[House Hearing, 112 Congress]
[From the U.S. Government Publishing Office]





   FIELD HEARING ON SOCIAL SECURITY NUMBERS AND CHILD IDENTITY THEFT

=======================================================================

                                HEARING

                               before the

                    SUBCOMMITTEE ON SOCIAL SECURITY

                                 of the

                      COMMITTEE ON WAYS AND MEANS
                     U.S. HOUSE OF REPRESENTATIVES

                      ONE HUNDRED TWELFTH CONGRESS

                             FIRST SESSION

                               __________

                           SEPTEMBER 1, 2011

                               __________

                             Serial 112-SS9

                               __________

         Printed for the use of the Committee on Ways and Means









                                _____

                  U.S. GOVERNMENT PRINTING OFFICE

74-006                    WASHINGTON : 2011
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing 
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC 
area (202) 512-1800 Fax: (202) 512-2104  Mail: Stop IDCC, Washington, DC 
20402-0001




                     COMMITTEE ON WAYS AND MEANS

                    SUBCOMMITTEE ON SOCIAL SECURITY

                      SAM JOHNSON, Texas, Chairman

KEVIN BRADY, Texas                   XAVIER BECERRA, California
PAT TIBERI, Ohio                     LLOYD DOGGETT, Texas
AARON SCHOCK, Illinois               SHELLEY BERKLEY, Nevada
RICK BERG, North Dakota              FORTNEY PETE STARK, California
ADRIAN SMITH, Nebraska
KENNY MARCHANT, New York

                       Jon Traub, Staff Director

                  Janice Mays, Minority Staff Director

                                 ______














                            C O N T E N T S

                               __________

                                                                   Page

Advisory of September 1, 2011 announcing the hearing.............     2

                               WITNESSES

Stacey Lanius Plano, Texas.......................................     5
    Testimony....................................................     7
Steve Bryson Allen, Texas........................................     9
    Testimony....................................................    10
Deanya Kueckelhan Director, Southwest Region, Federal Trade 
  Commission, Dallas, Texas......................................    11
    Testimony....................................................    13
Lynne M. Vieraitis, Ph.D. Associate Professor of Criminology, 
  University of Texas at Dallas, Richardson, Texas...............    27
    Testimony....................................................    30
Robert Feldt, Special Agent In-Charge, Office of the Inspector 
  General, Social Security Administration, Dallas Field Division, 
  Dallas, Texas, accompanied by Antonio Puente, Special Agent, 
  Dallas Field Division, San Antonio, Texas......................    36
Testimony, Robert Feldt..........................................    38
Testimony, Antonio Puente........................................    46

 
   FIELD HEARING ON SOCIAL SECURITY NUMBERS AND CHILD IDENTITY THEFT

                              ----------                              


                      THURSDAY, SEPTEMBER 1, 2011

             U.S. House of Representatives,
                       Committee on Ways and Means,
                           Subcommittee on Social Security,
                                                    Washington, DC.
    The subcommittee met, pursuant to call, at 12:00 p.m., in 
the Plano City Council Chamber, 1520 Avenue K, Plano, Texas, 
Honorable Sam Johnson [chairman of the subcommittee] presiding.
    [The advisory of the hearing follows:]

ADVISORY

FROM THE 
COMMITTEE
 ON WAYS 
AND 
MEANS
September 01, 2011

                    Subcommittee on Social Security

              Chairman Johnson Announces Field Hearing on

            Social Security Numbers and Child Identity Theft

    U.S. Congressman Sam Johnson (R-TX), Chairman of the House 
Committee on Ways and Means Subcommittee on Social Security announced 
today that the Subcommittee will hold a field hearing on Social 
Security numbers (SSNs) and child identity theft. The hearing will take 
place on Thursday, September 1, 2011 in the Plano City Council Chamber, 
1520 Avenue K, Plano, Texas at 12:00 p.m. Central Standard Time.
      
    In view of the limited time available to hear witnesses, oral 
testimony at this hearing will be from invited witnesses only. However, 
any individual or organization not scheduled for an oral appearance may 
submit a written statement for consideration by the Committee and for 
inclusion in the printed record of the hearing. A list of invited 
witnesses will follow.
      

BACKGROUND:

      
    According to the U.S. Department of Justice, between 2006 and 2008, 
approximately 11.7 million people were victims of identity theft. The 
Federal Trade Commission (FTC) estimates that identity theft costs 
consumers about $50 billion annually. Further, identity theft is often 
used to facilitate other crimes, including credit card, document, or 
employment fraud. The Social Security number (SSN) is especially 
valuable to identity thieves who can use it to create a false identity 
in order to open accounts or obtain other benefits in the victim's 
name.
      
    Perhaps more disturbing is the growing trend in child identity 
theft. There were 19,000 cases of child identity theft reported to the 
FTC in 2009, a 192 percent increase since 2003 when 6,500 cases were 
reported.
      
    Family members may use a child's name and SSN to obtain new credit. 
Other criminals may obtain a child's name and SSN or use different 
names and birth dates to avoid detection as businesses granting credit 
may not ensure names, SSNs, or dates of birth match. In the meantime, 
children of all ages whose SSNs have been compromised may discover 
years later that they have a record of bad debt including years of 
unpaid bills, credit card debt, or loan defaults. Recently, the FTC has 
intensified its work regarding the growing problem of child identity 
theft, gathering identity theft experts and law enforcement officials 
for the first ever conference on child identity theft in July 2011 
entitled, ``Stolen Futures, A Forum on Child Identity Theft.''
      
    In announcing the hearing, Chairman Sam Johnson (R-TX) stated, 
``Identity thieves prey on the good credit of law abiding citizens. 
Social Security numbers, even those belonging to children, are often 
the keys to pulling off these crimes. Taking steps to stop the overuse 
of Social Security numbers and giving law enforcement better tools to 
stop these thieves will help prevent identity theft and further protect 
the privacy of all Americans and their children.''
      

FOCUS OF THE HEARING:

      
    The Subcommittee will examine the emerging patterns of child 
identity theft, the role of SSNs in these crimes and steps families can 
take to help protect themselves. Legislative options to help prevent 
these crimes and assist law enforcement will also be considered.
      

DETAILS FOR SUBMISSION OF WRITTEN COMMENTS:

      
    Please Note: Any person(s) and/or organization(s) wishing to submit 
for the hearing record must follow the appropriate link on the hearing 
page of the Committee website and complete the informational forms. 
From the Committee homepage, http://waysandmeans.house.gov, select 
``Hearings.'' Select the hearing for which you would like to submit, 
and click on the link entitled, ``Click here to provide a submission 
for the record.'' Once you have followed the online instructions, 
submit all requested information. ATTACH your submission as a Word or 
WordPerfect document, in compliance with the formatting requirements 
listed below, by the close of business on Thursday, September 15, 2011. 
Finally, please note that due to the change in House mail policy, the 
U.S. Capitol Police will refuse sealed-package deliveries to all House 
Office Buildings. For questions, or if you encounter technical 
problems, please call (202) 225-1721 or (202) 225-3625.
      

FORMATTING REQUIREMENTS:

      
    The Committee relies on electronic submissions for printing the 
official hearing record. As always, submissions will be included in the 
record according to the discretion of the Committee. The Committee will 
not alter the content of your submission, but we reserve the right to 
format it according to our guidelines. Any submission provided to the 
Committee by a witness, any supplementary materials submitted for the 
printed record, and any written comments in response to a request for 
written comments must conform to the guidelines listed below. Any 
submission or supplementary item not in compliance with these 
guidelines will not be printed, but will be maintained in the Committee 
files for review and use by the Committee.
      
    1. All submissions and supplementary materials must be provided in 
Word format and MUST NOT exceed a total of 10 pages, including 
attachments. Witnesses and submitters are advised that the Committee 
relies on electronic submissions for printing the official hearing 
record.
      
    2. Copies of whole documents submitted as exhibit material will not 
be accepted for printing. Instead, exhibit material should be 
referenced and quoted or paraphrased. All exhibit material not meeting 
these specifications will be maintained in the Committee files for 
review and use by the Committee.
      
