ID Theft Comment: Maureen V. Mitchell

Date: Thu, Sep 21, 2000 10:44 PM

Subject: Fw: This is the Statement of Maureen Mitchell before the Senate Judiciary Committee

This is the Statement of Maureen Mitchell before the Senate Judiciary Committee

RE: IDENTITY THEFT - please post on Public Comments.

Subject: This is the Statement of Maureen Mitchell before the Senate Judiciary Committee

Statement of Maureen Mitchell

SENATE SUBCOMMITTEE HEARING
TECHNOLOGY TERRORISM

MARCH 7, 2000

Mr. Chairman, Members of the Committee, my name is Maureen Mitchell and it is a privilege to have been invited to submit this testimony today.

I am 44 years old, my husband and I have been married for 23 years, we have a daughter in college and a son in high school. I am a Registered Nurse, and I have been a licensed Realtor for 20 years.

My husband and I have always been financially prudent and fiscally responsible people. We have never overextended ourselves, and we have always paid our bills in a timely manner. We also have exercised the normal consumer precautions to ensure our privileged information remains private. We have never lost our wallets, never been burglarized, we obtain the receipts when we make credit card purchases, we don't bank on the Internet, we don't order merchandise via the Internet, we don't order through home shopping networks, we rarely order from catalogs, and we always tear up the pre-approved solicitations that arrive in the mail prior to disposing of them to prevent someone from "dumpster diving" and obtaining our information. We have never given our personal account numbers or social security numbers over the phone. We even checked our credit reports in March of 1999 to ensure their accuracy. In spite of all the precautions we have taken, we are now victims of identity theft.

It started on a Sunday afternoon, September 12, 1999, when we received a phone call from our KeyBank Mastercard Service Center questioning an unusual pattern of activity on our credit card. After much discussion with the Service Center representative, it was verified that neither my husband nor I had authorized or made the charges to the account. I was told our credit card would be canceled, it would be reported lost or stolen, and new cards would be issued. I objected to the cards being reported lost or stolen because they were not: my husband had his card in his wallet and I had mine in my wallet. Nonetheless, I was told the cards had to be reported lost or stolen to close the account (I subsequently learned that we could have insisted that the account be closed at the request of the consumer due to fraudulent use).

I was also told by the Service Center Representative to contact KeyBank Special Services when they opened for business on Monday morning. I called KeyBank Special Services at 8:15 A.M. Monday morning and was told that four attempts were made to place charges on our account, three were approved and the fourth was declined because the bank became suspicious due to the unusual level of activity on our credit card. KeyBank was able to determine the charges were made via a phone order, not by someone actually having our credit card. The amount obtained fraudulently was $2164.55. I then went to our local KeyBank branch office (where we've banked for twenty years) to inform them about the phone call from the Service Center, to verify the account was closed and to inquire if there was anything else I needed to do. I was told that there was nothing else I needed to do: the merchant slips would take a week to come into the bank, and the bank would look into it. I asked if I should make out a police report and was told that it was an option but not really necessary. The bank would issue us new credit cards with a different account number, the fraudulent charges would never appear on our billing statement, and our new cards would arrive in two weeks. I did, however, file a police report with our local police department to report the fraudulent use of our KeyBank Mastercard number. If KeyBank would have advised us, at this point, to place Fraud Alerts on our credit reports, the following events would not have occurred.

On November 15, 1999 we received a phone call from J.C. Penney’s credit department advising us that an account had been opened in Illinois using my husband's name and social security number. A line of credit had been extended in my husband's name, the persons making the application said they were our niece and nephew and were authorized users. When J.C. Penneys sent the bill to the address given on the application, it was returned by the post office because "no such house number existed." The returned billing statement was what prompted J.C. Penney's to call us. We were advised by J.C. Penney's to immediately contact the three major credit reporting bureaus to place fraud alerts on our credit reports, and Penney's kindly gave me the phone numbers to contact. Upon contacting Trans Union, Experian and Equifax, we discovered that we had been plunged into Identity Theft Hell!

In speaking to Trans Union, I discovered there had been 25 inquiries into our credit report in the previous 60 days (from September 16 through November 15). None of those inquiries were initiated by us legitimately seeking credit. I told the representative at Trans Union that there had not been that many inquiries in the previous twenty years, and questioned whether that many inquiries in such a short time sent up "red flags" to Trans Union. The reply I received was that it was not their job to monitor the number of inquiries, and it was suggested that I call all the merchants who made the inquiries to alert them. Trans Union did provide me with the names and phone numbers of the merchants to contact. The list was extensive and included numerous car dealerships, banks, credit card companies, furniture stores, department stores, and communication service providers. Trans Union did place Fraud Alerts on our credit reports at this time.

I also called Experian and Equifax to place Fraud Alerts on our credit reports, and learned that they too showed numerous inquiries into our credit during the same 60 day period. I requested that each credit reporting agency send me a copy of our credit reports, and I spent the next three days frantically making phone calls to the merchants who had made inquiries.

I now entered automated answering system hell! As I called each merchant using the numbers provided by the credit reporting bureaus, I would be connected to an automated answering system, "Press one for English, press two for Spanish, press three to increase your credit limit, press four to check your account balance, press five to see when the last payment was posted to your account, press 6......." I rarely encountered an option to speak to a human being. I never was given the option of pressing a number to report fraud, but I universally encountered the request to enter an account number (keep in mind I didn't have an account number because we were not the ones who opened the account); nonetheless I persisted through automation hell, never giving up hope that a "live person" would eventually come on the line. As the automated system requested I enter an account number, I waited; as the request was repeated, I waited; when I was unable to enter an account number instead of being transferred to a human being, I was disconnected! I then called back, went through additional automated answering system hell, and when I heard enter your account number I randomly entered 01010101010101... hoping that I would eventually enter the required number of digits to speak to a human being. Instead a recording came on saying "the numbers entered do not match an account of record, please re-enter your account number." I re-entered the numbers only to find that I was disconnected again because "the account numbers do not match our accounts of record." I endured this frustration while trying to reach numerous merchants to alert them that a fraudulent application had been made using our name. This frustration of automation needs to be remedied. I strongly suggest that merchants be required to provide an option on their automated system to press a number to report fraud, and that the victim can speak to a human being!

- I also contacted our local police department who sent an officer over to take our statement and file a police report. The officer instructed me to fill out the police report as accurately and as thoroughly possible. I also contacted the Federal Trade Commission's Identity Theft Hotline and spoke to Kathleen Lund (877- 438- 4338). Kathleen confirmed that we were indeed victims of identity theft based on the facts that I gave her. She informed me of Title18 (Identity Theft and Deterrence Act), and told me that Identity Theft was a Federal Offense. Kathleen told me to continue to write the police report I was working on and to continue to try to call the merchants who made inquiries. She assigned a reference number to our case and gave me the phone number for the Federal Information Center (800 688 9889) to contact to see if they had merchant numbers other than the ones I had to try to circumvent the automated answering system hell I was encountering. It truly was a relief to speak to a live human being who was able to provide some guidance and encouragement during this very stressful time. Kathleen advised me to call the Social Security Administration, the Internal Revenue Service, the Department of Motor Vehicles in our home state and in Illinois, and the State's Attorney General's Office in our home state and in Illinois, to report that someone was using our credit and my husband's social security number fraudulently. Kathleen also asked me to keep her informed of any further fraudulent activity. I called the Federal Information Center and obtained the phone numbers I needed and then I made the necessary phone calls. I then continued on my mission of calling the merchants to alert them that the applications were made fraudulently.

While I was again enduring the frustration of automation, I received three very alarming phone calls. The date was now November 18 (three days after we placed the fraud alerts on our credit reports), and the first call was from Citibank in Illinois alerting us that an application for a twenty-five thousand dollar ($25,000.00) loan had just been made using my husband's name and social security number. The application had been made in person by an individual posing as my husband. The loan officer informed me that all of the pertinent information had been verified, legitimate looking identification had been presented and everything seemed fine until the Fraud Alerts on our credit report were activated. I explained to the fraud department at Citibank that we had placed the fraud alerts three days prior, when we became aware we were victims of Identity Theft. Citibank's Fraud Department said they were going to contact their Security Department, check to see if the suspect was on their security camera and get back to me.

While waiting to hear back from Citibank, I received another phone call. It was a fraud investigator from Bank One (Thomas Retkowski) informing me that an application for a fifteen thousand dollar loan ($15,000.00) had just been made in Illinois. I informed Thomas of the prior call from Citibank, and we discussed setting something up so the fraudulent applicants would return to the bank to pick up the money. Thomas faxed us an affidavit to sign and have witnessed. While we were in the process of faxing the affidavit back, another call came in. Marquette Bank in Illinois had just accepted an application from someone using my husband's name and social security number. This was for a five thousand ($5,000.00) personal loan. I told this fraud investigator about the other two applications and the affidavit we were faxing to Bank One. These three fraudulent applications were made within a two hour period (3:00 - 5:00 P.M. EST) and they totaled forty-five thousand dollars ($45,000.00).

After we faxed the affidavit back to Thomas Retkowski at Bank One, I continued to work on the police report. At 8:00 P.M. we received a phone call from an Illinois detective informing us that a suspect had been arrested as he left Bank One. The suspect had five thousand dollars ($5,000.00) cash and two-five thousand dollar bank checks ($10,000.00) made payable to my husband's name. The money was recovered when the suspect was arrested. The suspect was also found to have an Illinois driver's license and an Illinois State Identification Card with his own picture on it, but my husband's name and social security number.

I called the Federal Trade Commission the following day and told Kathleen Lund that a suspect had been apprehended in Illinois. I gave her the detectives' names and the case number for her records. I continued to type our police report, and I continued to try to notify the merchants listed on the credit reports. In our mail on November 19,1999, was a letter from PrimeCo, a cellular communication company, notifying us that a cell phone account had been established in Illinois using my husband's name and social security number. I called PrimeCo, at the number they provided in the letter, to let them know that we had not established the account. PrimeCo's fraud department immediately canceled the service to the cell phone, offered to provide the detectives with a copy of the application made to open the account, and said the detectives could obtain ALL of the outgoing numbers that were called from the fraudulent cell phone. The detectives needed to submit this request in writing on police letterhead stationary. I called the detectives to give them this information, and I was told they ran the fingerprints of the suspect who had been arrested the previous day. This suspect had 17 aliases and multiple priors. A preliminary hearing was set for November 20, 1999, and the detective said he would let me know what happened at the hearing.

I continued to make phone calls to try to resolve this nightmare when I learned that the suspect was released on a signature bond at the preliminary hearing. Words can't even begin to describe the horror I felt knowing that a suspect with seventeen aliases, multiple priors and an extensive criminal background was released on a signature bond in his own recognizance. The hearing was in Cook County, Illinois and the Judge was Thomas Panicki. I was also told that when this suspect was arrested he had stated to the detectives: "I didn't use a gun, I didn't use a knife, call my lawyer I will plead guilty and they will put me on probation". It was appalling for me to realize the criminals commit these crimes with a premeditated methodology that accomplishes their criminal intent with the least possible risk for the criminal, if apprehended, serving jail time. The criminals are still committing bank robbery, fraud, identity theft, forgery and a litany of other criminal acts, but because a traditional weapon was not used they face probation instead of incarceration. These criminals are using weapons nonetheless, their weapon is technology. It was technology that provided these criminals with our personal information, it was technology that produced the fraudulent documents used to obtain the Illinois drivers license and State Identification Card. It was technology used with criminal intent that thrust us into the nightmare of identity theft. It was technology that provided these criminals with my husbands previous employment information and employers address which were then used on fraudulent applications. This same technology, properly implemented and with appropriate safeguards, can be utilized to circumvent the criminals' fraudulent intentions.

It was the consumer profile of our spending habits established by the prior pattern of activity on our KeyBank Mastercard that prompted KeyBank to call us about the "unusual level of activity on our credit card." This same consumer profile technology can also be used by the credit reporting agencies to recognize an "unusual pattern of activity". Our credit reports, as a result of fraudulent activity, contained 30 inquiries in 60 days, yet our consumer profile showed fewer than 30 inquiries in 20 years. Our consumer profile showed we had resided at the same address for 20 years, yet the addresses listed on our credit reports, as a result of fraudulent applications, changed six times in 2 months. It is imperative that a system of "checks and balances" be implemented and adhered with by the credit reporting agencies.

As our Identity Theft saga continued we requested and received, from some cooperative merchants, copies of the applications that were made fraudulently. These applications contained numerous blatant errors that should have alerted the merchants and the banks that something was amiss. One example is an application that was made to purchase a Ford Expedition. This vehicle was purchased using my husband's name along with the name of a co-buyer. These two men presented themselves to the car dealership as residing together, yet on the application one man filled out the address as N.Grand and the other put W. Grand. On this same application the employer's phone number is listed with an area code of 300, this area code is not a valid area code in the continental United States. Our last name was misspelled on the application and on the fax from the lender approving the loan. On this same application the 60 month 60,000 mile extended warranty was purchased showing a cost of $695.00 on the application. When this figure was carried over to the debit column to determine the amount of credit to be extended it was entered as $1695.00. In spite of these GLARING discrepancies this loan was approved and these two men purchased a Ford Expedition using our credit. If this was transaction was processed using due diligence and an iota of common sense these blatant discrepancies would have been caught. The possibility does exist that these criminals made the purchase through a car salesman, car dealership and lender that were co-conspirators, but I think that is a remote possibility. I do firmly believe that sloppy business practices substantially contribute to the criminal's ability to successfully defraud merchants and lenders. It was due diligence that was exercised by a salesperson in an Illinois furniture store that prevented the extension of credit to purchase furniture. The salesperson realized that "something wasn't right" after scrutinizing the credit application. Credit was not extended by the furniture store and the criminal was thwarted in this fraudulent attempt. I think this is a good example of how good business practices will diminish fraud.

We also were able to determine from pictures we received from the car merchants that the criminals who purchased the vehicles were not the same persons as the suspect who was apprehended leaving BankOne. We have been victimized by an Identity Theft ring which operates in an organized and insidious manner. The detectives told us that the criminals know when the fraud alerts on our credit reports will expire and if we fail to reactivate the fraud alerts our information will be re-circulated through the ring again. We will have to keep fraud alerts on our credit reports for the rest of our lives. So, in the future, when my husband and I apply for any credit we will have to explain this nightmare to the lender, hope they believe us and don't perceive us as the criminals.

Our efforts to restore our good names and good credit have been extensive. I have made hundreds of phone calls, I've met with our Congressman (Steve LaTourette), I've sent dozens of notarized, certified, return receipt requested letters to the merchants informing them that the applications they received were fraudulent. We have submitted numerous affidavits, notarized statements, and notarized handwriting samples. We have filled out over twenty different sets of forms and statements in order to comply with the merchants requests for further information. It's like filling out your income tax return twenty different times, using twenty different forms, and following twenty different sets of instructions. I strongly suggest that a standardized, uniform protocol be established so a victim of Identity Theft can fill out one set of papers which should include a notarized affidavit, a notarized handwriting sample, and a notarized statement that will be universally accepted by the merchants and lenders.

A sad irony exists with Identity Theft : The criminal is assumed innocent until proven guilty, but the Identity Theft victim is assumed guilty until proven innocent. The criminal can have a public defender appointed to protect his legal rights, yet if we need to hire an attorney to assist in clearing our names we will be paying substantial legal fees out of pocket.

We have exhausted all known resources in an effort to clear our names and restore our credit. I've met with numerous police officers, I've met with FBI Agents, I've met with a Victim's Assistance Program in our home state, and I've contacted a Victim Advocacy Program in Illinois. I've spoken to prosecuting attorneys, and sent packages of information to State's Attorneys. I was told by an assistant state prosecutor in Illinois: "No one in the state of Illinois serves jail time for non-violent financial crimes." This prosecutor was not even aware that Illinois has an Identity Theft Statute in the Revised Code. I've begged, pleaded and cajoled to try and obtain a Federal Investigator and a United States' Attorney to take our case. Identity Theft cases encompass numerous geographic areas and requires a Federal investigator and Federal prosecution. The detectives in the community where the suspect was apprehended are limited to investigating crimes within their geographic boundary, yet the same criminal is committing the same crime a few towns away. It was suggested that I submit police reports in each community where a merchant was defrauded, not an easy task from 350 miles away.

In spite of the efforts of my husband and myself to acquire Federal intervention into our case, it was the actions of Senator Jon Kyl and James McDermond of his staff, that resulted in the United States Secret Service and Postal Inspection Service initiating a Federal investigation.

I have logged over 400 hours of time trying to clear our names and restore our good credit. Words are unable to adequately express the gamut of emotions that we have experienced as victims. The impact of being a victim of Identity Theft is all encompassing. It affects you physically, emotionally, psychologically, spiritually and financially. This has truly been a life altering experience.

In spite of the extensive time and effort we have logged in trying to resolve this, we now have adverse ratings on our credit reports. We are also receiving phone calls from collection specialists wanting to know why we are overdue on the payments for our Lincoln Navigator and our Ford Expedition. I try to nicely explain to these collection specialists that we are victims of Identity Theft and we did not purchase these vehicles. I then provide them with the name and phone number of the detective, the case number and the reference number assigned by the Federal Trade Commission. I strongly suggest they not call me back unless they provide whatever information they may have to assist in the investigation. I always end my conversation with the collection specialist by saying: "It's amazing to me that you can find the real Mr. & Mrs. Mitchell when you want to collect your money, too bad you didn't find the real Mr. & Mrs. Mitchell before you loaned out the money."

Identity Theft has become a national epidemic. Banks and merchants are being defrauded out of billions of dollars each year by Identity Theft criminals. We all pay the price through the higher cost of consumer goods, and higher interest rates on loans and credit cards. This epidemic must be stopped. The compromising of real identities is now the weakest link in the chain of financial transactions. The credit that has been extended using our identities fraudulently exceeds $111,000.00. Unfortunately for us, this saga is far from over. Once you become a victim of Identity Theft your life is forever changed. We still feel like we are "waiting for the other shoe to drop." We do not know how many more accounts may still be outstanding, we do not know if a collection specialist is calling when our phone rings, we do not know if our good names and financial reputations will ever be truly restored. We need to be pro-active in the fight against Identity Theft and fraud and we need to impose mandatory jail sentences on criminals convicted of Identity Theft crimes.

" He that filches from me my good name robs me of that which not enriches him and makes me poor indeed." (Shakespeare - Othello)

I've attached a list of personal recommendations for your review. I thank you for your time and consideration and I truly hope you never walk in the shoes of an Identity Theft Victim.

Sincerely,

Maureen V. Mitchell

The following are my 15 recommendations:

1.. Victims of Identity Theft need to know to call the FTC @ (877 438 4338). The general public needs to know the Federal Trade Commission is the National Clearinghouse for Identity Theft.

2.. The general public, police departments, law enforcement agencies, state prosecutors and judges need to know that a Federal Identity Theft and Deterrence Law is in effect making Identity Theft a Federal offense. (Title 18 US - Section 1028).

3.. Since Identity Theft is a Federal Offense, investigations need to be handled by Federal Investigators, and prosecutions handled by U.S. attorneys. A good law needs adequate resources for investigation and prosecution.

4.. Criminals convicted under the Identity Theft Laws should be prosecuted to the fullest extent of the Federal penalties and serve mandatory jail time when convicted.

5.. Social Security numbers should not be used as identification numbers. The social security number should not appear on drivers licenses, on medical insurance cards, on student identification cards, or on any other documents other than income tax returns and wage earnings statements. Identification numbers other than the social security numbers can be assigned.

6.. Credit Reporting Agencies must verify the accuracy of the information received prior to posting information on credit reports. The credit reporting agencies can use available technology to "red- flag" information that does not fit the profile of the consumers' previous spending habits. Change of addresses need to be verified by the Credit Reporting Agencies prior to changing the address on the consumers' credit report. The information disseminated by the credit reporting agencies to the various lenders and merchants making credit inquiries is perceived by these banks and merchants as accurate because "it came from the credit bureau". It seems incongruous to have banks and merchants rely on the information appearing on credit reports when this information has been entered without any verification of accuracy.

7.. Banks, lenders, merchants, car dealerships etc. need to use due diligence in scrutinizing the information received on loan applications for inaccuracies and blatant errors. Applications for credit have been approved with only the social security number matching, spelling of name was incorrect, address was changed, birth date was wrong, yet the loan was approved. Due diligence needs to be exercised at ALL steps of the loan process to reduce the occurrence of fraud.

8.. The Department of Motor Vehicles in each state should use available technology to cross-reference the information in their data bases to ensure that a license cannot be issued in another state fraudulently with the same name and social security number as a valid license in another state. Regulations prohibiting the Department of Motor Vehicles from selling information should be enacted and enforced. The same applies for state issued ID cards.

9.. The utilization of Bio-Metric technology, which is currently available, allowing a fingerprint, palm print or voice recognition system to be used as confirmation of identification will substantially reduce the current epidemic of credit fraud and identity theft.

10.. Establish a standardized, universally accepted national protocol for victims of Identity Theft to follow. The bona fide victim should have to fill out one set of documents containing a notarized affidavit, a police report, a notarized handwriting sample and whatever other documentation may be necessary for the victim to be able to submit copies to each merchant.

11.. Require banks to notify consumers to place fraud alerts on their credit reports if any of the consumers account or credit card information is compromised and used fraudulently.

12.. Educate the local law enforcement authorities regarding Identity Theft. Provide the law enforcement officers who are taking police reports from victims on credit card fraud or Identity Theft with the materials needed to provide the victims with the information to contact the Federal Trade Commission, and the credit reporting agencies to place fraud alerts.

13.. Impose financial penalties on merchants who, through their own carelessness and lack of good business practices, abet the criminals committing financial fraud.

14.. Require the credit reporting agencies place the fraud alerts in bold typeface in a prominent position on the first page of a consumers credit report to reduce the chance of the alert being overlooked.

15.. Eliminate advance checks and pre-approval solicitations being sent through the mail. The banks can mail a notice for the stomer to obtain cash advance checks by coming into the bank to pick them up.