[House Hearing, 112 Congress]
[From the U.S. Government Publishing Office]
FIELD HEARING ON SOCIAL SECURITY NUMBERS AND CHILD IDENTITY THEFT
=======================================================================
HEARING
before the
SUBCOMMITTEE ON SOCIAL SECURITY
of the
COMMITTEE ON WAYS AND MEANS
U.S. HOUSE OF REPRESENTATIVES
ONE HUNDRED TWELFTH CONGRESS
FIRST SESSION
__________
SEPTEMBER 1, 2011
__________
Serial 112-SS9
__________
Printed for the use of the Committee on Ways and Means
_____
U.S. GOVERNMENT PRINTING OFFICE
74-006 WASHINGTON : 2011
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC
area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, Washington, DC
20402-0001
COMMITTEE ON WAYS AND MEANS
SUBCOMMITTEE ON SOCIAL SECURITY
SAM JOHNSON, Texas, Chairman
KEVIN BRADY, Texas XAVIER BECERRA, California
PAT TIBERI, Ohio LLOYD DOGGETT, Texas
AARON SCHOCK, Illinois SHELLEY BERKLEY, Nevada
RICK BERG, North Dakota FORTNEY PETE STARK, California
ADRIAN SMITH, Nebraska
KENNY MARCHANT, New York
Jon Traub, Staff Director
Janice Mays, Minority Staff Director
______
C O N T E N T S
__________
Page
Advisory of September 1, 2011 announcing the hearing............. 2
WITNESSES
Stacey Lanius Plano, Texas....................................... 5
Testimony.................................................... 7
Steve Bryson Allen, Texas........................................ 9
Testimony.................................................... 10
Deanya Kueckelhan Director, Southwest Region, Federal Trade
Commission, Dallas, Texas...................................... 11
Testimony.................................................... 13
Lynne M. Vieraitis, Ph.D. Associate Professor of Criminology,
University of Texas at Dallas, Richardson, Texas............... 27
Testimony.................................................... 30
Robert Feldt, Special Agent In-Charge, Office of the Inspector
General, Social Security Administration, Dallas Field Division,
Dallas, Texas, accompanied by Antonio Puente, Special Agent,
Dallas Field Division, San Antonio, Texas...................... 36
Testimony, Robert Feldt.......................................... 38
Testimony, Antonio Puente........................................ 46
FIELD HEARING ON SOCIAL SECURITY NUMBERS AND CHILD IDENTITY THEFT
----------
THURSDAY, SEPTEMBER 1, 2011
U.S. House of Representatives,
Committee on Ways and Means,
Subcommittee on Social Security,
Washington, DC.
The subcommittee met, pursuant to call, at 12:00 p.m., in
the Plano City Council Chamber, 1520 Avenue K, Plano, Texas,
Honorable Sam Johnson [chairman of the subcommittee] presiding.
[The advisory of the hearing follows:]
ADVISORY
FROM THE
COMMITTEE
ON WAYS
AND
MEANS
September 01, 2011
Subcommittee on Social Security
Chairman Johnson Announces Field Hearing on
Social Security Numbers and Child Identity Theft
U.S. Congressman Sam Johnson (R-TX), Chairman of the House
Committee on Ways and Means Subcommittee on Social Security announced
today that the Subcommittee will hold a field hearing on Social
Security numbers (SSNs) and child identity theft. The hearing will take
place on Thursday, September 1, 2011 in the Plano City Council Chamber,
1520 Avenue K, Plano, Texas at 12:00 p.m. Central Standard Time.
In view of the limited time available to hear witnesses, oral
testimony at this hearing will be from invited witnesses only. However,
any individual or organization not scheduled for an oral appearance may
submit a written statement for consideration by the Committee and for
inclusion in the printed record of the hearing. A list of invited
witnesses will follow.
BACKGROUND:
According to the U.S. Department of Justice, between 2006 and 2008,
approximately 11.7 million people were victims of identity theft. The
Federal Trade Commission (FTC) estimates that identity theft costs
consumers about $50 billion annually. Further, identity theft is often
used to facilitate other crimes, including credit card, document, or
employment fraud. The Social Security number (SSN) is especially
valuable to identity thieves who can use it to create a false identity
in order to open accounts or obtain other benefits in the victim's
name.
Perhaps more disturbing is the growing trend in child identity
theft. There were 19,000 cases of child identity theft reported to the
FTC in 2009, a 192 percent increase since 2003 when 6,500 cases were
reported.
Family members may use a child's name and SSN to obtain new credit.
Other criminals may obtain a child's name and SSN or use different
names and birth dates to avoid detection as businesses granting credit
may not ensure names, SSNs, or dates of birth match. In the meantime,
children of all ages whose SSNs have been compromised may discover
years later that they have a record of bad debt including years of
unpaid bills, credit card debt, or loan defaults. Recently, the FTC has
intensified its work regarding the growing problem of child identity
theft, gathering identity theft experts and law enforcement officials
for the first ever conference on child identity theft in July 2011
entitled, ``Stolen Futures, A Forum on Child Identity Theft.''
In announcing the hearing, Chairman Sam Johnson (R-TX) stated,
``Identity thieves prey on the good credit of law abiding citizens.
Social Security numbers, even those belonging to children, are often
the keys to pulling off these crimes. Taking steps to stop the overuse
of Social Security numbers and giving law enforcement better tools to
stop these thieves will help prevent identity theft and further protect
the privacy of all Americans and their children.''
FOCUS OF THE HEARING:
The Subcommittee will examine the emerging patterns of child
identity theft, the role of SSNs in these crimes and steps families can
take to help protect themselves. Legislative options to help prevent
these crimes and assist law enforcement will also be considered.
DETAILS FOR SUBMISSION OF WRITTEN COMMENTS:
Please Note: Any person(s) and/or organization(s) wishing to submit
for the hearing record must follow the appropriate link on the hearing
page of the Committee website and complete the informational forms.
From the Committee homepage, http://waysandmeans.house.gov, select
``Hearings.'' Select the hearing for which you would like to submit,
and click on the link entitled, ``Click here to provide a submission
for the record.'' Once you have followed the online instructions,
submit all requested information. ATTACH your submission as a Word or
WordPerfect document, in compliance with the formatting requirements
listed below, by the close of business on Thursday, September 15, 2011.
Finally, please note that due to the change in House mail policy, the
U.S. Capitol Police will refuse sealed-package deliveries to all House
Office Buildings. For questions, or if you encounter technical
problems, please call (202) 225-1721 or (202) 225-3625.
FORMATTING REQUIREMENTS:
The Committee relies on electronic submissions for printing the
official hearing record. As always, submissions will be included in the
record according to the discretion of the Committee. The Committee will
not alter the content of your submission, but we reserve the right to
format it according to our guidelines. Any submission provided to the
Committee by a witness, any supplementary materials submitted for the
printed record, and any written comments in response to a request for
written comments must conform to the guidelines listed below. Any
submission or supplementary item not in compliance with these
guidelines will not be printed, but will be maintained in the Committee
files for review and use by the Committee.
1. All submissions and supplementary materials must be provided in
Word format and MUST NOT exceed a total of 10 pages, including
attachments. Witnesses and submitters are advised that the Committee
relies on electronic submissions for printing the official hearing
record.
2. Copies of whole documents submitted as exhibit material will not
be accepted for printing. Instead, exhibit material should be
referenced and quoted or paraphrased. All exhibit material not meeting
these specifications will be maintained in the Committee files for
review and use by the Committee.
3. All submissions must include a list of all clients, persons,
and/or organizations on whose behalf the witness appears. A
supplemental sheet must accompany each submission listing the name,
company, address, telephone, and fax numbers of each witness.
