Prepared Statement of
Identity Theft: the Impact on Seniors
July 18, 2002
Mr. Chairman, and members of the Committee, I am Howard Beales, Director of the Bureau of Consumer Protection, Federal Trade Commission ("FTC" or "Commission").(1) I appreciate the opportunity to present the Commission's views on the impact of identity theft on the nation's seniors and describe to you the Commission's efforts to help victims, alert industry and equip law enforcement to deal with this harrowing crime.
The Federal Trade Commission has a broad mandate to protect consumers. In fact, the last time I testified on behalf of the Commission before this Committee, I addressed the issue of health fraud and the elderly.(2) Like the issue of health fraud, controlling identity theft is an important issue of concern to all consumers. Our activities in the area of identity theft differ in certain respects from our traditional enforcement role under Section 5 of the Federal Trade Commission Act, 15 U.S.C. § 45(a), which prohibits unfair and deceptive acts and practices. Our primary role in combating identity theft derives from the 1998 Identity Theft Assumption and Deterrence Act ("the Identity Theft Act" or "the Act").(3) The Act directed the Federal Trade Commission to establish the federal government's central repository for identity theft complaints and to provide victim assistance and consumer education.
In responding to the Identity Theft Act's directives, we have learned much about the crime, its victims, and its perpetrators. As discussed below, most victims who contact us report their age, and we have analyzed our data to assess how identity theft impacts senior Americans. Our analysis indicates that although consumers over 60 represent 16% of the population, they represent only 10% of our ID theft complainants. Overall, their experiences appear quite similar to the experiences of other consumers. Nonetheless, persons over 60 who provide their complaints to us report the most common form of identity theft -- credit card fraud -- at a slightly higher level than the population under 60 years of age. As in all aspects of our consumer protection mission, however, such as health care and telemarketing fraud, we remain keenly vigilant in protecting senior Americans through consumer education and support of law enforcement.
II. THE FEDERAL TRADE COMMISSION'S ROLE IN COMBATING IDENTITY THEFT
A. The Identity Theft and Assumption Deterrence Act of 1998
The Identity Theft Act addressed identity theft in two significant ways. First, the Act strengthened the criminal laws governing identity theft.(4) Second, the Act specifically focused on consumers as victims.(5) On this second feature, the Act provided for a centralized complaint and consumer education service for victims of identity theft. The Act specifically directed that the Commission establish procedures to: (1) log the receipt of complaints by victims of identity theft; (2) provide identity theft victims with informational materials; and (3) refer complaints to appropriate entities, including the major national consumer reporting agencies and law enforcement agencies.(6)
B. The FTC's Response to Identity Theft
In enacting the Identity Theft Act, Congress recognized that coordinated efforts are essential to best serve the needs of identity theft victims because these fraud victims often need assistance both from government agencies at the national and state or local level and from private businesses. Accordingly, the FTC's role under the Act is primarily one of facilitating information sharing among public and private entities.(7)
In order to fulfill the purposes of the Act, the Commission has implemented a plan that centers on three principal components: (1) a toll-free telephone hotline, (2) the Identity Theft Data Clearinghouse, and (3) consumer education.
(1) Toll-free telephone hotline. The Commission has established a toll-free telephone number, 1-877-ID THEFT (438-4338), that consumers can call to report identity theft. The identity theft hotline has been in operation since November 1, 1999. In 2001, we added more than 117,000 consumer reports to the Clearinghouse, up from slightly more than 44,000 in 2000. We do not attribute this dramatic growth in calls to a commensurate growth in the prevalence of identity theft. Rather, we see this increase as in part an indication of our successful outreach in informing the public of our program and the availability of assistance. Callers to the hotline receive telephone counseling from specially trained personnel to help them resolve credit-related problems that may have resulted from the misuse of their identities. In addition, the hotline counselors enter information from consumers' complaints into the Identity Theft Data Clearinghouse (the "Clearinghouse"), a centralized database used to aid law enforcement.
