of customized insurance,
credit, and other products.'' \4\ Chairman Greenspan stressed the
importance of maintaining a system that provides incentives to develop
more sophisticated credit scoring models and enables credit scoring
models and technologies to advance.\5\
---------------------------------------------------------------------------
\4\ Letter from Chairman Alan Greenspan to Congressman Ruben
Hinojosa, February 28, 2003.
\5\ Remarks following prepared testimony by Alan Greenspan,
Chairman of the Board of Governors of the Federal Reserve System, July
15, 2003, House Financial Services Committee.
---------------------------------------------------------------------------
Risk-Based Credit Pricing
Credit evaluation systems rely on information gathered by consumer
reporting agencies on consumers' borrowing and payment experiences to
measure the credit risk posed by current and prospective borrowers.
Risk-based pricing, which has become increasingly common in all sectors
of the credit industry, is a mechanism by which the rates offered or
charged to consumers reflect the creditworthiness and risk posed. Risk-
based pricing is made possible because creditors have available to them
data from consumer reports, including credit scores, which permit them
to
assess the risk profiles of individual consumers. For example, a
consumer demonstrated to have an extremely low risk of default or
delinquency, based on a consumer report, would likely be offered a very
favorable interest rate; a consumer with a marginal credit history, on
the other hand, may also be offered credit, but at a higher rate. Risk-
based pricing permits creditors to offer credit products tailored to
the consumer's individual risk profile.
The Importance of the FCRA to the National Credit Reporting System
Federal Preemption Under the FCRA of Certain State Laws
In 1996, the Congress amended the FCRA and, among other things,
preempted the States from enacting laws or regulations dealing with
seven areas addressed by the FCRA. These seven areas include: The
procedures for using prescreened solicitations; the time for
reinvestigating disputed information; the duties of creditors that take
adverse action; the informational contents of consumer reports; the
duties of furnishers of information; affiliate information sharing; and
the form and content of the summary of rights disclosure. Through these
preemption provisions, the Congress effectively established uniform
national standards in these areas. The FCRA preemption provisions are
scheduled to sunset on January 1, 2004. After that date, States would
be permitted to enact laws in these seven areas if those laws
explicitly provide that they are intended to supplement the FCRA and
give greater protection to consumers than is provided under the FCRA.
Chairman Greenspan has stated his support for making permanent the
provision currently in the FCRA to provide for uniform Federal rules.
In an appearance before the House Financial Services Committee earlier
this year, Chairman Greenspan spoke of the importance of having
``national standards'' under the FCRA, and cautioned that with
significant differences State by State, it would be very difficult to
maintain as viable a system as we currently have.
The FCRA promotes the national credit system in important ways.
Perhaps most significantly, the availability of standardized consumer
reports--that contain nationally uniform data--allows banks to make
prudent credit decisions efficiently wherever they do business and
wherever their customers live and work. The FCRA's
national standards governing furnisher responsibilities and duties of
users taking adverse action--the two primary areas of responsibility
for most financial institutions--promote efficiency by enabling banks
to comply with a single set of rules for all of their domestic credit
operations. State-specific restrictions on furnishing information to
consumer reporting agencies, or on the contents of information
contained in consumer reports supplied by consumer reporting agencies,
could negatively affect credit availability and increase the cost of
credit.
Accuracy of Consumer Reports
Although maintaining uniform Federal rules in the seven areas where
the FCRA currently preempts State action is essential to the national
credit system, the current system is by no means perfect. In
particular, concerns have been raised about the accuracy and
completeness of information in consumer reports. Recent studies have
shown that consumer reports sometimes contain inaccurate, incomplete,
or
inconsistent data, although the degree to which this is a problem is in
dispute.\6\ Moreover, the growing problem of identity theft only
heightens concerns about the accuracy of consumer reports, because of
the difficulties that victims often face in having fraudulent accounts
removed from their credit files.
---------------------------------------------------------------------------
\6\ For a summary of these recent studies, see ``An Overview of
Consumer Data and Credit Reporting,'' Federal Reserve Bulletin,
February 2003, at 50.
---------------------------------------------------------------------------
The accuracy of consumer report information is a critical element
of the national credit reporting system. Most of the problems
associated with consumer reporting agency data appear to result from
the failure of creditors, collection agencies, or public entities to
furnish complete and consistent information in a timely manner.\7\ Four
particular areas of concern with regard to consumer report accuracy
include: (1) The failure to report credit limits; (2) the failure to
report updated information on accounts; (3) the failure to report
nonderogatory accounts or minor delinquencies; and (4) the inconsistent
reporting of public record data, collection agency data, and
inquiries.\8\ Although the financial services industry has undertaken
efforts to address the problem of inaccurate (and incomplete)
information in order to deter fraud, ongoing efforts are needed to
ensure that information furnished to consumer reporting agencies is
accurate, timely, and complete. Concerns about the accuracy of consumer
reports can be alleviated to some extent through consumer education,
such as efforts to encourage consumers to check their consumer reports
periodically.
---------------------------------------------------------------------------
\7\ Id. at 70-73.
\8\ Id. at 71-72.
---------------------------------------------------------------------------
Adverse Action Notices and Risk-Based Credit Pricing
Under the FCRA, if a creditor denies credit or takes other
``adverse action'' based on information in a consumer report, the
creditor generally must give the consumer a notice of that fact. Among
other things, the notice must also tell consumers of their right to
obtain a free copy of their credit report and to dispute inaccurate
information. The FCRA incorporates the definition of ``adverse action''
contained in the Equal Credit Opportunity Act and its implementing
regulation, the Federal Reserve Board's Regulation B. Under the ECOA
and Regulation B, consumers are entitled to a notice containing the
specific reasons for a credit denial or other adverse action. The FCRA
and ECOA notices, which are typically combined, provide an important
tool in educating consumers about the impact on credit availability of
negative information in their consumer reports. Receiving notice of the
specific reasons for adverse action coupled with notice that the
adverse action was based, in whole or in part, on information in a
consumer report: (1) Alerts consumers to specific problems or possible
inaccuracies in their credit reports, and (2) informs consumers of
their right to obtain a free copy of the report and to dispute
inaccurate information.
With the increase in risk-based pricing, consumers who previously
would have been denied credit (and would have received adverse action
notices) now are offered credit at rates that reflect their risk as
borrowers, thus expanding access to credit. When a consumer accepts a
creditor's offer of credit, even on different terms from those that
were requested, an adverse action notice is not required under
Regulation B, and hence is not required under the FCRA. Therefore, when
consumers apply for credit, adverse action notices are given to them
less frequently than in the past.
Concern has been raised that because of risk-based pricing, adverse
action notices may no longer be meeting at least part of the intended
purpose under the FCRA--helping to ensure the accuracy of consumer
reports. Inaccurate information in a
consumer report may negatively impact access to credit at rates that
reflect the consumer's creditworthiness, but there is no adverse action
notice directing the consumer's attention to potential errors may stand
in the way of more favorable terms.
One suggested approach for addressing this concern is to revise the
FCRA definition of adverse action to require that creditors provide an
adverse action notice whenever credit is granted on material terms less
favorable than those otherwise available. For example, a creditor using
a risk-based pricing system may offer a credit card based on an
assessment of the consumer's creditworthiness with rates ranging from
7.99 to 14.99 percent. A consumer would receive an adverse action
notice if the consumer was offered and accepted a rate of 8.99, rather
than the lowest rate of 7.99 percent, based on that risk assessment.
Providing adverse action notices to consumers that receive credit might
provide some benefit to consumers, but at a cost to industry that
likely would outweigh the potential benefit.
Other tools could be made available to consumers to mitigate these
concerns. For example, the Congress is now considering legislation to
give consumers the right annually to obtain a free copy of their
consumer reports upon request. If enacted, such legislation could
encourage consumers to check their consumer reports periodically,
particularly if coupled with appropriate consumer education about the
importance of consumer reports and how to check for accuracy.
Consumer Education and Financial Literacy
Consumer education and financial literacy play an important role in
helping consumers to understand the credit system and their own credit
standing.\9\ Financial education can equip consumers with the knowledge
required to make better choices among the financial products and
services, thus enabling consumers to obtain those products and services
at the lowest cost available to them. Financial education is
particularly valuable for populations that have traditionally been
underserved by the financial system and may help protect vulnerable
consumers from abusive credit arrangements that can be financially
devastating.
---------------------------------------------------------------------------
\9\ The Federal Reserve, however, does not have data that measure
consumers' level of knowledge or awareness of credit reporting, credit
scoring, or how the credit system operates. We do conduct consumer
research but the focus generally targets consumer knowledge of specific
practices or products.
---------------------------------------------------------------------------
Markets operate more efficiently when consumers are well informed.
Making informed decisions about what to do with their money will help
build a more stable financial future for individuals and their
families. The Federal Reserve System recently launched a national
financial education initiative to encourage consumers to learn more
about personal financial management, complete with a public service
announcement that featured Chairman Greenspan. The objective of this
initiative is to highlight the benefits of financial education and to
provide information on the resources available to consumers for
assistance in managing their finances. The Federal Reserve's financial
education website (www.FederalReserveEducation.org) makes available a
variety of materials that may be useful to consumers, including a
brochure entitled, ``There is a Lot to Learn about Money'' that
contains tips for managing credit wisely and protecting personal credit
ratings.
In addition, the Federal Reserve Bank of Boston has published an
excellent educational video and booklet on identity theft that explains
what identity theft is, how consumers can protect themselves from
becoming victims, and what they should do if they do become victims.
These materials also explain the importance of checking consumer
reports regularly, provide tips for how to read a consumer report, and
list appropriate contact information for the three major consumer
reporting agencies and certain Federal Government agencies. A copy of
the Boston Reserve Bank's identity theft booklet can be viewed online
at the Federal Reserve Bank of Boston's public website
(www.bos.frb.org/consumer/identity/index.htm).
Conclusion
The Committee is to be commended for undertaking an examination of
the FCRA and related issues at this important juncture. In conducting
this examination, it is important to maintain a viable, national credit
reporting system that preserves and expands reasonable access to
credit, and to promote consumer understanding and awareness of the
credit reporting system and how it relates to the credit granting
process.
----------
PREPARED STATEMENT OF DONNA GAMBRELL
Deputy Director for Compliance and Consumer Protection
Division of Supervision and Consumer Protection
Federal Deposit Insurance Corporation
July 29, 2003
Chairman Shelby and Senator Sarbanes, thank you for inviting me to
testify on behalf of the Federal Deposit Insurance Corporation (FDIC).
The FDIC has been closely following the hearings on the Fair Credit
Reporting Act (FCRA) and related issues. At stake are matters that
affect both individual consumers and the manner in which the Nation's
economy operates. FDIC Chairman Don Powell has stated his support for
making the expiring FCRA preemption provisions permanent. Doing so will
ensure the continuity of the credit reporting system of our Nation--a
system that provides consumers with unparalleled access to credit that
generally costs less than the credit available in other parts of the
world. We thank you for your careful consideration of these important
issues.
We also commend the Committee's attention to the difficult problems
associated with combating identity theft. For its part, the FDIC is
coordinating an effort among the Federal financial institution
regulators to publish guidance on measures that should be taken when
security breaches occur that may lead to identity theft. We believe
that institutions should take active steps to minimize potential harm
to consumers whose information has been breached, and urge a proactive
approach when an institution becomes aware of a breach.
The Nation's credit system and its regulatory framework have played
a vital role in increasing the availability of credit to a broader
cross section of American consumers, particularly in historically
underserved market segments. The Federal Reserve Board's 2001 Survey of
Consumer Finances indicates that between 1970 and 2001, the share of
households with credit cards increased from 16 to 73 percent. More
dramatically, during the same period, access to credit cards for the
lowest income quintile increased from 2 percent to 28 percent. Greater
access to credit also has meant greater access to mortgage financing.
Between 1983 and 2001, overall homeownership increased from 60 percent
to 68 percent of U.S. households. The largest increases in
homeownership were observed among minorities and lower-
income households. During the same period, homeownership among families
with incomes of less than $10,000 increased from 29 percent to 34
percent, and homeownership among families with incomes between $10,000
and $25,000 increased from 49 percent to 54 percent.
Policymakers and financial institutions alike have made commendable
efforts to broaden the scope of banking products for low- and moderate-
income people. However, many families still fall outside of the
financial mainstream and do not maintain traditional bank credit,
savings, or investment accounts. Nearly 10 percent of U.S. families do
not have transaction accounts. ``Unbanked'' individuals tend to: Have
low incomes, not own homes, be under 35 years of age, be nonwhite or
Hispanic, be unemployed, and be educated at the high school level or
below.
Some low- and moderate-income households have been able to take
advantage of access to banking services, but are finding themselves
very unprepared to deal with the complexities that characterize today's
financial environment. Unfortunately, one of the undesirable
consequences of the expansion of credit markets has been the
rise of predatory lending and other abusive practices. New customers
who are less familiar with traditional banking products and practices
are certainly more susceptible to accepting disadvantageous or even
illegal terms. These consumers also may be able to access more credit
than they can reasonably repay.
Clearly, increased knowledge on the part of consumers is a
significant way to combat these problems. The FDIC Consumer News
(circulation: 75,000) routinely discusses issues such as personal
financial management and consumer protection as a way to raise
awareness among bankers and consumers. Consumer protection issues
discussed in detail include identity theft, predatory lending, and
financial fraud. The FDIC also recognizes the need for a more
comprehensive approach to financial education that will better equip
consumers to enter the financial mainstream. Consumers need to
understand the existing protections that guard against discrimination
or unfair treatment in the lending process and the recourse available
to them under the law. They also need to understand the wide variety of
financial services that are available to them.
Money Smart
Three years ago, the FDIC was grappling with the problem of
misleading and abusive marketplace practices brought to our attention
by consumers, the banking industry, and Government agencies. As part of
our effort to explore solutions to this problem, the FDIC held forums
on predatory lending in seven locations nationwide. Those attending the
meetings included bankers, community leaders, city and State officials,
and local residents. Participants identified problems in their
particular geographic area and recommended solutions, which ranged from
more legislation to better enforcement of existing regulations. But
there was one recommended solution that remained constant across all
participants: Enhanced consumer education.
This recommendation provided the impetus for the FDIC to develop
``Money Smart'' as a way to address a number of problems affecting
consumers such as: The lack of traditional banking relationships for
millions of Americans; consumer reliance on so-called ``fringe
providers'' at costs they can ill afford; abusive lenders targeting
vulnerable segments of our population; identity theft; inaccurate
credit
reports; and unwise use of credit. Numerous studies have shown that
financial education efforts can foster positive changes in behaviors
and better equip consumers to operate within the financial arena. We
share that point of view.
We introduced Money Smart in the summer of 2001 as a program
uniquely designed to address the needs of low- and moderate-income
adults new to the banking system or lacking the knowledge to reap
potential rewards or avoid pitfalls. We designed Money Smart to be easy
to teach and easy to learn. It can be taught in its entirety, or
specific modules can be used to fill in the gaps in other financial
education programs. We make Money Smart available free of cost and
without copyright so that organizations desiring to use the program can
reproduce and use the program materials as needed. Also, we have made
clear that banks can receive Community Reinvestment Act credit for
their involvement in offering Money Smart classes in their communities.
We have made a number of improvements to the program since
introduction. Because immigrant populations represent a significantly
underserved market, we have translated Money Smart into Spanish,
Chinese, and Korean, and we will have a Vietnamese translation by the
end of this year. Also, we have added a CD-ROM version of the program.
This has improved accessibility to the program and has helped to keep
our costs low during a period where we have dramatically increased
distribution to meet increasing demand. We also plan to release a web-
based interactive version of the curriculum in early 2004 so that
individuals without access to an instructor can learn on their own
online.
Money Smart has generated a great deal of interest since it began
in July 2001. It has been widely cited in over a hundred national and
local publications. We have also received requests for the Money Smart
curriculum from Mexico, Thailand, and Canada. To date, we have provided
more than 22,000 institutions and organizations across the country with
over 75,000 copies of Money Smart. About a quarter of the copies were
requested by FDIC-insured financial institutions and credit unions.
While we are pleased with these numbers, FDIC Chairman Donald Powell
has set an even more aggressive goal for the next 4 years: To establish
partnerships with 1,000 organizations and institutions, in all 50
States; to distribute 100,000 copies of Money Smart; and to expose one
million consumers to our financial education program. We are committed
to meeting this goal.
Money Smart consists of 10 instructor-led training modules covering
the following topics: Bank On It--an introduction to bank services;
Borrowing Basics--an introduction to understanding credit; Check It
Out--how to open and maintain a checking account; Pay Yourself First--
the importance and benefits of, and methods for, saving money; Money
Matters--preparing a personal budget; Keep It Safe--consumer rights and
responsibilities; To Your Credit--the importance of credit history;
Charge it Right--the costs and benefits of using a credit card; Loan To
Own--the costs and benefits of consumer loans; and Your Own Home--an
introduction to home loans. Four of these modules--Borrowing Basics,
Keep It Safe, To Your Credit, and Charge It Right--address credit-
related issues discussed in the recent hearings before this Committee,
including recognizing the value of credit, understanding credit
reports, repairing credit, identifying potential problems with credit
card use, becoming familiar with consumer protection laws, avoiding
identity theft, and steering clear of scams.
We believe that a critical factor in the success of Money Smart has
been our emphasis on working through our regional community affairs
staff to establish relationships with local organizations that are best
situated to bring Money Smart to those who could benefit from it. In
announcing the Money Smart Alliance Program last year, Chairman Powell
stated its purpose would be to increase financial literacy in
communities where it is most needed. To date, over 340 organizations
throughout the country--in both urban and rural communities--have
joined our Money Smart Alliance. These organizations represent a wide
spectrum of delivery systems for our financial education program--
social services, financial institutions, housing services, educational
services, community organizations, as well as Government, faith-based,
and employment services. Money Smart Alliance members facilitate
implementation of our financial education program by making
contributions in a variety of ways, including promotion, delivery,
translation, funding, and evaluation.
We also have entered into formal partnerships with 20 major public
and private sector organizations that have a nationwide capability to
deliver Money Smart. These partnerships are a critical component in our
strategy to broaden our ability to deliver financial education to more
consumers.
For example, under a partnership agreement with the Neighborhood
Reinvestment Corporation, Money Smart has been used to train 315 adult
educators in 39 major cities, who, in turn, taught money management
skills to a total of over 5,500 students. These students primarily
consist of low-income consumers, minorities or women who are potential
homebuyers or existing homeowners having problems making ends meet. In
our partnership with the Department of Defense (DoD), we plan to reach
thousands of military personnel by using Money Smart curriculum in
conjunction with financial counseling. DoD also will offer seminars on
an ongoing basis to service members and their families. In the private
sector, we have corporate partners, such as Wachovia Corporation, that
have agreed to reach 5,000 low- and moderate-income individuals this
year in 11 States and the District of Columbia through employee
volunteerism in their communities.
Other national partners include the: Association of Military Banks,
American Bankers Association Education Foundation, Conference of State
Bank Supervisors, National Bankers Association, Independent Community
Bankers Association, America's Community Bankers, Department of Housing
and Urban Development, USDA Rural Development, Operation Hope, Office
of the White House Initiative on Asian Americans and Pacific Islanders,
Internal Revenue Service, Department of Labor, National Coalition of
Asian Pacific American Community Development, Goodwill Industries,
Opportunities Industrialization Centers of America, Inc., Women in
Housing and Finance, Inc., and National Image, Inc.
Based on our experience and suggestions from our many partners, we
determined that building additional program delivery capacity was
essential. Specifically, the FDIC concluded that train-the-trainer
workshops for banks and community organizations would boost the program
and should be a major focus in 2003, and beyond. Early this year, we
launched a major train-the-trainer campaign. The train-the-trainer
initiative not only increases capacity, but has the added bonus of
further standardizing instruction. As of June, we have held over 50
train-the-trainer workshops attended by more than 1,700 people. The
workshops are free and the FDIC projects each trainer will go on to
teach approximately 40 persons annually. Because we need to be focused
on not only quantity, but also quality, we have developed model
programs that blend a strong financial curriculum with service programs
and proven asset building strategies. The FDIC has taken the lead in
establishing partnerships with community and banker coalitions to link
financial education with
low-cost bank accounts and services, free tax preparation services
through the IRS Volunteer Income Tax Assistance (VITA), Earned Income
Tax Credit (EITC) funds,
Individual Development Accounts (IDA's), homeownership counseling, job
counseling, and other programs. To demonstrate the flexibility of our
financial education program and its ability to reach diverse groups of
consumers, each of the FDIC's eight regional and area offices, as well
as our headquarters in Washington, have established Money Smart Model
Site Projects. A model site is a sustainable initiative in which Money
Smart classes are taught on a regular basis, there is active
participation by one or more financial institution(s) and links are
established with other asset-building or service programs. To date, we
have established 17 model sites throughout the country. The following
are a few highlights from these efforts.

The DeKalb Workforce Center in Georgia serves as the FDIC
Atlanta Region's model site. The 2-year target is to move a minimum
of 500 previously unbanked consumers into the financial mainstream.
Partners include: Decatur First Bank, Wachovia Bank, Bond Community
Credit Union, Washington Mutual, SouthTrust Mortgage, SunTrust,
United Way, Federal Reserve Bank of Atlanta, Lutheran Services
Department of Labor (Employment and Training and the Women's
Bureau), Decatur/DeKalb Housing Authority, Internal Revenue
Service, Decatur High School, New Leaf, Columbia Residential
Properties, and Network IDA of the Southeast. Consumer education
workshops, with Money Smart as the core curriculum, are taught by
DeKalb Cooperative Extension personnel and volunteers from
financial institutions. Class participants have the opportunity to
access low-cost electronic/checking products and services. In
addition, the model site offers IRS Volunteer Income Tax
Assistance, providing free tax preparations in an effort to help
low-income families claim tax credits and receive refunds that can
be used to establish new bank accounts or reach other long- or
short-term financial goals. In May 2002, the DeKalb Workforce
Center received a First Accounts Award of $271,000 from the U.S.
Department of the Treasury to further its financial education
efforts. To date, over 1,400 persons have taken Money Smart classes
in English and Spanish. In addition to the adult education
component in this model site, Decatur High School offers Money
Smart as part of its job readiness program for seniors who will
enter the workforce after graduation rather than go to college.
Our Kansas City Regional Office has taken the unique approach
of establishing a three-pronged model site project to reach
consumers in rural, urban, and Native American communities located
in Iowa, Kansas, Minnesota, Missouri, Nebraska, North Dakota, and
South Dakota. As a result of the 17 coalitions formed from the 204
Money Smart Model Site partners in these States, over 8,600
individuals have been able to participate in Money Smart classes
and 1,100 of them have opened bank accounts.
Several of our Model Sites across the county have teamed up
with organizations administering programs for Temporary Assistance
for Needy Families (TANF) clients. As you know, TANF is a U.S.
Department of Health and Human Services program that awards block
grants to States to provide assistance and work opportunities to
needy families. The model site, formed by our Boston Regional
Office with the Williamanic-Danielson Partnership and Department of
Labor Employment One-Stop Centers in Connecticut, is an excellent
example of our effort to reach these consumers. It combines both
mandatory and voluntary financial education classes to reach over
1,500 low- and moderate-income adults, including both TANF clients
and IDA program participants. The IRS VITA and Earned Income Tax
Credit (EITC) programs also are available to class participants.
One client named Maria shared with us her dream of owning her own
home. Maria has three children and is participating in the IDA
program offered in conjunction with model site partner ACCESS
Agency, a nonprofit community-based organization. After attending 6
weeks of Money Smart classes, Maria learned how to budget her money
and is taking steps to repair her credit history. She is saving
with the help of another model site partner, the Savings Institute
of Williamanic, which administers the IDA savings account. With the
help of the dollar-for-dollar matching funds Maria receives through
her IDA savings account, she is on her way to realizing her dream
of homeownership.