Note: All Committee advisories and news releases are available on
the World Wide Web at http://www.waysandmeans.house.gov/.
Chairman JOHNSON. The hearing will come to order.
Back in November 1936, the U.S. Postal Service first began
issuing Social Security cards to workers. Even though Social
Security numbers were created to track earnings for determining
Social Security benefits, today these numbers are widely used
as personal identifiers.
Some uses of Social Security numbers are mandated, for
example, for income and tax-related reporting to the IRS by
employers, banks and insurance companies. Countless other
businesses use this nine-digit number as a default identifier
to facilitate the matching of consumer information. Also, many
businesses wrongly use Social Security numbers to prove an
individual is who they say they are; in other words, an
identification number.
Once a thief has someone's Social Security number, they're
often able to open new accounts, access existing accounts or
obtain other benefits in the victim's name. In fact, in their
April 2007 report, the Identity Theft Task Force created by
President George Bush identified the Social Security number as
the most valuable commodity for an identity thief. Months or
even years later, victims first learn about the crime often
after being denied credit or employment or being contacted by a
debt collector.
As we will hear from two of our witnesses today, learning
your private, personal and financial information has been
compromised is devastating. Even worse, victims must take the
lead in repairing and restoring their records.
For years victims have to prove who they are while
monitoring credit reports, arguing with collection agencies and
dealing with the IRS and Social Security about wages they
didn't earn and taxes they don't owe. Some may learn they have
a criminal record which could disqualify them for a job.
Americans are right to be concerned. According to the
Department of Justice, in 2009, ID theft claimed over 11
million victims. That's 5 percent of all adults. The Privacy
Rights Clearinghouse reports a total number of known records
that have been compromised since 2005 through last week topped
535 million.
Increasingly, identity thieves are aiming their sights on
children. There were 19,000 cases of child identity theft
reported to the FTC in 2009 a 192 percent increase since 2003.
From the criminal's point of view, children provide easy
targets since they have no debt history and no reason to check
their credit cards.
Child ID thieves may operate undetected for years until the
child applies for driver's license, credit card or jobs and
learns their ID has been compromised. In some very sad cases,
the child is a victim of a relative. In the meantime, children
of all ages whose Social Security number has been compromised
may have a record of credit card debt, mortgage default or
falsified employment.
As we will hear from the Director of the Federal Trade
Commission, Southwest Region today, the FTC has recently
intensified its work regarding the growing problem of child
identity theft, gathering experts and law enforcement officials
last month for the first time ever conference on child identity
theft.
And we will gain some insights on the identity thieves
themselves based on the research of one of our own University
of Texas at Dallas professors who will share the results of her
interviews conducted with ID thieves. Lastly, we will hear from
the local agents from the Social Security Administration Office
of the Inspector General about their successes and challenges
as they work to apprehend ID theft cases.
Congress needs to finish its work on ID theft. Previously,
bipartisan legislation has been passed by the Ways and Means
Committee to protect the privacy of Social Security numbers and
prevent identity theft. While progress has been made, because
Social Security number use is so widespread, and there are
several Committees of Jurisdiction, we have yet to reach
agreement on the right ways to limit SSN access.
In the mean time, this Committee can make progress by
removing Social Security numbers from Medicare cards. To that
end, I have introduced with my Texas colleague, Lloyd Doggett,
the Medicare Identity Theft Prevention Act.
The risk of ID theft goes far beyond the card being stolen.
Every medical record at doctor's offices, hospitals and nursing
homes has a Social Security number written on it. The fact that
millions of Social Security numbers are readily available to
identify thieves for the taking is kind of unbelievable.
The Centers for Medicare and Medicaid Services have refused
to act; and if they won't do right for America's seniors, we
will try. With the help of information gathered from our
witnesses today, we can also do what's right for children and
help protect them from ID theft.
I thank all of you for being here today and sharing with us
the information that you have. As is customary, any member of
this committee is welcome to submit an opening statement for
the record; but before we move on, I want to remind our
witnesses to limit their oral statements to five minutes. And
without objection, all written testimony will be made part of
the permanent record.
Chairman JOHNSON. We have one panel today and our witnesses
who are seated at the table are: Stanley Lanius from Plano.
Raise your hand.
Ms. LANIUS. Stacey.
Chairman JOHNSON. Stacey it is. Excuse me. I was looking
for a guy and it's a girl. Thank you for being here, ma'am. I
apologize.
Steve Bryson from Allen; and Deanya Kueckelhan, Director
Southwest Region, Federal Trade Commission from Dallas; and
Lynne Vieraitis, Ph.D. Associate Professor of Criminology in
the University of Texas, Dallas in Richardson; Robert Feldt,
Special Agent In-Charge, Office of the Inspector General,
Social Security Administration, Dallas. And Mr. Feldt is
accompanied by Antonio Puente, Special Agent from the Dallas
Field Division in San Antonio. And now we will proceed.
Ms. Lanius, welcome. You may proceed.
STATEMENT OF STACEY LANIUS, PLANO, TEXAS
Ms. LANIUS. Chairman Johnson, Members of the Subcommittee,
thank you for inviting me to testify today about my personal
experience with identity theft.
During 1986, I was a sophomore at the University of Texas
at Austin. At that time, I was using my maiden name Stacey
Rogers. An organization on campus was doing a fundraiser that
involved credit card application. There were groups of five
applications and the organization made money off of each group
of cards that an individual applied for. The cards were
MasterCard, Neiman Marcus, Sears, Zales Jewelry Store and
Dillard's. I remember.
I asked my parents if I could apply for the cards to help
my classmate with her fundraising project. My parents thought
this was a good idea so that I could start building a credit
history. Of course, they cautioned me about overusing the
cards. I completed the five applications but never heard
anything back. I was not worried. I assumed that because I was
a full-time student with limited income the companies had
denied my application.
Two years later, I made a purchase in Dillard's department
store and paid by check. The clerk denied my check and told me
I had to go to Customer Service. At Customer Service, I was
told that I had exceeded my limit on my Dillard's credit card
and was behind on my payment. I told the clerk I didn't have a
Dillard's credit card and asked to see the transactions on the
account. There were numerous transactions on the account
spanning two years.
I was able to obtain copies of the receipts for these
purchases and on one single receipt the store clerk had asked
for a driver's license so there was a driver's license number
for me. My father was an FBI agent and I asked him to run the
license and we discovered that a woman who shared my name,
Stacey Rogers, was the one who made the purchases.
At the time, there was no Internet so I drove to the credit
bureaus and requested copies of my credit report. This woman
had somehow intercepted the five credit card applications for
which I had applied two years before. She changed the address
on the accounts so that when the cards were issued, they went
straight to her. I never knew I had been approved for the
cards. My best guess at the time that was that she worked at
the business that processed the applications, saw that we
shared the name and altered the applications. She also kept my
Social Security number for future use.
On my credit reports, those five accounts were charged to
the max and were all delinquent. Additionally, she had used my
Social Security number to apply for more credit and financing.
There were thousands of dollars in charges and numerous
delinquent accounts on my credit history due to this theft of
my identity.
In 1988 when I graduated and went to work for KPMG, my poor
credit history followed me as it did for years; when I tried to
get my first apartment lease, when I tried to purchase my first
car, when I tried to actually apply for a credit card. And
someone, the other Stacey Rogers, continued to use my Social
Security number to finance everything from televisions to
surgeries.
Each time I would go to a vendor to explain the problem or
go to the credit bureaus to get the fraudulent purchases off my
credit report, I was told that I needed to prove I had not made
the purchases. How does one go about proving such a negative? I
diligently visited every credit bureau, circling the accounts I
claimed were fraudulent. The accounts stayed on my record, but
a note was added there was a claim of fraud on the account.