    3. All submissions must include a list of all clients, persons, 
and/or organizations on whose behalf the witness appears. A 
supplemental sheet must accompany each submission listing the name, 
company, address, telephone, and fax numbers of each witness.
      
    Note: All Committee advisories and news releases are available on 
the World Wide Web at http://www.waysandmeans.house.gov/.

                                 

    Chairman JOHNSON. The hearing will come to order.
    Back in November 1936, the U.S. Postal Service first began 
issuing Social Security cards to workers. Even though Social 
Security numbers were created to track earnings for determining 
Social Security benefits, today these numbers are widely used 
as personal identifiers.
    Some uses of Social Security numbers are mandated, for 
example, for income and tax-related reporting to the IRS by 
employers, banks and insurance companies. Countless other 
businesses use this nine-digit number as a default identifier 
to facilitate the matching of consumer information. Also, many 
businesses wrongly use Social Security numbers to prove an 
individual is who they say they are; in other words, an 
identification number.
    Once a thief has someone's Social Security number, they're 
often able to open new accounts, access existing accounts or 
obtain other benefits in the victim's name. In fact, in their 
April 2007 report, the Identity Theft Task Force created by 
President George Bush identified the Social Security number as 
the most valuable commodity for an identity thief. Months or 
even years later, victims first learn about the crime often 
after being denied credit or employment or being contacted by a 
debt collector.
    As we will hear from two of our witnesses today, learning 
your private, personal and financial information has been 
compromised is devastating. Even worse, victims must take the 
lead in repairing and restoring their records.
    For years victims have to prove who they are while 
monitoring credit reports, arguing with collection agencies and 
dealing with the IRS and Social Security about wages they 
didn't earn and taxes they don't owe. Some may learn they have 
a criminal record which could disqualify them for a job.
    Americans are right to be concerned. According to the 
Department of Justice, in 2009, ID theft claimed over 11 
million victims. That's 5 percent of all adults. The Privacy 
Rights Clearinghouse reports a total number of known records 
that have been compromised since 2005 through last week topped 
535 million.
    Increasingly, identity thieves are aiming their sights on 
children. There were 19,000 cases of child identity theft 
reported to the FTC in 2009 a 192 percent increase since 2003. 
From the criminal's point of view, children provide easy 
targets since they have no debt history and no reason to check 
their credit cards.
    Child ID thieves may operate undetected for years until the 
child applies for driver's license, credit card or jobs and 
learns their ID has been compromised. In some very sad cases, 
the child is a victim of a relative. In the meantime, children 
of all ages whose Social Security number has been compromised 
may have a record of credit card debt, mortgage default or 
falsified employment.
    As we will hear from the Director of the Federal Trade 
Commission, Southwest Region today, the FTC has recently 
intensified its work regarding the growing problem of child 
identity theft, gathering experts and law enforcement officials 
last month for the first time ever conference on child identity 
theft.
    And we will gain some insights on the identity thieves 
themselves based on the research of one of our own University 
of Texas at Dallas professors who will share the results of her 
interviews conducted with ID thieves. Lastly, we will hear from 
the local agents from the Social Security Administration Office 
of the Inspector General about their successes and challenges 
as they work to apprehend ID theft cases.
    Congress needs to finish its work on ID theft. Previously, 
bipartisan legislation has been passed by the Ways and Means 
Committee to protect the privacy of Social Security numbers and 
prevent identity theft. While progress has been made, because 
Social Security number use is so widespread, and there are 
several Committees of Jurisdiction, we have yet to reach 
agreement on the right ways to limit SSN access.
    In the mean time, this Committee can make progress by 
removing Social Security numbers from Medicare cards. To that 
end, I have introduced with my Texas colleague, Lloyd Doggett, 
the Medicare Identity Theft Prevention Act.
    The risk of ID theft goes far beyond the card being stolen. 
Every medical record at doctor's offices, hospitals and nursing 
homes has a Social Security number written on it. The fact that 
millions of Social Security numbers are readily available to 
identify thieves for the taking is kind of unbelievable.
    The Centers for Medicare and Medicaid Services have refused 
to act; and if they won't do right for America's seniors, we 
will try. With the help of information gathered from our 
witnesses today, we can also do what's right for children and 
help protect them from ID theft.
    I thank all of you for being here today and sharing with us 
the information that you have. As is customary, any member of 
this committee is welcome to submit an opening statement for 
the record; but before we move on, I want to remind our 
witnesses to limit their oral statements to five minutes. And 
without objection, all written testimony will be made part of 
the permanent record.
    Chairman JOHNSON. We have one panel today and our witnesses 
who are seated at the table are: Stanley Lanius from Plano. 
Raise your hand.
    Ms. LANIUS. Stacey.
    Chairman JOHNSON. Stacey it is. Excuse me. I was looking 
for a guy and it's a girl. Thank you for being here, ma'am. I 
apologize.
    Steve Bryson from Allen; and Deanya Kueckelhan, Director 
Southwest Region, Federal Trade Commission from Dallas; and 
Lynne Vieraitis, Ph.D. Associate Professor of Criminology in 
the University of Texas, Dallas in Richardson; Robert Feldt, 
Special Agent In-Charge, Office of the Inspector General, 
Social Security Administration, Dallas. And Mr. Feldt is 
accompanied by Antonio Puente, Special Agent from the Dallas 
Field Division in San Antonio. And now we will proceed.
    Ms. Lanius, welcome. You may proceed.

            STATEMENT OF STACEY LANIUS, PLANO, TEXAS

    Ms. LANIUS. Chairman Johnson, Members of the Subcommittee, 
thank you for inviting me to testify today about my personal 
experience with identity theft.
    During 1986, I was a sophomore at the University of Texas 
at Austin. At that time, I was using my maiden name Stacey 
Rogers. An organization on campus was doing a fundraiser that 
involved credit card application. There were groups of five 
applications and the organization made money off of each group 
of cards that an individual applied for. The cards were 
MasterCard, Neiman Marcus, Sears, Zales Jewelry Store and 
Dillard's. I remember.
    I asked my parents if I could apply for the cards to help 
my classmate with her fundraising project. My parents thought 
this was a good idea so that I could start building a credit 
history. Of course, they cautioned me about overusing the 
cards. I completed the five applications but never heard 
anything back. I was not worried. I assumed that because I was 
a full-time student with limited income the companies had 
denied my application.
    Two years later, I made a purchase in Dillard's department 
store and paid by check. The clerk denied my check and told me 
I had to go to Customer Service. At Customer Service, I was 
told that I had exceeded my limit on my Dillard's credit card 
and was behind on my payment. I told the clerk I didn't have a 
Dillard's credit card and asked to see the transactions on the 
account. There were numerous transactions on the account 
spanning two years.
    I was able to obtain copies of the receipts for these 
purchases and on one single receipt the store clerk had asked 
for a driver's license so there was a driver's license number 
for me. My father was an FBI agent and I asked him to run the 
license and we discovered that a woman who shared my name, 
Stacey Rogers, was the one who made the purchases.
    At the time, there was no Internet so I drove to the credit 
bureaus and requested copies of my credit report. This woman 
had somehow intercepted the five credit card applications for 
which I had applied two years before. She changed the address 
on the accounts so that when the cards were issued, they went 
straight to her. I never knew I had been approved for the 
cards. My best guess at the time that was that she worked at 
the business that processed the applications, saw that we 
shared the name and altered the applications. She also kept my 
Social Security number for future use.
    On my credit reports, those five accounts were charged to 
the max and were all delinquent. Additionally, she had used my 
Social Security number to apply for more credit and financing. 
There were thousands of dollars in charges and numerous 
delinquent accounts on my credit history due to this theft of 
my identity.
    In 1988 when I graduated and went to work for KPMG, my poor 
credit history followed me as it did for years; when I tried to 
get my first apartment lease, when I tried to purchase my first 
car, when I tried to actually apply for a credit card. And 
someone, the other Stacey Rogers, continued to use my Social 
Security number to finance everything from televisions to 
surgeries.
    Each time I would go to a vendor to explain the problem or 
go to the credit bureaus to get the fraudulent purchases off my 
credit report, I was told that I needed to prove I had not made 
the purchases. How does one go about proving such a negative? I 
diligently visited every credit bureau, circling the accounts I 
claimed were fraudulent. The accounts stayed on my record, but 
a note was added there was a claim of fraud on the account.
    In 1991, I married and my legal name changed. Several years 
later I finally noticed a decrease in fraudulent activity. I 
now have an excellent credit rating, have successfully financed 
the purchase of two homes and am free of the effects of the 
identity theft. However, the stress that that caused was 
tremendous occurring at a point in my life when I was just 
getting started as an adult. I now guard my Social Security 
number very carefully and try to check my credit on an annual 
basis.
    Mr. Chairman, thank you again for this opportunity to share 
my story. I would be happy to answer any questions you or the 
other members may have.
    Chairman JOHNSON. Thank you, ma'am. We appreciate you being 
here. We'll postpone the questions until everyone has 
testified.
    [The prepared statement of Ms. Lanius follows:]






    Chairman JOHNSON. Mr. Bryson, you're recognized. Five 
minutes.