We recognize that the long-term success of Money Smart is largely
dependent on our ability to set measurable goals for the program and
monitor our results on an ongoing basis. Two critical metrics for
measuring the program's success are: (1) The number of people who
complete the program; and (2) the number of people who entered into a
banking relationship (that is, opened up a checking or savings account)
after attending at least one Money Smart financial education class. To
measure these statistics, we recently completed a large-scale effort to
survey over 9,000 organizations that ordered Money Smart from the FDIC
between July 2001 and October 2002. Data from 2,641 respondents to the
survey indicated that over 85,000 participants attended at least one
Money Smart class during the survey period. Accounting for the
organizations that did not participate in the survey, and the
additional Money Smart financial education that has taken place since
the end of 2002, we expect that the number of participants that have
attended at least one Money Smart class to date exceeds 100,000. The
survey also indicates over 13,000 Money Smart participants went on to
initiate a banking relationship as a result of the program.
To plan for the future of Money Smart, Chairman Powell is seeking
advice from people involved in consumer finance. In June, we assembled
a forum in Chicago to explore issues related to financial literacy. We
also are in the preliminary stages of planning a financial literacy
symposium here in Washington. Our goal is to assemble a broad spectrum
of those with experience to identify innovative solutions for banks to
become more progressive in meeting their community lending
responsibilities and better meet the needs of the unbanked. Last week,
we sent out our first Money Smart electronic newsletter to each of the
institutions or organizations that have ordered the curriculum thus
far. Our hope is that the newsletter will be an effective way for us to
keep abreast of and share information on how Money Smart is being
implemented by banks, community organizations, Government agencies,
colleges and universities, and others. A link to the newsletter and
other information about Money Smart can be found at the FDIC website at
www.fdic.gov.
We have a great banking system in this country. We have a credit
market that is the envy of the world, and we believe everyone should
have an opportunity to participate. With Money Smart and the additional
dialogue we are proposing, we will have the means to offer better
access and financial alternatives to the most needy in our society. Our
plans for the future include additional program surveys and
assessments, continued expansion of collaborative efforts to deliver
Money Smart to consumers, and exploration of additional steps to bring
the unbanked and underserved into the financial mainstream.
Again, thank you for giving me the opportunity to testify before
you this morning on this critically important topic. I look forward to
answering any questions you might have. I also make the offer on behalf
of Chairman Powell to assist any Senator interested in looking into
establishing Money Smart programs for their constituents. Please
contact us so that we might have our regional staff meet with your
staff to help bring Money Smart to your communities.
----------
PREPARED STATEMENT OF JOEL WINSTON
Associate Director, Financial Practices Division
Bureau of Consumer Protection, U.S. Federal Trade Commission
July 29, 2003
Mr. Chairman and Members of the Committee, my name is Joel Winston.
I am Associate Director for Financial Practices at the Federal Trade
Commission (Commission or FTC). The Division I head is responsible for
enforcing the various consumer credit laws subject to the Commission's
jurisdiction.\1\
---------------------------------------------------------------------------
\1\ The views expressed in this statement represent the views of
the Commission. My oral presentation and responses to questions are my
own and do not necessarily represent the views of the Commission or any
Commissioner.
---------------------------------------------------------------------------
I am pleased to appear today to discuss ``financial literacy,''
both generally and as it relates to the Fair Credit Reporting Act
(FCRA). This is a topic of critical
importance, especially because the FCRA relies on the vigilance of
consumers in protecting their own rights. Our economy operates most
efficiently when consumers understand the credit system so they can
make the best decisions about their finances.
The FTC's Consumer Education Program
The Commission has undertaken significant efforts to educate
consumers about financial matters generally and credit issues
specifically. Consumer education is among our most important tools in
the fight against fraud and deception, because consumers are their own
first line of defense. Through our Division of Consumer and Business
Education, we continue to develop creative and effective ways of
reaching consumers to arm them with the information they need. We have
over 30 publications related to consumer credit topics, ranging from
advance-fee loans \2\ to vehicle financing.\3\ These publications are
available directly from the FTC and through a variety of partner
organizations and the Federal Citizen Information Center in Pueblo,
Colorado. All these materials are on the Commission's website at
www.ftc.gov. Credit publications have consistently been among the
Commission's most popular items. Last year, we distributed about 2
million credit-related brochures in print, and consumers accessed these
publications on the Commission's website another 1.5 million times.
Twelve of our credit publications are available in Spanish, and more
are in the translation pipeline.
---------------------------------------------------------------------------
\2\ ``Easy Credit? Not So Fast. The Truth About Advance-Fee Loan
Scams'' (http://www.ftc.gov/bcp/conline/pubs/tmarkg/loans.pdf).
\3\ ``Understanding Vehicle Financing'' (http://www.ftc.gov/bcp/
conline/pubs/autos/vehfine.pdf).
---------------------------------------------------------------------------
Both at our headquarters here in Washington and in our regional
offices, we have partnered with many outside organizations to improve
financial literacy. For example, our Northeast Region works with
colleges and universities in an effort called ``Project Credit
Smarts,'' in which we make presentations and distribute credit-related
publications during student orientation sessions. We have similar
working relationships with organizations such as the Jump$tart
Clearinghouse, the American Savings Education Council, AARP, the
Consumer Federation of America's Consumer Literacy Consortium, the
National Consumers League, and the Department of Defense. We also
distribute financial education materials at national meetings of the
NAACP, National Urban League, National Council of La Raza, and the
League of United Latin American Citizens, among others.
When the Commission takes law enforcement action, it strives to
combine it with an educational effort. Each action comes with a press
release and outreach efforts to consumers. Many cases are accompanied
by a consumer education publication that re-emphasizes the messages
consumers should take away from the case.\4\
---------------------------------------------------------------------------
\4\ For example, the Commission's announcement of its settlement
with Mercantile Mortgage Co. included consumer education regarding home
equity loans. See http://www.ftc.gov/opa/2002/07/mercantilediamond.htm.
---------------------------------------------------------------------------
Our identity theft program is another important way in which we
educate consumers about credit matters. One of the most devastating
consequences of identity theft is the damage that it causes to the
victim's credit record. As you know, Congress designated the Commission
to operate the national clearinghouse for identity theft complaints. We
offer publications with tips on how to avoid identity theft and what to
do if it happens. Last year, the Commission distributed about 1 million
identity theft publications and registered an estimated 2 million hits
to our identity theft website.
There are many sources of financial education materials throughout
Government and the private sector. For example, the National Endowment
for Financial Education, a nonprofit foundation, provides funding,
support, and expertise to develop financial literacy programs for the
public. The three major credit bureaus and Fair Isaac Corporation, a
major developer of credit scores, all operate websites with useful
information about credit reports and scores.
Consumer Education and the FCRA
Unfortunately, many consumers have limited knowledge of our credit
reporting system. They may not realize information about their
financial history is compiled and sold, not only just to creditors, but
also to employers, insurers, landlords, utilities, and others who use
it to make decisions. Consumers may not know what information is
reported about them, who uses it, and for what purposes. They may not
understand how that information affects their ability to get a loan,
insurance, or a job, and what rights they have to ensure the
information is accurate. Uninformed consumers may not take the steps
they should to improve their credit ratings or correct errors.
Improving financial literacy may not by itself ensure that consumers
are successful in using our credit system, but it is certainly a key
component.
It also is important to remember that the FCRA itself serves an
important educational function. The FCRA mandates that information be
made available to consumers in many different contexts. Perhaps most
important, the law requires that lenders and other users of credit
reports notify consumers when they take ``adverse action'' based on
information from a credit report. The notice must tell consumers that
the action was based, in whole or in part, on information in a credit
report. The notice also must disclose which credit bureau supplied the
report, and advise consumers of their rights to a free copy of the
report and to dispute the accuracy of the information in it. This
notice puts credit reports in consumers' hands when they are the most
motivated to act on it--that is, after they have been denied credit,
insurance, employment, or benefits based on the report.
Consumers receive additional information when they obtain credit
reports from the bureaus, whether in response to an adverse action
notice or otherwise. In 1996, Congress mandated that the bureaus send
with the report a copy of a document called a ``Summary of Consumer
Rights.'' This summary briefly describes the FCRA and explains the
consumer's rights under the statute, and directs consumers to the FTC's
website, which has extensive information about the FCRA and other
credit laws, and to the Commission's toll-free telephone helpline.
The Commission's legislative recommendations, about which Chairman
Muris testified before this Committee on July 10, would result in
better-educated consumers.\5\ Our proposals would put more information
in consumers' hands by: (1) Expanding consumers' right to adverse
action notices when they are offered less favorable credit terms; (2)
making annual credit reports available at no charge, and (3) giving
consumers more information about their credit scores along with
explanatory materials.
---------------------------------------------------------------------------
\5\ See Testimony of Timothy J. Muris before the Senate Committee
on Banking, Housing, and Urban Affairs, July 10, 2003 (http://
www.ftc.gov/os/2003/07/fcrasenatetest.htm).
---------------------------------------------------------------------------
The Commission's proposals also would empower consumers to act on
this improved information by streamlining the dispute process. For
example, the Commission supports an amendment that would require
resellers of consumer reports to submit disputes to the originating
repository to investigate these disputes.\6\ In addition, the
Commission believes that the law should be amended to require
furnishers of information to investigate consumer disputes when the
consumers contact them directly.\7\
---------------------------------------------------------------------------
\6\ See id. at 10.
\7\ See id. at 15.
---------------------------------------------------------------------------
Thank you for the opportunity to discuss the Commission's efforts
in the area of financial literacy. I will be happy to answer any
questions you may have.
----------
PREPARED STATEMENT OF TRAVIS B. PLUNKETT
Legislative Director, Consumer Federation of America
July 29, 2003
Good morning Chairman Shelby, Ranking Member Sarbanes, and the
Members of this Committee. My name is Travis B. Plunkett and I am
Legislative Director of the Consumer Federation of America.\1\ Thank
you for this opportunity to offer our comments on consumer awareness
and understanding of the credit granting and reporting process. We have
been involved for many years in efforts to increase the transparency
and effectiveness of the credit reporting system for consumers.
---------------------------------------------------------------------------
\1\ CFA is a nonprofit association of 300 pro-consumer
organizations that, since 1968, has sought to advance the consumer
interest through education and advocacy.
---------------------------------------------------------------------------
I applaud the Committee for conducting a hearing on such an
important--and little understood--subject. The hearing is very timely
for several reasons. First, unless consumers understand the credit
reporting system and have access to clear, timely information, they
won't be able to use the rights granted to them under the Fair Credit
Reporting Act. The Act expects a great deal from consumers because
significant protections are only triggered if consumers take narrowly
defined actions. For example, if a consumer doesn't know to contact a
credit bureau to trigger a reinvestigation of a credit reporting
problem, he or she might waste valuable time contacting his or her
lender and never get the problem resolved. This is because, as you
know, the lender is currently under no legal obligation to begin a
reinvestigation unless contacted by a credit bureau.
Second, with the advent of ``risk-based pricing'' in the last
decade, the way that credit is granted in this country has changed
dramatically, but information provided to consumers under the FCRA
about the nature of these loans has not kept up with this change. These
days, a consumer with some credit blemishes is much more likely to be
offered a higher-cost loan with less favorable terms than to be denied
a loan. Misclassification as a high-risk, subprime borrower because of
a credit report error or incomplete reporting by a furnisher (creditor)
can cause consumers to pay tens or hundreds of thousands of dollars in
higher interest rates. CFA's report on credit score accuracy issued
last December found that eight million Americans are likely to be
misclassified as subprime upon applying for a mortgage, based on the
study's review of credit files for errors and inconsistencies.\2\ Yet,
millions of consumers have no way of knowing that this has occurred,
because under the ``counteroffer'' loophole in the FCRA, they do not
receive an adverse action notice and are not granted the right to look
at their credit report at no charge and check for inaccuracies.
---------------------------------------------------------------------------
\2\ Consumer Federation of America and National Credit Reporting
Association. Credit Score Accuracy and Implications for Consumers.
December 2002. Available at: http://www.consumer fed.org/
121702CFA_NCRA_Credit_Score_Report_Final.pdf.
---------------------------------------------------------------------------
And finally, there has never been greater need for Congress to
discuss how it can help boost overall financial awareness and improve
financial decisionmaking by Americans, especially in regards to the
credit reporting and credit granting process. For three decades, our
organization has sought to improve financial ``literacy'' among the
public and to promote effective financial education.
In response to the invitation to testify at this hearing, the
Consumer Federation of America commissioned a study about consumer
knowledge of credit reports and scores and the level of public support
for a variety of protections that this Committee may consider. More
than 1,000 adults were interviewed.\3\ We found that a strikingly high
percentage of Americans not only do not understand basic facts about
credit reports and scores, but also acknowledge their own lack of
understanding about the subject. This recognition and awareness of the
growing importance of credit scores, may explain why the survey found
overwhelming support for new consumer protections. An important finding
of the survey is also that low- and moderate-income Americans--those
who tend to pay the highest price for credit and are most vulnerable to
inaccurate credit scores--are the least knowledgeable about credit
reports and scores.
---------------------------------------------------------------------------
\3\ The survey was conducted by Opinion Research Corporation
International. ORCI interviewed a representative sample of more than
1,000 adult Americans from July 18 to 21, 2003. The survey's margin of
error is plus or minus 3 percentage points.
---------------------------------------------------------------------------
Most Americans Say They Don't Understand Credit Reports
and Scores Well
When asked to assess their knowledge of credit reports and credit
scores, most Americans say their knowledge is fair or poor. Fifty
percent said their knowledge of credit reports was fair or poor, while
61 percent said their knowledge of credit scores was fair or poor.
Lower-income Americans are most likely to believe their knowledge
isn't good. More than 60 percent of those in households with incomes
under $35,000 said their knowledge of credit reports was fair or poor.
Nearly 70 percent of these low- and moderate-income Americans said
their knowledge of credit scores was fair or poor.
Young adults between the ages of 18 and 24 were also likely to say
their knowledge was not good. Sixty-two percent said their knowledge of
credit reports was fair or poor, while 78 percent said their knowledge
of credit scores was fair or poor.
Many Americans Lack Essential Knowledge About Credit Reports
and Scores
The survey also tested actual consumer knowledge about credit
reports and scores. Only 25 percent of Americans--and less than 20
percent of those with incomes below $35,000--said they knew what their
credit score was. And only 3 percent of Americans could, unprompted,
name the three main credit bureaus--Experian, Equifax, and TransUnion--
that provide both lenders and consumers information from credit
reports. Forty-three percent of Americans--only 35 percent of those
with incomes below $35,000--said they had obtained a copy of their
credit report from the three credit bureaus in the past 2 years.
The survey also tested consumer knowledge using a series of true-
false questions. The good news from this test is that large majorities
understand that consumers have the right to see their credit report (97
percent) and that consumers who fail to qualify for a loan have the
right to a free credit report (81 percent). The bad news is that many
consumers do not understand that in most States they must pay a fee to
obtain their credit report (54 percent), that their credit score may be
lowered if they use all of the credit available on their credit card
(55 percent), that their credit score may be lowered if they apply for
a credit card (62 percent), and that they are not required to contact
their lenders if they believe that their credit report or score is
inaccurate (64 percent). Also, 27 percent incorrectly believe that
their credit score mainly measures their knowledge of consumer credit,
not their creditworthiness.
Finally, the survey tested the knowledge about which service
providers often use credit scores to decide whether consumers can
purchase a service or at what price. Many Americans are not aware that
certain service providers frequently use these scores--60 percent were
not aware that electric utilities do so, 41 percent for home insurers,
41 percent for landlords, and 38 percent for cell phone companies. By
comparison, only 13 percent did not know that credit card companies use
credit scores.
Large Majorities Support Stronger Consumer Protections
The survey also questioned Americans about their opinions on new
consumer protections currently being considered by Congress. The
protections would give consumers greater access to their credit reports
and scores, and strengthen individual remedies that they could pursue.
The protections would also require credit bureaus to do a better job of
verifying consumer identities and would proscribe certain lender
practices.
Large majorities indicated their support for these protections.

Credit bureaus should do a better job of verifying identities on
credit applications to reduce identity theft--96 percent support, 83
percent strongly.
Consumers who are denied a loan or charged a high price should be
able to get from the lender a free copy of the credit report and score
used as the basis for the lender's decision--94 percent support, 78
percent strongly.
A bank should not be allowed to use your medical information to
make credit decisions without your consent--87 percent support, 77
percent strongly.
A bank should be required to obtain your permission before it can
share your financial information with other companies it owns--91
percent support, 76 percent strongly.
Consumers should be able to obtain a free credit report and score
once a year from the three main credit bureaus--91 percent support, 71
percent strongly.
Consumers should be able to sue lenders who knowingly provide
credit bureaus with incorrect, damaging information--84 percent
support, 62 percent strongly.
A credit card lender should not be allowed to raise the interest
rate because of a credit problem that involves another lender--75
percent support, 52 percent strongly.

The cumulative effect of the extremely broad support for these
proposed reforms is nothing less than a mandate for a comprehensive
overhaul of the Fair Credit Reporting Act. Consumers want easier access
to their credit reports and scores, greater protections against privacy
and credit reporting abuses, and the right to go after lenders in court
who repeatedly make grievous errors.
Empowering Consumers through Reforms to the Fair Credit Reporting Act
Given the relatively low levels of knowledge about credit reporting
and scoring reported by the survey, it is especially important that
Congress improve the transparency of the credit reporting system. We
also strongly recommend that Congress overhaul the cumbersome and out-
of-date procedures under the FCRA for resolving disputes between
consumers and credit bureaus, and between consumers and data
furnishers, such as credit card companies.
First, give consumers more information. Information, provided in a
clear manner and on a timely basis, is the key to improving consumer
knowledge of the credit reporting process. Our recommendations will
provide consumers with more information about their credit reports and
scores in two ways: (1) On an ongoing basis--so that consumers can
eliminate inaccuracies and prevent problems before they occur--and, (2)
when credit troubles arise because of a credit report, such as the
denial of a loan or an offer to extend credit on less than favorable
terms.

Credit bureaus should be required to provide consumers with
their credit reports and their credit scores once a year upon
request at no charge. They should be given a description of the
major factors that are used to calculate the score, the weight of
each factor in calculating the score, and how the consumer rated on
each major factor. Free credit reports, once a year upon request,
are currently required in legislation that has just moved to the
House floor (H.R. 2622) but the bill does not require free access
to the score. Charging a fee for credit scores will not only mean
that fewer consumers will learn their score, but it undercuts the
goal of offering the report at no charge, since reports and scores
are often marketed to consumers as a package product. Also,
disappointingly, the full Committee accepted an amendment to limit
provision of the free credit report annually on request to the
national repositories. The original version of the bill would have
required all credit bureaus to provide a free credit report on
request.
Congress should mandate that these reports be easy to get,
perhaps through the establishment of a registry at the Federal
Trade Commission that will allow consumers to call or e-mail one
location and get a copy of their reports from all three major
credit bureaus. Consumers should not be limited to making requests
only by mail, or have to deal with a complicated and time-consuming
voice mail system, or have to click through page after page of
information online simply to get access to a free report. Credit
bureaus could easily undermine the goal of improving consumer
access to their reports and scores if they make it cumbersome for
people to request this information. To deal with privacy concerns
when requesting a report, consumers could verify their identities
by using a credit card, as other applicants do, but then not have
the card billed.
Require creditors to identify any offer of credit at less than
the most favorable terms as an ``adverse offer,'' as has been
called for by the Federal Trade Commission. This would include
prescreened ``subprime'' mortgage offers or credit cards
solicitations that are based on negative or less than favorable
credit information. As is well known, the subprime credit industry
has boomed in the past decade by offering borrowers with blemished
or limited credit histories mortgage loans, car loans, and credit
cards at higher rates and less favorable terms than offered to
their ``prime'' borrowers. As lenders increasingly offer a
continuum of loans at different rates and terms, it is more
important than ever that consumers have the ability to exercise
their FCRA rights to ensure that the adverse credit information is
correct. In the world of ``risk-based'' pricing, borrowers should
know that they are being targeted because of their less-than-
optimal credit history and should be offered the opportunity to
check their credit history and change any information that is not
accurate or complete. Furthermore, as stated above, many consumers
are unwittingly giving up their FCRA rights because they are
accepting loans that are legally considered ``counteroffers.''
Consumers should also be able to obtain directly from the
lender a free copy of the ``subscriber'' report and score used to
deny credit or offer it under less favorable terms. This report
includes the actual report data by the lender used to take an
adverse credit action. Employment applicants already have a similar
right under FCRA but borrowers currently do not. Easy access to
this information will also provide a powerful incentive for credit
bureaus to improve accuracy, as well as giving consumers a helpful
educational tool. Consumers face two problems when they request a
credit report (and score) from a credit bureau. First, any adverse
actions previously taken were based on a subscriber credit report
provided to the lender. The subscriber report is often provided
based on a limited number of matching data points and is more
likely to contain inaccurate or mismerged information about other
consumers than a report requested by a consumer, since a consumer
must provide a detailed match of name, address, and Social Security
number. Second, a score derived from that consumer report will
probably differ from the score the subscriber obtained from the
less accurate report. Upon receiving the subscriber report,
consumers would then be allowed to identify any errors or out-of-
date information, provide documentation, and be
reevaluated for the loan or for prime rates. The additional cost to
lenders and businesses of providing these reports immediately would
be minimal. Since they already possess the report in paper or
electronic form, they would merely have to copy or print this
report.
Provide consumers with detailed explanations as to why credit
is denied or less-than-favorable terms are offered. In its study of
credit score accuracy,\4\ CFA found that approximately 7 in 10
credit reports indicated that the primary factor contributing to
the credit score was ``serious delinquency,'' ``derogatory public
record,'' ``collection filed,'' or some combination of these
factors. This generic and extremely vague information provided by
creditors when they take an adverse credit action is too general to
be helpful, especially for most subprime borrowers, who by
definition have some credit blemishes. Instead, lenders should be
required to identify any specific entries (trade lines) that are
lowering a consumer's score and indicate the impact on the consumer
(either the point value deducted for that entry or the proportional
impact relative to other derogatory entries.)
---------------------------------------------------------------------------
\4\ Consumer Federation of America and National Credit Reporting
Association. Credit Score Accuracy and Implications for Consumers.
December 2002. Available at: http://www.consumer fed.org/
121702CFA_NCRA_Credit_Score_Report_Final.pdf
---------------------------------------------------------------------------
Require creditors and other data furnishers to notify
consumers any time derogatory information has been placed on a
credit report. The State of Colorado requires credit bureaus to
provide consumers who have had any negative information added to
their reports with annual notification of their rights. This would
offer consumers the opportunity to check the accuracy of this
information when it is submitted, as opposed to finding out the
next time the consumer applies for credit and is turned down or
offered a high interest rate.

Second, allow consumers to quickly and easily question the accuracy
and completeness of information in credit reports.

Give consumers an FCRA right to contact a furnisher directly
to initiate reinvestigation, as the Federal Trade Commission has
recommended. As stated above, furnishers have no legal obligation
under current law to investigate a credit reporting error, if
contacted by the consumer. Under the FCRA, credit furnishers only
have a legal obligation to respond to a reinvestigation begun by a
credit bureau, at the request of a consumer. As a result, consumers
often face longer delays and more ``finger pointing'' when they
contact their lender about a credit reporting problem first. The
law should make it clear that furnishers have an obligation to
respond to their customers if a credit reporting complaint is made.
Shorten the deadlines by which creditors must respond to
consumer disputes about credit information. Currently, the FCRA
provides creditors with 30 days to respond to a dispute; 45 days if
the consumer submits additional documentation about the dispute. In
the age of ``instant credit'' and 3-day credit rescoring by credit
reporting resellers, these deadlines are much too long. By the time
the consumer hears back from the credit bureau about the outcome of
the dispute, he or she might have lost a home loan (and the home)
or submitted to a loan at a higher rate than he or she was entitled
to. Given how fast credit decisions are now made, resolution
deadlines of 10 days (15 days if the consumer submits additional
information) do not seem unreasonable. Credit bureaus have shown in
recent years that extremely quick reinvestigations are possible.
The credit bureaus have a well-documented system that provides
``concierge'' services for certain classes of consumers. VIP's and
consumers who are suing the bureaus generally can get complaints
resolved more quickly. The most efficient reinvestigation systems
are provided for consumers working with certain mortgage entities,
where rapid rescoring can gain a correction in 24-48 hours.
Require the FTC and other regulators to fully enforce the
existing requirement that credit bureaus consider all information
relevant to a consumer's dispute, including information provided by
the consumer, and to require bureaus to reject findings of so-
called furnisher reinvestigation that conflict with such relevant
information provided by the consumer. This Committee has already
heard testimony, from Evan Hendricks and others, that credit
bureaus and furnishers are failing to conduct reinvestigations in a
reasonable manner.

Third, give consumers better private enforcement rights, since the
agencies aren't adequately enforcing the accuracy provisions of the
law:

Give consumers the right to go to a court and seek injunctive
relief to stop a credit bureau from selling faulty credit reports
about them.
Give consumers the right to seek minimum statutory damages of
$100 to $1,000 per violation of the FCRA, as other consumer laws
provide, so that they do not have to prove their actual damages to
a court. This provision is especially critical for identity theft
victims, who often spend hundreds of hours over a period of years
trying to clear their good names. While the cost of emotional
distress is significantly greater than $100 to $1000, the threat of
specific damages would be a powerful incentive to force creditors
and credit bureaus to clean up the credit reporting system's
accuracy.
Improving Overall Financial Literacy
The results of this survey also point to the need for a long-term
strategy to boost general financial awareness and to improve financial
decisionmaking by Americans. There has never been a greater need to
advance financial education.
The financial education needs of the least affluent and well-
educated Americans are especially pressing, in part because recent
changes in the financial services marketplace have increased the
vulnerability of these households. In particular, the dramatic
expansion of high-cost and sometimes predatory lending to moderate and
lower-income Americans in the last decade has put many of these people
at great financial risk. Because these individuals lack financial
resources and often are charged high prices, they cannot afford to make
poor financial choices. But because of low general and financial
literacy levels, they often have difficulty making smart financial
decisions, in part because they are especially vulnerable to abusive
seller practices.
There is no large population that would benefit more from improved
financial education than the tens of millions of the least affluent and
well-educated Americans. In 1998, 37 percent of all households had
incomes under $25,000. With the exception of older persons who had paid
off home mortgages, these households had accumulated few assets. In
1998, according to the Federal Reserve Board's Survey of Consumer
Finances, most of these least affluent households had net financial
assets (excluding home equity) of less than $1,000. Moreover, between
1995 and 1998, a time of rising household incomes, the net worth of
lower-income households actually declined.
For lower-income households with few discretionary financial
resources, failing to adequately budget expenditures may pressure these
consumers into taking out expensive credit card or payday loans.
Mistakenly purchasing a predatory mortgage loan could cost them most of
their economic assets.
These households also need to make smart buying decisions because
they tend to be charged higher prices than more affluent families:
Higher homeowner and auto insurance rates because they live in riskier
neighborhoods; higher loan rates because of their low and often
unstable incomes; higher furniture and appliance prices from
neighborhood merchants that lack economies of scale and face relatively
high costs of doing business; and higher food prices in their many
neighborhoods without stores from major supermarket chains. Lower-
income families are also faced with higher prices for basic banking
services and they lack access to essential savings options. Lower-
income households with low literacy levels are especially vulnerable to
seller abuse. Consumers who do not understand percentages may well find
it impossible to understand the costs of mortgage, home equity,
installment, credit card, payday, and other high-cost loans.
Individuals who do not read well may find it difficult to check whether
the oral promises of salespersons were written into contracts. And,
those who do not write fluently are limited in their ability to resolve
problems by writing to merchants or complaint agencies. Consumers who
do not speak, read, or write English well face special challenges
obtaining good value in their purchases.
Over the past decade, the financial vulnerability of low- and
moderate-income households has increased simply because of the dramatic
expansion of the availability of credit. The loans that subjected the
greatest number of Americans to financial risk were made with credit
cards. From 1990 to 2000, fueled by billions of mail solicitations
annually and low minimum monthly payments of 2-3 percent, credit card
debt outstanding more than tripled from about $200 billion to more than
$600 billion. Just as significantly, the credit lines made available
just to bank cardholders rose to well over $2 trillion. By the middle
of the decade, having saturated upper- and middle-class markets,
issuers began marketing to lower-income households. By the end of the
decade, an estimated 80 percent of all households carried at least one
credit card. Independent experts agree that expanding credit card debt
has been the principal reason for rising consumer bankruptcies.
Also worrisome has been the expansion of high-priced mortgage loans
and stratospherically priced smaller consumer loans. In the 1990's,
creditors began to aggressively market subprime mortgage loans carrying
interest rates greater than 10 percent and higher fees than those
charged on conventional mortgage loans. By 1999, the volume of subprime
mortgage loans peaked at $160 billion. Mortgage borrowers in low-income
neighborhoods were three times more likely to have subprime loans than
mortgage borrowers in high-income neighborhoods. A significant minority
of these subprime borrowers would have qualified for much less
expensive conventional mortgage loans. Some of these borrowers were
victimized by exorbitantly priced and frequently refinanced predatory
loans that ``stripped equity'' from the homes of many lower-income
households.
The 1990's also saw explosive growth in predatory small loans--
payday loans, car title pawn, rent-to-own, and refund anticipation
loans--typically carrying effective interest rates in triple digits.
The Fannie Mae Foundation estimates that these ``loans'' annually
involve 280 million transactions worth $78 billion and carrying $5.5
billion in fees. The typical purchaser of these financial products has
income in the $20,000 to $30,000 range with a disproportionate number
being women.
Both proper regulation and education are necessary to ensure that
lower and moderate income Americans are not subject to abusive lending
practices and that they have the knowledge to make effective decisions
in an increasingly complex financial services marketplace.
Thankfully, Senators Sarbanes, Shelby, Stabenow, Enzi, and Akaka
have all shown a great deal of interest in improving financial
education efforts in this country. For example, Senator Sarbanes'
recently proposed an idea that has a lot of merit: Creating a Financial
Literacy and Education and Coordinating Committee within the Department
of the Treasury.
While many worthwhile financial education programs exist, they are
not well coordinated, effectively reach only a small minority of the
population, and do not
reflect any broad, compelling vision. Many focus only on increasing
consumer knowledge of how to best operate in the financial services
marketplace, and not on actually changing consumer behavior to improve
decisions about spending, saving, and the use of credit. Moreover,
there is no clear consensus about how to effectively provide financial
education, especially to those who have completed their secondary
education and to those with low literacy levels. What is most needed is
a comprehensive needs assessment and plan to guide and inspire
financial educators and their supporters. Moreover, for any
comprehensive plan to win broad public and private support and
participation, the Federal Government must provide leadership. Both a
comprehensive strategy and Federal leadership (not ownership) are
called for in the Sarbanes' bill. Such an approach could also convince
a broad array of government, business, and nonprofit groups to work
together to persuade the Nation to implement that plan.
We commend Senator Sarbanes for proposing a comprehensive and
achievable vision for improving financial awareness and decisionmaking.
We look forward to working with him, Senator Shelby, and the other
Senators I mentioned to improve financial education in this country.
Conclusion
I applaud the Chairman, the Ranking Member, and all the Members of
this Committee for the exhaustive and informative set of hearings that
you have conducted about the state of the Fair Credit Reporting Act. As
the Committee begins writing legislation to deal with the problems that
have been identified in these hearings, I urge you not to overlook what
we heard from Americans in our survey. Consumers want a credit
reporting system that is more accurate, more transparent, and that
better protects their privacy. I look forward to working with the
Committee to achieve these important goals.
----------
PREPARED STATEMENT OF CHERI ST. JOHN*
Vice President of Global Scoring Solutions, Fair Isaac Corporation
July 29, 2003
Introduction
Mr. Chairman and Members of the Committee, my name is Cheri St.
John. I am the Vice President of Global Scoring Solutions for Fair
Isaac Corporation. Thank you for the opportunity to testify before you
today about Fair Isaac's leadership in improving the financial literacy
of American consumers, specifically with respect to Fair Isaac's
efforts to empower consumers by providing them with actionable
information about the credit scores that lenders use to make credit
decisions.
---------------------------------------------------------------------------
* All attachments referenced in Ms. St. John's prepared statement
are held in Senate Banking Committee files.
---------------------------------------------------------------------------
Fair Isaac Corporation
Fair Isaac Corporation is the preeminent provider of creative
analytics that unlock value for people, businesses, and industries.
Founded in 1956, Fair Isaac helps thousands of companies in over 60
countries acquire customers more efficiently, increase customer value,
reduce fraud and credit losses, lower operating
expenses, and make more credit available to more people. Fair Isaac
pioneered the development of statistically based credit risk evaluation
systems, commonly called ``credit scoring systems,'' and is the world's
leading developer of those systems. Thousands of credit grantors use
broad-based credit scores commonly known as ``FICO^' scores''
generated by Fair Isaac-developed scoring systems implemented at the
national credit reporting agencies. Fair Isaac has also developed
custom scoring systems for hundreds of the Nation's leading banks,
credit card issuers, finance companies, retailers, insurance companies,
and telecommunication providers.
There are many different kinds of credit scores. The most well
known are the broad-based credit risk scores developed by Fair Isaac
known as FICO scores and widely distributed to lenders by the three
national credit bureaus under the brand names: Beacon from Equifax;
Empirica from TransUnion; and, the Experian/Fair Isaac Risk Model from
Experian. Indeed, there are several versions of the above FICO scores
available because some lenders adopt newly developed versions more
quickly than other lenders. There are also broad-based credit scores
developed by each of the three bureaus and from other third-party
developers. There are custom models developed for use by individual
lenders. There are also credit score models developed for specific
industries, such as the mortgage, automobile, and telecommunications
industries. Finally, there are credit scores distributed primarily to
the consumer market.
Over the last 40 years credit scoring has become an important part
of most credit decisions, such that Fair Isaac believes some form of
credit scoring is now used in the majority of consumer credit
decisions. A FICO Score is a 3-digit number that tells lenders how
likely a borrower is to repay as agreed. To develop the models that
generate the credit scores, Fair Isaac analyzes anonymous credit report
data to statistically determine what factors are most predictive of
future credit performance. Factors that do not have predictive value
and factors that by law cannot be used in the credit decision are
excluded from consideration. FICO scores use information from consumer
credit reports to provide a snapshot of the credit risk at a particular
point in time. Scores can change over time, as subsequent credit risk
predictions reflect changes in underlying behaviors.
Fair Isaac is a leading developer of insurance risk scores. Over
350 insurance companies use Fair Isaac insurance scores that they
obtain through national credit reporting agencies. Although insurance
scores utilize credit data, they differ from credit scores in that
insurance scores are developed based on insurance premium and loss
history and predict future insurance loss ratio relativity. Like credit
scores, insurance scores do not consider a person's income, marital
status, gender, ethnic group, religion, nationality, or neighborhood,
and the scores are applied consistently from one consumer to the next.
A strong statistical correlation has been repeatedly demonstrated
between credit data and insurance loss ratio,\1\ and insurance scores
have become a valuable component in determining insurability and the
rate assigned. Insurers use insurance scores to accelerate their
processing for applicants and renewal shareholders, to concentrate
their additional underwriting attention on higher-risk individuals, and
to better manage operational strategies. Consumers benefit from lower
rates. Insurers have stated that 60-75 percent of their policyholders
pay lower premiums because of insurance scoring. Fair Isaac has been
supportive of the efforts of insurance score users to educate consumers
and agents about insurance scoring.\2\
---------------------------------------------------------------------------
\1\ See, Predictiveness of Credit History for Insurance Loss Ratio
Relativities, October 1999; Attachment 1: A Statistical Analysis of the
Relationship Between Credit History and Insurance Losses, Bureau of
Business Research (McCombs School of Business) at the University of
Texas, March, 2003 available at http://www.utexas.edu/depts/bbr/
bbr_creditstudy.pdf.
\2\ See e.g., Answers to Your Questions About Insurance Bureau
Scores, Attachment 2.
---------------------------------------------------------------------------
With Credit Scoring, More People Get Credit, They Get It Faster, and
It's More Affordable
FICO scores mean more people have access to credit. Credit scores
allow lenders to better assess their risk and tailor credit for each
consumer's needs. FICO scores are used in almost every sector of the
Nation's economy: For mortgages, credit cards, auto loans, personal
loans, even cell phone service. More people can get credit regardless
of their credit history because credit scores allow lenders to safely
assess and account for the risk of consumers who have no existing
relationship with the lender, who have never entered the lender's
branches, and who may have been turned away in the past by other
lenders. Lenders use scores not only to evaluate applications, but also
to manage the credit needs of existing customers by extending
additional credit or helping consumers avoid overextending themselves.
FICO scores are also used by lenders and securities firms as to aid
securitization of credit portfolios which provides lenders the capital
they need to make credit available to more consumers. FICO scores are
accepted, reliable,\3\ and trusted to the point that even regulators
including Federal bank examiners, and security rating agencies, use
them to help ensure the safety and soundness of the financial
system.\4\
---------------------------------------------------------------------------
\3\ See Attachment 3, A Clarification of the Consumer Federation of
America's Observations About Credit Score Accuracy.
\4\ See Attachment 4 for examples of Federal agencies that use FICO
scores.
---------------------------------------------------------------------------
FICO scores mean people get credit faster. ``Instant credit'' at a
retailer, an auto dealer, over the phone, or on the Internet would not
be possible without credit scores. Even mortgage loans that used to
take weeks can now be done in minutes. Among the tremendous lending
advances in the United States over the last decade has been the
streamlining of the lending process, so that credit approvals--not just
on credit cards but on installment loans, mortgages, home equity lines
of credit, and even commercial loans to small businesses--can be made
faster with less manual review, less paperwork, and fewer data
requests. All of this has occurred while lenders have not only
preserved but also strengthened their visibility and control over their
risk exposure.
FICO scores mean people pay less for their credit. Scores make
credit more affordable by reducing the cost of evaluating applications,
reducing loan losses, reducing the cost of managing credit portfolios,
reducing marketing costs with prescreening, and cutting the cost of
capital with securitization. This efficient flow of credit and capital
has a large part to play in the continued robustness of the American
economy. By enabling lenders to extend credit quickly while managing
their risk, credit reports and scores have made credit more accessible,
at lower rates, to more people.
Lenders must make a credit decision, and they must predict the
future in doing so. Lenders can use a variety of decision making
techniques to predict the future, ranging from a simple subjective
evaluation of application and credit history information by a loan
officer, to predictive technologies, including credit scoring. When a
creditor switches from judgmental decisions to scoring, it is common to
see a 20-30 percent increase in the number of applicants accepted with
no increase in the loss rate. Lenders should use all the information
that is legally, economically, and efficiently available to make the
best and fairest possible decision for each individual with whom they
do business. FICO scores, when used properly, make a tremendous
contribution in doing just that. FICO scores use only legal data as
inputs, and only those factors proven to be predictive of credit risk.
Scores are also more consistent from consumer to consumer because they
assess the same factors the same way, each time.
Studies have concluded that the same Fair Isaac credit score
indicates the same level of risk regardless of the income level of the
consumer or whether the consumer resides in an area with a high
percentage of minority residents, with differences consistently
favoring the low- to moderate-income (LMI) and high minority area (HMA)
applicants.\5\ Those same studies indicate that credit scoring is a far
more predictive screen for both the LMI and HMA applicants than is
judgmental decision making. Finally, the multiple scorecard systems
developed by Fair Isaac and resident at the three main U.S. credit
bureaus were proven to be more predictive than a single scorecard
developed for the HMA population for the study.
---------------------------------------------------------------------------
\5\ See, The Effectiveness of Scoring on Low-to-Moderate Income and
High Minority Area Populations, a Fair Isaac Paper dated August, 1997,
Attachment 5.
---------------------------------------------------------------------------
Fair Isaac credit scores transform the economics and efficiency of
the credit decision to allow all relevant information to be brought to
bear so that no information that is favorable to an individual is
omitted from the decision process. Credit scoring scientifically, and
therefore fairly, balances and weighs positive information along with
any negative information in credit reports. In essence, full positive
credit reporting and scoring have ``democratized'' credit granting--
information about all consumers is available to all lenders for a fair
evaluation. Scoring has transformed credit granting so that it is no
longer simply based on who you know.
Financial Education and Consumer Empowerment Depend Upon
Actionable Information About the Credit Scores That Lenders Use
Fair Isaac Supports Consumer Education and Empowerment
When lenders first began using credit scoring, Fair Isaac provided
both lenders and regulators the information and training needed for
effective score tracking and oversight. Lenders have always been
provided with the top four reasons with every credit score, in order of
their importance to the score. As credit scoring use has grown, Fair
Isaac has responded by providing consumers with the information they
need to understand credit scoring and use it to take control of their
credit health. Fair Isaac has published consumer booklets on credit
scoring since the early 1990's on its own and in conjunction with
others such as the FTC. Free information has also been available to
consumers at www.myFICO.com, since its inception. Consumers interested
in learning more about their individual score can access www.myFICO.com
to get their own FICO Score, accompanied by the underlying credit
report, and a complete explanation of their personal FICO score for
$12.95. Fair Isaac has given consumers a place in the credit reporting
process by pioneering consumer credit empowerment with its myFICO.com
score explanation. Millions of consumers have already taken steps to
control their credit lives by using myFICO.com to obtain informative,
actionable credit-information services including the FICO scores that
lenders use, and to help improve and protect their overall financial
health.
Explanations of Adverse Action
Consumers, by law, are provided with the key reasons behind their
score, when those score(s) were a factor in a decision resulting in an
adverse action. These reason codes provided with the FICO score can be
used by the lender as part of its explanation to the consumer of any
adverse action taken and what the consumer can do to improve their
outlook for being approved for credit in the future.
Evolution of Consumer Credit Score Education
FICO scores first became available commercially from all three
national credit reporting agencies in 1991. Prior to the mortgage
industry's embrace of credit risk scoring technology in the mid-1990's,
U.S. consumers generally were not aware of this business decision tool
and it was not as widely used. This started to change in 1995 when
Fannie Mae and Freddie Mac approved the use of credit risk scoring by
mortgage lenders. Their approval prompted an increasing number of
mortgage lenders and mortgage brokers to use credit risk scores in loan
underwriting. Other industries began relying more heavily on FICO
scores as well, such as auto lenders and bankcard issuers. Through
consumers' interaction with brokers and lenders, the public became more
aware of credit scores. The news media also began reporting on this as
yet relatively unknown lender risk evaluation tool.
Five years ago, market research showed an initiative to educate
consumers about credit scoring was likely to fail due to lack of
consumer interest. Once the wide use of credit scores made consumers
receptive, however, Fair Isaac launched its consumer education
initiative that has made it a leader in promoting financial literacy
for all consumers.
We believe it is instructive to briefly review the development of
consumer credit education to show how Fair Isaac continues to respond
to the need for financial literacy as consumers' awareness grows. The
one constant has been Fair Isaac's commitment to the disclosure of
credit scores in a way that equips the consumer with accurate,
actionable information while avoiding the confusion that can be created
from a misunderstanding of a complex topic.
Initiative to Demystify FICO Scores
On June 8, 2000, Fair Isaac announced its public disclosure of all
the factors used in its FICO credit bureau risk scores. The list was
made publicly available on the company's website for free, and remains
free and accessible today at http://www.my fico.com/myfico/
CreditCentral/ScoreConsiders.asp.
FICO Guide
By late October 2000, Fair Isaac had developed and launched an
online service called FICO Guide. FICO Guide provided a FICO score
explanation when a lender or broker provided the consumer with his or
her FICO score, the accompanying reason codes, and the name of the
credit reporting agency that had calculated the score. FICO Guide was
developed to offer consumers, and the lenders and brokers who served
them, an interim score explanation service. While the Fair Isaac
pursued several options for disclosing FICO scores directly to
consumers FICO Guide was phased out shortly after Fair Isaac launched
its score disclosure and explanation service 5 months later via
myFICO.com.
The First Online Consumer Service That Provides FICO Scores
and Explanation Directly To Consumers
On January 11, 2001, Fair Isaac and Equifax announced their
agreement to create the first service that explains and delivers credit
scores directly to consumers, accompanied by the underlying Equifax
credit report and a score explanation by Fair Isaac. In their
announcement, Fair Isaac explained, ``We will provide the tools to not
only review an individual's credit information, but to help them
understand how that data may be analyzed to predict the risk associated
with a credit application.'' The companies began offering their new
service online on March 19, 2001.
Personalized FICO Score Simulation
On May 21, 2002, Fair Isaac revolutionized consumer credit
education when it introduced its FICO Score Simulator on
www.myFICO.com, as a free service for customers who purchase a score
explanation service.\6\ The FICO Score Simulator uses consumers' own
credit information and FICO scores to help them see how specific future
actions they might take could change their FICO score, and learn what's
most important to achieve and maintain good credit health. Consumers
can see how their FICO scores would respond to any of a variety of
actions ranging from paying all their bills on time for the next month,
to declaring personal bankruptcy.
---------------------------------------------------------------------------
\6\ A sample of the FICO Score Simulator is accessible at http://
www.myfico.com/Content/Samples/
Sample_ScoreSimulator.asp?ReportID=1&ProductID=1.
---------------------------------------------------------------------------
Fair Isaac Provides Considerable Free Credit Score Educational
Information
As noted above, Fair Isaac provides consumers with free educational
information on FICO scoring directly from its website, and in booklet
form.\7\ Free content on www.myFICO.com includes a weighting of the
credit report factors evaluated by the FICO score so that consumers
know what events or behavior has the greatest influence on the scores
in general. The following is sample of free content, taken directly
from www.myFICO.com.\8\
---------------------------------------------------------------------------
\7\ See Attachment 6 available free at http://www.myfico.com/
Offers/RequestOffer.asp.
\8\ Accessible at http://www.myfico.com/myfico/CreditCentral/
ScoreConsiders.asp.

The website's educational information also lists and discusses the
kinds of information NOT included in calculating FICO scores.\9\ These
extend well beyond the prohibited factors listed in the Equal Credit
Opportunity Act.
---------------------------------------------------------------------------
\9\ Accessible at http://www.myfico.com/myfico/CreditCentral/
ScoringWorks/FICOIgnores.asp.

The website also provides free advice on actions consumers should
take--or avoid taking--to improve FICO scores over time.\10\
---------------------------------------------------------------------------
\10\ Accessible at http://www.myfico.com/myfico/CreditCentral/
ScoreConsiders/Tips/Amounts OwedTip.asp.

Other educational information offered free to consumers on the
website includes: Ways in which credit scores help consumers;
information on credit reports and what to do if a credit report error
is suspected; over 50 different financial calculators to help consumers
manage their money; and, an extensive section of Frequently Asked
Questions \11\ regarding credit scoring and the site's consumer
products such as:
---------------------------------------------------------------------------
\11\ Accessible at http://www.myfico.com/myfico/FAQ.asp.

Fair Isaac has also pioneered new tools to help consumers better
understand what influences their scores and how their scores affect
lender decisions. On March 6, 2002, the company introduced a free
interest-rate service on www.myFICO.com that matches consumer FICO
scores with current interest rates currently charged by lenders for 18
different types of mortgage and auto loans.\12\ The service helps
consumers quickly understand how getting a better FICO score can
translate into more attractive credit terms and significant dollar
savings over time. The interest rate information is collected daily by
Informa Research Services, Inc.
---------------------------------------------------------------------------
\12\ Accessible at http://www.myfico.com/myfico/CreditCentral/
LoanRates.asp.
---------------------------------------------------------------------------
FICO Scores are Readily Available to Consumers
Today, Fair Isaac provides FICO^' scores, directly to
consumers through several distribution channels. These scores are
always accompanied by key supplementary information that helps the
consumer understand and use the score: The consumer's underlying credit
report and Fair Isaac's personalized score analysis including the score
range, where the consumer's score falls on that range, what factors
contributed most to their particular score and how to improve their
score given those factors over time. At www.myFICO.com, consumers can
get their FICO score calculated from data in their credit report
provided by any of the three national credit reporting agencies:
Equifax, Experian, and TransUnion. For $12.95, the basic service
provides the consumer's FICO score, Fair Isaac's personalized
explanation of the score and suggestions for improving it over time,
the underlying credit report information from which the score was
calculated, and access to the FICO Score Simulator.
In addition, the website offers several other services based on the
consumer's FICO score:

FICO Saver for Homebuyers shows consumers how their FICO score
and other information will likely be evaluated by mortgage lenders,
and helps consumers realistically assess the maximum loan amount
they can comfortably handle.
3 Bureau Report with FICO score provides consumers with all
three credit reports plus their FICO score calculated by TransUnion
and Fair Isaac's score explanation, for a complete view of their
credit history.
Equifax Credit Watch is the comprehensive credit-monitoring
service for consumers concerned about the risk of identity theft.
myFICO Credit Advantage helps consumers track changes in their
FICO score and credit report over one year.

Fair Isaac has also worked with the credit reporting agencies such
that those credit reporting agencies can also provide FICO scores
directly to consumers, accompanied by the underlying credit report and
Fair Isaac's personalized explanation and suggestions for improving the
score over time. Today, Equifax and TransUnion both offer FICO scores
and explanation service via their websites as well.
FICO Score Explanation by Mail
Fair Isaac has expanded its consumer education initiative to make
FICO score education available to consumers who may not have convenient
access or who choose not to obtain it over the Internet. Fair Isaac
collaborates with Intersections, a company that provides credit
information and credit-monitoring services to consumers both online and
via U.S. Mail. This includes a 3-in-1 credit report that provides
credit reports from all three bureaus, the consumer's FICO score
calculated by TransUnion, and Fair Isaac's score explanation.
In addition, Fair Isaac also works with a variety of businesses to
create new channels that consumers can use to access FICO score-based
consumer services and information. These businesses include some of the
Nation's leading financial service providers, as well as financial
management solution providers such as Quicken.com, and nonprofit credit
counseling organizations such as Springboard and Consumer Credit
Counseling Service of Santa Clara and Ventura Counties.
Alerting the Public to FICO Score Availability
Even though Fair Isaac has worked diligently to let consumers know
what information about FICO scores is available, the biggest challenge
remains getting the word out. Since June 2000, Fair Isaac has welcomed
and encouraged media coverage on the importance to consumers of credit
scores and Fair Isaac's efforts to empower and educate consumers with
scores and related information. The media's response has been extremely
helpful to consumers and includes articles and broadcast coverage in
hundreds of outlets including The Wall Street Journal, The New York
Times, USA TODAY, Newsweek, NBC Network News, National Public Radio,
and The Today Show. Traffic at the myFICO.com site increases after each
significant media event.
On January 26, 2003, Fair Isaac promoted credit score awareness in
a television commercial on credit scoring aired during the Super Bowl.
The educational ad highlighted the importance of credit scores in
determining consumer interest rates on mortgage and auto loans, and
referred viewers to www.myFICO.com for more information.\13\
---------------------------------------------------------------------------
\13\ The ad can be viewed at http://wip2.space150.com/myfico/
myfico_future/.
---------------------------------------------------------------------------
In a further effort to increase public awareness, this past May 5-
6, Fair Isaac hosted numerous consumer advocacy organizations for an
intensive discussion on credit scoring and the best ways to reach
consumers, especially underserved consumer groups, with credit scoring
information that can help them improve their overall credit health.
Participants included representatives from such organizations as
Consumer Action, La Raza, and Operation Hope.
Solutions to Improve Financial Literacy
While there is a whole range of excellent score education material
available to consumers today, there are improvements that can be made
to solve problems that are inhibiting greater financial literacy of
American consumers.
Problem: Scores that are not commonly used by lenders are marketed
to consumers looking for information to improve their financial
literacy. Consumers, unaware of which credit scores are actually used
by lenders to make decisions about credit, unknowingly purchase
information about other credit scores that are not commonly used by
lenders in making lending decisions. In some cases, purveyors of these
credit score services launch massive marketing campaigns to induce
consumers to purchase their score services without clearly disclosing
the extent to which the scores they provide and explain are actually
used by lenders. Consumers who unknowingly purchase such services may
be confused when the credit score they purchase is different than the
broad-based credit score used by their lender. In some cases, steps
taken by the consumer to improve another score may not have the same
effect on the credit score that lenders use.
To be well-educated, consumers should understand the measure
lenders are using, and know the score the lender will use to evaluate
them. Colleges typically use the SAT score to evaluate students who
apply for admission. Students know this and use that same score to
decide where to apply based in part on which colleges might accept
them. Although a different aptitude test might provide the student with
some useful information, prospective students get the greatest benefit
from knowing their own SAT score, empowering them to judge for
themselves how they might be viewed by a college admissions office. The
same is true for credit scores. Educated consumers should know and
understand the credit score that lenders use.
Solution: Consumer Choice and Education. We believe the solution to
this problem is to educate consumers so they can make informed choices
about purchasing score explanation services, and can decide what is
most useful for them. The Senate can help consumers by improving upon
the California score disclosure law \14\ upon which S. 1370 and H.R.
2622 are patterned and promote a policy designed to provide the score
most likely to help consumers and empower consumers to choose the
available score that will be most useful to them.
---------------------------------------------------------------------------
\14\ Fair Isaac has consistently supported effective score
disclosure legislation. Fair Isaac did so in testimony in May 2000,
before the California State Senate Business and Professions
Committee regarding S. 1607 has mandated credit score disclosure and
eventually became California law. Fair Isaac again supported effective
score disclosure in September 2000, in testimony before the U.S. House
Subcommittee on Financial Institutions and Consumer Credit,
including testimony that Fair Isaac, ``supports disclosure of scores to
consumers provided that such disclosure is conducted in a manner that
provides meaningful and helpful information to consumers.''
---------------------------------------------------------------------------
Problem: Consumers are confused because many of the scores
provided to consumers as mandated by current State laws are not
commonly used by lenders. Under current California and Colorado score
disclosure law, the credit reporting agency chooses the credit score it
discloses to consumers and, other than in the context of a residential
real estate transaction, the consumer cannot choose to get another
score, even if that other score is more useful to the consumer. Two of
the three national agencies are disclosing their own proprietary scores
in compliance with the California disclosure law and do not give the
consumer the option to obtain other broad-based credit scores these
agencies widely distribute to lenders.\15\ The proprietary scores these
agencies choose to make available to consumers aren't nearly as widely
distributed to lenders as others distributed by those agencies.
---------------------------------------------------------------------------
\15\ Fair Isaac has agreements with one agency authorizing it to
disclose FICO scores to consumers to comply with California and
Colorado score disclosure laws. Fair Isaac is willing to enter into
similar agreements with the other credit reporting agencies.
---------------------------------------------------------------------------
Fair Isaac's consumer support line gets calls from consumers
confused by scores other than FICO scores that they have obtained. For
example, consumers have reported they have closed a number of accounts,
after which the score they have obtained increased, but their FICO
score did not. When we explain to them that the score they based their
actions on was not a ``FICO'' score, their reaction is often a version
of:

``What good is that score if it's not what lenders use?''
``This is confusing people.''
``Why don't the bureaus provide the FICO score?''

In such circumstances, it is harder to help the consumer understand
credit scoring because the confusion and frustration from the different
score must be overcome before actionable education can begin. If
consumers are given a choice of scores widely distributed by the
agencies, there will be less confusion and more education.
Solution: Provide the score that is most likely to be helpful, and
give the consumer the right to get a different widely distributed score
if the consumer so chooses. The consumer should be equipped with the
credit score that can best help him or her learn how lenders evaluate
credit risk, and empowered to choose from the broad-based credit scores
that are widely distributed by the bureau.
Existing legislative proposals should be improved by:

(1) Adding the name of the credit score and the name of the third-
party developer, if applicable, to the information about credit scores
that credit reporting agencies must disclose to the consumer.\16\ With
this information, the consumer is empowered to seek out additional,
accurate information about the credit score that matters to them. It
also empowers the consumer to effectively compare the credit score
information it gets from the credit reporting agency to information
from lenders and other sources.
---------------------------------------------------------------------------
\16\ This requirement could easily be added to the disclosures
proposed in Section 3(a) of S. 1370 and to H.R. 2622.
---------------------------------------------------------------------------
(2) When a consumer requests the disclosure of a credit score, the
credit reporting agency should be required to disclose the broad-based
credit score it most widely distributes to lenders. In addition, put
the consumer in control by allowing him or her to request and receive
at their choice one of either: (i) A broad-based credit score that the
credit reporting agency widely distributes to lenders, or (ii) the
general
education credit scores current State law and H.R. 2622 already allow
the bureau to provide.\17\ Protect the credit reporting agency from
uncooperative third-party score developers by adding another exception
that would relieve the agency from the obligation to disclose the
developer's score if the third-party developer refuses to authorize
such disclosure at a reasonable fee. Limit the burden on the agency and
the complexity of the regulation by limiting the disclosure requirement
to one model from the agency and one model from each third party that
develops models for broad-based credit scores widely distributed by the
agency.\18\
---------------------------------------------------------------------------
\17\ This requirement could easily be added to the disclosures in
proposed for Section 609(d)(2) by Section 3 of S. 1370 and to H.R.
2622.
\18\ These protections could easily be added to the Limitations
proposed for Section 609(d)(1) in Section 3(b) of S. 1370 and to H.R.
2622.

The above suggestions to improve existing proposals add to the
choice and education available to consumers without placing a
significant, additional burden on either the credit reporting agencies
or score developers. Nothing forces a third-party developer to make its
score available. If the third party refuses to authorize disclosure at
a reasonable fee, the agency has no obligation to offer the score. The
number of different scores the agency must offer is limited because an
agency must offer a score only if the score is a broad-based credit
score that the agency widely distributes to lenders, and then only one
score from each such third-party developer. Moreover, the legislation
is flexible and will adapt as the credit scores used by lenders change.
As a particular score becomes more widely distributed to lenders, it
will be more useful to consumers and therefore it will be requested
more often. When a new score becomes the broad-based credit score most
widely distributed to lenders by that credit reporting agency, the
score provided to consumers who do not exercise a choice will change to
the score that is most likely to be helpful to the consumer. Existing
score disclosure proposals can and should be modified to give consumers
more choice and to continue to improve consumer credit education.
Credit Score Regulatory Overview
I will say to you that it is very important to us to maintain a
system which enables those models and those technologies to
advance, because if they don't we're probably going to find
that costs--interest costs and availability for credit to the
average consumer are likely to rise.

Alan Greenspan, testifying about credit scoring at the July 15,
2003, House Committee on Financial Services Hearing on Monetary
Policy.

We believe that Chairman Greenspan can comfortably make the above
cautionary statement because existing regulation and oversight by
various governmental agencies is working well. Credit scores are one of
many methodologies used by lenders to make better lending decisions,
and every lender is required by law to use those methodologies in
compliance with applicable laws, including the Equal Credit Opportunity
Act. Regulation B, promulgated under the ECOA, prohibits lenders from
using prohibited bases in the lending decision, such as race, marital
status, religion, and national origin. Consumer reporting agencies do
not collect that information,
except what may be collected in accordance with identifying the
consumer. That identifying information is not utilized in Fair Isaac's
scoring models. Consumer reporting agencies collect data in five
general categories. (1) Header information that identifies the
consumer, such as name, address, date of birth, Social Security number;
(2) Trade lines (for account information); (3) Public records; (4)
Collections; (5) Inquiries. Fair Isaac's credit bureau scoring models
do not utilize any of the header information in category 1.
The OCC and other banking regulatory agencies have access to
published Performance Charts for the Fair Isaac Credit Bureau Risk
Scores. Fair Isaac periodically produces those Performance Charts (also
called Validation Odds Charts) from new national credit bureau data
samples used for model update purposes. These charts demonstrate and
prove that the FICO score rank-orders consumers according to repayment
risk.
Clients for whom Fair Isaac develops custom models are provided a
suite of development statistics with each custom model development so
the client may share that information with examiners. These statistics
demonstrate the rank-ordering of payment performance for the client's
specific portfolio based on their specific definition of ``bad''
payment performance. Fair Isaac also provides information on the
individual characteristics that make up the client's custom models.
These statistics show the predictive content contained in each
characteristic and illustrate why the scorecard contains the
characteristic mix that it does.
Fair Isaac also provides complete score tracking standards so that
the client is able to monitor the performance of the model and scores,
and track changes in the profile of their population over time. The OCC
and other banking regulatory agencies have access to these performance
statistics and tracking standards, as of course do the banks
themselves.
One way lenders are assured their use of Fair Isaac credit scores
complies with existing regulations is the following warranty and
representation found in Fair Isaac's contracts with the credit
reporting agencies and end-user lenders:

Fair Isaac, the developer of [insert score name], warrants that
the scoring algorithms used in the computation of the [insert
score name] Score are empirically derived from [insert name of
] credit data and are a demonstrably and statistically sound
method of rank-ordering candidate records with respect to
credit risk, and that no scoring algorithm used by [insert
score name] uses a ``prohibited basis'' as that term is defined
in the Equal Credit Opportunity Act and Regulation B (Reg. B)
promulgated thereunder.

