[Senate Hearing 108-579]
[From the U.S. Government Publishing Office]




                                                        S. Hrg. 108-579
 
                   THE FAIR CREDIT REPORTING ACT AND
                  ISSUES PRESENTED BY REAUTHORIZATION
                 OF THE EXPIRING PREEMPTION PROVISIONS

=======================================================================

                                HEARINGS

                               before the

                              COMMITTEE ON
                   BANKING,HOUSING,AND URBAN AFFAIRS
                          UNITED STATES SENATE

                      ONE HUNDRED EIGHTH CONGRESS

                             FIRST SESSION

                                   ON

         THE HISTORY, PURPOSE, AND FUNCTION OF THE FAIR CREDIT 
    REPORTING ACT AND PROVISIONS SUBJECT TO THE EXPIRING PREEMPTION 
    PROVISIONS SPECIFICALLY; THE GROWING PROBLEM OF IDENTITY THEFT; 
  AFFILIATE SHARING PRACTICES; ACCURACY OF CREDIT REPORT INFORMATION; 
 CONSUMER AWARENESS AND UNDERSTANDING THE CREDIT GRANTING PROCESS AND 
                 ADDRESSING MEASURES TO ENHANCE THE ACT

                               ----------                              

             MAY 20, JUNE 19, 26, JULY 10, 29, AND 31, 2003

                               ----------                              

  Printed for the use of the Committee on Banking, Housing, and Urban 
                                Affairs


                                                        S. Hrg. 108-579


                   THE FAIR CREDIT REPORTING ACT AND
                  ISSUES PRESENTED BY REAUTHORIZATION
                 OF THE EXPIRING PREEMPTION PROVISIONS

=======================================================================

                                HEARINGS

                               before the

                              COMMITTEE ON
                   BANKING,HOUSING,AND URBAN AFFAIRS
                          UNITED STATES SENATE

                      ONE HUNDRED EIGHTH CONGRESS

                             FIRST SESSION

                                   ON

         THE HISTORY, PURPOSE, AND FUNCTION OF THE FAIR CREDIT 
    REPORTING ACT AND PROVISIONS SUBJECT TO THE EXPIRING PREEMPTION 
    PROVISIONS SPECIFICALLY; THE GROWING PROBLEM OF IDENTITY THEFT; 
  AFFILIATE SHARING PRACTICES; ACCURACY OF CREDIT REPORT INFORMATION; 
 CONSUMER AWARENESS AND UNDERSTANDING THE CREDIT GRANTING PROCESS AND 
                 ADDRESSING MEASURES TO ENHANCE THE ACT

                               __________

             MAY 20, JUNE 19, 26, JULY 10, 29, AND 31, 2003

                               __________

  Printed for the use of the Committee on Banking, Housing, and Urban 
                                Affairs


                    U.S. GOVERNMENT PRINTING OFFICE
95-254                      WASHINGTON : DC
____________________________________________________________________________
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov  Phone: toll free (866) 512-1800; (202) 512�091800  
Fax: (202) 512�092250 Mail: Stop SSOP, Washington, DC 20402�090001


            COMMITTEE ON BANKING, HOUSING, AND URBAN AFFAIRS

                  RICHARD C. SHELBY, Alabama, Chairman

ROBERT F. BENNETT, Utah              PAUL S. SARBANES, Maryland
WAYNE ALLARD, Colorado               CHRISTOPHER J. DODD, Connecticut
MICHAEL B. ENZI, Wyoming             TIM JOHNSON, South Dakota
CHUCK HAGEL, Nebraska                JACK REED, Rhode Island
RICK SANTORUM, Pennsylvania          CHARLES E. SCHUMER, New York
JIM BUNNING, Kentucky                EVAN BAYH, Indiana
MIKE CRAPO, Idaho                    ZELL MILLER, Georgia
JOHN E. SUNUNU, New Hampshire        THOMAS R. CARPER, Delaware
ELIZABETH DOLE, North Carolina       DEBBIE STABENOW, Michigan
LINCOLN D. CHAFEE, Rhode Island      JON S. CORZINE, New Jersey

             Kathleen L. Casey, Staff Director and Counsel

     Steven B. Harris, Democratic Staff Director and Chief Counsel

               Peggy R. Kuhn, Senior Financial Economist

              Mark A. Calabria, Senior Professional Staff

                 Dean V. Shahinian, Democratic Counsel

                  Lynsey N. Graham, Democratic Counsel

   Joseph R. Kolinski, Chief Clerk and Computer Systems Administrator

                       George E. Whittle, Editor

                                  (ii)


                            C O N T E N T S

                              ----------                              

                         TUESDAY, MAY 20, 2003

                                                                   Page

Opening statement of Chairman Shelby.............................     1

Opening statements, comments, or prepared statements of:
    Senator Crapo................................................     2
    Senator Dole.................................................     7
        Prepared statement.......................................    44
    Senator Carper...............................................    10
    Senator Johnson..............................................    13
        Prepared statement.......................................    44
    Senator Bunning..............................................    15
        Prepared statement.......................................    45
    Senator Sarbanes.............................................    17
    Senator Bennett..............................................    19
    Senator Miller...............................................    22
    Senator Dodd.................................................    22
    Senator Stabenow.............................................    25
        Prepared statement.......................................    46
    Senator Schumer..............................................    34

                               WITNESSES

J. Howard Beales, III, Director, Bureau of Consumer Protection, 
  U.S. Federal Trade Commission, Washington, DC..................     3
    Prepared statement...........................................    46
    Response to written questions of:
        Senator Crapo............................................    59
        Senator Sarbanes.........................................    61
        Senator Bennett..........................................    65
        Senator Miller...........................................    67

                              ----------                              

                        THURSDAY, JUNE 19, 2003

Opening statement of Chairman Shelby.............................    69

Opening statements, comments, or prepared statements of:
    Senator Johnson..............................................    70
    Senator Dole.................................................    71
    Senator Corzine..............................................    72
    Senator Crapo................................................    73
    Senator Dodd.................................................    74
    Senator Allard...............................................    76
    Senator Schumer..............................................    77
    Senator Bunning..............................................    78
    Senator Sarbanes.............................................    79
    Senator Bennett..............................................    80
    Senator Miller...............................................    81
    Senator Enzi.................................................   125

                               WITNESSES

J. Howard Beales, III, Director, Bureau of Consumer Protection, 
  U.S. Federal
  Trade Commission, Washington, DC...............................    81
    Prepared statement...........................................   125
    Response to written questions of:
        Senator Dole.............................................   207
        Senator Miller...........................................   207
Timothy Caddigan, Special Agent in Charge, Criminal Investigative 
  Division, U.S. Secret Service..................................    83
    Prepared statement...........................................   133
    Response to written question of Senator Miller...............   207
Michael D. Cunningham, Senior Vice President, Credit and Fraud 
  Operations, Chase Cardmembers Services.........................    99
    Prepared statement...........................................   138
    Response to written questions of:
        Senator Dole.............................................   208
        Senator Miller...........................................   208
John M. Harrison, Captain, U.S. Army (Retired), Rocky Hill, 
  Connecticut....................................................   101
    Prepared statement...........................................   157
    Respsonse to written questions of:
        Senator Dole.............................................   208
        Senator Miller...........................................   210
Stuart K. Pratt, President and Chief Executive Officer, Consumer 
  Data Industry Association......................................   104
    Prepared statement...........................................   160
Linda Foley, Executive Director, Identity Theft Resource Center..   108
    Prepared statement...........................................   171
    Response to written question of Senator Miller...............   211
William Hough, Vice President of Credit Services, The Neiman 
  Marcus
  Group, on behalf of the National Retail Federation.............   111
    Prepared statement...........................................   187
    Response to written question of Senator Miller...............   214
Michael W. Naylor, Director of Advocacy, AARP....................   113
    Prepared statement...........................................   189
    Response to written question of Senator Miller...............   214

                              ----------                              

                        THURSDAY, JUNE 26, 2003

Opening statement of Chairman Shelby.............................   217

Opening statements, comments, or prepared statements of:
    Senator Johnson..............................................   218
    Senator Bennett..............................................   219
    Senator Sarbanes.............................................   220
    Senator Allard...............................................   221
    Senator Carper...............................................   222
    Senator Dole.................................................   222
    Senator Bunning..............................................   247

                               WITNESSES

Joel R. Reidenberg, Professor of Law, Fordham University School 
  of Law.........................................................   223
    Prepared statement...........................................   247
Ronald A. Prill, former President, Target Financial Services, on 
  behalf of
  the National Retail Federation.................................   227
    Prepared statement...........................................   256
Terry Baloun, Regional President and Group Head, Wells Fargo Bank   229
    Prepared statement...........................................   260
    Response to written questions of:
        Senator Shelby...........................................   314
        Senator Bunning..........................................   317
        Senator Sarbanes.........................................   319
        Senator Dole.............................................   321
        Senator Johnson..........................................   322
Julie Brill, Assistant Attorney General, the State of Vermont....   230
    Prepared statement...........................................   263
Martin Wong, General Counsel, Global Consumer Group, Citigroup...   233
    Prepared statement...........................................   291
    Response to written question of:
        Senator Shelby...........................................   326
        Senator Bunning..........................................   331
        Senator Johnson..........................................   334
        Senator Dole.............................................   338
Edmund Mierzwinski, Consumer Program Director, U.S. Public 
  Interest
  Research Group.................................................   235
    Prepared statement...........................................   294
Angela L. Maynard, Chief Privacy Executive and Counsel, KeyCorp, 
  on behalf
  of the Financial Services Roundtable...........................   237
    Prepared statement...........................................   308

              Additional Material Supplied for the Record

Letter to Chairman Shelby and Ranking Member Sarbanes from Chris 
  Jay Hoofnagle, Deputy Counsel, Electronic Privacy Information 
  Center, dated June 24, 2003....................................   340

                              ----------                              

                        THURSDAY, JULY 10, 2003

Opening statement of Chairman Shelby.............................   349
    Prepared statement...........................................   399

Opening statements, comments, or prepared statements of:
    Senator Sarbanes.............................................   350
    Senator Dole.................................................   352
    Senator Johnson..............................................   352
    Senator Enzi.................................................   353
    Senator Carper...............................................   355
    Senator Bennett..............................................   355
    Senator Dodd.................................................   357
        Prepared statement.......................................   402
    Senator Crapo................................................   358
    Senator Stabenow.............................................   358
        Prepared statement.......................................   402
    Senator Allard...............................................   359
        Prepared statement.......................................   403
    Senator Corzine..............................................   360
    Senator Schumer..............................................   360

                               WITNESSES

Timothy J. Muris, Chairman, U.S. Federal Trade Commission........   361
    Prepared statement...........................................   404
    Response to written questions of Senator Sununu..............   506
Stephen Brobeck, Executive Director, Consumer Federation of 
  America........................................................   381
    Prepared statement...........................................   422
Stuart K. Pratt, President and CEO, Consumer Data Industry 
  Association....................................................   383
    Prepared statement...........................................   437
Richard F. LeFabvre, President and CEO, AAA American Credit 
  Bureau, Inc....................................................   385
    Prepared statement...........................................   459
David A. Jokinen, Sugar Land, Texas..............................   387
    Prepared statement...........................................   477
Evan Hendricks, Editor and Publisher, Privacy Times..............   390
    Prepared statement...........................................   481

              Additional Material Supplied for the Record

Letter to David A. Jokinen from the Social Security 
  Administration.................................................   507

                              ----------                              

                         TUESDAY, JULY 29, 2003

Opening statement of Chairman Shelby.............................   509

Opening statements, comments, or prepared statements of:
    Senator Sarbanes.............................................   510
    Senator Bennett..............................................   511
    Senator Stabenow.............................................   512
    Senator Enzi.................................................   512
        Prepared statement.......................................   549
    Senator Miller...............................................   532
    Senator Allard...............................................   539
        Prepared statement.......................................   549

                               WITNESSES

Dolores S. Smith, Director, Division of Consumer and Community 
  Affairs,
  Board of Governors of the Federal Reserve System...............   514
    Prepared statement...........................................   549
    Response to written question of Senator Sarbanes.............   585
Donna Gambrell, Deputy Director for Compliance and Consumer 
  Protection,
  Division of Supervision and Consumer Protection, Federal 
    Deposit
  Insurance Corporation..........................................   515
    Prepared statement...........................................   554
Joel Winston, Associate Director, Financial Practices Division, 
  Bureau of Consumer Protection, U.S. Federal Trade Commission...   517
    Prepared statement...........................................   558
Travis B. Plunkett, Legislative Director, Consumer Federation of 
  America........................................................   518
    Prepared statement...........................................   560
Stacey D. Stewart, President and Chief Executive Officer, Fannie 
  Mae
  Foundation.....................................................   520
Cheri St. John, Vice President of Global Scoring Solutions, Fair 
  Isaac
  Corporation....................................................   522
    Prepared statement...........................................   566
Scott Hildebrand, Vice President, Direct Marketing Services, 
  Capital One Financial Corporation..............................   524
    Prepared statement...........................................   579

                              ----------                              

                        THURSDAY, JULY 31, 2003

                                                                   Page

Opening statement of Chairman Shelby.............................   587

Opening statements, comments, or prepared statements of:
    Senator Sarbanes.............................................   592
    Senator Bennett..............................................   594
    Senator Johnson..............................................   596
    Senator Crapo................................................   597
    Senator Carper...............................................   599
    Senator Dole.................................................   601
        Prepared statement.......................................   627
    Senator Corzine..............................................   602
    Senator Bunning..............................................   603

                               WITNESSES

John W. Snow, Secretary, U.S. Department of the Treasury.........   588
    Prepared statement...........................................   627
    Response written questions of Senator Dole...................   653
Michael F. McEneney, Partner, Sidley Austin Brown & Wood LLP; on 
  behalf
  of the U.S. Chamber of Commerce................................   611
    Prepared statement...........................................   630
Edmund Mierzwinski, Consumer Program Director, U.S. Public 
  Interest
  Research Group; on behalf of: ACORN, Center for Community 
    Change, Consumer Action, Consumer Federation of America, 
    Consumers Union, Electronic Privacy Information Center, 
    Identity Theft Resource Center, Privacy Rights Clearinghouse, 
    Privacy Times, and U.S. Public Interest Research Group.......   614
    Prepared statement...........................................   634

              Additional Material Supplied for the Record

Letter from Senator Jim Bunning to John W. Snow, Secretary, U.S. 
  Department of the Treasury, dated August 6, 2003...............   654
Consumer Credit: Limited Information Exists on Extent of Credit 
  Report Errors and Their Implications for Consumers, by Richard 
  J. Hillman, Director, Financial Markets and Community 
  Investment, U.S. General Accounting Office.....................   655
The Development and Regulation of Consumer Credit Reporting in 
  America by Robert M. Hunt, Senior Economist, Federal Reserve 
  Bank of Philadelphia, dated November 2002......................   675


                   THE FAIR CREDIT REPORTING ACT AND
                  ISSUES PRESENTED BY REAUTHORIZATION
                 OF THE EXPIRING PREEMPTION PROVISIONS

                              ----------                              


                         TUESDAY, MAY 20, 2003

                                       U.S. Senate,
          Committee on Banking, Housing, and Urban Affairs,
                                                    Washington, DC.

    The Committee met at 2 p.m., in room SD-538 of the Dirksen 
Senate Office Building, Senator Richard C. Shelby (Chairman of 
the Committee) presiding.

        OPENING STATEMENT OF CHAIRMAN RICHARD C. SHELBY

    Chairman Shelby. The Committee will come to order.
    I would just like to thank everyone for being here today. 
At the end of this year, the State law preemption provisions of 
the Fair Credit Reporting Act expire. This Committee has the 
responsibility of reviewing these provisions and making a 
determination as to whether they should be extended, altered, 
or be allowed to lapse.
    The task before us is no small endeavor.
    The preemption provisions are a part of a much larger, 
highly complex law, a law that governs crucial aspects of the 
consumer credit system. This national system is huge, involving 
trillions of dollars and millions of people, and is at the 
heart of the economic well-being of this country.
    This system is also fundamentally dependent on the 
collection and dissemination of data that involves some of our 
most sensitive personal information.
    We do want to point out, however, that balancing these 
various interests is not a new challenge for Congress. At 
enactment, when it was significantly amended in 1996, and now, 
the calculus behind the FCRA has always required consideration 
of the broad issues relating to the operation of the credit 
markets and consumer privacy.
    The statement of purpose of the Act bears this point out. 
It highlights the banking system's dependence upon fair and 
accurate credit reporting, the vital function consumer 
reporting agencies perform in supplying this information, and 
the need to ensure that reporting agencies exercise the grave 
responsibilities with fairness, impartiality, and respect for 
the consumer's right to privacy.
    As we review the expiring preemption provisions of the law, 
it is my hope that the provisions are considered in the context 
of the law's purpose.
    To this end, we have already held numerous staff briefings 
covering many of the key topics associated with the Fair Credit 

Reporting Act. Additionally, and more importantly, while 
working within the limited timeframe we have available, it is 
my intention to develop a comprehensive hearing record to 
inform the Committee's debate.
    We are now moving to the hearing phase and are beginning at 
what I feel is the best point of departure--consideration of 
the fundamental issue implicated in the debate--operation of 
the consumer credit system and the Fair Credit Reporting Act's 
role in that system.
    We do this by first hearing from the Federal Trade 
Commission, the Agency with the most responsibility for 
enforcement of the Fair Credit Reporting Act. Our first witness 
is Howard Beales, Director of the Federal Trade Commission's 
Division of Consumer Affairs. From Mr. Beales, we should obtain 
more information about the history, the purpose, and function 
of this important law. I look forward to his testimony.
    As we move forward, I plan to use these hearings to provide 
content that will enable the Committee to focus its 
consideration on the discrete issues and particular 
applications of the law.
    It is my hope and intent that, at the end of this process, 
we will have obtained a full sense of the value of our national 
system and we will be able to balance the various issues 
presented by contemporary information use practices.
    Our overarching goal should then be to ensure that the law 
produces the most effective, efficient, balanced and fair 
system that is achievable.
    Senator Crapo.

                STATEMENT OF SENATOR MIKE CRAPO

    Senator Crapo. Thank you very much, Mr. Chairman. I 
appreciate your comments and share them, and I appreciate the 
attention you are giving to this critical issue.
    As you indicated, we have a short timeframe within which to 
address the reauthorization of the Fair Credit Reporting Act's 
preemption authority. And I believe that there is an 
increasingly strong consensus in terms of that need.
    The other issues that surround this issue as well are those 
which we need to have a solid record developed on and which I 
appreciate your encouragement and support in developing that 
record.
    I intend to work with you and the other Members who are 
interested in this issue to prepare solutions to those issues, 
such as the privacy issues, the identity theft issues, and 
other related issues that are involved, not only in FCRA, but 
also in the application of the Gramm-Leach-Bliley legislation 
and our entire approach to how credit and the information 
surrounding credit is basically collected and utilized in our 
society.
    We want to make sure that the protections are in place to 
protect privacy, but at the same time, we want to make sure 
that our system of credit in the United States, which has been 
such a strength to our economy and to our people, is not 
interfered with.
    And I think that that task is one that is achievable and I 
look forward to working with you on it.
    Thank you.
    Chairman Shelby. I just want to make an announcement.
    Concurrent with this hearing today, when we get a quorum, 
the Committee will conduct a vote on a lot of nominations: 
Nicholas Gregory Mankiw, of Massachusetts, to be a Member of 
the Council of Economic Advisors, the Executive Office of the 
President; Steven B. Nesmith, of Pennsylvania, to be Assistant 
Secretary for Congressional and Intergovernmental Relations, 
U.S. Department of Housing and Urban Development; Jose Teran, 
of Florida, to be a Member of the Board of Directors, the 
National Institute of Building Sciences; James Broaddus, of 
Texas, to be a Member of the Board of Directors, the National 
Institute of Building Sciences; Lane Carson, of Louisiana, to 
be a Member of the Board of Directors of the National Institute 
of Building Sciences; and Morgan Edwards, of North Carolina, to 
be a Member of the Board of Directors of the National Institute 
of Building Sciences.
    I just wanted to make that announcement at the beginning.
    Mr. Beales, we welcome you to the Committee. Your written 
statement in its entirety has been reviewed and it will be made 
part of the Senate Banking Committee's record.
    You proceed as you wish. As I told you, we are going to get 
a vote on the floor about 2:20 p.m., or whenever we get it, and 
I will recess the Committee for the vote at the proper time.
    You proceed as you wish.

               STATEMENT OF J. HOWARD BEALES, III
            DIRECTOR, BUREAU OF CONSUMER PROTECTION
                 U.S. FEDERAL TRADE COMMISSION

    Mr. Beales. Thank you very much, Mr. Chairman and Members 
of the Committee. I am pleased to have this opportunity to 
provide background on the Fair Credit Reporting Act.
    Although the views expressed in the written statement 
represent the views of the Commission, my oral presentation and 
my responses to questions are my own and do not necessarily 
reflect the views of the Commission or any individual 
Commissioner. The Commission has played a central role in 
interpreting and enforcing the FCRA since the law was enacted 
in 1970. I really appreciate the opportunity to discuss the Act 
and its role in regulating credit report information.
    After World War II, the American population grew and became 
vastly more mobile. A national consumer reporting system 
developed in response to this new mobility. Since that time, 
consumer credit outstanding has grown exponentially. Indeed, 
consumer spending accounts for over two-thirds of U.S. gross 
domestic product and consumer credit markets drive U.S. 
economic growth.
    Early on, credit reporting was local or regional and, the 
amount of information collected was limited and not 
standardized. The credit bureaus, also known as consumer 
reporting agencies, manually recorded consumer information on 
index cards, updated the information irregularly, and often 
retained it indefinitely. Over time, however, small credit 
bureaus grew to become large repositories of consumer 
information, relying on sophisticated computer systems to 
store, process and transit large amounts of data.
    Today, the credit reporting system, consists primarily of 
three nationwide credit bureau repositories, containing data on 
as many as 1.5 billion credit accounts held by approximately 
190 million 
individuals. Creditors and other so-called furnishers provide 
information to credit bureaus voluntarily. There is no direct 
payment to furnishers for providing this data, but the 
cooperative database enables credit grantors to make more 
expeditious and accurate credit decisions. Quick credit 
decisions are important to many consumers who are in the market 
for new credit. A recent Federal Reserve Board study found that 
one in five active credit accounts was opened within the last 
year.
    Because of the national credit reporting system we have, 
the credit application process has evolved from a relatively 
time-consuming individualized procedure that relied on loan 
officers' case-by-case estimates, to a more sophisticated and 
partial system that relies on consistent assessment of credit 
history information.
    Because of the prevalence of credit reports, consumers 
today can use the Internet to comparison-shop for a wide array 
of credit products and get a virtually instantaneous offer. Or 
they can get a five-figure loan from a car dealer they have 
never seen before and drive a car out of the showroom the same 
day.
    Let me briefly review some of the key elements of the FCRA 
as it stands today, 33 years after its original passage.
    It is important to keep in mind that notwithstanding its 
title, the Fair Credit Reporting Act has always covered more 
than what are conventionally termed ``credit reports.'' It 
applies to any information that is collected and used for the 
purpose of evaluating consumers' eligibility for products and 
services they want. Thus, the FCRA has always applied to 
insurance, employment, and other noncredit consumer 
transactions. My focus today will be on credit reporting, but 
the same basic regulatory structure applies to all consumer 
reports.
    The FCRA provides consumer protections in two vital areas--
privacy and accuracy. The Act is designed to protect privacy in 
a number of ways. Primarily, it limits distribution of credit 
reports to those with specific ``permissible purposes.'' 
Generally, reports may be provided for the purposes of making 
decisions involving credit, insurance, or employment, and 
certain other consumer-initiated transactions.
    Also, Congress has given consumers the right to opt out of 
the use of their credit information for prescreening and opt 
out of the sharing of certain information, including credit 
reports among affiliated companies.
    In addition to privacy, credit report accuracy is a core 
goal of the FCRA. Accurate reports benefit not only consumers, 
but also credit grantors who need accurate information to make 
optimal decisions.
    The FCRA uses two major avenues to achieve the goal of 
optimal accuracy. First, it provides that the consumer 
reporting agencies must follow ``reasonable procedures to 
assure maximum possible accuracy of the information'' they 
report. Second, the FCRA gives consumers the right to know what 
information the credit bureau maintains on them and the right 
to dispute errors, facilitated by the Act's adverse action 
notice requirements. Since 1970, the FCRA has required that 
when credit is denied based, even in part, on a consumer 
report, the creditor must notify the consumer of the identity 
of the credit bureau from which the report was obtained, of the 
right to obtain a free copy of the report, and the right to 
dispute the accuracy of the information in the report.
    A consumer can initiate a dispute by notifying a credit 
bureau of incomplete or inaccurate information in his or her 
credit report. The credit bureau and creditor who furnished the 
information must reinvestigate the dispute, generally within 30 
days, record the current status of the information and delete 
it if it is found to be inaccurate or unverifiable. The credit 
bureau must report the results of the investigation to the 
consumer.
    The self-help mechanism embodied in the FCRA's scheme of 
adverse action notices and the right to dispute is a critical 
component in the effort to maximize the accuracy of consumer 
reports, and the Commission has given high priority to assuring 
compliance with these provisions.
    Let me briefly discuss the Commission's efforts to 
administer and 
enforce the FCRA since 1970. When Congress first passed the 
Act, it provided that the Commission would be the principal 
agency to enforce the statute.
    The Commission brought a number of formal actions to 
enforce the FCRA, including cases to assure compliance with the 
adverse action notice requirements on the part of creditors and 
employers, to assure compliance with privacy and accuracy 
requirements by the major nationwide credit bureaus, and to 
assure compliance by resellers of consumer reports, which are 
agencies that purchase consumer reports from the major bureaus 
and then resell them.
    The Commission's enforcement efforts since 1996 have 
focused on the new requirements added by the amendments in that 
year. For example, the Commission settled cases against the 
three major repositories charging that they failed to have 
adequate personnel available to answer FCRA-mandated toll-free 
telephone numbers. The Commission has also settled cases 
against furnishers of information to consumer reporting 
agencies alleging that they falsely reported delinquency dates, 
causing adverse information to remain on credit reports past 
the 7-year limit provided by the Act.
    Recently, the Commission settled an action against an 
Internet mortgage lender that failed to give adverse action 
notices to consumers who did not qualify for online pre-
approval because of information in their credit reports.
    The Commission is also engaged in extensive consumer and 
business education, including the Commission's 1990 commentary 
on the FCRA. After the 1996 Amendments, our informal guidance 
expanded to meet the interpretive needs that were prompted by 
the amendments. We are now focused on a revision of the 1990 
commentary which has been rendered partly obsolete by the 
passage of time and the amendments. The Commission will 
continue to use a combination of education initiatives and 
vigorous enforcement to foster compliance with the FCRA.
    We see several ongoing developments in the consumer 
reporting marketplace that may have significant impact on 
consumers. First, more types of businesses are using credit 
reports to make decisions in consumer transactions. For 
example, telephone service providers routinely use consumer 
reports to make decisions on whether to provide service and 
what deposit requirements, if any, to impose. Insurance 
companies are increasingly using the information from 
consumers' credit histories when underwriting homeowners and 
auto insurance policies.
    Second, we are seeing new types of consumer credit 
providers and products in the marketplace. For example, the 
growing use of prescreened offers for the marketing of credit 
cards has led to the development of credit card banks that rely 
almost entirely on prescreening to sell their cards. 
Prescreening has also led to the widespread availability of 
credit cards with no annual fee and other attractive benefits, 
and has enhanced competition.
    Third, businesses increasingly are using consumer reports 
to undertake risk-based pricing of products or services. Many 
creditors and other businesses no longer merely approve or deny 
applications, but, rather, they use credit report data to 
finely calibrate the terms of their offer. Consumers benefit 
from the more efficient consumer credit market that is made 
possible by these developments.
    Any reference to the consumer reporting system should 
recognize the problem of identity theft. The range, accuracy, 
and timeliness of information in consumer reporting data bases 
makes them unique resources. They are, therefore, 
simultaneously a target for identity thieves and a valuable 
resources for combatting identity theft. Identity theft 
threatens the fair and efficient functioning of consumer credit 
markets by undermining the accuracy and credibility of the 
information flow that supports these markets.
    As I recently detailed before the House Financial Services 
Committee, the Commission is working actively to combat 
identity theft in a number of areas. We will continue to 
explore avenues for combatting identity theft and assisting 
victims.
    In conclusion, the 33 years since passage of the Act have 
fully demonstrated the wisdom of Congress in enacting the FCRA.
    The FCRA makes possible the vitality of modern consumer 
credit markets. The consumer reporting industry, furnishers, 
and users can all rely on the uniform framework of the FCRA in 
what has become a complex, nationwide business of making 
consumer credit available to a diverse and mobile American 
public.
    The 1970 Act, along with the 1996 Amendments, provided a 
carefully balanced framework, making possible the benefits that 
result from the free, fair, and accurate flow of consumer data. 
All of these benefits depend on the consumer reporting system 
functioning as intended. That is why the FTC continues to 
emphasize the importance of educating consumers and businesses, 
and of enforcing the law to assure compliance by all who have a 
role in making the system work.
    Thank you for this opportunity to present the Commission's 
views, and I would be happy to respond to your questions.
    Chairman Shelby. Thank you. I believe at this point would 
be a good time--Senator Dole, we are having a vote at 2:20 
p.m., unless it has been vitiated.
    Does anybody know? It hasn't hit yet.
    [Pause.]
    I believe I will recess the hearing--Senator Dole, do you 
have an opening statement or any comments?

               COMMENTS OF SENATOR ELIZABETH DOLE

    Senator Dole. No. In the interest of time, I will submit my 
statement for the record.
    Chairman Shelby. It will be made a part of the record in 
its entirety.
    Senator Dole. But I welcome you. As a former Member of the 
Federal Trade Commission, I am delighted to have your testimony 
today and look forward to the questions.
    Chairman Shelby. Thank you, Senator Dole. Your opening 
statement will be made a part of the record.
    Senator Dole. Thank you, Mr. Chairman.
    Chairman Shelby. We will recess the Committee until we get 
back from the vote.
    [Recess.]
    Chairman Shelby. The Committee will come to order.
    Mr. Beales, starting at the most basic level, just for the 
record--this is our first hearing regarding the Fair Credit 
Reporting Act, as you know--I want to establish for the record 
what is covered by the Fair Credit Reporting Act.
    The law identifies certain kinds of personal information 
and it establishes how and by whom such information can be 
collected, transferred, and used.
    Is that correct?
    Mr. Beales. Yes, sir.
    Chairman Shelby. What would be an example of the kind of 
information that is covered under the statutory scheme?
    Mr. Beales. It could be any information if it bears on 
eligibility for credit or employment. That is the basic 
definitional constraint.
    Chairman Shelby. Give us an example.
    Mr. Beales. The typical example is how well you repay your 
bills, so your repayment history.
    Chairman Shelby. Sure. It certainly does has probative 
value, doesn't it?
    Mr. Beales. It certainly does. It is ultimately what the 
creditor is interested in.
    Chairman Shelby. Right. And should be.
    Mr. Beales. Right. It may also include, and typically does, 
public record information, like mortgages and liens against 
your property.
    Chairman Shelby. Tax liens, if any.
    Mr. Beales. Tax liens, any other kind of information, 
bankruptcy information.
    Chairman Shelby. Lawsuits?
    Mr. Beales. Lawsuits that may be picked up from public 
records, yes, any of that might be there.
    Chairman Shelby. The law restricts, as I understand it, who 
can access and use the contents of a consumer report. In other 
words, not just anyone can use it for any reason.
    Could you elaborate on that, about how use of such 
information or report is restricted, for the record?
    Mr. Beales. The fundamental restriction is that you have to 
have a permissible purpose under the statute to access the 
report.
    Chairman Shelby. Is permissible purpose defined in the 
statute?
    Mr. Beales. There is a definition. A permissible purpose 
would be to assess your eligibility for credit.
    Chairman Shelby. Okay.
    Mr. Beales. Or for insurance purposes. Or for employment.
    Probably the broadest of the permissible purposes is in 
connection with a business transaction initiated by the 
consumer.
    Any of those would be permissible purposes under the 
statute.
    Chairman Shelby. Not a fishing expedition.
    Mr. Beales. Not a fishing expedition. Not idle curiosity.
    Chairman Shelby. That is prohibited, is it not?
    Mr. Beales. That is prohibited. From the beginning, it has 
been prohibited for a credit reporting agency to provide 
information to somebody without a permissible purpose.
    The 1996 Amendments also prohibited obtaining, the act of 
obtaining a report without a permissible purpose.
    Chairman Shelby. So that begs the question--why do you 
think access to credit reports was limited to those with 
permissible purposes?
    Mr. Beales. I think this is sensitive information.
    Chairman Shelby. Sensitive information. Basically, private 
information.
    Mr. Beales. Basically, private information. And in order to 
protect the consumer's privacy interests, and to balance the 
consumer's privacy interests against the legitimate needs of 
creditors in trying to assess whether or not to grant credit, 
Congress made the decision to enumerate the kinds of purposes 
for which this was a worthwhile use and an acceptable invasion 
of privacy, and eliminate the kinds of uses where there is less 
benefit, but the same invasion of privacy.
    Chairman Shelby. Is target marketing generally considered a 
permissible use?
    And if so, why?
    Mr. Beales. The only circumstance in which target marketing 
is a permissible use is prescreened offers of credit or 
insurance.
    Other than that, target marketing is not a permissible use.
    Chairman Shelby. The structure of the Fair Credit Reporting 
Act reflects decisions of earlier Congresses what weighed and 
balanced--tried to balance--various factors, such as privacy, 
accuracy, and commercial need for credit information.
    Could you revisit the portions of your testimony where you 
identified these considerations and discuss them just for the 
record a bit further?
    Privacy, accuracy, and the commercial need for credit 
information.
    Mr. Beales. The fundamental restriction to protect privacy 
is to restrict the use of information to people who have a 
permissible purpose. Without a permissible purpose, you cannot 
get access to information in credit reports because of the 
concern about privacy.
    To preserve accuracy of the information, the Act has two 
basic provisions, two basic mechanisms. One that requires the 
credit reporting agency to use reasonable procedures to assure 
maximum possible accuracy.
    And two, and maybe more important, it has a notification 
mechanism to consumers. If an adverse decision is based on 
information in a credit report, the consumer, who is in the 
best position to know whether that information is accurate or 
not, is given a notice and is given the opportunity to get 
access to their report in order to determine whether or not 
there are errors that need to be corrected.
    Chairman Shelby. In your written testimony, you cite a 1996 
D.C. Circuit Court case where the court held that a major 
purpose of the Fair Credit Reporting Act, and I will quote: 
``Is the privacy of a consumer's credit-related data.''
    Do you believe that this is an accurate characterization? 
Is privacy a critical concern underlying the Fair Credit 
Reporting Act?
    Mr. Beales. Absolutely.
    Chairman Shelby. Okay.
    Mr. Beales. To balance the privacy interests against the 
legitimate needs for credit reporting and to assure that the 
information is accurate.
    Chairman Shelby. In your written testimony, you point out 
that the 1996 Amendments that you alluded to earlier permitted 
greater sharing of consumer report information by affiliated 
companies.
    To what degree was information-sharing occurring before the 
amendments were passed? And why were the 1996 affiliate-sharing 
amendments needed?
    If you go back prior to 1996, and then after, post-1996.
    Mr. Beales. I think around 1996, and I do not know 
precisely what is before or what is after----
    Chairman Shelby. Okay.
    Mr. Beales. --but it seems to me that the structure of the 
financial services industry was undergoing a lot of change and 
a lot more change was anticipated.
    Those changes in structure led to a lot more affiliation 
relationships where there is common ownership or control of 
different parts of the same, but separate, corporation.
    Chairman Shelby. Also, national in scope, too, wouldn't it 
be?
    Mr. Beales. Absolutely. A lot more national in scope and a 
lot more combinations of what had previously been unrelated 
businesses or businesses that were separated by regulatory 
requirements.
    I think it was that greater combination that led to more 
sharing among affiliates because, from one perspective, there 
is no distinction between being an affiliate and being 
different divisions of the same company.
    In the different divisions case, there is no restriction on 
sharing.
    Chairman Shelby. A legal distinction?
    Mr. Beales. Excuse me?
    Chairman Shelby. A legal distinction?
    Mr. Beales. Sure. There is a legal and organizational 
distinction and it is useful for regulatory purposes like 
confining risks from a particular kind of business or limiting 
the scope of deposit insurance, for example, to the deposit 
base in a bank.
    It is very useful for that purpose.
    Chairman Shelby. What new powers did affiliates obtain 
under the 1996 Amendments that did not exist previous to the 
1996 Amendments?
    Just off the top of your head.
    Mr. Beales. Previous to the 1996 Amendments, if you shared 
information among affiliates, and the information was enough to 
amount to a credit report, then the affiliate that was the 
source would itself be a credit reporting agency and would have 
to comply with the full panoply of requirements of the statute.
    So if the banking arm shared an application with the 
subprime lending arm of the same company, it would itself be a 
consumer reporting agency and subject to all of the other 
requirements of the FCRA.
    After the 1996 Amendments, that kind of information sharing 
was exempted as long as the consumer has the right to say no 
and prevent the information sharing.
    It was exempted from the definition of a consumer report.
    Chairman Shelby. How does that work? You say the consumer, 
as long as the consumer has the right to say no to the sharing.
    Is that at the outset or is it when something comes up?
    Mr. Beales. It could be at either point. What the statutory 
requirement is, is that the consumer be given the right to opt 
out and that opt out or that giving of the right either occur 
up front at the time the relationship is initiated, or it could 
occur at any subsequent point.
    What has happened with Gramm-Leach-Bliley, since Gramm-
Leach-Bliley, is that many companies have provided the notice 
and the opt out for the Fair Credit Reporting Act as part of 
the annual Gramm-Leach-Bliley notice.
    Chairman Shelby. I will get back in another round.
    Senator Carper.

             STATEMENT OF SENATOR THOMAS R. CARPER

    Senator Carper. Thank you, Mr. Chairman.
    And to our witness--do you pronounce your name ``beals''?
    Mr. Beales. Yes, sir.
    Senator Carper. Welcome aboard. As you know, probably 
better than us, when the FCRA was passed by Congress, there was 
a sunset provision that causes us to come back and to revisit 
the issue. That sunset gives us the opportunity to do so.
    I missed your testimony. And I am just going to ask, if you 
will, just to take maybe one minute and say, if there is 
nothing else that you walk out of here remembering that I have 
said, this would be the one or two or three things.
    Can you start with that?
    Mr. Beales. I think this is an important decision. I think 
the way the credit reporting system functions is really vital 
to the functioning of credit markets. And that, in turn, is 
vital to the functioning of the American economy. Consumer 
spending is a huge chunk of the economy.
    I think that this is an important statute that struck a 
very reasonable and time-tested balance between the conflicting 
interests of consumer privacy and the legitimate needs of 
businesses for information. I think it is a balance that has 
stood the test of time since the statute was originally 
enacted. I think the accuracy provisions of the statute are a 
key component. That has been a crucial aspect of our----
    Senator Carper. Could you talk a little bit about that, 
please?
    Mr. Beales, could you hold the microphone--usually, we ask 
people to bring it closer. I am going to ask you to bring it 
further away.
    Thank you. You have a booming voice.
    [Laughter.]
    You could probably get by here without that mic.
    [Laughter.]
    Mr. Beales. Too much time in a classroom.
    [Laughter.]
    Yes, there is two key provisions about accuracy, two key 
mechanisms for providing accuracy.
    The credit reporting agencies themselves are required to 
have reasonable procedures to assure maximum possible accuracy. 
And that is one of the key requirements, to make sure that 
information is correct.
    Maybe more important is the requirement for adverse action 
notices to consumers when a decision is based on information in 
a credit report. That lets the consumer know the source of the 
information was a credit report, where that credit report is, 
and it gives the consumer access to that credit report to 
examine it and see if there is any mistakes.
    And it is the consumer, after all, who is in the best 
position to know and has absolutely the right incentives to try 
to make sure that the information is accurate and reflects 
their credit history 
appropriately.
    Once the consumer indicates that there is a problem, or 
disputes an item, credit bureaus have to reinvestigate, 
furnishers have to reinvestigate, and unless the information 
can be verified as accurate, it has to be deleted.
    But I think that those are the two key mechanisms that 
address accuracy.
    Senator Carper. Let me ask your thoughts on whether or 
not--if we permit December 31 to come and go and we do not 
restore the preemption provisions, what do you think are the 
downsides to our failure to act, and what, if any, are the 
upsides?
    Mr. Beales. The Commission hasn't taken a position on what 
you should do.
    I think that the failure to renew the preemptions runs the 
risk that what is now a national system begins to fragment, 
that it does so in ways that make it harder to share 
information across state lines and within what are increasingly 
national credit markets.
    I believe the potential benefit of allowing the preemption 
to expire, would be letting States innovate with different 
approaches and try out different schemes to try to protect 
consumers or to try to balance these conflicting interests in 
slightly different ways.
    And as I say, the downside of that is we may not like some 
of those experiments and they may interfere with the uniformity 
that we currently enjoy in credit markets.
    Senator Carper. Looking back, I was not here when the 
preemption language was adopted. But why was it adopted?
    Mr. Beales. I was not involved in that debate, either, and 
I do not know.
    Why was it adopted? I think it was in order to assure the 
uniformity of some key aspects of the system. And it certainly 
has accomplished that.
    Senator Carper. Is the rationale for taking that action any 
less relevant or correct today?
    Mr. Beales. I think that remains the benefit of extending 
preemption, is that you assure the continued uniformity of the 
system.
    That, however, limits the ability of States to try other 
approaches and experiment with other approaches that may teach 
us something.
    Senator Carper. All right. My time is expired. Mr. Chairman 
will there be another round?
    Chairman Shelby. Sure.
    Senator Carper. Thank you.
    Chairman Shelby. Senator Dole.
    I think she was here first.
    Senator Dole. Thank you. The average American moves, I am 
told, every 6 years. That is more than two-thirds higher than 
any other country.
    I think you would agree that our national uniform credit 
system plays a significant role in increasing the mobility of 
labor and the ability of consumers to move, while they preserve 
the opportunity to get cheap credit through the portable credit 
system.
    But tell me how important do you think this is to our 
economy?
    Mr. Beales. It is hard to know, and actually, we are very 
much looking forward to some research that is in the works on 
what the consequences would be of losing some kinds of 
information out of the credit reporting system.
    And I think that will be very interesting to see, and we 
will be able to have a much firmer assessment once that 
research is concluded.
    But I think it clearly makes it easier to be able to move 
to a new town and it doesn't matter that there is no one there 
who knows you and can vouch for you, that there is access to a 
credit report from elsewhere with a system that creditors know 
they can depend on to provide accurate and complete information 
upon which to base a decision.
    If you had to go to a separate State or systems, it would 
be far more difficult and far more uncertain for the creditor, 
which in turn would likely get reflected in worse terms offered 
to the consumer.
    Senator Dole. Now, I have heard the case made that other 
modern economies throughout the world, in Europe, in Latin 
America, and Asia, do not have credit reporting systems like 
ours, and that some countries are considering right now 
adapting our system, our credit reporting system, the 
preemptions.
    Can you provide the Committee with some details of how our 
credit reporting information or information-sharing system 
would contrast with other countries', in the G8, for example?
    Mr. Beales. Just speaking generally, and not about any 
particular country, probably, there is two kinds of differences 
between the U.S. system and various foreign systems.
    One, our system is voluntary. In some countries, credit 
reporting is essentially a public utility or provided by the 
government, even in some instances. Our system is voluntary, 
market-driven. It depends on what information furnishers are 
willing to provide to credit bureaus and what information 
credit bureaus think it is important to try to get and provide 
to their customers.
    Second, ours is a system of full-file reporting. Both 
positive and negative information about the consumer is 
reported. A number of other countries only have negative 
information reported.
    What is important about full-file reporting is there is a 
real difference between someone who has no negative information 
because they have never had credit before, and someone who has 
no negative information because they have had credit 
extensively, they have used numerous different accounts, and 
they have always paid them off. Those two people aren't the 
same. But in a system that only reports negative information, 
you cannot tell them apart.
    So the full-file reporting is a really useful feature of 
the American system.
    Senator Dole. And finally, could you just give us a run-
through of what credit card pricing might look like without 
prescreening? Say prior to 1990, compared to today.
    Mr. Beales. It is difficult to attribute causality to any 
of the changes that have happened since 1990. But what credit 
card pricing looked like in 1990 was essentially everybody 
offered an interest rate that was at the legal usury ceiling.
    Cards generally had relatively high annual fees. There were 
no, or virtually no, ancillary benefits. You did not get 
airline miles. You did not get discounts. You did not get free 
insurance.
    What you see today is a wide variety of rates, of credit 
limits, numerous cards with no annual fees, a lot of different 
benefits, whether it is contributions to your favorite charity 
or the ability to display the logo of your school or even cash 
discounts in some cases. And interest rates that reflect much 
more closely the risk that a particular consumer creates or 
poses for the creditor.
    I think prescreening has been an important part of that 
shift. It has been an important competitive weapon, as people 
have entered credit card markets with different kinds of terms.
    But there is also obviously a lot of other changes that 
have happened that have likely influenced those developments as 
well.
    Senator Dole. Okay. Thank you, Mr. Chairman. I think my 
time is expired.
    Chairman Shelby. Thank you.
    Senator Johnson.

                COMMENTS OF SENATOR TIM JOHNSON

    Senator Johnson. Thank you, Mr. Chairman. I have a full 
statement that I would like to submit for the record.
    Chairman Shelby. It will be made a part of the record, 
without objection.
    Senator Johnson. I want to thank the Chairman for holding 
this hearing. Thank you, Mr. Beales, although I have to express 
disappointment that the Administration has, so far, been 
unwilling to exert greater effort at pushing for passage of 
legislation to extend the preemption.
    My own view is that a failure to act on the preemption by 
January 1, 2004, will be utterly disastrous for the economy of 
this country and for consumers all over America.
    A uniform reporting system that could break into as many as 
50 reporting systems, all with different standards, different 
requirements, different procedures, and a credit reporting 
system which in many ways has become a model for the world, 
would be degraded significantly.
    I think that while there are those who want to utilize this 
necessary legislation as a vehicle for taking up other issues, 
and I respect that, I would hope that the Senate will keep a 
close eye on the notion that what is at stake here is access to 
credit.
    And that is the principal reason why we are having this 
debate, and the uniform system, in fact, in full-file reporting 
has enhanced citizens' ability to secure credit, has enhanced 
the ability of financial institutions to make intelligent 
decisions relative to lending.
    Now, Mr. Beales, can you tell us whether this evolution of 
the credit reporting industry and the FCRA has resulted in 
personal credit histories being more portable?
    In other words, if someone applies for credit out of State, 
or moves a residence and applies for credit in their new home 
State, does that create any problems related to credit 
histories or obtaining reliable credit report information under 
what we have now--a uniform, full-file reporting system?
    Mr. Beales. No. I think the current system clearly 
facilitates exactly that kind of transaction. It facilitates a 
bank in California competing for the business of a consumer in 
Florida or Maine, and having reliable information about whether 
that consumer is a good risk or a bad risk.
    It facilitates the ability of that consumer to move from 
Florida or Maine to California and reestablish credit with new 
accounts, with merchants that have never heard of them before, 
because there is a uniform system that provides reliable 
information and creditors know that they can rely on that 
information to make an accurate risk assessment.
    Senator Johnson. So this system, better than a 50 different 
standards system, best facilitates dealing with the problems of 
a very mobile society.
    Would you say that that is a fair statement?
    Mr. Beales. Yes. I mean, I think the uniformity really 
facilitates mobility. I think that is probably right. And that 
is the benefit side of having a uniform system.
    Senator Johnson. And you note in your testimony that a 
Federal Reserve study of credit bureau files found that nearly 
20 percent of currently reported active accounts have been open 
for fewer than 12 months. And you concluded that this number 
illustrates how a national credit system enables creditors to 
make better credit-granting decisions.
    Could you explain that conclusion a bit more and elaborate 
a bit on why those statistics and that uniformity is so key for 
credit-granting decisionmaking?
    Mr. Beales. What we have heard, and I think the point we 
are trying to make was simply this--what we have heard in the 
context of identity theft debates in particular is maybe credit 
shouldn't be so easy.
    I think the point of that statistic is that for a large 
fraction of the population, because they are opening new 
accounts all the time, easy access to credit is an important 
issue, that you do not want to make access to credit more 
difficult, given how many people are opening accounts on an 
ongoing basis.
    Senator Johnson. Do you think there has been enough done to 
investigate and prosecute identity theft crimes? And what are 
some of the impediments to investigating and prosecuting 
identity theft crimes?
    Mr. Beales. We are continuously working to do more to 
provide information to assist law enforcement in prosecuting 
identity theft.
    We are also active in trying to educate consumers as to how 
they can reduce the risks and how they can reduce the 
consequences, and I think that is an important part of it.
    And we are very involved in assisting businesses to try to 
reduce the risks, both from a business education perspective, 
to try to reduce the risks that information that is entrusted 
to them would be used to compromise somebody's identity.
    We have also gone after businesses on security grounds, 
where we thought that there was not sufficient security in 
place to protect sensitive information about the consumer. And 
that, too, has implications for identity theft.
    And we have an ongoing program of training law enforcement 
officials in order to help them better bring identity theft 
kinds of cases.
    Senator Johnson. I notice my time is expired, Mr. Chairman 
I have some other things that I am interested in in terms of 
prescreening and credit cards and how a national system 
facilitates that.
    Chairman Shelby. We will have other rounds.
    Senator Johnson. But I will wait for a later time, and I 
yield back.
    Chairman Shelby. Senator Bunning.

                STATEMENT OF SENATOR JIM BUNNING

    Senator Bunning. Thank you, Mr. Chairman. I have an opening 
statement that I would like to submit for the record.
    Chairman Shelby. It will be made part of the record in its 
entirety, without objection.
    Senator Bunning. Thank you. Since FCRA enactment in 1996, 
did the same number of complaints on FCRA-related issues to the 
FTC increase, decrease, or stay the same?
    Mr. Beales. Our reporting system has changed so much over 
that time period, that I am not sure you could draw comparisons 
from that.
    I do not know, but we would be happy to supply that 
information for the record of what the numbers of complaints 
have been like.
    Senator Bunning. Okay.
    Mr. Beales. But I do want to note that the changes in our 
information system have really made it harder to make those 
comparisons over time.
    Senator Bunning. Do you believe nonpassage of FCRA will 
lead to a Balkanization of privacy laws?
    Mr. Beales. I think it depends on what the States do. One 
can imagine a scenario in which there is no preemption and no 
State action and nothing changes.
    I think it is crucially dependent on what the States do as 
to what the likely impact of not having preemption would be.
    Senator Bunning. In other words, each individual State 
could do their own thing, then.
    Mr. Beales. Right. In the absence of preemption----
    Senator Bunning. Yes.
    Mr. Beales. --each individual State could do their own 
thing. But each individual State could also choose to maintain 
the status quo. And that is the sense in which the consequence 
of not having preemption depends on what kinds of changes 
States try to make, are interested in making, and actually do 
make.
    Senator Bunning. Would you like to venture a guess----
    [Laughter.]
    --about States and preemption?
    Mr. Beales. I think the likelihood is that they would try 
to do various things. Some more sensible than others.
    Senator Bunning. Thank you.
    [Laughter.]
    Do you receive prescreening complaints? If so, did you 
receive more before FCRA enactment, or after?
    Mr. Beales. Prescreening--we do get prescreening 
complaints. My recollection is that we do not get very many of 
them.
    Prescreening is something that, although it was codified in 
1996, under FTC interpretations going back to 1973, 
prescreening was permissible under the Fair Credit Reporting 
Act.
    So there really wasn't any change or wasn't much of a 
change to give rise to a before and after.
    In fact, what the 1996 Amendments did was to codify the 
ability to prescreen and to make it a little bit less 
restrictive in terms of how firm the offer had to be than the 
FTC's staff opinions had been.
    Senator Bunning. Okay. A follow-up--do you believe 
prescreening has helped or hurt the consumer in regards to the 
credit card market?
    Mr. Beales. I think that prescreening has facilitated more 
competitive credit markets, and that that has been very good 
for consumers.
    Senator Bunning. Do you think that it is helped?
    Mr. Beales. Yes, I do.
    Senator Bunning. And you offer as fact, what?
    Mr. Beales. The changes that have occurred in the nature of 
credit card offers----
    Senator Bunning. If you could stop them from coming once a 
day, I would really appreciate it.
    [Laughter.]
    Mr. Beales. You can do that because there is an opt out 
number that will let you opt out of prescreening offers.
    Senator Bunning. That is done statewide, though.
    Mr. Beales. It is done nationwide.
    Senator Bunning. It is done nationwide now?
    Mr. Beales. It is done nationwide. That was part of the 
deal for the codification of the ability to prescreen, was 
every one of those prescreening offers, if you read all the 
fine print in it, tells you that you can opt out and lists the 
numbers.
    It is 888-5-OPTOUT.
    Senator Bunning. 888----
    Mr. Beales. 5-OPTOUT.
    Senator Bunning. --5-OPTOUT.
    Mr. Beales. And that will get you out of all prescreened 
offers.
    Senator Bunning. Thank you.
    [Laughter.]
    Mr. Beales. Glad to be of assistance.
    [Laughter.]
    Senator Bunning. I really appreciate that because once a 
day is too often.
    [Laughter.]
    Thank you, Mr. Chairman.
    Chairman Shelby. Senator Sarbanes.

             STATEMENT OF SENATOR PAUL S. SARBANES

    Senator Sarbanes. Thank you very much, Mr. Chairman.
    First of all, I want to commend you for holding this 
hearing. I know you are planning to hold a comprehensive series 
of hearings on this subject and invite a wide variety of 
interested parties to testify and I look forward to hearing 
from them. But I think it is important to comprehensively 
review this important issue.
    I also should express thanks to the thorough approach at 
the staff level. There have been a number of staff briefings in 
preparation for examining these issues.
    Of course, the preemption provisions of the Fair Credit 
Reporting Act, not the Act itself, just the preemption 
provisions, sunset on January 1, 2004.
    The Fair Credit Reporting Act itself serves an important 
purpose. It helps to ensure privacy of consumer financial data, 
accuracy of credit report information, and fair practices in 
the collection and use of credit information and in credit 
granting.
    This, of course, affects millions of Americans as they 
purchase homes, obtain insurance, seek new lines of credit, 
even apply for some types of jobs.
    Actually, the Fair Credit Reporting Act itself, at its 
core, is a consumer protection statute. Obviously, that is why 
I think it comes under the jurisdiction of the Bureau of 
Consumer Protection of the Federal Trade Commission, which Mr. 
Beales heads up.
    It protects the consumers by regulating the activities of 
credit reporting agencies, defining the responsibilities of 
both the users of consumer reports and those who furnish 
consumer information to credit reporting agencies. And of 
course, it provides important rights to consumers affected by 
such reports.
    The preemption provisions, of course, cover a number of 
areas and as a consequence, some important issues that I 
anticipate we will be addressing during these hearings and 
throughout the reauthorization process, will be the protection 
of consumers' financial privacy, accuracy of credit reports, 
marketing practices of creditors, credit scoring and the use of 
credit scores, fraud and identity theft, and of course, the 
availability and cost of credit.
    Mr. Chairman, I look forward to working with you as we 
embark on this comprehensive set of hearings.
    Now I would like to ask just a couple of questions of the 
witness. I am going to ask some very elemental questions. You 
are the professional. I want you to take us through the 
process.
    I want to get a copy of my credit report and my credit 
score. How do I do it?
    Mr. Beales. To get your credit report, you call one or more 
of the national credit reporting agencies and ask for a copy.
    There is a verification procedure to go through. In some 
cases, it may be easier if you write. And under Federal law, 
you can obtain that report for a fixed price that is set by 
regulation of the Federal Trade Commission, and they will send 
it to you.
    Senator Sarbanes. What is that price?
    Mr. Beales. Nine dollars----
    Senator Sarbanes. Nine dollars.
    Mr. Beales. --is the Federal requirement. Now in some 
States, that report is free. But in other States, the Federal 
law sets the price at $9.
    Senator Sarbanes. And would you counsel me to get a copy of 
my credit report from each of the credit-rating agencies?
    Mr. Beales. If you are facing a major financial decision 
where the quality of your credit is going to be important--if 
you are going to refinance, if you are going to buy a home for 
the first time--I certainly would.
    It is well worthwhile to look at all three credit reports 
and make sure that the information in there is accurate.
    On a routine basis, it depends on whether--absent some 
impending transaction where you know this is going to matter, 
it depends on--it is up to you. It depends on how risk-adverse 
you are and how much you want to worry about how you want to 
balance the difficulty of going through the report and the 
hassle of getting it, against the risks of some inaccurate 
information that might be there.
    If you get notified unexpectedly that there was an adverse 
action, then surely, it is worth your while to look at that 
report.
    Then it is free. And make sure the information is accurate.
    Senator Sarbanes. And how do I get my credit score?
    Mr. Beales. Your credit score may or may not be disclosed. 
It depends on the practices of the credit reporting agency.
    Your credit score, although we talk about it that way, may 
be actually any one of a variety of different proprietary 
products with different lenders, different creditors having 
their own scoring systems that they think work better for them.
    Senator Sarbanes. When I get this instantaneous credit that 
people refer to, that keep the wheels of commerce moving, is it 
the credit score that the creditor relies upon?
    Mr. Beales. The credit score is likely a key part of that.
    Senator Sarbanes. Because it is all--you know, they tell 
you that it is done right away. You are there. You want to make 
this purchase. You want to get a car, so you tell the guy and 
they check it out and the next thing you know, they come back 
and they say, okay, you can go ahead.
    But they must just be working off the credit score in a 
situation like that, aren't they? Or not?
    Mr. Beales. Not necessarily. The way the system works, 
essentially, in all probability, the whole credit report goes--
it is clearly an automated process that the creditor is using 
to decide on the spur of the moment whether to approve or not.
    But that may be an automated system based on the credit 
score. Or it may be a system that is based on a computer 
program that looks at all the information in the file and says, 
yes or no.
    That can happen pretty quickly as well.
    Senator Sarbanes. Mr. Chairman, I see my time has expired.
    Chairman Shelby. If we can suspend for a minute. I told you 
earlier that we are going to proceed with marking up the 
nominations.
    We have a quorum.
    We have before the Committee now some nominations. The 
Committee will meet in Executive Session to consider and 
hopefully vote on a number of nominations pending before the 
Committee.
    The nominees are: Nicholas Mankiw, to be Member of the 
Council of Economic Advisors; Steven B. Nesmith, to be 
Assistant Secretary for Congressional and Intergovernmental 
Relations, U.S. 
Department of Housing and Urban Development; Jose Teran, James 
Broaddus, Lane Carson and Morgan Edwards, to be Members of the 
Board of Directors of the National Institute of Building 
Sciences.
    Each of the nominees appeared before the Committee on May 
13.
    Is there any comment or debate about the nominations?
    [No response.]
    If not, I ask unanimous consent that the nominations be 
considered en bloc.
    [No response.]
    Hearing no objection, so ordered.
    All those in favor of the nominations, say aye.
    [A chorus of ayes.]
    Those opposed, no.
    [No response.]
    The ayes appear to have it and the nominations will be 
favorably reported to the full Senate.
    Thank you for your indulgence.
    Senator Sarbanes. Mr. Chairman, my time has expired.
    Chairman Shelby. Senator Crapo, do you have any questions?
    Senator Crapo. Thank you, Mr. Chairman. I will pass.
    Chairman Shelby. Senator Bennett.

             STATEMENT OF SENATOR ROBERT F. BENNETT

    Senator Bennett. Thank you, Mr. Chairman. And thank you for 
holding this hearing.
    I do not know of many issues quite like this one where a 
number of people whose judgment I respect have come to me and 
said, if we do not extend the preemption section of the Fair 
Credit Reporting Act, there will be serious, serious economic 
consequences. Some have said to me, failure to do that will 
throw the economy back into a recession. No one has been to 
lobby me on the other side, which I find kind of interesting.
    And so, if indeed it is that serious, and Chairman 
Greenspan has indicated that he thinks it might be that 
serious, although he stopped short of predicting a recession--
Chairman Greenspan always stops short of predicting anything 
that specific one way or the other.
    My first question, then, Mr. Beales, is we have had this 
Act in place for 30 years, it was updated 7 years ago in 1996, 
is there any problem that has come up, particularly since 1996 
forward, since that is the most recent change that cries out 
for mediation or that says we have had all of these 
difficulties and it is absolutely essential that we let this 
thing lapse in order to avoid these difficulties?
    Have the last 7 years of history told us that we have a 
challenge here?
    Mr. Beales. I do not see anything in the last 7 years that 
would indicate a significant problem or a compelling reason to 
change, except that the clock has run and the statutory 
provision is expiring.
    There is certainly thing that I would point to to say, 
based on this experience, there is something that you need to 
do differently.
    There may well be places where the balance that the Act 
strikes between privacy and the needs of commerce could be 
struck differently or fine-tuned in various ways. At this 
point, the Commission hasn't made any recommendations for 
changes.
    But there are certainly things that I see that would lead 
me to say that there is a pressing need for change.
    Senator Bennett. When I first came to the Banking 
Committee, one of the issues that we spent a good deal of time 
on was the challenge of making more credit available, 
particularly to minorities.
    We had experts who came in here who had organized banks 
that loaned almost exclusively to minorities. We have had many 
somewhat heated discussions in this Committee about CRA and its 
role in making credit available to minorities.
    If indeed we got the Balkanization you were discussing with 
Senator Bunning, and which many people think would happen, 
wouldn't one side effect of that be to reduce the availability 
of credit to minorities?
    Mr. Beales. If you got significant Balkanization, I think 
it would likely reduce the availability of credit. How 
selective that would be, whether there would be a differential 
impact on minorities versus everybody else, is harder to 
assess, and I think it would ultimately depend on the kinds of 
actions States took and the kinds of restrictions that were put 
in place.
    I am sure there are some restrictions that likely would 
differentially affect minorities or lower-income people and 
their access to credit. There is probably other restrictions 
that States might adopt that would have differential effects 
the other way.
    Senator Bennett. My own sense of things based on all of the 
previous discussion that I referred to is that this probably 
would, in fact, have a chilling effect on credit being 
available to minorities.
    I have a chart here which you cannot discern that far away, 
if for no other reason than that the difference between the 
light gray and the dark gray is absolutely indistinguishable 
more than 10 inches away from the chart.
    So, I have a hard time seeing it myself.
    Senator Sarbanes. That is a very helpful chart.
    Senator Bennett. Yes, very helpful.
    [Laughter.]
    You can see the top bars going up and that is the total 
amount of household credit. And in 1960, it was just under 60 
percent. Now it is over 100 percent.
    However, the lighter area underneath shows the amount of 
consumer credit. The darker part of the bar is mortgage credit. 
And the consumer credit has remained relatively stable in that 
period.
    In 1960, it was at the lowest percentage of household 
income. Looking at this, I would say it was probably at about 
16 percent. It went up maybe to 17 or 18 percent in 1970 and 
stayed there all the way through.
    But now, it has gone up in 2002, a 12-year period, from 
1990 to 2002, to just over 20 percent.
    But mortgage, which is the top part of the bar, has gone up 
very dramatically. In 1960, mortgage credit as a percentage of 
disposable income was less than 40 percent and now it is more 
than 80 percent. So the mortgage portion of household credit 
has gone up enormously.
    Now, I am not suggesting there is a cause-and-effect 
relationship here with the Fair Credit Reporting Act just 
because this is done during that period. We get into trouble 
with that around here because we put up charts that show cause-
and-effect relationship depending upon what point we want to 
make on the floor.
    However, the final question I would ask you is whether or 
not the ability to get a mortgage in a timely fashion would be 
affected adversely if we did not renew the preemption part of 
this bill?
    Mr. Beales. I think it depends. It depends in part on what 
states do. It depends, in part, on the kind of a consumer you 
are.
    If you have never moved and you have lived in one area your 
whole life, then even a completely State-specific system is not 
necessarily going to make much difference to you.
    If you have lived in 20 different places in the last 20 
years, and your credit history is scattered all over across 
lots of different States, and is not accessible across State 
lines because of different State restrictions, it is going to 
have a much more dramatic impact in that circumstance.
    I think what may be the most important part of the statute 
in terms of how it is impacted minority credit in particular, 
or credit at lower incomes, is prescreening that lets creditors 
identify consumers who are good risks and compete for that 
business.
    Senator Bennett. I see my time is expired. But I had 
exactly the experience that Mr. Beales is discussing, Mr. 
Chairman.
    I bought a house in California, having lived in California 
previously, and it was approved virtually in an afternoon.
    Then I had reason to move to the State of Utah, and it took 
me close to 60 days to get this thing approved in the State of 
Utah. And I finally had to have my father go down and wave his 
credit record, which was sterling compared to mine, and cosign 
the loan before we got it taken care of.
    That was before we had the legislation that we are all 
living under.
    So, I have had personal experience with how difficult this 
can be.
    Senator Sarbanes. They are very careful there in Utah.
    [Laughter.]
    Chairman Shelby. Very careful.
    Senator Bennett. Well, they were.
    [Laughter.]
    Chairman Shelby. Senator Miller.

                STATEMENT SENATOR OF ZELL MILLER

    Senator Miller. Thank you, Mr. Chairman.
    Thank you, Mr. Beales.
    This is something that I should know, but I do not.
    There is a lot of things like that.
    [Laughter.]
    But this is one. And I may be the only one in this room 
that doesn't.
    What I am asking is, what exactly is the jurisdiction that 
the FTC--I know what it stands for, Federal Trade Commission--
but what jurisdiction do you have over the Fair Credit 
Reporting Act?
    I know people can call up and get answers to questions and 
that you provide education on the FCRA. I know that you can 
give guidance and advice.
    I assume that somewhere in there, there is also some 
enforcement jurisdiction.
    Is that correct?
    Mr. Beales. That is correct.
    Senator Miller. And if so, talk to me a little bit about 
that.
    Mr. Beales. We are, I would say, the principal enforcement 
agency under the Fair Credit Reporting Act. The credit 
reporting agencies themselves are subject to our jurisdiction.
    Banks that are regulated by other agencies are regulated 
under the Fair Credit Report by those other agencies. But for 
other creditors, we are the chief enforcement agency and the 
chief regulatory agency.
    Senator Miller. And I think you answered this question a 
while ago. You say that you have no legislative remedy that you 
would recommend to the Senate Banking Committee when it comes 
to looking at the FCRA bill.
    Mr. Beales. The Commission has not made any recommendations 
at this point.
    That is correct.
    Senator Miller. Thank you.
    Chairman Shelby. Senator Dodd.

            STATEMENT OF SENATOR CHRISTOPHER J. DODD

    Senator Dodd. Thank you, Mr. Chairman. And thank you for 
holding this hearing. And I support the notion that Senator 
Sarbanes raised and we are going to hear some more later on. 
But I think this is very helpful.
    And I want to commend Mr. Beales, too. Your testimony is 
very, very good, very helpful as well. And I am quite confident 
that we can craft a good piece of legislation.
    On balance, Mr. Chairman, the FCRA has done much to improve 
a formerly fragmented situation that was basically a regional 
system, but now, of course, a national system of credit 
reporting.
    But like several of my colleagues, we have some concerns 
about how consumers are treated under this regime.
    And at least I hope that the Committee will closely examine 
how to better protect consumers as part of this and any 
discussion of reauthorization.
    I am going to send around to my colleagues, the major 
newspaper in my State, the Hartford Courant, has just run a 
series of articles, Mr. Chairman, on the whole credit question.
    I do not know if you have seen these or not at all. Have 
you seen them?
    Mr. Beales. I have, yes.
    Senator Dodd. They are rather good articles, I thought.
    I would be interested, at some point, in your response to 
the suggestions in them, the comments in them. They are rather 
comprehensive.
    Two reporters spent months looking at the issue of fair 
credit reporting, a 4-month investigation, culminating in the 
series I mentioned, which detailed the day-to-day problems that 
consumers face with the current system.
    I am going to send around a package of these articles for 
my colleagues to look at.
    Chairman Shelby. Good.
    Senator Dodd. The articles focus on the devastating effects 
that inaccurate information in credit reports can have on the 
lives of millions of people. Individuals are finding that it 
can take years of time and money to clear the mistakes that 
credit reporting agencies are making. And after finally 
improving the inaccuracy of their reports, many consumers are 
then left footing the bill in recovering from the damages 
caused from their records.
    As America's financial consumers have more credit options 
available to them, and as the mass of improvements in 
technology have occurred, I am concerned that the credit 
reporting system and the regulations that govern it may not 
have kept pace to ensure a corresponding level of accuracy.
    I think we can do a better job ensuring the consumer's 
financial picture is more accurately kept and that the process 
to correct mistakes is faster and easier for consumers.
    Additionally, I think that we can improve the current 
privacy protections available to consumers.
    Consumers are concerned that no significant changes will be 
made to the current system. According to the same article that 
I mentioned, cracks in the system continue to put millions at 
risk.
    We need to fill those cracks. I think we all want to do 
that, with the national credit reporting system, and shore up 
its foundation.
    I thank the Chairman again for holding the hearing.
    Let me ask, if I can, a couple of things. One is, in 
response to Senator Miller and I guess previous questions, you 
have indicated that you do not believe there is any greater 
statutory needs that you would have to address the inaccuracy 
issue.
    Is that correct?
    Mr. Beales. I think the fundamental accuracy mechanisms in 
the statute have, by and large, worked pretty well. I think it 
is just in the processes, as many transactions as the credit 
reporting system does, is almost inevitably going to sometimes 
make mistakes. And what is really important is to have a 
mechanism to correct those mistakes when they occur.
    I think the mechanism that is there, by and large, works 
pretty well, although, it doesn't work perfectly in every 
instance.
    Senator Dodd. How many complaints does the FTC get a month, 
roughly, of this kind?
    Mr. Beales. I do not have a specific number. We get 
probably--well, this is probably annual. We probably get 
several thousand complaints about each of the three credit 
bureaus.
    Senator Dodd. On a monthly basis?
    Mr. Beales. That is probably annual.
    Senator Dodd. Several thousand.
    Mr. Beales. Yes.
    Senator Dodd. What categories do they fall into, roughly 
speaking? Identity theft? Credit card? Inaccuracies?
    Mr. Beales. Those are accuracy complaints.
    What you have to understand in thinking about the accuracy 
complaints that we get, and we do not have any independent 
assessment of whether the information is really accurate about 
who's right in this dispute. We know there is a dispute.
    And we do know because we get complaints from them, that 
there are some consumers who do not understand the way the 
system works. They think that if they were behind on their 
payments and that was reported, but they are now current, that 
the fact that they were behind should go away.
    But that is not inaccurate. They were, in fact, behind. 
That information is part of the credit report, and stays there, 
but it sometimes leads to disputes because consumers do not 
understand that that is the way the system works, and is 
designed to work.
    Senator Dodd. Is there a breakdown between credit 
furnishers and the reporting agencies themselves? Do you see 
any evidence of that?
    Mr. Beales. We have been very interested in what the 
furnishers are doing. We have brought the first furnisher cases 
that are based on furnisher liability, in order to assure that 
furnishers are providing accurate information.
    Where we, frankly, have seen the most difficulties is with 
the information reported by debt collectors, rather than the 
information reported by other kinds of creditors.
    But we are quite interested in furnisher issues across the 
board as an enforcement priority.
    Senator Dodd. And you say that you have had a chance to 
look at those articles in the Hartford Courant.
    What is your reaction to them?
    Mr. Beales. The potential consequences of mistakes in 
credit reports are very severe. I think that is why this 
statute is important and why the set of statutory protections 
to correct mistakes is very important.
    It is why we have made the enforcement of those mechanisms, 
both furnisher liability and of the adverse action notices, why 
we have made those key priorities in our FCRA enforcement 
efforts.
    I think that is the main point, that the accuracy is really 
a critical issues.
    Senator Dodd. I appreciate that. I might, Mr. Chairman ask 
if maybe we could get some numbers, if you could. I would just 
be curious about the number of complaints you get and if you 
could give a little more accurate breakdown of what categories 
they'd fall, it might be helpful to the Committee.
    Mr. Beales. Sure. We would be happy to do that.
    Chairman Shelby. I think that is an excellent suggestion.
    Senator Dodd. Thank you.
    Thank you very much, Mr. Chairman.
    Chairman Shelby. Senator Stabenow.

              STATEMENT OF SENATOR DEBBIE STABENOW

    Senator Stabenow. Thank you, Mr. Chairman.
    First, I do have an opening statement that I would 
appreciate be made a part of the record.
    Chairman Shelby. It will be made a part of the record in 
its entirety, without objection.
    Senator Stabenow. Thank you very much for holding this 
hearing. And thank you, Mr. Beales. It is an important topic.
    I wonder if I might just follow up on the questions as it 
relates to consumers. Earlier, Senator Bunning was asking you 
for the toll-free number.
    I am wondering, that really leads me to a question 
concerning the opt out provisions. And we know, for every 
prescreened credit offer, there has to be a notice of the 
consumer's right to opt out.
    Could you speak a little bit about how that is working? Do 
people understand it? Do others, other than Senators, not know 
the toll-free number?
    I did not know it, either.
    But, also, do they understand how to do it correctly? How 
is this working, overall?
    Mr. Beales. We do not have any systematic assessment of how 
many consumers know or do not know. Or how much they know about 
exactly how to go about it.
    There are disclosures that are supposed to be provided with 
every prescreened offer that you get of how to do it and what 
number to call. But there is a lot of information there, and a 
lot of other information about the offer and the terms of the 
offer that probably makes it hard to find in a great many 
circumstances.
    It is not something where we get a lot of complaints, I do 
not believe. From that perspective, the system seems to be 
working.
    But I am sure there are consumers who do not know that they 
can opt out, some of whom may prefer to opt out.
    Senator Stabenow. And what percentage of consumers are 
opting out?
    Mr. Beales. That I do not know.
    Senator Stabenow. So, you do not have any way of tracking 
this point, how many opt out, what percentage?
    Mr. Beales. The system is maintained by the three credit 
bureaus and they would be able to tell you how many people have 
in fact opted out, I mean, how many people are on the list.
    But we do not have that information.
    Senator Stabenow. Okay. And would you make any changes from 
your perspective in how that is working, that whole process for 
consumers?
    Mr. Beales. As I say, the Commission doesn't have 
legislative recommendations at this time. I do not think we 
have seen anything that has seemed to us to be a particular 
problem in that area, that really needs to be fixed.
    Senator Stabenow. Okay. Thank you very much.
    Chairman Shelby. Thank you, Senator.
    I want to go back to the issue of credit report accuracy.
    Is there an acceptable tolerance level for errors, and what 
is that, if there is? In a risk-based system, there has to be 
some tolerance, but what is the threshold?
    Mr. Beales. The statutory standard focuses on procedures, 
reasonable procedures to assure the maximum possible accuracy.
    It doesn't set a numerical threshold. Even if the error 
rate is very low, if it is cheap to fix, you should fix it. But 
if it is really difficult to fix or really expensive to fix, if 
there is no reasonable way to correct it, or no reasonable 
procedure that would prevent it, then that would be acceptable 
under the statutory standard.
    But it is not a numerical threshold. It is a balance of----
    Chairman Shelby. How would you--excuse me a minute. You 
said if there is no reasonable way to fix it. But what if it 
were so prevalent, it called for fixing?
    I am not saying it is, but you said if there is no 
reasonable way to fix it. First of all, assuming that the 
number of errors are small, we understand that.
    Mr. Beales. Let me back up because I think what I should 
have said is, there is no reasonable way to prevent it.
    Chairman Shelby. Okay.
    Mr. Beales. Because if there is an error and it is called 
to your attention, you have to fix it.
    Period. End of story.
    Chairman Shelby. That is correct.
    Because accuracy is important.
    Mr. Beales. Because accuracy is important. Absolutely.
    Chairman Shelby. Right.
    Mr. Beales. But the reasonable procedures focus on what 
kinds of steps can you put in place to keep that from happening 
in the first place?
    Chairman Shelby. Is there any way to gauge what is or 
should be an acceptable error rate? You said that they do not 
do it statistically.
    In other words, you do not do it numerically. You do not 
say that the error rate is--I am just throwing this out there--
3 percent or 5 percent or one-half of 1 percent or one-
hundredth of 1 percent.
    Is that what you were saying a minute ago, that you do not 
gauge that?
    Mr. Beales. There is no bright-line standard in the statute 
of what is acceptable. Even if the error rate was a hundredth 
of a percent, if you could avoid that for free, then under the 
statute, you have to do that.
    It is a question of what kinds of costs do you have to 
incur, what is reasonable to do to avoid that particular error.
    Chairman Shelby. I think Senator Dodd asked you the 
question of, something to the effect, how many complaints did 
you have at the Federal Trade Commission a year? And you said, 
around 2,000, more or less, on a yearly basis.
    Mr. Beales. Per credit bureau.
    Chairman Shelby. Per credit bureau. Six thousand? Three 
credit bureaus?
    Mr. Beales. I think it is probably a bigger number than 
that.
    Chairman Shelby. A larger number.
    Mr. Beales. Let us get you the precise number.
    Chairman Shelby. Can you furnish that for the record 
because we are building on it.
    Mr. Beales. Yes, sir.
    Chairman Shelby. What are the considerations or trade-offs 
involved in the calculation of an acceptable rate of error?
    For example, maintaining as much participation as possible 
within a voluntary furnisher system versus accurate record of 
consumer credit history, and ultimately, the appropriate 
pricing of credit.
    Accuracy goes to the very heart of all of this. And it 
would seem to me that not only would the credit bureau, or 
whatever, but also the credit-checker, would want their reports 
to be accurate.
    The user of that information--let's say it is a mortgage 
company or a bank or something--they would certainly want it to 
be accurate, wouldn't they?
    Mr. Beales. They certainly would. I think everybody in the 
system, consumers, users, credit bureaus, benefits from 
accuracy.
    I think that is absolutely right.
    Chairman Shelby. Benefits from accuracy, starting with the 
consumer on.
    Risk-based credit pricing--I think Senator Sarbanes alluded 
to that earlier. I think that we all recognize the many 
positive, and there are many, developments associated with 
technological advancement.
    Technology has made our credit markets remarkably 
responsive to consumer demand, as Senator Bennett would have 
shown us with a bigger chart, right?
    [Laughter.]
    Senator Bennett. Right. Colored chart.
    Chairman Shelby. Yes, a larger chart. That said, just to 
get a handle on just where technology has taken our credit 
markets, could you explain or expand a little on the use of 
risk-based pricing and how much more prevalent its use today 
versus 1996 and 1971, if you could?
    Mr. Beales. I cannot do it in a quantitative way, but 
clearly, qualitatively, there has been substantial change. I 
think particularly in 1970, at the time the statute was first 
passed, the dominant model and the way most credit decisions 
were made was you applied for credit that was available on a 
fixed set of terms and you were either approved or denied on 
that same fixed set of terms.
    I think probably the predominant model today is you apply 
for credit. The terms--sometimes you are accepted or rejected. 
But with growing frequency, the terms you are offered, whether 
it is the interest rate or the credit limit or some other 
aspect of the credit arrangement, depend on the risk that that 
individual borrower presents.
    And the higher the risk, the worse the terms.
    Chairman Shelby. Sure.
    Mr. Beales. That is a much more common model today than it 
was. Certainly in 1970, the information-processing technology 
and the information-sharing technology simply wasn't in place 
to support that kind of system on any very large scale.
    Now it is. Now it is done. It is much more differentiated 
pricing of credit and insurance products based on the risks 
that a particular consumer may pose.
    Chairman Shelby. I think the use of risk-based pricing 
offers numerous benefits to consumers. You alluded to that. 
Credit is now offered to many people who were previously deemed 
unqualified. Hence, his chart a minute ago, I think.
    And credit pricing is much more tailored now to each 
individual, more so than it used to be.
    Would that be a fair assessment.
    Mr. Beales. I think that is correct, yes.
    Chairman Shelby. But the use of risk-based pricing also 
raises issues about the continued effectiveness of some aspects 
of the Fair Credit Reporting Act.
    You mentioned, if you want to refer to your written 
testimony, how accuracy, and I will quote:``Was, and remains a 
core goal of the Fair Credit Reporting Act.''
    You then indicate and I will quote:``Adverse action 
notices. . .are a key mechanism for maintaining accuracy.''
    With the use of risk-based scoring, however, a consumer may 
qualify for credit, but not at the best terms.
    By not making an outright rejection, creditors as I 
understand the system--do not have to send an adverse action 
notice and credit applicants may then never become aware of the 
need to examine their credit reports.
    Does this cause you any concern about the continuing 
relevance of the adverse action process?
    For example--let me see if I understand it.
    Let's say they check my credit and I do not have A number 
one credit like Senator Bennett's father or like he would have 
liked to have had. Right? And they come back and instead of 
telling me that, they say, we will offer you something based on 
the risk.
    Is that the way they do that? The credit risk as they 
perceive my credit, rather than an outright rejection.
    Mr. Beales. Yes. And that is a counter-offer.
    Chairman Shelby. Yes, it is a counter-offer. Explain how 
that works. That avoids the necessity of the adverse----
    Mr. Beales. It depends on what you do with it at that 
point.
    Chairman Shelby. Sure.
    Mr. Beales. If you reject the counter-offer, then that is 
adverse action.
    Chairman Shelby. That is right.
    Mr. Beales. And if it is based, in part, on a credit 
report, they have to tell you.
    Chairman Shelby. Sure.
    Mr. Beales. If you accept the counter-offer, then, because 
adverse action is tied to the definition of adverse action 
under the Equal Credit Opportunity Act, then there is no 
adverse action because you got the credit that you wanted.
    Chairman Shelby. You got the credit maybe not that you 
initially wanted, but you got a deal and took it.
    Right?
    Mr. Beales. That is right. I think that raises a difficult 
trade-off. We are thinking about the issue, but we do not have 
a recommendation.
    Chairman Shelby. Tell us how you are thinking about it.
    Mr. Beales. Yes, sir.
    Chairman Shelby. Just for the record.
    Mr. Beales. On one hand, if you are not getting the best 
terms, and that is based on the credit report, you need to get 
notice.
    Chairman Shelby. Maybe I wouldn't deserve the best terms.
    Mr. Beales. That is right. You may not get the best terms 
based on accurate information rather than inaccurate 
information.
    But if it is based on inaccurate information, you need the 
notice to trigger your right to look at the file.
    But in a pure, risk-based system, where the best person out 
there gets the best price, and everybody else gets somewhat 
worse terms--if you think of it at that extreme----
    Chairman Shelby. But everything's a risk. It should be 
based--if it is based on risk, somebody's more creditworthy and 
has worked hard, diligently to pay their bills, as opposed to, 
say I hadn't, they should be rewarded, should they not?
    Mr. Beales. They should. I agree with that completely.
    Chairman Shelby. Because they are less of a risk, say, than 
I would be.
    Mr. Beales. I agree with that completely. But if you say, 
well, giving less than the best terms is in some sense an 
adverse action, and we have said that about insurance where 
there is not the linkage--if you get insurance on less than the 
best terms, we have said that is adverse action and you have to 
give notice.
    But in a completely risk-based system, that means everybody 
gets notice all the time, except the best risk. And that 
degrades the notice because it no longer serves the function of 
saying, there may be something unusual here, which it does now, 
and it does under the present system.
    And there is a balance between giving notice when people 
need it and not overwhelming people with notices that say there 
might be something in your credit report, because you could say 
that to everybody all the time.
    Chairman Shelby. Sure. But going back to what I mentioned, 
and you mentioned in your testimony earlier, risk must be 
gauged accurately, as best we can.
    Mr. Beales. Certainly.
    Chairman Shelby. That is what the system is about, is not 
it?
    Mr. Beales. Certainly.
    Chairman Shelby. Is gauging the risk as accurately--and you 
gauge it accurately based on the information that you pull up, 
do not you?
    Mr. Beales. That is right.
    Chairman Shelby. Or should.
    Mr. Beales. That is why the availability of information is 
important and it is why the accuracy of the information that is 
provided is important, because it gives you a better gauge of 
what the risk really is.
    Chairman Shelby. Are there more or less adverse action 
notices now than before?
    In other words, are there more counter-offers?
    Mr. Beales. there is offsetting influences. I think there 
is more counter-offers that are accepted and that would push it 
down. But there is more credit, and that would mean more 
denials.
    Chairman Shelby. Can you furnish that information for the 
record to the Committee?
    Mr. Beales. I doubt if we have it. But if we know, we will 
be happy to furnish it for the record. We will see if we have 
it.
    Senator Bennett. Than before what?
    Chairman Shelby. We are talking about before, let's say, 
1971. Let's say 1996, the 1996 Amendments.
    The timeframe. Before the 1996.
    Senator Bennett. No. I want to see the benchmark.
    Chairman Shelby. I amended my question.
    Before 1996 and after 1996.
    Mr. Beales. Okay. My suspicion is that we do not have any 
information to answer that question. But we will look, and if 
we do, we will certainly provide it.
    Chairman Shelby. The use of risk-based pricing is what we 
are getting at.
    Technology has made it much easier to transfer, as we all 
know, massive amounts of information and data, thereby 
increasing the capability of credit reporting systems in many 
ways.
    We benefit from that.
    Can you comment on whether or not technology has enhanced 
the overall accuracy of credit reports? And do you have 
anything at the FTC--have you done a study on that?
    Mr. Beales. We have not done a study on that.
    Chairman Shelby. It should be more accurate, shouldn't it?
    Mr. Beales. I think technology has clearly enhanced the 
speed of the reinvestigation process. It is made it possible to 
reinvestigate, I mean, just the automated information exchange.
    Chairman Shelby. It is the reaction to something.
    Mr. Beales. Yes, yes. But the technology has made possible 
automated information exchange both to get the information, to 
report back to the furnisher that there is a dispute, and then 
for the furnisher to report back the truth.
    That can all happen much quicker than it used to.
    We do not know of any objective measure of how accurate the 
information is in credit reports that would be available over 
time to say firmly whether it is more or less accurate, what is 
actually been the trend in accuracy.
    Chairman Shelby. Senator Sarbanes.
    Senator Sarbanes. I will be very brief. I just want to make 
sure that I understand the statutory framework that we are 
dealing with here.
    As I understand it, under FCRA, most State credit reporting 
laws are not preempted unless there is a specific inconsistency 
between the FCRA and the State law. And that we have also 
enumerated certain exceptions in which there is a preemption of 
any State law differing with the Federal provision.
    Is that correct?
    Mr. Beales. Yes, sir.
    Senator Sarbanes. Okay. Now, if the preemption were allowed 
to expire, you testified earlier that you might anticipate that 
States might act in one or another of these areas in which they 
heretofore have been preempted.
    Presumably, if you were asked, you could indicate the areas 
that you thought were most likely in which State action might 
take place if they weren't blocked out from doing so because of 
the preemption requirements.
    Would that be the case?
    Mr. Beales. One could look--there is an analysis like this 
that has been done that I am not familiar with the details of.
    One could look at the kinds of proposals that have been 
made in State legislatures and get some sense of where the 
States might be active and where they might not.
    Senator Sarbanes. Who did that analysis to which you made 
reference?
    Mr. Beales. It was done by the Information Policy 
Institute. This is the study that is ongoing on the effects of 
losing different kinds of information from the credit reporting 
system.
    Senator Sarbanes. Could you provide that study to us?
    Mr. Beales. It is not complete yet. I believe their 
intention is to provide it to you as soon as it is complete.
    Senator Sarbanes. And one could take this list of what 
might be anticipated if there were not preemption and look it 
over and make some judgment as to which of those possible 
actions seem to be worthy in terms of protecting the consumer 
interest.
    And those standards could be incorporated into the Federal 
law, could they not?
    Mr. Beales. Certainly. Certainly.
    Senator Sarbanes. That would maintain a national uniform 
system with respect to credit, so you would not have this 
fractionating that people are talking about, but would, in 
effect, constitute a reexamination of the preemption areas in 
terms of making a judgment whether we were fully keeping ahead 
of what needed to be done to provide reasonable consumer 
protection.
    Could we not engage in such a process?
    Mr. Beales. You certainly could.
    Senator Sarbanes. Does the FTC have any plans to do so?
    Mr. Beales. We have had an ongoing process of trying to 
look at what kinds of changes might make sense, where balances 
might be struck differently.
    And at this point, the staff has not made any 
recommendations to the Commission and the Commission doesn't 
have any recommendations.
    But it is something that we are very interested in. It 
certainly is an alternative to change nothing, is to strike a 
slightly different but still uniform national balance between 
the conflicting interests.
    Senator Sarbanes. This supposed conflict between the 
consumer protection, particularly responding to new and changed 
circum-
stances, and a uniform national market, need not be any 
conflict at all if the consumer protection is provided to a 
national standard.
    Would that be correct?
    Mr. Beales. I think if it is done uniformly by Congress, 
and preemptively, so that it is not subject to another round of 
changes that States would make subsequently, then, clearly, 
that would preserve the uniform market and the question would 
be, is that particular change a good change or not?
    Senator Sarbanes. Yes, the reasonableness of the change.
    Mr. Beales. Right.
    Senator Sarbanes. But that would get you away from this, it 
seems to me, some effort that is being made as though we only 
have a Hobson's choice here.
    Chairman Shelby. Right. Exactly.
    Senator Sarbanes. Between fractionating the uniform market 
or addressing some of the problems that consumers are 
encountering, which, upon a reasonable examination, one could 
conclude something needs to be done about them. And that would 
be a way of doing something about them and sustaining the 
uniform national market.
    Is that not the case?
    Mr. Beales. That is the case. For Congress to make a 
different but uniform change would certainly do that.
    Senator Sarbanes. Thank you very much, Mr. Chairman.
    Chairman Shelby. Senator Bennett.
    Senator Bennett. Thank you. Mr. Beales, I do not quite 
understand the market for the services of the three providers.
    There are now only three credit bureaus that you go to?
    Mr. Beales. There are three large repositories. There are 
hundreds of credit bureaus. Most of them are small credit 
bureaus for purposes of the Act. Most of them are small and 
local or specialized in some particular market in some way.
    But there are three that qualify under the Act as, 
``national credit bureaus.''
    Senator Bennett. So as far as we are concerned, there are 
really only three.
    Mr. Beales. For most purposes, that is right.
    Senator Bennett. You do not oversee the others.
    Mr. Beales. We do.
    Senator Bennett. Oh, you do.
    Mr. Beales. We do. And we have brought cases involving some 
of the others. Resellers, for example, are regulated as credit 
bureaus.
    I think, in thinking about the statute, it is important to 
remember that there are all the others because sometimes things 
that would make sense for the big three wouldn't work at all 
for some of the other people.
    And that is why they are important.
    Senator Bennett. That is very helpful. And I hadn't 
understood that before.
    Can you provide us for the record with a breakdown of 
volume between the big three, if we can call them that, and 
then all of these others?
    What percentage of the volume of credit reporting is 
involved with the others, if you have it off the top of your 
head? If not, you can provide it.
    Mr. Beales. I do not. We will look and see if we can 
provide it.
    If it we can provide it, it will be from industry data and 
not from anything we know.
    Senator Bennett. Okay.
    Mr. Beales. But we would be happy to look and see whether--
--
    Senator Bennett. What would you be surprised if it were 
more than?
    Mr. Beales. I do not know if there is a more than that 
would surprise me.
    [Laughter.]
    In terms of volume, it clearly is dominated by the big 
three.
    Senator Bennett. Okay.
    Mr. Beales. The others are specialized and important in 
their own way, but they are small players in the overall 
market.
    Senator Bennett. Okay. Let's deal with those three, then.
    All right. I am a retailer. In addition to taking Visa 
cards and MasterCard and Discover card and all of these others 
who have taken a lot of the burden of my credit operation away 
from me, I nonetheless maintain an in-house credit operation. I 
offer credit to my customers.
    On what basis would I make a choice between the three? Is 
there, indeed, viable competition between them? And does that 
competition--to tell you where I am going--does that 
competition drive them, each one, to be more accurate than the 
other two, more responsive than the other two, prettier 
reports, fancier colors? What is the competition between the 
three of them?
    Mr. Beales. I think the competition is mostly about the 
breadth and depth of the information that they can provide, 
that it is based on--and different bureaus have made different 
choices about where they try hardest to build relationships 
with furnishers, who are ultimately the source of data.
    One bureau may have stronger relationships in one 
geographic area than in another and a different bureau may have 
adopted a different competitive strategy.
    Senator Bennett. Is there any evidence of users switching 
from one to the other, deciding that the services from credit 
reporting agency A somehow do not meet my needs as well? Are 
there salesmen calling on users to say, switch to my brand?
    Again, what I am driving toward is that if there is, 
indeed, a market competition here, it is going to drive each 
one to be as accurate as possible because the worst thing you 
could do, it would seem to me, would be to be in the business 
of reporting credit information and be wrong and thus lose 
customers.
    Now, do, in fact, customers shift and move from one to the 
other?
    Mr. Beales. I think customers do shift and move. I think 
there is competition in this market in a very effective way. I 
think there are market incentives for accuracy and the 
competitive pressures are part of it.
    However, I also think creditors care much more about some 
kinds of mistakes than others. They really do not want to miss 
bad information because, if they do, then they are going to get 
burned with losses.
    It matters less to the creditors who are buying the reports 
if they are missing good information about you because they are 
not going to suffer losses in the same magnitude.
    So, I think there is a role for Federal oversight, for 
regulatory oversight of accuracy. But I think there are also 
important market incentives to keep the information as accurate 
as possible.
    Senator Bennett. Okay. Thank you very much. I am a great 
believer in the market and the power of the market. And I think 
that may be a greater policeman--I am going to lose this user 
if I do not do a good job--than, gee, I have to check with my 
lawyer to make sure that I am complying with every one of the 
regulations out of the FTC.
    Chairman Shelby. Senator Schumer.

            STATEMENT OF SENATOR CHARLES E. SCHUMER

    Senator Schumer. Thank you, Mr. Chairman. I want to thank 
you for holding these hearings. You have been involved in this 
issue a long time.
    Back in 1995, I guess, you and Senator Bond, the bill that 
you sponsored, set the stage for all of this. And I thank you 
for that.
    This area seems dull to people. But the bottom line is that 
probably the credit markets have more effect on people than the 
equity markets, even though we spend a lot more time on the 
equity markets around here.
    So, I think it is an important hearing and we have to be 
really careful about it.
    Just to make a point, I think it would be really bad to 
fractionalize these markets. We all know that. There should be 
a national market.
    My view, an attempt to make it better, that risks 
fractionalizing them, and you have to be real careful. But that 
doesn't mean that, as you keep the markets national, you cannot 
improve a bit of regulation.
    I do not think we have that much variation here, although I 
would warn my colleagues, in an attempt to open up, to move 
into new areas, if we risk not keeping this Act intact, we run 
a real danger.
    I take it that you would agree with that.
    Mr. Beales. The Commission hasn't taken a position on 
preemption or not. I think the risks of fractionalization are 
very real.
    Senator Schumer. What would outweigh them in a national 
credit market, other than the fact that the Commission hasn't 
taken a position?
    [Laughter.]
    Mr. Beales. I think there are benefits from State 
experimentation, if you will, in different approaches that may 
work better in some particulars. And I think that is the trade-
off.
    And as I say, the staff hasn't made a recommendation. The 
Commission hasn't taken a position on how we think that balance 
should be struck at this point.
    Senator Schumer. And do you think the two are 
irreconcilable, that you cannot have a national law and still 
allow some State experimentation?
    Mr. Beales. no, I do not think they are irreconcilable. And 
I think the existing statute allows State experimentation in 
many areas. But not in some.
    Senator Schumer. And are there any that come to mind where 
we should allow experimentation where we do not now?
    Mr. Beales. Among the existing preemptions?
    Senator Schumer. Yes.
    Mr. Beales. No, there is none in particular I would single 
out.
    Senator Schumer. Good. You also, I guess, and this relates 
to the question I was asking--I think you would agree--well, 
let's quote Chairman Greenspan, somebody I have a lot of 
respect for.
    He says:

    Limits on the flow of information among financial market 
participants or increased costs resulting from restrictions 
that differ based on geography, may lead to an increase in 
price or a reduction in the availability of credit, as well as 
a reduction in the optimal sharing of risk and reward.
    As a result, I would support making permanent the provision 
currently in the Fair Credit Reporting Act that provides for 
uniform Federal rules governing various matters covered by the 
FCRA and would not support allowing different State laws in 
this area.

    Now, as a careful student of Greenspan-speak, on that one, 
there is not a lot of Paul Volcker cigar smoke floating around.
    [Laughter.]
    He's pretty clear. Do you--again, I am not asking you to 
the outcome here, given the constraints of the Commission. But 
do you share his concern that limits on information flow could, 
``Lead to an increase in price or a reduction in the 
availability of credit?''
    Mr. Beales. That is certainly the risk. The Commission's 
testimony quotes Chairman Greenspan saying essentially that, 
minus the conclusion.
    I think we agree that that is the risk. That is what is at 
stake here.
    Senator Schumer. Okay. Let me ask you about two specific 
issues that I care about, that we might, as we look forward on 
FCRA, want to involve ourselves with. I, at least, will be 
careful about the admonition that we do not want to let this 
whole deal lapse.
    Identity theft. On this one, I have been very concerned 
with identity theft. We have had a lot of problems in my State 
with it.
    But you can look at the glass being half full or half empty 
in terms of FCRA as it relates to identity theft. Some would 
say that our credit reporting system makes it easy to steal 
identities. And others would say that the system makes it 
easier to detect, catch, and remedy identity theft.
    Do you have a view on that?
    Mr. Beales. I think there is important senses in which they 
are both right.
    I think the regulatory approach that the FCRA strikes is, I 
think, exactly the right approach that we need to take to think 
about identity theft.
    We need to be able to share this information. It is 
important in many areas. But we need to try to restrict the 
uses to which that information is put.
    The problem of identity theft is the wrong people get 
information and use it for the wrong purposes. But, I think 
that the need to share that information for legitimate 
purposes, including to prevent and detect identity theft, is 
crucial.
    Senator Schumer. Okay. And what about on making more 
transparent the credit score?
    Senator Allard and I, in the last Congress, introduced 
legislation to do this. It was supported by lots of the 
lenders, and we are planning to do it again. So that if a 
mistake is made on your credit score or something is wrong with 
it, that you get to see it, can get to challenge it, like we do 
in so many other areas.
    What is your view on that kind of improving, in my 
judgment, that would improve legislation to allow people to see 
what goes into their credit score?
    Right now, they have no way of even knowing if there is a 
mistake. It befuddles lots of people, and lots of lenders.
    Mr. Beales. I think the key is the accuracy of the 
underlying information because the algorithm that converts the 
information in your file into a score is essentially a little 
bit of computer code that does what it is going to do and 
weighs the different information appropriately.
    Senator Schumer. Sure.
    Mr. Beales. And consumers can look at the information that 
is the basis for that and correct the inaccuracies at that 
level. And that, in fact, is ultimately what they have to do.
    Whether they know the score or not, whether or not they 
know the algorithm or not, the only way to fix it is to correct 
the mistake in the underlying information that gave rise to the 
erroneous score.
    I think what is hard about more information about scores is 
scores are different. You may have different scores for 
different creditors and provided in different ways.
    Senator Schumer. Different scores sometimes for the same 
creditor, too.
    Mr. Beales. Perhaps.
    Senator Schumer. For different groups.
    Mr. Beales. For different models or different groups, 
absolutely.
    Senator Schumer. But the system really is not working well 
now, I do not think.
    Do you think it is? Do you think consumers right now, under 
the present system, really have the ability to correct errors, 
unless they spend a whole lot of time and effort on it and it 
is beyond their ken?
    Mr. Beales. I believe there is some difficulty in 
correcting errors. It is not the easiest thing in the world to 
do. I think that is right.
    I think it is a system that, as best we can tell, mostly 
works. It doesn't work perfectly all the time. The mechanisms 
to provide and assure accuracy we think are really important. 
And we have worked very hard on the enforcement side to try to 
make sure that they are in place and followed.
    Senator Schumer. Okay. I had one more question, Mr. 
Chairman I am trying to find it here.
    [Pause.]
    Oh, yes. One of the great debates we have always had in 
this Committee is privacy rights, which again is a lot easier 
to talk about in the abstract. And when you get into the 
specifics and see the push and pull, I do not think it is as 
clear and as easy.
    But it has been a great concern, I know, to the Chairman 
and to me. We had this debate on Gramm-Leach-Bliley.
    And so, my final question to you is, should we, do you 
think, address larger issues in a reauthorization of FCRA, like 
identity theft, which I mentioned, but privacy in particular?
    Or should we not?
    You know, we could say, Gramm-Leach-Bliley is new. We 
struck a balance there. Let's not go into other areas or let's 
not change what we have done.
    Mr. Beales. We have always thought that the FCRA is 
fundamentally a privacy statute. And in that sense, you cannot 
avoid addressing those parts of privacy because that is what 
the FCRA is all about. That is one of its key objectives.
    I think, frankly, that that part of privacy is complicated 
enough, that it will likely keep you very busy in trying to 
figure out what is the best answer here.
    There are some parts and some of the identity theft issues 
may be like this, that are so intimately related to the FCRA, 
that they should be part of that process.
    But from my own perspective, the more it can be kept 
confined, the easier it is to deal with. And it is hard enough 
to deal with as it is.
    Senator Schumer. Do you know if the Administration has a 
view on this? This is a key national issue and it is hard to 
figure out what they think in terms of FCRA and privacy.
    Mr. Beales. I do not believe that the Administration has 
taken a position as yet.
    Senator Schumer. Do you think they ever will?
    Mr. Beales. Yes, I think they will.
    Senator Schumer. Okay. Good.
    Thank you, Mr. Chairman.
    Chairman Shelby. Thank you. What is your sense as to the 
general level of public awareness with regard to things like 
the content of credit reports?
    This is picking up a little on what Senator Schumer was 
into.
    In other words, you are the average person in America. What 
is your general awareness regarding the content of their credit 
report?
    Mr. Beales. I think it is something that most people 
probably never think about. I think if you ask them questions, 
most people would have a reasonable sense of some of the core 
elements, that their payment history is in there.
    Chairman Shelby. If they do not, they should.
    Mr. Beales. If they do not, they should. We have a wide 
variety of consumer educational materials to try to enhance 
consumers' understanding of what is there and why it matters. 
But we do not have any measures of what they actually know.
    Chairman Shelby. How can you disseminate information to the 
consumer--that is all of us, not just in this room, but all of 
us--to let us understand what credit scores are and how they 
are used?
    You have a computer model out there to rate all of this. 
This is risk-based credit-scoring, in a way.
    Right?
    Mr. Beales. Yes, it is.
    Chairman Shelby. You have a risk-based system. And the more 
the consumer knows about how they are being rated, even if it 
is complicated, the better off they'd be, wouldn't they, in the 
long run?
    The more information a consumer knows about things that are 
rated that affects their lives, their credit and so forth.
    Mr. Beales. In general, I certainly think that is right. I 
mean, I think the complication in credit-scoring kinds of 
models in particular is--you do not want consumers to be able 
to play games with the system.
    Chairman Shelby. Absolutely.
    Mr. Beales. That would affect the validity of the 
underlying model.
    Chairman Shelby. I am not talking about playing games. I am 
talking about just being aware.
    Senator Schumer. Mr. Chairman.
    Chairman Shelby. Yes, sir.
    Senator Schumer. I just want to back him up. From what I am 
told, some credit scores, if you have 10 credit cards, even 
though you paid each one, you will end up with a different 
credit score than if you have two.
    Why shouldn't the consumer know that and let it go in? Yes, 
when you ask consumers or even the people representing them, 
why they got the following credit score, nobody has any idea.
    Sure, you can get all your data about everything, but you 
do not know what went into it or where there might be a mistake 
and where there is not.
    I am glad you brought it up, Mr. Chairman.
    Chairman Shelby. The scoring, Senator Schumer, as you well 
know, affects millions and millions of Americans' credit.
    Senator Schumer. Yes.
    Chairman Shelby. And I would say the average American, for 
lack of better information on my part, has no clue as to how 
their credit is rated, based on this computer model.
    Senator Schumer. And they cannot get it.
    Chairman Shelby. And they cannot get it.
    Senator Schumer. That is the bill that Senator Allard and I 
are trying----
    Chairman Shelby. That is what we are both talking about.
    Mr. Beales. Yes, I understand that. And I think there have 
been a variety of changes in the industry to try to provide 
consumers with more information about what goes into that score 
in a big-picture sense and how it is computed and why it 
matters.
    We certainly have consumer education that tries to do the 
same thing.
    But I think, as you point out, the specifics of what goes 
into a score depends on which score you are talking about 
because different people use different models.
    Chairman Shelby. That is exactly the point he was making.
    Mr. Beales. That look at different information.
    Chairman Shelby. Do the three credit, the big credit 
houses, do they score--do they have a different model to score?
    Mr. Beales. There is an industry leader, Fair Issacs, that 
produces the FICO score. That is probably what most people 
think of as credit scores.
    Both users and I believe, I am not sure to what extent, but 
both users and some credit bureaus have their own proprietary 
scoring models that do things a little differently that they 
think give a better perspective on risk.
    Chairman Shelby. But it depends. If a consumer depends on 
what credit house that evaluated their credit, depends on how 
their credit is rated, perhaps, based on the model of assessing 
their risk?
    Mr. Beales. people differ--I mean, creditors differ. And 
the extent to which they use just the score, there are 
creditors who build their business around what they think is 
their ability to differentiate the risks they face and the 
risks that customers pose more finely than the standard scoring 
model.
    Chairman Shelby. That is underwriting, is not it, to a 
certain extent. You are evaluating this risk here based on the 
credit, based on, say if there is a property or something, a 
mortgage, location of the property, everything that goes with 
it, the appraisal of the property.
    Mr. Beales. In a sense, it is underwriting. It is also the 
initial credit decision.
    Chairman Shelby. Yes.
    Mr. Beales. And to take a group of consumers--and there are 
powerful competitive incentives to do this--but to take a group 
of consumers who may have the same credit score and to try and 
spread them out in terms of those consumers, which ones are the 
higher risk and which ones are the lower risk.
    So it is really difficult to talk about. Your payment 
history at this store over this period of time is an objective 
fact that doesn't change. And we can make sure that that is 
accurate in the credit report, and we can.
    But your credit score depends on the model, depends on the 
creditor, and it depends on the underlying information.
    I agree consumers should understand much more about how it 
is done. But it is much more complicated to try to explain and 
to try to verify than the straightforward fact about a 
particular piece of paper.
    Chairman Shelby. Should we have some type of uniform model 
adopted in the industry or industry-wide, rather than two or 
three different ones that bring different results?
    Mr. Beales. I think not. I mean that would, in essence, be 
regulating the degree of credit risk that different lenders can 
take on.
    Senator Schumer. But----
    Chairman Shelby. Go ahead, Senator.
    Senator Schumer. Thank you. I would agree with you that we 
shouldn't say what model. That is competition. But I do not see 
why it shouldn't be transparent how the score came out.
    My experience is, and you have said something a little 
contradictory, so maybe I do not understand it well enough. I 
apply for a mortgage. My neighbor applies for a mortgage. And I 
just happen to know that I did not get it because my credit 
score wasn't good enough, and he did. We live on the same 
street in, let's say, Levittown, identical house. And I go over 
my mistakes in my credit history and I ask him, and it seems 
the same. And there is no way to really find out why I got 
lower than him and what I could do to correct it.
    And I go a step further. I also think that if a mistake was 
made, like they say I missed a payment, but it was Jon Smith, 
not John Smith, that there is virtually no way that I can 
figure that out unless I have more information than the law 
allows me to.
    Am I wrong about that?
    Mr. Beales. I think you can figure out the payment because 
you know, and presumably, can verify from your own records, 
hey, wait a minute. I wasn't late. I made my mortgage payment 
on time, or I made that payment on time.
    Senator Schumer. The credit company, if they are using the 
last 5 years of mortgage payments and not the last ten, will 
tell me?
    At least my experience with this is it is a little more 
complicated than you are making it out.
    Yes, I know I did not miss a payment in 1992. But I do not 
know if that is part of the formula and my credit score thinks 
I did.
    Mr. Beales. Okay.
    Senator Schumer. Follow me?
    Mr. Beales. I guess what I am saying is, if you have the 
payment history right, if the payment history shows up in the 
credit report correctly, and that information is all accurate 
and you know whether that information is accurate or not, then 
I do not think we have ever heard of a case where the numerical 
calculation to convert that information to a score had an error 
in it.
    Computers are pretty good at arithmetic.
    Senator Schumer. No, no, that is not what I am saying.
    Mr. Beales. The problems are the accuracy of the underlying 
data.
    Senator Schumer. Yes, and there is no way of you knowing 
whether that underlying data is correct or not right now.
    Isn't that true?
    Mr. Beales. No. The underlying data is your credit report. 
And that information, you can know whether it is correct or 
not.
    Senator Schumer. But I don't know what exactly is going 
into it.
    Mr. Beales. You do not know exactly which pieces matter. 
That is certainly correct. But if all of the information there 
is accurate, then it is not going to affect your credit score.
    The other thing, in the credit denial, if you get denied, 
under the Equal Credit Opportunity Act, you get an adverse 
action notice for that purpose as well. And it will identify 
the top four reasons for that denial, the four things that most 
contributed to your credit score being too low.
    Senator Schumer. And then if I find one of them is 
inaccurate and I wrote the credit company, they will correct 
it?
    Mr. Beales. When you notify the credit reporting agency, 
that triggers the reinvestigation requirement. They have to go 
back to whoever furnished that information. The furnisher 
either has to verify the information or delete it.
    Senator Schumer. And does that happen?
    Mr. Beales. Yes, sir, it does.
    Senator Schumer. Are there times when it doesn't?
    Mr. Beales. Undoubtedly.
    Senator Schumer. Which is more?
    [Laughter.]
    Mr. Beales. We think it happens far more often than it 
doesn't.
    Senator Schumer. Do we have data on that to know?
    I am sorry, Mr. Chairman.
    Chairman Shelby. No. I think what you are getting into is 
very important.
    Mr. Beales. I have seen data--there is an enormous number 
of corrections that get made, of changes that get made.
    Senator Schumer. I just find when you talk to your typical 
mortgagor, when you talk to his real estate broker, his bank, 
her bank, there is huge dissatisfaction with the mystery of 
this system.
    And it is not just some theoretical need to know, that it 
creates--everyone scratches their head and cannot figure out a 
whole lot of the outcomes here.
    Am I wrong about that? The realtors made this one of their 
big issues. They weren't doing it because everything is working 
right.
    Mr. Beales. I think what has tended to happen in response 
to participants in the process being frustrated by not 
understanding as much as they wanted to, is that more 
information has been provided over time.
    Whether that frustration is still there or not, I do not 
know. That is not something that we experience on an ongoing 
basis. But I think the fundamental answer of trying to explain 
this system to consumers better, is exactly the right one. And 
that is what we try to do in our consumer education materials.
    Senator Schumer. Thank you, Mr. Chairman.
    Chairman Shelby. Could we say, as far as scores go, there 
is pervasive use and limited consumer understanding?
    Obviously, I bet there is not two people in this room, 
maybe five, that would explain--maybe the credit bureau people 
here--but that could explain that scoring.
    Senator Schumer. Maybe one of them brought the little black 
box.
    Chairman Shelby. Yes, the little black box.
    [Laughter.]
    So, I think the case has been made for very limited, at 
least at this period--we will have more hearings--but for 
limited consumer understanding of how they are scored.
    Mr. Beales. I think they certainly do not understand the 
details of how their scores are calculated.
    What credit scoring replaced was a system that was 
essentially judgmental, which I think was, if anything, less 
transparent to consumers.
    Chairman Shelby. This is judgmental, too. It is just done 
by computer.
    Right? It is based on a model of so and so.
    Mr. Beales. It is based on objective data, as opposed to 
being based on my personal assessment of you and whether you 
are a good credit risk or not.
    Chairman Shelby. I did not say it was good or bad. It may 
be a big improvement. I am just saying it is still a judgment 
is made.
    Mr. Beales. Yes, I think that is right.
    Chairman Shelby. By an individual or by a computer.
    Mr. Beales. The judgment is made based on actual experience 
analyzed in a statistically rigorous fashion.
    Chairman Shelby. And no human flesh.
    Mr. Beales. Right, as opposed to my opinion based on 
whatever it might be based on.
    Chairman Shelby. Senator Sarbanes mentioned earlier that we 
balance all interest legislatively, or try to balance.
    That is part of the legislative process.
    We have talked about preemption, the merits of it, the 
problems with it, and so forth. But he asked you, as I 
understood it, could this be balanced?
    Could the case be made--I am talking up here and later--for 
preemption which would benefit the creditors, benefit the 
consumers, ultimately, our national system, and at the same 
time, a standard for the consumers, you know, improve the 
standard for the consumers on notice and a lot of other things. 
Identity theft concerns and so forth.
    Mr. Beales. I think, certainly, that that can be done.
    Chairman Shelby. Balancing the interest, is it not?
    Mr. Beales. It is a balancing of the interests. And we have 
tried on an ongoing basis to assess whether there are problems, 
where there may be the possibility for improvements that would 
make the system work better.
    That, presumably, if you did not extend preemption, 
presumably, that is the process that individual States would go 
through.
    But you can do that here, too.
    Chairman Shelby. And the possibility of Balkanization, 
doesn't it?
    Mr. Beales. Yes, it does. You can do it here and have it 
uniform and an improvement as well, if in fact the particular 
change is an improvement.
    Chairman Shelby. Your testimony is made part of the record 
and then some of your oral testimony here, is full of 
references to the dynamic nature of the credit markets.
    How do you make sure that the FCRA, the Fair Credit 
Reporting Act, legal regime and the interests that it is 
supposed to balance and protect, stays abreast, stays up with 
the real-world developments in these markets?
    And what are your views as to the adequacy of the current 
regulatory structure? Is the Commission that you work with, the 

enforcement authority enough, or is there a need to expand your 
role to provide you with rulemaking authority? Are there other 
ways that we should consider to build in greater flexibility to 
help you do your job?
    Mr. Beales. The Commission has not taken a position at this 
point about rulemaking authority for the Commission. I think, 
generically, it is a good practice for regulators and it is 
good practice for the Congress to periodically review how 
regulations and regulatory schemes fit with the real world and 
whether they need to be adapted in light of underlying changes.
    Chairman Shelby. Okay. We appreciate your appearance here 
today. We look forward to working with you, and we thank you.
    Mr. Beales. We thank you.
    Chairman Shelby. The hearing is adjourned.
    [Whereupon, at 4:35 p.m., the hearing was adjourned.]
    [Prepared statements, response to written questions, and 
additional material supplied for the record follow:]

              PREPARED STATEMENT OF SENATOR ELIZABETH DOLE

    I would like to thank both you and Ranking Member Sarbanes for 
agreeing to hold this hearing on the issues raised by the 
reauthorization of the Fair Credit 
Reporting Act. Enacted in 1970, the Fair Credit Reporting Act has 
served an important role in this Nation. In the time since its first 
passage it is astounding to consider the fundamental changes which have 
occurred in our credit system. In 1970, credit card charges over $20 
required the store owner to call the creditor and have a staffer go 
through a card catalog system to approve the transaction. Today, it 
takes just seconds, even when you are on the other side of the world. 
While we take this innovation for granted it demonstrates how 
fundamentally our system of payments has changed.
    In addition, the benefits of the Fair Credit Reporting Act have 
also been responsible for many of the advancements in how we choose 
financial products which best meet our needs. A system of fairly and 
rapidly assessing an individuals financial responsibility ensures that 
people can have quick access to competitive offers for credit, 
insurance, or other financial products. Clearly, our current credit 
system has been one of our Nation's best assets to benefiting 
individuals at every level of the economic ladder. This unprecedented 
access to credit combined with the low cost for credit realized through 
the efficiencies produced by law have created new opportunities for 
people who have never had access to credit before. No longer is 
collateral essential in qualifying for a loan, people can now raise 
themselves on the ladder of economic success simply by proving that 
they can responsibly handle their financial affairs.
    Given this opportunity to reauthorize the Fair Credit Reporting 
Act, we must 
ensure that our actions do not result in increases in the cost of 
credit and lower access to credit. To do so could have harmful effects 
on our recovering economy. At the same time we must ensure that the law 
applies to everyone fairly and that the system to protect consumers 
against questionable material on credit reports operates efficiently 
and effectively.
    I look forward to hearing the thoughts and observations of our 
witness and to working with all of my colleagues on the Committee as we 
reauthorize this very important law this year.
    Thank you.

                               ----------

               PREPARED STATEMENT OF SENATOR TIM JOHNSON

    Chairman Shelby, thank you for holding today's hearing on the Fair 
Credit 
Reporting Act. While FCRA is not exactly a household name, our Nation's 
credit-granting system is one of the bright points in our otherwise 
lackluster economy. Outstanding consumer credit has grown from $556 
billion in 1970 when FCRA was 
enacted to $7 trillion today, accounting for over two-thirds of U.S. 
gross domestic product. Which is why today's hearing is so timely. 
Unless we act by the end of the year to reauthorize FCRA's preemption 
provisions, we risk striking a terrible blow to our economy by our 
inaction.
    As today's witness has noted in his very thoughtful written 
testimony, ``the consumer reporting industry, furnishers, and users can 
all rely on the uniform framework of the FCRA in what has become a 
complex, nationwide business of making consumer credit available to a 
diverse, mobile American public.'' Yet if we fail to act by January 1, 
2004, this uniform reporting system could break into as many as 50 
credit reporting systems, all with different standards, different 
requirements, and different procedures.
    Most people do not know much about our credit reporting system 
because it works so well. It does not occur to people to learn about 
what goes into a credit report until they get turned down for credit. 
And under the FCRA, those who do get turned down receive all the 
protections that come with a so-called ``adverse action.'' They have 
the right to a free credit report; they have the right to dispute what 
information is contained in that report; they have the right to a quick 
investigation of the information; and they have the right to a timely 
correction. And those rights apply to everyone, regardless of whether 
they live in South Dakota or Alabama.
    Full-file credit reports are unique to the United States. Unlike 
other countries, where only consumers with negative credit history have 
any kind of record, our system encourages data furnishers to report 
both negative and positive credit history, all on a voluntary basis. 
This information allows lenders to make informed decisions about a 
given consumer's credit risk and to make better lending decisions.
    These decisions are good for consumers in a variety of ways. For 
some, full-file reporting may allow a lender to take a chance on a 
consumer whose positive credit history may offset a past credit 
impairment. For others, more complete information may help a lender to 
decide not to extend more credit than a consumer can handle.
    By the same token, full-file reporting helps lenders make sensible 
decisions that keep our financial institutions safe and sound. Poor 
lending decisions affect all of us through institutional instability 
and an increased cost of credit.
    Other elements of FCRA are also critical to our credit-granting 
system. For example, in the modern economy, it's important to maintain 
a nationwide standard under which corporate affiliates may share 
information. Experts such as Chairman Greenspan have emphasized the 
need for national businesses, which serve customers in all 50 States, 
to have uniform standards across those 50 States. Failure to maintain 
this uniformity would jeopardize many of the efficiencies gained 
through information technology and wider consumer choice.
    Mr. Chairman, I believe that a uniform national credit reporting 
system must be maintained, which is why I introduced the Economic 
Opportunity Protection Act of 2003, S. 660, which would extend the 
preemption provisions currently contained in FCRA.
    At the same time, I commend you for holding the first in what I 
hope will be a series of hearings on the FCRA. As Congress noted when 
it created the FCRA, consumer credit ``is dependent upon fair and 
accurate credit reporting.'' Therefore, it is appropriate for Congress 
to look at whether the statute is working properly and whether any of 
the provisions need to be amended to reflect changes in the 
marketplace.
    I understand many on this Committee and in the Administration have 
a particular interest in identity theft, and I share this concern. In 
fact, I believe that a uniform national credit reporting system, if 
used properly, can be one of our most effective weapons to combat this 
growing problem. I hope as part of this year's discussion about FCRA, 
we can work together to develop solutions to what is a relatively new, 
yet extremely damaging, crime.
    That said, I am disappointed that the Administration has yet to 
develop a position on this critical issue. It appears the Federal Trade 
Commission is also unwilling to tell this Committee its position on 
whether it is important to maintain a uniform national standard for our 
credit reporting system. I would urge the Administration over the 
coming weeks to devote more attention to the imminent expiration of 
FCRA preemption provisions and to develop a recommendation that can 
inform Congress' deliberation on this issue.
    Mr. Chairman, I look forward to today's testimony.

                               ----------

               PREPARED STATEMENT OF SENATOR JIM BUNNING

    I would like to thank you, Mr. Chairman, for holding this very 
important hearing and I would like to thank our witness for testifying 
today.
    Today, we have the first of a number of hearings on the Fair Credit 
Reauthorization Act. As we all know, FCRA is a huge issue for the 
financial industry and consumer groups. There are some who think we 
need to pass a clean FCRA, some who think we should pass FCRA but with 
additional privacy and identity theft protections and some who think 
privacy decisions would be left to the States. I believe these hearings 
will be a great help to Members in deciding which is the best course of 
action to take.
    I have been involved in the privacy debate for a number of years. 
During the early 1990's, I worked with the Kentucky General Assembly to 
remove the Social Security number for Kentucky drivers' licenses. In 
the House, as Chairman of the Social Security Subcommittee of the Ways 
and Means Committee, I led the effort to stop the Social Security 
Administration from posting SSA earnings online. And of course, all of 
us who were on this Committee in 1999 were deeply involved in privacy 
issues during Gramm-Leach-Bliley.
    I certainly believe more can be done to prevent identity theft. I 
would like to see more restricted use of the Social Security number. I 
would like to see those who have had the privacy stolen to have better 
means to get their credit problems fixed. And I, like everyone else, 
would like to stop getting flooded with mail and getting solicitation 
calls during dinner.
    But I have another concern. I am very concerned about this economy. 
I am very worried about the possibility of a double-dip recession. I 
know that puts me at odds with more optimistic economic experts, like 
Chairman Greenspan, but we have disagreed before. We are not growing 
like we can, and we are not creating jobs. There are many reasons for 
this. I believe Chairman Greenspan acted way to slow to cut rates back 
in early 2001. He should have cut them in the fall of 2000. The 
corporate governance scandals have hurt trust in the markets. Sarbanes-
Oxley and other actions have helped, but it will take a long time for 
corporate America to rebuild that trust. September 11, had a 
devastating effect on our economy. The two wars we have had since then 
have also not helped.
    The reason why most of these events have been so harmful to this 
economy is because they have created uncertainty in our markets. If 
there is one thing that shakes the markets, it is uncertainty. I am 
afraid that talk of not renewing FCRA is creating a lot of uncertainty 
in the financial markets. If we have 50 different privacy standards, it 
will be difficult for financial companies to sell their products 
nationwide. If counties and municipalities get in the act, and some 
already have, it will be even more difficult.
    I think it is crucial that we pass an FCRA extension this year. We 
must bring some certainty back to the markets if we are ever going to 
grow this economy and prevent a double-dip.
    Again, Mr. Chairman, thank you for holding this important oversight 
hearing.

                               ----------

             PREPARED STATEMENT OF SENATOR DEBBIE STABENOW

    Thank you, Mr. Chairman. I will be brief because I want to get 
quickly to our witness today. I appreciate your calling this hearing 
and I hope that we, as a Committee, will move quickly to address the 
expiring provisions of the Fair Credit Reporting Act.
    This session of Congress is going to move quickly and with just 
over 14 actual work weeks left before our target adjournment, the 
sooner we can began to move, the greater chances of having a thorough 
debate and passing the must-do legislation behind today's hearing.
    The FCRA has served our country well over the past 33 years. 
Indeed, as a result of the statue, the improved access to consumers' 
previous credit-related behavior has allowed creditors all over the 
country to extend credit more quickly and priced on appropriate risk. 
People with low-credit risks as a result of FCRA can now get lower 
rates and those with higher risks can now get credit with higher rates 
when previously they would have probably just been denied any credit at 
all. In addition, we no longer have to wait days and days or even weeks 
to get credit decisions. We can get them instantaneously. Furthermore, 
credit scoring models have taken much of the arbitrariness and guess 
work out of extending credit. All of this makes our economy more 
efficient saving time and allowing us to allocate the costs of 
borrowing appropriately.
    Mr. Chairman, I believe we should do everything we can to bolster 
the system we have in place today. I hope as we reexamine the FCRA we 
will be careful to take no actions that would undermine or limit the 
effective and appropriate sharing of credit information. I also hope 
that we would make sure that consumers have full information about and 
absolute control over their personal credit information. We should also 
ensure that there are appropriate privacy safeguards under our law.
    I commend you for your leadership on this issue, Mr. Chairman, as 
well as others on our Committee such as Senator Tim Johnson who has 
taken an active interest and has his own legislation dealing with FCRA. 
I look forward to working with all of my colleagues as we take up the 
reauthorization of the expiring provisions of the FCRA and I look 
forward to our FTC witness, before us today.
    Thank you.

                               ----------

              PREPARED STATEMENT OF J. HOWARD BEALES, III
 Director, Bureau of Consumer Protection, U.S. Federal Trade Commision
                              May 15, 2003

Introduction
    Mr. Chairman and Members of the Committee, my name is Howard 
Beales, and I am Director of the Bureau of Consumer Protection of the 
Federal Trade Commission (Commission or FTC). I am pleased to have this 
opportunity to provide background on the Fair Credit Reporting Act 
(FCRA).\1\ The Commission has played a central role in interpreting and 
enforcing the FCRA since the law was enacted in 1970. I appreciate the 
opportunity to discuss the FCRA and its role in regulating credit 
report information.
---------------------------------------------------------------------------
    \1\ While the views expressed in this statement represent the views 
of the Commission, my oral presentation and responses to questions are 
my own and do not necessarily reflect the views of the Commission or 
any individual Commissioner.
---------------------------------------------------------------------------
Consumer Credit Reporting
    The development of consumer credit was a phenomenon of the post-
World War II years. Prior to that time, consumer credit relationships 
were largely personal because many consumers lived in one place all 
their lives and dealt only with local merchants and banks. After World 
War II, the American population grew and became vastly more mobile. 
Consumer credit also exploded for many reasons, including pent-up 
demand for consumer goods and services and fading of the cash-only 
Depression psychology. At the same time there was an increased demand 
for homeownership. In response, the Government supported the growth of 
a long-term consumer credit market. For all these reasons, the amount 
of consumer credit outstanding has grown exponentially.\2\ Indeed, 
consumer spending accounts for over two-thirds of U.S. gross domestic 
product and consumer credit markets drive U.S. economic growth.\3\
---------------------------------------------------------------------------
    \2\ In 1946, the beginning of the post-war period, total 
outstanding consumer credit stood at $55 billion; by 1970, the time of 
enactment of the FCRA, it had grown to $556 billion. [Figures adjusted 
for inflation.] Today it is $7 trillion. See Fred H. Cate, Robert E. 
Litan, Michael Staten, and Peter Wallison, ``Financial Privacy, 
Consumer Prosperity, and the Public Good: Maintaining the Balance,'' 
AEI-Brookings Joint Center for Regulatory Studies, March 2003, at 1.
    \3\ Id. at 8.
---------------------------------------------------------------------------
    The credit reporting industry developed in tandem with the 
burgeoning of consumer credit. Early on, credit reporting was local or 
regional and relatively unsophisticated; the amount of information 
collected was limited and not standardized. Credit bureaus (consumer 
reporting agencies) \4\ manually recorded consumer information on index 
cards, updated irregularly, and often retained indefinitely. Over time, 
however, small credit bureaus grew to become large repositories of 
information on consumers.\5\
---------------------------------------------------------------------------
    \4\ ``Consumer reporting agency'' is the term used in the FCRA, and 
reflects the fact that consumer information is collected and reported 
for a variety of purposes in addition to credit transactions. In common 
terminology, however, the agencies are known as ``credit bureaus'' or 
``credit reporting agencies.'' (Similarly, ``credit report'' and 
``credit history'' are commonly used nontechnical terms for ``consumer 
report.'') The term ``repository'' is most often reserved for the 
large, national bureaus that collect and store information on over 190 
million consumers. The ``repository'' agencies, in turn, are sometimes 
referred to as the ``big three,'' in recognition of the three major 
companies that have predominated for several years--Equifax, Experian, 
and TransUnion. A fourth company, Innovis Data Services (an affiliate 
of CBC Companies), also maintains ``a national database of consumers 
with unfavorable current or past credit histories.'' See http://
www.innovis-cbc.com/products.htm.
    \5\ For a more complete recitation of the early history of the 
consumer reporting industry, see Retail Credit Co., 92 F.T.C. 1 at 134-
36 (1978).
---------------------------------------------------------------------------
    Today, the credit reporting system, consisting primarily of three 
main credit bureau repositories, contains data on as many as 1.5 
billion credit accounts held by approximately 190 million 
individuals.\6\ Creditors and others voluntarily submit this 
information to centralized, nationwide repositories. Lenders analyze 
this data and other information to develop sophisticated predictive 
models to assess risk, as reflected in the consumer's credit score.\7\ 
The flow of information enables credit grantors to make more 
expeditious and accurate credit decisions, which benefits consumers as 
a whole. These benefits are illustrated by a study of credit bureau 
files that found that nearly 20 percent of the currently reported 
active accounts had been open for less than 12 months.\8\
---------------------------------------------------------------------------
    \6\ See ``An Overview of Consumer Data and Credit Reporting,'' 
Federal Reserve Bulletin, February 2003, at 49.
    \7\ Scoring products are based on analyses of historical consumer 
credit data, which allow creditors to develop models that help them 
predict the risk of default of a particular consumer. (The products are 
thus sometimes referred to as ``risk scores'' or ``credit scores.'') 
When the consumer applies for credit or other goods or services, the 
scoring programs that are developed from the complex analysis of past 
data compare the scoring factors to the individual information of the 
particular consumer, with the result reflected in a score that is 
generated for that application.
    \8\ See ``An Overview of Consumer Data and Credit Reporting,'' 
Federal Reserve Bulletin, February 2003, at 52, table 2 (``All credit 
accounts and balances. . .'').
---------------------------------------------------------------------------
    The modernization of credit reporting has played a key role in 
providing American consumers rapid access to consumer credit. It was 
not that many years ago that applying for credit required a personal 
visit to a loan officer. The loan officer, if he did not know you 
personally, contacted your references, including other creditors, 
before making a decision on your application. If you were new to the 
community or applying for credit for the first time, you might get 
turned down or be approved for only a small, entry-level loan. The 
decision would often take days and would be based solely on the 
judgment of the loan officer.
    By contrast, consumers today can use the Internet from the comfort 
of their home to comparison shop for a wide array of credit products 
and get a virtually instantaneous offer, including rate and other 
terms. Or, they can obtain a five-figure loan from an auto dealer they 
have never been to before and drive a car away from the showroom the 
same day. In each instance, their eligibility for the lowest rate or 
most favorable terms depends on a sophisticated credit scoring system 
that produces rapid, reliable scores based on information from a 
consumer report.
    Chairman Greenspan of the Board of Governors of the Federal Reserve 
System put it well when he recently testified that ``. . .there is just 
no question that unless we have some major sophisticated system of 
credit evaluation continuously updated, we will have very great 
difficulty in maintaining the level of consumer credit currently 
available because clearly, without the information that comes from 
various credit bureaus and other sources, lenders would have to impose 
an additional risk premium because of the uncertainty before they make 
such loans or may, indeed, choose not to make those loans at all. So it 
is clearly in the interests of consumers to have information 
continuously flowing into these markets. It keeps credit available to 
everybody, including the most marginal buyers. It keeps interest rates 
lower than they would otherwise be because the uncertainties which 
would be required otherwise will not be there.'' \9\
---------------------------------------------------------------------------
    \9\ Remarks following testimony by Alan Greenspan, Chairman of the 
Board of Governors of the Federal Reserve System, April 30, 2003, House 
Financial Services Committee, at 12.
---------------------------------------------------------------------------
    Before describing some of the primary elements of the FCRA, let me 
describe briefly how the consumer reporting system works in this 
country today. Creditors voluntarily report account histories to 
consumer reporting agencies.\10\ Typically, creditors report full 
account payment information, both ``positive'' information that the 
account is current, as well as ``negative'' information, such as 
delinquencies and collection accounts.\11\ This contrasts with 
practices in some other countries (and, indeed, with some credit 
bureaus in the early years of their development in this country) where 
only negative payment history is reported.\12\
---------------------------------------------------------------------------
    \10\ Each of the three national credit reporting companies receives 
more than 2 billion items of information each month. See ``An Overview 
of Consumer Data and Credit Reporting,'' Federal Reserve Bulletin, 
February 2003, at 49.
    \11\ Although the majority of creditors report full account 
information, some types of accounts are typically reported only when 
the payment history turns negative, most often when the debt is 
transferred to a debt collector. Accounts related to medical debts, 
telecommunications, and power companies are the most common examples. 
See ``An Overview of Consumer Data and Credit Reporting,'' Federal 
Reserve Bulletin, February 2003, at 50, 68. To the extent that 
consumers have positive payment history only from nontraditional credit 
such as rent and utilities, this may limit their access to credit.
    \12\ See, e.g., The World Bank, ``World Development Report 2002,'' 
at 95 (2002); John M. Barron and Michael Staten, ``The Value of 
Comprehensive Credit Reports: Lessons from the U.S. Experience,'' at 
14, available online at http://www.privacyalliance.org/resources/
staten.pdf (2000) (comparing the United States comprehensive credit 
reporting system to the Australian negative-information-only system).
---------------------------------------------------------------------------
    Although the credit reporting industry has developed uniform 
reporting formats and methods,\13\ not all creditors necessarily report 
to all major repositories. Moreover, credit reporting agencies have 
different schedules and procedures to augment individual consumer files 
with updated data from creditors. Consumer reporting agencies also 
obtain information from other sources, such as public record data. For 
all of these reasons, at any given point in time, each of the credit 
reports on an individual as supplied by the three major repositories 
may contain somewhat different information.\14\ As a result, in the 
residential mortgage market, for example, creditors use credit reports 
produced by resellers who consolidate the data available from the three 
major repositories.
---------------------------------------------------------------------------
    \13\ See http://www.cdiaonline.org/data.cfm for information on the 
uniform reporting format utilized by most creditors and other 
furnishers of information to consumer reporting agencies.
    \14\ See ``An Overview of Consumer Data and Credit Reporting,'' 
Federal Reserve Bulletin, February 2003, at 50-51, 70-71.
---------------------------------------------------------------------------
    When a consumer applies for credit, lenders obtain consumer reports 
by providing identifying information on the consumer to the credit 
bureau. The credit bureau provides a full report listing all accounts 
and payment histories and/or a credit score, which is a numerical 
classification based on information in the consumer report.\15\ The 
credit agencies also handle other functions (including those required 
by the FCRA, such as responding to consumer disputes) through uniform 
industry 
processes.\16\ The importance of these additional functions has grown 
along with concerns about identity theft,\17\ because credit reporting 
agencies play a major role in limiting the damage and correcting the 
fraudulent records that identity thieves leave behind.
---------------------------------------------------------------------------
    \15\ Between 2 and 3 million consumer reports are issued by credit 
bureaus each day. See http://www.cdiaonline.org/about.cfm. For a brief 
description of scores, see Note 7, supra.
    \16\ The Consumer Data Industry Association (CDIA) is a trade 
association for major consumer reporting agencies. Among other steps to 
promote standardized automated procedures between and among consumer 
reporting agencies and furnishers of information to agencies, CDIA 
oversees a system for credit bureaus to forward consumer disputes to 
furnishers for investigation. Disputes are forwarded on standardized 
Automated Consumer Dispute Verification (ACDV) forms. The system now 
has a web-based component, E-OSCAR, that is intended to further enhance 
the flow of consumer disputes, update information, and other data. The 
automated dispute system not only provides a uniform format for 
conveying the disputes, it also serves an implicit authenticating 
function--a creditor who receives a consumer dispute via the system 
knows that the forwarding entity has been approved by CDIA for use of 
the system.
    \17\ Identity theft occurs when someone commits fraud by using 
another person's identifying information, such as date of birth, Social 
Security number, or credit account numbers. The fraud could include 
applying for or using credit in another's name, obtaining bank loans, 
employment, utility services (including cell phones), or similar 
illegal conduct in the ``true name'' identity of the consumer whose 
information was misappropriated.
---------------------------------------------------------------------------
FCRA Overview
Background
    Along with the growth of consumer credit, and the parallel 
development of consumer reporting agencies, concerns began to surface 
about the treatment of consumer information in credit reporting. The 
credit reporting industry had evolved piecemeal, and there was little 
consistency in methods of data collection or, before the FCRA, 
standards of retention or accuracy. For example, there were no Federal 
legal restrictions on access to consumer credit data, so reporting 
agencies were free to share a wide range of information with credit 
grantors and others, without regard to the purpose for which the 
information was sought. Consumer awareness of credit reports was low 
due, in part, to the fact that users of reports were contractually 
prohibited by credit bureaus from disclosing the reports to 
consumers.\18\ Even if a consumer could learn what was in his or her 
credit report, there was no way for the consumer to challenge erroneous 
information.
---------------------------------------------------------------------------
    \18\ Congress was especially concerned about this lack of awareness 
in the context of ``investigative consumer reports''--reports on a 
consumer's character, general reputation, personal characteristics, or 
mode of living, obtained through personal interviews with neighbors, 
friends, or associates of the consumer--and thus provided special notice 
and disclosure requirements, together with other provisions, for 
investigative reports. Section 606 of the FCRA; 15 U.S.C. Sec. 1681d.
---------------------------------------------------------------------------
    In response to rising concerns about the consumer reporting system, 
and recognizing its importance to business and consumers, Congress held 
hearings that 
resulted in passage of the FCRA to provide a framework for the industry 
and to secure protections for consumers. In enacting the FCRA, Congress 
specifically recognized that consumer credit ``is dependent upon fair 
and accurate credit reporting.'' \19\
---------------------------------------------------------------------------
    \19\ Section 602(a)(1), the Congressional findings and statement of 
purpose for the FCRA. 15 U.S.C. Sec. 1681(a)(1).
---------------------------------------------------------------------------
    The 1970 FCRA imposed duties primarily on consumer reporting 
agencies, with very limited requirements on those that use credit 
reports, and no provisions aimed at those who furnished information to 
the reporting agencies.
    The consumer reporting industry and the consumer credit economy 
changed tremendously in the decades following the enactment of the FCRA. 
The computerization of credit histories into vast databases accelerated 
markedly. The industry further consolidated, eventually comprising 
three major credit bureau repositories that maintain large, automated 
databases of consumer information, and a limited number of other 
agencies.\20\ Logistical challenges associated with increased 
computerization and further changes in the industry led to an increase 
in complaints about mixed files--inclusion in a single file of 
information belonging to two or more different individuals--and other 
consumer report inaccuracies. More generally, the American public has 
become increasingly aware of privacy issues related to personal 
information.
---------------------------------------------------------------------------
    \20\ At present, the three largest bureaus are TransUnion, Experian 
(formerly owned by TRW), and Equifax. Although some local bureaus still 
remain, most are affiliated in some fashion with one of the ``big 
three'' repositories. The industry has also witnessed the emergence of 
companies that collect and report specialized information such as check 
writing histories, rental records, and employment applications. The 
1990's saw the growth of ``resellers,'' consumer reporting agencies 
that purchase consumer information from one or more of the major 
repositories and then resell it, usually after reformatting, 
categorizing, or otherwise treating the information. All of these 
entities are covered by the FCRA.
---------------------------------------------------------------------------
    In 1996, after several years of legislative consideration, Congress 
passed significant amendments to the FCRA. The amendments built on the 
core elements of the original FCRA and provided added protections to 
consumers in several key areas. The amendments also permitted greater 
sharing of consumer report information by affiliated companies under 
certain conditions,\21\ and granted more flexibility to creditors and 
insurers in making prescreened offers, for example, obtaining lists of 
consumers based on consumer report information, in order to make offers 
of credit or insurance to consumers who the offeror deems 
qualified.\22\ Let me briefly review some of the important elements of 
the FCRA as it stands today, 33 years after its original passage.
---------------------------------------------------------------------------
    \21\ Section 603(d)(2)(A)(iii) exempts from the FCRA communication 
of information among affiliates, if it is clearly and conspicuously 
disclosed to the consumer that the information may be communicated and 
the consumer is given the opportunity to opt out of such information 
sharing. 15 U.S.C. Sec. 1681a(d)(2)(A)(iii).
    \22\ Prescreened offers, which are discussed in more detail below, 
are unsolicited ``firm offers'' of credit or insurance that are based 
on information from consumer reports. Generally they take the form of 
lists of consumers to whom credit grantors make offers of credit--the 
most obvious example is mailed promotions of credit cards. These lists 
are assembled by credit bureaus based on criteria set by the credit 
grantor; the bureau screens its consumer files (except those that have 
opted out of prescreened offers) for all consumers who meet the 
creditor's criteria. Generally speaking, the FCRA requires that all 
consumers who survive the prescreen must receive a ``firm offer'' of 
credit. Prescreened lists are thus an exception to the general rule 
that credit reports can be furnished only when a consumer initiates a 
transaction or has a preexisting relationship with the creditor seeking 
a copy of the report. See H. Rep. 103-486, 103rd Cong., 2nd Sess., 32-
33 (1994).
---------------------------------------------------------------------------
Key FCRA Provisions
    As I discussed earlier, the FCRA establishes a framework that 
enables businesses to engage in the information exchanges necessary for 
the proper functioning of the credit markets. At the same time, it 
provides corresponding consumer protections in two vital areas--privacy 
and accuracy. It is important to keep in mind that, notwithstanding its 
title, the Fair Credit Reporting Act has always covered more than what 
are conventionally termed ``credit reports.'' It applies generally to 
any information collected and used for the purpose of evaluating 
consumers' eligibility for products and services that they want. Thus, 
the FCRA has always applied to insurance, employment, and other 
noncredit consumer transactions.\23\ The focus here will be on credit 
reporting, but the same basic regulatory structure applies to all 
consumer reports.
---------------------------------------------------------------------------
    \23\ ``It is the purpose of this title to require that consumer 
reporting agencies adopt reasonable procedures for meeting the needs of 
commerce for consumer credit, personnel, insurance, and other 
information. . .'' Section 602(b) of the FCRA; 15 U.S.C. Sec. 1681(b).
---------------------------------------------------------------------------
Privacy
    As recognized by Congress in its initial passage of the FCRA, the 
confidentiality of consumer report information is a fundamental 
principle underlying the statute.\24\
---------------------------------------------------------------------------
    \24\ The Congressional findings note the ``. . .need to insure that 
consumer reporting agencies exercise their grave responsibilities with 
fairness, impartiality, and a respect for the consumer's right to 
privacy.'' Section 602(a)(4); 15 U.S.C. Sec. 1681(a)(4). Under the 
``reasonable procedures'' portion of the statement of purpose for the 
FCRA, Congress noted the importance of the ``confidentiality'' of 
consumer report information. Section 602(b); 15 U.S.C. Sec. 1681(b).
---------------------------------------------------------------------------
    Permissible purposes. The FCRA is designed to protect consumer 
privacy in a number of ways. Primarily, it limits distribution of 
credit reports to those with specific, statutorily defined ``permissible purposes.'' \25\ Generally, reports may be provided for the purposes of 
making decisions involving credit, insurance, or employment.\26\ Consumer reporting agencies may also provide reports to persons who have a 
``legitimate business need'' for the information.\27\ Under the FCRA, Government agencies are treated like other parties--that is, they must 
have a permissible purpose to obtain a credit report.\28\ The written instructions of the consumer may also provide a permissible purpose for a consumer reporting agency to furnish a credit report.\29\ Under the FCRA, target marketing--making unsolicited mailings or telephone calls to 
consumers based on information from a credit report--is generally not a 
permissible purpose.\30\ In a 1992 Commission action to enforce the 
FCRA against a consumer reporting agency that sold target marketing 
lists assembled using consumer report information, the court of appeals 
held that ``. . .a major purpose of the Act is the privacy of a 
consumer's credit-related data.'' \31\ If consumer information is ``so 
sensitive as to rise to the level of a consumer report,'' then it must 
``. . .be kept private except under circumstances in which the consumer 
could be expected to wish otherwise or, by entering into some 
relationship with a business, could be said to implicitly waive the 
Act's privacy to help further that relationship.'' \32\
---------------------------------------------------------------------------
    \25\ What constitutes a ``consumer report'' is a matter of 
statutory definition (Section 603(d); 15 U.S.C. Sec. 1681a(d)) and case 
law. Among other considerations, to constitute a consumer report, 
information must be collected or used for ``eligibility'' purposes. 
That is, the data must not only ``bear on'' a characteristic of the 
consumer (such as credit worthiness, credit capacity, character, 
general reputation, or mode of living), it must also be used in 
determinations to grant or deny credit, issue insurance, make 
employment decisions, or make other determinations regarding 
permissible purposes. TransUnion Corp. v. FTC, 81 F.3d 228, 234 (D.C. 
Cir. 1996).
    \26\ Section 604(a)(3); 15 U.S.C. Sec. 1681b(a)(3). Credit reports 
may also be furnished for certain on-going account-monitoring and 
collection purposes.
    \27\ 15 U.S.C. Sec. 1681b(a)(3)(F). See also Note 33, infra, and 
text accompanying.
    \28\ Under Section 608 of the FCRA, Government entities may obtain 
limited identifying information (name, address, employer) without a 
``permissible purpose.'' 15 U.S.C. Sec. 1681f. The FCRA, additionally, 
now contains express provisions on Government use of consumer reports 
for counterintelligence and counter-terrorism. Sections 625 and 626, 
respectively; 15 U.S.C. Sec. Sec. 1681u, 1681v.
    \29\ Other permissible purposes specified in the FCRA include (1) 
in response to an order of a court or a Federal grand jury subpoena; 
(2) in connection with a determination of the consumer's eligibility 
for a license or other benefit granted by a governmental 
instrumentality required by law to consider an applicant's financial 
responsibility or status; and (3) in response to a request by the head 
of a State or local child support enforcement agency if the person 
making the request certifies to the credit bureau that certain 
conditions are met (and in certain other child support circumstances). 
Section 604(a); 15 U.S.C. Sec. 1681b(a).
    \30\ Prescreening, discussed more fully below at notes 35-41 and 
accompanying text, is a form of target marketing for firm offers of 
credit or insurance, for which the FCRA now provides an explicit 
permissible purpose keyed to adherence to statutory procedures, 
including affording consumers the opportunity to opt out of future 
prescreened solicitations. See also Note 22, supra.
    \31\ TransUnion Corp. v. FTC, 81 F.3d 228, 234 (D.C. Cir. 1996). 
The TransUnion case has a long history. The Commission issued an 
administrative complaint in 1992, and a Commission administrative law 
judge (ALJ) granted summary judgment to complaint counsel, and was 
affirmed by the full Commission. 118 F.T.C. 821 (1994). On appeal, the 
case was remanded back to the ALJ for a trial. TransUnion Corp. v. FTC, 
81 F.3d 228 (D.C. Cir. 1996). After a trial, the ALJ issued another 
decision in the Commission's favor, which was affirmed by the full 
Commission.____F.T.C.____ (2000). This decision was affirmed by the 
U.S. Court of Appeals for the D.C. Circuit, and certiorari was denied 
by the Supreme Court. TransUnion Corp. v. FTC, 245 F.3d 809, reh. 
denied 267 F.3d 1138 (D.C. Cir. 2001), cert. denied, 122 S. Ct. 2386 
(June 10, 2002).
    \32\ Id.
---------------------------------------------------------------------------
    The 1996 Amendments added provisions that reflected Congress' 
awareness of increased public concern about the privacy of personal 
information. For example, Congress added, for the first time, an 
express provision stating that the ``legitimate business need'' 
permissible purpose requires that the transaction be ``initiated by the 
consumer.'' \33\ Congress also added express language prohibiting any 
person from obtaining a consumer report without a permissible 
purpose.\34\
---------------------------------------------------------------------------
    \33\ Section 604(a)(3)(F)(i); 15 U.S.C. 1681b(a)(3)(F)(i). The 
review of an account ``to determine whether the consumer continues to 
meet the terms of the account'' supplies the other ``legitimate 
business need'' of this permissible purpose. Section 604(a)(3)(F)(ii); 
15 U.S.C. 1681b(a)(3)(F)(ii).
    \34\ The 1970 FCRA prohibited consumer reporting agencies from 
furnishing consumer reports to those who do not have a permissible 
purpose, but there was no analogous provision aimed at those who 
obtained consumer reports (with the exception of a criminal provision 
imposed on those who obtained information on a consumer ``under false 
pretenses.'' Section 619, 15 U.S.C. Sec. 1681q).
---------------------------------------------------------------------------
    Consumer right to opt out of prescreening. The 1996 Amendments also 
added an express permissible purpose for prescreening. As noted above, 
prescreened offers are unsolicited offers of credit or insurance that 
are made (typically in mass mailings) to consumers who were selected 
for the offer based on information in their credit reports. Prior to 
the 1996 Amendments, the FCRA did not specifically address the use of 
consumer reports for such unsolicited offers. The Commission, however, 
had issued an interpretation of the FCRA in 1973 that permitted the use 
of consumer reports by creditors for unsolicited offers of credit if 
creditors followed guidelines set forth in the Commission's 
interpretation.\35\ Those guidelines required every consumer on any 
list resulting from the use of consumer reports to receive a firm offer 
of credit--for example, the offer must be unconditional; all the 
consumer had to do to receive the credit was to accept the offer.
---------------------------------------------------------------------------
    \35\ 16 CFR Sec. 600.5 (withdrawn in 1990 when the Commission 
Commentary was published; see notes 52-53, infra). The Commission's 
rationale for permitting prescreening was that the minimal invasion of 
consumer privacy involved in prescreening was offset by the fact that 
every consumer received an offer of credit. The four banking regulatory 
agencies also interpreted the FCRA to sanction prescreening for the 
entities under their jurisdiction.
---------------------------------------------------------------------------
    In the 1996 Amendments, Congress added a number of provisions to 
the FCRA to provide an explicit statutory framework for 
prescreening.\36\ The legislative 
process leading to the 1996 Amendments included an extensive 
consideration of prescreening issues. Congress ultimately chose to 
permit prescreening for both 
credit and insurance purposes, and to permit certain postscreening \37\ 
to protect the 
safety and soundness of the financial industry.
---------------------------------------------------------------------------
    \36\ Sections 603(l); 604(c) and (e); and 615(d); 15 U.S.C. 
Sec. Sec. 1681a(l), 1681b(c) and (e), and 1681m(d), respectively. 
``Firm offer of credit or insurance,'' the term used by Congress for 
what is commonly known as ``prescreening,'' is defined in Section 
603(l), which also contains much of the operable language governing 
prescreening. The permissible purpose is set out in Section 604(c) and 
the opt out scheme is contained in Section 604(e). Section 615(d) 
recites the disclosures required of those who use consumer reports to 
make prescreened offers. See H. Rep. 103-486, 103rd Cong., 2nd Sess., 
32 (1994)(``The bill permits a consumer reporting agency to furnish 
limited information, commonly referred to as a prescreened list, in 
connection with such transactions only if the transaction consists of a 
`firm offer of credit,' the consumer reporting agency has established a 
notification system whereby consumers can opt out to have their names 
excluded from consideration from such offers of credit, and the 
consumer has not elected to be so excluded. Under the bill, a 
prescreened list, furnished by a consumer reporting agency in 
connection with a credit transaction that is not initiated by the 
consumer, may contain only certain types of information.'').
    \37\ Section 603(l) limits permissible postscreening to verifying 
that consumers continue to meet the criteria used in the prescreening 
and to verify any application information (such as income or 
employment) that is used in the process of granting credit or 
insurance. Credit grantors are also permitted to require that consumers 
furnish collateral so long as the collateral requirement is established 
before the prescreening is conducted and is disclosed to the consumer 
in the solicitation that results from the prescreening. 15 U.S.C. 
Sec. 1681a(l). See also H. Rep. 103-486, 103rd Cong., 2nd Sess., 33 
(1994)(``The Committee recognizes that the furnishing of consumer 
reports for such credit solicitation is an exception to the general 
rule in Section 604(a)(3)(A) that consumer reports may be furnished by 
consumer reporting agencies only for credit transactions that are 
initiated by the consumer. Consequently, the Committee has established 
a special rule which permits the furnishing of consumer reports by a 
consumer reporting agency for credit transactions not initiated by the 
consumer, but only if the agency complies with strict limitations to 
ensure privacy protections for consumers. This special rule is a 
liberalization of an FTC interpretation of the FCRA.'').
---------------------------------------------------------------------------
    At the same time, Congress provided an important mechanism for 
consumers to safeguard their privacy. Every written prescreened offer 
must provide notice of the consumer's right to ``opt out'' of future 
prescreen lists.\38\ Credit bureaus must have a system, including a 
toll-free telephone number, that consumers can use to opt out,\39\ and 
they cannot include consumers who opt out on any subsequent prescreened 
list.\40\ The FCRA requires nationwide bureaus to maintain an opt out 
notification system, so that a notification by a consumer to one bureau 
is sufficient to have the consumer excluded from prescreened offers at 
all of the bureaus.\41\
---------------------------------------------------------------------------
    \38\ Section 615(d) requires that written prescreen offers make a 
clear and conspicuous statement that (i) information in the consumer's 
credit report was used in the prescreen; (ii) the consumer was selected 
because the consumer met criteria for credit worthiness or 
insurability; (iii) the credit or insurance may not be extended if, 
after the consumer responds to the offer, the consumer does not 
continue to meet the criteria used to select the consumer for the 
offer; (iv) the consumer has the right to opt out of further 
unsolicited offers; and (v) the methods by which the consumer can 
notify the credit bureau of a decision to opt out. 15 U.S.C. 
Sec. 1681m(d).
    \39\ Section 604(e)(5); 15 U.S.C. Sec. 1681b(e)(5).
    \40\ Section 604(c)(1)(B)(iii); 15 U.S.C. Sec. 1681b(c)(1)(B)(iii).
    \41\ Section 604(d)(6); 15 U.S.C. Sec. 1681b(d)(6). The opt out is 
effective for 2 years if conveyed by telephone, or permanently (unless 
revoked) if conveyed in writing. Section 604(d)(4)(B); 15 U.S.C. 
Sec. 1681b(d)(4)(B).
---------------------------------------------------------------------------
Accuracy
    Credit report accuracy was, and remains, a core goal of the FCRA. 
Because even small differences in a consumer's credit score can 
influence the cost or other terms of the credit offer, or even make the 
difference between getting approved or denied, accuracy of the 
information underlying the score calculation is paramount. Accurate 
reports benefit not only consumers but also credit grantors, who need 
accurate information to make optimal decisions. These considerations 
provide significant incentives for all parties to maintain a high level 
of accuracy in consumer credit files. Congress recognized, however, 
that decisions based on inaccurate information can impose potentially 
severe consequences to individual consumers. Consequently, Congress 
enacted the FCRA accuracy protections.\42\
---------------------------------------------------------------------------
    \42\ Section 602(a)(1) of the FCRA, Congressional findings and 
statement of purpose, notes that ``Inaccurate credit reports directly 
impair the efficiency of the banking system. . ..'' 15 U.S.C. 
Sec. 1681(a)(1).
---------------------------------------------------------------------------
    The FCRA uses two major avenues to achieve the goal of optimal 
accuracy. First, it provides that consumer reporting agencies must 
follow ``reasonable procedures to assure maximum possible accuracy of 
the information'' they report.\43\ Second, the FCRA establishes 
mechanisms for consumers to learn about possible errors in their credit 
reports and have them corrected. The statute gives consumers both the 
right to know what information the credit bureau maintains on them, and 
the right to dispute errors.
---------------------------------------------------------------------------
    \43\ By its terms therefore (``reasonable procedures. . .maximum 
possible accuracy''), the statute itself recognizes that absolute 
accuracy is impossible. Section 607(b); 15 U.S.C. Sec. 1681e(b). 
Pragmatic consideration of the large volume of data that credit bureaus 
must store and process also bears on this issue. See Notes 2, 5, 6, 10 
and 15, supra, and text accompanying.
---------------------------------------------------------------------------
    Consumer right to know. Under Section 609 of the FCRA, consumers 
have a right to know all information in their files (except risk 
scores) upon request and proper identification. They also have the 
right to learn the identity of all recipients of their report for the 
last year (2 years in employment cases).\44\ In addition, the 
consumer's right to learn about and dispute inaccuracies is facilitated 
by the FCRA's ``adverse action'' notice requirements. Adverse action 
notices--sometimes called ``Section 615 notices''--are a key mechanism 
for maintaining accuracy. Since 1970, the FCRA has required that when 
credit is denied based, even in part, on a consumer report (or, in some 
cases, when the consumer is offered less-advantageous terms than would 
be the case in the absence of the consumer report information), the 
creditor must notify the consumer and provide certain key information, 
including (1) the identity of the consumer reporting agency from which 
the creditor obtained the report; (2) the right to obtain a free copy 
of the report; and (3) the right to dispute the accuracy of information 
in the report.\45\
---------------------------------------------------------------------------
    \44\ 15 U.S.C. Sec. 1681g.
    \45\ Section 612 provides that consumer reporting agencies must 
make free disclosure if a consumer makes a request within 60 days of 
receipt of an adverse action notice, and may charge a maximum of $8 in 
other cases. 15 U.S.C. Sec. 1681j. The Commission is charged in the 
FCRA with modifying the maximum amount, based proportionally on changes 
in the Consumer Price Index. The latest annual finding on the matter 
raised the maximum allowable charge to $9. 67 Fed. Reg. 77282 (Dec. 17, 
2002); see also http://www.ftc.gov/opa/2002/12/fyi0265.htm.
---------------------------------------------------------------------------
    Under the 1970 FCRA, adverse action notices were required only when 
consumer reports were used for credit, insurance, or certain employment 
purposes. In the 1996 Amendments, Congress broadened the circumstances 
under which adverse action notices are required in connection with 
insurance and employment decisions. It also required notices of adverse 
action when consumer reports are used in other situations, such as 
opening savings or checking accounts, apartment rentals, and retail 
purchases by check.\46\
---------------------------------------------------------------------------
    \46\ In the original FCRA, adverse action notices were required 
only when ``credit or insurance. . .or employment. . .is denied or the 
charge for such credit or insurance is increased. . ..'' After changes 
enacted in the 1996 Amendments, adverse action for purposes of credit 
transactions is tied to the interpretation of ``adverse action'' in the 
Equal Credit Opportunity Act. For use of consumer reports in insurance, 
the scope of ``adverse action'' was expanded to include ``a denial or 
cancellation of, an increase in any charge for, or a reduction or other 
adverse or unfavorable change in the terms of coverage or amount of, 
any insurance, existing or applied for. . ..'' Similar expansion of the 
scope of ``adverse action'' was enacted for employment purposes (``a 
denial of employment or any other decision for employment purposes that 
adversely affects any current or prospective employee'') and other 
permissible purposes. See Section 603(k); 15 U.S.C. 1681a(k).
---------------------------------------------------------------------------
    The Commission believes that the ``self-help'' mechanism embodied 
in the FCRA's scheme of adverse action notices and the right to dispute 
is a critical component in the effort to maximize the accuracy of 
consumer reports. Consumers are most likely to recognize the errors in 
their credit history and are more highly motivated to raise their 
concerns once they know that an adverse action was based on their 
credit 
report. The Commission has given high priority to assuring compliance 
with this provision.\47\
---------------------------------------------------------------------------
    \47\ See, e.g., Quicken Loans Inc., D-9304 (April 8, 2003) at Note 
67, infra, and text accompanying.
---------------------------------------------------------------------------
    Consumer dispute rights. The consumer initiates a dispute by 
notifying the consumer reporting agency of an error in the completeness 
or accuracy of any item of information contained in the file. The 
consumer reporting agency must reinvestigate the dispute, generally 
within 30 days, record the current status of the information and delete 
it if it is found to be inaccurate or unverifiable. The consumer 
reporting agency is required to provide ``all relevant information'' to 
the original furnisher of the disputed information, to help ensure that 
the furnisher fully investigates the dispute. The agency must report 
the results of the investigation to the consumer. If the investigation 
does not resolve the dispute, the consumer may file a statement with 
his or her version of the facts, which must then be furnished with the 
credit report.
    For the first time, the 1996 Amendments imposed certain accuracy 
and reinvestigation duties on furnishers of information to credit 
bureaus. These requirements recognize that furnishers--the original 
source of the information--have a critical role to play in the overall 
accuracy of consumer report information.
    The 1996 Amendments also sought to address the problem of recurring 
errors by prohibiting consumer reporting agencies from reinserting into 
a consumer's credit file previously deleted information without first 
obtaining a certification from the furnisher that the information is 
complete and accurate, and then notifying the consumer of the 
reinsertion.
    Other important FCRA provisions. Under the FCRA, adverse items of 
information may, with certain exceptions, be reported for only 7 years. 
The 1996 Amendments clarified the date from which the 7 years should be 
calculated.
    The 1996 Amendments expanded the obligations of certain users of 
consumer reports. In the employment context, these changes were quite 
significant; they include requirements that an employer obtain the 
consent of a job applicant or current employee before obtaining a 
consumer report and, before taking adverse action based on the report, 
provide a copy of it to the individual.\48\
---------------------------------------------------------------------------
    \48\ Because the new employer obligations imposed by the 1996 
Amendments apply also to investigative consumer reports and Congress 
removed a prior exemption for use of investigative reports in certain 
employment circumstances, employers may encounter difficulties when 
using outside entities to assist by preparing reports based on 
interviews in investigations of alleged workplace misconduct. Concerns 
arose because such investigations might be hampered by FCRA 
obligations, such as the requirement that an employer obtain the 
authorization of an employee before obtaining a consumer report, and 
the requirement that the employee be provided a copy of the report 
before the employer can take adverse action. Several Congressional 
proposals to amend the FCRA to meet the workplace investigation 
concerns have been introduced. In 2000, the Commission commented (see 
http://www.ftc.gov/os/2000/03/ltrpitofskysessions.htm) and testified 
with respect to one such proposal (see http://www.ftc.gov/os/2000/05/
fcratest
imony.htm). The Commission remains of the opinion that a legislative 
remedy of the type endorsed by the Commission in 2000 is the most 
appropriate response to these concerns.
---------------------------------------------------------------------------
    The 1996 Amendments also made changes in the relationship between 
the FCRA and State laws. As originally enacted in 1970, the FCRA 
provided that the Federal statute did not exempt persons from complying 
with State laws ``with respect to the collection, distribution, or use 
of any information on consumers, except to the extent that those laws 
are inconsistent'' with the FCRA. The 1996 Amendments retained this 
language, but significantly modified the provision to preempt State 
laws in certain specified areas covered by the amended FCRA.\49\
---------------------------------------------------------------------------
    \49\ Thus, both before and after the 1996 preemptions, States were 
free to legislate in areas covered by the FCRA but not specifically 
preempted. See, e.g., Colo. Rev. Stat. Sec. 12-14.3-104 (providing for 
free annual credit reports).
---------------------------------------------------------------------------
    Section 624 of the FCRA (``Relation to State Laws'') now provides 
that no State laws may be imposed in the areas of (i) prescreening 
(including the definition of the term ``firm offer of credit or 
insurance'' and the disclosures which must be made in connection with 
prescreened offers), (ii) the time within which a consumer reporting 
agency must complete its investigation of disputed information, (iii) 
the adverse action notice requirements of Section 615, (iv) the 
obsolescence limitations and other provisions of Section 605, (v) 
furnisher obligations under Section 623, (vi) the consumer summary of 
rights required by Section 609(c) to be provided by consumer-
reporting agencies to consumers who obtain disclosure of their files, 
and (vii) information sharing by affiliates.\50\ The specific 
preemptions are qualified in a number of respects, including specifying 
particular preexisting State enactments to which the preemptions do not 
apply.\51\ The primary proviso with respect to the preempted 
provisions, however, is that after January 1, 2004, States may enact 
laws that (i) are specifically intended to supplement the FCRA, and 
(ii) give greater protection to consumers than is provided under the 
FCRA.
---------------------------------------------------------------------------
    \50\ Section 624(b); 15 U.S.C. Sec. 1681t(b).
    \51\ Section 624(d); 15 U.S.C. Sec. 1681t(d). There is, moreover, a 
blanket ``grandfathering'' of State laws relating to the obsolescence 
limits of Section 605. Section 624(b)(1)(E); 15 U.S.C. 
Sec. 1681t(b)(1)(E). An example is N.Y. Gen. Bus. L. Sec. 380-
j(f)(1)(ii)(paid judgments may not be reported for more than 5 years).
---------------------------------------------------------------------------
    Finally, other significant additions of the 1996 Amendments include 
authorizing States to enforce the FCRA, and adding civil penalty 
authority for the Federal Trade Commission.
FTC Interpretive Guidance and Enforcement
    When it enacted the FCRA in 1970, Congress provided that the 
Commission would be the principal agency to enforce the statute. To 
help foster understanding and ensure compliance with the law, the 
Commission engaged in extensive business education and guidance, 
including, in the first two decades, publishing over 350 staff opinion 
letters, a staff guidance handbook, and six formal Commission 
interpretations.\52\ All of this material was then brought together in 
the Commission's 1990 Commentary on the FCRA.\53\ The Commentary was 
well received and has served as a valuable explanatory and enforcement 
guide to industry and other 
affected parties. It also has assisted the staffs of the Commission and 
other regulatory agencies in interpreting the Act efficiently and 
consistently.
---------------------------------------------------------------------------
    \52\ The interpretations were published at 16 CFR Sec. 600 and were 
withdrawn when the Commission published the 1990 Commentary.
    \53\ 55 Fed. Reg. 18804 (May 4, 1990). The 1990 Commentary was the 
culmination of a proposal published in August 1988 and the Commission's 
review of over 100 submissions it received in response to its request 
for public comments on that proposal. 53 Fed. Reg. 29696 (August 8, 
1988).
---------------------------------------------------------------------------
    After the 1996 Amendments, the Commission intensified its long-
standing program of consumer and industry education.\54\ In view of the 
extension of enforcement authority to the States, the Commission 
conducted a nationwide series of training sessions on the FCRA for 
State officials. The Commission's informal guidance expanded to meet 
the interpretive needs prompted by the amendments. As one result of 
that effort, the Commission staff published an additional 85 opinion 
letters. The letters can be found on the Commission's website, which 
also features easy access to other useful FCRA information for both 
business and consumers.\55\ The Commission and its staff maintain 
active participation in many industry and consumer outreach efforts and 
respond daily to callers with FCRA questions.\56\
---------------------------------------------------------------------------
    \54\ The Commission also drafted and published language for the 
three notices required by the 1996 Amendments to be distributed by 
credit bureaus: (1) a notice to consumer report users of their FCRA 
responsibilities; (2) a notice to furnishers explaining their new 
obligations; and (3) a notice to consumers, describing their FCRA 
rights, which must be included with any credit report requested by the 
consumer. The Commission believes that Congress' aim in requiring these 
notices has been achieved--the notices seem to be effective in 
conveying to consumers and businesses their rights and obligations 
under the Act.
    \55\ See, e.g., the Commission's FCRA ``home page,'' http://
www.ftc.gov/os/statutes/fcrajump.htm, and plain-English consumer 
information, http://www.ftc.gov/bcp/conline/edcams/fcra/index.html.
    \56\ To achieve compliance, the Commission has also periodically 
worked with industry and self-regulatory groups where appropriate.
---------------------------------------------------------------------------
    Current interpretive efforts at the Commission are focused on a 
revision to the 1990 Commentary.\57\ The passage of time generally, and 
the 1996 Amendments specifically, have rendered the 1990 Commentary 
partly obsolete. The new Commentary will draw on the staff opinion 
letters that post-dated the 1990 effort, as well as other Commission 
enforcement and interpretive experience.
---------------------------------------------------------------------------
    \57\ See Commission press release at http://www.ftc.gov/opa/2003/
01/fyi0302.htm, and ``Notice of intent to request public comments'' at 
http://www.ftc.gov/os/2003/01/16cfr1frn.htm.
---------------------------------------------------------------------------
    Over the entire period of the FCRA, the Commission has engaged in 
extensive consumer education.\58\ The Commission continues to regard 
consumer education as particularly vital to the FCRA because the 
statute contains self-enforcing elements, such as the right to dispute 
inaccurate or incomplete information.
---------------------------------------------------------------------------
    \58\ Over the past 7 years, 3.9 million of the five most popular 
FCRA brochures were distributed by the Commission. The information is 
duplicated on the Commission's web site, where the same brochures have 
registered over 1.6 million visits during the past 5 years. FCRA 
brochures such as ``Building a Better Credit Record,'' ``How to Dispute 
Credit Report Errors,'' and ``Fair Credit Reporting'' have each been 
distributed in numbers exceeding 100,000 per year over the past 5 
years.
---------------------------------------------------------------------------
    The Commission has also brought a number of formal actions to 
enforce the FCRA. These actions have included cases to ensure (1) 
compliance with the adverse action notice requirements on the part of 
creditors \59\ and employers; \60\ (2) compliance with privacy and 
accuracy requirements by the major nationwide credit bureaus; \61\ (3) 
compliance by resellers of consumer reports (agencies that purchase 
consumer reports from the major bureaus and resell them); \62\ as well 
as cases addressing a number of other FCRA issues.\63\
---------------------------------------------------------------------------
    \59\ Hospital & Health Services Credit Union, 104 F.T.C. 589 
(1984); Associated Dry Goods, 105 F.T.C. 310 (1985); Wright-Patt Credit 
Union, 106 F.T.C. 354 (1985); Federated Department Stores, 106 F.T.C. 
615 (1985); Winkleman Stores, Civ. No. C 85-2214 (N.D. Ohio 1985); 
Strawbridge and Clothier, Civ. No. 85-6855 (E.D. Pa. 1985); Green Tree 
Acceptance, Civ. No. CA 4 86 469 K (M.D. Tex. 1988); Quicken Loans 
Inc., D-9304 (April 8, 2003). See also, Aristar, Civ. No. C-83-0719 (S. 
D. Fla. 1983); Allied Finance, Civ. No. CA3-85-1933F (N.D. Texas 1985); 
Norwest Financial, Civ. No. 87 06025R (C.D. Cal. 1987); City Finance, 
Civ. No. 1:90-cv-246-MHS (N.D. Ga. 1990); Tower Loan of Mississippi, 
Civ. No. J90-0447 (J) (S.D. Miss. 1990); Barclay American Corp., Civ. 
No. C-C-91-0014-MU (N.C. 1991); Academic International, Civ. No. 91-CV-
2738 (N.D. Ga. 1991); Bonlar, Civ. No. 97C 7274 (N.D. Ill. 1997); 
Capital City Mortgage, Civ. No. 1:98CV00237 (D.D.C. 1998).
    \60\ Electronic Data Systems, 114 F.T.C. 524 (1991); Kobacker, 115 
F.T.C. 13 (1992); Keystone Carbon, 115 F.T.C. 22 (1992); McDonnell 
Douglas Corp., 115 F.T.C. 33 (1992); Macy's, 115 F.T.C. 43 (1992); 
Marshall-Field, 116 F.T.C. 777 (1993); Bruno's, Inc., 124 F.T.C. 126 
(1997); Aldi's, 124 F.T.C. 1354 (1997); Altmeyer Home Stores, Inc., 125 
F.T.C. 1295 (1998).
    \61\ TransUnion Corp., 102 F.T.C. 1109 (1983); FTC v. TRW Inc., 784 
F. Supp. 362 (N.D. Tex. 1991); TransUnion Corp. 116 F.T.C. 1357 
(1993)(consent settlement of prescreening issues only in 1992 target 
marketing complaint; see also TransUnion Corp. v. FTC, 81 F.3d 228 
(D.C. Cir. 1996) ); Equifax Credit Information Services, Inc., 130 
F.T.C. 577 (1995). Each of these ``omnibus'' orders differed in detail, 
but generally covered a variety of FCRA issues including accuracy, 
disclosure, permissible purposes, and prescreening.
    \62\ See I.R.S.C., 116 F.T.C. 266 (1993); CDB Infotek, 116 F.T.C. 
280 (1993); Inter-Fact, Inc., 116 F.T.C. 294 (1993); W.D.I.A., 117 
F.T.C.___(1994)(consents against resellers settling allegations of 
failure to adequately ensure that users had permissible purposes to 
obtain the reports). See also First American Real Estate Solutions, 
LLC, C-3849, January 27, 1999, 1999 FTC LEXIS 137 (consent with a 
reseller concerning the dispute obligations of consumer reporting 
agencies).
    \63\ Howard Enterprises 93 F.T.C. 909 (1979)(bad check lists); 
Equifax, Inc. (formerly Retail Credit Company), 96 F.T.C. 844 
(1980)(investigative consumer reports);. MIB, Inc., d/b/a Medical 
Information Bureau, 101 F.T.C. 415 (1983)(prohibits a nonprofit medical 
reporting agency from conditioning the release of information to a 
consumer on his/her execution of a waiver of claims against the firm; 
requiring timely reinvestigations of disputed information; contact, 
when possible, the source(s) of disputed information or other persons 
identified by the consumer who may possess information relevant to the 
challenged data and modify its files accordingly).
---------------------------------------------------------------------------
    The Commission's enforcement efforts since 1996 have focused on the 
new requirements added by the amendments. For example, the amendments added 
a requirement that the nationwide credit bureaus have ``personnel 
accessible'' at toll-free numbers printed on a consumer's credit 
report.\64\ The Commission settled cases against the three major 
repositories charging that they failed to have adequate personnel 
available to answer FCRA-mandated toll-free telephone numbers. The 
orders required the repositories to (1) maintain adequate personnel; 
(2) establish auditing requirements to ensure future compliance, and 
(3) pay a total $2.5 million in civil penalties.\65\ The Commission 
also has settled cases against furnishers of information to consumer 
reporting agencies alleging that they reported inaccurate dates for 
when consumers' delinquencies had begun, with the result that adverse 
information remained on the consumers' reports past the 7-year limit 
provided by the FCRA.\66\
---------------------------------------------------------------------------
    \64\ Section 609(c)(1) of the FCRA, 15 U.S.C. Sec. 1681g(c)(1), 
requires a consumer reporting agency that compiles and maintains files 
on consumers on a nationwide basis to establish a toll-free telephone 
number, at which personnel are accessible to consumers during normal 
business hours. This telephone number must be provided with each 
written disclosure of information in the consumer's file, by the 
consumer reporting agency to the consumer.
    \65\ Equifax, No. 1:00-CV-0087 (N.D. Ga. 2000); Experian, No. 3-
00CV0056-L (N.D. Tex. 2000); TransUnion, 00C 0235 (N.D. Ill. 2000).
    \66\ DC Credit Services, Inc., No. 02-5115 (C.D. Cal. 
2002)(furnishing information to a consumer reporting agency knowing or 
consciously avoiding knowing that the information is inaccurate, 
failure to notify consumer reporting agencies when previously reported 
information is found to be inaccurate and to provide corrections, 
failure to provide accurate delinquency dates, failure to report 
accounts as ``disputed'' to consumer reporting agencies; $300,000 civil 
penalty); Performance Capital Management, Inc., 2:01cv1047 (C.D. Cal. 
2000)(providing inaccurate delinquency dates, failure to properly 
investigate disputes, failure to report accounts as ``disputed'' to 
consumer reporting agencies; $2 million civil penalty).
---------------------------------------------------------------------------
    Recently, the Commission settled an action against an Internet 
mortgage lender that failed to give adverse action notices to consumers 
who did not qualify for online preapproval because of information in 
their credit reports.\67\
---------------------------------------------------------------------------
    \67\ Quicken Loans Inc., Docket No. D-9304 (April 8, 2003); see 
also http://www.ftc.gov/opa/2002/12/quicken.htm.
---------------------------------------------------------------------------
    The Commission staff recently conducted an investigation of fifteen 
landlords in five cities across the United States. The staff found a 
high level of compliance with the adverse action requirements of the 
FCRA.\68\ To a significant degree, landlords do notify applicants when 
they turn them down for rentals based on information from a consumer 
report. The Commission will continue this type of compliance review in 
other industries, and bring law enforcement actions as appropriate. The 
Commission will continue to use this combination of education 
initiatives and vigorous enforcement to foster compliance with the 
FCRA.
---------------------------------------------------------------------------
    \68\ The Commission's January 15, 2002 press release on the 
investigation and resulting business education brochure can be found at 
http://www.ftc.gov/opa/2002/01/fcraguide.htm.
---------------------------------------------------------------------------
Current Issues: The FCRA and the Expanded Use of Consumer Reports
    Based on the Commission's experience interpreting and enforcing the 
FCRA, we see several ongoing developments in the consumer reporting 
marketplace that may have significant impact on consumers. First, more 
types of businesses are using credit reports to make decisions in 
consumer transactions. For example, telephone service providers 
routinely use consumer reports to make decisions on whether to provide 
service and what deposit requirements (if any) to impose. Insurance 
companies have long considered consumer reports when underwriting 
homeowners and auto insurance policies. While insurers once looked 
primarily at consumers' claims history to determine risk of loss, it 
appears that they are increasingly using information from consumers' 
credit histories to make underwriting decisions.\69\
---------------------------------------------------------------------------
    \69\ See, e.g., Sabrina Jones and Sandra Fleishman, ``One Claim Too 
Many? Insurance's New Policy: Use It and Lose It,'' The Washington 
Post, November 10, 2002, at H01; Dan Oldenburg, ``Car Insurers Take 
Credit Into Account,'' The Washington Post, October 15, 2002, at C10; 
Albert Crenshaw, ``Bad Credit, Big Premiums; Insurers Using Bill-
Payment History to Help Set Rates,'' The Washington Post, June 18, 
2002, at E01.
---------------------------------------------------------------------------
    Second, we are seeing new types of consumer credit providers and 
products in the marketplace. For example, the growing use of 
prescreened offers for marketing credit cards has led to the 
development of credit card banks that rely almost entirely on 
prescreened offers to market their cards.\70\ Prescreening, in 
combination with other direct marketing and advertising, has led to the 
widespread availability of credit cards with no annual fee and other 
attractive benefits, and has enhanced competition.\71\ Of course, some 
consumers may object to what may seem like a flood of prescreened 
offers in their mail boxes, or have concerns about the increased risk 
of identity theft that may occur in the same context. The 1996 
Amendments to the FCRA allow these consumers to opt out of future 
offers.
---------------------------------------------------------------------------
    \70\ See Fred H. Cate, Robert E. Litan, Michael Staten, and Peter 
Wallison, ``Financial Privacy, Consumer Prosperity, and the Public 
Good: Maintaining the Balance,'' AEI-Brookings Joint Center for 
Regulatory Studies, March 2003, at 11.
    \71\ See ``An Overview of Consumer Data and Credit Reporting,'' 
Federal Reserve Bulletin, February 2003, at 72-73. See also Note 8 
supra, and text accompanying.
---------------------------------------------------------------------------
    Third, businesses increasingly are using consumer report data to 
undertake risk-based pricing of products or services.\72\ In many 
areas, the decisionmaking of creditors and other businesses has moved 
away from a simple approval or denial model, and toward using consumer 
report data in a more finely calibrated evaluation of what terms to 
offer.\73\ Consumers whose credit histories warrant more favorable 
treatment benefit from access to products and terms that are more 
tailored by risk evaluations based on their actual performance. 
Consumers with poorer credit histories who in the past might have been 
turned down, may now qualify for credit, but on less favorable terms 
commensurate with the risk. Consumers benefit from a more efficient and 
competitive consumer credit market.\74\
---------------------------------------------------------------------------
    \72\ Id. See also Fred H. Cate, Robert E. Litan, Michael Staten, 
and Peter Wallison, ``Financial Privacy, Consumer Prosperity, and the 
Public Good: Maintaining the Balance,'' AEI-Brookings Joint Center for 
Regulatory Studies, March 2003, at 12.
    \73\ See, e.g., ``An Overview of Consumer Data and Credit 
Reporting,'' Federal Reserve Bulletin, February 2003, at 70 
(``[consumer report] data and the credit-scoring models derived from 
them have substantially improved the overall quality of credit 
decisions and have reduced the costs of such decisionmaking''), citing 
Gates, Perry and Zorn, ``Automated Underwriting in Mortgage Lending: 
Good News for the Underserved?'' Housing Policy Debate, vol. 13, issue 
2, 2002, pp. 369-91; and Barron and Staten, ``The Value of 
Comprehensive Credit Reports: Lessons from the U.S. Experience,'' 
Credit Research Center, Georgetown University, 2002.
    \74\ Some commentators suggest that using credit score cards built 
with data supplied by credit bureaus results in delinquency rates 20-30 
percent lower than lending decisions based solely on judgmental 
evaluation of applications for credit. See Peter McCorkell, ``The 
Impact of Credit Scoring and Automated Underwriting on Credit 
Availability,'' in Thomas A. Durkin and Michael E. Staten, eds., The 
Impact of Public Policy on Consumer Credit (2002).
---------------------------------------------------------------------------
    Credit report scoring products are used in a variety of other 
contexts, including on-going monitoring and servicing of consumer 
accounts that can result in adjustments in terms, such as credit limits 
and finance changes. Rapid access to credit scores also permits 
retailers and others to offer ``instant credit'' to consumers.
    Overall, developments in the consumer credit marketplace have 
increased consumer choice and provided financial benefits to 
consumers.\75\ The Commission believes that the growth of the consumer 
credit market has also increased public awareness and interest in 
credit reports and credit scores, and that the FCRA made this 
information more timely, accurate, and accessible. The consumer 
reporting system, and the obligations and protections of the FCRA, make 
it possible for creditors and other businesses to have access to 
timely, accurate consumer data.
---------------------------------------------------------------------------
    \75\ See, e.g., ``An Overview of Consumer Data and Credit 
Reporting,'' Federal Reserve Bulletin, February 2003, at 70; Fred H. 
Cate, Robert E. Litan, Michael Staten, and Peter Wallison, ``Financial 
Privacy, Consumer Prosperity, and the Public Good: Maintaining the 
Balance,'' AEI-Brookings Joint Center for Regulatory Studies, March 
2003, passim.
---------------------------------------------------------------------------
    Any reference to the consumer reporting system should also 
recognize the increasing problem of identity theft. The range, 
accuracy, and timeliness of information in consumer reporting databases 
make them unique resources. They are therefore simultaneously a target 
for identity thieves and a valuable resource for combating identity 
theft. Identity theft threatens the fair and efficient functioning of 
consumer credit markets by undermining the accuracy and credibility of 
the information flow that supports the markets.
    As I detailed recently before the House Financial Services 
Committee, the Commission is working actively to combat identity theft 
in a number of areas.\76\ As awareness of the FTC's role in identity 
theft has grown, businesses and organizations who have suffered 
compromises of personal information have begun to contact the FTC for 
assistance. For example, in the cases of TriWest \77\ and Ford/
Experian,\78\ in which massive numbers of individuals' personal 
information was taken, the Commission provided advice on notifying 
those individuals and what steps they should take to protect 
themselves. From these experiences, the FTC developed a business record 
theft response kit that will be posted shortly on the identity theft 
website. The kit includes the steps to take in responding to an 
information compromise and a form letter for notifying the individuals 
whose information was taken. The kit provides advice on the type of law 
enforcement agency to contact, depending on the type of compromise, 
business contact information for the three major credit reporting 
agencies, suggestions for setting up an internal communication 
protocol, information about contacting the FTC for assistance, and a 
detailed explanation of what information individuals need to know. 
Organizations are encouraged to print and include copies of Identity 
Theft: When Bad Things Happen to Your Good Name with the letter to 
individuals.
---------------------------------------------------------------------------
    \76\ See http://financialservices.house.gov/media/pdf/040303hb.pdf.
    \77\ Adam Clymer, Officials Say Troops Risk Identity Theft After 
Burglary, The New York Times, Jan. 12, 2003, Sec. 1 (Late Edition), at 
12.
    \78\ Kathy M. Kristof and John J. Goldman, 3 Charged in Identity 
Theft Case, The Los Angeles Times, Nov. 6, 2002, Main News, Part 1 
(Home Edition), at 1.
---------------------------------------------------------------------------
Conclusion
    In 1970, Congress recognized that ``consumer reporting agencies 
have assumed a vital role in assembling and evaluating consumer credit 
and other information on consumers.'' \79\ While Congress in 1970 may 
not have envisioned the specific ways in which consumer report 
information would facilitate the development of products and services 
that ultimately benefit the American consumer, the 33 years since 
passage of the Act have fully demonstrated the wisdom of Congress in 
enacting the FCRA.
---------------------------------------------------------------------------
    \79\ Section 602(a)(3) of the FCRA.
---------------------------------------------------------------------------
    The FCRA helps make possible the vitality of modern consumer credit 
markets. The consumer reporting industry, furnishers, and users can all 
rely on the uniform framework of the FCRA in what has become a complex, 
nationwide business of making consumer credit available to a diverse, 
mobile American public.
    The 1970 Act, along with the 1996 Amendments, provide a carefully 
balanced framework, making possible the benefits that result from the 
free, fair, and accurate flow of consumer data. All of these benefits 
depend on the consumer reporting system functioning as intended. That 
is why the Federal Trade Commission continues to emphasize the 
importance of educating consumers and businesses, and of enforcing the 
law to ensure compliance by all who have a role in making the system 
work.