            STATEMENT OF STEVE BRYSON, ALLEN, TEXAS

    Mr. BRYSON. Thank you, Mr. Chairman. I would like to thank 
Congressman Johnson and the Members of the Subcommittee for 
allowing me to tell my family's story concerning identity 
theft.
    A couple years ago my 17-year-old stepdaughter applied for 
a lifeguard job at a church camp in a summer job in Tyler, 
Texas. One of the prerequisites of this job was a simple 
background check of all employees by using Social Security 
numbers. This was done through the Safe Churches Project of 
Safe Advantages Services, which is a member of the First 
American family of companies.
    My daughter submitted her Social Security number to the 
church and a background check was run. A few weeks later, we 
received a result of that check and were shocked to that find 
her Social Security number was being used by six to seven 
people in California, Nevada and Texas. In one case, two people 
living at the same address in Houston, Texas were using this 
number.
    The Social Security number was assigned to her when she was 
born February 12, 1993; and since she was a minor, there was no 
reason for us to monitor or have any issue with it. Upon 
learning about this number of people, my wife contacted the 
local Social Security office here in Collin County and was 
informed that since she was a minor, there was very little they 
can help with.
    I contacted a friend of mine in Tyler, Texas who's a 
retired FBI agent and he said that there was very little the 
Federal Government could or would do to help, and he said the 
only recourse we had was to contact the various credit agencies 
around the country and to send letters to the police and 
sheriff's departments in the cities where these individuals 
lived.
    We contacted the credit rating agencies first and found 
that there was very little help due to the fact, again, that 
she was a minor. They did not even have her listed. At the 
time, we felt that there was no help and attempts to monitor or 
control. This was useless. It would cost a lot of money and a 
lot of time.
    It's my opinion that her Social Security number was 
purchased, that these people purchase these numbers and that 
most probably they were here in the United States illegally. 
Identity theft is a crime whether you are buying, selling or 
using the Social Security number. This is a problem that seems 
to be growing daily. And I'm concerned that this is not being 
made a top priority by the Federal Government.
    Chairman Johnson, I have no idea how this--what definitive 
impact this will have on my daughter now or in the future, but 
I do feel like at some point in time this will come up. In the 
mean time, there are at least six people who are out using her 
Social Security number who obtain jobs, credit, loans, possibly 
some type of benefits under Social Security.
    Mr. Chairman, in conclusion, I do not believe that it 
should be the sole responsibility of the individual who is the 
victim of identity theft to attempt to correct these problems. 
I thank you again for your time and the Committee.
    Chairman JOHNSON. Thank you, sir. I agree with you, we need 
to help you if we can. That's why we're having this hearing 
today.
    [The prepared statement of Mr. Bryson follows:]






    Chairman JOHNSON. Ms. Kueckelhan, welcome. You may proceed.

  STATEMENT OF DEANYA KUECKELHAN, DIRECTOR, SOUTHWEST REGION, 
            FEDERAL TRADE COMMISSION, DALLAS, TEXAS

    Ms. KUECKELHAN. Thank you, sir. Chairman Johnson, 
Congressman Brady and Congressman Marchant. I'm Deanya 
Kueckelhan, Director of the Federal Trade Commission, Southwest 
Region, located here in Dallas and actually a native Texan. I 
have the privilege today of presenting the Federal Trade 
Commission's remarks on child ID theft.
    It is so unfortunate to hear the two stories that were just 
told. We've just heard that our children do become victims of 
identity theft. Identity thieves steal, deliberately steal a 
child's ID. They fabricate a Social Security number 
coincidentally that sometimes belongs to a child and they do 
that to obtain employment, to receive government benefits or to 
obtain a loan for credit. The Federal Trade Commission's 2010 
Consumer Signal Network Data Book shows that Texas ranks 5th 
among the states in ID theft complaints after Florida, Arizona, 
California and Georgia. And that's with over 24,000 complaints 
filed in the year of 2010 alone.
    A non-FTC study shows that 142,000 instances of identity 
fraud are perpetrated on minors in the U.S. each year. So child 
identity theft is especially harmful, though, Chairman Johnson, 
because it can go on so long undetected, until a child becomes 
an adult and perhaps applies for a college loan or a car loan 
or seeks employment.
    For this and other reasons, the Federal Trade Commission 
and DOJ's Office For Victims of Crime recently co-hosted Stolen 
Futures: A Forum On Child ID Theft on July 12th, 2011, this 
summer in Washington. We gathered panelists such as educators 
or child advocates and representatives of government agencies 
in the private sector as well as legal service providers and 
they discussed how to deter and remedy child ID theft.
    Panelists noted, among many other things, that identity 
thieves steal a child's ID from schools, from businesses, from 
government agencies and, unfortunately, panelists also 
discussed the fact that sometimes friends and desperate family 
members will use the ID of a child in hard economic times when 
they have a lack of access to credit. They become desperate to 
use that child's social security number in order to pay basic 
services such as heat or electricity or other utilities.
    Panelists also talked about sensitive health information, 
particularly related to the foster care system. Panelists 
stated that in the foster care system a child's information is 
circulated through the Social Services network as well as in 
school records which makes foster children particularly 
vulnerable to child ID theft. In essence, a child's ID is a 
blank slate and because of the unique qualities of child ID 
theft, oftentimes makes it more valuable to steal a child's ID 
than an adult's ID.
    Panelists also noted, as did Mr. Bryson, that the challenge 
this causes because parents don't routinely check a child's 
credit primarily is that children don't have a credit history; 
thus, parents have no reason to suspect a problem. One possible 
solution was mentioned by a panelist from the Utah Attorney 
General's Office, who described a proposed Utah initiative that 
would enable parents to enroll their child in a state identity 
protection program. Utah would pass the child's information on 
to TransUnion, which would in turn place a high risk alert on 
the child's name and information.
    Panelists throughout the day stressed prevention. 
Controlling and limiting access to a child's information is one 
of the best ways to deter child ID theft. Panelists recommended 
that parents and guardians and foster care parents challenge 
routine request for their children's ID. Shall I go on?
    Chairman JOHNSON. Continue.
    Ms. KUECKELHAN. Thank you. Panelists also suggested that 
parents learn how their children are using the Internet and 
Social media because children sometimes innocently divulge 
their personal information that could be used to commit ID 
theft. Panelists also encouraged increased outreach to foster 
care workers and directly to the foster youth, especially the 
older teen foster youth who are about to enter the adult world 
and exit the foster care system.
    The FTC's primary goal in co-hosting Stolen Futures was to 
learn more about this problem and develop messages for 
outreach. The FTC has already prepared new educational 
materials. I'm proud to say, they're already being distributed. 
We consulted with DOE on a back to school alert. We have it 
today on one of the tables upstairs. We will continue to 
distribute these. And I'm happy to answer questions.
    Chairman JOHNSON. Thank you, ma'am.
    Ms. KUECKELHAN. Thank you.
    Chairman JOHNSON. You know, a lot has started when we 
started giving out numbers at birth. And, you know, I don't 
know how many babies get credit, but I doubt very many of them 
do, and so that's caused a lot of problems. We're looking at 
that aspect of it, too.
    [The prepared statement of Ms. Kueckelhan follows:]






    Chairman JOHNSON. Dr. Vieraitis, welcome. Please go ahead.

STATEMENT OF LYNNE M. VIERAITIS, PH.D., ASSOCIATE PROFESSOR OF 
 CRIMINOLOGY, UNIVERSITY OF TEXAS AT DALLAS, RICHARDSON, TEXAS

    Dr. VIERAITIS. Thank you. Chairman Johnson, Members of the 
Committee, thank you for inviting me to discuss my research on 
identify theft at this hearing today. By presenting the 
perspectives of offenders, I hope to provide the Committee with 
a more comprehensive picture of identity theft, one that may 
offer suggestions of how it might be better controlled.
    The 9/11 highjackers, a single mother in Texas addicted to 
methamphetamine, a married father of three and college 
graduate, the girlfriend of a gang member of one of the most 
notorious Latin American gangs operating in the United States, 
they appear to share little in common. The one thing they do 
share is they were all identity thieves.
    I'm often asked to describe the typical identity thief; but 
as the aforementioned profiles suggest, it is difficult to 
paint a portrait of a typical one. The identity thieves we 
spoke with came from all walks of life and had diverse criminal 
histories. Their backgrounds ranged from upper to lower class, 
the unemployed to employed, from day laborers to professionals, 
middle school drop-outs to college graduates and from those 
with lengthy criminal histories to first-timers.
    We found that some thieves worked alone while others were 
involved in teams of up to 30 members. Some were fueled by 
their addictions to illegal drugs while others simply wanted to 
live above their means or meet day-to-day living expenses. The 
diversity in their backgrounds and current lifestyles 
influenced the ways in which they chose to carry out their 
crimes.
    So how do they steal information and what do they do with 
it? Those who worked alone typically used personal information 
of others to open credit card accounts or secure bank loans. In 
some cases, they used information available to them from their 
place of work. In some cases they used the information of 
family members, including their own children and friends. Other 
thieves used more sophisticated and elaborate schemes to dupe 
strangers into revealing their information. For example, one 
set up a fake employment site with applicants willingly 
supplying their information.
    The majority of the identity thieves we interviewed 
operated in teams. Street level identity theft rings, or SLIT 
rings for short, relied on numerous methods to steal and 
convert information. Some rings paid employees of companies to 
get information on clients or customers. Others targeted 
residential and commercial mailboxes, but most SLIT rings 
bought their information from another street-level criminal who 
was typically engaged in drug sales, robbery, burglary or other 
street crimes who sold the information to the ring leader. This 
information included driver's licenses and Social Security 
cards stolen from homes or cars. Some ring leaders claim that 
acquaintances, friends and family members provided their 
information in exchange for a fee.
    After stealing a victim's information, offenders applied 
for credit cards in the victim's names, opened new bank 
accounts, deposited counterfeit checks, withdrew money from 
existing bank accounts, applied for loans and opened utility or 
telephone accounts.
    Such transactions also require some form of official 
identification. To produce these documents, teams recruited 
employees of state or federal agencies with access to Social 
Security cards or birth certificates which were then used to 
order identification cards. They were also able to manufacture 
false cards using rogue employees of state departments of motor 
vehicles or other street hustlers who had managed to obtain the 
necessary equipment.
    Members of occupational teams use their legitimate place of 
employment to steal information and convert it to cash or goods 
acting almost exclusively with fellow employees to commit their 
crimes.
    In addition to the question of how they do it, I'm often 
asked why they do it. The simple answer: It's quick and easy 
money. But the answer is more complex.
    What we found when we spoke to offenders was that they 
engage in identity theft because they see it not just as 
financially rewarding but emotionally rewarding as well. They 
believe it to be relatively low in risk and find it easy to 
justify or excuse their actions. In short, they perceive the 
rewards to be high and the risks low.
    The identity thieves we spoke with were confident in their 
ability to profit from their crimes and to avoid detection; 
despite the fact we were speaking to them while they were 
incarcerated. Most didn't focus on the risks of crime, but all 
actively engaged in strategies to reduce the likelihood of 
detection by victims, law enforcement and financial 
institutions, including reducing the number and amount of 
transactions they conducted per identity. They selected certain 
times, persons and places to cash in and tried to blend in as 
much as possible.
    The crime of identity theft includes the acquisition of 
information as well as the use of that information. But there 
are several points along that crime continuum that can be 
addressed with policy. The challenge for policy makers and law 
enforcement is identifying policies and strategies that can 
target these weak points while at the same time allowing 
business and customers to conduct transactions.
    Several suggestions for prevention are provided that draw 
upon several well known situational crime prevention 
techniques. Each of these strategies is more effective when 
they can be catered to highly specific forms of identity theft, 
for example, child identity theft versus adult and identity 
theft committed by loaners versus those committed by SLIT 
rings.
    We must increase the effort and risk of obtaining 
information. We need to continue to promote awareness of 
identity theft and educate citizens on how to protect that 
information, and we may need specific guidance for parents to 
protect their children. We need to educate consumers on what to 
do when their identity is stolen and when it's used and 
encourage them to report to law enforcement. The National Crime 
Victimization Survey indicates that only 17 percent of the 
victims in their study reported it to law enforcement. We need 
to reduce unsafe business practices. Institutions that have 
data on children, including hospitals and schools should be 
particularly vigilant and we need to provide alternatives to 
agencies dealing with special populations, such as children in 
the foster care system.
    We need to increase the effort and risk of converting 
information. Systems should be in place to verify and alert 
credit granting agencies and employers who verify employment 
eligibility that a Social Security number is issued to a person 
under the age of 18.
    Chairman JOHNSON. Can you summarize?
    Dr. VIERAITIS. I'm sorry?
    Chairman JOHNSON. Can you summarize? Your time has expired. 
Can you summarize?
    Dr. VIERAITIS. Yes. Increase the risk of getting caught. 
Very briefly, what we need to know, identity theft and perhaps 
child identity theft in particular poses a challenge for law 
enforcement. We need to know more about identity theft and 
those who commit it and be better and more consistent in 
measures of identity theft and fraud, specifically frauds that 
target children.
    We need more systematic data collection from agencies 
responsible for personal information, agencies that use it, law 
enforcement agencies and from victims and from those who know 
most about how and why identity theft occurs, the identity 
thieves themselves. Thank you.
    Chairman JOHNSON. Thank you.
    [The prepared statement of Dr. Vieraitis follows:]






    Chairman JOHNSON. Mr. Feldt, I understand you and Mr. 
Puente are going to share the time.
    Mr. FELDT. Yes, sir.
    Chairman JOHNSON. Thank you. You may proceed. Thank you.

 STATEMENT OF ROBERT FELDT, SPECIAL AGENT-IN-CHARGE, OFFICE OF 
 THE INSPECTOR GENERAL, SOCIAL SECURITY ADMINISTRATION, DALLAS 
 FIELD DIVISION, DALLAS, TEXAS, ACCOMPANIED BY ANTONIO PUENTE 
    SPECIAL AGENT, DALLAS FIELD DIVISION, SAN ANTONIO, TEXAS

    Mr. FELDT. Good afternoon, Chairman Johnson, Members of the 
Subcommittee. My name is Robert Feldt. I'm the Special Agent 
In-Charge for Social Security OIG's Dallas Field Division, 
which handles Social Security fraud investigations in Texas and 
four other states. Thank you for the invitation to testify 
today.
    According to identity theft experts, identity thieves 
target child Social Security numbers because a child's SSN is 
usually issued at birth and not used for credit purposes for 
about 18 years. This allows for the potential long-term 
undetected abuse of a legitimate SSN, and the potential long-
term harm to a young person's financial future.
    We in the OIG appreciate the concern your Subcommittee has 
for families and their children with regard to identity theft, 
and we pursue as many SSN misuse cases as our resources allow. 
We receive thousands of SSN misuse allegations each year. Our 
agents participate in SSN issues task forces across the country 
investigating identity theft, as well as mortgage, bankruptcy 
and benefit fraud.
    In fiscal year 2010, we had more than 400 SSN misuse cases 
that resulted in criminal conviction. Some of our most 
fulfilling cases are those that lead to the arrest of an 
individual who used someone else's SSN to collect Social 
Security benefits, because we're able to repair a person's 
identity and recover stolen agency funds.
    Our agents have also recently reported a relatively new SSN 
issue scheme involving credit privacy numbers, or CPNs. These 
nine-digit numbers are sold by dishonest organizations usually 
on the Internet, to individuals with poor finances, with the 
promise the numbers will allow the individuals to create a new 
credit file. But consumers should know CPNs are not legal 
identification numbers. In fact, they are usually stolen SSNs, 
particularly those belonging to children, for the reasons I've 
mentioned.
    Our investigative and audit work has taught us that the 
more SSNs are used in day-to-day transactions, the higher the 
probability these numbers can be stolen and used to commit 
crimes. We've made many recommendations to SSA related to SSN 
integrity, and we support this Subcommittee's efforts to limit 
the use and display of the SSN. That information is detailed in 
my written statement for the record.
    In conclusion, OIG's investigators are committed to 
pursuing SSN misuse and identity theft cases. Our auditors and 
attorneys will also continue to make recommendations to your 
Subcommittee and to SSA to improve the integrity of SSNs, 
especially those belonging to children.
    Thank you again for the invitation to testify. I will yield 
my remaining time to Special Agent Antonio Puente.
    [The prepared statement of Mr. Feldt follows:]






    Chairman JOHNSON. Mr. Puente.
    Mr. PUENTE. Good afternoon, Chairman Johnson and Members of 
the Subcommittee. My name is Antonio Puente and I'm a Special 
Agent in SSA OIG's Dallas Field Division working out of the San 
Antonio office. Thank you for the invitation to testify.
    Identity theft is prevalent in Texas for several reasons. 
First, the Pew Hispanic Center estimates there are about 1.65 
million unauthorized immigrants in Texas. These individuals may 
seek other's personal information, like Social Security 
numbers, for reasons such as gaining employment and applying 
for government benefits.
    Also, identity thieves have relatively easy access to 
other's personal information. Many fraudulent vendors offer 
stolen or fabricated identity documents for a fee. I want to 
share a recent identity theft case that my office and other law 
enforcement agencies investigated near Austin.
    Last year, Pflugerville police learned that care takers in 
an area nursing home might have submitted false identity 
documents to gain employment. We verified SSNs of 43 employees 
suspected of submitting fraudulent personal information. The 
search revealed that 28 of the employees did, in fact, misuse 
an SSN. Twenty-three people were arrested. All of them pleaded 
guilty to buying a Social Security card from an unknown 
document vendor in the Austin area. In June, they were fined 
and sentenced to time served.
    The Department of Homeland Security identified these 
individuals as Mexican nationals unlawfully present in the 
United States, and they are currently in deportation 
proceedings. Before this investigation, the nursing home did 
not use Homeland Security's eVerify system to determine the 
employee's eligibility to work in the United States. I met with 
corporate officials and provided instructions for using the 
eVerify system.
    Also, the investigation revealed seven of 28 fraudulent 
SSNs belonged to children. The case shows that it's critical 
for parents to protect their children's Social Security cards 
and monitor their SSNs. In closing, I want to thank the many 
law enforcement agencies that contributed to this 
investigation, especially the Pflugerville police.
    Thank you for the invitation to testify, and we'll be happy 
to answer your questions.
    Chairman JOHNSON. Thank you, sir.
    Mr. PUENTE. Yes, sir.
    [The prepared statement of Mr. Puente follows:]