Regulatory agencies charged with overseeing the safety and
soundness of lenders have a variety of regulations pertaining to credit
scoring such as the OCC's Bulletin 97-24, dated May 20, 1997.
(accessible at http://www.occ.treas.gov/ftp/bulletin/97-24.txt )
Regulators are Well Trained to Oversee Lender's Use of Credit Scoring
Fair Isaac has actively partnered with many regulators for many
years to help ensure there is informed and effective oversight of the
use of credit scoring.
Office of the Comptroller of Currency
Right after the above OCC bulletin was issued in June 1997, Fair
Isaac hosted three representatives of the OCC at an interactive
scorecard engineering meeting at which scorecard engineering was
demonstrated to help the OCC understand the methodology used to develop
credit scorecards. Fair Isaac has continued to work with the OCC since
then, such as the 2-day seminar on April 10-11, 2002 in Dallas
entitled, ``Making the Most of Scoring Tools.'' The seminar covered
scoring concepts, model development, implementation issues, uses of
scores in strategies across the account lifecycle, and tracking and
validation. The seminar focused on both custom application risk models
and Fair Isaac credit bureau risk scores.\19\
---------------------------------------------------------------------------
\19\ See Agendas, Attachment 7.
---------------------------------------------------------------------------
Federal Financial Institutions Examination Counsel \20\
---------------------------------------------------------------------------
\20\ The FFIEC was established in 1978 and consists of the
Chairpersons of the FDIC and the National Credit Union Administration,
the Comptroller of the Currency, the Director of the OTS, and a
Governor of the Federal Reserve Board appointed by the Board Chairman.
The FFIEC's purpose is to prescribe uniform Federal principles and
standards for the examination of depository institutions, to promote
coordination of bank supervision among the Federal agencies that
regulate financial institutions, and to encourage better coordination
of Federal and State regulatory activities.
---------------------------------------------------------------------------
On June 4, 2002, approximately 205 examiners from the Federal
Reserve, OCC, OTS, FDIC, NCUA, and Farm Credit Administration attended
a day-long seminar, ``Making the Most of Scoring Tools,'' covering
scoring concepts, model development, implementation issues, and
tracking and monitoring, and focused on custom application risk models
and the Fair Isaac credit bureau risk scores.\21\
---------------------------------------------------------------------------
\21\ See Agendas, Attachment 7.
---------------------------------------------------------------------------
Office of Thrift Supervision
Fair Isaac has delivered a series of 2-day seminars for the OTS
(November 2001, April 23-24, 2002, and October 15-16, 2002, April 22-
23, 2003) focused on the Fair Isaac credit bureau risk scores and
pooled application risk models. Fair Isaac is scheduled to deliver
another seminar in 2003 and two, 2-day seminars in each of 2004 and
2005. \22\
---------------------------------------------------------------------------
\22\ See Agendas, Attachment 7.
---------------------------------------------------------------------------
Conclusion
Fair Isaac is proud of its role in providing actionable credit
score information to empower consumers to improve their financial
literacy and is committed to continuing its efforts in both the
regulated and private disclosure of credit scoring information. I thank
you for the opportunity to share with you Fair Isaac's expertise and
experience in this important area.

----------

PREPARED STATEMENT OF SCOTT HILDEBRAND

Vice President, Direct Marketing Services
Capital One Financial Corporation
July 29, 2003

Chairman Shelby, Ranking Member Sarbanes, and Members of the
Committee. My name is Scott Hildebrand and I am appearing before you on
behalf of Capital One Financial Corporation where I serve in the
capacity as Vice President for Direct Marketing Services. On behalf of
Capital One, let me express my thanks to you for the leadership you
have shown on this important issue.
Capital One is one of the top 10 largest credit card issuers in the
Nation, and a diversified financial services company with over 45.8
million customers and $60.7 billion in managed loans outstanding. In
addition to credit cards, we are one of the Nation's premier auto
finance companies, and also offer our customers an array of banking and
related products. We employ nearly 18,000 associates worldwide, with
offices around the country and overseas.
We wish to commend you and the Congress on the work you have done
to support financial education programs. Last year, President Bush
signed into law the ``No Child Left Behind Act of 2002,'' making $385
million available to State educational agencies to encourage the
sharing of best practices and the teaching of basic economic principles
and personal finance. This Act put into place the resources that
teachers need to teach basic personal finance and personal finance
management skills to school-age children. We believe that this Act has
served as a foundation for improving the Nation's level of financial
literacy as the monies have put more schools in the position of being
able to incorporate personal finance teaching into their curriculum.

Informed Customers are Key to Capital One's Success
At Capital One, we believe that a thorough understanding of
financial matters not only helps consumers to make better decisions,
but also helps to ensure the continued health of the financial services
industry. In the banking business, there exists an age-old truism:
Anyone can lend money; success is measured by whether you are paid
back. We are not successful if our customers fail to manage their
personal finances effectively, and thus are unable to meet their credit
obligations. To borrow a phrase from legendary clothing retailer Sy
Syms, ``An educated consumer is our best customer.'' Capital One's
success can be attributed to its offering the most attractive products
and pricing in the market today, including the lowest fixed credit card
rate in the Nation of 4.99 percent, and auto rates as low as 3.89
percent. It is our belief that consumers who understand the benefits of
these products will choose Capital One.

Continuous Financial Education is a Vital Component of Our Customer
Interactions
Capital One believes that clear communication about its products
and services is important to maintaining successful relationships--
ensuring better customer retention in a highly competitive environment.
Therefore, each product is accompanied by basic information that covers
how our cardholders can avoid fees, stay within their established
credit limit, obtain copies of credit bureau reports, and understand
how their annual rates are applied.
Our best channel and most direct vehicle for reaching our
cardholders is their monthly statement. We include financial tips that
are pertinent to their account in prominent locations on the statement
where it is most likely to be noticed. We have used this vehicle to
inform cardholders of their account status and to remind them to make
payments, check their bureau reports, and to monitor their credit line.
Some sample messages include:

Why does good credit count? Employers check credit references
before hiring new people. Banks and leasing companies often
base the interest rate they offer you on your credit rating.
Achieving life goals such as buying a new car or owning your
own home are facilitated by good credit. Credit bureaus keep
information on your record for up to 10 years so a credit
problem history can follow you around for a long time.
Overlook your bill? Be sure to make your payment today.

First-Time Cardholders Receive a Course on ``The Fundamentals''
Understanding that Capital One may be the first credit card for
many college-age cardholders, we have built financial education into
all product touchpoints. Upon activation of the card, college students
receive a welcome booklet that explains the ins and outs of credit. Our
message focuses upon the importance of building a positive credit
history--making at least the minimum monthly payment by the due date
each month, and making sure to always stay within the credit line.
Following the welcome package, for their first year with Capital
One, cardholders will receive quarterly reminders about the importance
of maintaining good credit habits. Created with Myvesta.org and the
Jump$tart Coalition for Personal Finance (Jump$tart), these reminders
provide more detailed information on being cost conscious,
understanding how interest and finance charges can add up, the cost of
accessing cash advances, warning signs of having too much debt,
obtaining a copy of credit bureau reports, and the importance of
saving.
Capital One has also joined forces with YOUNG MONEY, the leading
quarterly money and lifestyle magazine for young adults, to provide
information to our cardholders on improving their financial
decisionmaking skills. In this first-time venture, Capital One and
YOUNG MONEY will co-brand a website specifically geared to our
cardholders. In addition, we will provide a free 1 year subscription to
a select number of our college age cardholders. Because YOUNG MONEY's
articles are written by college students for college students, the
magazine's content addresses the financial concerns specific to this
age group. YOUNG MONEY covers a variety of money related matters
including:

Money Management--Find the best ways to control your budget and pay
off debt. Learn how to save money and cut your expenses.
Investing--Ever wanted to invest in the stock market? Find out
everything that you need to know before you invest your money.
Financial Aid--Learn the best ways to finance your education. Get
tips on finding and winning scholarships, applying for student loans,
and more.
Credit and Debt--Manage debt the smart way--check out tips about
credit cards, debt control, and credit reports.
Careers--Find career-building resources, and read about successful
job searches, interviews, and resumes.
Consumer Issues--Learn to be a smart consumer by spotting credit-
repair scams, Internet service rip-offs, and fraudulent business
``opportunities.''

Our basic website for young adult cardholders has a range of
education topics and includes a listing of frequently asked questions
that covers maintaining good credit, avoiding fees, dealing with
creditors, and the difference in variable and fixed rates. There is
also contact information for all three major credit bureaus so
customers can track the progress their making in building good credit.
Upon instances when our young adult cardholders miss a payment or go
over their credit limit, we will forward them a warning e-mail that
outlines the importance of paying on time and/or staying below their
limit.
Information Is Available to All Consumers Online
We have also placed a ``Financial Tool Box'' on Capital One's
website, which includes guides, articles, and calculators that give
consumers a better understanding of how to use our products. Articles
include:

How Credit Works and Your Credit Rights--As a current cardholder,
you no doubt have a firm grasp on how credit works. However, your card
comes with several important, built-in legal benefits you may not be
aware of. The law protects many of these ``credit rights.''
Your Credit History--Your credit report does more than track your
credit and how you pay your bills. It represents your financial
profile, and it can affect more than just your ability to obtain
additional credit.
Managing Credit and Key Strategies for Money Management--The key to
managing your credit is control--control of how much you spend on
credit, how quickly you pay it back, and the types of items you
purchase. Credit is not a financial cure-all. Used the right way,
however, it can help you afford certain purchases and build a powerful
credit rating.
Safeguarding Credit and Learning how to Protect Your Credit from
Thieves--We provide a number of tips for consumers to avoid identity
theft and provide them with the steps they will need to take if they
should ever become a victim.

Our customers also have access to their accounts online where they
can view recent transactions and available credit, see payment due
dates to help avoid late penalty fees and update account information.
Capital One Seeks to be Part of the Solution on Financial Education
Our efforts to improve financial literacy are not limited to our
existing customers. Capital One has invested considerable time, effort,
and money to develop innovative and far-reaching programs to improve
financial education.

Capital One's Financial Education Activities Have Been Designed With a
Focus
on Effectiveness and Impact
Capital One's business success has been driven largely by a highly
analytical ``test and learn'' culture that seeks to customize products
and services to the specific needs of individual consumers. Our
founders realized that a ``one-size-fits-all approach'' makes little
sense in an environment where each consumer possesses vastly different
needs and characteristics. This ``test and learn'' culture pervades
everything we do, from designing our products to meeting the needs of
our associates. Not surprisingly, it also influences profoundly how we
have chosen to tackle the important issue of financial education.
Several years ago, we undertook a major corporate initiative to
develop a financial education program. Following the Capital One method
of doing business, we started by surveying the market to assess the
delivery and methodology used by existing financial education programs.
Our research revealed a high level of activity using a wide variety of
approaches. While looking for information regarding best practices, we
found limited understanding of what types of programs were most
effective for which populations. We read training materials that were
attractive visually, but we wondered if the language used was too
complicated to reach the target populations. We also found quality
materials without an effective method for getting the materials to
market. Finally, we observed a limited amount of measurement and
evaluation in the programs to assess their effectiveness.
As a result of our research, we initially decided to focus on those
most in need--lower-income and underbanked populations. We spent time
thinking about two key goals: First, how to develop content that would
be read and understood; and second, how to develop a delivery method
that would effectively reach our targeted populations. As a result, we
decided the best approach would be to find a strong nonprofit
organization with whom we could partner--an organization that would
bring expertise in materials development and have existing
relationships with community-based organizations who are best situated
to reach underserved communities.

Capital One Has Formed a Partnership With Consumer Action
Following the research and development of our program goals, we
contacted Consumer Action (CA) to discuss the feasibility of developing
a partnership related to financial education for lower-income
communities. Founded in 1971, CA has a long history and strong record
of work in this area. Because CA is an umbrella organization whose
membership includes more than 7,000 community-based nonprofit
organizations throughout the country, we were confident that delivery
of the materials to reach our target consumers could be achieved.
Since beginning our partnership, we have developed a highly
effective collaboration that has produced measurable results. Capital
One has donated approximately $1.25 million to create and implement
MoneyWi$e, a program that offers straightforward, easy-to-read
information to address financial responsibility. Together, we have
created a four-part series of MoneyWi$e educational materials that
provide the building blocks for developing and honing personal finance
skills. These four brochures focus on key financial education issues,
including:

Building Good Credit--Explains what credit history is, what a
credit report is, how to get your credit report, how to establish good
credit, and where to complain if you have a problem.
Credit Repair--Explains why having good credit is important, your
rights if your credit application is rejected, how to check your credit
report, how to dispute mistakes on your credit report, and how to begin
to rebuild good credit.
Basic Banking--Discusses the fundamentals of banking, from opening
a bank account to balancing a checkbook, and includes tips for
resolving problems such as mixed up deposits and bounced checks.
Basic Budgeting--Explains the importance of wise money management,
including budgeting, balancing your checkbook, cutting back on
expenses, and ways to spend less and save more.

Capital One's financial support of this program ensures that these
materials are provided to nonprofit organizations and consumers free-
of-charge. In addition, we feel it is critical that they be offered in
multiple languages to ensure that we reach immigrant groups, many of
which have had negative experiences with banks in their home countries
and are vulnerable to unscrupulous financial service providers. The
materials are available in four languages in addition to English
including Spanish, Chinese, Korean, and Vietnamese. Through CA,
materials are available to their membership of their more than 7,000
community organizations nationwide, as well as directly to consumers
via mail or the Internet. I am proud to report to date the distribution
of these multilingual materials totals more than 1 million brochures.
Our plans for later this year include creating and distributing
information on two additional topics: The first is a guide for parents
on talking to teens about money and the second is about understanding
bankruptcy.
Capital One and CA also joined forces to develop a ``train-the-
trainer'' program for community-based organizations. We liked this
approach because it enabled us to leverage the talents of other
organizations to achieve a higher impact at the local level. Together
with CA, we were able to develop curricula that focus on the key issues
contained in the brochures. The results have been phenomenal. To date,
more than 800 nonprofit organizations across the country have requested
the information. They have included a wide variety of types of
organizations such as university cooperative extension offices,
consumer credit counseling service organizations, and community
development corporations.
During the fall of 2002, Capital One and CA co-sponsored Statewide
meetings in Tampa, Florida and Oakland, California to train the leaders
of nearly 75 community-based organizations in each location to use the
MoneyWi$e materials in their communities. The 2-day meetings included
sessions to review the materials and train participants on teaching
adult populations. They were interactive and included many hands-on
activities designed to reflect real-life situations. A follow-up survey
on the training sessions found a high satisfaction level among
participants. We have two additional meetings planned for later this
year; one meeting will take place in Dallas and serve agencies
throughout Texas and the other will take place in the District of
Columbia and serve agencies in the metropolitan area.
We have also strengthened the program by offering stipends to 18
nonprofit organizations around the country that are starting to teach
financial education to their constituents--the grants provide them with
the funding they need to staff and provide additional resources. We
anticipate reaching approximately 60,000 consumers through the reach of
the program.
This month, the MoneyWi$e partnership received the Achievement in
Consumer Education award by the National Association of Consumer Agency
Administrators.

We Have Engaged the Talent of our Employees To Deliver Financial
Education to
our Local Communities
Capital One believes in the value of employee involvement in
community service. We have a long-standing focus on company-sponsored
volunteerism in the areas of youth-at-risk, education and community
development. Therefore, it made sense to incorporate financial
education into our volunteer activities as we were developing our
program.
Trained by CA and equipped with materials and a training/curriculum
manual, Capital One employees pilot-tested this approach in its home
communities of Richmond and Northern Virginia. Our volunteers have
contributed approximately 250 hours to teach the information to
constituents of several nonprofit organizations. Because of the
overwhelmingly positive response from employees, the program is being
expanded to other Capital One sites around the country.

Capital One Focuses on Youth Through Its Partnership With Jump$tart
Five years ago, to align our financial education program with our
philanthropic focus on helping youth-at-risk, we joined Jump$tart. The
premise behind our
support of this program is simple: We believe in their mission to teach
financial education in the public schools. And the most effective
method for reaching a wide population, including lower-income children,
is through a public education program.
Based on this belief, we provided financial support for the
integration of Jump$tart's Money Math curriculum into the Virginia
school standards. Through this effort, we hoped to provide another tool
that Virginia teachers can use to teach their students about personal
financial management. At a press conference last Spring, the U.S.
Department of the Treasury's Office of Financial Education recognized
Capital One for this effort.

Targeting and Reaching College Students
There has been a tremendous amount of concern expressed about
college students and the need for financial education. Capital One
shares this concern and has developed a unique method to reach this
population. Specifically, we decided to experiment with a method that
utilizes students' relationships with their peers. Last year, we
piloted MoneyWi$e for College Students, a ``train-the-trainer'' program
that teaches college students how to become ``money mentors'' and
deliver personal finance curricula to other students at their colleges
or universities.
MoneyWi$e for College Students is a program whereby student leaders
use their influence to educate fellow students about how to make
informed credit decisions. Currently, the program is delivered on three
college campuses including the University of South Florida, Texas A&M
University, and Washington State University. Because of the success of
this test, we are currently in talks to expand the program to
additional universities this coming fall--we have received interest
from the University of Maryland, Pennsylvania State University, and the
University of Alabama.
The workshops cover a broad range of topics from how to maintain a
checking account to understanding credit reports. In addition, students
attending the workshops receive informational brochures focusing on
basic money management. Capital One sets up a page on the website of
participating universities that links to Visa's Practical Money Skills.
The training program results reported by participating students has
been impressive:

100 percent would recommend the program to other students.
100 percent reported that the program improved their
understanding of basic money management concepts.
84 percent indicated that the program taught skills and
concepts that were new to them.
95 percent rated their impression of Capital One and Visa as
``very or somewhat positive.''

We Encourage the Media To Report on Financial Topics To Help Educate
the Public
Capital One has sought to utilize the media to provide the public
with tools to better manage their finances. All of our fact sheets are
available on our website's press center, and serve to encourage
reporters to write stories on these topics. Earlier this summer, we ran
an auto buying campaign that advised consumers to prepare carefully
before buying this big-ticket item. This campaign made 26.8 million
impressions and was covered by print, television, and radio reporters.
Other campaign efforts have focused on key life events: (1) The
back-to-school shopping ritual and importance of parents explaining to
their kids how to budget; (2) what newlyweds need to be aware of when
they first tie the knot; (3) budgeting for the holidays; and (4)
staying fiscally fit, in general.

Financial Services Industry Continues To Increase Its Focus on
Financial Education
Thankfully, we are not alone in our efforts. According to the
Consumer Bankers Association (CBA) annual survey on financial literacy,
the number of financial institutions sponsoring or partnering on
financial education initiatives continues to increase year after year.
Not surprisingly, these programs have focused on the most vulnerable
segment of consumers.

Youth
The CBA survey confirmed that there is a strong effort among banks
to advance personal finance skills among youth. Seventy-seven percent
of responding banks
indicated that they offer financial literacy programs for students in
grades K-12, organizations like Jump$tart, the national ``Adopt-a-
School'' program, and employees/student mentoring. At the post-
secondary level, 26 percent of financial institutions offer financial
education programs on college campuses.

The Unbanked
For the first time, CBA polled banks on their efforts to address
the financial services needs of the unbanked. Seventy-four percent of
responding institutions
indicated that they offer Individual Development Accounts to such
consumers. Fifty-seven percent of responding banks indicated that they
have developed a personal finance program or initiative specifically
designed for unbanked consumers.

Recent Immigrants and Multilingual Consumers
In addressing the particular needs of a major segment of the
unbanked population--immigrants and non-English speaking consumers--70
percent of responding banks indicated that their institution provides
financial education programs, basic banking literature, or educational
brochures in a foreign language, primarily Spanish. Particular
attention is being paid to small business development, which has shown
a significant upward trend in the percentage of banks offering such
programs. This year, 79 percent of responding banks indicated that they
sponsor or partner on programs aimed at providing small business
development assistance.

Conclusion
At Capital One, we believe in the principle that knowledge is
power. It is that power that will enable the American consumer to make
better choices about their personal finances.
Our products work best if our customers manage their finances
responsibly. Put another way, the less our customers know, the more
likely they are to find themselves in financial trouble. When these
customers cannot pay their bills, we bear the loss. Higher losses in
turn, leads to higher costs for everyone. For Capital One, ``educated
consumers''--customers who know the annual percentage rate they are
paying, who know when their bills are due, and who know and understand
how to manager the products we offer--are our best customers.
Mr. Chairman, Ranking Member Sarbanes, and Members of the
Committee, thank you again for the opportunity to testify before you. I
would be happy to answer any questions you may have.

RESPONSE TO WRITTEN QUESTION OF SENATOR SARBANES
FROM DOLORES S. SMITH

Q.1. I have introduced S. 1470, the Financial Literacy and
Education Coordinating Act. What are your views on this
legislation?

A.1. The development and adoption of a national strategy for
improving financial education and knowledge in this country is
a significant public policy undertaking, and the proposal for a
Financial Literacy and Education Coordinating Committee merits
strong support. A committee of decisionmakers from across the
spectrum of Federal agencies will bring high-level visibility
to the Government's promotion of financial education and
knowledge for all Americans. Drawing State and local agencies,
along with private-sector organizations from industry and the
nonprofit world, into the collaborative-consultative process
adds an important dimension to the
undertaking.
While collaboration among agencies already takes place,
having a formal mechanism for the development and coordination
of a Federal strategy would strengthen the process in a number
of ways. It would facilitate the sharing among agencies and
others of information on financial education activities;
promote interest in and support of needed research for testing
the effectiveness of different approaches to personal financial
education; and foster increased engagement in financial
education initiatives. Coordination through the Committee also
could help minimize duplicative efforts at all levels, and
assist in directing agency resources to where they are most
needed or where they can be most productive.

ADDRESSING MEASURES
TO ENHANCE THE OPERATION OF
THE FAIR CREDIT REPORTING ACT

----------

THURSDAY, JULY 31, 2003

U.S. Senate,
Committee on Banking, Housing, and Urban Affairs,
Washington, DC.

The Committee met at 10:20 a.m., in room SD-538, Dirksen
Senate Office Building, Senator Richard C. Shelby (Chairman of
the Committee) presiding.

OPENING STATEMENT OF CHAIRMAN RICHARD C. SHELBY

Chairman Shelby. The hearing will come to order.
Secretary Snow, good morning and welcome to the Committee.
We appreciate you coming here today to express the
Administration's views on this important subject.
Today, the Committee comes to the final in a series of
hearings that we have held on the Fair Credit Reporting Act.
We adopted this, process because the FCRA, the Fair Credit
Reporting Act, is a complex statute that regulates a
complicated and dynamic component of the marketplace that is
crucial to the operation of our economy.
It is my hope that we have met our responsibility of
conducting a comprehensive review. In the near future, we will
begin developing legislation to address the matters identified
as issues during our hearing process.
Drawing upon what we have learned from our many witnesses,
we will approach this task with the perspective that while the
system is generally pretty good, I think it can and must get
better.
I believe we have identified real questions about the level
of accuracy in credit reporting. There are numerous issues
associated with the insidious crime of identity theft. There
are areas where consumers need more opportunities to make their
own choices and greater information to make informed decisions.
Last and perhaps most importantly, we are faced with the
question of how best to ensure that with constantly evolving
credit markets, the maximum fairness, accuracy, and efficiency
is consistently achieved.
To help move toward solutions, today's witnesses are here
to provide their views regarding these and other issues. I
think there is much for the Committee to gain from their input.
In our first hearing, I expressed the view that it should
be our goal to ensure that the Fair Credit Reporting Act
produces the most effective, efficient, balanced, and fair
system achievable. As we close the hearing process, I remain
hopeful that we can meet this goal.
Again, I want to thank Secretary Snow, Secretary of the
Treasury, for being here, and I look forward to yours and other
witnesses' testimony.
Secretary Snow, your written statement will be made part of
the record in its entirety. You proceed as you wish.