        RESPONSE TO WRITTEN QUESTIONS OF SENATOR CRAPO 
                   FROM J. HOWARD BEALES, III

Q.1. Can you please describe whether prescreening increases 
consumers choice and lowers the cost of credit in traditionally 
underserved markets, such as rural areas that may have only one 
or two banks with a physical presence?

A.1. Although I am aware of no hard data with respect 
specifically to benefits of prescreening for rural areas, there 
is evidence that greater competition in consumer credit (which 
includes the competitive benefits attributable to prescreening) 
has benefitted other underserved markets. For example, the 
percentage of minority families with bank-type credit cards has 
more than doubled over the past 20 years, growing from 26 
percent in 1983 to more than 54 percent in 2001.\1\ Certainly, 
given the overall increases in availability of consumer credit 
and competitiveness in the market, it stands to reason that 
consumers who have more limited access to competing credit 
sources, whether it be in rural areas or even thinly served 
urban and suburban areas, would benefit from prescreened offers 
and other marketing innovations (such as Internet applications) 
that reduce the importance of convenient physical access in 
establishing a credit relationship.
---------------------------------------------------------------------------
    \1\ See statement by Michael A. Turner before the House Committee 
on Financial Services, Subcommittee on Financial Institutions and 
Consumer Credit, May 8, 2003, http://financial
services.house.gov/media/pdf/050803mt.pdf, at 4.

Q.2. How fair is the current system of consumer credit 
reporting? Is there evidence to suggest that any demographic 
segments have been subject to exclusion, predation, excessive 
costs, or other indicators of bias as a result of the pervasive 
use of credit scores and automated underwriting by consumer 
---------------------------------------------------------------------------
credit lenders?

A.2. In the burgeoning of consumer credit during the mid-20th 
century, there was persistent evidence that judgmental credit 
systems--that is, processes that depended upon individuals 
reviewing and deciding consumer applications for credit--
resulted in discrimination against protected classes.\2\ Credit 
scoring and automated underwriting work in significant ways to minimize 
the bias--intentional or incidental--that can be introduced into credit 
decisions in a judgmental system, because credit scoring models 
and automated underwriting systems are based on actual 
performance data, not assumptions about potential risk.\3\ 
There are significant market incentives to create risk models 
that are the most predictive possible using available 
performance and other data. Because these data are objective 
and neutral, we believe that the current scoring systems treat 
consumers more fairly. The significant expansion in credit 
availability to minorities that has been associated with the 
growth of credit scoring suggest scoring indeed has reduced 
bias.
---------------------------------------------------------------------------
    \2\ See, e.g., U.S. General Accounting Office Report, ``Fair 
Lending'' (August 1996); United States v. Shawmut Mortgage Company, 
Civ. No. 3:93CV-2453 AVC (D. Ct. 1993).
    \3\ Development of scoring models has shown, for example, that 
criteria often relied upon in judgmental systems--the most frequently 
cited example is income--are not, in fact, predictive of future 
repayment risk.

Q.3. Is there evidence that explains the major sources and 
causes of identity theft? Does this evidence point to the 
consumer credit information system? Do you have any data 
suggesting that prescreening is a major factor of identity 
theft: What about the point that FCRA and the smooth flow of 
information-sharing it provides, helps financial institutions 
---------------------------------------------------------------------------
prevent and combat identity theft?

A.3. From information provided by law enforcement, victim 
complaints, and news reports, we know a great deal about how 
identity theft happens and we can stay current with evolving 
methods. What we do not have is a statistical breakout showing 
which methods contribute the most to identity theft. Because 
consumers' information is accessible in a wide variety of 
situations, identity thieves can usually obtain it in a way 
that makes it difficult for victims to make a direct causal 
link. Thus, we have found that most victims do not know how 
their information was obtained. Law enforcement agencies, as 
the investigators of the crimes, are often in a better position 
to know how the information was stolen in particular instances.
    The consumer credit information system has undoubtedly been 
used as a source of information for identity theft; the Ford/
Experian case appears be the prime example.\4\ But, consumers' 
personal information is also used in universities, the health 
care system, all employment situations, and in a wide variety of 
Government programs from the Federal to the local level, and 
any survey of news articles in the last year can bring up 
examples of theft in all of these situations. As a result, the 
FTC places a premium on the importance of information security 
so that organizations that hold consumer information take 
appropriate steps to prevent this information from falling into 
the wrong hands.\5\
---------------------------------------------------------------------------
    \4\ Kathy M. Kristof and John J. Goldman, 3 Charged in Identity 
Theft Case, The Los Angeles Times, Nov. 6, 2002, Main News, Part 1 
(Home Edition), at 1.
    \5\ For example, last month the Commission's settled charges with 
Guess?, Inc., and Guess.com, Inc. that the companies exposed consumers' 
personal information, including credit card numbers, to commonly known 
attacks by hackers, contrary to the companies' promises. See http://
www.ftc.gov/os/2003/06/guessagree.htm.
---------------------------------------------------------------------------
    To the extent that information does get into the wrong 
hands, the next opportunity to thwart identity thieves is at 
the point of commission of the fraud. Good authentication of 
credit applicants by credit issuers is the key. To that end, it 
is important that credit issuers know more about the real 
consumer than the identity thief. Information sharing is the 
means of providing credit issuers with this knowledge. However, 
this use of information only underscores again the importance 
of information security, to prevent identity thieves from 
accessing this same information in order to perfect their false 
identities.
    We have little evidence as to any links between 
prescreening and identity theft. To the extent that hard data 
exist, they suggest identity theft growing out of prescreened 
offers is somewhat lower than identity theft associated with 
conventionally opened accounts.\6\
---------------------------------------------------------------------------
    \6\ See, e.g., statement by Michael A. Turner before the House 
Committee on Financial Services, Subcommittee on Financial Institutions 
and Consumer Credit, May 8, 2003, http://financial
services.house.gov/media/pdf/050803mt.pdf, at 9-10.

Q.4. In explaining the reasoning behind the broad preemptive 
language ultimately reflected in the 1996 Amendments to the 
FCRA, the Senate report on the matter states that ``[t]his 
section recognizes the fact that credit reporting and credit 
granting are, in many respects, national in scope, and that a 
single set of Federal rules promotes operational efficiency for 
industry, and competitive prices for consumers.'' Please 
identify and address any developments since 1996 rendering the 
---------------------------------------------------------------------------
statement by the Senate less relevant.

A.4. I am not aware of any developments that would make these 
considerations less relevant today. Indeed, as the consumer 
credit system has become more national in scope, and given the 
continued mobility of the American consumer, these observations 
have continuing validity.

       RESPONSE TO WRITTEN QUESTIONS OF SENATOR SARBANES 
                   FROM J. HOWARD BEALES, III

Q.1. What are the typical consumer complaints regarding FCRA 
issues that the FTC receives on an everyday basis? What are the 
issues that arise most frequently?

A.1. The FTC receives complaints directly from consumers 
through our toll-free hotline (877-FTC-HELP), our online 
complaint form (www.ftc.gov), or by mail sent directly to the 
Commission. The following statistics regarding FCRA complaints 
are drawn from the Federal Trade Commission's Consumer 
Information System (CIS) database, an aggregation of consumer 
complaints received by the Commission. FTC contractors enter 
the complaint data into the CIS, and provide the callers with 
information and educational material that will help them to 
resolve their complaint. Commission lawyers and investigators 
use the complaint database to identify trends and targets for 
law enforcement action.
    The statistics are derived solely from self-reported 
complaints, and have not been verified. All complaints are 
coded according to the information provided by the consumer, 
under the appropriate categories. FTC data analysts sort the 
data according to product/service codes, which are generic 
categories for the complaints. The searches can be further 
defined by the statute or rule that is alleged to have been 
violated, for example the Fair Credit Reporting Act (FCRA). 
Finally, the complaint can be further coded for the specific 
law violation, such as the failure to reinvestigate disputed 
information under the FCRA. Not all complaints are coded in all 
categories. For example, a complaint may be coded with a rule 
or statute, but not have a product/service code associated with 
it. Thus, complaints designated generally as FCRA complaints 
may include complaints about credit reporting agencies, credit 
report users, and information furnishers. The precision of the 
coding depends on the information provided by the consumer and 
the ability of the phone counselor or the consumer to enter 
that information precisely.
    In calendar year 2002, the total number of complaints 
reported directly to the FTC and entered into the CIS was 
376,301. Of those, 23,740 related to the FCRA (coded according 
to statute at issue in the complaint). The five top categories 
of complaints, among those coded as involving the FCRA, were 
``Provides Inaccurate Information'' (13,188 complaints); 
``Fails to Reinvestigate Disputed Information'' (3,030 
complaints); ``Knowingly Supplies Inaccurate Information to 
Credit Bureau'' (2,486 complaints); ``Provides Inadequate Phone 
Help'' (1,614 complaints); and ``Discloses Incomplete/Improper 
Credit File to Consumer'' (1,414 complaints). The complete 
report of FCRA complaints for 2002 is attached as Appendix A.
    In assessing the number and type of consumer complaints, it 
is also important to keep in mind several additional factors. 
First, there is no ``typical'' consumer complaint. There is a 
wide range of issues about which consumers contact the FTC. 
That said, the data consistently reflect accuracy and accuracy-
related issues as a leading area of complaint about credit 
bureaus.
    Not all complaints necessarily establish an FCRA violation. 
For example, some consumers, in an effort to ``repair'' their 
credit, file with credit bureaus multiple, repeated disputes of 
accurate information, and will sometimes complain to the 
Commission that the bureaus are rejecting their disputes. In 
fact, the bureaus are authorized under the FCRA to reject such 
``frivolous'' disputes, and Commission staff likewise does not 
consider these complaints to reflect FCRA violations. Other 
consumers file complaints because they have a mistaken belief 
that once a delinquency is brought up to date (a lien 
satisfied, collection account paid, etc.) the preceding record 
of past payment history is no longer reported; when they see it 
on their report, they dispute it as ``inaccurate.'' In this 
circumstance, however, the FCRA requires that the consumer 
report be ``complete''--that is, up to date, showing current 
status correctly--but does not require the deletion of the 
preceding payment history.
    Although the Commission generally cannot make an 
independent judgment about whether each complaint (asserting 
inaccuracies, for example) is valid, we are concerned that 
complaints about accuracy continue to figure prominently. 
Accordingly, as discussed in the Commission's testimony, the 
Commission's FCRA enforcement efforts have included a number of 
actions related to accuracy issues.\7\
---------------------------------------------------------------------------
    \7\ See TransUnion Corp., 102 FTC 1109 (1983); FTC v. TRW Inc., 784 
F. Supp. 362 (N.D. Tex. 1991); Equifax Credit Information Services, 
Inc., 130 FTC 577 (1995). Each of these ``omnibus'' orders differed in 
detail, but generally covered a variety of FCRA issues including 
accuracy, disclosure, permissible purposes, and prescreening.
    Within the last 5 years, we have brought cases concerning the 
failure of CRA's to investigate consumer complaints, see First American 
Real Estate Solutions, LLC, C-3849 (January 27, 1999); the failure of 
lenders to provide adverse action notices, see Quicken Loans Inc., D-
9304 (April 8, 2003) and U.S. v. Unicor Funding, Inc., Civ. No. 99-1228 
(C.D. Cal. 1999); and the failure of furnishers to report accurate 
information to CRA's, see U.S. v. DC Credit Services, Inc., Civ. No. 
02-5115 (C.D. Cal. 2002) and U.S. v. Performance Capital Management, 
Inc., No. 01-1047 (C.D. Cal. 2001). We also have sued the three major 
national credit bureaus for failing to answer their toll-free 
telephones to take consumer disputes, see U.S. v. Equifax, No. 1:00-CV-
0087 (N.D. Ga. 2000); U.S. v. Experian, No. 3-OOCV0056-L (N.D. Tex. 
2000); U.S. v. TransUnion, OOC 0235 (N.D. 111. 2000), and just 
recently, the Commission settled allegations that Equifax violated the 
consent decree the Commission obtained in 2000, see Commission press 
release of July 30, 2003, available at www.ftc.gov/opa/2003/07/
equifax.htm. All of these cases are directed at credit report accuracy: 
the adverse action notice and the consumer dispute right are key 
mechanisms enhancing credit report accuracy, and furnishers' 
obligations to report accurate data to CRA's also serve to make credit 
reports more accurate.

Q.2. Are there any marketing abuses that fall within the 
subject matter of the FCRA that have been brought to your 
attention? Please include specific descriptions of any such 
---------------------------------------------------------------------------
abuses.

A.2. I am currently aware of relatively few abuses associated 
with impermissible use of consumer reports for marketing. In 
the 1990's, the Commission undertook enforcement efforts 
against major consumer reporting agencies to prohibit the use 
of consumer reports for target marketing.\8\ More recently, in 
FTC v. Citigroup Inc., et al., 1:01-CV-00606- JTC (N.D. Ga. 
Mar. 6, 2001), the Commission alleged that a mortgage lender 
used consumer reports imper-
missibly to target market new or different types of loans. We 
are also aware of complaints about some companies selling 
credit reports or credit monitoring services. These complaints 
allege inadequate disclosure of the consumer's negative-option 
right to cancel the service.
---------------------------------------------------------------------------
    \8\ FTC v. TRW, Inc., No. 3-31-CV266-H (N.D. Tex. Jan. 14, 1993); 
TransUnion Corp. v. FTC, 81 F.3d 228, 234 (D.C. Cir. 1996). See also, 
TransUnion Corp. v. FTC, 245 F.3d 809, reh. denied 267 F.3d 1138 (D.C. 
Cir. 2001), cert. denied, 122 S. Ct. 2386 (June 10, 2002).

Q.3. Many consumers complain about invasion of their privacy 
caused by unsolicited calls from telemarketers. Clearly, 
consumers have not gotten the message about the ways in which 
to terminate such unwanted solicitations. What does a consumer 
need to do to prevent such solicitations? How can that 
information be conveyed more effectively to consumers? Please 
include specific recommendations as to how this information 
---------------------------------------------------------------------------
could best be conveyed.

A.3. The Commission has amended the Telemarketing Sales Rule to 
give consumers a choice about whether they want to receive most 
telemarketing calls.\9\ Consumers can now put their telephone 
numbers on a national ``Do Not Call'' registry. Consumers can 
register for free either online or by telephone. Telemarketers 
must access the national registry beginning September 11, and 
beginning October 1, it will be illegal for most telemarketers 
to call a number listed on the registry.
---------------------------------------------------------------------------
    \9\ Concurrent with the Federal Trade Commission rule, the Federal 
Communications Commission issued its own rule that requires banks, 
common carriers, and others to comply with DNC requirements, including 
using the FTC's national registry. See http://hraunfoss.fcc.gov/ 
edocs_public/attachmatch/DOC-235841A1.doc.
---------------------------------------------------------------------------
    Since the National ``Do Not Call'' registry opened on June 
27 it has been immensely popular; nearly thirty million 
consumers have already signed on. The Commission is presently 
engaged in a vigorous consumer education effort to further 
publicize the availability of the registry.\10\ More generally, 
the Commission has undertaken comprehensive consumer education 
efforts in the privacy arena.\11\
---------------------------------------------------------------------------
    \10\ See, e.g., http://www.ftc.gov/bcp/conline/edcams/donotcall/
index.html.
    \11\ See, e.g., http://www.ftc.gov/bcp/conline/pubs/credit/
privchoices.htm#yourright.
---------------------------------------------------------------------------
    The FCRA is relevant to telemarketing only to the degree 
that telemarketers obtain consumer names and telephone numbers 
from consumer reporting agencies for prescreened offers of 
credit or insurance.\12\ When telemarketing lists are derived 
from FCRA-approved prescreening, telephone solicitors are not 
required to give consumers notification of their right to opt 
out of future prescreened solicitations because Congress limited 
the FCRA requirement that consumers be notified of their opt out 
right to written prescreen offers.\13\
---------------------------------------------------------------------------
    \12\ The vast majority of prescreened solicitations are by mail.
    \13\ Section 615(d)(1) of the FCRA requires that written 
solicitations include a ``clear and conspicuous'' statement of certain 
information, including that the consumer's credit report was used in 
the prescreen, various limitations on the offer, and disclosure of the 
consumer's right to opt out of future prescreen solicitations. 15 
U.S.C. Sec. 1681m(d)(1). The Commission engaged in an enforcement 
action to assure that consumers are given disclosure of their opt out 
rights. In Unicor Funding, Inc. (October 1999), the Commission obtained 
a $100,000 civil penalty from Unicor for failing to provide required 
notices to consumers receiving ``prescreened'' offers [Sec. 615(d)], 
and failing to provide adverse action notices [Sec. 615(a)]. I am also 
aware of complaints that raise a question whether disclosure notices 
are sufficiently ``clear and conspicuous.'' The Commission has 
therefore endorsed Administration recommendations that the Commission 
and bank regulators be authorized to clarify and strengthen the opt out 
notice requirements.
---------------------------------------------------------------------------
    Whether they have received the written opt out disclosure 
or not, consumers can opt out of receiving prescreened offers 
by calling 1-888-567-8688. Once a consumer has opted out, his 
or her name cannot be supplied in a prescreened list for future 
offers, whether those offers are made in writing or by 
telephone.

Q.4. If a consumer elects to opt out of such unwanted 
solicitations by contacting the credit reporting agencies by 
telephone, why is that opt out effective for only 2 years, 
whereas it is effective permanently, unless revoked, if done in 
writing?

A.4. Congress created this distinction in the 1996 Amendments 
to the FCRA. For consumers who exercise their opt out rights 
under the FCRA, the 1996 Amendments provide that an opt out 
conveyed through the telephone notification system required by 
Section 604(e)(5) should be effective for a 2-year period after 
notification.\14\ The 1996 Amendments further provided that, 
for a consumer who submits a signed notice of election to opt 
out in a form issued by the consumer reporting agency under 
Section 604(e)(2), the exclusion from prescreened lists shall 
be effective until revoked by the consumer.\15\
---------------------------------------------------------------------------
    \14\ Section 604(e)(4)(B)(i); 15 U.S.C. Sec. 1681b(e)(4)(B)(i).
    \15\ Section 604(e)(4)(B)(ii); 15 U.S.C. Sec. 1681b(e)(4)(B)(ii).

Q.5. Free credit reports are made available to consumers in 
several States, including Colorado, Georgia, Maryland, 
Massachusetts, New Jersey, and Vermont. What have been the 
results of this provision with respect to the availability of 
credit in these States? Has the provision of free credit 
reports had an adverse impact on the credit system in these 
---------------------------------------------------------------------------
States?

A.5. The FTC's information to date on the comparative number of 
reports supplied to consumers is inconsistent. Some information 
indicates a mere marginal increase; other information indicates 
that the number of reports supplied to consumers nearly 
doubles. I am unaware of any data that demonstrate any impact 
from free availability either on the availability of credit or 
on the credit systems of these States.

Q.6. Very few consumers understand the prescreening process. 
Should the FTC establish standards within the FCRA that clearly 
delineate the prescreening process?

A.6. The FCRA itself delineates the prescreening process in 
some detail. \16\ The Commission lacks rulemaking authority 
under the FCRA, and thus cannot establish standards delineating 
the prescreening process.
---------------------------------------------------------------------------
    \16\ Sections 603(l), 604(c), 604(e), and 615(d) of the FCRA codify 
procedures that must be followed by creditors and insurers when using 
(and by CRA's when providing) consumer reports to make unsolicited 
offers of credit or insurance to consumers, a process known as ``pre-
screening.'' Section 604(c) provides a limited permissible purpose for 
consumer reporting agencies to furnish consumer report information for 
prescreening. Section 603(l) defines a ``firm offer of credit or 
insurance'' as an offer that will be honored if a consumer meets the 
consumer report criteria used to create the list of consumers to 
receive the offer. Section 603(l)(1) permits a business to use 
information in a consumer's application (such as the consumer's income) 
to determine whether a consumer meets specific application criteria 
bearing on credit worthiness or insurability so long as the criteria 
were established before the prescreened list was created. Section 
603(l)(2) permits businesses to verify that a consumer continues to 
meet the credit worthiness or insurability criteria that were used in 
the prescreening to select the consumer to receive the solicitation, 
and permits businesses to also verify the application information 
provided by the consumer and used in any Section 603(l)(1) 
postscreening. Finally, Section 603(l)(3) permits credit grantors and 
insurers to require that consumers furnish collateral so long as any 
required collateral is established before the prescreening is conducted 
and is disclosed to the consumer in the solicitation that results from 
the prescreening.
     Section 604(e) sets forth consumers' rights to opt out of 
prescreening, and CRAs' duties to honor such opt outs. Section 615(d) 
sets forth duties of credit grantors and insurers when making 
prescreened offers.

Q.7. What additional statutory or regulatory authority does the 
---------------------------------------------------------------------------
FTC need to effectively implement the FCRA?

A.7. The Commission's testimony on Thursday, July 10, set forth 
specific recommendations for additional FTC authority.

       RESPONSE TO WRITTEN QUESTIONS OF SENATOR BENNETT 
                   FROM J. HOWARD BEALES, III

Q.1. Is credit prescreening simply a tool that makes it easier 
to market loan products to consumers? Some say that it serves 
other goals such as helping lenders reduce risk, increasing the 
availability of consumer credit, or fostering competition among 
lenders. Please comment.

A.1. I believe that prescreening, in combination with other 
direct marketing and advertising, has enhanced competition and 
led to the widespread availability of credit cards with no 
annual fee and other attractive benefits.\17\ For example, the 
use of prescreened offers for marketing credit cards has led to 
the development of credit card banks that rely almost entirely 
on prescreened offers to market their cards.\18\ There is also 
some evidence that prescreened offers help lenders manage risk, 
and do not contribute to identity theft--indeed, may even help 
prevent identity theft to some degree.\19\
---------------------------------------------------------------------------
    \17\ See also statement by Michael A. Turner before the House 
Committee on Financial Services, Subcommittee on Financial Institutions 
and Consumer Credit, May 8, 2003, http://financial
services.house.gov/media/pdf/050803mt.pdf, at 7-9.
    \18\ See http://www.senate.gov/banking/_ files/beales1.pdf at 
notes 70-71 and accompanying text.
    \19\ Id. at 9-10.

Q.2. Expiration of the FCRA's prescreening preemption language 
would allow States to prohibit prescreening, or require 
consumer reporting agencies or lenders to obtain the prior 
consent of the customer before their credit file could be 
accessed for prescreening. How would such requirements impact 
---------------------------------------------------------------------------
consumers?

A.2. As explained above, prescreening benefits consumers by 
enhancing competition. State restrictions on prescreening would 
interfere with these benefits.

Q.3. Is there a linkage between prescreening and identity 
theft? Some say that prescreening increases consumers' exposure 
by making it easier for lenders to flood consumers with 
preapproved applications that can be stolen and submitted by 
identity thieves. Lenders say that prescreening reduces 
opportunities for identity theft, because it allows them to 
make smaller numbers of targeted offers rather than mail 
volumes of applications. They also claim that because 
preapproved offers are preprinted with the consumer's address 
and other information, it becomes easier to foil identity 
thieves when would-be identity thieves change the preprinted 
information before submitting the application, changes that 
alert the lender to suspicious activity. What is the FTC's 
experience?

A.3. There is scant evidence of a linkage, one way or the 
other. To the extent that hard data exist, they suggest that 
identity theft growing out of prescreened offers is somewhat 
lower than identity theft associated with conventionally opened 
accounts.\20\
---------------------------------------------------------------------------
    \20\ Id.

Q.4. What has the Commission's experience been with regard to 
consumer complaints about prescreening? Describe the volume and 
---------------------------------------------------------------------------
subject matter of these complaints.

A.4. The FTC's consumer complaint database and the limitations 
of the information it provides is described above in response 
to Senator Sarbanes. With respect to this inquiry, out of the 
376,301 complaints received directly by the FTC in 2002, 39 
concerned prescreening. Twenty-two of these stated that the 
prescreening bureau failed to honor the consumer's request for 
removal from their list. Ten complaints concerned the failure 
of a prescreening service to provide notice of the opt out 
procedure. Four complaints concerned a prescreening service 
that failed to make a firm offer of credit, and three 
complaints alleged a false representation that an offer was 
preapproved.

Q.5. Have State officials used their authority under the FCRA 
to enforce the FCRA's prescreening provisions? What is the 
volume and nature of consumer complaints about credit 
prescreening that state officials have handled?

A.5. Section 621(c)(2) of the FCRA requires States to serve 
prior written notice upon the Commission of intended State 
actions to enforce the FCRA. The Commission has received only 
one such notification from any State, and the case did not 
involve pre-
screening.\21\ We know of no other case where a State has 
exercised its enforcement authority under the FCRA. Similarly, 
we have no information concerning consumer complaints at the 
State level, if any, about prescreening.
---------------------------------------------------------------------------
    \21\ The Attorney General's Office of the State of Minnesota 
charged US Bank with false advertising, deception, and other violations 
of Minnesota law, as well as FCRA counts. See Hatch v. US Bank Nat'l 
Ass'n, No. 99-872 (D. Minn. filed June 8, 1999).

Q.6. Does the FTC believe that changes are needed in the FCRA's 
prescreening rules? Would consumers be affected differently if 
changes identified by the FTC or others are made by Congress, 
---------------------------------------------------------------------------
rather than by state or local officials?

A.6. The Commission addressed these issues directly in its 
testimony on July 10. The Commission recommended that the 
preemption of State action on prescreening be made permanent 
and that the Commission and bank regulators be granted 
rulemaking authority to address the prominence and 
understandability of disclosures to consumers of their right to 
opt out of prescreen offers. The Commission has not taken any 
position with respect to changes or amendments to the 
prescreening provisions of the FCRA. Any needed revisions to 
this or other sections of the FCRA that are subject to 
preemption should be made by Congress and should apply 
uniformly.

        RESPONSE TO WRITTEN QUESTIONS OF SENATOR MILLER 
                   FROM J. HOWARD BEALES, III

Q.1. Mr. Beales, what is the FTC's jurisdiction over the Fair 
Credit Reporting Act? Is it mainly education and guidance? 
Enforcement? Answering callers with FCRA questions or all of 
the above?

A.1. The FTC has a role to play in each of these areas. The 
Commission's jurisdiction under the FCRA reaches firms other 
than those expressly assigned to another Federal regulator, 
such as banks and savings associations.\22\ Unlike the banking 
regulators, the Commission lacks rulemaking authority.\23\ 
Within those limits, the Commission has been active in all of 
the areas you identified. My testimony described many of the 
Agency's efforts in consumer and industry education and 
guidance.\24\ The FTC continues aggressively to pursue ongoing 
consumer and business education initiatives.\25\ The Agency 
continues to advance compliance with the FCRA, both through 
investigations of possible law violations and through informal 
means such as workshops, participation in public programs, and 
liaison with industry and other interested parties. The Agency 
has an active program to respond to telephone inquiries, 
through our Consumer Response Center described above and other 
avenues.
---------------------------------------------------------------------------
    \22\ Section 621 of the FCRA, 15 U.S.C. Sec. 1681s.
    \23\ Section 621(e) of the FCRA, 15 U.S.C. Sec. 1681s(e).
    \24\ See http://www.senate.gov/banking/_ files/beales1.pdf at 
notes 52-58 and text accompanying.
    \25\ See, e.g., the Commission's recently posted alert regarding an 
email campaign containing false and misleading information about the 
use of consumers' personal information, posted at http://www.ftc.gov/
bcp/conline/pubs/alerts/optalrt.htm, and linked prominently on the 
Commission's Internet home page, http://www.ftc.gov.

Q.2. Based upon the daily callers with FCRA questions, what 
kinds of problems are they mostly asking about as it relates to 
the FCRA? Is there a trend?
A.2. The FTC's consumer complaint database and the limitations 
of the information it provides are described above in response 
to Senator Sarbanes. As noted there, the FTC received 376,301 
complaints in 2002. The five top categories of complaints 
related to the FCRA were ``Provides Inaccurate Information'' 
(13,188 complaints);'' Tails to Reinvestigate Disputed 
Information'' (3,030 complaints); ``Knowingly Supplies 
Inaccurate Information to Credit Bureau'' (2,486 complaints); 
``Provides Inadequate Phone Help'' (1614 complaints); and 
``Discloses Incomplete/Improper Credit File to Consumer.'' 
(1,414 complaints) The complete report of FCRA complaints is 
attached as Appendix A.
    Appendix B lists the number of FCRA complaints received by 
the FTC for the past 6 years. These data do not allow us to 
detect trends in FCRA issues. First, 1997 was the first year we 
began a systematic approach to complaint handling. With each 
passing year, we have improved our ability to collect and enter 
the data. For example, our phone counselors are more highly 
trained, and we are able to use technology to better handle and 
process calls. Thus, our complaint volume has increased. 
Similarly, over the course of this time, we have pursued an 
aggressive outreach program, which has resulted in higher 
awareness of the FTC's consumer assistance program. Put another 
way, we receive more complaints because more people know about 
our consumer program. For example, in 1997, the FTC received a 
total of 13,362 consumer complaints. By 2002, as noted above, 
that number had grown to 376,301. Thus, while the data show a 
dramatic increase in the number of FCRA complaints over the 
past 6 years, there has also been a dramatic increase in the 
overall number of complaints received by the FTC during the 
same time period. As a fraction of total complaints we receive, 
FCRA complaints fell from 11.1 percent in 1997 to 3.5 percent 
in 2002.
    Finally, as discussed earlier, because this data is self-
reported we cannot conclude that they reflect either the actual 
or a projectable incidence of FCRA violations.
    Despite the various considerations that preclude explicit 
conclusions from the numbers and types of complaints alone, the 
most common subject areas of consumer complaints (accuracy, 
reappearance of previously deleted items) have typically led 
the list of subject areas complained of over the years.

Q.3. Will your updated Commentary that you are working on 
reflect the more recent problems raised by callers?

A.3. The Commentary is intended to give guidance to all parties 
who are subject to the requirements of the FCRA. The Commentary 
will reflect a wide range of Commission experience in enforcing 
the FCRA. Additionally, the Commission staff undertook an 
informal outreach effort prior to drafting the updated 
Commentary. The staff received views from a variety of sources, 
including consumer groups, consumer advocates, trade groups, 
and industry and public interest lawyers.

Q.4. Of the seven 1996 preemption amendments to the FCRA, which 
ones have callers raised the most issues with? Have there been 
any problems with the treatment of affiliate information 
sharing?

A.4. Consumers have not typically complained about areas 
subject to the preemptions in ways that implicate any issue 
relevant to preemption itself. We are aware of no complaints 
regarding the treatment of information sharing by affiliates.


                        THE GROWING PROBLEM OF
                  IDENTITY THEFT AND ITS RELATIONSHIP
                    TO THE FAIR CREDIT REPORTING ACT

                              ----------                              


                        THURSDAY, JUNE 19, 2003

                                       U.S. Senate,
          Committee on Banking, Housing, and Urban Affairs,
                                                    Washington, DC.

    The Committee met at 10:02 a.m., in room SD-538, Dirksen 
Senate Office Building, Senator Richard C. Shelby (Chairman of 
the Committee) presiding.

        OPENING STATEMENT OF CHAIRMAN RICHARD C. SHELBY

    Chairman Shelby. The Committee will come to order.
    Today, the Committee returns to considering the expiring 
preemption provisions of the Fair Credit Reporting Act. As part 
of this process, I believe it is essential that we undertake a 
thorough review of the larger context in which the Act 
operates. And, in this regard, the first thing worth noting is 
the truly dynamic nature of the credit markets in our economy. 
In just the 6 years since the Fair Credit Reporting Act was 
last amended, significant changes have occurred. There are new 
participants, new technologies, new information use practices, 
and new products. Indeed, there is more that has changed than 
has remained the same in the operation of the credit markets 
since the last time Congress considered the Fair Credit 
Reporting Act.
    While many of these changes introduced positive features, 
such as more credit and an expedited process for obtaining 
credit, not every new development has been positive. 
Unfortunately, as our economy has grown more automated, 
allowing more and more depersonalized transactions to occur, 
and, as the transfer of personally identifiable information has 
become much more frequent, a new type of crime that takes 
advantage of these circumstances has emerged--identity theft.
    Identity theft involves a person using someone else's 
personal 
information without their knowledge to commit fraud or theft. 
Practically speaking, the crime involves misappropriation of 
such personal information as a victim's name, date of birth, 
and Social Security number. Identity thieves then use this 
information to open new credit card accounts, to divert current 
accounts from victims to themselves, and to open bank accounts 
in victims' names, among other things. The bad charges and the 
hot checks usually happen while the victims, banks, credit card 
companies, and other firms are unaware that something is amiss. 
After all the activity and the skipped payments, businesses 
usually take action to get compen-
sated and ultimately cut the thief off.
    In most instances, this is when the victims first become 
aware of the fact that they have been targeted. It is also when 
they begin to experience the negative consequences--dealing 
with law enforcement and collection agencies. Soon thereafter, 
when the criminals' handiwork shows up on their credit reports, 
they face the considerable task of restoring their good name 
and credit. Plainly, this crime has many victims. Firms lose 
profits. Individuals lose time, money, and peace of mind when 
their good name and reputation are tarnished.
    In light of the serious nature of the consequences of 
identity theft, this issue would merit attention even if there 
were only a limited number of victims. Unfortunately, there are 
thousands of victims whose numbers are growing at an 
increasingly faster pace. Indeed, it has been asserted that 
identity theft is the fastest growing crime in America.
    This issue tracks across credit reporting in so many ways 
that it is essential that we consider it in the context of the 
reauthorization of the preemption provisions of the Fair Credit 
Reporting Act.
    Identity theft prevention, restoration of accurate reports, 
and victim assistance, among many other areas, are things that 
were not on the radar screen when the 1996 Amendments were 
passed into law. These are things we need to be thinking about 
as we go forward, things we must be considering if we are going 
to meet our goal of ensuring that the law produces the most 
effective, efficient, balanced, and fair system possible.
    I want to thank the witnesses for appearing this morning 
andwe look forward to hearing from them.
    Senator Johnson.

                STATEMENT OF SENATOR TIM JOHNSON

    Senator Johnson. Thank you, Chairman Shelby, for convening 
this hearing on identity theft. Identity theft is a growing 
problem and yet one that is not well understood. While most 
people know where to go in the case of more traditional crimes, 
victims of identity theft are particularly hard-pressed to know 
where to turn. A call to the local police department, 
unfortunately, rarely points the consumer in the right 
direction.
    Clearly, we need to create a framework to address identity 
theft. Back in 1995, when Sandra Bullock starred in ``The 
Net,'' a feature film about identity theft, the movie was 
classified as science fiction. After reading the testimony of 
the witnesses before us today, I think it is clear that we must 
confront the reality of this crime.
    Today's hearing is on the relationship between identity 
theft and the Fair Credit Reporting Act, and, Mr. Chairman, I 
believe this is an important hearing. As we know, our credit 
reporting system has created a national credit marketplace, and 
I think that we are all familiar with the enormous benefits 
that come from increased credit opportunities. However, a 
national marketplace has created new opportunities for remote 
economic crimes where the thief can be thousands of miles away 
from the location of the victim.
    A couple of days ago, Assistant Secretary of the Treasury 
Wayne A. Abernathy, who is well-known to many of us here for 
his long service as Committee Staff Director under Senator Phil 
Gramm, said something in a speech that struck a chord with me. 
He noted that identity theft is not a problem of too much 
information. It is a problem of too little information. And by 
this, he meant that identity theft happens when creditors lack 
the necessary information to assess the credibility of an 
applicant.
    It is often argued that a uniform national credit system is 
our best tool in the fight against identity theft, and in some 
sense, Mr. Harrison, who will testify before the panel today, 
confirms this by describing the additional problems he 
encountered in trying to sort out fraud related to his checking 
account where no centralized system similar to the Big Three 
credit bureaus is in place.
    On the other hand, I am deeply troubled by the apparent 
conflict between Mr. Harrison's written testimony and the 
claims that the credit bureaus and national credit system are 
the answer to identity theft. He appears to have done 
absolutely everything right, followed all the rules, contacted 
the right organizations, and the 
results have, nevertheless, been devastating. I am also 
troubled by reports that even when a consumer takes the time to 
put a fraud alert on his or her account, those alerts may 
sometimes be ignored.
    So, I want to make it perfectly clear that I continue to 
believe that a single national system provides a critical 
opportunity to 
address identity theft. And yet we have a responsibility to the 
hundreds of thousands of victims of identity theft to make sure 
that we fine-tune our system so that it does not take years to 
correct a credit record. That is wrong, and that is not what 
Congress intended.
    What I think is most important, though, is that we do not 
make FCRA the straw man for identity theft. The worst thing we 
can do is jeopardize millions of Americans' access to credit so 
we can claim to have done something about this terrible crime.
    So, Mr. Chairman, I look forward to hearing today's 
witnesses, and I thank you once again for holding this hearing.
    Chairman Shelby. Thank you, Senator Johnson.
    Senator Dole.

              STATEMENT OF SENATOR ELIZABETH DOLE

    Senator Dole. Mr. Chairman, I want to thank you for holding 
this hearing today on identity theft and its relationship to 
the Fair Credit Reporting Act. Identity theft, as you 
mentioned, is frequently cited as the fastest growing crime in 
the Nation. However, precise statistics are not available to 
properly gauge the full extent of the problem since an 
estimated 40 percent of identity theft cases are believed to 
involve friends or family members and are never 
reported.
    Identity theft is a problem that has grown increasingly 
more prevalent in the past few years. According to the Federal 
Trade Commission, my alma mater, identity theft was the top 
consumer complaint received last year, with the rate of 
complaints and inquiries increasing at an alarming rate with 
the widespread use of Internet technology. There are currently 
over 1,700 cases of stolen identity per week that are being 
reported.
    Fighting fraud and protecting the security of personal 
information is a topic that unites financial institutions and 
consumers. Each group is harmed by fraudulent use of personal 
information. Financial institutions are the victims of fraud 
because the financial institution is usually liable for any 
losses suffered as a result of the fraud. Consumers obviously 
suffer unnecessary inconvenience and insecurity as a result of 
fraud, and they can be exposed to additional crimes such as 
identity theft. Furthermore, at least a portion of financial 
institutions' fraud losses can be expected to be passed on to 
consumers in the form of higher prices. There can be no doubt 
that when fraud is committed, everyone loses.
    With the December 31 expiration of important provisions of 
the Fair Credit Reporting Act, we have the responsibility to 
examine problems within the system that have been harming both 
consumers and financial institutions. It is my hope that in 
addition to reauthorizing the Fair Credit Reporting Act, we can 
take strong steps toward combatting and preventing identity 
theft.
    I certainly want to thank our witnesses for joining us here 
today. I look forward to working with my colleagues to address 
the problem of identity theft in our work to reauthorize the 
Fair Credit Reporting Act this year.
    Thank you.
    Chairman Shelby. Thank you, Senator Dole.
    Senator Corzine.

              STATEMENT OF SENATOR JON S. CORZINE

    Senator Corzine. Thank you, Mr. Chairman, and I commend you 
for holding this hearing. I welcome our witnesses and look 
forward to hearing their testimony and responses to questions.
    This is an important juxtaposition, the Fair Credit 
Reporting Act and identity theft, which is one of the many 
issues that we need to address here. Identity theft, I think, 
plays a central role, if not vital part, in this 
reauthorization, which I fully support. I think this problem 
has been acknowledged by just about everyone--consumers and 
most financial institutions and others who look at it from a 
law enforcement standpoint--that there is a real stake that we 
need to address inside the concept of FCRA. And I think 
everyone acknowledges that identity theft is one of the single 
largest sources of consumer-related problems that the FTC deals 
with on a regular basis.
    The numbers bear that out. According to the FTC, reported 
instances of identity theft rose phenomenally, 88 percent in 
2002, to 380,000 from 220,000 in 2001. And almost everyone 
acknowledges those numbers understate the reality of the 
problem that exists. The costs are staggering. Out-of-pocket 
costs for victims of identity theft skyrocketed from $160 
million in 2001 to $343 million last year. Those are numbers 
that are based on reported elements.
    I can tell you that in New Jersey there have been multiple 
instances of organized crime-related elements involved in 
identity theft as well as the individual consumer being put at 
risk, several rings that worked up and down the East Coast, and 
it is actually quite a recognized concern of consumers in my 
community.
    Simply put, our consumers are losing the battle against 
identity thieves, and when they lose, I think we all lose in 
our economy. And I think all of us know that about 70 percent 
of our economy is driven by consumers.
    While Congress has taken some important steps in this area, 
most notably by making it a Federal crime in 1998, some 
individuals in financial services have taken voluntary 
initiatives--the truncating of credit card numbers, for 
instance, which I commend. I think there is more that can be 
done.
    Next week, I plan on introducing legislation to address the 
problem of identity theft. The Identity Theft Notification and 
Credit Restoration Act is based on three key principles--
disclosure, prevention, and credit restoration. By the way, I 
hope to be able to work with others in refining this and making 
it meet the needs of what, I think, is a major problem in our 
Nation.
    First, it requires financial institutions to make timely 
disclosures to individuals, credit reporting agencies, and law 
enforcement when their information has been breached, either 
computerized or paper records, and compromises that personal 
information of those financial institutions' customers.
    Second, the bill requires credit reporting agencies, upon 
notification of the breach, to place ``fraud alerts'' in the 
credit files of 
affected individuals. This red flag will alert issuers of 
credit to undertake enhanced preauthorization procedures prior 
to issuing credit in the name of the individual who has a fraud 
alert on their credit file.
    Finally, the bill provides victims of identity theft with 
access to four credit reports the year following the theft of 
their identity to ensure that inaccurate and credit damaging 
information resulting from the identity theft does not end up 
on their credit file, ruining their ability to operate in our 
economic system. The bill improves the ability of all consumers 
to monitor the content and accuracy of the information 
contained in their individual credit file by providing them 
with access to one free credit report per year.
    Mr. Chairman, many, including some of the witnesses here, 
have articulated that one of the best ways to fight identity 
theft is by empowering consumers with more information and 
greater awareness of the risks and that this problem is 
growing. I think the bill that I am suggesting will do just 
that.
    I look forward to working with you and the other Members of 
the Committee with regard to this very important issue.
    Chairman Shelby. Thank you, Senator Corzine.
    Senator Crapo.

                STATEMENT OF SENATOR MIKE CRAPO

    Senator Crapo. Thank you, Mr. Chairman. I, too, want to 
thank you for holding this hearing.
    As I am sure everyone here knows, the Fair Credit Reporting 
Act and the issues that surround it are going to be very 
central to the activity of this Committee this year and 
critical to our efforts to make sure that the proper protection 
of our credit system in this country is accomplished. And part 
of that is going to be addressing the question of identity 
theft.
    I suspect that that may be one of the easier parts that we 
address because it may be one where we find the most consensus 
among us as to whether there is an issue and how to approach 
it. But, nonetheless, it will be one of the more important 
aspects of what we do.
    This last weekend, I happened to be in a hotel, and late at 
night I was flipping through channels, and it is interesting 
that Senator Johnson mentioned Sandra Bullock in ``The Net'' 
because, lo and behold, there it was on television. And at the 
time, I wondered, if the media is picking up on the issue of 
identity theft by either noticing what we are doing in Congress 
and following our lead, or whether we are following their lead 
and they are bringing the public's attention to it. Then I 
wondered perhaps it was just a coincidence, but I doubt it.
    The fact is that across this country, whether it is here in 
Congress, among the consuming public, or in financial 
institutions, identity theft is becoming an increasingly large 
issue. I think as we approach the issue, we want to make 
certain that we do it in the context of recognizing the value 
of our system of credit in this country today, and not blaming 
our system of credit but recognizing that the strength of the 
Fair Credit Reporting Act and what we have in America in terms 
of the way we approach and manage credit is a strong part of 
our system that needs to be protected and that can be used as 
the system by which we achieve the objectives to protect 
against identity theft.
    It seems to me that the Fair Credit Reporting Act and our 
credit system in this country is a big part of the solution, 
not a part of the problem that we are facing here. And I look 
forward to working with the other Members of the Committee on 
this issue. I, too, am putting together an approach to this 
issue legislatively, and I look forward to working with Senator 
Corzine and others who are going to be addressing this because 
it will be one piece of a very big part of our approach to the 
credit system of our country this year that is critical to 
consumers, financial institutions, and, frankly, to the 
strength of our economy.
    Thank you.
    Chairman Shelby. Thank you, Senator Crapo.
    Senator Dodd.

            STATEMENT OF SENATOR CHRISTOPHER J. DODD

    Senator Dodd. Thank you very much, Mr. Chairman, not only 
for holding this hearing, but also for your leadership on this 
issue. I have enjoyed working with the distinguished Chairman 
of this Committee on issues involving privacy for a long time, 
and I am grateful, along with others here. But the people who 
may be most grateful are the ones who are not sitting on this 
panel but others out there, and you are going to hear from some 
of them today. Some witnesses have been through almost Kafka-
esque situations in terms of their credit problems and the 
like.
    You are going to hear from a constituent of mine, Captain 
John Harrison, retired from the U.S. Army, a story that will be 
hard for you even to imagine what he has gone through, but 
rather remarkable what has happened to him and others. So, I 
thank you very, very much.
    Just to share a couple of thoughts, identity theft is a 
matter, obviously, of great concern to consumers across the 
country, and it is clear to me that we have to do more to help 
consumers safeguard their financial and personal identities. 
Being financially secure used to mean, in the United States, 
that you had enough money in the bank to see you through a 
rainy day. Unfortunately, today being financially secure has 
another meaning as well. It means that you have the ability to 
stop the improper use of your financial records, and you have 
the power to prevent misuse of your name, your financial 
history, and your good reputation.
    I understand that there are more than 1,300 identity theft 
victims in my State alone, a small State, 3.5 million people 
each year. As the story you will hear from Captain Harrison 
will attest, identity theft can have devastating consequences 
on the personal and professional lives of its victims. For 
those who have been caught in the tangled web of other people's 
lies, the need for reforming the financial system so that it 
can better respond to identity fraud is perfectly clear. I want 
to publicly thank Captain Harrison. It is not easy. It is hard 
enough to go through what he has been through, but now to come 
to a public place and talk about what happened to you requires 
a certain amount of courage. And I admire people who are 
willing to do that, to stand before us and tell us what has 
happened to them.
    I also want to thank Mike Naylor, Mr. Chairman, and thank 
you for asking him to be a witness here today. Mike works with 
AARP and has done some excellent work in identifying possible 
solutions to the current identity fraud problem. And for truth 
in advertising, Mike Naylor is my former Legislative Director, 
many, many years ago. He has been in the private sector for a 
lot of years and just recently joined AARP. But I think you 
will find his testimony worthwhile.
    In my view, consumers should be able to seek financial 
services without fear. Consumers should be able to rest assured 
that their private financial information will be responsibly 
maintained by those who have been entrusted with that 
information. Companies that collect consumer financial 
information must be able to responsibly handle that 
information, and such information should not be negligently 
published or even intentionally shared without consumers' 
consent.
    Furthermore, consumers should not only have the right to 
know how their personal financial information is being used, 
but should also have the right to say no to sharing that 
information.
    In recent years, we have taken steps to empower consumers 
with control over their own financial information. The 
Financial Services Modernization Act, also known as Gramm-
Leach-Bliley, for example, enhanced consumer protections and 
for the very first time made financial institutions accountable 
for notifying consumers about their right to opt out of sharing 
nonpublic, personally identifiable information with 
nonaffiliated third parties.
    The Gramm-Leach-Bliley Act requires financial institutions 
to notify consumers of their privacy policies and any plans to 
share personal information with another party. And while these 
safeguards are an important step toward ensuring consumers' 
financial security, I believe much more must be done to afford 
consumers greater control over their own financial privacy.
    Let me also underscore the point that our colleague from 
Idaho, Senator Crapo, has made. I think it is also the balanced 
side of this thing. The credit system has worked tremendously 
well to ensure us a strong economy in this country, and 
striking the balance here is not easy to do, but it must be 
done. And I think we can do that. It is going to be a challenge 
for this Committee.
    Mr. Chairman, thank you immensely for holding these 
hearings.
    Chairman Shelby. Thank you.
    Senator Allard.

               STATEMENT OF SENATOR WAYNE ALLARD

    Senator Allard. Mr. Chairman, I, like many of my colleagues 
on this Committee, want to thank you for your diligence on this 
particular issue, both for holding today's hearing as well as 
your support for improvement of the Fair Credit Reporting Act. 
While 
national statistics tend to focus on crimes such as homicides 
and burglaries and robberies, the crime of stealing one's 
identity is a serious and widespread crime that too often goes 
overlooked. Identity theft takes advantage of hard-working 
citizens in a situation they simply cannot prevent. Many of 
these hard-working citizens, Mr. Chairman, will not even 
realize that they have been a victim of identity theft until 
they go to apply for a car loan or a loan for their home. Then 
suddenly they discover that for some reason or another, they do 
not qualify.
    This is almost a subject for another hearing, but part of 
the problem is that on credit scores, for example, a lot of 
consumers do not even realize that there is a system out there 
that has an impact on their credit ratings. This system is 
based on how frequently a credit card is used; how many credit 
cards one has; how many inquiries there are on your name. All 
of these actions have an impact on one's credit. So why should 
we worry about it? Well, it has an impact on the interest rate 
that you might pay on a loan, so there is a hidden cost 
associated with this system.
    If you talk to victims, there are also issues as far as 
legal jurisdiction, and which law enforcement agency is 
responsible for enforcing certain laws pertaining to identity 
theft. This may need to be covered in another committee, but it 
is something this Committee should think about.
    The other important question that comes up: Are our 
penalties tough enough? When you look at what happens to a 
victim of something like this, I think the question that we 
need to ask is: Are the penalties tough enough for the 
perpetrators?
    And so, Mr. President--Mr. Chairman, I hope that you 
continue to hold hearings on this important issue.
    Chairman Shelby. I support President Bush.
    Senator Allard. Yes, sorry about that, Mr. Chairman.
    [Laughter.]
    Senator Allard. I think we need to look at a number of 
different cases to fully understand this problem. The bottom 
line is that of the more than one million inquiries that the 
Federal Trade Commission received in 2001, 86,680 of them were 
identity fraud complaints. This presents a grave situation for 
unsuspecting Americans and a challenge for all financial 
institutions and businesses in the United States.
    While there is an apparent need to protect sensitive 
personal information from getting into the wrong hands, there 
is also a need for a certain degree of transparency in order 
for the U.S. financial and business systems to function.
    I would like to thank the witnesses for agreeing to testify 
today on this important issue, and I look forward to all of 
your testimony.
    Chairman Shelby. Thank you, Senator Allard.
    Senator Schumer.

            STATEMENT OF SENATOR CHARLES E. SCHUMER

    Senator Schumer. Thank you, Mr. Chairman, and thank you for 
holding this hearing.
    Again, this is a really important issue. I have been 
concerned and involved in it for over a year, and there is 
nothing worse than when your identity is stolen through no 
fault of your own and then it takes you years and years to 
restore your credit rating. It is an impossible situation. And 
it used to be a small situation. You know, this was not done en 
masse before the days of computers. Somebody might reach into a 
garbage can and find somebody's credit card number and do it. 
But we have had instances in New York where whole databases 
were stolen by employees selling for 30 bucks an identity or 
something like that and making huge amounts of money. Our U.S. 
Attorney, Mr. Comey, had a major indictment of this.
    So, I certainly agree with what some of my colleagues have 
said, I think Mike Crapo, that our credit system and this new 
digital age have brought huge benefits. It also brings some 
liabilities, and it is our job to focus on those liabilities, 
and I think FCRA is an appropriate place to do it.
    As I mentioned, Mr. Chairman, this issue is of specific 
concern to New York. The city where I live, my hometown, has 
the unfortunate distinction of being the identity theft capital 
of the United States. We suffer more identity theft than any 
other place. My State, New York, has the second highest amount. 
And this is mushrooming.
    Last year, the FTC nationally received twice as many 
complaints about identity theft as in 2001. Many people predict 
that by 2006 there are going to be half a million to 700,000 
Americans victimized. And this is not just a casual thing. It 
changes your life. You cannot get credit. Some people hound 
you. It is a huge mess.
    So, I think we have to move, and we have to move quickly. 
When you destroy a person's credit rating, you not only 
jeopardize an honest person's ability to get a credit card, 
receive approval for a loan, obviously, but also to get a job, 
or to buy a house. Those are ones that go to the core of who 
each of us are and what matters to us in our lives.
    We should do a number of things, and like some others here, 
I have a proposal that I have been floating and circulating. 
Before I do that, I do want to mention a couple of other people 
who have had--Senator Cantwell has a bill that I have 
cosponsored that makes it easier to restore your rating once it 
has been stolen. And in the Judiciary Committee, we are working 
together with Senator Feinstein in terms of toughening up the 
penalties. But there are five or six things I would recommend 
to this Committee to look at.
    One is to make sure that the credit databases are much more 
secure. You do that in a few ways. You make sure that the 
people who have access to those credit databases are bona fide 
people; make sure they do not have a criminal record; make sure 
they have had no other bad histories in the past. All too many 
companies do not do that now. Two, let people go into those--
even the employees go into those credit databases on a need-to-
know basis. Most of the companies we found, including the big 
case in New York which affected people throughout the country, 
any employee could just punch in and get the whole database, 
whether they needed it for their job or not. And so the credit 
companies should do this on a need-to-know basis. Let the 
employees go in there on a need-to-know basis. So those two 
things are important.
    At the core of the proposal I have made is credit account 
notification. Credit reporting agencies should notify a 
consumer when a new credit account is opened in his or her name 
because we know what happens. They take your name, they take 
your birth date, they take your Social Security number, and 
they just put in a different address. If the minute, you know, 
Chuck Schumer, 05--I should not use my Social Security number--
Chuck Schumer, Social Security number, 123-45-6789, birth date, 
January 1, 2001--make myself a little younger. But the minute 
that happens, and someone opens up a credit card at a new 
address, they should immediately send a notification to my old 
address where I really live, and I would say, hey, I did not 
move to Evanston, Illinois. And you could stop a whole lot of 
identity theft with that simple notification provision. I think 
we should do that.
    And two other things, Mr. Chairman. I am sorry. I 
appreciate the indulgence. We should truncate credit card 
receipts. Some companies do this. In other words, the receipt, 
the part you discard, does not show the whole number on there 
so people cannot go into the garbage can, pick it up, and 
duplicate your credit card number. That is easy to do, and some 
companies have it and some do not.
    Finally, as I mentioned earlier--Senator Cantwell has 
worked on this--make it easier if once it is proven bona fide 
that you are a victim of identity theft, make it easier to get 
your financial life back because that is a real hard thing to 
do.
    So, I would like to work with you, Mr. Chairman, and others 
on this Committee and try to get these changes and maybe put 
them in the Fair Credit Reporting Act. I really thank you for 
having a hearing on a very much needed topic.
    Chairman Shelby. Thank you, Senator Schumer.
    It is obvious, I think, here today that there is great 
interest on the Republican and Democratic side to do something 
about this issue, do something for the consumer, and I believe 
we can do it working together.
    Senator Bunning.

                STATEMENT OF SENATOR JIM BUNNING

    Senator Bunning. Thank you, Mr. Chairman, and I want to 
thank all our witnesses who are about to testify. It is a very 
important hearing and a very important issue.
    The technology boom has made most Americans live easier. 
With the Internet, we can get information that a few years ago 
it would have taken hours to research in just a matter of 
seconds. Workers are more efficient. It provides multiple 
entertainment options, and people can shop from home.
    Unfortunately, the technology boom has also provided many 
opportunities for another class of Americans: criminals. We 
have all heard the horror stories of identity theft, all of us. 
We will hear much more about it today. It is a problem, and we 
have to deal with it. Many have had their lives destroyed, and 
it has taken years for them to recover. We must make it harder 
for the criminal to steal. We must make the punishment fit the 
crime. And we must help victims recover quicker.
    I think we can accomplish all of these goals. Fighting 
identity theft is not a partisan issue, and in the tradition of 
this Committee, I am sure we will tackle it in a bipartisan 
manner.
    I am also pleased to note that the Administration has been 
working extensively on this problem. I look forward to working 
with them and all of the Members of this Committee so that we 
can get a good bill that we can all support and that will help 
solve this growing problem.
    I am very impressed with the diversity of opinion we have 
before us today. Once again, we have the FTC and others who are 
about to testify. We have the Secret Service to tell us how to 
recognize how identity theft works and how they investigate it. 
We have witnesses from the finance and retail industries to let 
us know what they are trying to do to prevent identity fraud. 
And we have consumer groups here to let us know how the average 
consumer is affected and what victims can do.
    This is a very important subject, and I applaud the 
Chairman for holding this hearing. Once again, thank you, Mr. 
Chairman, and all of our witnesses for testifying.
    Chairman Shelby. Thank you, Senator Bunning.
    Senator Sarbanes.

             STATEMENT OF SENATOR PAUL S. SARBANES

    Senator Sarbanes. Mr. Chairman, I want to commend you for 
holding this hearing. I think identity theft is a very serious 
national problem. It is an issue of great concern, obviously, 
on both sides of the aisle. Here in the Senate, a number of 
Senators actually have already in one way or another indicated 
their interest in seeking legislative improvements in this 
area. Senator Bennett actually held a hearing 5 or 6 years ago 
on the subject of financial instrument fraud. I know that 
Senators Bunning, Crapo, Kyl, Cantwell, Daschle, Corzine, 
Leahy, Feinstein and many, many others have offered and 
supported legislation. I could go on and on. So there is 
obviously very keen interest in it.
    It is obvious why. Identity theft has become an 
increasingly growing problem in recent years. Business Week 
recently stated in an article entitled ``To Catch an Identity 
Thief,'' ``Identity theft is one of the fastest-growing crimes 
in the United States'' The Federal Trade Commission reported 
that in 2002, they received over 380,000 consumer fraud 
complaints, of which about 162,000, or 43 percent, were about 
identity theft. Identity theft complaints far exceeded 
complaints about other types of consumer fraud at the FTC. The 
number of complaints about identity theft--and many of these 
are not reported incidentally, so this is only to some extent 
the tip of the iceberg--was 88 percent more in 2002 than in 
2001.
    Obviously, Americans have strong concerns about protecting 
their confidential information. This is an area, Mr. Chairman, 
in which you have shown a great deal of concern and leadership. 
Honest citizens who are victims of identity theft incur a high 
cost in money, time, anxiety, and efforts to correct and 
restore their spoiled credit histories and their good credit 
name.
    I look forward to hearing the testimony of the witnesses 
today about ongoing enforcement efforts and what additional 
measures can be taken to bring identity theft under control.
    I am very frank to tell you that I do think that, in the 
context of working on the Fair Credit Reporting Act, this is an 
opportunity to encompass within that initiative serious and 
effective measures to come to grips with this problem of 
identity theft. It is reaching epidemic proportions out there. 
It is devastating honest, hard-working, law-abiding people who 
become the victims of these, in many instances, very ingenious 
schemes, and in some instances brutally simple schemes. And, I 
think, as we address the FCRA issue, this is the right 
opportunity to address this identity theft question as well.
    Chairman Shelby. Thank you, Senator Sarbanes.
    Senator Bennett.

             STATEMENT OF SENATOR ROBERT F. BENNETT

    Senator Bennett. Thank you, Mr. Chairman, and as Senator 
Sarbanes has noted so graciously, we did hold a hearing on this 
subject back in the days when Senator D'Amato was the Chairman 
of the Committee and I had a Subcommittee focusing on financial 
services and high technology. I discovered that, at least at 
that time, it was not high technology that was the principal 
source of identity theft. People would steal mail, and upon 
stealing mail they would hope they would get lucky and get some 
piece of information that could then be useful to them. And, of 
course, the real bonanza would be if they could find a credit 
card in the mail.
    So, I will be very interested to hear what has happened in 
the time since then, and I agree with Senator Sarbanes that it 
is very appropriate that these hearings be held in the context 
of reviewing the Fair Credit Reporting Act. The Fair Credit 
Reporting Act has been attacked by some as being a challenge to 
the privacy of individuals, and ironically, the system that has 
been created under the Fair Credit Reporting Act in the past 
also provides the greatest bulwark against identity theft, 
because if you have sound information in a number of different 
places, you have the building blocks with which you can rebuild 
your credit background and history. And without that 
information, without the flow that comes between the various 
credit reporting agencies, you have a much more difficult time 
reclaiming your true identity.
    There was once a movie called ``The Net'' where the heroine 
of the movie had her entire identity stolen, and there was no 
place she could go to prove who she was because, given the 
magic of Hollywood, they were even able to ascribe her 
fingerprints to somebody else. Being Hollywood, of course, they 
figured it out before the last reel, and she emerged 
triumphant. But if there were someplace where she could go to 
say this is the sound information about me that has been 
accumulated that I can tap into, it would have killed the 
premise for the movie in the beginning, which is probably why 
nobody went to it. But it is something we should consider as we 
are addressing the Fair Credit Reporting Act.
    I am very strongly in favor of reauthorizing the Fair 
Credit Reporting Act so that we do not get an interruption in 
the progress that we have made in the years that it has been 
established. But I think a hearing like today's, where we are 
brought up to date on the extent of identity theft, the 
technological challenge of fighting it, and the various 
progress that has been made is a very salutary thing to do.
    Chairman Shelby. Thank you, Senator Bennett.
    Senator Miller.

                COMMENTS OF SENATOR ZELL MILLER

    Senator Miller. Thank you for holding this hearing. It is 
very timely, Mr. Chairman, and I thank our witnesses for being 
here, and I have no opening statement.
    Chairman Shelby. Thank you.
    On our first panel today we have Mr. Howard Beales, 
Director of the Consumer Protection Bureau, Federal Trade 
Commission; and Mr. Timothy Caddigan, Special Agent in Charge, 
Criminal Investigative Division, U.S. Secret Service.
    Gentlemen, we welcome you both here. Your written 
statements will be made part of the record in their entirety. 
Mr. Beales, we will call on your first. Proceed as you wish.

               STATEMENT OF J. HOWARD BEALES, III

            DIRECTOR, BUREAU OF CONSUMER PROTECTION

                 U.S. FEDERAL TRADE COMMISSION

    Mr. Beales. Thank you, Mr. Chairman and Members of the 
Committee. My name is Howard Beales, and I am the Director of 
the Bureau of Consumer Protection at the Federal Trade 
Commission. I am pleased to have this opportunity to discuss 
identity theft and its relationship to the Fair Credit 
Reporting Act. The views expressed in the written statement 
represent the views of the Commission, but my oral presentation 
and responses to questions are my own and do not necessarily 
reflect the views of the Commission or any individual 
Commissioner.
    Identity theft can be devastating to consumers' 
reputations, to their financial well-being, and to their sense 
of security. At the FTC, we are fighting identity theft on many 
fronts. We are training local law enforces on how they can 
fight identity theft, and we are providing local law enforcers 
with case referrals from our Identity Theft Data Clearinghouse. 
We are also working to keep consumers' financial data safe 
through our new safeguards rule, which took 
effect at the end of May, and our enforcement actions against 
companies that fail to keep their security promises to 
consumers.
    Just yesterday, we announced a settlement with online 
retailer Guess.com for failing to protect consumer data as 
promised. We also released a tip sheet for businesses on steps 
they should take to assure the security of their online 
systems.
    Through workshops, educational campaigns, and our identity 
theft hotline, we are counseling consumers and businesses on 
how to prevent identity theft. We are also providing consumers 
with tools such as the uniform identity fraud affidavit to help 
them recover more quickly and easily from identity theft when 
it occurs.
    Today, you have asked for testimony about identity theft 
and 
the Fair Credit Reporting Act. In addition to harming 
consumers, identity theft also threatens the fair and efficient 
functioning of consumer credit markets. It undermines the 
accuracy and the credibility of the information flows that 
support those markets.
    Credit bureaus are simultaneously a target for identity 
thieves and a valuable resource for combatting identity theft. 
The credit reporting system can play an important role in 
helping to detect identity theft, in limiting the damage from 
identity theft when it occurs, and in helping identity theft 
victims clean up the mess that the thieves leave behind.
    The Fair Credit Reporting Act helps consumers detect 
identity theft by providing consumers access to credit reports 
when they need them most. A credit report digests in one timely 
document all accounts opened in a consumer's name, and it is 
the best way to discover those accounts that may have been 
opened by an impostor.
    Under the FCRA, a consumer who believes that he may have 
fraudulent information in his or her file is entitled to a free 
credit report. Moreover, the Fair Credit Reporting Act requires 
that a consumer who is denied credit based on his credit report 
be notified of the adverse action and given the opportunity for 
a free copy of his credit report. This adverse action notice 
can alert consumers that they may have bad marks on their 
credit record that they do not know about, and the free credit 
report helps them to pinpoint the fraudulent accounts. Adverse 
action notices provide consumers with a critical safeguard, and 
we are vigorously enforcing the statute's adverse action 
provisions.
    In addition to helping victims detect identity theft, the 
credit 
reporting system helps limit the damage that identity thieves 
can cause. It allows for the placement of a security alert in a 
victim's credit file. Currently, the three major credit bureaus 
include a standardized format security alert in the credit 
reports of identity theft victims. This alert puts potential 
creditors on notice that they should proceed with caution when 
granting credit in the victim's name.
    Finally, the credit reporting system can help identity 
theft victims clean up the bad marks caused by an identity 
thief. A common problem of victims is that they find it 
difficult to get credit, insurance, or employment in the wake 
of an identity theft incident because the impostor has damaged 
their credit history. The Big Three credit bureaus now allow 
victims to block fraudulent information on their credit report 
with a valid police report of the identity theft incident.
    We are also working with the three credit bureaus to 
develop other victim assistance programs. For example, this 
spring, the Big Three credit bureaus implemented their joint 
fraud alert initiative whereby victims need only make a call to 
one credit bureau to get a security alert and a free credit 
report from all three. There is always more we can do, and we 
are always looking for new opportunities and new ways that we 
can make recovery easier for victims when this crime occurs.
    I thank you very much for the opportunity to appear today, 
and I will be happy to respond to your questions.
    Chairman Shelby. Thank you, Mr. Beales.
    Mr. Caddigan.

                 STATEMENT OF TIMOTHY CADDIGAN
                    SPECIAL AGENT IN CHARGE
                CRIMINAL INVESTIGATIVE DIVISION
                      U.S. SECRET SERVICE

    Mr. Caddigan. Thank you, Mr. Chairman and Senator Sarbanes. 
Thank you for inviting me to be part of this hearing today, and 
the opportunity to address the Committee regarding the Secret 
Service's efforts to combat identity crime and protect our 
Nation's financial infrastructure.
    For over two decades, the Secret Service has been the 
leading Federal law enforcement agency for the investigation of 
access device fraud, including credit and debit card fraud. We 
also continue to share jurisdiction with other law enforcement 
agencies in identity crime cases. The explosive growth of these 
crimes has resulted in the evolution of the Secret Service into 
an agency that is recognized worldwide for its expertise in the 
investigation of all types of financial crimes. Our efforts to 
detect, investigate, and prevent financial crimes are 
aggressive, innovative, and comprehensive.
    The burgeoning use of the Internet and advanced technology, 
coupled with increased investment and expansion, has 
intensified competition within the financial sector. Although 
this provides benefit to the consumer through readily available 
credit and consumer-oriented financial services, it also 
creates a target-rich environment for today's sophisticated 
criminals, many of whom are organized and operate across 
international borders.
    Simply stated, identity crime is the theft or misuse of an 
individual's personal or financial identifiers in order to gain 
something of value or to facilitate other criminal activity. 
Types of identity crime include identity theft, credit card 
fraud, bank fraud, check fraud, false identification fraud, and 
passport /visa fraud. Identity crimes are almost always 
associated with other crimes such as narcotics and weapons 
trafficking, organized crime activity, mail theft and fraud, 
money laundering, immigration fraud, and terrorism.
    Identity crime is not targeted at any particular 
demographic; instead, it affects all types of Americans, 
regardless of age, gender, nationality, or race. Victims 
include everyone from restaurant workers, telephone repair 
technicians, and even police officers, to corporate and 
Government executives, celebrities, and high-ranking military 
officers.
    What victims do have in common is the difficult, time-
consuming, and potentially expensive task of repairing the 
damage that has been done to their credit, their savings, and 
their reputation. According to the General Accounting Office, 
GAO, the average victim spends over 175 hours attempting to 
repair the damage inflicted by identity criminals.
    Identity crimes originate when another person obtains your 
personal or financial identifiers. The methods of acquiring 
such information can range from so-called ``dumpster diving,'' 
where the criminal searches through your garbage for billing 
statements or other documents that may include personal 
identifiers, to insiders who purge information from their own 
company's database and place it for sale on the Internet.
    The events of September 11 have altered the priorities and 
actions of law enforcement throughout the world, including the 
Secret Service. As part of the new Department of Homeland 
Security, the Secret Service will continue to be involved in 
collaborative efforts to analyze the potential for identity 
crime to be used in conjunction with terrorist activities 
through our liaison efforts with the Bureau of Immigration and 
Customs Enforcement, Operation Direct Action, FinCEN, the 
Diplomatic Security Service, and the Terrorist Financing 
Operations Section of the FBI.
    Since our inception in 1865, the twin pillars of the Secret 
Service have been prevention and partnership building. We 
simply could not fulfill our dual mission of protecting our 
Nation's elected leaders and safeguarding our financial 
infrastructure without two essential elements: Incorporating 
preventive strategies and training, and building cooperative, 
trusted relationships with our local, State, and Federal law 
enforcement partners.
    A central component of the Secret Service's preventive and 
investigative efforts has been to increase the awareness of 
issues related to financial crimes investigations in general, 
and of identity crimes specifically, both in the law 
enforcement community and the general public. The Secret 
Service has worked to educate consumers and provide training 
and resources to law enforcement personnel through a variety of 
partnerships and initiatives.
    The Secret Service has already undertaken a number of 
unique initiatives aimed at increasing awareness and providing 
the training necessary to combat identity crime and to assist 
victims in rectifying damage done to their credit. This 
includes the development of a number of training tools designed 
to assist our local law enforcement partners.
    Mr. Chairman, I cannot emphasize enough the importance of 
sharing our expertise with our local and State police partners 
and empowering them with the ability to respond on the local 
level to identity crimes. In a Nation of thousands and 
thousands of communities and a population exceeding 280 
million, providing the first responder--in this case, the local 
police officer--with the tools and resources they need to 
investigate an identity crime and provide victim assistance is 
imperative.
    So, in partnership with the International Association of 
Chiefs of Police, the Secret Service produces the ``Best 
Practices Guide to Searching and Seizing Electronic Evidence.'' 
The pocket-size guide instructs law enforcement officers in the 
seizure of evidence from personal computers, wireless 
telephones, to digital cameras.
    We have also worked with this group and our private sector 
partners to produce the interactive, computer-based program 
known as ``Forward Edge,'' which takes the next step in 
training officers to conduct electronic crimes investigations. 
The ``Forward Edge'' CD-ROM incorporates virtual reality 
features as it presents different investigative scenarios to 
the trainee as well as provide investigative options and 
technical support to develop the case. Thus far, we have 
distributed, free of charge, over 300,000 ``Best Practices 
Guides'' and over 20,000 ``Forward Edge'' CD's to local and 
Federal law enforcement.
    In addition, we are nearing the completion of the Identity 
Crime Video and CD-ROM which will contain over 50 investigative 
and victim assistance resources that local and State law 
enforcement 
officers can use when combatting identity crime. This CD-ROM 
also contains a short identity crime video that can be shown to 
police officers at their roll call meetings, which discusses 
why identity crime is important, what other departments are 
doing to combat identity crime, and what tools and resources 
are available to those officers.
    Next week, we will be sending an Identity Crime CD-ROM to 
every law enforcement agency in the United States. Departments 
can make as many copies as they wish and distribute the 
resources to their officers to use in investigations. Over 
25,000 CD-ROM's are being prepared for distribution.
    In short, any police department in the country, regardless 
of size or resources, now has access to state-of-the-art 
training as well as multiple investigative and victim 
assistance resources to help them combat identity crime.
    As part of a joint effort with the Department of Justice, 
the U.S. Postal Inspection Service, and the Federal Trade 
Commission, as well as the International Association of Chiefs 
of Police, we have been hosting Identity Crime Training 
Seminars for law enforcement officers. In the last year and a 
half, we have held such training seminars in Chicago, Dallas, 
Las Vegas, Des Moines, Iowa, and Washington, DC. In the coming 
months, we have training seminars scheduled in New York, the 
State of Washington, and Texas. These training seminars are 
focused on providing local and State law enforcement officers 
with the tools and resources that they can immediately put into 
use in their investigations of identity crime.
    For law enforcement to properly prevent and combat identity 
crime, steps must be taken to ensure that local, State, and 
Federal agencies are addressing victim concerns in addition to 
actively investigating identity crime. All levels of law 
enforcement should have access to the resources used to combat 
identity crime and to assist victims in rectifying the damage 
inflicted. It is essential that law enforcement recognize that 
identity crimes must be combatted on all fronts, from the 
officer who receives a victim's complaint, to the detective or 
the Special Agent investigating an organized identity crime 
ring.
    The U.S. Secret Service is prepared to assist this 
Committee in protecting and assisting the people of the United 
States, with respect to the prevention, identification, and 
prosecution of identity criminals.
    Mr. Chairman, that concludes my prepared remarks, and I 
will be happy to answer any questions that you or the Members 
of the Committee may have.
    Chairman Shelby. Thank you very much.
    Mr. Beales, one of the outstanding issues in this debate is 
determining the actual scope of the identity theft problem. In 
a report issued last year, the GAO indicated that, ``It is 
difficult to fully or accurately quantify the prevalence of 
identity theft. Nevertheless, the prevalence and cost of 
identity theft seems to be increasing, 
according to the data we reviewed and the many officials of the 
public and private sector entities we contacted.'' Do you agree 
with that sentiment? Is that an understatement?
    Mr. Beales. I think there is no question it is a serious 
problem. I think there is also no question that we do not have 
a good fix right now on exactly how big a problem it is.
    We have been conducting a survey in a random sample of 
people to try to find out how many victims there really are. We 
are in the process of analyzing that data now and expect to be 
able to release it at some point next month. And then we should 
have, I think for the first time, a good, solid estimate of 
what really is the incidence of identity theft.
    Chairman Shelby. Are you working, in that regard, with the 
FBI, the Secret Service, and local people to get all that 
information?
    Mr. Beales. On the survey, no. This was a consumer survey 
to figure out how many people have been victims. It is akin to 
the victim surveys that are sometimes done in other criminal 
areas. And that is what we are doing here.
    Chairman Shelby. What is the total number of staffers that 
you have involved at the Federal Trade Commission in this 
effort? And if identity theft is getting worse, as we all seem 
to believe, are you dedicating more and more staff resources to 
this area? Or are you standing pat or what?
    Mr. Beales. We have a somewhat unusual role in identity 
theft because we do not have a direct enforcement role because 
it is a criminal problem and we are not a criminal agency.
    Where we have substantially increased resources is in 
handling the calls. As the call volume has grown, then the 
resources that we have to devote to it have grown 
correspondingly. And we have really made a significant increase 
in the resources that we have devoted to security enforcement 
to try to protect data that businesses keep that could become 
the source of identity theft. So it is a law enforcement effort 
that is really focused on preventing access to the kinds of 
data that identity thieves need.
    Chairman Shelby. That is your role at the FTC?
    Mr. Beales. Yes, sir.
    Chairman Shelby. Mr. Caddigan, or Special Agent Caddigan, 
excuse me, what is your view as to the level of sophistication 
of identity thieves and identity theft practices? In other 
words, is there any indication that the thieves are becoming 
more organized? I know a lot of them are very sophisticated.
    Mr. Caddigan. Yes, sir, they have. I think a simple analogy 
would be: I do not need to go to the business to rob it 
anymore, I do not need to be in the same town, I do not need to 
be in the same State, and, quite frankly, I do not need to be 
in the same country.
    So when you look at it, that the access to the information 
that makes up the predicate offenses of identity crime can be 
obtained globally, they move globally----
    Chairman Shelby. They can rob without a gun.
    Mr. Caddigan. That is correct, sir. And the anonymity that 
the access to the Internet provides makes the enforcement 
effort that much more difficult.
    We do see an increase in organized groups, for example, 
gang-related. We do see typical street crimes that would have 
been committed by groups that are now using a computer or the 
Internet or access to the Internet to get the same kind of 
profit return.
    Chairman Shelby. Are the identity thieves generally 
sophisticated enough to determine weaknesses in the system, in 
other words, do the thieves evolve?
    Mr. Caddigan. They do evolve, sir. We find that the 
organized hacking groups that hack systems, whether it be 
business, public, or private, they hack for the thrill of the 
hacking. It is a personal challenge. But the rewards are the 
database files that they can get out of a business or an 
enterprise that are readily sellable on the Internet market.
    Chairman Shelby. Kind of high value to the thieves.
    Mr. Caddigan. Yes, sir.
    Chairman Shelby. Help us understand what an identity thief 
could do, for example, if he or she obtained, a name, a Social 
Security number, and a mother's maiden name; the full contents 
of a credit report. I know you can speak to all of it.
    Mr. Caddigan. With that information, you can pretty much 
have--well, assuming a good name that you have collected----
    Chairman Shelby. You can ruin somebody, can't you?
    Mr. Caddigan. You can definitely ruin somebody, and there 
are many case examples of where that has occurred.
    Chairman Shelby. How do thieves routinely go about 
obtaining these pieces of information? I know that they do not 
all go to the dumpster.
    Mr. Caddigan. They all do not. That would be, obviously, 
the low-tech aspect.
    Chairman Shelby. But some do.
    Mr. Caddigan. The low-tech aspect are just thieves, and 
thieves steal mail and information and anything they can get 
their hands on. The higher-tech, then we get into the hacking 
groups that work internationally, and there is a trade in the 
product. The end user typically would buy--it is very simple to 
buy that information over the Internet.
    Chairman Shelby. Are the older people in America, people 
like me, 39 and older, are they generally a lot of the victims?
    Mr. Caddigan. You know, I do not know that we find that to 
be the case. I think the demographics----
    Chairman Shelby. Cuts across everything?
    Mr. Caddigan. Cuts across the whole spectrum.
    Chairman Shelby. With what you know about criminal 
activity, do you have any ideas that you can share today about 
the steps that all of us as consumers can take to protect 
ourselves? And, also, how can the industry protect itself ? 
Because, you know, we are 
interested in both.
    Mr. Caddigan. There is a tremendous need to identify you as 
a consumer to a business, and that is readily recognized. So 
that information is necessary to affect trade.
    Where you can safeguard yourself is simple things at home. 
If you receive the preapproved credit applications in the mail, 
do not just throw them in the trash. Shred them. Your bank 
statements, shred them. That sounds a little drastic, but, 
again, the dumpster diving does occur. It not only occurs at 
your curb; but also it occurs at the facilities that trash 
companies use and the dumps that they go to. So the more you 
can safeguard the information at your level, the better.
    The other thing, be very wary of anyone that might call or 
reach out to you, Internet, telephone, e-mail, or otherwise, 
asking for your identifiers. If you have not solicited that 
information or that service, you should not be giving anyone 
anything.
    Also, be very wary of companies that use spam. We have many 
examples on the Internet to where an Internet provider has been 
victimized because someone has accessed their system, provided 
a questionnaire under the head of that Internet provider, and 
people readily give it thinking it is valid.
    So there are a lot of good anecdotal data that the less you 
give out, the better protected you are.
    Chairman Shelby. Thank you.
    Senator Corzine.
    Senator Corzine. Thank you, Mr. Chairman.
    I think the scope of questions that you raised are highly 
valuable so that we understand the nature of the problem. But 
when we are speaking about understanding it, one of the 
disciplines of financial markets is the information that people 
have about their own information that is involved in the 
system. That gets at a question that I think was asked to Mr. 
Beales in the House Financial Services Subcommittee. Do 
financial institutions have any requirement to notify a 
consumer if there is a security breach? Is that a weakness or a 
strength of our system?
    Mr. Beales. There is not at the present time, as far as I 
know, a requirement to notify consumers if the information has 
been breached. We think in many circumstances that notice to 
consumers clearly makes sense.
    There may be some circumstances where you are fairly sure 
about how the information was lost, where there is not much of 
a risk and not much benefit to notifying the consumer. But we 
think in most cases certainly the best practice is to notify 
consumers when the information has been compromised in a way 
that puts them at risk.
    Senator Corzine. It is hard for me to imagine circumstances 
where personal information is breached without authorization 
that it would be a positive. Maybe it is a neutral, but I 
certainly can imagine situations where breaching poses a risk 
and certainly limits the individual's ability to clean up their 
credit history.
    Is there a voluntary program on the part of the credit 
reporting agencies or credit-monitoring agencies, the Big 
Three, or any of the financial institutions? Has there been a 
survey taken about how much notification of consumers is 
actually taking place with regard to breaches?
    Mr. Beales. We know of notification in a number of 
incidents. We do not know systematically as to how frequently 
that happens or what fraction of all incidents it occurs. It 
clearly happens in many cases, but we do not know what 
fraction.
    Senator Corzine. And do you have any sense of the 
proportion or the awareness or how quickly even in those 
instances where 
institutions do notify, how quickly individuals know that so 
that damage is not done? This is, by the way, costly both to 
the industry and to the individual, I presume, if someone has 
stolen an identity. Is there any sense or timing with respect 
to how people become aware? Since there is no requirement, I 
guess there is no deadline on that process.
    Mr. Beales. No, and there is no systematic monitoring of 
how long it takes. I think the big question is how long does it 
take to discover the breach. In many cases, that is maybe the 
main determinant of how much consumers are at risk is how much 
time went by before the breach was discovered at all.
    I think one thing that is really important in those 
circumstances is for the financial institution or whoever it 
was that was the source of the information to make contact with 
the credit bureau, because that is in many ways the promptest 
way to get the information into the right places, to give it 
directly to the credit bureau that these accounts may have been 
compromised.
    Senator Corzine. So the primacy of the credit bureau to the 
individual?
    Mr. Beales. What the individual has to do in order to 
reduce the risk is to call the credit bureau, and by making 
contact with the credit bureau in the first place, A, the 
credit bureau knows that they are going to get a lot of calls 
and what is going on and can be ready to handle that volume 
without being disrupted; and, B, in some circumstances, the 
fraud alert can be placed quicker and the risk reduced quicker 
rather than waiting for a letter to go to the consumer and the 
consumer to respond to the letter and place the fraud alert.
    Senator Corzine. They could do that simultaneously, I 
presume, both the individual and the credit bureau.
    Mr. Beales. Sure. There is no reason for contacting a 
credit bureau to delay a notice to the individual, but it is an 
important part of the process.
    Senator Corzine. Access to credit reports--and I apologize 
for running over here--conceptually, do you believe that this 
is an important element in being able to have an individual 
maintain certainty about their credit status and ability to 
manage their credit profile in this complex but important and 
well-functioning system in many ways?
    Mr. Beales. I think it is a critical part of the system, 
and the way the system functions now with notice when there is 
an adverse decision based on a credit report or when there is 
fraud, in either of those circumstances the consumer is 
entitled to a free credit report that will let them identify 
the problems and start the process of correcting them. And I 
think that is a crucial component for maintaining the accuracy 
of the data that is in credit reports.
    Senator Corzine. Thank you.
    Chairman Shelby. Senator Dole.
    Senator Dole. Mr. Beales, I would like to ask you about the 
affiliate-sharing preemption in the Act. In efforts to prevent 
identity theft and to detect it, is this preemption helpful or 
does it harm efforts?
    Mr. Beales. I think information sharing is really a key in 
the fight against identity theft. I think it is important for 
the creditor to know more about the real you than the thief 
knows, and that way the creditor can ask you a question that 
only the real you can answer and the thief cannot answer.
    Some of that information comes from affiliates, and some of 
it may come from databases from outsiders, and some of it may 
come from credit reporting agencies.
    All of those sources are important to the overall sharing 
of information that makes it possible to detect that the 
identity thief is, in fact, a thief.
    Senator Dole. Let me just ask you the same question about 
the prescreening preemption.
    Mr. Caddigan. I think information----
    Senator Dole. How do you see--go ahead.
    Mr. Caddigan. I would concur with Mr. Beales. Anytime there 
is information sharing that you can more quickly identify fraud 
or the potential for fraud, the easier it is to eliminate the 
problem as an individual. And I think as a total problem, the 
education and information sharing is critical from the 
enforcement perspective.
    Senator Dole. What about the prescreening preemption?
    Mr. Beales. We do not think that, based on the data we have 
seen, there are clearly instances where prescreening may lead 
to identity theft in that particular case. In the data we have 
seen, though, the overall losses to identity theft seem to be 
lower on prescreened accounts than they are on just general 
applications for credit. So, we do not think that prescreening 
in any systematic way contributes to identity theft or 
contributes to the problem.
    Senator Dole. And with regard to the widely reported cases 
of credit reports being stolen, I would like to ask both of 
you: Do you think the problem is primarily due to a lack of 
security in the system? Or is it just a cost of doing business, 
a fact of business in this technological age? Which would you 
say is primarily responsible?
    Mr. Caddigan. I think on the user end of the consumer 
information. If you talk about the credit bureaus, speaking 
again from the enforcement perspective, we have very sound 
relationships with them, and we have worked extensively over 
the years. They take great measures in safeguarding their 
information. So when a person is violated, it is usually at the 
user end, and that is part of the education process that I 
think not only law enforcement does, but also I know the FTC 
does with businesses, is to teach them better safeguards with 
regard to their IT systems that control access to these credit 
reports.
    There are many examples of someone who legitimately has 
access to report files who, for whatever reason, left his 
computer on when he walked away or granted access to others not 
knowing that they then could have access. So there are 
safeguards that are evolving, but we still find instances where 
they are not safeguarded.
    Senator Dole. Mr. Beales.
    Mr. Beales. Our safeguards rule that went into effect at 
the end of May really views security as a process. It asks 
companies to identify the risks they face and then look for the 
steps that they can take to reduce those particular risks.
    I think one thing that is clear about security, though, is 
that the threats evolve, and that as you put in place a 
mechanism to deal with the last problem, identity thieves and 
other thieves will try to find ways around that. So businesses 
need to be constantly alert to adjust the precautions that they 
take in order to deal with new and emerging threats and adjust 
their plans accordingly.
    When we see a breach, and particularly if it is a credit 
bureau, it is something we are very interested in as to whether 
there may have been a law violation in that particular case or 
a violation of our rule. We work with other law enforcement 
authorities and determine, you know, who can best take 
appropriate action in any particular case.
    Senator Dole. Agent Caddigan, could you just give us an 
idea of the percentage of identity theft cases that are 
perpetrated from outside the country over the Internet?
    Mr. Caddigan. I don't know that I can give an accurate 
percentage. I can say that we see more and more case examples 
of where we have traced the origin of the crime to overseas 
sources, all four corners. I cannot pick a country or a sector. 
But we do see a tremendous rise in Internet hacking activity 
that leads us overseas.
    Senator Dole. Thank you. I believe that my time has 
expired, Mr. Chairman.
    Chairman Shelby. Senator Sarbanes.
    Senator Sarbanes. Gentlemen, we are pleased to have you 
here. I really want to get beyond where we are, telling about 
the problem and how it is expanding and all that, and find out 
what we can do about it. It seems to me the burden is on the 
two of you and your respective agencies to give us a list of 
things. I am going to ask you for that in a moment, but I want 
to run through some questions with you first.
    Do you think a consumer getting their credit report is 
helpful in checking identity theft? Is that a helpful, 
preventive technique?
    Mr. Caddigan. Yes, sir, I do.
    Senator Sarbanes. Some States now require that the consumer 
get a free report, right?
    Mr. Caddigan. Yes, sir.
    Senator Sarbanes. What would be the problem if the Federal 
law required everyone would be able to get a free report if 
they requested it?
    Mr. Caddigan. From an enforcement perspective, I do not see 
a problem.
    Senator Sarbanes. Wouldn't that be a pretty common-sense 
thing to do?
    Mr. Caddigan. Correct.
    Senator Sarbanes. Now it puts a little extra burden on the 
agencies, but it seems to me if we are going to be serious 
about doing something like this, that is a common-sense thing 
to do. Georgia actually, I think, is the one State that 
requires that you can get two free reports in a year. In a 
number of other States, including my own, you can get one every 
year. But we have left it to the States to do it. They want 
preemption from State law on the Federal credit reporting which 
we are now considering. We need some standards if we are going 
to preempt from the Federal level. It seems to me an obvious 
standard, just as a starter, would be a free credit report. Do 
you disagree with that?
    Mr. Caddigan. I do not, no, sir.
    Senator Sarbanes. Mr. Beales.
    Mr. Beales. The Commission has not taken a position on free 
credit reports.
    Senator Sarbanes. Why not?
    Mr. Beales. The staff is continuing to analyze that and a 
variety of other suggestions that----
    Senator Sarbanes. We are going to push the staff hard to 
get some suggestions up here.
    Now, let me ask another question----
    Chairman Shelby. Senator Sarbanes, our staff will not need 
to be pushed.
    Senator Sarbanes. No, not our staff. Their staff.
    Chairman Shelby. That is what I meant.
    [Laughter.]
    Our staff will be helping us with the legislation.
    Senator Sarbanes. All right. Now some have suggested that 
the practice of mailing out preapproved credit card 
solicitations may increase the incidence of identity theft, and 
also sending out these unsolicited credit card convenience 
checks. Does that increase the risk of identity theft?
    Mr. Caddigan. I think over the years we have seen a change 
in those type of mailings, where it used to be basically an 
application was sent to you completed, you signed it and sent 
it back. So the mail theft or the dumpster diving or that type 
of activity made vulnerable to identity theft.
    The later documents that we see, name and address, and the 
focal point would be if you signed it and sent it back and 
changed your address, that is an automatic decline. The product 
itself, if handled appropriately at both ends, does not lead to 
potential identity crime. I think the misuse of it or the 
mishandling of it has potential for identity crime.
    Senator Sarbanes. We are going to have to look at that 
because we are sympathetic to expanding commerce and so forth 
and so on, but it may be at some point this expansion opens up 
vulnerabilities. And then you have to trade off the question between 
curtailing the vulnerabilities and perhaps losing some 
expansion of commerce.
    Now, I know that is going to raise a problem to those who 
send out these preapproved credit card solicitations or these 
unsolicited credit card convenience checks. But we need to look 
at that and see how much it is contributing to the problem, 
whether this is something that can be checked.
    There is a notion here that any technique can be used to 
kind of draw the consumer in, and then if they become a victim 
of identity theft, it is kind of, well, it is too bad for the 
consumer and maybe some way we will catch up with it or somehow 
or other and things will get corrected. But we may need to take 
steps up front to reduce the exposure to the identity theft 
happening.
    Now let me ask you this question. A May 2003 survey 
conducted by the Harris Interactive Service Bureau of employees 
and managers with access to sensitive customer information--
this raises a problem that I think is very difficult to deal 
with--shows that 66 percent say their coworkers, not hackers, 
pose the greatest risk to consumer privacy. The Washington Post 
had an article, ``Identity Theft More Often an Inside Job,'' 
and they are raising the question that it comes from insiders. 
What is your view of that?
    Mr. Caddigan. I would agree wholeheartedly. The insider is 
the greatest threat to business today. One of the things that 
the Secret Service has undertaken over the last year, year and 
a half, is an insider threat study. We have gone to businesses, 
we have gone to financial institutions, we have gone to victims 
of that type activity in order to determine whether we can 
develop indicators to try to prevent that.
    At the same time, we are working with those private sector 
enterprises and helping them design safeguards to their system 
that can better secure against the insider threat. So, I would 
agree wholeheartedly that that is a major problem in business 
today, the safeguard of that personal information from business 
to business, and there are no standards.
    Senator Sarbanes. Do you have proposals or suggestions that 
you make to businesses of measures they could take to guard 
against this. Is that right?
    Mr. Caddigan. That is correct.
    Senator Sarbanes. And you seek their cooperation to do that 
on a voluntary basis.
    Mr. Caddigan. That is correct.
    Senator Sarbanes. Is that right?
    Mr. Caddigan. Yes, sir.
    Senator Sarbanes. If the measures have been carefully 
vetted and thought through, and if it is the judgment of law 
enforcement and other objective people that these measures 
would be effective, should not thought be given to requiring 
that these measures be taken?
    Mr. Beales. Senator, if the business is a financial 
institution, under Gramm-Leach-Bliley there is a requirement 
that they take security steps, either under FTC rules or under 
the corre-
sponding----
    Senator Sarbanes. Do you have rules that would implement 
what Mr. Caddigan just told me he is trying to get them to do 
voluntarily on this issue?
    Mr. Beales. Our rule requires a process rather than 
specific approaches. The rule requires businesses to identify 
the risks they face and take appropriate steps to reduce those 
risks. The risks are different for different companies and in 
different circumstances.
    Senator Sarbanes. We have to get at this problem.
    Mr. Beales. I agree completely.
    Senator Sarbanes. We have to get at this problem. We cannot 
continue to pussyfoot around with it. And there is an 
opportunity here, as we shape this legislation, I think at 
least, to do something about this identity theft--this is 
ruining the lives of a fair number of people across the 
country. And it is a matter of growing concern in the public's 
mind.
    You are on the battlefront. We need to hear from you. Let's 
go beyond the great divide and hear from you about things that 
you think should be done, requirements that we can put into the 
law. Otherwise, one of the pressures that will come up from the 
State level and the consumers not to extend this legislation 
and the preemption will be the argument that this issue is not 
being 
addressed, and if you would just let us get at it, we will take 
measures to deal with this.
    Now if you want the national system--and there are economic 
arguments for it that I recognize, then you have to give some 
thought to some national standards that bring this problem 
under control. And we need from you a list of possibilities. 
Maybe it is in your dream world, you never thought it would be 
possible. All of a sudden here you are, you have some Senators 
asking you to give us the list.
    So, Mr. Chairman, I hope they will go away from here today 
and come back to us with some detailed suggestions in this 
regard.
    Chairman Shelby. Senator Sarbanes, I think you are 
absolutely right. But I think rather than possible, I think it 
is probable.
    Senator Sarbanes. Yes.
    Chairman Shelby. Senator Miller, I am going to recognize 
you. We would be interested in what Georgia does.
    Senator Miller. Senator Sarbanes has already stated it, and 
we have had that for some time.
    I think I am asking the same question Senator Sarbanes was 
getting at, but I would phrase it this way. This is to Mr. 
Beales. Do you think any new legislation is needed on identity 
theft, or can it be handled with the current rules and 
regulations?
    Mr. Beales. The one piece of legislation that the 
Commission has taken a position on is the penalty enhancements. 
I think that would be appropriate and useful in attacking this 
problem.
    We are looking, as I said, at a variety of possible 
proposals, and we will come back at some point with a list of 
possibilities that we think are good. But we are not ready to 
do that yet.
    Senator Miller. You are going to have to get in a hurry to 
get in front of this Committee. You realize that, don't you?
    Mr. Beales. Yes, sir.
    [Laughter.]
    We actually left people behind to work on it, sir.
    Senator Miller. That is all I have.
    Chairman Shelby. Senator Sarbanes.
    Senator Sarbanes. I just want to make one comment about the 
penalty enhancement. The Commission has to get moving. The 
penalty enhancement is important but it is not enough, and I 
know there is--but I am reminded of John Coffee's statement 
when we were working on the securities issues, he is a 
Professor of Securities Law at Columbia University School of 
Law. And they asked him, ``What about all these penalty 
enhancements that the Congress is doing?'' He said, ``Well, 
they are fine, but they need to do other things, preventive 
things in terms of the system that prevent it from happening in 
the first place.'' The penalty enhancement, the damage has been 
done. You are just coming along trying to punish the person and 
create a deterrent, and there is a certain effect from that, 
obviously. I do not deny, although Coffee told the story, that 
in 18th Century London the penalty for pickpocketing was 
hanging. That was the penalty. And, of course, the hangings 
were public in the public square, and huge crowds would 
assemble to see the hanging.
    They caught this pickpocket, they tried him, they convicted 
him, and they sentenced him to hanging. So the day of the 
hanging, thousands of people gathered to see the hanging of the 
pickpocket. And working the crowd of thousands of people were 
hundreds of pickpockets.
    Chairman Shelby. That is exactly right.
    [Laughter.]
    Senator Sarbanes. So, I want to prevent it from happening 
in the first place.
    Chairman Shelby. Senator Sarbanes, I think you are very 
much on track, you and, I believe, people on both sides of the 
aisle here.
    One or two of the main objects here in the renewal of this 
legislation or to make it permanent, one is preemption, second 
is affiliate sharing. I agree with Senator Sarbanes. I think we 
would be derelict in our duty if we did not address the 
consumer problems in this bill, especially today, how to 
prevent and tighten up on identity theft. And I believe this 
Committee has already sent a message on both sides of the aisle 
that we are going to do this.
    Mr. Beales, you mentioned the benefit of adverse action 
notices in making consumers aware of problems with their credit 
reports and possibly detecting identity theft. In light of the 
movement of our credit system to an automated risk-based 
pricing system, do consumers, all of us, still receive adverse 
action notices when there is negative information on their 
credit report? Or do they simply receive a counter-offer at a 
higher price of credit?
    Mr. Beales. In many instances, in the credit area, they 
receive a counter-offer at a higher price. Under the law, if 
the consumer accepts that counter-offer, there is no adverse 
action because the FCRA definition is coupled to the definition 
under the Equal Credit Opportunity Act. If the consumer rejects 
that counter-offer, then there is adverse action and the 
adverse action notice goes.
    Chairman Shelby. Okay. Do adverse action notices still 
effectively serve this purpose if creditors do not reject 
credit applicants but simply offer them credit at a higher 
rate? In other words, how would a consumer know to look at 
their credit report without the adverse action notice? They 
would not know, would they?
    Mr. Beales. They would not know that that was the source of 
the information that it was based on. I think that is right.
    Chairman Shelby. That is a flaw here, is it not?
    Mr. Beales. It is a concern.
    Chairman Shelby. Wait a minute. It is a concern. It is 
something that should be correct, isn't it?
    Mr. Beales. Well, the difficulty--the balance of the 
adverse action notices----
    Chairman Shelby. We will deal with the difficulties. Just 
say is it a concern, is it a concern, it is something that 
needs to be corrected?
    Mr. Beales. It is a problem, but like all problems, it has 
costs to fix it. And that is what the balance is.
    Chairman Shelby. We are not talking about that. We are 
talking about trying to prevent identity theft, trying to 
protect the consumer here. And you have been waffling here all 
morning.
    Mr. Beales. As I said, the Commission has not taken a 
position. I think that there is--adverse action notices have 
narrowed as we have moved to risk-based pricing. But, on the 
other hand, if you give notices too widely and in too many 
circumstances, then it no longer--I mean, it becomes something 
that people ignore. The adverse action notice, as it was 
originally envisioned, fit well in the set of circumstances 
where consumers needed to pay attention to the credit report 
and did not raise a lot of false alarms. I think how to 
preserve that balance of doing both jobs is definitely an issue 
and one that we are looking at.
    Chairman Shelby. Senator Sarbanes, do you have anything?
    Senator Sarbanes. I think Senator Bennett----
    Chairman Shelby. Senator Bennett, do you have any 
questions?
    Senator Sarbanes. I do not think he had a turn yet.
    Senator Bennett. Yes, my constituents come to see me, and 
important as you are, the voters in Utah who need to get their 
pictures taken sometimes have a higher sense of urgency.
    As I deal with this issue over time, I have a reaction that 
I would like to share with you. First, let me say, going back 
to that first hearing that we held in my Subcommittee some 
years ago, I am very heartened at the progress that has been 
made. We were basically in this room looking at each other 
throwing up our hands and saying, ``What can we do?'' And the 
hearing highlighted a whole 
series of problems and very, very few, if any, strategies with 
which to deal with the problem. So, I am heartened by the 
degree of involvement both of the Secret Service and the FTC. 
We have come a long way, and I think we should not lose sight 
of that fact.
    There seems to me to be a very interesting paradox here. 
The more information we can get in the hands of what I would 
call the good guys--that is, people who want the information 
for legitimate purposes, they want to improve their service to 
the customer, they want to be more efficient in offering 
products that the customer might use, and they use the 
information, therefore, for benign purposes--the better off we 
are.
    At the same time, the more information that we get in the 
hands of a wider number of people, by definition, the more 
vulnerable we are. And there is the paradox. We want affiliates 
sharing information, your response to Senator Dole. We want 
people at a wide range to have the information so they can 
check against each other when something seems to be going 
wrong. And at the same time, we do not want anybody to see 
this, for fear they might steal it.
    And that, I think, is the challenge that is facing the 
Congress, how to see to it that we take steps to prevent people 
from stealing information, but do it in a way that does not 
harm the beneficial effect of having this information in the 
hands of a fairly large number of good guys, people who will 
use it for benign purposes rather than evil purposes. Is that a 
fair characterization of the challenge we face here?
    Mr. Beales. I think it is. I think that is exactly the 
nature of the problem. I believe the challenge is to try to 
control access in a way that keeps information from getting to 
the bad guys but makes as much information as possible 
available to the good guys. There are inherent risks that 
remain of the information being there, but if you hide the 
information, then you can pretend to be anybody.
    Senator Bennett. So paradoxically, if I am understanding 
exactly what you are saying, you could make identity theft 
easier if you restricted too tightly the use of this 
information on the part of the good guys?
    Mr. Beales. Yes, sir, I think that is right. In fact, one 
claim that has been made to me in my discussions of this issue 
is that one of the reasons for identity theft is that now you 
have to make up a real person because the information sharing 
system means you cannot just make up a name and an address 
because that will not work. The information sharing system will 
let us tell that there is no such person. So the name and 
address has to be a real somebody in order to apply for credit 
under a false identity.
    Senator Bennett. In an attempted to block identity theft, 
it seems to me the privacy advocates and the users of 
information are really on the same side. That is, the people 
who use the information to make marketing decisions and credit 
decisions do not want the information to leak because that will 
destroy their opportunity to serve a customer whom they hope 
will become a repeat customer. And the privacy advocates also 
do not want the information to leak.
    I make that point because I feel, at least in the press, 
which loves to create controversy, the standard of the schools 
of journalism is you fight about it, we will write about it. 
And if you are not fighting, I have discovered since I got into 
politics, they will precipitate the fight and create 
antagonisms that they can write about even if those antagonisms 
do not exist.
    So in the press, there is an antagonism between the 
business community that says we need this information, and the 
privacy advocates who say no it is bad if you get that 
information. In fact, the real alliance should be the business 
committee and the privacy people together saying it is good for 
there to be a widespread background of information, as long as 
it is protected properly. Because if there is a leak, that 
reservoir of data becomes very helpful in reconstructing the 
real identity of the individual and fighting the evil effects 
of having that leak out there.
    Once again, is that a fair summary of what the real world 
is or am I reaching too hard for something?
    Mr. Beales. No, I think there should be some commonality on 
the identity theft issues of looking for sensible restrictions 
to prevent access by the wrong people. Identity theft is a 
problem that happens where information is used for ways that 
nobody ever contemplated, nobody ever intended, where in a 
great many instances the information is simply stolen and it is 
in everybody's interest to try to control that problem.
    Senator Bennett. Thank you, Mr. Chairman.
    Chairman Shelby. Senator Sarbanes, any questions?
    Senator Sarbanes. I do not, but I want to follow up on what 
Senator Bennett has said, the line he has just been pursuing, 
because I have some concern about it and I do it with reference 
to Mr. Caddigan's statement. You say, ``The burgeoning use of 
the Internet and advanced technology, coupled with increased 
investment and expansion, has intensified competition within 
the financial sector. With lower costs of information-
processing, legitimate companies have found it profitable to 
specialize in data mining, data warehousing, and information 
brokerage. Information collection has become a common by-
product of newly emerging e-commerce.''
    Only you go on to say, ``This has led to a new measure of 
growth within the direct marketing industry that promotes the 
buying and selling of personal information. In today's market, 
consumers routinely provide personal and financial identifiers 
to companies engaged in business on the Internet. They may not 
realize that the information they provide in credit card 
applications, loan applications, or with merchants they 
patronize are valuable commodities in this new age of 
information trading. Consumers may be even less aware of the 
illegitimate uses to which this information can be put. This 
wealth of available personal information creates a target-rich 
environment for today's sophisticated criminals, many of whom 
are organized and operate across international borders.''
    One of the questions, it seems to me, we have to face is 
whether this information gathering and warehousing and 
databanks that are created for marketing strategies are 
extending or enhancing the availability of information which 
opens it up even more to identity theft. That is a purpose that 
is probably beyond the consumers horizon of why he or she is 
providing the information in the first-place, and goes beyond 
the purpose they sought to achieve.
    I am with Senator Bennett up to a point. In other words, 
you are providing this information. You need checks on it and 
so forth, and you provide it in order to let us say get a 
credit card. And then you use the credit card. The question is 
whether that information is taken and merchandised for other 
purposes and whether the merchandising of it for other purposes 
creates a vulnerability which can then be exploited for 
identity theft. Whereas if it had been more limited, although 
you need the exchange of information within the limitation, but 
if it had been more limited, you would not have had the same 
exposure. Do you see the question I am asking?
    Mr. Caddigan. Yes, sir, I do and I agree wholeheartedly. I 
think the information, when it is used in a check and balance 
situation, actually does prevent fraud. The institutions that 
work in this arena can site example and statistics to that 
effect. I think once that information is passed on again, every 
time it is resent or reprovided, you increase the risk of 
identity theft greatly.
    So from a law-enforcement perspective, I concur exactly. 
The dividing line is the issue. Where should it be used and 
where is it marketed to where it becomes vulnerable, accessible 
to organized groups, and thus causes a problem.
    Senator Sarbanes. Thank you, Mr. Chairman.
    Chairman Shelby. Senator Dole, do you have other questions?
    Senator Dole. No.
    Senator Bennett. Mr. Chairman, can I follow up with just 
one quick question?
    Chairman Shelby. Yes, Senator Bennett.
    Senator Bennett. I will not prolong this. As I hear your 
answer, Mr. Caddigan, I just in my own mind, just to get it on 
the record, see a difference between selling the information to 
some outside group whose purposes you really do not understand 
or know anything about, and using the information within your 
own organization. We are back to Senator Dole's question about 
an affiliate sharing. Would you agree that there is a 
difference between sharing that information within the umbrella 
of say a large financial services organization, from one 
affiliate to the other? That that would be a lesser degree of 
vulnerability than say selling it to somebody whose business 
purposes you really do not understand?
    Mr. Caddigan. Yes, sir, I would agree with that.
    Chairman Shelby. Senator Sarbanes.
    Senator Sarbanes. Let me just continue here for a moment. 
It was noted here at one hearing that Citicorp has hundreds of 
affiliates, just to leave that point with you, hundreds, maybe 
thousands.
    Chairman Shelby. Several thousand.
    Senator Sarbanes. Was it several thousand affiliates of 
Citicorp?
    Chairman Shelby. Yes.
    Senator Sarbanes. Thank you.
    Chairman Shelby. Senator Miller.
    Senator Miller. No questions.
    Chairman Shelby. Thank you, gentlemen, for your appearance 
today. We appreciate you testifying.
    Senator Sarbanes. Mr. Beales, we are going to keep after 
the FTC here. I don't know. You keep telling us they have not 
decided, they have not decided. They have to start deciding 
pretty soon.
    Chairman Shelby. They are going to be behind the Committee.
    Senator Sarbanes. That is a sorry state of affairs.
    Chairman Shelby. Thank you.
    Our second panel will be composed of Michael D. Cunningham, 
Senior Vice President, Chase Cardmember Services; Captain John 
M. Harrison, U.S. Army Retired, consumer witness; Stuart K. 
Pratt, President and CEO, Consumer Data Industry Association; 
Linda Foley, Executive Director, Identity Theft Resource 
Center; William Hough, Vice President of Credit Services, The 
Neiman Marcus Group; and Michael W. Naylor, Director of 
Advocacy, AARP.
    We appreciate all of you appearing here today, if you will 
take your seats as soon as you can.
    In the meantime, I will announce again that your written 
statements, which will be made a part of the record in their 
entirety without objection, and these hearings are well 
attended, as you know, and very interesting. There are a lot of 
consequences, so you see the interest here.
    If you could sum up, just briefly, your top points because 
we have your written testimony, as I have just indicated, we 
would appreciate it in the interest of time.
    Mr. Cunningham, we will start with you.

               STATEMENT OF MICHAEL D. CUNNINGHAM
       SENIOR VICE PRESIDENT, CREDIT AND FRAUD OPERATIONS
                   CHASE CARDMEMBER SERVICES

    Mr. Cunningham. Thank you, Mr. Chairman, Members of the 
Committee. My name is Michael D. Cunningham and on behalf of 
J.P. Morgan Chase & Co., we greatly appreciate this opportunity 
to appear before the Committee and share our experience with 
the issue of identity theft. I ask that my written statement be 
placed in the record.
    Chairman Shelby. It has been.
    Mr. Cunningham. I serve as the Senior Vice President for 
Credit and Fraud Operations for Chase Cardmember Services. 
Protecting our customers from identity theft and fraud is a 
major priority for our company. We utilize both leading-edge 
technology and hands-on intervention by over 750 specially 
trained Chase employees. And we detect over 70 percent of all 
fraud before the customer even knows it has occurred, and we 
continue to improve on that number every year.
    While identity theft and what we call credit card fraud 
both constitute fraud, we would like to distinguish the two for 
policy purposes. We place identity theft into two basic 
categories: Fraudulent applications and account takeovers. 
Together these types of identity theft account for 4 percent of 
our total fraud cases.
    Fraudulent applications constitute 3 percent of our total 
fraud cases. This involves the unlawful acquisition and use of 
another person's identifying information to obtain credit, or 
the use of that information to create a fictitious identity to 
establish an account.
    This requires that the perpetrator possess a great deal of 
detailed information about a person and their credit history. 
This is why more than 40 percent of the identity theft cases 
that we see are committed by someone familiar to the victim, 
frequently a family member or someone in a position of intimacy 
or trust.
    Account takeovers constitute 1 percent of our total fraud 
cases. This occurs when someone unlawfully uses another 
persons's identifying information to take ownership of an 
existing account. This would typically occur by making an 
unauthorized change of address followed by a request for what 
we call a new product, such as a card, a check, or a PIN 
number.
    Non-identity theft fraud constitutes the other 96 percent 
of our total fraud cases. This type of fraud would include such 
events as lost or stolen cards, intercepted cards in the mail, 
or counterfeited cards.
    During the course of the debate on identity theft and 
fraud, critics have alleged that the process known as 
prescreening is somehow a major contributor to identity theft 
and other types of fraud. This is not the case. In fact, 
prescreening is a major underwriting tool that accomplishes 
just the opposite.
    Prescreened offers have a very low incidence of fraud, 
especially when compared with other forms of new account 
generation. At Chase, we have 17 million active accounts. 
During 2002, prescreened accounts subject to identity theft involved 
approximately 600 accounts. Total fraud cases of all types in 
2002 numbered about 75,000, which includes the 600 prescreening 
cases I just mentioned. Last year, prescreening resulted in 1.6 
million new accounts to us out of a total of 4 million new 
accounts, or about 40 percent of all of our new accounts.
    Why do prescreened cards result in less identity theft? 
Prescreened offers of credit come from a pool of consumers 
selected from credit bureau files that have already undergone a 
verification process. Prescreened credit card offers do not 
contain any personal information other than name and address, 
and contain none of the other personal information necessary to 
apply for credit. Identity thieves do not find prescreened 
offers of credit very useful because even if they intercept 
one, they have to submit a change of address, which under our 
system would trigger an alert and subsequent analysis.
    Finally, Mr. Chairman, we recognize that consumers may need 
help once they learn of the identity theft or fraud. Once a 
problem is identified, this sets in motion a series of consumer 
education and assistance as detailed in the two appendices in 
my written statement. And I also have with me a list of 
recommendations that we take great pride in. This is an 
identity theft kit that we mail to all consumers as well as 
customers that we determined are victims of identity theft.
    Also in the written statement is a list of recommendations 
to assist in combating identity theft and assisting victims.
    Thank you for considering our views on this issue, and I 
look forward to your questions.
    Chairman Shelby. Captain Harrison.

                 STATEMENT OF JOHN M. HARRISON

                  CAPTAIN, U.S. ARMY (RETIRED)

                    ROCKY HILL, CONNECTICUT

    Mr. Harrison. Thank you very much.
    Mr. Chairman, Ranking Member Sarbanes, and Members of the 
Committee, I appreciate this opportunity to appear before you 
this morning to talk about my experiences as an identity theft 
victim. My name is John Harrison. I am 42 years old, a retired 
U.S. Army Captain, and I have resided in Rocky Hill, 
Connecticut, since my retirement in December 1999. I was, until 
recently, employed as a corrugated salesperson in Connecticut.
    My introduction to the crime of identity theft began on 
November 5, 2001. That is the day I learned that someone had 
stolen my identity and had already used my name and Social 
Security number to open numerous accounts.
    I immediately began taking those steps recommended by the 
FTC. On December 12, 2001, Jerry Wayne Phillips was arrested in 
Burke County, North Carolina. He was indicted on Federal 
charges in Texas. He pled guilty to one count of identity 
theft, and is currently serving 41 months in a Federal prison 
in Minnesota.
    What I learned after that was that Jerry Wayne Phillips had 
gained control of my identity when Army officials at Fort 
Bragg, North Carolina, issued him an active duty military 
identity card in my name and Social Security number. That 
happened about a year-and-a-half after my retirement. With that 
identity, and at the time I had very good credit, he was able 
to open what I have discovered was $260,000 worth of accounts. 
There are 61 of them at this point that were opened in my name.
    They are accounts of all different types. There are 
personal and auto loans, regular credit accounts with credit 
card companies, and also stores, checking and savings accounts, 
and utility accounts. He bought two trucks through Ford Credit 
for $85,000. He bought a motorcycle from Harley-Davidson for 
$25,000. He rented a house in Virginia and bought a time-share 
in Hilton Head, South Carolina.
    It has been 20 months since I found out I was a victim.
    Chairman Shelby. How did you find out?
    Mr. Harrison. I was called by a police officer in Beaumont, 
Texas, who was investigating the Harley-Davidson motorcycle for 
Harley-Davidson. He tracked me down through my credit reports 
and he could already tell that I was a victim of identity 
theft.
    And when he called me, he told me and he set me on the 
right track. He sent me to the FTC's webpage, told me to 
contact the repositories, and he was the one that got me 
started on the track to recovery.
    As I said, it has been 20 months since I found out about 
it. My imposter has been in jail 19 of those months, and there 
have been no new accounts opened since he was incarcerated. So 
everything that I am dealing with still, to this day, are 
accounts that were opened between July and December 2001. I 
still have new accounts coming in. The latest was May, last 
month. I had a new account that I learned of.
    From the first day, I have been very aggressive about 
restoring the damage done in my name. I have sought out the 
fraudulent accounts, and in most cases I have gotten hold of 
them before they were able to get hold of me. I have 
encountered a great many difficulties. Two of the repositories 
have done what I consider to be a fair job in assisting me and 
allowing me to dispute the accounts with them. One of them, 
Equifax, quite frankly, almost failed to meet any of the 
requirements of the Fair Credit Reporting Act. It took me 11 
months and three dispute letters to get my second report from 
the Equifax. And when I did get that report, it was a different 
report to what they were sending out to all my creditors. There 
are fraudulent accounts on both reports and there are good 
accounts on both reports. Some are the same and some are 
different. So, I cannot even begin to dispute accounts until I 
get the report that has the accounts on it. That has been a 
difficulty.
    Senator Sarbanes. I want to be clear. You asked for your 
credit report and they sent you a report that differed from the 
credit report they were sending to your creditors?
    Mr. Harrison. Completely different, yes, sir.
    I had an inkling of that because I had been declined credit 
from my bank. I was getting married and I was trying to get a 
home equity loan, and I declined was I called my bank and the 
loan officer talked to me about some of the accounts that were 
on the report. And I was like I am not seeing those. I thought 
those accounts were gone. But it turned out that there was a 
second report that they have that was different from the one 
that I had.
    Chairman Shelby. But they did not share that with you?
    Mr. Harrison. No, sir. I have since gotten it. Actually, I 
was able to get it because one of the things that happens when 
an imposter steals your identity and starts using different 
addresses and different birth dates, is all that information on 
your credit reports changes, because the creditors are the ones 
who control your personal information, not you.
    So because all that information was different, I look like 
the fraudster to Equifax. When I was asking for my credit 
report, I was asking for it from Connecticut. What was on my 
credit report at the time was an address in North Carolina or 
South Carolina. He used 17 different addresses, all of them 
made it through my credit reports at one time or another. There 
was six different phone numbers. And like I said, even my date 
of birth changed on the personal information on my credit 
report.
    I did want to mention the emotional impact. The emotional 
impact from identity theft is embarrassing to me because I have 
always been a very strong person. The 20 years that I spent in 
the military, it was always noted that I was a person that 
worked better under stress. But what you go through as a victim 
in trying to clear this up, I mean the repetitiveness of 
telling companies over and over again, explaining your story, 
sending out all your documentation, having accounts come back. 
It would drive anybody nuts. It really will.
    In my particular case, about 11 months into this, in 
September, I started having some anxiety problems and sleeping 
problems. So, I went to my doctor and I got some medicine. And 
that seemed to help me out for a few months.
    In January 2003, I had a lot of bad things happen. Besides 
the identity theft, I had the military trying to garnish my 
retirement pay because of one of the debts. And at the same 
time, I had my own credit card companies taking adverse actions 
against me because of what was in my credit reports. I guess it 
just overwhelmed me and it became a real distraction for work. 
I went to my boss, explained it to him. I started doing 
therapy. The doctor told me I had Post Traumatic Stress 
Disorder because my flight or fight got stuck on fight, which 
made a lot of sense to me because that is pretty much the way I 
felt, like fighting everything. That eventually led to my 
termination in April. I was fired from my job. I was a 
salesperson. Identity theft almost conflicts 100 percent with 
our job as a salesperson because you have to make phone calls, 
you have to write letters. You have to deal with rejection. And 
it was affecting my performance and I think my bosses felt they 
had to let me go because of it.
    I have two recommendations that I have made in my written 
statement and I would like to bring those up. Especially now, 
since I was listening to Mr. Beales and what he was talking 
about with the information sharing.
    The thing that I would say, one of my recommendations is, 
if I want to order my credit report I have to provide my name, 
my date of birth, my Social Security number, my current 
address, my previous address. And if that is not enough, if 
there may be a problem, then they start going through accounts 
on me and I have to verify some of the accounts that are on my 
credit report. That is what I have to do. What a creditor has 
to do is give the Social Security number of the person that is 
standing in front of them. The information, there is 
information there for them to use, they just are not using it.
    They have an application and obviously they have asked this 
person to give their address and their telephone number, their 
date of birth. But all they are doing is putting in a Social 
Security number and they are getting back a FICO score, 
probably in a lot of cases not even the credit report to see 
the fraud alert. They are just seeing a high number and they 
are making a deal.
    I really think that if creditors were held to the same 
standards we were, if they had to input four or five different 
pieces of personal information into the credit bureaus, and if 
that information was wrong they got the same message I would 
get, that we cannot identify this person and you are not going 
to see the credit file, 
everything in my situation would not have happened.
    The person did not know where I lived. He did not know how 
old I was. He did not know anything about me. He just had my 
name and Social Security number and a military identity card. 
So that would have prevented all of my situation.
    The second recommendation that I made in my written 
statement, and I am not doing this to get back at the credit 
bureaus, but I think that it is a good idea if the credit 
bureaus were rated for their proficiency, especially when it 
comes to accuracy of credit reports.
    My personal opinion is that the credit bureaus, while 
publicly they say identity theft is a bad thing, I think they 
are making a lot of money. In my situation alone there are over 
100 inquiries on my credit reports from these fraudulent 
accounts. It is money they would not have made if someone had 
not stolen my identity.
    Also, the credit monitoring systems, as identity theft gets 
more and more out there, I do not think that there is a lot of 
monetary incentive to be aggressive about fixing this problem. 
If there was a rating system that was released, I think that 
accurate credit reports are as important to the creditors and 
soon to be insurance companies. And I think that the 
competition would help the industry repair itself.
    Chairman Shelby. Thank you.
    Mr. Pratt.

                  STATEMENT OF STUART K. PRATT
             PRESIDENT AND CHIEF EXECUTIVE OFFICER
               CONSUMER DATA INDUSTRY ASSOCIATION

    Mr. Pratt. Chairman Shelby, Senator Sarbanes, Members of 
the Committee, thank you very much for this opportunity to 
appear before you today. For the record, I am Stuart Pratt, 
President and CEO of the Consumer Data Industry Association. 
And we commend you all for holding this hearing on the crime of 
identity theft and its relationship to the Fair Credit 
Reporting Act.
    Identity theft is an equal opportunity crime that can 
affect any of us individually. This crime is particularly 
invasive where consumers, consumer reporting agencies, and 
creditors are all tasked with untangling the snarl of 
fraudulent accounts and information that results from the 
criminal's actions. This task can be frustrating, and as we 
have heard, time consuming for all concerned.
    The Committee has asked us to comment on the crime itself 
and on its relationship to the FCRA. In this regard, let me 
focus briefly on three points: The first of which is the FCRA 
does provide the basic framework of rights and duties that 
consumers need in order to be able to work with their credit 
histories, in order to have confidence in the credit reporting 
system, in order to ensure the data is accurate, and so on.
    Second, our members have been at the forefront, however, of 
efforts to understand the nature of the crime, and have 
established a range of victim assistance procedures, which go 
beyond the requirements of any law because there does need to 
be some customization, some tailoring of procedures for victims of 
identity theft that are different than what you or I might go through 
as an average consumer.
    Third, consumer education remains, I think, a mainstay, 
something that is essential in dealing with identity theft. It 
is not the silver bullet that stops the crime, but it is 
essential in terms of how we as consumers both try to prevent 
the crime from occurring in the first place, and it is also 
obviously very important to how we as victims would then deal 
with the crime subsequent to being made aware of the fact that 
you are, in fact, a victim.
    The FCRA is, as I said, an essential framework. It 
provides, for example, that consumers are made aware of the 
fact that their information was used in an adverse decision. 
This, in many cases, will allow the consumer to then call the 
toll-free number, order a copy of their file free of charge, 
work their way through the process. And in a large percentage 
of cases this is easily done, this is quickly done, and this is 
done within the prescriptive 30-day period that the FCRA 
establishes for consumer reporting agencies.
    That is our task, our mission. And that is what we have to 
do under the law when it comes to resolving a consumer's 
dispute.
    Consumers obviously expect their information to be 
accurate. We are tasked with that chore, not only because of 
what consumers expect, and that is important to us, but also 
because that is what our customers expect. They expect accurate 
information. In fact, the law itself expects us to be accurate 
and we must employ reasonable procedures to assure the maximum 
possible accuracy in the file.
    Consumers, when they do dispute information on the file, 
obviously expect to be notified of the results of the 
reinvestigation. They expect to have that opportunity to 
comment further on the results of that reinvestigation. And 
those are rights that they have under the law today.
    We think that framework is in place. I think the goal here 
today, certainly for us, is to continue that process of 
discussing how this framework works for victims of identity 
theft. And to provide a little more context for that, let me just 
talk about some of the initiatives that we have undertaken, because 
there certainly are instances where the basic framework is not 
sufficient. Identity theft is a longitudinal crime that occurs 
over a period of time. It is quite a bit different than 
burglary or other forms of crimes where I walk up and I see the 
empty parking lot, so I know my car is gone. Or I walk up to my 
home and I can see my home is burglarized.
    So, we have standardized security alerts to make sure that 
downstream crime does not occur when an alert is on your file. 
And we have standardized the three steps we take for consumers 
when they contact us initially.
    This year we announced a single call point of entry, so a 
consumer has an easier time of notifying all consumer reporting 
agencies. The one phone call to any one of the national 
agencies results in that same data being transferred to all of 
the consumer reporting agencies. Each agency takes the first 
three steps for that consumer getting the file disclosure to 
the consumer, opting them out of prescreened offers of credit, 
putting an alert on the file for the consumer.
    We have also used police reports to try to expedite removal 
of information from credit reports and we do think that is an 
essential step for consumers. They want information off the 
file quickly. They would like to have it done once and for all, 
I am sure the first time through, no doubt about it.
    My time is running out, and what I would like to do is----
    Chairman Shelby. I will not let your time run out yet, but 
Mr. Harrison brought up some very serious questions that he 
experienced himself. I was out of the room for a minute. Can 
you address those questions?
    Mr. Pratt. Yes, sir, I would be happy to.
    Chairman Shelby. He went through a horrible experience.
    Mr. Pratt. What I will have to do, Mr. Chairman, is of 
course, I suspect, talk with Mr. Harrison a little bit more to 
learn more about the details.
    What I have heard is that the creditor had different 
information than the information that he had in his hands 
through the file disclosure. I have to better understand what 
that means, or what the circumstances were around that.
    Here is what the law says, and here is what should have 
happened. The law says we are obligated to disclose all 
information about that consumer at the time the consumer makes 
the request. That was actually an amendment to the law in 1996, 
to make it absolutely clear that we must disclose everything so 
that Mr. Harrison does, in fact, have the same information that 
a lender would have, so that Mr. Harrison would understand 
precisely what was in the file and the lender would have the 
very same information.
    So, I cannot explain it further than that, but that is what 
the law requires. That is what the law always requires, and it 
makes sense to all of us in the industry that that is what the 
law should require.
    In terms of the experiences he has had individually, I have 
two reactions to it. I took a lot of notes, because every time 
I come to a hearing and hear about an experience, or spend time 
visiting with Linda or others, we do learn sometimes about 
practices that are not perfect in our industry. One, industries 
are big and sometimes they do not get it right with every 
single consumer.
    I do believe Mr. Harrison's experience is the aberration 
rather than the norm because of the incredible effective 
criminal that perpetrated the crime against him. This is not as 
common in identity theft. But where it does occur, it does take 
more time, it is more frustrating, it is harder to pull it all 
back.
    Lenders certainly have the same challenge that we have and, 
of course, concurrent with servicing the consumer who is a 
victim, we have to make sure that we are not closing down 
accounts that are not otherwise valid accounts, because a 
consumer just did not want to pay a bill. So it is a wheat and 
chaff process. You are trying to make sure you deal effectively 
with every legitimate claim, and at the same time try to deal 
effectively with the illegitimate claims.
    Thirty-five percent of the consumer relations process that 
we deal with through credit bureaus today is tied to something 
called credit repair. Credit repair is the process by which a 
consumer is either advised or somebody on their behalf simply 
disputes every item of information in the file that they would 
like to have removed. They do this, in some cases, every 15 
days in order to try to beat down an accurate credit report.
    And so one of our challenges is to try to make sure that we 
are always identifying Mr. Harrison properly, and at the same 
time trying to identify where we have a circumstance that might 
be credit repair related.
    It is not an excuse. I want you to understand the dynamic--
--
    Chairman Shelby. But you are not there yet. You have not 
solved all that, have you?
    Mr. Pratt. We have not solved all of those problems, no, 
sir. We are progressively, when you look at our testimony, we 
have outlined a whole series of steps we have taken which I 
think indicate that we recognize that you cannot look at your 
law and say well, the law said this and so we are done. That is 
it. We are finished with this. Our job is done if we did it the 
way the law required.
    We found a lot of things that we needed to change over 
time, the most recent of which is this one-call service because 
consumers said I do not even know necessarily what all the 
credit bureaus are that are out there. It would sure be nice if 
I could just call one and know that everybody does the same 
thing for me. So that was a new service that we launched for 
consumers who are victims of identity theft at the beginning of 
this year.
    Is that the final word? No, sir, I suspect that is not the 
final word. That is the best word I can give you right now, in 
terms of where we are.
    If I could just outline some things that I think would help 
us, one of which is the FTC needs the support to continue 
developing the sentinel system. Law enforcement uses the 
sentinel system to investigate and to bring together those 
cases that can then be worked at the local, municipal, and the 
State levels by enforcement agencies at those levels. The 
sentinel system is a compilation of data about identity theft 
crimes from all over the country. So the FTC needs that 
support, and we believe very strongly that is an essential 
ongoing element.
    I think the FTC needs to receive a lot of support in terms 
of continuing to educate consumers. Mr. Harrison received 
information that I hope was helpful to him. Obviously, it was 
not helpful enough to solve the entirety of the problem for 
him, but it was hopefully a good enough stopping-off point.
    Groups like Ms. Foley's certainly cannot always address 
everything in the marketplace on their own, and the FTC does a 
great job of educating consumers.
    We need to work toward resolving the multi-jurisdictional 
problems we have with this crime. We cannot get consumers to 
get 
police reports everywhere in this country. If we could, we 
could expedite a lot of data removal from files because we 
could use the police report to remove data from files today. 
That is our initiative today. That is our voluntary standard 
today.
    We would like to get the fraudulent data off the file once 
and for all. We would like to get it off just as much as the 
consumer does, and candidly just as much as our lending 
customers would, as well, so they are making good lending 
decisions and they are saying yes rather than no.
    And we would like to ensure that there are national 
standards for our reinvestigation processes. It is one of those 
provisions of the uniform standards that we are now discussing 
here in the larger context. We believe that those national 
standards do help us to build databases and build systems that 
allow us to effectively serve the consumer wherever they are in 
the country.
    With that, I will close my remarks. Thank you, Mr. 
Chairman.
    Chairman Shelby. Ms. Foley.

                    STATEMENT OF LINDA FOLEY
                       EXECUTIVE DIRECTOR
                 IDENTITY THEFT RESOURCE CENTER

    Ms. Foley. Thank you very much, Mr. Chairman. My name is 
Linda Foley, and I am the Founder and Executive Director of the 
Identity Theft Resource Center. We are a nonprofit, national-
based organization. We work with a national clientele and are 
based in San Diego.
    Sitting behind me, and you might have seen him passing me a 
couple of notes already, is our Co-Executive Director, Jay 
Foley, who also happens to be my husband.
    I found out about identity theft when I became the victim 
of identity theft. In the last few years, our program has 
grown, unfortunately, due to experiences like John Harrison. 
And through learning from John Harrison and many, many other 
victims of identity theft. This chair is actually filled with 
the 700,000 victims of identity theft this year that we 
abstractly represent, that is the number we use--so we have 
learned a lot about this crime.
    I have provided testimony for the Members. I am not going 
to repeat any of it. I trust you will all read it when you have 
time. What I would like to address is some of the things that I 
have been hearing today.
    If anyone in this room thinks they are immune to identity 
theft, especially any of the Senators, let me please point out 
that you have a book downstairs in the gift shop called the 
Capitol Guide. It is a little long book--you even get a $5 
phone card in it now--which lists your birth date and your 
place of birth. Depending on whether you have an open or closed 
access State, I could get your birth certificate without much 
effort. From that it is a hop to calling the Social Security 
Administration and getting your Social Security number. 
Basically, they ask a few questions based on your birth 
certificate information. I now have your Social Security 
number. With this I now have access to your credit and to your 
lives. I can open up credit cards in your names. I happen to 
know what States you are from. It probably would not take much 
effort to find out an address. With that I can also commit 
criminal identity theft in your name.
    No one is immune from identity theft from birth, since we 
now give Social Security numbers to infants, to beyond death.
    In our testimony you will find 20 case histories from our 
records that I have itemized, including cases of child identity 
theft. It includes a 6-year-old who owes over $60,000, 
including almost $5,000 in child arrears to himself, by the 
way, and has three DUI's. He cannot even see over the steering 
wheel yet. Daddy dearest is an illegal immigrant who, now 
divorced from his American wife, must use his child's identity 
in order to somehow figure out a way to stay legally here in 
the United States.
    Last year you all probably read in the New Jersey Star 
Ledger, the article of the woman who was contacted by an 
insurance company. They wanted information about her husband's 
auto accident. Interesting. Her husband had died 10 months 
earlier on September 11, on the 80th floor.
    Those are some of the more poignant stories.
    One of the remarks made today is that John is not the norm. 
We get about 40,000 visitors to our website per month. Those 
are numbers of people who come and read information, gather 
information, and hopefully have enough to go on and work on 
their own. ITRC gets about 100 to 150 telephone calls or e-mail 
letters each week from people like John who we call extreme 
cases.
    His is typical of our extreme cases. This is not an 
aberration. In fact, we have cases much worse than John's, 
unfortunately, that we deal with.
    Family identity. Senator Dole, you mentioned that, 40 
percent are family oriented. Those are the ones I get. No one 
in the office wants to take them because they have to deal 
with, ``what do I do?'' Do I turn my mother over to the police? 
Would I be a bad child to do that? Am I a bad daughter? Am I a 
bad parent if I turn my child over to the police? How do I deal 
with this within the family? How do I convince the credit 
reporting agencies? How do I convince credit issuers I did not 
open up these accounts if I am not willing to file a police 
report?
    We have a problem in that in many jurisdictions throughout 
the United States, the police are still reluctant to take 
police reports. California has a law, Penal Code 530.6, which 
says that a police report must be taken in the jurisdiction 
where the victim lives. That is not true in many cases, and 
these victims get bounced from place to place. They live in 
Alabama and the crime is occurring in Kentucky. Who is going to 
take the police report? Alabama is not going to send someone to 
go investigate.
    And I will go back to one other thing. A lot of times 
victims need these police reports to help clear up the credit 
issue. The reality is when I speak with victims, I am trying to 
explain to them you may never see an arrest out of this case. 
In fact, very few are.
    We have talked about penalties several times. Increasing 
penalties is important, but we are basically increasing 
penalties for all those people who are never arrested, which 
could be in excess of 90 percent.
    Chairman Shelby. Ms. Foley, the question Senator Sarbanes 
has proposed, how do we prevent it, right?
    Ms. Foley. Correct.
    Chairman Shelby. How do we tighten down on it?
    Ms. Foley. I think it comes down to three areas. We need to 
stop letting criminals get information by better business 
handling. I just finished writing a book on that and we are 
talking about it with businesses. Not everything needs to be 
legislated. I think a lot of it is common sense. Why are 
businesses throwing information in dumpsters behind their 
stores that has personal identifying information? Do we really 
need to legislate against it? I know we have in Georgia. We 
have in California. We have shredding laws now in both of these 
States. But must we really tell a business, do not carelessly 
throw away a piece of paper that has someone's Social Security 
number on it. You would not want that done to you. It is called 
the Golden Rule.
    I think we need to understand this crime links to other 
crimes. We need to consider that if they are going to get the 
information, we need to prevent them from being able to use it 
as readily as they do. I have provided for Senator Sarbanes' 
benefit as well as all of yours, almost 20 recommendations for 
laws that I think are necessary and that we need to see. I 
would like to see them on a national basis. We have seen more 
flurry of activity and talk at the Federal level in the last 
few months since we have been talking about FCRA than we have 
in the last 6 years since I have been a victim of identity 
theft. Yet, I see very few laws being passed.
    Senator Feinstein has a bill, S. 1399, which has been 
around since 2000. It is a mandatory observation of fraud 
alerts. The credit reporting agencies do allow us to put a 
fraud alert on their credit reports. There is no law that says 
that a credit grantor must honor it, however. We have victim 
after victim who says, ``I put a fraud alert on my credit 
report. I even sent a letter in to them asking for the 7-year 
alert,'' because they have been gracious enough to do this 
without being Federally mandated to do so. But the credit 
issuers are not observing them.
    Someone mentioned the movie ``The Net.'' I happen to be 
partial to the movie ``Class Action,'' an old Gene Hackman 
movie. It is more financially beneficial to these companies to 
ignore those fraud alerts and to quickly get the money, to open 
up the line of credit within 30 seconds--our microwave 
society--than it is to take the time to call and verify that 
application.
    We just recently got cell phones. We have fraud alerts, 
both of us. That fraud alert took an extra 10 minutes for us to 
get that cell phone. That is all it took, one phone call. My 
husband, he got it--and if we had had our cell phones already 
we could have had them just call the cell phone and I would 
have waved at the car dealer across the table from me and said, 
hi, this is me. Yes, go ahead and approve the application. It 
is as simple as that.
    You asked about our position regarding FCRA and the 
preemptions and the sunsetting. I think I would like to 
summarize it in a couple of ways. Yes, there is a need for 
strong national laws. There is no question about it. However, 
the framers of our Constitution said this is a framework. The 
FCRA was devised as a framework for privacy as well as ways 
information is being handled. It was never supposed to deal 
with every single issue.
    If you are asking us to say, shall we go ahead and renew 
the preemptions, without having the laws already in place that 
are going to resolve all of the problems that you are all 
talking about already, how can we do that without knowing 
whether it is going to take care of the problem? Will we need 
to rely on the States, who are more responsive at this moment 
and have passed more laws, and have been dealing with the issue 
on a continual basis in many cases? We do come from California. 
Unfortunately, we do have the most number of victims. But we 
have also passed a great number of laws. We also have high 
population groups which attract these criminals.
    We are going to take a position right now which is--we want 
to see what these laws are that you are going to pass, and that 
are going to get signed and put into action. To discuss 
preemptions in FCRA--we are not talking about renewing the 
whole FCRA but just those seven areas of preemption right now--
is premature. How can we say that we do not want affiliate 
sharing? How can we talk about any of these other areas when we 
do not know how the laws are going to deal with it?
    We have another problem. If we have a Federal law about 
identity theft, then why did we have to pass laws in every 
State? It is because local law enforcement, local jurisdictions 
need some latitude for them to be able to prosecute as well. So 
if we are going to create national laws, we need to also keep 
in mind that we have to be able to enable local law enforcement 
and local district attorneys to be able to work with the 
Federal system. Otherwise you are going to have every U.S. 
Marshal, every U.S. Attorney, and probably half the Army, the 
Navy, and the Marine Corps working to investigate identity 
theft and prosecute. We do not have the staff to do it all on 
the Federal level. We have to expand that all.
    I do have a couple of questions, first Stuart, please. I 
know that you have the one-call shop now. I also know that we 
have a problem because each of the credit reporting agencies 
have different standards of information that they ask for on 
their automated systems or through their live person, in one 
case. How have you resolved that? Have you finally come to an 
agreement on what data is going to be needed, or if I call 
Equifax are they going to ask for one set of information and 
then Experian may contact me later on and ask me for a couple 
more pieces of information before they send my credit report?
    Chairman Shelby. We generally do not let our panelists ask 
questions.
    [Laughter.]
    Ms. Foley. Sorry.
    Chairman Shelby. Except that was a good question.
    Ms. Foley. It is a problem we are hearing about.
    Chairman Shelby. Why don't we finish the panel before we--
--
    Ms. Foley. I would appreciate that.
    Chairman Shelby. We are going to go to Mr. Hough.

                   STATEMENT OF WILLIAM HOUGH
               VICE PRESIDENT OF CREDIT SERVICES
                    THE NEIMAN MARCUS GROUP
                        ON BEHALF OF THE
                   NATIONAL RETAIL FEDERATION

    Mr. Hough. Thank you, Mr. Chairman. Good afternoon. My name 
is Bill Hough and I am Vice President of Credit Services for 
The Neiman Marcus Group. I am testifying today on behalf of the 
National Retail Federation. I would like to thank Chairman 
Shelby and Ranking Member Sarbanes for providing me with the 
opportunity to testify about the growing problem of identity 
theft and the steps that Neiman Marcus, like so many other 
members of the retail community, is taking to curb our losses 
and protect our customers from these crimes.
    By way of background, The Neiman Marcus Group is head-
quartered in Dallas, Texas, and it is comprised of two 
operating segments, Special Retail, which includes the Neiman 
Marcus stores and the Bergdorf Goodman stores, and Direct 
Marketing, which includes the catalogue and online operations 
of our Neiman Marcus, Horshow, and Chef 's brands. We issue our 
proprietary credit cards under the Neiman Marcus and Bergdorf 
Goodman names.
    In fiscal 2001, Neiman's reached the high-water mark for 
identity theft related losses with over 520 cases representing 
a total expense of $1.3 million. In the past 2 years, we have 
experienced a decline of 70 percent in the number of identify 
fraud cases with less than 150 cases projected for the current 
year. It is important to note that other fraud related cases 
such as lost or stolen credit cards have remained constant over 
the last couple years.
    Mr. Chairman, instant credit applications represent about 
85 percent of all accounts open at Neiman Marcus. These are 
handled at the point of sale. In order to cut down on fraud and 
identity theft during the application process, Neiman's 
developed a custom fraud detection model that analyzes certain 
specific attributes of every credit application. This system 
isolates certain variables on an application and double-checks 
them against information found on the applicant's credit 
report. Where discrepancies and inconsistencies occur, the 
model sends the application to our credit department for 
review. Clearly, the model has worked well for us over the last 
couple years. This year we know we have prevented about 800 
fraudulent accounts from being opened.
    Occasionally, we are able to definitively detect an 
attempted fraud and arrest an identity thief in the store. This 
usually occurs if our credit office, after being alerted during 
the application process, can quickly get in touch with the 
victim. We will then ask them if they want to pursue an arrest 
of the person attempting to open the account in their name. If 
they agree, we will detain the suspect and contact the police. 
We have had 33 such arrests this year and 80 last year.
    Currently, Neiman Marcus Direct, our catalogue division, 
and our stores send out 15,000 packages a day delivering items 
to customers. By using customer information-sharing, we were 
able to develop an address delivery cross-check within our 
Delivery Manifest system. What that does is it double-checks 
against any negative 
addresses that may be out there to detect possible bad 
deliveries. Additionally, we have edits in place to identify 
unusual buying patterns that may be forwarding merchandise to 
certain addresses multiple times. These controls have stopped 
about 500 fraudulent shipments in the last year.
    Neiman's also does special edits to focus on the hottest 
selling merchandise. In fact, a savvy salesclerk in our Neiman 
Marcus White Plains store helped expose one of the largest 
identity theft rings in U.S. history involving a former 
employee of Teledata and over 30,000 stolen credit reports from 
the three major bureaus. The incident began when a woman called 
in an order for $6,000 in trendy shoes to the White Plains 
store. She told the salesclerk she did not care what size the 
shoes were and where they were to be shipped. The salesclerk 
realized this was suspicious, notified our Loss Prevention 
department. They, in turn, set up a controlled delivery with 
local law enforcement and the postal authorities.
    Mr. Chairman, I would like to be able to tell you that 
Neiman's has prevented 100 percent of all fraudulent credit 
applications this year, but I cannot. Successful identity 
thieves still slip by our systems at the rate of 7 for every 
10,000 applications processed--less than one-tenth of 1 
percent. This, in my view, is not the result of a flawed 
system, but the result of determined criminals with 
sophisticated tools like computers and the Internet. The most 
successful identity thieves know how to replicate an 
individual's identity perfectly. They also know how to get a 
hold of what I would call perfectly identifiable pieces of 
information which may be a driver's license or a counterfeit 
credit card.
    For these types of criminals there is very little else we 
can do to detect and prevent the crime, and retailers, like 
other businesses, are looking to the States and the Federal 
Government to begin producing the most secure identity 
documents possible.
    The need for tougher law enforcement statutes is also 
critical. While we will arrest approximately 250 perpetrators 
of fraud this year, many of these criminals are out on the 
street the next day with a slap on the wrist. Identity thieves 
are treated as a harmless pickpocket instead of a serious 
criminal who has created havoc for an innocent victim. These 
people, especially those that become multiple offenders, must 
face stiffer sentences if we are going to stop this type of 
crime.
    Further, identity thieves thrive on anonymity and rely on 
the assumption that large retailers such as Neiman's cannot put 
a name and face together in order to prevent fraud. This is why 
it is so important for retailers to know their customers, and 
why it is so important that we have to do this by the efficient 
use of information. Information flows between Credit Services 
and the bureaus, or between Retail Divisions and Marketing 
Divisions, combined with sophisticated technology and scoring 
models, cut down on fraud and allow us to offer better customer 
service.
    In conclusion, if there was one thing I want to point out 
as I leave, it is oftentimes our efforts to provide customer 
service have led to new mechanisms by which we do stop fraud. 
Identity theft is a crime with at least two victims: The 
individual whose identity was stolen and the business from 
which money and merchandise was stolen. Clearly, it is the 
individual victim that is most directly hurt. But if identity 
theft crimes continue to rise at the rate reported by the FTC, 
all consumers will ultimately pay as much of these business 
losses are passed back to the consumer.
    Mr. Chairman, I ask that Congress think carefully before 
blocking information flows or constraining businesses to 
specific prevention techniques or responses. We, in business, 
must continue to have the leeway to innovate to respond to 
constantly changing variables. Criminals always find a way and 
we need to maintain the ability to find a response. I thank you 
for your time.
    Chairman Shelby. Mr. Naylor.

