*Banking Committee Finds Firms Willing to Break Law
Rep. James A. Leach, R-IA, the committee's chairman, revealed this information at a hearing on H.R. 4311, the Identity Theft Prevention Act of 2000. The hearing also focused on identity theft and pretext calling, a practice closely related to identity theft involving the use of false and deceptive methods to obtain personal financial information.
Pretext callers often pose as law enforcement agents, social workers, potential employers and other authority figures to obtain individuals' private data from banks and other financial institutions. Some perpetrators use telemarketing scams to trick consumers into revealing personal data.
H.R. 4311 goes beyond provisions that Leach sponsored in 1998 and that were incorporated into last year's Gramm-Leach-Bliley financial modernization legislation. The Gramm-Leach-Bliley Act, which went into effect on Nov. 12, 1999, made it a federal crime to obtain or attempt to obtain customer information from a financial institution by false pretenses, such as by misrepresenting the identity of the person requesting the information or by otherwise tricking an institution or its customers into making unwitting disclosures of such information.
However, H.R. 4311 addresses credit-reporting agencies, saying they have an obligation to handle such information responsibly and should take affirmative steps to prevent identity criminals from intercepting such information.
In the 10 months since the Gramm-Leach-Bliley Act went into effect, the committee received sporadic reports that federal regulators have not adequately heeded the strictures of the legislation. To determine whether it remains possible to find someone willing to break the law to obtain an individual's private financial information, committee staff conducted an informal survey during the recently concluded August recess.
Staff identified and contacted businesses advertising their ability to locate bank accounts, determine bank account balances, and find other financial assets assumed by most consumers to be confidential. Subjects were selected at random based on searches of the Internet, telephone-book yellow pages and classified advertisements in legal trade journals.
Posing as a potential customer, a member of the committee staff, Alison Watson, placed a series of calls in which she purported to be someone whose live-in boyfriend had recently disappeared, cleaning out their joint bank account and absconding with other assets. The staff member asked each firm whether it could assist her in locating her ex-boyfriend and any bank accounts in which he might have placed the funds removed from their joint account.
Of calls placed to 26 companies during an uninterrupted three-hour period, 11 companies were reached by the committee. All 11 were "eager to sell bank account information of a private citizen, with few, if any, questions asked," Leach said.
"In short, bank account information and other aspects of consumers' financial profiles apparently remain freely available to anybody willing to pay for them," Leach said. "What we have are outfits unafraid to break the law, in fact even continuing to advertise their law-breaking talents. The victims are those individuals whose account information is obtained, but it is also our civil society that is based upon trust and respect for the privacy of one another."
Leach said that although two of the 11 firms made vague references to privacy laws that they said would complicate their efforts to locate assets, "none mentioned the existence of statutory prohibitions on the services they were offering to provide. Based upon this survey, it appears that the fraudulent practices first highlighted by the committee in mid-1998 are continuing largely unabated.
"Americans' financial privacy -- indeed their very financial identities -- are at risk as never before," Leach added. "Whether the threat involves cyberintrusions into large corporate databases by hackers seeking to download credit-card numbers or other account information, or less technologically sophisticated techniques such as 'dumpster-diving' to retrieve credit-card receipts or bank statements, the most confidential pieces of a consumer's financial profile appear to be easily available to a growing number of financial scam artists."
Indeed, the crime of identity theft has become one of the major law-enforcement challenges of the new economy, as vast quantities of sensitive, personal information are now vulnerable to criminal interception and misuse. The U.S. Postal Inspection Service estimates that 50,000 people a year have become victims of identity theft since the mid-1990s.
In addition, the Secret Service investigated identity theft losses to individuals and institutions of $745 million in 1997, a 75 percent increase over the $442 million lost in 1995. According to TransUnion Corp., a national credit bureau, the total number of identity theft inquiries to its Fraud Victim Assistance Department grew to 522,922 in 1997 from 35,235 in 1992.
Testifying at the hearing were Rep. Darlene Hooley, D-OR, and Rep. Steven LaTourette, R-OH, who are the primary sponsors of H.R. 4311.
The bill would:
• Require credit-card companies to send a confirmation to a consumer's old address as well as his new address upon receipt of a change-of-address form.
• Require credit-reporting agencies to include a "fraud alert" in the consumer's file at the consumer's request.
• Require credit-reporting agencies to investigate discrepancies between personal or identifying information contained in the file maintained by the agency, and information supplied to the agency by the user of the consumer report.
• Require credit-reporting agencies to provide one free credit report annually to consumers.
• Prohibit credit-reporting agencies from selling Social Security numbers.
• Require individual reference services to disclose, upon the consumer's request, all information maintained in the file regarding the consumer.
Among others who testified was Shon Boulden, a Hillsboro, OR, man who was the victim of identity theft. Boulden said that although credit bureaus such as TransUnion and Experian have put fraud alerts on his account, new people were still opening accounts using his Social Security number.