STATEMENT OF JOHN W. SNOW

SECRETARY, U.S. DEPARTMENT OF THE TREASURY

Secretary Snow. Thank you very much, Mr. Chairman, and
Members of the Committee. It is a pleasure to be here with you
today to talk about a subject that is critically important to
the way our credit markets and financial institutions work in
the United States.
We have submitted a proposal to strengthen the use of the
Fair Credit Reporting Act in a way that I think promotes
consumer interest and continues to make access to credit and
other financial services available at a low cost, and to
Americans who are seeking credit.
It is important to understand that these uniform national
standards for information sharing operate in a very fundamental
way to expand the opportunity for consumers to get access to
credit and to a broad range of financial services.
What they really do is allow you to take your reputation
with you as you travel around the country. America is a very
mobile society. Something like one-sixth of the American
families move in a given year. As you move, you leave the place
where you are known, you move to another State, another city,
you can get credit. You can buy a house. You can buy an
automobile. You can go into a store and easily get credit
because your reputation follows you around and you do not have
to start from scratch, and that is critically important in a
mobile society like the one we have in the United States.
These national uniform standards really play a critical
role in making the miracle of modern credit available. From
1995 to 2001, the percentage of minority families--and I think
it is important to recognize the impact they have on minorities
and people at the lower-income levels--holding mortgages
increased significantly. One-sixth of minorities who qualified
for mortgages in 2001 would not have qualified, would not have
qualified in 1995, and we see a higher rate of improvement in
homeownership among minorities than we do for the overall
percentages. Similarly, the percentage of minority families
with credit cards has risen very, very substantially and
disproportionately to the population as a whole. That is a
credit to what these uniform standards make possible.
But there are problems in this world of credit, and the
most serious worry for financial consumers today is, as you all
know, identity theft. A recent private study reports that
identify theft has been greatly under reported, and according
to this study, as many as 7 million Americans were victims of
identity theft last year. Of course, once you lose your
identity, many enormously bad things happen to you and it is
very difficult to get your good identity back, and you are put
through a hellish period.
Many identity thieves specifically target the most
vulnerable members of society: That is, families of the
recently deceased, hospital patients, men and women serving in
the U.S. armed forces that are away from home. Our national
information sharing system, made possible by the Fair Credit
Reporting Act, is an important tool in this fight against
identity theft, and it can be made even more effective.
With the right information about your true identity,
financial institutions can ask the validating questions that
can unmask the identity theft and the identity thieves. In
other words, the banker, our bankers and your bankers, can stop
the identity thief if that banker or that financial institution
knows more about you than the thief does. That is part of what
we are trying to do with our recommendations, is to put the
banks in that position.
National uniform standards make timely access to full and
accurate information possible, giving the financial
institutions the tools to stop many identity theft assaults
before they can succeed. In other words, seeing the information
moving faster than the thieves can move, and getting ahead of
the thieves.
On June 30 this year, I announced the Administration's
proposal to remove the sunsets on the uniform standards, and
focus these standards, and the FCRA itself, even more
effectively on meeting two key consumer interests, the interest
in improved access to credit and financial services and the
interest--and I know this is important to every one of you on
the Committee--the interest in the accuracy and the security of
financial information.
Let me just quickly go through a few highlights of our
proposal. First, we would recommend making free credit reports
available upon request. They are of course available today
under certain circumstances, but we think that an annual free
credit report from the credit reporting agencies is
appropriate. A basic tool to place in the hands of the
consumers is access to their credit reports. As I say, once a
year upon request, free of charge, doing so we think would
enhance the accuracy and the completeness of the credit
reports. We think the credit reporting agencies have an
interest in engaging the users, the consumers, to make sure
that those reports are accurate. Making these free reports
available annually upon request will do just that because then
the consumers can correct those reports if they see an error in
them.
Second, we would propose a system of national security
alerts. Under this system, uniform standards would include
allowing consumer who have been victimized or who are in danger
of being victimized, to put banks and merchants on guard
against the efforts of those who may be trying to impersonate
them.
Third, we would propose a system of red flags. This is a
related effort in which we suggest bank regulators should watch
for patterns followed by identity thieves, and put in place red
flags that indicate the likelihood of fraudulent activity, and
share this information with each other so that the whole group
of financial regulators are part of the effort to share
information, put up red flags and make it tougher for identity
theft to occur. Under our proposal, the regulators would
provide notices of these red flags to the institutions that
they supervise, and would verify in their bank examinations
that these warning signs are being heeded, and that the banks
are really following the red flag indicators, and they will be
empowered to fine those institutions where there is lack of
appropriate attention to the red flags.
Finally, fourth, because we have other suggestions, and I
am just giving you the highlights here, we would propose a
prohibition on the sale or transfer of identity theft debt:
That is, once an institution has been notified that there is a
threat of an identity theft, that institution would be
precluded from going off and selling that debt. So, we would
propose prohibiting the sale or transfer of debt for collection
that a creditor knows is the result of identify theft. This
measure would help reduce the repollution, if you want to use a
word, of consumers' credit files with wrong information, and
save consumers countless hours of needless hassle in trying to
restore their good name.
We look forward to working, Mr. Chairman, with you, Ranking
Member Sarbanes, and all of the Members of the Committee, to
ensure that the Fair Credit Reporting Act becomes an even more
effective tool to meet the financial interests of America's
consumers.
Thank you very much for the chance to be here today.
Chairman Shelby. Thank you, Secretary Snow.
Mr. Secretary, during the course of the Committee's review
of the Fair Credit Reporting Act, the Banking staff asked the
General Accounting Office to perform an analysis of the
accuracy of credit reports. The GAO has just come back with
these results, which will be included in the record here today.
The chief finding of the report by the General Accounting
Office was that only limited and to some degree contradictory
information was available with respect to the overall accuracy
of credit reports. Specifically, GAO concluded, ``Information
on the frequency, type, and cause of credit report errors is
limited to the point that a comprehensive assessment of overall
credit report accuracy using currently available information is
not possible.''
This is troubling, concerns us. In order for us to know
where things stand presently, and to know the direction that
the new Fair Credit Reporting Act provisions would take things
in the future, including measures such as one you have
outlined, Mr. Secretary, we need some independent data to make
informed determinations. Considering the importance of credit
reports to the credit process, Mr. Secretary, is it not worth
the effort to get an objective understanding as to how accurate
the reports are?
Secretary Snow. Absolutely, Mr. Chairman. I agree with you.
It is important, though, I think to distinguish what features
of the report are inaccurate.
Chairman Shelby. Absolutely.
Secretary Snow. Understand I am not an expert on this, but
there are people at the Treasury that I have talked to who are,
like Mr. Abernathy, who indicate that some of this information
is fairly trivial and some of it is not.
Chairman Shelby. What is substantive and what is trivial?
But a lot of times it is substantive, and really accuracy goes
to the heart of the report, does it not?
Secretary Snow. I think having better understanding of this
whole question is very important. I think the credit agencies
themselves have a real stake in having better information, and
in creating greater trust in the accuracy of the information. I
share your concern about this.
Chairman Shelby. Mr. Secretary, the Administration, which
you are part of as Secretary of the Treasury, has recommended
permanent extension of the preemption provisions. In some of
our discussions with stakeholders involved with issues related
to the Fair Credit Reporting Act, we have been told that many,
if not most, of the positive developments they have seen have
come just in recent months as we have been holding these
hearings, when the shadow of reauthorization loomed largest. I
guess this is common sense.
Do you think, Mr. Secretary, that at a minimum, the process
of reauthorization tends to serve as a force that motivates
interested parties to perform at a higher level, both here and
in the marketplace?
Secretary Snow. I think being subject to scrutiny certainly
heightens one's attention and serves a useful purpose.
Chairman Shelby. Absolutely. Is it worth noting, Mr.
Secretary, that even at the time when the Fair Credit Reporting
Act reauthorization is being considered, when you would think
that everyone associated would be on their absolute best
behavior, whatever that is, the FTC just completed an
enforcement action and levied a significant fine against one of
the big credit bureaus for failing to meet basic
responsibilities with respect to handling consumer complaints.
With that in mind, will the necessary incentives remain if
reauthorization is permanently taken off the table, or should
we make sure that we provide some type of legislation to keep
people on their toes?
Secretary Snow. I think what we are trying to do in our
proposal is create the right incentives for the whole system,
that whole complex system of furnishers, scorers, and the
credit reporting agencies, and the consumers themselves, to
work in a more effective way, to create incentives for the
whole system to work more effectively. We strongly support
removing the sunsets, but recognize in removing the sunsets
that Congress will continuously review, as you are doing today
on how the system is working, and whether it is working well to
protect consumer interest, and whether it is working well to
make credit available at low interest rates.
I think you have ample authority here and ample ability to
continue to police the system and create yourselves, through
that oversight, the right incentives.
Chairman Shelby. Mr. Secretary, lastly, we heard testimony
here that consumers are not all that well versed in the area of
credit reporting, and I think the proposal to allow--that you
just mentioned--free access to their credit reports will
certainly help improve things. I also think it is almost as
important here to make people aware of their right to a free
report as it is to provide them the right in the first place.
In other words, if you give them the right--you have talked
about free reports--but they have to be aware of that right,
which I think would really help in identity theft, would help
clear up misunderstandings and probably have a lot of positive
things in it. Do you disagree with that?
Secretary Snow. No. I agree very much. At the Treasury, we
are engaged in this important effort on financial education
which I think is central to----
Chairman Shelby. If they have a right, they need to know
they have that right.
Secretary Snow. Exactly. I think broader understanding of
the financial system and people's rights under it, is
important, I agree.
Chairman Shelby. Senator Sarbanes.

COMMENTS OF SENATOR PAUL S. SARBANES

Senator Sarbanes. Thank you very much, Mr. Chairman.
Mr. Secretary, we are pleased to have you here before the
Committee. I am going to take advantage of the fact that you
are here to digress for just a moment.
I was following this bus tour that you and Secretary Chao
and Secretary Evans were making out there in the Midwest,
running around the countryside, and I noticed you indicated
that you thought the Chinese Government needed to allow its
currency to strengthen by widening its trading ban against the
dollar. We have followed this issue of currency manipulation
closely in this Committee, and I welcome that statement on your
part, but I want to underscore just how important I think it
is. In fact, when we enacted the Omnibus Trade and
Competitiveness Act in 1988, it requests the Treasury--this has
now been in existence some 15 years--requires the Treasury to
submit a report to Congress on international economic and
exchange rate policy by October 15 of each year. The Act
requires the Secretary of the Treasury, ``to analyze on an
annual basis the exchange rate policies of foreign countries
and consider whether countries manipulate the rate of exchange
between their currency and the U.S. dollar for purposes of
preventing effective balance of payments adjustments, or for
purposes of gaining unfair competitive advantage in
international trade.''
I just have some process questions. One, do you anticipate
submitting that report on time, by mid-October?
Secretary Snow. Yes, we do, Senator.
Senator Sarbanes. And will the report contain the required
analysis of exchange rate manipulation?
Secretary Snow. Yes, it will.
Senator Sarbanes. The Act requires the Treasury Secretary
to testify before Congress on the report if requested, and I
think Chairman Shelby has indicated his desire to have such
testimony, so presumably you would anticipate testifying before
the Committee on the report?
Secretary Snow. Yes, indeed.
Chairman Shelby. Senator, would you yield for a second on
that same thing? We had Secretary Snow coming earlier in July,
but he was traveling with the President, as I understood, so we
postponed this hearing, did not cancel it, and added it to the
October hearing schedule. I understand that the Treasury will
be releasing the next exchange report in October, and that
Secretary Snow then would address these issues when he appears
before the Banking Committee at that time. Is that right?
Secretary Snow. That is absolutely right, Mr. Chairman.
Senator Sarbanes. I just wanted to indicate a number of us
are looking forward to that hearing. We think it is an
extremely important one in terms of international economics,
and we are looking forward of course to the report and the
analysis, which the Treasury people will be making, of this
possibility of seeking unfair competitive advantage in
international trade by manipulating the currency exchange
rates.
Mr. Chairman, I was not here right at the outset, but I
wanted to take a moment to commend you for holding this series
of hearings on the Fair Credit Reporting Act. I think each and
every one of the hearings has been extremely productive, and I
particularly commend the comprehensive approach you have taken
in examining these issues, and also the wide cross-section of
interests that have been represented by the witnesses you have
invited to the hearing table. I think it has given us some
valuable insights into the workings of the Act as we consider
solutions to the various issues that have been raised.
As I noted at the outset, when we started, the Fair Credit
Reporting Act, really at its core is a consumer protection
statute. I think it serves a very fundamental purpose helping
to ensure the privacy of consumer financial data, the accuracy
of credit report information, and fair practices in the
collection and the use of credit information and then credit
granting. It is very important to literally tens of millions of
Americans that we work to ensure fair, accurate, and effective
credit reporting practices as we consider reauthorizing the
preemption provisions of the Act.
Mr. Secretary, during these hearings we have received a
number of recommendations for improving the operation of the
Act. These suggestions have included--and I am going to go
through a list of the summary headings, I guess. Beneath the
summary headings there is obviously important questions of what
are the details? The devil is always in the details, and I
recognize that, and I am not going to, at this moment, get down
to that level. But as I go through these summary headings, I
just want to get some sense if there are any of them that you
think are not an appropriate item for us to be looking at as we
consider this reauthorization. Combatting fraud and identify
theft; clearly, you have made that a lead item in your own
statement.
Secretary Snow. Yes, I have.
Senator Sarbanes. Protecting consumers' financial privacy.
Secretary Snow. Certainly protecting the accuracy,
security, and that translates into privacy information, is very
important, yes.
Senator Sarbanes. Clarifying the credit scoring process and
the use of credit scores.
Secretary Snow. Yes, we have recommendations in that area
as well.
Senator Sarbanes. Improving the accuracy of credit reports,
which of course relates to the one I just asked.
Secretary Snow. We have recommendations there as well, yes.
Senator Sarbanes. Improving consumers' understanding of the
credit reporting process.
Secretary Snow. Very much so, as I responded to the
Chairman earlier, yes.
Senator Sarbanes. Combatting abusive marketing practices.
Secretary Snow. Yes. Our proposal deals with that as well.
Senator Sarbanes. Finding ways to improve the financial
literacy and education of all consumers.
Secretary Snow. Yes, certainly.
Senator Sarbanes. You have an office in the Department of
the Treasury addressed to financial literacy and education. We
have introduced legislation to set up a coordinating committee
within the Executive Branch of the Federal Government to be
headed actually by the Secretary of the Treasury, and to be
staffed in effect by this office in your department. We had a
number of agencies here the other day, all of whom work on
consumer literacy and consumer education. As you know, from the
Trade Promotion Coordinating Committee, we did a comparable
thing in that area. I do not know whether you have had a chance
yet to fully review that legislation.
Secretary Snow. Senator, we support the broad thrust of
what you and the Chairman are putting on the table here. There
is an office that reports to Assistant Secretary Abernathy that
deals with this broad question of financial literacy. We want
to see that office become even more effective, even stronger in
its capacity to deal with this issue. It is a critically
important issue. I agree with you.
Senator Sarbanes. Thank you very much.
Thank you, Mr. Chairman.
Chairman Shelby. Senator Bennett.

COMMENTS OF SENATOR ROBERT F. BENNETT

Senator Bennett. Thank you, Mr. Chairman, and I echo
Senator Sarbanes comment about the thoroughness and the wisdom
of this series of hearings. My experience on the Banking
Committee, I do not know of any legislation that has had a
series of hearings that has been as comprehensive as this and
had witnesses from across the spectrum the way this one has,
and now we are culminating in the statement from the Secretary,
and I applaud you for the methodology of putting this together.
If I can pick up on what Senator Sarbanes was saying, I
listened very carefully to the list of items on which he
focused, and there were a few things that I would like to add
to that list. I will not suggest that Senator Sarbanes
overlooked them. I will just suggest that I focused on them.
In your testimony, you outlined what has happened since the
Fair Credit Reporting Act has been in place and the amount of
credit that is available to people that presumably was not
available before and how it has facilitated the extending of
credit, particularly to groups that were left out of credit
earlier.
As I have said at one of our previous hearings, I remember
when I was sitting where Senator Corzine is sitting now, as a
very new member of this Committee, and there is hope, Senator,
that it moves really fast to come around the horse shoe.
[Laughter.]
The main issue that we were discussing at the time was
availability of credit, particularly for minorities. And we
were beating people up who would come before the Committee for
the fact that credit was not made available.
Their defense was, well, many of these people are not good
credit risks. Now, by virtue of information about them and
their credit habits being made widely available, we have
discovered that they are better credit risks than the
institutions thought they were and that credit is now being
made available.
I raise that because part of the testimony we have had here
has suggested that if we do not extend the Fair Credit
Reporting Act in essentially the same form that it has been in
during this period of success, we run the risk of having credit
begin to dry up for certain people; in other words, we protect
in the name of consumer protection, information to the point
that it is not available and credit extenders then say, well, I
cannot take the risk because I do not have the information.
I am particularly focusing on the preemption clause with
respect to that, and I love your statement when you said this
allows you to take your reputation with you when you move. We
have had testimony before the Committee that indicates that the
number of Americans who move every year is in the tens of
millions, and this is one of the challenges of the credit
reporting agencies to keep up with people. And many of the
errors that are in their files are errors of wrong addresses,
wrong employers, et cetera, because the information does not
catch up with the fluidity of the American workforce.
I have had the experience of moving from one State to
another prior to the Fair Credit Reporting Act and discovering
it was extremely difficult to get a mortgage in the new State.
Fortunately, my family was fairly well known in Utah. I had
moved back to Utah after a period of 24 years away, and it took
my father going down to the credit reporting agency or to the
financial institution with whom I was dealing and laying down
his credit as a guarantee of mine, having just moved from
California, in order for me to get a loan, and now I can take
that reputation with me.
Let me shift with that now to one quick question for you,
and maybe we will get around to a second round on some other
issues.
Free credit reports on request. I back this. I think it is
a very logical thing, but again let us get into the details. We
are asking the credit reporting agencies to give away their
product. That which they charge for, that which they earn their
money on, we are saying you have to give this away. And as long
as they are giving it away to a relatively small percentage of
the people whose names are in their files, they can handle
that.
But as we drive toward getting them to give away their
products to more, and more and more people, it raises all kinds
of questions about who is going to pay for it eventually and
will some enterprising providers of credit say, look, you ask
for your credit report and bring it in along with your
application for a loan, so I will not have to ask for it, and
therefore I do not have to pay for it.
Have you given any thought as to what can be done to deal
with the cost implications of saying to an entire industry, by
law, we are going to require you to give away your product to a
certain portion of the economy while you are trying to sell it
to another?
Secretary Snow. Senator, those are good questions, and we
have thought about them. Today, of course, the credit reporting
agencies are required to make those free reports available
under a number of circumstances, and they do. The one change we
are making is to make the annual-upon-request requirement, put
that in place.
I do not think, I mean, we have heard from people who
raised the issues that you raise, and I think they are
legitimate issues. In fact, they are issues I raised when I
first heard about this proposal inside the Treasury Department.
As I have thought about it, on balance, I think it still makes
good sense and will not lead to an untoward burden on the
credit reporting agencies.
I think we have to be on guard for the unintended
consequences of the sort you are mentioning and monitor that.
In a way, you could see where the credit reporting agencies
would welcome the input on their reports from the consuming
public because it would make those reports more accurate, and
they are in the business of providing accurate information.
So, at one level, I can see where they would embrace it and
say it really helps us do our basic job, but I think we should
be alert to some unintended consequences that we, at this
point, cannot foresee, and be prepared to deal with it if it
arises.
Senator Bennett. As I said, I favor the free credit report,
but the details have to be looked at.
Senator Sarbanes. Right.
Senator Bennett. Thank you, Mr. Chairman.
Chairman Shelby. Senator Johnson.

COMMENTS OF SENATOR TIM JOHNSON

Senator Johnson. Welcome, Secretary Snow.
So that I do not misunderstand your earlier testimony to
Chairman Shelby, it is my understanding that the Administration
supports a permanent extension of the Fair Credit Reporting
Act. You observed that you favored a sunset of the Fair Credit
Reporting Act, which is obviously a termination of the
legislation, subject to then reauthorization process again. So
that I do not have any misunderstanding, I wonder if you would
clarify the Administration's position.
Secretary Snow. That may be a distinction without much of a
difference. The sunsets are in place and will be triggered
unless action is taken by the Congress by the end of this year.
We favor the continuation of the current national standards,
which means we want the sunsets removed. I used the word
``permanent.''
Congress will, I imagine, continue to monitor this and make
improvements over time and deal with issues such as the ones
that may arise that Senator Bennett talked about. We would like
to see these national standards extended, with the
modifications that we have proposed, which is tantamount to
saying we do not want to see the sunset go into effect. We like
the preemption.
Senator Johnson. As I understand, it would be a permanent
extension. Obviously, Congress would continue its oversight
responsibilities, which we always do. The Administration's
position is, that it would not be an extension of a finite,
limited time, but it would extend the existing law beyond the
current sunset.
Secretary Snow. Precisely, Senator.
Senator Johnson. Legal certainly, I am assuming, is a high
priority for the Administration relative to the business
community that they can make plans over the long term, knowing
that the Fair Credit Reporting Act is not only here, it is here
to stay, subject, obviously, to the occasional Congressional
modifications.
Secretary Snow. Exactly. We think it would be really
devastating if the business community could not plan on the
preemption staying in place.
Senator Johnson. Do you think that increasing furnisher
liability is a useful way of increasing the accuracy of credit
reports or do you think that such an approach might, in fact,
have a counterproductive consequence with respect to
participation rates?
Secretary Snow. Again, it all depends on the specifics of
the proposal, but in general I think we have it about right
now. I would be concerned about higher levels of burdens on
furnishers, since it is a voluntary system, creating
disincentives for them to stay in the system. The ability to
provide broad-based, low-cost credit really depends on lots of
furnishers staying in the system.
I would be very chary and very concerned about changing
that balance very much, Senator.
Senator Johnson. Secretary Snow, in your judgment, who
would stand to lose the most if Congress fails to reauthorize a
uniform national standard for credit reporting?
Secretary Snow. Well, I think those who would lose the most
are those who, today, have been brought into the system over
the course of the last 7 or 8 years because of the national
standards. And they, as I think we all know, tend to be more
minorities, more Hispanics, more African-Americans, more small
business owners who do business on credit cards.
It would tend to be the less fortunate, the less
financially well-established segments of society who would
suffer the most.
Senator Johnson. One of the great strengths of the American
economy, as opposed to many other economies in the world is the
mobility and the fluidity of America's workforce. Would failure
to extend the Fair Credit Reporting Act have a negative
consequence on that important piece of our economy?
Secretary Snow. Senator, I think it would have far-reaching
adverse consequences. One of the great strengths of this
country is labor mobility, and it is a contradiction to so many
other major industrialized economies of the world,
particularly, say, Germany. Something like one-sixth of all our
workforce changes locations in a given year.
And as we said earlier, that ability to take your
reputation with you, to be able to get credit for a house, to
get credit for a car, or to get credit for shopping and so on
is just a powerful part of what makes this American economy so
fluid and work so well.
Senator Johnson. Thank you, Mr. Secretary.
Chairman Shelby. Senator Crapo.

COMMENTS OF SENATOR MIKE CRAPO

Senator Crapo. Thank you very much, Mr. Chairman. I too
want to thank you for holding these hearings.
Secretary Snow, I want to follow up on one of the answers
that you gave to Senator Sarbanes when he went through the list
of issues that we should be considering here. One of them was
the privacy issue. I think that raises the whole question of
whether the Committee should get into the issue of Gramm-Leach-
Bliley and the privacy provisions that we deal with there.
There is a debate as to whether there should be an opt in
proposal or an opt out proposal adopted with regard to the
sharing of citizens information.
And it is my understanding that the Administration has not
proposed that we get into that issue. I would like to clarify
that and find out, if not, why the Administration does not
believe that we should get into that issue at this time.
Secretary Snow. Because I think it is premature at this
time, Senator. That legislation is almost brand new. It is just
being implemented. We are just figuring out how it really works
and getting acquainted with the ins and outs of Gramm-Leach-
Bliley, and the experiment, in effect, that it put in place.
The experiment that you put in place with the FCRA has had
a lot more experience under it, and I think it is an experiment
that has clearly proven successful. We know that the results of
this experiment are really superb, terrific. And with some
changes that we are recommending, we think that it should
continue.
I do not think we are in that position with Gramm-Leach-
Bliley yet. That experiment is too new, too young. I would urge
that we give that more time, learn more from the experience
under Gramm-Leach-Bliley and return to that at some time in the
future, but not now.
Senator Crapo. I have in front of me a letter from a number
of the financial and consumer institutions in Idaho who make
the point, from their point of view, that we need to have a
much more readily, comprehensible, and simply executed national
privacy notice of system, so that people can understand what is
being done with private, financial, medical, and other records
about them and they can have an ability to control how that
information is utilized.
I want to be sure that I understand your testimony. You are
saying that you think that the issue is not ripe, but not that
the issue is not one we should approach; is that correct?
Secretary Snow. Exactly. I think now we should focus on
extending the Fair Credit Reporting Act with some of the
modifications that have been talked about, and at the same
time, obviously there are concerns along the lines you are
suggesting. I understand that the regulators are working right
now: That is, the financial regulators, at improving those
notices. It is a matter of simplifying those notices to make
them easier to understand and giving the consumers a better
sense of what their rights are.
While it is an issue that needs some attention, I think
right now, from our point of view, the priority is on
reauthorizing these national standards and making sure they
stay in place.
Senator Crapo. Thank you very much, Mr. Secretary. I think,
like most Americans who receive these privacy notices in the
mail, I do not know if very many people read them, I, because I
sit on the Committee and have a responsibility in this area,
actually read every privacy notice that I have an opportunity
to look at, and I have concluded that they are either
incomprehensible or unbelievably simplistic.
I mean, they seem to go from one end of the scale to the
other, but I do not believe they are accomplishing what we need
with our citizens in the United States, in terms of their
ability to understand their rights and to define what the
rights of Americans are with regard to financial information
that is maintained about them.
I think we need to address this issue, and I would
appreciate the opportunity to work with you on this as we move
forward.
Secretary Snow. Thank you, Senator Crapo.
Senator Crapo. Thank you.
Chairman Shelby. Senator Carper.

COMMENTS OF SENATOR THOMAS R. CARPER

Senator Carper. Senator Crapo and I actually were talking
about this subject in the last week, and I am glad he has
raised it here today. I do not know that it is possible to ever
have a notice from a financial services institution that was
almost as simple to read and understand as, say, the ability to
change your mailing address, but it sure would beat some of the
language I have tried to wade through myself. I take my hat off
to you if you read all of those. God bless you.
[Laughter.]
I am glad you raised the issue, and, Mr. Secretary, I am
glad that you were able to let us know from your perspective
that you think the issue may not be ripe yet, but it is one
that I am interested in returning to, and I am pleased Senator
Crapo is as well.
Have you ever known anybody in your own family or personal
friend whose identity was stolen?
Secretary Snow. Yes, I have.
Senator Carper. Anybody in your own family?
Secretary Snow. No, but close friends.
Senator Carper. We have a niece down in North Carolina
whose identity was stolen a couple of years ago. She is
recently out of college, and I think you described the
situation and the experience as hellish. That is a good
description for her and for her family.
In looking at the experience, and the reason I think why
there has been a rise in the prevalence of identity theft, a
couple of reasons; one is that it is pretty easy to do. Two, it
is fairly lucrative. Three, people who perpetrate these crimes
are not easily caught. And four, if you look at the penalties
that people pay for putting a lot of people through a hellish
experience, the penalties are fairly light.
And I just want to ask you to walk us through the
Administration's proposal on this front and describe for us
again how it makes identity theft harder to do, how it would
make it less lucrative, how it would enable us to more easily
catch those who perpetrate these crimes, and how would it
stiffen the penalties for those when we catch them?
Secretary Snow. Senator, our recommendations touch a number
of those matters that you raise.
First, we would recommend establishing, I guess, for want
of a better term, we would call it a national security alert
system.
Senator Carper. How would that work? Put this in a
practical sense. How would it work? Use a real-life example, if
you will.
Secretary Snow. You have been victimized. All right. You
think you have been victimized. You can, under our proposal, go
to the financial institution and, in effect, put a red flag on
that. You can tell them I do not want you sharing any more of
my information with anybody, and the way you do this is you go
to an authorized agency of the State government and get what
would be tantamount, I guess, to a police report that says you
have filed a report.
Now, I think to keep the system honest and fair, you have
to hold people who would get that police report to a standard
of perjury if they are simply making false statements. But once
they get that government document, probably a number of some
kind, the financial institution would be precluded from
continuing to send that information around, and that would help
the individual put a stop to his identity being used by others.
And we would also require that once an identity theft had
been identified, the banking institutions would be required and
the CRA's would be required to broadcast that out broadly so
that everybody would know about it.
We also think that the banks can do a better job on this,
and we would have the banking regulators require them to take
more responsibility for putting in place the capacity to deal
with identity theft, with fines and penalties for not doing so.
There are telltale signs.
Senator Carper. Would you elaborate on that for just a
moment please, what you just said.
Secretary Snow. We would recommend that the CRA be amended
so that banking regulators be required to coordinate with each
other and develop what you might want to call a system of red
flags, indicators of identity theft, and there are patterns to
identity theft, and share these with other regulators so that
the banking regulators, as a whole, become united in their
effort to deal with identity theft.
They become more deeply engaged in the question, in that
issue of identity theft. They watch for the patterns that the
identity thieves employ and put up these red flags. Now, the
red flag would be an indicator that here is the likelihood in
this instance that somebody is trying to steal your identity.
And we would ask that the legislation include a requirement
that the regulators, when they do their audits of the banks,
look at the question whether the banks are actually doing what
they are required to do, what the legislation directs them to
do, with respect to engaging, through this system of red flags
and watching for patterns of identity theft. Just as they do
audits of their capital ratios, they do audits of their
identity theft engagement so that we bring this whole issue to
a much higher level--put a much higher profile on this--and
engage the consumers, engage the banking institutions, and
engage the regulators in dealing with this issue.
Also, we would seek to protect the interests of the victim
of identity theft by precluding the sale or the transfer of
identity theft debt. What happens today is somebody sees a red
flag. There may be an identity theft with respect to some
individual. They want to make sure they get as much money out
of that debt obligation as they can, so they go and sell that
obligation.
What we would suggest doing is precluding, where there is
evidence--reasonable evidence--to suggest identity has
occurred, the sale or the transfer of that obligation. Once
that obligation gets sold, that information is repolluting the
whole stream of information that is relied on to establish
people's credit, your bad debt moves through the system and
continues to register to make you less worthy of credit.
Senator Carper. Thanks, Mr. Secretary.
Chairman Shelby. Senator Dole.

COMMENTS OF SENATOR ELIZABETH DOLE

Senator Dole. Mr. Secretary, let me ask you a bit about the
Department's view of the House legislation, and I want to
follow up on one of Senator Johnson's questions here. As you
said, our credit system is based on a voluntary reporting
system in which the furnishers best interest is to report
information to the credit bureaus. How do you view the duties
that have been imposed on the furnishers in the House bill?
Could any of these jeopardize the willingness of furnishers to
provide information to the system?
Secretary Snow. Senator, we broadly support the House bill,
but there are some provisions that do add some burdens that we
would like to understand better before we embrace them fully
because of just the issue you raise. We are concerned that we
have got to get this balance right.
As you put more burdens on furnishers, you may improve
accuracy, you may help protect privacy, you may help security,
but you also may cause the furnishers to withdraw from the
system or be reluctant to be in it. Getting that balance right
is really important.
Senator Dole. Well, there are a number of duties imposed on
furnishers.
Secretary Snow. There are indeed.
Senator Dole. The House accepted an amendment which allows
consumers to go directly to a furnisher to dispute what they
believe to be incorrect information on their credit report.
Does Treasury have a position on that language?
Secretary Snow. We are still looking at that. There may be
some merit in that approach, and we are still reviewing that
question.
Senator Dole. The 1996 Amendments to the Fair Credit
Reporting Act gave credit bureaus the ability to dismiss
consumer disputes that they deemed to be frivolous. Now, if
Congress decides to allow consumers to register disputes
directly with furnishers, should we give furnishers the same
ability to dismiss frivolous suits or claims?
Secretary Snow. That is again one of those matters that we
want to understand better.
Senator Dole. I would like to follow up with some questions
to be answered in the record.
Chairman Shelby. Absolutely.
Senator Dole. Does the Treasury support the provisions in
the House bill which require the disclosure of the factors used
to develop credit scores----
Secretary Snow. Yes, we do.
Senator Dole. --but still allow for a reasonable fee to be
paid to receive the credit score?
Secretary Snow. Yes, we do.
Senator Dole. Thank you, Mr. Chairman.
Chairman Shelby. Senator Corzine.