                 STATEMENT OF MICHAEL W. NAYLOR
                   DIRECTOR OF ADVOCACY, AARP

    Mr. Naylor. Thank you, Mr. Chairman, Senator Sarbanes, and 
other Members of the Committee. I am the last batter in the 
bottom of the ninth and I can feel the palpable hope in this 
room that I will pop up on the first pitch. So let met at 
least----
    Senator Sarbanes. Or hit a home run.
    Chairman Shelby. The bases are loaded.
    [Laughter.]
    Mr. Naylor. Let me just, in a fragmentary way, touch the 
high points here.
    First of all, I am new to the position at AARP and I hope 
that if there is anything we can do on this issue, or any other 
issue, to help you with your important responsibilities, you 
will not hesitate to call on us.
    Second, I enjoyed Senator Bennett's asides with regard to 
some of the popular culture forays in Hollywood and others into 
this issue. You might want to add to that, Senator, the New 
Yorker cartoon from about 2 months ago where a man is 
disconsolately telling his friend, my wife ran away with the 
guy who stole my identity, which is maybe a problem that has 
not surfaced yet.
    At AARP, we suspect that our members may be more prone to 
be victimized by these crimes than others. They control more of 
the Nation's wealth. They have a longer credit history, which 
permits more forms of access. Many of them are in the position 
where caretakers, custodians, or family members could take 
advantage of them. It is difficult for us to confirm that 
though from existing files. The best database is maintained by 
the FTC, the complainants database, which shows us no more 
likely, our members no more likely than others. But there are 
some problems with that.
    Number one, to get into that database you have to be a 
complainant. Our long experience is that older Americans are 
less likely to complain to a Federal agency than others.
    Number two, you have to offer your name. About 30 percent 
of complainants--not name, age. About 30 percent of 
complainants do not offer their age. Both from our experience 
and the lighthearted remarks by the Chairman and by Senator 
Schumer earlier would confirm that it is the case that once you 
get into AARP territory you are less likely to volunteer your 
age as well. So, we are trying to address that issue.
    Despite those biases, or omissions which under-report the 
experience of senior Americans as victims, still that database 
shows us that there are six specific identity theft crimes 
where older Americans are statistically more likely to be the 
victim of a crime. Number one, these are, the use of a victim's 
existing credit card account. Number two, the establishment of 
a new credit card account in the victim's name. Number three, 
the opening of a wireless telephone account in the victim's 
name. Number four, the use of a victim's information to commit 
credit fraud. Number five, the taking out of a personal or 
business loan in the victim's name. And number six, the theft 
of a victim's identifying information and then the use of it in 
attempts to commit fraud.
    There were some questions about solutions. Frankly, so far 
the AARP has spent more time in terms of trying to make its 
members aware of what is going on, and provide them practical 
information about how to avoid identity theft, and how to deal 
with it when it occurs. But we are beginning to inventory some 
possible solutions. While I cannot endorse them fully, I think 
there are things that we will continue to explore and we hope 
that the Committee will take that into account. Some of them 
include, Senator Sarbanes, first, the ability to get a free 
credit report once a year. That is something that we will 
support, and my enthusiasm for it grew with every question you 
asked Mr. Beales, so we would like to press ahead on that 
count.
    Second, I do not know if we are in favor of hanging either 
pickpockets or identity thieves, but looking at the statute of 
limitations in this regard I think is important. It may not 
fall under the jurisdiction of this Committee, but it is 
essentially 2 years. The way the courts have interpreted it, 
that statute starts ticking from the date of the event. Now 
maybe that makes sense where someone walks up to you, sticks a 
gun in your ribs and relieves you of your wallet. As Mr. 
Harrison's case explains, it could take weeks, months, even 
years in many cases before you know that the crime has 
occurred. So having the statute of limitations start ticking 
from the discovery of the purported crime as opposed to the 
date of the alleged crime would make a lot more sense in this 
regard.
    Third, Mr. Harrison's commentary did it a lot more 
graphically than I can, but we are also very sensitive to the 
notion that, in general, it is much harder for almost anyone 
other than you yourself to get a copy of your credit report. 
You have to provide much more information to find out your 
credit report than almost anyone else, and it generally costs 
you more to get it. Something that addresses that issue I think 
is well within the realm of things this Committee could do.
    I do not know, maybe that was a scratch single, but the 
inning is over and thank you very much.
    Chairman Shelby. Thank you very much, Mr. Naylor. I will 
try to be as quick as I can.
    Captain Harrison, we heard your story here and I think it 
is compelling. Things still worked out terribly. Would you say 
that, at a minimum, Congress has a responsibility to take steps 
to help future victims like yourself ?
    Mr. Harrison. Absolutely, sir. I do.
    Chairman Shelby. Ms. Foley, I am going to let him answer 
your question on somebody else's time.
    Ms. Foley. He does it all the time.
    Chairman Shelby. Ms. Foley, we have heard testimony that 
the credit card companies employ numerous antifraud measures. I 
think this is definitely positive. However, the larger question 
does not bear on how much they do, it relates to how successful 
they are in this undertaking. Who is ahead of whom here, the 
people who commit fraud or the credit card companies, in your 
judgment?
    Ms. Foley. The criminals are always ahead. This is an 
evolving, changing crime. They are, at least, several years 
ahead of us on the learning curve. There is no question about 
that. I think that if credit issuers would start to accept some 
of the business solutions that are out there as far as 
verification of the application, applications can be verified 
in 30 seconds. We are, again, that microwave society. People 
want it done quickly.
    But I have seen credit applications where only half the 
information is filled in. I know part of the problem Stuart is 
having and some of what you were talking about is--we have all 
done it. We have filled out an application halfway because we 
wanted the free gift that they were giving. What do the credit 
reporting agencies do with that information? It doesn't quite 
match anybody's real credit report. They do the best match 
possible. That is where some of what we call those suppressed 
files come from, which is where there is some inaccurate 
information that they do not know where to put it. Does it go 
to your credit report, my credit report, Senator Sarbanes' 
credit report. They do not know.
    Chairman Shelby. Mr. Pratt and Mr. Cunningham, I will 
direct this question to you. How does someone open 61 accounts 
in light of the precautions that the credit card companies and 
the credit bureaus take?
    Mr. Pratt, how do they do it?
    Mr. Pratt. Apparently they are good criminals in terms of 
what they do. I do not mean that flippantly----
    Chairman Shelby. I know that.
    Mr. Pratt. --but there are some who are very good at it.
    Chairman Shelby. It is a very serious question.
    Mr. Pratt. Precisely. I think the short answer is, we do 
not know how often that criminal--and Ms. Foley references 
something that is a challenge. When data comes into the credit 
reporting system, we cannot cross-check a Social Security 
number against a name, against the Social Security 
Administration's database. There are lots of good reasons why 
the private sector does not have access to that database. But 
that data comes in, so there may be a credit 
report under a different name but the same Social and a 
different address. There may be actually accounts opening up on 
several different reports, so they are actually not being 
opened up solely on a single report.
    Chairman Shelby. Shouldn't that trigger something, maybe a 
watch or caution, a little yellow light there?
    Mr. Pratt. Only if there is something connected together in 
all of that would there be some caution flag, if you will, that 
would come up in all of that for a lender, for example. But 
today, to give you some idea of the scale of change in the 
database, 40 million consumers are moving every year so it is 
difficult to say an address change alone is enough. We have 3 
million marriages and divorces, a majority of those end up with 
a change in your last name. We have about 6 million consumers 
with a second home in this country. That again results in a 
second address on your file. We have tens of millions of 
consumers in this country that use one of their credit cards 
for billing purposes at work, so they have a work address 
associated with their personal information.
    Managing 200 million files and 2 billion data elements----
    Chairman Shelby. You are not saying that is impossible, are 
you? You are in the business.
    Mr. Pratt. I suppose with enough time and money, anything 
is possible, Senator. But I just wanted to set the context here 
because sometimes we react viscerally to this and we go, how 
could you not have seen that? The answer is, in some cases, 
because we are managing an extraordinarily large volume of 
data, so the pattern that you and I see here today, this seems 
very obvious something was happening, is not nearly as obvious 
in the large-scale sense when you are building a nationwide 
system.
    Chairman Shelby. Ms. Foley wants to respond.
    Ms. Foley. My understanding is that the repositories are 
not in the business of looking for these alerts. They are not 
sitting there looking to see, have 61 applications come through 
in the last month. That is the job of the lenders. 
Unfortunately, the lenders do not see the full credit reports 
in most cases. They get a score. They say, gee, this person 
seems to have a good credit status. Let's go ahead and give 
them a credit card. Or in John's case, his score went down. It 
varies from credit report to credit by 150 points.
    Chairman Shelby. Mr. Pratt, I do not want proprietary 
information, but your people get a lot of money to manage this 
information.
    Mr. Pratt. It is a successful business, yes, sir.
    Chairman Shelby. It is a successful business. We know that.
    Captain Harrison, again, of the 61 fraudulent accounts that 
were opened on your file, how many creditors sought to pursue 
criminal sanctions against Mr. Phillips?
    Mr. Harrison. The only one I know of is Harley-Davidson. A 
lot of them that I talked to, especially after he was caught, I 
let them know who the guy was, what his name was, what jail he 
was in. Even the timeshare in South Carolina, which was $21,000 
said, we are not going to go after the guy. It does not make 
sense for us to press any charges against him.
    Chairman Shelby. We have some very patient Senators here 
but I want to get in one more question if I can. This would be 
to Mr. Pratt, Mr. Cunningham, and Mr. Hough. Do you think 
consumers should be able to take steps to protect themselves 
against identity theft? It is what we are talking about. If 
they want to take measures but those measures may have 
consequences that bear on the availability of credit, who do 
you think is best able to gauge those consequences, the 
companies you represent or the consumers themselves? Go ahead. 
You all first and then Ms. Foley.
    Mr. Pratt. Our reaction is, of course, we all should know 
how best to protect ourselves, and I think there are a lot of 
different ways to do that. Some are voluntary. If you believe 
you have been a victim of a crime and you are concerned, we 
will put a security alert on your file. That is a protective 
measure. It will work downstream to alert subsequent users of 
the fact that something has happened to the file. So in that 
case, yes, sir, we think that is a good step. But there is a 
consequence to that. I have actually had consumers complain to 
me that the alerts worked too well. That is the flip side of it 
as well, I guess.
    Chairman Shelby. I do not believe they are working too 
well.
    Mr. Pratt. I can respond to that, actually, if I may. That 
is, we have looked at 5,500 credit reports recently with 
security alerts on them because of the concerns that have been 
raised about how ineffective they may be or how often there 
might be a problem. We looked at those files in terms of how 
many of those files had, after the alert was added, additional 
activity, meaning new accounts, how many did not, and then how 
many went through a reinvestigation, which would be our best 
indication that a consumer had said, I have to pick up the 
phone, I have to dispute something, something is wrong with 
that file.
    Less than one-half of 1 percent of all of those 5,500 files 
had a subsequent reinvestigation after the alert was added to 
the file. So that was our first look at this question because 
we were concerned about alerts on the file and whether or not 
they worked properly. That gives us one barometer which is, 
there is a very, very low rate of dispute, even when the alert 
has been on the file as much as 12 months, and even when a file 
with an alert has had credit activity subsequent to the alert 
being placed.
    Chairman Shelby. Ms. Foley, do you want to respond?
    Ms. Foley. There should not be any activity once an alert 
has been placed, at all. If I say, I want to be called every 
time an application is submitted in my name, I should have that 
right. That prevents me from having to purchase a credit 
monitoring service for $79.95. It also prevents me from having 
to reorder credit reports over again at a cost of $8 each in 
order to do that, and to see what is going on. And I do not 
have to wait 12 to 15 months to find out if I am a victim yet 
again.
    There is a trade-off with a fraud alert. I did it with the 
exact knowledge that this was going to slow down the issuance 
procedures and process. I am a victim of identity theft. Take 2 
or 3 days, or take a week to grant me credit, please. Just do 
not grant it to my imposter again.
    Mr. Pratt. To be clear, Mr. Chairman, I think that the file 
activity that we see with new accounts is, in fact, tied to the 
fact that some consumers who are victims continue to have a 
need for credit and apply for credit, and they go through the 
process and the verification takes place, including the kind of 
reverification--and in other cases consumers are inactive, and 
they do remain inactive and that is their choice in the 
marketplace, and that is why some files have activity and some 
do not. In all of those cases, less than one-half of 1 percent 
ever had an additional reinvestigation, even as long as 12 
months after the initial alert was placed on the file.
    Chairman Shelby. Senator, thank you for your indulgence.
    Senator Sarbanes. Thank you. Mr. Chairman. I will be brief. 
I just want to try to clear away a few things that may appear 
somewhat minor, but let me see if I can get it settled. Is 
there any one at the table who would be opposed to a 
requirement that people be able to get their credit report free 
at least once a year?
    Ms. Foley. I have no objection. In fact, I would encourage 
it.
    Mr. Hough. I do not know what the overall expense or impact 
it would be to the credit bureaus, but I think the information 
is valuable if the person can get to it.
    Senator Sarbanes. Everyone is supportive.
    Mr. Pratt. No, sir, we are not.
    Senator Sarbanes. You are not supportive. Why not?
    Mr. Pratt. We are supportive of access. The 1996 Amendments 
provided what we thought was the right balance for access. 
Consumers who suspect fraud can get access to a free file. If 
you are unemployed and seeking employment, if you are on public 
assistance and you wish to have your file, or if you have been 
declined 
credit, if you are potentially going to have adverse action 
taken under employment circumstances, you have access. The 1996 
Amendments created a much larger set of what we thought were 
discrete populations of consumers with a higher level of need 
where you would not want the price to be an impediment.
    Senator Sarbanes. So, you do not think that I should be 
able to get a credit report free once a year?
    Mr. Pratt. We think your right of access is unquestioned. 
The fee that we are getting right now is not to create a 
revenue stream for us but just to offset the administrative 
expense.
    Senator Sarbanes. Now, Maryland requires you to give me a 
free credit report every year, correct?
    Mr. Pratt. Yes, sir, absolutely.
    Senator Sarbanes. So, I can get it.
    Mr. Pratt. Yes, sir.
    Chairman Shelby. I cannot.
    Senator Sarbanes. Would you be in favor of dropping the 
preemption requirements in this statute?
    Mr. Pratt. We hope that that is not what we are moving 
toward here in the deliberative debate, but I would be happy to 
share with you the one risk that----
    Senator Sarbanes. It is related to the substantive 
standards of protection for the consumer, is it not?
    Mr. Pratt. We believe access is certainly related to the 
substantive standards.
    May I have a minute to just try and lay out at least one of 
the reasons for our concern, sir? That would be, for example, 
we have talked a little bit about security breaches. Credit 
bureaus right now are much more exposed--one of our reasons for 
concerns with free files has to do not so much with a principle 
of cost, if you will, but with a reality in the business world. 
That is, for example, when TriWest had its hard drives stolen 
in Arizona, which was a medical provider for the military, at 
least a health care service provider, TriWest sent out a letter 
to the 500,000 families. Of the 500,000 families, at least 
365,000 of them responded, calling the credit bureaus asking 
for various services, which the credit bureaus provided 100 
percent free of charge for every one of those security breach 
victims.
    The same thing happened with 200,000 in California. There 
was a DPI case recently with 8 million potential breaches of 
account numbers; 50,000 consumers at the University of Texas.
    Our concern is that in some ways credit bureaus are now 
being asked to bear the burden of someone else's failure to 
protect their information in the marketplace. That really is 
the issue of unfairness that concerns us most. It makes it 
almost impossible for us to manage our consumer relations 
process for all the average consumers who are calling us every 
day. In fact with the TriWest case, each of the credit bureaus 
incurred approximately $1.5 million worth of cost even though 
they had no involvement, even though it was not credit bureau 
data, and even though the TriWest company is not, in fact, even 
a customer of the credit bureaus.
    So our concern with that is that it is exposing us to a 
different level of risk in the marketplace.
    Senator Sarbanes. Mr. Pratt, do you favor changing the 
statute of limitations? The statute of limitations now is that 
a victim must bring legal action under the existing statute of 
limitations from 2 years after occurrence of the fraud. Do you 
support that standard or would you be in favor of changing it 
as has been suggested here this morning?
    Mr. Pratt. We have been involved, certainly in the last 
Congress and I suspect heading into this Congress as well, in a 
constructive discussion with Senator Cantwell's staff. You will 
see in that bill a proposal which is much closer to one we feel 
we could work with.
    Senator Sarbanes. Which is what?
    Mr. Pratt. Well, it establishes a different time mechanism 
for an identity theft victim versus the average consumer in the 
marketplace because there may be unique circumstances for 
identity theft victims.
    Senator Sarbanes. What is your time frame for the identity 
theft victim?
    Mr. Pratt. The time frame that Senator Cantwell was 
proposing was, I think it was a 3- or 4-year standard rather 
than a 2-year standard.
    Senator Sarbanes. From when?
    Mr. Pratt. From the date the event occurred.
    I would like to clarify, however, that unlike many other--
--
    Senator Sarbanes. On the one hand, you will not let me get 
a free credit report, and on the other hand you put me into a 
statute of limitations framework which is when the event 
occurred, not when I found out about the event.
    Mr. Pratt. Could I clarify that, Mr. Chairman?
    Actually, the triggering of your liability for a credit 
report is when you are harmed, not when I put the data in the 
file. I could have data in the file that is inaccurate for 3 
years, but the date of the event that gave rise to your harm is 
the date that the credit report was produced and you were 
declined or otherwise harmed. So, you often learn about the 
event, meaning your harm, through the adverse action notice.
    Senator Sarbanes. Do you always learn about it?
    Mr. Pratt. The world is not perfect, sir, but our belief is 
that because of the way the consumer----
    Senator Sarbanes. Who should the burden be upon to make the 
world more perfect in this regard--the lonely consumer or the 
business network that is engaged in these practices?
    Mr. Pratt. In our review of case law, a very small 
percentage ever deal with the statute of limitations. Consumers 
appear to be successful in bringing cases. They do bring cases 
every year, and certainly litigation has ensued since the 1996 
Amendments.
    Senator Sarbanes. I take it one of the AARP's lead 
recommendations is on the statute of limitations. Is that 
correct, Mr. Naylor?
    Mr. Naylor. That is correct, Senator.
    Senator Sarbanes. Mr. Cunningham, what is your view on this 
free report once a year?
    Mr. Cunningham. I believe that it is a question that should 
be answered by the credit bureaus more than by myself. I am not 
necessarily in a position to say whether or not it is the right 
thing to do economically or not.
    Senator Sarbanes. Mr. Chairman, I have another question.
    Chairman Shelby. You go ahead.
    Senator Sarbanes. Just a week ago in the American Banker 
there was an article, ``Setting New Policies To Catch Identify 
Thieves.'' It reports that starting July 1 all businesses in 
California will have to tell customers when the security of 
their personal information has been breached. If a bank 
suspects that someone could have stolen a Social Security 
number, a driver's license, or bank account numbers, it must 
inform the customer. Is there anyone at the table who feels it 
is undesirable to enact such a law 
nationally?
    Ms. Foley. We supported, Senator, a piece in that bill. But 
I would like to see it expand, and not that it just be limited 
to computer information but any information breach because of 
the dumpster diving issue as well.
    Senator Sarbanes. Anyone else who might oppose that?
    Mr. Pratt. Maybe there is just a policy question and that 
is to make sure that if a law like that were to be considered 
you would want to make sure that you did not have a cry wolf 
event. You would want to make sure that there were measurements 
in place to ensure that there was a real breach and that there 
was a real extraction of data because otherwise consumers will 
be flooded with notices because of the requirement of the law 
and that might be ineffective as well. So the key would be that 
you would need to balance the requirements such that breach 
notices would occur when there appears to be a real substantive 
material reason to have that breach notice delivered. I think 
that is just reasonable in terms of how a law like that would 
operate.
    Ms. Foley. That was built into the law when it was passed.
    Chairman Shelby. Senator Bennett.
    Senator Sarbanes. Thank you, Mr. Chairman.
    Senator Bennett. One of the things we live with in this 
world are pop-ups and advertisements on the Internet all the 
time. One that, at least shows up on my computer a lot, is 
click here for a free credit report. Can we reconcile that with 
this conversation? What do I get if I click that? I have never 
done it. Frankly, I have an irrational fear that doing so would 
somehow compromise my identity and that somebody is after me. 
So, I never click there for a free credit report. What do you 
get when you do that?
    Ms. Foley. You will be charged $79.95 after a 3-month trial 
period of a credit monitoring service.
    Senator Bennett. But I would get a free credit report and 
then I would, after 3 months, be able to say, I do not want to 
spend the $79.95?
    Ms. Foley. Correct. But they are also working on the idea 
that most of us do look at these free offers. We go for our 
free 3 months of trial and then we forget to discontinue.
    Senator Bennett. In other words, a free report can be 
supplied pretty quickly if somebody asks for it. Now there is 
an economic reason to say, we will give it to you as a teaser 
to get you to sign up for something else, and I will not 
discuss whether the something else is wise or not wise, whether 
it is good business or bad business, or an improper offering to 
a customer. I think the customer should make that decision.
    Ms. Foley. Excuse me, Senator Bennett, here is one other 
problem with that free pop-up. We do not know if it is a 
legitimate offer or if it is a scam fraud or it is trying to 
mine information from you.
    Senator Bennett. I understand that. That is why I do not 
click on them because I do not want to see my credit report 
because 
everything is going fine. Now, I have been, I will not say a 
victim of identity theft by any means on the scale that Captain 
Harrison has suffered, but I have had some really tough 
conversations with some lenders that told me that I had filed 
for bankruptcy and I had had default on major property, none of 
which I had owned, and all of the rest of this. And it was not 
fun to try to get it straightened out. They finally figured out 
there was another Robert Bennett and it was not me.
    My daughter has had a fairly serious experience with 
identity theft. Again, nowhere near the level that Captain 
Harrison has, but I am sympathetic with this statute of 
limitation thing because years later she keeps running into 
problems even after she long since had thought she had gotten 
it all cleaned up. Every once in awhile something pops up and, 
gee, I have to deal with this. It has been 3 years since my 
wallet was stolen.
    Captain Harrison, do you have any idea how they got your 
military identity card? That is the breach that caused this 
whole thing. It was not dumpster dipping or the stealing of 
mail. They went to a military installation and here is a fellow 
who has received an honorable discharge and years after you 
have left the military they walk away with your identity card. 
How did they do that?
    Mr. Harrison. He had my name and Social Security number. I 
do not know exactly how he got it because I cannot get access 
to the investigation under the Freedom of Information Act 
unless I get his permission, the imposter, to release that 
information. But it is not difficult to get a name and a Social 
Security number from someone in the military. Those two things 
are on almost every piece of paper I have ever filled out in 
the military, because your Social Security number is also your 
service number.
    Senator Bennett. The Senate identity card I carry has my 
Social Security number on it, and my driver's license has my 
Social Security number on it. When I was running a business and 
we would assign customer numbers, the fellow who ran our IT 
program came to me after a little while and he said, we have to 
stop using the company-generated customer numbers. I said, why, 
and he said, they are far too cumbersome. Let's go to industry 
standard and ask everybody for their Social Security number, 
and we did.
    People would open an account with us and we would say, 
name, Social Security number. They would give us the Social 
Security number, and that was the whole database of the 
company. Whether we like it or not, the Social Security number 
has become the national identity number that is in so many 
databases right now that I shudder to think of what it would 
cost if suddenly everybody had to come up with a new number. So 
yes, your Social Security number was your service number. I 
remember I had to memorize it when I was in the Army in the 
1950's. I cannot tell it to you now but I can tell you my 
Social Security number.
    The control in the military is so lax that they would give 
out to somebody a military identity card for somebody who has 
retired? I think we should hold a hearing with the Armed 
Services and say, what are you doing here when you are this lax 
with something of that kind.
    Mr. Harrison. I believe that the person that issued the 
card was in on it. I believe that. I spoke with the Secret 
Service agent that did this and no one else was arrested. But 
my name and my Social Security number was used. They changed my 
date of birth on the identity card. They changed the color of 
my eyes, my hair, my height, and my weight.
    Senator Bennett. That makes sense.
    Mr. Cunningham. You cannot do that unless----
    Senator Bennett. That makes sense if the fellow or young 
lady who delivered the military identity was part of the 
conspiracy. That is beyond the jurisdiction of this Committee, 
but that might be another criminal activity that might be 
considered. Yes, the fellow who bought the Harley-Davidson went 
to jail, but the person who aided and abetted probably should 
in some manner be considered a co-conspirator and just as 
liable.
    You talk about family identity theft. Internal to the 
military or whatever, that is a form of family theft. We should 
take a long look at spreading the pain around if somebody aids 
and abets, and it is not just the criminal that goes to jail.
    Thank you very much for the hearing, Mr. Chairman. I think 
this has been very helpful.
    Chairman Shelby. Thank you, Senator Bennett.
    Ms. Foley, out of fairness, you did ask him a question. 
Everybody has had their time, so quickly, what was the 
question, and quickly I hope he will answer it.
    Ms. Foley. We have the one-stop-shop now. Have we resolved 
the problem that the three different repositories want 
different types of information in order to get your credit 
reports, and that, in some cases, I can get it out of two but 
not the third because each one of them has different 
information and maybe the third one has the imposter's address 
instead of my address and now the computer system would not 
tilt.
    Mr. Pratt. The data exchange has a standard set of data and 
they all agreed on what data elements would have to be provided 
so it could go to each company and each company would use the 
same data elements to pull the file. That is the data exchange 
part of it. There is no doubt each company still has an 
individual obligation to make sure the data matches with a file 
so they can release a file and they can comply with the law and 
properly identify the consumer.
    So, yes, there might be an instance where the data cannot 
be matched properly within an individual company, but the data 
is standard and the data standard is transferred between each 
of the companies.
    Chairman Shelby. Captain Harrison, you are the victim here, 
and a horrible victim. What is your last word to us?
    Mr. Harrison. I guess I will make my last word about the 
Fair Credit Reporting Act. I said this before when I was before 
the State legislature in Connecticut. I think the intent of the 
Fair Credit 
Reporting Act is very good and I understand it, and I think 
that everybody that put it together understands it. It makes a 
lot of sense.
    Chairman Shelby. It works well in a lot of ways.
    Mr. Harrison. It works well in a lot of ways. I think the 
problem that I have encountered is that a lot of people are not 
obeying the intent. They are only obeying the word. Everything 
that says may might as well say, do not do it. That is why this 
thing is so difficult. People are not understanding the intent. 
I really think that has to be firmed up. Less of the intent 
taken out and more of the, you have to do this put in it.
    Chairman Shelby. Thank you very much.
    I thank all of you. It has been a long morning.
    The hearing is adjourned.
    [Whereupon, at 1:04 p.m., the hearing was adjourned.]
    [Prepared statements and responses to written questions 
supplied for the record follow:]

             PREPARED STATEMENT OF SENATOR MICHAEL B. ENZI

    Thank you Mr. Chairman for holding this hearing.
    Identity theft is a very serious issue that affects not only 
individuals, but also our economy as a whole. As the fastest growing 
crime in America, it is not neatly confined to one State or county. And 
that is the problem with identity theft. People from every corner of 
the country can and do become victims of this invasive crime.
    Even small States like Wyoming are adversely affected. Although 
there are only 493,000 people in Wyoming, we have the same rate of 
identity theft per capita as anywhere else in the country. That is why 
we have to approach this issue from a holistic perspective. We have to 
look at prevention, enforcement, and assistance to victims who are 
recovering from identity theft.
    Last year, I cosponsored a bill with Senator Cantwell that focused 
on the recovery part of the issue. Our bill would have made it easier 
for victims to get the information they need to clear their good name. 
Senator Gramm and I worked with Senator Cantwell for months to find a 
balance between the needs of consumers and the needs of small 
businesses, banks, and other credit agencies.
    Our bill included key provisions that would have allowed victims to 
work with businesses to obtain false records and block false 
information on credit reports. This is critical for somebody who is 
trying to put his or her life back together after the trauma of 
identity theft.
    I am encouraged by the interest my colleagues have shown here 
today. There are a number of bills out there that I think we need to 
consider in Congress before this crime hurts the hundreds of thousands 
of working people and families that are 
expected to become victims this year.
    I am confident we can make headway on this issue during the debate 
on reauthorization of the Fair Credit Reporting Act and I thank the 
Chairman for addressing this issue today.

                               ----------

              PREPARED STATEMENT OF J. HOWARD BEALES, III
 Director, Bureau of Consumer Protection, U.S. Federal Trade Commission
                             June 19, 2003

Introduction

    Mr. Chairman and Members of the Committee, I am Howard Beales, 
Director of the Bureau of Consumer Protection, Federal Trade Commission 
(FTC or Commission).\1\ I appreciate the opportunity to present the 
Commission's views on the impact of identity theft on consumers and the 
importance of information security in preventing identity theft.
---------------------------------------------------------------------------
    \1\ The views expressed in this statement represent the views of 
the Commission. My oral presentation and responses to questions are my 
own and do not necessarily represent the views of the Commission or any 
Commissioner.
---------------------------------------------------------------------------
    The Federal Trade Commission has a broad mandate to protect 
consumers, and controlling identity theft is an important issue of 
concern to all consumers. The FTC's primary role in combating identity 
theft derives from the 1998 Identity Theft Assumption and Deterrence 
Act (Identity Theft Act or Act).\2\ The Act directed the Federal Trade 
Commission to establish the Federal Government's central repository for 
identity theft complaints and to provide victim assistance and consumer 
education. The Commission also works extensively with industry on ways 
to improve victim assistance, including providing direct advice and 
assistance in cases when information has been compromised. The 
Commission can take enforcement action when companies fail to take 
adequate security precautions to protect consumers' personal 
information.
---------------------------------------------------------------------------
    \2\ Pub. L. No. 105-318, 112 Stat. 3007 (1998) (codified at 18 
U.S.C. Sec. 1028).

---------------------------------------------------------------------------
The Federal Trade Commission's Role in Combating Identity Theft

    The Identity Theft Act strengthened the criminal laws governing 
identity theft \3\ and focused on consumers as victims.\4\ Congress 
also recognized that coordinated efforts are essential to best serve 
the needs of identity theft victims because these fraud victims often 
need assistance both from government agencies at the national and State 
or local level and from businesses. As a result, the FTC's role under 
the Act is primarily one of facilitating information sharing among 
public and private entities.\5\ Specifically, Congress directed the 
Commission to establish procedures to: (1) log the receipt of complaints 
by victims of identity theft; (2) provide identity theft victims with 
informational materials; and (3) refer complaints to appropriate 
entities, including the major national consumer reporting agencies and 
law enforcement agencies.\6\ To fulfill the Act's mandate, the 
Commission has implemented a plan that focuses on three principal 
components: (1) a toll-free telephone hotline; (2) the Identity Theft 
Data Clearinghouse (Clearinghouse), a centralized database used to aid 
law enforcement; and (3) outreach and education to consumers, law 
enforcement, and private industry.
---------------------------------------------------------------------------
    \3\ 18 U.S.C. Sec. 1028(a)(7). The statute broadly defines ``means 
of identification'' to include ``any name or number that may be used, 
alone or in conjunction with any other information, to identify a 
specific individual,'' including, among other things, name, address, 
Social Security number, driver's license number, biometric data, access 
devices (i.e., credit cards), electronic identification number or 
routing code, and telecommunication identifying information.
    \4\ Because individual consumers' financial liability is often 
limited, prior to the passage of the Act, financial institutions, 
rather than individuals, tended to be viewed as the primary victims of 
identity theft. Setting up an assistance process for consumer victims 
is consistent with one of the Act's stated goals: To recognize the 
individual victims of identity theft. See S. Rep. No. 105-274, at 4 
(1998).
    \5\ Most identity theft cases are best addressed through criminal 
prosecution. The FTC itself has no direct criminal law enforcement 
authority. Under its civil law enforcement authority provided by 
Section 5 of the FTC Act, the Commission may, in appropiate cases, 
bring actions to stop practices that involve or facilitate identity 
theft. See, e.g., FTC v. Assail, Inc., W03 CA 007 (W.D. Tex. Feb. 4, 
2003) (order granting preliminary injunction) (defendants alleged to 
have debited consumers' bank accounts without authorization for 
``upsells'' related to bogus credit card package) and FTC v. Corporate 
Marketing Solutions, Inc., CIV- 02 1256 PHX RCB (D. Ariz. Feb. 3, 2003) 
(final order) (defendants ``pretexted'' personal information from 
consumers and engaged in unauthorized billing of consumers' credit 
cards). In addition, the FTC brought six complaints against marketers 
for purporting to sell international driver's permits that could be 
used to facilitate identity theft. Press Release, Federal Trade 
Commission, FTC Targets Sellers Who Deceptively Marketed International 
Driver's Permits over the Internet and via Spam (Jan. 16, 2003) (at 
http://www.ftc.gov/opa/2003/01/idpfinal.htm).
    \6\ Pub. L. No. 105-318, Sec. 5, 112 Stat. 3010 (1998).

---------------------------------------------------------------------------
Assisting Identity Theft Victim

    The most immediate way in which the FTC assists victims is by 
collecting complaints and providing advice on recovery through a 
telephone hotline and a dedicated website. On November 1, 1999, the 
Commission began collecting complaints from consumers via a toll-free 
telephone number, 1-877-ID-THEFT (438-4338). Every year since has seen 
an increase in complaints. In 2002, hotline counselors added almost 
219,000 consumer complaints to the Clearinghouse, up from more than 
117,000 in 2001. Of the 219,000 reports, almost 162,000 (74 percent) 
were complaints from identity theft victims, and almost 57,000 (26 
percent) were general inquiries about identity theft. Despite this 
dramatic growth in reports of identity theft, the FTC is cautious in 
attributing it entirely to a commensurate growth in the prevalence of 
identity theft. The FTC believes that the increase is, at least in 
part, an indication of successful outreach in informing the public of 
its program and the availability of assistance.
    Callers to the hotline receive telephone counseling from specially 
trained personnel who provide general information about identity theft 
and help guide victims through the steps needed to resolve the problems 
resulting from the misuse of their identities. Victims are advised to: 
(1) Contact each of the three national consumer reporting agencies to 
obtain copies of their credit reports and request that a fraud alert be 
placed on their credit reports; \7\ (2) contact each of the creditors 
or service providers where the identity thief has established or 
accessed an account, to request that the account be closed and to 
dispute any associated charges; and (3) report the identity theft to 
the police and get a police report, which is very helpful in 
demonstrating to would-be creditors and debt collectors that the 
consumers are genuine victims of identity theft.
---------------------------------------------------------------------------
    \7\ These fraud alerts indicate that the consumer is to be 
contacted before new credit is issued in that consumer's name. See 
Section II.B.(3)(a) infra for a discussion of the credit reporting 
agencies new ``joint fraud alert'' initiative.
---------------------------------------------------------------------------
    Counselors also advise victims having particular problems about 
their rights under relevant consumer credit laws including the Fair 
Credit Reporting Act,\8\ the Fair Credit Billing Act,\9\ the Truth in 
Lending Act,\10\ and the Fair Debt Collection Practices Act.\11\ If the 
investigation and resolution of the identity theft falls under the 
jurisdiction of another regulatory agency that has a program in place 
to assist consumers, callers also are referred to those agencies.
---------------------------------------------------------------------------
    \8\ 15 U.S.C. Sec. 1681 et seq.
    \9\ Id. Sec. 1666. The Fair Credit Billing Act generally applies to 
``open end'' credit accounts, such as credit cards, revolving charge 
accounts, and overdraft checking accounts. It does not cover 
installment contracts, such as loans or extensions of credit that are 
repaid on a fixed schedule.
    \10\ Id. Sec. 1601 et seq.
    \11\ Id. Sec. 1692 et seq.
---------------------------------------------------------------------------
    The FTC's identity theft website, located at www.consumer.gov/
idtheft, provides equivalent service for those who prefer the immediacy 
of an online interaction. The site contains a secure complaint form, 
which allows victims to enter their identity theft information for 
input into the Clearinghouse. Victims also can read and download all of 
the resources necessary for reclaiming their credit record and good 
name. One resource in particular is the FTC's tremendously successful 
consumer education booklet, Identity Theft: When Bad Things Happen to 
Your Good Name. The 26-page booklet, now in its fourth edition, 
comprehensively covers a range of topics, including the first steps to 
take for victims, how to correct credit-related and other problems that 
may result from identity theft, tips for those having trouble getting a 
police report taken, and advice on ways to protect personal 
information. It also describes Federal and State resources that are 
available to victims who may be having particular problems as a result 
of the identity theft. The FTC alone has distributed more than 1.2 
million copies of the booklet since its release in February 2000.\12\ 
Last year, the FTC released a Spanish language version of the identity 
theft booklet, Robo de Identidad: Algo malo puede pasarle a su buen 
nombre.
---------------------------------------------------------------------------
    \12\ Other Government agencies, including the Social Security 
Administration, the SEC, and the FDIC also have printed and distributed 
copies of Identity Theft: When Bad Things Happen to Your Good Name.

---------------------------------------------------------------------------
Outreach and Education

    The Identity Theft Act also directed the FTC to provide information 
to consumers about identity theft. Recognizing that law enforcement and 
private industry play an important part in the ability of consumers 
both to minimize their risk and to recover from identity theft, the FTC 
expanded its mission of outreach and education to include these 
sectors.

Consumers

    The FTC has taken the lead in coordinating with other Government 
agencies and organizations in the development and dissemination of 
comprehensive consumer education materials for victims of identity 
theft and those concerned with preventing this crime. The FTC's 
extensive consumer and business education campaign includes print 
materials, media mailings, and radio and television interviews. The FTC 
also maintains the identity theft website, which includes the 
publications and links to testimony, reports, press releases, identity 
theft-related State laws, and other resources.
    To increase identity theft awareness for the average consumer, the 
FTC recently developed a new primer on identity theft, Identity Theft: 
What's It All About? This publication discusses the common methods of 
identity thieves, how consumers can best minimize their risk of being 
victimized, how to identify the signs of victimization, and the basic 
first steps for victims. Taken together with the detailed victim 
recovery guide, Identity Theft: When Bad Things Happen to Your Good 
Name, the two publications help to fully educate consumers.

Law Enforcement

    Because law enforcement at the State and local level can provide 
significant practical assistance to victims, the FTC places a premium 
on outreach to such agencies. In addition to the training described 
below (see infra Section II.C.), the staff joined with North Carolina's 
Attorney General Roy Cooper to send letters to every other attorney 
general letting him or her know about the FTC's identity theft program 
and how each Attorney General could use the resources of the program to 
better assist residents of his or her State. The letter encourages the 
Attorney General to link to the consumer information and complaint form 
on the FTC's website and to let residents know about the hotline, 
stresses the importance of the Clearinghouse as a central database, and 
describes all of the educational materials that the attorney general 
can distribute to residents. North Carolina took the lead in availing 
itself of the Commission's resources in putting together for its 
resident victims a package of assistance that includes the Identity 
Theft Affidavit (see Section II.B.(3)(a)), links to the FTC website and 
www.consumer.gov/idtheft. Through this initiative, the FTC hopes to 
make the most efficient use of Federal resources by allowing States to 
take advantage of the work the FTC has already accomplished and at the 
same time continuing to expand the centralized database of victim 
complaints and increase its use by law enforcement nationwide. Other 
outreach initiatives include: (1) Participation in a ``Roll Call'' 
video produced by the Secret Service, which will be sent to thousands 
of law enforcement departments across the country to instruct officers 
on identity theft, investigative resources, and assisting victims; and 
(2) redesigning of the FTC's website to include a section for law 
enforcement with tips on how to help victims, as well as resources for 
investigations. The FTC will launch the new website this summer.

Industry

    (a) Victim Assistance: Identity theft victims spend significant 
time and effort 
restoring their good name and financial records. As a result, the FTC 
devotes significant resources to conducting outreach with the private 
sector on ways to improve victim assistance procedures. One such 
initiative arose from the burdensome requirement that victims complete 
a different fraud affidavit for each different creditor with whom the 
identity thief had opened an account.\13\ To reduce that burden, the 
FTC worked with industry and consumer advocates to create a standard 
form for victims to use in resolving identity theft debts. From its 
release in August 2001 through April 2003, the FTC has distributed more 
than 293,000 print copies of the Identity Theft Affidavit. There have 
also been more than 356,000 hits to the web version. The affidavit is 
available in both English and Spanish.
---------------------------------------------------------------------------
    \13\ See Identity Theft: When Bad Things Happen to Your Good Name. 
Hearing Before the Subcommittee on Technology, Terrorism, and 
Government Information of the Senate Judiciary Committee, 106th 
Congress (2000) (statement of Mrs. Maureen Mitchell, Identity Theft 
Victim).
---------------------------------------------------------------------------
      The three major credit reporting agencies (CRA's) recently 
launched a new initiative, the ``joint fraud alert.'' After receiving a 
request from an identity theft victim for the placement of a fraud 
alert on his or her consumer report and for a copy of that report, each 
CRA now shares that request with the other two CRA's, thereby 
eliminating the requirement that the victim contact each of the three 
major CRA's separately.
    (b) Information Security Breaches: Additionally, the FTC is working 
with institutions that maintain personal information to identify ways 
to help keep that information safe from identity theft. Last year, the 
FTC invited representatives from financial institutions, credit 
issuers, universities, and retailers to an informal roundtable 
discussion of how to prevent unauthorized access to personal 
information in employee and customer records. The FTC will soon publish 
a self-assessment guide to make businesses and organizations of all 
sizes more aware of how they manage personal information and to aid 
them in assessing their security protocols.
    As awareness of the FTC's role in identity theft has grown, the 
businesses and organizations that have suffered compromises of personal 
information have begun to contact the FTC for assistance. For example, 
in the cases of TriWest \14\ and Ford/Experian,\15\ in which tens of 
thousands of consumers' files were compromised, the Commission advised 
how to notify those individuals and how to protect the data in the 
future. To provide better assistance in these types of cases, the FTC 
developed a kit, Responding to a Theft of Customer or Employee 
Information, that will be 
posted on the identity theft website in the coming weeks. The kit 
provides advice on which law enforcement agency to contact, depending 
on the type of compromise, business contact information for the three 
major credit reporting agencies, with 
suggestions for establishing an internal communication protocol, 
information about contacting the FTC for assistance, and a detailed 
explanation of what information individuals need to know. The kit also 
includes a form letter for notifying the individuals whose information 
was taken. Organizations are encouraged to print and include copies of 
Identity Theft: When Bad Things Happen to Your Good Name with the 
letter to individuals.
---------------------------------------------------------------------------
    \14\ Adam Clymer, Official Say Troops Risk Identity Theft After 
Burglary, The New York Times, Nov. 6, 2002, Main News, Part 1 (Home 
Edition), at 12.
    \15\ Kathy M. Kristof and John J. Goldman, 3 Charged in Identity 
Theft Case, Los Angeles Times, Nov. 6, 2002, Main News, Part 1 (Home 
Edition), at 1.
---------------------------------------------------------------------------
    The FTC particularly stresses the importance of notifying 
individuals as soon as possible when information has been taken that 
may put them at risk for identity theft. They can then begin to take 
steps to limit the potential damage to themselves. Individuals who 
place a fraud alert promptly have a good chance of preventing, or at 
least reducing, the likelihood that the release of their information 
will turn into actual misuse. The prompt notification also alerts these 
individuals to review their credit reports and to watch for the signs 
of identity theft. In the event that they should become victims, they 
can quickly take action to clear their records before any long-term 
damage is done. Besides providing Responding to a Theft of Customer or 
Employee Information, FTC staff can provide individual assistance and 
advice, including a review of consumer information materials for the 
organization and coordination of searches of the Clearinghouse for 
complaints with the law enforcement 
officer working the case.

Identity Theft Data Clearinghouse

    The final mandate for the FTC under the Identity Theft Act was to 
log the complaints from victims of identity theft and to refer those 
complaints to appropriate entities such as law enforcement agencies. 
Before launching this complaint system, the Commission took a number of 
steps to ensure that it would meet the needs of criminal law 
enforcement, including meeting with a host of law enforcement and 
regulatory agencies to obtain feedback on what the database should 
contain. Access to the Clearinghouse via the FTC's secure website 
became available in July 2000. To ensure that the database operates as 
a national clearinghouse for complaints, the FTC has solicited 
complaints from other sources. For example, in February 2001, the 
Social Security Administration-Office of Inspector General (SSA-OIG) 
began providing the FTC with complaints from its fraud hotline, 
significantly enriching the FTC's database.
    The Clearinghouse provides a much fuller picture of the nature, 
prevalence, and trends of identity theft than was previously 
available.\16\ The FTC data analysts aggregate the data to develop 
statistics about the nature and frequency of identity theft. For 
instance, the Commission publishes charts showing the prevalence of 
identity theft by States and by cities. Law enforcement and 
policymakers at all levels of government use these reports to better 
understand the challenges identity theft presents.
---------------------------------------------------------------------------
    \16\ Charts that summarized 2002 data from the Clearinghouse can be 
found at www.consumer.
gov/idtheft and www.consumer.gov/sentinel.
---------------------------------------------------------------------------
    Since the inception of the Clearinghouse, 62 Federal agencies and 
574 State and local agencies have signed up for access to the database. 
Within those agencies, over 4,200 individual investigators have the 
ability to access the system from their desktop computers 24 hours a 
day, 7 days a week. The Commission actively encourages even greater 
participation.
    One of the goals of the Clearinghouse and the FTC's identity theft 
program is to provide support for identity theft prosecutions 
nationwide.\17\ Last year, in an effort to further expand the use of 
the Clearinghouse among law enforcement, the FTC, in cooperation with 
the Department of Justice and the U.S. Secret Service, initiated a full 
day identity theft training seminar for State and local law enforcement 
officers. Sessions were held in Washington, DC, Des Moines, Chicago, 
San Francisco, Las Vegas, Dallas, and Phoenix. The Phoenix program was 
held May 22. More than 730 officers have attended these seminars, 
representing more than 170 different agencies. Additional training 
seminars will occur later this year in Seattle, New York, and Houston--
cities the FTC has identified as having high rates of identity theft. 
Also, the FTC is a member of an identity theft task force in Kansas 
City and is helping coordinate a training seminar there later this 
summer.
---------------------------------------------------------------------------
    \17\ The Commission testified last year in support of S. 2541, the 
Identity Theft Penalty Enhancement Act of 2002, which would increase 
penalties and streamline proof requirements for prosecution of many of 
the most harmful forms of identity theft. See Testimony of Bureau 
Director J. Howard Beales, III, Senate Judiciary Committee, 
Subcommittee on Terrorism, Technology, and Government Information (July 
11, 2002). S. 2541 has been reintroduced in the 108th Congress as S. 
153.
---------------------------------------------------------------------------
    The FTC staff also helps develop case leads. Now in its second 
year, the Commission runs an identity theft case referral program in 
coordination with the U.S. 
Secret Service. The Secret Service has assigned a special agent on a 
full-time basis to the Commission to assist with identity theft issues 
and has provided the services of its Criminal Research Specialists.\18\ 
Together, the FTC and Secret Service staff develop preliminary 
investigative reports by examining significant patterns of identity 
theft activity in the database and refining the data through the use of 
additional investigative resources. Thereupon, the staff refer the 
investigative reports to appropriate Financial Crimes Task Forces and 
other law enforcers located throughout the country for further 
investigation and potential prosecution.
---------------------------------------------------------------------------
    \18\ The referral program complements the regular use of the 
database by all law enforcers from their desktop computers.

---------------------------------------------------------------------------
The Federal Trade Commission's Role in Information Security

    In addition to providing assistance to victims of identity theft, 
the Commission also examines security precautions involving consumers' 
personal information to determine whether law enforcement may be 
appropriate. If so, the Commission has two valuable legal tools to work 
with: Section 5 of the FTC Act,\19\ which prohibits unfair and 
deceptive acts or practices, and the Commission's Gramm-Leach-Bliley 
Safeguards Rule (the Safeguards Rule or the Rule).\20\
---------------------------------------------------------------------------
    \19\ 15 U.S.C. Sec. 45.
    \20\ 16 CFR Part 314, available online at http://www.ftc.gov/os/
2002/05/67fr36585.pdf.

---------------------------------------------------------------------------
Law Enforcement Under Section 5

    One of the mainstays of the Commission's privacy program is the 
enforcement of promises that companies make to consumers about privacy, 
including, the precautions they take to ensure the security of 
consumers' personal information. The Commission enforces such promises 
both online and offline. One area of particular concern involves 
breaches of sensitive information because they put consumers at the 
greatest risk of identity theft and other harms.
    Last August, the Commission announced a settlement with Microsoft 
regarding misleading claims made by the company about the information 
collected from consumers through its Passport services--Passport, 
Passport Wallet, and Kids Passport. \21\ Passport is a service that 
collects information from consumers and then allows them to sign in at 
any participating site using a single name and password. Passport 
Wallet collects and stores consumers' credit card numbers, and billing 
and shipping addresses, so that consumers do not have to input this 
information every time they make a purchase from a site. Kids Passport 
was promoted as a way for parents to create accounts for their children 
that limited the information that could be collected from them.
---------------------------------------------------------------------------
    \21\ The Commission's final decision and order in the Microsoft 
case is available at http://www.ftc.gov/os/2002/12/
microsoftdecision.pdf. The Commission's complaint is available at 
http://www.ftc.gov/os/2002/12/microsoftcomplaint.pdf.
---------------------------------------------------------------------------
    The Commission's complaint alleged that Microsoft misrepresented 
the privacy afforded by these services, including the extent to which Microsoft kept the information secure. For example, in various online statements, Microsoft said that the Passport service ``achieves a high 
level of web security by using technologies and systems designed to 
prevent unauthorized access to your personal information.'' The Commission 
alleged that Microsoft, in fact, failed to employ reasonable and 
appropriate measures to protect the personal information collected in 
connection with these services because it failed to: (1) implement 
procedures needed to prevent or detect unauthorized access; (2) monitor 
the system for potential vulnerabilities; and (3) perform appropriate 
security audits or investigations.
    The Commission's order against Microsoft contains strong relief 
that will provide significant protections for consumer information. 
First, it prohibits any misrepresentations about the use of and 
protection for personal information. Second, it requires Microsoft to 
implement a comprehensive information security program similar to the 
program required under the FTC's Gramm-Leach-Bliley Safeguards Rule, 
which is discussed below. Finally, to provide additional assurances 
that the information security program complies with the consent order, 
every 2 years Microsoft must have its program certified by an 
independent professional that it meets or exceeds the standards in the 
order. The provisions of the order will continue for 20 years and the 
Commission is systematically monitoring compliance.
    Microsoft is an important case because the settlement required that 
the company adhere to its security promises even in the absence of a 
known breach of the system. The Commission found even the potential for 
injury actionable when sensitive information and security promises were 
involved, and when the potential for injury was significant. This 
determination is an extremely important principle. It is not enough to 
make promises about protecting personal information, and then just hope 
that nothing bad happens or, if it does, that nobody finds out. 
Fulfilling privacy promises requires affirmative steps to ensure that 
personal information is appropriately protected from identity theft and 
other risks to consumers' personal information.
    The Microsoft case followed a similar case the Commission settled 
earlier last year against Eli Lilly.\22\ The Lilly case also involved 
alleged misrepresentations regarding the security provided for 
sensitive consumer information--in this instance, consumers' health 
information. Like Microsoft, Lilly made claims that it had security 
measures in place to protect the information collected from consumers 
on its website. As in Microsoft, the Commission charged Lilly with 
failing to have reasonable measures in place to protect the 
information.
---------------------------------------------------------------------------
    \22\ The Commission's final decision and order against Eli Lilly is 
available at http://www.ftc.
gov/os/2002/05/elilillydo.htm. The complaint is available at http://
ww.ftc.gov/os/2002/elilillycmp.htm.
---------------------------------------------------------------------------
    Specifically, in sending an e-mail to Prozac users who subscribed 
to a service on the site, Lilly put all of the consumers' e-mail 
addresses in the ``To:'' line of the e-mail, essentially disclosing to 
all users the identities of all of the other Prozac users. The 
Commission's complaint alleged that this happened because Lilly failed, 
among other things, to provide appropriate training and oversight for 
the employee who sent the e-mail and to implement appropriate checks on 
the process of using sensitive customer data. The order in the Lilly 
case prohibits the misrepresentations and, as in Microsoft, requires 
Lilly to implement a comprehensive information security program.
    Just this week, the Commission settled alleged violations of 
Section 5 in connection with statements made by Guess, Inc. concerning 
the security provided for sensitive consumer information collected 
through its website www.guess.com. According to the Commission's 
complaint, by conducting a ``web-based application'' attack on the 
Guess, Inc. website, an attacker gained access to a database containing 
191,000 credit card numbers. The complaint alleged that, despite 
specific claims that it provided security for the information collected 
from consumers through its website, Guess did not: (1) employ commonly 
known, relatively low-cost methods to block web-application attacks, 
which are well-known in the technology industry; (2) adopt policies and 
procedures to identify these and other vulnerabilities; or (3) test its 
website and databases for known application vulnerabilities, which 
would have alerted it that the website and associated databases were at 
risk of attack. Essentially, the company allegedly had no system in 
place to test for known application vulnerabilities, or to detect or to 
block attacks once they occurred.
    In addition, the complaint alleged, Guess misrepresented that the 
personal information it obtained from consumers through www.guess.com 
was stored in an unreadable, encrypted format at all times; but in 
fact, after launching the attack, the attacker could read the personal 
information, including credit card numbers, stored on www.guess.com in 
clear, unencrypted text. The order prohibits misrepresentations about 
the security and confidentiality of any information collected from or 
about consumers online and, as in Microsoft and Lilly, requires Guess 
to implement a comprehensive information security program.
    This case highlights a crucial but often neglected aspect of 
information security: The security of web-based applications and the 
databases associated with them. Databases frequently house sensitive 
data such as credit card numbers, and web-based applications are often, 
as with Guess, the ``front door'' to these databases. It is critical 
that online companies take reasonable steps to secure these aspects of 
their systems, especially when they have made promises about the 
security they provide for consumer information.
    It is important to note that the Commission is not simply saying 
``gotcha'' for security breaches. While a breach may indicate a problem 
with a company's security, breaches can happen even when a company has 
taken every reasonable precaution. In such instances, the breach will 
not violate the laws the FTC enforces. Instead, the Commission 
recognizes that security is an ongoing process of using reasonable and 
appropriate measures in light of the circumstances. That is the 
approach the Commission took in these cases and in its Gramm-Leach-
Bliley Safeguards Rule, and the approach it will continue to take.

GLB Safeguards Rule

    In May 2002, the Commission finalized its Gramm-Leach-Bliley 
Safeguards Rule, which requires that financial institutions under the 
FTC's jurisdiction to develop and implement appropriate physical, 
technical, and procedural safeguards to protect customer information. 
The Rule became effective on May 23 of this year, and the Commission 
expects that it will quickly become an important tool to ensure greater 
security for consumers' sensitive financial information. Whereas 
Section 5 authority derives from misstatements particular companies 
make about security, the Rule 
requires a wide variety of financial institutions to implement 
comprehensive protections for customer information--many of them for 
the first time. The Rule could go a long way to reduce risks to this 
information, including identity theft.
    The Safeguards Rule requires financial institutions to develop a 
written information security plan that describes their program to 
protect customer information. Due to the wide variety of different 
entities covered, the Rule requires a plan that takes into account each 
entity's particular circumstances--its size and its complexity, the 
nature and scope of its activities, and the sensitivity of the customer 
information it handles.
    As part of its plan, each financial institution must: (1) designate 
one or more employees to coordinate the safeguards; (2) identify and 
assess the risks to customer information in each relevant area of the 
company's operation, and evaluates the 
effectiveness of the current safeguards for controlling these risks; 
(3) design and implement a safeguards program, and regularly monitor 
and test it; (4) hire the appropriate service providers and contract 
with them to implement safeguards; and (5) evaluate and adjust the 
program in light of relevant circumstances, including changes in the 
firm's business arrangements or operations, or the results of testing 
and monitoring of safeguards. The Safeguards Rule requires businesses 
to consider all areas of their operation, but identifies three areas 
that are particularly important to information security: employee 
management and training; information systems; and management of system 
failures.
    The Commission has already issued guidance to businesses covered by 
the Safeguards Rule to help them understand the Rule's 
requirements.\23\ Commission staff have met with a variety of trade 
associations and companies to learn about industry's experience in 
coming into compliance with the Rule, to discuss areas in which 
additional FTC guidance might be appropriate, and to gain a better 
understanding of how the Rule is affecting particular industry 
segments. Now that the Rule is effective, the Commission plans to 
conduct sweeps to assess compliance within various covered industry 
segments.
---------------------------------------------------------------------------
    \23\ Financial Institutions and Customer Data: Complying with the 
Safeguards Rule, available at http://www.ftc.gov/bcp/conline/pubs/
buspubs/safeguards.htm.

---------------------------------------------------------------------------
Education and Workshops

    Finally, the Commission recently hosted two workshops focusing on 
the role that technology plays in protecting personal information.\24\ 
At the first workshop, which focused on the technologies available to 
consumers, we heard that many of these technologies have failed because 
they were too difficult to use; also, consumers did not want to pay 
separately for a ``fix'' many assumed was already integrated into the 
computers and applications they purchased. Panelists generally agreed 
that, to succeed in the marketplace, these technologies must be easy to 
use and built into the basic hardware and software consumers purchase.
---------------------------------------------------------------------------
    \24\ Additional information about the workshops are available at 
http://www.ftc.gov/bcp/workshops/technology/index.htm.
---------------------------------------------------------------------------
    At the second workshop, which focused on the technologies available 
to businesses, we learned that businesses, like consumers, need 
technology that is easy to use and compatible with their other systems. 
We also heard that technology should be viewed as just one part of an 
overall information management system that also relies heavily on 
people and the use of appropriate processes and procedures. 
Unfortunately, we also heard that too many technologies are sold before 
undergoing adequate testing and quality control, frustrating progress 
in this area.
    On June 18, the Commission hosted a public workshop to examine the 
costs and benefits to consumers and businesses of the collection and 
use of consumer information. Five CEO's made presentations about how 
their companies use and value data. Two case studies related to credit 
transactions and targeting marketing provided specific examples.\25\ In 
addition, we considered the possible methodologies for further 
measuring and analyzing the costs and benefits to consumers of these 
information practices.
---------------------------------------------------------------------------
    \25\ Additional information about the workshop is available at 
http://www.ftc.gov/bcp/workshops/infoflows/index.html.

---------------------------------------------------------------------------
Conclusion

    Identity theft and large scale security breaches place substantial 
costs on individuals and on businesses. The Commission, through its 
education and its enforcement capabilities, is committed to reducing 
these breaches as much as possible. The Commission will continue its 
efforts to assist criminal law enforcement with their investigations. 
Prosecuting perpetrators sends the message that identity theft is not 
cost-free. Finally, the Commission knows that as with any crime, 
identity theft can never be completely eradicated. Thus, the 
Commission's program to assist victims and work with the private sector 
on ways to facilitate the process for regaining victims' good names 
will always remain a priority.

                 PREPARED STATEMENT OF TIMOTHY CADDIGAN

        Special Agent in Charge, Criminal Investigative Division
                          U.S. Secret Service
                             June 19, 2003

    Mr. Chairman, Senator Sarbanes, and Members of the Committee, thank 
you for inviting me to be part of this hearing today, and the 
opportunity to address the Committee regarding the Secret Service's 
efforts to combat identity crime and protect our Nation's financial 
infrastructure.
    The Secret Service was originally established within the Department 
of the Treasury in 1865 to combat the counterfeiting of U.S. currency. 
Since that time, this Agency has been tasked with the investigation of 
financial crimes, as well as the protection of our Nation's leaders, 
visiting foreign dignitaries and events of national significance. 
Although, we have moved to the Department of Homeland Security, the 
Secret Service has maintained historic relationships with the 
Department of the Treasury in our ongoing efforts to ensure a secure 
financial services infrastructure.
    With the passage of new Federal laws in 1982 and 1984, the Secret 
Service was provided primary authority for the investigation of access 
device fraud, including credit card and debit card fraud, and parallel 
authority with other law enforcement agencies in identity crime cases. 
The explosive growth of these crimes has resulted in the evolution of 
the Secret Service into an agency that is recognized worldwide for its 
expertise in the investigation of all types of financial crimes. Our 
efforts to detect, investigate, and prevent financial crimes are 
aggressive, innovative, and comprehensive.
    The burgeoning use of the Internet and advanced technology, coupled 
with increased investment and expansion, has intensified competition 
within the financial sector. With lower costs of information-
processing, legitimate companies have found it profitable to specialize 
in data mining, data warehousing, and information brokerage. 
Information collection has become a common byproduct of newly emerging 
e-commerce. Internet purchases, credit card sales, and other forms of 
electronic transactions are being captured, stored, and analyzed by 
businesses seeking to find the best customers for their products. This 
has led to a new measure of growth within the direct marketing industry 
that promotes the buying and selling of personal information. In 
today's markets, consumers routinely provide personal and financial 
identifiers to companies engaged in business on the Internet. They may 
not realize that the information they provide in credit card 
applications, loan applications, or with merchants they patronize are 
valuable commodities in this new age of information trading. Consumers 
may be even less aware of the illegitimate uses to which this 
information can be put. This wealth of available personal information 
creates a target-rich environment for today's sophisticated criminals, 
many of whom are organized and operate across international borders. 
But legitimate business can provide a first line of defense against 
identity crime by safeguarding the information it collects. Such 
efforts can significantly limit the opportunities for identity crime, 
even while not eliminating its occurrence altogether.
    Simply stated, identity crime is the theft or the misuse of an 
individual's personal or financial identifiers in order to gain 
something of value or to facilitate other criminal activity. Types of 
identity crime include identity theft, credit card fraud, bank fraud, 
check fraud, false identification fraud, and passport /visa fraud. 
Identity crimes are almost always associated with other crimes such as 
narcotics and weapons trafficking, organized crime, mail theft and 
fraud, money laundering, immigration fraud, and terrorism.
    According to statistics compiled by the FTC for the year 2002, 22 
percent of the 161,819 victim complaints reported involved more than 
one type of identity crime. The complaints were broken down as follows 
(note that some complaints involved more than one of the listed 
activities):

 42 percent of complaints involved credit card fraud--for 
    example, someone either opened up a credit card account in the 
    victim's name or ``took over'' their existing credit card account;
 22 percent of complaints involved the activation of telephone, 
    cellular, or other utility service in the victim's name;
 17 percent of complaints involved bank accounts that had been 
    opened in the victim's name, and /or fraudulent checks had been 
    negotiated in the victim's name;
 9 percent of complaints involved employment-related fraud;
 8 percent of complaints involved Government documents /
    benefits fraud;
 6 percent of complaints involved consumer loans or mortgages 
    that were obtained in the victim's name; and
 16 percent of complaints involved some type of miscellaneous 
    fraud, such as medical, bankruptcy, and securities fraud.

    Identity crime is not targeted against any particular demographic; 
instead, it affects all types of Americans, regardless of age, gender, 
nationality, or race. Victims include everyone from restaurant workers, 
telephone repair technicians, and police officers, to corporate and 
Government executives, celebrities, and high-ranking military officers. 
What victims do have in common is the difficult, time-consuming, and 
the potentially expensive task of repairing the damage that has been 
done to their credit, their savings, and their reputation. According to 
a report by the General Accounting Office, the average victim spends 
over 175 hours attempting to repair the damage done by identity 
criminals.
    In past years, victims of financial crimes such as bank fraud or 
credit card fraud were identified by statute as the person, business, 
or financial institution that 
incurred a financial loss. All too often the individuals whose credit 
was ruined through identity theft were not even recognized as victims. 
As a result of the passage of the Identity Theft and Assumption 
Deterrence Act in 1998, this is no longer the case. This legislation 
represented the first comprehensive effort to rewrite the Federal 
criminal code to address the insidious affects of identity theft on 
private citizens. This new law amended Section 1028 of Title 18 of the 
United States Code to provide enhanced investigative authority to 
combat the growing problem of identity theft. These protections 
included:

 The establishment of the Federal Trade Commission (FTC) as the 
    central clearinghouse for victims to report incidents of identity 
    theft. This centralization of all identity theft cases allows for 
    the identification of systemic weaknesses and provides law 
    enforcement with the ability to retrieve investigative data at one 
    central location. It further allows the FTC to provide victims with 
    the information and the assistance that they need in order to take 
    the steps necessary to correct their credit records.
 The enhancement of asset forfeiture provisions to allow for 
    the repatriation of funds to victims.
 The closing of a significant gap in then-existing statutes. 
    Previously, only the production or possession of false 
    identification documents was unlawful. However, with advances in 
    technology such as e-commerce and the Internet, criminals did not 
    need actual, physical identification documents to assume an 
    identity. This statutory change made it illegal to steal another 
    person's personal identification information with the intent to 
    commit a violation, regardless of actual possession of identity 
    documents.

    We believe that the passage of this legislation was the catalyst 
needed to bring together both the Federal and State government 
resources in a focused and unified response to the identity crime 
problem. Today, law enforcement, regulatory, and community assistance 
organizations have joined forces through a variety of working groups, 
task forces, and information sharing initiatives to assist victims of 
identity crime.
    As you know, Mr. Chairman, the Senate recently passed the Identity 
Theft Penalty Enhancement Act of 2002. The intent of this Act is to 
establish increased penalties for aggravated identity theft--for 
example, identity theft committed during and in relation to certain 
specified felonies. This Act, in part, provides for 2 years 
imprisonment for the identity crime, in addition to the punishment 
associated with the related felony and 5 years imprisonment if the 
related felony is associated with terrorism. Additionally, the Act 
prohibits the imposition of probation and allows for consecutive 
sentences. While this particular legislation cannot be expected to 
completely suppress identity theft, it does recognize the impact 
identity theft has on consumers and the need to punish those engaging 
in criminal activity for personal or financial gain. The Secret Service 
supports these ideas and believes that they represent additional tools 
that law enforcement can utilize to the fullest extent in protecting 
the American people.
    Identity crime violations are investigated by Federal law 
enforcement agencies, including the Secret Service, the U.S. Postal 
Inspection Service, the Social Security Administration (Office of the 
Inspector General), and the Federal Bureau of Investigation. Schemes to 
commit identity crime may also involve violations of other statutes, 
such as computer crime, mail theft and fraud, wire fraud, or Social 
Security fraud, as well as violations of State law. Because most 
identity crimes fall under the jurisdiction of the Secret Service, we 
have taken an aggressive stance and continue to be a leading agency for 
the investigation and the prosecution of such criminal activity.
    Although financial crimes are often referred to as ``white collar'' 
by some, this characterization can be misleading. The perpetrators of 
such crimes are increasingly diverse and today include both domestic 
and international organized criminal groups, street gangs, convicted 
felons, and terrorists.
    The personal identifiers most often sought by criminals are those 
generally required to obtain goods and services on credit. These are 
primarily Social Security numbers, names, and dates of birth. Identity 
crimes also involve the theft or misuse of an individual's financial 
identifiers such as credit card numbers, bank account numbers, and 
personal identification numbers.
    The methods of identity criminals vary. It has been determined that 
many ``low tech'' identity criminals obtain personal and financial 
identifiers by going through commercial and residential trash, a 
practice known as ``dumpster diving.'' The theft of both incoming and 
outgoing mail is a widespread practice employed by both individuals and 
organized groups, along with thefts of wallets and purses.
    With the proliferation of computers and increased use of the 
Internet, many identity criminals have used the information obtained 
from company databases and websites. A case investigated by the Secret 
Services that illustrates this method involved an identity criminal 
accessing public documents to obtain the Social Security numbers of 
military officers. In some cases, the information obtained is in the 
public domain while in others it is proprietary and is obtained by 
means of a computer intrusion.
    The method that may be most difficult to prevent is theft by a 
collusive employee. The Secret Service has discovered that individuals 
or groups who wish to obtain personal or financial identifiers for a 
large-scale fraud ring will often pay or extort an employee who has 
access to this information through their employment at workplaces such 
as a financial institution, medical office, or Government agency.
    In most of the cases that our Agency has investigated involving 
identity theft, criminals have used an individual's personal 
identifiers to apply for credit cards or consumer loans. Additionally, 
these identifiers were also used to establish bank accounts, leading to 
the laundering of stolen or counterfeit checks or were used in a check-
kiting scheme.
    The majority of identity crime cases investigated by the Secret 
Service are initiated on the local law enforcement level. In most 
cases, the local police department is the first responder to the 
victims once they become aware that their personal or financial 
identifiers are being used unlawfully. Credit card issuers as well as 
financial institutions will also contact a local Secret Service field 
office to report possible criminal activity.
    The events of September 11, 2001, have altered the priorities and 
actions of law enforcement throughout the world, including the Secret 
Service. Immediately following the attacks, Secret Service assisted the 
FBI with their terrorism investigation through the leveraging of our 
established relationships, especially within the financial sector, in 
an attempt to gather information as expeditiously as possible.
    As part of the new Department of Homeland Security, the Secret 
Service will continue to be involved in a collaborative effort with the 
intention of analyzing the potential for identity crime to be used in 
conjunction with terrorist activities through our liaison efforts with 
the Bureau of Immigration and Customs Enforcement, Operation Direct 
Action, the FinCEN, the Diplomatic Security Service, and the Terrorist 
Financing Operations Section of the FBI.
    The Secret Service continues to attack identity crime by 
aggressively pursuing our core Title 18 investigative violations, 
including access and telecommunications device fraud, financial 
institution fraud, computer fraud, and counterfeiting. Many of these 
schemes are interconnected and depend upon stealing and misusing the 
personal and financial identifiers of innocent victims.
    Our own investigations have frequently involved the targeting of 
organized criminal groups that are engaged in financial crimes on both 
a national and international scale. Many of these groups are prolific 
in their use of stolen financial and personal identifiers to further 
their other criminal activity.
    It has been our experience that the criminal groups involved in 
these types of crimes routinely operate in a multi-jurisdictional 
environment. This has created some problems for local law enforcement 
agencies that generally act as the first responders to their criminal 
activities. By working closely with other Federal, State, and local law 
enforcement, as well as international police agencies, we are able to 
provide a comprehensive network of intelligence sharing, resource 
sharing, and technical expertise that bridges jurisdictional 
boundaries. This partnership approach to law enforcement is exemplified 
by our financial and electronic crime task forces located throughout 
the country, pursuant to our Section 1030 computer crime authority. 
These task forces primarily target suspects and organized criminal 
enterprises engaged in financial and electronic criminal activity that 
falls within the investigative jurisdiction of the Secret Service. 
Members of these task forces, who include representatives from local 
and State law enforcement, prosecutors offices, private 
industry and academia, pool their resources and expertise in a 
collaborative effort to detect and prevent electronic crimes. The value 
of this crime fighting and crime prevention model has been recognized 
by Congress, which has authorized the Secret Service (pursuant to the 
USA PATRIOT Act of 2001) to expand our electronic crime task forces to 
cities and regions across the country. Recently, four new Electronic 
Crimes Task Forces were established in Dallas, Houston, Columbia (SC), 
and Cleveland bringing the total number of ECTF's to 13.
    While our task forces do not focus exclusively on identity crime, 
we recognize that stolen identifiers are often a central component of 
other electronic or financial crimes. Consequently, our task forces 
devote considerable time and resources to the issue of identity crime.
    Another important component of the Secret Service's preventative 
and investigative efforts has been to increase awareness of issues 
related to financial crime investigations in general, and of identity 
crime specifically, both in the law enforcement community and the 
general public. The Secret Service has tried to educate consumers and 
provide training to law enforcement personnel through a variety of 
partnerships and initiatives.
    For example, criminals increasingly employ technology as a means of 
communication, a tool for theft and extortion, and a repository for 
incriminating information. As a result, the investigation of all types 
of criminal activity, including identity crime, now routinely involves 
the seizure and analysis of electronic evidence. In fact, so critical 
was the need for basic training in this regard that the Secret Service 
joined forces with the International Association of Chiefs of Police 
and the National Institute for Justice to create the ``Best Practices 
Guide to Searching and Seizing Electronic Evidence,'' which is designed 
for the first responder, line officer, and the detective alike. This 
guide assists law enforcement officers in recognizing, protecting, 
seizing, and searching electronic devices in accordance with applicable 
statutes and policies.
    We have also worked with these same partners in producing the 
interactive, computer-based training program known as ``Forward Edge,'' 
which takes the next step in training officers to conduct electronic 
crime investigations. Forward Edge is a CD-ROM that incorporates 
virtual reality features as it presents three different 
investigative scenarios to the trainee. It also provides investigative 
options and technical support to develop the case. Copies of State 
computer crime laws for each of the fifty States, as well as 
corresponding sample affidavits are also part of the training program 
and are immediately accessible for instant implementation.
    Thus far, we have distributed over 300,000 ``Best Practices 
Guides'' to local and Federal law enforcement officers and have 
distributed, free of charge, over 20,000 Forward Edge training CD's.
    In April 2001, the Secret Service assisted the FTC in the design of 
an identity theft brochure, containing information to assist victims on 
how to restore their ``good name,'' as well as how to prevent their 
information and identities from becoming compromised.
    In addition, we have just completed the Identity Crime Video/CD-ROM 
which contains over 50 investigative and victim assistance resources 
that local and State law enforcement officers can use when combating 
identity crime. This CD-ROM also contains a short identity crime video 
that can be shown to police officers at their roll call meetings which 
discusses why identity crime is important, what other departments are 
doing to combat identity crime, and what tools and resources are 
available to officers. The Identity Crime CD-ROM is an interactive 
resource guide that was made in collaboration with the U.S. Postal 
Inspection Service, the Federal Trade Commission, and the International 
Association of Chiefs of Police.
    Next week, we will be sending an Identity Crime CD-ROM to every law 
enforcement agency in the United States. Departments can make as many 
copies of the CD-ROM as they wish and can distribute this resource to 
their officers to use in identity crime investigations. Over 25,000 
Identity Crime CD-ROM's have been produced and are being prepared for 
distribution.
    The Secret Service is also actively involved with a number of 
Government-sponsored initiatives. At the request of the Attorney 
General, the Secret Service joined an interagency identity theft 
subcommittee that was established by the Department of Justice. This 
group, which is comprised of Federal, State, and local law enforcement 
agencies, regulatory agencies, and professional agencies meets 
regularly to discuss and coordinate investigative and prosecutive 
strategies, as well as consumer education programs.
    In a joint effort with the Department of Justice, the U.S. Postal 
Inspection Service, the Federal Trade Commission, and the International 
Association of Chiefs of Police, we are hosting Identity Crime Training 
Seminars for law enforcement 
officers. In the last year and a half, we have held seminars for 
officers in Chicago, Dallas, Las Vegas, Iowa, Washington, DC, and 
Phoenix. In the coming months, we have training seminars scheduled in 
New York, Seattle, and Texas. These training seminars are focused on 
providing local and State law enforcement officers with tools and 
resources that they can immediately put into use in their 
investigations of identity crime. Additionally, officers are provided 
resources that they can pass on to members of their community who are 
victims of identity crime.
    The Secret Service's Criminal Investigative Division assigned a 
special agent to the Federal Trade Commission (FTC) as a liaison to 
support all the aspects of their program to encourage the use of the 
Identity Theft Data Clearinghouse as a law enforcement tool. The FTC 
has done an excellent job of providing people with the 
information and assistance they need in order to take the steps 
necessary to correct their credit records, as well as undertaking a 
variety of ``consumer awareness'' initiatives regarding identity theft.
    It is important to recognize that public education efforts can only 
go so far in combating the growth of identity crime. Because Social 
Security numbers, in conjunction with other personal and financial 
identifiers, are used for such a wide variety of record keeping and 
credit related applications, even a consumer who takes the appropriate 
precautions to safeguard such information is not immune from becoming a 
victim.
    The Secret Service recommends that consumers take the following 
steps to protect themselves from identity crime:

 Maintain a list of all credit card accounts and corresponding 
    phone numbers. Keep this list in a place other than your wallet or 
    purse so that immediate notification can occur if any cards are 
    lost or stolen;
 Avoid carrying any more credit cards in a wallet or purse than 
    is actually needed;
 Cancel any accounts that are not in use;
 Be conscious of when billing statements should be received, 
    and if they are not received during that window, contact the 
    sender;
 Check credit card bills against receipts before paying them;
 Avoid using a date of birth, Social Security number, name, or 
    similar information as a password or PIN code, and change passwords 
    at least once a year;
 Shred or burn preapproved credit card applications, credit 
    card receipts, bills, and other financial information that you do 
    not want to save;
 Secure your incoming and outgoing mail;
 Establish passwords where possible with credit card companies 
    or financial institutions that you have accounts with in order to 
    avoid unauthorized change of 
    address, transfer of funds, or orders of additional cards;
 Order a credit report once a year from each of the three major 
    credit bureaus to check for inaccuracies and fraudulent use of 
    accounts; and
 Avoid providing any personal information over the telephone 
    unless you initiated the call, and be aware that individuals and 
    business contacted via the Internet may misrepresent themselves.

    Should an individual become the victim of identity theft, the 
Secret Service recommends the following steps:

 Report the crime to the police immediately and get a copy of 
    the police report;
 Immediately notify your credit card issuers and request 
    replacement cards with new account numbers. Also request that the 
    old account be processed as ``account closed at consumers' 
    request'' for credit record purposes. Ask that a password be used 
    before any inquiries or changes can be made on the new account. 
    Follow up the telephone conversation with a letter summarizing your 
    requests;
 Call the fraud units of the three credit reporting bureaus, 
    and report the theft of your credit cards and/or numbers. Ask that 
    your accounts be flagged, and add a victim's statement to your 
    report that requests that they contact you to verify 
    future credit applications. Order copies of your credit reports so 
    that you can review them to make sure no additional fraudulent 
    accounts have been opened in your name;
 File a complaint with the Federal Trade Commission (FTC) by 
    calling 1-877-ID-THEFT or writing to them at Consumer Response 
    Center, Federal Trade Commission, 600 Pennsylvania Ave., NW, 
    Washington, DC 20580. Complaints can also be filed via their 
    website at www.ftc.gov/ftc/complaint.htm; and
 Follow up with the credit bureaus every 3 months for at least 
    a year and order new copies of your reports so that you can verify 
    that corrections have been made, and to make sure that no new 
    fraudulent accounts have been established.
Conclusion
    For law enforcement to properly prevent and combat identity crime, 
steps must be taken to ensure that the local, State, and Federal 
agencies are addressing victim concerns in a consistent manner. All 
levels of law enforcement should be familiar with the resources 
available to combat identity crime and to assist victims in rectifying 
damage inflicted on their credit. It is essential that law enforcement 
recognize that identity crimes must be combated on all fronts, from the 
officer who receives a victim's complaint, to the detective or special 
agent investigating an organized identity crime ring.
    The Secret Service has already launched a number of initiatives 
aimed at increasing awareness and providing the training necessary to 
address these issues, but those of us in the law enforcement and 
consumer protection communities need to continue to reach out to an 
even larger audience. We need to continue to approach these 
investigations with a coordinated effort--this is central to providing 
a consistent level of vigilance and addressing investigations that are 
multi-jurisdictional while avoiding duplication of effort. The Secret 
Service is prepared to assist this Committee in protecting and 
assisting the people of the United States, with respect to the 
prevention, identification, and prosecution of identity criminals.
    Mr. Chairman, that concludes my prepared remarks and I would be 
happy to 
answer any questions that you or other Members of the Committee may 
have.

                               ----------
              PREPARED STATEMENT OF MICHAEL D. CUNNINGHAM

           Senior Vice President, Credit and Fraud Operations
                       Chase Cardmember Services
                             June 19, 2003

    Mr. Chairman, Members of the Committee, my name is Michael D. 
Cunningham and on behalf of J.P. Morgan Chase & Co., we greatly 
appreciate this opportunity to appear before the Committee and share 
our experience with the issue of identity theft. I serve as Senior Vice 
President for Credit and Fraud Operations for Chase Cardmember 
Services. Protecting our customers from identity theft and fraud is a 
major priority for our entire company. We have devoted the resources 
necessary to play a leading role for the industry by utilizing leading 
edge technology and hands on intervention by over 750 specially trained 
Chase employees. The personal security and well-being of our customers 
is a top priority at Chase.
    Below, please find a discussion of the problem, the nuts and bolts 
of what we at Chase do about it, followed by some ideas for changes and 
improvements for all parties involved.

Elements of Identity Theft and Credit Card Fraud
Identity Theft
    While identity theft and what we call credit card fraud are both 
pernicious crimes, and both constitute fraud, we would like to 
distinguish the two for policy purposes. We place identity theft into 
two basic categories:

Fraudulent Applications--Three Percent of Our Total Fraud Cases
    This involves the unlawful acquisition and the use of another 
person's identifying information to obtain credit, or the use of that 
information to create a fictitious identity to establish an account.
    In order to commit identity theft by means of fraudulent 
application, the perpetrator needs to acquire not just a name, address, 
or credit card number but unique identifiers such as the mother's 
maiden name, Social Security number, and detailed information about a 
person's credit history such as the amount of their most recent 
mortgage payment. This is why more than 40 percent of the identity 
theft cases that we see are committed by someone familiar to the 
victim, frequently a family member or by someone in a position of 
intimacy or trust. This variety of identity theft represents 3 percent 
of our total fraud cases.

Account Takeover--One Percent of Our Total Fraud Cases
    This occurs when someone unlawfully uses another person's 
identifying information to take ownership of an account. This would 
typically occur by making an unauthorized change of address followed by 
a request for a new product such as a card or check, or perhaps a PIN 
number. This variety of identity theft represents less than 1 percent 
of our total fraud cases.

Non-Identity Theft Fraud--The Other 96 Percent of Our Total Fraud Cases
    This type of fraud constitutes the vast majority of occurrences and 
falls under four basic headings:

    (1) Lost or Stolen Cards: The card is actually in possession of the 
customer and is subsequently lost or stolen.
    (2) Non-Receipt: The card is never received by the customer and is 
intercepted by the perpetrator prior to or during mail delivery.
    (3) Counterfeiting: The card is in possession of an actual customer 
and a fraudulent one is subsequently created by a variety of forgery or 
counterfeiting techniques. The customer does not know that the theft 
has occurred.
    (4) Fraudulent Mail or Telephone Order: The card is in possession 
of the customer and the account number and expiration date is 
compromised permitting purchases by phone, mail, or Internet.
Who Bears the Liability for Fraud?
    By law, the liability of the consumer who has suffered credit card 
fraud is limited to a maximum of $50 up to the time of notification to 
the creditor, after which it is zero. As a practical matter, with the 
advent of the Internet and other mediums, to promote consumer 
confidence, MasterCard and Visa simply accept full liability for the 
fraud, as do many individual card issuers.
The Role of Credit Delivery Systems in Fraud
Variation in Fraud Rates by Application Channel

                 Table 14: Cost of Credit Card Fraud\1\
------------------------------------------------------------------------
                                                        Percent
                                             Year 2000     of    Percent
                   Type                        Cost      Credit     of
                                            (Millions)    Card    Sales
                                                         Fraud    Volume
------------------------------------------------------------------------
False Applications........................  $46.1        4.5     0.004
Other Fraud...............................  $976.1      95.5     0.078
    Total.................................  $1,013.2    100.0    0.082
------------------------------------------------------------------------

    During the course of the debate on identity theft and fraud, 
critics have alleged that the process known as ``prescreening'' or 
``prescreened offers of credit'' somehow are major contributors to 
identity theft and other types of fraud. This is not the case. In fact, 
prescreening is a major underwriting tool integral to safety and 
soundness and the lower cost of credit.
---------------------------------------------------------------------------
    \1\ The Fair Credit Reporting Act: Efficiency & Opportunity, The 
Econonic Importance of Fair Credit Reauthorization, Information Policy 
Institute, June 2003, p. 60.
---------------------------------------------------------------------------
Prescreening Greatly Enhances the Ability of Credit Grantors to
Accurately Assess Risk and Avoid Losses and Lower Costs
    Prescreened offers have a very low incidence of fraud, and 
especially so when compared with other forms of new account generation. 
At Chase, for 2002, prescreened accounts subject to identity theft 
involved approximately 600 accounts measured against 17 million total 
active accounts. Total fraud cases of all types for 2002 amounted to 
about 75,000, including the 600 prescreening cases. Last year, 
prescreening resulted in 1.6 million new accounts out of a total of 4 
million new accounts, or 40 percent of all new accounts. Again, the 
majority of fraud arising from prescreened accounts is committed by 
someone familiar to the victim. One of our competitors, Capital One, a 
large user of prescreening, recently testified before the House 
Committee that they had similar experience, reporting rates of identity 
theft that are ``5 to 15 times lower for credit generated through 
prescreening than from credit generated through other channels (that 
is, the Internet, in-store ``take ones'').''
    Why do prescreened cards result in less identity theft? Prescreened 
offers of credit come from a pool of consumers selected from credit 
bureau files that have already undergone a substantial verification and 
underwriting process. An identity thief or fraudster that is not a 
family member always chooses the most anonymous method of application 
such as the Internet, or an in-store ``take one'' application. Choosing 
a prescreened credit card application is the most difficult route by 
far for the thief. Prescreened credit card offers do not contain any 
personal information other than name and address, and contain none of 
the other personal information necessary to apply for credit. Identity 
thieves do not find prescreened offers of credit very useful because 
even if they intercept one, they have to submit a change of address, 
which under Chase's system (and others that we know of ) would trigger 
an alert and subsequent analysis.
    The reduced risk of identity theft and other types of fraud has 
benefits far beyond enhancing the personal security of our customers. 
This enhancement to the underwriting process lowers the cost of capital 
and hence the cost of credit and permits more credit to be extended. 
Without prescreening and other techniques for accurately assessing 
risk, the costs to credit grantors of raising capital in the secondary 
financial markets would be increased. In order to minimize their costs 
of capital, major credit card issuers and other credit grantors (for 
example, auto lenders) sell a large percentage of their receivables to 
secondary bond market investors. Many issuers sell up to one half of 
their receivables to investors in the secondary markets. The models 
used to price these securities are largely based on the assessment of 
credit risk. Without the credit enhancements of prescreening (and other 
national credit standards), these models would almost certainly have to 
be changed to factor in additional risks of default, resulting in an 
increase in costs to the issuers of these securities.
The Role of the Credit Card Industry as the Early Warning System for
Identity Theft and Fraud--Detection, Prevention, and Resolution
Industry Practices in General
    The recently released report by the Information Policy Institute 
contains an excellent description of industry practices in general: \2\
---------------------------------------------------------------------------
    \2\ Ibid p. 60 -61.

          Credit card issuers also have authentication procedures in 
        place at many stages of the process to limit the ability of 
        criminals to open fraudulent credit card accounts. The vast 
        majority of credit card issuers (if not all of them) review the 
        application, using a variety of automated tools (Appendix F) 
        based upon credit file data to authenticate the identity of the 
        applicant. In some cases, if the lender has any degree of 
        uncertainty about the applicant's identity, additional 
        documentation (such as a State-issued driver's 
        license or a utility bill) is requested before approval is 
        granted. Even after the card has been physically delivered to 
        the applicant, the account is not activated until the applicant 
        again verifies his or her identity, usually by calling from his 
        or her home phone.
          Issuers undertake these procedures because they are generally 
        liable for the cost of fraudulent charges. MasterCard and Visa, 
        for example, have zero liability policies that significantly 
        limit the consumer's responsibility for fraudulent charges. 
        Issuers will soon legally be required to authenticate identity 
        when opening accounts as well. Given the cost to issuers, it is 
        no surprise that losses from fraudulent applications account 
        for significantly less than one-hundredth of 1 percent of 
        credit card sales volume and less than 5 percent of all credit 
        card fraud.
          The vast majority of credit card issuers further review the 
        application using a variety of sophisticated automated tools. 
        These authentication tools check the applications for 
        inconsistencies, compare information from the 
        application to that in credit files and other national 
        databases, and check applications against databases on known 
        fraud. If inconsistencies are detected, or if the application 
        is identified as being high risk for fraud, the tools instruct 
        the issuer to decline the application or perform a thorough 
        manual review.
          For example, if the applicant attempts to change the address 
        and the new address is different than in these databases, the 
        products indicate the possibility that the application is 
        fraudulent and that an identity thief is trying to open an 
        account and divert mail away from the victim's address to avoid 
        being detected. These products are very successful, identifying 
        the majority, from 60 to 80 percent, of fraudulent applications 
        before the accounts are ever opened. The success of these tools 
        also serves as a powerful deterrent to potential identity 
        thieves.

Prevention and Detection at Chase Cardmember Services
    Chase uses a multilayered system of technology, manual analysis, 
and consumer education and assistance to prevent, detect, and resolve 
all types of fraud. In fact, we detect approximately 70 percent of all 
fraud before the customer even knows it has occurred, and we continue 
to improve every year. The first step in this effort is to assess the 
risk at the application level. Below are some examples of high-risk 
attributes for an application:

    1. Discrepancies between credit bureau and application data. For 
example, we compare, Social Security number, address, name, and date of 
birth--discrepancies cause rerouting to our manual system.
    2. Credit bureau fraud alerts and victims' statements.
    3. Internal fraud file matches, which entail matches against key 
personal identification data in a file that contains prior victims of 
identity theft.
    4. Issuer's Clearinghouse Services (ICS) alerts. The ICS is a 
shared issuer database of reported identity theft victims.

    Low-risk applications are automatically approved and monitored for 
suspicious activity by a specialized unit. High-risk applications are subject to manual verification. This includes:

    1. Address validation using a variety of databases.
    2. Direct contact with the true person whose name is being used to 
apply for 
credit at the location verified for that person.
    3. Authentication using ``out of wallet'' information such as a 
person's most recent mortgage payment or similar types of information 
that typically is not found in a person's wallet and that only the true 
customer would know.
    4. Request for documentation from the applicant in situations where 
we are unable to verify the applicant's identity.

    In addition to the above, we have also developed an address change 
model that utilizes demographic techniques and a file of known 
fraudulent addresses. Additionally, we have a security verification 
methodology for special cases such as when an applicant has no home 
phone number. Utilizing all of these technologies and human resources, 
Chase frequently provides the first notice to the consumer of identity 
theft or fraud. Below is an excerpt from a letter from one of our 
customers:

          I would like to take this opportunity to praise the 
        performance of (Chase employee) . . . Over 6 months ago, Mr. X 
        called me at home because he 
        noticed a discrepancy in a credit application that had my name 
        and Social Security number. He gave me valuable information 
        that minimized the damage to my credit and ultimately led to 
        the arrest of a ring of identity thieves.

Consumer Assistance and Education
    At Chase, we recognize that consumers may need help once they learn 
of the identity theft or fraud. Once a problem is identified, Chase 
provides consumer education and assistance programs, as detailed in the 
two documents in the appendices to this statement. As you can see, we 
try to be as proactive as possible in dealing with consumers who are 
victims of identity theft or fraud. We also actively work with law 
enforcement to try and apprehend the perpetrators. We employ our own 
investigators who provide a summary report to law enforcement officials. 
We then file a ``Suspicious Activity Report'' (SAR) in accordance with 
Federal regulations, and we provide testimony to aid in the prosecution 
of specific cases.

Technological Tools To Prevent Identity Theft
    In addition to the detection and prevention methodologies outlined 
above, we employ three important technical tools for prevention of 
identity theft. First, we use Falcon, a so-called neural network 
technology, which calculates a ``fraud score'' for transactions based 
on data from a consortium of creditors and customer/merchant profiles. 
Based on this system, we have adopted strategies to approve, decline, 
or refer a transaction for further analysis. Some of the events that 
may trigger further scrutiny of a transaction or an account include new 
accounts showing cash advance and jewelry type transactions or a recent 
address change accompanied by a high dollar cash or mail/phone order 
activity, just to name two examples.
    Second, we also employ a system that we call ``link analysis'' that 
utilizes known fraud information to stop subsequent occurrences. This 
is composed of a caller identity database combined with addresses, home 
and business phone numbers, Social Security numbers, and a variety of 
other relevant information to stop identity theft before the 
perpetrator can assume the identity of an innocent consumer. The third 
technology that we apply is a fraud application-scoring model that 
relies on patterns and other criteria to generate a fraud score for a 
particular transaction. No one approach is a cure-all, but taken 
together, these applications have enabled a continual improvement in 
our performance.

Recommendations To Enhance Consumer Protection from
Identity Theft and Fraud
    In conclusion, despite everything that Chase and others in the 
industry are doing to combat these types of fraud, we have identified 
some areas that would benefit from legislative changes. Please find 
below an outline of technical changes to the law by category that we 
feel would assist everyone concerned in the fight against these crimes.
Prevention (Applicable to Financial Institutions)

 Financial institutions must establish risk-based policies and 
    procedures to verify customer identification information.
 Such policies and procedures used to comply with the 
    requirements imposed under Section 326 of the USA PATRIOT Act shall 
    suffice for purposes of account 
    opening.
 Such policies and procedures must include the evaluation of a 
    ``fraud alert'' obtained in connection with a consumer report.
 Such policies and procedures must include the address change 
    verifications, as appropriate.
 To the extent not already permitted or authorized, authorize 
    financial institutions and associations of financial institutions 
    to share information with other financial institutions, or 
    associations of financial institutions, regarding individuals, 
    entities, organizations, or transactions that may involve identity 
    theft or possible identity theft. A financial institution or 
    association that transmits, receives, or shares such information 
    for the purposes of identifying and reporting identity theft 
    activities shall not be liable to any person under any law, 
    regulation, or agreement. Extend the same flexibility and the 
    protections to other businesses 
    affected by identity theft, such as retailers.
 Require disclosure (at same time as ``initial'' TILA 
    disclosures) to inform consumers that the financial institution may 
    report information to a consumer reporting agency regarding the 
    consumer's behavior on the account. Disclosure must also provide 
    contact information to consumer reporting agencies that operate on 
    a nationwide basis.
 Allow access to Social Security Administration database in 
    order to verify Social Security numbers on applications.

Prevention (Applicable to Consumer Reporting Agencies)

 Nationwide consumer reporting agencies must establish a method 
    of recording and reporting ``fraud alert'' data.
 Consumer reporting agencies may truncate an individual's 
    Social Security number on copies of the individual's credit report 
    provided to the individual so long as the Social Security number 
    provided by the individual to obtain the credit report matches the 
    Social Security number included in the credit report.

Other Prevention Related Measures

 To the extent not already permitted under the FCRA, include 
    fraud prevention and identity theft prevention as a permissible 
    purpose to obtain a consumer report under the FCRA.
 Ensure continued availability of consumer reports as 
    envisioned under the FCRA.
 Prohibit display or sale of an individual's Social Security 
    number to the general 
    public. Such prohibition shall not interfere with legitimate 
    business-to-business or business-to-government transfers of Social 
    Security numbers, or public record information.
 Prohibit merchants from printing more than the last four 
    digits and the expiration date of a credit card number on a 
    receipt.
 Prohibit States from printing Social Security numbers on 
    driver's licenses and other government-issued form of 
    identification.

Apprehension
 Have postal service hire additional postal inspectors for 
    purposes of identity theft and related investigations.
 Increase penalties and prosecution for identity theft crimes.
 Require the Department of Justice to develop a training 
    program for State and local law enforcement with respect to 
    identity theft crimes.
 Require the Department of Justice to develop model 
    definitions, reporting forms, and affidavits for use by State and 
    local law enforcement in connection with identity theft 
    investigations.
 Improve civil forfeiture provisions related to identity theft.

Mitigation
 Require consumer reporting agencies to block tradelines 
    allegedly the result of identity theft if the consumer provides a 
    valid police report regarding the identity theft [or other valid 
    indicia of the crime] and provides appropriate identification.
 Require a business to provide information to a consumer 
    pertaining to an alleged identity theft if consumer provides a 
    valid police report regarding the identity theft [or other valid 
    indicia of the crime] and provides appropriate identification. This 
    provision must be crafted to ensure it does not create additional 
    opportunities for identity theft, and businesses may not be held 
    liable for complying with this provision.

Victims Assistance
 Develop a simplified standardized document, for example, 
    Uniform Affidavit for consumers' initiation of investigations of 
    claims related to identity theft.
 Simplify the way consumers can contact their financial 
    institution to make a claim of identity theft, that is, call a toll 
    free number on their account statement.
 Be responsive to identity theft claims in a timely fashion.
 Require local law enforcement to accept the simplified 
    standardized form and to assist the consumer and to produce a 
    police report.

    
    
                 PREPARED STATEMENT OF JOHN M. HARRISON

         Captain, U.S. Army (Retired), Rocky Hill, Connecticut
                             June 19, 2003

    Mr. Chairman, Ranking Member Sarbanes, and Members of the 
Committee, I appreciate this opportunity to appear before your 
Committee to share my experiences as an identity theft victim. My name 
is John Harrison. I am 42 years old, a retired Army Captain and have 
resided in Rocky Hill, Connecticut, since my retirement in December 
1999. Until recently, I have been working as a corrugated salesperson 
since leaving the military.

Background
     My introduction to the crime of identity theft began on November 
5, 2001. On that day, I was contacted by a detective from Beaumont, 
Texas, who was investigating a Harley-Davidson motorcycle which had 
been purchased in my name and Social 
Security number. He tracked me down through my credit report. From that 
same credit report, the detective realized I was a victim of identity 
theft and he explained to me that someone had been using my name and 
Social Security number to open credit accounts and he pointed me in the 
right direction.
     On that very same day, I reported my identity stolen to the FTC 
through their website. I also contacted all three repositories, ordered 
my credit reports, initiated fraud alerts, and began contacting 
creditors immediately. Once I received my credit reports, I filed a 
police report with the Army's Criminal Investigation Division which 
luckily had a branch near Hartford, Connecticut. Just 1 month later, on 
December 12, 2001, Jerry Wayne Phillips was arrested in Burke County, 
North Carolina during a traffic stop. He was riding the Harley-Davidson 
motorcycle the police officer in Texas was investigating. Phillips was 
indicted on Federal charges in Texas, pled guilty to one count of 
identity theft, and is currently serving a 41-month sentence at a 
Federal prison in Minnesota.
     What I have learned since November 5, 2001 is that Phillips gained 
control of my identity on July 27, 2001 when Army officials at Fort 
Bragg, North Carolina issued him an active duty military identity card 
in my name and Social Security number. In a taped interview, Phillips 
claimed the identity was easy to get. That occurred about 1\1/2\ years 
after my retirement as an Army Captain.

Damages
     The military identity card combined with my once excellent credit 
history allowed Phillips to go on an unhindered spending spree lasting 
just 4 months. From July to December 2001, Phillips had acquired goods, 
services, and cash in my name valued at over $260,000. None of the 
accounts were opened in my home State of Connecticut. He opened 
accounts as far south as Florida, as far north as Virginia, and as far 
west as Texas. I have identified more than 60 fraudulent accounts of 
all types: Credit accounts; personal and auto loans; checking and 
savings accounts; and utility accounts. He purchased two trucks through 
Ford Credit valued at over $85,000. A Harley-Davidson motorcycle for 
$25,000. He rented a house in Virginia and purchased a time-share in 
Hilton Head, South Carolina.
     One of the accounts opened by Phillips was with the Army & Air 
Force Exchange Service (AAFES). He also wrote bad checks in these 
exchanges. I originally disputed this account in March 2002 when AAFES 
attempted to garnish my military retirement pay. I was able to stop the 
garnishment by providing supporting documentation to AAFES. They made a 
second attempt to garnish my retirement in January 2003 for the same 
debt. Unfortunately, my letter to AAFES went ignored the second time 
and the garnishment began the end of January. Eventually and with the 
assistance of Congressman Larson's office, the garnishment was stopped 
in March 2003 and AAFES refunded the money that had been taken from my 
retirement pay. I have always been somewhat distressed at the 
military's involvement in the theft of my identity. They issued the 
fraudulent identity card that allowed Phillips to open all these 
accounts and quite obviously, someone was very negligent in their 
duties. The garnishment greatly added to that distress.

FCRA Relationship
     While Phillips made creditors, banks, and willing merchants the 
monetary victims of this crime, it has been those same creditors and 
credit reporting agencies that made me a victim. I have struggled with 
the repositories, creditors, and debt collectors for 20 straight months 
now and still have many accounts and debts incorrectly reported in my 
name and Social Security number. My imposter has been in jail for 19 of 
those 20 months and no accounts have been opened in my name since his 
incarceration at the end of 2001. I have overwhelming documentation to 
verify I did not open any of these accounts and I have willingly 
provided those documents to all creditors I have found, as well as the 
credit bureaus. I have discovered it is more cost effective for 
creditors to write the debt off in the victim's name than go after the 
real criminal, even after you tell them who and where the real criminal 
is.
    The credit bureaus hide behind the fact that they are only 
reporting what creditors tell them while at the same time, victims are 
repeatedly sending affidavits, police reports, and detailed dispute 
letters proving the creditors are wrong. That is why it takes identity 
theft victims years instead of months to recover from this crime.
     From that first day in November 2001, I have been very aggressive 
about restoring the damage done in my name. I have sought out the 
fraudulent accounts and in most cases; I have contacted them before 
they have contacted me. I have dispute all accounts directly with the 
creditors following that up by disputing the accounts through the 
repositories. I have encountered a great many difficulties. While two 
of the repositories have done what I consider to be a fair job 
assisting me and responding to my disputes, one of them, Equifax, has 
failed to meet nearly all the provisions of the FCRA. It took 11 months 
and three dispute letters to get a second report from Equifax. Further, 
I found the report they sent to me was not the same report they were 
sending to creditors. Both reports that Equifax has in their system 
still contain as many as fifteen fraudulent accounts.
     I also found that when I disputed accounts to any of the 
repositories, whether the results of the reinvestigation come back with 
deleted or verified accounts, the accounts were rarely resolved. 
Creditors were either not accepting my dispute through the repositories 
or the dispute was not being sent to them. In either event, the 
majority of creditors continue to seek me out directly or through a 
debt collector. In some instances, I have had accounts deleted from one 
repository only to have it show up with another one. I have also 
encountered creditors that after I have initiated contact with them to 
dispute an account, sold the debt to or hired debt collectors that seek 
me out at a later time. I have also had difficulties with accounts that 
return months after I have successfully disputed them, like AAFES. 
Finally, there have also been accounts that I have contacted and could 
find no record of a debt in my name and then months later their debt 
collectors are calling my home or showing up on my credit reports. It 
has been and continues to be a nightmare.
     I have accounted for over 100 bad checks drafted from four 
different fraudulent checking accounts. Phillips wrote bad checks in 
eight different States and they account for nearly $60,000 of the total 
debt. Unfortunately, the checking accounts have created significantly 
more complications for me than the credit accounts. While creditors 
have just three reporting agencies to choose from, banks and vendors 
that accept checks have a multitude of reporting agencies. 
Additionally, the majority of those reporting agencies, which maintain 
both positive and negative information on consumers, do not provide 
consumer reports nor are there systems in place to dispute negative 
information. I have spent a great deal of time trying to understand the 
checking situation to learn how to properly dispute each bad check that 
was written. My conclusion is, there is no system in place to assist an 
identity theft victim when banking accounts are opened in your name and 
Social Security number, but are completely removed and unrelated to 
your own banking accounts. This industry is well behind the progress 
that has been made in the credit industry.

Personal Impact
     There is still a misconception by some that creditors, merchants, 
banks, and others that sustain monetary losses are the only victims of 
identity theft. So often when speaking to someone about my situation, 
the comment is made, ``At least you are not responsible to pay these 
fraudulent debts.'' Somehow, that makes my situation seem less tenuous. 
I have invested over 1,100 hours of my time defending myself and 
working to restore my credit and banking histories. I have filled eight 
notebooks with over 1,500 pages of documentation. I can account for 
about $1,500 in out of pocket expenses directly related to my identity 
theft. Higher interest rates have cost me over $4,000. I have been 
unknowingly sued by at least one of the creditors. I have had my 
military retirement garnished. I am not creditworthy enough to open any 
new accounts and bad checks reported in my name prevent me from opening 
any deposit accounts with banks.
     It was also during January 2003, that my own creditors began 
taking adverse actions against me as a result of the negative information contained in my credit reports. I lost $25,000 in available credit as my creditors closed accounts with zero balances or lowered my credit limit to 
existing balances. I had been with some of those creditors over 10 
years, but my history of always paying on time did not influence their 
decisions.

Emotional Impact
     I have always considered myself to be a very strong individual. 
During the 20 years that I spent in the military, I was often singled 
out as someone that worked extremely well under stress. The length of 
time it takes to resolve a stolen identity, the frustration in dealing 
with companies that do not understand the crime or its impact and do 
not take the correct actions, repeatedly having to clear up the same 
accounts, the constant phone calls and letters from debt collectors is 
enough to cause anyone emotional distress.
     In September 2002, 11 months into my struggle, I began to have 
difficulties with anxiety and insomnia and my physician prescribed a 
mild antidepressant. In January 2003, the problems with my identity 
were causing serious distractions for my work as a salesperson. I spoke 
with my supervisor about the problems and began weekly therapy in 
February 2003 through our Employee Assistance Program. I was diagnosed 
with Post Traumatic Stress Disorder. As the doctor put it, my fight or 
flight instincts were stuck on ``fight.'' Those problems eventually led 
to my termination at the end of April 2003. I was given no notice of 
the termination nor was there a severance offered. I simply had the rug 
pulled from underneath me. At present, I find myself unemployed for the 
first time since I was 14 years old, being treated for what now has 
become depression, in the worst job market in 9 years, and stilling 
dealing with the same situation that got me here in the first place. 
Sadly, even as I look back over the last 20 months and retrace my 
steps, I cannot identify a single thing I could have done differently 
that may have prevented the situation I am currently in.

Recommendations
     I have two suggestions that I feel would greatly impact the number 
of identity theft victims.
     First, I believe that we need to focus on those sections of the 
consumer reports titled Personal Identification Information. Currently, 
if I need to order a copy of my report, I have to accurately provide my 
name, Social Security number, address, date of birth, and sometimes 
several account numbers from my credit report. If I do not provide the 
correct information; I am not allowed to have my credit report. 
Creditors, however, are not held to this same standard. Merely by 
providing a Social Security number, they can access the consumer's credit score and/or credit report. Additionally, it is the creditors that control what is reported in the personal information section; not the consumer. I found seventeen different addresses on my various credit reports that were 
used by my imposter. Six different phone numbers. Even my date of birth 
was changed on my credit reports as a result of information provided by 
the creditors that allowed these fraudulent accounts to be opened. I 
believe the consumer is the best source for personal and identifying 
information; not creditors. We should identify essential elements of 
personal information such as name, Social Security number, current 
address, phone number, sex, current employer, and date of birth. A 
creditor making an inquiry in regards to an application should have to 
correctly provide key and essential identifying information in order to 
complete the inquiry; not just a Social Security number. If incorrect 
data is provided, the creditor should be returned a message from the 
credit bureau that the customer cannot be identified and the inquiry 
cannot be completed. Had this system been in place when my identity was 
stolen, not a single account could have been opened in my name.
     Second, I believe a system should be put in place to annually 
evaluate the credit bureaus. While I am not expert enough on the credit 
bureaus to identify all criteria for such an evaluation, I am certain 
that credit report accuracy should be one of them. I do not want to 
make unfounded accusations, but it is my belief through common sense 
that credit bureaus do not lose money as a result of identity theft, 
they make money. Over a hundred inquiries have been made to my credit 
reports as a result of fraudulent accounts. These are inquiries the 
repositories are paid for that would not otherwise have been made. 
Additionally, with the public becoming more informed about the 
seriousness and growth of identity theft, I am certain that sales of 
credit monitoring systems are doing quite well also. Monetarily 
speaking, there is not much incentive for the repositories to be 
aggressive about preventing identity theft or correcting inaccurate 
reports resulting from identity theft. An evaluation system would 
provide that incentive. Accurate reports are as important to the 
creditors that use them as they are to the consumers they belong to. A 
repository that was not doing an adequate job would be penalized 
through fair competition and my feeling is those penalties would invoke 
positive changes in order to stay competitive.
    The burden of prevention and correction has been placed squarely on 
the consumers' shoulders and yet we have very little control over 
either. We cannot prevent our identities from being bought and sold 
both legally and illegally by the thousands. We cannot prevent the 
sales manager who is excited by a high FICO score from opening an 
account in our name without verifying the identity. Once the mistakes 
have been made and the fraudulent accounts opened, the consumer victim 
is caught between the credit bureaus and creditors. It is a life 
changing experience.
    Again, I want to thank you for your time and this opportunity to 
share my story with your Committee. I hope in some way by sharing my 
experiences here today, we can bring about the needed changes in 
combating the crime of identity theft.

                               ----------

                 PREPARED STATEMENT OF STUART K. PRATT

                 President and Chief Executive Officer
                   Consumer Data Industry Association
                             June 19, 2003

     Chairman Shelby, Senator Sarbanes, and Members of the Committee, 
thank you for this opportunity to appear before the Committee on 
Banking, Housing, and Urban Affairs. For the record, I am Stuart Pratt, 
President and CEO for the Consumer Data Industry Association.
    CDIA, as we are commonly known, is an international trade 
association repre-
senting approximately 500 consumer information companies that are the 
Nation's leading institutions in credit and mortgage reporting 
services, fraud prevention and risk management technologies, tenant and 
employment screening services, check fraud prevention and verification 
products, and collection services.
    We commend you for holding this hearing on the crime of identity 
fraud and its relationship to the Fair Credit Reporting Act (15 U.S.C. 
Sec. 1681 et seq.). Identity fraud is an equal-opportunity crime that 
can affect any of us. This crime is a particularly invasive form of 
fraud where consumers, consumer reporting agencies, and creditors must 
untangle the snarl of fraudulent accounts and information resulting 
from a criminal's actions. The task can be frustrating, and, in severe 
cases, time-consuming for all concerned.
    The Committee has asked us to comment on the crime itself and on 
its relationship to the FCRA. In this regard, let me focus on three 
points:

 The FCRA provides the essential framework of duties for 
    consumer reporting agencies and data furnishers and key rights of 
    which all consumers can avail themselves, including victims of 
    identity theft.
 CDIA members have been at the forefront of efforts to 
    understand the nature of this crime for years and they have 
    established victim assistance procedures, which go beyond the 
    requirements of any law.
 Consumer education is a mainstay of any successful campaign to 
    reduce the incidence of identity fraud. Though preliminary, some 
    data indicate that industry and governmental efforts to reach 
    consumers is working.

The FCRA as an Essential Framework of Duties and Rights
    Amended materially in 1996, the FCRA now has a well-balanced set of 
rights and protections for consumers. In particular, the 1996 
Amendments focused on reinvestigations and service to consumers. For 
example, the amendments included codification of time frames for the 
completion of a consumer's dispute, which apply to both data furnishers 
and to consumer reporting agencies. The law now ``defaults'' in favor 
of the consumer where a furnisher of information is unable to respond 
to a dispute by requiring the consumer reporting agency to delete the 
disputed information at the close of the 30-day reinvestigation period. 
Following is a summary of many key provisions of the FCRA that benefit 
consumers and victims of identity theft.

Can anyone see a consumer's report?
    No. Consumer reports may be provided and used for only the 
following permissible purposes: Credit transactions involving the 
extension of credit or collection of an existing account; account 
reviews (for safety and soundness); employment purposes; insurance 
underwriting; license eligibility; child support and limited judicial 
inquiries. Users of consumer reports are required to identify 
themselves, certify the purposes for which the report is sought, and 
certify that it will be used for no other purposes. Criminal sanctions 
result from fraud and misuse.
    Consumers can opt out of prescreened offers of credit with just a 
toll-free call. The FCRA codified the practice of direct mail offers of 
credit and insurance in the 1996 Amendments. However, recognizing 
consumers' privacy interests, the Act provides consumers a single toll-
free number for all nationwide credit reporting systems to opt out of 
all prescreened offers of credit or insurance for either 2 years or 
permanently (888-5opt-out or 888-567-8688).

How is data accuracy ensured?
    Credit reporting agencies are subject to liability unless they 
follow reasonable procedures to assure the maximum possible accuracy of 
the information regarding the consumer. Also, competitive marketplace 
forces among the consumer reporting agencies provide a strong 
institutional incentive to maximize accuracy.

Consumers always have a right to their file.
    At any time, a consumer may obtain a copy of his or her entire 
credit file from an agency. The report must be provided at a low cost 
capped by the FCRA (at time of enactment, $8.00, currently, based upon 
CPI indexing, $9.00). The agency must include in such a disclosure a 
summary of the extensive consumer's rights under the FCRA. Consumers 
also always have a right to be notified of all persons who have 
requested a copy of their files. Note that consumers who are victims of 
fraud and suspect that fraudulent data is on their file are entitled to 
a free disclosure.

What happens when a user of a report takes an adverse action based on 
        the report?
    If any adverse action is taken with respect to a consumer based 
upon a consumer report (for example, a denial of credit or employment), 
the person taking the action must notify the consumer and identify the 
name, address and toll-free telephone number of the agency that issued 
the report. If there is an adverse action, the consumer is entitled, 
upon request, to a free consumer report from the agency that issued the 
report.

What happens when a consumer feels information in a report is 
        inaccurate?
    Any time a consumer disputes the accuracy of any information 
contained in the agency's file, the agency must within 30 days either 
reinvestigate the information free of charge and note the dispute in 
the file or delete the information from the file. The agency must give 
the consumer notice of the results of the investigation within 5 days 
of its conclusion. If the agency finds that the information is either 
inaccurate or not verifiable after the reinvestigation, it must delete 
the information from the file.

Who has enforcement authority over the FCRA?
    The provisions of the FCRA are enforced vigorously by the Federal 
Trade Commission, Federal banking regulators and the State attorneys 
general. Additionally, consumers have private rights of action against 
users, data furnishers, and consumer reporting agencies for 
noncompliance with the Act (see below).

Consumers have private rights of action against users, data furnishers, 
        and consumer reporting agencies.
    A consumer has a right to sue users, furnishers, and reporting 
agencies under the FCRA for noncompliance with the Act if 
reinvestigation procedures are violated. While a plaintiff can recover 
actual damages (including noneconomic damages), as well as attorneys' 
fees, he or she need not prove actual damages because the FCRA provides 
for liquidated damages in cases where there has been a violation.

CDIA Voluntary Victim Assistance Programs
    While the FCRA provides a robust framework of protections for all 
consumers, including victims of identity theft, our members have long 
recognized that the crime presented unique problems for victims and to 
this end we have been actively pursuing progressive voluntary 
initiatives to ensure that victims of identity theft can recover from 
the crime and get on with their lives. Attached to this testimony is an 
appendix, which provides a short timeline of our efforts and which also 
includes the news release discussing our most recent initiative 
announced this past April 2003. Following is a discussion of some of 
our efforts:
    In March 2000, the CDIA issued a news release (included with this 
testimony), which outlined the credit reporting industry's six-point 
victim assistance program. Ours was the first industry to step forward 
and not merely educate its members about the problems consumers 
experienced, but to seek specific changes in business practices. These 
identity fraud victim assistance initiatives were the culmination of 
internal reviews of current processes by senior fraud personnel, 
interviews with law enforcement, victims, and privacy advocates, and 
input from our Association's outside counsel on this effort, former 
Vermont Attorney General, Jerome M. Diamond. The industry's voluntary 
initiative became effective on January 1, 2001, and while our attached 
news release outlines all six initiatives, let me highlight a few for 
the Committee.

Standardizing Security Alerts
    Prior to the CDIA's initiative, the three credit reporting systems 
were already voluntarily administering a system of security alerts, 
which are text messages (often accompanied by a code) included in a 
consumer's credit report these alerts notify lenders and other users of 
the report of the fact that a consumer has contacted the credit 
reporting system and believes that he or she is a victim of identity 
fraud. The alerts contain, at the consumer's request, one or two 
telephone numbers for the lender to use in contacting the consumer to 
verify that he or she is truly seeking a new line of credit or other 
service.
    The CDIA's initiative sought to improve the effectiveness of these 
alerts in two important ways:

 The text of the security alerts is now standardized with the 
    goal of ensuring that the consumer's request is honored regardless 
    of which credit reporting system is used by a lender;
 The text message is now preceded by an alphanumeric code that 
    ensures that even in a computer-to-computer transmission, the fact 
    that a security alert is part of a consumer's file is easily 
    identified by the lender's system.

    The security alert is transferred with any consumer credit report, 
whether it is a highly codified version, merely summarized or otherwise 
formatted for a particular lender's system.
Standardizing the First Three Steps
    In our interviews with consumer victims, we learned that 
consistency of experience is important. When consumers learn that they 
are victims of identity fraud, they are often advised to order a copy 
of their file disclosure (that is, credit report) from each of the 
three nationwide credit reporting systems. Under the CDIA initiative, 
when consumers call any one of the automated systems to order their 
file disclosures, they can now have confidence that the same three key 
steps will be taken:

 A security alert will be added to the consumer's file ensuring 
    that if a criminal is still active, subsequent lenders will know 
    that the consumer may be a victim of identity fraud.
 The consumer's file will be opted out of any direct-mail 
    offers of credit or insurance, thus ensuring that only where the 
    consumer initiates a transaction will the consumer's file be 
    accessed.
 The consumer's file will be placed in the mail within three 
    business days of the consumer's request.

Following Up
    Consumer victims expressed frustration with the difficulty of 
knowing whether or not the crime was ``over.'' In an effort to help 
consumer victims stay actively involved with our members when identity 
fraud has occurred, CDIA's credit reporting members altered their 
practices. Specifically, after a consumer's file has been corrected and 
the fraudulent data has been removed through a traditional 
reinvestigation process, our members will then continue to send the 
identity fraud victim additional copies of his or her file for the next 
90 days. With each file, the consumer will have a toll-free number, 
which provides access to live personnel and, thus, if the consumer 
spots additional problems with the file, he or she can contact our 
members quickly and have the problem resolved. This 90-day service 
extends beyond the requirements of the Fair Credit Reporting Act (15 
U.S.C. Sec. 1681 et seq.) and helps mitigate the effects of this 
longitudinal crime.

New Victim Assistance Procedures and Police Reports
    Victims of identity fraud want to be believed when they claim that 
they are victims of the crime, and they want their situation addressed 
quickly. Our members looked for a safe and sound process to meet this 
need and as you can see in our attached letter to the Federal Trade 
Commission, our members have not only committed themselves to removing 
fraudulent data upon request of a victim who has a police report, but 
we have coordinated this effort with the FTC's Identity Theft 
Clearinghouse. Following are the comments of J. Howard Beales, III, 
Director of the FTC's Bureau of Consumer Protection, regarding our 
members' program.

          Another collaborative effort with tremendous promise is your 
        new police report initiative. Through this program, the three 
        agencies have agreed to block any credit line when they 
        receive, from the consumer, a copy of the police report 
        documenting the identity theft. And, last year the IACP passed 
        a resolution encouraging local law enforcement to issue police 
        reports to identity theft victims.\1\ We are doing our part 
        too, developing a training video with IACP to encourage the 
        police to issue the reports. I appreciate that certain 
        consumer-based initiatives require you to balance accuracy 
        issues--knowing that the consumer's report contains all 
        relevant credit information, including derogatory reports--
        against customer service. From my perspective, your police 
        report initiative strikes just the right balance. You have an 
        assurance of the consumer's good faith, evidenced through the 
        official police report, and the consumer will be untouched by 
        the false negative information. I encourage the ACB and its 
        members to continue developing programs and systems that ease 
        the burden on identity theft victims.'' \2\
---------------------------------------------------------------------------
    \1\ International Association of Chiefs of Police, Curbing Identity 
Theft, (November 15, 2000) available at www.theiacp.org.
    \2\ Excerpts from a speech delivered to the members of the Consumer 
Data Industry Association by FTC Director Beales on January 17, 2002.

Acceptance of the FTC Fraud Affidavit
    The FTC undertook a complex and laudable task of trying to simplify 
an identity fraud victim's paperwork burden by creating a single 
affidavit for multiple uses. A number of our members participated in 
the work group discussions which led to the creation of this new form 
and all of the CDIA's nationwide credit reporting system members accept 
this affidavit.

A Single Call Reaches All Nationwide Consumer Reporting Agencies
    Included with this testimony is our news release wherein we discuss 
a very new initiative that should help victims by reducing the number 
of phone calls they have to make. As of April of this year, consumers 
can make a call to any of the nationwide consumer reporting agencies 
and in doing so, their information will be transferred to all 
nationwide agencies, each of which will add a security alert to the 
victim's file, opt them out of prescreened offers of credit or 
insurance and issue a file disclosure. This is truly a progressive step 
that makes it easier for a victim to notify our members that they have 
been a victim of identity fraud.

CDIA and Consumer Education
    Any time a crime is identified, we all want to find the one 
``silver bullet'' which will stop it in its tracks. In reality, layers 
of efforts and, in some cases, years of work are necessary to truly 
reduce the incidents of a particular type of crime. In our visits with 
law enforcement and with consumer groups, it was evident to the members 
of the CDIA that procedural changes are important, but that consumer 
education, focused on prevention and post-victim assistance, was 
essential.

A Commitment to Call for Action
    The CDIA committed financial resources and technical expertise to 
support the efforts of Call for Action, a consumer educational 
organization, which is reaching out aggressively to consumers and 
identity fraud victims. Enclosed with this testimony is a practical, 
easily understood brochure * developed by Call for Action with the 
assistance of the CDIA. The brochure has been distributed to:
---------------------------------------------------------------------------
    * Held in Senate Banking Committee files.

 National and State law enforcement agencies;
 States attorneys general and consumer protection offices;
 Military barracks and educational institutions;
 Call for Action regional affiliate offices; and
 CDIA members.

    Call for Action reports that more than 200,000 identity fraud 
brochures have been distributed and another 100,000 are going to print. 
Further, the information in the brochure is also available on their 
website and Call for Action reports that they have had more than 
125,000 visitors view their identity fraud information. The brochure, 
produced by Call for Action, is available at www.callforaction.org.
    Call for Action's efforts also include production of a video news 
release (VNR). Their VNR reached 6.7 million viewers nationwide. The 
VNR included interviews with the FTC and, again, highlighted a message 
of steps for prevention and for post-victim assistance.

Making sure victims understand their rights
    In addition to the many voluntary steps members of the CDIA have 
taken on behalf of consumer victims, our members must also comply with 
specific duties under the Fair Credit Reporting Act (15 U.S.C. Sec. 
1681 et seq.). As important as it is for our members to comply with the 
law, it is equally important that victims of identity fraud are fully 
aware of their rights. To help accomplish this goal, the CDIA produced 
a brochure entitled ``The Credit Reporting Dispute Resolution 
Process.'' A simple flow chart, which is color coded, ensures consumers 
understand what must be done with their dispute of fraudulent 
information each step of the way. It has been an effective educational 
tool and it won the National Association of Consumer Agency 
Administrators' Print Media--Private Sector Category Award in 2000. 
Each year the CDIA sends letters to State consumer protection and State 
attorneys general offices offering free bulk supplies of this brochure.
Are the efforts of Government and the private sector paying off ?
    There are some trends which are encouraging and which show that our 
Nation is making progress on this issue. The efforts of the FTC, our 
industry, and others to educate consumers about identity fraud appear 
to be making headway.
    First, our own members report that the majority of consumers who 
contact our credit reporting members' fraud units are taking 
preventative steps and are not reporting an actual crime. This is a 
strong indicator that the message is getting out to the consumers to 
exercise caution and quickly take the right actions to protect 
themselves.
    Regarding victims of the crime, the FTC's own identity fraud trend 
data shows that 42 percent \3\ of the consumers who contacted the FTC 
learned about the occurrence of the crime in less than a month. This 
percentage is fully 10 percentage points higher than the statistic 
cited in the FTC's previous report. Here too, we see that where 
consumers are educated, they are learning how to spot the crime, and 
take steps to limit the extent of the criminal's activity. Ultimately, 
consumer education remains one of the best crime-prevention efforts on 
which we can continue to focus.
---------------------------------------------------------------------------
    \3\ Federal Trade Commission Report produced by the Identity Theft 
Clearinghouse entitled ``Identity Theft Complaint Data, Figures and 
Trends on Identity Theft,'' November 1999 through June 2001, page 4.
---------------------------------------------------------------------------
Summary
    In conclusion, we believe that since this crime began being debated 
publicly, a great deal has changed. Our members have voluntarily 
adjusted their practices to better assist victims. The educational 
efforts of the private sector and the efforts of Government are making 
progress with consumers, both in terms of a improving a consumer's 
understanding of prevention and post-victim assistance steps that can 
be taken. New laws have been enacted to define this crime and to 
clarify that consumers are clear victims. This point may seem to be 
less significant today. At one time 1 victims' top complaint was merely 
that law enforcement did not consider them to be victims under a crime 
statute. We continue to applaud the enactment of the ``Identity Theft 
and Assumption Deterrence Act of 1998'' (Pub. L. 105-318) and the more 
than 30 State laws which our members have actively supported.
    In all of this, while procedures will help victims and reduce 
application fraud, and while consumer educational efforts will 
continue, we believe that it is critical is that Congress ensure that 
law enforcement has the resources necessary to enforce the law. 
Ultimately, identity fraud is not a consumer protection issue begging 
for new laws. It is a crime prevention issue in need of large-scale, 
coordinated efforts to investigate and prosecute criminals. Law 
enforcement needs the financial support of Congress to get the job 
done. Everyone who even considers perpetrating identity fraud, should 
also know that they will be pursued, prosecuted, and incarcerated. 
These criminals deserve nothing less.
    Finally, we believe that the FCRA does have the basic framework of 
rights that all consumers need and deserve. Time frames for the 
completion of the reinvestigation of a consumer's or victim's dispute 
are particularly important and this is one of the seven provisions of 
the FCRA that operates as a uniform national standard. The benefit of 
having a national standard is that we can design our systems for 
assisting consumers and victims on a nationwide basis and we can be 
much more successful in encouraging national and local lenders to use 
our automated systems for dispute resolution which allow us to often 
resolve disputes in less than the FCRA standard of 30 days. It would be 
vastly more difficult to build a nationwide dispute resolution network 
if we had competing State requirements and this would work against 
servicing the needs of identity theft victims, as well. We believe that 
the standard time frames for completion of reinvestigations and all of 
the uniform standards found in Section 624(b) of the FCRA should be 
made permanent.
    Thank you for the opportunity to appear before this Committee and 
to share our views. I am happy to answer any questions you may have.



                   PREPARED STATEMENT OF LINDA FOLEY

           Executive Director, Identity Theft Resource Center
                             June 19, 2003

    Members of the Committee, thank you for the opportunity to provide 
both written and oral testimony for your Committee today and for your 
interest in the topic of identity theft.
    The Identity Theft Resource Center (ITRC) is passionate about 
combating identity theft, empowering consumers and victims, assisting 
law enforcement, reducing business loss due to this crime, and helping 
victims. We are honored by your invitation and will continue to make 
our opinions available upon request to your representatives over the 
next few months as you grapple with this complex crime and the FCRA 
sunsetting.

About ITRC
    The Identity Theft Resource Center's (ITRC) mission is to research, 
analyze, and distribute information about the growing crime of identity 
theft. It serves as a resource and advisory center for consumers, 
victims, law enforcement, legislators, businesses, media, and 
governmental agencies.
    In late 1999, Linda Foley founded this San Diego-based nonprofit 
program after becoming a victim of identity theft. In her case, the 
perpetrator was her employer. ITRC's work with thousands of victims (by 
e-mail and by phone), credit granters, representatives from the CRA's, 
law enforcement officers, governmental agencies, and business has 
taught us much.
    Jay Foley, ITRC Co-Executive Director and Co-Writer of this 
testimony has spent hundreds of hours speaking with victims while 
assisting in their recovery, listening as they discuss their 
revictimization by ``a system that doesn't care, understand, or 
listen.'' As one of the few groups that deal with a victim throughout 
recovery process, we have a unique perspective on the crime. Our 
information is not just moment of discovery statistics. Our information 
comes at the cost of minutes, hours, days, weeks, months, and years of 
a victim's life.
    Through our testimony we will introduce you to some of the victims 
who have helped us to understand the changes that must be made in the 
areas of prevention and recovery. We hope their stories illuminate the 
issues as clearly for you as they have for us. To protect their 
privacy, they will be referred to as initials only.
    The ITRC has worked for a number of years to make changes in laws, 
policies, business practices, and trends to combat this crime. As a 
result, we have composed a list of recommendations that we feel will 
make a difference both in crime prevention (keeping the information 
from the hands of criminals and the issuance of credit) and in victim 
recovery.

Our Testimony
    ITRC has been asked to address the following points:

 The Crime: Who are these criminals and what is identity theft?
 The Victim: What are some of the crimes we hear about?
 Crime Expansion: crime trends, numbers, stats, anecdotes and 
    articles?
 Victim Recovery: What steps must victims take?
 Recommendations about areas that need change?
 Provide your perspective as to the value of State involvement.
 Our opinion of the FCRA battle.

Identity Theft
The Crime
    There are four recognized main categories of identity theft:

 In financial identity theft the imposter uses personal 
    identifying information, primarily the Social Security number, to 
    establish new credit lines in the name of the victim. This person 
    may apply for telephone service, credit cards, loans, buy 
    merchandise, or lease cars and apartments. Subcategories of this 
    crime include credit and checking account fraud.
 Criminal identity theft occurs when a criminal gives another 
    person's personal identifying information in place of his or her 
    own to law enforcement. In relation to your Committee and focus, 
    this type of crime might occur in relationship to checking account 
    fraud. Many States do prosecute on bad checks or on opening 
    accounts fraudulently.

    Case history: One of our recent cases involved a woman who lives in 
Pittsburgh. Her imposter had several warrants in Kentucky for opening a 
fraudulent checking account and writing bad checks on it. The victim 
was 8 months pregnant at the time of the crime, restricted by her 
doctor to bed (in Pittsburgh), and clearly incapable of committing this 
crime. The bank finally cleared her but forgot to tell the DA to cancel 
the warrant. She has incurred legal expenses, as well as other expenses 
in clearing her name and rectifying the inaccurate records from various 
databases.

 Identity cloning is the third category. This imposter uses the 
    victim's information to establish a new life. He or she actually 
    lives and works as you. This crime may also involve financial and 
    criminal identity theft as well. Types of people who may try this 
    fraud include undocumented immigrants, wanted felons, people who do 
    not want to be tracked (that is, getting out of paying child 
    support or escaping from an abusive situation), and those who wish 
    to leave behind a poor work and financial history and ``start 
    over.''
 Commercial identity theft is similar to financial identity 
    theft and cloning except the victim in this type of case is a 
    commercial entity. Criminals open checking and credit accounts as 
    that company, order product, and may even try to conduct business 
    as that entity. Unfortunately, this has yet to be explored topic 
    and good answers for these victims are few.

The Victims
    Identity theft is a dual crime and no one is immune, from birth to 
beyond death. Who are these victims? It could be you, unknown at this 
very moment. Let us introduce you to some of our clients/victims who 
have turned to us for assistance. Some of these cases are cut/paste of 
e-mails we have received from victims. We present them to you so that 
you can see what we work with on a daily basis.
    Case 1: Child Identity Theft. Victim owes about $65,000, $4,700 in 
child arrears and has 3 DUI warrants in his name. One problem. Jose is 
only 6 years old now and those arrears are to himself. The perpetrator 
is his father, now divorced from Jose's mother, an illegal immigrant, 
and subject to deportation when found.
    Case 2: Identity Theft of the Deceased. Perhaps one of the most 
poignant stories we have heard (New Jersey Star Ledger reported it) is 
the theft of a man's identity who died in the World Trade Center attack 
on September 11, 2001. His widow was notified about 10 months after the 
event to discuss her husband's recent auto accident. She went through 
hours of turmoil only to discover that an illegal immigrant had created 
a false driver's license and was living and working as her deceased 
husband. Unfortunately, this is only one of more than several dozen 
cases that we have worked on involving the deceased. In some cases, the 
imposter has purchased the information, in others the perp is a family 
member or even a caregiver. Some may ask what is the harm in using the 
Social Security number of the deceased. Not only can this affect the 
estate but the survivors still dealing with the grief of losing a loved 
one. In one other case, a mother has had to fight collectors trying to 
collect money from accounts opened in her daughter's name, a daughter 
who died several years ago. Each new call opens up the wound again.
    Case 3: Information Breach, Workplace Identity Theft. T's identity 
was stolen by her doctor's receptionist. She found out when applying 
for her first home loan, her dream home. Months later, after clearing 
her records, spending her own time to research how her thief got her 
information and used it, and seeing another family move into her home, 
she was able to convince authorities to prosecute her offender. The 
result--the thief is now living in a halfway house, driving the car she 
bought with T's identity, and working for another doctor as a staff 
member. T was finally able to buy a house almost 2 years later, at a 
higher purchase cost, with a higher interest rate due to the multiple 
accounts that had been opened in her name after the placement of a 
fraud alert.
    Case 4: Victim Recovery Issue. Victim owns her own business. For 
the past 3 years, she has been in a fight with her bank. They 
repeatedly open new accounts and grant access to her existing accounts, 
even generating dual credit cards sending them to the imposters as well 
as herself. At one point, she went to the local branch of her bank to 
once again put to rights the transfer of her account information. With 
multiple pieces of identification in her possession she was devastated 
by the bank officers who would not acknowledge her right to discuss the 
accounts in question or accept her identifying documents including 
passport, driver's license, utility bills, business license, and Social 
Security card. To date she still has problems with her bank and her 
accounts. She is currently talking to an attorney and plans to sue the 
multiple companies who continue to torment her and refuse to correct 
their errors. She believes that lawsuits are her only option left.
    Case 5: Financial identity Theft Turns into Criminal Case. Two 
nights ago, I was arrested as part of a 4-year ongoing theft of my 
identity. The arrest was over bad checks written in Lincoln, Nebraska 
near where I reside.
    The issue, other than the arrest and all that goes with it, is the 
fact that JPM was able to open fraudulent accounts because the Nebraska 
DMV had issued her a license with her picture and my information. I do 
not know what documentation she provided them, but we clearly do not 
have the same physical features. This should have sent up a red flag to 
the DMV. As a result, JPM illegally used my identity to spend almost 
$40,000, with new credit cards and with fraudulent checks.
    I am doing the best I can to be compensated for the money spent on 
bail, loss of work time, personal stress, which all occurred while I 
was finishing my undergraduate degree and throughout my master's 
degree. Needless to say, this has interfered with my performance in 
school because of the time it takes to free myself as a citizen and as 
a consumer. The arrest was the last straw, and I have been told that 
the statute of limitations to sue the woman who stole my identity has 
expired. I am looking for help.
    Case 6: Social Security Number Used as Driver's License Number. 
Victim had car broken into just prior to a move from Hawaii to 
Delaware. A file with all identity and information was stolen in Hawaii 
including her driver's license which used her Social Security number as 
the identity number. Since then a fraudulent cell phone account was 
setup with VoiceStream generating a bill for $10,000.00. The victim has 
made some payments during the course of the account dispute due to the 
bullying action of the collectors threatening to attach to possessions. 
Because of that VoiceStream refuses to acknowledge the account is 
fraudulent.
    Case 7: Security Breach. Victim was referred to ITRC by the FBI 
Victim/Witness Coordinator. The victim is a 72-year-old retired Air 
Force Major. His dentist told him his identity was stolen. The dentist 
had befriended a man who saw the victim's dental records. This man then 
copied and used all of victim's info. The dentist found out when he saw 
files out of place. This befriended man/handyman was the only person 
who had access. The imposter purchased a condo, a BMW, and used the 
victims HMO for medical services. The victim's HMO paid for this. Upon 
arrest it was discovered that the imposter had a prior record of fraud. 
The imposter is now in jail on nonrelated charges.
    Case 8: Cloning. Victim lives in San Diego on disability. The 
imposter is living and working in Illinois. Fraud is impacting her 
disability. IRS and SSA have been contacted. Victim is fearful of 
losing housing and being unable to cover living expenses due to the 
lengthy time of recovering her good name and clearing the records.
    Case 9: Workplace Identity Theft. The victim recently found out of 
the identity theft. In 1999, a co-worker stole her credit card. The 
victim went through all the necessary procedures with her credit card 
company to remove the charges including filing a police report. In 
January 2002, the victim applied for a loan with a small finance 
company. The victim was told her Social Security number had already 
been used to apply for a loan with this company. The victim retrieved 
the application and found it was used back in 1999 by the same lady who 
stole her credit card. The victim had never been contacted by this 
company. The company's reply: We denied the application. Unfortunately 
in doing so, they did not indicate that it was denial due to fraud but 
due to not enough income.
    I did go to the company with this, I even spoke with the Vice 
President in South Carolina and she was useless. I still have not 
received a copy of my credit report so I am not sure if she has not 
done any real damage or not. I am sure she used my Social Security 
number and I am not sure how else I can file a report if the police are 
not helpful. Thank you again.
    Case 10: Extreme Case. Victim's identity stolen by co-worker 10 
years ago. She knows who the perp is and he has been questioned but 
released by police (refusal to take action due to ``extenuating family 
circumstances''). In the meantime, the victim has been unable to stop 
the perp from opening credit and checking accounts, fraudulently 
applying for welfare, etc. She has had to change her Social Security 
number, driver's license number, and name, essentially recreating 
herself in order to separate and protect her from the actions of the 
perp.
    Case 11: Reoccurrence. My wife was a victim of identity theft in 
1999. After many letters, a police report, and an affidavit of forgery, 
we thought everything was settling. We were reassured that the loan and 
credit that was taken out in our name was removed from our reports and 
that our credit restored. We asked several times for correspondence 
that this was taken care of but no one returned a letter. As time 
passed and we received no bills, we forgot about it. That is until we 
received an Equifax on June 2, 2002 showing it still on the report. I 
tried to contact the office that I communicated with before but no one 
would return my call. The date reported was after we had notified them 
of the dispute. Are they in violation of the FCRA? Please advise or 
direct.
    Case 12: Family Identity Theft. Victim's relative used victim's 
identity to clear out victim's bank accounts. This relative has 
victim's Social Security number and stole checks. Victim has filed 
police report and is in contact with the managers at her bank. LEA is 
not investing a great deal of time on case, usually claiming that this 
is a family dispute. Family identity theft is one of the most difficult 
crimes we work on, in part, due to lack of police action and, in part, 
due to the emotional impact of this crime. How does one turn one's own 
mother in to the police? Unfortunately, we receive about 3-5 of these 
types of cases each week.
    Case 13: Domestic Abuse, Harassment. The victim was divorced in 
1987, she now lives in Florida. The ex-husband is operating here in San 
Diego. Due to the actions of her ex, the victim is having IRS, SSA 
problems and is dealing with 3 accounts under her name. Unfortunately, 
identity theft is the perfect tool to harass another person and to 
perpetuate domestic abuse after a divorce or separation.
    Case 14: Stolen Wallet. I live in Texas. On June 2, 2002, my wallet 
was stolen in New York City. On June 6, 2002, a woman began using my 
identity from the wallet including driver's license, Social Security 
number from a medical insurance card, place of employment, and stolen 
cards to establish instant credit at 9 different stores in 3 different 
States. I have placed a credit alert fraud with the three credit 
reporting agencies but there has already been theft totaling in excess 
of $16,000. I am now having difficulty getting anyone to follow through 
with a report and also changing my drivers license number. Because the 
theft occurred out of my home State, I have to follow up on the phone 
and not getting much response or help.
    Case 15: Military Spouse. I have had the frustrating and 
humiliating experience of somebody taking my maiden name and Social 
Security number in order to open numerous fraudulent utility accounts 
leaving my credit reports a mess. I am also a military wife who is 
required to show my Social Security number on my identity card, which 
is used for everything.
    Case 16: Enable Credit Granting Behavior. I was a victim of credit 
fraud/identity theft beginning in November 2001, and continuing until 
approximately April 2002. All of the many fraudulent credit 
applications using my name and identifying information were done in the 
Los Angeles area. Somehow, my personal identifying information (Social 
Security number, name, birth date, etc.) were obtained and used to 
apply for instant store credit at Radio Shack, Gateway Computers, and 
approximately a dozen other merchants. Additionally, my personal credit 
card was ``taken over'' by these criminals. By calling Visa and posing 
as me, they changed my billing address, and claimed that they had lost 
the credit card. They then received my new Visa card in the mail at the 
fraudulent address. They applied for many credit cards under my name 
and were even successful at getting a few, then charging the cards up 
to the maximum very quickly.
    Case 17: Mail Theft by an Acquaintance. I just found out on June 
14, 2002, that I am the victim of identity theft by my housekeeper/
babysitter. Since she had access to my mail it was easy. She opened the 
first account in April 2001. She has charged over $10,000 that I am 
aware of and I have jewelry, etc. missing from my home. This is so 
recent that I do not even know what I am up against yet, what I do know 
is that this has hurt my 11-year-old daughter very badly. My daughter 
sang in the housekeeper's wedding last May, I wonder now if the wedding 
was all charged to me! I would be happy to talk to anyone about this. I 
live in a small town of 12,000 people, right now I know 4 people, 
personally, that this has happened to including the President of one of 
the banks here in town. Something must be done!! She is having trouble 
getting creditors off her back.
    Case 18: Domestic Abuse, Insurance Fraud. My ex-husband and his 
employer used my Social Security number to file medical claims on my 
health insurance. My ex has not been covered on my insurance since 
1999, and I have changed employers and insurance carriers since that 
time. However, claims for February 2002 through May 2002 have been 
filed on my current insurance. He has obtained the information without 
my knowledge. I found out about the claims after receiving Explanation 
of Benefit forms from my insurance provider. The claims have been 
denied, so the insurance provider states that they are doing their job. The insurer will not file a report with the police.
    Case 19: IRS Complications. I have had my identity stolen. Someone 
has gotten hold of my Social Security number and, from that, cause me 
to have false credit bureau claims and a warning from the IRS that I 
had underreported my income. Creditors have harassed me and required me 
to go to extraordinary lengths to prove that I could not have incurred 
the debt in question. The IRS has required extensive documentation as 
well. Right now the activity has settled down, but anytime the next 
shoe could fall. Even though there is a certain person I suspect of 
engaging in this identity theft, law enforcement authorities turn a 
deaf ear. I really do not blame them, it is not a high-priority crime 
to them. To me, it is a major theft and closely akin to rape. This 
whole situation has been aided by the use of computers and the overuse 
of the Social Security number. I understand that the original law 
establishing the issuance of Social Security numbers stated that that 
number should only be used for Social Security, but indeed, that has 
not been the case.
    Case 20: Victim Frustration--Complex Case. I became a victim of 
identity theft in March 2001. I found out when the person who had my 
Social Security number tried to open a credit card with a bank that I 
already had a card with. The woman was not able to give my correct 
birthday. They contacted me but they gave me a hard time saying that it 
was my daughter. They suggested that I contact the credit agencies 
about a fraud alert. That is when I found out that the person had many 
credit cards and a cell phone and they even bought a computer from 
Dell. Since I found out early, I was able to stop almost everything 
before it was way out of hand. I filed a report with the Dallas police 
department and talk to a detective all the time. Only to find out they 
would do nothing. They had the address the cards and computer was sent 
to but they would not go there. They even had another address where the 
person used a credit card in my name to buy a pizza. I found a lot of 
information on the Internet and started writing letters and sending 
them certified return receipt. I also made a file that I have with 
everything I did and all the copies. It took many months to clear 
everything up and I still have the fraud alert on my report for 7 
years. This is a crime that is too easy for someone to do and they get 
away with it because our laws are too easy and the officers are not 
trained on this type of crime. I feel I am luckier than most because I 
found out early and was able to clear up the damage within a year.
    While you know my story, that only tells part of the picture. What 
I discovered disturbed me greatly:

 Fraud alerts only help a little. Most places do not even honor 
    them. So, I am not sure they help very much.
 After I put the fraud alert on, they still opened a few more 
    credit cards. All of the accounts they opened were done on the 
    Internet.
 I found that the credit card companies did not care much, they 
    just closed the accounts. But before they will close the accounts, 
    you have to prove to them it was not you who opened the account.
 They also made you wait on the phone a long time and you are 
    transferred to many people before you found one that could help 
    you. Most of the people I talked with acted like they were not 
    educated enough on the subject.
 They treat you like it was your fault and most of them need 
    more training on this issue.
 The police are no help at all.
 The credit agencies take forever to remove the fraud accounts 
    from your file.
 The victim spends hundreds of hours writing letters and making 
    phone calls trying to remove the damage that the thief caused while 
    they were free to go to the next victim.
 Laws should help the victims, but you are alone when it comes 
    to identify theft.

Victim Impact: The Good, The Bad, and The Ugly
    While the victims are not usually held liable for the bills 
accumulated by the imposters, many do suffer significant financial and 
emotional harm from this crime. According to studies done by the 
Privacy Rights Clearinghouse (PRC)/CALPIRG in 2000 and Federal Trade 
Commission (FTC), the average victim spends about 175 hours and $1,100 
in out-of-pocket expenses. These expenses include notarizing, postage, 
telephone, travel, photocopying, costs involved in getting police 
reports and fingerprints, and resource materials. ITRC is in the 
process of completing an updated study. We believe that the numbers 
will be significantly higher due to the complexity of the crimes 
committed.
    In many situations this does not cover time lost from work, loss in 
productivity while working or loss of personal or vacation time. Some 
victims never truly regain their financial health and find credit 
issuers and even employers are reluctant to deal with someone with 
``baggage.''
    To have someone use your good name, a reputation in which you have 
invested much time, energy, and money, is a deeply felt violation--
financially, emotionally, and on that has the power to affect your 
decisions, relationships, and financial/criminal history from that 
point forward in your life.
    The emotional impact of identity theft can be extremely traumatic 
and prolonged due to the extensive amount of time it can take to clear 
one's name. Some victims can be dealing with the crime for 3-7 years 
after the moment of discovery.
    Victims face many challenges in cleaning up the mess left by the 
thief. In the best case scenario:

 Law enforcement takes a report and provides a copy to the 
    victim.
 The victim discovers the case early enough to prevent it from 
    being sold to a collection agency.
 The initial contact with the creditor is not misleading nor 
    ignored.
 The creditor freezes the account based on telephone contact 
    and closes it completely when presented with a police report 
    identifying the account as fraudulent.
 The victim is provided with information that when provided to 
    law enforcement makes the case and supports the arrest and 
    prosecution of the thief.
 The victim is given a letter of clearance and the entries and 
    inquiries are removed from the credit report.
 The creditor works with the victim and the police to complete 
    the case.

    In the bad version, the victim:

 Victim fights with police to get a report taken.
 Has to deal with the creditor and one or more collection 
    agencies.
 The creditor's staff is unhelpful. They provide inaccurate 
    information.
 Creditors refuse to make account and transaction information 
    available to the victim claiming privacy concerns of the 
    accountholder/criminal. The victim is burdened with proving 
    innocence without the benefit of knowing where the charges were 
    made, how the account was opened, dates of purchases, etc.
 Too often victims are told to have the police request this 
    information but when requests are made by law enforcement they are 
    denied access as well without a stack of paperwork at best.
 They make statements to the victim that the account is cleared 
    up but do not take the actions necessary to close or clear the 
    account.
 Accounts are resold after the victim has provided proof of the 
    fraudulent nature of the account.
 Victims are told that they are still responsible for the 
    account when a family member did it fraudulently.
 Accounts are not removed from the credit report by the 
    creditor when proven to be fraudulent.
 Victim is mislead to believe that the CRA will respond to 
    their requests to have information removed or corrected on the 
    credit report. The CRA passes the fact that a dispute over the 
    validity of an account exists to the creditor but does not present 
    any of the evidence submitted by the victim.

    In the ugly version, the victim:

 Faces all of the problems from the bad version plus.
 The victim is sued by the creditor without the victim's 
    knowledge and a judgment rendered against the accountholder--the 
    victim. (The imposter is served.)
 The victim is arrested for the crimes of the thief.
 Property is seized by court order leaving the victim to 
    attempt to have the court reverse the order.
 Homeless people and minors face many unique problems getting 
    copies of their credit reports.
 Despite all efforts, the victim is unable to stop the thief 
    from using his/her Social Security number, name and other 
    information. In these cases the ultimate solution is to change 
    one's identifying information--name, Social Security number, 
    driver's license number, etc. The problem: This solution creates 
    more problems then it solves. You are now a person without a 
    credit, work, college, or life history. You are nothing more than a 
    blank slate.

Identity Theft's Negative Economic Ripple Effect
    In terms of economic impact, a recent Florida Grand Jury report 
stated: ``The average loss to the financial industry is approximately 
$17,000 per compromised identity. For criminals, identity theft is an 
attractive crime. An identity thief can net $17,000 per victim, and 
they can easily exploit numerous victims at one time, with relatively 
little risk of harm. By comparison, the average bank robbery nets 
$3,500 and the criminal faces greater risk of personal harm and 
exposure to a more serious prison sanction if convicted.'' (reprinted 
at www.idtheftcenter.org under Speeches.)
    The Privacy Rights Clearinghouse 2000 Report found the average 
economic loss per victim to be $18,000, ranging from $250 to in excess 
of $200,000 (footnote 1). While the FTC study, so far, shows a 
different number, their numbers are based primarily on moment of 
discovery. In identity theft, it sometimes takes months before the 
total damage can be assessed.
    Using the number of $17,000 per victim and the estimate of 700,000 
victims, the economic loss could total $11.9 billion to merchants, 
credit issuers, and the financial industry in 1 year alone.
    ITRC would like to further add that that $11.9 billion loss is just 
the beginning. You also have to add the cost of law enforcement and 
criminal justice time, costs to victims (including expensive attorney 
time) and secondary economic losses to merchants when merchandise 
``bought'' by imposters is resold resulting in a lessening of customer 
trade. Finally, there is the cost of investigating and prosecuting 
secondary illegal activities (drug trafficking, etc.) funded with the 
money made by imposters or information brokers who sell the documents 
used by some imposters and those wishing to identity clone.

Identity Theft Trends
    There are clear indications that identity theft is not only a crime 
that is committed by your garden-variety type of thief but is also used 
by organized crime groups. ITRC's new study will help to show the 
complexity of the crimes that are committed, the impact financially and 
emotionally and to help us track this crime even more effectively.
    Dumpster diving: Digging through trash is not glamorous but can be 
very profitable especially when that dumpster sits behind a mortgage 
broker, dentist's office, rental office, insurance company, or even a 
market or governmental agency. The papers there are a wealth of 
information including account number, Social Security number, names, 
unlisted phone numbers, and even mother's maiden name. The value of 
these dumpsters is that the thief doesn't leave with one document but 
with dozens at a time.
    Scams: Creative writing teachers would be proud with the types of 
both telephone and Internet scripts that have been written to separate 
you from your information. Some, including that apparently come from 
governmental agencies or from credit providers even seem to fool 
experts. ITRC receives at least a dozen requests each week from people 
asking us to verify a ``legitimate'' looking scam. One DMV Director 
even forwarded an urban legend to us that contained only partially 
correct information. He received it ``from a reliable source.''
    Mail theft: In a recent conversation with a postal inspector in 
California, we were told that a good portion of identity theft cases 
involves the post office. Not only is it a way to move information, 
receive ``stolen'' good and cards but also the mail is a rich source of 
sensitive information. Preapproved credit offers are but one of the 
problem areas. Convenience checks (that come with credit statements--
ready to use by anyone), any bank/credit/financial statement with an 
entire account number imprinted on the bill, health benefit statement, 
payroll stubs and statements, literally hundreds of sheets that make 
their way to your home could be intercepted and used for identity 
theft. And the problem is that the post office is not the only location 
to steal this mail. It could be intercepted in a variety of locations--
print shop, mail room (either outgoing or incoming if returned to 
sender), postal office and then finally your own either locked or 
unlocked mailbox. Your own roommate, friend, caregiver, or family 
member could look at the mail, steal it, or just use the information.
    Checking account takeover: Checking account takeover is a heinous 
crime in that it can be accomplished in many ways. Your account can be 
accessed electronically, checks that you issue can be reused, and 
checks can be computer generated using your information on the top but 
a different bank routing and account number on the bottom. To date, the 
financial community and consumer groups have yet to find a good 
solution to this issue.
    Identity theft and other illegal activities: The reality is that 
identity theft is a way to make a lot of money quickly. This 
automatically draws the attention of narcotic dealers, manufacturers 
and junkies, gamblers, alcoholics, those who compulsively spend money 
and those who sell information (like selling drugs) to make large 
quantities of money to live the lifestyle they wish to enjoy.
    Gang behavior, information trafficking and identity theft: Several 
law enforcement groups have now shared that their large cities have 
given rise to organized identity theft rings. These groups control the 
information selling, teach others how to commit identity theft, and 
find the ``targets'' that will become their mules or information 
gatherers. They may have a division that helps to sell ``stolen'' 
merchandise or to traffic merchandise on the black market.
    These groups are also setting themselves up as businesses, allowing 
them access to information from groups like the CRA's and datahouses 
like ChoicePoint. They are finding ways to target groups of people 
based on a variety of fields--address, economic status, last name, 
ethnicity--so that they can customize the information for sale.
    Level of sophistication: Just when we think we have heard the very 
worst-case scenario, another person contacts our office with an even 
more difficult case. Gangs are working smart and even teach each other 
about our law enforcement and business weak links. There is a reason 
that some companies are regularly hit and others are rarely hit. 
Instead of opening 5 new credit cards, they open 30. In fact, skimmers 
may be found with more than 10,000 ``new'' credit cards ready to sell 
or use. These criminals have become bold and brazen. Why?--why not, 
especially when so few are caught and the crime is so profitable?
Three other areas of concern:

    1. Non-English Language Victims: Identity theft is an equal 
opportunity crime. It can strike anyone with a Social Security number. 
According to the latest census, in California one-third of our 
population is non-English speaking. However, even the simpliest task of 
ordering your credit report is difficult. In both of the CRA's that use 
automated systems, neither provide an option for even Spanish. Should 
the victim have another person call in for their report on their behalf 
(trusting their Social Security number to yet another stranger/friend), 
the information sheets which include consumer rights, how to understand 
the report or what to do, come in one language only--English. These 
same victims face similar situations in contacting credit issuers and 
collection agencies. ITRC has worked with some of these victims--in 
part through a translator and partly in the victim's native tongue. The 
frustration level is high and their dissatisfaction with the system 
even higher. Some have given up and just paid the bills, fearful of the 
consequences and not understanding their rights.

    2. Deployed Active Duty Military: It is difficult enough to clear 
up a problem of identity theft if you have the time and ability to do 
so. But you cannot deal with a case in a timely manner while deployed--
either into a battle zone or in an overseas duty station. At this time 
we are working with about 20 military personnel.
    ITRC has proposed a plan for a Military Victim Support Program to 
several legislators, asking the Department of Defense to consider 
creating a trained body of JAG aides/victim liaison officers who will 
work with these members, almost as a one-stop shop. This program will 
save money, help to highlight security issues, and assist deployed 
military members as they serve our country, sometimes at great physical 
risk. ITRC will make that plan available to any Committee Member who 
will help us to move this program forward.

    3. Identity Theft and Dominance/Domestic Abuse: Identity theft is 
the perfect tool to dominate, abuse, and harass another individual. 
More and more we are seeing cases like this.
Recommendations for Laws
    It is our goal in the next section to illuminate problems reported 
by victims and law enforcement and to provide recommendations for 
consideration. ITRC has always been known as a problem-solver and not a 
finger-pointer.
    The Finding section of each recommendation is based on ITRC's 
research, studies widely available, and input by victims, law 
enforcement, and businesses. For text recommendations, please contact 
the ITRC national office. A * denotes areas of highest priority.
    A final comment. Many of these ideas are common sense, and ITRC 
hopes that the involved entities voluntarily absorb these concepts as 
standard practices. Legislative solutions should be a last resort. In 
fact, voluntary acceptance can be used to an advantage as illustrated 
in the following anecdote:
    Three weeks ago we bought our cell phones from Cingular. Both of us 
have fraud alerts on our reports. We explained to the salesperson at 
Best Buy that he might encounter a delay. He never had heard of fraud 
alerts through he specializes in one of the items that thieves are more 
likely to buy. Indeed, Cingular did notice the fraud alert, my husband 
went home to answer the telephone call to approve the transaction, and 
with no more than a 15-minute delay we had our phones. Cingular 
voluntarily did the right thing and has a loyal customer due to that.

1. Police Reports
    Finding: One of the biggest victim complaints is that law 
enforcement refuses to take a crime report in identity theft cases. 
``You are not the victim, the business is.'' A secondary problem is 
jurisdiction, since many of these crimes cross lines both 
geographically and by agency. The victim's mail may have been stolen in 
Houston, but credit purchases are being made in Virginia and in 
Oklahoma. Who handles this case? The Post Office fraud investigation 
team, the Houston police, or the sheriff in Virginia?
    The other problem facing victims is that without a police report, 
credit issuers simply do not believe you. Bank fraud investigators have 
stated at legislative hearings and at conferences that a main 
determining factor in separating victims from those avoiding paying a 
bill is a crime report. The belief is that a ``deadbeat'' will not file 
a false police report and take the chance that they will be arrested 
for that action.
    Recommendation: Legislation declaring a person who has learned or 
reasonably suspects that another has unlawfully used his or her 
personal identifying information may initiate a law enforcement 
investigation in his or her own local jurisdiction and shall receive a 
copy of said report. For recommended text, see California P.C. 530.6 
(www.leginfo.ca.gov).

2. Victim Access to Records on Accounts Opened in His/Her Name
    Finding: The burden of proving one's innocence lies on the 
shoulders of the victim. In a sense, you must prove a negative--that 
you did not open the account or make the purchases. This requires 
knowing the application and transaction information. If purchases were 
made in person in New York and you were working in Houston that day, 
you have a chance at being taken seriously. In some cases, victims 
recognize the handwriting on an application or know who made the 
purchase because they personally know the perpetrator.
    Recommendation: Legislation that allows the victim of identity 
theft and the investigating law enforcement agency to receive 
application and transaction information on fraudulent accounts opened 
in his or her name. Language recommendations: California P.C. 530.8 or 
S. 1742 (Federal bill--author Senator Cantwell).

3. Declaration of Innocence--Criminal Identity Theft
    Finding: Cases of criminal identity theft are especially difficult 
because even after proving you were not the person who committed the 
crime (or got the tickets), your name remains the ``alias'' on record. 
Every time a police officer stops you, when a potential employer does a 
criminal background check or you go out of the country on vacation, you 
wonder if you will be accused of the imposter's crime yet again.
    Recommendation: Legislation and/or policies to allow a person to 
petition the court for a ``factual declaration of innocence.'' We 
recommend that the victim not only be issued an official record of that 
declaration, but also for the State to establish a database that would 
keep these records. If the person loses the paper (most carry copies 
for life), this database would contain the order and a copy of the true 
person's fingerprint(s) for comparison in the case of another instance 
of mistaken identity.

4. Statute of Limitations for Lawsuits Involving Identity Theft
    Finding: Identity theft is an unusual crime. Most victims of other 
types of crime are involved from the moment the crime began. If your 
car is stolen, your house is robbed, or you are mugged and your purse 
taken, you know about the crime almost immediately. This is not true in 
identity theft. In three studies (FTC, Florida Grand Jury, Privacy 
Rights Clearinghouse), the average victim did not find out until 12-16 
months after the crime first began. By Federal law, the clock starts 
when the crime began, giving identity theft victims only a few months 
to investigate, assess the damage, and find out how the crime may have 
begun. Many victims take a year or more to get to this point.
    Recommendation: Legislation to allow victims of identity theft and 
financial fraud at least a 2-year window to initiate a lawsuit against 
involved parties, starting from time of discovery and not time of when 
the crime(s) occurred.

5. Confirmation of Change of Address--Account Takeover
    Finding: Account takeover has been a problem for many years. It is 
fairly easy to find out the credit card number of an individual: Via 
mail interception, shoulder surfing, skimming, register receipts, and 
scams both by telephone and over the Internet. The U.S. Postal Service 
introduced a successful program that mirrors the one recommended in 
this legislation. It mandates that when an address change is requested 
that a card be sent to the current address on record and to the new 
address, informing the consumer of the requested change. The card 
directs the consumer to notify a toll-free hotline should they dispute 
the change of address request.
    Recommendation: Legislation mandating that a company must notify 
the cardholder when a change of address is submitted. This change of 
address notification should be mailed by postal mail (not postcards) to 
the current address on the account, as well as the new address. The 
notice should inform the account holder of the request and give a toll-
free number to call if the account holder had not submitted the change.

6. Mandatory Observation of Fraud Alerts
    Finding: Current identity theft victims want to stop the 
perpetrator from opening yet another account. Many fear (with good 
reason) that unless they immediately lock the door to credit, the 
perpetrator will continue to attack them for years to come. Even if the 
imposter is arrested, there is no guarantee that he or she will not 
sell the information to another individual, who in turn will try to 
open credit using the consumer's information. While California is also 
experimenting with a credit freeze, ITRC believes that the mandatory 
observation of fraud/security alerts is the ultimate credit monitoring 
service.
    The only measure of control over the establishment of new credit 
lines is through a fraud or security alert placed with the three major 
credit reporting agencies. Unfortunately, at this time, the notice of a 
fraud alert--``Do not issue credit without my express permission. I may 
be reached at 555-555-5555 or please contact me at the following e-mail 
address:___''--is advisory in nature only. Language for this bill has 
been already written by Senator Feinstein.
    Recommendation: Legislation that would require all credit reporting 
agencies to indicate to credit issuers that there is a fraud/security 
alert and the entire text of that alert, whether a credit score, 
summary, or full report is requested. AND that all credit issuers must 
check for and observe security alert request as written on credit 
reports. This legislation should include penalties and civil remedies 
for failure to comply.

7. Truncation of Credit Card Account Numbers on Credit Card Receipts
    Finding: Many merchants print your entire credit card number on 
merchandise receipts. Unfortunately, this is an excellent way for 
thieves to gather information and enjoy a shopping spree at your 
expense. The scenario: It is a busy time, perhaps a white sale or 
during the holidays. As Mary wanders from store to store, she doesn't 
notice the gray-haired woman walking behind her. She also doesn't 
notice the woman slipping her hand into Mary's purchase bag and pulling 
out the receipt for the sweater she bought a few minutes ago. By the 
time Mary gets home a few hours later, this woman (minus the gray-
haired wig) has hit two nearby shopping centers and charged about 
$3,000 in merchandise to Mary's account.
    Recommendation: Legislation that states that a person or an entity 
that accepts credit cards for the transaction of business may not print 
more than the last 5 digits of the credit card account number or the 
expiration date upon any receipt provided to consumers. A 2-year phase 
out deadline can be included to allow stores to adjust programs as they 
replace or alter machines and software programs.

8. Free Annual Credit Reports upon Request
    Finding: Credit reporting agencies (CRA's) collect credit 
information provided by credit issuers, merchants, and others and then 
resell it to their customers--credit issuers, merchants, and employers. 
That information is not verified for accuracy, and may even reflect 
addresses used by imposters or misread by clerks. The irony is that if 
this information is not accurate, not only does the consumer suffer, 
but the businesses that purchase this information and use it to 
determine whether to extend credit lines can also be harmed. 
Information distributed by the CRA's seems to take on a life of its 
own. These reports are replicated and distributed by resellers (for 
example, real estate industry). Errors in reports spread like a 
malignant growth throughout the system, affecting a person's ability to 
get credit, buy a house or car, obtain a job, and secure rental 
housing.
    The only way to confirm the database information is to allow the 
consumer to check it over on a regular basis. Currently, the credit 
reporting agencies charge a fee to look at one's credit report, arguing 
that they shouldn't be forced to give anything away for free. Yet, the 
only person who can authenticate information is the consumer. Why 
should they be forced to pay to verify information they did not provide 
to the CRA in the first place?
    Recommendation: We recommend following the lead of several other 
States (Colorado, Georgia, Massachusetts, Maryland, New Jersey, and 
Vermont) in allowing each consumer one free copy of all three credit 
reports per year, upon request and expand upon it to also follow 
California's lead in allowing multiple credit reports for victims of 
identity theft within the first TWO years after the discovery of the 
crime (perhaps one every 3 months). This bill is smart business, good 
for consumers, and good for a State's economy.

9. Victim's Right Act
    Finding: Victims of financial fraud must be given full rights under 
the law. These include the right to reasonable and timely notice of any 
public proceeding involving the crime and of any release or escape of 
the accused; the rights not to be excluded from such public proceeding 
and reasonably to be heard at public release, plea, sentencing, 
reprieve, and pardon proceedings; and the right to adjudicative 
decisions that duly consider the victim's safety, interest in avoiding 
unreasonable delay, and just and timely claims to restitution from the 
offender.
    Recommendation: Legislation that would require the victim to be 
notified of all steps of the criminal process including the trial date 
and the release of the perpetrator from custody. Provisions should be 
made to allow for victim input prior to sentencing and for restitution 
when appropriate. Victims of white-collar crimes should be afforded the 
same rights as those of violent crimes.

10. Information Trafficking
    Finding: As identity theft has grown, suspects have become actively 
engaged in the collection of personal profiles for purposes of identity 
theft. These suspects often steal mail and trash in search of new 
identities to use. They compile lists of victims' names, birth dates, 
Social Security numbers, maiden names, addresses, and other pieces of 
information that can be used to open fraudulent accounts or take over 
existing legitimate accounts. These profiles have become commodities 
that can be sold or traded for drugs or cash. Often the person 
compiling the profile is not directly involved in the actual use of the 
identifiers, thereby avoiding prosecution as an ``identity thief.'' In 
some cases, suspects have retained victim profiles for years, knowing 
they can be used again and again.
    Recommendation: Legislation making the action of information 
trafficking illegal and punishable as a felony or felony/misdemeanor 
(wobbler) depending on judicial discretion. Possible language includes: 
Every person who, with the intent to defraud, acquires, transfers, or 
retains possession of the means of identification of another person 
without the authorization of that person, is guilty of a public 
offense, and upon conviction therefore, shall be punished (terms equal 
to type of crime). The term ``means of identification'' means any name 
together with one or more other pieces of information which can be used 
to identify a specific individual, including a Social Security number, 
date of birth, State or Federal issued driver's license or 
identification number, taxpayer identification number, or unique 
biometric data, such as fingerprint, voice print, retina or iris image.

11. Confidentiality and Protection of the Social Security Number (SSN)
    Finding: The Social Security number is the golden key to financial 
identity theft. However, it is used by so many entities that it is 
nearly impossible for consumers to adequately protect it. New standards 
and laws need to be adopted that dictate collection, use, display, 
security, and confidentiality of the Social Security number. It should 
not be used as an identifier by schools, insurance companies, 
employers, utility companies, or businesses. Social Security numbers 
should not be publicly displayed (that is, printed on timecards or 
badges) or shared with other companies or organizations except where 
required by law. ITRC would hope that business groups would voluntarily 
adopt many of the recommendations in this section and that legislation 
be a last resort.
    Finding: Companies often ask for information that is not necessary 
for the transaction of business. They claim that they may need it at a 
future time or for statistical purposes. There should be some 
restriction of the type of information asked on applications. For 
example, a self-storage company and a health club were recently asked 
why they requested the person's Social Security number. The response 
was that it was a convenient identity number to use as a member number.
    Recommendation: Legislation prohibiting the use of the Social 
Security number as an identifier, except for specified governmental 
purposes. Entities that should not be using the Social Security number 
as an identifier include: Schools, insurance companies, employers, 
utility companies, or businesses. Both civil and business code 
penalties may need to be imposed on those who do not comply with these 
standards. Again, a phase-out program can be implemented to minimize 
costs to those entities that now use the Social Security number as the 
customer identity number.
    Recommendation: Legislation restricting circumstances in which a 
company/governmental agency may ask for certain identifying information 
including Social Security number, birth date, and driver's license 
number. This recommendation includes the requirement that all States 
convert to non-Social Security number for driver's license number use 
rather than allowing the consumer an option.
    Finding: Information is often exchanged in an unsafe manner. Those 
individuals collecting information must be trained on how to collect 
data in a manner that does not compromise the security of consumers or 
employees. That means that information should not be exchanged verbally 
in a public place, where the conversation may be overhead. How many 
times have you seen a pharmacist ask for a Social Security number in 
order to process a prescription? Who is overhearing that conversation? 
How many times have you seen a retail clerk phone in a credit 
application while standing in a workstation surrounded by shoppers? 
Even once is too often.
    Finding: Personal information on databases should be encrypted and 
accessed only on a ``need-to-know'' basis. These people should have 
access audited and their computers must be password controlled. 
Ideally, these people should all have criminal and financial background 
checks performed on a regular basis.
    Recommendation: Only the personal information relevant to the 
purpose to be used should be requested. It must be limited to ``need-
to-know'' personnel, and access of information strictly audited and 
controlled. Consumers and employees must be notified in advance as to 
the purposes of the data collection, to whom it will be distributed, 
and the subsequent use after the fulfillment of the original purpose. 
Legislation should include anticoercion language so that consumers will 
not be penalized if they wish to ``opt out'' of additional services/
lists or denied services if they do not wish to provide sensitive 
information not essential to business operations.
    Recommendation: No person or entity shall sell, give away, or in 
any way allow distribution or use of information collected or provided 
to governmental agencies other than the original purpose for which the 
information was requested.
    Recommendation: Personal data should be protected by reasonable 
security safeguards against such risks as loss or unauthorized access, 
destruction, use, modification, or disclosure of data. If this occurs, 
legislation should be in place to allow for civil litigation and 
possible punitive actions by the courts.

12. Effective Disposal of Records No Longer Needed
    Finding: The privacy and financial security of individuals is 
increasingly at risk due to the widespread collection of personal 
information by both the private and public sectors. Credit transactions 
and applications, magazine subscriptions, telephone numbers, real 
estate records, automobile registrations, consumer surveys, warranty 
registrations, credit reports, employee records, pharmacy records, 
mortgage or banking applications, and Internet sites are all sources of 
personal information and form the source material for identity thieves. 
Consumers must trust that companies are adequately destroying 
information no longer stored. Unfortunately, investigative reporters 
around the country are finding compromising information in dumpsters 
behind buildings on a regular basis.
    Recommendation: Legislation requiring businesses to take all 
reasonable steps to destroy, or arrange for the destruction of a 
customer's or employee's records within its custody or control 
containing personal information which is no longer to be retained by 
the business by shredding, erasing, or otherwise modifying the personal 
information in those records to make it unreadable or undecipherable 
through any means. This should include records on paper and those 
stored electronically.

13. Security Breaches (Workplace Identity Theft)
    Finding: The concealment and notification delay to concerned 
parties of information breaches involving the theft or possible theft 
of identifying information must stop. The incidents at the Stephen P. 
Teale Data Center and the University of Texas/Austin in which the 
personal financial information of hundreds of thousands fall into the 
hands of computer hackers is a dramatic demonstration of an all too 
common event. This bill MUST include both computer breaches and paper 
breaches of information or it will not be complete.
    Recommendation: Legislation needs to be considered that would 
require a timely notification to all parties involved in a breach 
containing their personal identifying information.
    Recommendation: An individual should have the right to verify the 
accuracy of information collected about him or her without charge and 
in a form that is readily intelligible to him or her. They should be 
able to challenge data recorded in error, and if the challenge is 
successful to have the data erased, rectified, completed, or amended.

14. Protecting Information from Mail Theft
    Finding: Mail theft is a major source of information for identity 
thieves. When consumers do not know that an item is being sent to them, 
they are unable to report its loss. We also have to make sure that any 
document being sent via mail does not include a full Social Security 
number or account number.
    Recommendation: Require prior consumer consent via an opt in 
program for preapproved credit card offers and convenience/balance 
forward checks sent through the mail. This program would also require 
that consumers be notified of expected mailings so they can monitor in 
the event it is not received. Another way to tackle this problem is to 
prohibit any changes in the original form sent to the consumer or allow 
any forms that are incomplete (In other words, a thief may not know my 
birth date and leave it blank). In terms of other documents, the Social 
Security number must be eliminated from mailings, including paycheck 
stubs. The employee identity number (other than Social Security number) 
could be used in its place.

15. Consumer Notification of Excessive Applications or Negative 
        Information on Credit Reports
    Finding: Credit granters are aware that there are recognized 
warning signals that indicate possible financial identity theft: 
Multiple applications within a short period of time, multiple 
applications with the same Social Security number but different 
addresses, etc. The problem has been that no one credit issuer sees all 
the applications. The only entities that have access to this 
information are the CRA's.
    Recommendation: Legislation that requires the CRA to notify a 
consumer at all the addresses on record for the past 6 months of a 
possible fraud situation should more than four (4) credit applications 
be submitted within a 30-day period of time.
    Finding: Consumers do not often find out about negative information 
on a credit report until the worst possible time--when applying for 
credit, a job, or tenancy. And this may be due to the consumer's own 
actions, those of an imposter, or clerical errors.
    Recommendation: Legislation that requires the CRA's to notify a 
consumer of any negative information submitted to the CRA at the time 
of submission. This legislation may stipulate that no more than four 
(4) notifications are required in any one calendar year unless a fraud 
or security alert is currently on that credit report.

ITRC's Position About Identity Theft and FCRA Sunsetting
    1. Identity theft crosses State borders and many of the crimes we 
hear about are both cross-geographic and multi-jurisdictional in 
nature. This creates a loophole in which identity thieves thrive. It is 
one that we can, by working as a unit, finally close. National 
standards supported and aided by State involvement is essential.
    2. A cohesive, uniform set of laws that would keep sensitive 
information out of criminal's hands, strengthen credit issuing 
standards and assist victims is badly needed. The question that has not 
yet been answered is whether a single set of Federal laws can do the 
job.
    3. While strong national laws will reduce the need or desire for 
fine-tuning via State laws there may always be a need for the States to 
address individual issues--in response to consumer/business needs of 
that State and to enhance the ability for local law enforcement and 
prosecutors to pursue actions on behalf of those who live in that 
State.
    4. We do not agree with the concerns on businesses and other groups 
that they will need to conform to 50 different standards. That is 
speculative at best and prior to 1996 was not an issue. A dual 
regulatory system has worked well in other areas and can work to the 
betterment of all in regards to FCRA as well if needed.
    5. We are well aware that as a victim resource center that 
interacts with business that to take a diehard approach that would 
drastically impair or negatively impact business ability to function 
will be just as devastating to the victims we assist. We seek a 
cooperative meeting point between the business, consumer, and victims 
so that we can defeat the one true enemy of all of us--the thieves.
    6. To discuss FCRA preemptions is premature until we see the set of 
new, signed laws that are adopted as national laws. As in the last 5 
years, there has been much talk but little action in the last 6 months, 
since the preemption discussion was opened and identity theft was 
thrust into the spotlight. Once those laws are signed, then we can 
discuss preemption. Until that time, this is like filing for retirement 
before you have been offered your first job.

Conclusion
    Crime, like most things in our society grows, evolves, and 
constantly changes. In 1970, the writers of the FCRA could not have 
predicted that credit transactions would be conducted via the Internet. 
All business was conducted in person, in communities where people were 
known and applications could be verified.
    When President Franklin Delano Roosevelt expanded the use of the 
Social Security number as an identifier, he could not have anticipated 
the Pandora's box that he would open. It was impossible to predict the 
impact of the information age and how computer technology would allow a 
crime like identity theft to flourish.
    The FCRA preemption discussion has created more activity and talk 
of action in the last 6 months than in the last 5 years combined. In 
2000, the FTC held a hearing on identity theft in which we 
participated. They have continued to monitor this crime through their 
database and through victim panels. The information has not changed, 
just the number of victims which has increased.
    ITRC's staff members have attended hearings and provided 
information for years now to Federal legislators and governmental 
agencies about changes that need to be made--to no avail. Few, if any, 
bills have been passed. The most recent was passed because of its link 
to Homeland Security (higher penalties--for all those criminals who are 
not caught in the first place).
    While the Federal Government shows an interest in identity theft, 
it has been the States that have led the way in restricting information 
access and victim recovery. These legislative bodies have shown a 
responsiveness that is unmatched to date at the Federal level. (See 
addendum.)
    If you are serious about identity theft and feel you can address it 
sufficiently on a national basis, this is your opportunity to prove it. 
But keep in mind, we (consumers, victims, law enforcement, advocates, 
and the business community who cares about combating this crime) have 
high standards for the laws that you pass. We will not accept weak laws 
that either do little to help the situation or weaken existing laws 
that have a proven history.
    ITRC's sole purpose is to combat this crime and to help victims. 
Our fear is that the public will be promised new laws, strong laws that 
allow for expansion and redirection as this crime grows and evolves but 
will never see them. Our fear is that the promise will be made but once 
groups interested in renewing the FCRA preemptions wins, these news 
laws will cease to be discussed, let alone passed.
    At this time, ITRC wants to see some action. We want to see what 
the new laws say, who they protect, what they address, and how they 
will affect both businesses and consumers, neither of which can be 
disregarded nor harmed. Until those laws are passed and signed by the 
President, discussing preempting States from passing laws is premature.
    Thank you for your time and consideration.

                                *  *  *
                                Addendum

    California vs. Federal laws that have been passed in the last 3 
years in response to consumer/victim/law enforcement feedback.

California State Laws
    Confidentiality of Social Security Numbers--California Civil Code 
Section 1798.85-1798.86 and 1786.6. This law restricts businesses from publicly posting or displaying Social Security numbers. The law takes 
effect gradually from July 1, 2002 through July 1, 2005.
    Consolidation of Identity Theft Cases--Penal Code Section 786. The 
jurisdiction for a criminal action for identity theft offenses may be the county where the theft occurred or the county where the information was 
illegally used. If similar identity theft offenses occur across 
multiple jurisdictions, any one of those jurisdictions is a proper 
jurisdiction for all of the offenses.
    Consumer Credit Reporting Agencies Act Civil Code Section 1785.1-
1785.36. This law, the State counterpart of the Fair Credit Reporting 
Act, regulates consumer credit reporting agencies. It requires them, 
among other things: (1) to provide free copies of credit reports to 
consumers who have been denied credit or who are identity theft 
victims, (2) to block information that appears on a report as the 
result of identity theft, (3) to place security alerts (effective July 
1, 2002) or freezes (effective January 1, 2003) on the files of 
consumers who request them, and (4) to provide, for a reasonable fee, 
credit score information to consumers who request it.
    Credit Card Number Truncation--California Civil Code Section 
1747.9. No more than the last five digits of a credit card number may 
be printed on the electronic receipts. Effective on January 1, 2001 for 
machines put in use on or after that date. Effective on January 1, 2004 
for all machines that electronically print credit card receipts.
    Credit Card ``Skimmers''--Penal Code Section 502.6. The knowing and 
willful possession or use, with the intent to defraud, of a device 
designed to scan or reencode information from or to the magnetic strip 
of a payment card (a ``skimmer'') is punishable as a misdemeanor. The 
devices owned by the defendant and possessed or used in violation may 
be destroyed and various other computer equipment used to store 
illegally obtained data may be seized.
    Destruction of Customer Records--California Civil Code Sections 
1798.80 -1798.84. This requires businesses to shred, erase, or 
otherwise modify the personal information in records under their 
control.
    Employment of Offenders--Penal Code Sections 4017.1 and 5071 and 
Welfare and Institutions Code Section 219.5. Specified prison and 
county jail inmates may not have access to personal information. The 
same prohibitions apply to specific offenders performing community 
service in lieu of a fine or custody.
    Identity Theft: Access to Financial Records on Fraudulent 
Accounts--California Civil Code Section 1748.95, California Financial 
Code Sections 4002 and 22470. Similar to Penal Code Section 530.8, 
these laws require certain types of financial institutions to release 
(to a victim with a police report or to the victim's law enforcement 
representative) information and evidence related to identity theft.
    Identity Theft--California Penal Code Sections 530.5-530.8. These 
code sections define the specific crime of identity theft, require the 
law enforcement agency in the victim's area to take a police report, 
allow a victim to get an expedited judicial ruling of factual 
innocence, require the Department of Justice to establish a database of 
identity theft victims accessible by law enforcement and victims, and 
require the financial institutions to release information and evidence 
related to identity theft to a victim with a police report or to the 
victim's law enforcement representative.
    Identity Theft Conspiracy/DMV--Penal Code Sections 182 and 529.7. 
Courts can impose fines of up to $25,000 on individuals convicted of 
felony conspiracy to commit identity theft. This law also makes it a 
misdemeanor for any unauthorized person to obtain (or assist another 
person in obtaining) a driver's license, identification card, vehicle 
registration certificate, or other official document issued by the 
Department of Motor Vehicles, with the knowledge that the person 
obtaining the document is not entitled to it.
    Identity Theft Victim's Rights Against Claimants--Civil Code 
Section 1798.92-1798.97. This law protects identity theft victims who 
are being pursued for collection of debts which have been created by 
identity thieves. The law gives identity theft victims the right to 
bring an action against a claimant who is seeking payment on a debt NOT 
owed by the identity theft victim. The identity theft victim may seek 
an injunction against the claimant, plus actual damages, costs, a civil 
penalty, and other relief.
    Information Practices Act of 1977--California Civil Code Sections 
1798 and following. This law applies to State government. It expands 
upon the constitutional guarantee of privacy by providing limits on the 
collection, management, and dissemination of personal information by 
State agencies.
    Insurance Information and Privacy Protection Act, Insurance Code 
Section 791 et seq. This law limits most insurance companies from 
disclosing personal information about a consumer that is collected or 
received in connection with an insurance transaction, for example, (1) 
when a consumer provides written authorization for a disclosure, or (2) 
when a disclosure is necessary for conducting business. The law permits 
the disclosure of nonsensitive information for marketing purposes 
unless the consumer opts out.
    Investigative Consumer Reporting Agencies Act, California Civil 
Code Sections 1786 -1786.60. This law regulates the activities of 
agencies that collect information on consumers for employers, insurance 
companies, and landlords.
    Legal and Civil Rights of Persons Involuntarily Detained--Welfare & 
Institutions Code Section 5328. This law provides for the 
confidentiality of the records of people who are voluntarily or who are 
involuntarily detained for psychiatric evaluation or treatment.
    Mandated Blood Testing and Confidentiality to Protect Public 
Health--California Health & Safety Code Sections 120975-121020. This 
law protects the privacy of individuals who are the subject of blood 
testing for antibodies to the probable causative agent of acquired 
immune deficiency syndrome (AIDS).
    Notice of Security Breach--Civil Code Sections 1798.29 and 1798.82. 
This law requires a business or a State agency that maintains 
unencrypted computerized data that includes personal information, as 
defined, to notify any California resident whose unencrypted personal 
information was, or is reasonably believed to have been, acquired by an 
unauthorized person. The type of information that triggers the notice 
requirement is the name plus one or more of the following: Social 
Security number, driver's license, or State identity card number, or 
financial account numbers. The law's intention is to give affected 
individuals the opportunity to take proactive steps to protect 
themselves from identity theft. These provisions take effect July 1, 
2003.
    Office of Privacy Protection--California Business and Professions 
Code Section 350-352. A State law enacted in 2000 created the Office of 
Privacy Protection, with the mission of protecting and promoting the 
privacy rights of California consumers. http://www.leginfo.ca.gov/cgi-
bin/displaycode?section=bpc&group=00001-01000&file=350-352.
    Payment by Check or Credit Card--Civil Code Sections 1725 and 
1747.8. Any person accepting a check in payment for most goods or 
services at retail is prohibited from recording a purchaser's credit 
card number or requiring that a credit card be shown as a condition of 
accepting the check (Section 1725). Any person accepting a credit card 
in payment for most goods or services is prohibited from writing the 
cardholder's personal information on forms associated with the 
transaction (Section 1747.8).
    Patient Access to Medical Records--California Health & Safety Code 
Section 123110 et seq. With minor limitations, this law gives patients 
the right to see and copy information maintained by health care 
providers relating to the patients' health conditions. The law also 
gives patients the right to submit amendments to their records, if the 
patients believe that the records are inaccurate or incomplete.
    Personal Information Collected on Internet--California Government 
Code Section 11015.5. This law applies to State government agencies. 
When collecting personal information electronically, agencies must 
provide certain notices. Before sharing an individual's information 
with third parties, agencies must obtain the individual's written 
consent.
    Public Records Act--California Government Codes Sections 6250-6268. 
This law applies to State and local government. It gives members of the 
public a right to obtain certain described kinds of documents that are 
not protected from disclosure by the Constitution and other laws. It 
also requires that State and local agencies be ``mindful'' of the laws 
that confer privacy rights. This law also provides some specific 
privacy protections.
    Spam Laws--California Business and Professions Code, Section 
17538.4 and 17538.45--Penal Code Section 502. These code Sections 
establish the guidelines relating to unsolicited e-mail and faxes.
    State Agency Privacy Policies, Government Code Section 11019.9. 
This law requires State agencies to enact and to maintain a privacy 
policy and to designate an employee to be responsible for the policy. The policy must describe the agency's practices for handling personal 
information, as further required in the Information Practices Act.
    Substitute Credit Cards--Civil Code Section 1747.05. A credit card 
issuer that issues a substitute credit card must provide an activation 
process where consumers are required to contact the card issuer to 
activate the credit card before it can be used.
    Supermarket Club Card Act--Civil Code Title 1.4B. This law 
prohibits supermarket club card issuers from requesting drivers license 
number or Social Security number and from selling or sharing personal 
customer information; limited exemption for membership card stores.
    Telemarketing: State Do-Not-Call List--Business and Professions 
Code Sections 17590-17595. Effective April 1, 2003, Californians can 
put their residential and cellular telephone numbers on a State do-not-
call list. For program details, visit the Attorney General's website at 
http://caag.state.ca.us/donotcall/index.htm.
    Unsolicited Cell Phone/Pager Text Ads--Business and Professions 
Code Section 17538.41. This law prohibits the sending of unsolicited 
text advertisements to cell phones or pagers.
    Warranty Cards--Civil Code Section 1793.1. Product warranty cards 
must clearly state that the consumer is not required to return the card 
for the warranty to take effect.