    Chairman JOHNSON. We're trying to push E-verify into all 
companies now, and I hope that makes a difference. I don't know 
if it will or not. Because they don't all use it right, you 
know that.
    Mr. PUENTE. Yes, sir.
    Chairman JOHNSON. As discussed, the time for each round of 
questions, I will limit my time to five minutes and ask my 
colleagues to also limit their questions to five minutes and 
any remarks that you care to make will be entered in the 
record.
    Mr. Bryson and Ms. Lanius, were either of you aware of the 
crime of identity theft when you or your family became victims?
    Mr. BRYSON. No, sir, I was not.
    Ms. LANIUS. No.
    Chairman JOHNSON. And had you heard of any precautions that 
you needed to take to protect your family's Social Security 
number.
    Ms. LANIUS. No.
    Mr. BRYSON. No.
    Chairman JOHNSON. No one advised you of that? Did both of 
you know where to go for help once you knew it occurred?
    Mr. BRYSON. No.
    Chairman JOHNSON. How did you find out, either one of you?
    Ms. LANIUS. I talked to the police and they told me there's 
really nothing that could be done because I had to prove I 
hadn't made those purchases. And I drove, because back then 
there was no Internet, to all the credit bureaus, and I had to 
drive to all the vendors begging them to stop reporting these 
purchases under my Social Security.
    Chairman JOHNSON. And they wouldn't help you?
    Ms. LANIUS. No one would help, no. The burden was on me and 
no one--no one would help. There was no place to go.
    Chairman JOHNSON. Do the credit guys help now?
    Okay. Thank you, Ms. Lanius. What did you do finally to 
prove that you didn't make these purchases? How did you finally 
get out from under that?
    Ms. LANIUS. I did not. I could only circle the items on the 
credit report that I was claiming were fraudulent. The credit 
agency at that time would put a note under those saying that 
the person--the account had claims this was a fraudulent 
purchase, but they still stayed on my report for seven years, 
and it still went into my credit rating for seven years. And 
that was the only thing I could do. I did speak to the doctor's 
office who called me to collect on a surgery she had had.
    Chairman JOHNSON. Wow.
    Ms. LANIUS. And they said all I could do was go in and 
prove by examination that he hadn't operated on me, and I was 
wasn't going to do that. So the surgery went on my credit 
history as well.
    Chairman JOHNSON. That's almost insurmountable. I don't 
understand that.
    Agent Feldt, would you explain what steps Social Security 
employees are instructed to take to help victims?
    Mr. FELDT. Yes, sir. SSA has processes in place to assist 
victims of identity theft. SSA personnel will work with 
identity theft victims to do several things. First, SSA will 
review the earnings reported under the SSNs and correct the 
record, if necessary.
    Chairman JOHNSON. Well, but in her case they didn't do it. 
Was Social Security not working at that point in time?
    Mr. FELDT. These policies were probably not in place at 
that time.
    Chairman JOHNSON. Okay.
    Mr. FELDT. That's correct.
    Chairman JOHNSON. So you're saying this couldn't happen 
again.
    Mr. FELDT. I would not be bold--so bold as to say that.
    Chairman JOHNSON. Okay.
    Mr. FELDT. They also have a few other procedures in place 
to help individuals if they've lost a card to retain a 
replacement card, and also to provide information to victims 
about the FTC and help they can provide. Also, although it's 
not an item that's used very often, they will take an 
application for a new Social Security number. However, the 
victim must prove they've been harmed in that situation.
    It is frowned upon to do that because ultimately if that--
if that step is taken, the Social Security numbers and the 
record will come together in time through the credit bureaus. 
So that's not very effective and it's discouraged. And lastly, 
employees will develop aspects of fraud in the matter and 
potentially refer it to the OIG for investigation.
    Chairman JOHNSON. Thank you.
    Mr. FELDT. Yes, sir.
    Chairman JOHNSON. I think my time's expired.
    Mr. BRADY. Chairman, thank you very much for holding this 
hearing. For the audience, from the first day I got to 
Congress, Chairman Johnson was an early and very vocal 
proponent regarding our Social Security ID numbers and shining 
a light on identity theft, so thank you. I had no idea the 
amount of child identity theft was occurring before you 
scheduled this hearing and as a parent to young boys, I'm more 
nervous than ever as a result.
    One of my frustrations on this committee and on these 
hearings has been how rare it is to--for an identity thief to 
be apprehended and prosecuted. It seems each week I pick up the 
newspaper, I see prosecution of Medicare frauds, securities 
fraud, consumer fraud. I can't remember the last time I saw a 
report of identity theft actually have been prosecuted.
    Ms. Lanius and Mr. Bryson, you both contacted law 
enforcement, I assume not satisfied with the result of that 
contact. So I wanted to ask Ms. Kueckelhan and Mr. Feldt, you 
know, give us perspective. What are the chances in America that 
an identity thief will be apprehended and prosecuted?
    Ms. KUECKELHAN. Congressman Brady, I can say the Federal 
Trade Commission, since 2001, has brought 34 data breach law 
enforcement actions and that is where massive breaches of 
Social Security numbers have occurred. And we will continue to 
bring those types of law enforcement actions.
    I'm also pleased to mention that we have brought the first 
mobile app misrepresentation case, filed on August the 15th. 
It's the first such case that a federal agency has brought. We 
brought it against a mobile app provider who obtained 
children's information and used that information and 
distributed it without the parents' consent.
    So we in our law enforcement area, if you're asking about 
that, we work more from the data breach than the bigger 
perspective. We also provide education and support to legal aid 
entities who represent ID theft victims. The FTC provides them 
with sample affidavits and letters, assistance on what to do, 
what steps to take.
    Mr. BRADY. Can I ask you, in these cases, there wasn't a 
data breach, so the Federal Trade Commission would not--is not 
or would not be pursuing cases that affected Ms. Lanius and Mr. 
Bryson.
    Ms. KUECKELHAN. We do not represent one individual in a 
private case. For a misrepresentation case, we look for a 
pattern and practice and that's why we take on the large data 
breach cases. Generally speaking, individual ID theft victims 
are assisted by legal aide representatives. In addition, the 
FTC provides consumer materials and online information for self 
help, including assistance with affidavits and letters.
    Mr. BRADY. Mr. Feldt.
    Mr. FELDT. Yes. We--as far as challenges, there's----
    Mr. BRADY. What are the chances in SSA's view that someone 
who commits this crime will be apprehended and prosecuted?
    Mr. FELDT. We work cases every year as an organization in 
which folks are apprehended.
    Mr. BRADY. And I'm not being--I'm just trying to get a 
perspective.
    Mr. FELDT. Yes, sir.
    Mr. BRADY. Would it be fairly rare.
    Mr. FELDT. I don't know what the percentage would be of 
allegations of SSN misuse that actually result in a conviction. 
But I would agree with you that it would be--it is rather rare. 
There's a lot of misuse of Social Security numbers going on 
that ultimately is not prosecuted.
    Mr. BRADY. What more can be done? Clearly Congressman and 
Chairman Johnson focus on prevention early on in protecting the 
integrity of these numbers, but, you know, what needs to be 
done? New laws? New resources? I don't know.
    Ms. Lanius, did they ever apprehend this Stacey Rogers?
    Ms. LANIUS. No.
    Mr. BRADY. Never. Did they--Mr. Bryson, any of the six or 
seven or eight, do you know of----
    Mr. BRYSON. No, sir.
    Mr. BRADY. What do we need to do.
    Mr. FELDT. Number one, doing anything we can do to prevent 
the disclosure of Social Security numbers and any enhancements 
that can be made, we would support. And additional resources 
can always help. To have more feet on the ground to investigate 
identity theft, would be a good thing.
    Actually, so many of the cases that are prosecuted, they 
will start at the local level in which they start with a local 
complaint to a police officer, and then you have jurisdictional 
issues in many times. And we get referrals from local police 
offices and at the local level that many times result into 
federal convictions.
    Mr. BRADY. Dr. Vieraitis, did the folks that you 
interviewed, did they--as they were committing the crime, did 
they think they were gonna get away with it?
    Dr. VIERAITIS. They were very confident in their abilities 
and they thought they would get away with it. And even though 
we spoke to people who were sitting in prison, so clearly they 
did not get away with it, they blamed their capture on outside 
things they deviated from the plan, dumb luck on the part of 
law enforcement, or they were working with others who got 
caught up in the trafficking.
    Mr. BRADY. The times I--and I appreciate that, FTC, Social 
Security ID, get frustrated. I wish we'd spend a little less 
time pursuing celebrity sports cases and a little more time as 
a government focusing on identity theft. I think we'd actually 
help a lot more people.
    Ms. KUECKELHAN. Congressman Brady, the Federal Trade 
Commission has civil authority. We have no criminal authority.
    Chairman JOHNSON. Well, that's true, so can you answer the 
question for me: How many of those cases were children below 
the age of, let's say, 18.
    Ms. KUECKELHAN. The data breach numbers?
    Chairman JOHNSON. Yeah.
    Ms. KUECKELHAN. I don't have those numbers. And also, it's 
important to note on the 192 percent that you stated, Chairman 
Johnson, although that is an accurate percentage of the 
increase in child identity theft complaints for which the 
person reporting completed the field that ask for the victim's 
name, many consumers do not disclose the victim's age. 
Therefore, that is not based on a scientific survey. It is 
instructive, but not scientific.
    On our complaint system there is a field that ask for the 
child's age at the time that they were victims. Many of those 
that report do not include an age.
    Chairman JOHNSON. They don't fill it out.
    Ms. KUECKELHAN. No, sir.
    Chairman JOHNSON. How about, Feldt, do you know what 
percentage are under the age of 18 when they're stolen.
    Mr. FELDT. I'm sorry, I do not know the number. We can sure 
get that back to you.
    Chairman JOHNSON. We give SSNs to them when they're born 
nowadays for goodness sake and I'm telling you, I don't know of 
a baby in the world that's gonna go and check his credit.
    Ms. KUECKELHAN. Chairman Johnson, of those that did report 