COMMENTS OF SENATOR JON S. CORZINE

Senator Corzine. Thank you, Mr. Chairman, and welcome, Mr.
Secretary.
Let me go at a little bit of this view on free credit
reports upon request, which I think having the consumer
informed about what their credit standing is, is probably one
of the great checks and balances to identity theft, to mistaken
information--some check and balance against how information is
put together.
Why are we resistant to the idea of it not being a more
regularized report to a consumer, so every individual would
have, say, once a year, look at what is going on in their
credit report, particularly why do we not ask for credit
reports to be made available to consumers in situations where
there has been invasion into their consumer activities and
identity theft situations, so it can be cleaned up.
When you have one of these situations occur, all of us have
either had friends, family, or situations that this has
occurred, it is extremely expensive. I do not need to go into
the detail.
Why, upon request, as opposed to a periodic review of one's
credit information so that you are not surprised when you go
off to the bank and apply for a mortgage, and they tell you are
subprime, and you had no idea?
Secretary Snow. Well, Senator, I think today you can get
access, free access.
Senator Corzine. Upon request.
Secretary Snow. Upon request, in the case of identity theft
or various other circumstances, such as being turned down for
credit and so on, adverse events.
But what we are proposing is that at least once a year you
can get it free.
Senator Corzine. If you are aware that there is that
potential, if you are aware that these things in the whole
financial----
Secretary Snow. Well, just if you want it, though.
Senator Corzine. Right.
Secretary Snow. Just if you want it, you are able to get it
once a year. If there is an adverse event, then you can get it
today free, and we would add one more adverse event, and that
is applying for credit and getting the credit, but getting it
on terms that are less advantageous than what you applied for.
You apply for the home mortgage loan at X percent, and you get
X plus 1, you can get a free report from the credit reporting
agency telling you what lay behind that decision.
Senator Corzine. I think what I am asking, though, is a
simple thing. Why are we making it the requirement of the
consumer to request, as opposed to have this be a periodic
requirement, the agencies to report to the consumer, so you
could actually plan. It is fine that you just got turned down
or you got an extra 2 percent on your mortgage, why are
individuals required to actually go through the system to come
to look at the credit officer to have you tell them that, as
opposed to planning for what your life is about?
I think, in the financial world, people have credit rating
agencies label them AAA, AA. People know what their credit
standing is so that they can make plans and considerations for
how they are going to approach credit markets.
Secretary Snow. Senator, I think the basic answer is people
should get those reports if they want them. These reports, I am
told, are dozens of pages. If you do not want the reports, you
are probably not going to put it to much use, but a burden is
imposed on the credit reporting agencies sending out 100
million plus reports a year, whether the consumer wants it or
not, and I underline wants it or not. This could be enormously
expensive and serve no purpose, since most of them would be
thrown in the trash can.
The ``upon request'' is to get some sense of the user's
interest in the report, rather than engaging in what otherwise
could be costly and useless acts.
Senator Corzine. Have there been surveys that would confirm
your view that the consumer would think this was useless and
automatically be a round file in the wastebasket or is that a
presumption?
Secretary Snow. I think if they want the report that they
will request it. The best evidence of people's desire for
something is the fact that they indicate an interest in it. We
are providing an opportunity for people to request. A lot of
people I think would not be all that happy to get these reports
sent to them--just something else they have got to go through
and then throw out. If they want it, they can get it.
Senator Corzine. I guess I understand your reasoning, not
necessarily agree.
Secretary Snow. Thank you.
Chairman Shelby. Mr. Secretary, before I call on Senator
Bunning, I just want to--you did say, as I understood it to a
question earlier, that you were in favor of the Administration
being in favor of making it easier and educating the public on
their ability to get a credit report. In other words, most
people do not know that.
Secretary Snow. Right. Absolutely. Very much so. I said
that absolutely in our response to your questions.
Chairman Shelby. If they thought they needed one and make
it accessible to them.
Secretary Snow. Yes. We need to do a better job on this.
Chairman Shelby. Absolutely.
Secretary Snow. I agree with you.
Chairman Shelby. Senator Bunning.

COMMENTS OF SENATOR JIM BUNNING

Senator Bunning. Thank you, Mr. Chairman.
Mr. Secretary, thank you for being here. This is a little
off the subject of FCRA, but I think I would be remiss if I did
not take advantage of your presence here to ask a question that
is of great importance to my State of Kentucky. The IRS
recently issued IRS Revenue Announcement 2003-46, which
effectively separates private letter rulings regarding Section
29 Tax Credits for solid coal-based synthetic fuels.
This announcement threatens to revoke more than 80
previously issued Section 29 letter rulings. Taxpayers,
including many Kentucky coal companies, have invested hundreds
of millions of dollars in reliance on these rulings. The IRS
action has created massive uncertainty, making it impossible
for taxpayers to earn back their investments they made in
reliance on this law.
How does the IRS plan to proceed with this announcement and
will the IRS lift its moratorium on rulings so that taxpayers
will be able to use credits as provided by the law?
Secretary Snow. Senator, my understanding on this issue you
have raised is that the IRS is looking into the question
whether the tax credits are being properly applied. I am not an
expert on these particular tax credits, but some questions have
been raised as to whether the companies who are using the tax
credits are actually engaged in the activity that would justify
the use of those credits, and the IRS has simply, they have not
come to a conclusion, said they are going to do an
investigation of that.
Senator Bunning. Well, I am going to follow up with a
written question on this so that I can get a much more thorough
answer from the Department of the Treasury on this because it
is very important to presently 80 previous letters that were
issued and 46 more. We are talking about 126 companies that are
being affected by this ruling.
The thing that I am most concerned with on Fair Credit
Reporting is how long it takes victims of identity theft to
clean up their records.
I mean, we have heard horrendous stories about a year, 2
years, and they are still not out of the woods, and I do not
know if all of the red flags that you talked about are going to
get them back their good credit rating quicker, but we have to
do something in this bill that says, by the way, you are a
victim, and therefore you should not be suffering for 2 years
because someone stole your identity.
We have to put something in this bill that will allow the
victim to get their Fair Credit Report back in 100 percent what
it was before the theft. Does the Administration feel that this
is a major problem currently or does it not?
Secretary Snow. No, Senator, we agree with you 100 percent.
We would like to obviously make it more difficult at the
inception for a thief to steal.
Senator Bunning. I understand that.
Secretary Snow. But we also agree with your point we would
like to make it easier to get those records fixed, get those
records corrected as soon as possible, and restore the identity
and take people out of this hellish situation where they have
got to prove their own identity. And we have done some things
that we think try and get at that issue. Certainly, we are open
to do other things, and others have good ideas as well, and I
agree with you.
I think this is one of the most miserable situations that
human beings can find themselves in--to know that you are you,
and nobody else believes you are you, and how do you prove you
are you?
Senator Bunning. Well, particularly the financial
institution you may be dealing with for quite a while.
Secretary Snow. That is right.
Senator Bunning. And others.
Last, but not least, and my time is running out, I think we
need much more stringent penalties on those who commit identity
theft. Does the Administration also feel this way?
Secretary Snow. Senator, yes. I think anything that
discourages identity theft raises the bar on people who engage
in identity theft and certainly should be looked at. I agree.
Senator Bunning. Thank you very much.
Chairman Shelby. Mr. Secretary, before I call on Senator
Schumer, I just want to associate myself with the remarks of
Senator Bunning regarding Section 29. He referenced his State
of Kentucky, and so many people have been depending on what
they heard from the Treasury. In my State of Alabama, we are
also a big coal producer like they are, and we shared the same
problems, so I want to join with Senator Bunning in addressing
that problem that he posed to you.
Senator Bennett. We mine coal in Utah, too, Mr. Chairman.
Chairman Shelby. Absolutely. Same thing, I suppose.
[Laughter.]
Big time out there.
Secretary Snow. And Maryland has got a little coal as well,
I know.
[Laughter.]
Chairman Shelby. So everybody.
Senator Schumer, I do not know if you mine coal, but we are
going to recognize you.
Senator Schumer. No, we do not have any coal in New York,
to my knowledge. We have a lot of it, but it is all imported
from Kentucky, Utah, and Alabama.
Anyway, I want to thank you, Mr. Chairman. Once again, you
are on the money, so to speak, with an excellent hearing, and
you are moving along this Committee in a great way, and I think
we all appreciate it. And I want to thank you, Mr. Secretary,
for being here. This is the first time you are here, and we all
have a whole lot of questions.
I want to ask on an area which we have sent some
correspondence to you, and that is the relationship of trade
with China, particularly the value of the Chinese currency, the
yuan, and the impact on our job base.
As you know, 2 weeks ago, Senators Dole and Lindsey Graham,
myself, and Senator Bayh wrote to you on the subject. I know
you understand our concern. And you seem to be taking a little
more of a stand on this issue lately, but we still have not
heard a firm position from you or the Treasury on whether
China's currency is, in fact, undervalued. So I want to ask you
the question directly. Do you and does Treasury believe that
presently the Chinese currency, the yuan, is undervalued vis-a-
vis the dollar?
Secretary Snow. Senator, that is the subject of the review
under the 1988 Trade Act that we are engaged in looking at
right now. I do not want to make a premature judgment on that.
Certainly, some economists who studied the matter have reached
that conclusion, and others say it is more of an open question.
I, frankly, do not have a firm view on that at this point.
But, what I do have a firm view on, though, is that we
should encourage that the Chinese, I mean, and we will turn to
Japan in a second, we should encourage them, in the reports
that they are looking at widening the band on the yuan.
Senator Schumer. But why should they not just let the
currency float? Let me just, first, I have to tell you I am
disappointed that you do not have a view, and that we are going
to wait until a report comes out in October. Every day, every
one of us hear from our States of jobs, manufacturing, and
otherwise going to China.
Some of that is on the basis of free trade, but much of it,
a good deal of it is because the Chinese have unfairly pegged
their currency to the dollar at too low a rate, and not just of
some economists, but most economists I talked to, and I have
talked to a wide range, Democrat, Republican, liberal, and
conservative, who believe that it is undervalued. The only
question is how much? Is it 15 percent? Is it 40 percent?
And I do not think, as we lose jobs every day, we can
afford until October, and then the report will come out, and
then you will study it, and it may not be until next year that
the Treasury even begins to take a position on this key issue.
And I have to tell you, as somebody who has been a free
trader--I lost the AFL-CIO endorsement when I was in the House
for a while--free trade is losing ground in this Congress like
a sinking stone. When you hear that Intel, IBM, and Goldman
Sachs planned to move high-end jobs to China and India, what is
going to be left here, restaurants? I mean, the manufacturing
jobs are going, the agricultural jobs are going.
I have to say, with all due respect, I do not think it is
adequate for you to wait until October, and at least myself and
others are going to push the President and the Treasury not
only to come out with a position, this is even before a
position, but also not to be so coy with the Chinese. You know,
the Chinese want to be included in the family of Nations when
it benefits them, and they do not live up to their
responsibilities.
This is not a small little country that needs to peg
something to the dollar. Their currency should float like
everybody's. What is the theoretical objection to having their
currency float and determine, even if you do not know if it is
undervalued or not, the best way to do that is to let it float.
And what are we doing to get the Chinese to do that?
Secretary Snow. Well, Senator, as I indicated to you
earlier, we are encouraged by the reports that are coming out
of China that they are looking at employing a more flexible
exchange rate regime. They are to be encouraged in that. But
this is an extraordinarily complex matter. You probably are
aware of the banking problems and the Chinese economy. You are
probably aware of concerns about overvalued assets on the books
of the banks.
You are probably aware, Senator, of the capital controls
that are in place, and you are probably aware of concerns that
many economists have, and many China hands have, that if you
moved too rapidly in the direction of freely floating exchange
rates with the removal of capital controls, which of course go
hand in hand, as you would know, that you would have a huge
exodus of yuan into euros and into dollars, and of course you
know that that would drive up the value of the dollar versus
the yuan and drive up the value of the euro versus the yuan.
So this is a very complex question. I think we should
encourage them to move in the direction they seem to be going.
I think we should also have some appreciation and understanding
of the real complexity of this matter and the need to approach
it in a really thoughtful manner.
Senator Schumer. I have to tell you, sir, to the tens of
thousands, hundreds of thousands, millions of Americans who
have lost jobs and who we or you ask us to say, well, free
trade benefits everybody, to say let us be patient, when the
yuan has been pegged at an artificial rate for a long time, is
not much consolation.
Furthermore, there is probably manipulation here. You are
saying undoing the manipulation may have bad consequences, but
let me just quote Chairman Greenspan. He says, ``If China's
exchange rate is significantly undervalued, and indeed a
reflection of that would be their [China's] accumulation of
dollar assets. The accumulation of dollar assets will expand
their money supply to the point that it will create problems in
monetary policy, and it will be to their interest to change.''
So that undercuts the argument you are making. He basically
says that it is in their interests to even have some of the
consequences. Now, maybe you cannot do it all at once, but when
do we expect Treasury action on this? The report is coming out
in October. Do you think we have manipulation of the currency
by China?
Secretary Snow. Senator, you read the quote from Chairman
Greenspan, and it began with ``if.''
Senator Schumer. Yes.
Secretary Snow. ``If.''
Senator Schumer. Well, what is your view?
Secretary Snow. The ``if '' is what needs to be understood
better. That is the question.
Senator Schumer. Well, what is your view?
Secretary Snow. And the Chairman was very careful in the
words he chose there.
Senator Schumer. Yes, he is always careful. I have talked
to him.
Secretary Snow. He said, ``If.''
Senator Schumer. What is your view? Is China manipulating
its currency?
Secretary Snow. Well, I think if the Chairman felt he knew
the answer to that question, he would not have used the ``if.''
Senator Schumer. But I would like to know your view.
Secretary Snow. I have an ``if '' as well.
Senator Schumer. Well, I do not think these answers are
satisfactory, with all due respect, sir. We are going to lose
not just jobs, you are going to lose, my guess is, a free trade
consensus in this Congress very, very rapidly, and this is a
proeconomic, profree trade way to restore some of the imbalance
because this is an unfair part of the imbalance, and I do not
think your patience with this, with all due respect, is shared
by Members on both sides of the aisle in this Committee and
elsewhere.
Secretary Snow. Senator, when we report to you in October,
which is only a couple of months away, we really want to know
the facts. We want to give you a thoughtful, well-considered,
and analytically sound answer to the question, the question
that the Chairman aptly notes is an ``if.''
We have to pay careful attention to this issue, though, of
manufacturing, the whole problem of currency manipulations or
the problem of undervalued currencies, to the whole question of
countries promoting their export sectors at the expense of the
world trade system. It is not really in their interest to do
so. No country has ever devalued itself to prosperity, and the
issues the Chairman raised, and the issues I have talked to him
about in that same vein are important. They are critically
important issues. And there is the potential for an imbalance
in the whole trading system if countries build up excessively
large reserves because they are suppressing the value of their
currency.
We are in full agreement. We recognize the issue. We want
to come back and have a dialogue with you and with our friends
in China on this question. And if, in fact, the yuan is being
held at a considerably lower than market value, then it is not
in their long-term interests, and we want to have that dialogue
with them.
I do think, though, we have to recognize that some of the
loss of manufacturing is due to a variety of other things. I
think you would acknowledge that. There has been a long-term
downward trend in manufacturing in the United States over the
last 50 years. A part of that is due to rising productivity
itself in the manufacturing sector. Part of it is due to the
rise of technology. A lot of it is due to domestic competition.
The whole question of manufacturing, and its role in our
economy, and where it is going, and what can be done to assist
it are serious issues that Secretary Evans is engaged in, that
I am engaged in, and that we hope to come back and put in
better perspective for the Congress.
Senator Schumer. Thank you, Mr. Secretary.
Chairman Shelby. Senator Dole.
Senator Dole. Mr. Chairman, I just want to associate myself
with the comments of Senator Schumer. Because no question about
it, our textile industry in North Carolina has been decimated,
and I do believe that time is of the essence, Mr. Secretary,
and that, yes, there are a number of causes, but certainly
Chinese currency manipulation is something we must move on. I
do not think we can wait. And also I recalled the comments of
Chuck Hayes, who passed away about a year ago, he was head of
the Textile Institute in North Carolina, head of one of the top
companies, which has gone down.
He said, if the transshipments from China--or he did not
mention China, specifically, but we know that is where most of
them are coming from--these illegal transshipments had been
half what they had been, then our textile industry would be
thriving in North Carolina, and of course it has been
decimated.
So a number of these issues go back to the Chinese, and I
just want to associate myself with the comments that you have
made today and hope that we can get some speedier action on
this.
Chairman Shelby. Thank you, Senator Dole.
Senator Sarbanes.
Senator Sarbanes. Just to close out this issue. Obviously,
it is a matter of very deep concern here in the Congress.
Senators Levin and Voinovich are also addressing Japanese
manipulation of currency. The Government of Japan intervened in
foreign exchange markets 24 times in the month of May alone,
spending $43 billion in order to keep the yen weak against the
U.S. dollar. In effect, this amounts to a Government subsidy of
its major exports. So the issue runs not only to China, but to
Japan as well, and I share the concern my colleagues have
expressed and the need for the Treasury to act on it now,
promptly.
In any event, it is very clear that this hearing that the
Chairman has indicated is going to be held after you prepare
your report, is going to be a very, very important hearing
because, obviously, at that point, you are not going to be able
to sit at the table and say, well, we have not finished our
study yet.
But I think this situation is urgent enough that you need
to be doing things in the interim. It seems pretty clear we are
being taken advantage of, in terms of the rules of
international fair trade.
Secretary Snow. Senator, as I indicated earlier, we have
indicated that we are encouraged by the fact that the Chinese,
very high levels of their Government, have indicated an
interest in widening the peg, widening the ban, and we are
encouraging them to do so.
We are also encouraging them to think about, though, the
financial infrastructure of the country, so that as they move
in that
direction, there are parallel developments with respect to the
banking system and capital controls, and so on.
Of course, it is I guess worth noting that during the
period of the Asia currency crisis, where there was so much
concern about stability, and contagion and all of those issues,
the Chinese maintained the peg, and of course that had the
effect of, at a time when all of the other currencies were
falling, of making their currency more valuable, since it is
tied to the dollar, and the dollar sustained its value.
So these, again, I come back to the fact we recognize there
is an issue here. It needs to be addressed. We are addressing
it. We are encouraged by some developments. We would like to
encourage further developments, and we will be having a
dialogue on this subject and are having a dialogue on this
subject, a dialogue that is probably best conducted with the
parties directly, though.
Senator Schumer. Mr. Chairman.
Chairman Shelby. Sure. Go ahead, Senator.
Senator Schumer. Thank you.
I would just like to follow up briefly because it is an
issue that concerns a good number of us on both sides----
Chairman Shelby. All of us----
Senator Schumer. --both sides of the aisle here.
First, here is the United States' position right now--this
comes from the last time this report was issued, Treasury's
Report to Congress on International Economic and Exchange Rate
Policy, dated May 3, 2002--``No major trading partner of the
United States manipulated exchange rates under the terms of
Section 3004 of the Act during the period July 1, 2002, through
December 31, 2002.''
Right now, our position is that there is not currency
manipulation. Now, you say, well, that is not now, it is then,
but the yuan was still pegged at that time.
Second, I am just going to ask three quick questions and
ask your comments. This is the first one. Is that still our
official position? Do we have to wait until October to say?
Because the Chinese were given a clean bill of health.
Two, Greenspan said, yes, if they were manipulating the
currency, there was an ``if,'' but he said that, then, their
money supply would accumulate, that that would be an
indication, and we know that China's reserves are going up, up,
up. I think the IMF estimated them at $350 billion, China's
reserves. This is as clear as the nose on your face that it is
an example of currency manipulation, and at the same time, we
are saying, no. And I would just add to you one of the reasons
the Chinese financial system is messed up is because they have
pegged their currency. It is not unpegging it that will mess it
up, it is that they have pegged it, and that has messed it up,
and that is what happened.
And three, I would ask you this: Is there any indication,
other than verbiage, because I have been through this with the
Chinese and the Japanese on trade before, we get 5 years of
verbiage before you get a single bit of action.
And this idea of ``leave it to the big boys'' to just
discuss this quietly? Not me. I have had it that way. I left it
to the big boys to open up Japanese financial markets for 5
years, nothing happened. I started raising my voice, and within
6 months, New York firms were allowed on the Japanese stock
exchange. So, I learned it the hard way, and I am not going to
be fooled again.
Have the Chinese done one single thing that changes what
their currency is or have they just said they might explore it?
So those are the three questions. I apologize for being
excited about this, but when I read last week that Goldman
Sachs was moving 2,500 jobs, not low-end jobs, high-end jobs,
and Intel said they can get an engineer in India for $5,000,
not $60,000, here in America, what is going to be left here?
This is something we have to act on quickly. I apologize.
Secretary Snow. Good, Senator. I understand what lies
behind this line of questioning and am in deep sympathy with
what motivates it by you, and by Senator Dole, and really by
the whole Committee.
You know where this Administration is. We favor fairly
fluctuating exchange rates. We think they work better. We think
they make the international trading system better, and we think
they add to the stability of the whole global monetary system.
Senator Schumer. Have we ever asked the Chinese to change?
We always talk about this in, excuse me, in broad terms. We
generally favor floating rates, and then when it comes, and you
are asked, ``What are you doing about China,'' or even ``Should
China change?'' we go back to the ``generally we believe in.''
That is not going to get us anywhere.
Secretary Snow. Well, Senator, as you know as well or
better than I, the decision, with respect to the currency
regime that a country adopts, is a sovereign decision. The
United States cannot dictate to another country what currency
regime they employ.
I think, though, we can have a good dialogue with them, and
the circumstances are a little different now. Those foreign
reserves are at much higher levels than they were when that
prior report was written.
And as Chairman Greenspan so well stated, it is really not
in a country's long-term interest to acquire a disproportionate
amount of foreign reserves because that is capital. That is
capital that could go into the domestic economy.
And we are very strongly of the view that countries cannot
devalue their way to prosperity. They have to develop their
domestic economies, and taking capital out of your economic
system and putting it into owning foreign reserves over
somewhere does little to develop the domestic economy.
I believe we are in a heated agreement here.
Chairman Shelby. We hope so.
[Laughter.]
Mr. Secretary, we do look forward, again, to your October
meeting. And I will tell you this, that meeting here will be
well attended, not only by the press of the world, but by the
Committee Members because we all are concerned--Senator Dole,
Senator Schumer, I guess just about all of them are concerned
about what is going on.
Secretary Snow. Thank you, Mr. Chairman.
Chairman Shelby. Mr. Secretary, we want to thank you for
your appearance today and look forward to your next one in
October.
Secretary Snow. Thank you very much.
Chairman Shelby. Thank you.
We will now go to our second panel, and they have been very
patient here. Mr. Edmund Mierzwinski, Consumer Program
Director, U.S. Public Interest Research Group, and Mr. Michael
McEneney, on behalf of the U.S. Chamber of Commerce; is that
right?
Mr. McEneney. McEneney.
Chairman Shelby. McEneney.
In the interest of time, gentlemen, your written statements
will be made part of the record. I am hoping you will sum up
your basic points as quickly as possible. We will start with
you.

STATEMENT OF MICHAEL F. McENENEY

PARTNER, SIDLEY AUSTIN BROWN & WOOD, LLP

ON BEHALF OF THE U.S. CHAMBER OF COMMERCE

Mr. McEneney. Good morning, Mr. Chairman, Senator Sarbanes,
and Members of the Committee. My name is Mike McEneney, and I
am a Partner at the law firm of Sidley Austin Brown and Wood. I
am pleased to have the opportunity to appear before you today
on behalf of the U.S. Chamber of Commerce. I would like to
commend the Members of the Committee for their work in
examining key aspects of the FCRA.
The FCRA and its national uniform standards have provided a
robust framework for the most advanced consumer credit and
insurance markets in the world. Indeed, the benefits of the
FCRA were highlighted in a recent Information Policy Institute
study which found that the national uniform standards
established by the FCRA have contributed significantly to the
consumer benefits of the current credit marketplace. The study
concluded that the loss of the existing framework of uniformity
would threaten the current consumer benefits and that
Congressional action is necessary to ensure the continuity of
our national standards.
The national standards established by the FCRA are also an
important component of protecting the security of consumers'
personal information. For example, the national uniform
provisions under the FCRA ensure that financial institutions
can have access to reliable credit report information for
identify verification and other identity theft prevention
measures. Although renewal of the FCRA's national uniform
standards is an important step, we believe that more can be
done.
For example, this Committee has heard testimony
highlighting the issues of identity theft and consumer
education. The Chamber strongly supports efforts to address
these important issues and looks forward to working with the
Committee to achieve these goals.
With respect to identity theft, we believe there is a
common theme that may be helpful in guiding considerations of
provisions to combat the problem. In particular, the methods
used to address potential identity theft scenarios should be
flexible, allowing companies to utilize the most efficient
means to thwart identity thieves. Such an approach would rely
on the obvious fact that a one-size-fits-all approach may not
work for all companies. For example, the red flags presented by
identity thieves will invariably change over time, and the
tools used to combat identity thieves should change as well. We
hope this theme could be further explored as part of the
Committee's deliberations.
Another topic that has been raised is the important issue
of a consumer's ability to access his or her credit report. The
Chamber welcomes consideration of how to make credit reports
more available to consumers. We believe, however, that this
issue requires careful study before next steps are taken. In
particular, there should be a full examination of the costs
associated with additional free reports in order to ensure that
there are no unintended consequences, particularly for
consumers.
Moreover, if consumers are given access to their credit
reports free of charge, the frequency and volume of demand for
free reports will be difficult, if not impossible, to predict
since a widely circulated press report or e-mail could drive
extremely high volumes of demand in short periods of time.
Given such inherent unpredictability, it is unclear how credit
bureaus would be in a position to adequately manage this
problem. For example, even the most basic issues, like
establishing adequate staffing levels, are difficult to address
when you cannot predict the volume of demand.
The Chamber also encourages the Committee to consider
legislation that would make it clear that companies can conduct
investigations of wrongdoing in the workplace without the
inappropriate application of the FCRA. Because of the
difficulties in conducting an investigation while complying
with the FCRA's requirements, the FTC's interpretation on this
issue deters employers from using experienced and objective
outside organizations to investigate workplace misconduct. The
FTC interpretation I am referring to here is one that would
actually cause an accounting firm or a law firm that is hired
by a company to help in investigating workplace misconduct,
that accounting firm or law firm, by reporting the results back
to the employer under this FTC interpretation, might actually
become a consumer reporting agency; and the Chamber urges
amendments to the FCRA to make it clear that that is not the
case.
Before concluding, I would like to just briefly address
certain issues that have come up in the context of affiliate
sharing.
First, I have heard it mentioned that perhaps affiliated
entities might be establishing their own credit bureaus and
operating free from the scope of the FCRA. Actually, that
cannot happen. If affiliated entities were to establish a
credit bureau and, for example, sell information to third
parties the way that credit bureaus do, they would be subject
to the full range of provisions of the FCRA, and they would be
regulated as a credit bureau would be.
Second, in my experience, affiliated entities have no
desire to set up credit bureaus within their affiliated
families, and there are significant limitations on their
ability to do so, I would add. For example, they only see part
of the picture with respect to a particular individual's credit
history or financial experience because they do not see the
experience that others have at other organizations. They do not
see the public record information that can be vital to making
credit decisions.
The real purpose of affiliate sharing is to know enough
about your customers to give your customers what they want. And
the real purpose of the affiliate sharing exercise is to expand
or enhance customer relationships, not limit them, not to use
the information to deny people credit, or otherwise limit the
relationships.
Now, although risk assessment can be an important part of
that process, to my knowledge, affiliate sharing entities
typically do not deny people credit or other products based on
the information they get from other affiliates. The reason for
this is simple: They only see part of the picture. What they
typically will do is go out to a credit bureau to obtain a
consumer report before that type of decision is made.
Just one final note on affiliate sharing. I am aware,
though, that affiliates will use information in an affiliate
sharing context to grant people credit or other products where
they cannot find information at the bureau on that individual.
So where, for example, an individual is just starting out their
financial history, they do not have a file at a credit bureau,
there are entities that, through affiliate sharing, may know
more than the credit bureau would on that individual. And I am
aware of at least certain circumstances under which affiliates
will use that information, again, to expand or enhance that
relationship with the individual.
Once again, I would like to commend the Committee for its
efforts to maintain the consumer benefits of our current
financial marketplace while also protecting the security of
consumers' personal information. The Chamber looks forward to
working with the Members of the Committee as any legislation
moves forward.
Thank you again for the opportunity to appear before you
today, and I would be happy to answer any questions.
Chairman Shelby. Sir, go ahead.

STATEMENT OF EDMUND MIERZWINSKI

CONSUMER PROGRAM DIRECTOR

U.S. PUBLIC INTEREST RESEARCH GROUP

ON BEHALF OF:

ACORN, CENTER FOR COMMUNITY CHANGE, CONSUMER ACTION

CONSUMER FEDERATION OF AMERICA, CONSUMERS UNION

ELECTRONIC PRIVACY INFORMATION CENTER

IDENTITY THEFT RESOURCE CENTER

NATIONAL CONSUMER LAW CENTER

PRIVACY RIGHTS CLEARINGHOUSE, PRIVACY TIMES, AND

U.S. PUBLIC INTEREST RESEARCH GROUP

Mr. Mierzwinski. Thank you, Chairman Shelby, Senator
Sarbanes, Members of the Committee. I am Ed Mierzwinski,
Consumer Program Director with U.S. Public Interest Research
Group. My testimony today is on behalf of the Nation's leading
consumer and community and privacy organizations, including
ACORN, the Center for Community Change, Consumer Action,
Consumer Federation of America, Consumers Union, the Electronic
Privacy Information Center, the Identity Theft Resource Center,
the National Consumer Law Center, Privacy Rights Clearinghouse,
Privacy Times, and we are all united. We have all been working
on this, and we appreciate that the Senate has asked for our
views before it develops its own comprehensive solution to the
problems identified in your set of detailed hearings.
We want to make sure that credit reports are accurate, that
consumer privacy is protected, and that identity theft is
stopped. All the indicators show that identity theft is up, Mr.
Chairman. Just this week, the distinguished Professor Alan
Westin reported that millions of Americans--not hundreds of
thousands, as most previous reports have identified. Millions
of Americans annually are probably victims of identity theft,
and the crime costs consumers billions of dollars a year.
Consumers are the victims, as your hearings have pointed
out. Industry has in the past claimed that they are the victims
because they eat the costs. Consumers are the victims because
of the emotional distress, the time, the inability, as Captain
Harrison pointed out to the Committee, of being able to clear
61 fraudulent accounts from his good name.
We also know, in terms of identity theft, that the Federal
Trade Commission has documented that identity theft is up and
that it is at higher levels every year.
Also, this week, you may have seen that yesterday the
Federal Trade Commission imposed a $250,000 civil penalty on
the Equifax Credit Bureau for violating the terms of a consent
decree, where it was supposed to have enough people on staff to
answer the phone and help consumers. I am, quite frankly,
astonished, Mr. Chairman, that during the terms of a
Congressional review of this industry--and this industry is
seeking all kinds of favors, seeking preemption forever--that
they would get caught violating a consent decree; and at the
same time they are arguing that if you are going to provide
consumers with greater rights, the first to a free credit
report, for example, that you have to be careful that you do
not impose too many duties on them. They are not even complying
with their current duties to answer the phone, so I am quite
dismayed that the credit bureaus are asking for additional time
on the free credit report.
I would also point out to the Committee that this week the
Privacy Times broke a story that suggests that the credit
bureaus are moving jobs offshore. I think the Committee should
look into that before it drafts its bill. I am very concerned.
Identity theft is often an insider game. If they are moving
jobs to low-wage countries, there may be greater opportunities
for identity theft. There is real secret--I am sorry,
confidential information in credit reports, and I think you
should scrutinize very carefully this proposal by the credit
bureaus to move our confidential consumer records offshore.
The consumer groups think it is the wrong time to grant
permanent preemption for a number of reasons, and we think
that, as you pointed out in your opening statement, ongoing
Congressional review is a good idea. The biggest problem we
have in this Congress is inertia, and having a reauthorization
every 4 years or so seems to be a good idea. We would, of
course, support removing the preemption and just letting it
expire. But if you are not going to do that--and the House
chose not to do that--at least this Committee should consider
sunsetting the preemption.
This week, disappointingly, a District Court Judge in
California overturned parts of the San Mateo and Daly City
privacy ordinances which were enacted under the broader pro-
privacy, pro-State authority terms of the Sarbanes Amendment to
the Gramm-Leach-Bliley Act. We would also ask that the
Committee reiterate its 1996 Congressional history that the
preemption in the Fair Credit Reporting Act as it pertains to
affiliate sharing was narrow and does not affect the Gramm-
Leach-Bliley Act and the right of the States to enact stronger
financial privacy laws, so long as the States do not attempt to
enact laws that turn those companies into credit bureaus when
they share information.
I also want to point out that I find it somewhat
hypocritical of the industry to be saying that they want
flexibility because they do not want one-size-fits-all for
their companies, but they do want one-size-fits-all for the
laws. So they want the law to be national; they do not want the
States, who have been demonstrated to be engines of change,
laboratories of democracy, all the good ideas in the modest
House bill have already been enacted in State law to a large
extent. Yet industry does not want one-size-fits-all. They want
flexibility in the rules. It is a little surprising.
My testimony goes into a number of key reforms, Mr.
Chairman, that I will not go into now, but we believe the House
bill does not go forward adequately enough. It does not provide
enough transparency. It originally was supposed to provide free
credit reports and free credit scores. It now no longer
provides free credit scores.
I spoke with a leading lender yesterday, a leading
executive of a leading lender, and he told me he would like
much greater opportunities to provide consumers with free
credit scores. But he is prohibited by contracts that prevent
him from doing so. We think that the scores should be free
along with reports, and they should be provided by all credit
bureaus.
We think the FTC should be required to audit the companies
annually and to publish the results of those audits to the
public.
We believe that the consumers should have availability of
more scores, and this is outlined in our testimony--I am sorry,
more reports and more scores. And it is also something that is
supported by the FTC and, I believe, the Treasury Department.
There are circumstances in the economy where today we accept a
counteroffer and we do not receive a credit report. We should
get a credit report when we accept a counteroffer. We should
also get a credit report when a company like Citibank makes a
decision based on a profile internally. And while we may
disagree, my colleague and I here at the table, over whether
the companies will eventually want to set up their own internal
credit bureaus, they, in fact, are using information derived
from affiliate sharing for credit profiling, according to
Citibank's testimony last month. When that happens, you do not
have the same rights as you would if they used a full credit
report.
In terms of accuracy, we make a number of recommendations
to the Committee. I am very disappointed in the GAO report, Mr.
Chairman, because it ignores the fundamental findings of the
largest and peer-reviewed study that has been provided in
testimony to this Committee. The CFA's study, the Consumer
Federation of America's study, looked at half a million credit
files and found that 29 percent of consumers had a disparity of
50 points or more on their credit scores if obtained from one
or another of the three repositories. I believe that the
findings of that CFA study, which, again, was peer-reviewed and
is a legitimate, academic-level, statistically valid study, in
my opinion, should have been discussed in greater detail in the
GAO's findings.
The other studies that I would like to point out to the
Committee--and I would like to make sure that they are in the
record if they are not already--the industry has relied on a
number of white papers, a number of studies that claim or
purport that there will be billions of dollars of cost to the
economy if we do not do what they want done.
I would say that Robert Gelman, a noted privacy expert, has
prepared a study on the costs of not protecting privacy. And
Professor Elizabeth Warren of Harvard Law School has prepared a
study rebutting a number of the proprietary industry white
papers as a way to make public policy. And, in addition, our
proposals talk about the need to have better credit score
models transparency as well. We do not know enough about credit
scores. We do not know enough about how they are made. As your
testimony, however, pointed out on Tuesday, we do know that
your credit limit is part of your credit score, and that when
your credit limit is withheld by a furnisher, that is a problem
for the consumer.
So there is a very important study by the civil rights
group, the Center for Community Change, called ``Risk or
Race,'' that finds that, in fact, risk may not be the factor
that has black and Hispanic applicants disproportionately
mentioned in subprime lending; that is, if you are black or
Hispanic, you are more likely to be paying too much for a loan.
And that study, ``Risk or Race,'' should be entered into the
record.
Our testimony goes into a number of other important details
about changes that need to be made in the act. Our groups hope
to work closely with you and Senator Sarbanes on solutions to
these important problems. But at a very minimum, we strongly
oppose the permanent extension of preemption. We think it is
unjustified. We urge the Committee to go for a sunset rather
than permanent preemption.
Chairman Shelby. Thank you.
We have seen indications that some creditors do not report
information regarding their customers to the credit bureaus.
You referenced that. What do you believe is their motivation
for this?
Mr. Mierzwinski. Well, very clearly, the motivation is to
game the credit scoring system to prevent those customers from
shopping around. If I want to apply for credit, I want the best
credit score I can have. But the easiest thing for a company to
do is not to look for new customers, but to keep its existing
customers. That is why they do it.
Chairman Shelby. But if they do that, you cannot have
accuracy in scoring, could you? You do not have all the
information.
Mr. Mierzwinski. We do not believe you can have accuracy in
scoring, and the fact is even though the so-called black box of
the credit scoring models is secret to you and me, the
companies know enough about it to know that if they withhold
certain pieces of information that they can game the system.
And there is a lot of motivation there because if they keep
their customers, most of those customers are probably paying
too much for the----
Chairman Shelby. It is to their benefit, but perhaps to the
loss or detriment of the consumer.
Mr. Mierzwinski. It is absolutely to the loss or detriment
of the consumer to be prevented from being able to shop around.
And it is also to the loss or detriment of the credit scoring
system.
I think a bigger threat to the uniformity of the system, to
the voluntary nature of the system, than the States, who I
think are rational actors, is these acts of companies to
prevent their consumers from being able to shop around.
Chairman Shelby. Do you believe it is important to
establish some kind of baseline, that is, objective information
regarding the level of credit report accuracy?
Mr. Mierzwinski. I absolutely think that you need to
establish a better baseline on credit report accuracy, and I
know the GAO--again, I disagree with their finding, but they
say more needs to be done, that the FTC or the agencies, the
bank agencies, or the credit bureaus should do more of a study.
I personally feel that the annual audits of credit bureau
accuracy should be provided and the public should hear about
them. The Committee should hear about them as well.
Chairman Shelby. We have also learned here a lot about--but
we do not know everything about it--the growing use of risk-
based pricing. Adverse action notices are not provided as
regularly, we have been told, as they once were.
I believe that consumers are never more aware of the need
to review their credit report than after they have been jolted,
perhaps jolted to the awareness of some kind of credit-related
problem.
Do you agree? And do you think it is necessary to update
the adverse action notice process to meet today's realities?
Mr. Mierzwinski. You are exactly right. We agree. I believe
that the agencies, the Treasury and the FTC, also agree, or at
least on that one the FTC agrees.
The old credit system was yes or no. Now the credit system
is more or less. You pay more or you pay less. If the system is
inaccurate, you probably pay too much. But in many cases, when
you are paying more, you do not know that it is because of a
mistake on your credit report because you are not receiving the
adverse action notice.
Chairman Shelby. The whole system is based on accuracy,
which is truth, is it not? If somebody is gaming the system for
proprietary reasons, withholding information, the consumer is
going to get hurt.
Mr. Mierzwinski. Well, the consumer gets hurt, but it is an
externality to that company. That company benefits by charging
that consumer too much. They are happy.
Chairman Shelby. Sir, going forward, how can we best ensure
that entities involved in the credit granting process continue
to meet their Fair Credit Reporting Act responsibilities?
Mr. McEneney. Mr. Chairman, I think that probably the best
way to do that is the continued active, vigorous enforcement of
the existing statute. The statute really is a remarkable piece
of legislation, providing powerful protections to consumers.
The credit bureaus that have information on them are under an
obligation to maintain reasonable procedures to ensure the
maximum possible accuracy of that information. Consumers'
access to that information, the ability to dispute it, the
ability to demand that the furnisher----
Chairman Shelby. Ability to dispute it and clear it up if
it is wrong, right?
Mr. McEneney. Clear it up if it is wrong, absolutely, and
including involving the furnisher, the entity that provided the
information to the bureau, in that process.
Chairman Shelby. Well, how do we change that a little? We
had this gentleman, this Army Captain, retired, that had a
horror story. It just ruined his life, basically, trying to
deal with identity theft and all this. There should be an
easier way to clear up somebody, because they steal your
identity. And the Secretary of Treasury testified here today,
as you know--you were here--that this is a big and growing
problem.
Mr. McEneney. I could not agree with you more strongly, Mr.
Chairman. I think if you take--virtually every anecdote I have
heard about accuracy that is not related to identity theft can
really be addressed by the proper application of the existing
statute. But identity theft is really where the statute,
unfortunately, has a weakness.
Now, in that regard, I think that many in the industry, and
I think to a certain extent the people in the Administration as
well, have looked at a way to try and make it easier for those
people who are the victims of identity theft to get it cleared
up quickly. Probably the most powerful tool that consumers
could have in that context is the trade line blocking.
Now, the way the trade line blocking works is the consumer,
for example, files a report. A police report is one standard
that has been talked about. Whatever the standard is, it has
got to be a credible one to avoid credit repair clinics from
using it to game the system. But assuming that we can come up
with a credible threshold--and I think we can--what that would
do is then enable that consumer to take that report, go to the
bureau, file that report, and block for all time----
Chairman Shelby. And not have the horror stories we have
had here.
Mr. McEneney. Absolutely.
Chairman Shelby. And I am sure there are thousands.
Mr. McEneney. Yes, absolutely. And, Mr. Chairman, could I
just comment on a few other questions that you raised earlier?
Chairman Shelby. Absolutely.
Mr. McEneney. I am familiar with the issues regarding the
reporting of credit limits, and my understanding of the
motivation behind those issues--and I am not defending that
practice, but----
Chairman Shelby. Please do not.
Mr. McEneney. But it is a little different than I think my
colleague at the table may have described. As I understood it,
I thought that some banks thought that they may have come up
with a clever proprietary way to set credit limits and did not
want to tip their hand to their competitors that they had come
up with this methodology.
I do not think it was designed to prevent their customers
from shopping. After all, if that was their intent, they would
not report anything on those consumers at all.
Chairman Shelby. Well, why not report everything for
accuracy? How can you have accuracy if you are gaming the
system, even if you want to rationalize for proprietary
reasons, and keep you or you from shopping in the market?
Mr. McEneney. I agree with you.
Chairman Shelby. Because the market does not work if you do
not have it open.
Mr. McEneney. I agree with you that full reporting should
be encouraged. I think requiring it may have some adverse
consequences that outweigh the benefits.
Chairman Shelby. Like what?
Mr. McEneney. One of the things that happens if you
mandate--today, we have a voluntary system that I think works
extremely well, and I think there is substantial evidence for
that because of the incredibly successful rate at which
creditors are able to grant credit and get paid based on----
Chairman Shelby. We like all that, but we like accuracy,
which is based on the truth.
Mr. McEneney. And I think that the way the system works
today is extremely effective. Creditors grant credit. They get
paid back. I think that supports the notion that the
information they have today, although not complete in some
cases----
Chairman Shelby. Well, we all agree that the system is
working pretty well. But where it is not working well, I think
it is our responsibility to clear it up. And you can help us.
Mr. McEneney. And I am prepared to help you, Mr. Chairman,
and the only thing I would say is that I think encouragement or
persuasion in this regard will likely provide the benefits you
are looking for without significant detrimental impacts, like
driving people from providing the information in the first
place.
Chairman Shelby. What is wrong with mandating it?
Mr. McEneney. There are a number of questions that come up
in that context. One is: Who do we mandate provide the
information? There are thousands and thousands of furnishers of
information out there. And then what do they provide? For
example, small businesses have certain types of information.
Utility companies have different types of information. Credit
card companies have different types of information. Mortgage
companies. What is it that constitutes full file?
Also, who do they provide it to? There are hundreds of
credit bureaus around the country, and do we only mandate that
it be provided to certain credit bureaus and not others?
Also, I think one of the things that has to be assessed is
the potential impact on the reliability of the information.
Today, people provide the information voluntarily because they
are willing to build the infrastructure to do so; they are
willing to incur the costs to deal with follow-up disputes. If
you force people to do it where those people have not build
those infrastructures to support the reporting of the
information, I think there is a significant risk that it could
actually decrease the reliability of the information you get.
Chairman Shelby. Well, I disagree with you on that.
Even if the motivation is not to so-called game the system,
shouldn't we be concerned if the effect hurts the consumer? In
other words, the consumer--there are a lot of choices out there
in the marketplace, and you have got different firms fighting
for that customer. But if somebody is withholding information
which keeps their customer base in line where they might have
an opportunity to do a little better somewhere else, I think it
games the system and the free market does not work.
Mr. McEneney. Well, I would say on that point that one of
the things that I think people should look into in that context
is the extent to which those issues can be dealt with through
modeling. One of the great things about credit scoring is that
if you know what you do not know, you can model for it. You can
assess what it means over time. And I do not think we are
talking about systematic problems in the reporting of this
information. I think we are talking about exceptional
situations that are a small minority of the circumstances. And
I think that can be dealt with through proper modeling.
Chairman Shelby. At the very least, the banking regulators
could ensure that entities that they supervise full-file
reports. They could do that.
Mr. McEneney. And I think they are strongly encouraging
that, Mr. Chairman, and I think it has been effective. For
example, the Fed did a study on this issue sometime back, and
between the time that they gathered the information from the
credit bureau to figure out what the credit reporting looked
like and the time they prepared the report, the number of
accounts that did not have the credit limit on them went from
something in the neighborhood of 35-plus percent down to 13
percent. And my understanding is that that friendly or not-so-
friendly persuasion by the agencies has been even more
effective in continuing to drive those numbers down and
encourage the full-file reporting.
Chairman Shelby. Senator Sarbanes, I would like to thank
you for your patience.
Senator Sarbanes. Thank you very much, Mr. Chairman. I will
be brief. This has been an extremely helpful hearing, in my
view. Also, I want to thank both of the witnesses who are
currently at the table for their testimony and their
statements.
Mr. Mierzwinski, I particularly appreciate this very
detailed testimony that you and the other organizations that
you are representing have put together here.
In that light, Mr. Chairman, I hope we can keep the hearing
record open to receive additional recommendations.
Chairman Shelby. We certainly will. The record will remain
open.
Senator Sarbanes. I wanted to ask you this question. I am
particularly interested in this. One of the ways of assuring
that the consumer can straighten things out is that he can
bring legal action under FCRA in order to do so. Is that
correct?
Mr. McEneney. Yes.
Senator Sarbanes. And that is an instrument whereby you
get, in a sense, some self-policing of the workings of the
system and I guess in that respect is desirable. Would you both
agree with that?
Mr. McEneney. I think one of the most powerful things about
the FCRA is the tools it gives the consumer to get out and
dispute the information they believe is inaccurate and to have
it corrected.
Senator Sarbanes. Now, let me ask you this question: The
current statute of limitations governing the time period by
which a consumer must bring legal action under the FCRA runs 2
years after the occurrence of the fraud, regardless of when the
victim discovers it.
Now, in the most extreme case, the victim could discover it
more than 2 years after the fraud occurred, and the statute of
limitations would knock the victim out of the box, would it
not, under current statute?
Mr. McEneney. Yes, I believe it would.
Senator Sarbanes. Well, I have difficulty understanding.
Obviously there is no fairness to that, and obviously it
eliminates the workings of the system in terms of the consumer
correcting it.
Now, some have suggested that the statute of limitations
period should be 2 years after the date on which the violation
is discovered or should have been discovered by the exercise of
reasonable diligence, because I can understand it will be
argued, well, you know, they should have known this, we just
cannot have this thing hanging out there forever. So you put
some burden of responsible action on the consumer.
But why wouldn't that be a better way for the statute to
work, 2 years after the date on which the violation is
discovered or should have been discovered by the exercise of
reasonable diligence? Do you have any problem with that?
Mr. McEneney. Senator, just a clarification of how I think
that statute of limitations issue works. If I am a consumer and
I come to look at my file at any time, my rights accrue at the
time I look at that information to dispute the information and
have it corrected. It is not that if the information was added
more than 2 years ago I cannot correct it. I can demand
correction anytime it is in my file.
I think the situation that you may be referring to is one
where a consumer comes to look at his or her file, believes
that there is a problem in it, and more than 2 years ago, for
example, applied for credit or took some other action and
believes they were damaged at that point in time. Under those
circumstances, I believe the statute would run, and the
individual would not have a right to go back and sue for an act
or for damages that took place 2 years prior, but would have
the right to demand correction of that information right then
and there. The 30-day time frame would then apply, and all
their rights would accrue.
I think that it is important to just focus on what that
statute of limitations issue really means. The consumer always
has the right to come and dispute what is in his or her file.
Mr. Mierzwinski. Senator Sarbanes, if I could add, we want
to reverse the Supreme Court in the TRW v. Andrews case. We
think it is important to clarify the discovery rule and make it
easier. The complexity of the discovery rule is just one
example of how the general principle of this Act is that the
consumer generally has a right to self-enforce his or her
rights. But those rights are very difficult to enforce.
In 1996, a former Member of the Committee, Senator Bryan,
worked very hard to establish a furnisher liability compromise.
As part of that, he said consumers could sue banks and
department stores some of the time after they failed to comply
with the reinvestigation, but not if they simply provided
information to a credit bureau that they consciously knew was
in error. So that first test would only be enforceable by the
agencies. The consumer could only sue in the latter case where
there was a request by the consumer to remove the fraudulent or
false information and that information was not removed.
Consumers had to go to court for the last 8 years. They had
to get the Federal Trade Commission to file amicus briefs on
their behalf. Despite clear legislative intent that Congress
intended to give consumers the right to sue furnishers of
information in some circumstances, many furnishers of
information argued that they did not have the right to sue
them. The law is very difficult to enforce as a private
individual.
One example: Why is there so much identity theft? There is
so much identity theft because the companies do not care about
fixing the problem. They look at it as a cost of doing
business. That is all it is to them. They are making so much
money issuing credit that the millions of consumers who are
victims of identity theft have so much trouble enforcing the
law and clearing up their name, as Captain Harrison did, that
they just give up. And we really need to make it easier for
consumers to enforce their rights, strengthen the duties of
these companies.
Senator Sarbanes. I may not be fully understanding, but I
have difficulty understanding the rationale for a statute of
limitations that runs when the victim is unaware that something
wrong has been done to them. I understand once they know about
it if they then do not do anything about it within a reasonable
period of time, or if, you know, by taking due diligence they
should have known about it and did not do it because they
were--that is a different situation. But the situation in which
they just do not know about it and then they find out about it
and they want to do something, someone says, well, you know, 2
years has gone by, it is just too bad but you are out of luck.
I mean, what is the rationale to justify that kind of
position?
Mr. McEneney. I would be happy to look into the details of
the statute of limitations issue for you, Senator.
Senator Sarbanes. On first blush, it is hard-put to see a
rationale, isn't it?
Mr. McEneney. You know, statutes of limitation generally
are designed to avoid litigation involving issues where the
facts relevant to those issues took place beyond a certain
period of time before. And I would have to look at the specific
issues you are talking about.
Senator Sarbanes. Even if you go down that path, 2 years is
a pretty short period of time when you are talking about, I
think, matters of this sort. But a lot of statutes of
limitations have in them some provision about knowledge or
should have had knowledge in order for the time period to kick
into effect and then knock you out of getting a remedy. You,
after all, are the one who has been victimized. My question is
whether the victim should be able to get some remedy for that,
and it is quite a step simply to knock them out of getting any
remedy when they are in complete lack of knowledge that this
has been done to them.
Mr. McEneney. Senator, I would be happy to look at the
details of that issue and get back to you.
Senator Sarbanes. Thank you, Mr. Chairman.
Chairman Shelby. Could I ask the other side, could you also
furnish information regarding the same subject?
Mr. Mierzwinski. Mr. Chairman, we would be happy to do so.
And we had an amicus brief before the Court in that case, which
we will provide to the staff. We think the Supreme Court was
wrong, but it was a statutory ruling, so the Committee can
certainly reverse them.
Chairman Shelby. Senator Bennett.
Senator Bennett. Thank you very much, Mr. Chairman.
Mr. Mierzwinski, I have gone through your recommendations,
every one of which has some rationale behind it. But taking the
whole thing in total, it reminds me of the comment that came
out of the Vietnam War where the infantry captain said, ``In
order to pacify the village, we had to destroy it.''
And I think if all of these recommendations were put in
place in order to make sure that the customer got absolute
accuracy and absolute protection of his privacy, you would cut
him off from the opportunity of obtaining credit. And that is
what this whole thing was about.
Again, I go back to my first days in this Committee where
the complaint was that particularly minorities and others who
did not have a gilt-edged credit history were being denied
credit absolutely, and the Fair Credit Reporting Act has gone a
long way toward making credit available to them. And if we say,
yes, but there is this and there is this and there is this and
there is this possibility, every possibility of which must be
guarded against, we go back to the bad old days when the only
people who could get credit are those who basically do not need
it. So, I have some real problems with the totality of what you
are presenting here.
Now, I also disagree with you about the GAO report because
I think the GAO report reflects what we have heard in these
hearings. We have had a wide range of studies presented to us.
You claim, with understandable enthusiasm, that the studies
that support your position are the reliable ones and the peer-
reviewed ones and the objective ones. But other witnesses
claim, with equal sincerity, that the studies that they put
forward are objective and peer-reviewed and reliable. And the
results, as we found in previous hearings, are all over the
lot.
So it does not surprise me at all when the GAO begins with
the quote with which the Chairman began this hearing, and I
will read it again: ``Information on the frequency, type, and
cause of credit report errors is limited, to the point that a
comprehensive assessment of overall credit report accuracy
using currently available information is not possible.'' And
that resonates with the sum total of what we have heard in
these hearings.
In the GAO report, we have what I find to be a very useful
summary as to the common causes of errors in the consumer
credit report process, and they cite three common causes:
Number one, consumers. Consumers provide inaccurate data to
furnishers, either by mistake--which I assume is by far the
most logical reason--or purposely provide false information in
order to establish a new credit identity. This is a form of
identity theft, if you will, identity concealment. I have bad
credit; I will now, in an attempt to create a new identity for
myself, mislead the furnishers. That is the first cause of
errors.
The second cause of errors, furnishers input accurate
information incorrectly. I referred to this previously where I
described where I was moving, over the phone, opening an
account. My name is Robert F. Bennett, and the bill came back
Robert S. Bennett. There was not anything malevolent about it,
but the person on the other end of the line heard my ``F'' as
an ``S'' and I have been unable to correct that, as many times
as I have tried. Finally, I just pay the bill, Robert S.
Bennett every month and I do not worry about it. But that is
accurate information incorrectly inputted. Pass on incomplete
or inaccurate data to consumer reporting agencies, or pass on
accurate data in incorrect format. Fail to voluntarily report
data. Those are all of the various ways that furnishers put in
accurate information into the system.
And finally, the third way you get errors is that the
bureaus input inaccurate information or they input accurate
information in the incorrect file. Robert S. Bennett begins to
get information that is not accurate because somehow he is
getting my utility bill put in there.
Because of these common errors involving consumers,
furnishers, and credit reporting agencies, the GAO has
concluded that we cannot get our arms around the size or
complexity of the problem.
So I think what we need to do, Mr. Chairman, is continue
that which has been working, and for that reason, I am strongly
in favor of both the preemption provision and the affiliate
sharing provision, while we continue to try to find out more
information about where the inaccuracies come from and what we
can do to deal with it. I think the reference to the bank
regulators to which you, Mr. McEneney, have referred, is an
indication the bank regulators have gotten tough and the number
of inaccuracies or omissions has begun to go down. And I think
that is a salutary thing, and we should work for that.
I am in favor of Senator Sarbanes' position on the statute
of limitations. I cannot imagine why it would be a problem to
say that, well, if something has gone bad, you do not know
about it until 18 months later, and then suddenly you are faced
with a major identity theft problem, you have only got 6 months
to get your lawyer together and file the case. I want to have
the full 2 years from the time that happens.
Those are the kinds of changes that I think we can make. We
can tighten things up. But I do not want to throw out the baby
with the bath water. I do not want to reverse the fact that
credit has been made available to a wide range of Americans who
did not have it before in the name of saying, well, we are
going to protect your privacy in all of these belt and
suspenders and raincoat kinds of ways, and in the process you
are going to be completely private, but you are not going to
get any credit.
Mr. McEneney. Senator Bennett, on the GAO finding of the
inability to assess accuracy, I would just like to make one
point. It does not answer the question, but perhaps provide
some temporary comfort. That is, there is a proxy for assessing
the accuracy of the information at a broad level, and that is
its remarkable predictive value. Creditors successfully rely on
this information, have been extremely successful in making
credit more widely available, more cheaply than ever before,
and that would not be the case unless the information were
accurate to a high degree.
Now, that does not deal with the detailed issue, but I am
just saying that there is some comfort to be taken from that
widely available fact.
Mr. Mierzwinski. If I could speak to that briefly,
Senator--and, by the way, on your first point on our
recommendations, we would be happy to work with you. If you
want to take our top five or something like that, we would be
pleased.
Senator Bennett. Well, as long as you give me preemption
and affiliate sharing, why, I would be happy--
[Laughter.]
Mr. Mierzwinski. But the situation here, I think--and I
would refer you--I will provide it to the staff. There is a
study by a Philadelphia Federal Reserve Board economist, Mr.
Hunt, that talks about some of the ways that information is
used in the system. And one of the points he makes is a theory
that the system is weighted toward false negatives; that is,
the system may be providing credit accurately to people that
deserve----
Chairman Shelby. Would you furnish a copy of that to the
Committee?
Mr. Mierzwinski. Yes. May be providing credit in a way that
people that deserve credit tend to get credit, but some people
may be paying too much for credit. And that is what the system
is not measuring, and that is my point on the GAO report. I
only read it very quickly. I just got a copy of it. But the one
particular part of the CFA report was the study of half a
million scores that I do not think they looked at in as
detailed a way that they should have. And that was my point.
On the other studies, maybe their points were more valid.
But on that particular portion of the CFA report, that is where
I disagree with them. I was encouraged, however, that they
agree with our finding and recommendation that there should be
more adverse action notices provided so more consumers trigger
looking at reports and trigger reinvestigations.
Senator Bennett. I think the Committee is clearly going in
that direction. That is what the FTC recommended.
Mr. Mierzwinski. Right.
Senator Bennett. I think there is some legitimacy to that.
Thank you, Mr. Chairman.
Chairman Shelby. In closing, I want to thank you two for
being patient today and also for your input. I believe this
will help guide the Committee as we seek in the next weeks to
craft a bill that balances the interests of consumers and the
needs of the credit market. We are not going to try, I hope, to
reinvent the automobile here, but we believe that we can maybe
change the model a little bit, fine-tune it and make it work
better for the American people, and that is all of us.
Thank you, gentlemen.
Mr. McEneney. Thank you.
Mr. Mierzwinski. Thank you.
[Whereupon, at 12:40 p.m., the hearing was adjourned.]
[Prepared statements, response to written questions, and
additional material supplied for the record follow:]
PREPARED STATEMENT OF SENATOR ELIZABETH DOLE
First of all, I want to thank Chairman Shelby on behalf of the
people of North Carolina and the entire country not only for holding
today's hearing on measures to enhance the operation of the Fair Credit
Reporting Act, but also for holding six hearings on the issues involved
in the reauthorization of the Fair Credit Reporting Act preemptions.
This has given us all an opportunity to examine the great benefits the
FCRA has brought to the consumers of America.
These hearings have also illustrated the ways this law can be
strengthened to ensure more accurate credit reports and help our
efforts to combat identity theft. The actions of the House Financial
Services Committee passing its version of this legislation by an
overwhelming vote of 61-3 shows there is a broad consensus on the
issues before us and that we all can work together to accomplish our
goal this year.
While I have long spoken out about the tangible benefits the FCRA
has brought to our Nation by lowering the cost of credit and empowering
individuals, there are further steps we can take to help consumers and
industry, such as providing access to a free credit report once a year.
A free report will help consumers gain a better understanding of the
factors that financial institutions take into account when pricing a
product and when deciding whether to extend credit. Free credit reports
will also ensure the accuracy of credit reports and help stop identity
theft, a destructive crime that is unfortunately growing more common
every day.
As we all know, there has been a healthy debate on the issue of
credit scores. While I feel strongly that consumers should be given an
accurate description of the different factors that go into these
numbers, I do not think this should extend to the right to a free
credit score. This score is a proprietary analysis of a credit report
used to gauge the risks involved in extending credit to an individual.
Since independent businesses develop the scores with their own
resources, they should be able to receive a small fee for their use. It
is also my hope that we not put one score--such as FICO--above all
others. Competition in the credit score market should be preserved.
I want to thank our distinguished panel of witnesses for taking
the time to join us here today. I look forward to working with all of
my colleagues on these issues as the Committee prepares to craft a
legislative package.

----------

PREPARED STATEMENT OF JOHN W. SNOW
Secretary, U.S. Department of the Treasury
July 31, 2003

Thank you Chairman Shelby, Senator Sarbanes, and other
distinguished Members of this Committee for this opportunity to testify
on the Administration's
proposal to strengthen the use of the Fair Credit Reporting Act (FCRA)
to promote consumer interests.
All consumers have two important interests, the promotion of which
is the central purpose of the FCRA. One is the interest in improved
access to credit and other
financial services. The other is the interest in the accuracy and
security of their financial information. The Administration proposes to
remove the sunsets on the uniform standards and focus these standards
and the FCRA even more on meeting these two key consumer interests.
A hallmark of our country is readily available credit. In fact, it
is not too much to say that ready access to credit on competitive terms
is an integral part of the economic security and well-being of American
families. All over the country, Americans depend on competitive credit
markets to realize the dream of homeownership, to finance their cars,
to pay for college, and meet a variety of other needs. More than two-
thirds of Americans now own their own home, and 9 out of 10 homes are
purchased with a mortgage. For example, consumer credit helps finance
the vast majority of the more than 15 million cars and trucks consumers
purchase annually.
The FCRA's uniform national standards for information sharing
operate to expand the opportunity for consumers to access credit and
financial services--they make your reputation as a borrower portable,
so that you do not have to establish your good name from scratch in
every city you visit, or every store where you shop.
The Council of Economic Advisers estimates that, if States passed
laws that significantly deviated from the national uniform standards of
the Fair Credit Reporting Act, 280,000 home mortgage applications that
are now approved each year would be denied--that is $22 billion in new
mortgages annually. Access to accurate and reliable financial
information is particularly important for approving loans to first-time
homebuyers, for example.
This democratization of credit has especially benefited minority
and lower income families. For example, from 1995 to 2001, the
percentage of minorities holding mortgages increased significantly--
one-sixth of minorities who qualified for mortgages in 2001 would not
have qualified in 1995, a higher rate of improvement in homeownership
than for families overall. In addition, the percentage of minority
families with credit cards has risen substantially. From 1995 to 2001,
the percentage of African-American families holding credit cards rose
from 39.4 percent to 55.8 percent. More generally, since 1970, credit
access by U.S. households in the bottom half of income distribution has
experienced the most rapid growth. National uniform standards help all
Americans participate more fully in the miracle of modern credit
markets. We need to accelerate that process and do nothing to slow it
down.
Perhaps the most serious threat to financial consumers today is
identity theft. Identity thieves are clever, adaptable, and heartless.
Indeed, many identity thieves specifically target the most vulnerable
members of society--families of the recently deceased, seniors,
hospital patients, and men and women serving our Nation overseas. These
schemes come in many forms and I have described several of the more
deplorable schemes elsewhere. Today, I would like to cite still another
example, as reported last week, that demonstrates how clever and
adaptable the thieves are:

Using a $100, commercially available keystroke logging
program, an identity thief in New York stole over 450 online
banking passwords during a 2-year period. The scam began with
the thief installing a keyboard-sniffing program on public
Internet terminals at 13 locations scattered throughout
Manhattan. Unwitting customers using the terminals then had
their keystrokes logged as they accessed information. With
username and password information in hand, the thief used the
victims' personal and financial information to open new
accounts under their names and transferred money from the
victims' legitimate accounts into the new, fraudulent ones.

Many Americans have worked hard for years to build and keep good
credit histories. In today's information-driven economy, one of your
most important personal assets is your reputation, your credit history.
The statistics are there--and have been cited by many. For example, a
recent study reports that identity theft has been seriously under-
reported and asserts that 7 million Americans were victims of identity
theft last year alone. We may never know what the right number is. But
one thing we do know is that there are far too many victims of identity
theft and that the crime is spreading.
One of the most distressing aspects of identity theft is how
quickly an identity thief can damage your credit history and how long
it can take to undo the damage. A recent General Accounting Office
study found that victims spend on average 175 hours trying to recover
from the crime. In many cases, recovery can take even longer, and
involve thousands of dollars in legal and other expenses. The costs are
so significant that a market in identity theft insurance is now
developing.
Our national information sharing system can and should be improved
to do more in the fight against identity theft. As we do so, it is
important to understand that national standards for sharing such
information are an important tool in the fight against identity theft.
When a thief tries to steal your identity and open an account in your
name, he is posing as you, hiding behind a mask that he has constructed
out of bits of information about your identity. Bankers or merchants
can stop the would-be thief right in the act, before the crime is
committed, if they have timely access to the right information. With
the right information about your true identity, financial institutions
can ask validating questions and peer behind the thief 's mask. In
other words, your banker can stop the identity thief if your banker is
more familiar with you than the thief is. National uniform standards
make timely access to full and accurate information possible, giving
financial institutions the tools to stop many identity theft assaults
before they can succeed, information moving faster than the thieves.
On June 30, I announced the Administration's proposals to make the
Fair Credit Reporting Act an even more effective instrument to protect
consumer financial data from fraud and abuse, enhancing the quality and
integrity of that information, while at the same time expanding
consumer access to credit and other financial services.
We are extremely pleased that several of these proposals are
contained in bipartisan legislation now pending before the House of
Representatives, approved last week by the Financial Services Committee
by a strong 61 to 3 vote. We look forward to working with you as the
Senate considers these issues. In my testimony today, I wish to focus
on five of our proposals:

Free credit reports upon request. To achieve these important
goals of the Fair Credit Reporting Act we would be wise to engage
the consumers themselves. A basic tool to place in the hands of
consumers is access to their credit reports, once a year, upon
request, free of charge. Consumers should be offered the
opportunity to review their credit reports for accuracy and
completeness. We believe that this proposal will not only help stop
identity theft, but that it will also lead to improvement in the
overall quality of the information in the credit reporting system.
After all, no one has a stronger interest in ensuring the accuracy
of their credit reports than consumers themselves. As the overall
quality of the information improves, everyone will benefit--
consumers, merchants, financial institutions, and the economy as a
whole.
National Security Alert System. We recommend that the uniform
standards include a national security alert system. Under such a
system, consumers who have been victimized or are in danger of
being victimized can put banks and merchants on their guard against
any further efforts to impersonate the consumer, thus making it
much harder to steal one's identity.
Red Flags. We propose the bank regulators also be put on the
watch for patterns followed by identity thieves, red flags that
indicate the likelihood of fraudulent activity. The regulators
would provide notice of these red flags to the institutions that
they supervise and put them on the watch for these telltale signs.
Further, the regulators would verify in their bank examinations
that these warning signs are being heeded, fining those
institutions where lack of attention results in customer losses. I
regard this proposal to be a very important part of the package.
One of the challenges in fighting identity theft is that identity
thieves are adaptable. They are always looking for ways to exploit
systems and procedures that we set up to thwart them. It is
important, therefore, that regulators and financial institutions be
equally adept in catching them. To be effective and not become soon
out of date, this proposal avoids locking today's tell-tale signs
in the statute, but instead gives regulators the flexibility to
adapt to new identity theft schemes and to establish procedures to
thwart them and foil the efforts of the would-be thieves, and it
gives financial institutions increased incentives to be on guard as
well.
Prohibition on the sale or transfer of identity theft debt.
Another important Administration proposal is a prohibition on the
sale or transfer of debt for collection a creditor knows is the
result of identity theft. Too often, consumers labor for hours
persuading a creditor that they were the victims of identity theft
only to find that they must begin the process all over again with a
new creditor who has purchased the debt from the original creditor.
Our proposal would help reduce repollution of consumer's credit
files and save consumers countless hours of needless hassle.
Adverse Action Notices. The Administration proposes granting
the FTC specific rulemaking authority that would require notices to
consumers when their credit scores caused them to be offered less
favorable rates than for which they applied.

These are a few highlights of the package of proposals we have
offered, that would build upon and amplify the use of the FCRA to
promote consumer access to credit within a context of improved accuracy
and security of personal financial information. Enactment of this
package will make our national information sharing system even more a
servant of consumer interests.
Given the important role that the national standards of the Fair
Credit Reporting Act play in expanding access to credit and maintaining
the accuracy and security of consumers' information, it should come as
no surprise that national information sharing standards benefit our
economy as a whole. It seems so basic that we take it for granted, but
an integral part of our economy's success is our confidence in
financial services such as bank services, insurance, and investment
products. Our credit markets helped the American economy weather the
serious shocks we have experienced over the last 3 years--a recession,
September 11, homeland security, corporate accounting fraud, and so on.
And there should be no doubt that the national uniform standards of
the Fair Credit Reporting Act help make our credit market more robust.
According to the Council of Economic Advisors, if the national
standards were to expire, and States adopted new laws currently under
consideration, a minimum of 3.5 percent of loans currently approved
would be denied to maintain the same level of credit risk. This could
put as much as $270 billion of consumer credit in jeopardy.
We look forward to working with this Committee and the full Senate
to move a strong package of reforms into law this year and ensure that
the Fair Credit Reporting Act becomes an even more effective tool for
meeting the financial interests of American consumers. Accomplishing
this task is vital to the future of our economy. With improved national
standards, we can make great strides to protect our citizens against
identity theft, while holding open the doors of credit to many more
American families of every income and background.

PREPARED STATEMENT OF MICHAEL F. McENENEY

Partner, Sidley Austin Brown & Wood LLP
on behalf of the U.S. Chamber of Commerce
July 31, 2003

Good morning, Mr. Chairman, Senator Sarbanes, and Members of the
Committee. My name is Michael F. McEneney and I am a Partner at the law
firm of Sidley Austin Brown & Wood LLP. I am pleased to have the
opportunity to appear before you today on behalf of the U.S. Chamber of
Commerce. The U.S. Chamber serves as the principal voice of the
American business community here in the United States and around the
world. Specifically, the Chamber is the world's largest business
federation, representing more than three million businesses of every
size, sector, and region of the country.
The FCRA has provided a robust framework for the most advanced
consumer credit and insurance markets in the world. A key component of
this success is the fact that the FCRA establishes a single national
system in which our credit and insurance markets can operate smoothly.
This has resulted in significant consumer benefits, in the form of
increased credit and insurance availability at lower costs, and has
provided a source of strength for our economy. The national uniformity
of key provisions in the FCRA is currently scheduled to expire on
January 1, 2004. Making these provisions permanent has been a high
priority for the Chamber and the business community generally. We urge
the Members of the Committee to make these provisions permanent.

The Economic Importance of National Uniformity
At the beginning of the Committee's deliberations on these issues,
there were a number of questions raised about the significance of the
national uniformity established by the FCRA. A recent study entitled
``The Fair Credit Reporting Act: Access, Efficiency, and Opportunity''
goes a long way to answering those questions. The study was prepared by
the Information Policy Institute (IPI) with the support of the National
Chamber Foundation of the U.S. Chamber of Commerce. The aim of the
study was to examine specifically whether a loss of the existing
framework of preemption would threaten the benefits of our credit
markets currently enjoyed by consumers. This study relied on hard data
to determine the impact on consumers and industry if the national
uniform standards were lost. I would like to share some of the study's
findings with the Committee.

In General
In all areas of inquiry, the IPI found that the national uniform
standards established by the FCRA have contributed significantly to the
consumer benefits of the current credit marketplace. Further, the IPI
found few quantifiable direct or indirect costs to consumers associated
with the national uniform standards. The study concluded that the loss
of the existing framework of preemptions would threaten the current
consumer benefits, and that Congressional action is necessary to ensure
the continuity of our national standards.

Mortgages
The study recognizes that many of the efficiencies developed by
the mortgage underwriting market, such as automated underwriting, are
made possible, at least in part, by the national uniformity established
by the FCRA. According to the study, automated underwriting
consistently does a better job of identifying loans that ultimately
``perform''--loans that do not experience a serious delinquency or
default. Moreover, automated underwriting allows mortgage underwriters
to accommodate high volumes of activity. For example, in 2002, the
Federal Reserve estimates that homeowners were able to gain access to
approximately $700 billion of equity in their homes--an astounding
figure that may not have been possible under a less efficient system.
The introduction of mortgage underwriting efficiencies, which have
resulted in part from the national uniformity established by the FCRA,
also appear to have significantly reduced the costs of closing a loan,
saving consumers at least $18.75 billion in 2002.

Credit Availability
The study also examined four different scenarios under which the
FCRA's national uniformity was allowed to expire and the FCRA's
operative provisions were modified in ways suggested by existing
legislative proposals in various States. The study examined the impact
of these changes on six different commercial credit scoring models in
order to approximate the impact on consumers and the cost of credit. In
all four scenarios, the study found that loan approval rates would
decrease or delinquencies would increase, resulting in increased costs
to consumers. Furthermore, the predictive power of credit report
information would decline, damaging creditors' ability to evaluate
credit risk. If creditors cannot properly evaluate credit risk, one of
two things generally occurs in order to hedge against that increased
risk--creditors make less credit available, or they increase the cost
of credit. Either way, consumers lose if the FCRA's national uniform
standards expire.

Prescreening
The study evaluated the current practice of ``prescreening''
customers for preapproved offers of credit. According to the study,
increased competition which has been driven in part by prescreening,
has caused interest rates to be lower overall than they were in 1990.
The study also found that prescreening was the most important method of
acquiring new credit card customers, and that restrictions on
prescreening would increase costs to consumers, and decrease consumers'
access to unsecured credit.

The Importance of National Uniformity to the Security of Consumers'
Personal Information
The Chamber believes that it is important to pursue the goals of
providing for continued access to credit as well as protecting the
security of consumers' personal information. The national standards
established by the FCRA are an important component of protecting the
security of consumers' personal information. For example, the national
uniform provisions under the FCRA ensure that financial institutions
can have access to reliable credit report information for a variety of
purposes, including identity theft prevention. Indeed, the important
role credit reports can play in the efforts of financial institutions
to verify the identity of their customers has been recognized as part
of the regulatory efforts to implement the customer identification
provisions of the USA PATRIOT Act.
The national uniform standards also allow companies to prevent
identity theft in other ways. Under the FCRA, companies have a single
Federal standard governing their ability to share information among
affiliated entities. A key purpose for the sharing of information among
affiliates is to prevent fraud, including identity theft. The FCRA also
establishes a uniform standard for prescreening consumers for credit.
It is noteworthy that the fraud rates, including identity theft, are
significantly lower on accounts acquired through prescreening than
accounts acquired through other means. Providing States the opportunity
to enact their own prescreening rules would make this more secure
method of customer acquisition less attractive if not impossible.
The national standards established by the FCRA also ensure that
consumers have the tools necessary to protect themselves against
identity theft. For example, consumers are provided a standardized
notice if they are the subject of adverse action based on a consumer
report. This notice, which is uniform across the country, informs the
consumer of the adverse action and notifies the consumer that the
action was based, at least in part, on information from a credit
report. This is a ``red flag'' to the consumer to check the credit
report to ensure its accuracy. Furthermore, the FCRA establishes a
single timeframe under which credit bureaus have to reinvestigate any
consumer disputes. I think we can all agree that it is challenging
enough for credit bureaus and consumers to resolve identity theft
issues under a single set of rules--imagine the difficulty if credit
bureaus had to comply with different rules depending on where the
consumer is located.

The Practical Application of the FCRA to Underwriting
Although the broad concepts I have discussed to this point are
important, I would like to provide a more practical application of how
the credit reporting and underwriting process thrive under the FCRA.
The concept of credit underwriting, or the analysis of economic risk on
which a decision to lend money is based, has received repeated mention
by many participants in the debate, but at no point have we really
stopped to talk about what that means. I have attached an example to my
testimony consisting of two simple revolving loan portfolios, each
containing 100 loans of $1,000 apiece, and each paid off within a year.
One portfolio has an interest rate of 5 percent, the other a rate of 18
percent.
If one loan in the 5 percent portfolio were to immediately default
(whether because of identity theft, consumer bankruptcy, or poor
judgment on the part of the lender), it would take the interest
payments from 41 performing loans to compensate for that default. If,
instead, as few as three borrowers default, the lender is completely
underwater--and will lose money--even before facing the expense of
managing 97 other loans. If one loan in the 18 percent portfolio
defaults, it takes the interest from 12.11 performing loans to
compensate for that one default. Even if the lender gets it exactly
right 92 percent of the time, no matter how well those 92 consumers pay
their bills, the lender is in serious trouble.
There is not much more to underwriting than that. And this is why
it is so important for lenders to be able to assess credit risk
accurately. The complicated part occurs when trying to fit the maximum
number of borrowers into the continuum of rates between 5 and 18
percent while keeping defaults to a minimum. Whoever does the best job
of fitting borrowers to a particular interest rate attracts the most
customers because they can offer the lowest rate and manage their
defaults so they still make money. Anything that enhances this process
has obvious consumer benefits. Since 1996, the seven preemptions of the
FCRA have enabled lenders, at a national level, to take advantage of
technological advances to serve their customers while greatly refining
their ability to fit the right borrower into the right rate.

Potential Issues for Enhancement
Identity Theft
One issue that deserves serious consideration is identity theft.
Although identity theft is not caused by the FCRA, we believe the FCRA
can certainly provide part of the solution. In general, we believe that
there is a common theme that should guide the Committee in its
consideration of provisions to combat identity theft. More
specifically, the Chamber believes that the methods used to address
potential identity theft scenarios should be flexible, allowing
companies to utilize the means most efficient to them to thwart
identity thieves. Indeed, a ``one-size-fits-all'' approach may not
work--the challenges presented by identity thieves will invariably
change over time and the tools used to combat the thieves should change
as well.
The Chamber is concerned that if the methods for preventing
identity theft are ``written in stone,'' companies will be forced to
devote resources to complying with these methods, regardless of whether
they become outdated or if more efficient
alternatives become available. Furthermore, if companies must adhere to
specific statutory requirements with respect to identity theft, it may
become very difficult for companies to alter their procedures in light
of the constantly evolving nature of identity theft schemes.

Access to Credit Reports
It is important for a consumer to have access to his or her credit
report in order to ensure the report's accuracy, as well as to address
any instance of identity theft as soon as possible. The FCRA currently
ensures that access to credit reports is relatively inexpensive--the
cost is capped by law at $9. In addition, the Chamber strongly supports
the provisions in current law that provide consumers with access to
their credit report at no charge in certain situations. For example, a
consumer can obtain his or her credit report for free if the consumer:
(i) has been the subject of ``adverse action'' (for example, denial of
credit) due in part to information in a credit report; (ii) is
unemployed and intends to apply for employment; (iii) is a recipient of
public welfare assistance; or (iv) has reason to believe that the file
on the consumer at the credit bureau contains inaccurate information
due to fraud, including identity theft.
Aside from the numerous instances when a consumer currently can
obtain a copy of a credit report for free, some have advocated
providing consumers with a credit report at least once annually at no
charge. The Chamber welcomes the consideration of how to make credit
reports more available to consumers. We believe, however, that this
issue merits careful study before next steps are taken. In particular,
there should be a careful examination of the costs associated with a
``free'' credit report in order to ensure that there are no unintended
consequences. For example, the costs of providing free reports and the
related customer service will have to be absorbed by the consumer.
Moreover, resources that are currently dedicated to investigating
potential errors in consumer reports, or assisting consumers with
resolving identity theft claims, will need to be redirected to meet the
demand for ``free'' credit reports. It should also be noted that a
single, well-placed national news article or widely circulated e-mail
could create significant spikes in demand for credit reports that
simply could not be met without severe disruption to the other
important customer service functions performed by credit bureaus.

Investigating Wrongdoing in the Workplace
Currently, the broad definitions of ``consumer report'' and
``consumer reporting agency,'' as interpreted by the FTC, appear to
apply if an employer uses outside experts to investigate employee
misconduct. This results in the outside firm, such as an accounting
firm or law firm, potentially becoming a consumer reporting agency for
purposes of the FCRA. Because of the difficulties in conducting an
investigation while complying with the FCRA's requirements, and because
employers and investigators face significant potential liability,
including punitive damages, for failure to comply with the FCRA's
requirements, the FTC's interpretation deters employers from using
experienced and objective outside organizations to investigate
workplace misconduct. While the FTC's interpretation affects all
businesses, it is particularly damaging to small and medium businesses
that do not have in-house resources to conduct their own
investigations.
The Chamber strongly believes that Congress should take this
opportunity to remedy this problem. We urge the Committee to adopt
legislation that would exclude employment investigations which are not
for the purpose of investigating the employees' creditworthiness from
the FCRA requirements. Such legislation has been introduced on the
House side in the past few Congresses by Representatives Pete Sessions
and Sheila Jackson-Lee and was included as Title VI of the Fair and
Accurate Credit Transactions Act of 2003, which was approved by the
House Financial Services Committee on July 24. I want to stress that
the Sessions/Jackson-Lee language in the FACT Act is a narrow
correction of an obvious problem created by current interpretation of
the law. In addition, the legislation should not leave those suspected
of misconduct without protection--it still requires that employers who
take adverse action against an employee based on information from an
investigation provide the employee with a summary of the nature and
substance of the report. We urge the Senate to address the problem
created by the FTC's interpretation by enacting the Sessions/Jackson-
Lee language.

Conclusion
Once again, I would like to thank the Committee for its efforts in
examining ways to maintain the consumer benefits of our current
financial marketplace while also protecting the security of consumers'
personal information. The Chamber strongly endorses the criteria
suggested by Treasury Secretary Snow that any amendments to the FCRA
affecting the credit reporting or credit underwriting process should
enhance both personal data security and access to and availability of
credit. Our recommendations are made with this formulation in mind. The
Chamber looks forward to working with you, Mr. Chairman, and with other
Members of the Committee as your efforts to amend the FCRA progress.
Thank you again for the opportunity to appear before you today. I
would be happy to answer any questions you may have.

RESPONSE TO WRITTEN QUESTIONS OF SENATOR DOLE
FROM JOHN W. SNOW

Q.1. Our credit system is based on a voluntary reporting system
in which it is in the furnisher's best interest to report
information to the credit bureaus. Do you believe that some of
the duties imposed on the furnishers by the House bill could
jeopardize the willingness of furnishers to participate in the
system?

A.1. We support H.R. 2622 and commend Chairman Oxley and
Ranking Member Frank for their hard work. However, some
provisions go too far. The new requirements concerning the
accuracy of consumer information contained in H.R. 2622 were
not in the Administration's proposal. We are concerned that
these new requirements may lead to some furnishers dropping out
of our voluntary credit reporting system or simply deleting
disputed information. This would not advance consumers'
interest in the security and the completeness of their credit
reports. We have been working with the House to resolve these
concerns to ensure that we maintain a robust, national credit
reporting system and protect consumers' interests in access to
credit and other financial services, while at the same time
protecting their interest in the accuracy and security of their
information. My staff and I would be pleased to discuss the
matter further with you and Members of the Committee.

Q.2. The House accepted an amendment to allows consumers to go
directly to a furnisher, whether it be a retailer or a bank, to
dispute what they believe to be incorrect information on their
credit report. Does the Treasury have a position on this
language? What, if any changes to the language, would the
Treasury recommend?

A.2. We support H.R. 2622 and commend Chairman Oxley and
Ranking Member Frank for their hard work. The new proposal to
allow consumers to initiate disputes directly with furnishers
contained in H.R. 2622 was not in the Administration's
proposal. We are concerned that this proposal may lead to some
furnishers dropping out of our voluntary credit reporting
system. Also, a cornerstone of both the Administration's
proposal and H.R. 2622 is the ability for all consumers to
obtain a free credit report every 12 months from each of the
three nationwide consumer reporting agencies. If this becomes
law, consumers will be more familiar with the role of the
consumer reporting agencies. Given this likely greater
familiarity, it makes sense to direct consumer disputes to the
consumer reporting agencies, which can efficiently refer the
disputes to the appropriate furnisher. We are working with the
House to resolve these concerns to ensure that we maintain a
robust, national credit reporting system and protect consumers'
interests in access to credit and other financial services,
while at the same time protecting their interest in the
accuracy and security of their information. My staff and I
would be pleased to discuss the matter further with you and
Members of the Committee.

Q.3. It's my understanding the 1996 Amendments to the FCRA gave
credit bureaus the ability to dismiss consumer disputes they
deem to be frivolous. If Congress decides to allow consumers to
register disputes directly with furnishers, should we give
furnishers the same ability to dismiss frivolous claims?

A.3. Yes. Frivolous claims should on no account be acceptable.