The counselors provide tailored information about preventing additional harm to consumers' finances and credit histories, including how to contact each of the three national consumer reporting agencies to obtain copies of their credit reports and request that a fraud alert be placed on their credit reports.(8) The counselors also advise consumers to review carefully the information on the reports to detect any additional evidence of identity theft. Consumers are informed of their rights under the Fair Credit Reporting Act and are given the procedures for correcting misinformation on their credit reports.(9) Consumers are also advised to contact each of the creditors or service providers where the identity thief has established or accessed an account to request that the account be closed. The counselors also inform consumers of their rights under the Fair Credit Billing Act(10) and the Truth in Lending Act,(11) which, among other things, limit their liability for unauthorized charges in most instances. Consumers who have been contacted by a debt collector concerning debts incurred by the identity thief are advised of their rights under the Fair Debt Collection Practices Act, which prescribes debt collectors' practices.(12)
The telephone counselors also advise consumers to notify their local police departments, both because local law enforcement may be in the best position to catch and prosecute identity thieves, and because a police report often helps consumers demonstrate to would-be creditors and debt collectors that they are genuine victims of identity theft. Almost all of the states have enacted their own identity theft laws, and counselors, in appropriate circumstances, will refer consumers to other state and local authorities.
Lastly, where investigation and resolution of the identity theft falls under the jurisdiction of another regulatory agency that has a program in place to assist consumers, callers are referred to those agencies. For example, consumers who complain that someone has been using their Social Security number for employment are advised to report this to the Social Security Administration's fraud hotline and to request a copy of their Social Security Statement to verify the accuracy of the earnings reported to their Social Security number.
(2) Identity Theft Data Clearinghouse: The Identity Theft Act directed the FTC to log the complaints from victims of identity theft and refer those complaints to appropriate entities such as appropriate law enforcement agencies. Before launching our complaint system, the Commission took a number of steps to ensure that it would meet the needs of criminal law enforcement. For example, in April 1999, representatives from ten federal law enforcement agencies, five banking regulatory agencies, the U.S. Sentencing Commission, the National Association of Attorneys General and the New York State Attorney General's Office met at the FTC to share their thoughts on what the FTC's complaint database and comprehensive consumer education booklet should contain. The roundtable participants also established a working group that provided feedback throughout the construction of the database. The FTC opened the consumer hotline and began adding complaints to the resulting Clearinghouse in November 1999. Law enforcement organizations nationwide who were members of our Consumer Sentinel Network (the FTC's universal fraud complaint database) gained access to the Clearinghouse via our secure Web site in July of 2000.
To ensure that the database operates as a national clearinghouse for complaints, the FTC has solicited complaints from other sources. For example, in November 2000, the International Association of Chiefs of Police (IACP) unanimously passed a resolution in support of curbing identity theft which, among other things, calls upon local police to refer identity theft victims to the FTC's hotline so that their complaints will be available to law enforcement officers nationwide through the Clearinghouse. In February 2001, the Social Security Administration Office of Inspector General (SSA-OIG) began providing the FTC complaints from its fraud hotline, significantly enriching our database. As a result of these efforts, the Clearinghouse has become a key element in identity theft investigations.
The Clearinghouse provides a much fuller picture of the nature, prevalence, and trends of identity theft than was previously available.(13) As the number of complaints entered into the Clearinghouse grows, it becomes a richer source of data for law enforcement, both in terms of developing and enhancing cases, and in providing information about the overall patterns and trends in identity theft.
Data from the Clearinghouse also assist law enforcement in other important ways. FTC data analysts aggregate the data to develop statistics about the nature and frequency of identity theft. Law enforcement and other policy makers at all levels of government use these reports to better understand the challenges identity theft presents. For instance, we publish charts showing the prevalence of identity theft by states and by cities. The data also demonstrate general trends. The first twelve months of data revealed that over thirty-five percent of victims who called us reported that they had not been able to file police reports. Following the November 2000 IACP resolution that called upon local police to write reports for all incidents of identity theft, the number of victims who were unable to file a report fell by almost half to eighteen percent.
Since the inception of the Clearinghouse, forty-eight separate federal agencies and three hundred thirty five different state and local agencies have signed up for access to the database. Among the agencies represented are over half the state Attorneys General as well as law enforcement from a number of major cities including Baltimore, Dallas, Los Angeles, Miami, San Francisco, and Philadelphia. We actively encourage even greater participation.
One of the goals of the Clearinghouse and the FTC's Identity Theft program is to provide support for identity theft prosecutions nationwide.(14) To further expand the use of the Clearinghouse among law enforcement, the FTC, in cooperation with the Department of Justice and the United States Secret Service, initiated a full day identity theft training seminar for state and local law enforcement officers. To date, we have held sessions in Washington, D.C., Des Moines, Chicago, and San Francisco. An August session is slated for Dallas. About 450 officers have attended these seminars, representing more than 110 different agencies.