In 1991, I married and my legal name changed. Several years
later I finally noticed a decrease in fraudulent activity. I
now have an excellent credit rating, have successfully financed
the purchase of two homes and am free of the effects of the
identity theft. However, the stress that that caused was
tremendous occurring at a point in my life when I was just
getting started as an adult. I now guard my Social Security
number very carefully and try to check my credit on an annual
basis.
Mr. Chairman, thank you again for this opportunity to share
my story. I would be happy to answer any questions you or the
other members may have.
Chairman JOHNSON. Thank you, ma'am. We appreciate you being
here. We'll postpone the questions until everyone has
testified.
[The prepared statement of Ms. Lanius follows:]
Chairman JOHNSON. Mr. Bryson, you're recognized. Five
minutes.
STATEMENT OF STEVE BRYSON, ALLEN, TEXAS
Mr. BRYSON. Thank you, Mr. Chairman. I would like to thank
Congressman Johnson and the Members of the Subcommittee for
allowing me to tell my family's story concerning identity
theft.
A couple years ago my 17-year-old stepdaughter applied for
a lifeguard job at a church camp in a summer job in Tyler,
Texas. One of the prerequisites of this job was a simple
background check of all employees by using Social Security
numbers. This was done through the Safe Churches Project of
Safe Advantages Services, which is a member of the First
American family of companies.
My daughter submitted her Social Security number to the
church and a background check was run. A few weeks later, we
received a result of that check and were shocked to that find
her Social Security number was being used by six to seven
people in California, Nevada and Texas. In one case, two people
living at the same address in Houston, Texas were using this
number.
The Social Security number was assigned to her when she was
born February 12, 1993; and since she was a minor, there was no
reason for us to monitor or have any issue with it. Upon
learning about this number of people, my wife contacted the
local Social Security office here in Collin County and was
informed that since she was a minor, there was very little they
can help with.
I contacted a friend of mine in Tyler, Texas who's a
retired FBI agent and he said that there was very little the
Federal Government could or would do to help, and he said the
only recourse we had was to contact the various credit agencies
around the country and to send letters to the police and
sheriff's departments in the cities where these individuals
lived.
We contacted the credit rating agencies first and found
that there was very little help due to the fact, again, that
she was a minor. They did not even have her listed. At the
time, we felt that there was no help and attempts to monitor or
control. This was useless. It would cost a lot of money and a
lot of time.
It's my opinion that her Social Security number was
purchased, that these people purchase these numbers and that
most probably they were here in the United States illegally.
Identity theft is a crime whether you are buying, selling or
using the Social Security number. This is a problem that seems
to be growing daily. And I'm concerned that this is not being
made a top priority by the Federal Government.
Chairman Johnson, I have no idea how this--what definitive
impact this will have on my daughter now or in the future, but
I do feel like at some point in time this will come up. In the
mean time, there are at least six people who are out using her
Social Security number who obtain jobs, credit, loans, possibly
some type of benefits under Social Security.
Mr. Chairman, in conclusion, I do not believe that it
should be the sole responsibility of the individual who is the
victim of identity theft to attempt to correct these problems.
I thank you again for your time and the Committee.
Chairman JOHNSON. Thank you, sir. I agree with you, we need
to help you if we can. That's why we're having this hearing
today.
[The prepared statement of Mr. Bryson follows:]
Chairman JOHNSON. Ms. Kueckelhan, welcome. You may proceed.
STATEMENT OF DEANYA KUECKELHAN, DIRECTOR, SOUTHWEST REGION,
FEDERAL TRADE COMMISSION, DALLAS, TEXAS
Ms. KUECKELHAN. Thank you, sir. Chairman Johnson,
Congressman Brady and Congressman Marchant. I'm Deanya
Kueckelhan, Director of the Federal Trade Commission, Southwest
Region, located here in Dallas and actually a native Texan. I
have the privilege today of presenting the Federal Trade
Commission's remarks on child ID theft.
It is so unfortunate to hear the two stories that were just
told. We've just heard that our children do become victims of
identity theft. Identity thieves steal, deliberately steal a
child's ID. They fabricate a Social Security number
coincidentally that sometimes belongs to a child and they do
that to obtain employment, to receive government benefits or to
obtain a loan for credit. The Federal Trade Commission's 2010
Consumer Signal Network Data Book shows that Texas ranks 5th
among the states in ID theft complaints after Florida, Arizona,
California and Georgia. And that's with over 24,000 complaints
filed in the year of 2010 alone.
A non-FTC study shows that 142,000 instances of identity
fraud are perpetrated on minors in the U.S. each year. So child
identity theft is especially harmful, though, Chairman Johnson,
because it can go on so long undetected, until a child becomes
an adult and perhaps applies for a college loan or a car loan
or seeks employment.
For this and other reasons, the Federal Trade Commission
and DOJ's Office For Victims of Crime recently co-hosted Stolen
Futures: A Forum On Child ID Theft on July 12th, 2011, this
summer in Washington. We gathered panelists such as educators
or child advocates and representatives of government agencies
in the private sector as well as legal service providers and
they discussed how to deter and remedy child ID theft.
Panelists noted, among many other things, that identity
thieves steal a child's ID from schools, from businesses, from
government agencies and, unfortunately, panelists also
discussed the fact that sometimes friends and desperate family
members will use the ID of a child in hard economic times when
they have a lack of access to credit. They become desperate to
use that child's social security number in order to pay basic
services such as heat or electricity or other utilities.
Panelists also talked about sensitive health information,
particularly related to the foster care system. Panelists
stated that in the foster care system a child's information is
circulated through the Social Services network as well as in
school records which makes foster children particularly
vulnerable to child ID theft. In essence, a child's ID is a
blank slate and because of the unique qualities of child ID
theft, oftentimes makes it more valuable to steal a child's ID
than an adult's ID.
Panelists also noted, as did Mr. Bryson, that the challenge
this causes because parents don't routinely check a child's
credit primarily is that children don't have a credit history;
thus, parents have no reason to suspect a problem. One possible
solution was mentioned by a panelist from the Utah Attorney
General's Office, who described a proposed Utah initiative that
would enable parents to enroll their child in a state identity
protection program. Utah would pass the child's information on
to TransUnion, which would in turn place a high risk alert on
the child's name and information.
Panelists throughout the day stressed prevention.
Controlling and limiting access to a child's information is one
of the best ways to deter child ID theft. Panelists recommended
that parents and guardians and foster care parents challenge
routine request for their children's ID. Shall I go on?
Chairman JOHNSON. Continue.
Ms. KUECKELHAN. Thank you. Panelists also suggested that
parents learn how their children are using the Internet and
Social media because children sometimes innocently divulge
their personal information that could be used to commit ID
theft. Panelists also encouraged increased outreach to foster
care workers and directly to the foster youth, especially the
older teen foster youth who are about to enter the adult world
and exit the foster care system.
The FTC's primary goal in co-hosting Stolen Futures was to
learn more about this problem and develop messages for
outreach. The FTC has already prepared new educational
materials. I'm proud to say, they're already being distributed.
We consulted with DOE on a back to school alert. We have it
today on one of the tables upstairs. We will continue to
distribute these. And I'm happy to answer questions.
Chairman JOHNSON. Thank you, ma'am.
Ms. KUECKELHAN. Thank you.
Chairman JOHNSON. You know, a lot has started when we
started giving out numbers at birth. And, you know, I don't
know how many babies get credit, but I doubt very many of them
do, and so that's caused a lot of problems. We're looking at
that aspect of it, too.
[The prepared statement of Ms. Kueckelhan follows:]
Chairman JOHNSON. Dr. Vieraitis, welcome. Please go ahead.
STATEMENT OF LYNNE M. VIERAITIS, PH.D., ASSOCIATE PROFESSOR OF
CRIMINOLOGY, UNIVERSITY OF TEXAS AT DALLAS, RICHARDSON, TEXAS
Dr. VIERAITIS. Thank you. Chairman Johnson, Members of the
Committee, thank you for inviting me to discuss my research on
identify theft at this hearing today. By presenting the
perspectives of offenders, I hope to provide the Committee with
a more comprehensive picture of identity theft, one that may
offer suggestions of how it might be better controlled.
The 9/11 highjackers, a single mother in Texas addicted to
methamphetamine, a married father of three and college
graduate, the girlfriend of a gang member of one of the most
notorious Latin American gangs operating in the United States,
they appear to share little in common. The one thing they do
share is they were all identity thieves.
I'm often asked to describe the typical identity thief; but
as the aforementioned profiles suggest, it is difficult to
paint a portrait of a typical one. The identity thieves we
spoke with came from all walks of life and had diverse criminal
histories. Their backgrounds ranged from upper to lower class,
the unemployed to employed, from day laborers to professionals,
middle school drop-outs to college graduates and from those
with lengthy criminal histories to first-timers.
We found that some thieves worked alone while others were
involved in teams of up to 30 members. Some were fueled by
their addictions to illegal drugs while others simply wanted to
live above their means or meet day-to-day living expenses. The
diversity in their backgrounds and current lifestyles
influenced the ways in which they chose to carry out their
crimes.
So how do they steal information and what do they do with
it? Those who worked alone typically used personal information
of others to open credit card accounts or secure bank loans. In
some cases, they used information available to them from their
place of work. In some cases they used the information of
family members, including their own children and friends. Other
thieves used more sophisticated and elaborate schemes to dupe
strangers into revealing their information. For example, one
set up a fake employment site with applicants willingly
supplying their information.
The majority of the identity thieves we interviewed
operated in teams. Street level identity theft rings, or SLIT
rings for short, relied on numerous methods to steal and
convert information. Some rings paid employees of companies to
get information on clients or customers. Others targeted
residential and commercial mailboxes, but most SLIT rings
bought their information from another street-level criminal who
was typically engaged in drug sales, robbery, burglary or other
street crimes who sold the information to the ring leader. This
information included driver's licenses and Social Security
cards stolen from homes or cars. Some ring leaders claim that
acquaintances, friends and family members provided their
information in exchange for a fee.
After stealing a victim's information, offenders applied
for credit cards in the victim's names, opened new bank
accounts, deposited counterfeit checks, withdrew money from
existing bank accounts, applied for loans and opened utility or
telephone accounts.
Such transactions also require some form of official
identification. To produce these documents, teams recruited
employees of state or federal agencies with access to Social
Security cards or birth certificates which were then used to
order identification cards. They were also able to manufacture
false cards using rogue employees of state departments of motor
vehicles or other street hustlers who had managed to obtain the
necessary equipment.
Members of occupational teams use their legitimate place of
employment to steal information and convert it to cash or goods
acting almost exclusively with fellow employees to commit their
crimes.
In addition to the question of how they do it, I'm often
asked why they do it. The simple answer: It's quick and easy
money. But the answer is more complex.
What we found when we spoke to offenders was that they
engage in identity theft because they see it not just as
financially rewarding but emotionally rewarding as well. They
believe it to be relatively low in risk and find it easy to
justify or excuse their actions. In short, they perceive the
rewards to be high and the risks low.
The identity thieves we spoke with were confident in their
ability to profit from their crimes and to avoid detection;
despite the fact we were speaking to them while they were
incarcerated. Most didn't focus on the risks of crime, but all
actively engaged in strategies to reduce the likelihood of
detection by victims, law enforcement and financial
institutions, including reducing the number and amount of
transactions they conducted per identity. They selected certain
times, persons and places to cash in and tried to blend in as
much as possible.
The crime of identity theft includes the acquisition of
information as well as the use of that information. But there
are several points along that crime continuum that can be
addressed with policy. The challenge for policy makers and law
enforcement is identifying policies and strategies that can
target these weak points while at the same time allowing
business and customers to conduct transactions.
Several suggestions for prevention are provided that draw
upon several well known situational crime prevention
techniques. Each of these strategies is more effective when
they can be catered to highly specific forms of identity theft,
for example, child identity theft versus adult and identity
theft committed by loaners versus those committed by SLIT
rings.
We must increase the effort and risk of obtaining
information. We need to continue to promote awareness of
identity theft and educate citizens on how to protect that
information, and we may need specific guidance for parents to
protect their children. We need to educate consumers on what to
do when their identity is stolen and when it's used and
encourage them to report to law enforcement. The National Crime
Victimization Survey indicates that only 17 percent of the
victims in their study reported it to law enforcement. We need
to reduce unsafe business practices. Institutions that have
data on children, including hospitals and schools should be
particularly vigilant and we need to provide alternatives to
agencies dealing with special populations, such as children in
the foster care system.
We need to increase the effort and risk of converting
information. Systems should be in place to verify and alert
credit granting agencies and employers who verify employment
eligibility that a Social Security number is issued to a person
under the age of 18.
Chairman JOHNSON. Can you summarize?
Dr. VIERAITIS. I'm sorry?
Chairman JOHNSON. Can you summarize? Your time has expired.
Can you summarize?
Dr. VIERAITIS. Yes. Increase the risk of getting caught.
Very briefly, what we need to know, identity theft and perhaps
child identity theft in particular poses a challenge for law
enforcement. We need to know more about identity theft and
those who commit it and be better and more consistent in
measures of identity theft and fraud, specifically frauds that
target children.
We need more systematic data collection from agencies
responsible for personal information, agencies that use it, law
enforcement agencies and from victims and from those who know
most about how and why identity theft occurs, the identity
thieves themselves. Thank you.
Chairman JOHNSON. Thank you.
[The prepared statement of Dr. Vieraitis follows:]
Chairman JOHNSON. Mr. Feldt, I understand you and Mr.
Puente are going to share the time.
Mr. FELDT. Yes, sir.
Chairman JOHNSON. Thank you. You may proceed. Thank you.
STATEMENT OF ROBERT FELDT, SPECIAL AGENT-IN-CHARGE, OFFICE OF
THE INSPECTOR GENERAL, SOCIAL SECURITY ADMINISTRATION, DALLAS
FIELD DIVISION, DALLAS, TEXAS, ACCOMPANIED BY ANTONIO PUENTE
SPECIAL AGENT, DALLAS FIELD DIVISION, SAN ANTONIO, TEXAS
Mr. FELDT. Good afternoon, Chairman Johnson, Members of the
Subcommittee. My name is Robert Feldt. I'm the Special Agent
In-Charge for Social Security OIG's Dallas Field Division,
which handles Social Security fraud investigations in Texas and
four other states. Thank you for the invitation to testify
today.
According to identity theft experts, identity thieves
target child Social Security numbers because a child's SSN is
usually issued at birth and not used for credit purposes for
about 18 years. This allows for the potential long-term
undetected abuse of a legitimate SSN, and the potential long-
term harm to a young person's financial future.
We in the OIG appreciate the concern your Subcommittee has
for families and their children with regard to identity theft,
and we pursue as many SSN misuse cases as our resources allow.
We receive thousands of SSN misuse allegations each year. Our
agents participate in SSN issues task forces across the country
investigating identity theft, as well as mortgage, bankruptcy
and benefit fraud.
In fiscal year 2010, we had more than 400 SSN misuse cases
that resulted in criminal conviction. Some of our most
fulfilling cases are those that lead to the arrest of an
individual who used someone else's SSN to collect Social
Security benefits, because we're able to repair a person's
identity and recover stolen agency funds.
Our agents have also recently reported a relatively new SSN
issue scheme involving credit privacy numbers, or CPNs. These
nine-digit numbers are sold by dishonest organizations usually
on the Internet, to individuals with poor finances, with the
promise the numbers will allow the individuals to create a new
credit file. But consumers should know CPNs are not legal
identification numbers. In fact, they are usually stolen SSNs,
particularly those belonging to children, for the reasons I've
mentioned.
Our investigative and audit work has taught us that the
more SSNs are used in day-to-day transactions, the higher the
probability these numbers can be stolen and used to commit
crimes. We've made many recommendations to SSA related to SSN
integrity, and we support this Subcommittee's efforts to limit
the use and display of the SSN. That information is detailed in
my written statement for the record.
In conclusion, OIG's investigators are committed to
pursuing SSN misuse and identity theft cases. Our auditors and
attorneys will also continue to make recommendations to your
Subcommittee and to SSA to improve the integrity of SSNs,
especially those belonging to children.
Thank you again for the invitation to testify. I will yield
my remaining time to Special Agent Antonio Puente.
[The prepared statement of Mr. Feldt follows:]
Chairman JOHNSON. Mr. Puente.
Mr. PUENTE. Good afternoon, Chairman Johnson and Members of
the Subcommittee. My name is Antonio Puente and I'm a Special
Agent in SSA OIG's Dallas Field Division working out of the San
Antonio office. Thank you for the invitation to testify.
Identity theft is prevalent in Texas for several reasons.
First, the Pew Hispanic Center estimates there are about 1.65
million unauthorized immigrants in Texas. These individuals may
seek other's personal information, like Social Security
numbers, for reasons such as gaining employment and applying
for government benefits.
Also, identity thieves have relatively easy access to
other's personal information. Many fraudulent vendors offer
stolen or fabricated identity documents for a fee. I want to
share a recent identity theft case that my office and other law
enforcement agencies investigated near Austin.
Last year, Pflugerville police learned that care takers in
an area nursing home might have submitted false identity
documents to gain employment. We verified SSNs of 43 employees
suspected of submitting fraudulent personal information. The
search revealed that 28 of the employees did, in fact, misuse
an SSN. Twenty-three people were arrested. All of them pleaded
guilty to buying a Social Security card from an unknown
document vendor in the Austin area. In June, they were fined
and sentenced to time served.
The Department of Homeland Security identified these
individuals as Mexican nationals unlawfully present in the
United States, and they are currently in deportation
proceedings. Before this investigation, the nursing home did
not use Homeland Security's eVerify system to determine the
employee's eligibility to work in the United States. I met with
corporate officials and provided instructions for using the
eVerify system.
Also, the investigation revealed seven of 28 fraudulent
SSNs belonged to children. The case shows that it's critical
for parents to protect their children's Social Security cards
and monitor their SSNs. In closing, I want to thank the many
law enforcement agencies that contributed to this
investigation, especially the Pflugerville police.
Thank you for the invitation to testify, and we'll be happy
to answer your questions.
Chairman JOHNSON. Thank you, sir.
Mr. PUENTE. Yes, sir.
[The prepared statement of Mr. Puente follows:]
Chairman JOHNSON. We're trying to push E-verify into all
companies now, and I hope that makes a difference. I don't know
if it will or not. Because they don't all use it right, you
know that.
Mr. PUENTE. Yes, sir.
Chairman JOHNSON. As discussed, the time for each round of
questions, I will limit my time to five minutes and ask my
colleagues to also limit their questions to five minutes and
any remarks that you care to make will be entered in the
record.
Mr. Bryson and Ms. Lanius, were either of you aware of the
crime of identity theft when you or your family became victims?
Mr. BRYSON. No, sir, I was not.
Ms. LANIUS. No.
Chairman JOHNSON. And had you heard of any precautions that
you needed to take to protect your family's Social Security
number.
Ms. LANIUS. No.
Mr. BRYSON. No.
Chairman JOHNSON. No one advised you of that? Did both of
you know where to go for help once you knew it occurred?
Mr. BRYSON. No.
Chairman JOHNSON. How did you find out, either one of you?
Ms. LANIUS. I talked to the police and they told me there's
really nothing that could be done because I had to prove I
hadn't made those purchases. And I drove, because back then
there was no Internet, to all the credit bureaus, and I had to
drive to all the vendors begging them to stop reporting these
purchases under my Social Security.
Chairman JOHNSON. And they wouldn't help you?
Ms. LANIUS. No one would help, no. The burden was on me and
no one--no one would help. There was no place to go.
Chairman JOHNSON. Do the credit guys help now?
Okay. Thank you, Ms. Lanius. What did you do finally to
prove that you didn't make these purchases? How did you finally
get out from under that?
Ms. LANIUS. I did not. I could only circle the items on the
credit report that I was claiming were fraudulent. The credit
agency at that time would put a note under those saying that
the person--the account had claims this was a fraudulent
purchase, but they still stayed on my report for seven years,
and it still went into my credit rating for seven years. And
that was the only thing I could do. I did speak to the doctor's
office who called me to collect on a surgery she had had.
Chairman JOHNSON. Wow.
Ms. LANIUS. And they said all I could do was go in and
prove by examination that he hadn't operated on me, and I was
wasn't going to do that. So the surgery went on my credit
history as well.
Chairman JOHNSON. That's almost insurmountable. I don't
understand that.
Agent Feldt, would you explain what steps Social Security
employees are instructed to take to help victims?
Mr. FELDT. Yes, sir. SSA has processes in place to assist
victims of identity theft. SSA personnel will work with
identity theft victims to do several things. First, SSA will
review the earnings reported under the SSNs and correct the
record, if necessary.
Chairman JOHNSON. Well, but in her case they didn't do it.
Was Social Security not working at that point in time?
Mr. FELDT. These policies were probably not in place at
that time.
Chairman JOHNSON. Okay.
Mr. FELDT. That's correct.
Chairman JOHNSON. So you're saying this couldn't happen
again.
Mr. FELDT. I would not be bold--so bold as to say that.
Chairman JOHNSON. Okay.
Mr. FELDT. They also have a few other procedures in place
to help individuals if they've lost a card to retain a
replacement card, and also to provide information to victims
about the FTC and help they can provide. Also, although it's
not an item that's used very often, they will take an
application for a new Social Security number. However, the
victim must prove they've been harmed in that situation.
It is frowned upon to do that because ultimately if that--
if that step is taken, the Social Security numbers and the
record will come together in time through the credit bureaus.
So that's not very effective and it's discouraged. And lastly,
employees will develop aspects of fraud in the matter and
potentially refer it to the OIG for investigation.
Chairman JOHNSON. Thank you.
Mr. FELDT. Yes, sir.
Chairman JOHNSON. I think my time's expired.
Mr. BRADY. Chairman, thank you very much for holding this
hearing. For the audience, from the first day I got to
Congress, Chairman Johnson was an early and very vocal
proponent regarding our Social Security ID numbers and shining
a light on identity theft, so thank you. I had no idea the
amount of child identity theft was occurring before you
scheduled this hearing and as a parent to young boys, I'm more
nervous than ever as a result.
One of my frustrations on this committee and on these
hearings has been how rare it is to--for an identity thief to
be apprehended and prosecuted. It seems each week I pick up the
newspaper, I see prosecution of Medicare frauds, securities
fraud, consumer fraud. I can't remember the last time I saw a
report of identity theft actually have been prosecuted.
Ms. Lanius and Mr. Bryson, you both contacted law
enforcement, I assume not satisfied with the result of that
contact. So I wanted to ask Ms. Kueckelhan and Mr. Feldt, you
know, give us perspective. What are the chances in America that
an identity thief will be apprehended and prosecuted?
Ms. KUECKELHAN. Congressman Brady, I can say the Federal
Trade Commission, since 2001, has brought 34 data breach law
enforcement actions and that is where massive breaches of
Social Security numbers have occurred. And we will continue to
bring those types of law enforcement actions.
I'm also pleased to mention that we have brought the first
mobile app misrepresentation case, filed on August the 15th.
It's the first such case that a federal agency has brought. We
brought it against a mobile app provider who obtained
children's information and used that information and
distributed it without the parents' consent.
So we in our law enforcement area, if you're asking about
that, we work more from the data breach than the bigger
perspective. We also provide education and support to legal aid
entities who represent ID theft victims. The FTC provides them
with sample affidavits and letters, assistance on what to do,
what steps to take.
Mr. BRADY. Can I ask you, in these cases, there wasn't a
data breach, so the Federal Trade Commission would not--is not
or would not be pursuing cases that affected Ms. Lanius and Mr.
Bryson.
Ms. KUECKELHAN. We do not represent one individual in a
private case. For a misrepresentation case, we look for a
pattern and practice and that's why we take on the large data
breach cases. Generally speaking, individual ID theft victims
are assisted by legal aide representatives. In addition, the
FTC provides consumer materials and online information for self
help, including assistance with affidavits and letters.
Mr. BRADY. Mr. Feldt.
Mr. FELDT. Yes. We--as far as challenges, there's----
Mr. BRADY. What are the chances in SSA's view that someone
who commits this crime will be apprehended and prosecuted?
Mr. FELDT. We work cases every year as an organization in
which folks are apprehended.
Mr. BRADY. And I'm not being--I'm just trying to get a
perspective.
Mr. FELDT. Yes, sir.
Mr. BRADY. Would it be fairly rare.
Mr. FELDT. I don't know what the percentage would be of
allegations of SSN misuse that actually result in a conviction.
But I would agree with you that it would be--it is rather rare.
There's a lot of misuse of Social Security numbers going on
that ultimately is not prosecuted.
Mr. BRADY. What more can be done? Clearly Congressman and
Chairman Johnson focus on prevention early on in protecting the
integrity of these numbers, but, you know, what needs to be
done? New laws? New resources? I don't know.
Ms. Lanius, did they ever apprehend this Stacey Rogers?
Ms. LANIUS. No.
Mr. BRADY. Never. Did they--Mr. Bryson, any of the six or
seven or eight, do you know of----
Mr. BRYSON. No, sir.
Mr. BRADY. What do we need to do.
Mr. FELDT. Number one, doing anything we can do to prevent
the disclosure of Social Security numbers and any enhancements
that can be made, we would support. And additional resources
can always help. To have more feet on the ground to investigate
identity theft, would be a good thing.
Actually, so many of the cases that are prosecuted, they
will start at the local level in which they start with a local
complaint to a police officer, and then you have jurisdictional
issues in many times. And we get referrals from local police
offices and at the local level that many times result into
federal convictions.
Mr. BRADY. Dr. Vieraitis, did the folks that you
interviewed, did they--as they were committing the crime, did
they think they were gonna get away with it?
Dr. VIERAITIS. They were very confident in their abilities
and they thought they would get away with it. And even though
we spoke to people who were sitting in prison, so clearly they
did not get away with it, they blamed their capture on outside
things they deviated from the plan, dumb luck on the part of
law enforcement, or they were working with others who got
caught up in the trafficking.
Mr. BRADY. The times I--and I appreciate that, FTC, Social
Security ID, get frustrated. I wish we'd spend a little less
time pursuing celebrity sports cases and a little more time as
a government focusing on identity theft. I think we'd actually
help a lot more people.
Ms. KUECKELHAN. Congressman Brady, the Federal Trade
Commission has civil authority. We have no criminal authority.
Chairman JOHNSON. Well, that's true, so can you answer the
question for me: How many of those cases were children below
the age of, let's say, 18.
Ms. KUECKELHAN. The data breach numbers?
Chairman JOHNSON. Yeah.
Ms. KUECKELHAN. I don't have those numbers. And also, it's
important to note on the 192 percent that you stated, Chairman
Johnson, although that is an accurate percentage of the
increase in child identity theft complaints for which the
person reporting completed the field that ask for the victim's
name, many consumers do not disclose the victim's age.
Therefore, that is not based on a scientific survey. It is
instructive, but not scientific.
On our complaint system there is a field that ask for the
child's age at the time that they were victims. Many of those
that report do not include an age.
Chairman JOHNSON. They don't fill it out.
Ms. KUECKELHAN. No, sir.
Chairman JOHNSON. How about, Feldt, do you know what
percentage are under the age of 18 when they're stolen.
Mr. FELDT. I'm sorry, I do not know the number. We can sure
get that back to you.
Chairman JOHNSON. We give SSNs to them when they're born
nowadays for goodness sake and I'm telling you, I don't know of
a baby in the world that's gonna go and check his credit.
Ms. KUECKELHAN. Chairman Johnson, of those that did report
an age in 2010, over 24,000 were under the age of 19.
Chairman JOHNSON. Okay. Well, that's a good statistic.
Thank you very much. Mr. Marchant.
Mr. MARCHANT. Thank you, Mr. Chairman, for the opportunity
to participate in this hearing. I have a formal statement I'd
like to submit to the record. I also would like to submit to
the record a Wall Street Journal story that was written this
week, August 27, about a family in Dallas who had had their
children targeted by identity thieves. So it's a very timely
article, and it's about a local family.
What got me interested in this was a case that came into
our congressional office about a family who had applied for
this Social Security card for an infant, a new-born infant. And
I know my son, when his children were born, he--one of the
first things he did was he applied for a Social Security card.
And this family that I represent applied for their Social
Security card.
And after a while, they had not received it so they began
to look into why they had not received it, and then they were
contacted by the police who were doing a very good job, and
they notified them that, in fact, the Social Security card had
been removed from their box out in front of their house. So
they were harvesting the mail in this neighborhood.
They got the Social Security card. They began to use it.
And only through that mechanism did this family find out not
only, you know, here's why you didn't get your card; but that's
one bad news. The next part of the bad news is your child was
already very deeply in debt and has a very bad credit rating,
even though they haven't achieved their first birthday.
So we began to work on some legislation. With the
Chairman's permission, we will pursue the legislation when we
get back to Washington. And the objective of our legislation
will be, first of all, to come up with a more secured delivery
system of that first Social Security number. I think that in
itself would cut down a lot of the abuse and fraud of not
putting that in the mailbox when we have the ability to get a
secure number over the Internet. There are a lot of ways to
secure this valuable number without having it put in your post
office box.
The second thing we would like to accomplish is when you
have a card issued to an infant and if it's brought to the
Social Security Administration's attention that that has
already been stolen and compromised, there needs to be a
standard process of issuing a new number to that infant or
child. There also needs to be a standard system where that old
number goes into the Social Security system and is flagged. And
if there's any activity on that number, any income activity, a
big red flag needs to just pop up. And you'll have an immediate
printout of here of your fraud cases.
I mean, that to me, that is just a mechanical process that
can be done. Then I think you can come to Congress and say,
okay, here's our list. Give us the boots on the ground to just
go enforce this law. I don't see any mechanism on the books now
to even to accomplish this process. So we're gonna try to help
you with permission from the Chairman. We're gonna try to help
you with that system.
And then I think that we have to notify parents somehow or
another when they apply for a card for a minor, they need to
get some immediate information back from the Social Security
Administration. When they get that number, they need to
immediately be apprized of the problems that they're going--
that they can have and the importance of it.
It's almost a gift to the criminal world the way that we
operate this system. And if there was somebody in this audience
today that was trying to learn how to easily get into this
system, I think they have a pretty clear roadmap of how to do
it. They have a pretty clear roadmap of the very rare odds of
them being apprehended and how very lucrative this can be.
We can do this. We've got super computers. We've got
dedicated people in the field that are willing to enforce this.
We've got parents. We've got agencies who are willing to solve
this. I think it's incumbent on our Committee, Mr. Chairman, to
give them the tools and the direction they need.
Chairman JOHNSON. Thank you. I think we're looking at that
for starters--why do we give babies at birth a Social Security
number? I'm kind of in favor of stopping that. We've discussed
that a little bit yesterday.
Mr. FELDT. Yes, sir.
Chairman JOHNSON. Thank you. Dr. Vieraitis, you've done
some interesting work in reviewing ID theft criminals and from
that research, what approaches did they use to commit the
crimes?
Dr. VIERAITIS. How much time do I have.
Chairman JOHNSON. Not too much. Try to synthesize it.
Dr. VIERAITIS. All the ways that you hear about, they use.
They will steal from mailboxes. They will target dumpsters
outside businesses such as insurance companies or schools that
don't properly dispose of their data or files. They pay company
employees, American Express or Visa or home mortgage companies.
They work with other street offenders who are involved in
drug sales who know drug addicts who are willing to sell their
own information in exchange for money.
Chairman JOHNSON. Well, when you say they pay employees of
American Express or Visa or somebody, what do you mean?
Dr. VIERAITIS. They just happen to know someone who's
working there. In exchange for money, the employee will give
them information of people in their data base.
Chairman JOHNSON. So those credit companies have been
cooperative.
Dr. VIERAITIS. There have been employees of credit
companies, yes, that have sold information.
Chairman JOHNSON. Have you run into that.
Dr. VIERAITIS. Yes.
Chairman JOHNSON. Mr. Feldt.
Dr. FELDT. Yes, sir.
Chairman JOHNSON. Okay. Well, where do you think that we
might go next to try to stop this other than stopping a number
at birth.
Dr. VIERAITIS. I think that the FTC has done a fabulous job
educating consumers and potential victims on how to protect
their data. I don't know if the majority of people get that
information. There are probably people who simply don't know
and aren't aware of it. So constantly increasing awareness of
it and encourage people to report.
People don't report to law enforcement; and if people don't
report to law enforcement there's not as much we can do if we
know about all of it. Most people--and I know this doesn't
apply to you. Your cases were more severe. Most people resolve
it within one day because most of it has to do with credit card
fraud and the fraudulent use of credit cards.
So the good news is that for most people it's fairly easily
resolved, and it's gotten much better and faster to resolve
because of policies of the FTC and also Congress passed major
legislation, for example taking credit card numbers off of
receipts and other things like that.
Chairman JOHNSON. When you find out somebody in a credit
card company is doing that kind of thing, do you report it to
the authorities?
Dr. VIERAITIS. The company should report it to the
authorities.
Chairman JOHNSON. But are they doing it?
Dr. VIERAITIS. I don't know.
Chairman JOHNSON. How do they find out? How does the
company find out if someone's----
Dr. VIERAITIS. Through law enforcement investigations.
Chairman JOHNSON. So they can go a long time without
finding out about it.
Dr. VIERAITIS. Yes, they could.
Chairman JOHNSON. Okay. Thank you very much. Ms.
Kueckelhan, what legislation could we pass to stop ID theft in
general, but children's ID theft in particular? And you know
we're looking at trying to stop the hospitals from giving them
at birth. Would that help you think?
Ms. KUECKELHAN. Chairman Johnson, may I address the
doctor's comments about the----
Chairman JOHNSON. Sure.
Ms. KUECKELHAN [continuing]. About the theft with the
companies.
Chairman JOHNSON. Please do.
Ms. KUECKELHAN. The Federal Trade Commission has the red
flags rule, and the red flags rule is--one of the requirements
is that a company develop internal standards of data security,
in other words, minimize access within. And there's a variety
of steps that's recommended that businesses take. So the red
flags rule if a company, if it applies to them--it doesn't
apply to every type of company. Some are exempt. But that would
help to set measures in place. Again, not 100 percent full
proof, but it should help in that regard if companies did
follow it.
The Federal Trade Commission has previously recommended
changes in the National Consumer Authentication Standards. Just
as you stated, Congressman Johnson, SSN is used across the
board as an identifier. Following suggestions from our forum,
we'll continue to look at child ID theft issues that we should
work with Congress on for changes.
Chairman JOHNSON. Thank you.
Mr. BRADY. Now, Ms. Kueckelhan, thank you for I understand
FTC's very informed forum on the emergent problem of child
identity theft, so I appreciate you bringing those experts
together and those folks. You know, I want to ask you a
question and I want to ask Dr. Vieraitis and Mr. Feldt follow-
up on Chairman Johnson's question about what changes in law
does Congress need to make to either protect people from
identity theft or create more tools to apprehend and prosecute.
But from the FTC standpoint, do you publicly identify
companies that are more prevalent in allowing their data to be
breached or--where there are red flags that occur on a regular
basis? Do we as a public, are we privy to the information about
which companies do a poor job or are more likely to be--our
identity is more likely to be breached with doing business with
them from a transparency standpoint?
Ms. KUECKELHAN. I don't know that it's a transparency
issue, but unlike an entity like the BBB that has ratings and
reports online that would be available to the public; when a
consumer files a complaint with the Federal Trade Commission,
that is confidential as to the public. The public doesn't have
access.
But we do open and welcome other law enforcement agencies
to become--have the right credentials to access our database
system so that we are the repository for many complaints and ID
theft being one of those types and accessible to all so that
even when the criminal authorities working on the individual
identity theft side, they have access to our database.
Mr. BRADY. If it's a government agency whose data is
breached or government officials who are selling those or
providing the information for thieves, who handles those types
of cases?
Ms. KUECKELHAN. I'm not sure I understand your question.
Mr. BRADY. You pursue on the civil side when companies have
data breaches that are potentially dangerous for identity
theft. So who pursues those when it's government agencies that
the data's breached or employees are providing that
information.
Ms. KUECKELHAN. Well, from the consumer's perspective, the
misrepresentation takes place when a company represents that
their security policies have certain qualities that they don't
and that misrepresentation gives rise to our authority in the
Federal Trade Commission Act.
Mr. BRADY. Dr. Vieraitis and Mr. Feldt, what can Congress
do to help better protect individuals, and what needs to be
done to significantly increase the prosecutions?
Mr. FELDT. I'd be happy to speak first. Any legislative
provisions that would limit the collection, use or disclosure
of Social Security numbers would greatly help our efforts.
Mr. BRADY. But Chairman Johnson's legislation would be a
good place to start.
Mr. FELDT. Exactly it's a very good place to start; as well
as enhanced penalties. As your studies have found, the risk
just appears to be worth taking for these sophisticated
criminals. Some of----
Mr. BRADY. Do you know what these punishments range?
Mr. FELDT. Well, for a first time offense, it potentially
could be a six month probation or up to a year in prison. But
we're not talking about four, five, six years in prison for
many white collar crimes.
Ms. KUECKELHAN. Congressman Brady, on the civil side when
we have pursued those statutory wrong on the civil law
enforcement against companies that misrepresented their set--
security policies, we have ratcheted up the so-called merchant
provisions and some of those are up to 20 years.
Mr. BRADY. On the prosecution criminal side, where there is
low risk of apprehension and prosecution and you're saying that
the penalties aren't very stiff for----
Mr. FELDT. For first offenders. As you spoke about, many
are first time offenders and without, you know, a major
criminal history on the federal side, typically, the penalties
are not great for----
Mr. BRADY. Doctor, what kind of sentences were there for
those you interviewed, and what were their sentences?
Dr. VIERAITIS. Those we interviewed ranged from a minimum
of 12 months to 30 years.
Mr. BRADY. Were they first time offenders generally?
Dr. VIERAITIS. Some of them were first time offenders and
they did receive a significant penalty. They all thought that
they would get much less and most perceived the penalty would
be probation, and they were hit much harder than they thought.
So there's a perception----
Mr. BRADY. Because these were federal prosecutions?
Ms. VIERAITIS. Likely because they were federal
prosecutions. Local prosecutors sometimes kick them up to the
feds because they have more resources or it's a federal crime.
It's crossed states lines. There are a lot of issues with
jurisdictions. It makes it very difficult for law enforcement
to take the report and also do something about it.
But any legislation that will reduce the use of Social
Security numbers on Medicare cards, Medicaid cards, foster
children would certainly help; but I would like to say that in
terms from the offender's perspective, the riskiest part for
them of that whole crime is walking into a bank or walking into
a store and cashing in on it.
So getting the number is easy; but the riskiest part for
them, the one that causes the most stress and the part where
policy would be good to target, is making it impossible for
them to cash in on it. And the credit card companies and the
businesses have but need to do more to protect consumers from
that.
Mr. BRADY. Any chance of that risk go down even more if
they steal a child's Social Security number?
Dr. VIERAITIS. I think the eVerification system and any
system that can alert the credit card company, the bank,
anywhere you're trying to use it that says this number belongs
to a person under the age of 18, and the person applying for it
claims that they're 40. It doesn't match up. Some sort of
system.
And I believe this was brought up at the FTC conference
this summer. Some sort of verification to link that number to a
child so that the offender can't use it to apply for a home
loan because no 12-year-old is applying for a mortgage.
Mr. BRADY. Well, not as many anymore prior to 2008. But we
fixed that so. Chairman, I went over time.
Chairman JOHNSON. That's all right. Thank you, Mr. Brady.
Mr. MARCHANT. During the last year, we at our congressional
office has become very proactive in going into senior centers
and going into libraries and having identity theft seminars. We
thought that maybe 20 people would show up. Sometimes 20, 30
people show up in that kind of seminar. We are having
incredible turn-outs. And we appreciate the help that we have
received from several of the agencies in doing this. We're
having hundred, 120 people show up at these identity theft
seminars. So it's a big issue.
And the people that are most afraid of it now seem to be
the seniors. And I'm beginning to detect that maybe we should
have a seminar or public meeting with young families and young
couples and begin to tell them before they have a teenager,
what's happening to you folks has happened.
So the other thing that I would request from all the
agencies is a liaison, a specific liaison person that the 535
members of Congress have so that we have this kind of a case
coming into our office that we will be able to say, okay, we
can call this person at these agencies and get a direct liaison
and get a very practical step-by-step thing that we can do to
help that constituent because by the time we get to talk to
constituents, many times they are very frustrated. A lot of the
damage has already been done. And we feel very frustrated when
they come to us and everything's happened and the police have
said there's nothing we can do. The District Attorney in many
instances has said there's nothing we can do. And by the time
they get to us, they're pretty frustrated. So if we can have a
direct person that we could contact, it would be very helpful.
And then again I'd like to thank the agencies that have
come out and help us with our identity theft seminars. They are
very popular and for the first time we feel like we're trying
to make people aware.
I would like to ask Mr. Puente, when you go out and you
have a case in your hands, is there a typical offender that you
will find when you get out the case in your hand?
Mr. PUENTE. Yes, sir. And just so you'll know, my area of
responsibility runs all the way down the Rio Grand Valley, so
from Brownsville all the way up to Laredo and Corpus, the San
Antonio area. So typically I'm looking for individuals who are
undocumented aliens; and when I have an identity theft case in
hand, that's the first place I start.
In most cases, and I've been doing this almost 10 years,
the trends that I've seen in Texas that have shifted towards
U.S. citizens selling their documents to the document vendors,
the parent selling their children's documents. And these
undocumented aliens are buying these documents in Mexico
because it's cheap.
Another thing that I have found is some document vendors
are just making the nine-digit number up. Everybody knows that
the Social Security number is nine digits. It doesn't matter
what it starts with or it ends with; but everybody knows that
you have to have that nine-digit number to get a job, to get an
ID, to get a credit card. Everybody knows that.
And in the case that I worked in Austin, all the defendants
that we debriefed, they said the same thing: I didn't care what
it looked like as long as it had nine digits and I could get a
job. And they were paying $50 to $100 in a flea market in
Austin. So that's what I'm looking for.
Mr. MARCHANT. Okay, thank you.
Chairman JOHNSON. So what you're telling me is this number
that the IRS gives out, which is nine digits, for people who
don't have a Social Security number or ID, it wouldn't matter
to the vendors down there.
Mr. PUENTE. No, sir. In fact, in this particular case, we
had two of the defendants that actually had a tax ID number
that they were using.
Chairman JOHNSON. As a Social Security number.
Mr. PUENTE. Yes, sir. They had counterfeited a Social
Security card with that tax ID number on that Social Security
card.
Chairman JOHNSON. Well, how is that getting through the
system?
Mr. PUENTE. The facility that they were working at did not
verify any of the Social Security numbers, any of them. So
these employees were just able to fill out applications.
Chairman JOHNSON. So using E-verify might work to stop
that?
Mr. PUENTE. It does work. It absolutely works, yes, sir.
Chairman JOHNSON. Mr. Brady has one more question.
Mr. BRADY. Well, one, I wanted to thank you Chairman for
holding this hearing. This is obviously a problem growing by
the minute and it's critical that we're aware of it. Secondly,
these panelists have really given us great insight and I want
to thank you for that. For the parents in the crowd today and
parents learning about this problem, can I ask, what is the one
or two most important things we can do to protect our families
and our children from identity theft?
VOICE. Don't give out your number.
Chairman JOHNSON. Don't everybody speak at once.
VOICE. When you're asked to give your Social Security
number, refuse to give it.
Mr. BRADY. Can I ask our panelist from your studies and
prosecutions and interviews, what can we do as parents?
Dr. VIERAITIS. I would agree with what he just said. I
don't memorize my daughter's security numbers. I don't carry
their cards with me, and I never give the numbers out, ever.
There are always blanks on forms for it and I just refuse to
give it out. And also check. I know if you call a credit card
company and run the number, it might not pop up. It will pop up
`file not found', but that doesn't mean it's not being used.
I would imagine the Social Security Administration would
be--Mr. Feldt--would be the place that you would need to check.
If you're concerned about it, check.
Chairman JOHNSON. Thank you, Mr. Brady.
Mr. BRADY. Thank you, Chairman.
Chairman JOHNSON. Again, I want to thank y'all for being
here, especially Ms. Lanius and Mr. Bryson for sharing your
personal experiences. Thank you so much. I also appreciate
hearing the views of those of you on the front lines fighting
identity theft, Ms. Kueckelhan and Feldt and Puente. And Dr.
Vieraitis your testimony is the first time the Subcommittee has
had an opportunity to examine the crime of identity theft from
the thieves themselves. Thank you for your important research.
And all of your testimony will help us do what's right to stop
the misuse of Social Security numbers and prevent identity
theft.
We're gonna work the problem, and I can tell you that all
three of us are interested in resolving it and making this
great America a better place for all of us to live. Thank y'all
for being here. The committee is adjourned.
[Whereupon, the subcommittee was adjourned.]
Member Submissions For The Record:
