[Congressional Record Volume 147, Number 113 (Tuesday, September 4, 2001)]
[Senate]
[Pages S9078-S9079]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]

      By Mrs. FEINSTEIN (for herself, Mr. Shelby, Mr. Corzine, Mr. Kyl, 
        and Mr. Grassley):
  S. 1399. A bill to prevent identity theft, and for other purposes; to 
the Committee on Banking, Housing, and Urban Affairs.
  Mrs. FEINSTEIN. Madam President, I rise to introduce the Identity 
Theft Prevention Act of 2001 along with Senator Shelby, Senator 
Corzine, Senator Kyl, and Senator Grassley.
  The goal of this legislation is to require credit bureaus and banks 
to take precautions against identity theft and to assist identity theft 
victims in restoring their good name.
  What is identity theft? Identity theft occurs when one person uses 
another person's Social Security number, birth date, driver's license 
number, or other identifying information to obtain credit cards, car 
loans, phone plans or other services in the victim's name. The criminal 
literally assumes the identity of the victim for illicit gain.
  Identity theft is one of the fastest growing crimes in the new 
economy. The Federal Bureau of Investigation estimates 350,000 cases of 
identify theft occur annually.
  If recent trends continue, reports of identity theft to the Federal 
Trade Commission will double between 2000 and 2001, to over 60,000 
cases.
  Fully 40 percent of all consumer fraud complaints received by the FTC 
in the first three months of 2001 involved identity theft.
  Consider some of the following cases: my constituent, Kim Bradbury of 
Castro Valley, reported that an identity thief obtained a credit card 
in her name through the Internet in just 10 seconds. The false 
application only had her Social Security number and birth date correct.
  A man's drivers license was stolen at a night club in Florida. The 
thief opened a checking account in the man's name at multiple banks and 
used the accounts to engage in financial fraud. The police, in pursuit 
of the identity thief, mistakenly arrested the victim five times for 
crimes committed by the identity thief. One of the arrests caused him 
to miss his honeymoon.
  Three youths robbed a young woman on a San Francisco MUNI bus. The 
thieves stole her driver's license and Social Security card.
  While the victim was traveling over the Christmas holiday, the 
thieves represented themselves as her and drained her bank accounts, 
and applied for cell phones and credit cards in her name.
  This bill attempts to stem the tide of identity theft by requiring 
banks, credit bureaus, and other financial institutions to take some 
practical steps to protect sensitive personal information.
  1. The Identity Theft Prevention Act of 2001 would require all new 
credit-card machines to truncate any credit card number printed on a 
customer receipt. Thus, when a store gives a customer a receipt from a 
credit card purchase, only the last five digits of the credit card 
number will show. This prevents identity thieves from stealing credit 
card numbers by retrieving discarded receipts. Existing machines would 
have to be reprogrammed to truncate credit card numbers on receipts by 
2006. Given that most credit machines have a working life of 
approximately five years, this reprogramming requirement will put a 
minimal burden on businesses.
  2. The bill requires a credit card company to notify consumers when 
an additional credit card is requested on an existing credit account 
within 30 days of an address change request.
  3. The bill would require credit bureaus to alert credit issuers of 
discrepancies between the consumer's address in the bureau's records 
and the address in the consumer's application for credit. Thus, credit 
card issuers would be alerted to possible fraud.
  4. This bill codifies the industry practice of placing fraud alerts 
on a consumer's credit file and gives the Federal Trade Commission the 
authority to impose fines against credit issuers that ignore the alert.

[[Page S9079]]

  Too many credit card issuers are granting new cards without 
adequately verifying the identity of the applicant. Putting some teeth 
into fraud alerts will curb irresponsible granting of credit.
  I also would have reintroduced a provision from the Identity Theft 
Prevention Act of 2000, requiring that the Federal Trade Commission, 
FTC, develop a Model Reporting Form for victims to send to creditors.
  However, I am pleased to report that the FTC, encouraged by last 
year's identity theft bill, has drafted this model form.
  The new form will be launched in the next several weeks, and will be 
accepted by the three major credit bureaus as well as several major 
financial institutions. It will reduce substantially the paperwork 
burden on identity theft victims who otherwise would have to file 
literally dozens of reports of fraud.
  The simple, concrete proposals of this bill are are necessary because 
financial institutions are the stewards of personal financial data. 
They have unique access and control over the most sensitive personal 
information like one's bank account balance or one's credit card 
number. With this unique access comes a responsibility.
  Some may question why Congress needs to impose tighter information 
practices on banks and credit bureaus to address the identify theft 
crisis. After all, it is true that banks are on the hook for any 
personal credit losses over $50 due to fraud.
  Presumably, if banks were losing excessive amounts of money due to 
identity theft, they would tighten their information practices. 
However, the problems that face identity theft victims are independent 
of market forces.
  So much of identify theft victims' suffering comes from sources other 
than credit card losses.
  For example, victims often face extreme difficulties clearing their 
damaged credit, or even a criminal record, caused by the thief. The 
typical victim of identity theft spends over 175 hours over two years 
to clear his name.
  This legislation has earned the widespread support from a number of 
consumer and victims groups including the Identity Theft Resources 
Center, the Privacy Rights Clearinghouse, Consumers Union, U.S. PIRG, 
and Consumer Federation of America.
  The Identity Theft Prevention Act of 2001 requires financial 
institutions to take some simple precautions to prevent identity fraud 
and protect a person's good name.
  Verifying a credit applicant's address, complying with ``fraud 
alerts'', notifying credit card holders of unusual requests for new 
cards, and truncating credit numbers on receipts are all measures that 
will it make harder for criminals to engage in identify fraud.
  It is appropriate and necessary for financial institutions to take 
these steps. These companies have a responsibility to prevent 
fraudsters from using their services to harm the good name of other 
citizens. Morever, in this complex, information-driven society, 
consumers simply can't protect their good name on their own.
  Mr. SHELBY. Madam President, I am pleased to join Senator Feinstein 
in introducing the ``Identity Theft Prevention Act of 2001.''
  Unfortunately, with the growth of electronic commerce, there has been 
a corresponding growth in the number of high tech crimes. In fact, 
identity theft is now the fastest growing crime in the United States. 
Over the last few years, identity thieves have stolen billions of 
dollars from hundreds of thousands of people.
  The difficulties for victims of identity theft do not simply end 
after the crime that has been committed. It can take years and 
considerable effort for victims to clear their names, reestablish their 
credit histories and get themselves back on their feet. In some cases, 
the crime never ends: stolen personal information is used repeatedly by 
numerous thieves placing individuals in an endless cycle of 
victimization.
  The ``Identity Theft Prevention Act of 2001'' is intended as a first 
step towards combating this devastating crime. The legislation requires 
new, common sense measures such as: notifying a credit card holder of a 
request for an additional card or request to change an address; 
requiring consumer approval prior to the issuance of credit; and 
truncation of credit card account numbers on print-out receipts. These 
provisions are intended to reduce the opportunities of thieves to 
obtain the consumer data they use to commit fraud in the first place.
  Additionally, in an effort to ease the considerable burdens the crime 
places on its victims, the bill makes it easier for consumers to report 
fraud and for them to quickly restore their credit history after they 
have been targeted.
  The seriousness of the of the crime of identity theft has already 
been well documented in economic terms: hundreds of thousands of people 
have lost billions of dollars. However, the crime causes additional 
losses that far exceed the economic ones. An identity theft victim can 
lose his or her hard-earned good name and reputation in a matter of 
seconds. I believe Senator Feinstein's bill will help prevent such 
assaults and it will help those who are victimized restore their credit 
record and their reputation more quickly. I am pleased to be an 
original cosponsor of this bill.
                                 ______