Federal Laws
    Children's Online Privacy Protection Act (COPPA)--15 U.S.C. 6501 et 
seq. The Act's goal is to place parents in control over what 
information is collected from their children online. With limited 
exceptions, the related FTC Rule requires operators of commercial 
websites and online services to provide notice and get parent's consent 
before collecting personal information from children under 13.
    Driver's Privacy Protection Act of 1994--18 U.S.C. 2721 et seq. 
This law puts limits on disclosures of personal information in records 
maintained by departments of motor vehicles.
    Fair Credit Reporting Act (FCRA)--15 U.S.C. 1681-1681u. This 
Federal law is designed to promote accuracy, fairness, and privacy of 
information in the files of every ``consumer reporting agency,'' the 
credit bureaus that gather and sell information about consumers to 
creditors, employers, landlords, and other businesses. www.ftc.gov/bcp/
conline/edcams/fcra/index.html.
    Family Educational Rights and Privacy Act of 1974 (FERPA)--20 
U.S.C. 1232g. This law puts limits on disclosure of educational records 
maintained by agencies and institutions that receive Federal funding.
    Federal Identity Theft Assumption and Deterrence Act of 1998--18 
U.S.C. 1028. The Act makes it a Federal crime to use another's identity 
to commit an activity that violates Federal law or that is a felony 
under State or local law. Violations are investigated by Federal 
agencies including the Secret Service, the FBI, and the Postal 
Inspection Service and prosecuted by the U.S. Department of Justice. 
www4.law.cornell.edu/uscode/18/1028.html.
    Federal Privacy Act of 1974 --5 U.S. Code 552a. This law applies to 
the records of Federal Government executive and regulatory agencies. It 
requires such agencies to apply basic fair information practices to 
records containing the personal information of most individuals.
    Financial Services Modernization Act, Gramm-Leach-Bliley (GLB), 
Privacy Rule--15 U.S.C. 6801 -6827. The 1999 Federal law permits the 
consolidation of financial services companies and requires financial 
institutions to issue privacy notices to their customers, giving them 
the opportunity to opt out of some sharing of personally identifiable 
financial information with outside companies. www.ftc.gov/privacy/
glbact/index.html.
    Health Information Portability and Accountability Act of 1996 
(HIPAA), Standards for Privacy of Individually Identifiable Health 
Information, Final Rule --45 CFR Parts 160 and 164. HIPAA includes 
provisions designed to save money for health care businesses by 
encouraging electronic transactions and also regulations to protect the 
security and confidentiality of patient information. The privacy rule 
took effect on April 14, 2001, with most covered entities (health plans, 
health care clearinghouse, and health care providers who conduct 
certain financial and administrative transactions electronically) 
having until April 2003 to comply. http://aspe.hhs.gov/admnsimp/
bannerps.htm#privacy.
    Telephone Consumer Protection Act (TCPA)-- 47 U.S.C. 227. This law 
puts restrictions on telemarketing calls and on the use of autodialers, 
prerecorded messages, and fax machines to send unsolicited 
advertisements.
    Video Privacy Protection Act of 1998--18 U.S.C. 2710. The Act 
strictly limits the conditions under which a video rental or sales 
outlet may reveal information about the outlet's patrons. The Act also 
requires such an outlet to give patrons the opportunity to opt out of 
any sale of mailing lists. The Act allows consumers to sue for money 
damages and attorney fees if they are harmed by a violation of the Act.

                               ----------

                  PREPARED STATEMENT OF WILLIAM HOUGH

       Vice President of Credit Services, The Neiman Marcus Group
              On Behalf of the National Retail Federation
                             June 19, 2003

     Good afternoon. My name is Bill Hough. I am Vice President of 
Credit Services for The Neiman Marcus Group. I am testifying today on 
behalf of the National 
Retail Federation. I would like to thank Chairman Shelby and Ranking 
Member Sarbanes for providing me with the opportunity to testify before 
the Banking Committee about the growing problem of identity theft and 
the steps that Neiman Marcus is taking to curb our losses and protect 
our customers from these crimes.
     By way of background, The Neiman Marcus Group is headquartered in 
Dallas, Texas, and is comprised of two primary operating segments: 
Specialty retail (which includes 35 Neiman Marcus stores nationwide and 
two Bergdorf Goodman stores in New York City) and direct marketing 
(which includes the catalogue and online operations for our Neiman 
Marcus, Horchow, and Chef 's brands). We issue our proprietary credit 
cards under the Neiman Marcus and Bergdorf Goodman names.
     The National Retail Federation (NRF) is the world's largest retail 
trade association with membership that comprises all retail formats and 
channels of distribution including department, specialty, discount, 
catalogue, Internet, and independent stores. NRF members represent an 
industry that encompasses more than 1.4 million U.S. retail 
establishments, employs more than 20 million people--about 1 in 5 
American workers--and registered 2002 sales of $3.6 trillion.
     In fiscal 2001, Neiman Marcus reached a high-water mark for 
identity theft related losses with just over 520 cases representing a 
total expense of $1.3 million. In the past 2 years, we have experienced 
a decline of approximately 70 percent in the number of identity theft 
fraud cases with less than 150 cases projected for the current year. It 
is important to note that cases involving other forms of fraud, such as 
lost or stolen cards have remained constant over the past 2 years.
     Mr. Chairman, instant credit represents about 85 percent of all 
new accounts opened at Neiman Marcus. As you know, this process is most 
likely to take place at the point of sale and relies on a highly 
automated and relatively quick procedure to verify an applicant's 
identity and check that individual's credit report. In order to cut 
down on fraud and identity theft during the instant credit application, 
Neiman Marcus developed a custom fraud detection model that analyzes 
certain specific attributes of every credit application. This system 
isolates certain variables on an application and double-checks them 
against the information found on the applicant's credit report. Where 
discrepancies or inconsistencies occur, the model sends the application 
to our credit department for further review. Clearly, the model we 
developed works well and has reduced our losses significantly over the 
past 2 years. Additionally, another positive byproduct of the model is 
that it has identified and prevented many more identity theft cases 
(about 800 in the past year).
     Occasionally, we are able to definitively detect an attempted 
fraud and arrest the identity thief in our store. This usually occurs 
if our credit office, after being alerted during the application 
process, can quickly get in touch with the victim by calling a phone 
number provided through the credit bureau information. We will then ask 
if they want to pursue an arrest of the person attempting to use their 
personal 
information to open a credit account. If they agree, we will authorize 
a credit card number and allow the clerk to open the account and 
complete the transaction. At that point, Neiman Marcus Loss Prevention 
will detain the suspect and contact the police. We have had 33 such 
arrests this year, and 80 in 2002.
     Another program that Neiman Marcus has used to dramatically cut 
down on fraud is administered through our direct marketing division. 
Currently, Neiman Marcus Direct packs and ships approximately 10,000 
packages per day for our Neiman Marcus, Horchow, and Chef 's brands. We 
also ship about 5,000 packages from our specialty retail stores each 
day. By using customer information-sharing we were able to develop an 
address delivery cross-check within our Delivery Manifest System. Thus, 
each package is passed through this address verification to make sure 
it is not going to a known bad delivery address. Additionally, edits 
are in place to identify unusual buying patterns that may be forwarding 
merchandise to a certain address. These controls stopped over 500 
fraudulent shipments last year.
     Neiman Marcus also does special edits to focus on the hottest 
selling merchandise, knowing that these items often have the highest 
street sale value. In fact, a savvy sales clerk at the Neiman Marcus in 
White Plains, New York, helped to expose one of the largest identity 
theft rings in U.S. history involving a former employee of Teledata and 
over 30,000 stolen credit reports from the three major credit bureaus. 
The incident began when a woman called in an order for $6,000 in trendy 
shoes to the White Plains store and told the sales clerk she did not 
care what size shoes were shipped to her. The sales clerk realized this 
was a suspicious transaction and notified the Loss Prevention 
Department at Neiman Marcus who helped set up a controlled delivery 
with the local law enforcement and the U.S. Postal Service.
     Mr. Chairman, I would like to be able to tell you that Neiman 
Marcus has prevented 100 percent of all fraudulent credit applications this year, but I cannot. Successful identity thieves still slip by our systems at 
a rate of 7 per every 10,000 applications processed--less than one-
tenth of 1 percent. This, in my view, is not the result of a flawed 
system, but the result of determined criminals with sophisticated tools 
like computers and the Internet. You see, the most successful identity 
thieves know how to replicate an individual's verifiable identity 
characteristics, including producing near-perfect identity documents such as State-issued driver's licenses and counterfeit credit cards.
     Thieves are always looking for the weakest link in any system in 
order to perpetrate a crime. Today, identity theft and unauthorized 
access to existing accounts (such as unauthorized account look-up or 
account takeover) seem to be the name of the game. Both of these crimes 
rely on being able to present yourself using someone else's identity 
information. For these types of criminals there is very little else we 
can do to detect and prevent the crime, and retailers, like other 
businesses, are looking to the States and the Federal Government to 
begin producing the 
most secure and fool-proof identity documents possible. Some have 
proposed the use of biometrics or magnetic strip authentication to 
verify an individual's identity. Whatever the mechanism, it behooves 
retailers, banks, and governmental bodies alike to make identity 
security a top priority. In fact, the NRF is in the beginning stages of 
creating a public-private partnership to focus on identity security and 
its implications for both preventing identity theft, as well as helping 
victims put their credit records back together again.
     The need for tougher law enforcement statutes is critical. While 
we will arrest approximately 250 fraud perpetrators this year, many of 
these criminals are out on the street the next day with a slap on the 
wrist. It is almost as though they are being treated as a harmless 
pickpocket versus a serious criminal who has created havoc for an 
innocent victim. These people, especially those that become multiple 
offenders, must face stiffer sentences if we are going to stop this 
type of crime.
     With identity theft representing such a small fraction of total 
credit applications, it is often a case of looking for a needle in a 
haystack. Further, identity thieves thrive on anonymity and rely on the 
assumption that large retailers such as Neiman Marcus cannot put a name 
and face together in order to prevent fraud. This is why it is so 
important for retailers to know their customers, and the only way we 
can do this is through the use of information. Information flows 
between Credit Services and the credit bureaus or between our Retail 
Division and Direct Marketing Division, combined with sophisticated 
technology and scoring models, cuts down on fraud and allows us to 
offer exceptional customer service. These two benefits are not mutually 
exclusive and the type of information we collect from each customer and 
its uses is explained clearly in the Neiman Marcus Security and Privacy 
policy that can be found online at www.NeimanMarcus.com.
     At Neiman Marcus, we also have a Fraud Unit that specializes in 
handling all types of fraud claims. These associates are specially 
trained to assist and guide identity fraud victims through a very 
complicated ordeal. In fact, a call from our Fraud Unit can be the 
first indication that a consumer may have of suspicious activity on 
their account or of a potential identity theft in progress. You can be 
sure that if an identity thief is trying to open accounts in our store, 
they are probably attempting to do the same thing at several other 
locations as well.
     Identity theft is a crime with at least two victims, the 
individual whose identity was stolen and the business from which money 
or merchandise was stolen. Clearly, it is the individual victim that is 
most directly hurt, but, if identity theft crimes continue to rise at 
the rate reported by the FTC, all consumers will ultimately pay as 
business losses are passed back to customers. We, at Neiman Marcus, are 
convinced that our systems are making a difference, but we also do not 
intend to sit on our hands waiting for criminals to find the next 
weakest link. Mr. Chairman, I ask that Congress think carefully before 
blocking information flows or constraining businesses to specific 
prevention techniques or responses. We, in business, must continue to 
have the leeway to innovate to respond to constantly changing 
variables. Criminals always find a way and we need to maintain the 
ability to find a response.
     In closing, I would like to emphasize the retail industry's strong 
support for the permanent reauthorization of the seven areas of 
preemption contained in Section 624 of the Fair Credit Reporting Act. 
The current uniform national standards allow retailers and lending 
institutions to get a complete and accurate picture of a person's 
credit history, as well as prevent fraud and identity theft. Consumers 
have come to expect efficient and secure access to credit when 
purchasing everything from an automobile to consumer goods such as 
furniture, appliances, and apparel. In the final analysis, we in the 
retail industry have a real concern that a more fragmented approval 
processes for credit would negatively impact consumers in many 
different levels and, as a consequence, retail sales, ultimately 
costing jobs and hurting the economy as a whole.
     I appreciate the opportunity to testify here today. I look forward 
to answering your questions, as well as those of the Committee. Thank 
you.

                               ----------

                PREPARED STATEMENT OF MICHAEL W. NAYLOR
                       Director of Advocacy, AARP
                             June 19, 2003

    Good morning, Chairman Shelby, Ranking Member Sarbanes, and other 
distinguished Members of the Senate Banking, Housing, and Urban Affairs 
Committee. My name is Michael Naylor. I am the new Director of Advocacy 
at AARP.
    I want to take advantage of my first appearance before the 
Committee to introduce myself to you in my new role at AARP. I also 
want to take a moment to stress my strong desire to work closely with 
you on the full range of issues that come before this Committee which 
are of interest to our Members--and to midlife and older Americans 
generally.
    Let me begin by offering our views regarding the important subject 
of this hearing: ``The growing problem of identity theft and its 
relationship to the Fair Credit Reporting Act.'' I will summarize some 
important research that we have conducted which has guided AARP's 
thinking about these important issues. I have attached as appendices to 
my written remarks the results of two key studies that underpin today's 
testimony.\1\
---------------------------------------------------------------------------
    \1\ See attached: ``Identity Theft: Experience of Older 
Complainants,'' and ``The Fair Credit Reporting Act: Issues and Policy 
Options.''
---------------------------------------------------------------------------
    Identity theft is the co-opting of names, Social Security numbers, 
credit card numbers, or other pieces of personal information for 
fraudulent purposes. The fraud most often perpetrated takes the form of 
using someone else's account identity for purposes of financial theft. 
It can also take the form of an impostor--that is, someone assuming 
another person's identity in order to seek payment under false 
pretenses for provision of professional or other services--and to avoid 
accurate identification or detection.
    Identity theft occurs when an individual's personal identifying 
information (for example, name, Social Security number, date of birth, 
or mother's maiden name) is stolen by another person and used to commit 
fraud or engage in other unlawful 
activities. Often this stolen information is used to establish credit, 
run up debt, or take over existing financial accounts. Typically, 
identity theft damages the victim's credit, making it difficult for the 
victim to buy a home or car, rent an apartment, obtain employment, or 
purchase insurance.
    Victims can often spend substantial amounts of time and money 
resolving problems created by identity theft. Common problems include 
the victim's having to contact credit bureaus repeatedly in an attempt 
to clear his or her credit reports of fraudulent accounts, being turned 
down for credit based on the incorrect information contained in the 
victim's credit report, and receiving calls from creditors seeking to 
collect on the fraudulent accounts.
    I mentioned two studies. The first study confirms the seriousness 
of the identity theft problem for older persons. With a membership of 
over 35 million persons, AARP views, with alarm, the risk that identity 
theft poses to the personal security of all Americans, young and old, 
well-educated or not. However, our research does indicate a greater 
vulnerability of older Americans, based on the higher proportion of 
those age 50 years and older who report being victimized by identity 
theft, compared to the proportion of all age groups making such 
reports. The second study represents an extensive review of the 
research literature on the Fair Credit Reporting Act. This AARP report 
describes the range of risks faced by consumers that result from 
erroneous information (elements)--some resulting from identity theft. A 
variety of policy options for reform of FCRA emerged from this 
examination.
    We should recognize that all Americans are vulnerable to the 
fraudulent use of their--or someone else's--personal information. After 
all, we are known as the information society. But mid-life and older 
Americans are particularly vulnerable targets for this type of criminal 
activity because they control a proportionately larger share of the 
Nation's financial assets, and because there are likely to be more 
access points to a longer personal history that can be tapped into and 
exploited. For those near or in retirement, the costs of identity theft 
under any guise are particularly high, bringing a sense of violation 
and a loss of individual security that cannot easily be recovered.
    The magnitude of the Nation's problem with identity theft is just 
now coming to light. Identity theft has been listed by the U.S. Federal 
Trade Commission (FTC) as the fastest growing form of crime in the 
Nation. Depending on the reporting source and the manner in which the 
information was collected, the estimates range from 500,000 to 1.1 
million victims for the year 2001 alone. Even the lower estimate seems 
staggering.
    Estimates also vary as to the financial losses incurred, and the 
time and effort it takes to reestablish a victim's proper credit and 
community standing. For example, according to studies done by the FTC 
and by the Privacy Rights Clearinghouse, the average victim spends 
about 175 hours and $1,100 in out-of-pocket expenses. Once victimized, 
an individual may never completely recover his or her ``good name.'' 
The risk of being victimized has been amplified through the 
availability and use of today's high-tech information resources and 
tools.
    The Identity Theft and Assumption Deterrence Act of 1998--known by 
short-hand as the Identity Theft Act--made it a Federal crime to 
knowingly transfer or use a means of identification of another person 
with the intent to commit, aid or abet any unlawful activity under 
Federal law, or any activity that represents a felony under State or 
local law. Most States have passed similar laws related to identity 
theft--that is, most State laws make identity theft a criminal offense.
    Thousands of impostors have been caught and prosecuted, most often 
by the U.S. Postal Service Inspection Service (which investigates mail 
fraud) and the U.S. Secret Service's Financial Crime Division. Also 
important are the efforts of State and local law enforcement agencies--
although all law enforcement resources are being heavily taxed by 
homeland security and antiterrorism responsibilities. Notwithstanding 
these efforts, it appears that identity theft remains a high-profit, 
low-risk, and--until recently at least--a low-penalty crime.

Identity Theft: The Experience of Older Complainants
    The Identity Theft and Assumption Deterrence Act of 1998 made the 
actual theft of an individual's identifying information a specific 
Federal crime, and authorized the creation of the FTC's Identity Theft 
Data Clearinghouse and database--which has been in existence since 
1999.
    The complaint data are based on self-reporting by the complainant 
either to the FTC or to another agency that subsequently forwarded the 
complaint to the FTC.\2\ Since inception of the database, the FTC has 
reported major increases in the number of telephone calls from 
consumers to its Clearinghouse hotline. Calls from 
consumers increased from an average of 445 calls per week in the first 
month the hotline was in operation (November 1999), to an average of 
3,000 calls per week in December 2001. In addition to the toll-free 
hotline, consumers can file a complaint online or by mail.
---------------------------------------------------------------------------
    \2\ The question may arise regarding how to appropriately interpret 
consumer complaints data. We take the perspective that consumer 
complaints can serve as an early-warning function leading to increased 
accountability and safer, more effective, high-quality processes, 
products, and services.
---------------------------------------------------------------------------
    In order to get a sense of the vulnerability among those 50 and 
older to identity theft, AARP requested that the FTC prepare two sets 
of tabulations based on complaint data gathered through the Identity 
Theft Data Clearinghouse for the year 2001. The 2001 data report on 
86,168 identity theft complainants, with 72 percent of these (61,956 
complainants) reporting age information.
    For the year 2001, more than three-quarters (78 percent) of 
complainants who 
reported their age (n=61,956) were under 50 years old, while 22 percent 
of complainants were 50 years of age or older. We then asked the FTC to 
group its data for complainants on identity theft crimes, for those 
that provided their ages, into their classification system for 
different types of fraud.

Key Results
Credit Card Fraud
    Among the general types of fraud identified by the FTC, 42 percent 
of all complainants reported having their stolen information used in an 
effort to commit credit card fraud. Of complainants reporting this type 
of fraud, 62 percent reported that their information was used in an 
attempt to establish new credit, while 24 percent reported their 
information was used in an effort to access existing credit accounts. 
Half (51 percent) of complainants age 50 and older reported having 
their stolen information used in an attempt to commit credit card 
fraud. Of complainants reporting attempts at this type of fraud, two-
thirds (66 percent) reported their information had been used in an 
effort to establish new credit, while one-third (33 percent) reported 
their information was used in an attempt to access existing credit 
accounts.

Telephone or Utilities Fraud
    Twenty percent of all complainants reported having their stolen 
information used in an effort to commit telephone and utilities fraud. 
Nearly half (48 percent) of complainants experiencing this type attempt 
at fraud reported their information had been used in an effort to 
establish new wireless telephone service. Seventeen percent of 
complainants age 50 and older reported having their stolen information 
used in an effort to commit telephone and utilities fraud. Almost two-
thirds (64 percent) of complainants in this age group experiencing this 
type of attempt at fraud reported their information had been used in an 
effort to establish new wireless telephone service.

Bank Fraud
    Thirteen percent of all complainants reported having their stolen 
information used in an effort to commit bank fraud. Nearly half (47 
percent) of complainants experiencing this type of attempted fraud 
reported their information had been used in an effort to commit check 
fraud. Eleven percent of complainants age 50 and older reported having 
their stolen information used in an effort to commit bank fraud. Sixty-
three percent of older complainants experiencing this type of attempt 
at fraud reported their information had been used in an effort to 
commit check fraud.

Loan Fraud
    Six percent of all complainants reported having their stolen 
information used in an effort to commit loan fraud. Half (53 percent) 
of complainants experiencing this type of attempted fraud reported 
their information had been used in an effort to secure a personal or 
business loan. Seven percent of complainants age 50 and older reported 
having their stolen information used in an effort to commit loan fraud. 
Of complainants experiencing this type of attempt at loan fraud, 56 
percent reported their information had been used in an effort to secure 
a personal or business loan.
    Overall, 10 percent of all complainants that reported their 
personal information had been stolen indicated that it was used in an 
attempt to commit some type of fraud. However, nearly double that 
proportion, 18 percent of complainants age 50 and older, reported 
attempted identity theft fraud. We believe further collection and 
analysis of complaint data are necessary to better understand the 
nature of identity theft crimes and to devise more effective prevention 
and enforcement policies.

Implications for the Fair Credit Reporting Act
    The Fair Credit Reporting Act (FCRA), enacted in 1970, is the 
foundation of our national credit system. consumer reporting agencies 
(CRA's) collect and compile information on consumers' creditworthiness 
from financial institutions, public records, and other sources. FCRA 
applies to the personal credit records maintained by CRA's. The FCRA 
also outlines a consumer's rights in relation to his or her credit 
report, as well as permissible uses for credit reports and disclosure 
requirements. In 1996, the FCRA was amended and now contains seven 
specific Federal preemptions (due to sunset on January 1, 2004, unless 
Congress extends them) that prevent States from overriding or changing:

 The responsibilities of organizations and businesses that 
    furnish information to reporting agencies.
 The duties of organizations and businesses to notify consumers 
    when they have been denied credit or employment based on 
    information in their credit reports.
 Procedures that a consumer reporting agency must use if a 
    consumer disputes the accuracy of information.
 The information that may be included in consumer reports, 
    including the time during which consumer reporting agencies are 
    permitted to report adverse data.
 The form or content of the summary of rights that a consumer 
    reporting agency is required to provide to a consumer along with 
    information in the consumer's file.
 The exchange of information among affiliated institutions.
 Prescreening procedures that provide consumers with credit or 
    other financial services or product lines.

    The consumer credit reporting industry is a $6 billion industry 
that provides information about consumers to a wide variety of businesses. 
Information on consumers is purchased by lenders, credit sellers, 
insurance companies, and landlords, and by employers seeking 
information on prospective or current employees. The largest sources of 
credit reports are the three national consumer reporting agencies 
(CRA's) that collectively maintain an estimated 570 million files on 
U.S. consumers. Each CRA collects its own data on an individual 
consumer and maintains its own file on that consumer. It should come as 
no surprise that the credit reporting industry is the most extensive 
user of consumer data in the private sector.
    In addition to selling credit reports, CRA's sell prescreened lists 
of consumers to providers of credit and insurance products. 
Prescreening involves CRA's creating a list of consumers who meet 
criteria specified by purchasers of the list. For example, credit card 
companies use prescreened lists to identify and solicit consumers who 
qualify for ``preapproved'' offers of their credit card product.
    As a result of the large amounts of data involved, the credit 
reporting industry relies heavily on computer automation, and 
information is transferred, sorted, stored, and retrieved 
electronically. To facilitate this automation, many creditors and other 
furnishers of information to CRA's use a standardized computer program 
to report data to CRA's. Information provided to CRA's is usually 
received monthly and downloaded into their databases.
    The widespread use of credit reports for an increasing variety of 
purposes, and the large amount of information processed by CRA's, raise 
a number of issues regarding the FCRA's uses and effects. One of the 
major goals of the FCRA is to promote accuracy in credit reporting by 
requiring CRA's to use reasonable procedures. Despite FCRA protections, 
available data suggest that assuring the accuracy of the information in 
credit reports continues to be a concern. Incorrect information has too 
often been included in consumer credit reports.\3\
---------------------------------------------------------------------------
    \3\ A 2000 study examining consumer credit reports found that over 
half of the credit reports examined contained errors. A 1998 study 
found that 70 percent of credit reports investigated contained 
incorrect information. Of these reports, 29 percent contained errors 
significant enough to have serious adverse consequences for the 
consumer's credit, and 41 percent contained personal identifying 
information that was either incorrect or obsolete. See Appendix 2.
---------------------------------------------------------------------------
    Another accuracy issue is that information creditors provide to 
CRA's may be incomplete and positive information may be missing. The 
FCRA does not require creditors to report account payment information 
to any CRA. Rather, creditors are free to report to none, one, two, or 
all three of the national CRA's.
    Additionally, some companies apparently intentionally withhold 
positive credit information to prevent the loss of customers to 
competitors. As a result, the credit reports of these consumers will 
not reflect positive payment history, and the consumer will be unable 
to access less costly products and services.
    Inaccuracies can also occur when a creditor sells a delinquent 
account to a debt collector. Once the original creditor sells the 
account to a debt collector, the debt collector becomes the furnisher 
of information on this account to the CRA's. The main source of 
inaccuracy in this case results from incorrect reporting of the date of 
initial delinquency on the account.\4\
---------------------------------------------------------------------------
    \4\ One concern is that debt collectors may report the date they 
purchased or received the 
account as the date of initial delinquency, even though the actual date 
of initial delinquency was likely much earlier. Because the FCRA 
stipulates that most negative information remains on a consumer credit 
report for 7 years from the date of initial delinquency, establishing 
this date is important to consumers attempting to restore their credit.
---------------------------------------------------------------------------
    A further source of inaccurate information is error in the 
electronic merging of files that occurs when one consumer's credit 
information is mixed with another consumer's file. This typically 
occurs with consumers who have similar identifying 
information such as a similar name or Social Security number.
    Yet another source of inaccuracy occurs when CRA subscribers 
request information on one consumer from a CRA database, and obtain 
data on another consumer instead. This problem occurs because the 
accuracy of the information received from a CRA is inversely related to 
the specificity of the identifying data elements that are used to 
search the database. That is, subscribers who use fewer identifying 
elements are more likely to receive credit information unrelated to the 
consumer about whom they are seeking credit information. For example, a 
subscriber who uses only name and address information will likely 
receive more matches (and consequently less accurate information) than 
a subscriber who uses additional identifiers (such as Social Security 
number and date of birth).
    Consumers are typically required to pay a fee when obtaining a copy 
of their credit report. The FCRA allows CRA's to charge consumers a fee of up to $9 (plus applicable State tax) for a copy of their credit report. Six 
States entitle consumers to one free credit report from each CRA 
annually, while other States cap the cost of credit reports below the 
Federally mandated level.
    Because most consumers have separate files at all three national 
CRA's, consumers are well-advised to purchase their credit report from 
all of them to ensure that each of their credit reports are accurate. 
They are used by potential lenders to provide an instant summary of 
information contained in the consumer's credit 
report and may be used to rank consumers to determine whether they 
qualify for a loan, how much they should be lent, and at what rate.
    Then there is the problem of identity theft that I raised earlier. 
At issue here is the role of the FCRA in preventing identity theft and 
assisting victims of this crime. Previously, I noted that older persons 
can be an appealing target for such theft 
because they typically have significant available credit to draw on. 
They can also be victimized by family members or caregivers who have 
access to their personal information. It appears that all too often, 
the identity thief takes the individual's personal information and uses 
it to open fraudulent accounts based on the unknowing victim's credit 
report information.
    FTC complaint data show that consumers often experience substantial 
difficulty in correcting information they dispute. One concern is that 
reinvestigation procedures used by CRA's are inadequate. Another 
problem is the reappearance of incorrect information previously deleted 
from a consumer's credit report. In addition, 
victims of identity theft have reported difficulty in removing 
fraudulent items from their credit reports even after the identity 
theft has been discovered.
    Another FCRA issue involves the preemption of some aspects of 
existing State credit reporting laws. Most States have laws relating to 
credit reporting, and generally the FCRA does not preempt State laws 
that provide greater consumer protections. Should the State preemptions 
expire on January 1, 2004, as required under the FCRA, States would be 
allowed to enact legislation governing the sharing of such information.
    Our survey of issues concludes with the 2-year statute of 
limitations provided by the FCRA. This issue is the result of a 2001 
Supreme Court decision involving an identity theft victim's suit 
against a CRA for failing to take reasonable steps to ensure the CRA 
was issuing a credit report for the right person. The Court's ruling is 
a major concern for identity theft victims and their counsels because 
it takes an average of 14 months for victims to learn of the theft and 
subsequent damage to their credit reports. As a result, consumers who 
do not learn of problems in their credit reports quickly enough may 
have no legal recourse.

Some Recommendations
    To address these concerns, we recommend that Congress and the 
Administration:

 Provide stronger enforcement of rules requiring the date of 
    initial delinquency to be reported correctly by debt collectors. 
    The FCRA requires furnishers of such information to verify the 
    accuracy of the data reported when challenged by a consumer. This 
    proposal is intended to prevent the reporting of negative 
    information beyond the time limits provided by the FCRA.
 Require subscribers who purchase credit reports from CRA's to 
    provide the same standard of identification to retrieve a 
    consumer's credit report as is required of consumers seeking their 
    own credit report. Because CRA's have procedures in place for 
    consumer access, these same procedures can be applied to 
    subscribers requesting credit reports.
 Require CRA's to provide consumers with at least one annual 
    free credit report a year to make it easier and less expensive for 
    consumers to monitor their credit reports. Prohibitions need to be 
    enacted that protect consumers from fraudulent ``credit-repair'' 
    practitioners.
 Allow consumers to place a security freeze on their credit 
    report, and issue to consumers a password to prevent their credit 
    report from being accessed without their express authorization. 
    California recently enacted such a provision. This procedure slows 
    down the process for retrieving a consumer's credit report because 
    the consumer must first contact the CRA's and give permission for 
    the release of his or her credit report to the specified individual 
    or business, thereby providing an extra check to prevent fraud.
 Require CRA's to permanently block fraudulent accounts on the 
    credit reports of identity theft victims. Such blocking is required 
    under California law and has been proposed under Federal 
    legislation. This requires CRA's to correctly identify that the 
    account is fraudulent despite the fact that the account may have 
    been sold to a debt collector and been reported as a separate 
    account.
 Require the FTC to monitor how effectively consumer disputes 
    with CRA's are 
    resolved.
 Allow the Federal preemptions to expire as originally intended 
    under the FCRA unless Federal legislation providing greater 
    consumer protections can be enacted.
 Change the statute of limitations to allow consumers more time 
    to discover potential problems in their credit reports. Federal 
    legislation has been proposed to extend the statute of limitations. 
    Changing it to 2 years from the time the violation is discovered, 
    or should have been discovered by the exercise of due diligence by 
    the consumer, would give consumers a longer time frame in which to 
    act.

Conclusion
    AARP supports strengthened Federal, State, and local efforts to 
hold the perpetrators of identity theft and fraud accountable. We are 
prepared to work with you, Chairman Shelby, Senator Sarbanes, and with 
the other Members of this Committee in this regard. However, we also 
believe that efforts to improve accountability should be complemented 
with effective measures to provide victim assistance.
    And we believe that the practices of credit reporting agencies 
should be reformed to protect consumers and businesses against 
erroneous information, provide greater consumer access to credit files, 
enable consumers to correct erroneous information more easily, require 
that credit reports be more user-friendly, and require the purging of 
files after a reasonable time. We would be very happy to work with the 
Committee in updating and upgrading the FCRA.
    I would be pleased to answer any questions that you may have.

    
    
          REPONSE TO WRITTEN QUESTION OF SENATOR DOLE 
                   FROM J. HOWARD BEALES, III

Q.1. Mr. Beales, while there is always room for improvement, do 
you believe that the credit reporting agencies are doing enough 
to combat identity theft?

A.1. I am gratified by the credit reporting agencies' adoption 
of several new programs to assist victims of identity theft. 
The police 
report blocking initiative, the joint fraud alert, and their 
endorsement of our uniform identity theft affidavit all 
demonstrate a willingness on the part of the agencies to work 
with the Federal Trade Commission in finding ways to relieve 
the burden on victims of identity theft. As discussed in the 
Commission's July 10, 2003 testimony, the Commission supports 
legislative codification of these practices.
    As further outlined in the Commission's testimony, we 
believe that there are areas where the consumer reporting 
agencies can do more to help in the area of identity theft. 
Providing consumers with access to free credit reports may 
alert them to possible identity theft. In addition, free 
reports will enable consumers to keep a closer watch on their 
credit history.

        RESPONSE TO WRITTEN QUESTION OF SENATOR MILLER 
                   FROM J. HOWARD BEALES, III

Q.1. What legislative remedies would you recommend that the 
Senate Banking Committee include in a FCRA bill?

A.1. The Commission's July 10 testimony set forth specific 
legislative recommendations to the Committee.

        RESPONSE TO WRITTEN QUESTION OF SENATOR MILLER 
                     FROM TIMOTHY CADDIGAN

Q.1. In Mr. Harrison's testimony he discusses the fact that 
Army officials at Ft. Bragg, North Carolina, issued his 
identity theft perpetrator an active duty military identity 
card in his name and Social Security number and that he has had 
trouble clearing up his identity issues. Is the Secret Service 
also working with the military to combat identity theft? If so, 
to what degree?

A.1. The Secret Service works with many different State and 
local law enforcement agencies, as well as military law 
enforcement units, through our local field offices across the 
country. In cases involving military personnel as either 
victims or perpetrators, the 
individual military units (Army CID, Navy CIS, or Air Force 
OIG) and our local field offices collaborate on the 
investigation.
    On a national level, the new Identity Crime Video/CD-ROM 
the Secret Service has produced in partnership with the 
International Association of Chiefs of Police and others is 
being distributed to every local and State law enforcement 
agency in the country, including each military law enforcement 
office on every military base in the United States. In 
addition, the Secret Service provides resources on counterfeit 
checks, counterfeit documents, credit cards, and fictitious 
instruments to military investigators, all of which can be 
highly useful to an identity crime investigation.

         RESPONSE TO WRITTEN QUESTIONS OF SENATOR DOLE 
                   FROM MICHAEL D. CUNNINGHAM

Q.1. Mr. Cunningham, how does affiliate sharing assist in your 
business' efforts to combat identity theft?

A.1. From a fraud perspective, affiliate sharing allows us to 
prevent our customers from becoming identity theft victims 
through address verification and fraud files. For example, a 
mortgage can be used to verify the address on a credit card 
application. Imagine having a mortgage with a company that 
contacts you because they need to verify your address on a 
credit card application. Affiliate sharing also allows us to 
expedite processing and avoid the inconvenience customers may 
experience if we required them to submit documentation. 
Furthermore, if a customer becomes a victim of identity theft, 
through affiliate sharing we can prevent additional account 
compromises and facilitate a quicker recovery of funds and the 
victim's identity. Affiliate sharing also provides us with 
enhanced servicing opportunities by offering targeted products 
to our customers.

Q.2. After our last hearing on the Fair Credit Reporting Act 
Authorization my friend, Senator Dodd, was good enough to send 
me a copy of a series of articles written by the 
HartfordCurrent recently which detailed some very distressing 
charges of errors the paper says have been built into the 
credit reporting system. One such charge was that credit 
reporting agencies have the incentive to put false information 
in a credit report because a potential creditor is more likely 
to buy a report with more information in it because they assume 
that it must be more accurate. I find that hard to believe. Mr. 
Cunningham, since you represent a bank which purchases credit 
reports, would you comment on that charge?

A.2. We value the data integrity, not the quantity of data, 
when contracting with the credit bureaus.

        RESPONSE TO WRITTEN QUESTION OF SENATOR MILLER 
                   FROM MICHAEL D. CUNNINGHAM

Q.1. Do you think that the credit bureaus are doing enough to 
help victims of identity theft clear and correct their 
information?

A.1. I believe the credit bureaus are focused on assisting 
victims in recovering their identity and preventing additional 
occurrences.
    Please feel free to contact me if I can be of any 
additional assistance to the Committee on this very important 
issue.

         RESPONSE TO WRITTEN QUESTION OF SENATOR DOLE 
                     FROM JOHN M. HARRISON

Q.1. Mr. Harrison, your testimony was excellent and I believe 
it gave us a new appreciation for the ordeal victims of 
identity theft go through. I would like to clarify a few of 
your points for the record. In your written testimony you 
state, ``My conclusion is, there is no system in place to 
assist an identity theft victim when banking accounts are 
opened in your name and Social Security number, but are 
completely removed and unrelated to your own banking accounts. 
This industry is well behind the progress that has been made in 
the credit industry.'' You appear to be holding up the credit 
bureaus, even though they admittedly have problems, as an 
example for banks. Is that accurate?

A.1. Thank you for allowing me the opportunity to clarify part 
of my testimony for you. Your question is in regards to my 
comment about fraudulent banking accounts, the system 
surrounding those accounts and whether I am holding up the 
credit bureaus as an example for banks.
    In fact, it is not the credit bureaus I am holding up as an 
example, it is the system surrounding the credit industry as a 
whole that I am comparing to the banking industry's system. In 
my own situation, I have dealt with both types of fraud and I 
am in a good position to make the comparison. The problems that 
do exist within the credit system are a result of the 
participants not meeting their responsibilities; not the system 
itself.
    Creditors have a choice between three credit reporting 
agencies for account authorization and also to report both 
positive and negative information on consumers. Even after my 
identity was stolen and the many fraudulent accounts were 
opened, it could have been a manageable situation for me had 
the repositories, creditors, and debt collectors simply 
followed the rules within the system. That happens less than 
most people would think and the consequences they face for 
repeatedly making the same mistakes are minimal. Still . . . 
within that system a victim can maintain their hope. The 
fraudulent information is contained within those three 
repositories. Through persistence, through repetitiveness, a 
victim can order the reports, dispute the fraudulent accounts 
and continue to do that until one day, the updated reports have 
no more erroneous information on them.
    It did not take me long to learn that this same process 
cannot be used when dealing with savings and checking accounts 
fraudulently opened in my name. That system, or lack thereof, 
is far more complex, less cooperative, and not consumer-
friendly. Banking accounts and bad checks get reported in many 
more databases than credit accounts. The majority of companies 
that maintain these databases do not consider themselves 
reporting agencies and therefore do not adhere to the FCRA. 
These companies feel no responsibility to assist victims or 
send them consumer reports. This creates a problem getting 
information and also makes it difficult for a victim to verify 
the negative information has actually been removed from the 
database.
    An identity theft victim dealing with bank fraud must 
communicate with banks, merchant's that accept checks, the 
merchant's check service company, and national databases to 
resolve their situation. Literally, there are hundreds of 
companies storing information on consumers and all that 
information is shared between those companies. Additionally, 
not all the information that is stored in those databases is 
listed under the victim's Social Security number. Companies 
that maintain databases of bad check writers store that 
information under driver's license numbers and routing/account 
numbers for each check. The average consumer would not have an 
understanding of how information is stored in these databases 
or how they relate to one another. Without that understanding, 
a victim of check fraud cannot get to the information contained 
in these databases to dispute it.
    The second great difficulty that I discovered is when a 
fraudulent credit account is opened in your name and you are 
successful in 
resolving the account with the creditor and the credit bureau 
reporting it, all transactions associated with that account are 
also resolved. This is not the case with checking accounts. 
Even if you are successful in removing the fraudulent 
information from the reporting agency, even if you successfully 
dispute the account directly with the bank that opened it; each 
check written on that account has already become its own 
individual debt. There is still a merchant, his/ her debt 
collector, or the merchant's check management company 
attempting to collect on the bad check.
    Still another difference between credit fraud and checking 
fraud: When a creditor suspects fraud and closes the account, 
the credit account is no longer useable by the imposter. When a 
bank closes an account for cause, the imposter can still 
continue using those checks for weeks or even months.
    My belief is the hundreds or even thousands of these check 
management companies are credit reporting agencies. They 
maintain information files on consumers. That information is 
sold to their customers and used in the legitimate business 
transaction of whether a check is accepted or declined by the 
merchant. Further, they share consumer information with their 
affiliates and some of their websites indicate they also sell 
consumer information to third parties. A great deal of 
attention has been paid to the three major repositories and the 
credit industry themselves has at least acknowledge the problem 
of identity theft and are addressing it. The banking/checking 
industries are virtually silent on the issue of identity theft 
and have not even begun to put procedures in place to assist 
victims of identity theft.
    I hope this sufficiently clarifies my comment and again I 
appreciate this opportunity to further address the issue of 
banking/checking fraud. Through default, I have a great deal 
of' knowledge and experience with the systems victims encounter 
in attempting to restore their names and reputations. Please 
feel free to call upon me at any time to answer questions or 
inquiries about the reality of those systems.

        RESPONSE TO WRITTEN QUESTION OF SENATOR MILLER 
                     FROM JOHN M. HARRISON

Q.1. Mr. Harrison, I am sorry to hear about your personal 
situation regarding your identity theft. It does sound like it 
has been a challenge. Let me ask you, in your statement you 
say, ``Equifax has failed to meet nearly all the provisions of 
the FCRA.'' Could you tell me what you mean by that statement 
so I can understand your point of view better?

A.1. Thank you for allowing me the opportunity to clarify part 
of my testimony for you. You have asked me to provide 
additional understanding of the statement in my written 
testimony, ``Equifax has failed to meet nearly all the 
provisions of the FCRA.''
    I can begin by giving you a snapshot of what appears on my 
repository reports 21 months after learning I was an identity 
theft victim. There are no fraudulent accounts appearing on 
either my TransUnion or Experian reports presently. At times, 
new debts related to my identity theft appear on my Experian 
report, but the situation is manageable and I can generally 
have those accounts removed with an online dispute to Experian. 
TransUnion allowed me to take advantage of a new California law 
to freeze my credit report. They offered this to me free of 
charge and since my report was frozen, I have had no accounts 
related to my identity theft appear on my TransUnion report.
    In contrast, there are still 30 fraudulent accounts being 
reported by Equifax presently. Those 30 accounts are being 
reported on 2 separate reports that Equifax has in their system 
in my name and Social Security number. Equifax consistently 
sends one of those reports to my creditors and it contains 18 
fraudulent accounts. Many of those accounts were disputed and 
thought resolved in November and December 2001. There are also 
110 inquiries on that report from companies that requested my 
file. The second report, which Equifax sends to me when I 
request my consumer file, only contains 12 fraudulent accounts. 
There are 26 inquiries from companies on this file.
    While both TransUnion and Experian responded to each of my 
dispute letters, it took 11 months and three dispute letters to 
get my report from Equifax. When I finally received that report 
and the results of my reinvestigation, Equifax had failed to 
delete the accounts which they said would be deleted as a 
result of that investigation and those accounts still remain on 
my report. Equifax still has my current address, current 
employer, and phone number wrong in their system despite my 
efforts to correct them. They also refused to investigate any 
of the inquiries they were generated as a result of fraudulent 
accounts claiming they are a factual repre-
sentation of my consumer file.
    For certain I have had some difficulties with the other two 
repositories and they have made mistakes that are clear 
violations of the FCRA. However, I have always felt they were 
at least making an effort to comply with FCRA and those 
mistakes were easy for me to overlook. Equifax in my opinion 
has made no effort on my behalf. I do not believe they have 
taken the time to read any of my dispute letters or review the 
18 pages of supporting documentation I included with those 
letters. If someone at Equifax had set out to deliberately make 
a mess of my credit file; I do not believe they could have done 
a better job of it than exists right now.
    I hope this sufficiently clarifies my statement about 
Equifax and again I appreciate this opportunity to be a part of 
the process. Through default, I have a great deal of knowledge 
and experience with the systems victims encounter in attempting 
to restore their names and reputations. Please feel free to 
call upon me at any time to answer questions or inquiries about 
the reality of those systems.

        RESPONSE TO WRITTEN QUESTION OF SENATOR MILLER 
                        FROM LINDA FOLEY

Q.1. Do you think the credit bureaus are doing enough to help 
victims of identity fraud clear and correct their information? 
If not, what should they do?

A.1. ITRC does not think that the CRA's are doing enough. While 
we recognize that the CRA's are just data collectors, they have 
also accepted the role of helping in dispute and information 
management and that is where they tend to fall down.

    1. Failure to follow established dispute process--ITRC has 
heard from victims that use the designated CRA dispute process 
(fill out the dispute form, attach police report and evidence). 
Only it appears that the evidence or items submitted with the 
dispute form is not forwarded to the credit issuer or 
collection agency. This results in the dispute being denied and 
forcing the victim to try to contact the issuer directly, 
creating more delays and time consumed by the victim in 
resolving issues. Due to this problem, ITRC is now advising 
victims to deal directly with the issuers rather than the CRA's 
to avoid these delays. The only exception is in California 
where the CRA is required to block the item. In this State, the 
ITRC recommends that the consumer contact both the CRA's and 
the issuers which results in additional costs and time for the 
consumer.
    2. Blocked line items--When the CRA blocks a line item, it 
needs to be blocked from everyone. ITRC has heard from too many 
consumers that an entity requesting a report sees items that 
were blocked or suppressed. In other words, the report the 
consumer receives shows that the item has been removed /blocked 
but the item is still shown on the report sent to the 
commercial requester.
    3. Misinformation and half matches--The CRA's appear to 
include information either in a report or on a ``suppressed'' 
file that was from an application that partially matches the 
consumer. For example, the name is the same but spelled 
differently (Swanson v. Swansson) and the Social Security 
number matches 7 of the 9 numbers. That application is included 
in the consumer's file even though it is only a partial match. 
This results in misinformation affecting credit decisions. This 
misinformation may be the result of an identity theft attempt--
shoulder surfers or dumpster divers who did not quite remember 
or see the full information.
    4. Non-English speakers--The CRA's require all consumers to 
use automated phone systems or the mail to request a credit 
report. The automated systems are in English only. We need to 
allow all consumers access to this vital information. The 
automated systems must have a Spanish language option and 
perhaps the ability to access an AT&T language translator for 
help in ordering his/her credit report. In addition, the CRA's 
must send instructions on how to read a report in the 
requesting languages or at least in maybe 5 of the languages 
that the national census shows are the largest population 
groups.
    5. Access to fraud specialists--Due to the automated 
systems, consumers can only speak with a CRA consumer rep when 
they have a report and then only for about 3 months after 
receiving the report. They call a special number, type in the 
report number and are connected. If that 90-day window has 
ended, they cannot access a person to ask questions. Due to the 
complexity of this crime, victims need longer access to CRA 
personnel. ITRC would recommend that period of time be extended 
to 180 days, minimum.
    6. Access to fraud specialists--It has also been reported 
by some of the victims that once they get their reports, they 
are only allowed one phone call to a fraud investigator at a 
bureau and then that report number no longer allows them access 
to the bureau's fraud division.
    7. Two files-one Social Security number--Recently a victim 
called ITRC with the following complaint. It is one that we 
have heard numerous times before. The car dealer asked for a 
credit check using the man's Social Security number only. A 
report came in with his Social Security number but with another 
person's name and information. When the dealer asked for a 
report with the victim's name and Social Security number a 
totally different report came back. In other words, there are 
two reports with the same Social Security number. The second 
report with the different name is an imposter (in this case a 
family member) who stole the victim's identity when he was a 
child. In fact, it even says on the report that credit was 
established prior to the age of 18 and includes a bankruptcy. 
This man is in the military and this problem may affect his 
entire career.
    8. Time issues--In some cases of identity theft, clearing 
up the problem is time sensitive. A park ranger called today. 
She was just told that a financial check showed a collection 
notice from First Premier Bank. She now must wait about 2 weeks 
for her credit reports and is unable to get beyond a customer 
rep at the bank to find out about this credit card she never 
opened. What she does know is that it is in her name and Social 
Security number but with an address she never lived at. She 
cannot wait several weeks to clear up this problem. The job 
will be gone tomorrow unless she can deal with this today. With 
the automated systems, there is no one to talk with for a line-
block during investigation at the bureaus until she gets her 
report--which will be too late to help her. This is a common 
problem for those dealing with job background checks, loans for 
purchasing homes/car, or checks done for tenancy.
    9. CRA cross-linking files--Some victims of extreme 
identity theft situations change their Social Security number. 
It is a last ditch 
effort to disassociate from a thief that is unstoppable. It 
brings severe consequences since so much of our personal 
history is linked to that number. You lose your college 
records, credit history, and more. It is as if you were born 
yesterday. People question you--are you a thief who has just 
made up the information, an illegal immigrant, etc.? ITRC only 
recommends this step in the worst of cases.
    It has been brought to ITRC's attention that in some cases 
the CRA is cross-linking the old and new Social Security 
number--an action that negates the changing of the Social 
Security number. Old and new numbers must remain separate 
(except with SSA and IRS per policy) or this extreme measure is 
ineffective. The purpose of changing one's Social Security 
number is to stop the thief from using your information. If the 
CRA cross-links the numbers, the thief 's actions appear on the 
new Social Security number and credit report. This means the 
victim is once again compromised. The CRA report is also a 
source of information for bail bondsmen and law enforcement. 
Unfortunately, many of these severe cases had thieves who broke 
the law while using the victim's Social Security number. This 
cross-linking may also result in the arrest of an innocent 
person.
    We would also like to address a couple other topics that 
were brought up by other panel members:

    1. Mandatory Fraud Alert Observation: This has been a topic 
that is a sore spot for many victims and consumers. Far too 
many victims have placed alerts on their credit reports only to 
have companies ignore them. The bottom line is this: Why does a 
company have the right to ignore my warnings or requests, 
placed for their benefit to protect both the company and the 
consumer from fraud?
    2. In the current version of the House Bill H.R. 2622, 
there is a mandatory observation section. There are two 
problems with this bill. First, it includes only those who 
already are victims. Consumers who wish to place a ``security 
alert'' as a proactive measure are unable to do so. It is vital 
that we act proactively and not just help in remediation. 
Second, the bill allows retailers to decide 
either to honor the ``alert me notice in the following manner'' 
which was placed by the consumer or to decide an alternate 
method. The problem with this is that info usually used is from 
the credit report. Once an imposter has become active in your 
life your credit report no longer represents your true 
information and only the thief would be able to answer any 
questions based on the report.
    Thank you for the opportunity to work with your Committee.

        RESPONSE TO WRITTEN QUESTION OF SENATOR MILLER 
                       FROM WILLIAM HOUGH

Q.1. Do you think the credit bureaus are doing enough to help 
the victims of identity fraud clear and correct their 
information? If not, what should they do?

A.1. The current system of reporting identity theft problems to 
the credit bureau could be improved by providing one toll-free 
800 number that would allow the consumer to notify all bureaus 
of their situation. Thus, through centralized notification, all 
bureaus would place an identity theft alert on the consumer's 
files with one call. This 1-800 process, I believe, is 
currently being developed and would be a significant benefit.
    On the subject of clearing and correcting consumer 
information, over the past few years the credit bureaus and the 
industry have developed several tools to handle the information 
correction process more efficiently. For example, the E-OSCAR 
system (Online Solution for Complete Accurate Reporting) allows 
both merchants and credit bureaus to respond quickly (via 
Internet access) to these consumer inquiries and get them 
resolved faster.
    While any process can always be enhanced, the credit 
bureaus have and continue to make significant progress to aid 
identity theft victims.

        RESPONSE TO WRITTEN QUESTION OF SENATOR MILLER 
                     FROM MICHAEL W. NAYLOR

Q.1. Do you think the credit bureaus are doing enough to help 
the victims of identity fraud clear and correct their 
information? If not, what should they do?

A.1. We believe credit bureaus can do more, and act more 
efficiently and effectively, to prevent identity theft from 
occurring, and to help victims recover their good credit and 
name after the fact.
    The AARP's recommendations for increasing the involvement 
of consumer credit reporting agencies (CRA's) to help solve 
this problem, include:

 Requiring CRA's to provide consumers with at least one 
    annual free credit report a year to make it easier and less 
    expensive for consumers to monitor their credit reports.
 Requiring subscribers who purchase credit reports from 
    CRA's to provide the same standard of identification to 
    retrieve a consumer's credit report as is required of 
    consumers seeking their own credit report. Because the 
    CRA's have procedures in place for consumer access, these 
    same procedures can be applied to subscribers requesting 
    credit reports.
 Allowing consumers to place a security freeze on their 
    credit report, and issue to consumers a password to prevent 
    their credit report from being accessed without their 
    express authorization.
 Requiring CRA's to permanently block fraudulent 
    accounts on the credit reports of identity theft victims.


                      AFFILIATE SHARING PRACTICES
                      AND THEIR RELATIONSHIP WITH
                     THE FAIR CREDIT REPORTING ACT

                              ----------                              


                        THURSDAY, JUNE 26, 2003

                                       U.S. Senate,
          Committee on Banking, Housing, and Urban Affairs,
                                                    Washington, DC.

    The Committee met at 10:07 a.m. in room SD-538, Dirksen 
Senate Office Building, Senator Richard C. Shelby (Chairman of 
the Committee) presiding.

        OPENING STATEMENT OF CHAIRMAN RICHARD C. SHELBY

    Chairman Shelby. The hearing will come to order.
    First of all, I want to thank the witnesses for being here 
today. This morning, we are examining the provisions of the 
Fair Credit Reporting Act which established the rules for 
information sharing among affiliated entities.
    I believe that this is an area which deserves particularly 
close scrutiny in the reauthorization process because of the 
considerable changes that have occurred in the financial 
service sector since the passage of the 1996 Fair Credit 
Reporting Act amendments.
    Frankly, activities which were once strictly prohibited now 
commonly occur within the industry. The changes made to the 
financial services laws permit financial services firms to 
engage in new lines of business and to operate using larger and 
much more complex corporate structures.
    The purpose of this hearing is to consider this 
contemporary landscape and assess how well the Fair Credit 
Reporting Act operates in the context of current practices. To 
do this, I believe we must consider the types of affiliate 
structures firms use and look at the kinds of information they 
share and ascertain the purposes for which they share it.
    We must also examine the level of consumer understanding of 

information-sharing practices--are the consumers aware that 
their financial information is shared, do they recognize the 
range of entities it is shared with, does such sharing pose any 
threats to them, do they have concerns about such sharing, do 
they have choices regarding controlling the sharing?
    Hopefully, through the course of today's hearing, we can 
address these issues. As we go forward, we will have to closely 
measure these issues in order to be able to develop a product 
that achieves the most effective, efficient, balanced, and fair 
system possible.
    Senator Johnson.

                STATEMENT OF SENATOR TIM JOHNSON

    Senator Johnson. Well, thank you, Chairman Shelby, for 
holding today's hearing on affiliate sharing and the Fair 
Credit Reporting Act. I would like to welcome today's witnesses 
whose thoughtful written testimony has been helpful in laying 
out both the benefits of information sharing and some concerns 
that we should keep in mind as this debate goes forward.
    I would also like to extend a special welcome to Terry 
Baloun, who is a Regional President and Group Head of Wells 
Fargo Bank in South Dakota, North Dakota, Montana, and Western 
Minnesota. Terry has spent a good deal of time in communities 
throughout our State, and he knows firsthand the challenges of 
bringing meaningful credit opportunities to rural America. We 
face particular challenges, from low population density to 
specialized issues related to agricultural lending, and Wells 
Fargo plays an important role in the financial services sector 
in the Upper Midwest.
    In fact, national firms like Wells Fargo and Citigroup, 
which is also represented here today, are critical to the 
economic vitality of rural States like South Dakota. While 
smaller local banks and credit unions are the lifeblood of our 
communities, and provide critical lending services to people 
throughout rural States, their services are complemented by 
larger financial conglomerates like Wells and Citi. Some people 
prefer to patronize small banks, some prefer credit unions, and 
some prefer the one-stop shopping they find at larger financial 
services firms.
    The point is that people have choice. And in rural America, 
we do not take that for granted. For example, in the area of 
health insurance, by August, we will have only two insurance 
companies left in my State offering individual policies, and 
the lack of competition has had devastating results on farmers, 
ranchers and other self-employed workers. But the nationwide 
system of credit that now permits companies to operate around 
the country with one set of rules overcomes the negative 
economics of a small population living across a large State.
    The expanded choice in the financial services marketplace 
extends beyond simply the type of financial institution to an 
exploding array of financial products now available to retail 
customers, ranging from complex to the simple. For example, 
Citigroup allows mortgage customers to pledge from a Smith 
Barney brokerage account to collateralize the loan rather than 
liquidate the portfolio to come up with a downpayment. By the 
same token, Wells Fargo customers can pay their mortgage at any 
local branch or ATM, even though the mortgage company and the 
bank are separate entities within the same corporate family. 
Neither of these services would be possible without information 
sharing among affiliates.
    On the retail side, affiliate sharing has benefits as well 
as Mr. Prill notes in great detail in his written testimony. 
These range from making computerized returns without a receipt, 
to storage and retrieval of warranty information, to returns of 
Internet purchases to a brick-and-mortar storefront, to 
screening for bad checks through an instant authorization 
system. And of great relevance to our discussion last week, 
customer information is critical in preventing identity theft 
in both the retail and the banking sectors. In fact, Special 
Agent Caddigan of the Secret Service and Mr. Beales of the 
Federal Trade Commission stated unequivocally that information 
sharing, and in particular information sharing among 
affiliates, can play a critical role in our enforcement efforts 
against identity theft.
    Are these financial services absolutely necessary? Well, 
probably not. The world does not come to an end in a cash 
economy. And I want to make clear that I take seriously the 
concerns some of today's witnesses raise about affiliate 
sharing. But the impact of product innovation on economic 
growth, consumer choice, and the democratization of credit have 
been undeniable.
    It is this very balance between growth and innovation on 
the one side, and individual privacy rights on the other, that 
drove Congress' decision in 1996 to preempt seven critical 
provisions of the FCRA from State action. We wanted to 
encourage a national marketplace for credit that maximizes 
appropriate consumer access to affordable credit and, to a 
remarkable degree, we have succeeded.
    Again, I believe this issue fundamentally is about consumer 
choice. And that includes a consumer's right to choose not to 
be part of an affiliate-sharing arrangement. The first 
opportunity to choose comes when a consumer decides to 
establish a relationship with a company: in some sense, the 
decision to do business with a larger or smaller institution is 
the ultimate opt in. The second opportunity to choose comes 
when the consumer is presented with an opportunity to opt out 
of affiliate sharing. To be effective, this option must be 
clear and meaningful. I am interested in hearing from the 
witnesses what steps, if any, they would suggest beyond the 
mandatory privacy notices to give customers a meaningful opt 
out opportunity.
    So thank you, Chairman Shelby. I thank you, Senator 
Sarbanes, for your leadership on this issue, and I look forward 
to the opportunity to hear more from this panel. I have several 
other conflicting obligations, and I will likely have to excuse 
myself prior to entire panel being concluded.
    Thank you, Mr. Chairman.
    Chairman Shelby. Senator Bennett.

             STATEMENT OF SENATOR ROBERT F. BENNETT

    Senator Bennett. Thank you, Mr. Chairman.
    I remember from my own business experience that one does 
not seek a bank, one seeks a banker. One seeks a relationship 
where you are known, your background is known, and therefore 
you can deal with a sense of confidence, and the banker can 
deal with a sense of confidence about your background.
    If we put up artificial barriers within financial 
institutions to the sharing of information, we create a 
situation where one cannot be known. As Senator Johnson has 
said, the first opt in is the choice you make as to the 
organization with whom you deal, and once you have made that 
choice, it seems to me, as a consumer, you want everyone in 
that organization to know all about you so that the good 
reasons they have to give you credit or offer you products in 
one part of the organization will go with you to the other part 
of the organization, and you will not have to reintroduce 
yourself again and again to try to get those services.
    If you find, as some witnesses have suggested in previous 
hearings, that you are being badly dealt with as a result of 
the way that information is shared, this is America, and you 
can walk out the door and take your business someplace else. I 
am always interested that many of the people who get upset 
about activities that businesses engage in assume that the 
business exists to fleece you. I can assure you that business 
exists to get a consumer to come back.
    Business exists to try to have as much repeat business from 
reliable consumers as it possibly can. I am using the wrong 
pronouns here. Business people, there is no such thing as a 
business, business people want to have as many repeat customers 
as they possibly can. They want to build brand loyalty and 
customer loyalty, and as I have heard some horror stories that 
said a bank did this or bankers did this or that with my 
information, the immediate reaction I had was why would any 
customer ever deal with that banker again if, in fact, that was 
done? The ultimate opt out is the one to which Senator Johnson 
has referred, that you take your business, and you go someplace 
else.
    So intelligent businessmen and women will do everything 
they can to use the information within affiliates in a way that 
will benefit the consumer so that the consumer will want to 
come back, will want to stay with that institution and all of 
its affiliates, and that is the way successful businesses are 
built, and that is the way consumers want it, and that is one 
of the magic aspects of American commerce.
    We have more flexibility, consumers have more choices, they 
have more opportunities to expand their purchasing options in 
America than anyplace else, and I think the sharing of 
information intelligently and for the purpose of trying to 
build repeat business is one of the reasons that American 
consumers are so well-served.
    So, I will look forward to the testimony from the 
witnesses, and hope that the prejudices and preconceptions that 
I have just outlined will either be confirmed or corrected, 
depending on the information the witnesses have to share with 
us today.
    Thank you, Mr. Chairman.
    Chairman Shelby. Senator Sarbanes.

             STATEMENT OF SENATOR PAUL S. SARBANES

    Senator Sarbanes. Mr. Chairman, thank you very much. I 
commend you for holding what I regard to be quite an important 
hearing on affiliate sharing practices and regulation.
    I think it is fair to say an affiliate used to be one of a 
small group of companies performing a similar business. Today, 
an affiliate could be one of hundreds or more companies, many 
of which engage in different businesses, and the question, of 
course, is in the minds of many consumers, that broad scope of 
affiliates are often thought of as third parties. So there has 
been a quantum expansion, I think, in the concept of 
affiliates, and we need to bear that in mind.
    Of course, we are looking now at the problem of whether to 
extend the Federal preemption of State law which governs 
affiliate sharing and, if so, under what conditions, and that 
poses important questions about the right of consumers, in 
terms of what can be done with their confidential financial 
information.
    The information under current law which can be disclosed is 
really quite far-reaching: savings and checking account 
balances, certificate of deposit maturity dates and balances, 
checks individuals write, checks deposited in a customer's 
account, stock and mutual fund purchases and sales, life 
insurance payouts and so forth.
    So that the universe of confidential and sensitive 
financial information that is being shared or sold has not only 
increased dramatically over the past several years, but I am 
not sure consumers are fully abreast of how widespread it is.
    This is underscored, of course, because every survey shows 
considerable sensitivity on the part of people with respect to 
the privacy of their financial information. In California, 
where privacy has become a major issue, statewide polls show 
from 75, 85, 90 percent say consumers should provide their 
permission for the use of the financial information. There have 
been efforts at legislation. In California, I understand that 
this issue may go to initiative. So it may be put to the 
electorate in a very different form than the ability to work at 
it, as one can do, in a legislative context.
    Hopefully, this hearing will help to develop what specific 
consumer data financial institutions circulate to affiliated 
businesses, for what purposes the affiliates use such data, the 
awareness of consumers as to which businesses are receiving 
their information. These are all important questions, and 
obviously the sensitivity across the country, I think, to the 
question of the privacy of financial information is growing and 
growing. And I think we have to figure out some way to address 
it. I hope we will hear, in that regard, from the panel, 
including the representatives of the financial institutions, 
which after all have a major interest in this question as well, 
but I do not think the issue in the country has reached 
anything approaching equilibrium, where people are satisfied 
with a situation. Therefore, until that occurs, there are going 
to be continuing calls for action of one sort or another, 
whether it be regulatory, legislative, or even, as California 
is considering, actually initiated right from the electorate to 
try to deal with this issue.
    Thank you, Mr. Chairman.
    Chairman Shelby. Senator Allard.

               STATEMENT OF SENATOR WAYNE ALLARD

    Senator Allard. Thank you, Mr. Chairman. I will be brief. I 
just want to thank you right at the start for holding this 
hearing. I want to thank the witnesses for agreeing to be on 
the panel. You being a part of this discussion is really 
important. It is not always easy to get away from your jobs and 
businesses to be here, but I look forward to hearing your 
comments.
    Information sharing is a vital part of the U.S. financial 
and business systems and it has contributed to the vibrancy of 
the U.S. economy. While it is necessary to protect a consumer's 
personal information, certain sharing of information is 
necessary for U.S. financial and business systems to function 
and operate smoothly.
    Affiliate sharing allows the operation of our national 
credit reporting system by enabling lenders to perform 
effective credit underwriting and credit monitoring. This 
ability is important for the industry to reduce their overall 
risk of loss. At the same time, customers deserve protection of 
certain information. I look forward to today's discussion of 
affiliate sharing and how this Committee can facilitate 
striking the appropriate balance between consumer protection 
and business needs.
    Again, I would like to thank the witnesses for agreeing to 
testify and thank you, Mr. Chairman.
    Chairman Shelby. Senator Carper.

              COMMENTS OF SENATOR THOMAS R. CARPER

    Senator Carper. Thanks, Mr. Chairman.
    To all of our witnesses, welcome. I am pleased I get to 
spend at least a little bit of time with you. We have got a 
whole bunch of things going on this morning. I will be in and 
out of the hearing.
    One of the things I would hope that will come out here for 
us, as we try to move forward on the question of FCRA and the 
preemption provisions, a focus on how are consumers better 
served by the sharing of information across the company and 
through affiliates, and how are consumers better off because of 
that.
    Also, I would add that, we have a good mix of witnesses 
here, people with a lot of different perspectives, and I think 
very helpful perspectives. And for me, for a hearing like this 
to be really successful, I walk away from the hearing finding 
common ground and listening to thoughts of each of our 
witnesses, from their own perspectives, the world in which you 
live, to try to weave it together into some kind of a 
consensus, and I would ask that you keep that in mind, and to 
the extent I get to ask a question, I am going to be asking you 
where you see the common ground emerging on this issue among 
this disparate panel.
    Thank you very much.
    Chairman Shelby. Thank you. I want to welcome our 
distinguished panel of witnesses.
    Oh, Senator Dole. We cannot forget her.

              STATEMENT OF SENATOR ELIZABETH DOLE

    Senator Dole. Thank you, Mr. Chairman. I know I am way down 
here on the end.
    Chairman Shelby. I had your name here. Sorry.
    You have been waiting patiently.
    Senator Dole. Thank you.
    In the past two hearings on the issues pertaining to the 
reauthorization of the Fair Credit Reporting Act, I have 
discussed the importance of affiliate sharing with some of our 
witnesses. In each instance, the witness agreed that affiliate 
sharing is vitally important. Today, we have the opportunity to 
more fully explore the numerous advantages that affiliate 
sharing provides to consumers, financial institutions, and 
public policy objectives. We all benefit now that judgments 
based on race and gender have been taken out of the equation of 
credit worthiness, and one can now walk into a store and obtain 
a line of credit in minutes. Consumers clearly benefit when 
they are able to call a single person, as has been mentioned 
several times this morning in their bank, and that customer 
service agent is able to access each of their different 
accounts at once. We all know the frustration of being 
transferred from person-to-person when we are attempting to get 
our questions answered at a bank. With affiliate sharing, 
increasingly more institutions are able to develop systems to 
minimize the need to transfer customers from department-to-
department.
    In addition, affiliate sharing allows financial 
institutions to realize greater efficiencies by permitting them 
to consolidate customer service and administrative functions 
for their affiliate businesses. A loss of all or part of the 
affiliate-sharing preemption would result in an increase of 
time and money wasted by consumers across the country, not to 
mention the increased frustration caused by being passed from 
person-to-person at their bank. Let me be clear: Privacy of 
personal information is very important, and I will work to 
implement reasonable protections. However, we must strive for a 
balance and should not sacrifice the efficiency of our credit 
system in the name of privacy. In many ways, I believe our 
responsibility is like that of doctors in the Hippocratic Oath: 
``First, do no harm.''
    Just as importantly, affiliate sharing assists financial 
institutions in antiterrorism efforts and in detecting and 
preventing money laundering. A customer service agent who can 
review all of a customer's accounts is more likely to spot 
potential problems or concerns. The value of this added benefit 
is extremely important, especially when we rely so heavily on 
the vigilance of our financial institutions and their 
cooperation with law enforcement officials.
    It is my hope that today's hearing will give us an 
opportunity to further explore these issues with our witnesses 
and that it will lead us all to greater appreciation of the 
advantages that consumers, industry, and the Government receive 
from the practice. Finally, I want to thank our distinguished 
panel of witnesses for taking the time to join us here today, 
and I look forward to working with my colleagues as we move 
closer to reauthorizing the important preemptions contained in 
the Fair Credit Reporting Act.
    Thank you, Mr. Chairman.
    Chairman Shelby. Thank you, Senator Dole.
    Now, I want to welcome, again, our distinguished panel.
    First, Professor Joel Reidenberg, Professor of Law at 
Fordham University; Ronald Prill, Former President, Target 
Financial Services; Terry Baloun, Regional President and Group 
Head, Wells Fargo Bank; Julie Brill, Assistant Attorney General 
of Vermont; Martin Wong, General Counsel, Global Consumer 
Group, Citigroup, Inc.; Edmund Mierzwinski, Consumer Program 
Director, U.S. Public Interest Research Group; and Angela 
Maynard, Chief Privacy Executive and Counsel, KeyCorp.
    We will start with you, Professor.
    All of your written statements will be made part of the 
record, in their entirety, and if you would briefly sum up your 
top points.

                STATEMENT OF JOEL R. REIDENBERG

       PROFESSOR OF LAW, FORDHAM UNIVERSITY SCHOOL OF LAW

    Mr. Reidenberg. Thank you, Mr. Chairman, Ranking Member 
Sarbanes, and distinguished Members of the Committee.
    I commend you for convening the hearing today on this 
important issue and for the leadership you have shown in this 
area. I also thank you for the honor and privilege to appear 
before you.
    I am Professor of Law at Fordham University School of Law, 
where I teach courses in information privacy law. I have 
written extensively on the regulation of fair information 
practices in the private sector and have written specifically 
on Fair Credit Reporting Act issues. I have also advised 
Federal and State Government agencies on some FCRA litigation 
matters.
    I am appearing today as an academic expert on privacy law, 
and I am not representing any organization or institution. I am 
glad that you will be able to include the submitted statement 
for the record. I should also mention that my prepared 
statement draws, in part, on testimony I gave last month to the 
House Subcommittee on Financial Institutions.
    What I would like to do this morning is highlight three 
points in the testimony and then make several recommendations. 
The first point is a context-setting point, specifically that 
strong privacy protections are absolutely essential for the 
credit reporting system in the United States. As I will discuss 
in a few moments, I think the affiliate sharing provisions and 
practices undercut this basic principle for privacy law.
    When Congress enacted the FCRA in 1970, Congress acted in 
response to significant abuses in the credit reporting 
industry. The documented abuses included the release of credit 
information to noncredit granters, the dissemination of 
inaccurate credit information, the inability of consumers to 
gain access to their credit reports and the difficulty in 
making corrections.
    Scandals and distrust were harming the marketplace then. I 
think the affiliate sharing provisions will send us back to 
that era.
    The FCRA was a novel statute at the time of enactment 
because it established the basic principle that information 
collected for one purpose would be used for statutorily defined 
permissible purposes. Any other use needed consent. It included 
other important fairness criteria--like rights of access, and 
an ability to dispute inaccurate information and have it 
corrected. The FCRA included important safeguards for American 
citizens related to law enforcement such as due process 
requirements for access to credit report information. Overall, 
it provided a bedrock set of standards for fair information 
practices.
    I think it is also important to recognize that the FCRA 
never created an overall uniform national standard, as we have 
heard numerous times in the various hearings during the past 
month. In fact, at the original enactment, Congress and this 
Committee, in particular, endorsed the position of State 
officials when they testified that we needed essentially a 
Federal floor to be supplemented by future State legislation.
    In the 1996 Amendments, the temporary and partial 
preemption clauses grandfathered three States. As a result, we 
have had differences from the start and even after 1996. The 
State differences have not impeded credit reporting or 
financial decisionmaking. Indeed, if we look at some of the 
statistics from the grandfathered States in 1996, we find that 
the lowest bankruptcy rates in the country are coming out of 
those three States and mortgage loan interest rates tend to be 
lower there than in other States. So we have not seen any 
problems arising from the fact that there are different 
standards.
    Weakening of the privacy protections, on the other hand, is 
a major problem. Surveys show that 95 percent of Americans 
object to the secondary use of their personal information, and 
that is exactly what affiliate sharing is allowing to happen 
today.
    My second point is that there are some unintended 
consequences of the affiliate-sharing loophole that enable the 
complete circumvention of all of the other protections in the 
Fair Credit Reporting Act.
    Congress, in allowing affiliate sharing, exempted affiliate 
sharing from the definition of a consumer report. By exempting 
it in that fashion, key protections of the statute then are 
lost for information shared among affiliates although there is 
a notice requirement and a one-time opportunity to opt out. 
Large groups of affiliated financial and nonfinancial 
organizations can easily engage in the same behavior that 
Americans found troubling and that caused the enactment of the 
Fair Credit Reporting Act in the first place.
    To illustrate, let us take a look at some of the specific 
affiliate sharing provisions.
    The blanket exemption given for experience and transaction 
data opens a Pandora's box. An organization can disseminate 
experience and transaction data, such as credit card 
performance information, insurance status, brokerage account 
activity among related companies without the protections of the 
FCRA applying such as accuracy or correction. If data is shared 
with affiliates, once the affiliates obtain the information and 
start using it and resharing it with other affiliates down a 
chain of companies, accuracy will disappear and the protections 
do not apply.
    It is very hard to tell right now the significance of this 
exemption. Because of the size of organizations, the scope is 
very poorly understood. I think it is very important that we 
learn about the specific data transfers that take place and the 
specific purposes for which they are being used. Consumers do 
not have access to this information. Consumers cannot simply 
walk out of the bank and start up a relationship with another 
bank in the hopes that their privacy is preserved because they 
cannot find out.
    More sweepingly, the affiliate-sharing provisions allow the 
complete circumvention of basic clauses. Communication to 
persons related by common ownership are exempted from the 
definition. So we see some examples. It means storage 
limitations, the types of uses, all of those protections 
disappear.
    The industry has already testified at hearings that they 
are using this exemption in ways that subvert the original 
protections of the Act. TransUnion testified that they promote 
affiliate sharing to make underwriting decisions. Citibank 
testified earlier this month that it shares information among 
affiliates, including credit application, credit bureau data, 
information on transactions with customers. MBNA indicated it 
shares credit eligibility information, including credit reports 
among affiliates.
    Once their affiliates have the data--data that has been 
exempted from the definition of consumer reports--the other 
protections then do not apply to those affiliates. The 
potential circumventions are particularly disturbing when we 
consider the affiliations of some of the large groups. 
TransUnion, for instance, belongs to the Marmon Group. Marmon 
has a large series of businesses, including a 
syringe needle business, and a residential water treatment 
plant. TransUnion provides a notice of affiliate sharing and an 
opt out. They can transfer credit reports wholesale to those 
companies.
    Experian is in the same situation. Experian is owned by a 
British company, Great Universal Stores. Great Universal Stores 
also owns Metromail and Burberry's. If Experian were to provide 
notice of affiliate sharing and an opt out, Experian could 
transfer the entire credit reporting database to Metromail, 
which is a direct marketing company. Well, as it turns out, 
Experian does just that. If you order a credit report from 
Experian online or if you subscribe to Experian's service that 
provides the credit watch function, Experian gives a notice, 
and an opt out of affiliate sharing. I do not think there is 
any way a consumer would recognize that Metromail is now 
entitled to receive their credit report, could do anything with 
that credit report and none of the protections of the statute 
would apply.
    Affiliate sharing also allows the Government to engage in 
surveillance outside the due process protections of the FCRA. 
Equifax, for example, operates through a number of changing 
groups. It is a little hard to figure out exactly how their 
corporate structure is defined from reading their annual 
reports, but their apparent group of affiliates includes one 
that provides information services to the Government. Equifax's 
Online Privacy Policy and Fair Information Principles statement 
informs consumers who request copies of their credit reports 
that they may disclose the information to affiliates.
    Well, what that suggests is that Equifax would have an 
ability to transfer the credit report database to an affiliate 
that provides information services to the Government. Once the 
affiliate receives it, the permissible purposes and the due 
process restrictions would not apply.
    Now, in each of these examples, I do not have any specific 
information to suggest that these companies are, in fact, 
exploiting this loophole because, again, it is not possible for 
a consumer to learn that information.
    What you find, though, is these practices are clearly 
authorized by the statute, and the companies disclose that they 
intend to do these sorts of activities. We simply do not have 
the specific details of what they are doing.
    The last point that I would like to raise is that the 
affiliate sharing provisions raise very significant security 
risks and threats to the soundness of the credit reporting 
system. The problem is really the leakage of credit information 
to affiliates for secondary purposes; in other words, 
information being shared for purposes that were not the 
original permissible purposes. I believe such sharing enhances 
identity theft risks.
    This Committee heard last week from U.S. Secret Service 
Agent Timothy Caddigan that insider jobs are a significant 
source of identity theft risk. To the extent that wide-ranging 
affiliate sharing starts moving this sensitive personal 
information across companies, down the chain from one to 
another, affiliate sharing magnifies the number of insiders who 
have access to personal data, without restrictions on how it is 
used, and without the obligations that the banking law imposes 
on banks, for instance, to maintain information security. Those 
protections are lost.
    Fraud detection, which we have heard about, certainly 
appears as an authorized purpose under the Fair Credit 
Reporting Act, a ``legitimate business need.'' It does not seem 
that the affiliate sharing exception is necessary for that 
purpose.
    I think, also, that affiliate sharing introduces a homeland 
security risk. The global reach of American companies and their 
affiliates means that sensitive data can be transferred to 
affiliates in countries that are presently on State Department 
watch lists and warning lists. We have examples that illustrate 
processing activities appear to be taking place in countries 
such as Malaysia and the Philippines.
    Once the data goes off-shore, not only do the consumers 
lose protection, but at the same time U.S. law enforcement 
loses the ability to engage in legitimate law enforcement 
activity because the processing is no longer within the 
jurisdiction of the United States.
    I would like to conclude with two recommendations for 
Congress to consider. Congress needs to restore the Fair Credit 
Reporting Act to the higher level of its original protection. 
And to do that, I would recommend, first, the elimination of 
the exemption for affiliate sharing from the definition of 
consumer report or at least allow the partial preemption clause 
to sunset on January 1. Let the States protect their citizens 
and experiment on how best to protect their citizens.
    The second recommendation is a process issue: investigate 
the actual sharing practices of credit report information among 
affiliated companies, and the specific uses of that data by the 
affiliated recipients that escapes the protection. This hearing 
is really the first part of this process.
    To this end, I think Congress should instruct the 
functional bank regulators and the Federal Trade Commission to 
investigate, audit, and report back exactly how organizations 
are using the affiliate sharing exemption. It is not sufficient 
to say a company uses the exemption to develop products and 
services or to provide better customer service. That does not 
tell us much. It does not give consumers the ability to talk 
with their feet and change their business relationships to 
those companies that protect their privacy.
    Thank you.
    Chairman Shelby. Thank you, Professor.
    Mr. Prill.

                  STATEMENT OF RONALD A. PRILL
          FORMER PRESIDENT, TARGET FINANCIAL SERVICES
          ON BEHALF OF THE NATIONAL RETAIL FEDERATION

    Mr. Prill. Good morning, Mr. Chairman and Members of the 
Committee.
    Chairman Shelby. Put your mike in front of you.
    Mr. Prill. My name is Ronald Prill, and given the makeup of 
other Members of this Committee, I thought I should emphasize 
that my name is ``Prill,'' with a ``P.'' Until I retired about 
3 weeks ago, I was President of Target Financial Services, and 
I was also CEO of Retailers National Bank, Target Corporation's 
credit card bank subsidiary. I am presently employed by Target 
as a consultant to our management as I transition into 
retirement. I appreciate this opportunity to speak to you today 
on behalf of my company, as well as all of the members of the 
National Retail Federation.
    Many retailers, like Target, have evolved, for a variety of 
reasons, into organizations having multiple-affiliated 
entities. Having affiliates enables us retailers to operate 
differentiated retail store formats, to operate efficiently and 
to be able to compete effectively. Besides running individual 
retail companies, a retailer's individual affiliates might 
source merchandise, administer retail credit card programs, 
deliver warrantee and repair services or perform other 
functions that are necessary to the success of the retail 
business.
    Among Target Corporation's affiliates are our 1,100 Target 
stores in each of the 48 contiguous States, except Vermont; 
Mervyn's, our chain of about 250 stores, serving the middle 
market and located mostly in Western States; Marshall Field's, 
62 full-line department stores in 8 Midwestern States; 
Target.direct, our direct marketing and dot.com affiliate; and 
Retailers National Bank, which issues all Target, Mervyn's, and 
Marshall Field's credit cards.
    I hope you have had the opportunity to review my written 
testimony which I submitted to the Committee. In it, I covered, 
in 
detail, some of the many ways in which affiliates in a retail 
organization must share information about their customers in 
order to carry out the core business functions that are 
dependent on that sharing. These core functions include things 
like retail credit card programs, controls and protections 
against loss from fraudulent merchandise returns and bad 
checks, and the lifeblood of a retailer, the capability to 
reach and know its customers, to communicate with them, and to 
send them advertising and targeted offers.
    My written testimony also explains how many of the benefits 
that America's retail customers have come to expect are 
frequently possible only because of affiliate information 
sharing. These benefits include protection against identity 
theft, receiptless returns of merchandise, the convenience of 
returning or exchanging merchandise that was purchased at a 
retailer's website at any of its stores without a trip to the 
post office and without paying a return shipping fee, more 
customer-friendly check acceptance policies and procedures, the 
savings and other perks of customer loyalty programs, and the 
benefit which so many of our customers are so vocal about--
receiving sale catalogues and other advertising at home, on 
time, and before the sale starts.
    These are all examples of truly benign sharing of 
information among affiliates whether viewed from the retailer's 
perspective or from our customers' perspective. Not all 
retailers are structured the same, not all have affiliates or 
the same number of affiliates or the same kinds of affiliates, 
but we all have pretty much the same core business processes 
and the same need to serve our customers well.
    To accomplish these things, retailers are dependent on 
having readily available information about their customers, and 
that availability should be the same for all retailers and all 
of their customers, regardless of organizational structure. Our 
customers want it to be that way.
    In closing, I would like to take this opportunity to 
emphasize the retail industry's strong support for the 
permanent reauthorization of the seven areas of preemption 
covered in Section 624 of the Fair Credit Reporting Act. 
Without the extension of the Uniform 
National Standards, retailers and the customers we serve may be 
subject to a confusing patchwork of new State laws, rules, and 
regulations concerning important areas such as dispute 
resolution and the information contained in credit reports. And 
as today's hearing reflects, services that millions of 
customers have come to rely on and that they routinely take 
advantage of would be disrupted if information flows are 
interrupted.
    Mr. Chairman and Members of the Committee, consumers have 
come to expect instant access to credit when purchasing 
everything from an automobile to furniture, appliances, and 
apparel. In the final analysis, we in the retail industry have 
a real concern that a more fragmented process for information 
sharing and credit approval would negatively impact consumers 
in many different levels and, as a consequence, retail sales, 
ultimately costing jobs and hurting the economy as a whole.
    Thank you. I will be happy to answer any questions.
    Chairman Shelby. Thank you, Mr. Prill.
    Mr. Baloun.

                   STATEMENT OF TERRY BALOUN
               REGIONAL PRESIDENT AND GROUP HEAD
                        WELLS FARGO BANK

    Mr. Baloun. Thank you, Mr. Chairman.
    My name is Terry Baloun, and I am the Regional President 
and Group Head for Wells Fargo Banks in South Dakota, North 
Dakota, and Montana. Thank you, Chairman Shelby and Committee 
Members for the invitation to testify and respond to your 
questions.
    Our Wells Fargo Banks work in concert with other Wells 
Fargo business affiliates in providing financial service 
products to our customers. The service customers expect, 
requires that Wells Fargo have integrated information systems 
to give customers what they want--when, where, and how they 
want it. Subject to the Fair Credit Reporting Act, Wells Fargo 
shares customer information internally to meet these goals.
    Providing a new mortgage, providing rural or remote small 
businesses with credit, offering consolidated statements for 
customers with multiple Wells Fargo products requires 
information about their financial affairs. Applying 
inappropriate restrictions on transfers of information among 
affiliates would impede customer service.
    The 1996 Amendments to the Fair Credit Reporting Act 
recognize the value to customers of the ability to transfer 
information among affiliates. This ability is wholly consistent 
with our customers' expectations that their questions will be 
answered and their needs will be met with a single call or e-
mail, whether their financial products are provided by a single 
company or several companies in the same affiliated group.
    In Wells Fargo's view, it is customer expectations and 
needs that should shape public policy that regulate information 
use--not legal structure. This is especially critical to our 
mortgage business. Since passage of the 1996 Amendments to the 
Fair Credit Reporting Act, mortgage servicing has become more 
efficient. Wells Fargo customers have more channels through 
which they can apply for a mortgage and get assistance or 
conduct transactions related to a mortgage, as well as the 
complete array of financial products offered by Wells Fargo. In 
California, 40 to 50 percent of our Wells Fargo mortgages 
originated this year are the result of referrals from our Wells 
Fargo Banks to Wells Fargo Home Mortgage. Many are first-time 
homeowners in Hispanic market areas. With affiliate transfers 
and the use of customer information, mortgage customers can 
make mortgage payments at their local branch bank, obtain 
balances, get consolidated statements, and get the support of 
24-hour call centers that serve an entire affiliated 
enterprise. Our customers have found these services valuable.
    Sharing of customer information also benefits our small 
business customers. The basis for small business lending over 
the last 10 years has been direct-mail offers of preapproved 
credit. Wells Fargo has extended nearly 500,000 small business 
loans since the mid-1990's. FCRA allows Wells Fargo to provide 
such credit, based on Wells Fargo's own experiences with the 
customer and the most current credit report. Generally, small 
businesses no longer need to submit tax returns or financial 
statements, providing easier and cheaper credit for the 
business customer.
    Actions by multiple States to enact their own State 
versions of the Fair Credit Reporting Act will frustrate 
customers who do routine transactions across State lines. Wells 
Fargo provides services to thousands of customers who may have 
accounts domiciled in one State yet reside or do business with 
a Wells Fargo Bank in another State. Nearly half a million 
Wells Fargo customers have made teller or ATM transactions out 
of State within the last 5 months. In my banking States of 
South and North Dakota and Montana, nearly 10 percent of Wells 
Fargo customers live in one State, but use Wells Fargo banks or 
ATM's in a bordering State.
    Finally, Wells Fargo believes that the current uniform 
national standard for information use as provided by the 1996 
Amendments to the FCRA is vital and ask that this Congress 
provide clarity and stability by removing the sunset provision 
that affects affiliate sharing and other segments of credit 
granting. Congress should also address identity theft and set 
new standards for notification about information use to 
customers.
    Availability of financial services, such as mortgages for 
our customers, and the flows of information required to meet 
those services available don't stop at State borders or 
corporate structures.
    Thank you. I will be happy to answer any questions that 
you, Chairman Shelby, or the Committee may have.
    Chairman Shelby. Ms. Brill.

                    STATEMENT OF JULIE BRILL
                   ASSISTANT ATTORNEY GENERAL
                      THE STATE OF VERMONT

    Ms. Brill. Thank you. Good morning.
    My name is Julie Brill. I am an Assistant Attorney General 
from the State of Vermont. Thank you very much, Chairman 
Shelby, Ranking Member Sarbanes, and other distinguished 
Members of this panel for inviting me here today. I would like 
to make four points this morning.
    The first point that I would like to make is that the 
economies of Vermont and other States with more protective laws 
in this area of affiliate sharing and financial privacy, 
generally have not been harmed as a result of those laws.
    The second point that I would like to make is that States 
need to enact more protective laws because the Federal system 
for regulating affiliate sharing of information is inadequate.
    The third point that I would like to make is that States 
currently provide important protections in the affiliate 
sharing arena that are not provided in Federal law.
    The fourth point that I would like to make is that Congress 
should sunset the affiliate sharing provisions so that States 
can serve as laboratories of democracy in this arena, as 
Congress has done in so many other areas involving privacy, 
credit, and important consumer protection issues.
    With respect to my first point, the economies of Vermont 
and other States with more protective laws have not been 
harmed. As you may have heard earlier and you will certainly 
know by now, Vermont is the only State that has an affiliate 
sharing law that was grandfathered into the Fair Credit 
Reporting Act. That is because we were the only State as of 
1996 that had a law affecting affiliate sharing.
    Vermont also has more protective laws with respect to 
credit reporting generally and also with respect to financial 
privacy. Vermont took advantage of Section 507, which was put 
forward by this Committee in the GLB enactment in order to have 
more protective opt in laws with respect to third-party 
sharing.
    As Professor Reidenberg has demonstrated, not only has 
Vermont's economy not been harmed but also the State economies 
in other States that have more protective laws. Those State 
economies have also not been harmed. Professor Reidenberg has 
shown that our bankruptcy rates are among the lowest in the 
Nation, and our mortgage interest rates are among the lowest in 
the Nation.
    In addition, our office has examined auto loan rates in the 
States that have more protective laws. Vermont ranks 50th. That 
means we have among the absolute lowest auto loan rates in the 
country. California is 31st, Massachusetts is 24th.
    In addition, we examined whether credit is readily 
available in Vermont--in other words, is instant credit 
available? Is it available at very low interest rates to a 
broad group of consumers?
    What you see over here on the poster boards, if you can see 
them--I apologize, Senator Dole, if you cannot see them, but 
they are over there--what is over there are advertisements that 
appeared----
    Chairman Shelby. Could you turn them just a little bit so 
that everybody from this angle can pick them up?
    Ms. Brill. Copies of these ads are also in my testimony.
    What these advertisements show is that credit is available 
instantly, at extremely low rates, to broad numbers of 
consumers in our State. We believe that an examination of 
advertisements in California and Massachusetts would 
demonstrate the same thing.
    So, just to refer to what Senator Johnson described with 
respect to the importance of the democratization of credit, we 
think the democratization of credit is thriving in Vermont.
    With respect to my second point, the Federal laws governing 
affiliate sharing are simply inadequate. Corporate groups are 
vast and amorphous. We have included in my testimony lists of 
affiliate groups for three financial institutions, two of which 
are here this morning.
    Citigroup lists over 1,600 affiliates. KeyCorp, which 
considers itself a midsize bank, lists over 800 affiliates. 
Bank of America lists in official records over 1,300 
affiliates. These affiliates are involved in a surprisingly 
wide variety of activities--insurance, securities, 
international banking, real estate holdings, and development.
    To answer your question, Senator Shelby--are consumers 
aware that these corporate groups are so vast and amorphous; do 
they understand the information flows among these affiliate 
groups; do they have choices with respect to these information 
flows--I think the answers to these questions are: ``No,'' 
``No,'' and ``No.''
    Federal law provides no notice and no choice with respect 
to sharing of transaction and experience information within an 
affiliate group or with respect to joint marketing by the 
affiliate group with respect to its joint marketing partners. 
It is quite simply the case that consumers do not expect that 
their Citibank account number will be shared with Travelers or 
a Citibank's affiliates for marketing purposes; nor do they 
expect that their health information that Travelers may hold as 
a result of a property or casualty claim will be shared with 
Citibank for credit decisions. Under Federal law--that is, if 
it were not for State laws protecting this kind of sharing of 
health information--that would occur.
    We believe that consumers should be notified with respect 
to this kind of affiliate sharing information when it is being 
used for marketing purposes or for credit decisions--that is, 
not for servicing the consumer's original account.
    Where Federal law does provide for notice and choice--that 
is, with respect to the sharing of credit information within an 
affiliate group--the notice and choice is woefully inadequate. 
The same problems that exist with respect to GLB notices also 
exist with respect to the notices that go out for affiliate 
sharing.
    With respect to my third point, States provide important 
protections in the affiliate sharing arena that are not 
provided by Federal law. GLB calls upon the States to regulate 
sharing of insurance information. The National Association of 
Insurance Commissioners has created a model that requires that 
health information can only be shared within an affiliate group 
if the consumer consents.
    Thirty-five States have adopted this law. States also have 
laws with respect to the sharing of health information that 
relates to specific diseases such as HIV testing, cancer, or 
genetic testing. These State laws prevent life and property and 
casualty insurers from sharing this critical information with 
banking and other affiliate groups for the making of credit 
decisions. The Health Insurance Portability and Accountability 
Act, or HIPAA, does not cover these financial institutions.
    In the absence of State laws, there would be no protections 
for this kind of information being used to determine whether a 
mortgage should be granted by an affiliate of the insurance 
company.
    And finally, with respect to my last point, the National 
Association of Attorneys General urges Congress to allow the 
limited 
preemption provisions in the FCRA to sunset. This is 
particularly true with respect to the affiliate sharing 
preemption provision.
    We request that Congress follow what it has done with 
respect to GLB, with respect to HIPAA, and with respect to 
other important consumer protection laws, and that is to set a 
Federal floor and allow the States to serve as laboratories of 
democracy as they have done so well in the past.
    Thank you very much.
    Chairman Shelby. Mr. Wong.

                    STATEMENT OF MARTIN WONG
             GENERAL COUNSEL, GLOBAL CONSUMER GROUP
                        CITIGROUP, INC.

    Mr. Wong. Good morning, Chairman Shelby, Ranking Member 
Sarbanes, and Members of the Committee.
    On behalf of Citigroup, I want to thank Chairman Shelby for 
holding these hearings on the Fair Credit Reporting Act, and I 
appreciate the opportunity to speak before you today to discuss 
how FCRA, and particularly the affiliate sharing provisions, 
impacts, our ability to operate efficiently and serve our over 
200 million customer accounts.
    FCRA provides a national framework for the credit reporting 
system, which has been shown to work well and to provide 
substantial economic benefits to consumers, including 
affordable and convenient credit, wide credit availability, and 
prevention of fraud and identity theft. FCRA also facilitates 
the free flow of information that allows modern financial 
services companies to work efficiently.
    While Citigroup believes that maintaining national uniform 
standards for all seven of the expiring provisions of FCRA is 
crucial, I will focus my testimony on the topic of today's 
hearing--information sharing among affiliates.
    Information sharing among affiliates is an ingrained part 
of how we meet our customers' needs and expectations on a daily 
basis. Affiliate sharing is necessary for effective credit 
underwriting and credit monitoring which are the heart of the 
national credit report system. The sharing of information among 
affiliates enhances the ability of lenders to accurately assess 
credit risk, thereby reducing their overall risk of loss. 
Citigroup is able to use the credit information and transaction 
histories that we collect from our affiliates to create 
internal credit scores and models that help determine a 
customer's eligibility for credit. This information supplements 
credit reports and FICO scores to paint the most accurate 
picture possible of a customer. For example, CitiMortgage 
underwriters have access to information from affiliates that 
includes a customer's account balances, payment history, and 
available lines of credit. This allows our credit analysts to 
verify a customer's creditworthiness quickly and efficiently, 
minimizing the burden to the customer associated with providing 
this documentation.
    Sharing information among affiliates greatly assists in the 
prevention and detection of identity theft and fraud. Although 
some have argued that sharing information increases 
opportunities for identity theft, our experience is that 
information sharing among affiliates actually reduces identity 
theft. Through affiliate sharing, they are able to maintain an 
internal fraud database, which helps prevent the opening or 
maintenance of fraudulent accounts. This kind of information 
sharing also allows us to alert customers to potential fraud or 
identity theft at an earlier stages.
    Affiliate sharing allows us to provide one-stop shopping 
for our customers in a way that is seamless and consistent with 
our customers' expectations. Affiliate sharing allows companies 
like Citigroup to better service our customers' diverse 
financial needs through affiliates that have appropriate 
products and services. Our customers want and expect the 
convenience of having one-stop-shopping for all of our 
products--banking, insurance, home mortgage, credit cards, and 
securities. They also expect the ability to access information 
about all of their accounts in one statement, with one phone 
call, or on one website.
    Additionally, consolidated relationships allow our 
customers to move money seamlessly between accounts and to pay 
their Citibank credit card balances at any Citibank ATM, as 
well as, on the Internet, simply by making a transfer between 
accounts.
    Customers do not view us as different legal entities, but 
instead as a single source of multiple financial products. When 
a Citibank customer who has an account in Connecticut through 
our Federal thrift enters a Citibank branch in New York, our 
national bank, to cash a check or open another account, the 
customer expects to be recognized and receive the same level of 
service. The legal distinction between the two affiliated 
Citibanks is not relevant to the customer, and it should not 
affect his or her ability to obtain products and services.
    Affiliate sharing provides the customer with pricing 
discounts and products tailored to their needs. For customers 
who have multiple account relationships with us, the sharing of 
information between affiliates allows us to provide financial 
benefits in the form of relationship pricing and special 
offers. For example, many customers benefit from no-fee 
checking through a Citibank N.A. or Citibank FSB based upon 
their total combined balances, in their mortgage from 
CitiMortgage, credit card from Citibank South Dakota, and 
investments through Citicorp Investment Services.
    Sharing information among affiliates also permits us to 
service our customers on an individualized or tailored basis. 
For example, customers who have a Smith Barney brokerage 
account are eligible for a mortgage from CitiMortgage without a 
down payment by pledging their securities as collateral.
    In 1996, Congress struck the appropriate balance between 
consumer protection and business needs by allowing customers to 
opt out of having certain information shared among affiliate 
entities, but continuing to allow information about a company's 
own experiences with a customer to be shared among affiliates. 
The FCRA national standard is particularly reasonable now that 
the business of providing financial services, especially 
lending, is no longer restricted by State borders, which means 
that consumers have the same opportunities for credit, 
regardless of where they live.
    If different States were allowed to pass laws governing the 
exchange of information among affiliates, it would 
significantly disrupt our seamless, nationwide system of 
serving our customers. It could lead to a never-ending process 
as States and localities impose different regimes. Compliance 
with this patchwork of laws would be extremely burdensome and 
costly for lenders, and ultimately for consumers.
    Thank you for the opportunity to appear before this 
Committee.
    Chairman Shelby. Mr. Mierzwinski.

                STATEMENT OF EDMUND MIERZWINSKI
                   DIRECTOR, CONSUMER PROGRAM
              U.S. PUBLIC INTEREST RESEARCH GROUP

    Mr. Mierzwinski. Thank you, Mr. Chairman and Senator 
Sarbanes. I also want to recognize Senator Allard, who has been 
a sponsor of important legislation on the transparency of 
credit scores in the past, and Senator Bunning, for his 
important contributions on Social Security Number protection in 
the past. These are important privacy bills that I hope the 
Committee will move on as well.
    The U.S. Public Interest Research Group is pleased to 
testify again on the important matter of affiliate sharing and 
the Fair Credit Reporting Act. In 1970, Congress passed a 
comprehensive statute to regulate the use of credit reports. It 
gave these third-party companies, credit reporting agencies, 
tremendous ability to collect and disseminate comprehensive 
dossiers on individual consumers and to sell them onto the 
market. That Fair Credit Reporting Act since 1970 has served a 
very important purpose. It is a very important law despite the 
problems that we have with it. But the important thing about 
the Fair Credit Reporting Act is that it regulated the use of 
those credit reports. It gave consumers comprehensive rights. 
When your credit report was used for an adverse action, you 
gained the right to learn that it had been used for an adverse 
action--the right to look at, the right to dispute, the right 
to correct, and then the right to enforce all of those rights 
if they would not correct your report.
    In 1996, when Congress amended the Fair Credit Reporting 
Act to deal with a number of problems in the Act, industry 
insisted on a ``stealth'' amendment to the Act. I was there. 
Assistant Attorney General Brill was there----
    Chairman Shelby. Explain ``stealth'' amendment.
    Mr. Mierzwinski. I am unaware that Congress held any 
hearings, Senator, as this hearing is being held today, on the 
issue of affiliate sharing. I am unaware of any record 
testimony on why industry needed an exception to the definition 
of ``credit report'' for affiliate sharing.
    There was one big markup in the House Banking Committee at 
the time where it was debated extensively, but we lost--
industry had the horses, they had the votes--but really, the 
Federal Trade Commission, consumer groups, the attorneys 
general, NAAG, we all opposed this, and we thought there would 
be significant problems posed by creating an exception. And as 
Professor Reidenberg has pointed out, under the affiliate 
sharing regime, information collected by affiliates becomes 
exempt from the Fair Credit Reporting Act. It is not regulated 
in any meaningful way, if at all, by the Fair Credit Reporting 
Act, and it is not regulated by the Gramm-Leach-Bliley Act.
    The Gramm-Leach-Bliley Act was passed in 1999. It has Title 
V, a private title, and Title V simply says that if you provide 
notice of your affiliate sharing practices, your information 
practices, you have the right to do whatever you want within 
your affiliates and even with, as Assistant Attorney General 
Brill pointed out, some third parties who are treated as if 
they are part of your corporate family.
    You do have a limited right to opt out of the sharing of 
your comprehensive experience and transaction information only 
if it is going to be shared with telemarketers who are selling 
nonfinancial products.
    Now, as Mr. Wong pointed out, the biggest companies--the 
ones with hundreds or thousands of affiliates--are able to 
develop databases of information that has been laundered 
outside the protection of the Fair Credit Reporting Act. Even 
credit reports, not just the experience information, but credit 
reports and information from your applications, information 
from your references, can also be collected in these corporate 
entities, although that so-called ``other'' information, as 
opposed to the experience information, is subject to an opt 
out. They can use that information to create an unregulated in-
house credit bureau.
    Chairman Shelby. How widespread is that?
    Mr. Mierzwinski. I think the biggest companies have the 
biggest databases. I think they are all doing it. We talk about 
this as a privacy issue, Senator, but really, the potential is 
that it is a consumer protection issue. And I cannot stress 
enough that when we have unregulated use of affiliate 
information, consumers do not gain the comprehensive bundle of 
rights that they gain under the Fair Credit Reporting Act.
    In the debate that has occurred over the continuation or 
extension--what industry calls ``reauthorization''--of the 
temporary preemption amendments, I think there has been a lot 
of misleading information out there.
    First, of course, the notion that industry is for opt out, 
and consumers are for a harsh opt in--industry is actually for 
no opt. That is what we have under Gramm-Leach-Bliley, is no 
opt, and that is what they vastly prefer--no choice for 
consumers.
    Second, this representation that information sharing will 
come to a grinding halt if we give consumers privacy rights is 
fallacious as well. Gramm-Leach-Bliley provides a number of 
exceptions for underwriting, for fraud control, for the public 
safety, for completing a consumer's own account requests. You 
can have a call center even with financial privacy. You can 
have multiple accounts with one database even with financial 
privacy. It is just flat-out wrong to claim that if consumers 
have the right to control their information for secondary 
purposes, all information would grind to a halt, and we would 
be living in caves.
    That is basically the summary of my testimony. I know I 
have run out of time. There is a lot more in my testimony. I 
also want to point out my House testimony from 2 weeks ago goes 
into great detail about other problems with the Fair Credit 
Reporting Act.
    I want to say finally, of course, that the Sarbanes 
Amendment to the Gramm-Leach-Bliley Act is a very critical 
amendment. That is the amendment that was added in conference 
that allowed the States to enact stronger financial privacy 
laws; and California is considering a stronger law. 
California's champion, Jackie Spear, has compromised with the 
industry, yet the industry still opposes her bill. She has even 
agreed that industry could have some information kept in no opt 
silos, other information would be under an opt out, some third-
party sharing would be under an opt out, and some would be 
under an opt in. She has compromised, yet industry still 
opposes her reasonable bill. Consumers Union, CalPERG, and 
other groups are prepared to go to the ballot.
    But I think it is important that this Committee look at 
what industry is doing to chill efforts by other States around 
the country to emulate what California is trying to do by 
claiming that the Gramm-Leach-Bliley Act's preservation of the 
Fair Credit Reporting Act trumps the explicit provision giving 
States greater financial privacy rights. We think that that is 
wrong. We think that the Fair Credit Reporting Act's exception 
simply says that they are not a credit bureau when they share 
information. We do not like that, but it should not go any 
further than that.
    I want to conclude by saying that we would appreciate the 
Committee continuing its detailed deliberations on this issue 
and to consider this--if you extend the preemption and take 
away States' rights forever, it would be very difficult for the 
States, who are more nimble, to find local problems, identify 
them, and react to them quickly, as Vermont did, as 
Massachusetts did, as California did, before Congress ever 
acted in 1996.
    Remember that last year, even Enron was not enough to 
guarantee passage of the corporate reform bill. Sarbanes-Oxley 
legislation was only passed after Worldcom came to our door as 
well.
    Thank you very much.
    Chairman Shelby. Ms. Maynard.

                 STATEMENT OF ANGELA L. MAYNARD
          CHIEF PRIVACY EXECUTIVE AND COUNSEL, KEYCORP
         ON BEHALF OF THE FINANCIAL SERVICES ROUNDTABLE

    Ms. Maynard. Mr. Chairman and Members of the Committee, my 
name is Angela Maynard, and I am the Chief Privacy Executive 
and Counsel for KeyCorp, or Key, an $86 billion financial 
services company headquartered in Cleveland, Ohio. Key is a 
member of the Financial Services Roundtable, and I am appearing 
on behalf of the Roundtable today, as well as the customers, 
employees, and shareholders of Key.
    I appreciate the opportunity to testify before the 
Committee on the role of affiliate sharing under the Fair 
Credit Reporting Act. FCRA is central to our national credit 
system.
    The Roundtable and Key support the affiliate sharing 
provisions of FCRA, and we urge the Committee to renew the 
provisions of FCRA that are scheduled to expire.
    The Roundtable has found that failure to renew key 
provisions of FCRA will result in higher credit costs for 
consumers, decreased credit availability for those least 
advantaged, and reduced customer spending.
    The Roundtable has found that the customers of its member 
companies have saved an estimated $8 billion as a result of 
information sharing within affiliates. Moreover, the Roundtable 
has found that contrary to common perception, targeted 
marketing reduces the number of solicitations consumers 
receive.
    Like many other financial services companies, Key owns a 
number of subsidiary companies, all of which qualify as 
affiliates for purposes of FCRA. However, less than 20 
companies that Key owns provide products and services directly 
to consumers. Moreover, we have diligently tried to reduce this 
number, and it is only due to regulatory and tax laws that we 
continue to operate with multiple affiliates.
    To our customers, however, Key is not a collection of 
separate companies. It is a single entity that offers a variety 
of financial products and services. Key uses the affiliate 
sharing provisions of FCRA in many ways that help consumers.
    Affiliate information sharing permits us to provide 
products and services that meet specific needs of our 
customers. To do this, we must understand a consumer's 
financial needs and financial profile. Affiliate sharing allows 
us to gather that data. Once we have an understanding of our 
customers' needs and financial profile, we can determine what 
products and services are the best fit for that customer.
    Affiliate sharing allows us to deliver financial products 
and services efficiently. It eliminates the need for customers 
to deal separately with different Key employees at different 
locations. Affiliate sharing accelerates account application 
and approval procedures. When we can use existing customer 
information that is maintained by a Key company, we can reduce 
the need for a customer to spend time gathering papers and 
finding information necessary to complete an application. Using 
existing customer information also enables us to accelerate our 
review process.
    Key offers several products that straddle affiliates. For 
example, Key's Total Access Account connects a brokerage 
account with a bank deposit account. Customer information must 
be shared between our brokerage and our bank to allow this and similar 
cross-affiliate products to coexist. Combined statements and 
online account aggregation services are other examples of 
services that are a direct result of affiliate sharing.
    Key uses affiliate sharing to maintain and grow customer 
relationships. One way we achieve this is through relationship-
based pricing and discounts for customers who maintain multiple 
accounts across Key. Affiliate sharing allows Key to determine 
which customers qualify for discounts and other pricing breaks.
    Affiliate sharing helps us to respond to customer inquiries 
and to update customer information. With access to shared 
information, a single Key employee can assist a customer with 
almost any request. This saves the customer the time and 
nuisance of separate visits and multiple telephone calls. 
Affiliate sharing also helps Key manage data quality across the 
organization, and maintaining the accuracy of customer 
information is critical in our fight against identity theft.
    Centralized functions--such as call centers, operations 
centers, analytics, and product development--all require 
information sharing across affiliates. Consolidating functions 
improves expertise, allows us to better manage risks, and 
significantly reduces operating expenses. These benefits are 
passed on to the customer in the form of better service and 
lower costs.
    In order to ensure that our marketing efforts benefit our 
customers, we use affiliate sharing to understand our 
customers' needs. We do not market products to consumers who 
have requested us not to solicit them.
    Information sharing among affiliates is critical in our 
efforts to fight fraud. Gathering and sharing information on 
the accounts across the organization is the only means to 
effectively address this serious problem. Having access to 
information across affiliates increases the speed with which 
Key can assist a victim of fraud and identity theft.
    Finally, affiliate sharing is a critical component to Key's 
compliance efforts with antimoney laundering laws.
    In conclusion, the Roundtable and Key support the affiliate 
sharing provisions of FCRA. We firmly believe that the statute 
strikes an appropriate balance between consumer protection and 
corporate structure, and we urge the Committee to make the 
existing provisions of FCRA permanent and thereby reaffirm our 
national credit system.
    Chairman Shelby. Thank you very much.
    As an initial matter, I think it is worth noting that many 
of the information sharing practices that have been identified 
here today by the witnesses from the financial service firms 
are, in fact, practices that I believe have statutory authority 
to conduct independent of the Fair Credit Reporting Act.
    For example, doesn't Gramm-Leach-Bliley authorize 
information sharing, for example, to combat identity theft or 
customer request, among many others, and if this is the case, 
can some of you from the financial service industry help us 
understand why the Fair Credit Reporting Act affiliate sharing 
provisions are so important?
    Mr. Wong.
    Mr. Wong. Senator, I believe that the Gramm-Leach-Bliley 
law does deal with sharing of information but more in the 
context of third parties and not affiliate sharing.
    The FCRA is important because it deals with affiliate 
sharing of information, information that is needed for us to 
render services, products, to a customer in the manner that he 
or she expects.
    Chairman Shelby. Mr. Baloun.
    Mr. Baloun. Mr. Chairman, I am not an expert in the 
compliance area, but my understanding is that the Fair Credit 
Reporting Act allows affiliate sharing explicitly for financial 
institutions as Wells Fargo which is not a credit bureau. There 
is a tremendous investment that we make in gathering the 
information, and if we segregate that, I do not think we could 
spend the amount of money and the technology that we do to 
gather it all.
    FCRA allows us to use that technology to give more 
information to our customers; so we get to leverage it in 
additional sales and additional opportunities for our customers 
along with notification. That would be my interpretation.
    Chairman Shelby. Thank you.
    Ms. Brill, of the seven preemption provisions up for 
reauthorization, six involve, I believe, substantive national 
standards. I would like to review just briefly the standard in 
terms of the rules regarding affiliate sharing.
    Could you explain the standard again?
    Ms. Brill. Thank you. Yes, I will try the best I can.
    It is a confusing standard.
    Chairman Shelby. First, what are the practical differences 
between what we call ``experience'' and ``nonexperience'' 
information?
    Ms. Brill. First of all, the standard is contained in a 
definition that excludes from the definition of ``consumer 
reports'' certain types of information. As was pointed out by 
Mr. Mierzwinski, there were no Congressional hearings of which 
I am aware that went into really what this exclusion to the 
definition actually meant.
    Chairman Shelby. Some of us have been on the Committee for 
a long time. I have been here for 17 years, and Senator 
Sarbanes has been longer than I have. I do not remember any 
hearings, do you?
    Senator Sarbanes. No.
    Chairman Shelby. Okay. Go ahead.
    Ms. Brill. Okay. So our research was accurate. We were not 
able to find any.
    So it is unclear--there is not a lot of work out there by 
the Congress to help us understand what these words mean, so we 
are left with the actual words in the statute.
    What the statute provides is that information that is known 
as, ``transaction and experience information,'' which I will 
describe in a second, is automatically excluded from the 
definition of a ``consumer report.'' Other information which 
the Federal regulatory agencies including the OCC have defined 
as basically credit-related information is excluded from the 
definition of ``consumer report'' but only if financial 
institutions provide an opt out. That is more or less what it 
is.
    Now, the difference between transaction and experience and 
other information is that ``transaction and experience 
information'' include not only your account balance on your 
credit card, your payment history, and things like that, but it 
even goes into what you are actually purchasing. I believe that 
financial institutions and other retailers are collecting and 
mining the information about your actual purchases. That is 
transaction and experience information. In other words, it is 
information that the financial institution holds as a result of 
having an account with you.
    In contradistinction, the other information for which the 
financial institutions have to give a notice and opt out is 
information they obtain from third parties. Primarily and 
foremost among that is credit reporting information. Also, it 
is information that they might have as a result of an 
employment investigation if they are going to hire you; that 
information is also considered other information.
    Have I answered your question?
    Chairman Shelby. You have.
    Mr. Mierzwinski, do you want to comment on that briefly?
    Mr. Mierzwinski. I would agree with all of that, and just 
to restate what I said earlier, the definitions create these as 
exceptions. They really actually do not provide a scheme of 
regulation. And even though there is an opt out for the other 
information, as the professor pointed out earlier, if Affiliate 
1 obtains your credit report and uses it for an adverse action, 
it must provide you with an adverse action notice. However, if 
Affiliate 1 shares your credit report--if you had not opted 
out, if you did not understand the opt out----
    Chairman Shelby. Does this distinction make sense to you?
    Mr. Mierzwinski. They get the credit report totally clean 
of any consumer rights if they give it to Affiliate 2.
    Chairman Shelby. Senator Sarbanes.
    Senator Sarbanes. Thank you very much, Mr. Chairman.
    This has obviously been a very interesting panel, and we 
appreciate the participation by the various panelists. This is 
an issue with some complexity and some great importance.
    Professor Reidenberg, I would like to ask you first--I want 
to make sure I understand this--is it the case that under the 
current system, if the data moves from the main enterprise to 
whom the consumer provides it to an affiliate, that affiliate 
then is free of some of the limitations or protections that 
apply to the data as far as its receipt by the main enterprise?
    Mr. Reidenberg. I believe that is correct. There would be 
one caveat to it. Take the case, for example, that I fill out a 
credit application that includes all sorts of financial data 
and other data about me, and I am given credit by the grantor. 
Ordinarily under the definitions, my application would have to 
be treated as a ``consumer report'' by the credit grantor. If 
that company shares my loan application data with an affiliate, 
the definition in Section 603 of affiliate sharing says that 
the credit grantor does not have to comply with all the 
protections in the statute to share the data with the 
affiliate.
    So if the affiliate wants to use the data for just general 
marketing purposes--a use that ordinarily would be prohibited--
the affiliate at that point--who acquired the personal 
information for marketing purposes--can do whatever it wants 
with the data. None of the protections apply.
    Senator Sarbanes. Whereas the enterprise that I provided it 
to to begin with could not; is that correct?
    Mr. Reidenberg. That is correct.
    Senator Sarbanes. All right. I just wanted to be clear on 
that.
    Mr. Reidenberg. There is one caveat that is important to 
recognize. If the affiliate acquired the data for credit 
decisions, then what the affiliate could then do with respect 
to third parties, unaffiliated companies, might come back 
within some of the protections of the statute. It is the 
initial transfer from Company 1 to Company 2 that is exempted 
under the definition.
    Senator Sarbanes. I want to be very clear about this. I am 
the consumer. I provide the information to Company 1. There are 
limitations on what Company 1 can do with it.
    Mr. Reidenberg. Correct.
    Senator Sarbanes. Company 1 then provides it to Company 2 
which is an affiliate, and Company 2 is then free of those 
limitations, or at least some of those limitations. Is that 
correct?
    Mr. Reidenberg. By and large, that is correct; they are 
free of most of the limitations.
    Senator Sarbanes. Well, I have difficulty seeing the 
rationale for that, but I will defer because I have a number of 
other questions I want to ask, and my time is very short.
    Attorney General Brill, I would like to ask you--the 
Partnership to Protect Consumer Credit is running ads--
presumably, you have seen them. I understand that the 
Partnership to Protect Consumer Credit--a lot of work goes into 
picking the names of these groups--but I gather the National 
Retail Federation played a part in that; is that right, Mr. 
Prill?
    Mr. Prill. I do not know--yes.
    Senator Sarbanes. Yes. In this ad, they have a house with 
red tape all over it, and they say: ``Without a national 
consumer credit system, a new home could be a lot harder to 
move into.'' And then, they say it is going to be a 
bureaucratic nightmare of red tape with these States laws, and 
``As a result, many Americans would face costly delays in 
purchasing a home, financing a car, or buying a big-ticket 
item.''
    Now, of course, Vermont is able, with the grandfather 
clause, to provide extra protections. Have Vermonters 
encountered these costly delays referred to here in purchasing 
a home, financing a car, or buying a big-ticket item?
    Ms. Brill. No, absolutely not. Credit is very widely 
available in Vermont and at extremely low rates. Instant credit 
is available. We are able to go to ATM's across the Nation and 
obtain cash. We are able to obtain free checking----
    Senator Sarbanes. That is enough; I have got to keep moving 
because my time----
    Ms. Brill. Sorry. The answer to your question is no.
    Senator Sarbanes. Mr. Baloun, Wells Fargo's privacy policy 
states--this is off the Internet--``You have choices regarding 
how information about you is shared. If you would like to opt 
out of information sharing with outside financial companies 
and/or within the Wells Fargo family, your preferences will be 
honored and will apply to all accounts linked to your Social 
Security Number. If you choose to opt out of information 
sharing, please call the toll-free number that appears at the 
end of this disclosure.''
    I gather that that obviously means you permit your 
customers to opt out of affiliate sharing; is that correct?
    Mr. Baloun. That is correct, Senator.
    Senator Sarbanes. If so, what problem would you have with 
the right of consumers to opt out of affiliate sharing under 
the Federal Credit Reporting Act? I take it it would not be a 
problem for you; it would only open up an opportunity for 
consumers who deal with institutions that do not provide this 
kind of privacy power. Would that be correct?
    Mr. Baloun. Senator, we grant our customers--at the time 
that an account is open, an opt out option and give them the 
materials. Then, we have set up the 800-number where they can 
contact--and let me go a step further. Once a year, we mail to 
our customers another notification, again giving them the 
opportunity to do a simple tear-off sheet if they want to opt 
out.
    Now, as a businessperson dealing with my three regions, we 
do talk with our customers and talk to them about the 
advantages of not opting out so we can share information with 
them. There are times when we may have mortgage products or 
something that is advantageous, and we will call our customers 
and talk to them about that, where they will actually end up 
getting cheaper rates or better deals. We cannot do that if 
they opt out. If they opt out, they have the right to do that, 
but we do not encourage them to because I can serve my 
customers better by being able to communicate with them--but 
they have the right.
    Senator Sarbanes. Do you think, generally speaking, that 
consumers should have this option that Wells Fargo offers to 
them?
    Mr. Baloun. It works for us. I do not really have a 
position for the industry.
    Senator Sarbanes. Let me very quickly ask Mr. Wong--you 
work in Europe and elsewhere, internationally, right?
    Mr. Wong. Yes, sir. We operate in over 100 countries.
    Senator Sarbanes. And you have to abide by the privacy 
provisions that apply in the European Union with respect to 
consumers there, do you not?
    Mr. Wong. Yes, sir, we do.
    Senator Sarbanes. Those privacy provisions are 
significantly more protective of the consumers' information 
than what exists in this country; would you say that that is 
generally the case?
    Mr. Wong. With some caveats, Senator.
    Senator Sarbanes. But you have been able to do business 
under those requirements.
    Mr. Wong. That is correct.
    Senator Sarbanes. Why does providing additional protections 
for consumers in this country seem to cause you so much 
concern? If you provide it over there so a European gets better 
protection, and if you can work, apparently, profitably and so 
forth under that circumstance, why does this create a problem 
for you?
    Mr. Wong. Senator, as I understand the European model, 
which people have described as an opt in model, the way it 
works is that if you are applying for credit, and should the 
lender offer you credit, the lender will condition the offer of 
that credit with you opting in to sharing of information. So 
the majority of customers seeking to obtain those products from 
that lender would in essence be opting in and therefore 
agreeing to sharing of that information.
    Senator Sarbanes. I have run over my time, and I know that 
Senator Bennett wants to ask some questions, and we have a 
vote.
    Chairman Shelby. Thank you, Senator Sarbanes.
    Senator Bennett.
    Senator Bennett. Have any of you ever applied for a home 
mortgage in a different State from the one in which you were 
previously employed prior to the passage of the Fair Credit 
Reporting Act? I have. It applies--I am sorry--to the red tape 
involved in the ad.
    It took me a month, moving from California to Utah, prior 
to the information sharing, even though I was dealing with the 
same bank, as they went through all of the red tape and all the 
rest of it. It was a nightmare. I got the home mortgage, I got 
the thing done, but I would be delighted to have had my bank in 
California to be able to tell the bank in Utah, ``We know this 
man; he is legitimate; his income is proper.'' I would have 
been thrilled with that experience.
    Is there any connection, Prill and Brill, with Vermont's 
position and the fact that that is the only State where you do 
not have a Target store--or is it pure coincidence? Just a 
quick ``yes'' or ``no.''
    Mr. Prill. Senator, there are probably several factors 
there.
    Ms. Brill. I would say it has more to do with our 
environmental laws than anything, probably.
    Senator Bennett. Never mind. I do not want to get into 
that. I just thought it was very interesting that you were 
operating everywhere but Vermont, and Vermont talks about the 
grandfathered situation.
    Senator Sarbanes. Is it because of this privacy issue?
    Mr. Prill. No, Senator Sarbanes, I am not saying that. It 
is to that extent a coincidence, but we have no plans to build 
in Vermont, either.
    Senator Sarbanes. All right.
    Senator Bennett. All right. Well, the time is gone, and let 
me just share with you my reactions.
    Professor Reidenberg, you said ``We do not know.'' You gave 
us a lot of potentially difficult situations, and then you said 
``We do not know.'' And the industry witnesses gave us concrete 
examples of things they had been able to do that had been 
better for the customer.
    My question would be this: Can anybody give me--among those 
who are opposing the extension of the affiliate provision--a 
concrete example, other than a single anecdote, that is, that 
can be quantified into some kind of analysis of how there has 
been definite consumer damage, because we have gotten concrete 
examples from the industry of consumer benefits. The consumer 
benefits have been fairly consistent between the different 
institutions, and we have a concrete number of the amount of 
money that has been saved by virtue of the affiliate sharing--
money which I presume in today's economic environment 
translates into lower consumer costs, because pricing power is 
very much absent in the present economy.
    So if companies are saving in the billions of dollars--and 
it can be documented--I assume you would not have put it in 
your testimony if it could not have been--companies are saving 
in the billions of dollars, and that is being translated into 
lower consumer costs by virtue of competitive pressures that 
says when you have that kind of savings, you pass it on 
competitively to try to get people to be with you rather than 
with your competition--if we have all of these documented 
benefits which consumers like--as I said, from my personal 
experience, I certainly would have liked getting that 
mortgage--can we get any concrete examples from the opponents 
of how consumers have been damaged?
    I have heard very careful legal arguments of things that 
could happen, but I have not heard any examples of things that 
have happened or people who have been damaged. And we have to 
run off to a vote, but if you could supply that for the record, 
I assure you I will read it very carefully. But that is where I 
come down on this.
    Chairman Shelby. And we will all read it if they will 
supply any of these answers.
    Senator Bennett. Yes. That is where I come down on this. It 
strikes me as a theoretical argument of this is what could 
happen and that could be bad versus this is 6 years of 
experience of things we have done that have been good. And my 
own background leads me to go with that which has happened 
rather than that which could happen.
    Thank you.
    Chairman Shelby. We have three stacked votes; that means we 
are going to have to accelerate this.
    Senator Sarbanes.
    Senator Sarbanes. Thank you very much, Mr. Chairman. I will 
be very brief, because I know the votes are pressing.
    In the course of responding to the question that Senator 
Bennett just asked, Mr. Baloun, I would particularly appreciate 
it if you would focus on the following situation.
    The Association of Community Organizations for Reform Now 
has written to Comptroller Hawke at the Currency about 
predatory lending issues involving Wells Fargo. In that letter, 
they say: ``We have seen various examples of referrals and 
other similar connections back and forth between the 
institutions embracing the affiliate institutions, 
unfortunately not in the direction of assuring A credit for A 
borrowers. One borrower family we know, for example, long-time 
customers of Wells Fargo Bank, went into a Wells Bank branch 
looking to refinance their home loan. After they provided the 
loan officer with information about themselves''--and 
apparently, the loan officer talked about a loan at about 5 
percent and without closing costs--``they then got a call back 
from Wells Fargo Financial''--which I understand is your 
subprime lender; is that correct?
    Mr. Baloun. That is correct. They do make subprime loans.
    Senator Sarbanes. Yes. They are your subprime lending unit 
as I understand it.
    And contrary to these terms that at least had been put out 
to them originally as real possibilities, they ended up at a 
variable rate at 9\1/2\ percent and closing costs of 4 percent 
of their lender.
    Now, obviously, the information that came in to the bank 
then went out to the subprime lending affiliate subsidiary at 
Wells Fargo, and they then got in touch with these people.
    Could you look into that situation in the course of 
responding to the question that Senator Bennett put to you?
    Mr. Baloun. Yes.
    Senator Sarbanes. Thank you, Mr. Chairman.
    Chairman Shelby. Thank you.
    As I told you, we have three stacked votes, and it will 
take an hour or so before it is over, but I have a number of 
questions for the record, and other Members who were not here 
and in other hearings probably will. This has been a very 
interesting panel today, and I hope you would respond to those. 
I just want to touch on a few of them, but we will submit them.
    I'd be interested--I know you do not have time to answer 
this now--in what level of understanding does the average 
consumer have with respect to affiliate sharing? I think that's 
important. Does the number of affiliates a firm has affect this 
understanding?
    What about situations where the affiliates are engaged in 
entirely different lines of business? In other words, does it 
matter that a person recognizes that they have a relationship 
with a bank but may not know that the bank also owns a retail 
securities brokerage firm or a direct-mail operation where this 
information would be used, and other things?
    How important is a firm's brand to consumers in 
establishing their expectations with respect to the kind of 
relationship that they have with a company? How important is 
that brand? Should there be safeguards or best practices for 
sharing information within 
affiliates?
    Of course, I am also interested--and I think the Committee 
is for the record--that while called ``affiliate sharing 
provisions,'' some of these provisions actually allow companies 
to share information with entities that are outside their 
affiliate structures. Why is this necessary, and does it 
actually make sense? And do consumers have different concerns 
with respect to affiliate sharing versus third-party sharing?
    Should there be greater control over sharing information 
outside an affiliate structure than within an affiliate 
structure? In other words, should this provision be limited so 
that the only type of information sharing permitted is sharing 
with affiliate entities and so forth?
    We are going to submit other questions to you.
    Chairman Shelby. We appreciate very much you coming today 
and preparing. This is a very important piece of legislation.
    Thank you very much.
    [Whereupon, at 11:48 a.m., the hearing was adjourned.]
    [Prepared statements, response to written questions, and 
additional material supplied for the record follow:]

               PREPARED STATEMENT OF SENATOR JIM BUNNING

    Thank you, Mr. Chairman, for holding this very important hearing 
and I would like to thank our witnesses for testifying today. This is 
the third in a series of hearings on the Fair Credit Reauthorization 
Act. As we all know, the FCRA is a important issue for the financial 
industry and to consumers. There are differing opinions on the 
direction the FCRA should take. There are some who think we need to 
pass the FCRA with no changes, some who think we should pass the FCRA 
but with additional privacy and identity theft protections and some who 
think privacy decisions would be better left to the States. These 
hearings will be a great help to Members in deciding which is the best 
way to go.
    Affiliate sharing was something we addressed extensively during 
Gramm-Leach-Bliley and it seems to still be a point of contention. 
There are many questions being asked. Do consumers benefit from the 
flow of information between affiliates, or are there too many risks 
with this practice to warrant it? Is an ``opt in'' plan better than the 
current ``opt out'' program? Are the privacy statements too long and do 
they contain too much legalese? Or are consumers simply throwing the 
privacy notices out? What responsibilities do consumers have to keep 
themselves informed of the information sharing policies of the 
companies they do business with? What are the unintended consequences 
of legislation to change the current affiliate sharing status quo? I am 
looking forward to hearing these issues be hashed out.
    But I have another concern. I am very concerned about this economy. 
I am very worried about the possibility of a double-dip recession. I 
know that puts me at odds with more optimistic economic minds, like 
Chairman Greenspan, but contrary to popular belief, Chairman Greenspan 
is not always right. In fact, I think his decision to lower the prime 
interest rate yesterday by a quarter point was not nearly aggressive 
enough. He should have lowered the rate by a half point to further give 
the economy the shot in the arm it needs. Right now, the economy is 
just not where it should be, we are not growing like we can, and we are 
not creating jobs.
    If there is one thing that shakes the markets, it is uncertainty. I 
am afraid that the talk of not renewing the FCRA is creating a lot of 
uncertainty in the financial markets. If we have 50 different privacy 
standards, it will be difficult for financial companies to sell their 
products nationwide. If counties and municipalities get in the act, and 
some already have, it will be even more difficult. In this economic 
climate we need to promote a uniform standard for consumer reporting 
and not add more confusion and chaos.
    It is crucial we pass an FCRA extension this year. We must bring 
some certainty back to the markets if we are ever going to get this 
economy to grow and prevent a double-dip.
    Again, Mr. Chairman, thank you for holding this important oversight 
hearing.

                               ----------

                PREPARED STATEMENT OF JOEL R. REIDENBERG

           Professor of Law, Fordham University School of Law
                             June 26, 2003

    Mr. Chairman, Ranking Member, and distinguished Members of the 
Committee, I commend you for convening this hearing on affiliate 
sharing practices and their relationship to the Fair Credit Reporting 
Act and I thank you for the honor and privilege to appear before you. 
My name is Joel R. Reidenberg. I am a Professor of Law at Fordham 
University School of Law where I teach courses in information privacy, 
international trade, and comparative law. As a law professor, I have 
written and lectured extensively on the regulation of fair information 
practices in the private sector. My bibliography includes scholarly 
articles and two co-authored books on data privacy.\1\ Of relevance to 
today's hearing, I have studied and written about the Fair Credit 
Reporting Act (FCRA) and have advised both Federal and State Government 
agencies on FCRA litigation issues. I am a former Chair of the 
Association of American Law School's Section on Defamation and Privacy 
and have served as an expert advisor on data privacy issues to State 
and local governments, to the Office of Technology Assessment in the 
103rd and 104th U.S. Congresses and, at the international level, to the 
European Commission and foreign data protection agencies. I appear 
today as an academic expert on data privacy law and policy and do not 
represent any organization or institution which I am or have been 
affiliated.
---------------------------------------------------------------------------
    \1\ Paul M. Schwartz & Joel R. Reidenberg, Data Privacy Law 
(Michie: 1996); Joel R. Reidenberg and Paul M. Schwartz, Online 
Services and Data Protection Law: Regulatory Responses (Eur-OP: 1998); 
Joel R. Reidenberg, Privacy Wrongs in Search of Remedies, 54 HASTINGS 
L. J.--(forthcoming); Lorrie Cranor & Joel R. Reidenberg, Can User 
Agents Accurately Represent Privacy Notices?, TPRC 30th Research 
Conference Paper #65 (2002) available at http://papers.ssrn.com/sol3/
papers.cfm?abstract_id=328860; Joel R. Reidenberg, E-commerce and 
Trans-Atlantic Privacy , 38 HOUSTON L. REV. 717 (2001); Joel R. 
Reidenberg, Resolving Conflicting International Data Privacy Rules in 
Cyberspace, 52 STANFORD L. REV. 1315 (2000); Joel R. Reidenberg, 
Restoring Americans' Privacy in Electronic Commerce, 14 BERKELEY TECH. 
L. J. 771 (1999): Joel R. Reidenberg, Setting Standards for Fair 
Information Practice in the U.S. Private Sector, 80 IOWA L. REV. 497 
(1995); Joel R. Reidenberg & Francoise Gamet-Pol, The Fundamental Role 
of Privacy and Confidence in Networks, 30 WAKE FOREST L. REV. 105 
(1995); Joel R. Reidenberg, Rules of the Road on Global Electronic 
Highways: Merging the Trade and Technical Paradigms, 6 HARVARD J. LAW & 
TECH. 287 (1993); Joel R. Reidenberg, The Privacy Obstacle Course: 
Hurdling Barriers to Transnational Financial Services, 60 FORDHAM L. 
REV. S137 (1992); Joel R. Reidenberg, Privacy in the Information 
Economy--A Fortress or Frontier for Individual Rights?, 44 FED. COMM. 
L. J. 195 (1992). Copies of most of my articles may currently be found 
on my website at: http://reidenberg.home. sprynet.com.
---------------------------------------------------------------------------
    My testimony will focus on three points: (1) the U.S. credit 
reporting system needs strong privacy protections to preserve a robust 
national information economy; (2) the affiliate sharing provisions of 
the 1996 Amendments create significant unrecognized loopholes that 
eviscerate the protections of the FCRA; and (3) the affiliate sharing 
loopholes pose that security risks and a threat to the soundness of the 
U.S. credit reporting system.
    I recommend that Congress either eliminate the affiliate sharing 
loopholes or leave the 1996 sunset clauses alone so that States are 
reauthorized to protect their citizens against abusive practices under 
the affiliate sharing loopholes. I further recommend that, before 
taking any other type of legislative action, Congress should 
investigate thoroughly these broader implications of affiliate sharing. 
Congress must have a much deeper factual knowledge of the specific 
types of credit report data that is shared among affiliated companies 
and a much deeper knowledge of the specific uses, disclosures, and 
onward transfers that are made by the affiliated recipients outside the 
protections of the FCRA for citizens' privacy.

Strong Privacy Protections are Essential for the Credit Reporting 
        System
    The FCRA was enacted in 1970 as a response to significant abuses in 
the nascent credit reporting industry. Decisions affecting citizens' 
lives were being made in secret with bad data. Congress heard extensive 
testimony during the late 1960's on the unfair and abusive information 
practices that voluntary industry guidelines failed to prevent. These 
included the release of credit information to noncredit grantors, the 
dissemination of inaccurate credit information, the inability of 
consumers to gain access to their credit reports, and the difficulty of 
consumers to obtain correction of erroneous information.\2\ Scandals 
and distrust were harming the marketplace.
---------------------------------------------------------------------------
    \2\ See e.g. S. Rep. 91-517, 91st Cong., 1st Sess. (1969); Hearings 
on Commercial Credit Bureaus before the House Special Subcommittee on 
Invasion of Privacy of the Committee on Government Operations, 90th 
Cong., 2nd Sess., March 12-14, 1968; Hearings on Fair Credit Reporting 
S. 823 before the Senate Subcommittee on Financial Institutions of the 
Committee on Banking and Currency, 91st Cong., 1st Sess. (May 19-23, 
1969).
---------------------------------------------------------------------------
    In enacting the original FCRA, Congress wanted to assure the 
efficiency and integrity of the U.S. banking system. The statute became 
the cornerstone of U.S. privacy law. Congress recognized fair 
information practices were essential for vibrant credit markets and 
expressly sought, ``to prevent an undue invasion of the individual's 
right of privacy in the collection and dissemination of credit 
information.'' \3\
---------------------------------------------------------------------------
    \3\ S. Rep. 91-517, 91st Cong., 1st Sess. 1 (1969).
---------------------------------------------------------------------------
The FCRA Established the Principles of Opt In Consent and the Fair 
        Treatment of Personal Information
    At the time of enactment, the FCRA was an extraordinary and unique 
statute precisely because the law set a new standard for strong privacy 
protection. The FCRA established a then-novel system of opt in 
permission for the dissemination of credit report information. The 
statute defined a specific set of permissible purposes for which the 
disclosure of credit report information was authorized. These purposes 
related directly to the reasons for which collected data was gathered 
and were generally limited to the extension of credit, insurance, or 
employment. Any other disclosure of credit report information required 
the written consent of the consumer.
    Among other important innovations for fairness, the law created 
transparency in the industry by granting a consumer the right of access 
to credit report information and by requiring the industry to identify 
the recipients of credit reports. The law further provided rights for 
consumers to dispute inaccurate information contained in their credit 
reports. Finally, the FCRA included due process safeguards before a 
consumer reporting agency could disclosure credit report information to 
Government agencies or law enforcement. This overall framework provided 
a bedrock set of standards for fair information practices.

The FCRA Never Created an Overall ``Uniform National Standard''
    From the start, however, Congress recognized that the credit 
reporting industry would be likely to evolve significantly and that 
even greater privacy and fairness could benefit the banking industry. 
As a result, Congress permitted the States to enact stronger privacy 
protections for credit reporting since stronger State statutes promoted 
the main goals of the original FCRA. In fact, at the time of enactment, 
this Committee specifically endorsed the position of State officials 
who testified at Senate hearings expressing, ``a need for Federal 
legislation to supplement any future State legislation which may be 
enacted.'' \4\
---------------------------------------------------------------------------
    \4\ S. Rep. 91-517, 91st Cong., 1st Sess. 3, 8 (1969).
---------------------------------------------------------------------------
    The major subsequent fair information practice laws similarly 
adopted this policy and waived Federal preemption. For example, the 
Financial Services Modernization Act, the Health Insurance Portability 
and Accountability Act, the Cable Communications Policy Act, and the 
Video Privacy Protection Act, each expressly waived, in whole or in 
part, Federal preemption. Despite industry's wishful repetition at a 
plethora of hearings this spring,\5\ the FCRA never intended nor did it 
create an overall ``uniform national standard.'' Instead, the statute 
established a minimum set of Federal standards that have always been 
supplemented by varying State laws.
---------------------------------------------------------------------------
    \5\ See e.g. Hearing on ``The Growing Problem of Identity Theft and 
Its Relationship to the Fair Credit Reporting Act'' before the Senate 
Banking Committee, 108th Cong., 1st Sess. (June 19, 2003); Hearing on 
``Fair Credit Reporting Act: How It Functions for Consumers and the 
Economy'' before the Subcommittee on Financial Institutions and 
Consumer Credit of the House Committee on Financial Services, 108th 
Cong., 1st Sess. (June 4, 2003); Hearing on ``the Importance of the 
National Credit Reporting System to Consumers in the U.S. Economy'' 
before the Subcommittee on Financial Institutions and Consumer Credit 
of the House Committee on Financial Services, 108th Cong., 1st Sess. 
(May 8, 2003).
---------------------------------------------------------------------------
    By 1996, when Congress adopted a number of significant amendments 
to the FCRA, the credit reporting industry had grown dramatically and, 
indeed, operated nationwide in a seamless fashion notwithstanding 
diversity at the State level. In testimony earlier this month before 
the House Subcommittee on Financial Institutions and Consumer Credit, 
Vermont Assistant Attorney General Julie Brill thoroughly documented 
the significant variations among State laws.\6\
---------------------------------------------------------------------------
    \6\ Hearing on ``Fair Credit Reporting Act: How It Functions for 
Consumers and the Economy'' before the Subcommittee on Financial 
Institutions and Consumer Credit of the House Committee on Financial 
Services, 108th Cong., 1st Sess. (June 4, 2003) (Statement of Julie 
Brill, Assistant Attorney General for Vermont).
---------------------------------------------------------------------------
    Nevertheless, among the 1996 FCRA Amendments, Congress included a 
temporary and partial preemption clause that prevents States for 
another 6 months from implementing certain types of stronger credit 
reporting provisions. Notwithstanding the temporary and narrow 
preemption, the 1996 Amendments explicitly exempted the stronger 
California, Massachusetts, and Vermont statutes from specific elements 
of the narrow preemption.\7\ Hence, even the 1996 Amendments did not 
create an overall ``uniform national standard.''
---------------------------------------------------------------------------
    \7\ 15 U.S.C. 1681t(b)(1)(F).
---------------------------------------------------------------------------
State Differences Do Not Appear To Impede Credit Reporting or Financial
Decisionmaking
    The fairness rules and opt in approach contained in the FCRA 
enabled the credit reporting industry to progress from its fragmented, 
chaotic, and abusive period in the late 1960's to a successful, 
respected component of the U.S. information-based economy. The FCRA 
obligations coupled with the ability of States to enact stronger 
protections, in effect, created today's thriving national 
infrastructure of credit reporting.
    Industry-funded projects, however, assert the imminence of a 
``parade of horribles'' should Congress not support industry's desire 
to preclude stronger State privacy laws. Key ``findings'' from these 
projects are based on ideological hyperbole rather than comprehensive 
and accurate analysis. For example, some have argued that strong credit 
reporting rules overseas substantially hinder the ``miracle of instant 
credit'' and result in much higher interest rates or more onerous 
borrowing conditions.\8\ These arguments have no apparent basis in fact 
or analysis. No other major country to my knowledge has a comparable 
statute governing only credit report information. Comprehensive data 
privacy laws applicable to most processing of personal information do 
exist outside the United States such as those in Canada, in the United 
Kingdom and throughout Europe under European Directive 95/46/EC. These 
laws typically apply to credit reporting and are generally more 
protective of consumers than the FCRA. However, foreign consumer credit 
markets are structured by banking law, bankruptcy law, real estate law, 
and consumer protection laws that often deviate significantly from 
those in the U.S. legal system. The attribution of differences in 
credit markets to general data privacy laws without examination of the 
direct regulatory constraints on credit relationships such as interest 
rate regulation, down payment restrictions, or legal protections for 
security interests is specious and a misrepresentation of foreign 
privacy law.
---------------------------------------------------------------------------
    \8\ Hearing on ``the Importance of the National Credit Reporting 
System to Consumers in the U.S. Economy'' before the Subcommittee on 
Financial Institutions and Consumer Credit of the House Committee on 
Financial Services, 108th Cong., 1st Sess. (May 8, 2003) (Statement of 
Michael E. Staten, Director, Credit Research Center, McDonough School 
of Business, Georgetown University), at p. 6.
---------------------------------------------------------------------------
    Others have even argued that, ``increased competition, driven in 
part by prescreening, has caused [credit card] interest rates today to 
be . . . lower overall'' \9\ as compared to 1990. Yet, the ``analysis'' 
omitted any mention of the dramatic drop in the prime rate that many 
card issuers use to calculate their credit card interest rates. In 
fact, between 1990 and 2002, the prime rate declined from 10.01 percent 
to 4.67 percent.\10\ Most rational observers would give Chairman 
Greenspan and the Federal Reserve the acclaim for declines in credit 
card rates rather than prescreening.
---------------------------------------------------------------------------
    \9\ See Michael Turner, The Fair Credit Reporting Act: Access, 
Efficiency and Opportunity--The Economic Importance of Fair Credit 
Reauthorization, at 65 (Information Policy Institute: June 2003).
    \10\ See Federal Reserve System, Rate of interest in money and 
capital markets: Prime rate (not seasonally adjusted, 12 months ending 
in December) available at http://www.federalreserve. gov/releases/h15/
data/a/prime.txt.
---------------------------------------------------------------------------
    To my knowledge, there is no study or evidence that examines the 
actual, existing differences among State protections and that shows 
these stronger protections demonstrably impede the credit reporting 
system. Indeed, to my knowledge, no industry group has examined the 
effects of the three stronger State statutes recognized by Congress 
under the 1996 Amendments on either the credit markets in those States 
or on the nationwide industry. This is not surprising. A rudimentary 
look at Federal statistics suggests that credit decisions in these 
States benefit both lenders and consumers. Consumer bankruptcy filings 
per household, a basic sign of bad credit decisions, are markedly 
better for the three States with statutes recognized by Congress as 
more protective of consumer information. Vermont ranks 50th with the 
lowest rate of consumer bankruptcies in the Nation, Massachusetts is 
49th and California comes in below the median at 27th.\11\
---------------------------------------------------------------------------
    \11\ American Bankruptcy Institute, U.S. Bankruptcy Filing 
Statistics: Households per filing, Rank (2003) (using ``statistics 
based on data from the Administrative Office of the U.S. Courts (2002 
bankruptcies) and the U.S. Bureau of the Census.'') available at http:/
/www. abiworld.org/stats/householdrank.pdf.
---------------------------------------------------------------------------
    Similarly, Federal statistics on interest rates seem to indicate 
that States with stronger credit reporting laws have lower rates. The 
most current annual Federal mortgage loan data indicates that the 
effective rate on a conventional mortgage for 2002 was 6.25 percent in 
California, 6.43 percent in Massachusetts and 6.59 percent in 
Vermont.\12\ All were below the national median and California had the 
lowest rate in the Nation. Vermont Assistant Attorney General Julie 
Brill has also noted in testimony presented to the House Subcommittee 
on Financial Institutions and Consumer Credit that Vermont has the 
second lowest auto loan rates in the country and the other more privacy 
protective States rank well with low rates.\13\
---------------------------------------------------------------------------
    \12\ Federal Housing Finance Board, Periodic Summary Tables: Table 
IX--Terms on Conventional Home Mortgages 2002 available at http://
www.fhfb.gov/MIRS/mirstbl9.htm.
    \13\ Hearing on ``Fair Credit Reporting Act: How It Functions for 
Consumers and the Economy'' before the Subcommittee on Financial 
Institutions and Consumer Credit of the House Committee on Financial 
Services, 108th Cong., 1st Sess. (June 4, 2003) (Statement of Julie 
Brill, Assistant Attorney General for Vermont).
---------------------------------------------------------------------------
    While these statistics leave out important elements for a thorough 
assessment of the impact of stronger State laws such as a correlation 
with State unemployment data for bankruptcy filings and noninterest 
transaction costs for home mortgage loans, the data does show that the 
horror stories circulating about the preemption provisions make good 
theater, but reflect poor research.\14\
---------------------------------------------------------------------------
    \14\ See also, Robert Gellman, No Fair Fight over FCRA Provisions, 
DM News, May 5, 2003, pp. 12-13.
---------------------------------------------------------------------------
    In fact, other countries with comprehensive data protection 
statutes such as Canada, demonstrate that robust credit information 
services can co-exist with strong, comprehensive data privacy laws. For 
example, one major U.S. credit reporting agency operating in Canada 
offers a typical credit report for Canadians that contains information 
strikingly similar to the typical report for Americans. In the United 
Kingdom where a comprehensive data privacy law also applies, major 
credit card companies offer instant approvals for platinum cards just 
as they do in the United States.

Weakening of Privacy Protections Raises Uncertainty and Decreases 
        Confidence
    The bottom line is that strong privacy protections are essential 
for public confidence in the integrity of financial services in the 
United States. Without adherence to strict fair information practices, 
financial markets will face uncertainty because the risk of newsworthy 
privacy scandals increases such as those commited by Citibank,\15\ U.S. 
Bancorp,\16\ Fleet Bank,\17\ or Chase Manhattan.\18\ The weakening of 
fair information practice standards at the Federal level or the 
preclusion of stronger State protections puts companies at greater risk 
for privacy scandal and diminishes public trust in the fairness of 
industry treatment of personal information.
---------------------------------------------------------------------------
    \15\ See National Assoc. of Attorneys General, Press Release: 
Multistate Actions: 27 States and Puerto Rico Settle With Citibank 
(Mar. 1, 2002) available at http://www.naag.org/issues/20020301-multi-
citibank.php.
    \16\ See Minn. Attorney General Press Release, Minnesota Attorney 
General and U.S. Bancorp Settle Customer Privacy Suit (July 1, 1999) 
available at http://www.ag.state.mn.us/consumer/privacy/pr/
pr_usbank_07011999.html.
    \17\ See N.Y. Attorney General Press Release, Fleet Bank Agrees to 
New Privacy Protections (Jan. 16, 2001) available at http://
www.oag.state.ny.us/press/2001/jan/jan16b_01.html.
    \18\ See N.Y. State Dept. of Law, Annual Report 2000, at 24 (2000) 
available at http://www.oag.state.ny.us/2000AnnualReport.pdf. 
---------------------------------------------------------------------------
The Affiliate Sharing Loophole Eviscerates FCRA Protections
    The FCRA created fundamental fairness in the treatment of personal 
information through adherence to the basic principle that information 
collected for one purpose should not be used for different purposes 
without the individual's written consent. Surveys show that 95 percent 
of Americans object to secondary use of personal 
information.\19\ For information used to make financial decisions about 
consumers, citizens believe that fairness requires opt in permission. 
In 2001, citizens in North Dakota had the first and only opportunity in 
the Nation to take a real position at the polls on the dissemination of 
their personal financial information. The North Dakota State 
legislature had just watered down financial privacy from an opt in rule 
on third-party data sharing to an opt out rule. The citizens of North 
Dakota revolted. By an overwhelming 72 percent majority, the voters of 
North Dakota approved a referendum restoring the old opt in rule and 
rebuking the legislature's weakening of privacy standards.
---------------------------------------------------------------------------
    \19\ Harris Interactive/Privacy & American Business Poll, Privacy 
On and Off the Internet: What Consumers want (Feb. 7, 2002) available 
at http://www.aicpa.org/download/webtrust/priv_rpt_21mar02.pdf. (53 
percent of those polled reported a ``major concern'' while only 5 
percent were ``not concerned'' if ``the company will use my information 
outside of the specific transaction for which it was intended (for 
example, to offer me other products and services)'').
---------------------------------------------------------------------------
    Previous to these expressions of public opinion, Congress 
introduced in 1996 a significant deviation from the FCRA's historical 
commitment to this fundamental permissible purpose principle. Congress 
amended the definition of a ``consumer report'' in Section 603(d) to 
exclude information shared among companies affiliated by common 
ownership or control. This deviation allows organizations to escape the 
fair information practice obligations of the FCRA for information that 
would otherwise be covered when such data is disseminated to 
affiliates. Those affiliated companies will not be subject to important 
FCRA requirements including those of use only for a permissible 
purpose, access, accuracy, and civil liability.
    Congress permitted this departure from the core principle only if 
the company provided consumers with notice of affiliate sharing and an 
opportunity to opt out. The far-reaching consequences of this deviation 
as a result of the successful liberalization of the financial services 
sector have not, however, been recognized or subject to public 
scrutiny. Large groups of affiliated financial and nonfinancial 
organizations can now easily engage in exactly the same behavior that 
Americans find troubling--the dissemination of confidential credit 
report information for a wide range of activities unrelated to the 
purpose of collection--and escape the obligations of consumer reporting 
agencies and the opt in rule.

The Blanket Exemption for Experience and Transaction Data Opens a 
        Pandora's Box
    The 1996 Amendments first create a blanket exemption from FCRA 
protection for experience and transaction data. Section 
603(d)(2)(A)(ii) excludes from the definition of ``consumer report'' 
any communication of experience or transaction data among ``persons 
related by common ownership or affiliated by corporate control.'' This 
means that organizations may disseminate experience and transaction 
data such as credit card performance information, insurance status, or 
brokerage account activity among related companies without key 
protections under the FCRA such as accuracy. If, however, the 
organization qualifies as a financial institution under the Gramm-
Leach-Bliley Act, then the GLBA will require the organization to 
provide notice of its sharing practices to the consumer. But, under the 
GLBA, consumers will not have any right to dispute erroneous 
information, access the information, or even opt out of the sharing.
    The breadth of this exemption is likely to be very large with 
organizations such as Citibank that have an extraordinary array of 
related companies. At the same time, the scope of this exemption is 
also poorly understood. Industry practices are not transparent and 
consumers do not have access to specific information on the types of 
transaction and experience data that is shared nor do they have access 
to the identities of the actual recipients of such data and nor do they 
have information about the specific purposes for which the data is 
actually used by an identified affiliate. If this exemption is 
retained, I believe that Congress needs to investigate the reach of 
this exemption.

Affiliate Sharing Allows the Circumvention of Basic Protections
    The most sweeping damage to the FCRA's fairness principles comes 
from the next part of the affiliate sharing exemption. Section 
603(d)(2)(A)(iii) excludes ``communications . . . [to] persons related 
by common ownership or by corporate control'' from the definition of 
``consumer report.'' To qualify for the exemption, the company must 
provide a one-time ``clear and conspicuous'' notice and must provide a 
single opportunity to opt out. Experience with the GLBA teaches that 
this limitation, however, is not likely to be particularly informative 
or useful for consumers.
    Some companies justify this affiliate sharing provision by arguing 
that corporate families should be treated as one unit for consumer 
privacy purposes because corporate organizational structure does not 
have an effect on consumers.\20\ This claim is simply not credible. The 
existence of separate entities to avoid consolidated legal liability 
confuses operational responsibility for privacy, impacts consumers 
seeking to assure the fair treatment of their personal information, and 
undermines consumers seeking legal redress for violations. A confusing 
maize of companies helped Enron obscure its true behavior. The same 
holds true for affiliates sharing personal information.
---------------------------------------------------------------------------
    \20\ Hearing on ``The Role of FCRA in the Credit Granting Process'' 
before the House Committee on Financial Services Subcommittee on 
Financial Institutions and Consumer Credit, 108th Cong., 1st Sess. 
(June 12, 2003) (Statement of Martin Wong, General Counsel, Citigroup 
Global Consumer Group) (testifying that, ``Corporate structure is 
usually driven by concerns that do not affect the customer, such as the 
company's history of acquisitions or by corporate tax, legal, and 
accounting concerns.'')
---------------------------------------------------------------------------
    The exemption for affiliate sharing means that credit report 
information loses protection when shared with far-flung related 
companies. Affiliated recipients can use and disseminate credit report 
information and ignore the fairness principles of use only for 
permissible purposes, consumer access (when no adverse credit, 
employment, or insurance decision is made), storage limitations for 
obsolete data or obligations for the correction of erroneous 
information. A consumer reporting agency might, for example, sell 
credit score information to one company as a permissible disclosure 
under the FCRA. If that purchaser were to transfer the score to an 
insurance affiliate, the transferred score would be excluded from the 
definition of ``consumer report'' and most of the consumer protection 
provisions would not apply.
    In effect, the exemption undermines the entire philosophy of the 
FCRA. Industry statements indicate that this mechanism is already being 
used to subvert the original protections of the FCRA: Decisions are 
made once again from data outside the general reach of consumers and 
without any consumer recourse. For example, TransUnion promotes the use 
of affiliate sharing for underwriting decisions.\21\ Citibank reported 
to Congress earlier this month that it, ``shares information among our 
affiliates . . . [including] credit application and credit bureau data, 
as well as information on our transactions with the customer.'' \22\ 
MBNA indicates that it shares credit eligibility information including 
credit reports among affiliates.\23\ These are precisely the uses of 
personal information that the original FCRA sought to cover.
---------------------------------------------------------------------------
    \21\ Hearing on ``The Role of FCRA in the Credit Granting Process'' 
before the House Committee on Financial Services Subcommittee on 
Financial Institutions and Consumer Credit, 108th Cong., 1st Sess. 
(June 12, 2003) (Statement of Harry Gambil, CEO, TransUnion), at p. 8.
    \22\ Hearing on ``The Role of FCRA in the Credit Granting Process'' 
before the House Committee on Financial Services Subcommittee on 
Financial Institutions and Consumer Credit, 108th Cong., 1st Sess. 
(June 12, 2003) (Statement of Martin Wong, General Counsel, Citigroup 
Global Consumer Group), at p. 4.
    \23\ See MBNA Privacy Notice, http://www.mbna.com/privacy.html 
(visited June 23, 2003).
---------------------------------------------------------------------------
    The enormous scope of this exemption can be illustrated by a few 
examples of possible practices among related companies. U.S. Bancorp 
included in its cardholder agreement a disclosure that said, ``We share 
customer information within our organization . . . to better meet your 
needs'' and provided instructions to opt out of affiliate sharing. At 
the same time the company was settling a claim brought by the Minnesota 
Attorney General for disclosures of customer information to third 
parties, the company purchased Gargoyles--a company that designs and 
markets sunglasses.\24\ Would any consumer reasonably understand that 
Gargoyles might receive copies of the customer's credit application or 
transaction history? While information is not available to determine if 
U.S. Bancorp actually transferred client data to Gargoyles, the 
affiliate sharing provisions would disturbingly allow the transfer of 
credit report data to Gargoyles for sunglass marketing purposes. 
Gargoyles would then be free to redisseminate the information outside 
the confines of the FCRA.
---------------------------------------------------------------------------
    \24\ See Minnesota v. U.S. Bank (Settlement dated June 6, 1999) 
available at http://www.ag.state.mn.us/consumer/privacy/PR/pr_usbank_ 
06091999.html (visited June 23, 2003); U.S. Bank, SEC Form Schedule 13D 
for Gargoyles (filed with the SEC, June 11, 1999) available at http://
www.sec.gov/Archives/edgar/data/1016278/0001047469-99-023944-index. 
html.
---------------------------------------------------------------------------
    The potential circumventions are similarly disturbing when the 
affiliations of consumer reporting agencies are considered. TransUnion, 
for example, belongs to the Marmon Group.\25\ The group affiliates 
companies in a wide range of businesses 
including one in the syringe needle business and another in residential 
water treatment.\26\ If TransUnion provided notice of affiliate sharing 
and an opt out, the company could transfer credit reports to these affiliates. Experian is in the same situation. Great Universal Stores, a British company owns Experian, as well as Metromail and Burberry.\27\ If Experian were to 
provide notice of affiliate sharing and an opt out, Experian could 
share the credit reporting database with Metromail, a marketing company 
that paid $15 million to settle a lawsuit because the company was 
caught disclosing sensitive personal information to jailed convicts for 
processing.\28\ Burberry could also supply credit report information to 
Metromail outside the protections of the FCRA.
---------------------------------------------------------------------------
    \25\ See The Marmon Group: Companies, http://www.marmon.com/
Companies.html (visited June 19, 2003).
    \26\ See The Marmon Group: Companies, http://www.marmon.com/
Companies.html (visited June 19, 2003).
    \27\ See Great Universal Stores Interim Report 2002, at p. 2. (Nov. 
21, 2002); GUS plc News: Great Universal Stores completes acquisition 
of Metromail Corporation, Apr. 4, 1998 available at http://
www.gusplc.co.uk/gus/news/gusarchive/gus19998/1998-04-28.
    \28\ See Dennis v. Metromail, No. 96-04451 (Travis Cty D. Tex., 
June 7, 1999). Settlement agreement available at http://www.entwistle-
law.com/news/cases/settled/pdf/newmetronot.pdf.
---------------------------------------------------------------------------
    As it turns out, both Experian provides notice of affiliate sharing 
and opt out choices to a growing number of consumers. The company 
offers consumers online access to their credit reports and monitoring 
services. Experian appears to use registration for these services as a 
means in the legal boilerplate to provide notice and opt out for 
affiliate sharing.\29\ In other words, consumers particularly concerned 
about the sanctity of their credit reports are likely to enable 
inadvertently the sharing of their data by the credit reporting agency 
with affiliates outside the protections of the FCRA. No information, 
however, is readily available to determine whether Experian actually 
shares data with these affiliates or others.
---------------------------------------------------------------------------
    \29\ See Experian's Scorecard Privacy Policy, http://
scorecard.experian.com/creditexpert/common/privacy__policy.asp (visited 
June 24, 2003) (``We may disclose any of the information that we 
collect to our affiliated companies. . . . If you prefer that we do not 
share information with affiliated companies, you may opt out of these 
disclosures.'').
---------------------------------------------------------------------------
    If these uses are or become widespread, then the FCRA loses both 
effectiveness and credibility. Since affiliate sharing generally 
escapes the transparency and accuracy obligations of the FCRA, there is 
no way for a consumer to learn the magnitude of this problem. Even for 
those organizations regulated by the GLBA, affiliate sharing notices 
under the GLBA would not provide sufficient detail for a consumer to 
realize that a company like Experian might share with Metromail or that 
U.S. Bancorp might share with Gargoyles.
    If this loophole is closed, Congress can and should investigate 
whether companies have begun to circumvent the FCRA in this fashion.

Affiliate Sharing Allows the Government To Engage in Surveillance 
        Outside the FCRA Due Process Protections
    Sections 604 and 625 of the FCRA provide due process safeguards 
against Government surveillance of credit report information. Briefly, 
Government and law enforcement agencies may obtain credit report 
information for specified purposes with 
procedural safeguards or pursuant to a court order or a Federal Grand 
Jury subpoena or, in the case of counterintelligence investigations, a 
statutorily defined FBI certification.\30\ However, affiliate sharing 
means these due process protections for access by law enforcement can 
easily be circumvented. If consumer report information is shared with 
an affiliate, the data loses its ``consumer report'' status and the 
FCRA protections would not apply to subsequent disclosures by the 
affiliate. This loophole would be one way for the ``Total Information 
Awareness'' program, an effort already the subject of Congressional 
concern,\31\ to obtain detailed sensitive personal data on U.S. 
citizens and escape the need for compliance with privacy obligations.
---------------------------------------------------------------------------
    \30\ 15 U.S.C. Sec. Sec. 1681b(a)(3)(D), 1681b(a)(4), 1681f, 1681u.
    \31\ See e.g. Department of Defense, DARPA Report to Congress 
Regarding the Terrorist Information Awareness Program (May 20, 2003) 
http://www.darpa.mil/body/tia/TIA%20ES.pdf.
---------------------------------------------------------------------------
    A simple example of the possible sharing between two affiliated 
companies illustrates the magnitude of this potential problem. Equifax, 
the credit reporting agency, operates through a number of changing 
groups including the currently named U.S. Consumer Services Group.\32\ 
This apparent group of affiliates provides information services to 
Government clients. Equifax includes a statement in its Online Privacy 
Policy & Fair Information Principles informing consumers who request 
copies of their credit reports that, ``we may disclose any of the 
information, as described above [including Equifax credit file 
information], to affiliates which are companies that are related to us 
by common ownership or affiliated with us by common control'' and 
describing for consumers several opt out choices.\33\ Although the 
specific language of the current opt out choices might be insufficient 
to qualify for the affiliate sharing exemption, a simple clarification 
would clearly enable Equifax to transfer the credit report information 
to members of the U.S. Consumer Services Group who, in turn, could sell 
the data to Government agencies without an otherwise permissible 
purpose or court order.
---------------------------------------------------------------------------
    \32\ See Equifax, Annual Shareholders Report Form 10-K for the 
Fiscal Year Ended Dec. 31, 2002 (filed with the SEC on Mar. 23, 2003).
    \33\ Equifax Online Privacy Policy & Fair Information Principles 
(U.S. only) available at https://www.econsumer.equifax.com/consumer/
forward.ehtml?forward=privacypolicy (visited June 24, 2003)
---------------------------------------------------------------------------
    At present, I have no information to suggest that Equifax engages 
in this practice or that Government agencies or law enforcement 
officials are currently exploiting this loophole. I do, however, 
believe that this possible practice needs to be investigated if 
Congress does not eliminate this loophole.

States May Not Protect their Citizens Prior to January 1, 2004
    According to Section 624 of the FCRA, stronger State laws 
applicable to experience and transaction data and to affiliate sharing 
are temporarily preempted, with the exception of Vermont's affiliate 
sharing rule. If Congress allows these preemptions to sunset, the 
States will be reauthorized to protect their citizens against the 
circumvention of FCRA protections. The States can play a useful role 
experimenting and fine tuning workable solutions to the affiliate 
sharing loopholes.

Security Risks and Threats to the Soundness of the Credit Reporting
System
    The leakage of credit report information to affiliates for 
secondary purposes outside the protections of the FCRA increases 
security risks and threatens the integrity of the credit reporting 
system.

Affiliate Sharing Enhances Identity Theft Risk
    The circulation of credit report information to affiliates outside 
the core permissible purposes and outside the overall protection of the 
FCRA increases the risk of identity theft. Reports indicate that 
identity theft often occurs as an ``inside job.'' In testimony to this 
Committee last week, U.S. Secret Service Special Agent Timothy Caddigan 
stated: ``The method that may be most difficult to prevent is theft by 
a collusive employee. The Secret Service has discovered that 
individuals or groups who wish to obtain personal or financial 
identifiers for a large-scale fraud ring will often pay or extort an 
employee who has access to this information through their employment at 
workplaces such as a financial institution, medical office, or 
Government agency.'' \34\ Wide ranging affiliate sharing increases the 
exposure of credit report information to the risk that a malevolent 
insider will steal data for identity theft.
---------------------------------------------------------------------------
    \34\ Hearing on ``The Growing Problem of Identity Theft and Its 
Relationship to the Fair Credit Reporting Act'' before the Senate 
Banking Committee, 108th Cong., 1st Sess. (June 19, 2003) (Statement of 
Timothy Caddigan, Special Agent In Charge Criminal Investigation 
Division, U.S. Secret Service).
---------------------------------------------------------------------------
    Not surprisingly, some lobbyists deny that the wider circulation of 
personal information through secondary use of credit report data 
facilitates identity theft.\35\ Yet, in the context of prescreening, 
the overwhelming consensus among those involved in identity theft 
prevention is that preapproved credit card offers are one of the most 
common resources for identity thieves. The U.S. Postal Inspection 
Service, the U.S. Department of Justice, the U.S. Secret Service, and 
each of the major credit reporting agencies warn consumers that 
discarded, preapproved credit card offers are one of the most common 
sources of personal information for identity thieves.\36\ A lobbying 
paper sponsored by an industry group, the Privacy Leadership 
Initiative, admits that the average response rate to credit card offers 
in 2000 was only 0.6 percent.\37\ In other words, American consumers 
are not interested in 99.4 percent of these purportedly targeted offers 
and throw them away. There is no credible, public evidence to suggest 
that product or service offers generated through affiliate sharing will 
be of any greater interest to consumers. Yet, this type of secondary 
use of credit information creates an important leakage of data from 
confidential and secure credit reporting.
---------------------------------------------------------------------------
    \35\ See e.g. Hearing on ``The Growing Problem of Identity Theft 
and Its Relationship to the Fair Credit Reporting Act'' before the 
Senate Banking Committee, 108th Cong., 1st Sess. (June 19, 2003) 
(Statement of Michael D. Cunningham, Sr. Vice President, Credit and 
Fraud Operations, Chase Cardmember Services), at p. 3-4.
    \36\ See Criminal Gangs Hitting Mailboxes for Credit Offers, 
Personal Data, Privacy Times, June 16, 2003, at 2; U.S. Dept. of 
Justice, Identity Theft and Fraud, available at http://www.usdoj.gov/
criminal/fraud/idtheft.html (visited May 28, 2003) (``What are the most 
common ways to commit identity theft or fraud? . . . If you receive 
applications for `pre-approved' credit cards in the mail, but discard 
them without tearing up the enclosed materials, criminals may retrieve 
them''); Hearing on ``The Growing Problem of Identity Theft and Its 
Relationship to the Fair Credit Reporting Act'' before the Senate 
Banking Committee, 108th Cong., 1st Sess. (June 19, 2003) (Statement of 
Timothy Caddigan, Special Agent In Charge Criminal Investigation 
Division, U.S. Secret Service) (the Secret Service advises Americans to 
``shred or burn pre-approved credit card applications''), at p. 8; 
Experian, All about Credit: Fraud Prevention Tips, available at http://
www.experian.com/consumer/help/fraud/prevention.html (visited May 28, 
2003); TransUnion, Avoiding Fraud available at http://
www.transunion.com/content/page.jsp ?id=/personalsolutions/general/
data/AvoidingFraud.xml (visited May 28, 2003); Equifax, How Identity 
Theft Strikes, available at https://www.econsumer.equifax.com/consumer/
forward. ehtml?forward=identitytheft_fraud (visited June 24, 2003).
    \37\ Michael E. Staten & Fred H. Cate, Paper prepared for the 
Privacy Leadership Initiative ``The Adverse Impact of Opt In Privacy 
Rules on Consumers: A Case Study of Retail Credit,'' at p. 25. (April 
2002).
---------------------------------------------------------------------------
    The exemption for affiliate sharing also appears unnecessary for 
the purpose of fraud detection and prevention. Fraud detection and 
prevention would in most cases qualify as a ``legitimate business 
need'' under Section 604(a); the disclosure of credit report 
information for that purpose should be a permissible purpose. If 
legitimate reasons justify affiliate sharing outside the protections of 
the FCRA to detect or prevent fraud, a more narrowly drawn exemption 
for that specific purpose would 
reduce the risk of identity theft from wide circulation.

Affiliate Sharing Introduces Homeland Security Risks
    The global reach of U.S. corporate groups means that affiliate 
sharing may send credit report information on U.S. consumers to 
countries with high risk of political instability or terrorist action. 
As a consequence, U.S. consumer data may be subject to compromising 
risks. For example, banks may share credit report information with 
affiliates in India or the Philippines where no privacy rights apply 
and where local concerns for the safety of U.S. data are 
substantial.\38\ Indeed, unconfirmed reports suggest that many United 
States financial institutions transfer client data to India, but take 
careful steps not to reveal the existence of these off-shore 
arrangements.
---------------------------------------------------------------------------
    \38\ See e.g. U.S. Dept. of State, Public Announcement: Philippines 
(March 7, 2003) (``The terrorist threat to Americans in the Philippines 
remains high'') available at http://travel.state.gov/
philippines_announce.html; U.S. Dept. of State, Public Announcement: 
India (Mar. 27, 2003) available at http://travel.state.gov/india.html.
---------------------------------------------------------------------------
    One specific example illustrates this potential risk. Fair Isaacs 
offers a ``decisioning process'' that handles ``30 percent of U.S. 
credit card applicants, as well as auto loans, mortgages, loans, and 
lines of credit around the world'' and offers a fraud detection system 
that monitors ``more than 400 million payment card accounts 
worldwide.'' \39\ Fair Isaacs appears to have an affiliated distributor 
in Malaysia,\40\ a country for which the U.S. Department of State has 
issued a warning about the possibility of terrorist attacks against 
American citizens and American interests.\41\ While the exact ownership 
relationship between Fair Isaacs and the Malaysian partner is unclear, 
the point remains that if these companies are under common control, 
then the United States data may be sent there. In this particular case, 
there is also no readily available information that would suggest 
whether Fair Isaacs does indeed transfer United States credit report 
information to Malaysia.
---------------------------------------------------------------------------
    \39\ See Fair Isaac, New Product Releases: Capstone Decision 
Manager, Falcon Fraud Manager for Issuers available at http://
www.predictive.com.au/whatsnew.html (visited June 11, 2003).
    \40\ See http://www.predictive.com.au/contacts.html (visited June 
11, 2003).
    \41\ U.S. Department of State, Public Announcement: Malaysia (May 
14, 2003) available at http://travel.state.gov/malaysia_announce.html.
---------------------------------------------------------------------------
    Without specific information on where affiliates are located and 
what information they receive, the magnitude of this risk cannot be 
evaluated. If Congress does not eliminate the affiliate sharing 
loopholes, I believe that this risk needs further investigation.

Recommendations for Future Action
    When Senator Proxmire introduced the original FCRA, he sought to 
preclude ``the furnishing of information to Government agencies or to 
market research firms or to other business firms who are simply on 
fishing expeditions.'' \42\ The implications of the affiliate sharing 
loopholes seem to return consumers to the unfair and unsafe data 
handling practices of the pre-FCRA era.
---------------------------------------------------------------------------
    \42\ Cong. Rec. Senate, Jan. 31, 1969 (statement of Senator 
Proxmire) reprinted in Hearings on Fair Credit Reporting S. 823 before 
the Senate Subcommittee on Financial Institutions of the Committee on 
Banking and Currency, 91st Cong., 1st Sess., at 436 (May 19-23, 1969).
---------------------------------------------------------------------------
    In sum, I believe that Congress needs to restore the FCRA to the 
higher level of its original protections for consumer privacy.
    To do so, I recommend the following:

    1. Eliminate the exemption for affiliate sharing from the 
definition of ``consumer report'' in the FCRA or allow the partial 
preemption clause in Section 624 to sunset on January 1, 2004.
    2. Investigate the actual sharing practices of credit report 
information among affiliated companies and the uses of such data by the 
affiliated recipients that escape the protections of the FCRA. To this 
end, Congress should instruct each of the functional bank regulatory 
agencies and the Federal Trade Commission to investigate, audit and 
report to Congress on the actual sharing of consumer report information 
among affiliated companies and on the actual, unprotected uses of such 
data by the affiliated recipients.

                               ----------

                 PREPARED STATEMENT OF RONALD A. PRILL

    Former President, Target Financial Services, Target Corporation
              on Behalf of the National Retail Federation
                             June 26, 2003

Introduction and Background
    Good morning Mr. Chairman and Members of the Committee. My name is 
Ronald Prill. Until 3 weeks ago, I served as President of Target 
Financial Services, and also as Chairman and CEO of Retailers National 
Bank, Target Corporation's credit card bank subsidiary. I am presently 
employed by Target as a consultant to our corporate management as I 
transition into retirement. I appreciate having been given this 
opportunity to speak to you today on behalf of both my company and the 
National Retail Federation.
    Target Corporation, with annual sales of $44 billion, is the 
Nation's fourth largest retailer. Like many other retailers, it has 
evolved to include many affiliated entities. Our divisions include 
1,100 Target Stores (located in each of the lower 48 States except for 
Vermont), Mervyn's (our chain of about 250 stores that sells moderately 
priced family fashion and home merchandise in primarily western 
States), Marshall Field's (our oldest affiliate, with 62 full line 
department stores in 8 midwestern States) and Target.direct (our direct 
marketing affiliate which operates all of our e-commerce sites and 
direct marketing catalogs). Further, Retailers National Bank was 
established in 1994 as our limited purpose credit card bank affiliate. 
The bank presently has about 46 million credit cards in circulation, 
each of which carries the Target, Mervyn's, or Marshall Field's brand.
    Target Corporation, as well as many other retailers, use multiple 
affiliated entities to execute critical business processes like 
sourcing merchandise, transacting the retail sales of goods and 
services, administering credit card programs, and delivering other 
expected services and conveniences to their customers. Retail shoppers 
bring these expectations to every retailer they choose to patronize. 
Good retailers are attentive to the shopping habits, brands, styles, 
sizes, and price points their customers prefer. For consumers, the 
benefits they receive as a result of the sharing of information among a 
retailer's affiliates are essential to their having a positive shopping 
experience. Further, the critical business processes that require the 
sharing of information among affiliates are essential to the success of 
the retail business.
    Mr. Chairman, retail affiliates use the sharing of information in 
ways that are unique to our industry in order to fulfill important 
business needs and to deliver real benefits to our customers. The list 
of the ways in which retailers share information among affiliates is a 
lengthy one, and I would like to briefly describe some of them for you 
today.

Retail Credit Card Programs
    The sharing of information among affiliates is critical to offering 
credit through an in-store credit card program. Many retailers, 
including Target Corporation, have a chartered credit card bank, or 
other financial institution, that issues their company's credit cards. 
This entity is often set up as an affiliate of one or more retail 
divisions. Frequently, the servicing of these credit card accounts is 
provided by yet another affiliate of the bank. At Target Corporation 
for example, customer service for Target, Mervyn's, and Marshall 
Field's cards is provided by an affiliate of Retailers National Bank at 
two call center locations. The customer service representatives who 
answer these calls need access to detailed account information in order 
to answer cardholder questions. In fact, the customer service 
representatives first use information to verify that the caller is, in 
fact, the true cardholder, and not someone attempting to perpetrate a 
fraud. Neither this customer protection nor subsequent servicing of the 
account would be possible without information sharing.

Merchandise Returns
    Another example of affiliate information sharing that results in 
customer benefits is receiptless returns. Many retailers, including 
Target Corporation stores, generally require that customers who are 
returning merchandise present a sales receipt that reflects the 
purchase. Frequently, however, retail customers throw away, misplace, 
or forget their receipts. To remedy this problem, we, as well as other 
retailers, have developed receipt look-up systems, so that customers 
can return merchandise without presenting their original receipt. 
Specifically, a Target cardholder can simply present their Target 
credit card and a Target store team member will use our computerized 
returns system to look up and verify the original purchase then accept 
the return and issue a credit.
    The benefits of this system are clear: The cardholder does not have 
to return home, hunt for their original receipt, and then make another 
trip back to the store to make their return. They also do not have to 
keep merchandise they do not want in the event they cannot find the 
original receipt. As you might expect, our customers absolutely love 
this convenience. This service is made possible only because Retailers 
National Bank shares Target credit card purchase history information 
with its affiliated Target Stores.
    This return system also uses the same information to protect us 
from losses due to fraudulent returns. Because each item purchased and 
returned is so noted in this system, an item that was purchased once 
will be accepted as a return only once. Shoplifters who repeatedly 
steal the same item from our stores and attempt repeated returns for 
repeated credit, sometimes even using counterfeit receipts, are stopped 
by the use of shared information.

Warranties, Repairs, and Servicing
    Many retailers also have affiliated or third-party warranty or 
servicing departments. The sharing of information about their customers 
among these affiliates makes each part of their business operationally 
efficient and also provides real benefits to customers.
    For example, in one case that I am aware of, a customer needed a 
specific part to repair his Craftsman lawn mower. After making the 
drive to the retail store he learned that the service department needed 
to know the specific model number of the lawn mower in order to find 
the exact part he needed. Unfortunately, this customer did not know the 
model number. Fortunately, however, since the mower had been purchased 
on his store credit card, an original purchase look-up could be done 
instantly and the correct model number, and the correct repair part 
number were quickly determined. Because the retail credit card 
affiliate shares information with the service department, this business 
process can not only exist, but can be used to deliver great customer 
service. This very satisfied customer had to make only one round trip, 
rather than two.

E-Commerce Affiliates
    As you know, many brick-and-mortar retailers that have e-commerce 
websites established their ``dot.com'' business organizations as 
separate entities. However, the sharing of information allows customers 
who make purchases at a retailer's website to return or exchange those 
purchases by just bringing them into a brick and mortar store. These 
returns are more convenient, and save the customer the cost of a 
return-shipping fee. Our e-commerce retail channels continue to grow at 
an amazing rate and the need to share information with the store 
affiliate in the brick-and-mortar channel is growing just as rapidly.

Bank Check Authorization
    Many retailers have also developed in-house bank check 
authorization systems. These systems contain the MICR number sequence 
from customer checks that have been returned to the retailer unpaid by 
the customer's bank, and which are still outstanding. This file of MICR 
numbers from returned checks is usually called the ``negative'' file. 
Some retailer's negative files even include a list of MICR numbers from 
currently outstanding checks that have been returned unpaid to other 
businesses. This supplemental information can be purchased from third 
party services. If a consumer whose check MICR number is in the 
negative file should attempt to write a new check to the retailer to 
pay for a new purchase, these check authorization systems will reject 
that check and protect the retailer from greater loss. Ultimately, the 
prevention of losses helps keep prices down for all of our customers.
    Many check authorization systems also include a ``positive'' file. 
This file consists of the MICR number sequence from checks previously 
written to the retailer that are now known to have been good checks. 
The positive file typically includes a record for each MICR number of 
how many good checks have been written to the retailer, over what 
length of time, and for what amounts. If a consumer whose check MICR 
number is in the positive file with a lengthy history of writing good 
checks should present a new check, the authorization system can 
instantly approve that check, even if it might be written for a large 
amount.
    Target Corporation is among those retailers who have such check 
authorization systems. To prevent larger losses by accepting new checks 
written at one of our retail affiliates by check writers who already 
have outstanding bad checks at another affiliate, we have a larger, 
common negative file that includes negative MICR number information 
from Target, Mervyn's, and Marshall Field's. This sharing of affiliate 
information supports a critical business process--authorization of bank 
checks--and helps us control our bad check losses. This protection 
against loss is especially important in cities where we have multiple 
stores including two, or all three, of our retail affiliates.
    Target Corporation retail affiliates also share their positive 
check writing data. As a result, we have a much larger common positive 
check file as well. This sharing of affiliate information benefits many 
of our check-writing customers as they shop in our retail chains. 
Checks written at one store can be instantly approved because our 
common positive check file includes the positive history information 
from an affiliated store.
    Further, our Retailers National Bank affiliate mails over 9 million 
statements each month. Most payments on Target, Mervyn's, and Marshall 
Field's accounts are made by check and, of course, most of those checks 
are good. In fact, through their account with us, many of our store 
credit cardholders also have a long and excellent check writing history 
with our Retailers National Bank affiliate. Our credit card bank shares 
these positive check-writing histories with its retail affiliates by 
passing these MICR numbers to the common positive check file. As a 
result, millions more customers can write checks for substantial 
amounts in all of our affiliated stores and have their checks approved 
instantly.

Preventing Identity Theft
    Information is also a retailer's best weapon against identity 
theft. As you know, identity theft is one of the fastest growing crimes 
in the United States. At Target, we have implemented a number of 
safeguards to help protect our business and our customers--all of which 
require information sharing.
    Identity thieves thrive on anonymity and rely on the assumption 
that large retailers such as Target cannot put a name and face together 
in order to prevent fraud. This is why it is so important for retailers 
to know their customers, and the only way we can do this is through the 
use of information. Information flows between Retailers National Bank 
and the credit bureaus or between our retail affiliates, combined with 
sophisticated technology, cuts down on fraud and allows us to offer 
exceptional customer service.

Customer Loyalty Programs
    Retailers today have to work hard to keep their best customers. In 
recognition of this, many retailers have developed customer loyalty 
programs to help them identify and reward their best customers. Loyalty 
program participants typically receive benefits such as discounts on 
their purchases, free gift-wrapping, free alterations, and other free 
or discounted offers. Many of these programs are offered only to store 
credit cardholders and are based on cumulative purchase levels. Often, 
some or all of the purchase history data for a retailer's customer 
resides with an affiliate, and the sharing of information among 
affiliates becomes essential to coordinate and administer a successful 
rewards program.

Communicating With Our Customers
    In addition to protecting customers and providing customer 
services, affiliate information is also used for marketing. Some 
retailers depend heavily on direct mail to reach their customers. 
Clearly, some of this is general advertising. The catalog for a large 
storewide sale, for example, is mailed to a large share of customers. 
However, some advertising is targeted to specific customer groups. For 
instance, a retailer might send advertising about an upcoming semi-
annual home sale event to its most recent home furnishings customers, 
or offer a free gift with purchase to its customers who buy a 
particular brand of cosmetics. Retail customers expect to receive such 
advertising and information. In fact, many retail credit cardholders 
cite getting these mailings as among the key reasons they opened their 
account in the first place. Additionally, the most frequent and vocal 
complaints that retailers receive from their customers usually involve 
catalogs and sale information that did not arrive at a customer's home, 
or arrived late.
    Many retailers today depend on their credit card bank affiliate, or 
their direct marketing affiliate, as the repository of the names and 
addresses and the purchase histories of their customers. They further 
depend on affiliate sharing of this information to communicate 
effectively with their customers. These retailers would be unable to 
market their goods and services or even reach their customers without 
these information flows. Retail customers not only accept this sharing, 
they expect this sharing. They are very aware of the benefits they get 
because of the availability of information where it is needed, and when 
it is needed. The type of information we collect from each customer and 
its uses are also explained clearly to our customers in our Privacy 
Policy.

Organizational Structure Should Not Matter
    In order for retailers to give our customers the service they 
expect, information sharing among our affiliates is absolutely 
necessary. This complex business structure is in place for many 
technical, legal and accounting reasons, however the structure is 
completely transparent to our guests. Through information sharing with 
these entities we can not only market more specifically to our 
customers and provide them exceptional customer service, but we can 
also do things such as prevent fraud and combat identity theft in our 
stores.
    Mr. Chairman, retail stores take on many different corporate 
structures. Some retailers issue their own credit cards in-house. Other 
retailers use a credit card bank, or other financial services 
affiliate, to issue store credit cards. Other retailers have 
contractual arrangements with unaffiliated, third party credit card 
service providers like GE Capital who own and operate the retailer's 
customer credit card function.
    Further, some retailers have established their e-commerce business 
as a separate entity, while others have not. Some retailers have a 
separate catalog and/or direct mail affiliate. Others have made these 
functions part of the advertising or merchandising departments within 
each of their retail entities. Some retailers own all of their retail 
store departments and businesses. Other retailers have third party 
lease arrangements for some merchandise or service categories (such as 
cosmetics, fine jewelry, or a beauty salon), while others have 
selectively established separate affiliated entities as part of their 
store.
    All retailers, regardless of organizational structure, need to 
reach their customers. They need to have access to and use the same 
kinds of customer information to run their business and compete in an 
efficient manner, regardless of how they are structured. Retail 
customers expect to receive the same kinds of services, recognition, 
conveniences, amenities, and advertising from their favorite retailers, 
regardless of structural differences. They expect to be able to write a 
check as easily in one department of a store as in any other. They also 
expect to be able to use their credit card in every department in which 
they shop. Finally, customers expect to be protected from identity 
theft and, as we are always hearing, they want to receive retail sale 
catalogs and other promotional materials.
    The amount of information about our customers that retailers share 
among our business, control and operating functions, or our various 
computer subsystems, is the same, whether this sharing at a particular 
retailer ever crosses an affiliate line or not. This information is 
treated with the same care and control and used to satisfy similar 
business requirements or deliver similar customer benefits regardless 
whether we may have chosen different business structures. Therefore, 
our ability to access information about our business relationships with 
our customers should not be dependent on what structure we have chosen.
    Finally, many people have asked what affiliate sharing has to do 
with the granting of credit. The answer is: A lot. Retailers use the 
data and transaction histories that they collect from their stores and 
affiliates to create internal credit scores and models that predict the 
credit habits of their customers. This information supplements credit 
reports and FICO scores to paint the most accurate picture possible of 
a customer. In fact, retailers most often use this type of proprietary 
information to grant credit to people on the margins, in lower- to 
middle-income households who do not have prime FICO scores, or to those 
who are just entering the credit market. Mr. Chairman, retailers want 
to help our customers make purchases to meet their needs. And many 
times, this means emergency purchases such as a new hot-water heater or 
refrigerator--both big-ticket items that require credit approval.
    In closing, I would like to take this opportunity to emphasize the 
retail industry's strong support for the permanent reauthorization of 
the seven areas of preemption contained in Section 624 of the Fair 
Credit Reporting Act. Without the extension of the uniform national 
standards, retailers and the customers we serve may be subject to a 
confusing patchwork of new State laws, rules, and regulations governing 
fundamental and important areas such as dispute resolution and the 
information contained in credit reports. And, as today's hearing 
reflects, services that millions of customers have come to rely on, and 
that they routinely take advantage of, could be disrupted if 
information flows are interrupted.
    Mr. Chairman, Members of the Committee, consumers have come to 
expect instant access to credit when purchasing everything from an 
automobile to consumer goods such as furniture, appliances, and 
apparel. In the final analysis, we in the retail industry have a real 
concern that a more fragmented process for information sharing and 
credit approval would negatively impact consumers in many different 
levels and, as a consequence, retail sales, ultimately costing jobs and 
hurting the economy as a whole.
    Thank you again for the opportunity to testify here today. I look 
forward to working with all the Members of this Committee to 
permanently reauthorize the FCRA preemptions before they expire on 
December 31 of this year.
    I would be happy to answer any questions you may have.

                               ----------

                   PREPARED STATEMENT OF TERRY BALOUN

          Regional President and Group Head, Wells Fargo Bank
                             June 26, 2003

     My name is Terry Baloun and I am the Regional President and Group 
Head for Wells Fargo banks located in South Dakota, North Dakota, and 
Montana. Wells Fargo, our parent company, is a diversified financial 
services company, offering mortgage, securities, insurance, real estate 
services, online banking, institutional and retail banking products 
under the Wells Fargo brand through a number of separately incorporated 
affiliates to 15 million customers nationwide. Wells Fargo's 
headquarters is in San Francisco; the company has 130,000 employees, 
has mortgage offices nationwide, and has a retail banking presence in 
23 States.
    Thank you, Chairman Shelby and Committee Members for the invitation 
to testify and respond to your questions. I would like to share with 
you some of my experiences in providing banking services to communities 
within the framework established by the Fair Credit Reporting Act.
    Our Wells Fargo banks work in concert with other Wells Fargo 
business affiliates in providing financial services products to 
customers. Marketplace experience shows that consumers expect the 
financial services companies they do business with to know about their 
accounts, to respond quickly to their questions, and to advise them 
about products and services that will help them reach their financial 
goals. The service consumers expect requires that Wells Fargo have 
integrated information systems to give customers what they want--when, 
where and how they want it. Subject to the Fair Credit Reporting Act, 
Wells Fargo shares customer information internally to meet these goals.
Information Integration by Affiliates in the Same Corporate Family
    Providing a new mortgage, providing rural or remote small 
businesses with credit, offering consolidated statements for customers 
with multiple Wells Fargo products requires information about their 
financial affairs. Applying inappropriate restrictions on transfers of 
information among affiliates would impede customer service.
    The 1996 Amendments to the Fair Credit Reporting Act recognize the 
value to customers of the ability to transfer information among 
affiliates. This ability is wholly consistent with consumer 
expectations that their questions will be answered and their needs will 
be met with a single call or a single e-mail message, whether their 
financial products are provided by a single company or several 
companies in the same affiliated group. To put it another way, 
customers do not care whether for technical, regulatory, or management 
reasons Wells Fargo chooses to organize itself into a particular series 
of affiliates of a holding company or subsidiaries of one bank. What 
customers do care about is the seamless delivery of the products Wells 
Fargo offers regardless of how we choose to distribute them.
    In Wells Fargo's view, it is consumer expectations and needs that 
should shape the public policy that regulates information use, not 
legal structure. Because of legal requirements that prohibited or 
restricted bank branching, Wells Fargo at one time owned numerous 
separately incorporated banks. The Riegle-Neal Act of 1994 allowed bank 
holding companies to consolidate banks into as few as a single charter. 
Today, for business reasons rather than legal reasons, Wells Fargo owns 
28 separately chartered banks. But the number of separate banks that a 
holding company chooses to have should not affect public policy 
relating to information use. If a bank holding company conducts its 
banking business in a single bank entity that bank would have all the 
information about a customer who had deposits, a mortgage, a credit 
card, and a home equity loan from that bank. As a single corporate 
entity, it could use this information without restriction to serve its 
customer.
    If, on the other hand, the bank holding company chooses to conduct 
its mortgage, credit card, and home equity loan businesses in three 
separately incorporated banks and the law restricted the sharing of 
information among affiliates, a customer who supplied the same 
information for the same products to three affiliated institutions 
instead of a single institution would not receive the same level of 
service from its financial services company. To use customer 
information to provide the same level of service that could be provided 
by a single entity with the same information about the same customer, a 
holding company like Wells Fargo that provides services through 
multiple bank and nonbank charters would have to consolidate its 
operations into as few charters as legally possible. If the FCRA debate 
remains unresolved, institutions like Wells Fargo will likely change 
their corporate structures to reduce the number of separate entities 
rather than risk restrictions on information sharing among affiliates. 
It is our view the corporate structure should not be a factor in 
setting public policy regarding information use. The touchstone, 
instead, should be consumer expectation.
    This is especially critical to our mortgage business. Since passage 
of the 1996 Amendments to the Fair Credit Reporting Act, mortgage 
servicing has become more efficient. Wells Fargo customers have more 
channels through which they can apply for a mortgage and get assistance 
or conduct transactions related to a mortgage, as well as the complete 
array of financial products offered by Wells Fargo. In California, 40-
50 percent of Wells Fargo's mortgages originated this year are the 
result of referrals from Wells Fargo Banks to Wells Fargo Home 
Mortgage. Many are first-time homebuyers in Hispanic market areas. With 
affiliate transfers and use of customer information, mortgage customers 
can make a mortgage payment at their local bank branch, obtain 
balances, get consolidated statements, and get the support of 24-hour 
call centers that serve an entire affiliated enterprise. Our customers 
have found these services valuable.
    Sharing of customer information also benefits our small business 
customers. The basis for small business lending over the last 10 years 
has been direct mail offers of preapproved credit. Wells Fargo has 
extended nearly 500,000 small business loans since the mid-1990's. The 
FCRA allows Wells Fargo to provide such credit, based on Wells Fargo's 
own experiences with the customer and the most current credit report. 
Generally, small businesses no longer need to submit tax returns or 
financial statements, providing easier and cheaper credit for the 
business owner.
    Actions by multiple States to enact their own State versions of the 
Fair Credit Reporting Act will frustrate customers that do routine 
transactions across State lines. Wells Fargo provides services to 
thousands of customers that may have accounts ``domiciled'' in one 
State, yet reside or do business with a Wells Fargo bank in another 
State. Nearly half a million Wells Fargo customers have made teller or 
ATM transactions out of State within the past 5 months. In my banking 
States of South and North Dakota and Montana, nearly 10 percent of 
Wells Fargo's customers live in one State, but use Wells Fargo banks or 
ATM's in a bordering State.
Uniform National Standard
    Finally, Wells Fargo believes the current uniform national standard 
for information use, as provided by the 1996 Amendments to the FCRA, is 
vital and asks that this Congress provide clarity and stability by 
removing the sunset provisions that affect affiliate sharing and other 
segments of credit granting. Congress should also address identity 
theft and set new national standards for notices about information use 
to customers. The problem of identity theft and complicated notices 
about information use are frustrating to both customers and financial 
service providers.
    The availability of financial services, such as mortgages for our 
customers and the flows of information required to make those services 
available, do not stop at State borders or corporate structures.
    Thank you and I would be happy to answer any questions that you, 
Chairman Shelby, or the Committee may have.



                   PREPARED STATEMENT OF MARTIN WONG

           General Counsel, Global Consumer Group, Citigroup
                             June 26, 2003

    Good morning, Chairman Shelby, Ranking Member Sarbanes, and Members 
of the Committee. My name is Martin Wong and I am the General Counsel 
of Citigroup's Global Consumer Group. On behalf of Citigroup, I want to 
thank Chairman Shelby for holding these hearings on the Fair Credit 
Reporting Act (FCRA) and I appreciate the opportunity to speak before 
you today to discuss how the FCRA, and particularly the affiliate 
sharing provisions, impact our ability to operate efficiently and serve 
our over 200 million customer accounts.
    As one of the largest diversified financial services companies in 
the United States, Citigroup has extensive experience with the FCRA and 
has a significant interest in seeing that it continues to operate 
successfully. Citigroup currently serves customers in all fifty States 
and over 100 countries. Citigroup has long been a leader in using the 
information available through the credit reporting system to provide 
credit opportunities to customers at all income levels through a 
diverse range of financial products and services, including credit 
cards, mortgages, consumer finance, student loans, and auto loans. We 
also offer noncredit products, including retail banking, private 
banking, life insurance and annuities, asset management, and investment 
products.
    Today, I want to emphasize the importance that Citigroup attributes 
to making permanent the national standards contained in the FCRA. The 
FCRA provides a national framework for the credit reporting system, 
which has been shown to work well and to provide substantial economic 
benefits to consumers, including affordable and convenient credit, wide 
credit availability, and prevention of fraud and identity theft. The 
FCRA appropriately balances consumer protections with the crucial need 
for creditors to have access to a uniform national database on which to 
make credit decisions. The FCRA also facilitates the free flow of 
information that allows modern financial services companies to work 
efficiently. It is essential, therefore, that Congress act to preserve 
all of the provisions of this uniform national framework that are 
scheduled to expire at the end of this year.
    While Citigroup believes that maintaining national uniform 
standards for all seven of the expiring provisions of the FCRA is 
crucial, I will focus my testimony on the topic of today's hearing--
information sharing among affiliates--and why preserving the uniform 
national standards for affiliate sharing is critical to our continued 
ability to serve our customers well.

Reasons for Affiliate Structure
    From a technical perspective, Citigroup is, indeed, a financial 
services holding company comprised of approximately 1,900 legal 
entities. However, the majority of these entities are established or 
retained for legal, regulatory, or tax purposes. For example, in the 
insurance agency and mortgage businesses, State registration 
requirements make it prudent and convenient to be separately 
incorporated in most States for licensing purposes. Additionally, many 
of our affiliates do business only with Government or corporate 
entities or exist solely to house certain assets. Only a small number 
of these entities actually transact business with customers, and all of 
them are limited by the Gramm-Leach-Bliley Act (GLB) to the provision 
of financial services in one of three lines of business--banking, 
insurance, and securities. For the customers who conduct business with 
us, the existence of these affiliates is invisible and irrelevant. 
Therefore, when viewed from the customer's perspective, Citigroup is a 
single provider of financial services.

How We Share Information to Better Serve Our Customers and Run Our
Business More Efficiently
    Information sharing among affiliates is an ingrained part of how we 
meet our customers' needs and expectations on a daily basis. The 
process is so seamless that customers are often unaware of the 
connection between the free flow of information and the significant 
benefits they receive.

Affiliate Sharing Is Necessary for Effective Credit Underwriting and 
        Credit Monitoring, Which Are at the Heart of the National Credit Reporting System
    The sharing of information among affiliates enhances the ability of 
lenders to accurately assess credit risk, thereby reducing their 
overall risk of loss. Citigroup is able to use the credit information 
and transaction histories that we collect from affiliates to create 
internal credit scores and models that help determine a customer's 
eligibility for credit. This information supplements credit reports and 
FICO scores to paint the most accurate picture possible of a customer. 
For example, CitiMortgage underwriters have access to information from 
affiliates that includes a customer's deposit, loan, and brokerage 
account balances, as well as the customer's payment history and 
available lines of credit. This allows our credit analysts to verify 
the customer's creditworthiness quickly and efficiently, minimizing the 
burden on the customer associated with providing this documentation.
    Sharing of credit information and transaction histories also allows 
us to extend credit to traditionally underserved populations and 
reduces the costs for those with better credit histories. The quality, 
quantity, and timeliness of customer credit information available 
through affiliate sharing greatly reduces the opportunities for 
mistakes in the granting of credit to the benefit of customers and 
lenders.
    Affiliate sharing is also important for credit monitoring. Many of 
our credit card customers have multiple cards with us and those cards 
will often be issued by more than one affiliate. We can order a single 
credit report to monitor credit behavior across all cards, leading to 
increased efficiencies and lower costs. This cross-affiliate monitoring 
allows us to reach out to customers who are starting to have problems 
and offer appropriate assistance.

Sharing Information Among Affiliates Greatly Assists in the Prevention 
        and Detection of Identity Theft and Fraud
    Although some have argued that sharing information increases 
opportunities for identity theft, our experience is that information 
sharing among affiliates actually reduces identity theft. Through 
affiliate sharing, we are able to maintain an internal fraud database, 
which helps prevent the opening or maintenance of fraudulent accounts. 
This kind of information sharing also allows us to alert customers to 
potential fraud or identity theft at an earlier stage. The sooner we 
detect the fraud, the sooner we can notify the customer, minimizing the 
effect on the victim. Finally, sharing information among affiliates 
makes it easier to assist law enforcement to build a strong case for 
prosecution
    Additionally, Citigroup has policies and procedures in place to 
reduce the threat of internal misuse of this information. For example, 
most of our businesses have 
internal fraud investigation units; access to sensitive information is 
given to employees only on a ``need to know'' basis; we have policies 
concerning the handling of sensitive information by our employees; and 
we separate certain key responsibilities among employees to reduce the 
potential for fraud.

Affiliate Sharing Allows Us To Provide One-Stop-Shopping for Our 
        Customers in a Way That Is Seamless and Consistent with Our Customers' Expectations
    Affiliate sharing allows companies like Citigroup to better serve 
our customers' diverse financial needs through affiliates that have 
appropriate products and services. Consumers who choose to do business 
with Citigroup expect easy access to the full array of financial 
products we offer. Our customers want and expect the convenience of 
having one-stop-shopping for all of our products--banking, insurance, 
home mortgage, credit cards, and securities. They also expect the 
ability to access information about all of their accounts on one 
statement, with one phone call, or on one website. For example, 
customers who use our Financial Centers can link their checking account 
from Citibank, N.A., credit card account from Citibank South Dakota, 
mortgage account from CitiMortgage, and brokerage account from Citicorp 
Investment Services, Inc.
    Additionally, consolidated relationships allow customers to move 
money seamlessly between accounts and to pay their Citibank credit card 
balances at any Citibank ATM, as well as on the Internet, simply by 
making a transfer between accounts. The amount will be credited that 
same day, which allows customers to avoid additional interest and late 
fees. Customers can also execute trades and transfer money from their 
checking account to their investment-linked money market products 
online.
    Affiliate sharing also allows us to provide seamless service for 
our customers. Customers do not view us as different legal entities, 
but instead as a single source of multiple financial products. When a 
Citibank customer who has an account in Connecticut (through our 
Federal thrift--Citibank FSB) enters a Citibank branch in New York (our 
national bank--Citibank, N.A.) to cash a check or open another account, 
the customer expects to be recognized and receive the same level of 
service. The legal distinction between the two affiliated Citibanks is 
not relevant to the customer and it should not affect his or her 
ability to obtain products and services.

Affiliate Sharing Provides Customers with Pricing Discounts and 
        Products Tailored to Their Needs
    For customers who have multiple account relationships with us, the 
sharing of information between affiliates allows us to provide 
financial benefits in the form of relationship pricing and special 
offers. For example, many customers benefit from no-fee checking 
through Citibank, N.A. or Citibank FSB based upon their total combined 
balances in their mortgage from CitiMortgage, credit card from Citibank 
South Dakota, and investments through Citicorp Investment Services, 
Inc. The combined balance also permits customers to receive better 
rates on investment products. After recent acquisitions, we reached out 
to customers to help them link their accounts for this benefit. We 
could not have done that without the ability to share information 
across affiliates.
    Sharing information among affiliates also permits us to service our 
customers on an individualized or tailored basis. Information about our 
experience with a particular customer can be used among our affiliates 
to provide the customer with more suitable products and services. For 
example, customers with a Smith Barney brokerage account are eligible 
for a mortgage from CitiMortgage without a down payment by directly 
pledging securities in their account as collateral. This allows the 
customer to avoid having to sell at what may be an inopportune time and 
to continue to receive the interest or dividends on the securities. 
Similarly, a customer who maintains a high balance on a Citibank credit 
card may be informed that he can reduce the interest rate he is paying 
and possibly get tax benefits by transferring the balance to a secured 
home equity loan through an affiliate bank.
    In the absence of affiliate sharing, Citigroup would know decidedly 
less about our customers' financial needs, making it more difficult to 
identify and service those needs.

FCRA Contains the Appropriate Balance
    In 1996, Congress struck the appropriate balance between consumer 
protection and business needs by allowing customers to opt out of 
having certain information shared among affiliated entities, but 
continuing to allow information about a company's own experiences with 
a customer to be shared freely among affiliates. This national standard 
has worked well for 7 years. The FCRA national standard is particularly 
reasonable now that the business of providing financial services, 
especially lending, is no longer restricted by State borders, which 
means that consumers have the same opportunities for credit, regardless 
of where they live.
    Given the fact that 16 percent of the U.S. population moves every 
year, and that many of our customers work in one State and live in 
another, have vacation houses in different States, or attend college in 
a different State for part of the year, it would be a significant 
technical challenge to determine the appropriate treatment of customer 
information in the face of inconsistent State laws.
    Our experience has shown that opt outs provide our customers with 
all the choice they need to control the use of their personal 
information. Citigroup has been providing customers with the ability to 
opt out of information sharing, in one form or another, for over 15 
years. Citigroup businesses have significantly different opt out rates 
depending on a variety of factors, including products and services 
offered and the length and nature of the customer relationship. This 
significant variation demonstrates that opt outs work. Our customers 
are making informed choices about the kinds of information they want to 
share, and the kinds they do not.
    However, the majority of our customers still prefer the free flow 
of information that results in enhanced products and services. Opt ins 
function as de facto prohibitions on information sharing, particularly 
for existing customers. They do not promote customer choice--rather, 
they eliminate it.

Conclusion
    If different States were allowed to pass laws governing the 
exchange of information among affiliates, it would significantly 
disrupt our seamless, nationwide system of serving our customers. It 
could lead to a never-ending process as States and localities impose 
different regimes. Compliance with this patchwork of laws would be 
extremely burdensome and costly for lenders, and ultimately for 
consumers.
    We believe that Congress must act this year to make permanent the 
uniform standards established under the FCRA. It has created more 
competition in the financial services industry and allowed companies to 
better serve their customers through more widely available, affordable, 
and convenient credit.
    Thank you again for the opportunity to appear before this 
Committee. I would be pleased to answer any questions you may have.

                PREPARED STATEMENT OF EDMUND MIERZWINSKI

                       Consumer Program Director
                  U.S. Public Interest Research Group
                             June 26, 2003

    Chairman Shelby, Senator Sarbanes, and Members of the Committee, on 
behalf of the nonprofit, nonpartisan, State-based Public Interest 
Research Groups, U.S. PIRG is pleased to offer you this testimony on 
affiliate sharing practices and the Fair Credit Reporting Act (FCRA). 
Among the most important matters before this Congress is review of the 
impact of the 1996 exception to the definition of credit report 
allowing companies to share customer experience and transaction 
information among corporate affiliates outside the major consumer 
protections of the FCRA.
    Our testimony also discusses the relationship between the FCRA and 
the 1999 Gramm-Leach-Bliley Financial Services Modernization Act (GLB) 
and attempts by industry to chill efforts by cities and States to enact 
stronger financial privacy laws, as GLB clearly allows under the 
Sarbanes States' Rights Amendment.
    In addition to presenting our views on the problems caused by 
unregulated and under-regulated information sharing by and among 
corporate affiliates and unaffiliated third parties, we urge the 
Congress not to extend the FCRA's temporary 1996 partial preemption 
provisions. The FCRA itself does not need to be reauthorized; extension 
of preemption is an optional decision by the Congress that, in our 
view, reverses clear Congressional intent from 1996 that preemption be 
temporary.

Summary
    Congress enacted in 1970 a comprehensive scheme for regulating the 
sharing of detailed information by credit bureaus under the Fair Credit 
Reporting Act. Yet, through a 1996 exception, it created a new class of 
unregulated affiliate sharing transactions. Sharing of confidential 
consumer information among affiliates is not regulated under the FCRA 
nor under the Gramm-Leach-Bliley Act. The latter Act simply requires 
notice of affiliate and third party information sharing practices and 
provides a modest opt out in an extremely limited subset of third-party 
transactions. In the post-GLB marketplace, this failure to regulate a 
growing class of transactions involving confidential consumer 
information and decisionmaking is troubling. While we have enacted 
comprehensive standards for regulating credit reports, we have no 
standards for regulating affiliate sharing.
    Industry, in a series of hearings before this Committee and the 
House Financial Services Committee, has failed to make the case for a 
continued exception from regulation for affiliate information sharing.
    Industry has also claimed, without proof, that unregulated 
information sharing provides billions of dollars of benefits to the 
economy and, again with proof, that providing consumers with greater 
privacy rights will eliminate those alleged benefits. Industry has also 
claimed that providing consumers with privacy protection will prevent 
them from stopping fraud or completing transactions on consumer 
accounts. Neither claim is true. The industry also infers that consumer 
groups are for ``harsh'' opt in rules, but that the pro-consumer 
industry would support a more reasonable opt out privacy mechanism. In 
fact, sharing under the Gramm-Leach-Bliley Act is largely based on a 
notice only, no opt regime. The vast majority of the financial services 
industry prefers no opt even to modest opt out protections.

The Fair Credit Reporting Act Strictly Regulates Information-Sharing
by Credit Bureaus under The Fair Information Practices, But Allows
Companies A Sweeping Affiliate-Sharing Exception to the Definition
of Credit Report The Fair Credit Reporting Act, Its History and the Fair Information Practices
    I want to state clearly at the outset that the FCRA is an important 
consumer protection and privacy law. It plays a critical role in 
helping consumers obtain opportunities in the marketplace. The 1970 Act 
recognized the importance to the economy of the third-party credit 
reporting system, but it also recognized the importance of accurate 
credit reports and the protection of privacy. Yet, despite the 1996 
attempts to update the law to improve it, the law still suffers from 
numerous problems\1\ in addition to its affiliate-sharing exception, 
the subject of today's hearing.
---------------------------------------------------------------------------
    \1\ For example, other problems with the FCRA include a lack of 
adequate Federal agency enforcement, unacceptable limits on private 
enforcement, an utter disdain for compliance by many creditors when 
they furnish information to credit bureaus, the failure by the consumer 
reporting industry to maintain adequate accuracy standards, and the 
disconnect in the credit granting process that has led to the identity 
theft epidemic. See U.S. PIRG's testimony before the House Subcommittee 
on Financial Institutions, 4 June 2003, at http://
financialservices.house.gov/media/pdf/060403em.pdf.
---------------------------------------------------------------------------
    The FCRA was enacted \2\ in 1970 in the wake of a series of 
scandals involving unfair insurance investigations. Congress also 
recognized an increasing inability of consumers to obtain redress when 
credit mistakes were made. The 1970 Act created a broad structure for 
regulating consumer reporting agencies (CRA's, or credit 
bureaus).
---------------------------------------------------------------------------
    \2\ 15 U.S.C. 1681 et seq.
---------------------------------------------------------------------------
    The FCRA's general structure is based on the Code of Fair 
Information Practices,\3\ which were later described by a 1973 Health, 
Education, and Welfare (HEW) task force and embodied into the 1974 
Privacy Act,\4\ which regulates Government uses of information. The 
Fair Information Practices require data collectors to collect only 
limited information; to use it only for specified purposes, unless 
consent of the data subject is granted for secondary uses; to protect 
the security, accuracy, and privacy of that information; to make 
information practices transparent to subjects; to grant data subjects 
the rights to inspect, correct, and dispute records about them; and to 
grant data subjects the right to enforce these rights.
---------------------------------------------------------------------------
    \3\ Ideally, consumer groups believe that all privacy legislation 
enacted by either the States or Congress should be based on Fair 
Information Practices, which were originally proposed by a Health, 
Education, and Welfare (HEW) task force and then embodied into the 1974 
Privacy Act and into the 1980 Organization for Economic Cooperation and 
Development (OECD) guidelines. The 1974 Privacy Act applies to 
Government uses of information. Consumer and privacy groups generally 
view the following as among the key elements of Fair Information 
Practices: (1) Collection Limitation Principle: There should be limits 
to the collection of personal data and any such data should be obtained 
by lawful and fair means and, where appropriate, with the knowledge or 
consent of the data subject. (2) Data Quality Principle: Personal data 
should be relevant to the purposes for which they are to be used, and, 
to the extent necessary for those purposes, should be accurate, 
complete and kept up-to-date. (3) Purpose Specification Principle: The 
purposes for which personal data are collected should be specified not 
later than at the time of data collection and the subsequent use 
limited to the fulfillment of those purposes or such others as are not 
incompatible with those purposes and as are specified on each occasion 
of change of purpose. (4) Use Limitation Principle: Personal data 
should not be disclosed, made available or otherwise used for purposes 
other than those specified in accordance with the Purpose Specification 
Principle except: (a) with the consent of the data subject; or (b) by 
the authority of law. (5) Security Safeguards Principle: Personal data 
should be protected by reasonable security safeguards against such 
risks as loss or unauthorized access, destruction, use, modification, 
or disclosure of data. (6) Openness Principle: There should be a 
general policy of openness about developments, practices, and policies 
with respect to personal data. Means should be readily available of 
establishing the existence and nature of personal data, and the main 
purposes of their use, as well as the identity and usual residence of 
the data controller. (7) Individual Participation Principle: An 
individual should have the right: (a) to obtain from a data controller, 
or otherwise, confirmation of whether or not the data controller has 
data relating to him; (b) to have communicated to him, data relating to 
him within a reasonable time; at a charge, if any, that is not 
excessive; in a reasonable manner; and in a form that is readily 
intelligible to him; (c) to be given reasons if a request made under 
subparagraphs (a) and (b) is denied, and to be able to challenge such 
denial; and (d) to challenge data relating to him and, if the challenge 
is successful to have the data erased, rectified, completed, or 
amended. (8) Accountability Principle: A data controller should be 
accountable for complying with measures which give effect to the 
principles stated above. This analysis derived from Robert Gellman, 
``Privacy, Consumers, and Costs: How The Lack of Privacy Costs 
Consumers and Why Business Studies of Privacy Costs are Biased and 
Incomplete,'' March 2002, http://www.epic.org/reports/dmfprivacy.html 
or http://www.cdt.org/publications/dmfprivacy.pdf which also discusses 
in detail the OECD Council Recommendations Concerning Guidelines 
Governing the Protection of Privacy and Transborder Flows of Personal 
Data, 20 I.L.M. 422 (1981), O.E.C.D. Doc. C (80) 58 (Final) (Oct. 1, 
1980), at http://www.oecd.org//dsti/sti/it/secur/prod/PRIV-EN.HTM.
    \4\ 5 U.S.C. 552a.
---------------------------------------------------------------------------
    For example, the FCRA allows credit bureaus--which are clearly 
third parties without a direct relationship with consumers--to obtain 
detailed information from public records, creditors, and even 
subjective interviews and then to engage in widespread trafficking in 
detailed credit dossiers containing a consumer's most intimate 
financial details.
    But, the FCRA strictly regulates that trafficking through its 
comprehensive structure, based on the Fair Information Practices. It 
requires credit bureaus to employ reasonable procedures to ensure the 
``maximum possible accuracy'' of credit reports. It limits the use of 
credit reports only to users with a permissible purpose. It gives 
consumers a series of rights, including a right to inspect the reports 
(for free after denial of credit) and to dispute errors. It gives 
consumers a right to learn when their reports have been used adversely, 
for example to deny them credit or insurance. It gives consumers the 
right to sue bureaus that make mistakes or refuse to fix them, but it 
tempers that right with strong affirmative defenses and defamation 
immunity for the CRA's.
    Although the Act was not and is not perfect, most experts agree 
that the FCRA was the first comprehensive privacy law enacted in the 
United States and that its general framework is soundly based on the 
Fair Information Practices.
    In 1989, in response to a series of complaints about credit 
reporting errors, Congress began a series of hearings that culminated 
in the 1996 Amendments to the FCRA. Three matters of extreme 
controversy--pitting consumer groups, State attorneys general and, on 
all major issues joined by the Federal Trade Commission, against the 
financial industry--delayed final passage of the Amendments from 1992 
until 1996.\5\
---------------------------------------------------------------------------
    \5\ In the interim, a number of States, including Vermont (1992), 
California (1994), and Massachusetts (1995) acted more quickly to 
address credit reporting problems.

 First, industry insisted that the FCRA's longstanding floor 
    preemption provision (States can enact stronger laws) be reversed 
    and that the Federal FCRA become a ceiling. The final 1996 
    Amendments preempted only some provisions of the FCRA, and then 
    only for 8 years.
 Second, industry fiercely resisted efforts to add a new 
    provision to the Act imposing duties on creditors that furnish 
    information to credit bureaus to ensure accuracy and imposing 
    liability when those duties were violated. The final provision 
    imposed only limited duties. Liability for making errors was 
    subjected only to agency enforcement, with consumers only having a 
    private right of action to enforce violations of the Act's 
    reinvestigation provisions.
 Third, industry insisted that a new exception to the 
    definition of credit report be carved out, for the sharing of 
    experience and transaction information among companies affiliated 
    by common control. In addition, the new exception was included in 
    the list of provisions subject to the temporary preemption of State 
    action.

The Affiliate Sharing Exception to the FCRA
    Although numerous hearings were held from 1989-1996 during 
consideration of the FCRA Amendments, we are unaware of any specific 
hearing on affiliate sharing, nor any record testimony of any 
significance, if any at all, provided by the industry about the 
subject. Yet, among State attorneys general, consumer groups, and the 
FTC, there was grave concern that Congress was acting precipitously to 
create a sweeping exception that could limit consumer access to the 
wide panoply of rights granted by the FCRA.
    The affiliate sharing exception allows detailed experience and 
transaction information to be shared and used for adverse actions 
without triggering the FCRA's consumer protection rights,\6\ in the 
circumstance where the information is shared among corporate 
affiliates. Experience and transaction information could include 
details from credit card and checking account purchases, mortgage 
balances and payment histories, bank account and brokerage balances and 
other deposit account usage information, relationships with co-signers, 
if any, etc.
---------------------------------------------------------------------------
    \6\ The 1996 Amendments do provide that consumers be provided an 
extremely limited notice if affiliate shared information is used 
adversely, but provision of the notice triggers no additional rights. 
See FCRA Section 615(b)(2). Compare with notice under 615(a) (adverse 
action based on credit report), which triggers comprehensive rights and 
duties under Sections 609, 610, 611.
---------------------------------------------------------------------------
    As the FTC, in an official position paper,\7\ stated on affiliate 
sharing:
---------------------------------------------------------------------------
    \7\ The FTC took an official position on the proposed FCRA 
Amendments in 1994. U.S. PIRG has archived a (scanned) copy of the 
document, ``H.R. 1015, Federal Trade Commission Analysis and 
Recommendations, 25 July 1994,'' at http://www.pirg.org/consumer/
credit/ftcanalysis hr1015.pdf.

          Because the subject of information sharing with affiliates 
        has not been the subject of Congressional hearings, the factual 
        basis for the provision is not necessarily available and the 
        Commission cannot easily evaluate its pros and cons. The 
        Commission believes, however, that caution is the best approach 
        in considering whether to create what may become a significant 
        exception to the consumer protections provided by the FCRA. It 
        may be preferable to defer creation of any exceptions to the 
        FCRA's protections for affiliate sharing until Congress has an 
        opportunity to study this issue and its implications more 
---------------------------------------------------------------------------
        carefully.

    Congress did not debate affiliate sharing prior to 1996. Prior to 
enactment of the 1999 Gramm-Leach-Bliley Act, however, Congress finally 
became acutely aware of the problems posed by unfettered information 
sharing.

The Costs To Consumers of Under-Regulated Affiliate Sharing
    In 1999, while it was considering enactment of GLB, a sweeping 
deregulation of the financial services industry that would encourage 
the establishment of affiliate-based financial services supermarkets--
with banks, brokerages, and insurance companies all under one roof--
Congress became aware of the first two in a series of privacy 
nightmares involving banks and their affiliates.

 First, NationsBank (now Bank of America) had recently paid 
    civil penalties totaling $7 million to the Securities and Exchange 
    Commission and other agencies, plus millions more in private class 
    action settlements, over its sharing of confidential bank 
    accountholder information with an affiliated securities firm. 
    ``Registered representatives also received other NationsBank 
    customer information, such as financial statements and account 
    balances.'' \8\ In this case, conservative investors who held 
    maturing certificates of deposits (CD's) were switched into risky 
    financial derivative products. Some lost large parts of their life 
    savings.
---------------------------------------------------------------------------
    \8\ See the SEC's NationsBbank Consent Order http://www.sec.gov/
litigation/admin/337532.txt.
---------------------------------------------------------------------------
 Second, Minnesota Attorney General Mike Hatch had recently 
    sued U.S. Bank and its holding company, accusing them of having 
    ``sold their customers' private, confidential information to 
    MemberWorks, Inc., a telemarketing company, for $4 million dollars 
    plus commissions of 22 percent of net revenue on sales made by 
    MemberWorks.'' \9\ Memberworks and other nonaffiliated third party 
    telemarketers sign credit card customers up for add-on ``membership 
    club'' products and bill their credit cards as much as $89 or more 
    if they do not cancel within 30 days. The catch? The consumer never 
    gave the telemarketer her credit card number; her bank did, in a 
    scheme known as preacquired account telemarketing. General Hatch 
    has settled with both U.S. Bank and Memberworks.
---------------------------------------------------------------------------
    \9\ See the complaint filed by the State of Minnesota against U.S. 
Bank http://www.ag.state. mn.us/consumer/privacy/pr/
pr%5Fusbank%5F06091999.html.

    While industry continues to claim that these were isolated pre-GLB 
incidents, many of the Nation's largest banks have since been involved 
in enforcement actions and private litigation over their similar sloppy 
information practices. Capital One,\10\ Chase Manhattan,\11\ 
Citibank,\12\ First U.S.A.,\13\ GE Capital,\14\ MBNA America\15\ are 
other banks or bank affiliates that have provided their customers' 
personal and confidential information to fraudulent telemarketers.
---------------------------------------------------------------------------
    \10\ Office of the Washington State Attorney General, ``Settlement 
with Discount Buying Club Highlights Privacy Concerns,'' Aug. 4, 2000, 
http://www.wa.gov/ago/releases/rel_brand 
direct_080400.html.
    \11\ Id.
    \12\ National Association of Attorneys Generals, ``Multistate 
Actions: 27 States and Puerto Rico Settle with Citibank,'' Feb. 27, 
2002, http://www.naag.org/issues/20020301-multicitibank.php; Settlement 
document available at http://www.oag.state.ny.us/press/2002/feb/
feb27b_02_ 
attach.pdf.
    \13\ Office of the New York Attorney General, ``First USA to Halt 
Vendor's Deceptive Solicitations,'' Dec. 31, 2002, http://
www.oag.state.ny.us/press/2002/dec/dec31a_02.html.
    \14\ Supra, note 1.
    \15\ Id.
---------------------------------------------------------------------------
    While some cynical consumers might expect tawdry marketing behavior 
from a credit card company, Minnesota Attorney General Mike Hatch also 
brought an action against a mortgage company, in this case a subsidiary 
of a national bank. In December 2000, the Minnesota Attorney General 
filed a complaint against Fleet Mortgage, an affiliate of FleetBoston, 
for substantially the same types of violations as U.S. Bank had engaged 
in. Incredibly, the firm was allowing telemarketers to add bills for 
buying club and roadside assistance plan memberships to consumer 
mortgage payments after making deceptive telemarketing calls based on 
confidential information derived from account relationships.\16\ That 
complaint was settled in June 2001.\17\ The State's complaint explains 
the problem with sharing confidential account information with third 
party telemarketers.
---------------------------------------------------------------------------
    \16\ See testimony of Minnesota Attorney Mike Hatch before this 
Committee, 19 September 2002 at http://banking.senate.gov/02_09hrg/
091902/index.htm.
    \17\ Minnesota v. Fleet Mortgage Corp., 158 F. Supp. 2d 962 (D. 
Minn. 2001), available at http://www.ag.state.mn.us/consumer/PR/
Fleet_Opinion_61901.html.

          Other than a cash purchase, providing a signed instrument or 
        a credit card account number is a readily recognizable means 
        for a consumer to signal assent to a telemarketing deal. 
        Preacquired account telemarketing removes these short-hand 
        methods for the consumer to control when he or she has agreed 
        to a purchase. The telemarketer with a preacquired account 
        turns this process on its head. Fleet not only provides its 
        telemarketing partners with the ability to charge the Fleet 
        customer's mortgage account, but Fleet allows the telemarketing 
        partner to decide whether the consumer actually consented. For 
        many consumers, withholding their credit card account number or 
        signature from the telemarketer is their ultimate defense 
        against unwanted charges from telemarketing calls. Fleet's 
        sales practices remove this defense.\18\
---------------------------------------------------------------------------
    \18\ 28 December 2000, Complaint of State of Minnesota vs. Fleet 
Mortgage, see http://www.ag. state.mn.us/consumer/news/pr/
Comp_Fleet_122800.html.

    Another bank, Charter Pacific, was caught selling its database 
containing 3.6 million valid credit card account numbers to a convicted 
felon who then fraudulently billed the accounts for access to Internet 
pornography sites that victims had never visited.\19\ In fact, 
approximately 45 percent of the victims did not even own a 
computer. Charter Pacific did not develop the database from its own 
customers' information. Instead, it compiled the information from 
credit cardholders who had purchased goods and services from merchants 
that had accounts at Charter Pacific. The information included the date 
of sale, account number, and dollar amount of every credit card 
transaction processed by the bank's merchant customers. The 
unrestricted sharing of this information resulted in over $44 million 
of unauthorized charges.
---------------------------------------------------------------------------
    \19\ Federal Trade Commission, ``FTC Wins $37.5 Million Judgment 
from X-Rate Website Operator; Bank Sold Defendants Access to Active 
MasterCard, Visa Card Numbers,'' Sept. 7, 2000, http://www.ftc.gov/opa/
2000/09/netfill.htm.
---------------------------------------------------------------------------
    When data collectors do not adhere to Fair Information Practices, 
consumers face numerous privacy risks. A summary of significant privacy 
costs includes the 
following:

 Consumers pay a much higher price than dinner interruptions 
    from telemarketers. Many unsuspecting consumers may still be paying 
    $89/year or more for essentially worthless membership club products 
    they did not want and did not order. Although the Federal Trade 
    Commission has enacted amendments to the Telemarketing Sales Rule 
    \20\ (TSR) in an attempt to regulate the tawdry bank practices 
    described above, additional amendments may be necessary to ensure 
    that banks and their affiliates and subsidiaries comply fully with 
    the amendments, since they may run to the OCC for protection from 
    the FTC otherwise.
---------------------------------------------------------------------------
    \20\ The amendments took effect 31 March 2003. http://www.ftc.gov/
opa/2003/01/tsrfrn final.htm.
---------------------------------------------------------------------------
 Easy access to confidential consumer identifying information 
    leads to identity theft. Identity theft may affect 500,000-700,000 
    consumers each year. Identity theft victims in a recent PIRG/
    Privacy Rights Clearinghouse survey \21\ faced average out-of-
    pocket costs of $808 and average lost time of 175 hours over a 
    period of 1-4 years clearing an average $17,000 of fraudulent 
    credit off their credit reports. It is difficult to measure the 
    costs of higher credit these consumers pay, let alone attempt to 
    quantify the emotional trauma caused by the stigma of having their 
    good names ruined by a thief who was aided and abetted by their 
    bank and credit bureau's sloppy information practices. The 
    Committee need only review last week's compelling testimony of 
    Captain John Harrison \22\ (Ret.). In his oral statement, in 
    particular, Harrison described how he had gone from a high-
    achieving military officer to a failed salesman who recently lost 
    his job due to, in his view, his loss of confidence caused by his 
    inability to cope with the frustration and emotional distress of 
    being a victim of identity theft and his subsequent inability to 
    clear his name of 61 fraudulent credit accounts.
---------------------------------------------------------------------------
    \21\ See ``Nowhere To Turn: A Survey of Identity Theft Victims, May 
2000, CALPIRG and Privacy Rights Clearinghouse, http://calpirg.org/
CA.asp?id2=3683&id3=CA&.
    \22\ Senate Banking Committee Hearing On Identity Theft, 19 June 
2003. See Captain Harrison's testimony at http://banking.senate.gov/
03_06hrg/061903/harrison.pdf.
---------------------------------------------------------------------------
 The Easy access to Social Security numbers by Internet 
    information brokers and others also leads to stalking.
 The failure to safeguard information and maintain its accuracy 
    leads to mistakes in credit reports and consequently consumers pay 
    higher costs for credit or are even denied opportunities.
 Researchers at Michigan State University recently studied over 
    1,000 identity theft cases and found that victims in 50 percent of 
    the cases specifically reported that the theft was committed by an 
    employee of a company compiling personal information on 
    individuals.\23\ Many identity fraud cases stem from the 
    perpetrator's purchase of consumers' personal information from 
    commercial data brokers. Financial institutions information sharing 
    practices contribute to the risk of identity theft by greatly 
    expanding the opportunity for thieves to obtain access to sensitive 
    personal information.
---------------------------------------------------------------------------
    \23\ Personal communication from author to Chris Hoofnagle of EPIC. 
Study forthcoming; results provided in e-mail from Judith M. Collins, 
Ph.D., Associate Professor, Leadership and Management Program in 
Security School of Criminal Justice, Michigan State University to EPIC 
(Apr. 22, 2003, 18:13:35 EST) (on file with EPIC).
---------------------------------------------------------------------------
 The unlimited collection and sharing of personal data poses 
    profiling threats. Profiles can be used to determine the amount one 
    pays for financial services and products obtained from within the 
    ``financial supermarket'' structure. As just one example, 
    information about health condition or lifestyle can be used to 
    determine interest rates for a credit card or mortgage. Even with a 
    history of spotless credit, an individual, profiled on undisclosed 
    factors, can end up paying too much for a financial service or 
    product. Because there are no limits on the sharing of personal 
    data among corporate affiliates, a customer profile can be 
    developed by a financial affiliate of the company and sold or 
    shared with an affiliate that does not fall within the broad 
    definition of ``financial institution.'' A bank, for instance, that 
    has an affiliation with a travel company could share a customer 
    profile resulting in the bank's customer receiving unwanted 
    telephone calls and unsolicited direct mail for offers of 
    memberships in travel clubs or the like that the individual never 
    wanted or requested. A negative credit decision based on this 
    profile would not trigger the vast consumer protection rights that 
    would be triggered by use of a strictly regulated credit 
    report.\24\
---------------------------------------------------------------------------
    \24\ For additional discussion of the profiling issue, and related 
privacy threats posed by information sharing, see 1 May 2002 comments 
of EPIC, U.S. PIRG, Consumers Union, and Privacy Rights Clearinghouse 
on the GLBA Information Sharing Study (Federal Register: February 15, 
2002 (Volume 67, Number 32)) available at http://www.epic.org/privacy/
financial/glb_comments.pdf.
---------------------------------------------------------------------------
 Further, the lack of any regulation of experience and 
    transaction information may pose risks for the privacy of health 
    data. Confidential medical records held by any health insurer or 
    hospital are strictly regulated by the Health Insurance Portability 
    and Accountability Act (HIPAA)'s medical privacy rules. If that 
    information is obtained by any GLB entity, it could be freely 
    shared outside of HIPAA.\25\
---------------------------------------------------------------------------
    \25\ See testimony on medical privacy of Joy Pritts, Georgetown 
University and Marc Rotenberg, EPIC, House Financial Institutions 
Subcommittee, 7 June 2003 at http://financialservices. house.gov/
hearings.asp?formmode=detail&hearing=231.

    In response to the public uproar over the NationsBank and U.S. Bank 
cases, Congress included a privacy title, Title V, in GLB.\26\
---------------------------------------------------------------------------
    \26\ 15 U.S.C. Sec. Sec. 6801-09.
---------------------------------------------------------------------------
While the FCRA Is Based on Comprehensive Protections, The Gramm-Leach-Bliley Financial Services Modernization Act's  No Opt Regime Conversely Fails to Adequately Regulate Either Affiliate or Third Party Information Sharing
The GLB's No Opt Regime
    Much of the debate over affiliate sharing and financial privacy has 
not been over whether financial institutions protect information under 
the Fair Information Practices. Rather, the debate has been over 
whether banks and other institutions should provide consumers with an 
express consent right (affirmatively say yes, or opt in, before 
sharing) or whether information sharing should be allowed automatically 
unless the consumer says no (OK to share as long as consumer does not 
opt out). Industry documents and materials assert that the debate is 
over opt out or opt in, falsely implying that they are for opt out, but 
that opt in goes too far and would cost too much.
    Actually, the vast majority of the financial services industry has 
yet to agree that even an opt out is acceptable--most companies are 
actually for no opt.
    Many observers are unaware that the primary protection Congress 
established in Gramm-Leach-Bliley is provided only by notice (no opt), 
not by opt out. The Fair Credit Reporting Act is based broadly on the 
Fair Information Practices, but GLB is, at best, based on FIP's-Lite. 
Notice is not enough. When comprehensive databases of information are 
held and used by companies, consumers need all of the rights provided 
by the Fair Information Practices. GLB does not regulate in any way 
affiliate sharing of experience and transaction. It does not close the 
loophole established in the FCRA.
    Under GLB, sharing of experience and transaction information with 
either affiliates or with any third party providing joint marketing 
services is unregulated under a no opt regime. The rationale for 
treating marketing partners as affiliates was ostensibly to create a 
level playing field for smaller institutions that might not have in-
house affiliates selling every possible product larger firms might 
sell. Of course, large firms use joint marketing partners, too.
    The limited consumer right to opt out Congress established only 
applies in the circumstance where the bank shares experience and 
transaction information with other third parties selling nonfinancial 
services, primarily telemarketers. Even Congressional Research Service 
reports have misunderstood the modest effect of the limited opt out 
provisions of GLB.\27\
---------------------------------------------------------------------------
    \27\ See for example, ``Financial Privacy--The Economics of Opt In 
vs Opt Out. (Updated 16 Apr 2003) by CRS's Loretta Nott. It repeats a 
mischaracterization of GLB that I believe has been made in other CRS 
reports. The third sentence states: ``A consumer's financial 
information may be shared among the (affiliates of the same corporate) 
group as long as the person has been notified and has the opportunity 
to decline, or `opt out.' '' The paragraph goes on to wrongly say that 
the Johnson S. 660/Tiberi H.R. 1766 proposals are intended, among other 
things to, ``maintain the opt out policy for affiliate information 
sharing.''
---------------------------------------------------------------------------
    GLB should have closed the affiliate sharing exception in the FCRA. 
It did not. The failure of the GLB to regulate or require any form of 
consumer consent for the vast majority of information sharing 
transactions affected is one example of how GLB--unlike the broader 
FCRA as it applies to credit reports--fails to meet the Fair 
Information Practices. GLB fails to adequately protect consumer 
privacy.

Notice is Not Enough
    The result of this defective scheme is that most information-
sharing is only regulated or ``protected'' by notice. Sharing of 
confidential consumer information with 
either affiliates or joint marketing partners continues regardless of a 
consumer's privacy preference. Although we have no way of knowing how 
many joint marketing partners a company may have, we do know how many 
affiliates some of the largest financial services holding companies and 
bank holding companies have. For their recent joint comments to the 
Treasury Department on GLB, State Attorneys General accessed the 
Federal Financial Institutions Examination Council and Federal Reserve 
websites and counted affiliates for Citibank (2,761), Key Bank (871) 
and Bank of America (1,476).\28\
---------------------------------------------------------------------------
    \28\ See 1 May 2002 Attorneys General Comments http://
www.ots.treas.gov/docs/r.cfm ?95421.pdf or http://www.epic.org/privacy/
financial/ag_glb_comments.html on the GLBA Information Sharing Study 
(Federal Register: February 15, 2002 (Volume 67, Number 32)).
---------------------------------------------------------------------------
    In 2001, a coalition of consumer and privacy groups filed a 
petition \29\ with the agencies responsible for enforcing the GLB 
Privacy Rule. On an encouraging note, many of the petitioners have 
recently been informally contacted to watch for agency actions in 
response to that petition calling for better privacy notices. Some 
industry members are even supporting improvements to the privacy 
notices. Of course, improving the notices does not change the flawed 
GLB approach to the sharing of information among affiliates and third 
parties.
---------------------------------------------------------------------------
    \29\ The petition is available at http://www.privacyrightsnow.com/
glbpetition.pdf. See the website http://www.privacyrightsnow.com for 
additional information about the coalition.
---------------------------------------------------------------------------
A Comparison of the Regulated and Unregulated Information Sharing of
FCRA and GLB
    Categories of information regulated by the FCRA and GLB are treated 
in several different ways. The FCRA strictly regulates consumer credit 
reports. Credit bureaus sell certain other products, known as credit 
headers, under an unregulated regime, although recent court decisions 
have narrowed the credit header exception. Credit bureaus also sell 
under-regulated, prescreened lists of consumers derived from credit 
reports, for credit and insurance related purposes. Prescreened opt out 
notices are hard to find and harder to read; the opt out mechanism is 
overly complex and, for a permanent opt out, a consumer must make a 
call, receive a notice in the mail, sign it, stamp it, and return 
it.\30\
---------------------------------------------------------------------------
    \30\ See PIRG's testimony before the House Financial Institutions 
Subcommittee, 4 June 2003 for a detailed analysis. http://
financialservices.house.gov/media/pdf/060403em.pdf.
---------------------------------------------------------------------------
    Information obtained by corporate affiliates, however, is known as 
either ``experience and transaction'' information or ``other'' 
information and regulated by exception to the FCRA. Title V of GLB 
provides that once companies have provided customers with notice of 
their information sharing policies, they can share experience and 
transaction under the extremely permissive GLB regime, with consumer 
protection provided primarily by notice only (no opt).
---------------------------------------------------------------------------
    \31\ The DC Circuit is 2001 decision is F. 3d 809 (2001). http://
laws.findlaw.com/dc/001141a.html. The Supreme Court also denied cert. 
(536 U.S. ___(2002) 01-1080, 10 June 2002) in TransUnion I vs. FTC, 
which ended 10 years of litigation over TransUnion's illegal use of 
credit reports for target marketing.
    \32\ TransUnion II vs. FTC, See http://laws.findlaw.com/dc/
015202a.html. This important appellate decision upheld the 
constitutionality of the GLB privacy regulations and restricted the 
sale of nonpublic personal information, including Social Security 
numbers, by credit bureaus outside of the strict FCRA regime.
    \33\ The prescreening opt out does not stop the flow of credit card 
solicitations, it only slows it down. Now, many retailers, airlines, 
organizations, and others routinely send credit card solicitations to 
their customers. Yet, these offers are based on affiliate sharing--
under the Gramm-Leach-Bliley Act, not the FCRA. No credit report was 
used for prescreening, so no opt out is provided on the mailings. Under 
Gramm-Leach-Bliley, affiliate sharing of ``experience and transaction'' 
information is subject to a no opt rule. The FCRA opt out does not 
apply, nor does the limited GLB opt out. Congress should create a ``no 
credit card offers'' list and apply the 1-call opt out to all credit 
card solicitations not only prescreened solicitations.

             Information Sharing Under The FCRA and The GLB
------------------------------------------------------------------------
  Type of Information       Shared or Sold By        Protection Scheme
------------------------------------------------------------------------
Consumer credit reports  Credit Bureaus           FCRA: Comprehensive
 and investigative                                 regulation under
 consumer reports                                  FIP's.
------------------------------------------------------------------------
Credit headers           Credit bureaus           FCRA: Previously sold
 (Demographic,                                     under exception to
 noncredit related,                                FCRA, but under
 information derived                               recent decisions by
 from credit reports)                              the DC Circuit, U.S.
                                                   Court of Appeals,
                                                   dates of birth\31\
                                                   and Social Security
                                                   numbers\32\ can no
                                                   longer be sold as
                                                   part of credit
                                                   headers.
------------------------------------------------------------------------
Prescreened lists of     Credit bureaus           FCRA: Moderately
 consumers with certain                            regulated, with weak
 characteristics\33\                               right for consumers
                                                   to opt out. Lists
                                                   cannot be used for
                                                   general target
                                                   marketing, only sold
                                                   for marketing credit
                                                   or insurance
                                                   products.
------------------------------------------------------------------------
``Experience and         Banks, brokerages,       FCRA provides that
 Transaction''            insurance companies,     this information is
 Information (credit      and other financial      not regulated as a
 card and checking        institutions             credit report. GLB:
 account purchases,                                Can be shared with
 mortgage balances,                                any affiliate or any
 bank account and                                  third party in a
 brokerage balances,                               joint marketing
 and other deposit                                 relationship with
 account usage                                     bank to sell
 information,                                      financial products
 relationships with co-                            regardless of
 signers, etc.)                                    customer's privacy
                                                   preference (no opt).
                                                   Customer has right to
                                                   opt out only if
                                                   information will be
                                                   shared with or sold
                                                   to other third
                                                   parties, primarily
                                                   telemarketers.
------------------------------------------------------------------------
``Other'' information    Banks, brokerages,       FCRA: Affiliates can
 obtained from a          insurance companies,     share this
 consumer's               and other financial      information with
 application, a           institutions             affiliated companies
 consumer's credit                                 provided consumer is
 report or a consumer's                            given a notice and a
 references                                        right to opt out.
------------------------------------------------------------------------
GLB exceptions to opt    Banks, brokerages,       Under numerous
 out rights               insurance companies,     exceptions, opt outs
                          and other financial      do not apply to
                          institutions             experience and
                                                   transaction
                                                   information shared
                                                   with any affiliate or
                                                   third party for
                                                   completion of
                                                   consumer's
                                                   transaction, fraud
                                                   control, Government
                                                   purposes, secondary
                                                   market underwriting,
                                                   etc.
------------------------------------------------------------------------

How the Gramm-Leach-Bliley Act Falls Short of the Fair Information 
        Practices
    First, GLB fails to require any form of consent (either opt in or 
opt out) for most forms of information sharing for secondary purposes, 
including experience and transaction information shared between and 
among either the affiliates or certain affiliated third parties with 
``joint marketing agreements.'' These outside firms are treated as if 
they were affiliates, under the no opt regime.
    Second, while institutions point out consumers generally have 
access to and dispute rights over their financial account statements, 
they have no knowledge of, let alone rights to review or dispute, the 
development of detailed profiles on them created by financial 
institutions. California is considering a PIRG-backed proposal to 
address the problem that consumers have neither knowledge of nor a 
right to inspect marketing profiles.\34\
---------------------------------------------------------------------------
    \34\ Proposed California legislation, SB 27, offered by State 
Senator Liz Figueroa, would require a business that discloses a 
consumer's personal information to a third party for direct marketing 
purposes to provide to a customer, upon request, a written description 
of the sources and recipients of that information and copies of the 
information disclosed. See http://www.leginfo.ca.gov/pub/bill/sen/
sb_0001-0050/sb_27_cfa_20030507_132723_sen_comm.html.
---------------------------------------------------------------------------
    Third, while GLB does require disclosure of information practices, 
numerous reviews of these privacy policies, by outside experts,\35\ 
CALPIRG,\36\ and others has documented that the policies are unreadable 
and incomprehensible. None fully explain all uses of information, 
including the development of consumer profiles for marketing purposes. 
None list all the affiliates, or even all the types, that they might 
share information with. None describe the specific products, most of 
which are of minimal or even negative value to consumers, that third 
party telemarketers might offer for sale to consumers who fail to opt 
out. Yet all the privacy policies make a point of describing how 
consumers who elect to opt out will give up ``beneficial'' 
opportunities.
---------------------------------------------------------------------------
    \35\ Mark Hochhauser, readability consultant to the Privacy Rights 
Clearinghouse, analyzed dozens of the initial notices: ``Readability 
analyses of 60 financial privacy notices found that they are written at 
a 3rd-4th year college reading level, instead of the junior high school 
level that is recommended for materials written for the general public. 
See ``Lost in the Fine Print: Readability of Financial Privacy 
Notices'' by Mark Hochhauser at http://www.privacyrights.org/ar/GLB-
Reading.htm.
    \36\ See the CALPIRG report Privacy Denied: A Survey Of Bank 
Privacy Policies, 15 Aug 2002, http://calpirg.org/
CA.asp?id2=7606&id3=CA&.
---------------------------------------------------------------------------
    Fourth, GLB does not give consumers a private right of action to 
enforce the law as the FCRA generally does.
GLB's Preservation of States' Rights: The Sarbanes Amendment
    Congress recognized that GLB did not adequately protect privacy and 
that Title V was only a modest first step. Indeed, Chairman Shelby 
pointed this out in his floor remarks in opposition to the bill's 
enactment in 1999.

          We are about to pass this afternoon a financial modernization 
        bill that represents industry interests in a big way. However, 
        we have forgotten the interests of the most crucial market 
        participant of all in America--the consumer, the American 
        citizen. Under this bill, the consumer has little, if any, 
        ability to protect the transfer of his or her personal 
        nonpublic financial information. . . . I can assure Members 
        these large financial conglomerates will have more information 
        on citizens than the IRS, but we have done virtually nothing to 
        protect the sharing of such nonpublic personal financial 
        information for the American people. . . . First, the opt out 
        requirement does not apply to affiliate sharing. . . . Second, 
        the bill includes an exception to the porous opt out provision 
        that allows two or more financial institutions to share their 
        customers' nonpublic personal information with telemarketers to 
        market financial products or services offered under a so-called 
        joint agreement. . . . I believe these privacy provisions are a 
        sham. I have said it before.\37\
---------------------------------------------------------------------------
    \37\ 145 CR S13895 Floor remarks of Senator Richard Shelby (R-AL), 
4 Nov 1999, during consideration of S. 900, which became GLB.

    In recognition of the concerns of a bi-partisan group of Members, 
led by Senators Shelby (R-AL) and Sarbanes (D-MD) and Representatives 
Barton (R-TX) and Markey (D-MA), the Congress took the exceedingly rare 
step of affirmatively and specifically granting the States the right to 
enact stronger financial privacy laws. In conference committee, the 
Congress inserted an amendment offered by Senator Sarbanes granting 
---------------------------------------------------------------------------
States the right to enact stronger financial privacy laws:

        Sec. 6807. Relation to State laws
        (a) In general
        This subchapter and the amendments made by this subchapter 
        shall not be construed as superseding, altering, or affecting 
        any statute, regulation, order, or interpretation in effect in 
        any State, except to the extent that such statute, regulation, 
        order, or interpretation is inconsistent with the provisions of 
        this subchapter, and then only to the extent of the 
        inconsistency.
        (b) Greater protection under State law
        For purposes of this section, a State statute, regulation, 
        order, or interpretation is not inconsistent with the 
        provisions of this subchapter if the protection such statute, 
        regulation, order, or interpretation affords any person is 
        greater than the protection provided under this subchapter and 
        the amendments made by this subchapter, as determined by the 
        Federal Trade Commission, after consultation with the agency or 
        authority with jurisdiction under Section 6805(a) of this Title 
        of either the person that initiated the complaint or that is 
        the subject of the complaint, on its own motion or upon the 
        petition of any interested party. (Pub. L. 106-102, Title V, 
        Sec. 507, Nov. 12, 1999, 113 Stat. 1442.)

    The GLB Conference Report illustrates the final statement of the 
terms agreed to by both Houses, which confirms what GLB states 
explicitly: The States are free to adopt laws regarding the privacy of 
consumer financial information provided to financial institutions. On 
the floor, Senator Sarbanes \38\ emphasized protection of the States' 
authority to legislate in the area of consumer privacy:
---------------------------------------------------------------------------
    \38\ 145 Cong. Rec. S13789 (1999) Statement of Senator Sarbanes on 
final passage of GLB.

          [W]e were able to include in the conference report an 
        amendment that I proposed which ensures that the Federal 
        Government will not preempt stronger State financial privacy 
        laws that exist now or may be enacted in the future. As a 
        result, States will be free to enact stronger privacy 
---------------------------------------------------------------------------
        safeguards if they deem it appropriate.

    Likewise, Senator Grams \39\ said the savings clause of GLB, 
``preserves all existing and all future State privacy protections above 
and beyond the national floor established in this bill.'' House Members 
similarly interpreted the amended bill. As Representative John LaFalce 
\40\ said, ``[T]he conference report totally safeguards stronger State 
consumer protection laws in the privacy area.''
---------------------------------------------------------------------------
    \39\ 145 Cong. Rec. S13889 (1999) Statement of Senator Grams.
    \40\ 145 Cong. Rec. E2310 (1999) Statement of Representative 
LaFalce.
---------------------------------------------------------------------------
Industry's Claim That The FCRA's Preemption Provision Trumps
GLB's States' Rights Provision Is False, But Its Propaganda Campaign
Has Had a Chilling Effect on State Action To Enact Stronger
Financial Privacy Laws
    The FCRA regulates credit reports. As discussed above, a narrow 
exception states that when companies share information among corporate 
affiliates, the sharing does not make the sharing entity a credit 
bureau, with a credit bureau's concomitant responsibilities and duties. 
Although that exception is troubling, since it means that companies are 
able to make credit decisions on the basis of unregulated internal 
databases, nothing in the legislative history suggests that Congress 
intended more than that when it exempted affiliate sharing from the 
FCRA in 1996.
    But while the substantial legislative history and the plain 
language of Section 6807 of the GLB grants States greater rights to 
enact stronger privacy laws, industry has alleged that a different 
provision of GLB, Section 6806, renders the Sarbanes Amendment 
meaningless.

The Sarbanes Amendment and the FCRA Savings Clause
    Section 6806 is the so-called FCRA savings clause and is intended 
to preserve the greater protections of the FCRA strictly regulating 
credit reports from being weakened by GLB's lesser protections. 
Industry claims that the FCRA savings clause creates a safe harbor 
preventing the Sarbanes Amendment from applying to affiliate sharing, 
by allowing the preemptive affiliate sharing exception of the FCRA to 
trump GLB's Sarbanes Amendment.
    Yet, as former FTC Chairman Pitofsky testified before Congress on 
financial services modernization, in a 1999 hearing on H.R. 10, the 
House bill which became GLB:

          Finally, the bill should make it clear that its privacy 
        provisions do not limit the FCRA's protections to the extent 
        they apply to financial institution files. . . . If construed 
        to supersede the FCRA, the H.R. 10 privacy provisions would be 
        a major retreat in privacy protections for consumers. Credit 
        reports could be distributed to firms that had no permissible 
        purpose to see them if the consumer did not take the 
        affirmative step of stopping that practice. The Commission 
        believes it essential to eliminate the potential for such an 
        interpretation by adding a savings clause indicating that, 
        notwithstanding any provisions of H.R. 10, the full protections 
        of the FCRA continue to apply where applicable.\41\ [Emphasis 
        added]
---------------------------------------------------------------------------
    \41\ Testimony of FTC Chairman Robert Pitofsky before the House 
Financial Institutions Subcommittee on HR 10, 21 July 1999, at http://
financialservices.house.gov/banking/72199pif.htm.

    Industry argues that the FCRA savings clause inserted following the 
FTC Chairman's request instead acts to limit consumer protection. 
Industry argues that somehow the purpose of the clause is to allow the 
FCRA's one weaker exception--not its myriad greater protections--to 
prevail. War is peace. Up is down.

State and Local Action under the Sarbanes Amendment
    Industry's threats that the Sarbanes Amendment is meaningless have 
had a chilling effect on State efforts to enact stronger financial 
privacy laws governing affiliate sharing. Although numerous States have considered financial privacy legislation since 1999, only California has 
come close to enactment of legislation. In California, a compromise version 
of SB 1, proposed by State Senator Jackie Speier, has passed the State 
Senate but is currently mired in the Assembly Banking Committee due to 
industry opposition. The bill would greatly strengthen consumer rights 
in information sharing. Anticipating that the bill will not pass, 
consumer groups including CALPIRG and Consumers Union have already 
collected over 200,000 signatures toward a proposed ballot initiative 
for March 2004. The ballot initiative is even stronger than SB 1.
    Although it remains the consumer group view that the FCRA savings 
clause of GLB's effect on the Sarbanes Amendment should be construed 
narrowly, it should be noted that the groups planned the ballot 
referendum for 2004, after the scheduled sunset of FCRA preemption, to 
clear one additional procedural hurdle: Predicted bank litigation.
    Indeed, tired of waiting for the State or Congress to act, several 
California cities and counties led by San Mateo and Daly City, have 
enacted local financial privacy ordinances modeled after SB 1. The 
ordinances will take effect on 1 September 2003, but first they must 
survive court challenges by Bank of America and Wells Fargo, joined by 
the Nation's chief national bank regulator, the Office of the 
Comptroller of the Currency.\42\
---------------------------------------------------------------------------
    \42\ For more information about OCC's abusive preemption positions 
generally, see http://www.pirg.org/occwatch. 




    If the cities lose in court, despite the clear legislative history 
in their favor, particularly under a National Bank Act preemption 
argument, it may be appropriate for the Congress to consider a narrow 
clarifying amendment to GLB that makes it clear that the Sarbanes 
Amendment is the paramount Federal rule on financial privacy, all other 
laws notwithstanding.

Industry Has Misrepresented the Goal and the Effect of State Financial
Privacy Laws
    Throughout the debate over financial privacy and the FCRA 
preemption, industry has engaged in a two-part strategy to confuse the 
public and decisionmakers.
First, Industry Claims To Be For Opt Out, When It Is In Favor Of No Opt
    As discussed above in the section on GLB, industry muddles the 
issue of no opt versus opt out. For example, a white paper prepared for 
the industry that is routinely cited by industry witnesses before 
Congress states the following:

          Congress struck a critical balance in the 1996 FCRA 
        Amendments between consumers' interest in reaping the benefits 
        of accessible credit files and their interest in privacy. That 
        balance is reflected in the combination of preemption and opt 
        out provisions for prescreening and affiliate-sharing. Efforts 
        to fundamentally alter that balance by not reenacting 
        preemption and/or by conditioning prescreening and affiliate-
        sharing on opt in threaten to impose considerable costs on 
        consumers, business, and the economy, while not increasing 
        privacy protection.\43\
---------------------------------------------------------------------------
    \43\ Financial Privacy, Consumer Prosperity, and The Public Good: 
Maintaining The Balance. Fred Cate, Robert E. Litan, Michael Staten, 
Peter Wallison. Mar 2003. See http://www.aei. brookings.org/
publications/abstract.php?pid=313.

    The paper is wrong on the affiliate sharing opt out, unless it is 
cleverly hedging behind the limited ``other'' information opt out.\44\ 
It fails to accurately describe the actual no opt regime in place for 
affiliate sharing of experience and transaction information. For this 
and numerous other reasons, one expert observer, an independent privacy 
consultant, called this paper ``shockingly incompetent.'' \45\
---------------------------------------------------------------------------
    \44\ See FCRA, Section 604 (d)(2)(A)(iii) concerning information 
obtained from ``other'' sources, such as a consumer's credit report or 
application or references.
    \45\ ``No Fair Fight Over FCRA Provision,'' by Robert Gellman, DM 
News, 6 May 2003.
---------------------------------------------------------------------------
    Industry witnesses refer to a number of other white papers and 
pseudo-academic documents \46\ purporting to prove that either 
eliminating State preemption or providing greater financial privacy 
protections will cost the economy ``billions of dollars.'' In our view, 
these papers are based on specious assumptions.
---------------------------------------------------------------------------
    \46\ Harvard Law School Professor Elizabeth Warren, co-author of 
several major peer-reviewed studies of the impact of bankruptcy on 
consumers, has written an extensive article criticizing the use of 
``proprietary'' research (data not available or peer-reviewed, paid for 
by industry associations that hire academic ``research'' centers) to 
make public policy. Wisconsin Law Review Vol. 2002, No. 1, ``The Market 
For Data: The Changing Role of Social Sciences in Shaping The Law,'' 
Public Law Research Paper No. 038 See http://papers.ssrn.com/sol3/
papers.cfm ?abstract_id=332162.

 None of the papers measure the costs of not protecting 
    privacy, including the costs of identity theft.
 None of the papers measure the cost to society of inaccurate 
    credit reports caused by mistakes due to lack of enforcement of the 
    Federal FCRA.
 None of the papers separate the impact, if any, of the 1996 
    preemption provisions from other dependent variables or attempts to 
    evaluate the effect of other factors on the credit economy.

    None of the industry studies attempt to quantify the costs of not 
protecting privacy. One contrary study finds, ``In fact, the costs 
incurred by both business and individuals due to incomplete or 
insufficient privacy protections reach tens of billions of dollars 
every year.'' \47\
---------------------------------------------------------------------------
    \47\ ``Privacy, Consumers, and Costs: How The Lack of Privacy Costs 
Consumers and Why Business Studies of Privacy Costs are Biased and 
Incomplete,'' by Robert Gellman, March 2002, See http://www.epic.org/
reports/dmfprivacy.html.
---------------------------------------------------------------------------
    None of the industry studies measures the costs of inaccurate 
credit reports. According to just one key finding of a major recent 
study of 500,000 credit files:

          Misclassification into the subprime mortgage market can 
        require a borrower to overpay by tens of thousands of dollars 
        in interest payments on a typical mortgage. For example, over 
        the life of a 30-year, $150,000 mortgage, a borrower who is 
        incorrectly placed into a 9.84 percent subprime loan would pay 
        $317,516.53 in interest, compared to $193,450.30 in interest 
        payments if that borrower obtained a 6.56 percent prime loan--a 
        difference of $124,066.23 in interest payments.

    That study,\48\ by the Consumer Federation of America and National 
Credit Reporting Association, found that at least 8 million consumers 
are at risk of being misclassified into subprime credit due to sloppy 
information handling practices by credit reporting agencies.
---------------------------------------------------------------------------
    \48\ ``Credit Score Accuracy and Implications for Consumers,'' 
December 17, 2002, Consumer Federation of America and the National 
Credit Reporting Association http://www.consumer fed.org/
121702CFA_NCRA_Credit_Score_Report_Final.pdf.
---------------------------------------------------------------------------
    None of the industry studies measures the costs of a post-GLB 
credit economy where adverse decisions are made without consumers 
gaining the right to know about, look at, dispute, or correct their 
file.

Industry Falsely Claims That Financial Privacy Laws Will Stop All 
        Information Sharing, not Simply Sharing for Secondary Purposes
    Perhaps even more importantly, industry's white papers and 
testimony and press releases have made a wide variety of false and even 
wild claims about the goal and effect of financial privacy laws:

 Industry alleges that stronger financial privacy laws will 
    prevent firms from using one telephone call center for all of a 
    consumer's accounts.
 Industry claims that financial privacy laws ``will hinder 
    their efforts to spot terrorists.'' \49\
---------------------------------------------------------------------------
    \49\ ``Privacy Laws Under Attack,'' Associated Press, 19 Feb 2002. 
The article quotes executives of two powerful industry associations 
opposing State privacy laws on terrorism grounds: The Financial 
Services Roundtable (``We would have trouble communicating with law 
enforcement . . .'') and the Financial Services Coordinating Council 
(``I do not think that explicitly a legislator would try to hurt the 
exchange of information that would allow law enforcement to do what 
they need to do . . .'')
---------------------------------------------------------------------------
 Industry claims that information sharing is critical to 
    stopping fraud and identity theft.

    Actually, the goal of consumer financial privacy laws is not to 
prevent these uses. SB 1 (California) would simply limit information 
sharing for secondary purposes without consent. The goal of SB 27 
(California) is to give consumers access rights in GLB that modestly 
approach those of the FCRA.
    Here is the antifraud, anti-identity theft, exception to the opt 
out in existing Federal law:

          GLB Section 6802(e)(3)(A) to protect the confidentiality or 
        security of the financial institution's records pertaining to 
        the consumer, the service or product, or the transaction 
        therein; (B) to protect against or prevent actual or potential 
        fraud, unauthorized transactions, claims, or other liability; 
        (C) for required institutional risk control, or for resolving 
        customer disputes or inquiries; (D) to persons holding a legal 
        or beneficial interest relating to the consumer; or (E) to 
        persons acting in a fiduciary or representative capacity on 
        behalf of the consumer;

    Similar provisions exist for completing a consumer's transaction, 
underwriting, to comply with Government requirements, or to protect the 
``public safety.''
    In addition, each of the proposed State and local laws and ballot 
initiatives, to our knowledge, includes similar exceptions.
    It is worse than disingenuous to claim that financial privacy laws, 
intended to give consumers control over the use of their confidential 
information for secondary marketing and profiling purposes, will 
completely close the spigot of information sharing for laudable 
purposes.

Does Information Sharing Prevent Identity Theft? No
    Industry has claimed that information sharing is critical to 
identity theft prevention. From 1989 through 1996, while Congress 
considered the strengthening of the FCRA, identity theft was not a 
significant issue in the debate. While it turns out that the problem 
was growing, the industry had been keeping it quiet and absorbing the 
costs of fraud without providing Congress or the FTC with significant 
information. In 1996, the State PIRG's released the first national 
report on the problem, ``The Consumer X-Files,'' documenting the cases 
of several identity theft victims and attempting to quantify the 
problem.
    In 1997, the State PIRG's released a follow-up, ``Return To The 
Consumer 
X-Files.'' \50\ In 2000, the State PIRG's and Privacy Rights 
Clearinghouse released a detailed survey of identity theft victims, 
``Nowhere To Turn.'' \51\ In 2003, CALPIRG released the first analysis 
of police officer views on identity theft, ``Policing Privacy.'' \52\ 
It found that police share consumer groups' views that creditor 
practices must be reined in to stop identity theft.
---------------------------------------------------------------------------
    \50\ See http://www.pirg.org/reports/consumer/xfiles/index.htm.
    \51\ See http://calpirg.org/CA.asp?id2=3683&id3=CA&.
    \52\ See http://www.pirg.org/alerts/route.asp?id2=9791.
---------------------------------------------------------------------------
    In 1998, Congress took its one step to stop identity theft, 
criminalizing it without reining in the creditor and credit bureau 
practices that aid and abet the thieves.
    The FTC has recently reported that identity theft was the leading 
complaint to the Agency for the years 2000, 2001, and 2002. The number 
of cases doubled in 2002, according to the FTC. Based on figures 
reported to the GAO by the credit bureaus themselves, identity theft 
may strike as many as 500,000-700,000 consumers annually. 
Criminalization has not worked. Do industry's unbelievable allegations 
that identity theft is being slowed by information sharing mean the 
problem would be even worse without information sharing?
    Misuse, overuse, and easy access to Social Security numbers is what 
drives the identity theft epidemic. Fundamentally, this nation needs to 
wean the private sector of its over-reliance on Social Security numbers 
(SSN) as unique identifiers and database keys. Creditors issue credit 
based on a match between an applicant's Social Security number and a 
credit bureau Social Security number, with no additional verification 
in many cases that the applicant is actually the consumer whose credit 
bureau file is accessed. Getting Social Security numbers out of 
circulation and improving sloppy credit granting practices, not 
unfettered information sharing, are the real solutions to the identity 
theft menace.

Changing Industry Practices Limiting Information Sharing, not The 
        Threat of State Action, Are the Real Threat To the Economy
Failure To Report Completely To Game Credit Score Results
    This spring, the Federal Reserve Board of Governors released a 
major study \53\ of credit reports. Among its key findings, based on a 
review of 248,000 credit reports held by one unnamed repository, was 
the following: Fully 70 percent of consumers had at least one trade 
line account with incomplete information. The Fed finds this 
problematic.
---------------------------------------------------------------------------
    \53\ See ``An Overview of Consumer Data and Credit Reporting,'' 
Avery et al, February 2003, Pages 47-73, Federal Reserve Bulletin 
http://www.Federalreserve.gov/pubs/bulletin/2003/0203lead.pdf.

          A key measure used in credit evaluation--utilization--could 
        not be correctly calculated for about one-third of the open 
        revolving accounts in the sample because the creditor did not 
        report the credit limit. About 70 percent of the consumers in 
        the sample had a missing credit limit on one or more of their 
        revolving accounts. If a credit limit for a credit account is 
        not reported, credit evaluators must either ignore utilization 
        (at least for 
        accounts without limits) or use a substitute measure such as 
        the highest-balance level. The authors' evaluation suggests 
        that substituting the highest-balance level for the credit 
        limit generally results in a higher estimate of credit 
        utilization and probably a higher perceived level of credit 
        risk for affected consumers. [Emphasis added] \54\
---------------------------------------------------------------------------
    \54\ See page 71, ``An Overview of Consumer Data and Credit 
Reporting,'' Avery et al, February 2003, Pages 47-73, Federal Reserve 
Bulletin http://www.Federalreserve.gov/pubs/bulletin/2003/0203lead.pdf.

    Although industry witnesses will testify to a vast ``free flow of 
information'' driving our economy that should not be constrained, more 
and more firms are choosing to stifle the flow of information 
themselves--to maintain their current customers as captive customers.
    We expect industry witnesses to claim this problem has been 
resolved. According to the Fed and CFA studies it has not. This month, 
a major lender told the American Banker newspaper it does not report 
credit limits: ``Capital One has never reported credit limits, for 
proprietary reasons,'' Diana Don, a spokeswoman for the McLean, VA, 
card issuer, said Wednesday. ``We feel that it is part of our business 
strategy and provides competitive advantage.'' \55\
---------------------------------------------------------------------------
    \55\ ``FCRA Hearing to Shine Spotlight on Credit Process,'' 
American Banker, 12 June 2003 by Michele Heller.
---------------------------------------------------------------------------
    When a bank intentionally fails to report a consumer's complete 
credit report information to a credit bureau, that consumer is unable 
to shop around for the best prices and other sellers are unable to 
market better prices to that consumer. Even the Comptroller of the 
Currency, Mr. Hawke, has condemned the practice.\56\ So has the FFIEC: 
``The Agencies are aware that over the last year some financial 
institutions have stopped reporting certain items of customer credit 
information to consumer reporting agencies (credit bureaus). 
Specifically, certain large credit card issuers are no longer reporting 
customer credit lines or high credit balances or both.'' \57\
---------------------------------------------------------------------------
    \56\ See speech by Comptroller of the Currency John Hawke at http:/
/www.occ.treas.gov/ftp/release/99-51.txt 7 June 1999: ``Some lenders 
appear to have stopped reporting information about subprime borrowers 
to protect against their best customers being picked off by 
competitors. Many of those borrowers were lured into high-rate loans as 
a way to repair credit histories.'' According to U.S. PIRG's sources in 
the lending industry, this practice continues.
    \57\ See advisory letter of 18 January 2000 at http://
www.ffiec.gov/press/pr011800a.htm Testimony of U.S. PIRG, 26 June 2003, 
p.20.
---------------------------------------------------------------------------
Affiliate Sharing Regime Provides Fewer Consumer Rights
    As we have indicated above, the FCRA is an important privacy and 
consumer protection law. It provides consumers with substantive rights. 
Yet the growing use of affiliate sharing under GLB for profiling and 
credit decisionmaking may lessen the public benefits of the FCRA. If 
credit decisions are made on the basis of affiliate-shared information, 
consumers do not have the same bundle of rights as they would under the 
FCRA. As internal creditor databases increase in size and predicative 
value, either credit decisions or other profiling decisions (whether to 
even offer a consumer a certain class of product, for example) may more 
and more be made under the GLB regime. These adverse actions will not 
result in triggering the same disclosures and rights that consumers 
obtain under the FCRA. These changes in the marketplace, which are 
already occurring, mean that consumers may not have the same credit 
rights in the future. Congress should carefully scrutinize issues 
related to the lack of consumer rights in the affiliate sharing world, 
compared to the significant consumer protections provided by the FCRA.

Conclusion
    Our complex national credit system, which relies on 
interrelationships between and among furnishers of information 
(creditors), consumer reporting agencies (credit bureaus) and numerous 
other information providers, secondary market players and, finally, 
consumers, was not created by the temporary 1996 preemption compromise 
to the FCRA and will not be destroyed by letting it expire. Nor was 
that complex national credit system created by the affiliate sharing 
regime of GLB which has resulted in a growing number of unregulated 
transactions and credit decisions.
    The FCRA worked well before 1996, as the testimony of the Vermont 
Attorney General's office and other consumer witnesses has made clear 
today. Industry's lobbying campaign urging you to simply extend the 
temporary preemption and extend the nonregulation of affiliate sharing 
is merely an attempt to preserve the unacceptable status quo that has 
resulted in unacceptable levels of credit report errors and an epidemic 
of identity theft. We hope to work with the Committee on solutions to 
these problems as well.
    We generally agree with industry that a uniform national law would 
be the most efficient, provided it is adequate. But the best way to get 
to adequate uniformity is to retain States' rights. Congress has not 
demonstrated a propensity for enacting uniform consumer protection laws 
that are adequate, except when driven by the threat of State actions. 
If Congress fails to solve the problem, or new problems arise, the 
States can act more quickly to resolve the problem and provide a 
template for additional Federal action by the Congress.
    Retaining States' right to enact stronger laws is the best way to 
guarantee an eventual strong uniform Federal law. The States are 
rational actors; they will not act to balkanize our financial system. 
Instead, they will respond to new threats with new and innovative 
ideas, which will eventually be adopted by other States. The notion of 
50 different, conflicting laws is absurd and not even worth debate.
    In the area of consumer protection, without ideas from the States, 
typically the only way the inertia of Congress is ever overcome is by a 
stark crisis--such as Enron. Remember, the Enron fiasco was not even 
enough to guarantee passage of last year's Sarbanes-Oxley corporate 
reforms--we had to wait for Worldcom.
    We appreciate the opportunity to provide our views on the Fair 
Credit Reporting Act and affiliate sharing. We look forward to working 
with you in the future on these and other solutions to the problems 
consumers face in dealing with creditors, furnishers, and identity 
theft.

                               ----------

                PREPARED STATEMENT OF ANGELA L. MAYNARD

              Chief Privacy Executive and Counsel, KeyCorp
             on behalf of the Financial Services Roundtable
                             June 26, 2003

    Mr. Chairman and Members of the Committee, my name is Angela 
Maynard, and I am the Chief Privacy Executive and Counsel for KeyCorp 
(Key), an $86 billion financial holding company headquartered in 
Cleveland, Ohio. As the nation's 11th largest banking company, Key 
conducts business throughout the United States in States spanning from 
Maine to Alaska.
    Key is a member of the Financial Services Roundtable (Roundtable), 
and I am appearing today on behalf of the Roundtable as well as the 
customers, employees and shareholders of Key. The Roundtable represents 
100 of the largest integrated financial services companies providing 
banking, insurance, and investment products and services to consumers. 
Member companies participate through their chief executive officer and 
other senior executives nominated by the CEO.
    I appreciate the opportunity to testify before the Committee on the 
role of affiliate information sharing under the Fair Credit Reporting 
Act (FCRA). The FCRA has become central to our Nation's credit system, 
and the Committee is to be commended for undertaking a thorough review 
of the Act and its impact on consumers, businesses, and the economy.
    The Roundtable and Key support the affiliate information sharing 
provisions of the FCRA, and urge the Committee to renew those and the 
other provisions of the Act that are scheduled to expire at the end of 
the year. The Importance of the FCRA and the Consumer Benefits of Information
Sharing
    Before I explain how Key uses the affiliate information sharing 
provisions of the FCRA, I thought it might be useful to provide the 
Committee with some insight into the importance of the FCRA to the 
economy and the consumer benefits associated with affiliate information 
sharing.

Economic Consequences of Failing to Renew the FCRA
    The Roundtable has found that the failure to renew key provisions 
of the FCRA will impose substantial costs on consumers and the economy, 
and will raise barriers to the least advantaged segments of our 
population.\1\ More specifically, the Roundtable has found that the 
failure to renew key provisions of the FCRA will result in higher costs 
for interest on mortgages, credit cards, and other debt; reduced credit 
access; and higher costs for insurance, electric power (in competitive 
markets), mail-order and e-commerce purchases, and third-party 
offerings by financial services companies.
---------------------------------------------------------------------------
    \1\ ``The Economic Consequences of Failing to Renew Current 
Provisions of the Fair Credit Reporting Act (FCRA) Which Promote 
Uniform National Standards,'' a study prepared for the Financial 
Services Roundtable by the Perryman Group, 2003.
---------------------------------------------------------------------------
    The additional costs consumers would pay on mortgages and other 
forms of credit are estimated to total over $20 billion each year. This 
amount includes $1.7 billion in new mortgage expenses, $1.7 billion in 
additional home equity and refinancing costs, and over $11 billion in 
increased credit card charges. The increased annual costs for 
insurance, electric power, e-commerce sales, and third party services 
are estimated to total another $20 billion.
    Additionally, approximately $170 billion in total funds from home 
equity loans and refinancings would no longer be available to 
households. Of this amount, approximately $100 billion would otherwise 
have been spent and circulated through the economy.
    When these and other cost factors are combined, the net direct loss 
in annual aggregate spending from the failure to renew the FCRA is 
estimated to be over $180 billion.

Consumer Benefits of Information Sharing
    The Roundtable also has found that the customers of its member 
companies obtain significant benefits from information sharing.\2\ 
These benefits include increased convenience, personalized service, and 
real savings of time and money.
---------------------------------------------------------------------------
    \2\ ``Customer Benefits from Current Information Sharing by 
Financial Services Companies,'' a study prepared for the Financial 
Services Roundtable by Ernst & Young, December 2000.
---------------------------------------------------------------------------
    Information sharing saves the customers of Roundtable companies, on 
average, $195 per household per year. For all customers of Roundtable 
companies, the total dollar savings due to information sharing is 
estimated to be $17 billion. About $9 billion of this total comes from 
sharing information with third parties, and the remaining $8 billion is 
due to information sharing with affiliates. The dollar savings for 
customers result from the outsourcing of services to third parties, 
relationship pricing, and proactive offers. Obviously, these savings 
would be greater for the entire financial services industry.
    Information sharing also saves time for the customers of Roundtable 
companies. The average household saves close to 4 hours per year 
because of the convenience provided by information sharing. This 
amounts to a savings of about 320 million hours per year for all 
customers of Roundtable companies. About 115 million hours are saved 
because of information sharing with affiliates and 205 million hours 
are saved because of information sharing with third parties. The 
timesavings for customers are a result of centralized call centers, 
Internet-based services, third party services, proactive offers, and 
prefilled applications.
    The Roundtable also has found that, contrary to common perception, 
the ability to share information reduces identity theft and fraud, and 
that it reduces the number of solicitations consumers actually receive. 
Identity theft and fraud are reduced because information sharing allows 
organizations to better identify and respond to fraud and identity 
theft. Solicitations are reduced as a result of targeted marketing. 
Roundtable members save about $1 billion per year through the use of 
targeted marketing, as opposed to mass marketing, and those costs 
savings can be passed forward to customers. Failure to renew the FCRA 
could result in a shift back to mass marketing and cause Roundtable 
members to send out over three times as many solicitations to achieve 
the same level of sales.

How Key Uses Information Sharing To Benefit its Customers
    Like many other financial services companies, Key is a holding 
company that owns a number of subsidiary companies, all of which would 
qualify as affiliates for purposes of the FCRA. At present, KeyCorp 
owns approximately 20 companies that provide products and services 
directly to individuals, including: KeyBank, N.A.; Key Bank U.S.A, 
N.A.; McDonald Investments, Inc.; Victory Capital Management, Inc.; Key 
Bank Life Insurance, Ltd.; KeyTrust Company, N.A.; and SecoLink 
Settlement Services, LLC.
    Key has worked diligently to consolidate the legal affiliates under 
which we conduct business. Key was the first large multibank holding 
company to consolidate bank charters under the authority provided by 
the Riegle-Neal Act. Despite our efforts, we still must operate under 
multiple legal affiliates due to State and Federal legal requirements, 
tax and accounting considerations, and operational considerations. For 
example, the Gramm-Leach-Bliley Act (GLBA) requires many of Key's 
financial activities be conducted separate and apart from our banking 
subsidiaries.
    However, to our customers, Key is not a collection of separate 
companies; it is a single entity that offers a variety of financial 
products and services. These include retail and commercial banking; 
investment banking and management; residential mortgages; home equity 
and installment loans; financial, estate, and retirement planning; 
asset management; and, for our business customers, real estate finance 
and equipment leasing.
    Despite this structure, Key has a single privacy policy that covers 
all of our businesses. This policy discloses our practices regarding 
the collection and sharing of information with both affiliated and 
nonaffiliated companies. Key has had a privacy policy in existence for 
6 years, which predates GLBA's privacy policy requirements.
    Through our privacy policy, any consumer who provides information 
to Key can learn the types of information we may collect, from whom, 
how that information may be used, and how he or she can restrict the 
use of this information across our company and with third parties. We 
provide a copy of our privacy policy at the time a consumer first 
provides the information to Key, whether or not an account is opened, 
and annually, so long as a relationship exists with Key. Disclosed in 
the privacy policy is a toll-free number that is dedicated solely to 
recording privacy elections and answering privacy related questions. 
Once recorded, a privacy election is applied corporate-wide, covering 
all Key affiliates, and stays in effect until changed by the 
individual.
    The FCRA has two provisions related to the sharing of information 
among affiliated companies. One provision relates to information about 
a customer that is based on a company's own transactions with the 
customer (so-called ``transaction and experience'' information). The 
other provision relates to any other information about a consumer, 
including information based on the consumer's transactions with other 
institutions (so-called ``other'' information).
    Transaction and experience information is information that relates 
to a company's own experiences and transactions with a consumer. It 
would include, for example, the length of time that a customer has held 
a credit card, the number of times the customer has been late in making 
a payment on the credit card, or the average monthly balance in the 
customer's savings account. Under the FCRA, transaction and experience 
information that is shared with an affiliate is not treated as a credit 
report. Also, a customer does not have the ability to elect not to 
allow Key to share such information within the Key family of companies. 
Key's affiliates share this type of information for many purposes, 
including customer risk assessments, the servicing of accounts, fraud 
control, and targeted marketing.
    Examples of other information, that is nontransaction and 
nonexperience information, include information on an application, lists 
of a consumer's assets and liabilities with other companies, and lists 
of the names of companies from whom the 
customer has purchased other financial products and services. Under the 
FCRA, such other information that is shared with an affiliate is not 
treated as a credit report as long as a consumer is notified that such 
information may be shared and is given the opportunity to opt out of 
having this information shared. This provision permits Key's affiliated 
companies to share all types of information maintained on customers, 
not just information on our own transactions or experiences with the 
customer, provided the customer does not ``opt out'' of the sharing.
    These two provisions were added to the FCRA in 1996 to accommodate 
the flow of information within organizations, such as Key, which 
provide products and services to consumers through multiple legal 
entities. Absent these exceptions to the definition of what constitutes 
a consumer report, Key's affiliates would be treated as consumer 
reporting agencies under the FCRA and would be able to share consumer 
information only in limited circumstances, such as a credit 
transaction, the underwriting of insurance, or for employment purposes. 
Key uses the affiliate information sharing provisions of the FCRA in 
many other ways to help consumers. It relies upon affiliate information 
sharing to help consumers obtain needed products and services and 
service customer accounts. It also uses affiliate sharing to fight 
fraud and identity theft, and to comply with anti-money laundering and 
anti-terrorist financing laws. The following is a summary of the many 
ways in which Key uses affiliate information sharing to benefit 
consumers.

Appropriate Product and Services
    Our customers expect us to help them identify appropriate financial 
products and services. Affiliate information sharing permits us to 
efficiently and effectively provide products and services that meet the 
specific needs of our customers. To do so, we first must understand a 
customer's financial needs and risk profile. Affiliate information 
sharing allows us to gather this data. Once we have an understanding of 
a customer's financial needs and risk profile, including an 
understanding of the existing product and service relationships the 
customer maintains across Key, we can determine what products and 
services are best for the customer, from both a product function and 
cost perspective. Without affiliate information sharing, our customers 
would be at a disadvantage in terms of product selection and cost.

One-Stop-Shopping
    Our customers want to minimize the time it takes to conduct 
business. Affiliate information sharing allows us to deliver financial 
products and services efficiently. It eliminates the need for our 
customers to deal separately with different Key employees at multiple 
locations in order to obtain products and services that are offered by 
Key through separate legal affiliates. For instance, if a customer goes 
to a Key branch to open a deposit account, the same employee can assist 
that individual with other products, such as a home equity line that is 
offered by a separate Key affiliate. Affiliate information sharing also 
accelerates account approval and opening processes by leveraging 
information Key already maintains on the customer to process the 
customer's request. This eliminates the need for a customer to spend 
time gathering papers and finding information necessary to proceed with 
a product request.

Integrated Products and Services
    Key offers several products that straddle affiliates. For example, 
Key's Total Access Account connects a brokerage account to a bank 
deposit account. This enables us to swap funds back and forth to 
maximize the return on a customer's funds. Customer information must be 
shared between our brokerage and bank to allow these products to co-
exist. Combined statements and online account aggregation services are 
other examples of services that benefit our customers, and that are a 
direct result of affiliate information sharing.

Relationship-Based Discounts
    Key strives to maintain and grow customer relationships. One way we 
achieve this goal is through relationship-based pricing and discounts 
for customers who maintain multiple accounts across Key. The number and 
mix of products and services a customer maintains across Key impacts 
the profitability of a customer, which allows Key to provide certain 
customers with discounts and preferential pricing. Affiliate 
information sharing allows Key to perform the analysis necessary to 
determine which customers qualify for discounts or other pricing 
breaks. The benefit to the customer in this case is clear: Advantageous 
pricing. This benefit is a direct result of affiliate information 
sharing.

Ease for Clients
    Affiliate information sharing supports our ability to effectively 
service customers. It allows us to respond to customer inquires. With 
access to shared information, a bank branch representative can assist a 
customer who may have questions concerning the customer's brokerage and 
deposit accounts. Information sharing also enables a centralized 
department to update customer information for accounts held at any Key 
affiliate. This saves the customer the time and nuisance of separate 
visits and multiple telephone calls. Furthermore, information sharing 
helps Key manage data quality. When personal information related to a 
customer is changed at one affiliate, information sharing enables us to 
reflect that change in other accounts held throughout the organization. 
Maintaining the accuracy of customer information is critical in the 
fight against identify theft.

Effective Solutions
    Information sharing helps Key provide the best possible financial 
solutions to its customers. For example, when determining the best 
source for funds needed by a customer, a Key representative can 
identify more opportunities with a full understanding of the client's 
relationship across Key. Utilizing information sharing, the Key 
representative may discover that the customer has a home equity line 
with a Key company and may conclude that the home equity line is a less 
expensive source of funds than the credit card limit extension the 
customer may have requested.

Increased Efficiencies/Decreased Costs
    Centralizing functions--such as call centers, operations centers, 
analytics, and product development--all require information sharing 
across affiliates. The centralized functions enable the same Key 
employees to effectively and efficiently perform nearly identical 
functions for different affiliates within our organization. 
Consolidating functions across affiliates improves expertise, allows us 
to better manage risks, and significantly reduce operating expenses. 
These benefits are passed on to the customer in the form of better 
service and lower costs. If affiliate information sharing is 
restricted, it would force Key to decentralize and duplicate functions 
within the organization, with no benefit to customers.

Well-Suited Offers
    Key uses information sharing to determine which products or 
services to market to our customers. We strive not to annoy our 
customers with offers for products or services that do not fit their 
needs. We know that customers only will choose new products or services 
if those products or services fill a specific need. Efforts to market 
the wrong products and services to our customers benefit no one. In 
order to ensure that our marketing efforts benefit our customers, we 
conduct the necessary analysis of the information we have available to 
us to understand our customers' needs. This does not mean that we will 
market products to those who have requested us not to solicit them. For 
many years, Key has provided its retail and business customers the 
option to not receive marketing from Key if they chose.

Uncovering Fraud
    Information sharing among affiliates is critical in our efforts to 
fight fraud. Organized crime groups conduct the majority of fraud 
committed against financial institutions. These groups know the 
requirements under which we operate and ``game'' the system. They know 
where and how we can share information, and play that against us. They 
know the legal restrictions we operate under and the technology we 
utilize. When a financial institution is the target of fraud, it 
generally is not an isolated incident; criminals strike at multiple 
points across the organization. Gathering and sharing information on 
the impacted accounts across the organization is the only means to 
effectively address this problem. In these situations, information must 
be retrieved from employees in closest contact with the accounts, as 
well as the individuals who established the accounts. The information 
must be shared with those involved throughout the organization involved 
to help uncover the totality of the fraud.

Preventing Fraud
    Key uses information sharing to help prevent fraud before it 
occurs. Some of our processes check existing information we have on a 
customer against information we receive when an account is established. 
If the information appears suspicious upon comparison, our employees 
take a closer look to uncover attempted fraud. By sharing information 
across the entire organization, not just within an affiliate, we have a 
much greater opportunity to stop fraud before it happens.
    Affiliate information sharing is also a critical component of Key's 
compliance efforts with OFAC requirements, suspicious activity 
reporting requirements, and anti-money laundering and anti-terrorist 
financing requirements.

Easing the Impact on Victims
    Having access to information across affiliates increases the speed 
with which Key can react when assisting a victim of fraud or identity 
theft. Systems that house information across the company are a 
tremendous tool in aiding an identity theft 
victim. By placing one call to our fraud unit, a customer can, within a 
few minutes, have confirmation that a check was fraudulently passed, 
and can obtain credit to his or her account. This is possible through 
access to an imaging system that contains copies of checks that can be 
searched and viewed within seconds to compare signatures on checks and 
an accounting system that permits accounts to be adjusted. Our fraud 
unit is centralized to support this function corporate-wide. In order 
for the unit to work properly, it is necessary for all affiliates to 
share information with the unit.
    Our centralized fraud unit also allows a customer one point of 
contact within our organization. This avoids the need for the customer 
to make separate phone calls to the different affiliates that may be 
involved. Additionally, our centralized fraud unit benefits the company 
by making us more effective in successfully investigating the crimes 
and quickly getting information to law enforcement to aid in potential 
recoveries.
    When identity theft does occur, affiliate information sharing 
enables us to ease the victim's burden of clearing the many difficult 
issues that are often encountered. For instance, in the process of 
reestablishing a customer's accounts after an identity theft has 
occurred, it is essential to quickly access information across 
affiliates on the affected accounts. This is critical in lessening the 
hardship that would otherwise linger for the victim.

Consumer Protections
    I have described how Key shares information among affiliates for 
the benefit of its customers. Key is equally concerned about protecting 
customers from unwanted distribution of information:

 Key has stringent information access restrictions across the 
    company.
 We train our employees (23,000+) annually on the importance of 
    privacy and its requirements.
 Key does not share medical information among affiliates for 
    any reason not related to the servicing of the account or product.
 Any consumer who provides personal information to Key is 
    informed of our information sharing practices.
 Consumers can opt out of the sharing of nontransaction and 
    experience information among affiliates. We inform consumers of 
    this right, and provide them with our toll-free Privacy Line number 
    to exercise the right.
 Consumers are notified of any adverse decisions based upon 
    information contained in a credit report, and given the opportunity 
    to dispute that information.

Conclusion
    In conclusion, the Roundtable and Key support the affiliate sharing 
provisions of the FCRA. We firmly believe that the statute strikes an 
appropriate balance between consumer protection and corporate 
structure. It permits financial services companies, like Key, to offer 
a full range of products and services to consumers in a convenient and 
efficient manner resulting in real benefits and savings for our 
customers. At the same time, it permits consumers to block unwanted 
information sharing and helps protect against identity theft. We urge 
the Committee to make the existing provisions of the FCRA permanent and 
thereby reaffirm our national credit system.

        RESPONSE TO WRITTEN QUESTIONS OF SENATOR SHELBY
                       FROM TERRY BALOUN

Q.1. What level of understanding does the average consumer have 
with respect to affiliate sharing?

A.1. The average consumer has little understanding of affiliate 
sharing. The consequences of that misunderstanding may vary 
considerably, depending on how a particular business is 
organized. Wells Fargo, for example, has a separate banking 
affiliate in almost every State in its banking footprint, and 
separate credit card and home mortgage entities. Few, if any, 
customers want to be treated as a stranger if they try to 
conduct business in a branch outside their home State. 
Customers expect to be able to make payments on their Wells 
Fargo credit cards and mortgages in any Wells Fargo branch, 
even though those products are offered by different legal 
entities. Even when the affiliates are in different lines of 
business, for example banking and securities brokerage, most 
customers expect that their overall relationship with ``Wells 
Fargo'' will be considered in determining whether they qualify 
for certain benefits; they would not want the value of their 
relationship measured based solely on the balances in bank 
accounts if they also maintain a sizable securities portfolio 
with us. Indeed, to provide intelligent financial solutions for 
many customers, it is necessary to understand their overall 
financial picture--including investments and insurance, as well 
as banking relationships. In most cases, when consumers ``opt 
out'' of information sharing--with affiliates or with third 
parties--what they are really trying to achieve is a reduction 
in direct marketing solicitations. That concern is already 
addressed by State and Federal laws establishing ``opt out'' 
mechanisms for telemarketing calls, fax and e-mail advertising, 
and prescreened solicitations.

Q.2. Does the number of affiliates a firm has affect this 
understanding?

A.2. See #1 above. The sheer number of affiliates is less 
important than the complexity of the organization in terms of 
different lines of business. In many cases, the number of 
affiliates is a red herring. For example, more than two-thirds 
of Wells Fargo's affiliates have no consumer-oriented business 
and thus are unlikely to have any use for consumer data; we 
believe the same is true for most other large financial 
institutions.

Q.3. What about situations where the affiliates are engaged in 
entirely different lines of business? Does it matter that a 
person recognizes that they have a relationship with a bank but 
may not know that the bank also owns a retail securities 
brokerage operation or a direct mail operation where this 
information would be used and other things?

A.3. See #1 above. Few customers would be well served if any 
financial institution tried to meet all their financial needs 
in a single entity or line of business. Insurance and 
securities investments are an important part of the overall 
financial security of most customers but, for regulatory 
reasons, insurance and securities brokerage activities cannot 
be conducted by banks. The main purpose of the Gramm-Leach-
Bliley Act was to facilitate coordinated offerings of different 
types of financial products by integrated financial 
institutions. Cutting off the flow of customer information 
among the various parts of such an institution would largely 
undo the benefits foreseen in the GLBA.

Q.4. How important is a firm's brand to consumers in 
establishing their expectations with respect to the kind of 
relationship they have with a company?

A.4. Branding is extremely important in setting consumer 
expectations, and this is reflected in the branding policies of 
most consumer-oriented businesses. For example, it may make 
economic sense for the same hotel chain to operate very 
different level hotels in the same market, but it would be 
madness to operate a $500 per night hotel under the same brand 
as a $59 per night hotel. Both serve the needs of important 
market segments, but someone walking into a Best Western does 
not expect the amenities--or the prices--of the Ritz, and 
someone walking into the Ritz does not expect the amenities or 
the prices of a Best Western. The same is true in financial 
services. Wells Fargo, like most other large financial 
institutions, uses a common brand name for its mainstream 
consumer financial businesses. (In the case of acquired 
businesses, there is often a transition period during which the 
old name is retained.) If a different brand is used for a part 
of the business, it is usually because that segment serves a 
specialized market segment, for example, investment advisory 
services for high net worth individuals. Different brands may 
also be used for some nonconsumer businesses. Even where 
separate brands are employed, the corporate family name is 
often identified as well; that is, ``XYZ Corp., a Wells Fargo 
company.''

Q.5. How important is that brand?

A.5. Brand reputation is extremely important to any consumer-
oriented business. See #4 above and #6 below.

Q.6. Should there be safeguards, or best practices for sharing 
information within affiliates?

A.6. Yes, but such ``safeguards'' and ``best practices'' do NOT 
need to be imposed by legislative mandate. Misuse of customer 
information almost always comes to light, usually sooner rather 
than later. Businesses such as financial service providers have 
substantial motivation to maintain the trust and goodwill of 
their customers, and they know that nothing will erode that 
trust and goodwill faster or more permanently than misuse of 
customer information. If any Wells Fargo business is discovered 
to have misused customer information, the reputation of the 
entire enterprise will be sullied. We have substantial 
information to ensure that all our businesses use customer 
information responsibly without legislative mandates around the 
sharing of information with affiliates. The existence of such 
mandates would provide little additional incentive to use 
customer information responsibly, but would stifle innovation 
and competition.

Q.7. While called ``affiliate'' sharing provisions, these 
provisions actually allow companies to share information with 
entities that are outside their affiliate structures, don't 
they? Why is this necessary and does this make sense?

A.7. The ``affiliate sharing'' provisions of the FCRA in no way 
permit sharing of information outside of the ``affiliate 
structure'' or ``corporate family'' at least with respect to 
financial institutions. Sharing with nonaffiliates is governed 
by Title V of the GLBA. If the affiliate where the information 
originates could not share it with a nonaffiliated third party, 
an affiliate who receives that information will also be 
prohibited from sharing it with a nonaffiliated third party.

Q.8. Do consumers have different concerns with respect to 
affiliate sharing versus third party sharing?

A.8. Clearly their concerns are different in degree, if not in 
kind; far fewer customers opt out of affiliate sharing than opt 
out of third party sharing. Most customers are unaware of the 
corporate entity structure of most businesses. If anything, 
they expect that legal 
entity boundaries will be transparent to them. In our case, a 
California bank customer expects to be treated as a Wells Fargo 
customer and not a stranger in a Wells Fargo Bank in another 
State, or if s/he applies for a Wells Fargo mortgage or credit 
card, even though those are all different legal entities. That 
seamless customer experience simply would not be possible if 
customer information could not flow freely among Wells Fargo 
affiliates.

Q.9. Should there be greater control over sharing information 
outside of an affiliate structure than within? In other words, 
should this provision be limited so that the only type of 
information sharing permitted is sharing within affiliated 
entities?

A.9. This is already the case for financial institutions: 
Sharing of information within the ``corporate family'' is 
governed by the FCRA while sharing of information with 
unaffiliated third parties is governed by Title V of the GLBA 
and, if applicable, State or local laws which may be even more 
restrictive than Federal law.

Q.10. Do financial institutions make underwriting decisions 
without using credit reports?

A.10. Generally, no. In most cases internal information and 
information obtained from affiliates--which may be much more 
detailed than the information in credit reports--is used to 
supplement the credit report when an existing customer applies 
for credit. In some limited instances, a long-standing 
relationship with the institution (including its affiliates) 
may be considered sufficient to forego the use of a credit 
report for certain products.

Q.11. There are a range of sharing activities that you are 
permitted to engage in under the law. Have any of your firms 
decided NOT to take advantage of the full range of these 
sharing activities--are there things you could do but don't do, 
and if so, why don't you do these things?

A.11. Wells Fargo does not share information with nonaffiliated 
third parties for marketing nonfinancial products or services 
without the customer's explicit consent, even though the GLBA 
and almost all State laws permit doing so subject to notice and 
opt out. Wells Fargo also permits its customer to opt out of 
information sharing with other financial institutions under 
``joint marketing agreements'' even though the GLBA permits 
such sharing without an opt out opportunity. (However, we 
recognize the importance of the joint marketing agreement 
exception to smaller institutions which cannot provide the same 
range of financial products internally.) Wells Fargo permits 
its customers to opt out of sharing any information with 
affiliates for marketing purposes, even though the FCRA permits 
sharing identifying and ``transaction and experience'' 
information with no opt out. Wells Fargo also permits its 
customers request solicitation restrictions in addition to 
those required by law; for example do not mail and do not e-
mail, even for current customers.

        RESPONSE TO WRITTEN QUESTIONS OF SENATOR BUNNING
                       FROM TERRY BALOUN

Q.1. Are there simple ways to make the opt out notice clearer 
to the consumer without having to send out the long and drawn 
out privacy notices. I think that if it was clear, whether that 
means bold print, a larger check off box, or a simple and 
precise explanation, it would eliminate some of the 
apprehension some have. Do you agree/disagree?

A.1. Since enactment of Gramm-Leach-Bliley, Wells Fargo has 
undergone a process to evaluate content and style of its 
privacy notices and have made improvement. We believe that 
there are steps that each company can take to ensure the ready 
availability of notices and opt out opportunity, for example 
brochures available on bank branch counters. Wells Fargo would 
recommend that Congress provide sufficient flexibility to 
regulators to allow for simpler notices.
    If there is a problem with consumer privacy notices, it is 
that they are too long and too complex. Virtually all the 
experts in this area agree that privacy notices should be 
shortened, simplified, and standardized (to enhance 
comparability). For many--perhaps most--financial institutions, 
it would be extremely cumbersome and expensive to maintain and 
distribute 50 different notices (even small, local institutions 
are likely to have some customers who reside in different 
States). Thus the likely response to different requirements in 
different States would be an attempt to develop ``one-size-
fits-all'' notices that would meet the requirements of all the 
States, and which would be neither short nor simple.

Q.2. What unintended consequences do you foresee for some of 
the proposals that would change the current affiliate sharing 
status quo?

A.2. Wells Fargo's customers expect seamless service across 
business lines. A change to the existing framework would hamper 
that service, if not bring it to a halt. As I mentioned in my 
testimony, new homeowners and small business owners have access 
to credit available to them as a result of our analysis of 
data. Products are offered on a timely and nationwide basis. 
Wells Fargo is a financial services provider and should be 
allowed to structure itself in a way that allows the company to 
offer financial products to its customers.
    The United States currently enjoys historically low 
interest rates on almost all credit products, and greater 
access to credit for all economic segments than has ever been 
true in the past. While the Fed's monetary policy due to the 
economic slump has been a factor, the decline in consumer 
interest rates began long before the economic downturn. 
Interest rates in the United States are also lower than in 
almost any other country on earth. Long-term, the decline in 
consumer interest rates in the United States has been driven by 
three primary factors:

 Better risk assessment.
 National competition.
 An active and efficient secondary market for consumer 
    credit receivables.

    All three of these forces depend on accurate, complete, and 
consistent credit information on a nationwide basis, and thus 
would be endangered if different States had different laws on 
information sharing and credit reporting.

Q.3. What are some of the difficulties financial services 
companies might have in marketing to a community where there 
are multiple privacy standards?

A.3. If California's nine pending local ordinances go into 
effect, Wells Fargo will not be able to automatically service/
contact customers in those local markets.
    Our experience in North Dakota shows that Wells Fargo now 
has a customer base in rural markets of North Dakota that do 
not see information related to insurance products. Conforming 
with Gramm-Leach-Bliley, the North Dakota legislature changed 
its opt in law to opt out with respect to information sharing 
with outside third parties for financial purposes. But this was 
reversed by a 2002 referendum election to return to an opt in 
standard--requiring banks to get customer approval before 
providing financial services offered by a third party financial 
services company. Wells Fargo expects that the result will have 
an impact on North Dakota's rural communities. To ensure 
compliance, Wells Fargo has, in effect, placed all the 
residents of North Dakota on a do-not-contact list regarding 
insurance products and is not providing any unsolicited 
information. Customers have opportunities for a broad array of 
financial products and North Dakota's State action has the 
result of preventing rural access to that product list.

Q.4. Do you think that a company that has stringent privacy 
practices (the good guys) would open itself up to unnecessary 
litigation if it has to adhere to multiple privacy standards?

A.4. Yes.

Q.5. Do you think that a company that does business in an area 
that institutes multiple privacy standards will choose to stop 
doing business in that area?

A.5. Again, we would refer to our experience in North Dakota. 
Conforming with Gramm-Leach-Bliley, the North Dakota 
legislature changed its opt in law to opt out with respect to 
information sharing with outside third parties for financial 
purposes. But this was reversed by a 2002 referendum election 
to return to an opt in standard--requiring banks to get 
customer approval before providing financial services offered 
by a third party financial services company. Wells Fargo 
expects that the result will have an impact on North Dakota's 
rural communities. To ensure compliance, Wells Fargo has, in 
effect, placed all the residents of North Dakota on a do-not-
contact list regarding insurance products and is not providing 
any unsolicited information. Our customers outside of North 
Dakota have opportunities for a broad array of financial 
products and North Dakota's State action has the result of 
preventing rural access to that product list.

Q.6. How many customers actually opt out of information sharing 
with affiliates?

A.6. Wells Fargo has had a very small percentage. I would note 
that Wells Fargo offers an annual opt out opportunity for a 
customer--which is over and above what is currently required by 
the Fair Credit Reporting Act. Opt out rates have not increased 
significantly over the past 5 years, despite annual notices and 
extensive media attention.

       RESPONSE TO WRITTEN QUESTIONS OF SENATOR SARBANES
                       FROM TERRY BALOUN

Q.1. Please identify the specific types of transaction/
experience information about its customers that the bank keeps 
on file. Which types of data does your bank share with one or 
more affiliates for purposes other than servicing an account or 
fraud prevention? Does your bank or a bank affiliate combine 
your customer data with information purchased from other 
sources to create a fuller picture of your customer? If so, 
what specific types of information do you receive from these 
other sources and for what purposes is the composite 
information used?

A.1. Information is generally made available to affiliates by 
granting access to the centralized customer information system 
which contains primarily account-level information or, in some 
cases, to systems of record with more detailed transaction 
information. For example, employees who answer customer service 
telephone calls may need access to detailed transaction 
information in order to respond to questions about specific 
checking or credit card transactions. Access to all customer 
information, whether within the same legal entity or across 
affiliates is restricted on a ``need to know'' basis; employees 
of affiliates which do not provide consumer products and 
services would not have access to any information about any 
consumer customers. Extensive physical, technical, and 
procedural safeguards are employed to protect customer 
information at all stages. These safeguards, in turn, are 
reviewed and approved by our respective Federal regulators.
    Wells Fargo obtains information from credit bureaus as part 
of an application/credit granting process. Wells Fargo needs to 
have the most complete and current financial picture of an 
individual applying for credit. As a general matter, Wells 
Fargo supports full and equal reporting of credit information, 
and we support the efforts of the credit reporting agencies and 
the financial regulators to encourage full reporting. However, 
we also recognize that the United States has a voluntary system 
of credit reporting that has worked very well over many years. 
A change as fundamental as mandatory credit reporting would 
undoubtedly have many unforeseen consequences. Therefore, we 
urge Congress to encourage full voluntary credit reporting, 
which it best can do by maintaining the existing limits on the 
liability of reporting entities.

Q.2. Professor Reidenberg in his testimony wrote ``The FCRA 
created fundamental fairness in the treatment of personal 
information through adherence to the basic principle that 
information collected for one purpose should not be used for 
different purposes without the individual's written consent.'' 
Do you agree or disagree that ``information collected for one 
purpose should not be used for different purposes without the 
individual's written consent''? Why?

A.2. I am not sure how you define ownership in the context of a 
company that wants to provide services of value to customers. 
``Ownership'' is not a very useful concept when applied to 
information. ``Ownership'' of a physical object implies total 
control to the exclusion of others. The same piece of 
information, on the other hand, can be used by many people, 
often without diminishing the value to any other user. Thus the 
question should be, ``What uses should a particular party be 
allowed to make of a particular piece of information.'' The 
information of interest to financial institutions primarily 
arises from the relationship between the institution and its 
customer, and secondarily from information each furnishes to 
the other--directly, for example on an application, or 
indirectly, for example from a credit report--in connection 
with that relationship. It seems that both parties should have 
the right to use information.

Q.3. What is the total number of affiliates that the bank has 
and what lines of business are the affiliates engaged in? Does 
the bank disclose to customers the identities of the affiliates 
which it may share their confidential financial data and their 
lines of business?

A.3. Wells Fargo has roughly 800 legal entities--so-called 
affiliates--but only 38 are considered to be national 
businesses (per Wells Fargo's annual report); approximately one 
quarter of the 800 number actually uses consumer data. 
Moreover, Wells Fargo is structured so that data is available 
based on what is relevant to a particular business line and if 
other affiliates want access, the entity has to prove business 
use/need and request clearance by Wells Fargo Information 
Security. These firewalls and processes are examined by our 
Federal banking regulators. The Committee should also keep in 
mind that as we acquire other financial companies, we may elect 
to keep them operating in their existing structures, so our so-
called affiliate number fluctuates.

Q.4. On June 19, 2003, at the Banking Committee's hearing on 
identity theft, a witness from the Secret Service wrote, ``With 
lower costs of information processing, legitimate companies 
have found it profitable to specialize in data mining, data 
warehousing, and information brokerage. . . . This has led to a 
new measure of growth within the direct marketing industry that 
promotes the buying and selling of personal information.'' He 
went on to write that such data are ``valuable commodities.'' 
How valuable is this data? If a bank were to buy such data on 
customers, how much would it cost?

A.4. Wells Fargo cannot judge the value of collected data and 
cannot speculate on the cost. Wells Fargo is a financial 
services company and for credit granting, relies on the most 
current available credit report in order to complete a 
transaction/approve credit.

Q.5. Do your affiliates use transaction/experience data from 
your customers in making decisions of whether to grant credit, 
for purposes other than fraud prevention? If so, please 
describe with specificity what information is used and how it 
is used in deterring whether to extend credit?

A.5 Wells Fargo maintains one centralized database. The cost of 
developing systems, plus a mobile customer base, and the need 
to comply with multiple State rules--will result in confusion 
for both the customer and our employees if a separate database 
is required for fraud control and another database for credit 
granting.
    Because of a centralized database, affiliate sharing does 
control fraud perpetrated against Wells Fargo businesses. Our 
tellers are our front line of defense in controlling fraud and 
can only do that because they have a full screen of information 
in front of them.
    A centralized database also allows relevant businesses to 
provide credit along with the most current credit bureau 
report. In general, with affiliate sharing of information, my 
company can offer beneficial rates and streamlined services to 
individuals with their brokerage accounts, to mortgage 
customers, to small businesses. For example, credit card 
issuers today provide credit on a nationwide basis and 
instantly--in contrast to 5-10 years ago, when such credit 
granting required a relationship with a banker; mortgage 
companies can offer its existing customers beneficial rates and 
quick turnaround on refinancings; with low interest rates, 
investment/financial planners can advise customer on safe 
financial products to get better return for their investments.

         RESPONSE TO WRITTEN QUESTIONS OF SENATOR DOLE
                       FROM TERRY BALOUN

Q.1. Some of my colleagues have made the point that some banks 
have thousands of affiliates. Ms. Brill also lists the number 
of affiliates for Keycorp and Citigroup in her prepared 
statement. Can you explain why this is and how many of these 
affiliates actually deal in customer information?

A.1. Yes. Wells Fargo has roughly 800 legal entities--so-called 
affiliates--but 38 are considered to be national businesses 
(per annual report) and roughly a quarter of the 800 number 
actually use consumer data. Moreover, Wells Fargo is structured 
so that data is available based on what is relevant to a 
particular business line and if other affiliates want access, 
the entity has to prove business use/need and request clearance 
by Wells Fargo Information Security. These firewalls, in turn, 
are examined by our Federal banking regulators. The Committee 
should also keep in mind that as we acquire other financial 
companies, we may elect to keep them operating in their 
existing structures, so our so-called affiliate number 
fluctuates.

Q.2. Last week we heard from both the FTC and the U.S. Secret 
Service that information sharing helps prevent identity theft. 
In Ms. Brill's statement, she states that this practice likely 
facilitates identity theft. Mr. Baloun, does sharing 
information among affiliates increase or help prevent identity 
theft?

A.2. Yes, affiliate sharing does control fraud perpetrated 
against Wells Fargo businesses. Our tellers are our front line 
of defense in controlling fraud and can only do that because 
they have the necessary information in front of them.
    In Omaha, Nebraska, Teller Sara Locke compared the out-of-
State account information in her computer with the identity 
provided by a customer in Omaha, and stopped her from 
fraudulently cashing a check for $2,700 drawn on a Wells Fargo 
California bank account. Locke noticed that the real 
accountholder's birth date did not match the age of the person 
standing in front of her. The real accountholder was in her 
70's, while the person standing in front of the teller looked 
no more than 30. The police were contacted, and the information 
provided by the woman helped them uncover a nationwide fraud 
ring.

        RESPONSE TO WRITTEN QUESTIONS OF SENATOR JOHNSON
                       FROM TERRY BALOUN

Q.1. Professor Reidenberg has made some assertions in his 
testimony that variation in State laws has had little to no 
impact on the availability of financial services in those 
States. You run Wells Fargo in North Dakota, which had a high 
profile referendum on opt in versus opt out. Would you comment 
on what impact this referendum has had on your ability to serve 
people in North Dakota.

A.1. Wells Fargo's experiences with the outcome of the North 
Dakota referendum show that Wells Fargo customers do not get 
information about certain Wells Fargo products. That same 
customer may get information from another provider or may not 
receive as large a variety as individuals in other States. 
Conforming with Gramm-Leach-Bliley, the North Dakota 
legislature changed its opt in law to opt out with respect to 
information sharing with outside third parties for financial 
purposes. But this was reversed by a 2002 referendum election 
to return to an opt in standard requiring banks to get customer 
approval before providing financial services offered by a third 
party financial services company. Wells Fargo expects that the 
result will have an impact on North Dakota's rural communities. 
To ensure compliance, Wells Fargo has, in effect, placed all 
the residents of North Dakota on a do-not-contact list 
regarding insurance products and is not providing any 
unsolicited information. Customers outside of North Dakota have 
opportunities for a broad array of financial products and North 
Dakota's State action has the result of preventing rural access 
to that product list.

Q.2. I think a lot of us here are surprised to learn how many 
affiliates can be included in a corporate family. Would you 
please explain why your companies are structured the way they 
are and how many affiliates actually have access to consumer 
information? For example, it is my understanding that while 
Bank of America has over 1,100 affiliates, only 20 or so of 
those affiliates actually deal with consumer information.

A.2. Wells Fargo has roughly 800 legal entities--so-called 
affiliates--but 38 are considered to be national businesses 
(per annual report) and roughly a quarter of the 800 number 
actually use consumer data. Moreover, Wells Fargo is structured 
so that data is available based on what is relevant to a 
particular business line and if other affiliates want access, 
the entity has to prove business use/need and request clearance 
by Wells Fargo information security. The Committee should also 
keep in mind that as we acquire other financial companies, we 
may elect to keep them operating in their existing structures, 
so our so-called affiliate number fluctuates.

Q.3. It has been noted today that information shared within an 
affiliated structure does not constitute a consumer report and 
is therefore not protected by the FCRA with respect, for 
example, to adverse action notices and reinvestigation 
timeframes. Would you please describe how you might use 
internal credit information, and whether this lack of 
protection might adversely affect your customers? For example, 
how might you use experience information of a credit card 
customer if that customer applies for a mortgage through your 
mortgage affiliate?

A.3. It is simply not true that information provided by 
affiliates is not subject to adverse action and reinvestigation 
protections. The FCRA Section 615(b)(2) requires that when 
adverse action is taken because of information provided by an 
affiliate, the consumer is entitled to an adverse action notice 
that is substantially similar to that required when adverse 
action is taken based on information provided by a consumer 
reporting agency. In most cases, including the example given in 
the question, the information used in connection with an 
application for new credit, will have been reflected in a 
billing statement provided to the customer by the institution, 
and subject to the protections of the Fair Credit Billing Act 
(FCBA), including the right to dispute information. Unlike the 
FCRA, when a dispute is lodged directly with the institution 
under the FCBA, the institution is required to not report the 
disputed amount as delinquent to any consumer reporting agency 
until the reinvestigation has been completed and the 
information verified. (Under the FCRA, the reporting 
institution must note that a dispute has been lodged, but it 
may continue to report the disputed information pending 
resolution of the dispute.)

Q.4. What steps do you take with new customers to help them 
understand their rights to opt out of information sharing among 
affiliates? Do you do more than just send them the privacy 
notice? Are tellers, for example, trained in any particular 
manner to help customers understand their rights?

A.4. All employees go through annual privacy training. Our 
Wells Fargo bankers that set up new accounts for customers are 
trained to provide privacy notices and help customers that have 
elected to opt out--if a customer would like to opt out, they 
are given options, including a toll-free number. In addition, 
Wells Fargo goes over and above current FCRA requirements by 
providing an annual opportunity to opt out.
    Opting out of affiliate sharing is easy at most large 
financial institutions. Wells Fargo, for example, provides an 
800 number that customers can call to opt out (and register 
other privacy preference) in addition to a simple tear-off form 
attached to the privacy disclosures given to all new customers 
and annually to existing customers--which is over and above 
what the Fair Credit Reporting Act requires.
    Financial institutions maintain centralized customer 
information systems--which are the key to detecting and 
preventing identity theft--primarily to provide seamless 
service to our customers, and to inform customers about other 
products and services that we believe might be of interest to 
them. Merely exempting fraud prevention uses from restrictions 
on information sharing will not provide the incentive needed to 
develop and maintain such complex and expensive systems.
    As I indicated in my statement, without affiliate sharing, 
Wells Fargo will be unable to provide service to bank customers 
across State lines, or service across legal entity lines (that 
is, paying mortgage or credit card bills at bank branches, 
offer combined statements, and provide our business direct 
loans to small business owners.)
    Information is generally made available to affiliates by 
granting access to the centralized customer information system 
which 
contains primarily account-level information or, in some cases, 
to systems of record with more detailed transaction 
information. For example, employees who answer customer service 
telephone calls may need access to detailed transaction 
information in order to respond to questions about specific 
checking or credit card transactions. Access to all customer 
information, whether within the same legal entity or across 
affiliates is restricted on a ``need to know'' basis; employees 
of affiliates which do not provide consumer products and 
services would not have access to any information about any 
consumer customers. Extensive physical, technical and 
procedural safeguards are employed to protect customer 
information at all stages.

Q.5. There seems to be some disagreement about whether 
affiliate sharing is more about benefits to the company or the 
consumer. What benefits specifically flow to the customer, and 
I do not mean getting marketing fliers that are often included 
in a credit card statement.

A.5. With affiliate sharing of information, Wells Fargo 
mortgage has provided close to 200,000 new mortgages as a 
result of referrals from a Wells Fargo bank. Specifically, 
Wells Fargo can offer beneficial rates and streamlined services 
to mortgage customers. For example:

 Wells Fargo mortgage can offer its existing mortgage 
    customers beneficial rates and quick turnaround on 
    refinancings. Mortgage can quickly gather needed data from 
    all Wells Fargo businesses with which the customer may have 
    a relationship. Process keeps Wells Fargo customers away 
    from other predatory mortgage lenders that make it tough 
    and costly to refinance.
 Pack pricing: Wells Fargo regions offer new mortgage 
    customers a $300 discount on closing costs if customer 
    opens up a package relationship with Wells Fargo, which 
    includes: Bank account, credit card, discounts on brokerage 
    fees/Wells Trade, and a free consultation with a financial 
    consultant.
 Customers who want to open a home equity line 
    simultaneously with getting their mortgage only have to 
    provide their information once because we are able to share 
    their information across affiliates.

    Generally, Wells Fargo's ability to compete against other 
companies--``our secret sauce''--is to be able to find 
creditworthy customers in a population that would not appear 
creditworthy just on credit bureau/credit score information 
alone--that is, our own experience with the customer.
    This allows us to qualify more customers and to extend 
credit to those we otherwise in the absence of this internal 
information would have turned down.
    If we cannot aggregate our own customer experience info, 
our ability to identify good customers based on internally 
generated information would be eliminated. Competitors who 
collect information about customers and operate in a single 
enterprise would not be impacted.

Q.5. Do you have any data to share with the Committee on how 
information sharing has impacted your lending practices in 
traditionally underserved communities? In particular, have you 
seen an impact on mortgage lending in underserved communities?

A.5. The United States currently enjoys historically low 
interest rates on almost all credit products, and greater 
access to credit for all economic segments than has ever been 
true in the past. Long-term, the decline in consumer interest 
rates in the United States has been driven by three primary 
factors:

 Better risk assessment.
 National competition.
 An active and efficient secondary market for consumer 
    credit receivables--especially mortgages.

    All three of these forces depend on accurate, complete, and 
consistent credit information on a nationwide basis, and thus 
would be endangered if different States had different laws on 
information sharing and credit reporting. In California, data 
on our mortgage market shows that 40 percent of new Hispanic 
Wells Fargo mortgage customers became homeowners as a result of 
a Wells Fargo bank referring the customer to an affiliates 
Wells Fargo Home Mortgage office.

Q.6. I am interested in something Mr. Prill has noted in his 
statement related to customer demand for mailings announcing 
sales and other promotions. Some people might view this as junk 
mail. Do you have any statistics anecdotes relating to how 
these promotional materials might be viewed?

A.6. In all direct marketing, the response rate increases when 
you are able to target the message more closely to consumers 
who are likely to be interested in the product. When interest 
rates on mortgages are low, we know our customers appreciate 
hearing from us, especially if we are able to offer them a 
preapproved loan or a streamlined process for refinancing their 
loans as a result of the relationship they have with us.

Q.7. Do you have statistics to opt out rates among customers 
that might show that customers understand their rights? Are opt 
out rates the same among all customer groups?

A.7. Wells Fargo customer opt out rates have remained fairly 
low (about 5 percent) for over 5 years, despite annual 
disclosures and extensive media attention to the subject. When 
Wells Fargo conducted research among customers and noncustomers 
to assess the readability of privacy disclosures, we learned 
that the respondents understood the disclosures easily when 
they took the time to read them, but most stated that they had 
not opted out and did not plan to because they trusted their 
banks.
    Wells Fargo's privacy policy goes beyond the GLBA in that 
we offer our customers separate choices to opt out of internal 
and external sharing, even though the only external sharing we 
do is with other financial institutions as permitted by the 
GLBA. The number of customers who opt out of external sharing 
is more than double the number who opt out of internal sharing 
only, indicating that there is a clear distinction between the 
two types of sharing and that our customers feel significantly 
more comfortable with internal sharing than with external 
sharing.
    Not all customers have a high level of concern about opting 
out, and even fewer opt out from sharing within a company with 
which they have a relationship. National consumer research 
indicates that, in general, about 26 percent of Americans have 
been identified as ``privacy fundamentalists'' (Privacy & 
American Business/Harris Poll, March 2003). Ten percent are 
classified as ``unconcerned'' and 64 percent are labeled 
``pragmatists.'' These statistics do not necessarily pertain to 
established business relationships, where the number of people 
concerned enough to take action and opt out would be expected 
to be much lower. Therefore, if the universe of consumers who 
have expressed concerns about privacy in any venue is 26 
percent, and that number is significantly reduced to eliminate 
those consumers who are less concerned or unconcerned about 
companies with which they have an established business 
relationship, then the rate of opt outs experienced within the 
financial services industry seems reasonable and appropriate.

        RESPONSE TO WRITTEN QUESTIONS OF SENATOR SHELBY
                        FROM MARTIN WONG

Q.1. What level of understanding does the average consumer have 
with respect to affiliate sharing?

A.1. The average consumer has many opportunities, from life 
experience and now from Fair Credit Reporting Act (FCRA) and 
Gramm-Leach-Bliley Act (GLB) notices, to become aware that 
financial information may be shared with affiliates for 
customer service, operational, and marketing purposes. 
Consumers expect prompt and efficient delivery of products or 
services from their financial institution and seem to 
understand that information must be shared among affiliates to 
meet those needs. Consumers also have some awareness that many 
U.S. financial service companies, for historical reasons, have 
a large number of affiliates. Consumers may become aware of 
this when they move between States and need to change homeowner 
or auto policies, or when they must take additional steps in 
order to make bank deposits from outside their home State.
    Recognizing that customers want seamless service, affiliate 
sharing programs are focused on enabling a group of affiliates 
to serve their customers in an integrated, cohesive fashion 
rather than interacting with customers in a seemingly 
disjointed and customer-unfriendly way. While some of the 
affiliate sharing is obvious to consumers, other affiliate 
sharing is not. For example, if customers access all of their 
accounts through a combined statement, transfer funds among 
accounts at different affiliates through a single ATM 
transaction, or manage their money through a consolidated web-
site, they understand--and want--information to be shared among 
affiliates. The customer may not be aware of all the legal 
vehicles that operate jointly to provide retail banking 
products to individual depositors and borrowers. For example, 
the Citibank retail banking business in the United States 
operates under 10 separate charters. Nor may customers feel a 
need to know that each of these entities may have a number of 
subsidiaries and affiliates that provide servicing for the 
loans or back office systems support, hold foreclosed property 
taken in satisfaction of debts, or act as agent in the sale of 
insurance to bank customers.
    However, customers generally expect these affiliates to 
work together and share information so that a customer from a 
Connecticut branch (Citibank, F.S.B.) can receive the service 
he or she expects when coming to a New York City branch 
(Citibank, N.A.). This service is based on the ability of the 
customer service representative to access the customer's 
deposit accounts and outstanding lines of credit on a screen in 
the branch of the affiliate, to validate the customer's 
identity, and to have efficient procedures for processing the 
request.

Q.2. Does the number of affiliates a firm has affect this 
understanding?

A.2. Customers who deal with Citigroup are aware of the fact 
that we are a global brand with many affiliated businesses. 
Citigroup promotes our ability to offer comprehensive financial 
services to customers through our affiliated business lines and 
believes that many customers choose to do business with us for 
that reason. Customer understanding is less a function of the 
number of affiliates a firm has and more a function of whether 
or not the affiliates interact directly with customers.

Q.3. What about situations where the affiliates are engaged in 
entirely different lines of business? Does it matter that a 
person recognizes that they have a relationship with a bank but 
may not know that the bank also owns a retail securities 
brokerage operation or a direct mail operation where this 
information would be used and other things?

A.3. Citigroup, as a financial holding company, only has 
financial affiliates. Citigroup's reputation is enhanced by the 
affiliates we have assembled to serve customers with banking, 
insurance, and securities products. Many of our customers have 
chosen a Citigroup company due to the breadth and 
sophistication of our product offerings. As part of each brand, 
we identify the business as a ``member of Citigroup.'' 
Moreover, GLB notices are required to make customers aware that 
affiliates may be in these other business lines.
    We understand that there are some customers who may not 
want to be solicited for products by other Citigroup companies. 
For that reason, Citigroup provides our customers with an 
opportunity to opt out so that a business does not provide that 
customer's name for solicitations to other Citigroup business 
lines. This opt out opportunity goes significantly beyond the 
FCRA and GLB opt out choices. We and other institutions offer 
these and other choices to customers as a matter of responding 
to customer needs.

Q.4. How important is a firm's brand to consumers in 
establishing their expectations with respect to the kind of 
relationship they have with a company?

A.4. Our research on our GLB privacy notice indicates that 
having a notice in line with consumer's perception of the brand 
is very important. For example, consumers know Citigroup as a 
large global company with many financial affiliates. Citigroup 
is known as a leader in marketing, as well as in information 
security and consumer choices. Consumers have found our notice 
to be in line with this perception. Citigroup may even hurt our 
reputation and stock price if we said that the company no 
longer believed in cross-selling. On the other hand, an 
institution with fewer cross-sell opportunities may use such a 
market position as a competitive difference for its own 
particular segment of consumers.
    Citigroup has found that brand names are important to 
consumers and serve as a shorthand way by which consumers can 
identify companies from whom they have received good or bad 
service in the past. This encourages them to seek those 
companies for services in the future, or to avoid them, as 
appropriate.
    Because of this, Citigroup makes a serious effort to ensure 
that our brand is well known to consumers, and that the 
attitude that consumers adopt when they see this brand is a 
positive one. From the consumer perspective, a company with one 
of the Citigroup brands is expected to perform the service the 
consumer wants regardless of what legal entities may be needed 
to provide that performance. To the consumer, it is the quality 
of the service that is crucial, not the numbers or kinds of 
affiliates involved in delivery of the product.
    Generally, it really does not make a difference to a 
customer with a Citibank credit card that his or her bill is 
processed in a legal entity designed to meet State law 
requirements in any of a dozen different States, as long as the 
company has proper controls for privacy, security, and quality. 
This is also true for nonaffiliated third parties who are 
working strictly under the company's control.
    We also find that customers expect certain performances by 
Citigroup once a customer relationship has been established. 
For example, customers expect that Citigroup would recognize 
them as a customer in whatever part of Citigroup that they 
enter, or that Citigroup can do so quickly once the consumers 
identify themselves as a customer.

Q.5. How important is that brand?

A.5. The reputation of the brand is extremely important to any 
company. That is why ``reputation risk'' is a key regulatory 
concern within financial services. This, more than specific 
laws and regulations, may drive a company's privacy practices 
within the financial services sector, which usually go well 
beyond the law. In the case of Citigroup, we put a major stake 
in the ground with our Citigroup Privacy Promise for Consumers 
as an element of our brand.
    Regardless of the numbers of affiliated entities or the 
businesses in which they engage, the consumer will remember the 
brand. If we provide good service in any of the businesses, the 
customer may be more likely to consider purchasing products of 
another Citigroup business. If we provide poor services, the 
customer will be less inclined to use the service of that 
entity or any other institution that carries our brand. 
Customers may even cancel products that they have with other 
affiliates if they are disappointed with one of them.

Q.6. Should there be safeguards, or best practices for sharing 
information within affiliates?

A.6. In addition to the restrictions on affiliate sharing 
contained in the FCRA, there are many other laws and 
regulations, as well as industry-wide and internal company 
safeguards and best practices, that govern information sharing 
for financial firms. We feel that it is most appropriate for 
specific standards to be adopted at the individual company 
level since this provides the greatest ability to 
respond to external threats that can change rapidly. If laws or 
regulations are required, these will be most useful to 
consumers if they are directed to specifically identified 
harms.
    From a sharing perspective, the most important provisions 
may fall under the information security requirements now 
required under GLB for a very broad set of financial services 
companies. For banks, these require written information 
security safeguards that are formalized and included as part of 
the regulatory examination process. These apply within business 
units and departments, as well as across third parties and 
affiliates.
    Regulators are also able to provide guidance through broad 
reputation risk and safety and soundness requirements.

Q.7. While called ``affiliate'' sharing provisions, these 
provisions actually allow companies to share information with 
entities that are outside their affiliates structures, don't 
they? Why is this necessary and does this make sense?

A.7. We understand that this question relates to the FCRA 
provision concerning the sharing of transaction and 
experiential information. However, GLB provides customers an 
opt out right for any sharing of such information with third 
parties by any entity that provides services that are 
``financial in nature.'' Our understanding is that this term 
covers any provider financial services, whether or not they 
hold a specialized license or charter to engage in banking, 
securities, insurance, consumer finance, or other financial 
activity. Thus, we are not sure that the ``loophole'' suggested 
by this question actually exists. In any event, if such a 
``loophole'' does exist, it is not one that Citigroup or any 
other entity covered by GLB could use.

Q.8. Do consumers have different concerns with respect to 
affiliate sharing versus third party sharing?

A.8. We do not have any special information on this. We think 
the answer is probably ``no'' when third parties are acting as 
our agents and marketing our own financial products. We think 
the answer may be ``yes'' when third parties are not acting as 
our agents and are marketing their own products, but this is 
likely to depend on whether the third party has appropriate 
information security standards.

Q.9. Should there be greater control over sharing information 
outside of an affiliate structure than within? In other words, 
should this provision be limited so that the only type of 
information sharing permitted is sharing within affiliated 
entities?

A.9. For financial services companies, there is already more 
control over third party sharing than there is for affiliate 
sharing. Under GLB, the notice and opt out choice covers more 
data and more purposes--even the fact that a person is a 
customer is included. In the event of an opt out, the ability 
to share transaction and experience data with third parties 
becomes very limited. There is also a ban on sharing credit 
bureau reports with third parties. Most of the sharing of 
customer information in which Citigroup engages is with 
affiliates. There are many instances, however, in which 
Citigroup has found that utilizing third parties to assist us 
in meeting certain customer requests or providing certain 
services provides a better and less expensive product for the 
customer. These third parties have legally binding contractual 
commitments to Citigroup to perform these services with the 
same confidentiality and security that Citigroup provides to 
our customers. We monitor these companies on their compliance 
with these provisions.

Q.10. Do financial institutions make underwriting decisions 
without using credit reports?

A.10. In making decisions about whether to extend credit, we 
always look for a credit report when providing unsecured loans 
or credit lines since this offers the most timely, consistent, 
and full view of the consumer.
    However, many consumers with a ``thin file'' or no credit 
report could be expected to perform well. To be fair to these 
consumers, Citigroup and other companies establish special 
programs to make credit available. The obvious case is a client 
who has done a good job of managing a checking account over a 
period of time. Another customer may meet other application 
criteria that we can confirm such as owning a home or having a 
steady job, This may qualify the customer for an appropriate 
product, perhaps starting with a small value overdraft credit 
line.
    There are also relatively rare cases in which we do not use 
a credit report, such as when executives from certain other 
countries are relocated to work in the United States for some 
period of time. Our retail bank branch may make arrangements 
with our credit card company to provide credit cards for these 
executives, since a credit card has become a necessity in the 
United States for making reservations, renting a car, or 
engaging in other consumer transactions. As a matter of 
interest, this, like any other interaffiliate agreement within 
a bank holding company, is subject to arms length negotiations 
between affiliates.

Q.11. There are a range of sharing activities that you are 
permitted to engage in under the law. Have any of your firms 
decided NOT take advantage of the full range these sharing 
activities--are there things you could do but do not do, and if 
so, why don't you do these things?

A.11. Citigroup and other companies focus their limited 
resources on items of value to their consumers and efficiencies 
to the company. This means that we share very little of what we 
are permitted to share for reasons of business efficiency, as 
well as for 
information security reasons. ``Need-to-know'' procedures and 
similar rules cause companies like Citigroup to require a good 
reason for sharing before allowing it to happen.
    Customer relationships, including information about these 
customers, are often a company's most important asset. Even 
within a large institution, each broker or banker is likely to 
be very protective of his or her clients since it may have 
taken years to build up the current level of trust.
    In terms of efficiency, when designing screens that display 
information to our staff, it is difficult enough to clearly 
show a banker or broker the volume of information they need to 
see without having screens cluttered with information from 
other internal or external sources that are not relevant to 
their business.
    In terms of marketing, a business that is focused on a 
particular portion of the population is not likely to have any 
interest in information from affiliates about consumers who are 
not part of that population because of the increased costs that 
follow processing of additional information.
    In our credit card business, we pull credit reports very 
regularly to monitor open-ended accounts. While we could reduce 
costs by pulling one report for a customer and applying it to 
all of that customer's accounts, we actually pull a report for 
each separate account. This is because the value of the credit 
bureau information starts dropping almost instantly after it is 
obtained, since the consumer may have engaged in activity that 
compromises the information that is on the report. The lost 
value from a short delay would be greater than the cost of 
pulling separate reports for these additional accounts. This is 
the case within the credit card affiliate, as well as across 
affiliates.

        RESPONSE TO WRITTEN QUESTIONS OF SENATOR BUNNING
                        FROM MARTIN WONG

Q.1. Are there simple ways to make the opt out notice clearer 
to the consumer without having to send out the long and drawn 
out privacy notices. I think that if it was clearer, whether 
that means bold print, a larger check off box, or a simple and 
precise explanation, it would eliminate some of the 
apprehension some have. Do you agree or disagree?

A.1. Citigroup agrees. However, we would like to note that we 
have received very few complaints from our customers about our 
privacy notices. Clearly, not all customers have difficulties 
understanding notices, because we have a fair amount of 
customer inquiries and opt outs, which shows that customers are 
reading and reacting to our notices.
    We also would like to note that before a company can share 
information among affiliates or with nonaffiliated third 
parties, a company must provide the consumer with a clear and 
conspicuous disclosure and opportunity to opt out. Citigroup, 
like other companies, takes this clear and conspicuous 
requirement seriously and has expended significant time and 
effort in making our own privacy choices clear and easy to 
respond to. For example, on our credit card applications, we 
currently have the selection for affiliate sharing in bold type 
next to the signature line. This is prime space on the brochure 
and is quite prominent. When the consumer chooses to open a 
credit card account by phone, we make the same clear choices 
available in our scripts. We also make the FCRA choice very 
clear in our privacy brochures that we provide at account 
opening and once per year.
    That said, we have been working with several industry 
groups to come up with ways to improve the notices to make them 
more clear and concise. This is an issue that should be 
discussed more fully in the future outside of the context of 
FCRA reauthorization. For example, there may be a benefit in 
having a consistent framework for notices that are used by both 
financial and nonfinancial companies. This may promote customer 
understanding of these notices and their use of these 
disclosures in deciding whether or not to open a particular 
account or to provide particular information.

Q.2. What unintended consequences do you foresee for some of 
the proposals that would change the current affiliate sharing 
status quo?

A.2. If a number of States would adopt opt in laws or 
requirements, it would increase the complexity of the notice 
and the difficulty of obtaining customer choice. The unintended 
consequence might well be an effective ban on information 
sharing.
    Another unintended consequence is likely to be a coerced 
reduction in the number of their affiliates simply to protect 
current methods of doing business. While this would have 
virtually no consumer benefits, it could reduce positive 
benefits that companies get from their current structure, as 
well as benefits that local communities may receive from 
locally organized affiliates.
    Those who lived through the interstate banking era may well 
remember the difficulty of managing a central back office so 
that calls from a particular area code were answered by a 
person who reported to the particular business unit in that 
State. The rules in effect at that time may have required the 
call to be transferred if the customer actually held accounts 
in a different State. Even then, there was often the need to 
ask the customer to separately call back other affiliates if 
there were multiple accounts. While some of this still occurs, 
it is generally something that customers would prefer to avoid.
    Another likely State-mandated change would be longer and 
more complex privacy notices or separate notices to customers 
in different States. Currently, for example, California 
requires a different notice to insurance customers. States are 
likely to insist on differing information in the disclosure.
    If these changes reduced the quality or consistency of 
data, these would be likely to impact many different types of 
models that depend upon the data, whether fraud scores or 
credit scores. Companies may respond by tightening lending or 
increasing borrowing costs. There are, as yet, no good opt in 
models that are likely to work for the affiliate structure that 
currently exists for U.S. financial services or for the large 
portfolios of existing customers that most established 
financial service companies have. Changes in State or Federal 
laws at this time could easily stop the developments of certain 
products. Most laws and regulations that have worked well have 
been adopted only after the market has ceased its 
experimentations and settled upon a process or a product that 
works. An example where that was not done was the short time 
frame GLB provided for companies to adopt opt out systems. Many 
companies simply abandoned third party sharing after passage of 
GLB because they were unable to meet those times frames, with 
the resulting detrimental impact on their customers and upon 
the companies' competitive position.

Q.3. What are some of the difficulties financial service 
companies might have in marketing to a community where there 
are multiple privacy standards?

A.3. In 2003, we have seen dozens of bills introduced in the 
States that would vary from the national standards established 
by the FCRA. The cost to comply with each variation would be 
significant for companies that operate nationally. Multiple 
privacy standards essentially destroy the economies of scale 
associated with national markets, which means that the benefit 
of these economies of scale cannot be passed on to consumers. 
Depending upon the significance of the market in a State, some 
companies might not find it economically feasible to market in 
some States with requirements too different or stringent. 
Additionally, we have seen an increase in municipalities and 
counties that seek to adopt their own privacy standards, making 
it even more difficult to market to consumers and serve our 
customers. Multiple standards also degrade the accuracy and 
compatibility of credit reports, which would raise the price of 
credit and limit credit availability.

Q.4. Do you think that a company that has stringent privacy 
practices (the good guys) would open itself up to unnecessary 
litigation if it has to adhere to multiple privacy standards?

A.4. Yes. Litigation is often driven by the complexity of well-
intentioned legal requirements. For example, we often face 
requirements from a statute or regulation to delete particular 
records after a short period of time. Another statute or 
regulation may require us to retain those records for a longer 
period of time. In another case, one regulator may want to give 
an advantage to local companies that do most of their business 
through branches, while another regulator may be trying to 
entice diversified national companies to enter the market. A 
single account may be under two different sets of contradictory 
regulations if one regulator focuses on where the company has 
its charter and another on where the customer lives. This can 
be further complicated as lifestyles change over time and more 
and more customers have multiple primary addresses, which 
change regularly throughout the year.
    If companies need to communicate multiple policies, these 
policies are more likely to be misunderstood by employees and 
customers, and the risk of failing to comply is exacerbated. 
This is 
especially true in the case of disclosure requirements where 
the notices may be complicated by a need to include differing 
requirements and to use different model notices. The credit 
card billing disclosures of 25 years ago included multiple 
footnotes with the differing requirements of each State and 
would be criticized today as an ineffective disclosure tool. 
This is a reasonable model of where unfettered State action 
could take us in the privacy area.
    We have already seen in the case of privacy that even 
localities, such as Daly City and the unincorporated portions 
of Santa Clara County, have imposed local requirements. 
Companies whose practices are universally recognized as 
``best'' practices may be caught off guard by variations in 
local requirements that result in expensive or impossible 
choices.

Q.5. Do you think that a company that does business in an area 
that institutes multiple privacy standards will choose to stop 
doing business in that area?

A.5. In our experience in States like Vermont, most of our 
businesses have continued to do business in the State but have 
opted customers out of information sharing which, in the 
process, has eliminated many choices for Vermont customers that 
we provide to customers in other States. At some point, this 
may result in unprofitable or unsatisfying relationships for us 
or for the customer. These could make companies consider 
terminating business in the area and prevent new competition 
from entering.

Q.6. How many consumers actually opt out of information sharing 
with affiliates?

A.6. Among Citigroup companies, the range of cumulative opt 
outs over time for affiliate sharing varies from percentages in 
the low single digits to the mid-30's. These differences are 
driven by many factors. The higher opt outs are generally found 
where the opt out has been offered for a longer period of time 
and the relationship is remote rather than face-to-face.

        RESPONSE TO WRITTEN QUESTIONS OF SENATOR JOHNSON
                        FROM MARTIN WONG

Q.1. I think a lot of us here are surprised to learn how many 
affiliates can be included in a corporate family. Would you 
please explain why your companies are structured the way they 
are, and how many affiliates actually have access to consumer 
information? For example, it is my understanding that while 
Bank of America has over 1,100 affiliates, only 20 or so of 
those affiliates actually deal with consumer information.

A.1. Citigroup has never felt that consumers care about the 
number or kinds of affiliations that exist in the Citigroup 
corporate family, nor do they care why they exist. They want 
good service provided in a timely manner, and if we can provide 
that, we feel our customers will be satisfied.
    Citigroup is a financial holding company comprised of 
approximately 1,900 affiliates, more than half of which are 
incorporated in the 100 foreign countries in which Citigroup 
operates. The majority of these affiliates are established or 
retained for legal, regulatory, or tax purposes and the number 
includes entities that are historical vestiges of outdated 
banking laws or recent mergers. Many affiliates do business 
only with Government or corporate entities or exist solely to 
house certain assets.
    Only a small percentage of these entities actually transact 
business with individual consumers, and much of the number of 
legal vehicles is the result of State licensing requirements in 
such lines of business as insurance and consumer finance 
companies. Moreover, Citigroup is limited by GLB to the 
provision of financial services in one of three lines of 
business--banking, insurance, and 
securities. For the customers who conduct business with us, our 
affiliate structure is invisible and irrelevant. Therefore, 
when viewed from the customer's perspective, Citigroup is a 
single provider of financial services.

Q.2. It has been noted today that information shared within an 
affiliated structure does not constitute a ``consumer report'' 
and is therefore not protected by the FCRA with respect, for 
example, to adverse action notices and reinvestigation 
timeframes. Would you please describe how you might use 
internal credit information, and whether this lack of 
protection might adversely affect your customers? For example, 
how might you use experience information of a credit card 
customer if that customer applies for a mortgage through your 
mortgage affiliate?

A.2. First, it should be noted that where Regulation B and the 
Equal Credit Opportunity Act (ECOA) apply, we are required to 
provide an adverse action notice whenever we take an adverse 
action. This notice must include the principal reasons for why 
this action was taken. If the basis for the adverse action came 
from information provided by an affiliate, the customer would 
be required to receive written notice in accordance with 
Section 615(b)(2) of the FCRA. On the rare occasion that 
customers want to dispute information provided by an affiliate, 
they have the opportunity to contact the affiliate directly to 
resolve the dispute.
    It also should be noted that a consumer may have more 
protection in the sharing of consumer reports among affiliates 
than they do with credit reporting agencies, since they can opt 
out of the sharing among affiliates, at least to the extent 
that the information is other than internal experience 
information. And to the extent that internal experience 
information is involved, this is the same information routinely 
shared by different departments within a single financial 
institution.
    As an example of the use of internal experience 
information, if a customer applies for a mortgage through our 
mortgage affiliate, we always pull one or more reports from the 
credit reporting agencies. If the application is by phone, we 
may use recent ``application information'' from some affiliates 
to complete the application or verify the information provided 
by the customer to reduce the time the customer may need to 
spend on the phone.

Q.3. What steps do you take with new customers to help them 
understand their right to opt out of information sharing among 
affiliates? Do you do more than just send them the privacy 
notices? Are tellers, for example, trained in any particular 
manner to help customers understand their lights?

A.3. Discussion of the affiliate opt out choice is a required 
part of the account opening process in our Citibank retail 
branches and is included in account opening scripts when credit 
card accounts are opened on the phone. We use Citibank 
financial consultants rather than tellers to explain this to 
customers. Most of our businesses have training and scripts for 
phone customer service staff who may get these questions. In 
other cases, the customer may be referred to their account 
officer, agent, or broker for an explanation.
    Citigroup spends a substantial amount of time and money, 
including on consumer focus groups to test draft notices, to 
ensure that customers do, in fact, see and understand their opt 
out rights. In some businesses, this has led us to a prominent 
display of the ``opt out'' box rather than a description of 
rights. The fact that significant numbers of our customers do 
opt out provides good evidence that customers are aware of 
their choices.
    As with other disclosures, Citigroup's success as a 
financial services company will be determined, in great part, 
by whether or not our customers trust us. If we are not 
trusted, we will lose customers, so we make every effort to 
make sure that customers understand all of our communications 
with them.

Q.4. There seems to be some disagreement about whether 
affiliate sharing is more about benefits to the company or the 
consumer. What benefits specifically flow to the customer, and 
I do not mean getting marketing fliers that are often included 
in a credit card statement.

A.4. Overall, consumers who value convenience and efficiency 
get tremendous benefits when their financial institutions can 
share transaction and experience information across affiliates. 
For example, customers can see all of their information on one 
statement, access all of their accounts at one time at the ATM 
or online, and get lower ``combined balance'' fees. Customers 
may be able to add new accounts without filling out forms and 
may easily transfer money between brokerage, banking, and 
credit accounts to minimize interest paid or as their needs or 
the market changes. As customers move from one State to 
another, they are able to keep their same financial 
relationship rather than closing all accounts and starting over 
again.
    On an operational level, institutions, like Citigroup, can 
use affiliate sharing to place holds against savings accounts 
or credit lines rather than bounce checks, saving the customer 
embarrassment and fees. The institution may be able to update 
phone numbers and addresses of multiple accounts at the same 
time. The institution also may be able to validate the customer 
across accounts using one card and one password for the 
consumer to remember.
    These efficiencies may also save the institution money, 
some or all of which may flow back to the customer. The ability 
to share information also increases competition since the 
barriers to entry are reduced. This can broaden offerings and 
offer alternatives for better service or lower prices.
    In terms of credit granting, one useful example may be a 
customer who picks up a credit card brochure in a convenient 
location and applies for the product offered. While the 
customer may have an immediate need for credit, he or she may 
apply for a product that is not appropriate to that customer's 
qualifications or needs. If, on the application, the customer 
does not opt out from affiliate sharing, the financial 
institution may be able to provide a better offer of credit 
without asking the customer to fill in a new application and 
without adding another enquiry to the customer's credit report. 
This may get customers the credit they need quickly and put 
them on the path of building a good credit rating. At Citigroup 
and at many other institutions, these different credit products 
are provided by different affiliates.
    Consumers also benefit from being able to apply for 
multiple credit products at the same time--with one application 
and one enquiry at the credit bureau. This may be a home equity 
line of credit or a credit card opened in conjunction with 
obtaining a mortgage. It also may be a credit card and an 
overdraft credit product included in the sales process when a 
customer opens a new checking account. These products are 
provided by different affiliates at Citigroup. The customer 
saves time, has fewer ``enquiries'' at the credit bureau, and 
gets a set of products that better meets his or her needs.
    Financial planning and awareness is made easier and more 
complete with an account opening procedure that looks at needs 
across deposit products, credit products, insurance, and 
securities to develop a consolidated financial plan. In the 
same way, periodic statements that include information about 
the current status of all of the products and services provided 
makes it easier for customers to see how they are doing. 
Shifting funds between various accounts and services from 
anywhere in the world as the customer determines would be 
nearly impossible without affiliate sharing.

Q.5. Do you have any data you can share with the Committee on 
how information sharing has impacted your lending practices in 
traditionally underserved communities? In particular, have you 
seen an impact on mortgage lending in undeserved communities?

A.5. To the degree that the underserved market is characterized 
by more frequent moves and thinner credit reports, the more 
accurate information we obtain, including information on 
relationships with affiliated companies, the more likely we are 
to be able to give underwriting approval.
    The Committee received much information in the recent 
hearings on how the various FCRA provisions, including 
affiliate sharing, reduce the cost of credit. Affiliate sharing 
allows us and other companies to provide lower limit credit 
cards and credit lines that can pull underserved consumers into 
the market. It should be noted that even the cost of a privacy 
brochure could be the difference between a small profit and a 
small loss on products that generate low returns. Requirements 
that lead to longer, more complex, or differing State notices 
may raise the break-even point.
    We also have programs that allow us to provide offers of 
credit to applicants who have applied for an inappropriate 
product. For example, someone may have applied for a premium 
credit card when all they want is a loan or a low limit credit 
line. We can offer applicants who have not opted out of 
affiliate sharing a product that they qualify for. This may 
start them on the path to building a solid credit history so 
that they can qualify, over time, for that premium product.

Q.6. I am interested in something Mr. Prill has noted in his 
testimony related to customer demand for mailings announcing 
sales and other promotions. Some people might view this as junk 
mail. Do you have any statistics or anecdotes relating to how 
these promotional materials might be viewed?

A.6. Response rates are, indeed, low even for true zero percent 
credit offers that could save a consumer a significant amount 
of money. Ideally, companies could better use information to 
reduce this mail volume by better identifying consumers at the 
precise times that they are ready to buy. It often takes a 
number of mailings to get a consumer to take action, even where 
the offer involves a product or service in which they have 
significant interest. Therefore, simple lack of action does not 
make this ``junk mail.''
    Companies make a significant effort to reduce the 
unnecessary volume of general solicitations through the mail. 
This could change dramatically if there were a reduction in the 
ability to share information with affiliates. For example, a 
credit card company may currently suppress mailings about 
brokerage accounts for their sister company to customers who 
already have such an account. Consumers appear to be very 
annoyed to see their company wasting money by sending offers 
for things they already have.

Q.7. Do you have statistics relating to opt out rates customers 
that might show that customers understand their rights? Are opt 
out rates the same among all customer groups?

A.7. Some of our Citigroup businesses have unique experience 
because they have had marketing opt outs in place for more than 
15 years. This has been in the form of an annual notice and opt 
out form sent to credit card customers providing a method to 
opt out from promotional phone calls or mail. While the 
response to a particular notice may be low, this accumulates, 
over time, to a significant portion of the portfolio.
    In the case of Citigroup's opt out for information sharing 
across affiliates and third parties, the wide variations in opt 
out rates for different Citigroup affiliates show that 
customers are aware of their rights and take an action that is 
appropriate to the relationship with the company. Among 
Citigroup companies, the range of cumulative opt outs over time 
for affiliate sharing varied from percentages in the low single 
digits to the mid-30's. These differences are driven by many 
factors. The higher opt outs are generally found where the opt 
out has been offered for a longer period of time and the 
relationship is remote rather than face-to-face.

         RESPONSE TO WRITTEN QUESTIONS OF SENATOR DOLE
                        FROM MARTIN WONG

Q.1. In Ms. Brill's statement she mentioned that Vermont law 
does not allow for affiliate sharing except for ``transactions 
or experiences.'' Can you tell me how this affects the service 
you provide to your customers in Vermont? Do your institutions 
actively seek customers in Vermont?

A.1. The relevant regulations in Vermont only became applicable 
to Citigroup and other national lenders in 2001. The response 
of Citigroup and other national creditors to these regulations 
has been to automatically opt out all Vermont customers from 
programs that would require affiliate sharing or third party 
sharing, because the cost of an opt in regime is prohibitive. 
Thus, the new regulations, rather than enhancing the privacy 
choices of Vermont customers, have, in fact, ended up limiting 
their choices.

Q.2. Ms. Brill mentions that despite extensive regulation in 
this area by Vermont and several other States, the economies 
have not been adversely affected. Indeed, Vermont consumers 
face some of the most favorable conditions for loan rates in 
the country. Can you explain why the restrictive laws in 
Vermont have not resulted in higher loan rates?

A.2. The new Vermont regulations have only been in place for 
about 16 months, so it is too early to draw any conclusions 
about the long-term effect of the change. From our perspective, 
as we have said, we do not provide offers to Vermont customers 
that require affiliate sharing. Therefore, Vermont consumers 
have fewer choices available to them. As for the loan rates 
that Vermont residents are paying, it appears likely that 
Vermont residents have so far continued to enjoy the benefits 
of a national uniform credit market. However, if every State 
made significant and inconsistent changes to the way this 
national market functioned, it is likely that none of the 
citizens of the U.S. could enjoy the benefits of a national 
uniform credit market.

Q.3. Some of my colleagues have made the point that some banks 
have thousands of affiliates, Ms. Prill also lists the number 
of affiliates for KeyCorp and Citigroup in her statement. Can 
you explain why this is and how many of these affiliates 
actually deal in customer information?

A.3. Citigroup has never felt that customers care about the 
number or kinds of affiliations that exist in the Citigroup 
corporate family, nor do they care why they exist. They want 
good service provided in a timely manner, and if we can provide 
that, we feel our customers will be satisfied.
    Citigroup is a financial holding company comprised of 
approximately 1,900 affiliates operating in more than 100 
companies. Of those subsidiaries, fewer than 50 percent operate 
in the United States. The majority of these affiliates are 
established or retained for legal, regulatory, or tax purposes 
and the number includes entities that are historical vestiges 
of outdated banking laws or recent mergers. Many affiliates do 
business only with Government or corporate entities or exist 
solely to house certain assets.
    Only a small number of these entities actually transact 
business with individual consumers, and all of them are limited 
by GLB to the provision of financial services in one of three 
lines of business--banking, insurance, and securities. For the 
customers who conduct business with us, our affiliate structure 
is invisible and irrelevant. Therefore, when viewed from the 
customer's perspective, Citigroup is a single provider of 
financial services.





                       ACCURACY OF CREDIT REPORT
                          INFORMATION AND THE
                       FAIR CREDIT REPORTING ACT

                              ----------                              


                        THURSDAY, JULY 10, 2003

                                       U.S. Senate,
          Committee on Banking, Housing, and Urban Affairs,
                                                    Washington, DC.

    The Committee met at 10:02 a.m. in room SD-538 of the 
Dirksen Senate Office Building, Senator Richard C. Shelby 
(Chairman of the Committee) presiding.

        OPENING STATEMENT OF CHAIRMAN RICHARD C. SHELBY

    Chairman Shelby. Good morning.
    The Committee will come to order. Today, we take up one of 
the most important issues, if not the most important, 
associated with the Fair Credit Reporting Act: The accuracy of 
the information contained in consumer credit reports. Changes 
in our financial services industry have made accuracy more 
important than ever. Credit report information is increasingly 
used as the key determinant of the cost of credit or insurance. 
By way of risk-based pricing, gone are the days when lenders 
merely lumped borrowers into the ``qualified'' or 
``unqualified'' category. The use of risk-based pricing allows 
lenders to extend credit to a broader range of borrowers 
predicated on the assumption that borrowers receive credit 
terms which are commensurate with the credit risk that they 
pose. As a result, credit report information has a direct 
impact on the amount and the interest rates at which credit is 
offered.
    With respect to large credit transactions, such as 
mortgages, rate differences can translate into hundreds of 
thousands of dollars over the course of a loan. Even in smaller 
dollar credit transactions, such as credit cards, rate 
differences can mean large amounts of money. Furthermore, with 
the practice of credit card companies reviewing credit reports 
and adjusting rates in real time becoming more prevalent, the 
application of risk-based pricing to consumer finances is 
practically an everyday event.
    Let me try to further illustrate these points, and we have 
some charts here. The first chart, Chart 1 *, provides some 
rough indication as to the effects that particular entries on a 
credit report can have on a person's credit score or 
creditworthiness. As indicated, some entries, such as 
bankruptcy filing, can greatly reduce a person's 
creditworthiness. You can see the numbers from the chart here 
that Mr. Oesterle is holding.
---------------------------------------------------------------------------
    * This chart is included in Chairman Shelby's prepared statement on 
pg.400.
---------------------------------------------------------------------------
    There is nothing wrong with this. Consumers who have failed 
to pay their debts, again, do pose a considerable risk to 
creditors, and we need to acknowledge that. But what if a bad 
rating is based on inaccurate information? What if you had 
never been bankrupt and such an item appeared on your credit 
report?
    Now I just want to reference Chart 2 *. The second chart 
highlights the spreads in interest rates that people with 
differing credit scores would pay for some sample products. As 
the chart shows, the differences are very real. So are the 
financial consequences. For example, consider the cost 
differences for a $200,000, 30-year fixed mortgage. A borrower 
classified as a ``marginal risk'' pays almost $90,000 more in 
interest than someone with an excellent credit rating. Someone 
classified as a ``poor'' credit risk would pay $124,000 more in 
interest than the person with excellent credit.
---------------------------------------------------------------------------
    * This chart is included in Chairman Shelby's prepared statement on 
pg.401.
---------------------------------------------------------------------------
    Credit rating matters for other transactions as well. 
Someone financing a $24,000 new car with a ``marginal'' rating 
can expect to pay 127 percent more in interest, about $3,300, 
than a person with excellent credit. Someone with ``poor'' 
credit can expect to pay 255 percent more in interest, about 
$6,700 more. Again, what if the information that leads to a bad 
credit rating is inaccurate?
    With the rewards for good credit so meaningful and the 
penalties for bad credit so severe, it is absolutely critical 
that credit reports accurately portray consumers' true credit 
histories, thus the focus of today's hearing: Examining the 
Fair Credit Reporting Act and the operation of our credit 
markets to determine whether or not the present system provides 
optimum accuracy.
    With a system as large and complex as ours, involving the 
transfer of billions of pieces of information, it is almost a 
certainty that there are going to be some errors which occur. 
On the other hand, the credit reporting agencies are paid to 
properly handle the data. And furnishers, who also happen to be 
the largest consumers of credit report information, take 
advantage of the efficiencies provided by the system. Both 
derive significant benefits from this system. Both also have a 
significant responsibility to get things right.
    So let us consider: How and why do errors occur in credit 
reporting? Can more be done to prevent errors in the first 
place? If some errors are not preventable, does the system 
enable them to be quickly recognized? Who most efficiently 
recognizes them? And once recognized, does the system work to 
ensure that errors are quickly corrected?
    I look forward to examining these questions with the 
witnesses.
    Senator Sarbanes.

             STATEMENT OF SENATOR PAUL S. SARBANES

    Senator Sarbanes. Mr. Chairman, thank you very much, and 
thank you for holding this hearing on accuracy in credit 
reporting. Accuracy of credit report information is integral to 
our reporting process. In fact, the Fair Credit Reporting Act's 
first finding is that, ``The banking system is dependent upon 
fair and accurate credit reporting.'' The Act goes on to say, 
``Inaccurate credit reports directly impair the efficiency of 
the banking system, and unfair credit reporting methods 
undermine the public confidence which is essential to the 
continued functioning of the banking system.''
    That is right out of the Act itself. And yet, credit report 
inaccuracies continue to plague consumers. The U.S. Public 
Interest Research Group has conducted several studies with 
respect to credit report accuracy, and in their most recent 
study in 1998, found that 29 percent of the credit reports 
which they studied contained serious errors that could result 
in a denial of credit. Now, this morning we will hear, on the 
second panel, from the Consumer Federation of America, who, I 
understand, examined credit scores and reports from all three 
major credit repositories and found that inaccuracies remain a 
significant problem in consumer credit reports.
    The fact is, we need much better information regarding the 
accuracy of credit reports.
    Erroneous negative information on credit reports can often 
take a significant investment of time and money to remove. 
Errors can also be very costly to consumers by significantly 
raising borrower costs. Not only do such inaccuracies raise the 
cost of borrowing, but they may also actually cost the consumer 
the loan. Insurers, mortgage banks, and other financial 
institutions rely heavily on credit scores to make credit 
decisions. Inaccuracies in the underlying credit reports can, 
therefore, make it more difficult and significantly more 
expensive for Americans to purchase insurance, homes, cars, and 
other big-ticket items.
    Our first witness this morning is Chairman Muris from the 
FTC. As you may know, Chairman Muris, Mr. Beales, the Director 
of the FTC's Consumer Protection Division, has testified at two 
of our previous hearings. At our identity theft hearing, I 
mentioned to him that I considered it essential that we hear 
some recommendations from the FTC on ways to improve some of 
the problems that we have been hearing about with respect to 
the Fair Credit Reporting Act. There are a number of interested 
parties who believe that additional regulatory and enforcement 
authority is needed by the FTC to administer the FCRA. In 
addition to credit report accuracy, I hope that you will 
address this issue, as well as a number of other issues that 
have been brought to the Committee's attention, including: 
Alleged marketing abuses, the prescreening process, lack of 
financial privacy, risk-based pricing, and the use of credit 
scores for insurance purposes, among other issues.
    Mr. Chairman, I look forward to FTC Chairman Muris' 
testimony, and I also look forward to the testimony that will 
come from the second panel. And in case I am not here at the 
moment that second panel begins, I want to take a moment to 
welcome Evan Hendricks, a resident of the State of Maryland. 
Mr. Hendricks was the Founder of the Privacy Times newsletter, 
has been its Editor for 23 years, and has testified before 
Congress a number of times on Fair Credit Reporting Act issues. 
His expertise has been helpful in the past, and I am sure will 
continue to be helpful as the Committee examines the 
functioning of the credit reporting system and the ways in 
which consumers' credit reports are affected.
    Thank you very much.
    Chairman Shelby. Senator Dole.

              STATEMENT OF SENATOR ELIZABETH DOLE

    Senator Dole. Thank you, Mr. Chairman.
    The accuracy of credit reports is a key issue, of course, 
for us to examine as we consider reauthorizing the Fair Credit 
Reporting Act. And I thank you, Mr. Chairman, for giving us 
this opportunity to review and discuss these issues in greater 
detail.
    Under the Fair Credit Reporting Act, credit bureaus must, 
``Assure the maximum possible accuracy of the information 
concerning the individual about whom the report relates.'' 
However, in recent hearings, we have heard anecdotes about the 
harm caused to consumers who have had false information on 
their credit reports as a result of mistakes or fraud. It is my 
hope that as part of this effort, we can agree upon positive 
steps to ensure greater accuracy in credit reports.
    Recently, my staff and I purchased copies of our credit 
reports, as well as sample credit scores as preparation for our 
work on this issue. I was pleased to discover that my credit 
reports were entirely accurate and easy to understand. All of 
the information contained in the report was, in my opinion, 
appropriate and necessary. In addition, the sample FICO credit 
score gave simple and understandable explanations for the 
factors used in its determination.
    We have, of course, heard testimony before this Committee 
on the problems some consumers have faced with respect to the 
credit bureaus. And, particularly, Captain John Harrison, a 
victim of identity theft, described to us on June 19 how 
information that had been removed from his credit report 
reappeared later. One of our goals here should be to do all we 
can to prevent such things from happening in the future. These 
errors can truly wreak havoc in a person's life, with effects 
that can linger for years or for a lifetime.
    One positive sign that we are making progress was the truly 
bipartisan Fair Credit Reporting Act reauthorization bill that 
was recently introduced in the House. This proposal contains 
provisions that address many of the concerns voiced by consumer 
groups and the industry. The Administration also recently 
announced that it supports much of this approach, leading me to 
believe that we are well within sight of being able to sign off 
on a positive, consensus-based approach to reauthorization.
    I want to take a moment to welcome Chairman Muris from the 
Federal Trade Commission who is with us today. As an alumnus of 
the FTC, it is a special pleasure to hear from you this 
morning.
    And, Mr. Chairman, I stand ready to work with you and the 
rest of our colleagues as we move toward achieving our goal of 
reauthorization this year.
    Thank you.
    Chairman Shelby. Senator Johnson.

                STATEMENT OF SENATOR TIM JOHNSON

    Senator Johnson. Mr. Chairman, thank you for holding 
today's hearing on the accuracy of credit reporting information 
and the Fair Credit Reporting Act. Welcome to Chairman Muris 
and the second panel.
    As I have noted in past hearings, the last thing our 
weakened economy needs is a blow to the credit-granting system. 
In fact, Treasury Secretary Snow stated yesterday that if the 
national standards were to expire and States adopted new laws 
currently under consideration, a minimum of 3.5 percent of 
loans now approved would be denied to maintain the same level 
of credit risk. That translates to at least $270 billion of the 
current total of just under $8 trillion in consumer credit 
outstanding could be in jeopardy, according to Secretary Snow.
    So, Mr. Chairman, I thank you for focusing our attention on 
America's credit-granting system. The reason credit is so 
widely available and so affordable is due in large part to the 
amount of data available to lenders and other users of credit 
reports. Quantity is no substitute for quality, and I hope we 
can work together to make any adjustments to the underlying 
statute to increase the quality of the data without creating 
unintended consequences that deter data furnishers from 
participating in the system.
    I am very pleased that the Administration and the FTC have 
now taken a public position in favor of permanently extending 
the preemption provisions of FCRA. I think a number of us on 
the Committee were beginning to feel a little sorry for Mr. 
Beales who appeared before us a couple times to tell us about 
how well FCRA is working, but was unable to say whether it 
might be better to let the California Legislature write the 
statute for us.
    I hope that Chairman Muris will spend some time today 
talking about how our system would change if we lose uniformity 
of credit data. However, I am sure we all agree that the last 
thing we want is a uniformly bad system, which is why we need 
to look hard at the current statute to determine whether 
changes need to be made.
    I have read Mr. Jokinen's testimony, and I am pleased to 
see him alive and well before us. And while Mark Twain might 
have chuckled over reports of his untimely death, it is no 
laughing matter when those reports deprive you of historically 
low mortgage rates and cause very real emotional damage in the 
process of correcting the information.
    I regret that we do not have any data furnishers with us 
today. It sounds to me as if the breakdown in Mr. Jokinen's 
case may have had more to do with the data furnisher than with 
the credit bureau. But what is clear is that the system failed 
this witness, and we need to figure out if the statute itself 
is at fault or if we need to focus on enforcement. Clearly, 
there is enough blame to go around, and the fact is everyone 
benefits from accurate data.
    So, I look forward to working with you, Mr. Chairman, and 
other Members of the Committee on a quick and responsible 
reauthorization process. Again, I have conflicting, overlapping 
committee hearings, including markups going on. I may not be 
able to stay as long as I would like. But, I thank you for 
conducting this hearing.
    Chairman Shelby. Senator Enzi.

              STATEMENT OF SENATOR MICHAEL B. ENZI

    Senator Enzi. Thank you, Mr. Chairman. I appreciate your 
holding this hearing and the other hearings that you are 
holding to steadily move us toward a consensus on getting this 
important reauthorization done. The accuracy of financial 
information collected, maintained, and delivered by the credit 
reporting agencies is vital to ensuring the integrity of our 
entire financial system. I was very pleased to hear Secretary 
Snow of the Department of the Treasury announce last week that 
the Administration supports making free credit reports 
available annually to consumers.
    This will go a long way to helping consumers to understand 
what information is retained by the credit reporting agencies, 
to see if there are any inaccuracies in the information, and to 
correct that information. The accuracy and timeliness of the 
information will help consumers, merchants, and financial 
institutions to stem the explosion of identity theft crimes.
    I also want to mention two articles that I believe 
highlight the problems that we face with identity thefts. The 
first article was a front-page article in The Wall Street 
Journal on May 1 entitled, ``A Tussle Over Who Pays For Credit 
Card Theft--Retailers Stuck With the Bill, Say Issuers Lack a 
Reason To Fight.'' The second appeared recently--in fact, last 
weekend--in Parade magazine.
    I am concerned about the situations highlighted in The Wall 
Street Journal article where victims of identity theft struggle 
to retain their identities and the credit card industry appears 
to offer little help in pursuing the criminals. Further, it is 
troublesome that the retailers, most likely small business 
retailers, may get stuck with the cost of the crime. The 
financial cost of identity theft is growing at a very alarming 
rate, and we have to find ways to encourage credit card 
companies to track down fraudsters and help retailers recover 
damages. Therefore, I would like to hear from Chairman Muris as 
to what the Federal Trade Commission is doing to bring credit 
card companies to the table and what the Commission is doing to 
help small retailers cope with identity theft.
    With regard to the Parade magazine article, my colleagues 
will remember--and Senator Dole already mentioned--Captain John 
Harrison who had testified at the June 19 hearing. The article 
illustrates the trauma that Captain Harrison has experienced as 
a victim of identity theft since July 27, 2001. For nearly 2 
years, Captain Harrison has been trying to clear his good name. 
That means closing over 60 fraudulent accounts that range from 
credit cards to checking accounts to utilities. And, those are 
just the ones he knows about. Captain Harrison is still 
learning about open and damaging accounts.
    He is just one individual whose life has been turned upside 
down. There are a hundreds of thousands more out there, and we 
have to do something to help these victims.
    Last year, Senator Cantwell and I introduced a bill that 
would assist victims in reclaiming their identities. The bill 
passed unanimously in the Senate last November. It did not pass 
the House, however, and I would like to work with our esteemed 
Chairman to ensure that parts of that bill are reauthorized in 
the Fair Credit Reporting Act. Some of these parts may be 
similar to the changes proposed by the Administration relating 
to accuracy of information in a consumer's file. I am 
particularly interested in the Administration's proposal 
related to the blocking of files and reinvestigations by 
resellers. Senator Cantwell and I worked last year with all of 
the stakeholders to address these issues in our bill, and I 
would appreciate the opinion of Chairman Muris and the other 
panelists on the Administration's proposal.
    In addition, I believe we need to discuss the accuracy of 
consumer's data when the consumer is also a small business. 
According to the Small Business Administration, there are 
millions of small businesses that are sole proprietors. Over 
the past decade, there has been a very good campaign on the 
part of financial institutions to market products and services 
to small business owners. This has made credit available to 
many sole proprietors that otherwise would not have been able 
to obtain credit elsewhere. I would like to hear from today's 
witnesses as to how we can maintain the accuracy of consumers' 
financial information if the consumer also owns a business.
    Thank you, Mr. Chairman, for holding this hearing. I look 
forward to hearing from the witnesses.
    Chairman Shelby. Senator Carper.

              COMMENTS OF SENATOR THOMAS R. CARPER

    Senator Carper. Mr. Chairman, thank you. To my colleagues, 
to our witnesses, and other guests, welcome. Chairman Muris, 
good to see you. Thank you for joining us today.
    I just want to mention briefly three principles that I 
think we will all be able to subscribe to as we approach 
today's hearing. One of those principles is the need for 
accuracy of credit reports and something that is essential, 
first of all, to consumers. The second principle would be that 
accurate reports are also of a great benefit to those who grant 
credit. And, finally, the belief that absolute accuracy cannot 
be achieved; however, the system should have as few errors as 
possible. And the system that we are working with here and 
refining here should make it easier for consumers to correct 
errors in their credit reports.
    I think those are three good principles that we can all 
subscribe to, and I am encouraged with the announcement by the 
Administration of their position on these issues. Today, we are 
going to make a step forward toward reaching those principles. 
I am encouraged that the House legislation has been introduced 
and is starting to move. It will be helpful toward that end.
    Finally, we have had quite a few hearings with respect to 
FCRA, and they have been enlightening and educational. And I 
suspect that this will be true today.
    Thank you, Mr. Chairman.
    Chairman Shelby. Senator Bennett.

             STATEMENT OF SENATOR ROBERT F. BENNETT

    Senator Bennett. Thank you very much, Mr. Chairman. All of 
us are very much in favor of accuracy within the credit bureaus 
and the information that is reported. I want to change the 
focus just a little in my opening statement to accuracy of 
studies.
    Senator Sarbanes quoted a study that said 29 percent of the 
credit records contained errors. There is a 1992 study 
commissioned by the Consumer Data Industry, which is the trade 
association group, that says the error rate is 0.2 percent. 
There is a 1998 study conducted by the U.S. Public Interest 
Research Group that says the error rate is 70 percent.
    That is a pretty wide range, a 0.2-percent error rate or a 
70-percent error rate or a 29-percent error rate. If we are 
going to legislate to try to bring down the error rate, we have 
got to know what the error rate really is. And these kinds of 
studies are all over the place. To go from 0.2 percent, some 
will say that is suspect because it was a study commissioned by 
the industry itself; to 70 percent, I frankly think that is 
obviously suspect, commissioned by someone who may hate the 
industry. We need to know exactly what the error rate is.
    Furthermore, Mr. President--Mr. Chairman. Sorry, a Freudian 
slip with all the other colleagues around here.
    [Laughter.]
    We need to know accurately what an error is. I will give 
you an example out of my own life. We moved in Salt Lake City, 
and when you do that, you call people up and tell them that you 
have moved, and they put a new address on your bill. No matter 
how hard I try, I am unable to get the Salt Lake City 
Corporation to bill Robert F., as in Frank, Bennett. They 
insist on billing Robert S., as in Sam, Bennett. Someone heard 
that as an ``S'' over the telephone when we changed our 
address, and that constitutes an error.
    Now, it could be a very serious error in that there might 
be a Robert S. Bennett out there who is rampaging around the 
credit world and I do not want to be associated with him. On 
the other hand, I really do not think that the fact that my 
water bill is addressed to Robert S. Bennett at 1224 11th 
Avenue, Salt Lake City, Utah, when it really is Robert F. 
Bennett at that address constitutes an error that justifies 
Federal legislation.
    So as we examine this whole question of the error rate in 
these databases, we need to know what kind of errors we are 
talking about, and we need to be able to separate those that 
are incidental from those that do constitute a threat to our 
identities.
    The only piece of data that I have been able to find out 
that I think moves in the direction of giving us an accurate 
picture of what is going on is information that we have had 
from the FTC, and I simply repeat it here. The FTC reports that 
they receive approximately 2,000 complaints per year per 
bureau--since there are three bureaus, that is 6,000 error 
complaints--out of a database of 600 million.
    Now, I realize that not every error by any means gets 
reported to the FTC. But those that felt concerned enough about 
the errors that they contacted the FTC gives us 6,000 on a 
database of 600 million, which is 0.001 percent. Perhaps more 
significant than this number is the fact that in 1990, the FTC 
was receiving 10,000 complaints per year per bureau. So over a 
decade, we have seen the complaints on errors go from a total 
of 30,000 down to 6,000 as far as the Feds are concerned.
    Now, this is not a survey. This is not a study. This is not 
a poll. These are actual complaints coming into the Federal 
Government that signify the trend is going in the right 
direction. Six thousand is one-fifth of 30,000. So, in 10 
years, we have had an 80-percent improvement rate in the 
complaints to the FTC while the granting of credit has gone up 
dramatically. I think that says that the Fair Credit Reporting 
Act has done a pretty good job.
    Now, having said that, I am as concerned about making sure 
that the database is accurate as anyone else on this Committee. 
But I think as we pursue the goal of getting a higher rate of 
accuracy, we need to do so against the background of accurate 
information about what the problem really is and how bad it is.
    Thank you.
    Chairman Shelby. Senator Dodd.

            STATEMENT OF SENATOR CHRISTOPHER J. DODD

    Senator Dodd. Thank you, Mr. Chairman. I ask that my 
prepared statement be included in the record.
    Chairman Shelby. Without objection, it is so ordered.
    Senator Dodd. I think most of the comments that I would 
make have been included, just striking the balance. Thank you, 
Mr. Chairman, for holding this hearing. It is extremely 
important. All of us as we travel around, no matter where we 
go, the issue comes up about whether or not we are going to 
reauthorize the FCRA, when we are going to do it, and what is 
it going to look like. I think these hearings are tremendously 
helpful, and I want to commend you. We have already listened to 
a lot of people and we are going to hear from some wonderful 
witnesses today who will share with us their views and thoughts 
on this very important subject, and that is tremendously 
worthwhile. As we move into an economy that requires some 
straightening out, credit is going to be even more important in 
terms of getting back on its feet again. So having a level of 
confidence that people will need is going to be essential.
    I appreciate my colleague from Wyoming mentioning Captain 
Harrison, my constituent from Connecticut, who gave eloquent 
testimony. His is certainly an incredible case. What he has 
been through is just stunning to identity theft issues. We know 
this may be an extreme case, but I think most people recognize 
that it probably occurs far more often than we all like to 
admit, even though studies may vary about the percentage of 
incidences.
    I just want to end on the note that the Treasury Department 
is moving in the right direction, and I want to commend them. I 
spend a lot of time saying what I think the Treasury Department 
is doing wrong, but in this case, I think the Treasury 
Department deserves some credit for its recent recommendations 
dealing with consumer protections. For example, it is right, I 
think, to suggest that consumers should have the right to free 
copies of their credit reports and credit scores so that they 
can identify the problems for themselves. Obviously, you can 
solve a lot of problems if you can have a chance to look at 
your own stuff and think something is wrong. That would seem to 
be helpful and positive, and I commend them for it.
    I also agree that we need to strengthen the protections 
against fraud, identity theft, and the like that they have made 
recommendations on. So, I am anxious to hear what other 
thoughts can be offered to us as we try and fashion this 
legislation. I think what Senator Carper said makes a lot of 
sense. Those are pretty good standards by which to judge how we 
are progressing here. There is the realization you are not 
going to have a perfect system, and any hopes of achieving that 
should be put aside immediately. But today with our technology 
and sophistication, we can do a better job all the time in 
guaranteeing that, to the extent possible, the consumers are 
being protected by accuracy of information that determines 
whether or not they are creditworthy.
    Again, Mr. Chairman, I thank you for your efforts.
    Chairman Shelby. Senator Crapo.

                STATEMENT OF SENATOR MIKE CRAPO

    Senator Crapo. Thank you, Mr. Chairman. As Senator Dodd 
indicated, most of--in fact, all of my thoughts have been very 
well stated by other Members of the Committee, so I will be 
brief.
    I want to thank you for not only this hearing, but the 
series of hearings that you are holding on this legislation 
because I think they have helped us to focus very well on the 
issues at hand.
    I have said before that I think our primary obligation here 
as we approach this legislation is to make certain that we 
protect the credit reporting system that we have in the United 
States today, which is the envy of the world and is the 
backbone and a strong part of our economy. In fact, I think the 
statistics I have seen indicate that something like three-
fourths of all American households are involved in some way 
with the credit system in this country, and that frankly to me 
sounds like it might be a little bit low, either in the 
mortgage credit system or in the consumer loan system.
    As I approach this, we have already had hearings on 
identity theft and a number of other issues that directly 
relate to the issues we have before us here today. But it seems 
to me that we want to make sure that the information that we 
are dealing with in our credit reporting system is complete, 
that it is accurate, that it is accessible by consumers, that 
it is understandable by consumers so that those who are dealing 
with their own credit information--whether it is in the context 
of identity theft or just in terms of a report that they are 
getting in terms of a credit transaction or just in terms of 
checking their credit rating--that they understand what it is 
that they are dealing with, and that it is fixable when errors 
occur. So that when a consumer finds that there has been a 
problem, whether it is a minor problem like Senator Bennett has 
identified or a major problem like an identity theft problem, 
or simply poor reporting or poor standards or poor procedures 
by the reporting agency, that it is fixable. And I think that 
means we might need to look at modernizing our dispute 
resolution process and some of the other ways that we address 
these issues.
    Finally, I think we need to make sure that the adequate 
protections are in place to assure that we do not have identity 
theft or fraud or inappropriate reporting mechanisms and that 
the entire industry, including the consumers, understand how 
the system works and are able to work with it easily.
    So, again, Mr. Chairman, I thank you for holding these 
hearings, and I look forward to working with you as we craft 
this legislation.
    Chairman Shelby. Thank you, Senator Crapo.
    Senator Stabenow.

              STATEMENT OF SENATOR DEBBIE STABENOW

    Senator Stabenow. Thank you, Mr. Chairman. I have a 
complete statement that I would ask to have placed into the 
record.
    Chairman Shelby. Without objection, it is so ordered. It 
will be in the record.
    Senator Stabenow. Thank you. Just a couple of comments.
    First, welcome, Mr. Chairman. We appreciate your being here 
and your work, and I would share the same concerns my 
colleagues have and as Senator Crapo just indicated in terms of 
what this is all about: accuracy of information for consumers, 
the ability to maintain a system that is the envy of the world. 
And we certainly want to extend, I believe, not only the 
existing provisions of the Act in a timely manner, but we also 
need to use this opportunity to look for ways to improve areas 
where there may be problems and concerns. So, I welcome your 
thoughts on that today. This is really our opportunity to do 
that. And when there is a problem for consumers, we want to 
make sure that it can be addressed quickly, that there is a way 
for us to remedy problems with our own credit reports or others 
that we represent.
    Mr. Chairman, I did just want to also mention on another 
front that one of the best ways, I think, in the long run that 
we can help on these issues is through making sure that we all 
have the education and financial literacy that we need in order 
to be educated, active consumers. Senator Enzi and I are 
working together on some legislation that we hope to bring to 
you and work with the Committee on. I know Senator Corzine is 
working on this issue, and other Members of the Committee. But 
I think it is important that provisions that move us forward on 
financial literacy are also a part of what we are doing in 
making sure that we are all educated consumers in using 
information in order to protect our own interests and our own 
financial situation.
    Thank you, Mr. Chairman.
    Chairman Shelby. Senator Allard.

               STATEMENT OF SENATOR WAYNE ALLARD

    Senator Allard. Mr. Chairman, thank you. I have a full 
statement I would like to make a part of the record.
    Chairman Shelby. It will be made part of the record.
    Senator Allard. I want to just make a couple of brief 
comments.
    First of all, I would like to associate myself with the 
comments of the Senator from Idaho, but I would add a couple of 
things. We are all human, and errors do occur. I think when 
errors do get into a credit report, we need to find ways that 
those errors can be expeditiously purged from the public 
record. So often an error is recorded by one group but it gets 
dispersed throughout the entire system. Other systems record 
this error and, it reemerges again. I hope that some time and 
thought is given to recorded errors. I also hope we can look at 
how that error can be readily purged so the consumer gets that 
mistake eliminated from the record and is able to move on with 
their own personal lives and investments.
    The second comment I would make is that earlier this week, 
Senator Schumer and I drew up a piece of legislation on 
disclosure of credit scores. I think full transparency of 
credit scores is important so that the consumer--if there is 
something impacting their credit, can respond to it. There are 
things that go into a credit score that, frankly, when I found 
out about them, I was surprised. I think a lot of consumers are 
unaware of the factors that make up their credit score. For 
example, if a customer is informed that their interest rate is 
higher than ordinary; or they get turned down, they do not know 
how to take the necessary steps to make themselves qualify 
again for a lower interest rate or a loan.
    These are two additional comments I wanted to make, and 
thank you, Mr. Chairman.
    Chairman Shelby. Senator Corzine.

               COMMENTS OF SENATOR JON S. CORZINE

    Senator Corzine. Thank you, Mr. Chairman.
    I want to congratulate you on the thoughtful way of 
approaching this overall issue. I think it is important that it 
get fleshed out in its fullness. I think we all recognize how 
important this is to each individual life. I think about two-
thirds of our economy is driven by consumer activities. It even 
rises at certain points in time. And this is an enormous area 
of concern, and when you have the range of variables that 
Senator Bennett talked about of errors, I think we should 
understand how much that actually translates into individual 
life experience.
    I think the only other comment I would make--and I hear 
this over and over. This is an interconnected element of 
activity. Accuracy ties to identity theft, which ties to 
financial literacy, which ties to credit scores. And we should 
be thinking about this in a comprehensive way as opposed to 
piecemeal. And I think like many other Senators, I have pieces 
of this with respect to financial literacy, and with respect to 
questions on identity theft. Frankly, I think there is a need 
for this to be brought together in a comprehensive format so 
that we aid the consumer on a complete basis.
    Thank you.
    Chairman Shelby. I appreciate your remarks.
    Senator Schumer.

            STATEMENT OF SENATOR CHARLES E. SCHUMER

    Senator Schumer. Thank you, Mr. Chairman. Again, I want to 
add my kudos to you and Ranking Member Sarbanes for the 
careful, thoughtful, and thorough way these hearings are being 
conducted on one of the most important pieces of legislation 
that will be before us, the FCRA.
    I think of all the hearings we have had, this one may be 
the most important, at least in terms of its impact on the 
average person's life, and that is the accuracy of the 
information in his or her credit report. Our laws and 
principles make it clear that the reporting agencies have a 
responsibility to maintain accurate information. And on top of 
this obligation, there is the pressure of the market. Companies 
want accurate information. They do not want it to be too high 
or too low. It does not lead to their best economic interest.
    But as Senator Allard mentioned, there is an additional 
check and balance that we must have in the system. Consumers 
should have a right to review their credit information and the 
right to have that information corrected when it needs to be. 
After all, they have the most at stake from inaccurate 
information, and we have found that in our financial systems, 
when there is transparency, the opportunity for abuse is lower. 
And that is why Senator Allard and I introduced this week 
legislation that will provide our national credit system with 
more transparency. Our bill is called S. 1370, the Consumer 
Credit Score Disclosure Act of 2003. Hopefully we can add it to 
FCRA at some point and not move it along separately. But 
whatever the Chairman would please--I think I speak for Wayne, 
as well--would be fine with us.
    Let me just give my colleagues a little bit of detail about 
this, and I will be quick.
    Right now, people get a credit report, and it is a complex 
formula, but it is the credit score that matters most. The 
score determines whether a loan is made and at what rate. 
Often, people only know the number of their score. They do not 
know the factors that went into the number, how different 
information in their credit report was weighed. It is like a 
black box. And the stakes are very high here. Nearly 80 percent 
of all mortgage lending decisions now use credit scores. 
Specifically, lenders use the score to determine whether to 
extend a loan to an applicant and to make pricing decisions 
regarding the terms of the loan. For most families, we all know 
buying a home is the biggest financial move they make. Credit 
score, the principal factor in determining the creditworthiness 
and loan terms, is shrouded in mystery, and the simple purpose 
of our legislation is to lift the veil of secrecy.
    There is a huge difference. Let me take an example, a 
modest Syracuse mortgage of $80,000. If you shave three points 
from that loan, it would save the homeowner about $140 a month, 
$1,600 a year. And so if the credit score is wrong, people pay 
for 15, 20, or 30 years, depending on the term of their 
mortgage. And up until this year, even the outline of how these 
scores, mysterious scores, have been determined was kept a 
secret. In fact, most consumers, for instance, have no idea 
that having a whole lot of credit cards, even if you pay every 
one on time, lowers your credit score. Well, if consumers knew 
this was part of the credit score, they could make a decision 
whether they wanted to have that fifth, seventh, or tenth 
credit card.
    So things are beginning to move into the right direction. 
E-LOAN, one company, is offering a free Web-based service that 
allows real estate agents, bankers, and consumers to instantly 
determine the credit rating. But we think this should be 
available for everybody. And I hope that our colleagues will 
pay some attention to this legislation as we move it along. It 
requires lenders to supply consumers with their credit score 
and an invoice that describes how it was calculated, the source 
of who calculated the score, and the four factors negatively 
affecting the score. It is simple Adam Smith free market 
disclosure, and it is something we would like to discuss, 
Senator Allard, and I would like to discuss as we move this 
bill along.
    Thank you.
    Chairman Shelby. Thank you, Senator Schumer.
    Our first panel will just be one gentleman. Mr. Timothy 
Muris, he is the Chairman of the Federal Trade Commission.
    We welcome you to the Committee. We appreciate your 
indulgence through our opening statements. Your written 
statement will be made part of the record in its entirety, 
without objection. You may proceed as you wish.

                 STATEMENT OF TIMOTHY J. MURIS

            CHAIRMAN, U.S. FEDERAL TRADE COMMISSION

    Chairman Muris. Thank you very much, Mr. Chairman. I want 
to thank you for holding this important hearing, and I 
particularly want to thank you and your staff for working so 
closely with us. I know, as has been mentioned, the Director of 
the FTC's Bureau of Consumer Protection, Howard Beales has 
testified before the Committee, and it is a particular pleasure 
since your Staff Director, Kathy Casey, is a former student of 
mine. And it has been a pleasure to see her and her staff 's 
professionalism and skill in working through this process.
    Chairman Shelby. You taught her well.
    Chairman Muris. Thank you. I am not sure she will agree 
with that, but that is another subject.
    As we testified--Howard presented the Commission's 
testimony in May--the statute, the FCRA, has been a remarkably 
effective law. It helps make possible what I call the miracle 
of instant credit, which occurs all over America every day.
    For example, you can walk into a car dealership, and if you 
have good credit, in less than an hour you can borrow $10,000 
from a complete stranger, or more, and drive out with a new 
car, which, when you think about it, I think is really a 
remarkable fact. And it exists really only in the United 
States.
    In the over 30 years since the FCRA was enacted, with the 
leadership of this Committee and Senator Proxmire, consumer 
credit has expanded exponentially. It accounts for over two-
thirds of our Nation's GDP. It has been particularly important, 
this expansion of credit, for the least affluent Americans. 
Thirty years ago, for example, 5 percent of low- and moderate-
income Americans had credit cards. Today, half have those 
cards, nearly half. The FCRA has facilitated this growth while 
at the same time protecting sensitive financial data.
    The FTC supports the package of proposed legislation that 
the Administration and Secretary Snow announced on June 30. We 
believe these proposals, along with a couple of additional ones 
in our testimony, will help improve credit report accuracy and 
fight identity theft, while preserving the benefits to 
consumers of the national credit reporting system.
    To begin, the Commission recommends that Congress renew the 
uniform national standards in Section 624 of the FCRA. The 
national character of our credit markets is a powerful argument 
for retaining these standards. This is not to say that the FCRA 
is perfect, but any improvement should be made by changes to 
the national standard and not through a patchwork of different 
State laws.
    The changes we support focus on getting more credit reports 
in consumers' hands, streamlining the dispute process, 
detecting and preventing identity theft, and easing the burden 
on identity theft victims.
    Turning more specifically to accuracy, we have several 
proposals that I believe will enhance the accuracy of credit 
reports. One proposal that I believe is particularly important 
is our recommendation to expand adverse action notices to 
consumers, and it builds on your charts, Mr. Chairman. A key 
element of the FCRA's protection of consumers is the 
requirement that when credit, insurance, employment, or other 
benefits are denied, based even in part on a credit report, the 
creditor must notify the consumers of their rights to a free 
copy of the report and to dispute the accuracy of information 
in the report.
    This self-help mechanism is a critical component in an 
effort to maximize the accuracy of consumer reports, and it is 
a quite ingenious part of this statute. It puts credit reports 
in consumers' hands when they are the most motivated to inspect 
their report for inaccuracies--that is, after they have been 
denied benefits based on the report.
    We are vigorously enforcing FCRA's adverse action 
provisions through industry compliance sweeps and enforcement 
actions against users of credit reports. Nonetheless, this is 
an area where we believe an important improvement is needed in 
the statute.
    The FCRA generally requires an adverse action notice when a 
consumer is offered less advantageous terms because of his 
credit report with respect to credit offers. But if the 
consumer is offered and accepts those less advantageous terms, 
he gets no adverse action notice.
    Now, in the modern world, this counteroffer exception makes 
no sense. Ten years ago, credit decisions were usually pass-
fail. You either got the credit you applied for or were 
rejected. Today, with the prevalence of risk-based pricing, 
which was your point, Mr. Chairman, consumers more often are 
offered a higher rate or worse terms. Those consumers may pay 
for a loan or credit card based on inaccurate information in 
their credit report, but they will never learn about it. This 
gap frustrates achievement of the FCRA's basic consumer 
protection goals. For this reason, we recommend that Congress 
give the FTC rulemaking power to expand the circumstances under 
which consumers get adverse action notices.
    Again, it is crucial to the working of the system that 
consumers be notified when there is a problem in their credit 
report. For most consumers, most of the time, it is not worth 
their time to go read their credit reports. They have a lot of 
busy things to do in life. An ingenious part of the system is 
you are notified when you are denied a benefit because of what 
is in the report. But because of changes since the law was 
enacted with this risk-based pricing, there is now a 
significant loophole which we think should be closed.
    We also have recommendations that will make it easier for 
consumers to dispute inaccurate information. For example, there 
is an anomaly in the law whereby resellers of consumer reports 
are responsible for investigating consumer disputes. We think 
that the credit repositories should share some of that burden. 
In addition, we recommend amendments that would make it harder 
for furnishers to reintroduce fraudulent information in the 
credit reports.
    Finally, we believe the law should be amended to require 
furnishers of information to investigate consumer disputes when 
consumers contact them directly. Consumers do not know 
necessarily that under current law they are supposed to contact 
the credit reporting agency. We see no reason why, when they 
contact the furnisher, that should not trigger the 
reinvestigation requirement.
    It is a pleasure to be here, and I will be happy to respond 
to any of your questions about our recommendations or any of 
the other issues.
    Thank you.
    Chairman Shelby. Thank you, Chairman Muris.
    The very first section of the Fair Credit Reporting Act 
highlights the importance of the accuracy of credit reports 
that we have been talking about today. Let me just briefly 
quote from the law. ``Inaccurate credit reports directly impair 
the efficiency of the banking system.'' It might be fitting, 
Mr. Chairman, to expand that sentence so that it reads, 
``Inaccurate credit reports directly impair the efficiency of 
our whole economy.''
    Chairman Muris. I certainly think that one of the reasons 
that our economy is so strong, particularly compared to the 
rest of the world, is the flexibility of our credit system.
    Chairman Shelby. Absolutely.
    Chairman Muris. And that credit system relies on these 
national credit standards, and this law is essential, I think, 
to making those standards work.
    Chairman Shelby. Would you agree that inaccuracy in credit 
report information could create inefficiencies in the economy?
    Chairman Muris. Absolutely. And I certainly agree with the 
comments that others are making, you know, that not all 
inaccuracies are created equal.
    Chairman Shelby. Sure.
    Chairman Muris. But, again, that is why it is so important 
to put this information in the hands of consumers.
    Chairman Shelby. What is your understanding, Mr. Chairman, 
as to the level of inaccuracy found in credit reports?
    Chairman Muris. We have no way of knowing the precise level 
of inaccuracy. Again, the ingenious nature of this system and 
why we want to expand the adverse action notices is that when 
you are denied a benefit because of what is in the credit 
report, you need to be told. And that puts you on notice, 
particularly if you think there must be a mistake, to see what 
the problem is.
    The statute obviously understands that you are dealing with 
something like, with these big credit bureaus, 2 billion 
transactions a month. Perfect accuracy is neither possible nor 
desirable.
    Chairman Shelby. But accuracy is very desirable, maybe not 
perfect.
    Chairman Muris. Absolutely. That is why we take lots of 
steps to deal with accuracy, and that is why we think, although 
you should extend the preemptions in the national system, that 
you should improve the statute, particularly in terms of 
accuracy.
    Chairman Shelby. A lot of things that Senators Corzine, 
Crapo, Allard, Schumer, and others have been talking about as 
far as accuracy, is putting together a comprehensive bill here 
which could improve the accuracy and the efficiency of credit 
reporting, could it not?
    Chairman Muris. Absolutely, and that is what our package of 
proposals is aimed for. We look forward to working with you on 
developing such a package.
    Chairman Shelby. You do not have a specific number, you 
know, statistically, as to the errors. Is there any way to get 
a specific number? Because numbers do matter.
    Chairman Muris. Well, they do matter. I am not sure that it 
is worth the cost of getting a specific number. I do think that 
easing the ability of consumers to have the information is the 
best route to take, and that is why we made several proposals, 
including free credit reports----
    Chairman Shelby. That would be good for the consumer by a 
long way, but also good for business, would it not?
    Chairman Muris. Well, yes. I do think that a more accurate 
system, assuming it can be achieved without undue cost, would 
be better. And I think the proposals that we have made take us 
a significant way down that road.
    Chairman Shelby. Mr. Chairman, do you think that the 
Federal Trade Commission should have a responsibility to obtain 
information regarding the accuracy of the information contained 
in consumer reports on an ongoing basis?
    Chairman Muris. I would be particularly concerned--and I 
know there is a provision in the House bill--if we were asked 
to spend a lot of resources trying to come up with, trying to 
determine what the level of accuracy is. I think our resources 
would be better spent on consumer education, on developing new 
laws such as we have talked about, on enforcement, because--
although, again, accuracy is a key to this statute, but trying 
to find out and deal with some of the issues that people have 
raised here about accuracy, I am not sure that is the best----
    Chairman Shelby. Well, accuracy is going at the truth of 
whatever the information is.
    Chairman Muris. Yes, that is certainly true. But I think 
Senator Bennett's point about levels of accuracy is very well 
taken.
    Chairman Shelby. Absolutely. Does the Federal Trade 
Commission, currently have the authority and the resources 
necessary to ensure that the highest level of accuracy possible 
is achieved? Do you need more resources? Or do you think, as 
you alluded to, you are going to work with us toward better 
legislation?
    Chairman Muris. I think the preferable route is better 
legislation. We received our mark from the House appropriators 
yesterday. If we get that amount of money from the Senate, I 
think we can very admirably carry out our responsibilities, 
including whatever new responsibilities you would give us.
    Chairman Shelby. Especially if we put together a good bill 
overall, one that is good for business, good for the economy, 
and good for the consumer?
    Chairman Muris. Yes, sir, absolutely.
    Chairman Shelby. Senator Sarbanes.
    Senator Sarbanes. Thank you very much, Mr. Chairman.
    Chairman Muris, I am going to try to run through some 
questions with you very quickly. As you know, our time for 
questioning is limited. But, first, I do want to note the 
front-page article in today's New York Times on the FTC's Do 
Not Call Registry. This article says that there has been an 
outpouring of public interest in the registry far exceeding the 
Government's initial expectation. According to the article, 
Americans have submitted 23 million phone numbers in the last 2 
weeks for the registry, and the FTC expects at least 60 million 
Americans to sign up by October 1.
    What does this tell you about the way people are feeling 
about the invasions of their privacy?
    Chairman Muris. Well, I think the reason that we have 
adopted the national Do Not Call Registry is in response to 
concerns over privacy. And, indeed, the reason that we are 
making several proposals here is in response to concerns about 
privacy.
    I am not sure that it is accurate that we have received a 
lot more initial sign-ups than we expected. We thought this 
would be a very popular initiative. The Commission has never 
received anything like the comments and the response in its 
history to anything we have done like the Do Not Call 
Initiative.
    I do think people care about privacy, and what they care 
about, I think, is when their information is misused in ways 
that bother them. And the interruption of their dinnertime is a 
perfect example, and I also think, to transfer that to this 
context, when sensitive information is misused or it is 
inaccurate, those are the kinds of things that bother people 
the most rather than abstract notions of, you know, privacy. I 
think people are very practical, and when it is misused and 
causes them consequences, that is when they really care. And I 
think Do Not Call demonstrates that.
    Senator Sarbanes. One of the witnesses on the next panel, 
Mr. Brobeck, from the Consumer Federation, recommends 
broadening the Federal enforcement of FCRA in two ways. He 
recommended, ``An appropriate Federal Agency such as the FTC 
should audit the repositories' records on a regular basis to 
identify data furnishers who report incomplete or incorrect 
information to the repositories.'' He also recommended that the 
FTC should collect and analyze information about credit 
reporting disputes on a quarterly basis and report this 
information to Congress annually.
    Would you support those recommendations?
    Chairman Muris. Well, I have welcomed our cooperation and 
support on many issues from the consumer movement and the CFA 
in the past. I have trouble with some of their recommendations 
here. The idea of an audit bothers me in the following sense. I 
think we need to focus on the key trigger point of the statute, 
which is letting consumers know when there is a problem. I 
think in terms of furnishers, it is a voluntary system. We have 
sued furnishers for supplying inaccurate information. There are 
duties dealing with furnishers. In fact, we are proposing to 
trigger the reinvestigation process, as I mentioned, when a 
consumer contacts the furnisher.
    So, I think there are some more things that furnishers can 
do. There are already duties on furnishers. But I am concerned 
about shifting our focus from the consumer and the consumer 
getting notified to a more abstract idea of auditing and 
studying the procedures of the credit reporting agencies.
    Senator Sarbanes. You used the instant credit example in 
your own statement. Does the store receive a complete credit 
report, or does it simply receive a credit score when it acts 
in that instance?
    Chairman Muris. Well, I think it depends. In the case of 
the real instant credit, they are receiving often just an 
approval. I am not even sure----
    Senator Sarbanes. And if the consumer is denied credit in 
the instant credit scenario and then requests a credit report 
as a result of that adverse action, what would the credit 
reporting agency provide to the consumer? Just what the store 
got?
    Chairman Muris. My understanding is no. Well, I am not sure 
what the store gets, and----
    Senator Sarbanes. Well, shouldn't the consumer----
    Chairman Muris. Yes, I agree the consumer should get the 
full----
    Senator Sarbanes. Shouldn't the consumer, at least, get 
what the store got? And if that is not the full report, 
probably get the full report as well, should he not?
    Chairman Muris. Absolutely. I agree, Senator. What they are 
supposed to get now, this is triggered by the so-called Equal 
Credit Opportunity Act notice. They are supposed to be told the 
four leading reasons why there was a problem with their credit 
report.
    I agree that just giving them a very simple piece of 
information would not be useful, but I believe under current 
law they are required to get more than that.
    Senator Sarbanes. My time is up. Let me just ask you, is it 
the intention of the FTC to provide to the Committee draft 
statutory language to carry out the recommendations that you 
have presented to us in your statement here this morning?
    Chairman Muris. Yes, sir.
    Senator Sarbanes. And how promptly can you do that?
    Chairman Muris. Well, we have been working with the 
Committee, and I think we would be able to do this very 
promptly. And we have been working with the other body as well.
    Senator Sarbanes. What is ``very promptly?''
    [Laughter.]
    Chairman Muris. Well, I am not even sure what day of the 
week it is. It is Thursday, I think. I would be very surprised 
if we cannot sit down and do something--next week?
    I am checking with the people who have to do the work 
before I make a promise.
    Yes, next week would not be a problem at all.
    Senator Sarbanes. Thank you, Mr. Chairman.
    Chairman Shelby. Senator Dole.
    Senator Dole. Mr. Chairman, as an alumnus of the FTC, I 
take a great deal of interest in your testimony, which I find 
very credible, because I know that these recommendations 
represent a bipartisan consensus approach.
    Now, currently, the Federal Trade Commission has four 
Commissioners appointed by President Clinton, and then you, an 
appointment of President Bush. Isn't that correct?
    Chairman Muris. Yes, Senator.
    Senator Dole. You are clear in your testimony the FTC 
supports the permanent reauthorization of the Fair Credit 
Reporting Act preemptions contained in the 1996 Act with some 
modest amendments. Is this the unanimous position of all the 
Commissioners?
    Chairman Muris. Yes, it is.
    Senator Dole. Mr. Chairman, do you agree with the statement 
of Director Beales who stated earlier that affiliate sharing 
assists in the prevention of identity theft?
    Chairman Muris. Yes. Yes, I think that it is important that 
financial institutions have access to more information than the 
crooks have to stop the fraud. And in that sense, I think the 
information is helpful.
    Senator Dole. Inasmuch as affiliate sharing prevents 
identity theft, would you agree, then, that affiliate sharing 
leads to more accurate credit reports?
    Chairman Muris. Yes, I would, and we do support it and 
think that affiliate sharing is an important part of this 
process.
    Senator Dole. And while there is always room for 
improvement, do you believe that the credit reporting agencies 
are doing enough to ensure accurate credit reports?
    Chairman Muris. We have had several opportunities to engage 
in enforcement against the credit reporting agencies. That 
process continues. We are their primary regulator. I think, you 
know, with a rare misstep, which I think we have corrected, I 
think that they have done a good job.
    I do believe that some additional legislative protections, 
particularly in terms of accuracy, which I have outlined, would 
be helpful.
    Senator Dole. In your prepared statement, you give the 
example that if States are able to pass differing laws on 
reinvestigation times, furnishers might determine that their 
reinvestigation duties are too onerous and simply exit the 
system. Do you believe the 30-day period in the Fair Credit 
Reporting Act is the appropriate one?
    Chairman Muris. Well, Senator, I do think the 30 days has 
worked well, and I think there are a couple of important points 
to make. The one that you are referring to about the voluntary 
nature of the system and the furnishers' cooperation is very 
important. And a second point is we have frequently brought 
cases against scams that involve credit repair. And one of the 
things that some of these scams tell you to do is to challenge 
everything, ask for a reinvestigation on everything, with the 
idea that maybe you can run out the clock. And if the period 
was shortened particularly dramatically--I know some people 
have proposed 15 days--I think that would be a serious problem 
in terms of these scams.
    Senator Dole. You also give an example in your prepared 
statement as to the problems that may arise from shorter 
obsolescence periods governing how long negative information 
can continue to be reported. Do you believe the 7-year period 
included in the Fair Credit Reporting Act is the appropriate 
time period?
    Chairman Muris. Well, I think the 7 years has worked well. 
I have seen no reasons at all to change, and that is the basis 
of our recommendation.
    Senator Dole. Senator Dodd sent me a copy of a series of 
articles that were written in the Hartford Courant, and this 
detailed some very distressing charges of errors the paper says 
have been built into the credit reporting system. One such 
charge was that credit reporting agencies have the incentive to 
put false information in a credit report because the potential 
creditor is more likely to buy a report with more information 
in it because they assume that it must be more accurate.
    I find this hard to believe. Would you comment on that 
charge?
    Chairman Muris. I find that very hard to believe as well 
Senator, and I am not aware of any evidence that this has 
occurred. The credit bureaus are in the business of selling not 
only information, but also accurate information, and that is 
why I am surprised by that allegation.
    Senator Dole. In your written testimony, you state that, 
``Prescreened offers provide many benefits for consumers, and 
can enhance competition, leading to greater credit 
availability, better terms, and lower costs for consumers.'' 
Some of the witnesses in previous hearings have stated that 
prescreened offers have one of the lowest rates of fraud. Do 
you agree with this observation?
    Chairman Muris. I do not think that there are systematic 
problems in terms of fraud with prescreened offers. I have seen 
evidence certainly consistent with the statement that you are 
making. I think the prescreened system has worked well. I do 
think that giving us the ability to make the opt out more 
prominent and easier for consumers to use would be a useful 
thing, and that is why we have recommended that.
    Senator Dole. And I just want to make it clear for the 
record. All of the Commissioners at the Federal Trade 
Commission support the continuation of the prescreening 
preemption, of course, with better disclosure for the opt out.
    Chairman Muris. Yes, yes.
    Senator Dole. What can Congress do to improve the accuracy 
of information in credit reports?
    Chairman Muris. I do think it would be helpful to implement 
the proposals that we made. We do not have a monopoly on the 
best way to approach this, of course, and I am certainly 
looking forward to working with you.
    And I just want to add on a personal note that it is a 
pleasure to be working with you again after all these years. 
The years have treated me a little worse than they have treated 
you, but it is a pleasure to be working with you again, 
Senator.
    Senator Dole. Thanks very much.
    My time has expired. Thank you, Mr. Chairman.
    Chairman Shelby. Senator Corzine.
    Senator Corzine. Thank you, Mr. Chairman.
    I do not really know how to follow that up.
    [Laughter.]
    Let me see. The idea that you are going to give an 
opportunity for a consumer who has an adverse notice is the 
major response that you are suggesting--do I hear this 
correctly--with regard to making sure that consumers are aware 
of deterioration in their credit?
    Chairman Muris. I think the key to the system that Senator 
Proxmire set up is that the consumers are put on notice when 
there is a problem, when they are denied a benefit because of 
something in their credit report, and I think we can improve 
that system.
    Senator Corzine. But you are suggesting at the point of a 
transaction, being turned down?
    Chairman Muris. I think that for most consumers, that is 
when they would care. Now, I do think that there are several 
things that we propose that--if a consumer is really interested 
in the absence of a transaction, I think we should make it 
easier for them to get the information about their credit 
report and about how the system works, and----
    Senator Corzine. Secretary Snow's once-a-year credit report 
and the detail in the way that Senator Sarbanes and others were 
talking about--information that might have changed from year to 
year, or adverse factors, so that individuals would know when 
they are going to change jobs that they may have adverse 
information in a credit report, or if they are contemplating 
buying a car, they know that they are going to get a lower 
credit score. I am presuming you are incorporating the once-a-
year----
    Chairman Muris. Yes, sir.
    Senator Corzine. And for the record, that is part of your 
recommendations, not just a notification of an adverse factor 
at the time of----
    Chairman Muris. Oh, absolutely. We are proposing that they 
be able to get the one free consumer report. We are proposing 
that consumers have the option of receiving more information.
    Now, I think it is important to add that it needs to be up 
to the consumer. We are certainly not proposing a blanket 
mailing to everyone of their consumer report. I am not 
suggesting, and we do not suggest, that everybody needs to look 
at their consumer report on a routine basis. That should be up 
to the individual.
    Senator Corzine. I just--and I guess this is a basic 
philosophy issue--but an individual who is in contemplation of 
buying a car, in contemplation of taking out a mortgage, or 
accessing credit may be already dependent on having that 
transaction take place, and if they are not aware of 
deterioration in their credit, there can be serious 
circumstances that are attributed to it. So, I am a little 
troubled with that tension.
    Chairman Muris. Well, I am not sure that there is a 
tension. It is really up to the individual. If the individual 
is particularly risk-averse, or if they have some reason to 
believe there is a problem, we think it should be easier than 
it is now for them to investigate.
    On the other hand, I do not think--for a lot of people who 
have not had any problems in their lives, they have a lot of 
things to do with their lives, and I am not going to recommend 
to such a person that they spend their precious time reading 
and investigating their credit. But we want to make it easier 
for the individual, and we particularly want to make it easier 
at that crucial time if you are denied a benefit to get the 
information.
    Senator Corzine. One specific on that. I do not know if 
other Senators feel this way, but I would like to understand in 
practical terms, if you request a credit report on yourself, 
what that would look like. What would the requirements actually 
be that would be sent out by one of the reporting agencies so 
that the practical elements of it are actually what we are 
talking about?
    Chairman Muris. Yes, that is an excellent question. Right 
now, in some States, you can get them for free, and in other 
places, you can buy them. We would be glad to work with you and 
show you how that works.
    Senator Corzine. I find it troubling that you have to buy 
them.
    Chairman Muris. And that is one of the reasons that, under 
our recommendation, that would no longer be true.
    Senator Corzine. I think that under Secretary Snow's, if 
individuals knew they had the availability, they would put in 
an annual request.
    Chairman Muris. Well, in the States, again, it depends on 
the consumer. In six States, they have that right, and more 
exercise the right than if they had to pay for the report, but 
obviously, it takes some time to digest and understand, and for 
some people, that might not be worth their time, and I can 
understand that.
    Senator Corzine. Three other points, quickly. First, I 
think that you just gave an absolute recommendation of 
financial literacy ties to this.
    Chairman Muris. Oh, absolutely.
    Senator Corzine. That, without education, these things 
are----
    Chairman Shelby. Senator Corzine, our next hearing is going 
to dwell on financial literacy.
    Senator Corzine. Second, I think the identity theft issue 
makes this even more important. Once you have been invaded as 
an individual, the idea of whether this thing gets cleaned up 
on an accuracy basis is one of the reasons we are introducing 
the nature of the legislation, but I again go back to this 
comprehensive nature.
    And finally, I am really struck with the range of 
statistical variation that Senator Bennett talked about and 
others recognized, and I am not sure that I agree that it is 
not worth the cost of having some kind of understanding of what 
the nature of the problems are. Even though it is a big and 
complicated system, having some readout on the nature and the 
gradation of the nature of the problems--is it an ``S'' or an 
``F'' or is it the kinds of things that come with identity 
theft. I am a little troubled that we make policy decisions 
when we are not sure what the nature of the problem is because 
we are not accumulating all the data.
    So, I will ask a simple question and then I will shut up. 
What is the range? Are we closer to 0.2 percent, or 29 percent, 
or 0.70 percent?
    Senator Bennett. Not ``point''--70 percent.
    Senator Corzine. Yes, yes. Excuse me.
    Chairman Muris. I will say this--that the studies with the 
higher numbers, I believe their methodology is seriously 
flawed. I would be very surprised--and I do not know as much 
about the methodology of the 0.2. The question which Senator 
Bennett's ``F'' and ``S'' illustrates is the significance of 
the benefits, which is again why I think it is so important to 
expand the adverse action notice, and for those consumers who 
want, even outside the context of a particular transaction, to 
look at their credit report and understand the system. I think 
we should increase that availability as well.
    Senator Corzine. Thank you.
    Chairman Shelby. Thank you, Senator Corzine.
    Senator Bennett.
    Senator Bennett. Thank you very much, Mr. Chairman.
    Chairman Muris, have you or your staff looked into two 
issues with respect to the free credit report--and let me say 
right up front that I applaud the idea that someone should be 
able to access their report at their own instigation, not only 
when there is a notice of an adverse action--but have you 
looked at two aspects of providing the free report--number one, 
the cost, and number two, the opportunity for identity theft.
    Let me tell you what I mean on the second one. We had, at 
our last hearing, a passionate appeal for Congress to do 
something--I am not quite sure what we could do--about 
``dumpster diving.''
    During the hearings on identity theft that I held when I 
was Chairman of the Subcommittee that dealt with this, we were 
told that one of the standard ways of people who went after 
identity theft in a serious fashion was to steal mail. They 
would hope they would find in the mail a credit card. If they 
did not find in the mail a credit card, they would hope they 
would find a bank statement or some other document that would 
give them information about some individual whose identity they 
could then steal.
    Isn't there a possibility that some clever criminal listens 
to all this and says, ``Boy, this is terrific; I am going to 
request the free credit report for Robert S. Bennett''----
    Senator Schumer. How about Robert F. Bennett?
    Senator Bennett. --I will do that, too, and I will do 
Charles Schumer, and I will do John Corzine and all the rest of 
it--and see what I get, and particularly if there is a flood of 
these coming in, and you talk about errors, and a flood of mail 
coming back, is there a possibility that in our effort to 
prevent identity theft, we facilitate it?
    Chairman Muris. Well, a couple of responses to that, and 
particularly to the last point. The CRA's right now require 
various steps to make sure it is the right person. If you are a 
successful criminal, if this tactic really worked, I am not 
sure the $9 that it costs now would be much of a deterrent. 
Obviously, it is $9 more than free.
    Senator Bennett. I will get back to cost in a minute. I am 
not talking about the cost right now.
    Chairman Muris. No. But I am saying that if this is a way 
to engage in identity theft, you can do it now for $9 per 
credit report.
    Senator Bennett. I see.
    Chairman Muris. I do think that identity theft is a serious 
problem--a very serious problem. I know that you had a hearing 
on it; FTC Bureau of Consumer Protection Director Howard Beales 
testified. Many of our proposals deal with identity theft. We 
are going to release a survey sometime this summer about the 
incidence of identity theft, and we are still trying to digest 
those numbers now. But I do not think this proposal, based on 
the experience that we have seen just in the small number of 
States that allow free reports and the experience with the $9 
now, has been a major source of identity theft.
    Senator Bennett. Okay. I have discussed this with the 
industry, and they tell me that if the request is made online--
if this is an Internet request--they are almost certain that 
they can prevent anybody from requesting this information. If 
it is mailed out, they say the chance of somebody getting the 
information and using it improperly is substantially better.
    So, I would like to pursue in the legislation, Mr. 
Chairman, the whole question of how the report--if we are 
indeed going to see a significant rise in requests for 
reports--is formed. I do not know if we can absolutely insist 
that it always be an electronic request and an electronic 
response, but that, I am told, is far more secure than 
responding in the mail.
    Now, back to this issue of cost. I am not talking about the 
cost to the consumer. I am talking about the cost to the credit 
bureau.
    Chairman Muris. I understand.
    Senator Bennett. And the question arises--do we have any 
statistics as to how more requests they will get, how much 
additional costs they will incur, and life being what it is, 
therefore, costs that will be ultimately passed on to the 
consumer?
    Chairman Muris. You are absolutely correct that the costs 
will be passed on. From various parts of the industry, I have 
heard two different estimates of the costs in the handful of 
States that allow it now. One is that not very many more people 
requested free reports. Another is that a significant increase 
off a very small base requested reports. And I do think it is 
important--and this may be somewhat of a tension in the 
previous questions--I personally would oppose something that 
really pushed people to look at their credit reports unless 
they had some reason--if they were very risk-averse, were about 
to enter an important transaction, or they had some particular 
suspicion about their report.
    Most people do not look at their credit reports. Most 
people have good credit. I think it should obviously be the 
choice of the consumer, but we should not encourage or frighten 
people to do something that is not necessarily in their 
interest.
    Senator Bennett. Thank you.
    Thank you, Mr. Chairman.
    Chairman Shelby. Senator Schumer.
    Senator Schumer. Thank you, Mr. Chairman.
    I want to thank you, Mr. Muris, for always being available 
to this Committee and for your forthright answers.
    I would like to focus on the legislation that Senator 
Allard and I talked about earlier today. First--and I know you 
have not seen it; we just dropped it in yesterday, so you 
probably have not seen the details--but what do you think of 
the general concept?
    Chairman Muris. We support the concept of giving people 
information, the right to a free credit report, information on 
how the credit scoring system works, certainly having a credit 
score. I think it is important to understand there is no one 
``the credit score,'' so I am hoping you have some flexibility.
    I am a little bit concerned--we do antitrust and 
competition--this is an industry with not very many players, 
and I would not want to do anything inadvertently that gave one 
player an advantage. I do not think you would do this or are 
proposing to do this, but if somebody wanted to say one kind of 
credit score was more preferable than another, that would cause 
us problems.
    Senator Schumer. But all we do is allow people to see how 
they got the credit score from that particular agency. It is 
obviously the bank or whoever is hiring the company that is 
going to----
    Chairman Muris. Sure. That is fine.
    Senator Schumer. We do not want to determine what the 
credit score should be.
    Chairman Muris. But there are different kinds of credit 
scores. That is all I am saying.
    Senator Schumer. No question, no question. But we are not 
going to mandate how you create a credit score. We just want 
people to know--right now, they give you your score, and that 
is it. So it is like saying you flunked, or you got a ``D,'' or 
you got a ``B,'' and you ask which questions did I get right, 
and which questions did I get wrong, and they say, ``We cannot 
tell you.'' That is the frustration that people feel.
    Chairman Muris. Yes. You can certainly get more detailed 
information in terms of adverse actions already now, but we 
think that that should be available more widely; it should be 
available without cost, and if that is the concept of your 
bill, then that is certainly completely consistent with what we 
are proposing.
    Senator Schumer. Well, I had a lot of other questions in 
case you said ``No,'' but you said ``Yes,'' so I will yield 
back my time. I know we have a vote, so my colleague can 
proceed.
    Chairman Shelby. Senator Allard.
    Senator Allard. Thank you.
    I want to delve a little bit into enforcement. Sometimes 
constituents have contacted me when they have had problems with 
jurisdictional issues concerning the enforcement of fraud. For 
example, the victim may live in one State, and the act occurred 
at a retail store in another State, and both enforcement 
agencies say it is the others' responsibility.
    My question to you is what enforcement actions are at your 
disposal, and how often have you exercised that authority?
    Chairman Muris. Well, we certainly engage in a wide variety 
of enforcement, and we have enforcement, obviously, interstate, 
and when it comes to fraud, that is particularly the mainstay 
of what we do.
    Because more and more problems are international, and we 
have a proposal before the Congress, which has passed the 
Commerce Committee as part of the FTC reauthorization, to 
approve our ability to deal with cross-border fraud.
    In terms of the credit reporting agencies, we are their 
primary regulator and, as I have mentioned, from time to time 
over the years, we have brought cases against them, including 
very recently.
    Senator Allard. How would you bring a case against a 
reporting agency, because this is an enforcement problem. It 
may come to light because it went through the Agency, so the 
Agency tells you to contact the local law enforcement in each 
State. When the State refuses to take action--what alternative 
does that individual have?
    Chairman Muris. One of the ways which we have recently--and 
this is still an ongoing issue in some ways--dealt with the 
credit reporting agencies is making sure that they are 
answering the phones. They are supposed to have a process that 
consumers can reasonably use to deal with problems on their 
credit report.
    Obviously, if you are talking about some kind of fraud or 
problem with a credit card company, or if there is a dispute 
about a bill, that is not the responsibility of the credit 
reporting agencies. We also enforce the Fair Credit Billing 
Act, which provides procedures for dealing with those disputes.
    In terms of fraud, I mentioned with Senator Dole the credit 
repair scams. We have brought a large number of those cases. We 
have recently seen people--you know, when money is involved and 
financial information is involved, there is a lot of 
opportunity for scams. There are people online right now who 
are scamming people, trying to get sensitive information from 
them, and it is to misuse the information, and we have a lot of 
those investigations and have brought a lot of those cases.
    Senator Allard. So you have the capability to investigate 
and to prosecute?
    Chairman Muris. Absolutely.
    Senator Allard. How often have you exercised that 
authority?
    Chairman Muris. Let me just give you one statistic. In 
terms of telemarketing fraud, for example--we were talking 
about the telemarketing issue--between the FTC and the States 
in the 8 years or so of the Telemarketing Sales Rule, there 
have been over 1,000 cases. When consumers are ripped off--and 
fraud is the worst example--that is the mainstay of what we do, 
and many more of our resources go there than anyplace else.
    Senator Allard. One other question just to follow up on 
Senator Schumer's line of questioning--he did not ask if you 
believe that the credit scores should be provided free of 
charge?
    Chairman Muris. Yes, yes. Again, it is not just the score, 
but we believe that people should be able to get their report, 
they should be able to get an explanation----
    Senator Allard. What goes into it, right.
    Chairman Muris. Right, how the system works.
    Senator Allard. Do you think that whole report should be 
provided?
    Chairman Muris. Right, and I think that is more important, 
quite frankly, than the score itself. The steps that you can 
take to improve--these scores can be confusing since different 
people use different systems.
    Senator Allard. Thank you, Mr. Chairman.
    Chairman Shelby. Senator Sununu.
    Senator Sununu. Thank you, Mr. Chairman.
    Chairman Muris, I want to talk a little bit more 
specifically about access to free reports, and I apologize for 
being the last questioner, so you might have touched on some of 
this already.
    Currently, consumers can get access to a free credit report 
if they are denied credit. What is the percentage of consumers 
that have been denied credit who actually take advantage of the 
opportunity for a free report?
    Chairman Muris. You know, I do not know that number. Even 
my experts do not know that number, but we would be glad to try 
to get you something.
    Chairman Shelby. Can you do that--find out for the record 
and furnish that to us?
    Chairman Muris. Sure. Yes, sir.
    Senator Sununu. That would be good. It would seem to me to 
be a pretty important figure, especially if ensuring full 
access for everyone to free credit reports is part of the 
proposal, because if it is 10 million people getting free 
credit reports, and it is costing a tremendous amount of money, 
then obviously, we would want to at least give some extra 
consideration----
    Chairman Muris. The number of people who seek free credit 
reports even in areas where they are allowed to get free credit 
reports does not appear to be, percentage-wise, a large number.
    Senator Sununu. Which brings me to my next question. There 
are six States that allow that, correct?
    Chairman Muris. I think that is right.
    Senator Sununu. What are those States, or what is the 
largest of those States, and what are the take-up rates for 
those States that allow free credit reports?
    Chairman Muris. The more recent evidence that we have 
received is that people--somewhere around double. It was a 
fairly small number.
    Georgia, Massachusetts, Colorado, and Vermont, I am told. I 
received a statistic yesterday it was somewhere in the 
neighborhood of--I think it was Colorado--it was something like 
100,000 reports.
    Senator Sununu. Okay. I would appreciate it if you could go 
ahead and provide that information for those six States that 
allow full access to credit reports and the number of credit 
reports that are provided to those consumers who do not have a 
problem.
    Chairman Muris. Right, and the number that sticks in my 
head, and I think it was for Colorado, even with free reports, 
was something under a couple of hundred thousand a year.
    Senator Bennett. Do you want the numbers?
    Chairman Muris. Yes. Do you have the numbers?
    Senator Bennett. I have them, yes.
    Chairman Muris. Okay.
    Senator Bennett. New Jersey, 2.37 percent, which is a 35 
percent increase over the national average of 1.7 percent; 
Massachusetts, 2.21 percent, a 25 percent increase over the 
national average; Maryland, 5.53 percent, a 204 percent 
increase over the national average--Senator Sarbanes' 
constituents are more curious; Georgia, 6.14 percent, a 250 
percent increase over the national average; and Colorado, 4.45 
percent, or a 153 percent increase over the national average.
    So the average increase for all of these States is 144 
percent. So you are operating off of a small base. The national 
average is 1.76 percent, and it goes up to 4 or 5 percent in 
the highest.
    Senator Sununu. And I would simply appreciate it if you 
could verify those numbers, and Mr. Chairman, if we could 
include the numbers in the record
    Chairman Shelby. Absolutely.
    Senator Sununu. And I would ask a question of my colleague, 
which is how can there be a national average if there is not a 
uniform requirement that people have access to their credit 
reports.
    Senator Bennett. Well, by ``national average,'' that means 
the national average of people who get reports when there is an 
adverse action.
    Senator Sununu. So it is 20, 50, or 250 percent more than 
the percentage that take advantage when there is an adverse 
action.
    Senator Bennett. That is right.
    Chairman Muris. And again, the absolute numbers are not 
very large. But one thing that is interesting is I suspect, 
Senator Bennett--and I do not know for sure whether we are 
getting numbers from the same sources, and they do not 
completely agree, but we will figure out whatever the 
discrepancy is.
    Senator Sununu. I would appreciate the best possible 
numbers being provided to the Committee.
    Senator Bennett. These are the numbers from a single credit 
bureau.
    Chairman Muris. A single credit bureau, okay. We have them 
from the three.
    Senator Sununu. How many of the three major credit bureaus 
provide information about scoring methodology on their credit 
reports now?
    Chairman Muris. I believe that you can get information from 
all of them.
    Senator Sununu. I am sure you can get information from all 
of them----
    Chairman Shelby. Do you believe it, or do you know it?
    Senator Sununu. --but is it provided----
    Chairman Shelby. Will you furnish that for the record?
    Chairman Muris. Yes. My understanding is that they do that, 
but I will double-check to make sure.
    Senator Sununu. And being able to get information if you 
ask for specific information is one thing; being given 
information in conjunction with your credit report is another.
    Chairman Muris. Correct. And my understanding again is that 
you get that information, but I will verify that.
    Senator Sununu. A final question. I think one of the most 
frustrating that I have seen, both seen personally and heard 
about, is when a consumer addresses a problem in their credit 
report, a piece of inaccurate information, and they deal with 
this issue, and then it comes back, and the next time they are 
dealing with a credit report, it is back on there, and then 
they call and fix it again, and then it is back on there again.
    What, if anything, is the FTC doing to try to address or 
alleviate this problem?
    Chairman Muris. We have taken several steps. There is on 
occasion a situation where the consumer and the creditor simply 
disagree. There are also private rights of action available, 
and there is something of a cottage industry involved in these 
sorts of cases. But we have, in the aggregate, been worried 
over the years and have taken steps, including suing the 
companies to make sure that their complaint resolution process 
provides the kinds of reasonable procedures that the law 
requires.
    Senator Sununu. Is it your perception that where private 
right of action or other enforcement mechanisms--penalties, 
fines, what-have-you--exist, are they substantive enough and 
appropriate to actually discourage the activity, and if not, 
where are they short?
    Chairman Muris. Well, you have two different levels of 
issues here. One is between the consumer and the creditor, and 
the other is the credit reporting agency. In terms of the 
latter, we are not recommending as a Commission, and I 
certainly would not recommend personally, any change in the 
remedial structure.
    In terms of the former, although I have not focused on it 
particularly for this hearing, I am not aware of any systematic 
problems. Obviously, in a system where you have 2 billion 
transactions a month going to the credit reporting agencies, it 
would be shocking if you could not find examples of mistakes, 
and mistakes that are hard to correct.
    I do believe that the incentives of the system are good, 
and I also believe they can be improved some, which is the 
basis of our recommendations.
    Senator Sununu. Thank you very much.
    Thank you, Mr. Chairman.
    Chairman Shelby. Thank you.
    Mr. Chairman, maybe I misheard you a few minutes ago. I 
believe you were answering Senator Corzine's observation or 
question. But you said you would oppose one--for example, 
myself--wanting to look at my credit report? Did I mishear you?
    Chairman Muris. No. What I would oppose is you requiring a 
mass mailing to everyone of their credit reports.
    Chairman Shelby. Oh, okay. I am glad you corrected that. 
You are talking about a mass mailing without it being 
requested.
    Chairman Muris. Right, right.
    Chairman Shelby. Okay.
    Chairman Muris. And I am saying I can understand if Senator 
Corzine wants to look at his credit report a lot; I can 
understand that. I can understand if Senator Bennett or 
somebody else does not. And I think it should be at the--
    Chairman Shelby. Yes. But just a mass mailing--we do not 
have mass mailings by the States now, do we?
    Chairman Muris. No, no, no.
    Chairman Shelby. Okay. I am glad you corrected that. That 
was bothering me, because after these hearings that we have 
been holding for the record, gosh, I have just ordered a credit 
report on myself. I do not intend to borrow any money today or 
buy something, but maybe tomorrow--and with identity theft and 
the horror stories, I am going to look at my credit report and 
see how accurate it is. I had not thought about it before these 
hearings, but----
    Senator Bennett. I am afraid to look at mine.
    Chairman Shelby. Oh, I might be afraid, but I think it 
might be smart, especially if you are contemplating buying 
something, because of this.
    Let me see if I am right in this from what I have heard 
from the record over a series of hearings. Let us say, Mr. 
Chairman, that I apply for a loan that is advertised at 5 
percent on a house for 30 years, or whatever it is, 5\1/4\, and 
they run a credit check on me, and they come back and say, 
``You do not qualify for that, but I am making you a 
counteroffer. I will make you a counteroffer for 6\3/4\ or 7\1/
4\.'' And I am desperate for the money--like everyone, time is 
of the essence--so I say okay, I will take it, because the 
payments are dragged out. But I still do not know what is in 
the credit report, because they have made a counteroffer to me, 
as I understand it now, that may have deemed my credit score to 
be lower than ordinary. And the ordinary person--gosh, I would 
not have known anything about the scoring of credit until we 
had these hearings--you know they do not know what that is 
based on. The average American citizen would not know.
    That is why we are going to have our next hearing on 
financial literacy, which I think is important.
    Chairman Muris. Oh, absolutely, I agree.
    Chairman Shelby. So, I guess what bothers me some is that 
by making a counteroffer to me, they do not have to disclose 
what is in my--or, give me a copy of my--credit report. Now, if 
they turn me down--in other words, they are not turning me 
down; they are just making me a counteroffer--that bothers me.
    Chairman Muris. I agree, and that is why we think in that--
    Chairman Shelby. How do we work around that somehow?
    Chairman Muris. We have recommended that you change the law 
so in that situation, they need to get an adverse action 
notice.
    Chairman Shelby. Okay. You see where I am coming from.
    Chairman Muris. Oh, absolutely, absolutely.
    Chairman Shelby. We had the horror story of the young man 
that Senator Dodd talked about, the young army captain, and his 
life has been ruined because of identity theft and everything 
that goes with it.
    Chairman Muris. Look, I completely agree about the horrors 
of identity theft. We spend a lot of time working on identity 
theft. I think this system is ingenious, and because of the 
adverse action notice, because of the risk-based pricing that 
you are talking about, there has developed a large situation 
which did not exist when the statute was passed, and we need to 
fix that.
    I personally have a less risk-averse attitude about looking 
at consumer reports--until I went through the confirmation 
process, when it turned out there was a wrong address in my 
credit report which was not relevant for credit, but it was 
relevant for my confirmation. That was the first time I had 
ever looked at it. And I think that is a fine rule for me, and 
if somebody else wants to have a different rule of their life 
and spend more of their precious time reading their credit 
report, I think they should be able to do that.
    Chairman Shelby. I want to ask these questions for the 
record, because we are going to have votes, and we are going to 
have another panel, quickly. And you can do it, Mr. Chairman, 
for the record, as soon as you can.
    Chairman Muris. Yes, sir.
    Chairman Shelby. Do you believe the consumer has the 
ultimate responsibility for ensuring his or her credit report 
is accurate?
    Would providing consumers access to free credit reports 
enable them to be more proactive in ensuring accuracy?
    Doesn't greater accuracy ultimately benefit consumers, the 
credit reporting agencies, and credit providers--all of them.
    Do you consider a consumer credit report that contains 
incomplete information to be accurate?
    What is your understanding as to the efforts credit bureaus 
make to get furnishers to provide full-file reporting? I 
believe this was brought up earlier today--in other words, not 
to game the system and so forth.
    What incentives are there for furnishers to withhold 
information that we have read about at times?
    Do you think that the average consumer understands that 
they can suffer negative consequences because a firm they have 
a credit relationship with decides to--yes--underreport 
information regarding their credit history? Do you think they 
should be made aware of the underreporting activities of these 
companies?
    These questions we are interested in getting to.
    Chairman Muris. We would be glad to answer those.
    Chairman Shelby. At the end of the day and at the end of 
these hearings, which we are hoping to get to, we are 
interested in accuracy--which is very important on both sides 
of the aisle to everybody--because we should do everything to 
have the credit report accurate, because accuracy depends on 
money, doesn't it, and the cost, among other things.
    So, we are going to be working with you on this, and we 
appreciate your appearance here today.
    Chairman Muris. Thank you very much.
    Chairman Shelby. Thank you.
    Senator Bennett.
    Senator Bennett. The bells have not gone off for the votes 
yet, and I would just like a quick second round as well.
    I have been denied credit because of a credit report, and 
the credit report was entirely accurate. I have had some rough 
patches in my life where I have missed some payments and all 
the rest, and that is the only time I have seen my credit 
report. And yes, there were some errors in it, and frankly, 
there was difficulty getting them cleared up.
    But that was 20 years ago, and I have the feeling now that 
things are a whole lot better than they were because the 
bureaus understand that their livelihoods depend upon their 
being accurate. There was almost an adversarial relationship 
when I got involved in my situation. They did not care whether 
it was accurate or not; they were just selling it. And I think 
that the culture has changed rather dramatically from that time 
until now.
    I am a little concerned about the score, because I think we 
have a sense that the score is an absolute number. That is, it 
is an ``A,'' ``B,'' ``C,'' ``D,'' ``E,'' or ``F,'' and 
everybody knows what that means. I think the score is a guess 
from the credit bureau, and then the credit grantor puts his 
own score, based on his analysis, and marries it to the score, 
and pretty soon you have scores on top of scores, and it is not 
an ``A,'' ``B,'' ``C,'' ``D,'' ``E,'' or ``F;'' it is a 
reasoned judgment on the part of the grantor. And we may be 
opening the door of trying to turn something into an automatic, 
``Yes, I have a right because your score is 73, and 73 is a 
good enough score that I have a right to this credit.''
    And the credit grantor says, ``I do not care what the 
bureau score is. I have looked at the report, and I have put a 
different score on it, and I have put a different weighting 
here, and I am not going to give you the credit.''
    ``Oh, you have an obligation to give me the credit, and I 
will be back to Congress saying as long as I get a score that 
is above 65, I deserve this, that, and the other.''
    Is that concern well-placed on my part, or am I seeing 
demons here that do not really exist?
    Chairman Muris. Well, there are several different issues, 
Senator, and I would certainly be concerned with a fixation on 
the number and the score, because different companies use 
different models and different predictions, and if the 
information were presented to consumers in a way that 
overemphasized the number and overemphasized the importance and 
underemphasized the explanation of how the system works and, 
most important, we need to provide people with information 
about how to maintain good credit.
    So, I can see some misuses, probably unintended, in how we 
present that information. I think we have got to be careful in 
how we present it, and we would certainly be glad to work with 
you.
    But if we are going to provide people information about 
their credit report and how the system works, it seems odd to 
me that we would withhold the score. There is no one score, of 
course, but I think it is important, very important, crucially 
important, that we not overemphasize the significance of the 
number, and that we put the thing in context.
    Senator Bennett. Okay. We are on the same page here, 
because we all want the consumer to be able to get accurate 
information and complete transparency. My concern is that if we 
focus on the score, we run the risk of distorting the 
information so that the consumer then starts to argue, as I 
said, that he has rights. And this is a guess--the score is an 
estimate--and if we surround the score with the kinds of 
caveats that you have talked about, I get a little less 
concerned about revealing it to----
    Chairman Muris. We certainly do not want to encourage 
people to spend a lot of their time correcting ``S's'' and 
``F's''--unless it has some particular consequence, which it 
may--given the last name ``Bennett,'' there could be confusion 
between two people.
    Senator Bennett. Thank you.
    Chairman Shelby. Senator Sarbanes.
    Senator Sarbanes. Chairman Muris, there has been enough 
testimony. There are real problems that exist, and the FTC has 
got to step up to this challenge, and we are looking for you 
all to do that. I think it is imperative that that be the case. 
I just want to leave you with that observation, that is all--I 
am not seeking an answer--well, the answer I am seeking would 
be in your actions.
    Chairman Shelby. Absolutely.
    Mr. Chairman, we thank you for coming.
    I am now going to introduce the second panel before we 
start our votes. We apologize for the length of the hearing, 
but I think it is very, very important.
    Chairman Shelby. Our second panel will consist of Mr. 
Stephen Brobeck, Executive Director, Consumer Federation of 
America; Mr. Stuart Pratt, President and Chief Operating 
Officer, Consumer Data Industry Association; Mr. Richard 
LeFebvre, President and Chief Executive Officer, AAA American 
Credit Bureau; Mr. David Jokinen, a consumer witness; and Mr. 
Evan Hendricks, Editor of Privacy Times, which Senator Sarbanes 
alluded to earlier.
    We appreciate all of you appearing today. Your written 
testimony will be made part of the hearing record in its 
entirety, and if you could sum up your best points quickly, we 
would appreciate it.
    Mr. Brobeck, we will start with you.

                  STATEMENT OF STEPHEN BROBECK

       EXECUTIVE DIRECTOR, CONSUMER FEDERATION OF AMERICA

    Mr. Brobeck. Thank you, Chairman Shelby, Senator Sarbanes, 
and Members of the Committee.
    My name is Stephen Brobeck, and I am Executive Director of 
the Consumer Federation of America. We very much appreciate the 
opportunity to give testimony about the need for the Fair 
Credit Reporting Act to ensure accurate credit report 
information.
    Let me begin by saying that considering the challenges it 
faces, our credit reporting system functions relatively well. 
These challenges include keeping track of billions of important 
changes in the credit histories of nearly 200 million 
Americans, and doing so when the furnishing of information by 
lenders is voluntary.
    Yet these challenges have to be met because of the growing 
influence of this information and the related credit scores. 
Increasingly, these credit scores determine whether a consumer 
can purchase a mortgage loan, a consumer loan, auto insurance, 
homeowners 
insurance, a rental unit and utilities, and at what price; and 
increasingly, these scores influence whether Americans can 
obtain and retain a job.
    As well as being secure, credit report information and 
scores must be accurate. This is especially important for those 
millions of consumers near availability and pricing points. For 
those individuals, relatively small errors can mean the 
difference, for example, between credit offers and denials and 
between prime and subprime loans.
    Our research, for example, estimated that millions of 
Americans who should qualify for conventional mortgages are, 
because of inaccuracies, offered subprime mortgages instead.
    Here, it is important to stress that errors of omission can 
be just as damaging to consumers as are errors of commission. 
If credit files, for example, do not include a credit account 
in good standing or even just the related credit limit, the 
loss of points could be just as great as if the file included 
an erroneous 30-day delinquency.
    So what evidence do we have of the accuracy of the 
information in credit files? There are really two methods of 
usefully assessing accuracy. The first is observing consumer 
complaint behavior or surveying their experience. While useful 
in assessing consumer satisfaction, this method is not always 
reliable in assessing accuracy because of consumer lack of 
knowledge or inertia. The absence of consumer complaints, or 
even perception of credit report accuracy, could reflect 
numerous factors including lack of understanding of how to 
access or understand credit report information such as credit 
limits, or how to correct any inaccuracies.
    The second method is independent evaluation of the credit 
report information. An assessment by Government agencies or 
nonprofit organizations represents the most objective, unbiased 
type of evaluation. While these groups usually lack access to 
the credit files, during the past year, both the Federal 
Reserve Board and the Consumer Federation of America, in 
cooperation with an industry group, the National Credit 
Reporting Association, were able to assess the accuracy of 
information in many credit files.
    The Fed studied nearly 250,000 credit files from a single 
national repository, while CFA compared the scores from all 
three major repositories, reviewed more than 1,700 files in 
three regions of the country, and examined in great detail 
consistencies and inconsistencies in 51 representative files 
containing information from the three repositories.
    The findings of the two studies are generally consistent. 
Most important, both concluded that there was important 
information missing from many files that unfairly lowered 
credit scores. The Fed found, for example, that more than two-
thirds of the files it studied contained at least one revolving 
account that did not include information about the credit 
limit. This error of omission prevents a determination of the 
level of credit utilization which would lower a consumer's 
credit score.
    After the industry provided a newer dataset, the Fed still 
found that the files of about one-third of people with a 
revolving account failed to include information about the 
credit limit.
    In addition, the Fed cited evidence that some creditors 
report only derogatory information. The CFA study also 
discovered the absence of much positive information from many 
files. The principal reason for the frequently wide variance in 
credit scores among the three repositories, which for 4 percent 
of consumers studied was greater than 100 points, was 
significant differences in the information contained in the 
three files.
    Errors of omission tending to lower credit scores included 
the failure to report credit limits on revolving accounts, 
revolving accounts in good standing, and mortgage accounts with 
no late payments.
    Less frequent errors of commission that we did detect, 
however, included the inclusion of an account not belonging to 
the consumer, a false collection, or a false indication of 
bankruptcy.
    One way that lenders minimize the risk of using inaccurate 
information in credit files is to use only the middle credit 
score provided by the three repositories. But in general, only 
first mortgage lenders consider all three credit scores. 
Usually second mortgage lenders, consumer lenders, insurers, 
and others use the scores of only one repository.
    If these scores tracked median scores, potential biases 
would be minimized--but they do not. The scores of one 
repository are far more variable than are the median scores of 
the three major repositories, and in addition, even the median 
scores reflect errors of omission and commission that could 
result in the unfair denial or overpricing of credit or some 
other important services.
    I have exhausted my time so I will save my recommendations 
for responses to your questions.
    Thank you.
    Chairman Shelby. Thank you so much.
    Mr. Pratt.

                  STATEMENT OF STUART K. PRATT

             PRESIDENT AND CHIEF OPERATING OFFICER

               CONSUMER DATA INDUSTRY ASSOCIATION

    Mr. Pratt. Chairman Shelby, Senator Sarbanes, and Members 
of the Committee, thank you for this opportunity to appear 
before you again. I guess I am trying to compete with Mr. 
Beales in terms of how many times I get to come back.
    Chairman Shelby. We will probably get you back again if you 
will come.
    Mr. Pratt. Thank you, sir.
    We are the Consumer Data Industry Association, and for the 
record, I am Stuart Pratt, President and CEO of that 
organization, and we do commend you for holding this hearing on 
accuracy. Accuracy is the lifeblood of how the credit reporting 
system works, and I thought, Mr. Chairman, that what you said 
in the beginning was right on--the law says that maintaining an 
accurate credit reporting system benefits everyone, and in 
fact, I think Senator Johnson said the same thing in his 
opening remarks.
    Accuracy is dealt with in the law in a couple of ways. We 
have heard about that. Consumer reporting agencies have to have 
reasonable procedure to assure maximum possible accuracy. In 
1996, data furnishers were included under the law for the first 
time, and they were also given an accuracy standard by which 
they must live.
    The marketplace drives accuracy for us, and it is one means 
by which we can try to measure the general success of consumer 
reporting. We have a better credit market than ever before, and 
we have safety and soundness well in hand, I think, and those 
are certainly good metrics, I think, by which to measure the 
general performance of the consumer reporting system in this 
country.
    The marketplace also drives the consumer reporting agencies 
to compete on accuracy. This is what lenders do. They look at 
us carefully, and they expect us to produce accurate reports, 
and they expect us to produce reports that will allow them in 
turn to allow the consumer to drive off the car lot with a car 
with nothing more than, really, a promise and the consumer 
report.
    There is no doubt that ``accuracy'' is a tough term to 
define. I think we circled around that a little bit in some of 
the previous testimony. For example, inaccuracy is, as Mr. 
Brobeck testified, missing information, or at least that is a 
term that has been applied to it.
    I think it is a good time to remind all of us that in fact 
the consumer reporting system is voluntary. We cannot compel 
any lender in the country to report information. So, of course, 
while we do have data acquisition people out there every day of 
the week trying to convince every lender in the country or 
every furnisher to report to that particular consumer reporting 
system, there is no doubt that there will be some missing 
information because a small lender may just choose not to 
report to any or may just choose to report to the one with 
which they are most familiar, and that can happen in the 
marketplace.
    There is also no doubt that some consumers, because of how 
calibrated the decisions become with scoring, desire their file 
to be almost instantaneously updated so that if they wrote a 
check in a given month and paid down a balance, they would love 
for that balance to be immediately reported to the bureau. Most 
lenders report on a 30-day cycle. It is voluntary. The three 
bureaus cannot force a lender to report on a more frequent 
cycle. So the file is accurate as of the date reported, but may 
not be accurate in the eyes of the consumer, who says, ``Well, 
my gosh, I paid something down.''
    There are times when consumers misunderstand divorce 
decrees, there are times when consumers misunderstand how a 
court may make a decision about whether or not a contractual 
credit obligation is severable or not, and we do run into those 
sorts of perception issues with consumers and actually spent 
quite a bit of time with consumers on the phone when we look at 
their files, and they are looking at their files, talking to 
them about that. And there are times when consumers at the end 
of the day will say, ``You know, I guess that is right. That is 
how the law works. I may not be happy about how that law 
worked, but you are right in terms of my file; the information 
is accurate.''
    We have tried to put some contexts that are more metrics-
driven than all of this. For example, let us just set up a 
larger context. Two billion files are sold every year in this 
country, and interestingly enough, about 2 billion updates are 
reported to the credit reporting systems. There are 200 million 
consumer files in each of the nationwide consumer credit 
reporting agencies, and there are 30,000 data furnishers 
providing data into this system.
    Every year, about 16 million consumers obtain their file 
disclosure from the consumer reporting systems. That is the 
aggregate number for all three. That is their right under the 
law, and about 95 percent of those are free-of-charge. That is 
about eight-tenths of 1 percent of all files sold in the 
marketplace when you take that 16 million and put it into the 
context of how many files were sold.
    We do try to look at how consumers review their files. 
Sixteen million look at it every year. A little more than half 
those consumers never call us back. Our full statement for the 
record includes the fact that when you look at smaller 
populations, sometimes the contact rate--not the dispute rate, 
but the contact rate--is about 5 or 10 percent, which means 
that about 90 or 95 percent of the consumers who looked at 
these sets of files, as far as we can tell, thought that they 
were working well.
    We did look at the marketplace, in closing, and we asked 
some of our resellers, who are also members of the CDIA, to 
take a look at the mortgage marketplace. So, we had a review of 
about 189 merged reports--that is over 500 consumer in-files 
from the three national systems--and out of that, we asked them 
to identify when were they updated information to make sure it 
was as current as possible, and when was the data just 
absolutely wrong, and it was wrong as of the date reported. 
About 1 percent of the time, the data was wrong, at least in 
this study, and about 32 percent of the time, they were 
updating something in the record.
    I see my time has expired, and I appreciate the opportunity 
to be here and would be happy to answer any questions.
    Chairman Shelby. Thank you, Mr. Pratt.
    Mr. LeFebvre.

                STATEMENT OF RICHARD F. LeFEBVRE

             PRESIDENT AND CHIEF EXECUTIVE OFFICER

                AAA AMERICAN CREDIT BUREAU, INC.

    Mr. LeFebvre. Good afternoon, Chairman Shelby, Ranking 
Member Sarbanes, and distinguished Members of the Committee.
    My name is Richard LeFebvre, and I am President of AAA 
American Credit Bureau, a CRA reseller of consumer reports. I 
thank you for the opportunity to testify before you today on an 
issue that is fundamentally important to the American economy, 
as well as to individual Americans.
    The FCRA is a consumer statute--not an industry statute, as 
some would like you to believe. We are here to discuss 
accuracy, but first we have to define what an error is. An 
error is any misleading, incomplete, and/or outdated data which 
fails to convey the full and true picture of the consumer's 
credit reputation, credit risk, and creditworthiness.
    Accuracy comes in three facets--first, accuracy at the 
national repository level; second, at the CRA reseller level; 
and third, at the user level. This is explained in my prepared 
statement.
    Let me define rescoring. Rescoring is not credit repair. In 
a nutshell, rescoring is the updating of credit information 
that is in error, for a very large fee. This is not meant to 
say that all reports have inaccuracies and significantly reduce 
credit scores and increase credit risk.
    On repository error rates, the CFA/NCRA study, and a study 
that AAA conducted in 1999 through 2000 confirmed what we all 
knew. Please remember that these two studies only cover 
comparing data under 1681(e)(b) and not under 1681(i) 
reinvestigation. So the numbers would more likely be higher if 
a true reinvestigation were done.
    Industry will attack the study, but just remember that the 
two studies were conducted on consumers who were involved in a 
mortgage process, which many times is the better credit risk 
consumer.
    It astonishes me to this day how the same credit furnisher 
can report different information about the same account to all 
three repositories, but it is the common problem. Perhaps it is 
a ``Tower of Babel'' problem. CRA resellers stop performing. 
CRA resellers are supposed to follow reasonable procedures to 
assure maximum possible accuracy. This means that if any 
reseller sees differences in the reporting, they must verify 
the accuracy with the furnisher of the information to assure 
maximum possible accuracy. The reseller is now on notice that 
he cannot rely on the data coming from the repositories. The 
bar is raised to even a higher standard the minute the consumer 
disputes for a reinvestigation. The users of both GSE's must 
stop preventing CRA resellers from doing their duty under the 
FCRA. If not, consumers do not get the benefit of the bargain 
or the protection of the FCRA. If the FCRA requires CRA 
resellers to perform, but Fannie Mae and Freddie Mac will not 
accept that performance through their AU systems, then the FCRA 
is being undermined every day.
    Consumers cannot fight what they cannot see, and by not 
allowing transparency for consumers during the mortgage process 
by disclosing copies of their consumer reports, credit reports, 
and/or adverse action notices, we truly do not have 
transparency, at least on behalf of all consumers.
    Efficiencies in processing applications and increasing 
sophistication in credit underwriting rules should not be 
mistaken for assuring maximum possible accuracy. Indeed, 
automated systems must not be allowed to interfere with these 
requirements of the FCRA and/or the opportunity of consumers to 
dispute.
    For example, Mr. Smith applies to buy a home, puts into 
escrow his entire life savings as a nonrefundable deposit, as 
required in most real estate transactions. He knew when he 
checked his credit report 6 months ago that it was great; but 
now he finds out he is a victim of identity theft, fraud, or 
inaccuracies. This is where many times, consumers find out for 
the first time they are victims.
    He calls ABC reseller, who is prohibited from helping him 
under H.R. 2622, or currently in any AU system. This changes 
the FCRA and the FTC's consent order with Credco. So the 
consumer is faced with two options--first, walk away from the 
property he selected and lose his deposit because the real 
estate contracts do not allow refunds unless you have been 
turned down; or, second, he would take the subprime A-minus 
loan, which changes the rate considerably, the terms may 
require more down payment and may even include a prepayment 
penalty.
    This is a decision that consumers should not have to face 
when buying a home, which is many times the largest consumer 
purchase, their life savings and their future financial nest 
egg.
    Does the consumer deserve adverse action in this example? 
Yes.
    In closing, inaccuracy leads to higher rates and terms. It 
also leads to increased credit risk for new lenders, lowering 
consumers' creditworthiness, credit reputation, and harming the 
consumer and the lender who lost the chance to do a good loan.
    Lenders, the GSE's, and the repositories are taking away 
consumer choice because they are forcing consumers to check 
their credit files in advance, or buyer beware and/or be ready 
to pay extremely high fees for rescoring or higher fees and 
costs for a mortgage. It is a position that consumers should 
not have to face. All consumer reporting agencies are to assure 
maximum possible accuracy, or are we just giving lip service to 
the banking industry and to the consumer whom we are trying to 
protect?
    I thank you, Mr. Chairman, for the opportunity to testify 
and present my views, and I would be happy to answer any 
questions you may have.
    Thank you.
    Chairman Shelby. Thank you.
    We have about 50 seconds left on a vote, and there may be 
two votes. So, we are going to come back--I know I will--and we 
will try to let you two testify and then probably have some 
questions for the record.
    We will stand in recess until we can get back in a few 
minutes.
    [Recess.]
    Chairman Shelby. The Committee will come back to order.
    We will continue with our panelists. Mr. Jokinen, we 
welcome you here today. Your written testimony, as I said 
earlier, will be made part of the record. You can tell we are 
dragging the hearing on all day, but please sum up your 
pertinent points.

                 STATEMENT OF DAVID A. JOKINEN

                       SUGAR LAND, TEXAS

    Mr. Jokinen. Thank you very, very much. I appreciate it.
    It is not my desire to be here today, but I do have a story 
about being declared a ``dead man walking'' for over 2 years 
that I think is important.
    Chairman Shelby. You look alive today, though.
    Mr. Jokinen. Yes. On certain days, I have to check my 
pulse.
    Chairman Shelby. I want to hear your story.
    Mr. Jokinen. I have a little background information in my 
testimony that simply says that I have a dual master's from MIT 
and Harvard, and I have been a professor in Europe, so I am not 
unsophisticated in trying to resolve this, but it has taken me 
over 2\1/2\ years, and I still do not have it resolved.
    Chairman Shelby. Tell us what happened.
    Mr. Jokinen. Yes. My mother died on April 30, 2001. She was 
95 years old. She had three credit cards with three different 
banks which I was a cosigner on, because at the end, her hand 
was too shaky to sign, and I was cosigner for her Social 
Security checks.
    I contacted all three banks immediately, sent death 
certificates, and said, ``Please, I will honor any bills that 
she has, but please clear this up. And since I was a cosigner, 
if it is agreeable with you, I would like to be able to use 
these as cards of my own after your time period--whatever you 
need.''
    All three said fine. The Bank One card got cleared up in 2 
weeks; People's Bank, a little company in Connecticut, got 
cleared up in 2 weeks; and Chase Bank has been an ongoing sore.
    Right now, I have two cards with me from the Chase account 
that is disputed, and I have two more cards at home that they 
keep sending me, with my name on them, and they have extended 
my credit on that account 10 grand--but I am still declared 
dead. So it is a case of the left hand at Chase Bank not even 
knowing what the right hand is doing.
    Chairman Shelby. Have you gone to the doctor lately to see 
if you are really alive?
    Mr. Jokinen. Yes. Every now and then, I have a checkup--
about as often as I read the credit bureau reports.
    But really, when it starts to hurt is when you go for 
refinancing--and you have talked about home mortgaging--and 
that is when I really discovered the problem.
    Chairman Shelby. Absolutely. That was our point earlier 
today.
    Mr. Jokinen. Yes, exactly. You have to get three bureau 
scores; but only one score showed up when I went for 
refinancing 2 years ago, much to my surprise. I said, ``Oh, 
what is going on here?'' I had no idea that this was possible. 
I grew up in the Midwest, and I honestly assumed that Federally 
regulated systems work. I read all the nice platitudes about 
the Fair Credit Reporting Act, and I said something is crazy 
here--this does not make any sense.
    So, I got a copy of the FTC rules, and I filled everything 
out and sent it in. I have done that 12 times in 2 years.
    Chairman Shelby. Twelve times?
    Mr. Jokinen. Twelve times, to the credit provider, plus to 
the three bureaus. There used to be a Book-of-the-Month Club--
now we have David's Death-of-the-Month Club. I have no idea 
from month to month whether I will have one bureau, two 
bureaus, or three bureaus saying I am dead. Sometimes none of 
them delcare I am dead that month.
    Chairman Shelby. And how many years has this been going on?
    Mr. Jokinen. Over 2 years. We used to have a 30-day rule 
that I heard about someplace. I am on the 714th day with this 
problem. I do not know where the 30-day rule applies.
    I have communicated with Chase Bank, in writing or fax, 12 
times. It is such an obvious error that I have been able to get 
the staff at Chase and at the three bureaus--which I now call 
``the Three Stooges''--to talk to me candidly because they know 
the story. They know it is so ridiculous on its face, that they 
start to tell me what is really going on in their own corporate 
back yards.
    So, all of a sudden, I am no longer naive. I have become 
very wise--or battle-scarred, I should say--as to what really 
goes on.
    A mortgage banker friend of mine 2 months ago said, 
``David, before the rates go up, you have got to get your house 
refinanced.'' So he found a sophisticated lender to whom I 
explained the whole story of the Death-of-the-Month Club. He 
said, ``Well, we have to get a letter from the Federal 
Government saying you are alive.''
    I said, ``How do you do that?'' He said, ``That's our 
problem. We'll figure it out, and you just do it.''
    Chairman Shelby. How would they know you are alive?
    Mr. Jokinen. Well, I will tell you the story--I have the 
letter right here--I did not include it in my report.
    Chairman Shelby. Go ahead, sir.
    Mr. Jokinen. What happened was that particular month, I had 
two credit bureau scores that we could not get. The idea was 
that since the secondary market is now controlled by Freddie 
Mac and Fannie Mae with guidelines, if they got somebody from 
the Government to say that I was alive their underwriters would 
approve my loan. This is like the old story about Santa Clause 
having the post office endorse him for being alive, that old 
``Miracle on 34th St.'' movie classic from years ago.
    They said why don't you go to the Social Security office--
because I am older than 65. They know me down there. I walked 
into the Social Security office and said I would like a letter 
saying I am alive. They looked at me totally nonplussed. It 
kept going higher up their management ladder until finally, the 
office manager in the Houston office came and said, ``It is not 
in our Federal handbook how to do this. Do you mind if I call 
Washington?'' I said, ``No. I can stay here all day.''
    That man from Washington wanted to talk to me to make sure 
that I was a live person talking. Afterward, they started 
laughing, because it just became obviously ridiculous.
    So, I now have this letter from Social Security--which they 
said they had never written before--saying that I am alive. I 
did not put it as part of the evidence, but I think it is a 
classic document.
    Chairman Shelby. It is good.
    Mr. Jokinen. I got my mortgage.
    Chairman Shelby. Can you furnish a copy of that letter for 
the record?
    Mr. Jokinen. Oh, yes, sir, absolutely, absolutely.
    So, I finally got my mortgage. When I look at my out-of-
pocket costs, hard dollars, it is about 250,000 hard dollars 
that this credit mistake has cost me in the last 2\1/2\ years.
    Chairman Shelby. Two hundred fifty thousand dollars.
    Mr. Jokinen. Yes, sir, yes, sir.
    Chairman Shelby. Oh, gosh.
    Mr. Jokinen. Yes. And I have documented that in my written 
report as far as where it went.
    And then, the emotional truama--my mother was the longest 
living tuberculosis victim from World War II who lived on half 
a lung. She was in a TB sanitarium for a couple years when I 
was a little kid in elementary school. I did not see her for 3 
years. She had one lung removed; this was called the 
``pneumonectomy,'' and it was a standard medical procedure back 
then. They do not do it anymore; it is rather barbaric for a 
medical procedure.
    But when she was being released, the doctor said, ``Mrs. 
Jokinen, you have about 2 to 5 years of life-expectancy, 
because you will now be overworking the other remaining half of 
your lung with your whole body's use. It wears out very 
quickly. That is what the survival averages are, and we just 
want you to be aware of that.''
    She looked at the doctor and said, ``Sir, I will decide 
this matter with my maker, and just because you have `M.D.' 
after your name does not mean that you are going to tell me 
when I am going to leave this earth.''
    When I contacted the TB Association and the American Lung 
Association, they had never heard of anybody living that long 
with half of a lung. They are now checking the world records. 
They have told me that she probably outlived anybody.
    But at the end, she had a couple of years where she was 
really in pain, coughing up blood, living in a wonderful 
nursing home. I relived her agony every time I get a notice 
that I am dead this month. I go through this sad memory, and it 
is really excruciating--I can feel my bones shiver.
    Chairman Shelby. There has to be a better way, doesn't 
there?
    Mr. Jokinen. Oh, I think so. And I am at your mercy to do 
so. I made a suggestion as to how to solve the problem.
    Chairman Shelby. Go ahead, sir.
    Mr. Jokinen. To me it is a very simple problem to solve. 
When I started getting the real story from the back office of 
``the Three Stooges'' and Chase Bank, their own people told me 
what would stop this ridiculous stuff. It is a faceless, 
nameless person to whom you ``The Consumer'' talk to. You never 
have that person's name the next time you call in, the consumer 
contact staff at Chase Bank and the 3 credit bureaus said, ``We 
have to be made accountable, but nobody in management wants to 
do it.''
    So, I thought about this process when I was asked to come 
here. I have been a stockbroker licensed by the NASD and the 
SEC. That is what this FCRA needs. What I suggest is that the 
FTC or somebody stronger than them have the same power that the 
SEC has. Take this credit industry and make a self-regulatory 
agency within the industry; and paid for by the industry. Every 
human being who has contact with the consumer must be trained. 
They are not licensed or trained professionally at the moment. 
I asked them what their backgrounds were. Once they are 
licensed, they must also take continuing education programs. If 
they are licensed, they can lose their license to work in that 
industry. Not only will they be individually licensed, but also 
the three bureaus and all the information furnishing people and 
companies will be licensed. This is a much more precise and 
easy way to enforce accuracy. What we have now is industry 
promoted fairy tales. I feel the ``Fair'' Act is a ``fairy 
tale'' Act. It has wonderful words, it sounds great; but 95 
percent of the players do not follow it. There are no teeth in 
the existing Act. I am just trying to create a sense of 
consumer accountability. It is a real simple and inexpensive 
solution.
    Thank you so much for your time.
    Chairman Shelby. We appreciate your experience, and I 
believe you are alive, too, sir.
    Mr. Jokinen. Yes, last time I looked.
    Chairman Shelby. Mr. Hendricks, thank you for your 
patience. We also thank you for what you have done over the 
years.

                  STATEMENT OF EVAN HENDRICKS

              EDITOR AND PUBLISHER, PRIVACY TIMES

    Mr. Hendricks. Thank you.
    I want to start by thanking my Senator from Maryland, 
Ranking Member Sarbanes.
    Chairman Shelby. Absolutely. Senator Sarbanes has another 
meeting, and I do not know if he can get back, but he wanted to 
express his regrets.
    Mr. Hendricks. It was a kind introduction, and over the 
years, he has made us proud by consistently doing so well for 
our State.
    And I have to thank you, Mr. Chairman, because you are 
giving hope to the American public that we might actually make 
some improvements in the system that has such a deep and 
profound impact on their lives, so thank you for your 
leadership.
    Chairman Shelby. I will tell you, Mr. Hendricks, you can 
tell from the record we are building, and both sides of the 
aisle, Republicans and Democrats on this Committee, that we are 
going to make some changes. We are going to make some good 
changes, and I think it will be good for industry, and it is 
going to be good for the American people, because it is too 
important to ignore.
    I think Mr. Pratt, Mr. Brobeck, all of you, would think 
that. Now the question is to do it, and as Senator Corzine, 
Senator Crapo, Senator Allard, Senator Enzi--we all want to do 
it right, and this is the time to do it, is it not?
    Mr. Hendricks. Oh, we could not agree more, and you being 
in this position reaffirms my faith in God. Thank you.
    Chairman Shelby. Oh, do not go that far.
    [Laughter.]
    Mr. Hendricks. Well, we have miracle of credit, and we have 
the FTC Chairman granting other miracles, and thanks to Mr. 
Jokinen, because he can show us that just because thousands of 
lives are being ruined, we can still have a few good laughs, 
too; right?
    Chairman Shelby. He has the humor; he has not lost that, so 
you know he is alive.
    Mr. Hendricks. Yes. Let us walk through the accuracy 
problem. In a practical sense, accuracy is not necessarily the 
priority of the credit reporting system.
    The credit bureau's job is to make sure they do not miss 
anything in your credit history, because if they disclose a 
credit report, and they miss something bad, the credit granter 
will blame them. So, they have to maximize the amount of 
information they possibly disclose about a consumer, and to do 
that, they use what is known as partial matches--partial 
matches of names, partial matches of Social Security numbers. 
This can work, and it can also be a major cause of inaccuracy.
    At the end of my testimony, I printed out some examples of 
how Judy Thomas of Klamath Falls, Oregon was mixed with Judith 
Upton of Stevens, Washington, because their Social Security 
numbers were one digit different, and the algorithm just 
assumed it was a mistake and they were the same person.
    Myra Coleman of Itta Bena, Mississippi was mixed with Maria 
Gaytan of Madera, California. The person had used Ms. Coleman's 
Social Security number, so it was an exact match on that, and 
that wiped out all the differences in their names and locations 
and allowed Ms. Gaytan to basically have a joyride in an 
identity theft situation.
    It is maddening when they mix files; it is more maddening 
when they cannot seem to unmix them, and that gets us into the 
reinvestigation and the problems with----
    Chairman Shelby. Excuse me. Why can't they unmix them--and 
we have heard stories here last week, 2 weeks ago. Go ahead.
    Mr. Hendricks. There are several reasons. One, I think the 
volume of these partial matches creates such great volume--and 
if Senator Bennett were here, he would hear me say that there 
are approximately 7,000 to 10,000 disputes a day at a credit 
bureau. Capital One has seen its disputes go from 1,000 a day 
18 months ago to 4,000 a day currently. That creates volume. So 
they have to create an automated system to deal with this, and 
the automated system boils down to the person you described at 
the credit bureau, reducing the dispute to a two-number or two-
letter code that they transmit--let us say Judy Thomas writes 
in and says ``This is not mine; I never had a credit card with 
you''--and the credit bureau then, instead of relaying all the 
relevant information, just transmits a two digit code to say, 
``Consumer says not mine.''
    The credit granter then responds with a code to the credit 
bureau saying, yes, we reported that Judith Upton was 
responsible for this account, and then the credit bureau says 
it is ``verified as reported.'' That is how they define a 
``reinvestigation,'' and that is how they define ``verified.''
    So, it is extremely problematic, and that is why this loop 
continues. And also, in terms of why does information get 
reinserted, when the subscribers or their furnishers submit 
their tapes every month, again, the credit bureaus use many of 
the same algorithms, and those algorithms will throw the 
information back into the file, unbeknownst to the consumer.
    The thing about the system is that the credit bureaus to my 
knowledge have an official policy that if you sue or you 
threaten to sue, you get priority status. So, we have created a 
system where pretty much if you want to get your credit report 
corrected, and you have a situation like this--and many other 
consumers have--you have to litigate. That is why we think we 
need to have minimum statutory damages per violation, the right 
to go to small claims court and stay there, and a catalyst 
theory for attorney's fees. And also, the FTC has now endorsed 
the reinvestigation duties extended to the credit granters.
    The thing about damages is that every time they get into 
court and hear the story about Mr. Jokinen or people like him, 
the credit bureaus say, ``That is too bad, but you were not 
really damaged.'' So there are a lot of things we can do to 
specify what every Committee Member here has said, that this is 
extremely damaging to people.
    Another good study that Mr. Brobeck cited is the Federal 
Reserve Board study which said that they could not rely on 
credit bureau data to predict the economy. But the Federal 
Reserve Board said, ``What do we do about this?'' Well, we can 
improve access to people's own credit reports and consumers 
have to be more vigilant about access.
    That is why the free access one per year is a good idea, 
but I think we can take it to the next level. I think we have 
to have the goal of plugging people into their own consumer 
reports the way that all the credit granters are plugged into 
all consumer reports. And the good news is that the credit 
reporting agencies have created the infrastructure for this 
with their monitoring and alert services.
    The bad news is they charge excessively for it--$80 to $120 
a year to sell back to you your own data--but the advantage of 
this kind of system is fantastic, because it reduces the cost 
of getting notice and a bunch of other things which I will not 
go into.
    But I think also here is a win-win in Mr. Pratt--may I call 
you Stuart----
    Mr. Pratt. Stuart is good.
    Mr. Hendricks. --okay--this is where we can actually get a 
win-win, because if they have a million people paying $80 a 
year, that is $80 million; but if we get 30 million people at 
$10 a year, that is $300 million. And then they can hire enough 
dispute handlers so they can have a better dispute process.
    So, I think there is clearly a win-win here, and I think 
the Act can do this by capping the price of these services just 
as it does the price of a credit report.
    In conclusion, I would like to say a note about the 
prescreening issue. I think Senator Sarbanes cited our study 
from Privacy Times from a few weeks ago, that now we know 
criminal gangs are systematically targeting mailboxes and 
stealing mail for preapproved credit offers, convenience 
checks, whatever personal information they can get. If they 
cannot turn the instrument into cash itself, they sell the 
information to a fence.
    I talked to five postal inspectors. It is very 
authoritative stuff and very scary.
    I think now that the FTC has demonstrated that the Do Not 
Call Registry is something that is very important to Americans 
with junk phone calls, I think the next thing we have to look 
at, and that we recommend, is that we need to have a ``Do Not 
Mail Me Financial Data and Offers Registry'' for people who 
know they do not want the risk of having their mailbox hit.
    So just strengthening the preapproved, prescreening process 
is important, but I think we need to take it to the next level 
to handle the problem.
    Thank you.
    Chairman Shelby. I thank all of you for your testimony.
    I am going to ask some questions now--and you can tell we 
are really pressed for time--and then we are going to have a 
number of questions for the record that I hope we can submit to 
you.
    Mr. Pratt--as fast as I can go--you provided a lot of 
information to the General Accounting Office that touches on 
inaccuracy in consumer disputes. From this submission, I have 
not been able to make out any definitive information with 
respect to the total--yes, total--number of disputes consumers 
lodged with the three big credit repositories.
    Is the number the same as the 16 million file disclosures 
that are made each year, or is it something more, something 
less? Could you tell us quickly the total number of disputes 
that are made to the credit bureaus--and when I say ``the total 
number of disputes,'' for the record, we want you to include 
disputes made over the phone, through the Internet, through the 
mail, and by way of other means by which consumer dispute 
communications can be made.
    Can you answer that now, or do you want to answer that for 
the record?
    Mr. Pratt. I think because of the particular detail of the 
question--there are many parts to it--I would like to answer in 
writing for you, Senator Shelby.
    Chairman Shelby. That would be good.
    Mr. Pratt. But Mr. Chairman, just very quickly, out of the 
16 million consumers who look at their files, we estimate that 
probably a little less than half of those consumers pick up the 
phone and call us back. You have seen some populations in our 
testimony where we said people who looked at their files--many 
of those consumers are adverse action consumers; 84 or 85 
percent of the files we issue for adverse action, which is one 
of the reasons why you can get a free file. So the rate of 
calls seems to be higher, because I think a lot of people call 
so they can ask, ``Why was I declined?''
    So, we do educate consumers, and I am drilling down to try 
to get you a better number on that, and we will be happy to do 
that. I recognize that in our testimony, we are not absolutely 
black and white. We did try to drill down and say that we get 
about half again as many calls, and then--it depends--25 to 30 
percent are disputes, and then the nature of those disputes, 
and as we have said before in our testimony, disputes do not 
always equal inaccuracies. Disputes are sometimes actually 
about information that is accurate as to the time reported--but 
I would like to get that updated a little bit.
    Chairman Shelby. But it seems to me that whether you 
represent industry or consumers, or just a citizen consumer 
like most of us, that the key to all of this is the accuracy--
what goes in and what comes out has to be as accurate as we can 
possibly make it to improve the system. That is in the interest 
of the industry as well as, but ultimately, it affects the 
consumer greatly.
    Mr. Pratt. There are instances where--and obviously, I have 
had a couple of conversations with Mr. Jokinen and similarly 
with Captain Harrison when he was here as well--those are 
learning moments where you learn something about the system. 
There are some contexts that I could share with you about some 
of that along the way, but there is no doubt the goal is learn 
from that, Mr. Chairman--not to simply say, well, gosh, that is 
one instance, and let us just move past that one.
    Chairman Shelby. That is why we are holding these hearings 
for the record, because we have never done it before.
    Mr. Pratt. Yes, sir.
    Chairman Shelby. Would everyone agree that an error as 
significant as yours, as to whether or not a person is alive or 
dead, should be quickly recognized and permanently resolved--
yes or no?
    Mr. Pratt. Yes.
    Chairman Shelby. Everybody says yes.
    Mr. Jokinen. Yes.
    Mr. LeFebvre. Yes.
    Mr. Pratt. May I just add--if we can verify it. We were 
last year in hearings--
    Chairman Shelby. There has to be a way to do it and do it 
quickly, though, doesn't there?
    Mr. Pratt. If we can do it quickly. Let me just add that 
one of the keys--and I am not at all denigrating in any way or 
trying to in any way reframe Mr. Jokinen's testimony.
    Chairman Shelby. It has to be difficult. He is well-
educated.
    Mr. Pratt. My gosh, yes, a lot more than I am. Last year 
and in the year prior, with September 11, we were asked why 
could a Social Security number still be used when it was part 
of the death master file of the Social Security Administration. 
So then we had hearings on the death master file, and we heard 
about how the NTIS could escalate the data to us, and then we 
learned that State agencies do not report data quickly enough 
to the Social Security Administration.
    One of the challenges for us is to be able to pull away the 
wheat from the chaff and make sure that we absolutely get it 
right the first time with Mr. Jokinen and then also absolutely 
get it right when the Social Security number should not be in 
circulation. Those are the two challenges.
    Chairman Shelby. Mr. Hendricks and Mr. Jokinen, quickly, 
what do you think--and I know you have already made some 
statements--what do you think it says about a system such as 
ours today that reports an obviously living person as dead, and 
then you cannot get the error corrected?
    Mr. Jokinen. I even asked Chase on the phone if they could 
prove that I was dead. I can prove that I am alive. And I asked 
them if they had a corpus delicti in a coldroom someplace, 
because I would like to come and match fingerprints, because I 
have been fingerprinted for 40 to 50 years, with all kinds of 
files, and they are always the same, so what do they have?
    Chairman Shelby. A writ of habeas corpus would produce a 
body, wouldn't it?
    Mr. Jokinen. Yes, that is right.
    Chairman Shelby. If you were breathing, you would be all 
right.
    Mr. Jokinen. Yes, exactly, and it got to that point, and 
still they did not correct it.
    Mr. Hendricks. And Senator, I think it raises serious 
concerns. The truism is circulating that this is the best 
system, which it is, or as Churchill said, ``the worst except 
for all the rest.''
    I am seeing signs of breakdowns like this on such a regular 
basis that I think we need a really deep, drilled-down look 
into the accuracy problem, and you have to wonder if there is a 
correlation to skyrocketing bankruptcy. Aren't these systems 
supposed to predict that so we do not have it, yet from the 
mid-1990's on, the bankruptcy rate has really gone up, and we 
need research on that.
    Mr. Pratt. Again, I would just like to add that in our 
testimony, we talk about how 16 million consumers look at their 
files every year, and less than half of them ever call back. So 
one of my concerns is about the difference between how we learn 
from certain patterns or even individual experiences, and the 
difference between that and the performance of the industry on 
a day-to-day basis, a week-to-week basis, a year-to-year basis 
in terms of how well the system does work.
    You do not have to try to reconcile those, because each is 
true. We need to learn from those individual experiences and 
make changes and improvements. And every year, the industry at 
the association level, through data format standards, which can 
be changed--for example, bankruptcy issues, Evan, that you 
raised in your testimony, the new format allows for better, 
more precise reporting. Some of that cannot be anticipated--we 
cannot be absolutely prescient about the future--so it is 
evolutionary, and you change over time with that thing.
    Now, if we could get everybody on the new format, we would 
have better data than the data on the old format. I think 
Richard would agree with that as well.
    Mr. LeFebvre. Absolutely.
    Mr. Pratt. But it is a voluntary system, and there are 
certain aspects of this, Mr. Chairman, that we can control. We 
cannot have access to the Social Security Administration--there 
are lots of good reasons for that--but that would allow us to 
authenticate whether or not somebody's Social Security number 
is really correct.
    Chairman Shelby. Then we would need IRS records, right?
    Mr. Pratt. It is dangerous to ask for access to a lot of 
Government data.
    Chairman Shelby. Resellers see each report that the big 
three bureaus prepare on consumers. This provides them a unique 
vantage point to get an understanding with respect to the 
accuracy of reports. The Banking staff contacted some resellers 
to get a sense as to some of the issues they come across. In a 
period of less than a week, the resellers found 13 files that 
contained inaccurate, delinquency information. Correcting these 
inaccuracies resulted in FICO score changes that ranged between 
6 and 80 points. They found 13 files that required correction 
of information related to bankruptcy filings. These corrections 
resulted in FICO score changes that ranged from 18 to 108 
points. They found a file with a fraudulent credit card account 
that, when removed, resulted in a 105-point FICO score 
increase.
    While these are some anecdotes collected over a limited 
period of time, the results are interesting. From your 
experience, sir, how representative do you think these reports 
are?
    Mr. LeFebvre. Senator Shelby, I was one of the first 
resellers back in 1998 who was allowed to rescore. In 5 years, 
the numbers that you have quoted are absolutely right on, if 
not higher. If you can remove the inaccuracy or get all three 
bureaus to agree on the same thing, scores dramatically go up. 
The more recent the inaccuracy removed, the more positive 
impact it has.
    Chairman Shelby. If the consumers whose credit reports I 
was referencing containing these errors had not been trying to 
obtain, let us say, mortgages on their homes or business, and 
had not had merged files prepared, is it likely they would have 
come across these errors?
    Mr. LeFebvre. Absolutely not.
    Chairman Shelby. Mr. Pratt, I want to come back to you 
again. In your written testimony, you indicate that--and I will 
quote--``Accuracy of reports is elemental.'' That is true. It 
is elemental. The whole system requires accurate reports. We 
all, I think, agree to that.
    Later in your testimony, Mr. Pratt, you indicate--and I 
quote again--``We could do an even better job if everyone used 
our newest data standard and also if every one of the 30,000 
furnishers of information would also use the online system for 
processing consumer disputes.'' I believe those were your 
words.
    Mr. Pratt. Yes, sir.
    Chairman Shelby. I assume that by ``we,'' you mean the 
credit repositories.
    Mr. Pratt. Yes--although when you look at-large at the 
community of furnishers who are providing data, I do not think 
you would find a single executive in a company who will say, 
``My goal is to report bad data'' or to declare somebody dead. 
But in the bigger picture, yes, the more we can run through the 
automated process--and I think Evan has made a couple of 
comments about one of the challenges of automation is that you 
have to automate, you have to communicate--in fact, the law 
required in 1996 that we build an automated system under FCRA 
to allow for error correction so that I could correct my error 
just once. It used to be historically that I could correct it 
in one file, and then it would be in another file, and I would 
not find out until later.
    So one of the challenges was to--and, in fact, lenders were 
obligated to report corrections to all nationwide consumer 
reporting agencies--it is always a challenge to try to convey 
with absolute precision the nature of the consumer's dispute, 
at the same time to do it quickly, at the same time to get it 
done in 30 days, and at the same time to handle----
    Chairman Shelby. Quickly and accurately.
    Mr. Pratt. Yes, sir, quickly and accurately--do not work 
coterminously all the time. We do have that challenge of doing 
both, yes, sir.
    Chairman Shelby. By the word ``better,'' I also assume you 
mean more accurate.
    Mr. Pratt. We definitely could be more accurate if that 
were the case.
    Chairman Shelby. Okay.
    Mr. Brobeck, I have raised the issue that we do not have a 
firm handle on the true level of accuracy in the system at this 
point in time. While your study provides--and I thought your 
study was very interesting--a sense of where things are right 
now, don't we need to be better-informed about this issue in 
the future?
    Mr. Brobeck. Yes. We know that at least a significant 
minority of consumers can be adversely impacted by inaccurate 
scores, even annually. We cannot at this point assign a 
specific number--
    Chairman Shelby. An inaccurate score will cost you over 
time possibly hundreds of thousands of dollars.
    Mr. Brobeck. Yes, sir, it could--if, for example, you 
purchase a subprime mortgage instead of a conventional 
mortgage, it could cost you well over $100,000.
    We would agree with the recommendation that a Federal 
Agency, perhaps the FTC, should be given the authority and the 
responsibility to continuously monitor this issue and also 
assume some responsibility for reviewing the dispute resolution 
process.
    Chairman Shelby. I think it is very, very important.
    Gentlemen, we have a lot of questions, as I said, for the 
record as we build this record. And I think we have a great 
opportunity here in the Banking Committee, here in the Senate 
and the House, to put together a comprehensive bill that will 
be good for the economy, that will be good for the financial 
services industry, but will be good for the American people.
    Mr. Jokinen. Mr. Shelby, if I may.
    Chairman Shelby. Yes, sir.
    Mr. Jokinen. This has been the best day I have had in over 
2 years. Thank you.
    Chairman Shelby. Thank you--and I want to say this--I will 
sign an affidavit--I believe you are very alive.
    [Laughter.]
    Chairman Shelby. The hearing is adjourned.
    [Whereupon, at 1:12 p.m., the hearing was adjourned.]
    [Prepared statements, response to written questions, and 
additional material supplied for the record follow:]
            PREPARED STATEMENT OF SENATOR RICHARD C. SHELBY
    This morning, we take up one of the most important issues, if not 
the most important, associated with the FCRA: The accuracy of the 
information contained in consumer credit reports.
    Changes in our financial services industries have made accuracy 
more important than ever. Credit report information is increasingly 
used as the key determinant of the cost of credit or insurance.
    By way of risk-based pricing, gone are the days when lenders merely 
lumped borrowers into the ``qualified'' or ``unqualified'' category. 
The use of risk-based pricing allows lenders to extend credit to a 
broader range of borrowers predicated on the assumption that borrowers 
receive credit terms which are commensurate with the credit risk they 
pose.
    As a result, credit report information has a direct impact on the 
amount and the interest rates at which credit is offered. With respect 
to large credit transactions, such as mortgages, rate differences can 
translate into hundreds of thousands of dollars over the course of a 
loan.
    Even in smaller dollar credit transactions, such as credit cards, 
rate differences can mean large amounts of money. Furthermore, with the 
practice of credit card companies reviewing credit reports and 
adjusting rates in real time becoming more prevalent, the application 
of risk-based pricing to consumer finances is practically an every day 
event. Let me try to further illustrate these points.
    This first chart provides some rough indication as to the effects 
that particular entries on a credit report can have on a person's 
credit score or credit worthiness. As is indicated, some entries, such 
as a bankruptcy filing can greatly reduce a person's credit worthiness. 
There is nothing wrong with this; consumers who have failed to pay 
their debts DO pose a considerable risk to creditors.
    But what if a bad rating is based on inaccurate information? What 
if you had never been bankrupt and such an item appeared on your credit 
report? The second chart highlights the spreads in interest rates that 
people with differing credit scores would pay for some sample products. 
As the chart shows, the differences are very real. So are the financial 
consequences. Consider the cost differences for a $200,000, 30-year 
fixed mortgage. A borrower classified as a ``marginal'' risk pays 
almost $90,000 more in interest than someone with an ``excellent'' 
credit rating. Someone classified as a ``poor'' credit risk would pay 
$124,000 more in interest than the person with ``excellent'' credit.
    Credit rating matters for other transactions as well. Someone 
financing a $24,000 new car with a ``marginal'' rating can expect to 
pay 127 percent more in interest (about $3,300) than a person with 
``excellent'' credit. Someone with ``poor'' credit can expect to pay 
255 percent more in interest (about $6,700). Again, what if the 
information that leads to a bad credit rating is inaccurate?
    With the rewards for good credit so meaningful, and the penalties 
for bad credit so severe, it is absolutely critical that credit reports 
accurately portray consumers' true credit histories.
    Thus, the focus of today's hearing--examining the FCRA and the 
operation of our credit markets to determine whether or not the present 
system provides optimum accuracy.
    With a system as large and complex as ours, involving the transfer 
of billions of pieces of information, it is almost a certainty that 
there are going to be some errors which occur. On the other hand, the 
credit reporting agencies are paid to properly handle the data.
    And furnishers, who also happen to be the largest consumers of 
credit report information, take advantage of the efficiencies provided 
by the system. Both derive significant benefits from this system. Both 
also have a significant responsibility to get things right.
    So let us consider: How and why do errors occur in credit 
reporting? Can more be done to prevent errors in the first place? If 
some errors are not preventable, does the system enable them to be 
quickly recognized? Who most efficiently recognizes them? Once 
recognized, does the system work to ensure that errors are quickly 
corrected?
    I look forward to examining these questions with the witnesses.
    
    
    
    
           PREPARED STATEMENT OF SENATOR CHRISTOPHER J. DODD
    Mr. Chairman, I want to thank you for conducting this hearing. 
Accurate credit reporting is essential to the proper functioning of our 
credit system and to the financial security of American consumers. Your 
strong leadership on this issue is greatly appreciated.
    Since its enactment in 1970, the Fair Credit Reporting Act has 
provided the framework within which our credit system has flourished. 
The vast majority--more than 75 percent of all U.S. households, I am 
told--participate in credit transactions that are likely to be the 
subject of credit checks and credit reports. If it weren't for the 
ability of credit issuers to quickly determine a consumer's 
creditworthiness, there is no doubt that less credit would be available 
to American consumers in general and the economy would suffer. Our 
modern consumer reporting system serves a purpose that benefits both 
consumers and businesses.
    However, to say that something is useful is not to say that it 
cannot be improved. The credit reporting system can be improved and I 
look forward to working with my colleagues to identify the best ways to 
ensure that credit reports do not contain avoidable errors. What is at 
stake is too important. Consumer's financial lives can literally be in 
the hands of the credit reporting agencies and the creditors who 
provide information to those agencies. I believe consumers have a right 
to expect that the information compiled about their financial dealings 
will be as accurate as is humanly possible. People will make mistakes--
we recognize that. But consumers must have a clearly articulated remedy 
for correcting errors when they to occur.
    A few weeks ago, we heard from a witness named John Harrison, a 
retired Army Captain from Connecticut who was the victim of identity 
theft. His credit reports very clearly contained erroneous information, 
misinformation that was deliberately planted there by a criminal--but 
Captain Harrison found it very difficult to get the bad data out of his 
reports. He was required to spend hundreds of hours and eventually had 
to leave his job because trying to clean up his credit was taking so 
much time. That is wrong and we need to fix that problem.
    I am encouraged by some of the Treasury Department's recent 
recommendations to strengthen the consumer protections contained in the 
Fair Credit Reporting Act. I think, for example, that the Department is 
right to suggest that consumers should have access to free copies of 
their credit reports and credit scores so they can identify problems 
for themselves. I also agree that we need to strengthen protections 
against fraud, identity theft, and the misuse of consumer credit 
information.
    Mr. Chairman, thank you for bringing this important issue before 
the Committee. Again, your leadership is greatly appreciated. I look 
forward to hearing from all of our witnesses, and I thank them for 
being here today.

                               ----------

             PREPARED STATEMENT OF SENATOR DEBBIE STABENOW

    Thank you, Mr. Chairman. Let me begin by saying that I appreciate 
the very thorough and methodical approach you have taken to examining 
the Fair Credit Reporting Act. I believe it is important that we move 
in a timely fashion to extend the expiring provisions of the Act to 
ensure that our credit system remains the envy of the world. But, I 
also strongly believe that we must be open to necessary modifications 
and improvements in the Act. We have an important opportunity to look 
at what has worked and what hasn't and to respond to changes in 
technology, our economy, and our ever-evolving understanding of 
consumers' needs.
    Today, we are going to be examining the issue of accuracy of credit 
reports. In many ways this is the linch pin in the entire credit-
granting system. If we cannot assure that this information is correct, 
it could cost consumers thousands and thousands of dollars through 
improperly inflated interest rates. It is, therefore, absolutely 
imperative that the companies who furnish credit data be certain that 
the 
information they keep on all of us is accurate.
    In addition, when that information is not accurate, consumers need 
a quick and easy resolution process. In a fast-paced society like ours, 
unnecessarily long delays in correcting inaccurate credit reports have 
profound consequences. They can lead to denial of a mortgage to buy a 
home or the steering into a subprime loan. They can lead to the 
inability to get a credit card or an unwarranted increase in interest 
rates on an existing credit card. They can also create reduced work 
productivity and extreme stress as consumers must take off work and 
spend countless hours trying to correct mistakes that occurred through 
no fault of their own.
    I believe that it is important to ensure that consumers have fair 
and expedient means to address inaccuracies in their credit reports, 
and I look forward to hearing some of the solutions proposed by our 
witnesses today.
    Let me also take a moment, Mr. Chairman, if I might, to say that as 
we prepare to mark up FCRA legislation, one other thing that I believe 
is absolutely essential in enhancing the way our credit system works is 
elevating the financial literacy of America's consumers. While laws and 
regulations can protect people, one of the most powerful weapons we 
have to protect ourselves from fraud and inaccurate information about 
our finances is education. I want to work with all of my colleagues to 
ensure that, as part of this process, the Federal Government is taking 
steps to improve its efforts on financial literacy.
    Again, I commend you and the Ranking Member, Senator Sarbanes, for 
your leadership on this issue. I look forward to hearing from our 
witnesses today and working with all of my colleagues to ensure a 
timely reauthorization and improvement of the Fair Credit Reporting 
Act.
    Thank you.

                               ----------

               PREPARED STATEMENT OF SENATOR WAYNE ALLARD

    I would like to thank Chairman Shelby for holding this hearing on 
the accuracy of credit report information and the Fair Credit Reporting 
Act. I am sure it will be a helpful part of our ongoing work to 
reauthorize FCRA.
    Americans have unparalleled access to goods and services, much of 
which stems from the fact that we have the most successful consumer 
credit system in the world. The Fair Credit Reporting Act has been 
instrumental in expanding the availability of consumer credit, which 
has in turn played a vital role in the U.S. economy.
    The 1996 Amendments improved FCRA's framework, allowing the free, 
fair, and accurate flow of consumer data. It is now important for us to 
evaluate and assess the successes of, and possible improvements to, 
this important legislation.
    Examining the accuracy of credit information may be one of the key 
issues that we consider. Inaccurate information is, perhaps, even more 
problematic than no information, for both consumer and lenders. It 
doesn't matter if FCRA allows quicker, easier, simpler credit decisions 
if it yields the wrong decisions.
    Further, an inaccurate record of one's credit history can make even 
the most simple financial transaction or inquiry burdensome or even 
impossible. Consumers deserve to have their credit history reflected 
accurately, and credit furnishers and credit reporting agencies have 
the obligation to provide and report accurate information.
    While there may be things we can do to improve the accuracy of the 
credit reporting system, we will realistically never reach a state of 
absolutely no errors. I believe that one of the strongest antidotes to 
errors is an informed consumer. In particular, I believe that consumer 
access to credit reports and credit scores will help catch the 
inaccuracies that occur.
    I was pleased to join with Senator Schumer in introducing the 
Consumer Credit Score Disclosure Act of 2003 earlier this week. Our 
bill would allow mortgage applicants to receive their credit score, 
along with other information such as specific factors that adversely 
affected their score. This information will help consumers better 
understand the importance of accuracy in the credit reporting process. 
I would encourage my colleagues to take a look at the bill and consider 
adding their name as a cosponsor.
    I look forward to hearing from our witnesses today on ways to 
enhance our current system and ensure the accuracy of people's credit 
information.



                 PREPARED STATEMENT OF DAVID A. JOKINEN
                           Sugar Land, Texas
                             July 10, 2003

    Mr. Chairman, Ranking Member, and Committee Members. Thank you for 
allowing me to appear today. I will share with you my 2-year nightmare 
of being declared a ``dead man walking.'' It is a little harder to get 
credit when the depositories report you as ``deceased.''
Personal Background
    I am a self-employed suburban businessman running my own real 
estate development firm. I am 67 years old. In the past, I have been a 
guest professor at 2 european universities, plus two graduate schools 
here in the States. I authored 3 books on engineering and architecture. 
They were published in Holland. I wrote them in a foreign language. I 
have also been an urban affairs/town planning consultant to numerous 
Governments in Canada, Europe, and the United States.
    I have also been a senior executive with a major department store 
chain. For the last 35 years, I have been a self-employed businessman.
The Day My World Turned Upside Down
    My 95-year-old mother passed away on April 30, 2001, in a Houston 
nursing home. I later discovered that because of a clerical error I 
also ``died'' that day.
    My mother had credit cards with 3 banks, (Chase Bank, Bank One, and 
People's Bank). I was also a signer on all three cards. Within 24 hours 
of her death I called all 3 banks to say I would honor my mother's 
bills; and would send them each a death certificate as soon as I got 
it. Two weeks later, I contacted all 3 banks to verify they received 
their copy of mom's death certificate. I also asked if it was now 
``okay'' for me to begin reusing their card solely in my name. All 3 
said ``fine.''
    Much to my surprise, I received a form letter from Chase Bank, 1 
month later, asking for a copy of mom's death certificate. I called and 
asked Chase Bank what they did with both the hard copy I mailed and the 
fax copy I sent weeks earlier. They casually said, both probably got 
lost in their huge filing system. Could I resend them another? This 
cavalier attitude prompted me to formally ask Chase Bank for a written 
confirmation that they had removed my mother's name and her Social 
Security number off this Chase Bank Visa card. I made that request more 
than 2 years ago. I have still not received their promised written 
confirmation. How long should I wait.
    Five months after mom's death, Chase Bank did send a different form 
letter. It said I was now the sole name on this Visa card. They also 
sent me 2 additional cards, (for this account) with my name on them, 
why? I do not know? I never asked for them? Both, Bank One and People's 
Bank had sent me their letters more than 4 months earlier.
Cascading Consequences of One Clerical Error
    Suddenly, this whole other world of credit bureau problems came 
crashing into my life. After some detective work, I discovered Chase 
Bank was the sole culprit reporting me dead to all 3 credit 
depositories. They ``mixed up'' my mother's death with my Social 
Security number.
    The 3 bureaus seemed to have embedded this error in different 
locations on their recirculating data loops. It seems that on each 
different month my death notice shows up from a totally different 
depository's report. They seem to be playing a perverted version of the 
``book of the month club.'' Only now, it is ``David's Death of the 
Months.'' It was becoming ghoulish. The whole thing was starting to 
send chills down my spine.
Two Out of Three
    The first time we noticed that 2 credit bureaus had declared me 
``deceased'' on the same month was later in the fall of 2001.
    Mortgage interest rates had been falling dramatically, so my wife 
and I decided to refinance our house. The mortgage broker called back a 
few days later, and said, ``We have a strange problem.'' Only one 
bureau gave her a credit score. Experian claimed they could not 
calculate a Fair Isaac score because David was dead. Equifax said their 
Beacon score was not available because the subject was deceased. Today, 
without 2 out of 3 credit scores, no one gets a residential mortgage, 
we certainly did not.
    I immediately purchased copies of my credit reports from both 
bureaus. Both showed Chase Bank reported me dead on one Visa Card. 
Ironically, I was still alive as far as my other Chase Bank credit card 
with them was concerned.
    I followed the FTC printed consumer guidelines for correcting these 
errors. I mailed in my corrections and waited 30 days. I then purchased 
new copies of my reports from both Experian and Equifax. I naively 
expected them to be clean. When the same dirt was still there, I called 
both bureau's and said ``Hello people, I am really not dead.'' Help me 
correct this.
    Both bureaus said the same thing. ``They had forwarded my complaint 
to Chase Bank, and Chase has not responded.'' I asked what is next? 
They said case closed. They harshly explained that I, as a little 
consumer, was not their client or customer. I was just another number 
for them to make money off. In this case, their client was Chase, (a 
rich bank); and their customers were all the other banks, retailers, 
etc., who regularly paid them big dollars for thousands of reports at a 
time.
    They just did not care if I was dead or alive, on paper, or in 
reality. Equifax told me to quit bothering them, and go away. Experian 
lost their temper. They threatened me by saying they would put more 
dirt on my report (so they could make more money) if I did not hang up.
Deal Directly With The Source
    Chase Bank was the only creditor reporting this problem. So, on the 
very next business day (in November 2001) I called, and faxed, Chase 
Bank. I asked them how a responsible and ethical bank could report such 
a malicious lie. Their only response was ``They were sorry if it 
bothered me.'' They said they would communicate with both Equifax and 
Experian saying that my death was an error and inaccurate. I said thank 
you. I thought that finally would be the end of it. That was how the 
Fair Credit Reporting Act was supposed to work. I finally slept sound 
that night, after months of agony.
    A few days later, I called to verify their correction process was 
in the works. I was shocked when the supervisor at Chase Bank gave me a 
noncommittal answer--saying, ``it was routinely handled.'' This 
supervisor refused to give me his name. Later, when I told a depository 
employee this conversation--they laughed. They said that it was 
``insider code'' for throwing my correction request into the trash can.
    It was at this moment of anger, plus insight, that I truly realized 
what a ``toothless paper tiger'' all the Federal legislation on credit 
protection really was. None of the ``Big Players'' in this industry 
obey any of these rules and guidelines set forth by Congress. They have 
told me, ``since there are no tough policemen daily watching their 
actions it was still ``business as usual.''
    Sure, the FTC makes a headline now and then with consent 
settlements against each of the big 3 depositories. But, they said that 
was only a minor irritant. The only action they might fear is 
legislation making their individual managers personally responsible for 
their groups' error rates, under penalty of hefty personal fines, and/
or jail time. They mentioned the SEC's forced collapse of Arthur 
Anderson and other firms.
A Serious Disconnect Between Words and Results
    I am a living case example of how our current fair credit reporting 
laws still do not work as intended. They sure sound great on paper.
    I remember reading (in 1994), the Senate finally shifted the 
``Burden of Proof'' for the accuracy of information off the back of 
individual consumers, and onto the shoulders of the 3 giant credit 
bureaus, and their associated creditors. That sounded wonderful. It was 
the fair thing to do. However, it is now 9 years later, and hardly 
anything has really changed. We, the consumer, are still stuck with the 
``burden of proving'' any ``error'' on our report is a fabrication, or 
``mix up'' from some other file.
    Over the last 26 months I have asked Chase Bank to either prove I 
am dead, or quit reporting that lie. ``Off the record,'' people at 
Chase Bank have told me that: (A) Until there is either a financial 
incentive, to correct errors, or (B) Until the penalty on both a 
company and it's staff is so severe it cannot be ignored ``little'' 
inaccuracies like mine will never be given the proper attention or time 
to get corrected.
I Had To Prove I Was Alive
    After 2 years of struggling to find any courageous lender to 
refinance my home, a friend took pity on me. He is a mortgage banker. 
He found a sophisticated national lender who was willing to work 
outside the box. Now, when that nasty message: ``Only 1 bureau this 
month will give me a Fair-Isaac score popped up,'' he was prepared. 
Most mortgages today end up in the secondary market. Either ``Freddie 
Mac'' or ``Ginnie Mae'' typically sets the guidelines for that. So, why 
not try to get some Federal Government Agency (on paper) to declare, 
``Jokinen is alive.''
A Visit To The Government
    Last month, I walked into the Houston Regional Office of the Social 
Security Administration, and begged them to write a Government letter 
saying that I was not dead. Under Federal law, this is Chase Bank's or 
the 3 credit bureaus responsibility to prove, or disprove. But, those 
fat cats only ``yawned in my face'' every time I requested they correct 
this glaring inaccuracy.
    At first, the employees in the Social Security office did not know 
what to do with my request. There was not a sample letter on this topic 
in their Federal handbook. They decided to call their supervisor in 
Washington, DC. I also had to talk to some higher official in the 
national capital, who then asked to speak again to the Houston Office 
Manager. These two talked some more, and then started laughing. Soon, 
all the clerks in this entire Social Security office started whispering 
to each other and then laughing. A few minutes later my human interest 
story spread out into the waiting room.
    My request for this unusual letter was being translated into 
Chinese, Vietnamese, Spanish, etc. As people started hearing my strange 
story in their language, they started laughing too. Soon the entire 
floor in this high rise was laughing. I was now the object of much 
pity.
    When the Social Security Manager finally presented me with my 
``Living Letter,'' the entire waiting room broke out into applause. It 
was like ``little David going out to slay the Goliath Bank.'' Yes, my 
wife and I finally got our home's mortgage refinanced. But, it was not 
from any help given by the Federal Fair Credit Reporting Act.
What Happened To The 30-Day Rule?
    The 1994 Act required creditors and depositors to furnish only 
``accurate'' information. Who enforces this? When consumers dispute any 
data these bureaus have 30 days to theoretically correct those errors. 
Is this a fairy tale? I have never seen it happen in real life.
    Chase Bank has ``inaccurately,'' reported me dead for more than 26 
months. They still have not lifted one finger to update or to correct 
their inaccuracy. Then, 1 year after Chase Bank had declared me 
``deceased,'' they mailed me an offer to raise the credit limit on that 
same Visa card in dispute, to $10,500, with ``zero'' interest on 
balance transfers for 9 months.
    Is this a question of their right hand not knowing what the left 
hand is doing? Or, was it just a profit-hungry bank looking to make a 
buck off a dead man's account? Chase Bank, also, sent me an unsolicited 
$5,000 preprinted check to pay off competitor bank card accounts. This 
was beginning to look like the old ``Abbott and Costello'' comedy 
routine: ``What's on first, who's on second?'' Except this bank is no 
longer funny to me. What a phony slogan Chase Bank claims to have: 
``The right relationship is everything.'' The only relationship Chase 
Bank has ever given me is ``dead man walking.''
    Ten years ago, Congress was moved to considering new fair credit 
reporting laws. This move came after research revealed ``in 1991 
consumers had to complain an average of 23 weeks before getting minor 
corrections on their credit reports.'' By 1993, it got worse. Consumers 
had to now complain for a longer average of 31 weeks before getting any 
satisfaction.
My 30 Days Has Grown To 784 Days
    I have been complaining to all 3 Giant Credit Bureaus, (plus Chase 
Bank) for over 112 weeks--and still, I get no satisfaction? Rodney 
Dangerfield described America's current consumer plight best--``We get 
no respect!'' How many more weeks do I have to ``ask'' these giants to 
grant me my consumer credit rights that were supposedly authorized by 
Congress 9 years ago?
My Damages
    The costs of this credit bureau screw-up to me keep mounting 
monthly. It is an ever-increasing financial burden. I discovered I have 
been spending an average of 7 hours each week, just keeping these 
mounting credit errors under control. This comes to 364 hours a year 
with my finger stuck in this ``Dyke of Inaccurate Data.'' I am afraid 
if I pulled my finger out, I would be totally inundated in a swirling 
sea of paper lies. If their flood of bogus reports became more 
overwhelming it will impair my ability to economically support my 
family. For the last dozen years, my minimum rate for consulting has 
been $50 per hour. So far, I have expended 798 hours on just trying to 
keep Chase Bank and the ``3 Stooges'' (the 3 bureaus) under control. 
That has cost me $39,900, so far.
    Paying much higher monthly mortgage payments over the last 2 years 
than I now have has already cost me an additional $11,000. Also the 
higher interest rate slapped on us when we purchased my wife's used car 
has already cost us another $2,500.
    I am currently trying to raise money from investors. I am starting 
a new type of Home Building Company. We will build new modular homes in 
6 weeks, instead of the regular 6 months. These new homes will also be 
hurricaneproof (up to wind speeds of 130 mph), floodproof (up to 2 feet 
above your neighbor's living room floors), and mold resistant. These 
new homes look identical to any conventional stick built homes on the 
same block. One of my potential investors (a $200,000 prospect) told me 
he pulled a merged credit file on me, and it scared him off. That is an 
additional $200,000 investment that should have been generating profits 
for my new corporation. These itemized monetary damages today add up 
to, more than $250,000, and counting.
Emotional Suffering
    I was my mother's only child. We were quite close. My mother had 
Tuberculosis during World War II. She was confined to a TB sanitarium 
in Detroit for 3 years. My mother left our house when I was 5 years 
old. I never saw her in person again until I was 8 years old. In 1943, 
the TB doctors removed half of my mother's lung. During her recovery, 
the TB doctor told my mother she probably only had 2 to 5 more years to 
live. That is because she was now living on only half a lung, and it 
would eventually wear out. That was when she was 39 years old. She 
actually lived to 95. Because of Chase Bank's stupidity, I have now 
relived her last few painful years over and over again--while trying to 
get this mess cleared up.
Suggested Legislation
    It seems most consumer complaints are the same: The majority of 
errors on their credit report do not get corrected. And, when some did, 
it wasn't in a timely fashion.
Solution
    Give the FTC the same licensing and oversight powers the SEC 
currently has over stock and bond brokers.
    That way, all future credit reports would go out under a full name 
and FTC license of the bureau's assigned manager for that specific 
account. Then consumers would not be unfairly negotiating with 
nameless, faceless, customer services clerks they will never speak to 
again, the next time they call in or write. Under this reform, trained 
and licensed persons on the other side would be fully responsible for 
handling consumer corrections in 30 days.
    Then, if major mistakes are made or not corrected, the FTC should 
be granted the same SEC powers of serious fines against individuals, 
and/or their employing firms. The FTC should be able to take away an 
individual's license to work in this credit industry. The FTC should 
also be able to set jail time for those found guilty in court.
Solution Continues
    Not only should the 3 depositories be required to license various 
levels of their staffs--this should also apply for all creditors who 
regularly supply the 3 credit bureaus with their information.
    That means all future credit reports would also carry another set 
of contact names of licensed people after: (1) Each bank's entry (like 
Chase), (2) Each retailers entry (like Sears), (3) Each lender's entry 
(like Countrywide), (4) Each insurers entry (like State Farm), and so 
forth. The best way to reduce complaints in any industry is to 
professionally train all staff who must deal with the consumer. Then 
hold each of those licensed staff people individually accountable for 
their own report corrections, or lack of corrections.
    Thank you for your time and courtesy today.

    

                     FROM TIMOTHY J. MURIS

Q.1. Currently, consumers can get access to a free credit 
report if they are denied credit. What is the percentage of 
consumers that have been denied credit who actually take 
advantage of the opportunity for a free report?

A.1. There are tens of thousands of credit report users who are 
obligated to send notices when taking an adverse action. We do 
not have data on how many consumers receive adverse action 
notices. However, a July 21, 2003 Report from CRS states that 
13.4 million consumers each year request a free report 
following adverse action. This represents 88 percent of all 
annual free file disclosures by CRA's to consumers.

Q.2. What States currently provide full access to free credit 
reports and what are the take up rates for those States? In 
other words, how many consumers that have not been denied 
credit take advantage of their free reports?

A.2. Massachusetts, Colorado, New Jersey, Georgia, Maryland, 
and Vermont require access to free reports. (Some other States 
require access to reports for less than the $9 Federal 
maximum.) We have heard varying reports on the take-up rate in 
the free States. The July 21, 2003 CRS Report states that it is 
2 to 4 times the take-up rate in States where consumers must 
pay $9. CDIA tells us that the rate of free reports per capita 
in the free report States is 218.5 percent that of the States 
without a free report requirement. But we have no absolute 
numbers--CDIA's members are reluctant to disclose those numbers 
to us because they do not want their competitors to be able to 
figure out their market share.

Q.3. Which of the three major credit reporting agencies 
currently provide information about scoring methodology on 
their credit reports? Specifically, what information is 
provided? Do the credit reporting agencies provide this 
information only on request by the consumer, or do they provide 
it automatically in conjunction with a consumer's credit 
report?

A.3. This is a question best addressed to the credit bureaus. 
Our understanding is that non-CRA subsidiaries of the three 
major national credit bureaus sell scores to users of credit 
reports and also sell scores directly to consumers, along with 
educational material. We are told that none of those bureaus 
provide scores as a routine matter, either with a free credit 
report or a credit report for which the consumer paid the $9 
statutory charge--that is, there is an extra charge for the 
credit score. In some States (California and Colorado), credit 
bureaus are required to provide scores, but are permitted to 
charge for them.






                         CONSUMER AWARENESS AND
                          UNDERSTANDING OF THE
                        CREDIT GRANTING PROCESS

                              ----------                              


                         TUESDAY, JULY 29, 2003

                                       U.S. Senate,
          Committee on Banking, Housing, and Urban Affairs,
                                                    Washington, DC.

    The Committee met at 10:06 a.m. in room SD-538 of the 
Dirksen Senate Office Building, Senator Richard C. Shelby 
(Chairman of the Committee) presiding.

        OPENING STATEMENT OF CHAIRMAN RICHARD C. SHELBY

    Chairman Shelby. Good morning. I want to thank the 
witnesses for appearing today.
    Over the course of the last few months, the Banking 
Committee has held numerous hearings on various issues relating 
to the Fair Credit Reporting Act.
    We have heard testimony regarding the positive changes 
which have resulted in cheaper and more widely available 
credit. We have also heard from witnesses who have highlighted 
some of the troubling practices which occur in today's 
marketplace. As a general matter, I think a common element 
deserving our careful consideration has emerged from our 
hearing process.
    Regardless of whether we are talking about the positive or 
negative developments in the credit markets, consumer 
understanding of these developments, as well as their awareness 
of the overall operation of the credit markets, I believe, is 
the key. Simply, what people know and understand about finances 
I think truly matters.
    Considering that informed, knowledgeable consumers have the 
best opportunity to take advantage of new credit-related 
products and services and are also best able to reduce the 
likelihood of falling prey to the negative developments, such 
as identity theft or predatory lending. It is very important 
for this Committee to get an understanding as to just how much 
consumers know and understand about the general operation of 
the credit markets.
    Furthermore, as the Fair Credit Reporting Act assigns 
consumers significant responsibilities with respect to the 
content and the control of their credit reports, the Committee 
needs to get a better understanding as to the level of consumer 
knowledge and understanding of these specific matters.
    That is the purpose of today's hearing: Providing Members 
of this Committee an opportunity to examine consumer awareness 
and understanding of financial and credit-related matters, 
generally, and consumer awareness and understanding of their 
FCRA rights and responsibilities specifically.
    In the end, it is my hope that the record established today 
will help guide the Committee's FCRA reauthorization effort. I 
want to thank you for coming and appearing today, and we look 
forward to your testimony.
    Senator Sarbanes.

             STATEMENT OF SENATOR PAUL S. SARBANES

    Senator Sarbanes. Thank you, Mr. Chairman, for holding this 
hearing on consumer awareness and understanding of the credit 
granting process. Last year, when I was privileged to chair 
this Committee, we held a series of hearings relating to the 
issues of financial literacy and education. So, I am 
particularly appreciative of the attention you are giving to 
this matter.
    The credit scoring and reporting system plays a significant 
role in most consumers' lives. However, consumer awareness and 
understanding of the credit granting process is less than it 
should be. I believe that all consumers should have the 
knowledge to access their credit score, the ability to access 
their score with ease, and the understanding necessary to 
realize the importance of their credit score and the impact it 
may have on consumer choices they seek to make.
    Yesterday, the Consumer Federation of America issued a 
study which found the following: 61 percent of all Americans 
say their knowledge of credit scores is either fair or poor, 
and this figures increases to nearly 70 percent among 
households with incomes under $35,000 a year; 75 percent of 
Americans, 80 percent of those with incomes below $35,000, say 
they do not know what their credit score is; and when asked a 
true or false question as to whether applying for a credit card 
may lower your credit score, only 37 percent of Americans 
answered correctly.
    This is indicative that there is a serious need to increase 
financial literacy and education among consumers. Actually, a 
number of Members of the Senate have taken a strong interest in 
this issue, and I particularly want to acknowledge the efforts 
of Senators Stabenow and Enzi, as well as Senators Corzine and 
Akaka. I know that Senators Stabenow and Enzi are actually 
working on a bill right now, as I understand it, and I look 
forward to working closely with them and with you, Mr. 
Chairman, as well as other Members of the Committee.
    Yesterday, I introduced legislation with Senator Corzine, 
the Financial Literacy and Education Coordination Act, which, 
if passed, would create a more unified and comprehensive 
framework to improve the state of financial literacy and 
education amongst American consumers. This is a first step. 
This would be an effort to have a coordinating committee within 
the executive branch of the Government to address the issues of 
financial literacy and education. We established such a 
committee with respect to the Trade Promotion Coordinating 
Committee, and it has worked quite well and brought a 
significant improvement, we think, in the coordinated effort 
within the executive branch of the Federal Government on trade 
promotion. And I am hopeful we could accomplish the same thing 
with respect to financial literacy and education.
    I thank the witnesses who are here today. Many of them 
represent agencies and organizations that have long been 
actively involved in efforts to increase financial literacy and 
education, and I look forward to their testimony.
    Thank you very much.
    Chairman Shelby. Thank you.
    Senator Bennett.

             STATEMENT OF SENATOR ROBERT F. BENNETT

    Senator Bennett. Thank you, Mr. Chairman. I recognize that 
this is just one in a series of hearings that you have been 
holding on this particular issue and this bill, and I 
congratulate you for the thoroughness with which you are 
examining it. We need to get this one right, and the 
opportunity to mess it up in the name of good intentions is 
very high.
    I remember as a brand new Member of this Committee in 1993, 
one of the main issues that we discussed during the time when 
Don Riegle was the Chairman of the Committee was credit 
availability, particularly to those at the lower end of the 
economic scale. And there was a great deal of concern that 
financial institutions were not making credit available to 
those in the minority community or in the lower economic end of 
the scale because they wanted to protect the safety and 
soundness of their institutions. Burned by the savings and loan 
experience, they wanted to make sure that every loan they made 
was absolutely safe, to the point that they were not making 
loans. And they preferred to put their money into Government 
securities and earn money that way without taking the risk in 
the marketplace of making loans.
    So the focus of the Committee at that time was on the 
question of how loans could be made available, how credit could 
be made available across the spectrum of America. My concern, 
as I sit through these hearings and listen to some of the 
requests being made in the name of more consumer information, 
is that we might inadvertently get into the position where we 
are once again shutting off credit to that portion of the 
economy that badly needs it.
    I have often said that the best place to hide a leaf is on 
the floor of the forest in open sight, surrounded by all of the 
other leaves. It becomes impossible for you to pick it up. Much 
of the problems that I have found in life with respect to 
disclosure of consumer rights is that we end up hiding a whole 
bunch of leaves. We end up with documents that are very thick 
and procedures that are very onerous, and we say, well, we are 
just making sure they get full disclosure. And that kind of 
full disclosure becomes, in effect, nondisclosure because you 
cannot pick out of it what really matters and understand what 
is really going on.
    I am looking forward in this hearing to hear from the 
regulators and from the consumer advocates as to what would be 
the most meaningful disclosure that would give us transparency 
so that the customer understands what is going on and at the 
same time not clog up the system with so many ``consumer 
protections'' that would end up taking us back to the bad old 
days when credit was not available to people who desperately 
need it.
    I think you have assembled a panel that can address that 
issue, and I appreciate your leadership in this entire effort.
    Chairman Shelby. Thank you.
    Senator Stabenow.

              STATEMENT OF SENATOR DEBBIE STABENOW

    Senator Stabenow. Thank you, Mr. Chairman, for holding this 
hearing. I apologize in advance for having to leave to go to 
the floor in a moment, but I did want to be here to say thank 
you to those who are speaking, and I look forward to your 
testimony and having an opportunity to review your testimony.
    As our Ranking Member, Senator Paul Sarbanes mentioned, 
there are a number of us that are working on the issues not 
only of understanding the credit system but also understanding 
financial literacy in total. And I thank Senator Sarbanes, as 
well as the Chairman and others for their efforts. Senator Enzi 
and I have been working now for a number of months on an 
approach to, in fact, bring together all those who provide 
financial literacy programs of some kind, as well as a website 
and a 1-800 number and other opportunities for people to be 
able to go to one spot and be able to get information so that 
they can not only get their credit reporting information in 
terms of how to access it, but also additional information as 
well.
    I think it is an important hearing, and hopefully we can 
all work together to put this concept into law and be able to 
make information more readily available to consumers to be able 
to access information and empower them with knowledge that they 
need in order to manage their own financial affairs.
    Thank you, Mr. Chairman.
    Chairman Shelby. Senator Enzi.

              STATEMENT OF SENATOR MICHAEL B. ENZI

    Senator Enzi. Thank you, Mr. Chairman. I have a complete 
statement that I would like to submit for the record.
    Chairman Shelby. Without objection, it will be made part of 
the record.
    I want to thank you so much for holding this hearing today. 
We are finally to the heart of fair credit reporting: The 
consumer. I really prefer to call them ``customers.'' I think 
that elevates them to----
    Chairman Shelby. They were your customers, weren't they?
    Senator Enzi. Yes.
    [Laughter.]
    That elevates them to being the heart of the economic 
engine, which is what they really are. Without the customer 
there isn't an economy. This will bring out some things that 
will help us a lot in designing some bills that will help the 
customer to get both the credit they need and the credit for 
what they do.
    There have already been some significant steps in this 
area, and I appreciate Senator Sarbanes' efforts last year at 
promoting financial literacy. I had an opportunity to do a 
little bit of research, and in Wyoming, we have a significant 
effort that is being done by Fannie Mae, the Wyoming Community 
Development Association, which provides low-cost housing, the 
realtors, the bankers, and the credit unions. And that is a 
special program that is done on compressed video to a number of 
sites around the State at one time so that people can learn the 
intricacies of buying a house. If you take the course, you also 
get a discount on your loan, so there is some real big 
incentive for doing it.
    Several thousand people have already taken that, and now 
they are looking at moving that down into the high schools as a 
part of the curriculum. I think it will make a tremendous 
difference to young people, particularly.
    I was Mayor of Gillette when it was a boom town. We had a 
lot of young people coming to take on the jobs, and even clear 
back then they were making $50,000, $60,000 a year, and going 
broke. And they did because their parents had all these 
different things that they owned, and they were making a lot 
less, so the kids went out and bought all of those things at 
once, and then found out that the payments were more than their 
income.
    I tried to find some way to get some credit counseling for 
them, and we did that through some associations and through the 
credit unions, who have even gone into the schools and put on 
classes for kids and organized many banks so that they can have 
an emphasis on savings and get a little bit of information on 
how credit cards affect them.
    So there are some efforts out there, and Senator Stabenow 
and I have been working on a bill trying to figure out a way--
and I think we have got it--that people can have an entry ramp 
to the information that the Federal Government has on financial 
literacy, and that we can make that available to these 
customers so that they can be better customers.
    I thank you for the part that this will play in the 
activity that we are doing.
    Thank you.
    Chairman Shelby. Thank you, Senator Enzi.
    Our panel today, we want to welcome you all again. We have 
Ms. Dolores Smith, Director, Division of Consumer and Community 
Affairs, the Board of Governors of the Federal Reserve System; 
Ms. Donna Gambrell, Deputy Director of Compliance and Consumer 
Protection, Federal Deposit Insurance Corporation; Mr. Joel 
Winston, Associate Director, Financial Practices Division, 
Bureau of Consumer Protection, Federal Trade Commission; Mr. 
Travis Plunkett, Legislative Director, Consumer Federation of 
America; Ms. Stacey D. Stewart, President and Chief Executive 
Officer of the Fannie Mae Foundation; Ms. Cheri St. John, Vice 
President of Global Scoring Solutions, Fair Isaac Corporation; 
Mr. Scott Hildebrand, Vice President of Direct Marketing 
Services, Capital One Financial Corporation.
    I welcome all of you here. All of your written statements 
will be made part of the record in their entirety. There are 
seven of you here. We have six microphones, so somebody will 
have to share a little bit. But if you will quickly sum up your 
top points, that will enable us to ask you some questions.
    Ms. Smith, we will start with you.

                 STATEMENT OF DOLORES S. SMITH

               DIRECTOR, DIVISION OF CONSUMER AND

                       COMMUNITY AFFAIRS

        BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM

    Ms. Smith. Thank you, Mr. Chairman.
    Mr. Chairman and Members----
    Chairman Shelby. Bring your microphone up. You can share it 
with her later.
    Ms. Smith. Okay. Is that better?
    Senator Sarbanes. It would be better if you pulled it quite 
close.
    Chairman Shelby. A little closer.
    Ms. Smith. All right. Mr. Chairman and Members of the 
Committee, I appreciate the opportunity to testify on the 
significance of maintaining a reliable national credit 
reporting system, on the importance of the Fair Credit 
Reporting Act to that system, and on the need for consumer 
awareness of how the credit reporting system functions and how 
it relates to their ability to obtain credit.
    As the financial services industry has grown larger, 
financial products and services more complex, and the U.S. 
population more mobile, it is no longer feasible for 
institutions to evaluate the credit standing of consumers based 
solely on their direct experiences with consumers. Centralized 
consumer reporting agencies have evolved to provide a 
repository of credit history information that can be accessed 
by creditors to evaluate prospective borrowers. This national 
credit reporting system provides creditors with an efficient 
and cost-effective method of obtaining data for credit 
decisionmaking and consumers with increased credit 
availability.
    The data are limited on what consumers understand about the 
national reporting system, the credit granting process, and how 
their credit report relates to that process. There is anecdotal 
evidence that consumers are generally aware of the terms 
``credit scoring'' or ``credit rating,'' but they are less 
clear how credit scores are used in credit granting. The 
national credit reporting system has become invaluable to 
creditors for assessing consumers' creditworthiness. Thus, it 
is crucial that consumers understand how this system operates 
and how it impacts their access to credit. Educated consumers 
who make informed decisions about credit are essential to an 
efficient and effective marketplace. Consumers who understand 
how their credit-risk profile relates to credit rates and terms 
can better determine which credit product best suits their 
needs.
    Participation in the U.S. credit reporting system is 
voluntary. Creditors are not required to obtain consumer 
reports before making credit decisions, although most creditors 
rely on consumer reports for risk management. Creditors are not 
required to furnish information to consumer reporting agencies. 
But if they do, the information they furnish must be accurate.
    The Fair Credit Reporting Act contains important consumer 
rights and protections. Several are designed to promote 
accuracy in consumer reports. For example, the right to receive 
notice if information in a consumer report has resulted in 
adverse action enables consumers to check the accuracy of 
information in their credit reports and to dispute the accuracy 
or completeness of any items of information. Other consumer 
rights and protections are designed to protect consumer 
privacy.
    The ready availability of accurate, up-to-date credit 
information from consumer reporting agencies benefits both 
creditors and consumers. Information from credit reports gives 
creditors the ability to make credit decisions quickly and in a 
fair, safe and sound, and cost-effective manner. Consumers 
benefit from access to credit from different sources, the 
competition among creditors, quick decisions on credit 
applications, and reasonable costs for credit.
    The FCRA promotes the national credit system in important 
ways. Perhaps most significantly, the availability of 
standardized consumer reports, containing nationally uniform 
data, allows banks to make prudent credit decisions efficiently 
wherever they do business and wherever their customers live and 
work.
    Consumer financial education plays an important role in 
helping consumers understand the national credit system. In 
particular, consumers need to be more aware that the accuracy 
and completeness of information in their credit files affects 
the pricing and availability of credit. Markets operate more 
efficiently when consumers are well-informed.
    The Federal Reserve System recently launched a financial 
education initiative to encourage consumers to learn more about 
personal financial management. The objective of this nationwide 
initiative is to highlight the benefits of financial education 
and provide information on resources available to consumers for 
assistance in managing their finances.
    The Committee is to be commended for undertaking an 
examination of the Fair Credit Reporting Act and related issues 
at this important juncture. In conducting this examination, it 
is important to work to maintain a viable national credit 
system that preserves and expands reasonable access to credit 
and to promote consumers' understanding and awareness of the 
credit reporting system and of its impact on their ability to 
obtain credit and the pricing of that credit.
    Thank you.
    Chairman Shelby. Ms. Gambrell.

                  STATEMENT OF DONNA GAMBRELL

               DEPUTY DIRECTOR FOR COMPLIANCE AND

                      CONSUMER PROTECTION

        DIVISION OF SUPERVISION AND CONSUMER PROTECTION

             FEDERAL DEPOSIT INSURANCE CORPORATION

    Ms. Gambrell. Chairman Shelby, Senator Sarbanes, and 
Members of the Committee, thank you for inviting me to testify 
on behalf of the Federal Deposit Insurance Corporation. The 
FDIC has been closely following the hearings of the Fair Credit 
Reporting Act and related issues. At stake are matters that 
affect both individual consumers and the manner in which the 
Nation's economy operates. FDIC Chairman Don Powell has stated 
his support for making the expiring FCRA preemption provisions 
permanent. We thank you for your careful consideration of these 
important issues.
    We also commend the Committee's attention to the difficult 
problems associated with combating identity theft. For its 
part, the FDIC is coordinating an effort among the Federal 
financial institution regulators to publish guidance on 
measures that should be taken when security breaches occur that 
may lead to identity theft.
    It is the FDIC's commitment to consumer protection that 
compelled the Agency to assess ways in which a segment of our 
society could gain greater access to the financial mainstream. 
Policymakers and financial institutions alike have made 
commendable 
efforts to broaden the scope of banking products for low- and 
moderate-income people. However, many families still fall 
outside of the financial mainstream and do not maintain 
traditional bank credit, savings, or investment accounts. 
According to conservative figures, nearly 10 percent of U.S. 
families do not have banking 
relationships.
    Several studies have shown that financial education efforts 
can raise consumer awareness, foster positive changes in 
behaviors, and better equip consumers to operate within the 
financial arena. We share that point of view.
    The FDIC introduced Money Smart, a 10-module training 
curriculum, in the summer of 2001 to help low- and moderate-
income adults better understand the basics of banking. We 
designed Money Smart to be easy to teach and easy to learn. It 
can be taught in its entirety or in single units. Money Smart 
is free and has no copyright restrictions, so organizations 
desiring to use the program can reproduce and use the training 
materials as needed. Also, banks can get Community Reinvestment 
Act credit for their involvement in offering Money Smart 
classes in their communities.
    Because immigrant populations represent a significantly 
underserved market, we have translated Money Smart into 
Spanish, Chinese, and Korean, and we will have a Vietnamese 
translation by the end of this year.
    To date, we have provided more than 22,000 organizations 
across the country with over 75,000 copies of Money Smart. 
While we are pleased with these numbers, Chairman Powell has 
set an even more aggressive goal for the next 4 years, 
including: one, exposing 1 million consumers to our financial 
education program; and, two, linking Money Smart to wealth-
building and asset accumulation programs, such as homeownership 
initiatives and individual development accounts. We are 
committed to meeting this goal.
    We believe that a critical factor in the success of Money 
Smart has been our emphasis on working through our regional 
community affairs staff with local organizations that are best 
situated to bring Money Smart to those who can benefit from it. 
To date, over 340 organizations throughout the country, in both 
urban and rural communities, have joined our Money Smart 
Alliance as local partners, and 20 major private and public 
sector organizations have joined as national partners. These 
entities represent a wide spectrum of delivery systems for our 
financial education program: Housing and social service 
agencies, financial institutions, colleges and universities, 
community organizations, as well as Government, faith-based, 
and employment organizations.
    As an example, under a partnership agreement with the 
Neighborhood Reinvestment Corporation, Money Smart has been 
used to train over 5,500 students in 39 cities over the past 
year. These students primarily are low-income consumers, 
minorities, or women who are potential homebuyers or existing 
homeowners having problems making ends meet.
    We recognize the long-term success of Money Smart is 
largely dependent on our ability to set measurable goals for 
the program and monitor our results on an ongoing basis. 
Recently, we completed a large-scale survey effort. Based on 
preliminary results, we estimate that the number of 
participants who have completed at least one Money Smart module 
to date exceeds 100,000. The survey also indicates that over 
13,000 Money Smart participants went on to initiate a banking 
relationship as a result of the program.
    We have a great banking system in this country. We also 
have a credit market that is the envy of the world, and we 
believe everyone should have an opportunity to participate. 
With Money Smart, we believe we have the means to raise 
consumer awareness about bank services, credit, budgeting, and 
savings, and to offer financial alternatives to the most needy 
in our society.
    Thank you for giving me the opportunity to testify before 
you this morning on this critically important topic. I look 
forward to answering any questions you might have. I also make 
the offer on behalf of Chairman Powell to assist any Senator 
interested in looking into establishing Money Smart programs 
for their communities.
    Thank you.
    Chairman Shelby. Mr. Winston.

                   STATEMENT OF JOEL WINSTON
        ASSOCIATE DIRECTOR, FINANCIAL PRACTICES DIVISION
                 BUREAU OF CONSUMER PROTECTION

                 U.S. FEDERAL TRADE COMMISSION

    Mr. Winston. Mr. Chairman, Senator Sarbanes, Members of the 
Committee, I am pleased to appear today to discuss financial 
literacy as it relates to credit reporting and credit granting. 
As others have said, this is a vitally important subject 
because our economic system and the welfare of our consumers 
depend on knowledgeable consumers making well-informed 
decisions about their finances.
    I should note that the views expressed in my written 
testimony represent those of the Commission, but my oral 
presentation and answers to questions are my own.
    The Commission has a great deal of experience through its 
law enforcement and education activities in assessing the level 
of consumer knowledge in this area. Unfortunately, what we have 
observed is consistent with the Consumer Federation study that 
came out yesterday; that is, many consumers have limited 
knowledge of how our credit system works. They may not realize 
that their 
financial information is compiled and used not only by just 
creditors but also by employers, insurers, landlords, and 
others. They may not know how this information affects their 
ability to get a loan, insurance, or a job. They may not 
understand what rights they have to ensure that the information 
is accurate. And as you mentioned earlier, Mr. Chairman, 
knowledgeable consumers are especially important here because 
the Fair Credit Reporting Act relies, in important ways, on the 
vigilance of consumers in protecting their rights. Uninformed 
consumers may not take the steps they should to improve their 
credit ratings or correct errors.
    I would like to talk briefly about the FTC's consumer 
education program, and I brought along some samples, including 
our most recent publication called ``Getting Credit,'' a primer 
that will be distributed to community colleges around the 
country, as well as in many other venues. And we have other 
things which are available in the back ranging from 
refrigerator magnets to bookmarks to brochures of every type on 
credit topics.
    Senator Sarbanes. Where are those located?
    Mr. Winston. I believe they are just outside on the table, 
and we have a number of copies.
    Consumer education is among our most important tools in the 
fight against fraud and deception. Overall, we have over 30 
publications on credit issues available directly from the FTC 
and through a variety of partner organizations. Many of them 
are in Spanish, as well as English.
    Credit publications have consistently been among our most 
popular items with annual distribution in the millions. At the 
same time we have partnered with many outside organizations to 
improve consumers' understanding of credit, ranging from the 
CFA to the Jump$tart Coalition to the Department of Defense. 
For example, our Northeast Office works with colleges and 
universities in an effort called Project Credit Smarts, in 
which we make presentations and distribute credit-related 
publications during student orientation sessions.
    Our identity theft program is another way in which we 
educate consumers about credit. One of the most devastating 
consequences of identity theft is the damage that it causes to 
the victim's credit record. We offer publications with tips on 
how to avoid identity theft and what to do if it happens, and 
these publications have been extremely popular.
    We should also remember that the FCRA itself serves an 
important educational function. Perhaps most important, the law 
requires that users of credit reports notify consumers when 
they take adverse action based on information in a report. The 
notice must tell consumers what credit bureau supplied the 
report, and advise consumers of their rights to a free copy of 
that report, and to dispute the accuracy of the information in 
it. Consumers get this information when they are motivated to 
act on it.
    The FTC's legislative recommendations about which Chairman 
Muris testified before this Committee on July 10, would result 
in better educated consumers. Our proposals would put more 
information in consumers' hands by first expanding consumers' 
rights to adverse action notices when they are offered less 
favorable credit terms; second, making annual credit reports 
available at no charge; third, giving consumers more 
information about their credit scores, along with explanatory 
materials; and fourth, making it easier for consumers to 
correct errors in their report.
    Thank you for the opportunity to discuss this important 
subject, and I will be happy to answer any questions you may 
have.
    Chairman Shelby. Mr. Plunkett.

                STATEMENT OF TRAVIS B. PLUNKETT

                      LEGISLATIVE DIRECTOR

                 CONSUMER FEDERATION OF AMERICA

    Mr. Plunkett. Good morning. Chairman Shelby, Ranking Member 
Sarbanes, and the Members of this Committee, my name is Travis 
Plunkett, and I am the Legislative Director of the Consumer 
Federation of America. I applaud the Committee for conducting a 
hearing on such an important and little understood subject.
    In response to the invitation to testify here today, the 
Consumer Federation of America commissioned a study about 
consumer knowledge of credit reports and credit scores, and 
about the level of public support for a variety of protections 
that this Committee may consider. More than a thousand adults 
were interviewed. Overall the survey found that a large number 
of Americans not only do not understand basic facts about 
credit scores and reports, but also admit their lack of 
knowledge about this subject. That is a finding that you 
sometimes do not find in these kinds of public surveys, that 
people acknowledge their lack of understanding and then show 
it. An important finding of the survey is that low- and 
moderate-income Americans--who tend to pay the highest price 
for credit and are the most vulnerable to inaccurate credit 
scores--are the least knowledgeable about credit reports and 
credit scores.
    We also found that a breathtaking number of Americans 
believe they need greater credit reporting rights. They want 
easier access to their credit reports and scores, greater 
protections against privacy and credit reporting abuses, and 
the right to go after lenders in court who repeatedly make 
grievous reporting errors.
    Let me give you some details. First, in questioning 
Americans about what they say they know, 50 percent said their 
knowledge of credit reports was fair or poor. While, 61 percent 
said they had a fair or poor awareness of credit scores. Lower-
income Americans are the most likely to believe that their 
understanding is not good. More than 60 percent of those in 
households with incomes under $35,000 a year said their 
knowledge of credit reports was fair or poor. That number rose 
to 70 percent for credit scores. Young adults were also likely 
to say that their knowledge was not good. Sixty two percent 
said their awareness of credit reports was fair or poor, 78 
percent for credit scores.
    Now we get to the second part. We tested actual consumer 
knowledge about credit reports and scores, and the results were 
no better. Only 25 percent of Americans and less than 20 
percent with incomes below $35,000 said they knew what their 
credit score was. Forty three percent of Americans, and only 35 
percent of those with incomes under $35,000 a year, said they 
had obtained a copy of their credit report from the three 
credit bureaus in the past 2 years. On the pop quiz portion of 
the survey, only 3 percent of Americans could, unprompted, name 
the three main credit bureaus. I am not sure we'd get a better 
response in this room either.
    The survey also tested consumer knowledge using a series of 
true/false questions. The good news is that large majorities 
know that consumers have the right to see their credit report, 
and that consumers who fail to qualify for a loan have the 
right to a free credit report. Now the bad news, a majority of 
Americans did not know several important facts: That in most 
States they must pay a fee to obtain their credit report; that 
their credit score may be lowered if they use all of the credit 
available on their credit card; that their credit score may be 
lowered if they apply for a credit card; and that they are not 
required to contact their lenders if they believe their credit 
report or score is inaccurate. As you all know, they must go to 
the credit bureau. Also, 27 percent incorrectly believe that 
their credit score mainly measures their knowledge of consumer 
credit as opposed to their creditworthiness.
    We also found that a large number of Americans are unaware 
that credit scores are increasingly being used by electric 
utilities, insurers, landlords, and cellular telephone 
companies to decide whether they can purchase a service and at 
what price. By comparison, only 13 percent did not know that 
credit cards used credit scores, credit card companies I should 
say.
    Finally, we questioned Americans about their opinions on 
new consumer protections that are being floated in Congress. We 
found overwhelming support, generally at the 80 to 95 percent 
level for a number of reforms, requiring credit bureaus to 
better verify identities on credit applications in order to 
reduce identity theft; allowing consumers to obtain a free 
credit report and credit score once a year from the three main 
credit bureaus upon request; requiring lenders to give 
consumers who are denied a loan or charged a high rate, a free 
copy of the credit report and the score used as the basis for 
the lender's decision; requiring banks to obtain a consumer's 
permission before sharing financial information with 
affiliates; prohibiting the use of medical information to make 
credit decisions without a consumer's consent; and allowing 
consumers to sue lenders who knowingly provide credit bureaus 
with incorrect, damaging information. When quizzed about the 
practice of credit card companies raising interest rates for a 
problem, a credit problem with another lender, Americans 
overwhelmingly opposed that practice.
    I have summarized the findings of this survey. My written 
testimony also includes a number of public policy 
recommendations on how to deal with some of the findings of the 
survey and what they lead to.
    Let me close by talking about one other finding and 
conclusion based on our survey. The survey also points to the 
need for a long-term strategy to boost general financial 
awareness and to improve financial decisionmaking by Americans. 
Thankfully, Senators Sarbanes, Shelby, Stabenow, Enzi, and 
Akaka have all shown a great deal of interest in improving 
financial education efforts in this country. For instance, 
Senator Sarbanes recently introduced his bill to create a 
Financial Literacy and Education and Coordinating Committee 
within the Department of the Treasury. We think this proposal 
has great merit, and we support it. We would also encourage 
this Committee to look at broader solutions to improving 
financial literacy throughout this country over the long term.
    Thank you.
    Chairman Shelby. Ms. Stewart.

                 STATEMENT OF STACEY D. STEWART

             PRESIDENT AND CHIEF EXECUTIVE OFFICER

                     FANNIE MAE FOUNDATION

    Ms. Stewart. Mr. Chairman, Ranking Member Sarbanes, and 
Members of the Committee, good morning. My name is Stacey 
Stewart. I am the President and CEO of the Fannie Mae 
Foundation. As you may know, the Fannie Mae Foundation is a 
separate organization from Fannie Mae, though funded 
exclusively by Fannie Mae. It is an honor to have this 
opportunity to address the Committee.
    The mission of the Fannie Mae Foundation is to give more 
Americans access to homeownership and all Americans access to 
decent, safe, and affordable housing. We are driven by the 
conviction that the expansion of homeownership is both an 
economic and ethical imperative. It is a matter of both fiscal 
health and social justice.
    We are, therefore, grateful for this opportunity to discuss 
the Foundation's activities in promoting financial literacy. As 
we guide people down the pathway to homeownership, we try hard 
to help them understand the critical importance of acquiring 
and maintaining good credit.
    Research, anecdotal evidence, and reports from the many 
national and community-based organizations with which we work 
all tell us the same unsettling story. Far too many consumers, 
and far too many aspiring homeowners, do not understand the 
link between good credit and their ability to get a home 
mortgage.
    In a survey the Fannie Mae Foundation commissioned in 1999, 
almost 70 percent of African-Americans and Hispanic-Americans 
expressed a belief that paying their bills late would represent 
only a minor problem or no problem at all in obtaining a 
mortgage.
    More recent research tells us that 40 percent of all 
African-Americans and 60 percent of Hispanic-Americans believe 
you need a perfect credit rating in order to qualify for a 
mortgage, and roughly 40 percent of minorities believe that you 
need a 20 percent downpayment in order to buy a home. As those 
of you before me know, of course, none of these beliefs are 
true.
    Yet the problems run even deeper. The sunshine provisions 
of the Fair Credit Reporting Act also are not well understood. 
In 2002, the Fannie Mae Foundation helped fund research among 
high school seniors to understand where and how to start 
encouraging financial literacy. Sixty percent of the 
respondents did not know the conditions under which they could 
access their credit report. I think you might find this 
particularly interesting, Mr. Chairman: more than 12 percent of 
those graduating seniors expressed the view that one's credit 
record is the property of the U.S. Government and can be viewed 
only by the FBI and lenders.
    This suggests a problem that goes far beyond fair credit 
reporting. It suggests we must do more to overcome the 
information deficit that remains the most formidable barrier to 
financial literacy.
    Up to this point, I have focused on consumers who 
misunderstand credit, how it is reported, and what that means 
for them. But there is a large and growing number of our 
citizens who are simply excluded from the credit reporting 
system.
    This is a huge concern. Millions of Americans are operating 
outside of the country's mainstream financial system. They do 
not have meaningful credit records, and they do not have the 
opportunity to benefit from timely payment of crucial monthly 
charges, such as rent and utility bills.
    Without a record of their responsible payment history, 
these Americans cannot secure credit from mainstream financial 
institutions. As a result, many turn to high-cost, alternative 
financial services. In fact, according to the GAO, 22 million 
households lack as basic a financial service as a bank account.
    How likely is it that consumers who lack even a basic bank 
account understand credit reporting systems? These consumers 
pay high fees for credit from alternative lenders and then 
receive no benefit in mainstream financial institutions for 
repaying those loans on time because such transactions are not 
captured by the mainstream credit reporting system.
    Information such as this defines our challenge, and it 
explains why consumer education initiatives are at the heart of 
the Fannie Mae Foundation's agenda. Our financial literacy 
efforts are designed to give Americans the information they 
need to take control of their financial future.
    In 2002 alone, more than 800,000 individuals requested or 
downloaded our free instructional guides on credit and the 
homebuying process. Since 1993, we have made these guides 
available in 9 languages and have delivered them to more than 
14 million Americans. Our 30-minute instructional video, 
``Knowing and Understanding Your Credit,'' and its Spanish-
language counterpart that aired on Black Entertainment 
Television and Telemundo affiliates, respectively, throughout 
the Nation in 2002. Our foundation invests $3 million annually 
in the most effective homeownership and credit education 
providers around the country. We have also launched research to 
improve the design and the delivery of these services. And we 
are funding promising research aimed at producing innovative 
strategies for bringing mainstream financial services into 
underserved and overlooked communities.
    At the Fannie Mae Foundation, we are very proud of our 
consumer outreach initiatives, but we know we must do more, and 
we are committed to doing so with an abiding understanding of 
our responsibility to lift Americans out of the darkness of 
financial illiteracy into the light of financial opportunity. I 
am confident that this Committee shares our commitment.
    To expand homeownership and help millions of low- and 
moderate-income Americans build assets. We must enhance their 
understanding of credit and the relationship between credit 
reporting and their ability to secure a mortgage. This is an 
essential step in helping all of our citizens become active and 
knowledgeable participants in the financial life of our Nation. 
It is also the first in helping low- and moderate-income 
Americans fully participate in the American economy and, 
ultimately, the American Dream.
    Mr. Chairman, I thank you, and I will be happy to answer 
any questions the Committee may have.
    Chairman Shelby. Ms. St. John.

                  STATEMENT OF CHERI ST. JOHN

           VICE PRESIDENT OF GLOBAL SCORING SOLUTIONS

                     FAIR ISAAC CORPORATION

    Ms. St. John. Mr. Chairman, Members of the Committee, my 
name is Cheri St. John, and I am the Vice President of Global 
Scoring Solutions for Fair Isaac Corporation. Thank you for the 
opportunity to testify about what Fair Isaac is doing to 
improve consumer understanding and awareness of the credit 
granting process and what can be done to make even more usable 
information available to consumers.
    Fair Isaac invented statistically based credit risk 
evaluation systems, commonly called credit scoring systems. 
Thousands of credit grantors use the scores known as FICO 
scores, generated by Fair Isaac scoring systems, implemented at 
the three national credit reporting agencies.
    There are many different kinds of credit scores. The most 
well known are the credit risk scores, developed by Fair Isaac, 
known as FICO scores and widely distributed to lenders by the 
three national credit bureaus. In addition, there are broad-
based credit scores developed by each of the three bureaus and 
third-party developers. There are custom scores, scores for 
specific industries, and there are scores distributed primarily 
to the consumer market.
    There are three main points I would like to highlight 
today. Point one: Although there is a lot of educational 
information already available to consumers, we need to work 
together to let them know it is there. As credit scoring has 
grown, Fair Isaac has responded by providing consumers with the 
information they need to understand credit scoring and to use 
that to take control of their credit health. We started in June 
2000 by publicizing all of the factors used in the FICO scores. 
Nine months later, consumers could get their own FICO score and 
the accompanying underlying credit report, as well as a 
complete explanation of their personal FICO score. Since then, 
our FICO score simulator and many additional services have been 
added to Fair Isaac's website, www.myfico.com.
    Free information has been available to consumers at that 
website since its inception, including a weighting of the 
credit report factors in the FICO scores so that consumers know 
what events or behaviors have the greatest influence on the 
scores in general. It indicates what information is not 
included in the FICO scores and offers free advice on what 
actions consumers should take or avoid taking to improve FICO 
scores over time. There is too much information on the website 
to describe here, or even in our written statement, so I urge 
you to visit www.myfico.com to see for yourselves the breadth 
and quality of the information available there.
    Fair Isaac also makes information available about FICO 
scores by U.S. Mail, and collaborates with Equifax and 
TransUnion to make information available to consumers directly 
from those two agencies. The information is there. We all need 
to work together to help consumers know where to get the 
information that will help the most.
    Point two: To be well-educated, consumers must know and 
understand the credit score lenders are using to evaluate them. 
Colleges typically use the SAT score to evaluate students who 
apply for admission. Students know this, and use that same 
score to decide where to apply or which colleges might accept 
them. Although a different aptitude test might provide the 
student with some useful information, prospective students get 
the greatest benefit from knowing their own SAT score, 
empowering them to judge for themselves how they may be viewed 
by a college admissions office. The same is true for credit 
scores. Consumers should know and understand the credit score 
that lenders use.
    Point three: Score disclosure legislation should require 
agencies to provide the broad-based credit score the agency 
most widely distributes to lenders and give consumers the right 
to choose a different score that is widely distributed.
    We have made a good start at educating the American 
consumer about the credit granting process, but more can be 
done. Credit scoring can be confusing and it becomes more 
confusing if the consumer gets one score when the lender uses 
something else. If, as we suggest, mandatory score disclosure 
gives the consumer the choice and defaults to the score that 
the agency distributes most widely to lenders, the consumer is 
in charge rather than the agency or the score developer. 
Furthermore, the uninformed consumer who needs help the most is 
likely to get a useful score, by defaulting to the score the 
agency distributes most widely to lenders.
    In conclusion, there is much valuable information about 
credit scoring available to consumers as a paid service and 
free. Consumer education will be improved if consumers can get 
the scores most widely distributed to lenders or another score 
of their choice.
    I thank you for the opportunity to share Fair Isaac's 
expertise and experience in this important area and I would be 
happy to answer your questions.
    Chairman Shelby. Mr. Hildebrand.

                 STATEMENT OF SCOTT HILDEBRAND

           VICE PRESIDENT, DIRECT MARKETING SERVICES

               CAPITAL ONE FINANCIAL CORPORATION

    Mr. Hildebrand. Chairman Shelby, Ranking Member Sarbanes, 
Members of the Committee, my name is Scott Hildebrand, and I am 
appearing before you on behalf of the Capital One Financial 
Corporation, where I serve in the capacity as Vice President of 
Direct Marketing Services. On behalf of Capital One, let me 
express my thanks to you for your leadership you have shown on 
this issue.
    Capital One is one of the 10 largest credit card issuers in 
the Nation, and a diversified financial services company with 
over 45 million customers and $60 billion in loans outstanding.
    At Capital One, we believe that a thorough understanding of 
financial matters not only helps consumers to make better 
decisions, but also helps to ensure the continued health of the 
financial services industry. We are not successful if our 
customers fail to manage their personal finances effectively, 
and thus are unable to meet their credit obligations.
    Capital One believes that clear communications about its 
products and services is important to maintaining successful 
relationships. Our best channel and our most direct vehicle for 
reaching out to our cardholders is their monthly statement. We 
include financial tips that are pertinent to their account in 
prominent locations on the statement where it is likely to be 
noticed.
    Understanding that Capital One may be the first credit card 
for many cardholders, we built financial education into all 
product touchpoints. Upon activation of the card, these 
cardholders receive a welcome booklet explaining the ins and 
outs of credit. Our message focuses on the importance of 
building a positive credit history.
    During the first year with Capital One, cardholders receive 
quarterly reminders about the importance of maintaining good 
credit habits. Created with Myvesta.org and Jump$tart Coalition 
for Personal Finance, these reminders provide more detailed 
information on numerous personal finance topics. For other 
customers we place the financial toolbox on Capital One's 
website, which includes guides, articles, and calculators to 
give consumers a better understanding of how to use our 
products.
    We also believe it is important to reach out beyond our 
customer base. Several years ago, we undertook a major 
corporate initiative to develop a financial education program. 
Following the Capital One method of doing business, we started 
by surveying the market to assess the delivery and methodology 
used by financial education programs. As a result of our 
research, we initially decided to focus on those most in need, 
lower-income and underbanked populations. As a result, we 
decided the best approach would be to find a strong, nonprofit 
organization with who we could partner. We contacted Consumer 
Action.
    Since beginning our partnership, we have developed a highly 
effective collaboration that has produced measurable results. 
Capital One has donated approximately $1\1/4\ million to create 
and implement MoneyWi$e, a program that offers straightforward 
easy-to-read information to address financial responsibility. 
Together, we have created a four-part series of MoneyWi$e 
educational materials that provide the basic building blocks 
for developing and honing personal finance skills. These 
include: Building good credit, credit repair, basic banking, 
and basic budgeting.
    Capital One's financial support of this program ensures 
that these materials are provided to nonprofit organizations 
and consumers free of charge. The materials are also available 
in four languages in addition to English including Spanish, 
Chinese, Korean, and Vietnamese. This ensures that we are able 
to reach immigrant groups, many of which have had negative 
experiences with banks in their home countries and are 
vulnerable to unscrupulous financial service providers.
    Five years ago, we joined Jump$tart. The premise behind our 
support of this program is simple. We believe in their mission 
to teach financial education in the public schools. Based on 
this belief, we provided financial support for the integration 
of Jump$tart's Money Math Curriculum into the Virginia school 
standards.
    Capital One has developed a unique method to reach college 
students. We decided to experiment with a method that utilizes 
students' relationships with their peers. Last year, we piloted 
MoneyWi$e for college students, a train-the-trainer program 
that teaches college students how to become ``money mentors'' 
and to deliver personal finance curricula to other students. 
Currently, the program is delivered on three college campuses, 
including the University of South Florida, Texas A&M, and 
Washington State. Because of the success of this test, we are 
currently in talks to expand the program to additional schools 
this fall including the University of Maryland, Penn State and 
the University of Alabama.
    The workshops cover a broad range of topics from how to 
maintain a checking account to understanding credit reports. 
The program results have been impressive with 100 percent of 
participants willing to recommend the program to other 
students.
    At Capital One, we believe in the principle that knowledge 
is power. Our products work best if our consumers manage their 
finances responsibly. For us, educated consumers, customers who 
know their annual percentage rate they are paying, who know 
when their bills are due, and who know and understand how to 
manage the products we offer, are our best customers.
    Mr. Chairman, Ranking Member Sarbanes and Members of the 
Committee, thank you again for the opportunity to testify 
before you today. I will be happy to answer any questions you 
may have.
    Chairman Shelby. I want to thank all of you.
    Mr. Plunkett, I am going to ask you this question. First, I 
am going to make a statement.
    The Consumer Federation survey results indicate that there 
is a troubling lack of awareness regarding many crucial 
financial matters. One of the things that I am concerned about 
is the seeming lack of understanding consumers have about the 
fact that creditors make decisions about them based on their 
entire credit profile. I think the results of one of your 
survey questions indicate that most consumers do not recognize 
that simply applying for or obtaining an additional credit card 
can have negative consequences for their credit score.
    Mr. Plunkett, how can we improve consumer understanding of 
the fact that creditors look beyond their credit history and 
examine their whole credit profile?
    Mr. Plunkett. Senator, we have two suggestions in our 
written testimony, one broad and one narrow. The first is to 
get consumers more information up front so that they can 
prevent problems before they occur, and this goes to their 
recommendations for a free credit report annually upon request 
and a free credit score annually upon request. This is a slow 
process, but as access to this information is improved, as 
consumers use it more, as they are allowed to prevent problems 
before they occur, they will slowly learn more about the 
factors that are used in considering their credit history.
    The second set of recommendations are very targeted, and 
they go to improving the dispute resolution process so that 
when consumers have what educators might call a teachable 
moment, that is, they are about to be denied credit, they get 
information at that time from the lender about this situation. 
They get their credit report. They are allowed to look at that 
and correct errors.
    You are touching on an even broader issue, which is that 
experience and transaction information is used as part of a 
credit profile to market to consumers, to develop new products, 
et cetera. My view is that the more consumers get access to 
their actual credit report and score, the more we engage them 
in this information, the more we talk about the variety of 
purpose for which creditors use this information, as you are 
intimating, it is not just the granting of credit that is 
involved, the more we can raise awareness of consumer knowledge 
there.
    And also, the thing to do of course is to give them the 
protection that you have been advocating for years, which is 
the ability to say no to the sharing of this information, 
especially among financial affiliates. That more than anything 
is going to confront them with a choice. The financial 
institution is going to make the pitch. They are going to say, 
this is why this information is good for us to share. This is 
how it helps you. And whether it is an opt in or an opt out, 
that decision, more than anything, will educate the consumer 
about what this information is being used for, and then they 
will be able to make a decision about whether they want it 
shared or not.
    Chairman Shelby. Ms. Stewart, what do you think is the best 
method to expand consumer awareness of how the credit system 
evaluates them?
    Ms. Stewart. Obviously, the need to increase awareness 
among consumers is vital. It is important for those that are 
particularly not in the credit reporting system right now to 
understand what it would take for them to actually get into the 
credit reporting system, and not only establish good credit but 
also maintain good credit over the long term. That is why we 
invest so much of our resources into building educational 
support systems that would provide this kind of information to 
consumers.
    The thing that is most important for the Fannie Mae 
Foundation though is making the distinction between having an 
established credit record and people that are creditworthy. 
What we find----
    Chairman Shelby. Two different things.
    Ms. Stewart. Those are two different things. As I mentioned 
earlier in my testimony, there are 22 million households who 
are unbanked, who have no relationship with a financial 
institution, and therefore have a much more difficult time 
establishing a credit record. That is 56 million individuals in 
this country. We believe it is very important to figure out how 
to move those 56 million people into the mainstream of 
financial activity in this country. One of the things that we 
provide in our ``Knowing and Understanding Your Credit'' 
brochure, which we provided copies of to the Committee, * is 
how to begin talking to a lender about nontraditional sources 
of credit, rent, utilities, other kinds of sources of credit 
that could actually bolster one's own discussion with a lender 
or a credit provider about one's creditworthiness, so that in 
case some credit information is not captured in a credit 
history, there is still a way for an individual to make a case 
that they are still a creditworthy individual. So there is a 
bit of awareness in education that is provided, but there is 
also some empowerment by consumers that we think we can do more 
of.
---------------------------------------------------------------------------
    * Held in Senate Banking Committee files.
---------------------------------------------------------------------------
    Chairman Shelby. Thank you.
    Senator Sarbanes.
    Senator Sarbanes. Thank you, Mr. Chairman. This has been an 
extremely interesting panel, and I think it underscores in many 
respects the difficulty of the problem we are trying to deal 
with.
    Actually, Ms. St. John, I like the logical construct you 
used in your statement. You said first, the information is 
there, but we have to show the consumer how to get it, and 
obviously we need to look at the premise of that, whether the 
information is there in all instances or whether there is more, 
but it is quite a reasonable point. It is there. Are they 
gaining access to it? And then your next logical point which I 
thought was extremely important is, how can the consumer 
understand the information that they get? I am struck by all of 
this material from the FTC that is in that plastic bag there, 
that we have a set of. I note that identity theft is obviously 
a fast-growing problem because there is a lot of material in 
here on identity theft. So, I think that underscores that 
issue.
    There is an awful lot of material here. But, one, how does 
a consumer get it, and then what use is a consumer able to make 
of it? I mean do they really understand it? How do we do that 
education process?
    I just want to ask first though some questions about the 
information they can get to begin with, to go right back to the 
premise. Mr. Winston, you stated in your testimony that FCRA 
itself serves an important educational function. Perhaps, most 
important, the law requires that lenders and other users of 
credit reports notify consumers when they take adverse action 
based on information from a credit report. So then the consumer 
knows that they are getting an adverse action because of their 
credit report. They are able to check their credit report to 
see whether the information upon which this is based is 
accurate.
    But Ms. Smith noted when a consumer accepts a creditor's 
offer of credit, even on different terms from those that were 
requested, an adverse action notice is not required. Of course, 
that raises a question whether an adverse action notice should 
be required when a consumer is denied the best credit rate 
offered by a company. In that situation, it is not a rejection 
of credit. It is putting them in a higher credit payment 
situation. What is your view on if they are offered less credit 
at less than most favorable terms, whether that is an adverse 
offer and should require an adverse notice.
    Mr. Winston. Under current law, it would require an adverse 
action notice if you got less favorable terms unless there were 
a counteroffer that you accepted in the credit situation. There 
is that caveat there. We have proposed that that be changed, 
that the Commission be given rulemaking authority to close that 
loophole because we believe it is a loophole. We think that in 
an era of risk-based pricing where very few consumers are 
actually turned down any more, but instead you get a higher 
rate or less favorable terms, that is the adverse action 
consumers should be informed of and given a right to look at 
their credit report and dispute any errors.
    Senator Sarbanes. Mr. Plunkett, did you want to add to 
that?
    Mr. Plunkett. That is an extremely important proposal. It 
goes to the heart of modernizing the Fair Credit Reporting Act 
for consumers given the trend in risk-based pricing. These days 
people with slightly blemished credit are much more likely to 
be offered a credit card or a mortgage loan at a higher 
interest rate, maybe with higher fees, than they are to be 
turned down. This goes to Senator Bennett's point. Instead of 
throwing information at consumers, let us let them know that 
they are not being offered the most favorable rate because of a 
blemish on their credit. Let us eliminate the counteroffer 
loophole and tell them this up front. Then that will trigger 
their FCRA rights to get the credit report and to check for 
problems.
    Senator Sarbanes. Is there anyone at the table who 
disagrees with this?
    Ms. Smith. I have a question as to the implementation of 
such a rule. Let me say that this rule comes from Regulation B 
because the application of the adverse action notice 
requirements on Fair Credit Reporting parallel, by law, the 
ones that we have under the Board's Regulation B. Basically, 
the position that is taken in the Regulation is one that was 
set certainly in the days before risk-based pricing, and it was 
set both to give a bright-line test for when is an adverse 
action notice required or when is it triggered? Then also to 
avoid confusion on the part of a consumer who might receive a 
credit card, for example, in the counteroffer situation, and 
then simultaneously receive an adverse action notice saying 
your credit was granted but it somehow suffered because of 
information in your credit report or information about you and 
your credit experiences. So that is the context in which it was 
established.
    If the rule is changed, I think that there would be some 
practical difficulties in determining what exactly represents 
an adverse or an unfavorable term in the sense that with risk-
based pricing, where you do have complexity in the pricing 
structure, where you have ranges--the example I used in the 
statement was from 7.9 to 14.9. And if someone receives the 
8.9, because it is not the most favorable, the person would 
receive an adverse action notice.
    I guess I also have a question as to practical impact in 
the sense that if someone receives a notice saying that they 
did not receive the most favorable rate based on information in 
their credit report, how likely is that individual to follow 
up? They will have the opportunity and be alerted that there is 
information in their credit report. The question is how likely 
is someone who knows that he or she has a credit history that 
is not stellar, that does have some blemishes, to follow up by 
asking for the credit report? It is only an issue of the likely 
impact that it might have, so certainly making credit reports 
available is something that would be valuable to the consumer.
    Mr. Winston. If I might just respond to that. I agree with 
Ms. Smith that there are complexities, and we want to avoid a 
situation where in essence everyone is getting an adverse 
action notice because no one ever gets the absolute best rate, 
but I think those are complications that can be resolved 
through a fact-gathering process and a rulemaking.
    I do not think it is necessary that the adverse action 
notice be negative in the sense of we have done something bad 
to you. It can simply be a statement of fact that we looked at 
your credit report, and something in that report resulted in 
you getting the offer that you got. It just triggers in the 
consumer's mind that this factored into their decision, and 
that is where I think the educational function comes in. I 
think there are a lot of consumers out there who apply for a 
loan, are offered 7 percent, and have no idea that it was not 6 
percent because of their credit report. It would never even 
occur to them. I think consumers in that situation should be 
told that the credit report was factored in, you have a right 
to get it, and here are your rights, so that particular 
consumer can check and make sure there are not mistakes. I 
think that can be done through a rulemaking in a way that makes 
sense and balances these different interests.
    Senator Sarbanes. Of course, the other thing is even if 
they check it and there is no mistake, it drives home to the 
consumer the lesson that they need to pay attention to their 
credit record. Otherwise, it is going to have an adverse impact 
on their financial situation. That is part of the educational 
function, as well I would assume.
    Mr. Winston. Absolutely.
    Mr. Plunkett. Senator, I would just add that then the 
consumer, at that point, once they get the notice, can look at 
the difference in the rate that is being offered, for example, 
if it is a slight increase in a credit card, and this consumer 
is inclined to pay their balances every month, then they do not 
request their report, they do not sweat it. But if it is a 3 
percent difference on a mortgage loan, that can obviously be 
hundreds of thousands of dollars over the course of a 30-year 
fixed loan, then they are going to want to look at their credit 
report. Leave the decision to the consumer.
    Senator Sarbanes. Ms. Stewart.
    Ms. Stewart. We would just agree that it is very important 
for consumers to have the information so that they can make an 
informed decision. When it comes to mortgage credit, for 
example, the fact that they may get a notice that they are 
paying a slightly higher rate, if they do have truly damaged 
credit, might not be a bad thing. If they have credit extended 
to them at all, it might be a good thing. But it is not a good 
thing if they do not know, going into the process, that they 
may not have good credit or that there may be problems in their 
credit report that may lead to a higher interest rate.
    The reason that is important for them to know is that 
obviously the whole purpose of homeownership is not just to 
provide a shelter over your head. It is to provide a wealth-
building opportunity. To the extent that they have to pay more 
in financing costs, it reduces that opportunity to build wealth 
over time, and therefore eliminates one of their biggest 
priorities in terms of acquiring a home and having and building 
home equity over time.
    Senator Sarbanes. Mr. Chairman, my time is up. It shows the 
complexity. One question and we run out of time.
    Chairman Shelby. Absolutely.
    Senator Bennett.
    Senator Bennett. Thank you very much, Mr. Chairman. I agree 
with Senator Sarbanes that this has been a very useful and 
interesting panel.
    I wish we had had some representatives of the industry that 
provides credit scoring. I know Fair Isaac does, but I am 
talking about Equifax and the others, to address some reactions 
to some of the proposals that have been made. One of them that 
I would want to know is clearly cost. What is it going to cost 
to give a free credit report to everybody who asks for it? We 
have got some indication in those States where it is available 
now, but when I have asked that question of representatives of 
the industry, they say, well, it depends on the advertising 
campaign. I am not sure it is fair to put it on you, Mr. 
Plunkett, but groups say, get your credit report. They start 
advertising this. People say, you know, the cost is de minimis 
unless there is an advertising campaign whipping everybody up 
to please write in for their credit report. Then the number of 
credit reports goes up. The number of free credit reports goes 
up very dramatically. And the free credit report, while free to 
the individual, is not free to the credit bureau that is 
providing it. We might inadvertently go down the line of 
saying, gee, free credit reports for everybody is wonderful, 
and by the way, we have just added X amount of cost to the 
overall system which will then fall back on the consumer 
because ultimately the consumer has to pay the cost.
    If any of you have any information about that, I hope you 
would furnish it to the Committee.
    Let me get specifically, Ms. St. John, to the area that you 
talked about that I found really fascinating and frankly, a 
little bit confusing. One of the concerns that I have, take 
your reference to the SAT scores as an analogy here, is that 
some overactive trial lawyer will try to turn the score into an 
entitlement. We have seen that with respect to colleges, of 
people saying, I have an SAT score of X. Someone else has an 
SAT score that is not as good as mine. The college made a 
choice to choose them for reasons other than just the score, 
and I am going to bring lawsuit saying I am entitled to that 
spot in this law school, or this university because my SAT 
scores were higher than his.
    You see the problem here. Now, you have indicated that a 
customer can choose the score by which he wants to be judges, 
as opposed to the score that is widely distributed, and I need 
to have you explain that to me a little better. I do not quite 
understand that statement.
    Ms. St. John. Senator, your point is well taken. One of the 
things that we make very clear on the website and in the 
consumer booklets that we publish, is that the score is just 
one factor that lenders use in making their decision, and that 
lenders use a number of different factors, depending on the 
type and the nature of the credit decision that is being made.
    Having said that, we recognize that there is a variety of 
different kinds of scores available. One of the biggest 
concerns that we actually have with some of the score 
disclosure legislation that is in place today is that it simply 
requires disclosure of a score by the credit reporting 
agencies, not necessarily the one that is most widely used. 
Consumers may not recognize that the score information they are 
getting in those States is not necessarily a widely distributed 
score. In some cases, it may be a general consumer education 
score. It may be other scores that the credit reporting 
agencies distribute. But the point that we were really trying 
to make is that we feel consumers are best served if they know 
and understand the scores that lenders are using. Lenders use a 
wide variety of scores, including a lot of custom, proprietary 
scores. But to the extent that there is a widely distributed 
score, we feel that is the most useful score for consumers to 
know and understand.
    Senator Bennett. Then why would a consumer say, well, I 
want to choose another score to be disseminated about me? If it 
is the most widely distributed score that people use, aren't 
you de facto creating a national norm here?
    Ms. St. John. To the extent that there is a widely used 
score, I agree. We would think that that would be the default. 
However, recognizing that there are other generally available 
scores, there may be a general consumer education score, at the 
end of the day we feel that consumer choice, if they have the 
information to understand the types of scores that are 
available, if they are allowed to at least choose the score 
most widely used, would serve them best. Today, in the State of 
California, consumers do not necessarily even have access to 
the score most widely distributed by all three credit reporting 
agencies.
    Senator Bennett. My time is up, but I would like to come 
back to this on a second round if I could, Mr. Chairman.
    Chairman Shelby. Thank you.
    Senator Miller.

                COMMENTS OF SENATOR ZELL MILLER

    Senator Miller. Thank you, Mr. Chairman.
    I would like to thank the panel. I particularly would like 
to thank Ms. Gambrell for including that information about the 
Money Smart model site and the Dekalb workforce center in 
Georgia and also what is going on at Decatur High School. I did 
not know that until I read your testimony, and that is good 
work and I am glad you included it.
    I grew up in a home where the head of the household was a 
woman, and back in those days of antiquity, I can remember how 
she dreaded to go to the bank to try to borrow some money. Back 
then, a woman being the head of a household was a rarity. Of 
course today it is commonplace. I am wondering though, do we 
lump these women who head households under the title of 
consumer, that we use so freely, or should there be any kind of 
special effort to educate this group in particular somewhat 
better? Anybody have any thoughts on that?
    Ms. Gambrell. Senator, just some quick observations. I 
think certainly we have found at the FDIC that there are 
specific populations that have an even greater need, and 
certainly the panelists have talked about that today. When you 
look at underserved communities, when you look at unbanked 
populations, there are in particular groups within those 
categories: Minorities, women, those who are in low- and 
moderate-income categories. So as you look at the wide range, 
quite honestly, of financial education curricula, you will see 
that there are some very excellent programs that are geared 
specifically toward women, sometimes toward older women, 
sometimes toward women who are heads of household. That 
information is critical. It is crucial to help them understand 
how to get a foothold into the financial structure, how to 
better manage their money, and how to better manage their 
household. But I think we can all say certainly today that 
there continues to be the need for even greater education. And 
more than just education and awareness, that there has to be a 
link between that education and specific products, services, 
and programs, so that as people move through the educational 
track, there is something on the other end, there is an 
incentive that will bring them into a bank, a financial 
institution, or to use other types of products and services 
that will, in essence, lift them from their current financial 
situation.
    Senator Miller. Thank you.
    Ms. Stewart. Senator Miller, we have done research at the 
Fannie Mae Foundation on issues around women and their comfort 
level with financial matters, and some of our research shows 
that women in general are less comfortable dealing with 
financial issues, less comfortable with financial terms like 
IRA's, IDA's, and other kinds of financial jargon. So, we 
believe at the Fannie Mae Foundation we have to do a 
particularly good job in reaching out to lots of different 
communities, and in particular to women, to help them better 
understand issues around financial literacy and get them better 
prepared to manage their financial life for themselves and 
their families.
    We know that the homeownership rates among women, single-
family headed households are particularly low, but they are 
growing. We believe there is a huge opportunity in this country 
if we invest more in education and information among women, 
that we will be able to do more to push the homeownership rate.
    One of the things that we found in terms of the delivery of 
financial services information for lots of different groups, 
African-Americans, Hispanics, minority groups, and immigrants, 
is that if you present information in the language and in a way 
that they understand and feel comfortable with, you actually 
have more success in getting information through. For example, 
with the Native American population, we have actually produced 
financial literacy information that is culturally specific to 
their population so that they can receive the information in a 
way that they feel comfortable and can understand. We think 
this can be tailored for women, as well as other groups that 
are particularly in need and are particularly underserved and 
overlooked by the financial services industry.
    Senator Miller. Thank you very much. I think they face a 
special challenge, and I am glad to hear there are some special 
programs that try to zero in on this.
    I do not have any other questions, Mr. Chairman.
    Chairman Shelby. Thank you.
    Ms. St. John, just a quick question here, and then I will 
move on. Would it be fair to say that FICO scores can only be 
as good as the baseline information used to develop them, that 
is, accuracy is everything here, is it not?
    Ms. St. John. Yes. The FICO scores use all of the factors 
proven predictive of credit risk based on the credit reports 
information.
    Chairman Shelby. You need accuracy. You need the 
information in the report to do it right, don't you?
    Ms. St. John. Well, you certainly need a base level of 
information for those scores to be predictive, definitely.
    Chairman Shelby. Right.
    Mr. Hildebrand, I assume that Capital One wants to have a 
good understanding about the credit history of its potential 
customers. In other words, your underwriters need information 
to make underwriting decisions like everybody that extends 
credit.
    Mr. Hildebrand. Absolutely.
    Chairman Shelby. So as consumers of information, you are 
fully supportive of its widespread availability?
    Mr. Hildebrand. Yes.
    Chairman Shelby. But as providers of information, you seem 
to have adopted a different perspective from what the staff has 
told us. They say you deliberately withhold furnishing to 
credit bureaus important customer information, information 
which has a material bearing on your customers' eligibility for 
credit. Some have claimed that Capital One, your company, is 
gaming the system to prevent its customers from appearing like 
worthwhile marketing targets to your competitors in the 
marketplace. Do you think your customers know of, let alone 
understand, Capital One's policy with respect to furnishing 
information to the credit bureaus? Quick answer.
    Mr. Hildebrand. So you speak about our reporting of credit 
lines?
    Chairman Shelby. Yes, under reporting stuff. Our staff has 
said----
    Mr. Hildebrand. One specific variable that has been cited 
is the reporting of credit lines, Senator.
    Chairman Shelby. You said you do that because if you report 
it all, then the customer might have a better shot in the 
market.
    Mr. Hildebrand. We have not seen any research yet that 
indicates that this is in any way impactful on consumers. we 
have agreed to team up with Fair Isaac to actually look into 
this.
    Chairman Shelby. But you do not deny doing it, I would 
hope?
    Mr. Hildebrand. No, no, we do not report customer's credit 
line, that is correct.
    Chairman Shelby. Well, why don't you report it, because 
accuracy is so important?
    Mr. Hildebrand. It is a proprietary issue for us. At 
Capital One, one of the ways we manage risk, quite 
appropriately, is through the granting of credit lines, and the 
way that we manage that is called ``credit line sloping.'' We 
believe that is a competitive tool that we use better than 
anybody else in America. Our concern is that if we were to 
report that, our competitors could reverse engineer our credit 
policies and replicate that. It is an advantage that we have in 
the marketplace.
    Chairman Shelby. But on the other hand, what about 
accuracy? If I was doing business with you or anybody, I would 
want my report coming from Ms. St. John's company or whoever 
does this, to reflect everything I have to be accurate. In 
other words, how can the other people determine the report that 
comes out to be accurate if you do not, as a creditor, furnish 
that information to the credit bureau or if you skew the 
information?
    Mr. Hildebrand. We do not yet----
    Chairman Shelby. I know you do it for proprietary reasons, 
but the customers out there, which is all Americans, do not 
know that.
    Mr. Hildebrand. No, they do not. And as I said, Senator, we 
do not yet have any evidence that it actually has an impact on 
the accuracy of their credit score. If we receive that, we will 
certainly reconsider our policy.
    Chairman Shelby. But it could have some impact on whether 
or not the customers can go somewhere to shop for better.
    Mr. Hildebrand. That is possible.
    Chairman Shelby. Could it not? Sure.
    Mr. Plunkett, do you think the average consumer in America 
understands that they can suffer negative consequences because 
a firm they have a credit relationship with decides to 
underreport information regarding their credit history?
    Mr. Plunkett. Senator, the answer is no. Our survey shows 
that, we asked a specific question here, that the majority of 
Americans do not understand.
    Chairman Shelby. Do you think that the average consumer 
understands that they may suffer, yes, suffer negative 
consequences because a firm they obtained credit from decides 
to underreport information regarding their credit history, same 
fact?
    Mr. Plunkett. Same answer, Senator. They do not understand 
they can suffer and this actually harms their overall credit 
score.
    Chairman Shelby. Would you agree that firms, that everybody 
that is in the marketplace, with credit so available, and 
accuracy so important, need to either furnish complete and 
accurate information to the credit bureaus or they need to 
inform their customers about their policy of limiting 
reporting?
    Mr. Plunkett. Senator, we think the first is absolutely 
essential. We need a requirement for complete reporting. As for 
informing customers on this one, this is an unethical practice. 
The experts on credit reporting and credit scoring tell us that 
it is very, very likely that this is a ding on the credit 
report. We know that if you look maxed out on your credit card, 
that is, you have a $500 balance and it looks like your credit 
line is $500, that that almost certainly is used as a negative 
factor in some way in calculating your credit score. 
Absolutely, it should be required that this information be 
reported. Telling consumers about it after the fact, I do not 
know that that helps them very much on this one, because the 
point of the whole credit reporting system is to have accurate 
and complete information.
    Chairman Shelby. Senator Sarbanes.
    Senator Sarbanes. Mr. Chairman, I want to take a moment or 
two to follow up on your line of questioning that you were 
pursuing. I think it is important.
    Ms. St. John, in your statement you say that 30 percent of 
your FICO score is determined on the basis of amount owed.
    Ms. St. John. Yes.
    Senator Sarbanes. And you list as one of the factors under 
amounts owed proportion of credit lines used, proportion of 
balances to total credit limits on certain types of revolving 
accounts. So you would look to see--maybe you have a $5,000 
limit--whether you would use $500 of it or $4,500 of it. Is 
that correct?
    Ms. St. John. Yes.
    Senator Sarbanes. Okay.
    Ms. St. John. The amount of available credit line that is 
actually used and the balance owing been proven to be 
predictive factors.
    Senator Sarbanes. And the higher percentage of the 
available credit on a particular credit line a consumer is 
using could hurt their credit score. Is that correct?
    Ms. St. John. In general, the pattern that we see is the 
higher the percentage of the line utilized, the greater the 
risk of nonpayment in the future, yes.
    Senator Sarbanes. How do you determine what a consumer's 
credit limit is on any given line of credit?
    Ms. St. John. There are several different fields that are 
available that vary by the different credit reporting agencies. 
Some have a specific credit limit amount. Others represent a 
high credit amount that has been reached. The scoring systems 
use a variety of information to determine that high credit 
amount. If the credit limit is missing, it may look to see if 
there is other information that is available that can be used 
that has been proven predictive in the calculation of that 
ratio.
    Senator Sarbanes. The credit limit reported by the 
creditor, is that where that information comes from, 
presumably?
    Ms. St. John. Yes.
    Senator Sarbanes. All right. Now, is the creditor required 
to report that information?
    Ms. St. John. No.
    Senator Sarbanes. What happens if a creditor does not 
report a credit limit maximum for a particular credit line?
    Ms. St. John. It depends on the specific algorithm or the 
predictive variable that is being calculated. In some cases, 
the variables may default to a high credit amount or another 
field that is available. In other cases, it may bypass that 
particular account from the calculation altogether if it cannot 
contribute to the calculation overall. The end result is that 
the individual score for any given consumer in that situation 
could be higher or could be lower, depending on the ratio of 
credit used relative to the limits on all their other accounts.
    Senator Sarbanes. On the particular credit line, isn't the 
highest amount charged reported as the maximum?
    Ms. St. John. Depending on the credit reporting agency, 
yes, the highest amount actually reported is----
    Senator Sarbanes. So if the creditor did not report the 
maximum score, that could artificially depress a consumer's 
credit score because it would make it appear he had maxed out 
or was close to maxing out, when, in fact, that was not the 
case. Is that right?
    Ms. St. John. It actually depends on what the current 
balance is at the time relative to whatever the maximum balance 
may have been. If they are carrying a very low balance at the 
time relative to the highest amount reached historically on 
that file----
    Senator Sarbanes. Let's assume that----
    Ms. St. John. --it could be lower.
    Senator Sarbanes. --the maximum balance they ever had was 
far short of what the credit limit was. So you could end up--
let's say my maximum balance has been $500. I have $400 on my 
card. My limit is $5,000. But I am going to get reported as 
though I am at 80 percent of my usable money, as I understand 
what you are telling me, rather than getting reported at 8 
percent. Is that right?
    Ms. St. John. It actually depends on what the total limits 
outstanding are across all revolving trade lines and the total 
balance is across all. So it's not calculated on an individual 
account or trade line basis, but across all revolving accounts 
on the credit report.
    Senator Sarbanes. If that is my only revolving account?
    Ms. St. John. If that is your only revolving account and is 
the maximum balance reached, then, yes, it would be lower. It 
would likely result in a higher calculation.
    Senator Sarbanes. Well, I just want to ask Mr. Hildebrand. 
Does Capital One report the maximums on the credit limits?
    Mr. Hildebrand. We do not report the credit limit, the 
credit line that has been granted. We report the amount 
outstanding.
    Senator Sarbanes. Yes, so the person, this hypothetical 
person I have been describing, would really get a black mark 
when they do not deserve it. Isn't that the case?
    Mr. Hildebrand. To paraphase Ms. St. John, it depends on 
the broad spectrum of the credit that you are looking at as the 
score is developed. The score is developed looking at the 
entire credit profile coming from the bureau.
    Senator Sarbanes. I understand that, but this is one factor 
in there.
    Mr. Hildebrand. It is one factor.
    Senator Sarbanes. As far as this factor is concerned, 
clearly a negative mark is going to register against the 
consumer when they do not deserve that negative mark.
    Mr. Hildebrand. Senator, there are other scenarios that 
could be constructed that it is just as positive for consumers. 
And that is the research we are trying to do, to understand the 
impact that this would have. We certainly do not want to do 
anything detrimental to American consumers. We have a business 
to run as well. That is what we are trying to protect here. And 
so we have to balance those two. Right now it is a voluntary 
system.
    Senator Sarbanes. Are you unique amongst businesses in 
following this path?
    Mr. Hildebrand. I do not know.
    Mr. Plunkett. Senator, I can tell you from our survey and 
our study in December, from the Federal Reserve study in 
February of this year in which they looked at 248,000 credit 
reports. Capital One is likely not the only one using this 
practice. The Fed study, one of their conclusions, by the way, 
was that the use of this positive information does overstate 
risk for particular consumers.
    The other point I would make is that one of the standard 
generic explanations that consumers get when they get that 
adverse notice we have been talking about is, ``Proportion of 
debt to available credit.'' That means this is one of the 
reasons why your credit history, your credit report and your 
credit score, is not as high as it could be.
    Senator Sarbanes. I have used a lot of time on that, but 
I----
    Chairman Shelby. It has been very informative.
    Senator Sarbanes. It is an important point.
    Chairman Shelby. Senator Bennett.
    Senator Bennett. Thank you. I think it is an important 
point as well, and I think we should dig a little further into 
it.
    Where it leads is where I am not quite sure I want to go, 
which is legislation laying out the requirement as to what the 
provider of information has to provide by law. Currently, it is 
entirely voluntary, is it not?
    Mr. Hildebrand. Yes, it is.
    Senator Bennett. Now, everybody who participates in the 
system has a vested interest in seeing that the system works. 
And, therefore, you are going to be as cooperative as you 
possibly can in providing information that you think will help 
the system work.
    If legislation comes in and says, okay, we are going to 
determine, by the wisdom of Congress, that the following things 
must be reported by every provider, with fines or other kinds 
of punitive action taken by the Government against a provider 
that does not fill in every single aspect of the blank, it 
conjures up, for me, a world that I am not really comfortable 
with because it means the Government virtually has taken 
ownership of this process, and the next step, Mr. Winston, is 
that the FTC runs it, Fair Isaac goes out of business, the FTC 
is giving scores, Congress is mandating what will be considered 
and what will not. And I think somebody out there is going to 
figure out a way to game that and get around it because this 
was not listed, so we can start to make decisions here, there, 
and everywhere.
    Am I overreacting?
    Mr. Plunkett. Senator, I would just respond to say we would 
not recommend that kind of micromanaging in the statute. There 
are obligations placed on credit bureaus and credit furnishers 
in the statute on accuracy. The statute is not explicit in 
terms of what is accurate and what is not. The agencies enforce 
it. We need an explicit standard on completeness, you know, 
just a definition, without micromanaging what is and what is 
not complete. We will leave that to the agencies.
    I will just add one more point. My understanding is that 
Fannie Mae and Freddie Mac require complete reporting, and I 
have not heard any reports that it has led to a problem in 
terms of people leaving the system.
    Senator Bennett. That is voluntary.
    Mr. Plunkett. When it comes to mortgage lending.
    Senator Bennett. That is voluntary.
    Mr. Plunkett. Yes, but it goes to your point that this kind 
of requirement would result in people fleeing, you know, 
furnishers fleeing the credit reporting system. What this shows 
us is that scenario probably would not happen.
    Senator Bennett. Could you furnish us with a list of the 
things you think should be required?
    Mr. Plunkett. In a definition of completeness?
    Senator Bennett. Right.
    Mr. Plunkett. Yes. Absolutely, Senator.
    Senator Bennett. Okay. We can take a look at that and get a 
reaction to it.
    You made mention earlier on, Mr. Plunkett, in one of your 
answers to opt in or opt out on the affiliate sharing issue, 
and we have not gotten into that issue with this panel. But 
since you made a mention of opt in or opt out, at least as you 
said it there was the implication that you really did not care 
one way or the other, just so long as the consumer has an 
opportunity at that particular point that the adverse action is 
triggered by something other than the present definition of 
adverse action, you would prefer to go in the direction of 
adverse action being defined as something less than the optimum 
rate. And at that point the consumer can say, well, I do not 
want my information shared with somebody in an opt in or opt 
out situation.
    I am pretty firmly in the opt out camp on this because I 
believe that if you have opt in, simple inertia will prevent 
the whole system from getting the information it needs. The 
analogy I give is if the phone book was opt in or opt out, you 
would probably have only about 20 percent of the phone numbers 
that are currently available to you in the phone book because 
the other 80 percent of the people would not get around to 
opting in. But if you do not want to get phone calls with the 
phone book, you can opt out and say I want an unlisted number. 
And I have discovered for those who say, yes, but an unlisted 
number costs money and I would prefer an opt out that is free, 
I have discovered it is very easy to get an opt out that is 
free, simply list your name in a way that nobody is going to 
recognize but your friends and relatives.
    My wife has an aunt who is listed by the initials, her 
first initial, then the initial of her maiden name and her 
married name, and nobody knows who she is in the phone book 
except her friends and relatives. Therefore, she has an 
unlisted number if somebody is trying to look for her, and it 
did not cost her anything.
    Could you address this question of opt in and opt out and 
what might very well happen if we go to an opt in and a large 
number of people say, well--not say, but by simple inertia stay 
out of it and thereby deprive affiliates of information that, 
in fact, can be, as we have heard in other panels, very, very 
useful to consumers?
    Mr. Plunkett. Senator, we support an opt in approach, but 
let me say this: Right now nationally, and at the State level, 
an opt in does not exist and an opt out does not exist. Neither 
exists for consumers regarding the sharing of this affiliate 
information. So either would be an improvement.
    We support the opt in approach because consumers again and 
again in polling have said that they are extremely concerned 
about the sharing of this information, this transaction and 
experience information because we should respect that, and also 
because the institutions you are talking about, even with an 
opt in, I have no doubt we are going to see a lot of marketing. 
The financial institutions in this country are masters of 
marketing. They are going to do everything in their power to 
explain the good purposes that they talk about for which this 
information is used. And so, even if it is an opt in, they are 
going to have their best shot at convincing consumers to use 
that opt. Consumers will have an opportunity to make that 
decision, to weigh the factors, and to decide whether it is 
worth their while to allow that information to be shared.
    Senator Bennett. My time is up. I would join you in 
supporting an opt out. I would suggest to you that the opt in 
process that you have described, which is a massive marketing 
plan to get those 80 percent of the people who would not 
otherwise do it unless they got convinced, would be really 
quite expensive and raise costs for everybody, and even if it 
were successful, end up hurting the consumer in higher costs 
for the services that were provided.
    Mr. Chairman. Thank you.
    Chairman Shelby. Senator Allard.

               STATEMENT OF SENATOR WAYNE ALLARD

    Senator Allard. Thank you, Mr. Chairman, I apologize I was 
not here at the start of the hearing, but I do have a full 
statement I would like to make part of the record.
    Chairman Shelby. It will be made part of the record in its 
entirety, without objection.
    Senator Allard. I hope this is not duplicative of a 
question previously asked, but I would like to direct this to 
Ms. St. John. In your testimony, you explain that there are 
many different kinds of credit scores ranging from the Fair 
Isaac's-developed, broad-based FICO scores, widely distributed 
to lenders, to custom models that are developed for use by 
individual lenders. The last kind of credit score you mention 
are those distributed primarily to the consumer market. I am 
curious how the credit scores distributed to lenders are 
different than those distributed to consumers.
    Ms. St. John. In many cases, credit scores are being made 
available to consumers in States that have required score 
disclosure. California was the first and Colorado has recently 
passed a law. We have cooperated with one of the credit 
reporting agencies to ensure that the FICO scores are indeed 
provided to consumers in those States when they request them. 
That is not necessarily the case, though, with all the credit 
reporting agencies. It is really up to the credit reporting 
agency to simply provide a score which may or may not be the 
one that is actually the scores that lenders are using in a 
number of cases.
    As I mentioned in the written testimony, there are general 
consumer education scores that have been developed that 
describe scores in general and give an idea. There are scores 
that the credit reporting agencies have developed on their own 
that are proprietary to those agencies. There is the FICO 
score. And then, of course, there are custom proprietary scores 
that the lenders would use that the credit reporting agencies 
would not have access to.
    Our point in our written testimony is simply that it is 
important when score disclosure comes up as a topic to be clear 
on what score. We certainly would indicate that the consumer's 
knowing and understanding what scores lenders use and having 
access to the scores most widely distributed at a particular 
point in time is what would serve the consumers best. And at 
the end of the day, if there is a choice of different widely 
distributed scores, it puts consumers in charge by giving them 
the choice.
    Senator Allard. All those scores, though, impact 
decisionmaking by the lender, whether or not they are 
distributed to the consumer. Is that correct?
    Ms. St. John. They may or may not. My understanding is that 
generally developed consumer scores for consumer education 
purposes may not even be something that is provided to lenders 
or that lenders are using. I do not really know in many cases, 
and I think that is one of the biggest issues that we have 
found, that it is difficult for consumers to necessarily know 
what score they are actually being provided with.
    Senator Allard. Okay. So the score that the lender has is 
not necessarily comparable to that which has been provided to 
the consumer. Is that correct?
    Ms. St. John. That is correct in the sense that, again, 
there are many different kinds of scores that are available. 
And the best way to indicate if there is understanding and 
access to credit scores is by ensuring that if there is a 
widely distributed score, it makes sense that that would be the 
one that is provided most often as opposed to, say, lenders' 
own proprietary scores. As I indicated, the credit reporting 
agencies would not even have access to those.
    Senator Allard. We have three main credit bureaus, I guess 
is the best way to describe it. Do credit scores vary among 
those three credit bureaus?
    Ms. St. John. Yes, they do.
    Senator Allard. In what way?
    Ms. St. John. Well, the FICO scores, as we indicated, are 
the most commonly used. In fact, there are different underlying 
credit scoring algorithms at each of the three credit reporting 
agencies. The reason for that is because there are different 
underlying data elements that are maintained by those credit 
bureaus, and Fair Isaac has sought to develop the most 
predictive scores available for each of those three credit 
repositories.
    We do scale them so that the same score represents the same 
degree of risk, regardless of which credit reporting agency it 
is obtained from. But the actual underlying statistical 
algorithms are slightly different between the three.
    Senator Allard. Mr. Chairman, I see my time has expired.
    Chairman Shelby. Thank you, Senator Allard.
    Ms. Smith, in your written testimony, you have highlighted 
that the development of risk-based pricing has reduced the 
number of adverse action notices, which is a key accuracy 
device that consumers receive. You also point out that, at 
present, there are significant questions as to the overall 
accuracy of credit reports.
    You then indicate that the outmoded adverse action notice 
should not be updated. This is troubling to me, and probably 
others. In other words, it seems to me if you are looking for 
accuracy rather than just making--and Senator Sarbanes, I 
believe, raised the question--them another offer, but always at 
a higher rate of interest, always, without them being jolted.
    Ms. Smith. Okay. I was not intending to suggest that this 
is an area that should not be looked at or should not be 
updated.
    Chairman Shelby. By ``looked at,'' you mean----
    Ms. Smith. Considered as far as----
    Chairman Shelby. This is the time to deal with it, isn't 
it?
    Ms. Smith. Right.
    Chairman Shelby. Okay. All right.
    Mr. Winston, the FTC favors updating the adverse action 
notice process. Is that support for updating based on the 
notion that consumers will never be more aware of the need to 
review their credit report than after they have been jolted to 
that awareness by some kind of credit-related problem?
    For example, if I were to apply for a credit card with 
Capital One, or anybody, and----
    Senator Sarbanes. Well, Capital One is at the table, so 
that is a good example.
    Chairman Shelby. It is.
    Mr. Hildebrand. And we appreciate you applying, too, 
Senator.
    [Laughter.]
    Chairman Shelby. I may have one from them. Who knows?
    Mr. Hildebrand. I hope you do.
    Chairman Shelby. But if I did, shouldn't they have all the 
information that goes on me to evaluate my credit risk? Do you 
agree with that?
    Mr. Winston. Yes, that is the ultimate teachable moment.
    Chairman Shelby. Now, on the other hand, if they did not 
have all the accuracy, all the information, and they might not 
give me the credit card with the lowest rate of interest, they 
might make a counteroffer of 3 percent more interest, or 
whatever it is. But I still would not know why, would I? I 
would just know they made me a counteroffer. Is that correct?
    Mr. Winston. You would not know that this is a 
counteroffer, necessarily. You may not even know that there is 
a lower rate available to people with better credit. They give 
you a number. You may think that is what they offer, that is 
their best rate.
    I think a lot of consumers do not understand this notion of 
different rates for different credit risks.
    Chairman Shelby. Well--and I am speaking for myself--I 
think there should be different rates for different credit 
risks.
    Mr. Winston. Of course.
    Chairman Shelby. I mean, that is how the market works. You 
know, you have to have that, I believe. On the other hand, the 
accuracy of that credit report is key to all the scoring, is it 
not?
    Mr. Winston. Yes. I think the fact that there are different 
rates for different credit risks is a terrific thing. That is 
good for our economy. That is good for consumers. But that 
heightens the need for an accurate report, and it heightens the 
need for consumers to understand how that report is being used.
    Chairman Shelby. Absolutely. Thank you.
    Senator Sarbanes.
    Senator Sarbanes. This has obviously been a very 
interesting session. I wanted to just add an addendum to that 
last point. At some point for the different rates for different 
risks, we reach the point where the person is being called upon 
to pay rates that they cannot sustain by any reasonable 
measure. That is when we get into, in my judgment, predatory 
lending and similar practices. And it is one of the reasons I 
have been so concerned about that, because beyond a certain 
reasonable point people are being led into a situation which is 
very apparent that this is well beyond their means to sustain. 
Usually that happens when there is real estate that can then be 
stripped away from them, so this wealth-building, whatever was 
done in the equity, is all taken out away from the people. So, 
I just want to add that extra dimension to it.
    I am not clear on the answer to Senator Allard's question, 
which I thought was a good line of questioning. As I 
understand, it is possible, under the way the current system 
works, that a creditor can deny me credit as a consumer. I get 
an adverse notice. I ask for the credit report to see what went 
wrong. And the credit report that I am given is different from 
the credit report used by the creditor to deny me credit. Is 
that correct?
    Ms. St. John. Senator, I was speaking in the case where it 
was proactive--a request by the consumer to obtain a copy of 
their credit score from a credit reporting agency. I think 
there are others on the panel who are better equipped to 
address the situation in the case of an adverse action, when an 
adverse action has been taken. Lenders have always been 
provided with the top reasons behind the score in order to 
provide the key underlying reasons for that adverse action to 
the consumer.
    Senator Sarbanes. Well, but that may be reformulated by the 
creditor. I want to know whether, if I am a consumer and I get 
an adverse notice, I ask for my credit report, whether I am 
going to get exactly what the creditor got when he denied me 
credit.
    Mr. Plunkett. Senator, here is a circumstance where that 
could happen. The creditor only submits a couple of points of 
identifying information on the potential--on the applicant, on 
the consumer: Name, Social Security number. We know that the 
system is imperfect and that it pulls up information that does 
not always pertain to that particular person.
    The consumer, when they ask for their report, they use four 
or five pieces of identifying information. So the credit bureau 
gets it right. The consumer gets the right information for 
them. But the creditor's report may contain mixed files. It may 
contain information about John Smith, Sr., instead of John 
Smith, Jr. And the information then used by the lender to make 
a credit decision is wrong, is inaccurate.
    That is why the consumer needs to see, in the case of an 
adverse action, that actual report that the lender used.
    Senator Sarbanes. Yes.
    Mr. Hildebrand. May I, Senator?
    Senator Sarbanes. Yes, certainly.
    Mr. Hildebrand. As a lender here, the case that Mr. 
Plunkett just cited could indeed happen, although the credit 
bureaus and all the lenders strive to make sure that the 
individual who has applied to us is the one whose credit record 
we are pulling. And there are mountains of information and 
pieces of technology that are used to do that.
    When an adverse action is issued, what we are trying to do 
there--we receive a large amount of information about a 
consumer electronically, machine-read, virtually unintelligible 
to a human, when those credit records are passed. So when we 
actually ask a bureau for a record so that we can approve an 
application, it comes in a format that is readily available to 
computers, not easily deciphered by people.
    The report that is issued to a consumer out of the credit 
bureaus puts that into understandable language and context. The 
adverse action letters do the exact same thing.
    We may be looking at large amounts of information, but the 
salient points, the reason for the issuance of the adverse 
action letter is really what is important to the consumer. It 
is that they, you know, have had too many late payments, for 
instance. That is why. The specifics of what we looked at and 
all those things, that is available on the report, but it is 
made in a format that is much different than what we see.
    Senator Sarbanes. Of course, Mr. Plunkett posits a 
situation in which the consumer is being denied credit on the 
basis of a faulty report.
    Mr. Hildebrand. And as I said, that is a very rare 
circumstance.
    Senator Sarbanes. Well, it should not occur at all, 
presumably.
    Mr. Hildebrand. Agreed, and the credit bureaus, that is 
what they spend most of their time trying to do, is make sure 
that, you know, we do not walk around with identifying numbers 
that sort of--you know, a national security identification 
number that we use readily that makes all that information easy 
to capture and compile. That is what they spend their time 
doing.
    Senator Sarbanes. All right. Let me ask, Ms. Smith, in your 
testimony you speak of the efforts at the Federal Reserve to 
promote enhanced financial education. Ms. Gambrell and Mr. 
Winston also spoke of their agencies' efforts. And it is my 
understanding--in fact, knowledge--that many other agencies, 
departments, and regulators have financial literacy and 
education initiatives underway. Of course, there are extensive 
efforts at the State and local level, in the private sector, 
and by the nonprofit community as well.
    It is my strong view that there is a lack of coordination 
with respect to all these efforts, and particularly amongst the 
various Federal agencies. I think we need a comprehensive 
strategy to promote financial literacy and education for all 
Americans.
    Do you think that increased coordination between the 
various Federal entities who are working on this problem, along 
with strong cooperation with State and local governments and 
nonprofit and private entities, to develop and implement a 
coordinated strategy would be a beneficial undertaking?
    Ms. Smith. It certainly would be valuable to coordinate and 
collaborate in terms of having the agencies know what each of 
the others is doing. Generally, some of this is already taking 
place in the sense that I know that in the case of the Federal 
Reserve, when we enter into the financial education arena, we 
look at where it is that the Federal Reserve can add value 
rather than approaching it from ground zero and thinking that 
we need to produce brochures or that we need to produce 
programs.
    We, for example, would not attempt to replicate what the 
FDIC is doing, knowing the wonderful job that they have done 
with their Money Smart program. So that what we do attempt to 
do within the Federal Reserve is to see where there are 
segments of the population where we might add value, so that, 
for example, some of our Federal Reserve districts, if they 
have Native American populations, have placed their efforts 
there, not in the sense of educating them necessarily in a 
direct sense, but working with Native American tribes, 
partnering with banking organizations and with community groups 
to bring the different elements together and to leverage 
resources.
    Senator Sarbanes. Ms. Gambrell, do you think we need a 
coordinated strategy?
    Ms. Gambrell. Senator, I would support and the FDIC would 
support a stronger coordination of financial literacy efforts, 
and certainly at the FDIC we have seen from our own efforts the 
importance of the grass-roots collaboration with community 
organizations, with financial institutions, and others. There 
are, as I said earlier, excellent programs out there, and we 
certainly see the benefit to an even more structured and strong 
coordination among the programs.
    Senator Sarbanes. Mr. Winston.
    Mr. Winston. Coordination is certainly a good thing. There 
is a lot of it that goes on now. I agree with Ms. Smith. And 
what we have learned in our educational efforts generally is 
that consistency of message is critical, that everybody be 
saying the same thing, be on the same page. And the more we can 
do that, the better.
    Senator Sarbanes. Ms. Stewart, do you want to add anything?
    Ms. Stewart. We think the coordination would be very 
important. But one thing I would just add to it is that one of 
the other important institutions to include in that 
conversation would be the public education system. One of the 
things that we found in researching the likelihood of consumers 
to even seek out financial literacy information is that it 
usually comes when there is a crisis going on, when there is an 
important goal that a family may want to reach, like 
homeownership or some other goals, or when a family has to 
comply with some requirements or some regulations. I dare say 
that I think for some younger people, younger Americans who 
need access to more information on financial literacy, a 
requirement of school would prompt them to actually learn more 
about financial literacy. Actually, we would be able to do more 
in terms of increasing the understanding of credit and 
financial literacy to educate people younger in their lives, so 
that before they get through college and certainly when they 
start working in the workplace, they have a much better 
understanding of how to establish good financial practices for 
themselves that will start them on the path to creating wealth 
and building wealth over time.
    Senator Sarbanes. Good. Thank you.
    Chairman Shelby. Senator Bennett.
    Senator Bennett. Thank you, Mr. Chairman.
    Back to this issue of score disclosure, Ms. St. John, I 
have gone into it and Senator Allard has gone into it. You are 
aware, of course, that what you are proposing here is different 
from what the House bill suggests and different from what is 
being done in both Colorado and California, where the credit 
reporting agency has latitude to choose. You have talked about 
latitude on the part of the consumer to choose, and I am still 
not quite sure I understand how that works here. The experience 
in the States that have this is the experience that the House 
bill has adopted, which means that the credit reporting agency 
can choose between the widely used scores, which presumably is 
yours--and I can understand you have a brand you would like 
everybody to use. But either that or educational scores, which 
in their view might go farther toward helping the consumer 
understand why an adverse action was taken.
    I will not ask you to say, gee, we prefer somebody other 
than our company to be the one that is chosen, but this whole 
question of latitude, if I understand your testimony, you think 
the customer should make the decision as to which score he gets 
rather than the credit reporting agency being permitted to 
determine which score they give.
    Ms. St. John. That is correct. We feel the information is 
out there about scoring in general. It is a matter of simply 
trying to get the word out. In some cases, though, we feel like 
what is proposed under the House bill, if it follows what some 
of the States are doing could actually be confusing or 
misleading. It has been debated well, is it the score most 
widely used at any given time? That may or may not be the FICO 
score at some point in the future. A general education score 
that could be more valuable.
    At the end of the day, we simply feel that if the consumer 
had sufficient information to understand, they could choose, 
and at least have the right to be able to get the score that 
lenders are using widely at any given time. So what we were 
trying to propose was simply more flexibility in some of the 
wording or the language that would allow for greater consumer 
choice, and at least allow access to the score that is widely 
used by lenders at any given time.
    Senator Bennett. Okay. Not to prolong it, my problem is 
that many times the score may be the most widely distributed 
score, but it is not the score that a particular lender uses, 
in which case the customer is getting a score that is 
irrelevant to the fact that he has had an adverse action from 
that particular lender. And, you know, that becomes more 
confusing.
    Let me just close my comments here--we have got a vote 
coming up--to put into the record, not to ask any particular 
question or raise any particular issue, but just put into the 
record that I think might help in our perspective of this. The 
FDIC is responsible for ensuring compliance at 5,400-plus FDIC-
insured, State, nonmember banks, literally millions and 
millions of consumers. I think the following set of numbers is 
interesting.
    In 2000, the FDIC received a total of 600 Fair Credit 
Reporting Act complaints and 194 inquiries. When they examined 
the 600 complaints, 90 percent, 540, were found not to involve 
an error; only 60 were found to have involved an error or 
violation. So think of the millions of transactions that took 
place. Out of those millions, 600 produced something that 
somebody decided they wanted to complain to the Federal agency 
about, and out of that 600, 60 were found to involve an error. 
That was in 2000.
    In 2001, the FDIC received 100 complaints, down from 600 to 
100, and of them, 65 percent--easy, the raw numbers--65 were 
found not to have involved an apparent bank error violation.
    In 2002, the FDIC received a total of 452. We got off the 
round numbers in 2002. Of these, 391, or 86 percent, were found 
not to involve an apparent bank error or violation; only 61, or 
14 percent.
    That does not mean this is a trivial issue, and that does 
not mean we should not be having this hearing and looking at it 
as carefully as we are. But it does mean that the Fair Credit 
Reporting Act is performing an awful lot better than some of 
the rhetoric around it might suggest. And we should be very 
careful, Mr. Chairman, as we draw up the specifics of this 
legislation, to fix some of the problems that have been 
outlined here. I am particularly intrigued by Mr. Winston's 
suggestion that we change the definition of adverse action when 
a credit report is triggered. I agree with you that is a 
teaching moment. And the fact that I am not getting the best 
rate that I could have otherwise have gotten might be the time 
that it gets my attention. I would prefer that to be the 
trigger of the free report than an advertising campaign to be 
the trigger of a free report.
    But as we go through all of these possibilities, we should 
remember that this process has served America extremely well, 
has served minorities and those who are economically 
disadvantaged extremely well, has served entrepreneurial 
activity on the part of those who could not otherwise get 
credit to start businesses extremely well. And we should be 
very careful not to mess up a good thing while we are in the 
process of trying legitimately and properly to make it better.
    Chairman Shelby. Senator Allard.
    Senator Allard. Thank you, Mr. Chairman. Just briefly, I am 
just curious to know, of those of you who provide financial 
literacy information, do you also provide information on how to 
improve your credit score?
    Mr. Winston. Yes.
    Mr. Plunkett. Yes.
    Senator Allard. How many? All of you?
    Ms. Gambrell. We do.
    Senator Allard. Let's see. I see four out of seven? Five 
out of seven? Okay. And obviously you think this is an 
important follow-up on a credit score.
    When you talk about how a consumer can improve their credit 
score and then discuss their credit report, do consumers 
understand the difference?
    Mr. Plunkett. Well, funny you ask, Senator. We just did a 
survey on this. We found that only a quarter of consumers had 
seen their credit score--this does not go exactly to your 
question--and that just under 50 percent had looked at their 
credit report. So we can assume for the rest of the population 
that they may not understand the difference. In fact, I 
mentioned this earlier. A small percentage of consumers think 
the credit score actually measures their knowledge of credit as 
opposed to their creditworthiness.
    Senator Allard. Interesting.
    Ms. Gambrell. Senator, we certainly have found, as well, 
that in the Money Smart classes that we have taught, there are 
questions that are raised by those participants. And, in fact, 
one of our modules actually walks people through a credit 
report to help them better understand what they need to look 
at, and in many of those classes, they have the reports right 
in front of them. But, clearly, there is still some confusion 
over the differences between that credit report and the credit 
scoring and how it may impact a person's credit history.
    Ms. St. John. And if I could, for those who have visited 
myfico.com and actually purchased the basic service, which is 
their FICO score, the underlying credit report, and a detailed 
explanation of the factors that go into it, as well as some 
general advice as to how they can improve their score over 
time, we have had over 3 million customers who have purchased 
that basic service, and they understand the difference from the 
standpoint that they can see their score, but then go back and 
forth between the score explaination and the underlying credit 
report. And many of the statistics that we have gathered where 
we have surveyed visitors to myfico.com have indicated that 
over 80 percent have taken steps to try to improve their credit 
score over time following that, and roughly 80 percent would 
continue to monitor their score at least once a year. At least 
for those people that have visited the site, and gotten that 
information, including both the score and the report, it is 
quite clear what the differences are.
    Senator Allard. Yes, ma'am.
    Ms. Stewart. I would just add to it that our consumer 
education brochures on credit give general advice on how one 
can improve one's credit score, credit profile, or credit 
report in general. But we do not feel that we have the 
information that would provide specific advice to a consumer on 
specifically the things that would drive a credit score up. We 
just give general advice that would improve one's credit 
profile altogether.
    Senator Allard. I would suspect that most of you, if you 
get an adverse action, somebody applying for credit who got 
turned down, you would recommend to them at some point in time 
to come back and get another credit report to see if their 
credit history is accurately reflected. Under current law, 
consumers are provided one free credit report. If there is 
adverse action determined and they correct it, do they have to 
pay for that second follow-up to see if that correction is 
there?
    Mr. Winston. Yes, except in those States where it is free.
    Senator Allard. Oh, some States provide that free of 
charge?
    Mr. Winston. Colorado is one.
    Senator Allard. Colorado is one of those.
    Senator Sarbanes. How many such States are there?
    Mr. Winston. I believe there are six.
    Ms. Stewart. Senator Allard, one other thing that I would 
just add to that is we actually advise in our outreach material 
that people actually get their credit report before they even 
enter the process and that people understand their credit 
profile before they actually apply for a mortgage so that they 
do not get down the road and have to face a situation where 
they may end up having to pay more for a mortgage that may 
actually reduce their wealth-building opportunity. And so we 
actually advise people to even start the process with looking 
at a credit report before even applying for the mortgage in the 
first place.
    Senator Allard. Thank you, Mr. Chairman.
    Chairman Shelby. I want to thank all of you for being here 
today. I think this has been a very important and lively 
hearing.
    Senator Sarbanes. I agree with that, Mr. Chairman.
    Chairman Shelby. This hearing is adjourned.
    [Whereupon, at 12:22 p.m., the hearing was adjourned.]
    [Prepared statements and response to written questions 
supplied for the record follow:]
             PREPARED STATEMENT OF SENATOR MICHAEL B. ENZI
    Mr. Chairman, I commend you for holding this important hearing 
today.
    Our credit market has been extremely important to the health of our 
economy. During the past few weeks, many individuals before our 
Committee have discussed that it is vital for consumers to understand 
the credit process before getting involved and the consequences that 
happen when people do not. In an ideal world, the primary tools of 
financial literacy would be taught to children at a very young age. I 
firmly believe that the fundamental basics of how to save, to invest, 
and to put money away for retirement are more important now than ever.
    There is a tremendous amount of excellent information out there, 
both in the public and private sectors, to help consumers comprehend 
how to handle money and credit. However, I also recognize that 
consumers can get confused easily by all of the information that is 
available, especially when trying to determine what information is 
right for a particular consumer. To help in the process, Senator 
Stabenow and I will be introducing legislation this week to help give 
consumers an entry point for this information within the Federal 
Government.
    Whether a consumer is searching for financial information about 
starting a savings account, to open a credit card, to start investing 
in the stock market, to purchase a home, or to put away money in a 
retirement account or pension plan, all consumers should have all of 
the information at their fingertips without having to hunt down 
specific information for just one purpose. We hope that this bill will 
help the Federal Government bring the right information, in the proper 
perspective, in one spot for consumers.
    As we will hear today, there are many excellent Federal programs 
and public/private partnerships out there. We just have to make sure 
that people can find them.
    I also want to single out Senator Sarbanes for all his hard work on 
financial literacy. I know that he has worked very hard over the years, 
as Chairman and as ranking member, to bring this issue to the 
forefront. Mr. Chairman, I am very grateful that you also are making 
financial literacy a part of the Committee's overview of the Fair 
Credit Reporting Act. I look forward to working with you and Senator 
Sarbanes and other Members of the Committee on this important issue.
                               ----------
               PREPARED STATEMENT OF SENATOR WAYNE ALLARD
    I would like to thank Chairman Shelby for holding this hearing on 
consumer awareness and understanding of the credit granting process. 
There are certain responsibilities a consumer has in finding out the 
status of his or her credit, by purchasing or retaining a credit 
report. However, customers are often not aware of the factors that 
inhibit or enhance their ability to receive credit. Regulators and the 
credit industry have an important role to play in making sure that 
consumers are educated on the factors that determine their credit 
status, and what steps they can take to improve their credit score.
    Maintaining a good credit report is essential as it can determine a 
customer's ability to get a mortgage, a car loan, or insurance. Senator 
Schumer and I recently introduced S. 1370, the Consumer Credit Score 
Disclosure Act of 2003. This bill would provide consumers with their 
numerical credit score and an explanation of the factors that 
determined that score when they apply for a mortgage or a loan. S. 1370 
would ensure that customers are made aware of their credit score, how 
it was created, and what they can do to repair it. Our bill would 
ensure that consumers have the tools they need to ensure they are 
getting the best rate and terms when applying for financing.
    Thank you again, Mr. Chairman for convening this important hearing. 
I would like to thank the witnesses for agreeing to testify today, and 
look forward to your testimony.
                               ----------
                 PREPARED STATEMENT OF DOLORES S. SMITH
          Director, Division of Consumer and Community Affairs
            Board of Governors of the Federal Reserve System
                             July 29, 2003
    Mr. Chairman and Members of the Committee, I appreciate the 
opportunity to testify on the significance of maintaining a reliable 
national credit reporting system, the importance of the Fair Credit 
Reporting Act to that system, and the need for consumer awareness of 
how this system functions and relates to their ability to obtain 
credit.
Background and Overview of the Fair Credit Reporting Act
Background
    In the past, local banking institutions knew the credit capacity of 
individuals in their community. As the financial services industry has 
grown larger, financial products and services more complex, and the 
U.S. population more mobile, it is no longer feasible for institutions 
to evaluate the credit standing of consumers based solely on their 
direct experiences with such consumers. Centralized credit bureaus, or 
consumer reporting agencies, have evolved to provide a repository of 
credit history 
information that can be accessed by creditors to evaluate the 
creditworthiness of prospective borrowers. This national credit 
reporting system provides creditors with an efficient, competitive, and 
cost-effective method of obtaining data for credit decisionmaking and 
consumers with increased credit availability.
    The data on what consumers understand about the credit granting 
process, and how their credit report relates to that process, are 
limited. There is some anecdotal evidence consumers are generally aware 
of the terms ``credit scoring'' and ``credit rating,'' but that they 
are not clear on how credit scores are used in credit granting. Because 
information obtained through the national credit reporting system has 
become invaluable to creditors in determining the creditworthiness of 
consumers, it is crucial that consumers understand how this system 
operates and impacts their ability to obtain credit and the pricing of 
credit. Educated consumers who make informed decisions about credit are 
essential to an efficient and effective marketplace. Consumers who 
understand how their credit-risk profile relates to credit rates and 
terms can better determine which credit product suits their needs.
    Today, each of the three national consumer reporting agencies--
Experian, Equifax, and TransUnion--maintains records on as many as 1.5 
billion credit accounts held by approximately 190 million individuals. 
Each of the consumer reporting agencies receives more than 2 billion 
items of information per month and issues roughly 2 million credit 
reports each day.\1\
---------------------------------------------------------------------------
    \1\ See ``An Overview of Consumer Data and Credit Reporting,'' 
Federal Reserve Bulletin, February 2003, at 49-50.
---------------------------------------------------------------------------
    The information that is gathered by the consumer reporting agencies 
is obtained from banks, savings associations, credit unions, finance 
companies, retailers, other creditors, and collection agencies, as well 
as from public records. A consumer report generally consists of five 
types of information: Identifying information, such as the consumer's 
name and address; detailed information reported by creditors regarding 
individual credit accounts; public record information, such as records 
of bankruptcies, foreclosures, and tax liens; information reported by 
collection agencies, mostly regarding nonpayment of bills; and 
information regarding inquiries about a consumer's credit record. 
Consumer reports are used for credit, insurance, employment, and 
certain other limited purposes.
Overview of the Fair Credit Reporting Act
    The Congress adopted the Fair Credit Reporting Act (FCRA) in 1970 
to regulate credit reporting systems in the United States, and passed 
significant amendments in 1996. The primary purposes of the FCRA are to 
ensure fair and accurate credit reporting and to protect consumers' 
privacy. Among other things, the FCRA imposes certain obligations on 
consumer reporting agencies, on users of consumer reports, and, since 
1996, on furnishers of information.
    A person may obtain a consumer report only for a permissible 
purpose. The FCRA specifies the permissible purposes, which include 
using the information contained therein for a transaction involving an 
extension of credit to a consumer. If a creditor takes any action that 
is adverse to a consumer based on information in a consumer report, the 
creditor generally must give the consumer a notice of the adverse 
action. This notice informs consumers about their rights under the 
FCRA.
    Participation in the U.S. credit reporting system is voluntary. 
Creditors are not required to obtain consumer reports before making 
credit decisions, although most creditors rely on consumer reports for 
risk-management purposes. Creditors also are not required to furnish 
information to consumer reporting agencies. But if they do, the 
information they furnish must be accurate. They must correct and update 
erroneous information, and must investigate any disputed information.
    Consumer reporting agencies have extensive responsibilities under 
the FCRA. Those responsibilities include: Maintaining reasonable 
procedures to ensure that consumer reports are furnished only to 
persons having a permissible purpose; following reasonable procedures 
to ensure the maximum possible accuracy of consumer reports; 
reinvestigating the accuracy or completeness of any disputed 
information and notifying the consumer of the results of the 
reinvestigation; omitting certain obsolete information from consumer 
reports after specified periods of time; and providing consumers with a 
copy of their consumer reports upon request.
    The FCRA contains important consumer rights and protections. 
Several are designed to promote accuracy in consumer reports. For 
example, the right to receive notice if information in a consumer 
report has resulted in adverse action enables consumers to check the 
accuracy of information in their credit reports. An adverse action 
notice must inform the consumer of the name, address, and telephone 
number of the consumer reporting agency that furnished the report, the 
consumer's right to obtain a free copy of the consumer report, and the 
consumer's right to dispute the accuracy or completeness of any 
information in the consumer report. Consumers have a right to obtain a 
copy of their consumer reports, upon request; currently this right does 
not extend to getting their credit score.\2\ Consumers also have the 
right to dispute the accuracy or completeness of any information in 
their consumer reports with a consumer reporting agency, to have such 
information deleted or corrected, and to have a statement of dispute 
included in the report if the dispute is not resolved. Consumers may 
also dispute the accuracy of items with the furnisher of the 
information.
---------------------------------------------------------------------------
    \2\ A credit score is a numerical representation of a consumer's 
overall credit profile arising from mathematical procedures that weight 
attributes in the way that best distinguishes between preferred and not 
preferred accounts.
---------------------------------------------------------------------------
    Other consumer rights and protections are designed to protect 
consumer privacy. Consumers have a right to be excluded from 
prescreened solicitation lists. The three national consumer reporting 
agencies maintain a toll-free telephone number that consumers can call 
to exercise this right. Limiting access to consumer reports to persons 
that have certified a permissible purpose under the FCRA also protects 
consumer privacy. In general, the FCRA restricts the sharing of certain 
information among affiliates unless the consumer is given the 
opportunity to opt out of that sharing. Additional privacy protections 
apply in circumstances where consumer reports are provided to 
prospective employers or contain medical information, and where 
investigative consumer reports are prepared or obtained.
The Importance of the National Credit Reporting System
     Maintaining a reliable national credit reporting system is 
essential to ensure the continued availability of consumer credit at 
reasonable cost. As Federal Reserve Board Chairman Greenspan has 
observed, ``unless we have some major sophisticated system of credit 
evaluation continuously updated, we will have very great difficulty in 
maintaining the level of consumer credit currently available[.]'' \3\ 
Without the information that comes from various credit bureaus and 
other sources, lenders would have to impose higher costs on consumers 
to compensate for the increased risk and uncertainty associated with 
the credit they extend.
---------------------------------------------------------------------------
    \3\ Remarks following prepared testimony by Alan Greenspan, 
Chairman of the Board of Governors of the Federal Reserve System, April 
30, 2003, House Financial Services Committee.
---------------------------------------------------------------------------
    The readily availability of accurate, up-to-date credit information 
from consumer reporting agencies benefits both creditors and consumers. 
Information from consumer reports gives creditors the ability to make 
credit decisions quickly and in a fair, safe and sound, and cost-
effective manner. Consumers benefit from access to credit from 
different sources, the competition among creditors, quick decisions on 
credit applications, and reasonable costs for credit.
The Importance of Credit Scoring
    Credit scoring has become an important tool in the credit granting 
process. Credit scoring models, which typically are proprietary to 
individual institutions or individual consumer reporting agencies, use 
credit bureau information and other data to construct mathematical 
scorecards that can accurately predict levels of creditworthiness 
across various populations. These models assign positive and negative 
weights to items of information that have demonstrated statistical 
usefulness for the evaluation of credit risk. Credit scoring enables 
creditors to evaluate, quickly and inexpensively, the risk of lending 
to credit applicants, and promotes the making of expedited credit 
decisions in a safe and sound manner. Consumers benefit from the 
increased availability and lower cost of credit made possible by the 
use of credit scoring models. Credit scoring also may help to reduce 
unlawful discrimination in lending to the extent that these systems are 
designed to evaluate all applicants objectively and thus avoid issues 
of disparate treatment.
    As Chairman Greenspan has noted, the emergence of credit scoring 
technologies, ``has proven useful in expanding access to credit for us 
all, including for lower-income populations and others who have 
traditionally had difficulty obtaining credit. It has also enabled 
financial institutions to offer a wide variety of customized insurance, 
credit, and other products.'' \4\ Chairman Greenspan stressed the 
importance of maintaining a system that provides incentives to develop 
more sophisticated credit scoring models and enables credit scoring 
models and technologies to advance.\5\
---------------------------------------------------------------------------
    \4\ Letter from Chairman Alan Greenspan to Congressman Ruben 
Hinojosa, February 28, 2003.
    \5\ Remarks following prepared testimony by Alan Greenspan, 
Chairman of the Board of Governors of the Federal Reserve System, July 
15, 2003, House Financial Services Committee.
---------------------------------------------------------------------------
Risk-Based Credit Pricing
    Credit evaluation systems rely on information gathered by consumer 
reporting agencies on consumers' borrowing and payment experiences to 
measure the credit risk posed by current and prospective borrowers. 
Risk-based pricing, which has become increasingly common in all sectors 
of the credit industry, is a mechanism by which the rates offered or 
charged to consumers reflect the creditworthiness and risk posed. Risk-
based pricing is made possible because creditors have available to them 
data from consumer reports, including credit scores, which permit them 
to 
assess the risk profiles of individual consumers. For example, a 
consumer demonstrated to have an extremely low risk of default or 
delinquency, based on a consumer report, would likely be offered a very 
favorable interest rate; a consumer with a marginal credit history, on 
the other hand, may also be offered credit, but at a higher rate. Risk-
based pricing permits creditors to offer credit products tailored to 
the consumer's individual risk profile.
The Importance of the FCRA to the National Credit Reporting System
Federal Preemption Under the FCRA of Certain State Laws
    In 1996, the Congress amended the FCRA and, among other things, 
preempted the States from enacting laws or regulations dealing with 
seven areas addressed by the FCRA. These seven areas include: The 
procedures for using prescreened solicitations; the time for 
reinvestigating disputed information; the duties of creditors that take 
adverse action; the informational contents of consumer reports; the 
duties of furnishers of information; affiliate information sharing; and 
the form and content of the summary of rights disclosure. Through these 
preemption provisions, the Congress effectively established uniform 
national standards in these areas. The FCRA preemption provisions are 
scheduled to sunset on January 1, 2004. After that date, States would 
be permitted to enact laws in these seven areas if those laws 
explicitly provide that they are intended to supplement the FCRA and 
give greater protection to consumers than is provided under the FCRA.
    Chairman Greenspan has stated his support for making permanent the 
provision currently in the FCRA to provide for uniform Federal rules. 
In an appearance before the House Financial Services Committee earlier 
this year, Chairman Greenspan spoke of the importance of having 
``national standards'' under the FCRA, and cautioned that with 
significant differences State by State, it would be very difficult to 
maintain as viable a system as we currently have.
    The FCRA promotes the national credit system in important ways. 
Perhaps most significantly, the availability of standardized consumer 
reports--that contain nationally uniform data--allows banks to make 
prudent credit decisions efficiently wherever they do business and 
wherever their customers live and work. The FCRA's 
national standards governing furnisher responsibilities and duties of 
users taking adverse action--the two primary areas of responsibility 
for most financial institutions--promote efficiency by enabling banks 
to comply with a single set of rules for all of their domestic credit 
operations. State-specific restrictions on furnishing information to 
consumer reporting agencies, or on the contents of information 
contained in consumer reports supplied by consumer reporting agencies, 
could negatively affect credit availability and increase the cost of 
credit.
Accuracy of Consumer Reports
    Although maintaining uniform Federal rules in the seven areas where 
the FCRA currently preempts State action is essential to the national 
credit system, the current system is by no means perfect. In 
particular, concerns have been raised about the accuracy and 
completeness of information in consumer reports. Recent studies have 
shown that consumer reports sometimes contain inaccurate, incomplete, 
or 
inconsistent data, although the degree to which this is a problem is in 
dispute.\6\ Moreover, the growing problem of identity theft only 
heightens concerns about the accuracy of consumer reports, because of 
the difficulties that victims often face in having fraudulent accounts 
removed from their credit files.
---------------------------------------------------------------------------
    \6\ For a summary of these recent studies, see ``An Overview of 
Consumer Data and Credit Reporting,'' Federal Reserve Bulletin, 
February 2003, at 50.
---------------------------------------------------------------------------
    The accuracy of consumer report information is a critical element 
of the national credit reporting system. Most of the problems 
associated with consumer reporting agency data appear to result from 
the failure of creditors, collection agencies, or public entities to 
furnish complete and consistent information in a timely manner.\7\ Four 
particular areas of concern with regard to consumer report accuracy 
include: (1) The failure to report credit limits; (2) the failure to 
report updated information on accounts; (3) the failure to report 
nonderogatory accounts or minor delinquencies; and (4) the inconsistent 
reporting of public record data, collection agency data, and 
inquiries.\8\ Although the financial services industry has undertaken 
efforts to address the problem of inaccurate (and incomplete) 
information in order to deter fraud, ongoing efforts are needed to 
ensure that information furnished to consumer reporting agencies is 
accurate, timely, and complete. Concerns about the accuracy of consumer 
reports can be alleviated to some extent through consumer education, 
such as efforts to encourage consumers to check their consumer reports 
periodically.
---------------------------------------------------------------------------
    \7\ Id. at 70-73.
    \8\ Id. at 71-72.
---------------------------------------------------------------------------
Adverse Action Notices and Risk-Based Credit Pricing
    Under the FCRA, if a creditor denies credit or takes other 
``adverse action'' based on information in a consumer report, the 
creditor generally must give the consumer a notice of that fact. Among 
other things, the notice must also tell consumers of their right to 
obtain a free copy of their credit report and to dispute inaccurate 
information. The FCRA incorporates the definition of ``adverse action'' 
contained in the Equal Credit Opportunity Act and its implementing 
regulation, the Federal Reserve Board's Regulation B. Under the ECOA 
and Regulation B, consumers are entitled to a notice containing the 
specific reasons for a credit denial or other adverse action. The FCRA 
and ECOA notices, which are typically combined, provide an important 
tool in educating consumers about the impact on credit availability of 
negative information in their consumer reports. Receiving notice of the 
specific reasons for adverse action coupled with notice that the 
adverse action was based, in whole or in part, on information in a 
consumer report: (1) Alerts consumers to specific problems or possible 
inaccuracies in their credit reports, and (2) informs consumers of 
their right to obtain a free copy of the report and to dispute 
inaccurate information.
    With the increase in risk-based pricing, consumers who previously 
would have been denied credit (and would have received adverse action 
notices) now are offered credit at rates that reflect their risk as 
borrowers, thus expanding access to credit. When a consumer accepts a 
creditor's offer of credit, even on different terms from those that 
were requested, an adverse action notice is not required under 
Regulation B, and hence is not required under the FCRA. Therefore, when 
consumers apply for credit, adverse action notices are given to them 
less frequently than in the past.
    Concern has been raised that because of risk-based pricing, adverse 
action notices may no longer be meeting at least part of the intended 
purpose under the FCRA--helping to ensure the accuracy of consumer 
reports. Inaccurate information in a 
consumer report may negatively impact access to credit at rates that 
reflect the consumer's creditworthiness, but there is no adverse action 
notice directing the consumer's attention to potential errors may stand 
in the way of more favorable terms.
    One suggested approach for addressing this concern is to revise the 
FCRA definition of adverse action to require that creditors provide an 
adverse action notice whenever credit is granted on material terms less 
favorable than those otherwise available. For example, a creditor using 
a risk-based pricing system may offer a credit card based on an 
assessment of the consumer's creditworthiness with rates ranging from 
7.99 to 14.99 percent. A consumer would receive an adverse action 
notice if the consumer was offered and accepted a rate of 8.99, rather 
than the lowest rate of 7.99 percent, based on that risk assessment. 
Providing adverse action notices to consumers that receive credit might 
provide some benefit to consumers, but at a cost to industry that 
likely would outweigh the potential benefit.
    Other tools could be made available to consumers to mitigate these 
concerns. For example, the Congress is now considering legislation to 
give consumers the right annually to obtain a free copy of their 
consumer reports upon request. If enacted, such legislation could 
encourage consumers to check their consumer reports periodically, 
particularly if coupled with appropriate consumer education about the 
importance of consumer reports and how to check for accuracy.
Consumer Education and Financial Literacy
    Consumer education and financial literacy play an important role in 
helping consumers to understand the credit system and their own credit 
standing.\9\ Financial education can equip consumers with the knowledge 
required to make better choices among the financial products and 
services, thus enabling consumers to obtain those products and services 
at the lowest cost available to them. Financial education is 
particularly valuable for populations that have traditionally been 
underserved by the financial system and may help protect vulnerable 
consumers from abusive credit arrangements that can be financially 
devastating.
---------------------------------------------------------------------------
    \9\ The Federal Reserve, however, does not have data that measure 
consumers' level of knowledge or awareness of credit reporting, credit 
scoring, or how the credit system operates. We do conduct consumer 
research but the focus generally targets consumer knowledge of specific 
practices or products.
---------------------------------------------------------------------------
    Markets operate more efficiently when consumers are well informed. 
Making informed decisions about what to do with their money will help 
build a more stable financial future for individuals and their 
families. The Federal Reserve System recently launched a national 
financial education initiative to encourage consumers to learn more 
about personal financial management, complete with a public service 
announcement that featured Chairman Greenspan. The objective of this 
initiative is to highlight the benefits of financial education and to 
provide information on the resources available to consumers for 
assistance in managing their finances. The Federal Reserve's financial 
education website (www.FederalReserveEducation.org) makes available a 
variety of materials that may be useful to consumers, including a 
brochure entitled, ``There is a Lot to Learn about Money'' that 
contains tips for managing credit wisely and protecting personal credit 
ratings.
    In addition, the Federal Reserve Bank of Boston has published an 
excellent educational video and booklet on identity theft that explains 
what identity theft is, how consumers can protect themselves from 
becoming victims, and what they should do if they do become victims. 
These materials also explain the importance of checking consumer 
reports regularly, provide tips for how to read a consumer report, and 
list appropriate contact information for the three major consumer 
reporting agencies and certain Federal Government agencies. A copy of 
the Boston Reserve Bank's identity theft booklet can be viewed online 
at the Federal Reserve Bank of Boston's public website 
(www.bos.frb.org/consumer/identity/index.htm).
Conclusion
    The Committee is to be commended for undertaking an examination of 
the FCRA and related issues at this important juncture. In conducting 
this examination, it is important to maintain a viable, national credit 
reporting system that preserves and expands reasonable access to 
credit, and to promote consumer understanding and awareness of the 
credit reporting system and how it relates to the credit granting 
process.
                               ----------
                  PREPARED STATEMENT OF DONNA GAMBRELL
         Deputy Director for Compliance and Consumer Protection
            Division of Supervision and Consumer Protection
                 Federal Deposit Insurance Corporation
                             July 29, 2003
    Chairman Shelby and Senator Sarbanes, thank you for inviting me to 
testify on behalf of the Federal Deposit Insurance Corporation (FDIC). 
The FDIC has been closely following the hearings on the Fair Credit 
Reporting Act (FCRA) and related issues. At stake are matters that 
affect both individual consumers and the manner in which the Nation's 
economy operates. FDIC Chairman Don Powell has stated his support for 
making the expiring FCRA preemption provisions permanent. Doing so will 
ensure the continuity of the credit reporting system of our Nation--a 
system that provides consumers with unparalleled access to credit that 
generally costs less than the credit available in other parts of the 
world. We thank you for your careful consideration of these important 
issues.
    We also commend the Committee's attention to the difficult problems 
associated with combating identity theft. For its part, the FDIC is 
coordinating an effort among the Federal financial institution 
regulators to publish guidance on measures that should be taken when 
security breaches occur that may lead to identity theft. We believe 
that institutions should take active steps to minimize potential harm 
to consumers whose information has been breached, and urge a proactive 
approach when an institution becomes aware of a breach.
    The Nation's credit system and its regulatory framework have played 
a vital role in increasing the availability of credit to a broader 
cross section of American consumers, particularly in historically 
underserved market segments. The Federal Reserve Board's 2001 Survey of 
Consumer Finances indicates that between 1970 and 2001, the share of 
households with credit cards increased from 16 to 73 percent. More 
dramatically, during the same period, access to credit cards for the 
lowest income quintile increased from 2 percent to 28 percent. Greater 
access to credit also has meant greater access to mortgage financing. 
Between 1983 and 2001, overall homeownership increased from 60 percent 
to 68 percent of U.S. households. The largest increases in 
homeownership were observed among minorities and lower-
income households. During the same period, homeownership among families 
with incomes of less than $10,000 increased from 29 percent to 34 
percent, and homeownership among families with incomes between $10,000 
and $25,000 increased from 49 percent to 54 percent.
    Policymakers and financial institutions alike have made commendable 
efforts to broaden the scope of banking products for low- and moderate-
income people. However, many families still fall outside of the 
financial mainstream and do not maintain traditional bank credit, 
savings, or investment accounts. Nearly 10 percent of U.S. families do 
not have transaction accounts. ``Unbanked'' individuals tend to: Have 
low incomes, not own homes, be under 35 years of age, be nonwhite or 
Hispanic, be unemployed, and be educated at the high school level or 
below.
    Some low- and moderate-income households have been able to take 
advantage of access to banking services, but are finding themselves 
very unprepared to deal with the complexities that characterize today's 
financial environment. Unfortunately, one of the undesirable 
consequences of the expansion of credit markets has been the 
rise of predatory lending and other abusive practices. New customers 
who are less familiar with traditional banking products and practices 
are certainly more susceptible to accepting disadvantageous or even 
illegal terms. These consumers also may be able to access more credit 
than they can reasonably repay.
    Clearly, increased knowledge on the part of consumers is a 
significant way to combat these problems. The FDIC Consumer News 
(circulation: 75,000) routinely discusses issues such as personal 
financial management and consumer protection as a way to raise 
awareness among bankers and consumers. Consumer protection issues 
discussed in detail include identity theft, predatory lending, and 
financial fraud. The FDIC also recognizes the need for a more 
comprehensive approach to financial education that will better equip 
consumers to enter the financial mainstream. Consumers need to 
understand the existing protections that guard against discrimination 
or unfair treatment in the lending process and the recourse available 
to them under the law. They also need to understand the wide variety of 
financial services that are available to them.
Money Smart
    Three years ago, the FDIC was grappling with the problem of 
misleading and abusive marketplace practices brought to our attention 
by consumers, the banking industry, and Government agencies. As part of 
our effort to explore solutions to this problem, the FDIC held forums 
on predatory lending in seven locations nationwide. Those attending the 
meetings included bankers, community leaders, city and State officials, 
and local residents. Participants identified problems in their 
particular geographic area and recommended solutions, which ranged from 
more legislation to better enforcement of existing regulations. But 
there was one recommended solution that remained constant across all 
participants: Enhanced consumer education.
    This recommendation provided the impetus for the FDIC to develop 
``Money Smart'' as a way to address a number of problems affecting 
consumers such as: The lack of traditional banking relationships for 
millions of Americans; consumer reliance on so-called ``fringe 
providers'' at costs they can ill afford; abusive lenders targeting 
vulnerable segments of our population; identity theft; inaccurate 
credit 
reports; and unwise use of credit. Numerous studies have shown that 
financial education efforts can foster positive changes in behaviors 
and better equip consumers to operate within the financial arena. We 
share that point of view.
    We introduced Money Smart in the summer of 2001 as a program 
uniquely designed to address the needs of low- and moderate-income 
adults new to the banking system or lacking the knowledge to reap 
potential rewards or avoid pitfalls. We designed Money Smart to be easy 
to teach and easy to learn. It can be taught in its entirety, or 
specific modules can be used to fill in the gaps in other financial 
education programs. We make Money Smart available free of cost and 
without copyright so that organizations desiring to use the program can 
reproduce and use the program materials as needed. Also, we have made 
clear that banks can receive Community Reinvestment Act credit for 
their involvement in offering Money Smart classes in their communities.
    We have made a number of improvements to the program since 
introduction. Because immigrant populations represent a significantly 
underserved market, we have translated Money Smart into Spanish, 
Chinese, and Korean, and we will have a Vietnamese translation by the 
end of this year. Also, we have added a CD-ROM version of the program. 
This has improved accessibility to the program and has helped to keep 
our costs low during a period where we have dramatically increased 
distribution to meet increasing demand. We also plan to release a web-
based interactive version of the curriculum in early 2004 so that 
individuals without access to an instructor can learn on their own 
online.
    Money Smart has generated a great deal of interest since it began 
in July 2001. It has been widely cited in over a hundred national and 
local publications. We have also received requests for the Money Smart 
curriculum from Mexico, Thailand, and Canada. To date, we have provided 
more than 22,000 institutions and organizations across the country with 
over 75,000 copies of Money Smart. About a quarter of the copies were 
requested by FDIC-insured financial institutions and credit unions. 
While we are pleased with these numbers, FDIC Chairman Donald Powell 
has set an even more aggressive goal for the next 4 years: To establish 
partnerships with 1,000 organizations and institutions, in all 50 
States; to distribute 100,000 copies of Money Smart; and to expose one 
million consumers to our financial education program. We are committed 
to meeting this goal.
    Money Smart consists of 10 instructor-led training modules covering 
the following topics: Bank On It--an introduction to bank services; 
Borrowing Basics--an introduction to understanding credit; Check It 
Out--how to open and maintain a checking account; Pay Yourself First--
the importance and benefits of, and methods for, saving money; Money 
Matters--preparing a personal budget; Keep It Safe--consumer rights and 
responsibilities; To Your Credit--the importance of credit history; 
Charge it Right--the costs and benefits of using a credit card; Loan To 
Own--the costs and benefits of consumer loans; and Your Own Home--an 
introduction to home loans. Four of these modules--Borrowing Basics, 
Keep It Safe, To Your Credit, and Charge It Right--address credit-
related issues discussed in the recent hearings before this Committee, 
including recognizing the value of credit, understanding credit 
reports, repairing credit, identifying potential problems with credit 
card use, becoming familiar with consumer protection laws, avoiding 
identity theft, and steering clear of scams.
    We believe that a critical factor in the success of Money Smart has 
been our emphasis on working through our regional community affairs 
staff to establish relationships with local organizations that are best 
situated to bring Money Smart to those who could benefit from it. In 
announcing the Money Smart Alliance Program last year, Chairman Powell 
stated its purpose would be to increase financial literacy in 
communities where it is most needed. To date, over 340 organizations 
throughout the country--in both urban and rural communities--have 
joined our Money Smart Alliance. These organizations represent a wide 
spectrum of delivery systems for our financial education program--
social services, financial institutions, housing services, educational 
services, community organizations, as well as Government, faith-based, 
and employment services. Money Smart Alliance members facilitate 
implementation of our financial education program by making 
contributions in a variety of ways, including promotion, delivery, 
translation, funding, and evaluation.
    We also have entered into formal partnerships with 20 major public 
and private sector organizations that have a nationwide capability to 
deliver Money Smart. These partnerships are a critical component in our 
strategy to broaden our ability to deliver financial education to more 
consumers.
    For example, under a partnership agreement with the Neighborhood 
Reinvestment Corporation, Money Smart has been used to train 315 adult 
educators in 39 major cities, who, in turn, taught money management 
skills to a total of over 5,500 students. These students primarily 
consist of low-income consumers, minorities or women who are potential 
homebuyers or existing homeowners having problems making ends meet. In 
our partnership with the Department of Defense (DoD), we plan to reach 
thousands of military personnel by using Money Smart curriculum in 
conjunction with financial counseling. DoD also will offer seminars on 
an ongoing basis to service members and their families. In the private 
sector, we have corporate partners, such as Wachovia Corporation, that 
have agreed to reach 5,000 low- and moderate-income individuals this 
year in 11 States and the District of Columbia through employee 
volunteerism in their communities.
    Other national partners include the: Association of Military Banks, 
American Bankers Association Education Foundation, Conference of State 
Bank Supervisors, National Bankers Association, Independent Community 
Bankers Association, America's Community Bankers, Department of Housing 
and Urban Development, USDA Rural Development, Operation Hope, Office 
of the White House Initiative on Asian Americans and Pacific Islanders, 
Internal Revenue Service, Department of Labor, National Coalition of 
Asian Pacific American Community Development, Goodwill Industries, 
Opportunities Industrialization Centers of America, Inc., Women in 
Housing and Finance, Inc., and National Image, Inc.
    Based on our experience and suggestions from our many partners, we 
determined that building additional program delivery capacity was 
essential. Specifically, the FDIC concluded that train-the-trainer 
workshops for banks and community organizations would boost the program 
and should be a major focus in 2003, and beyond. Early this year, we 
launched a major train-the-trainer campaign. The train-the-trainer 
initiative not only increases capacity, but has the added bonus of 
further standardizing instruction. As of June, we have held over 50 
train-the-trainer workshops attended by more than 1,700 people. The 
workshops are free and the FDIC projects each trainer will go on to 
teach approximately 40 persons annually. Because we need to be focused 
on not only quantity, but also quality, we have developed model 
programs that blend a strong financial curriculum with service programs 
and proven asset building strategies. The FDIC has taken the lead in 
establishing partnerships with community and banker coalitions to link 
financial education with 
low-cost bank accounts and services, free tax preparation services 
through the IRS Volunteer Income Tax Assistance (VITA), Earned Income 
Tax Credit (EITC) funds, 
Individual Development Accounts (IDA's), homeownership counseling, job 
counseling, and other programs. To demonstrate the flexibility of our 
financial education program and its ability to reach diverse groups of 
consumers, each of the FDIC's eight regional and area offices, as well 
as our headquarters in Washington, have established Money Smart Model 
Site Projects. A model site is a sustainable initiative in which Money 
Smart classes are taught on a regular basis, there is active 
participation by one or more financial institution(s) and links are 
established with other asset-building or service programs. To date, we 
have established 17 model sites throughout the country. The following 
are a few highlights from these efforts.

 The DeKalb Workforce Center in Georgia serves as the FDIC 
    Atlanta Region's model site. The 2-year target is to move a minimum 
    of 500 previously unbanked consumers into the financial mainstream. 
    Partners include: Decatur First Bank, Wachovia Bank, Bond Community 
    Credit Union, Washington Mutual, SouthTrust Mortgage, SunTrust, 
    United Way, Federal Reserve Bank of Atlanta, Lutheran Services 
    Department of Labor (Employment and Training and the Women's 
    Bureau), Decatur/DeKalb Housing Authority, Internal Revenue 
    Service, Decatur High School, New Leaf, Columbia Residential 
    Properties, and Network IDA of the Southeast. Consumer education 
    workshops, with Money Smart as the core curriculum, are taught by 
    DeKalb Cooperative Extension personnel and volunteers from 
    financial institutions. Class participants have the opportunity to 
    access low-cost electronic/checking products and services. In 
    addition, the model site offers IRS Volunteer Income Tax 
    Assistance, providing free tax preparations in an effort to help 
    low-income families claim tax credits and receive refunds that can 
    be used to establish new bank accounts or reach other long- or 
    short-term financial goals. In May 2002, the DeKalb Workforce 
    Center received a First Accounts Award of $271,000 from the U.S. 
    Department of the Treasury to further its financial education 
    efforts. To date, over 1,400 persons have taken Money Smart classes 
    in English and Spanish. In addition to the adult education 
    component in this model site, Decatur High School offers Money 
    Smart as part of its job readiness program for seniors who will 
    enter the workforce after graduation rather than go to college.
 Our Kansas City Regional Office has taken the unique approach 
    of establishing a three-pronged model site project to reach 
    consumers in rural, urban, and Native American communities located 
    in Iowa, Kansas, Minnesota, Missouri, Nebraska, North Dakota, and 
    South Dakota. As a result of the 17 coalitions formed from the 204 
    Money Smart Model Site partners in these States, over 8,600 
    individuals have been able to participate in Money Smart classes 
    and 1,100 of them have opened bank accounts.
 Several of our Model Sites across the county have teamed up 
    with organizations administering programs for Temporary Assistance 
    for Needy Families (TANF) clients. As you know, TANF is a U.S. 
    Department of Health and Human Services program that awards block 
    grants to States to provide assistance and work opportunities to 
    needy families. The model site, formed by our Boston Regional 
    Office with the Williamanic-Danielson Partnership and Department of 
    Labor Employment One-Stop Centers in Connecticut, is an excellent 
    example of our effort to reach these consumers. It combines both 
    mandatory and voluntary financial education classes to reach over 
    1,500 low- and moderate-income adults, including both TANF clients 
    and IDA program participants. The IRS VITA and Earned Income Tax 
    Credit (EITC) programs also are available to class participants. 
    One client named Maria shared with us her dream of owning her own 
    home. Maria has three children and is participating in the IDA 
    program offered in conjunction with model site partner ACCESS 
    Agency, a nonprofit community-based organization. After attending 6 
    weeks of Money Smart classes, Maria learned how to budget her money 
    and is taking steps to repair her credit history. She is saving 
    with the help of another model site partner, the Savings Institute 
    of Williamanic, which administers the IDA savings account. With the 
    help of the dollar-for-dollar matching funds Maria receives through 
    her IDA savings account, she is on her way to realizing her dream 
    of homeownership.

    We recognize that the long-term success of Money Smart is largely 
dependent on our ability to set measurable goals for the program and 
monitor our results on an ongoing basis. Two critical metrics for 
measuring the program's success are: (1) The number of people who 
complete the program; and (2) the number of people who entered into a 
banking relationship (that is, opened up a checking or savings account) 
after attending at least one Money Smart financial education class. To 
measure these statistics, we recently completed a large-scale effort to 
survey over 9,000 organizations that ordered Money Smart from the FDIC 
between July 2001 and October 2002. Data from 2,641 respondents to the 
survey indicated that over 85,000 participants attended at least one 
Money Smart class during the survey period. Accounting for the 
organizations that did not participate in the survey, and the 
additional Money Smart financial education that has taken place since 
the end of 2002, we expect that the number of participants that have 
attended at least one Money Smart class to date exceeds 100,000. The 
survey also indicates over 13,000 Money Smart participants went on to 
initiate a banking relationship as a result of the program.
    To plan for the future of Money Smart, Chairman Powell is seeking 
advice from people involved in consumer finance. In June, we assembled 
a forum in Chicago to explore issues related to financial literacy. We 
also are in the preliminary stages of planning a financial literacy 
symposium here in Washington. Our goal is to assemble a broad spectrum 
of those with experience to identify innovative solutions for banks to 
become more progressive in meeting their community lending 
responsibilities and better meet the needs of the unbanked. Last week, 
we sent out our first Money Smart electronic newsletter to each of the 
institutions or organizations that have ordered the curriculum thus 
far. Our hope is that the newsletter will be an effective way for us to 
keep abreast of and share information on how Money Smart is being 
implemented by banks, community organizations, Government agencies, 
colleges and universities, and others. A link to the newsletter and 
other information about Money Smart can be found at the FDIC website at 
www.fdic.gov.
    We have a great banking system in this country. We have a credit 
market that is the envy of the world, and we believe everyone should 
have an opportunity to participate. With Money Smart and the additional 
dialogue we are proposing, we will have the means to offer better 
access and financial alternatives to the most needy in our society. Our 
plans for the future include additional program surveys and 
assessments, continued expansion of collaborative efforts to deliver 
Money Smart to consumers, and exploration of additional steps to bring 
the unbanked and underserved into the financial mainstream.
    Again, thank you for giving me the opportunity to testify before 
you this morning on this critically important topic. I look forward to 
answering any questions you might have. I also make the offer on behalf 
of Chairman Powell to assist any Senator interested in looking into 
establishing Money Smart programs for their constituents. Please 
contact us so that we might have our regional staff meet with your 
staff to help bring Money Smart to your communities.
                               ----------
                   PREPARED STATEMENT OF JOEL WINSTON
            Associate Director, Financial Practices Division
      Bureau of Consumer Protection, U.S. Federal Trade Commission
                             July 29, 2003
    Mr. Chairman and Members of the Committee, my name is Joel Winston. 
I am Associate Director for Financial Practices at the Federal Trade 
Commission (Commission or FTC). The Division I head is responsible for 
enforcing the various consumer credit laws subject to the Commission's 
jurisdiction.\1\
---------------------------------------------------------------------------
    \1\ The views expressed in this statement represent the views of 
the Commission. My oral presentation and responses to questions are my 
own and do not necessarily represent the views of the Commission or any 
Commissioner.
---------------------------------------------------------------------------
    I am pleased to appear today to discuss ``financial literacy,'' 
both generally and as it relates to the Fair Credit Reporting Act 
(FCRA). This is a topic of critical 
importance, especially because the FCRA relies on the vigilance of 
consumers in protecting their own rights. Our economy operates most 
efficiently when consumers understand the credit system so they can 
make the best decisions about their finances.
The FTC's Consumer Education Program
    The Commission has undertaken significant efforts to educate 
consumers about financial matters generally and credit issues 
specifically. Consumer education is among our most important tools in 
the fight against fraud and deception, because consumers are their own 
first line of defense. Through our Division of Consumer and Business 
Education, we continue to develop creative and effective ways of 
reaching consumers to arm them with the information they need. We have 
over 30 publications related to consumer credit topics, ranging from 
advance-fee loans \2\ to vehicle financing.\3\ These publications are 
available directly from the FTC and through a variety of partner 
organizations and the Federal Citizen Information Center in Pueblo, 
Colorado. All these materials are on the Commission's website at 
www.ftc.gov. Credit publications have consistently been among the 
Commission's most popular items. Last year, we distributed about 2 
million credit-related brochures in print, and consumers accessed these 
publications on the Commission's website another 1.5 million times. 
Twelve of our credit publications are available in Spanish, and more 
are in the translation pipeline.
---------------------------------------------------------------------------
    \2\ ``Easy Credit? Not So Fast. The Truth About Advance-Fee Loan 
Scams'' (http://www.ftc.gov/bcp/conline/pubs/tmarkg/loans.pdf).
    \3\ ``Understanding Vehicle Financing'' (http://www.ftc.gov/bcp/
conline/pubs/autos/vehfine.pdf).
---------------------------------------------------------------------------
    Both at our headquarters here in Washington and in our regional 
offices, we have partnered with many outside organizations to improve 
financial literacy. For example, our Northeast Region works with 
colleges and universities in an effort called ``Project Credit 
Smarts,'' in which we make presentations and distribute credit-related 
publications during student orientation sessions. We have similar 
working relationships with organizations such as the Jump$tart 
Clearinghouse, the American Savings Education Council, AARP, the 
Consumer Federation of America's Consumer Literacy Consortium, the 
National Consumers League, and the Department of Defense. We also 
distribute financial education materials at national meetings of the 
NAACP, National Urban League, National Council of La Raza, and the 
League of United Latin American Citizens, among others.
    When the Commission takes law enforcement action, it strives to 
combine it with an educational effort. Each action comes with a press 
release and outreach efforts to consumers. Many cases are accompanied 
by a consumer education publication that re-emphasizes the messages 
consumers should take away from the case.\4\
---------------------------------------------------------------------------
    \4\ For example, the Commission's announcement of its settlement 
with Mercantile Mortgage Co. included consumer education regarding home 
equity loans. See http://www.ftc.gov/opa/2002/07/mercantilediamond.htm.
---------------------------------------------------------------------------
    Our identity theft program is another important way in which we 
educate consumers about credit matters. One of the most devastating 
consequences of identity theft is the damage that it causes to the 
victim's credit record. As you know, Congress designated the Commission 
to operate the national clearinghouse for identity theft complaints. We 
offer publications with tips on how to avoid identity theft and what to 
do if it happens. Last year, the Commission distributed about 1 million 
identity theft publications and registered an estimated 2 million hits 
to our identity theft website.
    There are many sources of financial education materials throughout 
Government and the private sector. For example, the National Endowment 
for Financial Education, a nonprofit foundation, provides funding, 
support, and expertise to develop financial literacy programs for the 
public. The three major credit bureaus and Fair Isaac Corporation, a 
major developer of credit scores, all operate websites with useful 
information about credit reports and scores.
Consumer Education and the FCRA
    Unfortunately, many consumers have limited knowledge of our credit 
reporting system. They may not realize information about their 
financial history is compiled and sold, not only just to creditors, but 
also to employers, insurers, landlords, utilities, and others who use 
it to make decisions. Consumers may not know what information is 
reported about them, who uses it, and for what purposes. They may not 
understand how that information affects their ability to get a loan, 
insurance, or a job, and what rights they have to ensure the 
information is accurate. Uninformed consumers may not take the steps 
they should to improve their credit ratings or correct errors. 
Improving financial literacy may not by itself ensure that consumers 
are successful in using our credit system, but it is certainly a key 
component.
    It also is important to remember that the FCRA itself serves an 
important educational function. The FCRA mandates that information be 
made available to consumers in many different contexts. Perhaps most 
important, the law requires that lenders and other users of credit 
reports notify consumers when they take ``adverse action'' based on 
information from a credit report. The notice must tell consumers that 
the action was based, in whole or in part, on information in a credit 
report. The notice also must disclose which credit bureau supplied the 
report, and advise consumers of their rights to a free copy of the 
report and to dispute the accuracy of the information in it. This 
notice puts credit reports in consumers' hands when they are the most 
motivated to act on it--that is, after they have been denied credit, 
insurance, employment, or benefits based on the report.
    Consumers receive additional information when they obtain credit 
reports from the bureaus, whether in response to an adverse action 
notice or otherwise. In 1996, Congress mandated that the bureaus send 
with the report a copy of a document called a ``Summary of Consumer 
Rights.'' This summary briefly describes the FCRA and explains the 
consumer's rights under the statute, and directs consumers to the FTC's 
website, which has extensive information about the FCRA and other 
credit laws, and to the Commission's toll-free telephone helpline.
    The Commission's legislative recommendations, about which Chairman 
Muris testified before this Committee on July 10, would result in 
better-educated consumers.\5\ Our proposals would put more information 
in consumers' hands by: (1) Expanding consumers' right to adverse 
action notices when they are offered less favorable credit terms; (2) 
making annual credit reports available at no charge, and (3) giving 
consumers more information about their credit scores along with 
explanatory materials.
---------------------------------------------------------------------------
    \5\ See Testimony of Timothy J. Muris before the Senate Committee 
on Banking, Housing, and Urban Affairs, July 10, 2003 (http://
www.ftc.gov/os/2003/07/fcrasenatetest.htm).
---------------------------------------------------------------------------
    The Commission's proposals also would empower consumers to act on 
this improved information by streamlining the dispute process. For 
example, the Commission supports an amendment that would require 
resellers of consumer reports to submit disputes to the originating 
repository to investigate these disputes.\6\ In addition, the 
Commission believes that the law should be amended to require 
furnishers of information to investigate consumer disputes when the 
consumers contact them directly.\7\
---------------------------------------------------------------------------
    \6\ See id. at 10.
    \7\ See id. at 15.
---------------------------------------------------------------------------
    Thank you for the opportunity to discuss the Commission's efforts 
in the area of financial literacy. I will be happy to answer any 
questions you may have.
                               ----------
                PREPARED STATEMENT OF TRAVIS B. PLUNKETT
          Legislative Director, Consumer Federation of America
                             July 29, 2003
    Good morning Chairman Shelby, Ranking Member Sarbanes, and the 
Members of this Committee. My name is Travis B. Plunkett and I am 
Legislative Director of the Consumer Federation of America.\1\ Thank 
you for this opportunity to offer our comments on consumer awareness 
and understanding of the credit granting and reporting process. We have 
been involved for many years in efforts to increase the transparency 
and effectiveness of the credit reporting system for consumers.
---------------------------------------------------------------------------
    \1\ CFA is a nonprofit association of 300 pro-consumer 
organizations that, since 1968, has sought to advance the consumer 
interest through education and advocacy.
---------------------------------------------------------------------------
    I applaud the Committee for conducting a hearing on such an 
important--and little understood--subject. The hearing is very timely 
for several reasons. First, unless consumers understand the credit 
reporting system and have access to clear, timely information, they 
won't be able to use the rights granted to them under the Fair Credit 
Reporting Act. The Act expects a great deal from consumers because 
significant protections are only triggered if consumers take narrowly 
defined actions. For example, if a consumer doesn't know to contact a 
credit bureau to trigger a reinvestigation of a credit reporting 
problem, he or she might waste valuable time contacting his or her 
lender and never get the problem resolved. This is because, as you 
know, the lender is currently under no legal obligation to begin a 
reinvestigation unless contacted by a credit bureau.
    Second, with the advent of ``risk-based pricing'' in the last 
decade, the way that credit is granted in this country has changed 
dramatically, but information provided to consumers under the FCRA 
about the nature of these loans has not kept up with this change. These 
days, a consumer with some credit blemishes is much more likely to be 
offered a higher-cost loan with less favorable terms than to be denied 
a loan. Misclassification as a high-risk, subprime borrower because of 
a credit report error or incomplete reporting by a furnisher (creditor) 
can cause consumers to pay tens or hundreds of thousands of dollars in 
higher interest rates. CFA's report on credit score accuracy issued 
last December found that eight million Americans are likely to be 
misclassified as subprime upon applying for a mortgage, based on the 
study's review of credit files for errors and inconsistencies.\2\ Yet, 
millions of consumers have no way of knowing that this has occurred, 
because under the ``counteroffer'' loophole in the FCRA, they do not 
receive an adverse action notice and are not granted the right to look 
at their credit report at no charge and check for inaccuracies.
---------------------------------------------------------------------------
    \2\ Consumer Federation of America and National Credit Reporting 
Association. Credit Score Accuracy and Implications for Consumers. 
December 2002. Available at: http://www.consumer fed.org/
121702CFA_NCRA_Credit_Score_Report_Final.pdf.
---------------------------------------------------------------------------
    And finally, there has never been greater need for Congress to 
discuss how it can help boost overall financial awareness and improve 
financial decisionmaking by Americans, especially in regards to the 
credit reporting and credit granting process. For three decades, our 
organization has sought to improve financial ``literacy'' among the 
public and to promote effective financial education.
    In response to the invitation to testify at this hearing, the 
Consumer Federation of America commissioned a study about consumer 
knowledge of credit reports and scores and the level of public support 
for a variety of protections that this Committee may consider. More 
than 1,000 adults were interviewed.\3\ We found that a strikingly high 
percentage of Americans not only do not understand basic facts about 
credit reports and scores, but also acknowledge their own lack of 
understanding about the subject. This recognition and awareness of the 
growing importance of credit scores, may explain why the survey found 
overwhelming support for new consumer protections. An important finding 
of the survey is also that low- and moderate-income Americans--those 
who tend to pay the highest price for credit and are most vulnerable to 
inaccurate credit scores--are the least knowledgeable about credit 
reports and scores.
---------------------------------------------------------------------------
    \3\ The survey was conducted by Opinion Research Corporation 
International. ORCI interviewed a representative sample of more than 
1,000 adult Americans from July 18 to 21, 2003. The survey's margin of 
error is plus or minus 3 percentage points.
---------------------------------------------------------------------------
Most Americans Say They Don't Understand Credit Reports
and Scores Well
    When asked to assess their knowledge of credit reports and credit 
scores, most Americans say their knowledge is fair or poor. Fifty 
percent said their knowledge of credit reports was fair or poor, while 
61 percent said their knowledge of credit scores was fair or poor.
    Lower-income Americans are most likely to believe their knowledge 
isn't good. More than 60 percent of those in households with incomes 
under $35,000 said their knowledge of credit reports was fair or poor. 
Nearly 70 percent of these low- and moderate-income Americans said 
their knowledge of credit scores was fair or poor.
    Young adults between the ages of 18 and 24 were also likely to say 
their knowledge was not good. Sixty-two percent said their knowledge of 
credit reports was fair or poor, while 78 percent said their knowledge 
of credit scores was fair or poor.
Many Americans Lack Essential Knowledge About Credit Reports
and Scores
    The survey also tested actual consumer knowledge about credit 
reports and scores. Only 25 percent of Americans--and less than 20 
percent of those with incomes below $35,000--said they knew what their 
credit score was. And only 3 percent of Americans could, unprompted, 
name the three main credit bureaus--Experian, Equifax, and TransUnion--
that provide both lenders and consumers information from credit 
reports. Forty-three percent of Americans--only 35 percent of those 
with incomes below $35,000--said they had obtained a copy of their 
credit report from the three credit bureaus in the past 2 years.
    The survey also tested consumer knowledge using a series of true-
false questions. The good news from this test is that large majorities 
understand that consumers have the right to see their credit report (97 
percent) and that consumers who fail to qualify for a loan have the 
right to a free credit report (81 percent). The bad news is that many 
consumers do not understand that in most States they must pay a fee to 
obtain their credit report (54 percent), that their credit score may be 
lowered if they use all of the credit available on their credit card 
(55 percent), that their credit score may be lowered if they apply for 
a credit card (62 percent), and that they are not required to contact 
their lenders if they believe that their credit report or score is 
inaccurate (64 percent). Also, 27 percent incorrectly believe that 
their credit score mainly measures their knowledge of consumer credit, 
not their creditworthiness.
    Finally, the survey tested the knowledge about which service 
providers often use credit scores to decide whether consumers can 
purchase a service or at what price. Many Americans are not aware that 
certain service providers frequently use these scores--60 percent were 
not aware that electric utilities do so, 41 percent for home insurers, 
41 percent for landlords, and 38 percent for cell phone companies. By 
comparison, only 13 percent did not know that credit card companies use 
credit scores.
Large Majorities Support Stronger Consumer Protections
    The survey also questioned Americans about their opinions on new 
consumer protections currently being considered by Congress. The 
protections would give consumers greater access to their credit reports 
and scores, and strengthen individual remedies that they could pursue. 
The protections would also require credit bureaus to do a better job of 
verifying consumer identities and would proscribe certain lender 
practices.
    Large majorities indicated their support for these protections.

    Credit bureaus should do a better job of verifying identities on 
credit applications to reduce identity theft--96 percent support, 83 
percent strongly.
    Consumers who are denied a loan or charged a high price should be 
able to get from the lender a free copy of the credit report and score 
used as the basis for the lender's decision--94 percent support, 78 
percent strongly.
    A bank should not be allowed to use your medical information to 
make credit decisions without your consent--87 percent support, 77 
percent strongly.
    A bank should be required to obtain your permission before it can 
share your financial information with other companies it owns--91 
percent support, 76 percent strongly.
    Consumers should be able to obtain a free credit report and score 
once a year from the three main credit bureaus--91 percent support, 71 
percent strongly.
    Consumers should be able to sue lenders who knowingly provide 
credit bureaus with incorrect, damaging information--84 percent 
support, 62 percent strongly.
    A credit card lender should not be allowed to raise the interest 
rate because of a credit problem that involves another lender--75 
percent support, 52 percent strongly.

    The cumulative effect of the extremely broad support for these 
proposed reforms is nothing less than a mandate for a comprehensive 
overhaul of the Fair Credit Reporting Act. Consumers want easier access 
to their credit reports and scores, greater protections against privacy 
and credit reporting abuses, and the right to go after lenders in court 
who repeatedly make grievous errors.
Empowering Consumers through Reforms to the Fair Credit Reporting Act
    Given the relatively low levels of knowledge about credit reporting 
and scoring reported by the survey, it is especially important that 
Congress improve the transparency of the credit reporting system. We 
also strongly recommend that Congress overhaul the cumbersome and out-
of-date procedures under the FCRA for resolving disputes between 
consumers and credit bureaus, and between consumers and data 
furnishers, such as credit card companies.
    First, give consumers more information. Information, provided in a 
clear manner and on a timely basis, is the key to improving consumer 
knowledge of the credit reporting process. Our recommendations will 
provide consumers with more information about their credit reports and 
scores in two ways: (1) On an ongoing basis--so that consumers can 
eliminate inaccuracies and prevent problems before they occur--and, (2) 
when credit troubles arise because of a credit report, such as the 
denial of a loan or an offer to extend credit on less than favorable 
terms.

 Credit bureaus should be required to provide consumers with 
    their credit reports and their credit scores once a year upon 
    request at no charge. They should be given a description of the 
    major factors that are used to calculate the score, the weight of 
    each factor in calculating the score, and how the consumer rated on 
    each major factor. Free credit reports, once a year upon request, 
    are currently required in legislation that has just moved to the 
    House floor (H.R. 2622) but the bill does not require free access 
    to the score. Charging a fee for credit scores will not only mean 
    that fewer consumers will learn their score, but it undercuts the 
    goal of offering the report at no charge, since reports and scores 
    are often marketed to consumers as a package product. Also, 
    disappointingly, the full Committee accepted an amendment to limit 
    provision of the free credit report annually on request to the 
    national repositories. The original version of the bill would have 
    required all credit bureaus to provide a free credit report on 
    request.
 Congress should mandate that these reports be easy to get, 
    perhaps through the establishment of a registry at the Federal 
    Trade Commission that will allow consumers to call or e-mail one 
    location and get a copy of their reports from all three major 
    credit bureaus. Consumers should not be limited to making requests 
    only by mail, or have to deal with a complicated and time-consuming 
    voice mail system, or have to click through page after page of 
    information online simply to get access to a free report. Credit 
    bureaus could easily undermine the goal of improving consumer 
    access to their reports and scores if they make it cumbersome for 
    people to request this information. To deal with privacy concerns 
    when requesting a report, consumers could verify their identities 
    by using a credit card, as other applicants do, but then not have 
    the card billed.
 Require creditors to identify any offer of credit at less than 
    the most favorable terms as an ``adverse offer,'' as has been 
    called for by the Federal Trade Commission. This would include 
    prescreened ``subprime'' mortgage offers or credit cards 
    solicitations that are based on negative or less than favorable 
    credit information. As is well known, the subprime credit industry 
    has boomed in the past decade by offering borrowers with blemished 
    or limited credit histories mortgage loans, car loans, and credit 
    cards at higher rates and less favorable terms than offered to 
    their ``prime'' borrowers. As lenders increasingly offer a 
    continuum of loans at different rates and terms, it is more 
    important than ever that consumers have the ability to exercise 
    their FCRA rights to ensure that the adverse credit information is 
    correct. In the world of ``risk-based'' pricing, borrowers should 
    know that they are being targeted because of their less-than-
    optimal credit history and should be offered the opportunity to 
    check their credit history and change any information that is not 
    accurate or complete. Furthermore, as stated above, many consumers 
    are unwittingly giving up their FCRA rights because they are 
    accepting loans that are legally considered ``counteroffers.''
 Consumers should also be able to obtain directly from the 
    lender a free copy of the ``subscriber'' report and score used to 
    deny credit or offer it under less favorable terms. This report 
    includes the actual report data by the lender used to take an 
    adverse credit action. Employment applicants already have a similar 
    right under FCRA but borrowers currently do not. Easy access to 
    this information will also provide a powerful incentive for credit 
    bureaus to improve accuracy, as well as giving consumers a helpful 
    educational tool. Consumers face two problems when they request a 
    credit report (and score) from a credit bureau. First, any adverse 
    actions previously taken were based on a subscriber credit report 
    provided to the lender. The subscriber report is often provided 
    based on a limited number of matching data points and is more 
    likely to contain inaccurate or mismerged information about other 
    consumers than a report requested by a consumer, since a consumer 
    must provide a detailed match of name, address, and Social Security 
    number. Second, a score derived from that consumer report will 
    probably differ from the score the subscriber obtained from the 
    less accurate report. Upon receiving the subscriber report, 
    consumers would then be allowed to identify any errors or out-of-
    date information, provide documentation, and be 
    reevaluated for the loan or for prime rates. The additional cost to 
    lenders and businesses of providing these reports immediately would 
    be minimal. Since they already possess the report in paper or 
    electronic form, they would merely have to copy or print this 
    report.
 Provide consumers with detailed explanations as to why credit 
    is denied or less-than-favorable terms are offered. In its study of 
    credit score accuracy,\4\ CFA found that approximately 7 in 10 
    credit reports indicated that the primary factor contributing to 
    the credit score was ``serious delinquency,'' ``derogatory public 
    record,'' ``collection filed,'' or some combination of these 
    factors. This generic and extremely vague information provided by 
    creditors when they take an adverse credit action is too general to 
    be helpful, especially for most subprime borrowers, who by 
    definition have some credit blemishes. Instead, lenders should be 
    required to identify any specific entries (trade lines) that are 
    lowering a consumer's score and indicate the impact on the consumer 
    (either the point value deducted for that entry or the proportional 
    impact relative to other derogatory entries.)
---------------------------------------------------------------------------
    \4\ Consumer Federation of America and National Credit Reporting 
Association. Credit Score Accuracy and Implications for Consumers. 
December 2002. Available at: http://www.consumer fed.org/
121702CFA_NCRA_Credit_Score_Report_Final.pdf
---------------------------------------------------------------------------
 Require creditors and other data furnishers to notify 
    consumers any time derogatory information has been placed on a 
    credit report. The State of Colorado requires credit bureaus to 
    provide consumers who have had any negative information added to 
    their reports with annual notification of their rights. This would 
    offer consumers the opportunity to check the accuracy of this 
    information when it is submitted, as opposed to finding out the 
    next time the consumer applies for credit and is turned down or 
    offered a high interest rate.

    Second, allow consumers to quickly and easily question the accuracy 
and completeness of information in credit reports.

 Give consumers an FCRA right to contact a furnisher directly 
    to initiate reinvestigation, as the Federal Trade Commission has 
    recommended. As stated above, furnishers have no legal obligation 
    under current law to investigate a credit reporting error, if 
    contacted by the consumer. Under the FCRA, credit furnishers only 
    have a legal obligation to respond to a reinvestigation begun by a 
    credit bureau, at the request of a consumer. As a result, consumers 
    often face longer delays and more ``finger pointing'' when they 
    contact their lender about a credit reporting problem first. The 
    law should make it clear that furnishers have an obligation to 
    respond to their customers if a credit reporting complaint is made.
 Shorten the deadlines by which creditors must respond to 
    consumer disputes about credit information. Currently, the FCRA 
    provides creditors with 30 days to respond to a dispute; 45 days if 
    the consumer submits additional documentation about the dispute. In 
    the age of ``instant credit'' and 3-day credit rescoring by credit 
    reporting resellers, these deadlines are much too long. By the time 
    the consumer hears back from the credit bureau about the outcome of 
    the dispute, he or she might have lost a home loan (and the home) 
    or submitted to a loan at a higher rate than he or she was entitled 
    to. Given how fast credit decisions are now made, resolution 
    deadlines of 10 days (15 days if the consumer submits additional 
    information) do not seem unreasonable. Credit bureaus have shown in 
    recent years that extremely quick reinvestigations are possible. 
    The credit bureaus have a well-documented system that provides 
    ``concierge'' services for certain classes of consumers. VIP's and 
    consumers who are suing the bureaus generally can get complaints 
    resolved more quickly. The most efficient reinvestigation systems 
    are provided for consumers working with certain mortgage entities, 
    where rapid rescoring can gain a correction in 24-48 hours.
 Require the FTC and other regulators to fully enforce the 
    existing requirement that credit bureaus consider all information 
    relevant to a consumer's dispute, including information provided by 
    the consumer, and to require bureaus to reject findings of so-
    called furnisher reinvestigation that conflict with such relevant 
    information provided by the consumer. This Committee has already 
    heard testimony, from Evan Hendricks and others, that credit 
    bureaus and furnishers are failing to conduct reinvestigations in a 
    reasonable manner.

    Third, give consumers better private enforcement rights, since the 
agencies aren't adequately enforcing the accuracy provisions of the 
law:

 Give consumers the right to go to a court and seek injunctive 
    relief to stop a credit bureau from selling faulty credit reports 
    about them.
 Give consumers the right to seek minimum statutory damages of 
    $100 to $1,000 per violation of the FCRA, as other consumer laws 
    provide, so that they do not have to prove their actual damages to 
    a court. This provision is especially critical for identity theft 
    victims, who often spend hundreds of hours over a period of years 
    trying to clear their good names. While the cost of emotional 
    distress is significantly greater than $100 to $1000, the threat of 
    specific damages would be a powerful incentive to force creditors 
    and credit bureaus to clean up the credit reporting system's 
    accuracy.
Improving Overall Financial Literacy
    The results of this survey also point to the need for a long-term 
strategy to boost general financial awareness and to improve financial 
decisionmaking by Americans. There has never been a greater need to 
advance financial education.
    The financial education needs of the least affluent and well-
educated Americans are especially pressing, in part because recent 
changes in the financial services marketplace have increased the 
vulnerability of these households. In particular, the dramatic 
expansion of high-cost and sometimes predatory lending to moderate and 
lower-income Americans in the last decade has put many of these people 
at great financial risk. Because these individuals lack financial 
resources and often are charged high prices, they cannot afford to make 
poor financial choices. But because of low general and financial 
literacy levels, they often have difficulty making smart financial 
decisions, in part because they are especially vulnerable to abusive 
seller practices.
    There is no large population that would benefit more from improved 
financial education than the tens of millions of the least affluent and 
well-educated Americans. In 1998, 37 percent of all households had 
incomes under $25,000. With the exception of older persons who had paid 
off home mortgages, these households had accumulated few assets. In 
1998, according to the Federal Reserve Board's Survey of Consumer 
Finances, most of these least affluent households had net financial 
assets (excluding home equity) of less than $1,000. Moreover, between 
1995 and 1998, a time of rising household incomes, the net worth of 
lower-income households actually declined.
    For lower-income households with few discretionary financial 
resources, failing to adequately budget expenditures may pressure these 
consumers into taking out expensive credit card or payday loans. 
Mistakenly purchasing a predatory mortgage loan could cost them most of 
their economic assets.
    These households also need to make smart buying decisions because 
they tend to be charged higher prices than more affluent families: 
Higher homeowner and auto insurance rates because they live in riskier 
neighborhoods; higher loan rates because of their low and often 
unstable incomes; higher furniture and appliance prices from 
neighborhood merchants that lack economies of scale and face relatively 
high costs of doing business; and higher food prices in their many 
neighborhoods without stores from major supermarket chains. Lower-
income families are also faced with higher prices for basic banking 
services and they lack access to essential savings options. Lower-
income households with low literacy levels are especially vulnerable to 
seller abuse. Consumers who do not understand percentages may well find 
it impossible to understand the costs of mortgage, home equity, 
installment, credit card, payday, and other high-cost loans. 
Individuals who do not read well may find it difficult to check whether 
the oral promises of salespersons were written into contracts. And, 
those who do not write fluently are limited in their ability to resolve 
problems by writing to merchants or complaint agencies. Consumers who 
do not speak, read, or write English well face special challenges 
obtaining good value in their purchases.
    Over the past decade, the financial vulnerability of low- and 
moderate-income households has increased simply because of the dramatic 
expansion of the availability of credit. The loans that subjected the 
greatest number of Americans to financial risk were made with credit 
cards. From 1990 to 2000, fueled by billions of mail solicitations 
annually and low minimum monthly payments of 2-3 percent, credit card 
debt outstanding more than tripled from about $200 billion to more than 
$600 billion. Just as significantly, the credit lines made available 
just to bank cardholders rose to well over $2 trillion. By the middle 
of the decade, having saturated upper- and middle-class markets, 
issuers began marketing to lower-income households. By the end of the 
decade, an estimated 80 percent of all households carried at least one 
credit card. Independent experts agree that expanding credit card debt 
has been the principal reason for rising consumer bankruptcies.
    Also worrisome has been the expansion of high-priced mortgage loans 
and stratospherically priced smaller consumer loans. In the 1990's, 
creditors began to aggressively market subprime mortgage loans carrying 
interest rates greater than 10 percent and higher fees than those 
charged on conventional mortgage loans. By 1999, the volume of subprime 
mortgage loans peaked at $160 billion. Mortgage borrowers in low-income 
neighborhoods were three times more likely to have subprime loans than 
mortgage borrowers in high-income neighborhoods. A significant minority 
of these subprime borrowers would have qualified for much less 
expensive conventional mortgage loans. Some of these borrowers were 
victimized by exorbitantly priced and frequently refinanced predatory 
loans that ``stripped equity'' from the homes of many lower-income 
households.
    The 1990's also saw explosive growth in predatory small loans--
payday loans, car title pawn, rent-to-own, and refund anticipation 
loans--typically carrying effective interest rates in triple digits. 
The Fannie Mae Foundation estimates that these ``loans'' annually 
involve 280 million transactions worth $78 billion and carrying $5.5 
billion in fees. The typical purchaser of these financial products has 
income in the $20,000 to $30,000 range with a disproportionate number 
being women.
    Both proper regulation and education are necessary to ensure that 
lower and moderate income Americans are not subject to abusive lending 
practices and that they have the knowledge to make effective decisions 
in an increasingly complex financial services marketplace.
    Thankfully, Senators Sarbanes, Shelby, Stabenow, Enzi, and Akaka 
have all shown a great deal of interest in improving financial 
education efforts in this country. For example, Senator Sarbanes' 
recently proposed an idea that has a lot of merit: Creating a Financial 
Literacy and Education and Coordinating Committee within the Department 
of the Treasury.
    While many worthwhile financial education programs exist, they are 
not well coordinated, effectively reach only a small minority of the 
population, and do not 
reflect any broad, compelling vision. Many focus only on increasing 
consumer knowledge of how to best operate in the financial services 
marketplace, and not on actually changing consumer behavior to improve 
decisions about spending, saving, and the use of credit. Moreover, 
there is no clear consensus about how to effectively provide financial 
education, especially to those who have completed their secondary 
education and to those with low literacy levels. What is most needed is 
a comprehensive needs assessment and plan to guide and inspire 
financial educators and their supporters. Moreover, for any 
comprehensive plan to win broad public and private support and 
participation, the Federal Government must provide leadership. Both a 
comprehensive strategy and Federal leadership (not ownership) are 
called for in the Sarbanes' bill. Such an approach could also convince 
a broad array of government, business, and nonprofit groups to work 
together to persuade the Nation to implement that plan.
    We commend Senator Sarbanes for proposing a comprehensive and 
achievable vision for improving financial awareness and decisionmaking. 
We look forward to working with him, Senator Shelby, and the other 
Senators I mentioned to improve financial education in this country.
Conclusion
    I applaud the Chairman, the Ranking Member, and all the Members of 
this Committee for the exhaustive and informative set of hearings that 
you have conducted about the state of the Fair Credit Reporting Act. As 
the Committee begins writing legislation to deal with the problems that 
have been identified in these hearings, I urge you not to overlook what 
we heard from Americans in our survey. Consumers want a credit 
reporting system that is more accurate, more transparent, and that 
better protects their privacy. I look forward to working with the 
Committee to achieve these important goals.
                               ----------
                 PREPARED STATEMENT OF CHERI ST. JOHN*
   Vice President of Global Scoring Solutions, Fair Isaac Corporation
                             July 29, 2003
Introduction
    Mr. Chairman and Members of the Committee, my name is Cheri St. 
John. I am the Vice President of Global Scoring Solutions for Fair 
Isaac Corporation. Thank you for the opportunity to testify before you 
today about Fair Isaac's leadership in improving the financial literacy 
of American consumers, specifically with respect to Fair Isaac's 
efforts to empower consumers by providing them with actionable 
information about the credit scores that lenders use to make credit 
decisions.
---------------------------------------------------------------------------
    * All attachments referenced in Ms. St. John's prepared statement 
are held in Senate Banking Committee files.
---------------------------------------------------------------------------
Fair Isaac Corporation
    Fair Isaac Corporation is the preeminent provider of creative 
analytics that unlock value for people, businesses, and industries. 
Founded in 1956, Fair Isaac helps thousands of companies in over 60 
countries acquire customers more efficiently, increase customer value, 
reduce fraud and credit losses, lower operating 
expenses, and make more credit available to more people. Fair Isaac 
pioneered the development of statistically based credit risk evaluation 
systems, commonly called ``credit scoring systems,'' and is the world's 
leading developer of those systems. Thousands of credit grantors use 
broad-based credit scores commonly known as ``FICO' scores'' 
generated by Fair Isaac-developed scoring systems implemented at the 
national credit reporting agencies. Fair Isaac has also developed 
custom scoring systems for hundreds of the Nation's leading banks, 
credit card issuers, finance companies, retailers, insurance companies, 
and telecommunication providers.
    There are many different kinds of credit scores. The most well 
known are the broad-based credit risk scores developed by Fair Isaac 
known as FICO scores and widely distributed to lenders by the three 
national credit bureaus under the brand names: Beacon from Equifax; 
Empirica from TransUnion; and, the Experian/Fair Isaac Risk Model from 
Experian. Indeed, there are several versions of the above FICO scores 
available because some lenders adopt newly developed versions more 
quickly than other lenders. There are also broad-based credit scores 
developed by each of the three bureaus and from other third-party 
developers. There are custom models developed for use by individual 
lenders. There are also credit score models developed for specific 
industries, such as the mortgage, automobile, and telecommunications 
industries. Finally, there are credit scores distributed primarily to 
the consumer market.
    Over the last 40 years credit scoring has become an important part 
of most credit decisions, such that Fair Isaac believes some form of 
credit scoring is now used in the majority of consumer credit 
decisions. A FICO Score is a 3-digit number that tells lenders how 
likely a borrower is to repay as agreed. To develop the models that 
generate the credit scores, Fair Isaac analyzes anonymous credit report 
data to statistically determine what factors are most predictive of 
future credit performance. Factors that do not have predictive value 
and factors that by law cannot be used in the credit decision are 
excluded from consideration. FICO scores use information from consumer 
credit reports to provide a snapshot of the credit risk at a particular 
point in time. Scores can change over time, as subsequent credit risk 
predictions reflect changes in underlying behaviors.
    Fair Isaac is a leading developer of insurance risk scores. Over 
350 insurance companies use Fair Isaac insurance scores that they 
obtain through national credit reporting agencies. Although insurance 
scores utilize credit data, they differ from credit scores in that 
insurance scores are developed based on insurance premium and loss 
history and predict future insurance loss ratio relativity. Like credit 
scores, insurance scores do not consider a person's income, marital 
status, gender, ethnic group, religion, nationality, or neighborhood, 
and the scores are applied consistently from one consumer to the next. 
A strong statistical correlation has been repeatedly demonstrated 
between credit data and insurance loss ratio,\1\ and insurance scores 
have become a valuable component in determining insurability and the 
rate assigned. Insurers use insurance scores to accelerate their 
processing for applicants and renewal shareholders, to concentrate 
their additional underwriting attention on higher-risk individuals, and 
to better manage operational strategies. Consumers benefit from lower 
rates. Insurers have stated that 60-75 percent of their policyholders 
pay lower premiums because of insurance scoring. Fair Isaac has been 
supportive of the efforts of insurance score users to educate consumers 
and agents about insurance scoring.\2\
---------------------------------------------------------------------------
    \1\ See, Predictiveness of Credit History for Insurance Loss Ratio 
Relativities, October 1999; Attachment 1: A Statistical Analysis of the 
Relationship Between Credit History and Insurance Losses, Bureau of 
Business Research (McCombs School of Business) at the University of 
Texas, March, 2003 available at http://www.utexas.edu/depts/bbr/
bbr_creditstudy.pdf.
    \2\ See e.g., Answers to Your Questions About Insurance Bureau 
Scores, Attachment 2.
---------------------------------------------------------------------------
With Credit Scoring, More People Get Credit, They Get It Faster, and
It's More Affordable
    FICO scores mean more people have access to credit. Credit scores 
allow lenders to better assess their risk and tailor credit for each 
consumer's needs. FICO scores are used in almost every sector of the 
Nation's economy: For mortgages, credit cards, auto loans, personal 
loans, even cell phone service. More people can get credit regardless 
of their credit history because credit scores allow lenders to safely 
assess and account for the risk of consumers who have no existing 
relationship with the lender, who have never entered the lender's 
branches, and who may have been turned away in the past by other 
lenders. Lenders use scores not only to evaluate applications, but also 
to manage the credit needs of existing customers by extending 
additional credit or helping consumers avoid overextending themselves. 
FICO scores are also used by lenders and securities firms as to aid 
securitization of credit portfolios which provides lenders the capital 
they need to make credit available to more consumers. FICO scores are 
accepted, reliable,\3\ and trusted to the point that even regulators 
including Federal bank examiners, and security rating agencies, use 
them to help ensure the safety and soundness of the financial 
system.\4\
---------------------------------------------------------------------------
    \3\ See Attachment 3, A Clarification of the Consumer Federation of 
America's Observations About Credit Score Accuracy.
    \4\ See Attachment 4 for examples of Federal agencies that use FICO 
scores.
---------------------------------------------------------------------------
    FICO scores mean people get credit faster. ``Instant credit'' at a 
retailer, an auto dealer, over the phone, or on the Internet would not 
be possible without credit scores. Even mortgage loans that used to 
take weeks can now be done in minutes. Among the tremendous lending 
advances in the United States over the last decade has been the 
streamlining of the lending process, so that credit approvals--not just 
on credit cards but on installment loans, mortgages, home equity lines 
of credit, and even commercial loans to small businesses--can be made 
faster with less manual review, less paperwork, and fewer data 
requests. All of this has occurred while lenders have not only 
preserved but also strengthened their visibility and control over their 
risk exposure.
    FICO scores mean people pay less for their credit. Scores make 
credit more affordable by reducing the cost of evaluating applications, 
reducing loan losses, reducing the cost of managing credit portfolios, 
reducing marketing costs with prescreening, and cutting the cost of 
capital with securitization. This efficient flow of credit and capital 
has a large part to play in the continued robustness of the American 
economy. By enabling lenders to extend credit quickly while managing 
their risk, credit reports and scores have made credit more accessible, 
at lower rates, to more people.
    Lenders must make a credit decision, and they must predict the 
future in doing so. Lenders can use a variety of decision making 
techniques to predict the future, ranging from a simple subjective 
evaluation of application and credit history information by a loan 
officer, to predictive technologies, including credit scoring. When a 
creditor switches from judgmental decisions to scoring, it is common to 
see a 20-30 percent increase in the number of applicants accepted with 
no increase in the loss rate. Lenders should use all the information 
that is legally, economically, and efficiently available to make the 
best and fairest possible decision for each individual with whom they 
do business. FICO scores, when used properly, make a tremendous 
contribution in doing just that. FICO scores use only legal data as 
inputs, and only those factors proven to be predictive of credit risk. 
Scores are also more consistent from consumer to consumer because they 
assess the same factors the same way, each time.
    Studies have concluded that the same Fair Isaac credit score 
indicates the same level of risk regardless of the income level of the 
consumer or whether the consumer resides in an area with a high 
percentage of minority residents, with differences consistently 
favoring the low- to moderate-income (LMI) and high minority area (HMA) 
applicants.\5\ Those same studies indicate that credit scoring is a far 
more predictive screen for both the LMI and HMA applicants than is 
judgmental decision making. Finally, the multiple scorecard systems 
developed by Fair Isaac and resident at the three main U.S. credit 
bureaus were proven to be more predictive than a single scorecard 
developed for the HMA population for the study.
---------------------------------------------------------------------------
    \5\ See, The Effectiveness of Scoring on Low-to-Moderate Income and 
High Minority Area Populations, a Fair Isaac Paper dated August, 1997, 
Attachment 5.
---------------------------------------------------------------------------
    Fair Isaac credit scores transform the economics and efficiency of 
the credit decision to allow all relevant information to be brought to 
bear so that no information that is favorable to an individual is 
omitted from the decision process. Credit scoring scientifically, and 
therefore fairly, balances and weighs positive information along with 
any negative information in credit reports. In essence, full positive 
credit reporting and scoring have ``democratized'' credit granting--
information about all consumers is available to all lenders for a fair 
evaluation. Scoring has transformed credit granting so that it is no 
longer simply based on who you know.
Financial Education and Consumer Empowerment Depend Upon
Actionable Information About the Credit Scores That Lenders Use
Fair Isaac Supports Consumer Education and Empowerment
    When lenders first began using credit scoring, Fair Isaac provided 
both lenders and regulators the information and training needed for 
effective score tracking and oversight. Lenders have always been 
provided with the top four reasons with every credit score, in order of 
their importance to the score. As credit scoring use has grown, Fair 
Isaac has responded by providing consumers with the information they 
need to understand credit scoring and use it to take control of their 
credit health. Fair Isaac has published consumer booklets on credit 
scoring since the early 1990's on its own and in conjunction with 
others such as the FTC. Free information has also been available to 
consumers at www.myFICO.com, since its inception. Consumers interested 
in learning more about their individual score can access www.myFICO.com 
to get their own FICO Score, accompanied by the underlying credit 
report, and a complete explanation of their personal FICO score for 
$12.95. Fair Isaac has given consumers a place in the credit reporting 
process by pioneering consumer credit empowerment with its myFICO.com 
score explanation. Millions of consumers have already taken steps to 
control their credit lives by using myFICO.com to obtain informative, 
actionable credit-information services including the FICO scores that 
lenders use, and to help improve and protect their overall financial 
health.
Explanations of Adverse Action
    Consumers, by law, are provided with the key reasons behind their 
score, when those score(s) were a factor in a decision resulting in an 
adverse action. These reason codes provided with the FICO score can be 
used by the lender as part of its explanation to the consumer of any 
adverse action taken and what the consumer can do to improve their 
outlook for being approved for credit in the future.
Evolution of Consumer Credit Score Education
    FICO scores first became available commercially from all three 
national credit reporting agencies in 1991. Prior to the mortgage 
industry's embrace of credit risk scoring technology in the mid-1990's, 
U.S. consumers generally were not aware of this business decision tool 
and it was not as widely used. This started to change in 1995 when 
Fannie Mae and Freddie Mac approved the use of credit risk scoring by 
mortgage lenders. Their approval prompted an increasing number of 
mortgage lenders and mortgage brokers to use credit risk scores in loan 
underwriting. Other industries began relying more heavily on FICO 
scores as well, such as auto lenders and bankcard issuers. Through 
consumers' interaction with brokers and lenders, the public became more 
aware of credit scores. The news media also began reporting on this as 
yet relatively unknown lender risk evaluation tool.
    Five years ago, market research showed an initiative to educate 
consumers about credit scoring was likely to fail due to lack of 
consumer interest. Once the wide use of credit scores made consumers 
receptive, however, Fair Isaac launched its consumer education 
initiative that has made it a leader in promoting financial literacy 
for all consumers.
    We believe it is instructive to briefly review the development of 
consumer credit education to show how Fair Isaac continues to respond 
to the need for financial literacy as consumers' awareness grows. The 
one constant has been Fair Isaac's commitment to the disclosure of 
credit scores in a way that equips the consumer with accurate, 
actionable information while avoiding the confusion that can be created 
from a misunderstanding of a complex topic.
Initiative to Demystify FICO Scores
    On June 8, 2000, Fair Isaac announced its public disclosure of all 
the factors used in its FICO credit bureau risk scores. The list was 
made publicly available on the company's website for free, and remains 
free and accessible today at http://www.my fico.com/myfico/
CreditCentral/ScoreConsiders.asp.
FICO Guide
    By late October 2000, Fair Isaac had developed and launched an 
online service called FICO Guide. FICO Guide provided a FICO score 
explanation when a lender or broker provided the consumer with his or 
her FICO score, the accompanying reason codes, and the name of the 
credit reporting agency that had calculated the score. FICO Guide was 
developed to offer consumers, and the lenders and brokers who served 
them, an interim score explanation service. While the Fair Isaac 
pursued several options for disclosing FICO scores directly to 
consumers FICO Guide was phased out shortly after Fair Isaac launched 
its score disclosure and explanation service 5 months later via 
myFICO.com.
The First Online Consumer Service That Provides FICO Scores
and Explanation Directly To Consumers
    On January 11, 2001, Fair Isaac and Equifax announced their 
agreement to create the first service that explains and delivers credit 
scores directly to consumers, accompanied by the underlying Equifax 
credit report and a score explanation by Fair Isaac. In their 
announcement, Fair Isaac explained, ``We will provide the tools to not 
only review an individual's credit information, but to help them 
understand how that data may be analyzed to predict the risk associated 
with a credit application.'' The companies began offering their new 
service online on March 19, 2001.
Personalized FICO Score Simulation
    On May 21, 2002, Fair Isaac revolutionized consumer credit 
education when it introduced its FICO Score Simulator on 
www.myFICO.com, as a free service for customers who purchase a score 
explanation service.\6\ The FICO Score Simulator uses consumers' own 
credit information and FICO scores to help them see how specific future 
actions they might take could change their FICO score, and learn what's 
most important to achieve and maintain good credit health. Consumers 
can see how their FICO scores would respond to any of a variety of 
actions ranging from paying all their bills on time for the next month, 
to declaring personal bankruptcy.
---------------------------------------------------------------------------
    \6\ A sample of the FICO Score Simulator is accessible at http://
www.myfico.com/Content/Samples/
Sample_ScoreSimulator.asp?ReportID=1&ProductID=1.
---------------------------------------------------------------------------
Fair Isaac Provides Considerable Free Credit Score Educational 
        Information
    As noted above, Fair Isaac provides consumers with free educational 
information on FICO scoring directly from its website, and in booklet 
form.\7\ Free content on www.myFICO.com includes a weighting of the 
credit report factors evaluated by the FICO score so that consumers 
know what events or behavior has the greatest influence on the scores 
in general. The following is sample of free content, taken directly 
from www.myFICO.com.\8\
---------------------------------------------------------------------------
    \7\ See Attachment 6 available free at http://www.myfico.com/
Offers/RequestOffer.asp.
    \8\ Accessible at http://www.myfico.com/myfico/CreditCentral/
ScoreConsiders.asp.




    The website's educational information also lists and discusses the 
kinds of information NOT included in calculating FICO scores.\9\ These 
extend well beyond the prohibited factors listed in the Equal Credit 
Opportunity Act.
---------------------------------------------------------------------------
    \9\ Accessible at http://www.myfico.com/myfico/CreditCentral/
ScoringWorks/FICOIgnores.asp. 


    The website also provides free advice on actions consumers should 
take--or avoid taking--to improve FICO scores over time.\10\
---------------------------------------------------------------------------
    \10\ Accessible at http://www.myfico.com/myfico/CreditCentral/
ScoreConsiders/Tips/Amounts OwedTip.asp.




    Other educational information offered free to consumers on the 
website includes: Ways in which credit scores help consumers; 
information on credit reports and what to do if a credit report error 
is suspected; over 50 different financial calculators to help consumers 
manage their money; and, an extensive section of Frequently Asked 
Questions \11\ regarding credit scoring and the site's consumer 
products such as:
---------------------------------------------------------------------------
    \11\ Accessible at http://www.myfico.com/myfico/FAQ.asp.
    
    
    Fair Isaac has also pioneered new tools to help consumers better 
understand what influences their scores and how their scores affect 
lender decisions. On March 6, 2002, the company introduced a free 
interest-rate service on www.myFICO.com that matches consumer FICO 
scores with current interest rates currently charged by lenders for 18 
different types of mortgage and auto loans.\12\ The service helps 
consumers quickly understand how getting a better FICO score can 
translate into more attractive credit terms and significant dollar 
savings over time. The interest rate information is collected daily by 
Informa Research Services, Inc.
---------------------------------------------------------------------------
    \12\ Accessible at http://www.myfico.com/myfico/CreditCentral/
LoanRates.asp.
---------------------------------------------------------------------------
FICO Scores are Readily Available to Consumers
    Today, Fair Isaac provides FICO' scores, directly to 
consumers through several distribution channels. These scores are 
always accompanied by key supplementary information that helps the 
consumer understand and use the score: The consumer's underlying credit 
report and Fair Isaac's personalized score analysis including the score 
range, where the consumer's score falls on that range, what factors 
contributed most to their particular score and how to improve their 
score given those factors over time. At www.myFICO.com, consumers can 
get their FICO score calculated from data in their credit report 
provided by any of the three national credit reporting agencies: 
Equifax, Experian, and TransUnion. For $12.95, the basic service 
provides the consumer's FICO score, Fair Isaac's personalized 
explanation of the score and suggestions for improving it over time, 
the underlying credit report information from which the score was 
calculated, and access to the FICO Score Simulator.
    In addition, the website offers several other services based on the 
consumer's FICO score:

 FICO Saver for Homebuyers shows consumers how their FICO score 
    and other information will likely be evaluated by mortgage lenders, 
    and helps consumers realistically assess the maximum loan amount 
    they can comfortably handle.
 3 Bureau Report with FICO score provides consumers with all 
    three credit reports plus their FICO score calculated by TransUnion 
    and Fair Isaac's score explanation, for a complete view of their 
    credit history.
 Equifax Credit Watch is the comprehensive credit-monitoring 
    service for consumers concerned about the risk of identity theft.
 myFICO Credit Advantage helps consumers track changes in their 
    FICO score and credit report over one year.

    Fair Isaac has also worked with the credit reporting agencies such 
that those credit reporting agencies can also provide FICO scores 
directly to consumers, accompanied by the underlying credit report and 
Fair Isaac's personalized explanation and suggestions for improving the 
score over time. Today, Equifax and TransUnion both offer FICO scores 
and explanation service via their websites as well.
FICO Score Explanation by Mail
    Fair Isaac has expanded its consumer education initiative to make 
FICO score education available to consumers who may not have convenient 
access or who choose not to obtain it over the Internet. Fair Isaac 
collaborates with Intersections, a company that provides credit 
information and credit-monitoring services to consumers both online and 
via U.S. Mail. This includes a 3-in-1 credit report that provides 
credit reports from all three bureaus, the consumer's FICO score 
calculated by TransUnion, and Fair Isaac's score explanation.
    In addition, Fair Isaac also works with a variety of businesses to 
create new channels that consumers can use to access FICO score-based 
consumer services and information. These businesses include some of the 
Nation's leading financial service providers, as well as financial 
management solution providers such as Quicken.com, and nonprofit credit 
counseling organizations such as Springboard and Consumer Credit 
Counseling Service of Santa Clara and Ventura Counties.
Alerting the Public to FICO Score Availability
    Even though Fair Isaac has worked diligently to let consumers know 
what information about FICO scores is available, the biggest challenge 
remains getting the word out. Since June 2000, Fair Isaac has welcomed 
and encouraged media coverage on the importance to consumers of credit 
scores and Fair Isaac's efforts to empower and educate consumers with 
scores and related information. The media's response has been extremely 
helpful to consumers and includes articles and broadcast coverage in 
hundreds of outlets including The Wall Street Journal, The New York 
Times, USA TODAY, Newsweek, NBC Network News, National Public Radio, 
and The Today Show. Traffic at the myFICO.com site increases after each 
significant media event.
    On January 26, 2003, Fair Isaac promoted credit score awareness in 
a television commercial on credit scoring aired during the Super Bowl. 
The educational ad highlighted the importance of credit scores in 
determining consumer interest rates on mortgage and auto loans, and 
referred viewers to www.myFICO.com for more information.\13\
---------------------------------------------------------------------------
    \13\ The ad can be viewed at http://wip2.space150.com/myfico/
myfico_future/.
---------------------------------------------------------------------------
    In a further effort to increase public awareness, this past May 5-
6, Fair Isaac hosted numerous consumer advocacy organizations for an 
intensive discussion on credit scoring and the best ways to reach 
consumers, especially underserved consumer groups, with credit scoring 
information that can help them improve their overall credit health. 
Participants included representatives from such organizations as 
Consumer Action, La Raza, and Operation Hope.
Solutions to Improve Financial Literacy
    While there is a whole range of excellent score education material 
available to consumers today, there are improvements that can be made 
to solve problems that are inhibiting greater financial literacy of 
American consumers.
    Problem: Scores that are not commonly used by lenders are marketed 
to consumers looking for information to improve their financial 
literacy. Consumers, unaware of which credit scores are actually used 
by lenders to make decisions about credit, unknowingly purchase 
information about other credit scores that are not commonly used by 
lenders in making lending decisions. In some cases, purveyors of these 
credit score services launch massive marketing campaigns to induce 
consumers to purchase their score services without clearly disclosing 
the extent to which the scores they provide and explain are actually 
used by lenders. Consumers who unknowingly purchase such services may 
be confused when the credit score they purchase is different than the 
broad-based credit score used by their lender. In some cases, steps 
taken by the consumer to improve another score may not have the same 
effect on the credit score that lenders use.
    To be well-educated, consumers should understand the measure 
lenders are using, and know the score the lender will use to evaluate 
them. Colleges typically use the SAT score to evaluate students who 
apply for admission. Students know this and use that same score to 
decide where to apply based in part on which colleges might accept 
them. Although a different aptitude test might provide the student with 
some useful information, prospective students get the greatest benefit 
from knowing their own SAT score, empowering them to judge for 
themselves how they might be viewed by a college admissions office. The 
same is true for credit scores. Educated consumers should know and 
understand the credit score that lenders use.
    Solution: Consumer Choice and Education. We believe the solution to 
this problem is to educate consumers so they can make informed choices 
about purchasing score explanation services, and can decide what is 
most useful for them. The Senate can help consumers by improving upon 
the California score disclosure law \14\ upon which S. 1370 and H.R. 
2622 are patterned and promote a policy designed to provide the score 
most likely to help consumers and empower consumers to choose the 
available score that will be most useful to them.
---------------------------------------------------------------------------
    \14\ Fair Isaac has consistently supported effective score 
disclosure legislation. Fair Isaac did so in testimony in May 2000, 
before the California State Senate Business and Professions 
Committee regarding S. 1607 has mandated credit score disclosure and 
eventually became California law. Fair Isaac again supported effective 
score disclosure in September 2000, in testimony before the U.S. House 
Subcommittee on Financial Institutions and Consumer Credit, 
including testimony that Fair Isaac, ``supports disclosure of scores to 
consumers provided that such disclosure is conducted in a manner that 
provides meaningful and helpful information to consumers.''
---------------------------------------------------------------------------
    Problem:  Consumers are confused because many of the scores 
provided to consumers as mandated by current State laws are not 
commonly used by lenders. Under current California and Colorado score 
disclosure law, the credit reporting agency chooses the credit score it 
discloses to consumers and, other than in the context of a residential 
real estate transaction, the consumer cannot choose to get another 
score, even if that other score is more useful to the consumer. Two of 
the three national agencies are disclosing their own proprietary scores 
in compliance with the California disclosure law and do not give the 
consumer the option to obtain other broad-based credit scores these 
agencies widely distribute to lenders.\15\ The proprietary scores these 
agencies choose to make available to consumers aren't nearly as widely 
distributed to lenders as others distributed by those agencies.
---------------------------------------------------------------------------
    \15\ Fair Isaac has agreements with one agency authorizing it to 
disclose FICO scores to consumers to comply with California and 
Colorado score disclosure laws. Fair Isaac is willing to enter into 
similar agreements with the other credit reporting agencies.
---------------------------------------------------------------------------
    Fair Isaac's consumer support line gets calls from consumers 
confused by scores other than FICO scores that they have obtained. For 
example, consumers have reported they have closed a number of accounts, 
after which the score they have obtained increased, but their FICO 
score did not. When we explain to them that the score they based their 
actions on was not a ``FICO'' score, their reaction is often a version 
of:

 ``What good is that score if it's not what lenders use?''
 ``This is confusing people.''
 ``Why don't the bureaus provide the FICO score?''

    In such circumstances, it is harder to help the consumer understand 
credit scoring because the confusion and frustration from the different 
score must be overcome before actionable education can begin. If 
consumers are given a choice of scores widely distributed by the 
agencies, there will be less confusion and more education.
    Solution: Provide the score that is most likely to be helpful, and 
give the consumer the right to get a different widely distributed score 
if the consumer so chooses. The consumer should be equipped with the 
credit score that can best help him or her learn how lenders evaluate 
credit risk, and empowered to choose from the broad-based credit scores 
that are widely distributed by the bureau.
    Existing legislative proposals should be improved by:

    (1) Adding the name of the credit score and the name of the third-
party developer, if applicable, to the information about credit scores 
that credit reporting agencies must disclose to the consumer.\16\ With 
this information, the consumer is empowered to seek out additional, 
accurate information about the credit score that matters to them. It 
also empowers the consumer to effectively compare the credit score 
information it gets from the credit reporting agency to information 
from lenders and other sources.
---------------------------------------------------------------------------
    \16\ This requirement could easily be added to the disclosures 
proposed in Section 3(a) of S. 1370 and to H.R. 2622.
---------------------------------------------------------------------------
    (2) When a consumer requests the disclosure of a credit score, the 
credit reporting agency should be required to disclose the broad-based 
credit score it most widely distributes to lenders. In addition, put 
the consumer in control by allowing him or her to request and receive 
at their choice one of either: (i) A broad-based credit score that the 
credit reporting agency widely distributes to lenders, or (ii) the 
general 
education credit scores current State law and H.R. 2622 already allow 
the bureau to provide.\17\ Protect the credit reporting agency from 
uncooperative third-party score developers by adding another exception 
that would relieve the agency from the obligation to disclose the 
developer's score if the third-party developer refuses to authorize 
such disclosure at a reasonable fee. Limit the burden on the agency and 
the complexity of the regulation by limiting the disclosure requirement 
to one model from the agency and one model from each third party that 
develops models for broad-based credit scores widely distributed by the 
agency.\18\
---------------------------------------------------------------------------
    \17\ This requirement could easily be added to the disclosures in 
proposed for Section 609(d)(2) by Section 3 of S. 1370 and to H.R. 
2622.
    \18\ These protections could easily be added to the Limitations 
proposed for Section 609(d)(1) in Section 3(b) of S. 1370 and to H.R. 
2622.

    The above suggestions to improve existing proposals add to the 
choice and education available to consumers without placing a 
significant, additional burden on either the credit reporting agencies 
or score developers. Nothing forces a third-party developer to make its 
score available. If the third party refuses to authorize disclosure at 
a reasonable fee, the agency has no obligation to offer the score. The 
number of different scores the agency must offer is limited because an 
agency must offer a score only if the score is a broad-based credit 
score that the agency widely distributes to lenders, and then only one 
score from each such third-party developer. Moreover, the legislation 
is flexible and will adapt as the credit scores used by lenders change. 
As a particular score becomes more widely distributed to lenders, it 
will be more useful to consumers and therefore it will be requested 
more often. When a new score becomes the broad-based credit score most 
widely distributed to lenders by that credit reporting agency, the 
score provided to consumers who do not exercise a choice will change to 
the score that is most likely to be helpful to the consumer. Existing 
score disclosure proposals can and should be modified to give consumers 
more choice and to continue to improve consumer credit education.
Credit Score Regulatory Overview
        I will say to you that it is very important to us to maintain a 
        system which enables those models and those technologies to 
        advance, because if they don't we're probably going to find 
        that costs--interest costs and availability for credit to the 
        average consumer are likely to rise.

        Alan Greenspan, testifying about credit scoring at the July 15, 
        2003, House Committee on Financial Services Hearing on Monetary 
        Policy.

    We believe that Chairman Greenspan can comfortably make the above 
cautionary statement because existing regulation and oversight by 
various governmental agencies is working well. Credit scores are one of 
many methodologies used by lenders to make better lending decisions, 
and every lender is required by law to use those methodologies in 
compliance with applicable laws, including the Equal Credit Opportunity 
Act. Regulation B, promulgated under the ECOA, prohibits lenders from 
using prohibited bases in the lending decision, such as race, marital 
status, religion, and national origin. Consumer reporting agencies do 
not collect that information, 
except what may be collected in accordance with identifying the 
consumer. That identifying information is not utilized in Fair Isaac's 
scoring models. Consumer reporting agencies collect data in five 
general categories. (1) Header information that identifies the 
consumer, such as name, address, date of birth, Social Security number; 
(2) Trade lines (for account information); (3) Public records; (4) 
Collections; (5) Inquiries. Fair Isaac's credit bureau scoring models 
do not utilize any of the header information in category 1.
    The OCC and other banking regulatory agencies have access to 
published Performance Charts for the Fair Isaac Credit Bureau Risk 
Scores. Fair Isaac periodically produces those Performance Charts (also 
called Validation Odds Charts) from new national credit bureau data 
samples used for model update purposes. These charts demonstrate and 
prove that the FICO score rank-orders consumers according to repayment 
risk.
    Clients for whom Fair Isaac develops custom models are provided a 
suite of development statistics with each custom model development so 
the client may share that information with examiners. These statistics 
demonstrate the rank-ordering of payment performance for the client's 
specific portfolio based on their specific definition of ``bad'' 
payment performance. Fair Isaac also provides information on the 
individual characteristics that make up the client's custom models. 
These statistics show the predictive content contained in each 
characteristic and illustrate why the scorecard contains the 
characteristic mix that it does.
    Fair Isaac also provides complete score tracking standards so that 
the client is able to monitor the performance of the model and scores, 
and track changes in the profile of their population over time. The OCC 
and other banking regulatory agencies have access to these performance 
statistics and tracking standards, as of course do the banks 
themselves.
    One way lenders are assured their use of Fair Isaac credit scores 
complies with existing regulations is the following warranty and 
representation found in Fair Isaac's contracts with the credit 
reporting agencies and end-user lenders:

        Fair Isaac, the developer of [insert score name], warrants that 
        the scoring algorithms used in the computation of the [insert 
        score name] Score are empirically derived from [insert name of 
        ] credit data and are a demonstrably and statistically sound 
        method of rank-ordering candidate records with respect to 
        credit risk, and that no scoring algorithm used by [insert 
        score name] uses a ``prohibited basis'' as that term is defined 
        in the Equal Credit Opportunity Act and Regulation B (Reg. B) 
        promulgated thereunder.

    Regulatory agencies charged with overseeing the safety and 
soundness of lenders have a variety of regulations pertaining to credit 
scoring such as the OCC's Bulletin 97-24, dated May 20, 1997. 
(accessible at http://www.occ.treas.gov/ftp/bulletin/97-24.txt )
Regulators are Well Trained to Oversee Lender's Use of Credit Scoring
    Fair Isaac has actively partnered with many regulators for many 
years to help ensure there is informed and effective oversight of the 
use of credit scoring.
Office of the Comptroller of Currency
    Right after the above OCC bulletin was issued in June 1997, Fair 
Isaac hosted three representatives of the OCC at an interactive 
scorecard engineering meeting at which scorecard engineering was 
demonstrated to help the OCC understand the methodology used to develop 
credit scorecards. Fair Isaac has continued to work with the OCC since 
then, such as the 2-day seminar on April 10-11, 2002 in Dallas 
entitled, ``Making the Most of Scoring Tools.'' The seminar covered 
scoring concepts, model development, implementation issues, uses of 
scores in strategies across the account lifecycle, and tracking and 
validation. The seminar focused on both custom application risk models 
and Fair Isaac credit bureau risk scores.\19\
---------------------------------------------------------------------------
    \19\ See Agendas, Attachment 7.
---------------------------------------------------------------------------
Federal Financial Institutions Examination Counsel \20\
---------------------------------------------------------------------------
    \20\ The FFIEC was established in 1978 and consists of the 
Chairpersons of the FDIC and the National Credit Union Administration, 
the Comptroller of the Currency, the Director of the OTS, and a 
Governor of the Federal Reserve Board appointed by the Board Chairman. 
The FFIEC's purpose is to prescribe uniform Federal principles and 
standards for the examination of depository institutions, to promote 
coordination of bank supervision among the Federal agencies that 
regulate financial institutions, and to encourage better coordination 
of Federal and State regulatory activities.
---------------------------------------------------------------------------
    On June 4, 2002, approximately 205 examiners from the Federal 
Reserve, OCC, OTS, FDIC, NCUA, and Farm Credit Administration attended 
a day-long seminar, ``Making the Most of Scoring Tools,'' covering 
scoring concepts, model development, implementation issues, and 
tracking and monitoring, and focused on custom application risk models 
and the Fair Isaac credit bureau risk scores.\21\
---------------------------------------------------------------------------
    \21\ See Agendas, Attachment 7.
---------------------------------------------------------------------------
Office of Thrift Supervision
    Fair Isaac has delivered a series of 2-day seminars for the OTS 
(November 2001, April 23-24, 2002, and October 15-16, 2002, April 22-
23, 2003) focused on the Fair Isaac credit bureau risk scores and 
pooled application risk models. Fair Isaac is scheduled to deliver 
another seminar in 2003 and two, 2-day seminars in each of 2004 and 
2005. \22\
---------------------------------------------------------------------------
    \22\ See Agendas, Attachment 7.
---------------------------------------------------------------------------
Conclusion
    Fair Isaac is proud of its role in providing actionable credit 
score information to empower consumers to improve their financial 
literacy and is committed to continuing its efforts in both the 
regulated and private disclosure of credit scoring information. I thank 
you for the opportunity to share with you Fair Isaac's expertise and 
experience in this important area.

                               ----------

                 PREPARED STATEMENT OF SCOTT HILDEBRAND

               Vice President, Direct Marketing Services
                   Capital One Financial Corporation
                             July 29, 2003

    Chairman Shelby, Ranking Member Sarbanes, and Members of the 
Committee. My name is Scott Hildebrand and I am appearing before you on 
behalf of Capital One Financial Corporation where I serve in the 
capacity as Vice President for Direct Marketing Services. On behalf of 
Capital One, let me express my thanks to you for the leadership you 
have shown on this important issue.
    Capital One is one of the top 10 largest credit card issuers in the 
Nation, and a diversified financial services company with over 45.8 
million customers and $60.7 billion in managed loans outstanding. In 
addition to credit cards, we are one of the Nation's premier auto 
finance companies, and also offer our customers an array of banking and 
related products. We employ nearly 18,000 associates worldwide, with 
offices around the country and overseas.
    We wish to commend you and the Congress on the work you have done 
to support financial education programs. Last year, President Bush 
signed into law the ``No Child Left Behind Act of 2002,'' making $385 
million available to State educational agencies to encourage the 
sharing of best practices and the teaching of basic economic principles 
and personal finance. This Act put into place the resources that 
teachers need to teach basic personal finance and personal finance 
management skills to school-age children. We believe that this Act has 
served as a foundation for improving the Nation's level of financial 
literacy as the monies have put more schools in the position of being 
able to incorporate personal finance teaching into their curriculum.

Informed Customers are Key to Capital One's Success
    At Capital One, we believe that a thorough understanding of 
financial matters not only helps consumers to make better decisions, 
but also helps to ensure the continued health of the financial services 
industry. In the banking business, there exists an age-old truism: 
Anyone can lend money; success is measured by whether you are paid 
back. We are not successful if our customers fail to manage their 
personal finances effectively, and thus are unable to meet their credit 
obligations. To borrow a phrase from legendary clothing retailer Sy 
Syms, ``An educated consumer is our best customer.'' Capital One's 
success can be attributed to its offering the most attractive products 
and pricing in the market today, including the lowest fixed credit card 
rate in the Nation of 4.99 percent, and auto rates as low as 3.89 
percent. It is our belief that consumers who understand the benefits of 
these products will choose Capital One.

Continuous Financial Education is a Vital Component of Our Customer 
        Interactions
    Capital One believes that clear communication about its products 
and services is important to maintaining successful relationships--
ensuring better customer retention in a highly competitive environment. 
Therefore, each product is accompanied by basic information that covers 
how our cardholders can avoid fees, stay within their established 
credit limit, obtain copies of credit bureau reports, and understand 
how their annual rates are applied.
    Our best channel and most direct vehicle for reaching our 
cardholders is their monthly statement. We include financial tips that 
are pertinent to their account in prominent locations on the statement 
where it is most likely to be noticed. We have used this vehicle to 
inform cardholders of their account status and to remind them to make 
payments, check their bureau reports, and to monitor their credit line. 
Some sample messages include:

        Why does good credit count? Employers check credit references 
        before hiring new people. Banks and leasing companies often 
        base the interest rate they offer you on your credit rating. 
        Achieving life goals such as buying a new car or owning your 
        own home are facilitated by good credit. Credit bureaus keep 
        information on your record for up to 10 years so a credit 
        problem history can follow you around for a long time.
        Overlook your bill? Be sure to make your payment today.

First-Time Cardholders Receive a Course on ``The Fundamentals''
    Understanding that Capital One may be the first credit card for 
many college-age cardholders, we have built financial education into 
all product touchpoints. Upon activation of the card, college students 
receive a welcome booklet that explains the ins and outs of credit. Our 
message focuses upon the importance of building a positive credit 
history--making at least the minimum monthly payment by the due date 
each month, and making sure to always stay within the credit line.
    Following the welcome package, for their first year with Capital 
One, cardholders will receive quarterly reminders about the importance 
of maintaining good credit habits. Created with Myvesta.org and the 
Jump$tart Coalition for Personal Finance (Jump$tart), these reminders 
provide more detailed information on being cost conscious, 
understanding how interest and finance charges can add up, the cost of 
accessing cash advances, warning signs of having too much debt, 
obtaining a copy of credit bureau reports, and the importance of 
saving.
    Capital One has also joined forces with YOUNG MONEY, the leading 
quarterly money and lifestyle magazine for young adults, to provide 
information to our cardholders on improving their financial 
decisionmaking skills. In this first-time venture, Capital One and 
YOUNG MONEY will co-brand a website specifically geared to our 
cardholders. In addition, we will provide a free 1 year subscription to 
a select number of our college age cardholders. Because YOUNG MONEY's 
articles are written by college students for college students, the 
magazine's content addresses the financial concerns specific to this 
age group. YOUNG MONEY covers a variety of money related matters 
including:

    Money Management--Find the best ways to control your budget and pay 
off debt. Learn how to save money and cut your expenses.
    Investing--Ever wanted to invest in the stock market? Find out 
everything that you need to know before you invest your money.
    Financial Aid--Learn the best ways to finance your education. Get 
tips on finding and winning scholarships, applying for student loans, 
and more.
    Credit and Debt--Manage debt the smart way--check out tips about 
credit cards, debt control, and credit reports.
    Careers--Find career-building resources, and read about successful 
job searches, interviews, and resumes.
    Consumer Issues--Learn to be a smart consumer by spotting credit-
repair scams, Internet service rip-offs, and fraudulent business 
``opportunities.''

    Our basic website for young adult cardholders has a range of 
education topics and includes a listing of frequently asked questions 
that covers maintaining good credit, avoiding fees, dealing with 
creditors, and the difference in variable and fixed rates. There is 
also contact information for all three major credit bureaus so 
customers can track the progress their making in building good credit. 
Upon instances when our young adult cardholders miss a payment or go 
over their credit limit, we will forward them a warning e-mail that 
outlines the importance of paying on time and/or staying below their 
limit.
Information Is Available to All Consumers Online
    We have also placed a ``Financial Tool Box'' on Capital One's 
website, which includes guides, articles, and calculators that give 
consumers a better understanding of how to use our products. Articles 
include:

    How Credit Works and Your Credit Rights--As a current cardholder, 
you no doubt have a firm grasp on how credit works. However, your card 
comes with several important, built-in legal benefits you may not be 
aware of. The law protects many of these ``credit rights.''
    Your Credit History--Your credit report does more than track your 
credit and how you pay your bills. It represents your financial 
profile, and it can affect more than just your ability to obtain 
additional credit.
    Managing Credit and Key Strategies for Money Management--The key to 
managing your credit is control--control of how much you spend on 
credit, how quickly you pay it back, and the types of items you 
purchase. Credit is not a financial cure-all. Used the right way, 
however, it can help you afford certain purchases and build a powerful 
credit rating.
    Safeguarding Credit and Learning how to Protect Your Credit from 
Thieves--We provide a number of tips for consumers to avoid identity 
theft and provide them with the steps they will need to take if they 
should ever become a victim.

    Our customers also have access to their accounts online where they 
can view recent transactions and available credit, see payment due 
dates to help avoid late penalty fees and update account information.
Capital One Seeks to be Part of the Solution on Financial Education
    Our efforts to improve financial literacy are not limited to our 
existing customers. Capital One has invested considerable time, effort, 
and money to develop innovative and far-reaching programs to improve 
financial education.

Capital One's Financial Education Activities Have Been Designed With a 
        Focus
on Effectiveness and Impact
    Capital One's business success has been driven largely by a highly 
analytical ``test and learn'' culture that seeks to customize products 
and services to the specific needs of individual consumers. Our 
founders realized that a ``one-size-fits-all approach'' makes little 
sense in an environment where each consumer possesses vastly different 
needs and characteristics. This ``test and learn'' culture pervades 
everything we do, from designing our products to meeting the needs of 
our associates. Not surprisingly, it also influences profoundly how we 
have chosen to tackle the important issue of financial education.
    Several years ago, we undertook a major corporate initiative to 
develop a financial education program. Following the Capital One method 
of doing business, we started by surveying the market to assess the 
delivery and methodology used by existing financial education programs. 
Our research revealed a high level of activity using a wide variety of 
approaches. While looking for information regarding best practices, we 
found limited understanding of what types of programs were most 
effective for which populations. We read training materials that were 
attractive visually, but we wondered if the language used was too 
complicated to reach the target populations. We also found quality 
materials without an effective method for getting the materials to 
market. Finally, we observed a limited amount of measurement and 
evaluation in the programs to assess their effectiveness.
    As a result of our research, we initially decided to focus on those 
most in need--lower-income and underbanked populations. We spent time 
thinking about two key goals: First, how to develop content that would 
be read and understood; and second, how to develop a delivery method 
that would effectively reach our targeted populations. As a result, we 
decided the best approach would be to find a strong nonprofit 
organization with whom we could partner--an organization that would 
bring expertise in materials development and have existing 
relationships with community-based organizations who are best situated 
to reach underserved communities.

Capital One Has Formed a Partnership With Consumer Action
    Following the research and development of our program goals, we 
contacted Consumer Action (CA) to discuss the feasibility of developing 
a partnership related to financial education for lower-income 
communities. Founded in 1971, CA has a long history and strong record 
of work in this area. Because CA is an umbrella organization whose 
membership includes more than 7,000 community-based nonprofit 
organizations throughout the country, we were confident that delivery 
of the materials to reach our target consumers could be achieved.
    Since beginning our partnership, we have developed a highly 
effective collaboration that has produced measurable results. Capital 
One has donated approximately $1.25 million to create and implement 
MoneyWi$e, a program that offers straightforward, easy-to-read 
information to address financial responsibility. Together, we have 
created a four-part series of MoneyWi$e educational materials that 
provide the building blocks for developing and honing personal finance 
skills. These four brochures focus on key financial education issues, 
including:

    Building Good Credit--Explains what credit history is, what a 
credit report is, how to get your credit report, how to establish good 
credit, and where to complain if you have a problem.
    Credit Repair--Explains why having good credit is important, your 
rights if your credit application is rejected, how to check your credit 
report, how to dispute mistakes on your credit report, and how to begin 
to rebuild good credit.
    Basic Banking--Discusses the fundamentals of banking, from opening 
a bank account to balancing a checkbook, and includes tips for 
resolving problems such as mixed up deposits and bounced checks.
    Basic Budgeting--Explains the importance of wise money management, 
including budgeting, balancing your checkbook, cutting back on 
expenses, and ways to spend less and save more.

    Capital One's financial support of this program ensures that these 
materials are provided to nonprofit organizations and consumers free-
of-charge. In addition, we feel it is critical that they be offered in 
multiple languages to ensure that we reach immigrant groups, many of 
which have had negative experiences with banks in their home countries 
and are vulnerable to unscrupulous financial service providers. The 
materials are available in four languages in addition to English 
including Spanish, Chinese, Korean, and Vietnamese. Through CA, 
materials are available to their membership of their more than 7,000 
community organizations nationwide, as well as directly to consumers 
via mail or the Internet. I am proud to report to date the distribution 
of these multilingual materials totals more than 1 million brochures.
    Our plans for later this year include creating and distributing 
information on two additional topics: The first is a guide for parents 
on talking to teens about money and the second is about understanding 
bankruptcy.
    Capital One and CA also joined forces to develop a ``train-the-
trainer'' program for community-based organizations. We liked this 
approach because it enabled us to leverage the talents of other 
organizations to achieve a higher impact at the local level. Together 
with CA, we were able to develop curricula that focus on the key issues 
contained in the brochures. The results have been phenomenal. To date, 
more than 800 nonprofit organizations across the country have requested 
the information. They have included a wide variety of types of 
organizations such as university cooperative extension offices, 
consumer credit counseling service organizations, and community 
development corporations.
    During the fall of 2002, Capital One and CA co-sponsored Statewide 
meetings in Tampa, Florida and Oakland, California to train the leaders 
of nearly 75 community-based organizations in each location to use the 
MoneyWi$e materials in their communities. The 2-day meetings included 
sessions to review the materials and train participants on teaching 
adult populations. They were interactive and included many hands-on 
activities designed to reflect real-life situations. A follow-up survey 
on the training sessions found a high satisfaction level among 
participants. We have two additional meetings planned for later this 
year; one meeting will take place in Dallas and serve agencies 
throughout Texas and the other will take place in the District of 
Columbia and serve agencies in the metropolitan area.
    We have also strengthened the program by offering stipends to 18 
nonprofit organizations around the country that are starting to teach 
financial education to their constituents--the grants provide them with 
the funding they need to staff and provide additional resources. We 
anticipate reaching approximately 60,000 consumers through the reach of 
the program.
    This month, the MoneyWi$e partnership received the Achievement in 
Consumer Education award by the National Association of Consumer Agency 
Administrators.

We Have Engaged the Talent of our Employees To Deliver Financial 
        Education to
our Local Communities
    Capital One believes in the value of employee involvement in 
community service. We have a long-standing focus on company-sponsored 
volunteerism in the areas of youth-at-risk, education and community 
development. Therefore, it made sense to incorporate financial 
education into our volunteer activities as we were developing our 
program.
    Trained by CA and equipped with materials and a training/curriculum 
manual, Capital One employees pilot-tested this approach in its home 
communities of Richmond and Northern Virginia. Our volunteers have 
contributed approximately 250 hours to teach the information to 
constituents of several nonprofit organizations. Because of the 
overwhelmingly positive response from employees, the program is being 
expanded to other Capital One sites around the country.

Capital One Focuses on Youth Through Its Partnership With Jump$tart
    Five years ago, to align our financial education program with our 
philanthropic focus on helping youth-at-risk, we joined Jump$tart. The 
premise behind our 
support of this program is simple: We believe in their mission to teach 
financial education in the public schools. And the most effective 
method for reaching a wide population, including lower-income children, 
is through a public education program.
    Based on this belief, we provided financial support for the 
integration of Jump$tart's Money Math curriculum into the Virginia 
school standards. Through this effort, we hoped to provide another tool 
that Virginia teachers can use to teach their students about personal 
financial management. At a press conference last Spring, the U.S. 
Department of the Treasury's Office of Financial Education recognized 
Capital One for this effort.

Targeting and Reaching College Students
    There has been a tremendous amount of concern expressed about 
college students and the need for financial education. Capital One 
shares this concern and has developed a unique method to reach this 
population. Specifically, we decided to experiment with a method that 
utilizes students' relationships with their peers. Last year, we 
piloted MoneyWi$e for College Students, a ``train-the-trainer'' program 
that teaches college students how to become ``money mentors'' and 
deliver personal finance curricula to other students at their colleges 
or universities.
    MoneyWi$e for College Students is a program whereby student leaders 
use their influence to educate fellow students about how to make 
informed credit decisions. Currently, the program is delivered on three 
college campuses including the University of South Florida, Texas A&M 
University, and Washington State University. Because of the success of 
this test, we are currently in talks to expand the program to 
additional universities this coming fall--we have received interest 
from the University of Maryland, Pennsylvania State University, and the 
University of Alabama.
    The workshops cover a broad range of topics from how to maintain a 
checking account to understanding credit reports. In addition, students 
attending the workshops receive informational brochures focusing on 
basic money management. Capital One sets up a page on the website of 
participating universities that links to Visa's Practical Money Skills. 
The training program results reported by participating students has 
been impressive:

 100 percent would recommend the program to other students.
 100 percent reported that the program improved their 
    understanding of basic money management concepts.
 84 percent indicated that the program taught skills and 
    concepts that were new to them.
 95 percent rated their impression of Capital One and Visa as 
    ``very or somewhat positive.''

We Encourage the Media To Report on Financial Topics To Help Educate 
        the Public
    Capital One has sought to utilize the media to provide the public 
with tools to better manage their finances. All of our fact sheets are 
available on our website's press center, and serve to encourage 
reporters to write stories on these topics. Earlier this summer, we ran 
an auto buying campaign that advised consumers to prepare carefully 
before buying this big-ticket item. This campaign made 26.8 million 
impressions and was covered by print, television, and radio reporters.
    Other campaign efforts have focused on key life events: (1) The 
back-to-school shopping ritual and importance of parents explaining to 
their kids how to budget; (2) what newlyweds need to be aware of when 
they first tie the knot; (3) budgeting for the holidays; and (4) 
staying fiscally fit, in general.

Financial Services Industry Continues To Increase Its Focus on 
        Financial Education
    Thankfully, we are not alone in our efforts. According to the 
Consumer Bankers Association (CBA) annual survey on financial literacy, 
the number of financial institutions sponsoring or partnering on 
financial education initiatives continues to increase year after year. 
Not surprisingly, these programs have focused on the most vulnerable 
segment of consumers.

Youth
    The CBA survey confirmed that there is a strong effort among banks 
to advance personal finance skills among youth. Seventy-seven percent 
of responding banks 
indicated that they offer financial literacy programs for students in 
grades K-12, organizations like Jump$tart, the national ``Adopt-a-
School'' program, and employees/student mentoring. At the post-
secondary level, 26 percent of financial institutions offer financial 
education programs on college campuses.

The Unbanked
    For the first time, CBA polled banks on their efforts to address 
the financial services needs of the unbanked. Seventy-four percent of 
responding institutions 
indicated that they offer Individual Development Accounts to such 
consumers. Fifty-seven percent of responding banks indicated that they 
have developed a personal finance program or initiative specifically 
designed for unbanked consumers.

Recent Immigrants and Multilingual Consumers
    In addressing the particular needs of a major segment of the 
unbanked population--immigrants and non-English speaking consumers--70 
percent of responding banks indicated that their institution provides 
financial education programs, basic banking literature, or educational 
brochures in a foreign language, primarily Spanish. Particular 
attention is being paid to small business development, which has shown 
a significant upward trend in the percentage of banks offering such 
programs. This year, 79 percent of responding banks indicated that they 
sponsor or partner on programs aimed at providing small business 
development assistance.

Conclusion
    At Capital One, we believe in the principle that knowledge is 
power. It is that power that will enable the American consumer to make 
better choices about their personal finances.
    Our products work best if our customers manage their finances 
responsibly. Put another way, the less our customers know, the more 
likely they are to find themselves in financial trouble. When these 
customers cannot pay their bills, we bear the loss. Higher losses in 
turn, leads to higher costs for everyone. For Capital One, ``educated 
consumers''--customers who know the annual percentage rate they are 
paying, who know when their bills are due, and who know and understand 
how to manager the products we offer--are our best customers.
    Mr. Chairman, Ranking Member Sarbanes, and Members of the 
Committee, thank you again for the opportunity to testify before you. I 
would be happy to answer any questions you may have.

       RESPONSE TO WRITTEN QUESTION OF SENATOR SARBANES 
                     FROM DOLORES S. SMITH

Q.1. I have introduced S. 1470, the Financial Literacy and 
Education Coordinating Act. What are your views on this 
legislation?

A.1. The development and adoption of a national strategy for 
improving financial education and knowledge in this country is 
a significant public policy undertaking, and the proposal for a 
Financial Literacy and Education Coordinating Committee merits 
strong support. A committee of decisionmakers from across the 
spectrum of Federal agencies will bring high-level visibility 
to the Government's promotion of financial education and 
knowledge for all Americans. Drawing State and local agencies, 
along with private-sector organizations from industry and the 
nonprofit world, into the collaborative-consultative process 
adds an important dimension to the 
undertaking.
    While collaboration among agencies already takes place, 
having a formal mechanism for the development and coordination 
of a Federal strategy would strengthen the process in a number 
of ways. It would facilitate the sharing among agencies and 
others of information on financial education activities; 
promote interest in and support of needed research for testing 
the effectiveness of different approaches to personal financial 
education; and foster increased engagement in financial 
education initiatives. Coordination through the Committee also 
could help minimize duplicative efforts at all levels, and 
assist in directing agency resources to where they are most 
needed or where they can be most productive.


                          ADDRESSING MEASURES
                      TO ENHANCE THE OPERATION OF
                     THE FAIR CREDIT REPORTING ACT

                              ----------                              


                        THURSDAY, JULY 31, 2003

                                       U.S. Senate,
          Committee on Banking, Housing, and Urban Affairs,
                                                    Washington, DC.



    The Committee met at 10:20 a.m., in room SD-538, Dirksen 
Senate Office Building, Senator Richard C. Shelby (Chairman of 
the Committee) presiding.

        OPENING STATEMENT OF CHAIRMAN RICHARD C. SHELBY

    Chairman Shelby. The hearing will come to order.
    Secretary Snow, good morning and welcome to the Committee. 
We appreciate you coming here today to express the 
Administration's views on this important subject.
    Today, the Committee comes to the final in a series of 
hearings that we have held on the Fair Credit Reporting Act.
    We adopted this, process because the FCRA, the Fair Credit 
Reporting Act, is a complex statute that regulates a 
complicated and dynamic component of the marketplace that is 
crucial to the operation of our economy.
    It is my hope that we have met our responsibility of 
conducting a comprehensive review. In the near future, we will 
begin developing legislation to address the matters identified 
as issues during our hearing process.
    Drawing upon what we have learned from our many witnesses, 
we will approach this task with the perspective that while the 
system is generally pretty good, I think it can and must get 
better.
    I believe we have identified real questions about the level 
of accuracy in credit reporting. There are numerous issues 
associated with the insidious crime of identity theft. There 
are areas where consumers need more opportunities to make their 
own choices and greater information to make informed decisions. 
Last and perhaps most importantly, we are faced with the 
question of how best to ensure that with constantly evolving 
credit markets, the maximum fairness, accuracy, and efficiency 
is consistently achieved.
    To help move toward solutions, today's witnesses are here 
to provide their views regarding these and other issues. I 
think there is much for the Committee to gain from their input.
    In our first hearing, I expressed the view that it should 
be our goal to ensure that the Fair Credit Reporting Act 
produces the most effective, efficient, balanced, and fair 
system achievable. As we close the hearing process, I remain 
hopeful that we can meet this goal.
    Again, I want to thank Secretary Snow, Secretary of the 
Treasury, for being here, and I look forward to yours and other 
witnesses' testimony.
    Secretary Snow, your written statement will be made part of 
the record in its entirety. You proceed as you wish.

                   STATEMENT OF JOHN W. SNOW

           SECRETARY, U.S. DEPARTMENT OF THE TREASURY

    Secretary Snow. Thank you very much, Mr. Chairman, and 
Members of the Committee. It is a pleasure to be here with you 
today to talk about a subject that is critically important to 
the way our credit markets and financial institutions work in 
the United States.
    We have submitted a proposal to strengthen the use of the 
Fair Credit Reporting Act in a way that I think promotes 
consumer interest and continues to make access to credit and 
other financial services available at a low cost, and to 
Americans who are seeking credit.
    It is important to understand that these uniform national 
standards for information sharing operate in a very fundamental 
way to expand the opportunity for consumers to get access to 
credit and to a broad range of financial services.
    What they really do is allow you to take your reputation 
with you as you travel around the country. America is a very 
mobile society. Something like one-sixth of the American 
families move in a given year. As you move, you leave the place 
where you are known, you move to another State, another city, 
you can get credit. You can buy a house. You can buy an 
automobile. You can go into a store and easily get credit 
because your reputation follows you around and you do not have 
to start from scratch, and that is critically important in a 
mobile society like the one we have in the United States.
    These national uniform standards really play a critical 
role in making the miracle of modern credit available. From 
1995 to 2001, the percentage of minority families--and I think 
it is important to recognize the impact they have on minorities 
and people at the lower-income levels--holding mortgages 
increased significantly. One-sixth of minorities who qualified 
for mortgages in 2001 would not have qualified, would not have 
qualified in 1995, and we see a higher rate of improvement in 
homeownership among minorities than we do for the overall 
percentages. Similarly, the percentage of minority families 
with credit cards has risen very, very substantially and 
disproportionately to the population as a whole. That is a 
credit to what these uniform standards make possible.
    But there are problems in this world of credit, and the 
most serious worry for financial consumers today is, as you all 
know, identity theft. A recent private study reports that 
identify theft has been greatly under reported, and according 
to this study, as many as 7 million Americans were victims of 
identity theft last year. Of course, once you lose your 
identity, many enormously bad things happen to you and it is 
very difficult to get your good identity back, and you are put 
through a hellish period.
    Many identity thieves specifically target the most 
vulnerable members of society: That is, families of the 
recently deceased, hospital patients, men and women serving in 
the U.S. armed forces that are away from home. Our national 
information sharing system, made possible by the Fair Credit 
Reporting Act, is an important tool in this fight against 
identity theft, and it can be made even more effective.
    With the right information about your true identity, 
financial institutions can ask the validating questions that 
can unmask the identity theft and the identity thieves. In 
other words, the banker, our bankers and your bankers, can stop 
the identity thief if that banker or that financial institution 
knows more about you than the thief does. That is part of what 
we are trying to do with our recommendations, is to put the 
banks in that position.
    National uniform standards make timely access to full and 
accurate information possible, giving the financial 
institutions the tools to stop many identity theft assaults 
before they can succeed. In other words, seeing the information 
moving faster than the thieves can move, and getting ahead of 
the thieves.
    On June 30 this year, I announced the Administration's 
proposal to remove the sunsets on the uniform standards, and 
focus these standards, and the FCRA itself, even more 
effectively on meeting two key consumer interests, the interest 
in improved access to credit and financial services and the 
interest--and I know this is important to every one of you on 
the Committee--the interest in the accuracy and the security of 
financial information.
    Let me just quickly go through a few highlights of our 
proposal. First, we would recommend making free credit reports 
available upon request. They are of course available today 
under certain circumstances, but we think that an annual free 
credit report from the credit reporting agencies is 
appropriate. A basic tool to place in the hands of the 
consumers is access to their credit reports. As I say, once a 
year upon request, free of charge, doing so we think would 
enhance the accuracy and the completeness of the credit 
reports. We think the credit reporting agencies have an 
interest in engaging the users, the consumers, to make sure 
that those reports are accurate. Making these free reports 
available annually upon request will do just that because then 
the consumers can correct those reports if they see an error in 
them.
    Second, we would propose a system of national security 
alerts. Under this system, uniform standards would include 
allowing consumer who have been victimized or who are in danger 
of being victimized, to put banks and merchants on guard 
against the efforts of those who may be trying to impersonate 
them.
    Third, we would propose a system of red flags. This is a 
related effort in which we suggest bank regulators should watch 
for patterns followed by identity thieves, and put in place red 
flags that indicate the likelihood of fraudulent activity, and 
share this information with each other so that the whole group 
of financial regulators are part of the effort to share 
information, put up red flags and make it tougher for identity 
theft to occur. Under our proposal, the regulators would 
provide notices of these red flags to the institutions that 
they supervise, and would verify in their bank examinations 
that these warning signs are being heeded, and that the banks 
are really following the red flag indicators, and they will be 
empowered to fine those institutions where there is lack of 
appropriate attention to the red flags.
    Finally, fourth, because we have other suggestions, and I 
am just giving you the highlights here, we would propose a 
prohibition on the sale or transfer of identity theft debt: 
That is, once an institution has been notified that there is a 
threat of an identity theft, that institution would be 
precluded from going off and selling that debt. So, we would 
propose prohibiting the sale or transfer of debt for collection 
that a creditor knows is the result of identify theft. This 
measure would help reduce the repollution, if you want to use a 
word, of consumers' credit files with wrong information, and 
save consumers countless hours of needless hassle in trying to 
restore their good name.
    We look forward to working, Mr. Chairman, with you, Ranking 
Member Sarbanes, and all of the Members of the Committee, to 
ensure that the Fair Credit Reporting Act becomes an even more 
effective tool to meet the financial interests of America's 
consumers.
    Thank you very much for the chance to be here today.
    Chairman Shelby. Thank you, Secretary Snow.
    Mr. Secretary, during the course of the Committee's review 
of the Fair Credit Reporting Act, the Banking staff asked the 
General Accounting Office to perform an analysis of the 
accuracy of credit reports. The GAO has just come back with 
these results, which will be included in the record here today.
    The chief finding of the report by the General Accounting 
Office was that only limited and to some degree contradictory 
information was available with respect to the overall accuracy 
of credit reports. Specifically, GAO concluded, ``Information 
on the frequency, type, and cause of credit report errors is 
limited to the point that a comprehensive assessment of overall 
credit report accuracy using currently available information is 
not possible.''
    This is troubling, concerns us. In order for us to know 
where things stand presently, and to know the direction that 
the new Fair Credit Reporting Act provisions would take things 
in the future, including measures such as one you have 
outlined, Mr. Secretary, we need some independent data to make 
informed determinations. Considering the importance of credit 
reports to the credit process, Mr. Secretary, is it not worth 
the effort to get an objective understanding as to how accurate 
the reports are?
    Secretary Snow. Absolutely, Mr. Chairman. I agree with you. 
It is important, though, I think to distinguish what features 
of the report are inaccurate.
    Chairman Shelby. Absolutely.
    Secretary Snow. Understand I am not an expert on this, but 
there are people at the Treasury that I have talked to who are, 
like Mr. Abernathy, who indicate that some of this information 
is fairly trivial and some of it is not.
    Chairman Shelby. What is substantive and what is trivial? 
But a lot of times it is substantive, and really accuracy goes 
to the heart of the report, does it not?
    Secretary Snow. I think having better understanding of this 
whole question is very important. I think the credit agencies 
themselves have a real stake in having better information, and 
in creating greater trust in the accuracy of the information. I 
share your concern about this.
    Chairman Shelby. Mr. Secretary, the Administration, which 
you are part of as Secretary of the Treasury, has recommended 
permanent extension of the preemption provisions. In some of 
our discussions with stakeholders involved with issues related 
to the Fair Credit Reporting Act, we have been told that many, 
if not most, of the positive developments they have seen have 
come just in recent months as we have been holding these 
hearings, when the shadow of reauthorization loomed largest. I 
guess this is common sense.
    Do you think, Mr. Secretary, that at a minimum, the process 
of reauthorization tends to serve as a force that motivates 
interested parties to perform at a higher level, both here and 
in the marketplace?
    Secretary Snow. I think being subject to scrutiny certainly 
heightens one's attention and serves a useful purpose.
    Chairman Shelby. Absolutely. Is it worth noting, Mr. 
Secretary, that even at the time when the Fair Credit Reporting 
Act reauthorization is being considered, when you would think 
that everyone associated would be on their absolute best 
behavior, whatever that is, the FTC just completed an 
enforcement action and levied a significant fine against one of 
the big credit bureaus for failing to meet basic 
responsibilities with respect to handling consumer complaints.
    With that in mind, will the necessary incentives remain if 
reauthorization is permanently taken off the table, or should 
we make sure that we provide some type of legislation to keep 
people on their toes?
    Secretary Snow. I think what we are trying to do in our 
proposal is create the right incentives for the whole system, 
that whole complex system of furnishers, scorers, and the 
credit reporting agencies, and the consumers themselves, to 
work in a more effective way, to create incentives for the 
whole system to work more effectively. We strongly support 
removing the sunsets, but recognize in removing the sunsets 
that Congress will continuously review, as you are doing today 
on how the system is working, and whether it is working well to 
protect consumer interest, and whether it is working well to 
make credit available at low interest rates.
    I think you have ample authority here and ample ability to 
continue to police the system and create yourselves, through 
that oversight, the right incentives.
    Chairman Shelby. Mr. Secretary, lastly, we heard testimony 
here that consumers are not all that well versed in the area of 
credit reporting, and I think the proposal to allow--that you 
just mentioned--free access to their credit reports will 
certainly help improve things. I also think it is almost as 
important here to make people aware of their right to a free 
report as it is to provide them the right in the first place. 
In other words, if you give them the right--you have talked 
about free reports--but they have to be aware of that right, 
which I think would really help in identity theft, would help 
clear up misunderstandings and probably have a lot of positive 
things in it. Do you disagree with that?
    Secretary Snow. No. I agree very much. At the Treasury, we 
are engaged in this important effort on financial education 
which I think is central to----
    Chairman Shelby. If they have a right, they need to know 
they have that right.
    Secretary Snow. Exactly. I think broader understanding of 
the financial system and people's rights under it, is 
important, I agree.
    Chairman Shelby. Senator Sarbanes.

              COMMENTS OF SENATOR PAUL S. SARBANES

    Senator Sarbanes. Thank you very much, Mr. Chairman.
    Mr. Secretary, we are pleased to have you here before the 
Committee. I am going to take advantage of the fact that you 
are here to digress for just a moment.
    I was following this bus tour that you and Secretary Chao 
and Secretary Evans were making out there in the Midwest, 
running around the countryside, and I noticed you indicated 
that you thought the Chinese Government needed to allow its 
currency to strengthen by widening its trading ban against the 
dollar. We have followed this issue of currency manipulation 
closely in this Committee, and I welcome that statement on your 
part, but I want to underscore just how important I think it 
is. In fact, when we enacted the Omnibus Trade and 
Competitiveness Act in 1988, it requests the Treasury--this has 
now been in existence some 15 years--requires the Treasury to 
submit a report to Congress on international economic and 
exchange rate policy by October 15 of each year. The Act 
requires the Secretary of the Treasury, ``to analyze on an 
annual basis the exchange rate policies of foreign countries 
and consider whether countries manipulate the rate of exchange 
between their currency and the U.S. dollar for purposes of 
preventing effective balance of payments adjustments, or for 
purposes of gaining unfair competitive advantage in 
international trade.''
    I just have some process questions. One, do you anticipate 
submitting that report on time, by mid-October?
    Secretary Snow. Yes, we do, Senator.
    Senator Sarbanes. And will the report contain the required 
analysis of exchange rate manipulation?
    Secretary Snow. Yes, it will.
    Senator Sarbanes. The Act requires the Treasury Secretary 
to testify before Congress on the report if requested, and I 
think Chairman Shelby has indicated his desire to have such 
testimony, so presumably you would anticipate testifying before 
the Committee on the report?
    Secretary Snow. Yes, indeed.
    Chairman Shelby. Senator, would you yield for a second on 
that same thing? We had Secretary Snow coming earlier in July, 
but he was traveling with the President, as I understood, so we 
postponed this hearing, did not cancel it, and added it to the 
October hearing schedule. I understand that the Treasury will 
be releasing the next exchange report in October, and that 
Secretary Snow then would address these issues when he appears 
before the Banking Committee at that time. Is that right?
    Secretary Snow. That is absolutely right, Mr. Chairman.
    Senator Sarbanes. I just wanted to indicate a number of us 
are looking forward to that hearing. We think it is an 
extremely important one in terms of international economics, 
and we are looking forward of course to the report and the 
analysis, which the Treasury people will be making, of this 
possibility of seeking unfair competitive advantage in 
international trade by manipulating the currency exchange 
rates.
    Mr. Chairman, I was not here right at the outset, but I 
wanted to take a moment to commend you for holding this series 
of hearings on the Fair Credit Reporting Act. I think each and 
every one of the hearings has been extremely productive, and I 
particularly commend the comprehensive approach you have taken 
in examining these issues, and also the wide cross-section of 
interests that have been represented by the witnesses you have 
invited to the hearing table. I think it has given us some 
valuable insights into the workings of the Act as we consider 
solutions to the various issues that have been raised.
    As I noted at the outset, when we started, the Fair Credit 
Reporting Act, really at its core is a consumer protection 
statute. I think it serves a very fundamental purpose helping 
to ensure the privacy of consumer financial data, the accuracy 
of credit report information, and fair practices in the 
collection and the use of credit information and then credit 
granting. It is very important to literally tens of millions of 
Americans that we work to ensure fair, accurate, and effective 
credit reporting practices as we consider reauthorizing the 
preemption provisions of the Act.
    Mr. Secretary, during these hearings we have received a 
number of recommendations for improving the operation of the 
Act. These suggestions have included--and I am going to go 
through a list of the summary headings, I guess. Beneath the 
summary headings there is obviously important questions of what 
are the details? The devil is always in the details, and I 
recognize that, and I am not going to, at this moment, get down 
to that level. But as I go through these summary headings, I 
just want to get some sense if there are any of them that you 
think are not an appropriate item for us to be looking at as we 
consider this reauthorization. Combatting fraud and identify 
theft; clearly, you have made that a lead item in your own 
statement.
    Secretary Snow. Yes, I have.
    Senator Sarbanes. Protecting consumers' financial privacy.
    Secretary Snow. Certainly protecting the accuracy, 
security, and that translates into privacy information, is very 
important, yes.
    Senator Sarbanes. Clarifying the credit scoring process and 
the use of credit scores.
    Secretary Snow. Yes, we have recommendations in that area 
as well.
    Senator Sarbanes. Improving the accuracy of credit reports, 
which of course relates to the one I just asked.
    Secretary Snow. We have recommendations there as well, yes.
    Senator Sarbanes. Improving consumers' understanding of the 
credit reporting process.
    Secretary Snow. Very much so, as I responded to the 
Chairman earlier, yes.
    Senator Sarbanes. Combatting abusive marketing practices.
    Secretary Snow. Yes. Our proposal deals with that as well.
    Senator Sarbanes. Finding ways to improve the financial 
literacy and education of all consumers.
    Secretary Snow. Yes, certainly.
    Senator Sarbanes. You have an office in the Department of 
the Treasury addressed to financial literacy and education. We 
have introduced legislation to set up a coordinating committee 
within the Executive Branch of the Federal Government to be 
headed actually by the Secretary of the Treasury, and to be 
staffed in effect by this office in your department. We had a 
number of agencies here the other day, all of whom work on 
consumer literacy and consumer education. As you know, from the 
Trade Promotion Coordinating Committee, we did a comparable 
thing in that area. I do not know whether you have had a chance 
yet to fully review that legislation.
    Secretary Snow. Senator, we support the broad thrust of 
what you and the Chairman are putting on the table here. There 
is an office that reports to Assistant Secretary Abernathy that 
deals with this broad question of financial literacy. We want 
to see that office become even more effective, even stronger in 
its capacity to deal with this issue. It is a critically 
important issue. I agree with you.
    Senator Sarbanes. Thank you very much.
    Thank you, Mr. Chairman.
    Chairman Shelby. Senator Bennett.

             COMMENTS OF SENATOR ROBERT F. BENNETT


    Senator Bennett. Thank you, Mr. Chairman, and I echo 
Senator Sarbanes comment about the thoroughness and the wisdom 
of this series of hearings. My experience on the Banking 
Committee, I do not know of any legislation that has had a 
series of hearings that has been as comprehensive as this and 
had witnesses from across the spectrum the way this one has, 
and now we are culminating in the statement from the Secretary, 
and I applaud you for the methodology of putting this together.
    If I can pick up on what Senator Sarbanes was saying, I 
listened very carefully to the list of items on which he 
focused, and there were a few things that I would like to add 
to that list. I will not suggest that Senator Sarbanes 
overlooked them. I will just suggest that I focused on them.
    In your testimony, you outlined what has happened since the 
Fair Credit Reporting Act has been in place and the amount of 
credit that is available to people that presumably was not 
available before and how it has facilitated the extending of 
credit, particularly to groups that were left out of credit 
earlier.
    As I have said at one of our previous hearings, I remember 
when I was sitting where Senator Corzine is sitting now, as a 
very new member of this Committee, and there is hope, Senator, 
that it moves really fast to come around the horse shoe.
    [Laughter.]
    The main issue that we were discussing at the time was 
availability of credit, particularly for minorities. And we 
were beating people up who would come before the Committee for 
the fact that credit was not made available.
    Their defense was, well, many of these people are not good 
credit risks. Now, by virtue of information about them and 
their credit habits being made widely available, we have 
discovered that they are better credit risks than the 
institutions thought they were and that credit is now being 
made available.
    I raise that because part of the testimony we have had here 
has suggested that if we do not extend the Fair Credit 
Reporting Act in essentially the same form that it has been in 
during this period of success, we run the risk of having credit 
begin to dry up for certain people; in other words, we protect 
in the name of consumer protection, information to the point 
that it is not available and credit extenders then say, well, I 
cannot take the risk because I do not have the information.
    I am particularly focusing on the preemption clause with 
respect to that, and I love your statement when you said this 
allows you to take your reputation with you when you move. We 
have had testimony before the Committee that indicates that the 
number of Americans who move every year is in the tens of 
millions, and this is one of the challenges of the credit 
reporting agencies to keep up with people. And many of the 
errors that are in their files are errors of wrong addresses, 
wrong employers, et cetera, because the information does not 
catch up with the fluidity of the American workforce.
    I have had the experience of moving from one State to 
another prior to the Fair Credit Reporting Act and discovering 
it was extremely difficult to get a mortgage in the new State. 
Fortunately, my family was fairly well known in Utah. I had 
moved back to Utah after a period of 24 years away, and it took 
my father going down to the credit reporting agency or to the 
financial institution with whom I was dealing and laying down 
his credit as a guarantee of mine, having just moved from 
California, in order for me to get a loan, and now I can take 
that reputation with me.
    Let me shift with that now to one quick question for you, 
and maybe we will get around to a second round on some other 
issues.
    Free credit reports on request. I back this. I think it is 
a very logical thing, but again let us get into the details. We 
are asking the credit reporting agencies to give away their 
product. That which they charge for, that which they earn their 
money on, we are saying you have to give this away. And as long 
as they are giving it away to a relatively small percentage of 
the people whose names are in their files, they can handle 
that.
    But as we drive toward getting them to give away their 
products to more, and more and more people, it raises all kinds 
of questions about who is going to pay for it eventually and 
will some enterprising providers of credit say, look, you ask 
for your credit report and bring it in along with your 
application for a loan, so I will not have to ask for it, and 
therefore I do not have to pay for it.
    Have you given any thought as to what can be done to deal 
with the cost implications of saying to an entire industry, by 
law, we are going to require you to give away your product to a 
certain portion of the economy while you are trying to sell it 
to another?
    Secretary Snow. Senator, those are good questions, and we 
have thought about them. Today, of course, the credit reporting 
agencies are required to make those free reports available 
under a number of circumstances, and they do. The one change we 
are making is to make the annual-upon-request requirement, put 
that in place.
    I do not think, I mean, we have heard from people who 
raised the issues that you raise, and I think they are 
legitimate issues. In fact, they are issues I raised when I 
first heard about this proposal inside the Treasury Department. 
As I have thought about it, on balance, I think it still makes 
good sense and will not lead to an untoward burden on the 
credit reporting agencies.
    I think we have to be on guard for the unintended 
consequences of the sort you are mentioning and monitor that. 
In a way, you could see where the credit reporting agencies 
would welcome the input on their reports from the consuming 
public because it would make those reports more accurate, and 
they are in the business of providing accurate information.
    So, at one level, I can see where they would embrace it and 
say it really helps us do our basic job, but I think we should 
be alert to some unintended consequences that we, at this 
point, cannot foresee, and be prepared to deal with it if it 
arises.
    Senator Bennett. As I said, I favor the free credit report, 
but the details have to be looked at.
    Senator Sarbanes. Right.
    Senator Bennett. Thank you, Mr. Chairman.
    Chairman Shelby. Senator Johnson.

                COMMENTS OF SENATOR TIM JOHNSON

    Senator Johnson. Welcome, Secretary Snow.
    So that I do not misunderstand your earlier testimony to 
Chairman Shelby, it is my understanding that the Administration 
supports a permanent extension of the Fair Credit Reporting 
Act. You observed that you favored a sunset of the Fair Credit 
Reporting Act, which is obviously a termination of the 
legislation, subject to then reauthorization process again. So 
that I do not have any misunderstanding, I wonder if you would 
clarify the Administration's position.
    Secretary Snow. That may be a distinction without much of a 
difference. The sunsets are in place and will be triggered 
unless action is taken by the Congress by the end of this year. 
We favor the continuation of the current national standards, 
which means we want the sunsets removed. I used the word 
``permanent.''
    Congress will, I imagine, continue to monitor this and make 
improvements over time and deal with issues such as the ones 
that may arise that Senator Bennett talked about. We would like 
to see these national standards extended, with the 
modifications that we have proposed, which is tantamount to 
saying we do not want to see the sunset go into effect. We like 
the preemption.
    Senator Johnson. As I understand, it would be a permanent 
extension. Obviously, Congress would continue its oversight 
responsibilities, which we always do. The Administration's 
position is, that it would not be an extension of a finite, 
limited time, but it would extend the existing law beyond the 
current sunset.
    Secretary Snow. Precisely, Senator.
    Senator Johnson. Legal certainly, I am assuming, is a high 
priority for the Administration relative to the business 
community that they can make plans over the long term, knowing 
that the Fair Credit Reporting Act is not only here, it is here 
to stay, subject, obviously, to the occasional Congressional 
modifications.
    Secretary Snow. Exactly. We think it would be really 
devastating if the business community could not plan on the 
preemption staying in place.
    Senator Johnson. Do you think that increasing furnisher 
liability is a useful way of increasing the accuracy of credit 
reports or do you think that such an approach might, in fact, 
have a counterproductive consequence with respect to 
participation rates?
    Secretary Snow. Again, it all depends on the specifics of 
the proposal, but in general I think we have it about right 
now. I would be concerned about higher levels of burdens on 
furnishers, since it is a voluntary system, creating 
disincentives for them to stay in the system. The ability to 
provide broad-based, low-cost credit really depends on lots of 
furnishers staying in the system.
    I would be very chary and very concerned about changing 
that balance very much, Senator.
    Senator Johnson. Secretary Snow, in your judgment, who 
would stand to lose the most if Congress fails to reauthorize a 
uniform national standard for credit reporting?
    Secretary Snow. Well, I think those who would lose the most 
are those who, today, have been brought into the system over 
the course of the last 7 or 8 years because of the national 
standards. And they, as I think we all know, tend to be more 
minorities, more Hispanics, more African-Americans, more small 
business owners who do business on credit cards.
    It would tend to be the less fortunate, the less 
financially well-established segments of society who would 
suffer the most.
    Senator Johnson. One of the great strengths of the American 
economy, as opposed to many other economies in the world is the 
mobility and the fluidity of America's workforce. Would failure 
to extend the Fair Credit Reporting Act have a negative 
consequence on that important piece of our economy?
    Secretary Snow. Senator, I think it would have far-reaching 
adverse consequences. One of the great strengths of this 
country is labor mobility, and it is a contradiction to so many 
other major industrialized economies of the world, 
particularly, say, Germany. Something like one-sixth of all our 
workforce changes locations in a given year.
    And as we said earlier, that ability to take your 
reputation with you, to be able to get credit for a house, to 
get credit for a car, or to get credit for shopping and so on 
is just a powerful part of what makes this American economy so 
fluid and work so well.
    Senator Johnson. Thank you, Mr. Secretary.
    Chairman Shelby. Senator Crapo.

                 COMMENTS OF SENATOR MIKE CRAPO

    Senator Crapo. Thank you very much, Mr. Chairman. I too 
want to thank you for holding these hearings.
    Secretary Snow, I want to follow up on one of the answers 
that you gave to Senator Sarbanes when he went through the list 
of issues that we should be considering here. One of them was 
the privacy issue. I think that raises the whole question of 
whether the Committee should get into the issue of Gramm-Leach-
Bliley and the privacy provisions that we deal with there. 
There is a debate as to whether there should be an opt in 
proposal or an opt out proposal adopted with regard to the 
sharing of citizens information.
    And it is my understanding that the Administration has not 
proposed that we get into that issue. I would like to clarify 
that and find out, if not, why the Administration does not 
believe that we should get into that issue at this time.
    Secretary Snow. Because I think it is premature at this 
time, Senator. That legislation is almost brand new. It is just 
being implemented. We are just figuring out how it really works 
and getting acquainted with the ins and outs of Gramm-Leach-
Bliley, and the experiment, in effect, that it put in place.
    The experiment that you put in place with the FCRA has had 
a lot more experience under it, and I think it is an experiment 
that has clearly proven successful. We know that the results of 
this experiment are really superb, terrific. And with some 
changes that we are recommending, we think that it should 
continue.
    I do not think we are in that position with Gramm-Leach-
Bliley yet. That experiment is too new, too young. I would urge 
that we give that more time, learn more from the experience 
under Gramm-Leach-Bliley and return to that at some time in the 
future, but not now.
    Senator Crapo. I have in front of me a letter from a number 
of the financial and consumer institutions in Idaho who make 
the point, from their point of view, that we need to have a 
much more readily, comprehensible, and simply executed national 
privacy notice of system, so that people can understand what is 
being done with private, financial, medical, and other records 
about them and they can have an ability to control how that 
information is utilized.
    I want to be sure that I understand your testimony. You are 
saying that you think that the issue is not ripe, but not that 
the issue is not one we should approach; is that correct?
    Secretary Snow. Exactly. I think now we should focus on 
extending the Fair Credit Reporting Act with some of the 
modifications that have been talked about, and at the same 
time, obviously there are concerns along the lines you are 
suggesting. I understand that the regulators are working right 
now: That is, the financial regulators, at improving those 
notices. It is a matter of simplifying those notices to make 
them easier to understand and giving the consumers a better 
sense of what their rights are.
    While it is an issue that needs some attention, I think 
right now, from our point of view, the priority is on 
reauthorizing these national standards and making sure they 
stay in place.
    Senator Crapo. Thank you very much, Mr. Secretary. I think, 
like most Americans who receive these privacy notices in the 
mail, I do not know if very many people read them, I, because I 
sit on the Committee and have a responsibility in this area, 
actually read every privacy notice that I have an opportunity 
to look at, and I have concluded that they are either 
incomprehensible or unbelievably simplistic.
    I mean, they seem to go from one end of the scale to the 
other, but I do not believe they are accomplishing what we need 
with our citizens in the United States, in terms of their 
ability to understand their rights and to define what the 
rights of Americans are with regard to financial information 
that is maintained about them.
    I think we need to address this issue, and I would 
appreciate the opportunity to work with you on this as we move 
forward.
    Secretary Snow. Thank you, Senator Crapo.
    Senator Crapo. Thank you.
    Chairman Shelby. Senator Carper.

              COMMENTS OF SENATOR THOMAS R. CARPER

    Senator Carper. Senator Crapo and I actually were talking 
about this subject in the last week, and I am glad he has 
raised it here today. I do not know that it is possible to ever 
have a notice from a financial services institution that was 
almost as simple to read and understand as, say, the ability to 
change your mailing address, but it sure would beat some of the 
language I have tried to wade through myself. I take my hat off 
to you if you read all of those. God bless you.
    [Laughter.]
    I am glad you raised the issue, and, Mr. Secretary, I am 
glad that you were able to let us know from your perspective 
that you think the issue may not be ripe yet, but it is one 
that I am interested in returning to, and I am pleased Senator 
Crapo is as well.
    Have you ever known anybody in your own family or personal 
friend whose identity was stolen?
    Secretary Snow. Yes, I have.
    Senator Carper. Anybody in your own family?
    Secretary Snow. No, but close friends.
    Senator Carper. We have a niece down in North Carolina 
whose identity was stolen a couple of years ago. She is 
recently out of college, and I think you described the 
situation and the experience as hellish. That is a good 
description for her and for her family.
    In looking at the experience, and the reason I think why 
there has been a rise in the prevalence of identity theft, a 
couple of reasons; one is that it is pretty easy to do. Two, it 
is fairly lucrative. Three, people who perpetrate these crimes 
are not easily caught. And four, if you look at the penalties 
that people pay for putting a lot of people through a hellish 
experience, the penalties are fairly light.
    And I just want to ask you to walk us through the 
Administration's proposal on this front and describe for us 
again how it makes identity theft harder to do, how it would 
make it less lucrative, how it would enable us to more easily 
catch those who perpetrate these crimes, and how would it 
stiffen the penalties for those when we catch them?
    Secretary Snow. Senator, our recommendations touch a number 
of those matters that you raise.
    First, we would recommend establishing, I guess, for want 
of a better term, we would call it a national security alert 
system.
    Senator Carper. How would that work? Put this in a 
practical sense. How would it work? Use a real-life example, if 
you will.
    Secretary Snow. You have been victimized. All right. You 
think you have been victimized. You can, under our proposal, go 
to the financial institution and, in effect, put a red flag on 
that. You can tell them I do not want you sharing any more of 
my information with anybody, and the way you do this is you go 
to an authorized agency of the State government and get what 
would be tantamount, I guess, to a police report that says you 
have filed a report.
    Now, I think to keep the system honest and fair, you have 
to hold people who would get that police report to a standard 
of perjury if they are simply making false statements. But once 
they get that government document, probably a number of some 
kind, the financial institution would be precluded from 
continuing to send that information around, and that would help 
the individual put a stop to his identity being used by others.
    And we would also require that once an identity theft had 
been identified, the banking institutions would be required and 
the CRA's would be required to broadcast that out broadly so 
that everybody would know about it.
    We also think that the banks can do a better job on this, 
and we would have the banking regulators require them to take 
more responsibility for putting in place the capacity to deal 
with identity theft, with fines and penalties for not doing so.
    There are telltale signs.
    Senator Carper. Would you elaborate on that for just a 
moment please, what you just said.
    Secretary Snow. We would recommend that the CRA be amended 
so that banking regulators be required to coordinate with each 
other and develop what you might want to call a system of red 
flags, indicators of identity theft, and there are patterns to 
identity theft, and share these with other regulators so that 
the banking regulators, as a whole, become united in their 
effort to deal with identity theft.
    They become more deeply engaged in the question, in that 
issue of identity theft. They watch for the patterns that the 
identity thieves employ and put up these red flags. Now, the 
red flag would be an indicator that here is the likelihood in 
this instance that somebody is trying to steal your identity.
    And we would ask that the legislation include a requirement 
that the regulators, when they do their audits of the banks, 
look at the question whether the banks are actually doing what 
they are required to do, what the legislation directs them to 
do, with respect to engaging, through this system of red flags 
and watching for patterns of identity theft. Just as they do 
audits of their capital ratios, they do audits of their 
identity theft engagement so that we bring this whole issue to 
a much higher level--put a much higher profile on this--and 
engage the consumers, engage the banking institutions, and 
engage the regulators in dealing with this issue.
    Also, we would seek to protect the interests of the victim 
of identity theft by precluding the sale or the transfer of 
identity theft debt. What happens today is somebody sees a red 
flag. There may be an identity theft with respect to some 
individual. They want to make sure they get as much money out 
of that debt obligation as they can, so they go and sell that 
obligation.
    What we would suggest doing is precluding, where there is 
evidence--reasonable evidence--to suggest identity has 
occurred, the sale or the transfer of that obligation. Once 
that obligation gets sold, that information is repolluting the 
whole stream of information that is relied on to establish 
people's credit, your bad debt moves through the system and 
continues to register to make you less worthy of credit.
    Senator Carper. Thanks, Mr. Secretary.
    Chairman Shelby. Senator Dole.

               COMMENTS OF SENATOR ELIZABETH DOLE

    Senator Dole. Mr. Secretary, let me ask you a bit about the 
Department's view of the House legislation, and I want to 
follow up on one of Senator Johnson's questions here. As you 
said, our credit system is based on a voluntary reporting 
system in which the furnishers best interest is to report 
information to the credit bureaus. How do you view the duties 
that have been imposed on the furnishers in the House bill? 
Could any of these jeopardize the willingness of furnishers to 
provide information to the system?
    Secretary Snow. Senator, we broadly support the House bill, 
but there are some provisions that do add some burdens that we 
would like to understand better before we embrace them fully 
because of just the issue you raise. We are concerned that we 
have got to get this balance right.
    As you put more burdens on furnishers, you may improve 
accuracy, you may help protect privacy, you may help security, 
but you also may cause the furnishers to withdraw from the 
system or be reluctant to be in it. Getting that balance right 
is really important.
    Senator Dole. Well, there are a number of duties imposed on 
furnishers.
    Secretary Snow. There are indeed.
    Senator Dole. The House accepted an amendment which allows 
consumers to go directly to a furnisher to dispute what they 
believe to be incorrect information on their credit report. 
Does Treasury have a position on that language?
    Secretary Snow. We are still looking at that. There may be 
some merit in that approach, and we are still reviewing that 
question.
    Senator Dole. The 1996 Amendments to the Fair Credit 
Reporting Act gave credit bureaus the ability to dismiss 
consumer disputes that they deemed to be frivolous. Now, if 
Congress decides to allow consumers to register disputes 
directly with furnishers, should we give furnishers the same 
ability to dismiss frivolous suits or claims?
    Secretary Snow. That is again one of those matters that we 
want to understand better.
    Senator Dole. I would like to follow up with some questions 
to be answered in the record.
    Chairman Shelby. Absolutely.
    Senator Dole. Does the Treasury support the provisions in 
the House bill which require the disclosure of the factors used 
to develop credit scores----
    Secretary Snow. Yes, we do.
    Senator Dole. --but still allow for a reasonable fee to be 
paid to receive the credit score?
    Secretary Snow. Yes, we do.
    Senator Dole. Thank you, Mr. Chairman.
    Chairman Shelby. Senator Corzine.

               COMMENTS OF SENATOR JON S. CORZINE

    Senator Corzine. Thank you, Mr. Chairman, and welcome, Mr. 
Secretary.
    Let me go at a little bit of this view on free credit 
reports upon request, which I think having the consumer 
informed about what their credit standing is, is probably one 
of the great checks and balances to identity theft, to mistaken 
information--some check and balance against how information is 
put together.
    Why are we resistant to the idea of it not being a more 
regularized report to a consumer, so every individual would 
have, say, once a year, look at what is going on in their 
credit report, particularly why do we not ask for credit 
reports to be made available to consumers in situations where 
there has been invasion into their consumer activities and 
identity theft situations, so it can be cleaned up.
    When you have one of these situations occur, all of us have 
either had friends, family, or situations that this has 
occurred, it is extremely expensive. I do not need to go into 
the detail.
    Why, upon request, as opposed to a periodic review of one's 
credit information so that you are not surprised when you go 
off to the bank and apply for a mortgage, and they tell you are 
subprime, and you had no idea?
    Secretary Snow. Well, Senator, I think today you can get 
access, free access.
    Senator Corzine. Upon request.
    Secretary Snow. Upon request, in the case of identity theft 
or various other circumstances, such as being turned down for 
credit and so on, adverse events.
    But what we are proposing is that at least once a year you 
can get it free.
    Senator Corzine. If you are aware that there is that 
potential, if you are aware that these things in the whole 
financial----
    Secretary Snow. Well, just if you want it, though.
    Senator Corzine. Right.
    Secretary Snow. Just if you want it, you are able to get it 
once a year. If there is an adverse event, then you can get it 
today free, and we would add one more adverse event, and that 
is applying for credit and getting the credit, but getting it 
on terms that are less advantageous than what you applied for. 
You apply for the home mortgage loan at X percent, and you get 
X plus 1, you can get a free report from the credit reporting 
agency telling you what lay behind that decision.
    Senator Corzine. I think what I am asking, though, is a 
simple thing. Why are we making it the requirement of the 
consumer to request, as opposed to have this be a periodic 
requirement, the agencies to report to the consumer, so you 
could actually plan. It is fine that you just got turned down 
or you got an extra 2 percent on your mortgage, why are 
individuals required to actually go through the system to come 
to look at the credit officer to have you tell them that, as 
opposed to planning for what your life is about?
    I think, in the financial world, people have credit rating 
agencies label them AAA, AA. People know what their credit 
standing is so that they can make plans and considerations for 
how they are going to approach credit markets.
    Secretary Snow. Senator, I think the basic answer is people 
should get those reports if they want them. These reports, I am 
told, are dozens of pages. If you do not want the reports, you 
are probably not going to put it to much use, but a burden is 
imposed on the credit reporting agencies sending out 100 
million plus reports a year, whether the consumer wants it or 
not, and I underline wants it or not. This could be enormously 
expensive and serve no purpose, since most of them would be 
thrown in the trash can.
    The ``upon request'' is to get some sense of the user's 
interest in the report, rather than engaging in what otherwise 
could be costly and useless acts.
    Senator Corzine. Have there been surveys that would confirm 
your view that the consumer would think this was useless and 
automatically be a round file in the wastebasket or is that a 
presumption?
    Secretary Snow. I think if they want the report that they 
will request it. The best evidence of people's desire for 
something is the fact that they indicate an interest in it. We 
are providing an opportunity for people to request. A lot of 
people I think would not be all that happy to get these reports 
sent to them--just something else they have got to go through 
and then throw out. If they want it, they can get it.
    Senator Corzine. I guess I understand your reasoning, not 
necessarily agree.
    Secretary Snow. Thank you.
    Chairman Shelby. Mr. Secretary, before I call on Senator 
Bunning, I just want to--you did say, as I understood it to a 
question earlier, that you were in favor of the Administration 
being in favor of making it easier and educating the public on 
their ability to get a credit report. In other words, most 
people do not know that.
    Secretary Snow. Right. Absolutely. Very much so. I said 
that absolutely in our response to your questions.
    Chairman Shelby. If they thought they needed one and make 
it accessible to them.
    Secretary Snow. Yes. We need to do a better job on this.
    Chairman Shelby. Absolutely.
    Secretary Snow. I agree with you.
    Chairman Shelby. Senator Bunning.

                COMMENTS OF SENATOR JIM BUNNING

    Senator Bunning. Thank you, Mr. Chairman.
    Mr. Secretary, thank you for being here. This is a little 
off the subject of FCRA, but I think I would be remiss if I did 
not take advantage of your presence here to ask a question that 
is of great importance to my State of Kentucky. The IRS 
recently issued IRS Revenue Announcement 2003-46, which 
effectively separates private letter rulings regarding Section 
29 Tax Credits for solid coal-based synthetic fuels.
    This announcement threatens to revoke more than 80 
previously issued Section 29 letter rulings. Taxpayers, 
including many Kentucky coal companies, have invested hundreds 
of millions of dollars in reliance on these rulings. The IRS 
action has created massive uncertainty, making it impossible 
for taxpayers to earn back their investments they made in 
reliance on this law.
    How does the IRS plan to proceed with this announcement and 
will the IRS lift its moratorium on rulings so that taxpayers 
will be able to use credits as provided by the law?
    Secretary Snow. Senator, my understanding on this issue you 
have raised is that the IRS is looking into the question 
whether the tax credits are being properly applied. I am not an 
expert on these particular tax credits, but some questions have 
been raised as to whether the companies who are using the tax 
credits are actually engaged in the activity that would justify 
the use of those credits, and the IRS has simply, they have not 
come to a conclusion, said they are going to do an 
investigation of that.
    Senator Bunning. Well, I am going to follow up with a 
written question on this so that I can get a much more thorough 
answer from the Department of the Treasury on this because it 
is very important to presently 80 previous letters that were 
issued and 46 more. We are talking about 126 companies that are 
being affected by this ruling.
    The thing that I am most concerned with on Fair Credit 
Reporting is how long it takes victims of identity theft to 
clean up their records.
    I mean, we have heard horrendous stories about a year, 2 
years, and they are still not out of the woods, and I do not 
know if all of the red flags that you talked about are going to 
get them back their good credit rating quicker, but we have to 
do something in this bill that says, by the way, you are a 
victim, and therefore you should not be suffering for 2 years 
because someone stole your identity.
    We have to put something in this bill that will allow the 
victim to get their Fair Credit Report back in 100 percent what 
it was before the theft. Does the Administration feel that this 
is a major problem currently or does it not?
    Secretary Snow. No, Senator, we agree with you 100 percent. 
We would like to obviously make it more difficult at the 
inception for a thief to steal.
    Senator Bunning. I understand that.
    Secretary Snow. But we also agree with your point we would 
like to make it easier to get those records fixed, get those 
records corrected as soon as possible, and restore the identity 
and take people out of this hellish situation where they have 
got to prove their own identity. And we have done some things 
that we think try and get at that issue. Certainly, we are open 
to do other things, and others have good ideas as well, and I 
agree with you.
    I think this is one of the most miserable situations that 
human beings can find themselves in--to know that you are you, 
and nobody else believes you are you, and how do you prove you 
are you?
    Senator Bunning. Well, particularly the financial 
institution you may be dealing with for quite a while.
    Secretary Snow. That is right.
    Senator Bunning. And others.
    Last, but not least, and my time is running out, I think we 
need much more stringent penalties on those who commit identity 
theft. Does the Administration also feel this way?
    Secretary Snow. Senator, yes. I think anything that 
discourages identity theft raises the bar on people who engage 
in identity theft and certainly should be looked at. I agree.
    Senator Bunning. Thank you very much.
    Chairman Shelby. Mr. Secretary, before I call on Senator 
Schumer, I just want to associate myself with the remarks of 
Senator Bunning regarding Section 29. He referenced his State 
of Kentucky, and so many people have been depending on what 
they heard from the Treasury. In my State of Alabama, we are 
also a big coal producer like they are, and we shared the same 
problems, so I want to join with Senator Bunning in addressing 
that problem that he posed to you.
    Senator Bennett. We mine coal in Utah, too, Mr. Chairman.
    Chairman Shelby. Absolutely. Same thing, I suppose.
    [Laughter.]
    Big time out there.
    Secretary Snow. And Maryland has got a little coal as well, 
I know.
    [Laughter.]
    Chairman Shelby. So everybody.
    Senator Schumer, I do not know if you mine coal, but we are 
going to recognize you.
    Senator Schumer. No, we do not have any coal in New York, 
to my knowledge. We have a lot of it, but it is all imported 
from Kentucky, Utah, and Alabama.
    Anyway, I want to thank you, Mr. Chairman. Once again, you 
are on the money, so to speak, with an excellent hearing, and 
you are moving along this Committee in a great way, and I think 
we all appreciate it. And I want to thank you, Mr. Secretary, 
for being here. This is the first time you are here, and we all 
have a whole lot of questions.
    I want to ask on an area which we have sent some 
correspondence to you, and that is the relationship of trade 
with China, particularly the value of the Chinese currency, the 
yuan, and the impact on our job base.
    As you know, 2 weeks ago, Senators Dole and Lindsey Graham, 
myself, and Senator Bayh wrote to you on the subject. I know 
you understand our concern. And you seem to be taking a little 
more of a stand on this issue lately, but we still have not 
heard a firm position from you or the Treasury on whether 
China's currency is, in fact, undervalued. So I want to ask you 
the question directly. Do you and does Treasury believe that 
presently the Chinese currency, the yuan, is undervalued vis-a-
vis the dollar?
    Secretary Snow. Senator, that is the subject of the review 
under the 1988 Trade Act that we are engaged in looking at 
right now. I do not want to make a premature judgment on that. 
Certainly, some economists who studied the matter have reached 
that conclusion, and others say it is more of an open question. 
I, frankly, do not have a firm view on that at this point.
    But, what I do have a firm view on, though, is that we 
should encourage that the Chinese, I mean, and we will turn to 
Japan in a second, we should encourage them, in the reports 
that they are looking at widening the band on the yuan.
    Senator Schumer. But why should they not just let the 
currency float? Let me just, first, I have to tell you I am 
disappointed that you do not have a view, and that we are going 
to wait until a report comes out in October. Every day, every 
one of us hear from our States of jobs, manufacturing, and 
otherwise going to China.
    Some of that is on the basis of free trade, but much of it, 
a good deal of it is because the Chinese have unfairly pegged 
their currency to the dollar at too low a rate, and not just of 
some economists, but most economists I talked to, and I have 
talked to a wide range, Democrat, Republican, liberal, and 
conservative, who believe that it is undervalued. The only 
question is how much? Is it 15 percent? Is it 40 percent?
    And I do not think, as we lose jobs every day, we can 
afford until October, and then the report will come out, and 
then you will study it, and it may not be until next year that 
the Treasury even begins to take a position on this key issue.
    And I have to tell you, as somebody who has been a free 
trader--I lost the AFL-CIO endorsement when I was in the House 
for a while--free trade is losing ground in this Congress like 
a sinking stone. When you hear that Intel, IBM, and Goldman 
Sachs planned to move high-end jobs to China and India, what is 
going to be left here, restaurants? I mean, the manufacturing 
jobs are going, the agricultural jobs are going.
    I have to say, with all due respect, I do not think it is 
adequate for you to wait until October, and at least myself and 
others are going to push the President and the Treasury not 
only to come out with a position, this is even before a 
position, but also not to be so coy with the Chinese. You know, 
the Chinese want to be included in the family of Nations when 
it benefits them, and they do not live up to their 
responsibilities.
    This is not a small little country that needs to peg 
something to the dollar. Their currency should float like 
everybody's. What is the theoretical objection to having their 
currency float and determine, even if you do not know if it is 
undervalued or not, the best way to do that is to let it float. 
And what are we doing to get the Chinese to do that?
    Secretary Snow. Well, Senator, as I indicated to you 
earlier, we are encouraged by the reports that are coming out 
of China that they are looking at employing a more flexible 
exchange rate regime. They are to be encouraged in that. But 
this is an extraordinarily complex matter. You probably are 
aware of the banking problems and the Chinese economy. You are 
probably aware of concerns about overvalued assets on the books 
of the banks.
    You are probably aware, Senator, of the capital controls 
that are in place, and you are probably aware of concerns that 
many economists have, and many China hands have, that if you 
moved too rapidly in the direction of freely floating exchange 
rates with the removal of capital controls, which of course go 
hand in hand, as you would know, that you would have a huge 
exodus of yuan into euros and into dollars, and of course you 
know that that would drive up the value of the dollar versus 
the yuan and drive up the value of the euro versus the yuan.
    So this is a very complex question. I think we should 
encourage them to move in the direction they seem to be going. 
I think we should also have some appreciation and understanding 
of the real complexity of this matter and the need to approach 
it in a really thoughtful manner.
    Senator Schumer. I have to tell you, sir, to the tens of 
thousands, hundreds of thousands, millions of Americans who 
have lost jobs and who we or you ask us to say, well, free 
trade benefits everybody, to say let us be patient, when the 
yuan has been pegged at an artificial rate for a long time, is 
not much consolation.
    Furthermore, there is probably manipulation here. You are 
saying undoing the manipulation may have bad consequences, but 
let me just quote Chairman Greenspan. He says, ``If China's 
exchange rate is significantly undervalued, and indeed a 
reflection of that would be their [China's] accumulation of 
dollar assets. The accumulation of dollar assets will expand 
their money supply to the point that it will create problems in 
monetary policy, and it will be to their interest to change.''
    So that undercuts the argument you are making. He basically 
says that it is in their interests to even have some of the 
consequences. Now, maybe you cannot do it all at once, but when 
do we expect Treasury action on this? The report is coming out 
in October. Do you think we have manipulation of the currency 
by China?
    Secretary Snow. Senator, you read the quote from Chairman 
Greenspan, and it began with ``if.''
    Senator Schumer. Yes.
    Secretary Snow. ``If.''
    Senator Schumer. Well, what is your view?
    Secretary Snow. The ``if '' is what needs to be understood 
better. That is the question.
    Senator Schumer. Well, what is your view?
    Secretary Snow. And the Chairman was very careful in the 
words he chose there.
    Senator Schumer. Yes, he is always careful. I have talked 
to him.
    Secretary Snow. He said, ``If.''
    Senator Schumer. What is your view? Is China manipulating 
its currency?
    Secretary Snow. Well, I think if the Chairman felt he knew 
the answer to that question, he would not have used the ``if.''
    Senator Schumer. But I would like to know your view.
    Secretary Snow. I have an ``if '' as well.
    Senator Schumer. Well, I do not think these answers are 
satisfactory, with all due respect, sir. We are going to lose 
not just jobs, you are going to lose, my guess is, a free trade 
consensus in this Congress very, very rapidly, and this is a 
proeconomic, profree trade way to restore some of the imbalance 
because this is an unfair part of the imbalance, and I do not 
think your patience with this, with all due respect, is shared 
by Members on both sides of the aisle in this Committee and 
elsewhere.
    Secretary Snow. Senator, when we report to you in October, 
which is only a couple of months away, we really want to know 
the facts. We want to give you a thoughtful, well-considered, 
and analytically sound answer to the question, the question 
that the Chairman aptly notes is an ``if.''
    We have to pay careful attention to this issue, though, of 
manufacturing, the whole problem of currency manipulations or 
the problem of undervalued currencies, to the whole question of 
countries promoting their export sectors at the expense of the 
world trade system. It is not really in their interest to do 
so. No country has ever devalued itself to prosperity, and the 
issues the Chairman raised, and the issues I have talked to him 
about in that same vein are important. They are critically 
important issues. And there is the potential for an imbalance 
in the whole trading system if countries build up excessively 
large reserves because they are suppressing the value of their 
currency.
    We are in full agreement. We recognize the issue. We want 
to come back and have a dialogue with you and with our friends 
in China on this question. And if, in fact, the yuan is being 
held at a considerably lower than market value, then it is not 
in their long-term interests, and we want to have that dialogue 
with them.
    I do think, though, we have to recognize that some of the 
loss of manufacturing is due to a variety of other things. I 
think you would acknowledge that. There has been a long-term 
downward trend in manufacturing in the United States over the 
last 50 years. A part of that is due to rising productivity 
itself in the manufacturing sector. Part of it is due to the 
rise of technology. A lot of it is due to domestic competition.
    The whole question of manufacturing, and its role in our 
economy, and where it is going, and what can be done to assist 
it are serious issues that Secretary Evans is engaged in, that 
I am engaged in, and that we hope to come back and put in 
better perspective for the Congress.
    Senator Schumer. Thank you, Mr. Secretary.
    Chairman Shelby. Senator Dole.
    Senator Dole. Mr. Chairman, I just want to associate myself 
with the comments of Senator Schumer. Because no question about 
it, our textile industry in North Carolina has been decimated, 
and I do believe that time is of the essence, Mr. Secretary, 
and that, yes, there are a number of causes, but certainly 
Chinese currency manipulation is something we must move on. I 
do not think we can wait. And also I recalled the comments of 
Chuck Hayes, who passed away about a year ago, he was head of 
the Textile Institute in North Carolina, head of one of the top 
companies, which has gone down.
    He said, if the transshipments from China--or he did not 
mention China, specifically, but we know that is where most of 
them are coming from--these illegal transshipments had been 
half what they had been, then our textile industry would be 
thriving in North Carolina, and of course it has been 
decimated.
    So a number of these issues go back to the Chinese, and I 
just want to associate myself with the comments that you have 
made today and hope that we can get some speedier action on 
this.
    Chairman Shelby. Thank you, Senator Dole.
    Senator Sarbanes.
    Senator Sarbanes. Just to close out this issue. Obviously, 
it is a matter of very deep concern here in the Congress.
    Senators Levin and Voinovich are also addressing Japanese 
manipulation of currency. The Government of Japan intervened in 
foreign exchange markets 24 times in the month of May alone, 
spending $43 billion in order to keep the yen weak against the 
U.S. dollar. In effect, this amounts to a Government subsidy of 
its major exports. So the issue runs not only to China, but to 
Japan as well, and I share the concern my colleagues have 
expressed and the need for the Treasury to act on it now, 
promptly.
    In any event, it is very clear that this hearing that the 
Chairman has indicated is going to be held after you prepare 
your report, is going to be a very, very important hearing 
because, obviously, at that point, you are not going to be able 
to sit at the table and say, well, we have not finished our 
study yet.
    But I think this situation is urgent enough that you need 
to be doing things in the interim. It seems pretty clear we are 
being taken advantage of, in terms of the rules of 
international fair trade.
    Secretary Snow. Senator, as I indicated earlier, we have 
indicated that we are encouraged by the fact that the Chinese, 
very high levels of their Government, have indicated an 
interest in widening the peg, widening the ban, and we are 
encouraging them to do so.
    We are also encouraging them to think about, though, the 
financial infrastructure of the country, so that as they move 
in that 
direction, there are parallel developments with respect to the 
banking system and capital controls, and so on.
    Of course, it is I guess worth noting that during the 
period of the Asia currency crisis, where there was so much 
concern about stability, and contagion and all of those issues, 
the Chinese maintained the peg, and of course that had the 
effect of, at a time when all of the other currencies were 
falling, of making their currency more valuable, since it is 
tied to the dollar, and the dollar sustained its value.
    So these, again, I come back to the fact we recognize there 
is an issue here. It needs to be addressed. We are addressing 
it. We are encouraged by some developments. We would like to 
encourage further developments, and we will be having a 
dialogue on this subject and are having a dialogue on this 
subject, a dialogue that is probably best conducted with the 
parties directly, though.
    Senator Schumer. Mr. Chairman.
    Chairman Shelby. Sure. Go ahead, Senator.
    Senator Schumer. Thank you.
    I would just like to follow up briefly because it is an 
issue that concerns a good number of us on both sides----
    Chairman Shelby. All of us----
    Senator Schumer. --both sides of the aisle here.
    First, here is the United States' position right now--this 
comes from the last time this report was issued, Treasury's 
Report to Congress on International Economic and Exchange Rate 
Policy, dated May 3, 2002--``No major trading partner of the 
United States manipulated exchange rates under the terms of 
Section 3004 of the Act during the period July 1, 2002, through 
December 31, 2002.''
    Right now, our position is that there is not currency 
manipulation. Now, you say, well, that is not now, it is then, 
but the yuan was still pegged at that time.
    Second, I am just going to ask three quick questions and 
ask your comments. This is the first one. Is that still our 
official position? Do we have to wait until October to say? 
Because the Chinese were given a clean bill of health.
    Two, Greenspan said, yes, if they were manipulating the 
currency, there was an ``if,'' but he said that, then, their 
money supply would accumulate, that that would be an 
indication, and we know that China's reserves are going up, up, 
up. I think the IMF estimated them at $350 billion, China's 
reserves. This is as clear as the nose on your face that it is 
an example of currency manipulation, and at the same time, we 
are saying, no. And I would just add to you one of the reasons 
the Chinese financial system is messed up is because they have 
pegged their currency. It is not unpegging it that will mess it 
up, it is that they have pegged it, and that has messed it up, 
and that is what happened.
    And three, I would ask you this: Is there any indication, 
other than verbiage, because I have been through this with the 
Chinese and the Japanese on trade before, we get 5 years of 
verbiage before you get a single bit of action.
    And this idea of ``leave it to the big boys'' to just 
discuss this quietly? Not me. I have had it that way. I left it 
to the big boys to open up Japanese financial markets for 5 
years, nothing happened. I started raising my voice, and within 
6 months, New York firms were allowed on the Japanese stock 
exchange. So, I learned it the hard way, and I am not going to 
be fooled again.
    Have the Chinese done one single thing that changes what 
their currency is or have they just said they might explore it?
    So those are the three questions. I apologize for being 
excited about this, but when I read last week that Goldman 
Sachs was moving 2,500 jobs, not low-end jobs, high-end jobs, 
and Intel said they can get an engineer in India for $5,000, 
not $60,000, here in America, what is going to be left here? 
This is something we have to act on quickly. I apologize.
    Secretary Snow. Good, Senator. I understand what lies 
behind this line of questioning and am in deep sympathy with 
what motivates it by you, and by Senator Dole, and really by 
the whole Committee.
    You know where this Administration is. We favor fairly 
fluctuating exchange rates. We think they work better. We think 
they make the international trading system better, and we think 
they add to the stability of the whole global monetary system.
    Senator Schumer. Have we ever asked the Chinese to change? 
We always talk about this in, excuse me, in broad terms. We 
generally favor floating rates, and then when it comes, and you 
are asked, ``What are you doing about China,'' or even ``Should 
China change?'' we go back to the ``generally we believe in.'' 
That is not going to get us anywhere.
    Secretary Snow. Well, Senator, as you know as well or 
better than I, the decision, with respect to the currency 
regime that a country adopts, is a sovereign decision. The 
United States cannot dictate to another country what currency 
regime they employ.
    I think, though, we can have a good dialogue with them, and 
the circumstances are a little different now. Those foreign 
reserves are at much higher levels than they were when that 
prior report was written.
    And as Chairman Greenspan so well stated, it is really not 
in a country's long-term interest to acquire a disproportionate 
amount of foreign reserves because that is capital. That is 
capital that could go into the domestic economy.
    And we are very strongly of the view that countries cannot 
devalue their way to prosperity. They have to develop their 
domestic economies, and taking capital out of your economic 
system and putting it into owning foreign reserves over 
somewhere does little to develop the domestic economy.
    I believe we are in a heated agreement here.
    Chairman Shelby. We hope so.
    [Laughter.]
    Mr. Secretary, we do look forward, again, to your October 
meeting. And I will tell you this, that meeting here will be 
well attended, not only by the press of the world, but by the 
Committee Members because we all are concerned--Senator Dole, 
Senator Schumer, I guess just about all of them are concerned 
about what is going on.
    Secretary Snow. Thank you, Mr. Chairman.
    Chairman Shelby. Mr. Secretary, we want to thank you for 
your appearance today and look forward to your next one in 
October.
    Secretary Snow. Thank you very much.
    Chairman Shelby. Thank you.
    We will now go to our second panel, and they have been very 
patient here. Mr. Edmund Mierzwinski, Consumer Program 
Director, U.S. Public Interest Research Group, and Mr. Michael 
McEneney, on behalf of the U.S. Chamber of Commerce; is that 
right?
    Mr. McEneney. McEneney.
    Chairman Shelby. McEneney.
    In the interest of time, gentlemen, your written statements 
will be made part of the record. I am hoping you will sum up 
your basic points as quickly as possible. We will start with 
you.

                STATEMENT OF MICHAEL F. McENENEY

            PARTNER, SIDLEY AUSTIN BROWN & WOOD, LLP

           ON BEHALF OF THE U.S. CHAMBER OF COMMERCE

    Mr. McEneney. Good morning, Mr. Chairman, Senator Sarbanes, 
and Members of the Committee. My name is Mike McEneney, and I 
am a Partner at the law firm of Sidley Austin Brown and Wood. I 
am pleased to have the opportunity to appear before you today 
on behalf of the U.S. Chamber of Commerce. I would like to 
commend the Members of the Committee for their work in 
examining key aspects of the FCRA.
    The FCRA and its national uniform standards have provided a 
robust framework for the most advanced consumer credit and 
insurance markets in the world. Indeed, the benefits of the 
FCRA were highlighted in a recent Information Policy Institute 
study which found that the national uniform standards 
established by the FCRA have contributed significantly to the 
consumer benefits of the current credit marketplace. The study 
concluded that the loss of the existing framework of uniformity 
would threaten the current consumer benefits and that 
Congressional action is necessary to ensure the continuity of 
our national standards.
    The national standards established by the FCRA are also an 
important component of protecting the security of consumers' 
personal information. For example, the national uniform 
provisions under the FCRA ensure that financial institutions 
can have access to reliable credit report information for 
identify verification and other identity theft prevention 
measures. Although renewal of the FCRA's national uniform 
standards is an important step, we believe that more can be 
done.
    For example, this Committee has heard testimony 
highlighting the issues of identity theft and consumer 
education. The Chamber strongly supports efforts to address 
these important issues and looks forward to working with the 
Committee to achieve these goals.
    With respect to identity theft, we believe there is a 
common theme that may be helpful in guiding considerations of 
provisions to combat the problem. In particular, the methods 
used to address potential identity theft scenarios should be 
flexible, allowing companies to utilize the most efficient 
means to thwart identity thieves. Such an approach would rely 
on the obvious fact that a one-size-fits-all approach may not 
work for all companies. For example, the red flags presented by 
identity thieves will invariably change over time, and the 
tools used to combat identity thieves should change as well. We 
hope this theme could be further explored as part of the 
Committee's deliberations.
    Another topic that has been raised is the important issue 
of a consumer's ability to access his or her credit report. The 
Chamber welcomes consideration of how to make credit reports 
more available to consumers. We believe, however, that this 
issue requires careful study before next steps are taken. In 
particular, there should be a full examination of the costs 
associated with additional free reports in order to ensure that 
there are no unintended consequences, particularly for 
consumers.
    Moreover, if consumers are given access to their credit 
reports free of charge, the frequency and volume of demand for 
free reports will be difficult, if not impossible, to predict 
since a widely circulated press report or e-mail could drive 
extremely high volumes of demand in short periods of time. 
Given such inherent unpredictability, it is unclear how credit 
bureaus would be in a position to adequately manage this 
problem. For example, even the most basic issues, like 
establishing adequate staffing levels, are difficult to address 
when you cannot predict the volume of demand.
    The Chamber also encourages the Committee to consider 
legislation that would make it clear that companies can conduct 
investigations of wrongdoing in the workplace without the 
inappropriate application of the FCRA. Because of the 
difficulties in conducting an investigation while complying 
with the FCRA's requirements, the FTC's interpretation on this 
issue deters employers from using experienced and objective 
outside organizations to investigate workplace misconduct. The 
FTC interpretation I am referring to here is one that would 
actually cause an accounting firm or a law firm that is hired 
by a company to help in investigating workplace misconduct, 
that accounting firm or law firm, by reporting the results back 
to the employer under this FTC interpretation, might actually 
become a consumer reporting agency; and the Chamber urges 
amendments to the FCRA to make it clear that that is not the 
case.
    Before concluding, I would like to just briefly address 
certain issues that have come up in the context of affiliate 
sharing.
    First, I have heard it mentioned that perhaps affiliated 
entities might be establishing their own credit bureaus and 
operating free from the scope of the FCRA. Actually, that 
cannot happen. If affiliated entities were to establish a 
credit bureau and, for example, sell information to third 
parties the way that credit bureaus do, they would be subject 
to the full range of provisions of the FCRA, and they would be 
regulated as a credit bureau would be.
    Second, in my experience, affiliated entities have no 
desire to set up credit bureaus within their affiliated 
families, and there are significant limitations on their 
ability to do so, I would add. For example, they only see part 
of the picture with respect to a particular individual's credit 
history or financial experience because they do not see the 
experience that others have at other organizations. They do not 
see the public record information that can be vital to making 
credit decisions.
    The real purpose of affiliate sharing is to know enough 
about your customers to give your customers what they want. And 
the real purpose of the affiliate sharing exercise is to expand 
or enhance customer relationships, not limit them, not to use 
the information to deny people credit, or otherwise limit the 
relationships.
    Now, although risk assessment can be an important part of 
that process, to my knowledge, affiliate sharing entities 
typically do not deny people credit or other products based on 
the information they get from other affiliates. The reason for 
this is simple: They only see part of the picture. What they 
typically will do is go out to a credit bureau to obtain a 
consumer report before that type of decision is made.
    Just one final note on affiliate sharing. I am aware, 
though, that affiliates will use information in an affiliate 
sharing context to grant people credit or other products where 
they cannot find information at the bureau on that individual. 
So where, for example, an individual is just starting out their 
financial history, they do not have a file at a credit bureau, 
there are entities that, through affiliate sharing, may know 
more than the credit bureau would on that individual. And I am 
aware of at least certain circumstances under which affiliates 
will use that information, again, to expand or enhance that 
relationship with the individual.
    Once again, I would like to commend the Committee for its 
efforts to maintain the consumer benefits of our current 
financial marketplace while also protecting the security of 
consumers' personal information. The Chamber looks forward to 
working with the Members of the Committee as any legislation 
moves forward.
    Thank you again for the opportunity to appear before you 
today, and I would be happy to answer any questions.
    Chairman Shelby. Sir, go ahead.

                STATEMENT OF EDMUND MIERZWINSKI

                   CONSUMER PROGRAM DIRECTOR

              U.S. PUBLIC INTEREST RESEARCH GROUP

                             ON BEHALF OF:

          ACORN, CENTER FOR COMMUNITY CHANGE, CONSUMER ACTION

            CONSUMER FEDERATION OF AMERICA, CONSUMERS UNION

                 ELECTRONIC PRIVACY INFORMATION CENTER

                     IDENTITY THEFT RESOURCE CENTER

                      NATIONAL CONSUMER LAW CENTER

            PRIVACY RIGHTS CLEARINGHOUSE, PRIVACY TIMES, AND

                  U.S. PUBLIC INTEREST RESEARCH GROUP

    Mr. Mierzwinski. Thank you, Chairman Shelby, Senator 
Sarbanes, Members of the Committee. I am Ed Mierzwinski, 
Consumer Program Director with U.S. Public Interest Research 
Group. My testimony today is on behalf of the Nation's leading 
consumer and community and privacy organizations, including 
ACORN, the Center for Community Change, Consumer Action, 
Consumer Federation of America, Consumers Union, the Electronic 
Privacy Information Center, the Identity Theft Resource Center, 
the National Consumer Law Center, Privacy Rights Clearinghouse, 
Privacy Times, and we are all united. We have all been working 
on this, and we appreciate that the Senate has asked for our 
views before it develops its own comprehensive solution to the 
problems identified in your set of detailed hearings.
    We want to make sure that credit reports are accurate, that 
consumer privacy is protected, and that identity theft is 
stopped. All the indicators show that identity theft is up, Mr. 
Chairman. Just this week, the distinguished Professor Alan 
Westin reported that millions of Americans--not hundreds of 
thousands, as most previous reports have identified. Millions 
of Americans annually are probably victims of identity theft, 
and the crime costs consumers billions of dollars a year.
    Consumers are the victims, as your hearings have pointed 
out. Industry has in the past claimed that they are the victims 
because they eat the costs. Consumers are the victims because 
of the emotional distress, the time, the inability, as Captain 
Harrison pointed out to the Committee, of being able to clear 
61 fraudulent accounts from his good name.
    We also know, in terms of identity theft, that the Federal 
Trade Commission has documented that identity theft is up and 
that it is at higher levels every year.
    Also, this week, you may have seen that yesterday the 
Federal Trade Commission imposed a $250,000 civil penalty on 
the Equifax Credit Bureau for violating the terms of a consent 
decree, where it was supposed to have enough people on staff to 
answer the phone and help consumers. I am, quite frankly, 
astonished, Mr. Chairman, that during the terms of a 
Congressional review of this industry--and this industry is 
seeking all kinds of favors, seeking preemption forever--that 
they would get caught violating a consent decree; and at the 
same time they are arguing that if you are going to provide 
consumers with greater rights, the first to a free credit 
report, for example, that you have to be careful that you do 
not impose too many duties on them. They are not even complying 
with their current duties to answer the phone, so I am quite 
dismayed that the credit bureaus are asking for additional time 
on the free credit report.
    I would also point out to the Committee that this week the 
Privacy Times broke a story that suggests that the credit 
bureaus are moving jobs offshore. I think the Committee should 
look into that before it drafts its bill. I am very concerned. 
Identity theft is often an insider game. If they are moving 
jobs to low-wage countries, there may be greater opportunities 
for identity theft. There is real secret--I am sorry, 
confidential information in credit reports, and I think you 
should scrutinize very carefully this proposal by the credit 
bureaus to move our confidential consumer records offshore.
    The consumer groups think it is the wrong time to grant 
permanent preemption for a number of reasons, and we think 
that, as you pointed out in your opening statement, ongoing 
Congressional review is a good idea. The biggest problem we 
have in this Congress is inertia, and having a reauthorization 
every 4 years or so seems to be a good idea. We would, of 
course, support removing the preemption and just letting it 
expire. But if you are not going to do that--and the House 
chose not to do that--at least this Committee should consider 
sunsetting the preemption.
    This week, disappointingly, a District Court Judge in 
California overturned parts of the San Mateo and Daly City 
privacy ordinances which were enacted under the broader pro-
privacy, pro-State authority terms of the Sarbanes Amendment to 
the Gramm-Leach-Bliley Act. We would also ask that the 
Committee reiterate its 1996 Congressional history that the 
preemption in the Fair Credit Reporting Act as it pertains to 
affiliate sharing was narrow and does not affect the Gramm-
Leach-Bliley Act and the right of the States to enact stronger 
financial privacy laws, so long as the States do not attempt to 
enact laws that turn those companies into credit bureaus when 
they share information.
    I also want to point out that I find it somewhat 
hypocritical of the industry to be saying that they want 
flexibility because they do not want one-size-fits-all for 
their companies, but they do want one-size-fits-all for the 
laws. So they want the law to be national; they do not want the 
States, who have been demonstrated to be engines of change, 
laboratories of democracy, all the good ideas in the modest 
House bill have already been enacted in State law to a large 
extent. Yet industry does not want one-size-fits-all. They want 
flexibility in the rules. It is a little surprising.
    My testimony goes into a number of key reforms, Mr. 
Chairman, that I will not go into now, but we believe the House 
bill does not go forward adequately enough. It does not provide 
enough transparency. It originally was supposed to provide free 
credit reports and free credit scores. It now no longer 
provides free credit scores.
    I spoke with a leading lender yesterday, a leading 
executive of a leading lender, and he told me he would like 
much greater opportunities to provide consumers with free 
credit scores. But he is prohibited by contracts that prevent 
him from doing so. We think that the scores should be free 
along with reports, and they should be provided by all credit 
bureaus.
    We think the FTC should be required to audit the companies 
annually and to publish the results of those audits to the 
public.
    We believe that the consumers should have availability of 
more scores, and this is outlined in our testimony--I am sorry, 
more reports and more scores. And it is also something that is 
supported by the FTC and, I believe, the Treasury Department. 
There are circumstances in the economy where today we accept a 
counteroffer and we do not receive a credit report. We should 
get a credit report when we accept a counteroffer. We should 
also get a credit report when a company like Citibank makes a 
decision based on a profile internally. And while we may 
disagree, my colleague and I here at the table, over whether 
the companies will eventually want to set up their own internal 
credit bureaus, they, in fact, are using information derived 
from affiliate sharing for credit profiling, according to 
Citibank's testimony last month. When that happens, you do not 
have the same rights as you would if they used a full credit 
report.
    In terms of accuracy, we make a number of recommendations 
to the Committee. I am very disappointed in the GAO report, Mr. 
Chairman, because it ignores the fundamental findings of the 
largest and peer-reviewed study that has been provided in 
testimony to this Committee. The CFA's study, the Consumer 
Federation of America's study, looked at half a million credit 
files and found that 29 percent of consumers had a disparity of 
50 points or more on their credit scores if obtained from one 
or another of the three repositories. I believe that the 
findings of that CFA study, which, again, was peer-reviewed and 
is a legitimate, academic-level, statistically valid study, in 
my opinion, should have been discussed in greater detail in the 
GAO's findings.
    The other studies that I would like to point out to the 
Committee--and I would like to make sure that they are in the 
record if they are not already--the industry has relied on a 
number of white papers, a number of studies that claim or 
purport that there will be billions of dollars of cost to the 
economy if we do not do what they want done.
    I would say that Robert Gelman, a noted privacy expert, has 
prepared a study on the costs of not protecting privacy. And 
Professor Elizabeth Warren of Harvard Law School has prepared a 
study rebutting a number of the proprietary industry white 
papers as a way to make public policy. And, in addition, our 
proposals talk about the need to have better credit score 
models transparency as well. We do not know enough about credit 
scores. We do not know enough about how they are made. As your 
testimony, however, pointed out on Tuesday, we do know that 
your credit limit is part of your credit score, and that when 
your credit limit is withheld by a furnisher, that is a problem 
for the consumer.
    So there is a very important study by the civil rights 
group, the Center for Community Change, called ``Risk or 
Race,'' that finds that, in fact, risk may not be the factor 
that has black and Hispanic applicants disproportionately 
mentioned in subprime lending; that is, if you are black or 
Hispanic, you are more likely to be paying too much for a loan. 
And that study, ``Risk or Race,'' should be entered into the 
record.
    Our testimony goes into a number of other important details 
about changes that need to be made in the act. Our groups hope 
to work closely with you and Senator Sarbanes on solutions to 
these important problems. But at a very minimum, we strongly 
oppose the permanent extension of preemption. We think it is 
unjustified. We urge the Committee to go for a sunset rather 
than permanent preemption.
    Chairman Shelby. Thank you.
    We have seen indications that some creditors do not report 
information regarding their customers to the credit bureaus. 
You referenced that. What do you believe is their motivation 
for this?
    Mr. Mierzwinski. Well, very clearly, the motivation is to 
game the credit scoring system to prevent those customers from 
shopping around. If I want to apply for credit, I want the best 
credit score I can have. But the easiest thing for a company to 
do is not to look for new customers, but to keep its existing 
customers. That is why they do it.
    Chairman Shelby. But if they do that, you cannot have 
accuracy in scoring, could you? You do not have all the 
information.
    Mr. Mierzwinski. We do not believe you can have accuracy in 
scoring, and the fact is even though the so-called black box of 
the credit scoring models is secret to you and me, the 
companies know enough about it to know that if they withhold 
certain pieces of information that they can game the system. 
And there is a lot of motivation there because if they keep 
their customers, most of those customers are probably paying 
too much for the----
    Chairman Shelby. It is to their benefit, but perhaps to the 
loss or detriment of the consumer.
    Mr. Mierzwinski. It is absolutely to the loss or detriment 
of the consumer to be prevented from being able to shop around. 
And it is also to the loss or detriment of the credit scoring 
system.
    I think a bigger threat to the uniformity of the system, to 
the voluntary nature of the system, than the States, who I 
think are rational actors, is these acts of companies to 
prevent their consumers from being able to shop around.
    Chairman Shelby. Do you believe it is important to 
establish some kind of baseline, that is, objective information 
regarding the level of credit report accuracy?
    Mr. Mierzwinski. I absolutely think that you need to 
establish a better baseline on credit report accuracy, and I 
know the GAO--again, I disagree with their finding, but they 
say more needs to be done, that the FTC or the agencies, the 
bank agencies, or the credit bureaus should do more of a study.
    I personally feel that the annual audits of credit bureau 
accuracy should be provided and the public should hear about 
them. The Committee should hear about them as well.
    Chairman Shelby. We have also learned here a lot about--but 
we do not know everything about it--the growing use of risk-
based pricing. Adverse action notices are not provided as 
regularly, we have been told, as they once were.
    I believe that consumers are never more aware of the need 
to review their credit report than after they have been jolted, 
perhaps jolted to the awareness of some kind of credit-related 
problem.
    Do you agree? And do you think it is necessary to update 
the adverse action notice process to meet today's realities?
    Mr. Mierzwinski. You are exactly right. We agree. I believe 
that the agencies, the Treasury and the FTC, also agree, or at 
least on that one the FTC agrees.
    The old credit system was yes or no. Now the credit system 
is more or less. You pay more or you pay less. If the system is 
inaccurate, you probably pay too much. But in many cases, when 
you are paying more, you do not know that it is because of a 
mistake on your credit report because you are not receiving the 
adverse action notice.
    Chairman Shelby. The whole system is based on accuracy, 
which is truth, is it not? If somebody is gaming the system for 
proprietary reasons, withholding information, the consumer is 
going to get hurt.
    Mr. Mierzwinski. Well, the consumer gets hurt, but it is an 
externality to that company. That company benefits by charging 
that consumer too much. They are happy.
    Chairman Shelby. Sir, going forward, how can we best ensure 
that entities involved in the credit granting process continue 
to meet their Fair Credit Reporting Act responsibilities?
    Mr. McEneney. Mr. Chairman, I think that probably the best 
way to do that is the continued active, vigorous enforcement of 
the existing statute. The statute really is a remarkable piece 
of legislation, providing powerful protections to consumers. 
The credit bureaus that have information on them are under an 
obligation to maintain reasonable procedures to ensure the 
maximum possible accuracy of that information. Consumers' 
access to that information, the ability to dispute it, the 
ability to demand that the furnisher----
    Chairman Shelby. Ability to dispute it and clear it up if 
it is wrong, right?
    Mr. McEneney. Clear it up if it is wrong, absolutely, and 
including involving the furnisher, the entity that provided the 
information to the bureau, in that process.
    Chairman Shelby. Well, how do we change that a little? We 
had this gentleman, this Army Captain, retired, that had a 
horror story. It just ruined his life, basically, trying to 
deal with identity theft and all this. There should be an 
easier way to clear up somebody, because they steal your 
identity. And the Secretary of Treasury testified here today, 
as you know--you were here--that this is a big and growing 
problem.
    Mr. McEneney. I could not agree with you more strongly, Mr. 
Chairman. I think if you take--virtually every anecdote I have 
heard about accuracy that is not related to identity theft can 
really be addressed by the proper application of the existing 
statute. But identity theft is really where the statute, 
unfortunately, has a weakness.
    Now, in that regard, I think that many in the industry, and 
I think to a certain extent the people in the Administration as 
well, have looked at a way to try and make it easier for those 
people who are the victims of identity theft to get it cleared 
up quickly. Probably the most powerful tool that consumers 
could have in that context is the trade line blocking.
    Now, the way the trade line blocking works is the consumer, 
for example, files a report. A police report is one standard 
that has been talked about. Whatever the standard is, it has 
got to be a credible one to avoid credit repair clinics from 
using it to game the system. But assuming that we can come up 
with a credible threshold--and I think we can--what that would 
do is then enable that consumer to take that report, go to the 
bureau, file that report, and block for all time----
    Chairman Shelby. And not have the horror stories we have 
had here.
    Mr. McEneney. Absolutely.
    Chairman Shelby. And I am sure there are thousands.
    Mr. McEneney. Yes, absolutely. And, Mr. Chairman, could I 
just comment on a few other questions that you raised earlier?
    Chairman Shelby. Absolutely.
    Mr. McEneney. I am familiar with the issues regarding the 
reporting of credit limits, and my understanding of the 
motivation behind those issues--and I am not defending that 
practice, but----
    Chairman Shelby. Please do not.
    Mr. McEneney. But it is a little different than I think my 
colleague at the table may have described. As I understood it, 
I thought that some banks thought that they may have come up 
with a clever proprietary way to set credit limits and did not 
want to tip their hand to their competitors that they had come 
up with this methodology.
    I do not think it was designed to prevent their customers 
from shopping. After all, if that was their intent, they would 
not report anything on those consumers at all.
    Chairman Shelby. Well, why not report everything for 
accuracy? How can you have accuracy if you are gaming the 
system, even if you want to rationalize for proprietary 
reasons, and keep you or you from shopping in the market?
    Mr. McEneney. I agree with you.
    Chairman Shelby. Because the market does not work if you do 
not have it open.
    Mr. McEneney. I agree with you that full reporting should 
be encouraged. I think requiring it may have some adverse 
consequences that outweigh the benefits.
    Chairman Shelby. Like what?
    Mr. McEneney. One of the things that happens if you 
mandate--today, we have a voluntary system that I think works 
extremely well, and I think there is substantial evidence for 
that because of the incredibly successful rate at which 
creditors are able to grant credit and get paid based on----
    Chairman Shelby. We like all that, but we like accuracy, 
which is based on the truth.
    Mr. McEneney. And I think that the way the system works 
today is extremely effective. Creditors grant credit. They get 
paid back. I think that supports the notion that the 
information they have today, although not complete in some 
cases----
    Chairman Shelby. Well, we all agree that the system is 
working pretty well. But where it is not working well, I think 
it is our responsibility to clear it up. And you can help us.
    Mr. McEneney. And I am prepared to help you, Mr. Chairman, 
and the only thing I would say is that I think encouragement or 
persuasion in this regard will likely provide the benefits you 
are looking for without significant detrimental impacts, like 
driving people from providing the information in the first 
place.
    Chairman Shelby. What is wrong with mandating it?
    Mr. McEneney. There are a number of questions that come up 
in that context. One is: Who do we mandate provide the 
information? There are thousands and thousands of furnishers of 
information out there. And then what do they provide? For 
example, small businesses have certain types of information. 
Utility companies have different types of information. Credit 
card companies have different types of information. Mortgage 
companies. What is it that constitutes full file?
    Also, who do they provide it to? There are hundreds of 
credit bureaus around the country, and do we only mandate that 
it be provided to certain credit bureaus and not others?
    Also, I think one of the things that has to be assessed is 
the potential impact on the reliability of the information. 
Today, people provide the information voluntarily because they 
are willing to build the infrastructure to do so; they are 
willing to incur the costs to deal with follow-up disputes. If 
you force people to do it where those people have not build 
those infrastructures to support the reporting of the 
information, I think there is a significant risk that it could 
actually decrease the reliability of the information you get.
    Chairman Shelby. Well, I disagree with you on that.
    Even if the motivation is not to so-called game the system, 
shouldn't we be concerned if the effect hurts the consumer? In 
other words, the consumer--there are a lot of choices out there 
in the marketplace, and you have got different firms fighting 
for that customer. But if somebody is withholding information 
which keeps their customer base in line where they might have 
an opportunity to do a little better somewhere else, I think it 
games the system and the free market does not work.
    Mr. McEneney. Well, I would say on that point that one of 
the things that I think people should look into in that context 
is the extent to which those issues can be dealt with through 
modeling. One of the great things about credit scoring is that 
if you know what you do not know, you can model for it. You can 
assess what it means over time. And I do not think we are 
talking about systematic problems in the reporting of this 
information. I think we are talking about exceptional 
situations that are a small minority of the circumstances. And 
I think that can be dealt with through proper modeling.
    Chairman Shelby. At the very least, the banking regulators 
could ensure that entities that they supervise full-file 
reports. They could do that.
    Mr. McEneney. And I think they are strongly encouraging 
that, Mr. Chairman, and I think it has been effective. For 
example, the Fed did a study on this issue sometime back, and 
between the time that they gathered the information from the 
credit bureau to figure out what the credit reporting looked 
like and the time they prepared the report, the number of 
accounts that did not have the credit limit on them went from 
something in the neighborhood of 35-plus percent down to 13 
percent. And my understanding is that that friendly or not-so-
friendly persuasion by the agencies has been even more 
effective in continuing to drive those numbers down and 
encourage the full-file reporting.
    Chairman Shelby. Senator Sarbanes, I would like to thank 
you for your patience.
    Senator Sarbanes. Thank you very much, Mr. Chairman. I will 
be brief. This has been an extremely helpful hearing, in my 
view. Also, I want to thank both of the witnesses who are 
currently at the table for their testimony and their 
statements.
    Mr. Mierzwinski, I particularly appreciate this very 
detailed testimony that you and the other organizations that 
you are representing have put together here.
    In that light, Mr. Chairman, I hope we can keep the hearing 
record open to receive additional recommendations.
    Chairman Shelby. We certainly will. The record will remain 
open.
    Senator Sarbanes. I wanted to ask you this question. I am 
particularly interested in this. One of the ways of assuring 
that the consumer can straighten things out is that he can 
bring legal action under FCRA in order to do so. Is that 
correct?
    Mr. McEneney. Yes.
    Senator Sarbanes. And that is an instrument whereby you 
get, in a sense, some self-policing of the workings of the 
system and I guess in that respect is desirable. Would you both 
agree with that?
    Mr. McEneney. I think one of the most powerful things about 
the FCRA is the tools it gives the consumer to get out and 
dispute the information they believe is inaccurate and to have 
it corrected.
    Senator Sarbanes. Now, let me ask you this question: The 
current statute of limitations governing the time period by 
which a consumer must bring legal action under the FCRA runs 2 
years after the occurrence of the fraud, regardless of when the 
victim discovers it.
    Now, in the most extreme case, the victim could discover it 
more than 2 years after the fraud occurred, and the statute of 
limitations would knock the victim out of the box, would it 
not, under current statute?
    Mr. McEneney. Yes, I believe it would.
    Senator Sarbanes. Well, I have difficulty understanding. 
Obviously there is no fairness to that, and obviously it 
eliminates the workings of the system in terms of the consumer 
correcting it.
    Now, some have suggested that the statute of limitations 
period should be 2 years after the date on which the violation 
is discovered or should have been discovered by the exercise of 
reasonable diligence, because I can understand it will be 
argued, well, you know, they should have known this, we just 
cannot have this thing hanging out there forever. So you put 
some burden of responsible action on the consumer.
    But why wouldn't that be a better way for the statute to 
work, 2 years after the date on which the violation is 
discovered or should have been discovered by the exercise of 
reasonable diligence? Do you have any problem with that?
    Mr. McEneney. Senator, just a clarification of how I think 
that statute of limitations issue works. If I am a consumer and 
I come to look at my file at any time, my rights accrue at the 
time I look at that information to dispute the information and 
have it corrected. It is not that if the information was added 
more than 2 years ago I cannot correct it. I can demand 
correction anytime it is in my file.
    I think the situation that you may be referring to is one 
where a consumer comes to look at his or her file, believes 
that there is a problem in it, and more than 2 years ago, for 
example, applied for credit or took some other action and 
believes they were damaged at that point in time. Under those 
circumstances, I believe the statute would run, and the 
individual would not have a right to go back and sue for an act 
or for damages that took place 2 years prior, but would have 
the right to demand correction of that information right then 
and there. The 30-day time frame would then apply, and all 
their rights would accrue.
    I think that it is important to just focus on what that 
statute of limitations issue really means. The consumer always 
has the right to come and dispute what is in his or her file.
    Mr. Mierzwinski. Senator Sarbanes, if I could add, we want 
to reverse the Supreme Court in the TRW v. Andrews case. We 
think it is important to clarify the discovery rule and make it 
easier. The complexity of the discovery rule is just one 
example of how the general principle of this Act is that the 
consumer generally has a right to self-enforce his or her 
rights. But those rights are very difficult to enforce.
    In 1996, a former Member of the Committee, Senator Bryan, 
worked very hard to establish a furnisher liability compromise. 
As part of that, he said consumers could sue banks and 
department stores some of the time after they failed to comply 
with the reinvestigation, but not if they simply provided 
information to a credit bureau that they consciously knew was 
in error. So that first test would only be enforceable by the 
agencies. The consumer could only sue in the latter case where 
there was a request by the consumer to remove the fraudulent or 
false information and that information was not removed.
    Consumers had to go to court for the last 8 years. They had 
to get the Federal Trade Commission to file amicus briefs on 
their behalf. Despite clear legislative intent that Congress 
intended to give consumers the right to sue furnishers of 
information in some circumstances, many furnishers of 
information argued that they did not have the right to sue 
them. The law is very difficult to enforce as a private 
individual.
    One example: Why is there so much identity theft? There is 
so much identity theft because the companies do not care about 
fixing the problem. They look at it as a cost of doing 
business. That is all it is to them. They are making so much 
money issuing credit that the millions of consumers who are 
victims of identity theft have so much trouble enforcing the 
law and clearing up their name, as Captain Harrison did, that 
they just give up. And we really need to make it easier for 
consumers to enforce their rights, strengthen the duties of 
these companies.
    Senator Sarbanes. I may not be fully understanding, but I 
have difficulty understanding the rationale for a statute of 
limitations that runs when the victim is unaware that something 
wrong has been done to them. I understand once they know about 
it if they then do not do anything about it within a reasonable 
period of time, or if, you know, by taking due diligence they 
should have known about it and did not do it because they 
were--that is a different situation. But the situation in which 
they just do not know about it and then they find out about it 
and they want to do something, someone says, well, you know, 2 
years has gone by, it is just too bad but you are out of luck.
    I mean, what is the rationale to justify that kind of 
position?
    Mr. McEneney. I would be happy to look into the details of 
the statute of limitations issue for you, Senator.
    Senator Sarbanes. On first blush, it is hard-put to see a 
rationale, isn't it?
    Mr. McEneney. You know, statutes of limitation generally 
are designed to avoid litigation involving issues where the 
facts relevant to those issues took place beyond a certain 
period of time before. And I would have to look at the specific 
issues you are talking about.
    Senator Sarbanes. Even if you go down that path, 2 years is 
a pretty short period of time when you are talking about, I 
think, matters of this sort. But a lot of statutes of 
limitations have in them some provision about knowledge or 
should have had knowledge in order for the time period to kick 
into effect and then knock you out of getting a remedy. You, 
after all, are the one who has been victimized. My question is 
whether the victim should be able to get some remedy for that, 
and it is quite a step simply to knock them out of getting any 
remedy when they are in complete lack of knowledge that this 
has been done to them.
    Mr. McEneney. Senator, I would be happy to look at the 
details of that issue and get back to you.
    Senator Sarbanes. Thank you, Mr. Chairman.
    Chairman Shelby. Could I ask the other side, could you also 
furnish information regarding the same subject?
    Mr. Mierzwinski. Mr. Chairman, we would be happy to do so. 
And we had an amicus brief before the Court in that case, which 
we will provide to the staff. We think the Supreme Court was 
wrong, but it was a statutory ruling, so the Committee can 
certainly reverse them.
    Chairman Shelby. Senator Bennett.
    Senator Bennett. Thank you very much, Mr. Chairman.
    Mr. Mierzwinski, I have gone through your recommendations, 
every one of which has some rationale behind it. But taking the 
whole thing in total, it reminds me of the comment that came 
out of the Vietnam War where the infantry captain said, ``In 
order to pacify the village, we had to destroy it.''
    And I think if all of these recommendations were put in 
place in order to make sure that the customer got absolute 
accuracy and absolute protection of his privacy, you would cut 
him off from the opportunity of obtaining credit. And that is 
what this whole thing was about.
    Again, I go back to my first days in this Committee where 
the complaint was that particularly minorities and others who 
did not have a gilt-edged credit history were being denied 
credit absolutely, and the Fair Credit Reporting Act has gone a 
long way toward making credit available to them. And if we say, 
yes, but there is this and there is this and there is this and 
there is this possibility, every possibility of which must be 
guarded against, we go back to the bad old days when the only 
people who could get credit are those who basically do not need 
it. So, I have some real problems with the totality of what you 
are presenting here.
    Now, I also disagree with you about the GAO report because 
I think the GAO report reflects what we have heard in these 
hearings. We have had a wide range of studies presented to us. 
You claim, with understandable enthusiasm, that the studies 
that support your position are the reliable ones and the peer-
reviewed ones and the objective ones. But other witnesses 
claim, with equal sincerity, that the studies that they put 
forward are objective and peer-reviewed and reliable. And the 
results, as we found in previous hearings, are all over the 
lot.
    So it does not surprise me at all when the GAO begins with 
the quote with which the Chairman began this hearing, and I 
will read it again: ``Information on the frequency, type, and 
cause of credit report errors is limited, to the point that a 
comprehensive assessment of overall credit report accuracy 
using currently available information is not possible.'' And 
that resonates with the sum total of what we have heard in 
these hearings.
    In the GAO report, we have what I find to be a very useful 
summary as to the common causes of errors in the consumer 
credit report process, and they cite three common causes:
    Number one, consumers. Consumers provide inaccurate data to 
furnishers, either by mistake--which I assume is by far the 
most logical reason--or purposely provide false information in 
order to establish a new credit identity. This is a form of 
identity theft, if you will, identity concealment. I have bad 
credit; I will now, in an attempt to create a new identity for 
myself, mislead the furnishers. That is the first cause of 
errors.
    The second cause of errors, furnishers input accurate 
information incorrectly. I referred to this previously where I 
described where I was moving, over the phone, opening an 
account. My name is Robert F. Bennett, and the bill came back 
Robert S. Bennett. There was not anything malevolent about it, 
but the person on the other end of the line heard my ``F'' as 
an ``S'' and I have been unable to correct that, as many times 
as I have tried. Finally, I just pay the bill, Robert S. 
Bennett every month and I do not worry about it. But that is 
accurate information incorrectly inputted. Pass on incomplete 
or inaccurate data to consumer reporting agencies, or pass on 
accurate data in incorrect format. Fail to voluntarily report 
data. Those are all of the various ways that furnishers put in 
accurate information into the system.
    And finally, the third way you get errors is that the 
bureaus input inaccurate information or they input accurate 
information in the incorrect file. Robert S. Bennett begins to 
get information that is not accurate because somehow he is 
getting my utility bill put in there.
    Because of these common errors involving consumers, 
furnishers, and credit reporting agencies, the GAO has 
concluded that we cannot get our arms around the size or 
complexity of the problem.
    So I think what we need to do, Mr. Chairman, is continue 
that which has been working, and for that reason, I am strongly 
in favor of both the preemption provision and the affiliate 
sharing provision, while we continue to try to find out more 
information about where the inaccuracies come from and what we 
can do to deal with it. I think the reference to the bank 
regulators to which you, Mr. McEneney, have referred, is an 
indication the bank regulators have gotten tough and the number 
of inaccuracies or omissions has begun to go down. And I think 
that is a salutary thing, and we should work for that.
    I am in favor of Senator Sarbanes' position on the statute 
of limitations. I cannot imagine why it would be a problem to 
say that, well, if something has gone bad, you do not know 
about it until 18 months later, and then suddenly you are faced 
with a major identity theft problem, you have only got 6 months 
to get your lawyer together and file the case. I want to have 
the full 2 years from the time that happens.
    Those are the kinds of changes that I think we can make. We 
can tighten things up. But I do not want to throw out the baby 
with the bath water. I do not want to reverse the fact that 
credit has been made available to a wide range of Americans who 
did not have it before in the name of saying, well, we are 
going to protect your privacy in all of these belt and 
suspenders and raincoat kinds of ways, and in the process you 
are going to be completely private, but you are not going to 
get any credit.
    Mr. McEneney. Senator Bennett, on the GAO finding of the 
inability to assess accuracy, I would just like to make one 
point. It does not answer the question, but perhaps provide 
some temporary comfort. That is, there is a proxy for assessing 
the accuracy of the information at a broad level, and that is 
its remarkable predictive value. Creditors successfully rely on 
this information, have been extremely successful in making 
credit more widely available, more cheaply than ever before, 
and that would not be the case unless the information were 
accurate to a high degree.
    Now, that does not deal with the detailed issue, but I am 
just saying that there is some comfort to be taken from that 
widely available fact.
    Mr. Mierzwinski. If I could speak to that briefly, 
Senator--and, by the way, on your first point on our 
recommendations, we would be happy to work with you. If you 
want to take our top five or something like that, we would be 
pleased.
    Senator Bennett. Well, as long as you give me preemption 
and affiliate sharing, why, I would be happy--
    [Laughter.]
    Mr. Mierzwinski. But the situation here, I think--and I 
would refer you--I will provide it to the staff. There is a 
study by a Philadelphia Federal Reserve Board economist, Mr. 
Hunt, that talks about some of the ways that information is 
used in the system. And one of the points he makes is a theory 
that the system is weighted toward false negatives; that is, 
the system may be providing credit accurately to people that 
deserve----
    Chairman Shelby. Would you furnish a copy of that to the 
Committee?
    Mr. Mierzwinski. Yes. May be providing credit in a way that 
people that deserve credit tend to get credit, but some people 
may be paying too much for credit. And that is what the system 
is not measuring, and that is my point on the GAO report. I 
only read it very quickly. I just got a copy of it. But the one 
particular part of the CFA report was the study of half a 
million scores that I do not think they looked at in as 
detailed a way that they should have. And that was my point.
    On the other studies, maybe their points were more valid. 
But on that particular portion of the CFA report, that is where 
I disagree with them. I was encouraged, however, that they 
agree with our finding and recommendation that there should be 
more adverse action notices provided so more consumers trigger 
looking at reports and trigger reinvestigations.
    Senator Bennett. I think the Committee is clearly going in 
that direction. That is what the FTC recommended.
    Mr. Mierzwinski. Right.
    Senator Bennett. I think there is some legitimacy to that.
    Thank you, Mr. Chairman.
    Chairman Shelby. In closing, I want to thank you two for 
being patient today and also for your input. I believe this 
will help guide the Committee as we seek in the next weeks to 
craft a bill that balances the interests of consumers and the 
needs of the credit market. We are not going to try, I hope, to 
reinvent the automobile here, but we believe that we can maybe 
change the model a little bit, fine-tune it and make it work 
better for the American people, and that is all of us.
    Thank you, gentlemen.
    Mr. McEneney. Thank you.
    Mr. Mierzwinski. Thank you.
    [Whereupon, at 12:40 p.m., the hearing was adjourned.]
    [Prepared statements, response to written questions, and 
additional material supplied for the record follow:]
              PREPARED STATEMENT OF SENATOR ELIZABETH DOLE
     First of all, I want to thank Chairman Shelby on behalf of the 
people of North Carolina and the entire country not only for holding 
today's hearing on measures to enhance the operation of the Fair Credit 
Reporting Act, but also for holding six hearings on the issues involved 
in the reauthorization of the Fair Credit Reporting Act preemptions. 
This has given us all an opportunity to examine the great benefits the 
FCRA has brought to the consumers of America.
    These hearings have also illustrated the ways this law can be 
strengthened to ensure more accurate credit reports and help our 
efforts to combat identity theft. The actions of the House Financial 
Services Committee passing its version of this legislation by an 
overwhelming vote of 61-3 shows there is a broad consensus on the 
issues before us and that we all can work together to accomplish our 
goal this year.
     While I have long spoken out about the tangible benefits the FCRA 
has brought to our Nation by lowering the cost of credit and empowering 
individuals, there are further steps we can take to help consumers and 
industry, such as providing access to a free credit report once a year. 
A free report will help consumers gain a better understanding of the 
factors that financial institutions take into account when pricing a 
product and when deciding whether to extend credit. Free credit reports 
will also ensure the accuracy of credit reports and help stop identity 
theft, a destructive crime that is unfortunately growing more common 
every day.
     As we all know, there has been a healthy debate on the issue of 
credit scores. While I feel strongly that consumers should be given an 
accurate description of the different factors that go into these 
numbers, I do not think this should extend to the right to a free 
credit score. This score is a proprietary analysis of a credit report 
used to gauge the risks involved in extending credit to an individual. 
Since independent businesses develop the scores with their own 
resources, they should be able to receive a small fee for their use. It 
is also my hope that we not put one score--such as FICO--above all 
others. Competition in the credit score market should be preserved.
     I want to thank our distinguished panel of witnesses for taking 
the time to join us here today. I look forward to working with all of 
my colleagues on these issues as the Committee prepares to craft a 
legislative package.

                               ----------

                   PREPARED STATEMENT OF JOHN W. SNOW
               Secretary, U.S. Department of the Treasury
                             July 31, 2003

    Thank you Chairman Shelby, Senator Sarbanes, and other 
distinguished Members of this Committee for this opportunity to testify 
on the Administration's 
proposal to strengthen the use of the Fair Credit Reporting Act (FCRA) 
to promote consumer interests.
    All consumers have two important interests, the promotion of which 
is the central purpose of the FCRA. One is the interest in improved 
access to credit and other 
financial services. The other is the interest in the accuracy and 
security of their financial information. The Administration proposes to 
remove the sunsets on the uniform standards and focus these standards 
and the FCRA even more on meeting these two key consumer interests.
    A hallmark of our country is readily available credit. In fact, it 
is not too much to say that ready access to credit on competitive terms 
is an integral part of the economic security and well-being of American 
families. All over the country, Americans depend on competitive credit 
markets to realize the dream of homeownership, to finance their cars, 
to pay for college, and meet a variety of other needs. More than two-
thirds of Americans now own their own home, and 9 out of 10 homes are 
purchased with a mortgage. For example, consumer credit helps finance 
the vast majority of the more than 15 million cars and trucks consumers 
purchase annually.
    The FCRA's uniform national standards for information sharing 
operate to expand the opportunity for consumers to access credit and 
financial services--they make your reputation as a borrower portable, 
so that you do not have to establish your good name from scratch in 
every city you visit, or every store where you shop.
    The Council of Economic Advisers estimates that, if States passed 
laws that significantly deviated from the national uniform standards of 
the Fair Credit Reporting Act, 280,000 home mortgage applications that 
are now approved each year would be denied--that is $22 billion in new 
mortgages annually. Access to accurate and reliable financial 
information is particularly important for approving loans to first-time 
homebuyers, for example.
    This democratization of credit has especially benefited minority 
and lower income families. For example, from 1995 to 2001, the 
percentage of minorities holding mortgages increased significantly--
one-sixth of minorities who qualified for mortgages in 2001 would not 
have qualified in 1995, a higher rate of improvement in homeownership 
than for families overall. In addition, the percentage of minority 
families with credit cards has risen substantially. From 1995 to 2001, 
the percentage of African-American families holding credit cards rose 
from 39.4 percent to 55.8 percent. More generally, since 1970, credit 
access by U.S. households in the bottom half of income distribution has 
experienced the most rapid growth. National uniform standards help all 
Americans participate more fully in the miracle of modern credit 
markets. We need to accelerate that process and do nothing to slow it 
down.
    Perhaps the most serious threat to financial consumers today is 
identity theft. Identity thieves are clever, adaptable, and heartless. 
Indeed, many identity thieves specifically target the most vulnerable 
members of society--families of the recently deceased, seniors, 
hospital patients, and men and women serving our Nation overseas. These 
schemes come in many forms and I have described several of the more 
deplorable schemes elsewhere. Today, I would like to cite still another 
example, as reported last week, that demonstrates how clever and 
adaptable the thieves are:

          Using a $100, commercially available keystroke logging 
        program, an identity thief in New York stole over 450 online 
        banking passwords during a 2-year period. The scam began with 
        the thief installing a keyboard-sniffing program on public 
        Internet terminals at 13 locations scattered throughout 
        Manhattan. Unwitting customers using the terminals then had 
        their keystrokes logged as they accessed information. With 
        username and password information in hand, the thief used the 
        victims' personal and financial information to open new 
        accounts under their names and transferred money from the 
        victims' legitimate accounts into the new, fraudulent ones.

    Many Americans have worked hard for years to build and keep good 
credit histories. In today's information-driven economy, one of your 
most important personal assets is your reputation, your credit history. 
The statistics are there--and have been cited by many. For example, a 
recent study reports that identity theft has been seriously under-
reported and asserts that 7 million Americans were victims of identity 
theft last year alone. We may never know what the right number is. But 
one thing we do know is that there are far too many victims of identity 
theft and that the crime is spreading.
    One of the most distressing aspects of identity theft is how 
quickly an identity thief can damage your credit history and how long 
it can take to undo the damage. A recent General Accounting Office 
study found that victims spend on average 175 hours trying to recover 
from the crime. In many cases, recovery can take even longer, and 
involve thousands of dollars in legal and other expenses. The costs are 
so significant that a market in identity theft insurance is now 
developing.
    Our national information sharing system can and should be improved 
to do more in the fight against identity theft. As we do so, it is 
important to understand that national standards for sharing such 
information are an important tool in the fight against identity theft. 
When a thief tries to steal your identity and open an account in your 
name, he is posing as you, hiding behind a mask that he has constructed 
out of bits of information about your identity. Bankers or merchants 
can stop the would-be thief right in the act, before the crime is 
committed, if they have timely access to the right information. With 
the right information about your true identity, financial institutions 
can ask validating questions and peer behind the thief 's mask. In 
other words, your banker can stop the identity thief if your banker is 
more familiar with you than the thief is. National uniform standards 
make timely access to full and accurate information possible, giving 
financial institutions the tools to stop many identity theft assaults 
before they can succeed, information moving faster than the thieves.
    On June 30, I announced the Administration's proposals to make the 
Fair Credit Reporting Act an even more effective instrument to protect 
consumer financial data from fraud and abuse, enhancing the quality and 
integrity of that information, while at the same time expanding 
consumer access to credit and other financial services.
    We are extremely pleased that several of these proposals are 
contained in bipartisan legislation now pending before the House of 
Representatives, approved last week by the Financial Services Committee 
by a strong 61 to 3 vote. We look forward to working with you as the 
Senate considers these issues. In my testimony today, I wish to focus 
on five of our proposals:

 Free credit reports upon request. To achieve these important 
    goals of the Fair Credit Reporting Act we would be wise to engage 
    the consumers themselves. A basic tool to place in the hands of 
    consumers is access to their credit reports, once a year, upon 
    request, free of charge. Consumers should be offered the 
    opportunity to review their credit reports for accuracy and 
    completeness. We believe that this proposal will not only help stop 
    identity theft, but that it will also lead to improvement in the 
    overall quality of the information in the credit reporting system. 
    After all, no one has a stronger interest in ensuring the accuracy 
    of their credit reports than consumers themselves. As the overall 
    quality of the information improves, everyone will benefit--
    consumers, merchants, financial institutions, and the economy as a 
    whole.
 National Security Alert System. We recommend that the uniform 
    standards include a national security alert system. Under such a 
    system, consumers who have been victimized or are in danger of 
    being victimized can put banks and merchants on their guard against 
    any further efforts to impersonate the consumer, thus making it 
    much harder to steal one's identity.
 Red Flags. We propose the bank regulators also be put on the 
    watch for patterns followed by identity thieves, red flags that 
    indicate the likelihood of fraudulent activity. The regulators 
    would provide notice of these red flags to the institutions that 
    they supervise and put them on the watch for these telltale signs. 
    Further, the regulators would verify in their bank examinations 
    that these warning signs are being heeded, fining those 
    institutions where lack of attention results in customer losses. I 
    regard this proposal to be a very important part of the package. 
    One of the challenges in fighting identity theft is that identity 
    thieves are adaptable. They are always looking for ways to exploit 
    systems and procedures that we set up to thwart them. It is 
    important, therefore, that regulators and financial institutions be 
    equally adept in catching them. To be effective and not become soon 
    out of date, this proposal avoids locking today's tell-tale signs 
    in the statute, but instead gives regulators the flexibility to 
    adapt to new identity theft schemes and to establish procedures to 
    thwart them and foil the efforts of the would-be thieves, and it 
    gives financial institutions increased incentives to be on guard as 
    well.
 Prohibition on the sale or transfer of identity theft debt. 
    Another important Administration proposal is a prohibition on the 
    sale or transfer of debt for collection a creditor knows is the 
    result of identity theft. Too often, consumers labor for hours 
    persuading a creditor that they were the victims of identity theft 
    only to find that they must begin the process all over again with a 
    new creditor who has purchased the debt from the original creditor. 
    Our proposal would help reduce repollution of consumer's credit 
    files and save consumers countless hours of needless hassle.
 Adverse Action Notices. The Administration proposes granting 
    the FTC specific rulemaking authority that would require notices to 
    consumers when their credit scores caused them to be offered less 
    favorable rates than for which they applied.

    These are a few highlights of the package of proposals we have 
offered, that would build upon and amplify the use of the FCRA to 
promote consumer access to credit within a context of improved accuracy 
and security of personal financial information. Enactment of this 
package will make our national information sharing system even more a 
servant of consumer interests.
    Given the important role that the national standards of the Fair 
Credit Reporting Act play in expanding access to credit and maintaining 
the accuracy and security of consumers' information, it should come as 
no surprise that national information sharing standards benefit our 
economy as a whole. It seems so basic that we take it for granted, but 
an integral part of our economy's success is our confidence in 
financial services such as bank services, insurance, and investment 
products. Our credit markets helped the American economy weather the 
serious shocks we have experienced over the last 3 years--a recession, 
September 11, homeland security, corporate accounting fraud, and so on.
    And there should be no doubt that the national uniform standards of 
the Fair Credit Reporting Act help make our credit market more robust. 
According to the Council of Economic Advisors, if the national 
standards were to expire, and States adopted new laws currently under 
consideration, a minimum of 3.5 percent of loans currently approved 
would be denied to maintain the same level of credit risk. This could 
put as much as $270 billion of consumer credit in jeopardy.
    We look forward to working with this Committee and the full Senate 
to move a strong package of reforms into law this year and ensure that 
the Fair Credit Reporting Act becomes an even more effective tool for 
meeting the financial interests of American consumers. Accomplishing 
this task is vital to the future of our economy. With improved national 
standards, we can make great strides to protect our citizens against 
identity theft, while holding open the doors of credit to many more 
American families of every income and background.

               PREPARED STATEMENT OF MICHAEL F. McENENEY

                Partner, Sidley Austin Brown & Wood LLP
               on behalf of the U.S. Chamber of Commerce
                             July 31, 2003

     Good morning, Mr. Chairman, Senator Sarbanes, and Members of the 
Committee. My name is Michael F. McEneney and I am a Partner at the law 
firm of Sidley Austin Brown & Wood LLP. I am pleased to have the 
opportunity to appear before you today on behalf of the U.S. Chamber of 
Commerce. The U.S. Chamber serves as the principal voice of the 
American business community here in the United States and around the 
world. Specifically, the Chamber is the world's largest business 
federation, representing more than three million businesses of every 
size, sector, and region of the country.
     The FCRA has provided a robust framework for the most advanced 
consumer credit and insurance markets in the world. A key component of 
this success is the fact that the FCRA establishes a single national 
system in which our credit and insurance markets can operate smoothly. 
This has resulted in significant consumer benefits, in the form of 
increased credit and insurance availability at lower costs, and has 
provided a source of strength for our economy. The national uniformity 
of key provisions in the FCRA is currently scheduled to expire on 
January 1, 2004. Making these provisions permanent has been a high 
priority for the Chamber and the business community generally. We urge 
the Members of the Committee to make these provisions permanent.

The Economic Importance of National Uniformity
     At the beginning of the Committee's deliberations on these issues, 
there were a number of questions raised about the significance of the 
national uniformity established by the FCRA. A recent study entitled 
``The Fair Credit Reporting Act: Access, Efficiency, and Opportunity'' 
goes a long way to answering those questions. The study was prepared by 
the Information Policy Institute (IPI) with the support of the National 
Chamber Foundation of the U.S. Chamber of Commerce. The aim of the 
study was to examine specifically whether a loss of the existing 
framework of preemption would threaten the benefits of our credit 
markets currently enjoyed by consumers. This study relied on hard data 
to determine the impact on consumers and industry if the national 
uniform standards were lost. I would like to share some of the study's 
findings with the Committee.

In General
     In all areas of inquiry, the IPI found that the national uniform 
standards established by the FCRA have contributed significantly to the 
consumer benefits of the current credit marketplace. Further, the IPI 
found few quantifiable direct or indirect costs to consumers associated 
with the national uniform standards. The study concluded that the loss 
of the existing framework of preemptions would threaten the current 
consumer benefits, and that Congressional action is necessary to ensure 
the continuity of our national standards.

Mortgages
     The study recognizes that many of the efficiencies developed by 
the mortgage underwriting market, such as automated underwriting, are 
made possible, at least in part, by the national uniformity established 
by the FCRA. According to the study, automated underwriting 
consistently does a better job of identifying loans that ultimately 
``perform''--loans that do not experience a serious delinquency or 
default. Moreover, automated underwriting allows mortgage underwriters 
to accommodate high volumes of activity. For example, in 2002, the 
Federal Reserve estimates that homeowners were able to gain access to 
approximately $700 billion of equity in their homes--an astounding 
figure that may not have been possible under a less efficient system. 
The introduction of mortgage underwriting efficiencies, which have 
resulted in part from the national uniformity established by the FCRA, 
also appear to have significantly reduced the costs of closing a loan, 
saving consumers at least $18.75 billion in 2002.

Credit Availability
     The study also examined four different scenarios under which the 
FCRA's national uniformity was allowed to expire and the FCRA's 
operative provisions were modified in ways suggested by existing 
legislative proposals in various States. The study examined the impact 
of these changes on six different commercial credit scoring models in 
order to approximate the impact on consumers and the cost of credit. In 
all four scenarios, the study found that loan approval rates would 
decrease or delinquencies would increase, resulting in increased costs 
to consumers. Furthermore, the predictive power of credit report 
information would decline, damaging creditors' ability to evaluate 
credit risk. If creditors cannot properly evaluate credit risk, one of 
two things generally occurs in order to hedge against that increased 
risk--creditors make less credit available, or they increase the cost 
of credit. Either way, consumers lose if the FCRA's national uniform 
standards expire.

Prescreening
     The study evaluated the current practice of ``prescreening'' 
customers for preapproved offers of credit. According to the study, 
increased competition which has been driven in part by prescreening, 
has caused interest rates to be lower overall than they were in 1990. 
The study also found that prescreening was the most important method of 
acquiring new credit card customers, and that restrictions on 
prescreening would increase costs to consumers, and decrease consumers' 
access to unsecured credit.

The Importance of National Uniformity to the Security of Consumers'
Personal Information
     The Chamber believes that it is important to pursue the goals of 
providing for continued access to credit as well as protecting the 
security of consumers' personal information. The national standards 
established by the FCRA are an important component of protecting the 
security of consumers' personal information. For example, the national 
uniform provisions under the FCRA ensure that financial institutions 
can have access to reliable credit report information for a variety of 
purposes, including identity theft prevention. Indeed, the important 
role credit reports can play in the efforts of financial institutions 
to verify the identity of their customers has been recognized as part 
of the regulatory efforts to implement the customer identification 
provisions of the USA PATRIOT Act.
     The national uniform standards also allow companies to prevent 
identity theft in other ways. Under the FCRA, companies have a single 
Federal standard governing their ability to share information among 
affiliated entities. A key purpose for the sharing of information among 
affiliates is to prevent fraud, including identity theft. The FCRA also 
establishes a uniform standard for prescreening consumers for credit. 
It is noteworthy that the fraud rates, including identity theft, are 
significantly lower on accounts acquired through prescreening than 
accounts acquired through other means. Providing States the opportunity 
to enact their own prescreening rules would make this more secure 
method of customer acquisition less attractive if not impossible.
     The national standards established by the FCRA also ensure that 
consumers have the tools necessary to protect themselves against 
identity theft. For example, consumers are provided a standardized 
notice if they are the subject of adverse action based on a consumer 
report. This notice, which is uniform across the country, informs the 
consumer of the adverse action and notifies the consumer that the 
action was based, at least in part, on information from a credit 
report. This is a ``red flag'' to the consumer to check the credit 
report to ensure its accuracy. Furthermore, the FCRA establishes a 
single timeframe under which credit bureaus have to reinvestigate any 
consumer disputes. I think we can all agree that it is challenging 
enough for credit bureaus and consumers to resolve identity theft 
issues under a single set of rules--imagine the difficulty if credit 
bureaus had to comply with different rules depending on where the 
consumer is located.

The Practical Application of the FCRA to Underwriting
     Although the broad concepts I have discussed to this point are 
important, I would like to provide a more practical application of how 
the credit reporting and underwriting process thrive under the FCRA. 
The concept of credit underwriting, or the analysis of economic risk on 
which a decision to lend money is based, has received repeated mention 
by many participants in the debate, but at no point have we really 
stopped to talk about what that means. I have attached an example to my 
testimony consisting of two simple revolving loan portfolios, each 
containing 100 loans of $1,000 apiece, and each paid off within a year. 
One portfolio has an interest rate of 5 percent, the other a rate of 18 
percent.
     If one loan in the 5 percent portfolio were to immediately default 
(whether because of identity theft, consumer bankruptcy, or poor 
judgment on the part of the lender), it would take the interest 
payments from 41 performing loans to compensate for that default. If, 
instead, as few as three borrowers default, the lender is completely 
underwater--and will lose money--even before facing the expense of 
managing 97 other loans. If one loan in the 18 percent portfolio 
defaults, it takes the interest from 12.11 performing loans to 
compensate for that one default. Even if the lender gets it exactly 
right 92 percent of the time, no matter how well those 92 consumers pay 
their bills, the lender is in serious trouble.
     There is not much more to underwriting than that. And this is why 
it is so important for lenders to be able to assess credit risk 
accurately. The complicated part occurs when trying to fit the maximum 
number of borrowers into the continuum of rates between 5 and 18 
percent while keeping defaults to a minimum. Whoever does the best job 
of fitting borrowers to a particular interest rate attracts the most 
customers because they can offer the lowest rate and manage their 
defaults so they still make money. Anything that enhances this process 
has obvious consumer benefits. Since 1996, the seven preemptions of the 
FCRA have enabled lenders, at a national level, to take advantage of 
technological advances to serve their customers while greatly refining 
their ability to fit the right borrower into the right rate.

Potential Issues for Enhancement
Identity Theft
     One issue that deserves serious consideration is identity theft. 
Although identity theft is not caused by the FCRA, we believe the FCRA 
can certainly provide part of the solution. In general, we believe that 
there is a common theme that should guide the Committee in its 
consideration of provisions to combat identity theft. More 
specifically, the Chamber believes that the methods used to address 
potential identity theft scenarios should be flexible, allowing 
companies to utilize the means most efficient to them to thwart 
identity thieves. Indeed, a ``one-size-fits-all'' approach may not 
work--the challenges presented by identity thieves will invariably 
change over time and the tools used to combat the thieves should change 
as well.
     The Chamber is concerned that if the methods for preventing 
identity theft are ``written in stone,'' companies will be forced to 
devote resources to complying with these methods, regardless of whether 
they become outdated or if more efficient 
alternatives become available. Furthermore, if companies must adhere to 
specific statutory requirements with respect to identity theft, it may 
become very difficult for companies to alter their procedures in light 
of the constantly evolving nature of identity theft schemes.

Access to Credit Reports
     It is important for a consumer to have access to his or her credit 
report in order to ensure the report's accuracy, as well as to address 
any instance of identity theft as soon as possible. The FCRA currently 
ensures that access to credit reports is relatively inexpensive--the 
cost is capped by law at $9. In addition, the Chamber strongly supports 
the provisions in current law that provide consumers with access to 
their credit report at no charge in certain situations. For example, a 
consumer can obtain his or her credit report for free if the consumer: 
(i) has been the subject of ``adverse action'' (for example, denial of 
credit) due in part to information in a credit report; (ii) is 
unemployed and intends to apply for employment; (iii) is a recipient of 
public welfare assistance; or (iv) has reason to believe that the file 
on the consumer at the credit bureau contains inaccurate information 
due to fraud, including identity theft.
     Aside from the numerous instances when a consumer currently can 
obtain a copy of a credit report for free, some have advocated 
providing consumers with a credit report at least once annually at no 
charge. The Chamber welcomes the consideration of how to make credit 
reports more available to consumers. We believe, however, that this 
issue merits careful study before next steps are taken. In particular, 
there should be a careful examination of the costs associated with a 
``free'' credit report in order to ensure that there are no unintended 
consequences. For example, the costs of providing free reports and the 
related customer service will have to be absorbed by the consumer. 
Moreover, resources that are currently dedicated to investigating 
potential errors in consumer reports, or assisting consumers with 
resolving identity theft claims, will need to be redirected to meet the 
demand for ``free'' credit reports. It should also be noted that a 
single, well-placed national news article or widely circulated e-mail 
could create significant spikes in demand for credit reports that 
simply could not be met without severe disruption to the other 
important customer service functions performed by credit bureaus.

Investigating Wrongdoing in the Workplace
     Currently, the broad definitions of ``consumer report'' and 
``consumer reporting agency,'' as interpreted by the FTC, appear to 
apply if an employer uses outside experts to investigate employee 
misconduct. This results in the outside firm, such as an accounting 
firm or law firm, potentially becoming a consumer reporting agency for 
purposes of the FCRA. Because of the difficulties in conducting an 
investigation while complying with the FCRA's requirements, and because 
employers and investigators face significant potential liability, 
including punitive damages, for failure to comply with the FCRA's 
requirements, the FTC's interpretation deters employers from using 
experienced and objective outside organizations to investigate 
workplace misconduct. While the FTC's interpretation affects all 
businesses, it is particularly damaging to small and medium businesses 
that do not have in-house resources to conduct their own 
investigations.
     The Chamber strongly believes that Congress should take this 
opportunity to remedy this problem. We urge the Committee to adopt 
legislation that would exclude employment investigations which are not 
for the purpose of investigating the employees' creditworthiness from 
the FCRA requirements. Such legislation has been introduced on the 
House side in the past few Congresses by Representatives Pete Sessions 
and Sheila Jackson-Lee and was included as Title VI of the Fair and 
Accurate Credit Transactions Act of 2003, which was approved by the 
House Financial Services Committee on July 24. I want to stress that 
the Sessions/Jackson-Lee language in the FACT Act is a narrow 
correction of an obvious problem created by current interpretation of 
the law. In addition, the legislation should not leave those suspected 
of misconduct without protection--it still requires that employers who 
take adverse action against an employee based on information from an 
investigation provide the employee with a summary of the nature and 
substance of the report. We urge the Senate to address the problem 
created by the FTC's interpretation by enacting the Sessions/Jackson-
Lee language.

Conclusion
     Once again, I would like to thank the Committee for its efforts in 
examining ways to maintain the consumer benefits of our current 
financial marketplace while also protecting the security of consumers' 
personal information. The Chamber strongly endorses the criteria 
suggested by Treasury Secretary Snow that any amendments to the FCRA 
affecting the credit reporting or credit underwriting process should 
enhance both personal data security and access to and availability of 
credit. Our recommendations are made with this formulation in mind. The 
Chamber looks forward to working with you, Mr. Chairman, and with other 
Members of the Committee as your efforts to amend the FCRA progress.
     Thank you again for the opportunity to appear before you today. I 
would be happy to answer any questions you may have.



         RESPONSE TO WRITTEN QUESTIONS OF SENATOR DOLE
                       FROM JOHN W. SNOW

Q.1. Our credit system is based on a voluntary reporting system 
in which it is in the furnisher's best interest to report 
information to the credit bureaus. Do you believe that some of 
the duties imposed on the furnishers by the House bill could 
jeopardize the willingness of furnishers to participate in the 
system?

A.1. We support H.R. 2622 and commend Chairman Oxley and 
Ranking Member Frank for their hard work. However, some 
provisions go too far. The new requirements concerning the 
accuracy of consumer information contained in H.R. 2622 were 
not in the Administration's proposal. We are concerned that 
these new requirements may lead to some furnishers dropping out 
of our voluntary credit reporting system or simply deleting 
disputed information. This would not advance consumers' 
interest in the security and the completeness of their credit 
reports. We have been working with the House to resolve these 
concerns to ensure that we maintain a robust, national credit 
reporting system and protect consumers' interests in access to 
credit and other financial services, while at the same time 
protecting their interest in the accuracy and security of their 
information. My staff and I would be pleased to discuss the 
matter further with you and Members of the Committee.

Q.2. The House accepted an amendment to allows consumers to go 
directly to a furnisher, whether it be a retailer or a bank, to 
dispute what they believe to be incorrect information on their 
credit report. Does the Treasury have a position on this 
language? What, if any changes to the language, would the 
Treasury recommend?

A.2. We support H.R. 2622 and commend Chairman Oxley and 
Ranking Member Frank for their hard work. The new proposal to 
allow consumers to initiate disputes directly with furnishers 
contained in H.R. 2622 was not in the Administration's 
proposal. We are concerned that this proposal may lead to some 
furnishers dropping out of our voluntary credit reporting 
system. Also, a cornerstone of both the Administration's 
proposal and H.R. 2622 is the ability for all consumers to 
obtain a free credit report every 12 months from each of the 
three nationwide consumer reporting agencies. If this becomes 
law, consumers will be more familiar with the role of the 
consumer reporting agencies. Given this likely greater 
familiarity, it makes sense to direct consumer disputes to the 
consumer reporting agencies, which can efficiently refer the 
disputes to the appropriate furnisher. We are working with the 
House to resolve these concerns to ensure that we maintain a 
robust, national credit reporting system and protect consumers' 
interests in access to credit and other financial services, 
while at the same time protecting their interest in the 
accuracy and security of their information. My staff and I 
would be pleased to discuss the matter further with you and 
Members of the Committee.

Q.3. It's my understanding the 1996 Amendments to the FCRA gave 
credit bureaus the ability to dismiss consumer disputes they 
deem to be frivolous. If Congress decides to allow consumers to 
register disputes directly with furnishers, should we give 
furnishers the same ability to dismiss frivolous claims?

A.3. Yes. Frivolous claims should on no account be acceptable.