FTC staff also help develop case leads. In the past year, the Commission launched an identity theft case referral program in coordination with the United States Secret Service, which assigned a special agent on a full-time basis to the Commission to assist with identity theft issues.(15) The identity theft team, assisted by the special agent, examines significant patterns of identity theft activity in the database and refines the data through the use of additional investigative resources, developing a preliminary investigative report. Then, the team refers the investigative report to one of the Financial Crimes Task Forces located throughout the country for further investigation and potential prosecution.
(3) Consumer education. The FTC has taken the lead in coordinating with other government agencies and organizations the development and dissemination of comprehensive consumer education materials for victims of identity theft and those concerned with preventing this crime.(16) The FTC's extensive, multi-media campaign includes print materials, media mailings and interviews, as well as the Identity Theft website, located at www.consumer.gov/idtheft. This collaborative consumer education effort is ongoing, and the Commission will continue such outreach with many of the private sector financial institutions that have an interest in preventing and remedying identity theft.
Our consumer education message has reached older Americans. Most prominently, AARP's Identity theft web page, www.aarp.org/confacts/money/identity, links directly to consumer.gov/idtheft. In addition, numerous issues of My Generation and the AARP Bulletin have included articles on identity theft, and have included references to the FTC's consumer education and assistance program.
The FTC's comprehensive consumer education booklet, Identity Theft: When Bad Things Happen to Your Good Name, has been a tremendous success. The 22-page booklet covers a wide range of topics, including how identity theft occurs, how consumers can protect their personal information and minimize their risk, what steps to take immediately upon finding out they are a victim, and how to correct credit-related and other problems that may result from identity theft. It also describes federal and state resources that are available to consumers who have particular problems as a result of identity theft. The FTC has distributed more than 1.3 million copies of the booklet since its release in February 2000. We recently released a Spanish language version of the Identity Theft booklet (Robo de Identidad: Algo malo puede pasarle a su buen nombre).
Other governmental agencies have distributed Identity Theft: When Bad Things Happen to Your Good Name to their constituencies. The Social Security Administration has joined the SEC, the FCIC and other agencies in reprinting the booklet and distributing it to the public. The SSA's distribution of the book makes it more likely that it will reach older Americans.
The FTC also developed the identity theft website, www.consumer.gov/idtheft, which includes the booklet, descriptions of common identity theft scams, and links to testimony, reports, press releases, identity theft-related state laws, and other resources.(17) The affidavit, complaint form and Identity Theft booklet are offered in both English and Spanish. The site also has a link to a web-based complaint form, allowing consumers to send complaints directly to the Identity Theft Data Clearinghouse.
III. THE FTC'S RECENT COLLABORATIVE AND OUTREACH EFFORTS
Over the past year, the Commission has worked closely with other government agencies and private entities to encourage the investigation and prosecution of identity theft cases, and to help consumers resolve identity theft problems.
A. Private Industry
Identity theft victims spend significant time and effort restoring their good name and financial histories. That burden results, in part, from the need to complete a different fraud affidavit for each different creditor where the identity thief opened or used an account in their name.(18) To reduce that burden, the FTC worked to develop the ID Theft Affidavit. The affidavit was the culmination of an effort we coordinated with private industry and consumer advocates to create a standard form for victims to use in absolving identity theft debts with each of the creditors where identity thieves opened accounts. The affidavit is accepted by the three major credit reporting agencies and many creditors. From its release in August 2001 through June 2002, we have distributed more 160,000 print copies of the affidavit. There have also been more than 200,000 hits to the Web version. The affidavit is available in both English and Spanish. The FTC is examining other ways to lessen the difficulties and burdens faced by identity theft victims. One approach under consideration is to develop a joint "fraud alert initiative" with the three major credit reporting agencies ("CRAs"). This initiative would allow the CRAs to share among themselves requests from identity theft victims that fraud alerts be placed on their consumer reports and copies of their reports be sent to them. This would eliminate the victim's need to contact each of the three major CRAs separately.
Additionally, the FTC is working with institutions that maintain consumers' information to identify ways to help keep that information safe from identity theft. In April, the FTC invited representatives from financial institutions, credit issuers, universities and retailers to a one day informal roundtable discussion of ways to prevent access to personal information such as employee and customer records. Recent episodes of wholesale thefts of information highlight the importance of this effort among entities that hold sensitive information.(19)
B. Governmental Cooperation
The governmental response to identity theft is a model of interagency cooperation. The Attorney General's White Collar Crime Task Force's Subcommittee on Identity Theft, in which we participate, brings together representatives from agencies as diverse at state attorneys general, the State Department, the U.S. Postal Inspectors and the International Association of Chiefs of Police, among others. This group serves as a way to directly coordinate in such areas as legal developments, case generation, training, outreach and data-sharing.
Cooperation also takes the form of sharing personnel. The U.S. Secret Service has, for the second year, detailed a special agent to the FTC's identity theft program.(20) The agent has worked closely with FTC staff, helping to develop and lead the Identity Theft Investigations Training, outreach to law enforcement, and the development of the preliminary investigative reports.
IV. IDENTITY THEFT: THE IMPACT ON SENIORS
The data collected in our Identity Theft Clearinghouse provides important information on trends in identity theft. Consumers have absolute choice on how they share their data with us: none of the data fields is required. However, we do ask consumers to provide information on how the identity theft occurred, what they know about the suspect, and the response of creditors to their plight. We also request that consumers provide their age. While not all consumers disclose their age, we do receive age information from a sufficient number to allow us to focus on how older Americans experience identity theft.
A. General Trend Data for 2001
The FTC received more than 117,000 reports from both victims of identity theft and others concerned about identity theft in 2001. Thirteen percent of these records were contributed by the Social Security Administration's Office of the Inspector General, which operates a Consumer Fraud Hotline. Of the 117,000 reports, over 86,000 (75%) were complaints from actual victims of identity theft, and over 31,000 (25%) were inquiries about identity theft generally.
B. How Identity Theft Affects Older Americans
Having collected and analyzed two full years of data, we can begin to identify possible trends.(21) For example, in 2000, 70% of the 26,813 victims reporting to the FTC provided their age. In 2001, 88% of the 70,545 victims who contacted the FTC provided their age.(22) (Figure 1 sets out the age distribution of the 2001 victims.) Notwithstanding that increase in the number of those reporting their age, the breakdown across different age groups remained quite similar from 2000 to 2001. See Figure 2. Americans aged 60 and above represented about 10% of the complainants in both 2000 and 2001. This group represents about 16% of the population of the U.S. population overall.(23)
The 2001 Clearinghouse data show that there are some ways that identity theft varies for those over 60 years of age.(24) See Figures 3-4. While the data reveal differences between the age groups, they currently do not enable us to draw any conclusions explaining these differences.
Overall, this data show very similar experiences between ID theft victims over 60 and those under 60. Without a more intensive survey of identity theft victims, we can only surmise why, for example, those over 60 experience proportionately more credit card fraud and less fraud involving utilities and telecommunication. However, we do know that our response to identity theft must continue to focus on consumer education, support of law enforcement and cooperation with the private sector in identifying ways to protect consumers from this serious crime.
Identity theft knows no barriers. Spanning the spectrum from young to old, rich to poor, identity theft has reached into every pocket of our population. Our response must be equally expansive. We will continue to identify ways to reach out through consumer education efforts, partnering with public and private agencies that reach different constituencies, and to support the prosecution of this crime. We will be particularly vigilant in looking for ways to reach American seniors with our consumer education message.
1. The views expressed in this statement represent the views of the Commission. My oral presentation and responses to questions are my own and do not necessarily represent the views of the Commission or any Commissioner.
2. "Health Fraud and the Elderly: A Continuing Epidemic" 107th Cong. (2001) (Prepared Statement of the Federal Trade Commission) (presented by Bureau Director J. Howard Beales).
3. Pub. L. No. 105-318, 112 Stat. 3007 (1998) (codified at 18 U.S.C. § 1028).
4. 18 U.S.C. § 1028(a)(7). The statute broadened "means of identification" to include "any name or number that may be used, alone or in conjunction with any other information, to identify a specific individual," including, among other things, name, address, social security number, driver's license number, biometric data, access devices (i.e., credit cards), electronic identification number or routing code and telecommunication identifying information.
5. Because individual consumers' financial liability is often limited, prior to the passage of the Act, financial institutions, rather than individuals, tended to be viewed as the primary victims of identity theft. Setting up an assistance process for consumer victims is consistent with one of the Act's stated goals: to recognize the individual victims of identity theft. See S. Rep. No. 105-274, at 4 (1998).
6. Pub. L. No. 105-318, § 5, 112 Stat. 3010 (1998).
7. Most identity theft cases are best addressed through criminal prosecution. The FTC itself has no direct criminal law enforcement authority. Under its civil law enforcement authority provided by section 5 of the FTC Act, the Commission may, in appropriate cases, bring actions to stop practices that involve or facilitate identity theft. See, e.g., FTC v. J.K. Publications, Inc., et al, 99 F. Supp. 2d 1176 (C.D. Cal. Apr. 10, 2000)(granting summary judgment for the FTC in case alleging that defendants obtained consumers' credit card numbers without their knowledge and billed consumers' accounts for unordered or fictitious Internet services), later proceedings at FTC v. J.K. Publications, Inc., et al, 99 Civ 00044 (C.D. Cal. Aug. 30, 2000)(final order awarding $37.5 million in redress); FTC v. Rapp, No. 99-WM-783 (D. Colo. filed Apr. 21, 1999) (alleging that defendants obtained private financial information under false pretenses)(Stipulated Consent Agreement and Final Order entered June 23, 2000).
8. These fraud alerts indicate that the consumer is to be contacted when new credit is requested in that consumer's name.
9. 15 U.S.C. § 1681 et seq.
10. 15 U.S.C. § 1666. The Fair Credit Billing Act generally applies to "open end" credit accounts, such as credit cards, revolving charge accounts, and overdraft checking accounts. It does not cover installment contracts, such as loans or extensions of credit that are repaid on a fixed schedule.
11. 15 U.S.C. § 1601 et seq.
12. 15 U.S.C. § 1692 et seq.
14. The Commission recently testified in support of S. 2541, the Identity Theft Penalty Enhancement Act of 2002, which would increase penalties and streamline proof requirements for prosecution of many of the most harmful forms of identity theft. See Testimony of Bureau Director J. Howard Beales, Senate Judiciary Committee, Subcommittee on Terrorism, Technology and Government Information (July 11, 2002).
15. The referral program complements the regular use of the database by all law enforcers from their desk top computers.
16. Among the organizations the FTC brought into this effort are the Federal Reserve Board, the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation, the National Credit Union Administration, the Office of Thrift Supervision, the Department of Justice, the U.S. Secret Service, the Federal Bureau of Investigation, the Postal Inspection Service, the Internal Revenue Service, the Social Security Administration, the Federal Communications Commission, the Securities and Exchange Commission, the U.S. Trustees, and the National Association of Attorneys General.
17. www.consumer.gov is a multi-agency "one-stop" website for consumer information. The FTC hosts the server and provides all technical maintenance for the site. It contains a wide array of consumer information and currently has links to information from more than 170 federal agencies.
18. See ID Theft: When Bad Things Happen to Your Good Name: Hearing Before the Subcomm. on Technology, Terrorism and Government Information of the Senate Judiciary Comm. 106th Cong. (2000) (statement of Mrs. Maureen Mitchell, Identity Theft Victim).
19. Jacob Fries, U.S. Says Ex-Prudential Worker Stole Colleagues' ID's and Sold them Online, NY Times, March 2, 2002 at B2; John Schwartz, 13,000 Credit Reports Stolen by Hackers, NY Times, May 17, 2002 at C5
20. The Postal Inspection Service was the first agency to detail a law enforcement officer to work with the FTC's data sharing program. The Inspection Service detailed an inspector who, for over one year, managed our Consumer Sentinel system. These partnerships allow us to share expertise and also maintain open and ongoing communication.
21. Although our data do indicate that the actual numbers of complaints in all age groups more than doubled from 2000 to 2001, we cannot say that these numbers correspond necessarily to an equal increase in identity theft in the larger population. As noted above, the increase can also be attributed to a greater awareness of the FTC as a resource for ID theft victims.
22. The SSA-OIG does not collect information about the victim's age. We therefore include only the 70,000 complaints received by the FTC in this statistical breakout.
24. Because victims can report experiencing more than one form of identity theft, the percentages add up to more than 100%.