an age in 2010, over 24,000 were under the age of 19.
    Chairman JOHNSON. Okay. Well, that's a good statistic. 
Thank you very much. Mr. Marchant.
    Mr. MARCHANT. Thank you, Mr. Chairman, for the opportunity 
to participate in this hearing. I have a formal statement I'd 
like to submit to the record. I also would like to submit to 
the record a Wall Street Journal story that was written this 
week, August 27, about a family in Dallas who had had their 
children targeted by identity thieves. So it's a very timely 
article, and it's about a local family.
    What got me interested in this was a case that came into 
our congressional office about a family who had applied for 
this Social Security card for an infant, a new-born infant. And 
I know my son, when his children were born, he--one of the 
first things he did was he applied for a Social Security card. 
And this family that I represent applied for their Social 
Security card.
    And after a while, they had not received it so they began 
to look into why they had not received it, and then they were 
contacted by the police who were doing a very good job, and 
they notified them that, in fact, the Social Security card had 
been removed from their box out in front of their house. So 
they were harvesting the mail in this neighborhood.
    They got the Social Security card. They began to use it. 
And only through that mechanism did this family find out not 
only, you know, here's why you didn't get your card; but that's 
one bad news. The next part of the bad news is your child was 
already very deeply in debt and has a very bad credit rating, 
even though they haven't achieved their first birthday.
    So we began to work on some legislation. With the 
Chairman's permission, we will pursue the legislation when we 
get back to Washington. And the objective of our legislation 
will be, first of all, to come up with a more secured delivery 
system of that first Social Security number. I think that in 
itself would cut down a lot of the abuse and fraud of not 
putting that in the mailbox when we have the ability to get a 
secure number over the Internet. There are a lot of ways to 
secure this valuable number without having it put in your post 
office box.
    The second thing we would like to accomplish is when you 
have a card issued to an infant and if it's brought to the 
Social Security Administration's attention that that has 
already been stolen and compromised, there needs to be a 
standard process of issuing a new number to that infant or 
child. There also needs to be a standard system where that old 
number goes into the Social Security system and is flagged. And 
if there's any activity on that number, any income activity, a 
big red flag needs to just pop up. And you'll have an immediate 
printout of here of your fraud cases.
    I mean, that to me, that is just a mechanical process that 
can be done. Then I think you can come to Congress and say, 
okay, here's our list. Give us the boots on the ground to just 
go enforce this law. I don't see any mechanism on the books now 
to even to accomplish this process. So we're gonna try to help 
you with permission from the Chairman. We're gonna try to help 
you with that system.
    And then I think that we have to notify parents somehow or 
another when they apply for a card for a minor, they need to 
get some immediate information back from the Social Security 
Administration. When they get that number, they need to 
immediately be apprized of the problems that they're going--
that they can have and the importance of it.
    It's almost a gift to the criminal world the way that we 
operate this system. And if there was somebody in this audience 
today that was trying to learn how to easily get into this 
system, I think they have a pretty clear roadmap of how to do 
it. They have a pretty clear roadmap of the very rare odds of 
them being apprehended and how very lucrative this can be.
    We can do this. We've got super computers. We've got 
dedicated people in the field that are willing to enforce this. 
We've got parents. We've got agencies who are willing to solve 
this. I think it's incumbent on our Committee, Mr. Chairman, to 
give them the tools and the direction they need.
    Chairman JOHNSON. Thank you. I think we're looking at that 
for starters--why do we give babies at birth a Social Security 
number? I'm kind of in favor of stopping that. We've discussed 
that a little bit yesterday.
    Mr. FELDT. Yes, sir.
    Chairman JOHNSON. Thank you. Dr. Vieraitis, you've done 
some interesting work in reviewing ID theft criminals and from 
that research, what approaches did they use to commit the 
crimes?
    Dr. VIERAITIS. How much time do I have.
    Chairman JOHNSON. Not too much. Try to synthesize it.
    Dr. VIERAITIS. All the ways that you hear about, they use. 
They will steal from mailboxes. They will target dumpsters 
outside businesses such as insurance companies or schools that 
don't properly dispose of their data or files. They pay company 
employees, American Express or Visa or home mortgage companies.
    They work with other street offenders who are involved in 
drug sales who know drug addicts who are willing to sell their 
own information in exchange for money.
    Chairman JOHNSON. Well, when you say they pay employees of 
American Express or Visa or somebody, what do you mean?
    Dr. VIERAITIS. They just happen to know someone who's 
working there. In exchange for money, the employee will give 
them information of people in their data base.
    Chairman JOHNSON. So those credit companies have been 
cooperative.
    Dr. VIERAITIS. There have been employees of credit 
companies, yes, that have sold information.
    Chairman JOHNSON. Have you run into that.
    Dr. VIERAITIS. Yes.
    Chairman JOHNSON. Mr. Feldt.
    Dr. FELDT. Yes, sir.
    Chairman JOHNSON. Okay. Well, where do you think that we 
might go next to try to stop this other than stopping a number 
at birth.
    Dr. VIERAITIS. I think that the FTC has done a fabulous job 
educating consumers and potential victims on how to protect 
their data. I don't know if the majority of people get that 
information. There are probably people who simply don't know 
and aren't aware of it. So constantly increasing awareness of 
it and encourage people to report.
    People don't report to law enforcement; and if people don't 
report to law enforcement there's not as much we can do if we 
know about all of it. Most people--and I know this doesn't 
apply to you. Your cases were more severe. Most people resolve 
it within one day because most of it has to do with credit card 
fraud and the fraudulent use of credit cards.
    So the good news is that for most people it's fairly easily 
resolved, and it's gotten much better and faster to resolve 
because of policies of the FTC and also Congress passed major 
legislation, for example taking credit card numbers off of 
receipts and other things like that.
    Chairman JOHNSON. When you find out somebody in a credit 
card company is doing that kind of thing, do you report it to 
the authorities?
    Dr. VIERAITIS. The company should report it to the 
authorities.
    Chairman JOHNSON. But are they doing it?
    Dr. VIERAITIS. I don't know.
    Chairman JOHNSON. How do they find out? How does the 
company find out if someone's----
    Dr. VIERAITIS. Through law enforcement investigations.
    Chairman JOHNSON. So they can go a long time without 
finding out about it.
    Dr. VIERAITIS. Yes, they could.
    Chairman JOHNSON. Okay. Thank you very much. Ms. 
Kueckelhan, what legislation could we pass to stop ID theft in 
general, but children's ID theft in particular? And you know 
we're looking at trying to stop the hospitals from giving them 
at birth. Would that help you think?
    Ms. KUECKELHAN. Chairman Johnson, may I address the 
doctor's comments about the----
    Chairman JOHNSON. Sure.
    Ms. KUECKELHAN [continuing]. About the theft with the 
companies.
    Chairman JOHNSON. Please do.
    Ms. KUECKELHAN. The Federal Trade Commission has the red 
flags rule, and the red flags rule is--one of the requirements 
is that a company develop internal standards of data security, 
in other words, minimize access within. And there's a variety 
of steps that's recommended that businesses take. So the red 
flags rule if a company, if it applies to them--it doesn't 
apply to every type of company. Some are exempt. But that would 
help to set measures in place. Again, not 100 percent full 
proof, but it should help in that regard if companies did 
follow it.
    The Federal Trade Commission has previously recommended 
changes in the National Consumer Authentication Standards. Just 
as you stated, Congressman Johnson, SSN is used across the 
board as an identifier. Following suggestions from our forum, 
we'll continue to look at child ID theft issues that we should 
work with Congress on for changes.
    Chairman JOHNSON. Thank you.
    Mr. BRADY. Now, Ms. Kueckelhan, thank you for I understand 
FTC's very informed forum on the emergent problem of child 
identity theft, so I appreciate you bringing those experts 
together and those folks. You know, I want to ask you a 
question and I want to ask Dr. Vieraitis and Mr. Feldt follow-
up on Chairman Johnson's question about what changes in law 
does Congress need to make to either protect people from 
identity theft or create more tools to apprehend and prosecute.
    But from the FTC standpoint, do you publicly identify 
companies that are more prevalent in allowing their data to be 
breached or--where there are red flags that occur on a regular 
basis? Do we as a public, are we privy to the information about 
which companies do a poor job or are more likely to be--our 
identity is more likely to be breached with doing business with 
them from a transparency standpoint?
    Ms. KUECKELHAN. I don't know that it's a transparency 
issue, but unlike an entity like the BBB that has ratings and 
reports online that would be available to the public; when a 
consumer files a complaint with the Federal Trade Commission, 
that is confidential as to the public. The public doesn't have 
access.
    But we do open and welcome other law enforcement agencies 
to become--have the right credentials to access our database 
system so that we are the repository for many complaints and ID 
theft being one of those types and accessible to all so that 
even when the criminal authorities working on the individual 
identity theft side, they have access to our database.
    Mr. BRADY. If it's a government agency whose data is 
breached or government officials who are selling those or 
providing the information for thieves, who handles those types 
of cases?
    Ms. KUECKELHAN. I'm not sure I understand your question.
    Mr. BRADY. You pursue on the civil side when companies have 
data breaches that are potentially dangerous for identity 
theft. So who pursues those when it's government agencies that 
the data's breached or employees are providing that 
information.
    Ms. KUECKELHAN. Well, from the consumer's perspective, the 
misrepresentation takes place when a company represents that 
their security policies have certain qualities that they don't 
and that misrepresentation gives rise to our authority in the 
Federal Trade Commission Act.
    Mr. BRADY. Dr. Vieraitis and Mr. Feldt, what can Congress 
do to help better protect individuals, and what needs to be 
done to significantly increase the prosecutions?
    Mr. FELDT. I'd be happy to speak first. Any legislative 
provisions that would limit the collection, use or disclosure 
of Social Security numbers would greatly help our efforts.
    Mr. BRADY. But Chairman Johnson's legislation would be a 
good place to start.
    Mr. FELDT. Exactly it's a very good place to start; as well 
as enhanced penalties. As your studies have found, the risk 
just appears to be worth taking for these sophisticated 
criminals. Some of----
    Mr. BRADY. Do you know what these punishments range?
    Mr. FELDT. Well, for a first time offense, it potentially 
could be a six month probation or up to a year in prison. But 
we're not talking about four, five, six years in prison for 
many white collar crimes.
    Ms. KUECKELHAN. Congressman Brady, on the civil side when 
we have pursued those statutory wrong on the civil law 
enforcement against companies that misrepresented their set--
security policies, we have ratcheted up the so-called merchant 
provisions and some of those are up to 20 years.
    Mr. BRADY. On the prosecution criminal side, where there is 
low risk of apprehension and prosecution and you're saying that 
the penalties aren't very stiff for----
    Mr. FELDT. For first offenders. As you spoke about, many 
are first time offenders and without, you know, a major 
criminal history on the federal side, typically, the penalties 
are not great for----
    Mr. BRADY. Doctor, what kind of sentences were there for 
those you interviewed, and what were their sentences?
    Dr. VIERAITIS. Those we interviewed ranged from a minimum 
of 12 months to 30 years.
    Mr. BRADY. Were they first time offenders generally?
    Dr. VIERAITIS. Some of them were first time offenders and 
they did receive a significant penalty. They all thought that 
they would get much less and most perceived the penalty would 
be probation, and they were hit much harder than they thought. 
So there's a perception----
    Mr. BRADY. Because these were federal prosecutions?
    Ms. VIERAITIS. Likely because they were federal 
prosecutions. Local prosecutors sometimes kick them up to the 
feds because they have more resources or it's a federal crime. 
It's crossed states lines. There are a lot of issues with 
jurisdictions. It makes it very difficult for law enforcement 
to take the report and also do something about it.
    But any legislation that will reduce the use of Social 
Security numbers on Medicare cards, Medicaid cards, foster 
children would certainly help; but I would like to say that in 
terms from the offender's perspective, the riskiest part for 
them of that whole crime is walking into a bank or walking into 
a store and cashing in on it.
    So getting the number is easy; but the riskiest part for 
them, the one that causes the most stress and the part where 
policy would be good to target, is making it impossible for 
them to cash in on it. And the credit card companies and the 
businesses have but need to do more to protect consumers from 
that.
    Mr. BRADY. Any chance of that risk go down even more if 
they steal a child's Social Security number?
    Dr. VIERAITIS. I think the eVerification system and any 
system that can alert the credit card company, the bank, 
anywhere you're trying to use it that says this number belongs 
to a person under the age of 18, and the person applying for it 
claims that they're 40. It doesn't match up. Some sort of 
system.
    And I believe this was brought up at the FTC conference 
this summer. Some sort of verification to link that number to a 
child so that the offender can't use it to apply for a home 
loan because no 12-year-old is applying for a mortgage.
    Mr. BRADY. Well, not as many anymore prior to 2008. But we 
fixed that so. Chairman, I went over time.
    Chairman JOHNSON. That's all right. Thank you, Mr. Brady.
    Mr. MARCHANT. During the last year, we at our congressional 
office has become very proactive in going into senior centers 
and going into libraries and having identity theft seminars. We 
thought that maybe 20 people would show up. Sometimes 20, 30 
people show up in that kind of seminar. We are having 
incredible turn-outs. And we appreciate the help that we have 
received from several of the agencies in doing this. We're 
having hundred, 120 people show up at these identity theft 
seminars. So it's a big issue.
    And the people that are most afraid of it now seem to be 
the seniors. And I'm beginning to detect that maybe we should 
have a seminar or public meeting with young families and young 
couples and begin to tell them before they have a teenager, 
what's happening to you folks has happened.
    So the other thing that I would request from all the 
agencies is a liaison, a specific liaison person that the 535 
members of Congress have so that we have this kind of a case 
coming into our office that we will be able to say, okay, we 
can call this person at these agencies and get a direct liaison 
and get a very practical step-by-step thing that we can do to 
help that constituent because by the time we get to talk to 
constituents, many times they are very frustrated. A lot of the 
damage has already been done. And we feel very frustrated when 
they come to us and everything's happened and the police have 
said there's nothing we can do. The District Attorney in many 
instances has said there's nothing we can do. And by the time 
they get to us, they're pretty frustrated. So if we can have a 
direct person that we could contact, it would be very helpful.
    And then again I'd like to thank the agencies that have 
come out and help us with our identity theft seminars. They are 
very popular and for the first time we feel like we're trying 
to make people aware.
    I would like to ask Mr. Puente, when you go out and you 
have a case in your hands, is there a typical offender that you 
will find when you get out the case in your hand?
    Mr. PUENTE. Yes, sir. And just so you'll know, my area of 
responsibility runs all the way down the Rio Grand Valley, so 
from Brownsville all the way up to Laredo and Corpus, the San 
Antonio area. So typically I'm looking for individuals who are 
undocumented aliens; and when I have an identity theft case in 
hand, that's the first place I start.
    In most cases, and I've been doing this almost 10 years, 
the trends that I've seen in Texas that have shifted towards 
U.S. citizens selling their documents to the document vendors, 
the parent selling their children's documents. And these 
undocumented aliens are buying these documents in Mexico 
because it's cheap.
    Another thing that I have found is some document vendors 
are just making the nine-digit number up. Everybody knows that 
the Social Security number is nine digits. It doesn't matter 
what it starts with or it ends with; but everybody knows that 
you have to have that nine-digit number to get a job, to get an 
ID, to get a credit card. Everybody knows that.
    And in the case that I worked in Austin, all the defendants 
that we debriefed, they said the same thing: I didn't care what 
it looked like as long as it had nine digits and I could get a 
job. And they were paying $50 to $100 in a flea market in 
Austin. So that's what I'm looking for.
    Mr. MARCHANT. Okay, thank you.
    Chairman JOHNSON. So what you're telling me is this number 
that the IRS gives out, which is nine digits, for people who 
don't have a Social Security number or ID, it wouldn't matter 
to the vendors down there.
    Mr. PUENTE. No, sir. In fact, in this particular case, we 
had two of the defendants that actually had a tax ID number 
that they were using.
    Chairman JOHNSON. As a Social Security number.
    Mr. PUENTE. Yes, sir. They had counterfeited a Social 
Security card with that tax ID number on that Social Security 
card.
    Chairman JOHNSON. Well, how is that getting through the 
system?
    Mr. PUENTE. The facility that they were working at did not 
verify any of the Social Security numbers, any of them. So 
these employees were just able to fill out applications.
    Chairman JOHNSON. So using E-verify might work to stop 
that?
    Mr. PUENTE. It does work. It absolutely works, yes, sir.
    Chairman JOHNSON. Mr. Brady has one more question.
    Mr. BRADY. Well, one, I wanted to thank you Chairman for 
holding this hearing. This is obviously a problem growing by 
the minute and it's critical that we're aware of it. Secondly, 
these panelists have really given us great insight and I want 
to thank you for that. For the parents in the crowd today and 
parents learning about this problem, can I ask, what is the one 
or two most important things we can do to protect our families 
and our children from identity theft?
    VOICE. Don't give out your number.
    Chairman JOHNSON. Don't everybody speak at once.
    VOICE. When you're asked to give your Social Security 
number, refuse to give it.
    Mr. BRADY. Can I ask our panelist from your studies and 
prosecutions and interviews, what can we do as parents?
    Dr. VIERAITIS. I would agree with what he just said. I 
don't memorize my daughter's security numbers. I don't carry 
their cards with me, and I never give the numbers out, ever. 
There are always blanks on forms for it and I just refuse to 
give it out. And also check. I know if you call a credit card 
company and run the number, it might not pop up. It will pop up 
`file not found', but that doesn't mean it's not being used.
    I would imagine the Social Security Administration would 
be--Mr. Feldt--would be the place that you would need to check. 
If you're concerned about it, check.
    Chairman JOHNSON. Thank you, Mr. Brady.
    Mr. BRADY. Thank you, Chairman.
    Chairman JOHNSON. Again, I want to thank y'all for being 
here, especially Ms. Lanius and Mr. Bryson for sharing your 
personal experiences. Thank you so much. I also appreciate 
hearing the views of those of you on the front lines fighting 
identity theft, Ms. Kueckelhan and Feldt and Puente. And Dr. 
Vieraitis your testimony is the first time the Subcommittee has 
had an opportunity to examine the crime of identity theft from 
the thieves themselves. Thank you for your important research. 
And all of your testimony will help us do what's right to stop 
the misuse of Social Security numbers and prevent identity 
theft.
    We're gonna work the problem, and I can tell you that all 
three of us are interested in resolving it and making this 
great America a better place for all of us to live. Thank y'all 
for being here. The committee is adjourned.
    [Whereupon, the subcommittee was adjourned.]

    Member Submissions For The Record: