A 2003 warning about Equifax and similar conspiracies

Testimony of the U.S. Public Interest Research Group

Edmund Mierzwinski, Consumer Program Director

Concerning Errors In Credit Reports, The Rise of Identity Theft and the Need to Restore States’ Rights to Protect Their Citizens

at a Hearing Entitled:

The Fair Credit Reporting Act (FCRA):

How It Functions For Consumers and the Economy

Before the Subcommittee on Financial Institutions,

U.S. House of Representatives,
Honorable Spencer Bachus, Chair

4 June 2003

Chairman Bachus, Representative Sanders, members of the subcommittee. On behalf of the non- profit, non-partisan state-based Public Interest Research Groups, U.S. PIRG is pleased to offer you this testimony on the impact of the Fair Credit Reporting Act (FCRA), and its temporary 1996 partial preemption provision, on consumers and the credit system.


We appreciate the opportunity to provide our views. By way of introduction, since 1989, when Congress began review of the adequacy of the 1970 FCRA, U.S. PIRG and the state PIRGs have been active participants in the reform process and have conducted research and advocacy projects on issues ranging from credit reporting accuracy to identity theft.

I want to say at the outset that the FCRA is an important consumer protection and privacy law. It plays a critical role in helping consumers obtain opportunities in the marketplace. Yet, despite the 1996 attempts to update the law to improve it, the law still suffers from numerous problems, including a lack of agency enforcement, limits on private enforcement, an utter disdain for compliance by many creditors that furnish information to credit bureaus, the failure by the consumer reporting industry to maintain adequate accuracy standards, and the disconnect in the credit granting process that has led to the identity theft epidemic.


Although it is not these problems that first brought the FCRA to your attention this year, I hope to work with you on solutions to them. Errors in credit reports have profound effects on consumer economic opportunities. Identity theft is rampant in our society and only getting worse. Positive changes to the FCRA, including reinstatement of states’ rights, can mitigate these problems without causing the dire consequences threatened by industry lobbyists.


Our complex national credit system, which relies on interrelationships between and among furnishers of information (creditors), consumer reporting agencies (credit bureaus) and numerous other information providers, secondary market players and, finally, consumers, was not created by the temporary 1996 preemption compromise to the FCRA and will not be destroyed by letting it expire.


This year, financial industry lobbyists have come to Congress urging you to extend that temporary preemption provision. Instead, we strongly recommend that you let the preemption expire, as Congress clearly intended in 1996. Letting the preemption expire will fully restore the FCRA’s original 1970 provision making federal law a floor and allowing states to protect their citizens better. The FCRA worked well before 1996, as the testimony of the Vermont Attorney General’s office and other consumer witnesses has made clear today.


We commend you for rejecting industry’s request to simply and quickly extend preemption without debate. Instead you have convened this important series of fact-finding hearings to help you determine how to “put the FAIR back in Fair Credit Reporting.”


Industry’s lobbying campaign urging you to simply extend the temporary preemption is merely an attempt to preserve the unacceptable status quo.


— Is a status quo that has led to an increasing number of identity theft complaints in each of the past three years, with identity theft complaints leading all consumer complaints to the Federal Trade Commission (FTC) in 2000, 2001 and 2002 and doubling in 2002, a status quo worth preserving?

— And is a status quo that leaves many consumers paying too much for credit, or being denied credit, jobs, insurance, an apartment or a home or even the right to cash a check, use a debit card or open a bank account worth preserving?

— And is a status quo that has allowed some of the largest financial industry players to intentionally misrepresent consumer credit data — so that their customer’s credit scores will be artificially deflated and they become captive consumers who cannot shop around — worth preserving? Further, I urge the committee to ask: Is this industry chicanery a factor causing some consumers to have their credit card rates re-priced to 25% APR penalty rates when their credit scores are calculated during FCRA-allowed account reviews, as the New York Times suggested in a front page story last week?1

— And is a status quo that results in consumers being burdened by excessive credit card debt, fueled by a system that has resulted in 5 billion credit card solicitations mailed each year, without adequate disclosure of a weak, overly complex opt-out right, worth preserving?

— And is a status quo where consumers still face what we called in 1992 “the nightmare on credit street,” where creditors and credit bureaus blame each other and ultimately don’t fix errors because neither faces adequate liability, worth preserving?


Of course not. We believe that after this commendable series of fact-finding hearings is completed, you will agree with consumer groups, privacy advocates and state attorneys general that the act needs a major overhaul. But your significant challenge is to see through the industry’s increasingly transparent strategy of denying all problems yet agreeing, while kicking and screaming, to accept modest, token improvements as long as it ultimately gets what it wants—extension of the state preemption.


Your challenge is to reject industry’s facile, well-funded propaganda campaign and require industry to make a strong business case why the several states should continue to be denied the right to enact stronger laws in the future. So far, they’ve shown nothing to convince any reasonable participant in the process that the status quo is worth preserving.


Instead of relying on facts, the industry’s slick campaign is based on deceptive, but repetitive, use of the terms “reauthorization,” “free flow of information” and “uniformity.”


  •  First, industry lobbyists and advertisements repeat incessantly that the “FCRA itself must be re-authorized,” as if this optional Congressional action were somehow a mandatory reauthorization of a law that faces a Congressional sunset. But industry’s argument is false on face. Only the temporary, partial, preemption expires, not the underlying FCRA. If Congress does nothing, the FCRA remains in force.


  •  Second, industry argues that we have uniform credit laws, allegedly thanks to the 1996 temporary FCRA preemption. Actually, the preemption froze certain aspects of state laws in 1996, but several state laws were grandfathered in after those states enacted FCRA reforms quickly – while Congress stalled despite numerous complaints of credit reporting errors. These states – including the biggest state, California, as well as Massachusetts and Vermont – maintain stronger, non-uniform laws than the rest of the country. These states have not been balkanized; their citizens have not been deprived of economic opportunity. Law professor Joel Reidenberg, in testimony before this committee last month, provided record evidence that the opposite may be true: California, Massachusetts and Vermont citizens appear better off, not worse off, despite their stronger FCRA laws.
  • Third, industry argues that stronger state laws threaten the free flow of Industry goes on to threaten that enactment of stronger state laws will cause companies to drop from the credit reporting system, decreasing its value for all participants. Actually, according to recent studies by both the Federal Reserve Board and the Consumer Federation of America and the National Credit Reporting Association,2 many banks and other creditors are already intentionally decreasing the value of the free flow of information in the credit reporting system and hurting their consumer customers by failing to completely report their customer’s positive credit records, in a purposeful and successful, if facile, effort to deflate their credit scores and prevent them from taking advantage of credit opportunities.


  • Finally, industry lobbyists and ads allege that the temporary 1996 FCRA preemption provision is the engine that drives our economic trains. We had a national credit reporting system before 1996 and it worked Industry’s claim that eliminating the temporary 1996 FCRA preemption provision will jeopardize that system is without foundation.

1. The states are our best hope for reform, not a threat:


Best Solutions Coming From The States: For the last eight years the Congress has done nothing substantive to address the growing problems of identity theft other than to criminalize it. Criminalization hasn’t worked, yet industry has stymied Congress from enacting bills such as the proposal by Reps. Hooley and LaTourette and others to improve the situation.


To fill this gap, the best solutions to identity theft and credit reporting errors – those solutions being adopted nationwide by industry on an allegedly “voluntary” basis or being considered by the Congress – come from the several states, acting in areas of the FCRA where their rights were not curtailed. Restoration of their full rights to act will not result in balkanization of our financial laws; instead, it will result in even more rapid nationwide improvements to the serious problems consumers face when their identities are stolen or their credit records are garbled.


We generally agree with industry that a uniform national law would be the most efficient, provided it is adequate. But the best way to get to adequate uniformity is to retain states’ rights. Congress has not demonstrated a propensity for enacting uniform consumer protection laws that are adequate, except when driven by the threat of state actions. Taking away states’ rights will result in enactment of a weak federal law that won’t protect consumers. It won’t even preserve what industry refers to as the “free flow of information,” which is already under assault by some of the biggest banks. If Congress fails to solve the problem, or new problems arise, the states can act more quickly to resolve the problem and provide a template for additional federal action by the Congress.


Retaining states’ right to enact stronger laws is the best way to guarantee an eventual strong uniform federal law. The states are rational actors; they will not act to balkanize our financial system. Instead, they will respond to new threats with new and innovative ideas, which will be eventually be adopted by other states. The notion of 50 different, conflicting laws is absurd and not even worth debate.


In the area of consumer protection, without ideas from the states, typically the only way the inertia of Congress is ever overcome is by a stark crisis – such as Enron. Remember, the Enron fiasco wasn’t even enough to guarantee passage of last year’s Sarbanes-Oxley corporate reforms—we had to wait for Worldcom.


From a public policy point of view, it makes more sense to allow the states to partner with the Congress in developing adequate uniform laws, than to wait for another Enron-Worldcom crisis.


In areas where the states are not preempted, the states have been leaders. States are currently allowed to act in several areas, including: to restrict the uses of credit reports (such as ban insurance uses of credit scoring); to lower the price of or require free credit reports on request; to impose minimum statutory damage penalties for violations; to fight identity theft. This spring, Visa prominently announced it would “voluntarily” truncate credit card numbers on receipts to stop credit card fraud. Voluntary decision? Not really. Ohio and California had already enacted and were implementing laws requiring this action. Several other states are in the process of enacting such a law. Now that Visa has complied nationally with several state laws, we expect this proposal – which came from the states, to be quickly enacted in Congress.


U.S. PIRG: Examples of Some State Consumer Credit and Identity Theft Laws3 Arrest, Conviction, and Bankruptcy Records.

Kentucky: CRAs may not maintain information concerning criminal charges unless the charge results in a conviction. Ky. Rev. Stat. Ann. § 431.350.

Massachusetts: CRAs may not maintain arrest records more than seven years old. Mass. Gen. Laws Ann. Ch. 93 § 53.

New Mexico, Kansas, and Montana: Criminal data must be purged from the report after seven years, bankruptcies must be purged after 14. N.M. Stat. Ann. § 56-3-1; Kan. Stat. Ann. §§ 50-701 to 50-722; Mont. Code Ann. §§ 31-3-101 to 31-3-153.

Cost of Reports.

Georgia: Individuals are entitled to two free credit reports from each national credit reporting agency. Ga. Code Ann. § 10-1-392.

Colorado, Maryland, Massachusetts, New Jersey, and Vermont: Individuals are entitled to a free credit report once a year. Col. Rev. Stat. 12-14.3-101; Md. Comm. Law Code Ann. § 14- 1209; Mass. Gen. Laws Ann. Ch. 93; N.J. Stat. Ann. 56:11-29; Vt. Stat. Ann 2480b.

Connecticut: Credit reports are $5. Conn. Gen. Stat. Ann. § 36a-699a. Minnesota: Caps the cost of credit reports at $8.

Credit Scores.

California: CRAs must furnish credit scores to individuals for a reasonable fee. Cal. Civil Code 1785.10.

Colorado: Businesses using credit scores for underwriting must provide notice to the consumer. Colo. Rev. Stat. §§ 12-14.3-101-12.14.3-109.

Connecticut: Consumers must receive report within five days of receipt of the request; report must include all information in the file, including any credit score. Conn. Gen. Stat. §§ 36a-695 to 36a-699e.

Idaho: Prohibits insurers from raising rates, denying coverage, or canceling a policy primarily based on a credit rating or credit history. Idaho Code § 41-1843.

Vermont: Credit scores or predictors must be provided to the individual with the report. Vt. Stat. Ann. Tit. 9.

Duties on Users of Reports.

California: Individuals may receive a free copy of their credit report when it is requested by an employer. Cal. Civil Code 1785.20.5.

Utah: Credit grantors must notify consumers when negative information is furnished to a CRA. Utah Code Ann. 70C-7-107.

Investigative Consumer Reports.

Arizona: Sources of investigative consumer reports must be furnished to the individual upon request.

(2)  How The Preemption Provisions Have Made Matters Worse For Consumers

In 1996, Congress preempted states from acting in several areas of the FCRA, for 8 years, although it grandfathered in several stronger state laws and rejected complete uniformity. In each of these areas, consumer protection or privacy has suffered.

(a)  Preemption of Affiliate Sharing

The 1996 amendments created a new exception to the definition of credit report for the sharing of information among corporate affiliates. The intent of Congress was narrow: it was to ensure that basic affiliate sharing by a company did not trigger the responsibilities of a credit bureau.

Much of the debate over financial privacy has been over opt-in and opt-out. Yet, many observers are unaware that the primary protection of Gramm-Leach-Bliley is provided by notice. Unlike the Fair Credit Reporting Act, which is based broadly on the Fair Information Practices, GLB is largely a notice statute. Notice is not enough. Consumers need the right to choose, the right to review their views and dispute errors all the other protections provided by the FIPs.

Under GLB, most sharing, including sharing of experience and transaction information with both affiliates and third parties providing joint marketing services, is under a no-opt regime.

Consumers do not have the right to opt-out except in the circumstance of sharing with other third parties, primarily telemarketers selling non-financial services. Even Congressional Research Service reports have misunderstood the limited opt-out provisions of GLB4. Industry documents and materials claim the debate is over opt-out or opt-in. Actually, the vast bulk of industry has yet to agree that opt-outs are acceptable—they are actually for no-opt.

The failure of the GLBA to require any form of consumer consent for the vast majority of information sharing transactions affected is one example of how GLBA – unlike the FCRA — fails to meet the Fair Information Practices 5.

Problem: Industry has used confusion between the preemptive effect of this narrow exception and a contrasting pro-state’s rights provision of the 1999 Gramm-Leach-Bliley Financial Services Modernization Act to chill efforts to enact stronger state and local financial privacy laws. If industry’s interpretation were true, then the clear states’ rights provision of GLB would have no meaning. Nevertheless, industry has mounted a fierce lobbying campaign against stronger state financial privacy laws and has sued to overturn local financial privacy ordinances in San Mateo and Daly City, California. Expiration of the preemption will help, but the Congress could also clarify that the only effect of the FCRA affiliate sharing exception and its relationship to GLB is to prevent affiliate sharing from triggering the duties of credit bureaus, not to stymie state efforts to improve financial privacy.

  • Preemption of all matters related to pre-screened credit card solicitations Industry mails 5 billion credit card solicitations each year. Pre-screened mailings are generated from credit reports. These mailings contribute to massive credit card debt that may lead to financial problems or even Pre-screened solicitations are also easy prey for identity thieves who steal your mail. Privacy protections provided are weak at best.


  • The 1996 amendments defined a so-called “firm offer of credit” not as a pre-approval to get credit, only pre-approval to receive an Companies are allowed to review, or “post-screen,” an applicant’s credit report again and reject them for the prominently advertised “low-APR, high credit limit” card and make a less-favorable bait-and-switch offer following the post-screen, without giving consumers an adverse action notice.


  • In return for this codification of an existing 1991 Federal Financial Institutions Examination Council (FFIEC) rule allowing the so-called firm offer of credit, Congress in 1996 added a modest opt-out privacy right to the FCRA, but failed to require any disclosure rules. The FCRA opt-out has no prominence or express language Here is a typical sentence from the middle of a long paragraph of a small print disclosure on the back of one of the pages in a credit card solicitation.

“You have the right to prohibit information contained in your credit file with any credit bureau from being used in connection with any credit transaction that you do not initiate.”

That sentence, in case you were wondering, gives you the right to opt-out of, or say no, to the “privilege” of having your credit report used to generate your share of 5 billion credit card solicitations mailed annually. An actual size copy of the full disclosure is reproduced here. The entire page it appears on consists of similar condensed print describing rights and disclaimers.

  • Problems With The Opt-Out Process: The Congress in 1996 required the credit bureaus to establish a 1-telephone number shared opt-out system. Note that the disclosure goes on to first offer you the names and addresses of each credit bureau, despite the shared 1-call opt-out The phone number eventually follows the list of addresses. It gets worse.

At the behest of the Direct Marketing Association and creditors, the Congress made the opt-out more complex than even this. Congress established a two-tiered opt-out. If you opt-out by phone, your opt-out is only good for two years. How does the joint 1-call opt-out system handle this?

Poorly, and to the advantage of the bureaus. Your first choice, “option 1” is only a two year opt- out. If you select that immediately, you don’t even hear about “Option 2,” the permanent opt-out. If you do manage to get to “Option 2,” the permanent opt-out, it takes your information, then tells you that you must wait and receive a “notice of election” in the mail, sign it and return it.

So a consumer who desires to exercise a permanent opt-out right must first decipher an unintelligible, hidden notice, then make a telephone call, push a number of buttons, provide his   or her Social Security Number (many consumers hang up at this point thinking the phone number is a scam to steal identities), wait to receive a form in the mail and remember to return it. This is consumer protection?

  • Pre-screening opt-out doesn’t block affiliate-related credit card marketing: Worse, the pre- screening opt-out doesn’t stop the flow of credit card solicitations, it only slows it down. Now, many retailers, airlines, organizations and others routinely send credit card solicitations to their customers. Yet, these offers are based on affiliate sharing — under the Gramm-Leach-Bliley Act, not the FCRA. No credit report was used for pre-screening, so no opt-out is provided on the Under Gramm-Leach-Bliley, affiliate sharing of “experience and transaction” information is subject to a no-opt rule. The FCRA opt-out does not apply, nor does the limited GLB opt out. Congress should create a “no credit card offers” list and apply the 1-call opt-out to all credit card solicitations not only pre-screened solicitations.

(c)  Preemption of furnisher duties has limited consumer rights to enforce act

The 1996 amendments, for the first time, imposed modest duties on banks, department stores and other creditors that “furnish” information to credit bureaus to avoid making errors. The duties are very weak and the threat of liability modest. In fact, Congress prohibited consumers from suing furnishers for failing to comply with what were called in 1996 “front-end” accuracy requirements (Section 623(a)) and limited the section’s enforcement to agencies. Congress only gave consumers a private right of action to enforce Section 623(b)’s “back-end” responsibilities, which require a furnisher to comply with reinvestigations and avoid reinsertion of false information after being notified.

Even worse, as the National Association of Consumer Advocates will testify today, after a federal court misinterpreted the 1996 FCRA amendments, it took several years to develop new case law correcting the lower courts and reinstating the clearly intended private right of action for Section 623(a) violations. Notably, the FTC filed a friend of the court brief on behalf of consumer Toby Nelson that was widely cited in the Ninth Circuit’s decision reinstating the private right of action against furnishers.

As counsel for the FTC observed, there are involved in any credit transaction only the consumer, the CRAs, the user of the credit reports and the furnishers of the credit information. As consumers would not be made subject to suit by consumers, and as CRAs and users were already suable, who else except furnishers could Congress have had in mind when it introduced” any person” into the statute? Where, other than under 1681s- 2(b) [623(b)] would furnishers be suable by consumers? In oral argument, counsel for Chase conceded that Chase had no answers to these questions. We cannot suppose that Congress made an amendment without a purpose.

9th Circuit U.S. Court of Appeals, opinion, 1 March 2002, Nelson vs. Chase Manhattan Mortgage 6

State and federal laws pertaining to furnishers of consumer credit information differ in two respects: liability standards and remedies. Overall, the state laws in California and Massachusetts, which were grandfathered in, are stronger than the federal FCRA. Law professor Joel Reidenberg, in testimony before this committee last month, provided record evidence that the opposite may be true: California, Massachusetts and Vermont citizens appear better off, not worse off, despite their stronger FCRA laws 7.

The FCRA imposes a standard of actual knowledge or purposeful avoidance of knowledge on furnishers of credit information. It states: “Furnishers of consumer credit information must not give information if they know or consciously avoid knowing that it is inaccurate.” FCRA 623(a)(1)(A). Conversely, the two state laws’ liability standards are broader in scope and more pro-consumer. California imposes an actual as well as a constructive knowledge liability standard, meaning that regardless of whether the furnisher actually does not know the consumer’s information is inaccurate, the furnisher had a duty to know. Cal. Civ. Code 1785.25(a). In Massachusetts, a fact finder will look at whether the furnisher had either actual knowledge of the inaccuracy or, once again, whether he should have known. This is done by employing a reasonable person standard. ALM GL Ch. 93, s. 54(A).

As for remedies, the FCRA provides only an administrative cause of action against furnishers who violate section 623(a); and thus consumers are left with a private cause of action only under 623(b). FCRA 623(c). Such a limit on remedies does not exist under the stronger state laws. In Massachusetts and California, a private remedy is triggered upon a dispute – similar to the FCRA – however an all-encompassing subsection in both state laws provides that all furnishers who fail to comply with the entire section (not just a certain part of the section) are liable.

The difficulty in suing either credit bureaus or creditors places a fundamental role in their lackadaisical attitude toward accuracy and consumer protection.

(D) Preemption of all notices, all timetables

All notices of consumer rights under the FCRA are also subject to preemption as are all timetables for reinvestigation of errors. All timetables for removing negative information (usually 7 years) from reports are also preempted.

Problem: The FCRA’s rights notices are inadequate. The FCRA’s reinvestigation timetables are too long. The FCRA’s obsolescence periods do not reflect risk properly—minor delinquencies should remain on credit reports for shorter times. States have been prevented from acting in all these areas.

(3)  The Continuing Problem of Inaccurate Credit Reports

The 1996 amendments included several provisions to improve the accuracy of credit reports. Among the key changes were the following:

First, furnishers were subjected to modest new duties and limited liability.

Second, the CRAs were required to develop a joint error notification system to prevent the recurrence of errors.

Third, the CRAs were required to have adequate staffing to handle consumer complaints.

Fourth, users were required to tell consumers that they had a right to a free credit report following denial, circumstances when free reports were available were expanded slightly and CRAs were required to provide consumers with a detailed description of their rights.

Fifth, a series of small changes were made, including a clarification that the 7-year period for dropping obsolete information could not be re-started when debts were sold and that accounts closed in good standing must be coded so that they could not be interpreted as negative items in credit scores.

By and large, the changes haven’t worked, because they haven’t been enforced by the FTC8 or other agencies, such as the OCC, that regulate furnishers. Further, as the testimony of the National Association of Consumer Advocates and the National Consumer Law Center points out today, it is difficult for a consumer to privately enforce the FCRA. Absent the threat of significant damages for violations, the credit bureaus and furnishers treat mistakes and identity theft as merely a cost of business, rather than a problem.

(4)  Are Credit Reports Accurate?

No. According to the most comprehensive study ever done, released in December 2002 by the Consumer Federation of America and the National Credit Reporting Association, credit scores calculated from credit reports obtained from each of the Big Three repositories show a wide disparity 9:

  • CFA/NCRA analyzed 502,623 credit files with scores from all three major credit reporting agencies – the largest sample ever examined. Every state and territory in the nation was represented.
  • Nearly one out of three files (29 percent) had a score discrepancy among the three reporting agencies of 50 points or more. Credit scores range from about 400 to about 800.
  • 4 percent of files had a discrepancy of 100 points or more.
  • The average discrepancy was 41 points (with a median discrepancy of 35 points).
  • Roughly eight million consumers – one in five of those who are at risk – are likely to be misclassified as sub-prime upon applying for a mortgage, based on the study’s review of credit files for errors and inconsistencies. A similar number are likely to benefit from errors in their reports. However, individual consumers do not benefit from system-wide averages and should not have to cope with a credit reporting system that functions as a lottery.
  • Misclassification into the subprime mortgage market can require a borrower to overpay by tens of thousands of dollars in interest payments on a typical mortgage. For example, over the life of a 30-year, $150,000 mortgage, a borrower who is incorrectly placed into a 84% subprime loan would pay $317,516.53 in interest, compared to $193,450.30 in interest payments if that borrower obtained a 6.56% prime loan – a difference of $124,066.23 in interest payments.

A credit score that is even a few points lower than it should be can have a negative impact on certain consumers, especially those on the border between the prime and subprime mortgage markets.10

The CFA and NCRA findings buttress the findings of a number of smaller studies conducted over the years by the state PIRGs and Consumers Union, publisher of Consumer Reports Magazine. These studies found significant error rates that could lead to denials in approximately one-third or more of the credit reports surveyed.


U.S. PIRG: Sources of Errors In Credit Reports
and Variances In Credit Scores
Systemic Errors Possibly In Violation of
FCRA’s Maximum Possible Accuracy Standard
Geographical discrepancies in affiliate coverage by repositories Different repositories may use different overlapping affiliates with differential coverage of local creditors and debt collectors.
Variances in reporting for national or local creditors One repositories may use monthly tapes from a large creditor; another may use quarterly tapes
Continued use of obsolete Metro tape format with known egregious flaws instead of Metro 2 upgrade Repositories have not required furnishers to uniformly upgrade to the more accurate Metro 2 format, resulting in numerous errors, especially false bankruptcy reporting.
Incomplete reporting by large creditors in effort to trick scoring systems and prevent customers from shopping around Some credit card companies do not report the full positive trade line on their good customers, especially subprime customers, deflating credit scores. Bank regulators have failed to adequately enforce.
Public Record data collection Repositories and their hirelings collect courthouse records and inadequately verify that the John Smith who filed bankruptcy is the John Smith where they insert the negative public record.
Failure to Adequately Match Demographic Information in Subscriber Report Requests With Information in Repository File Consumers cannot receive own report without providing 4-5 matching pieces of information. Subscribers, conversely, submit only 2 – name and Social Security Number. Subscriber reports are therefore much more prone to include information about someone else: called a “mis-merge” or “file variant.” Sloppy reliance on Social Security Numbers is the key that opens this door to identity theft.


James Williams of Consolidated Information Services, a New York area retail mortgage credit reporting agency, in 1991 analyzed 1500 reports from the three big bureaus and found errors in 43 percent of the files.


To our knowledge, only one study has ever been released by the Associated Credit Bureaus. According to news reports, its 1991 report, conducted by Arthur Andersen, claimed that “errors critical to the decision of granting credit” occurred in fewer than 1% of files.

  • The Real Threat To The Free Flow of Information Is The Failure By Furnishers To Report Completely

This spring, the Federal Reserve Board of Governors released a major study11 of credit reports. Among its key findings, based on a review of 248,000 credit reports held by one unnamed repository, was the following: fully 70% of consumers had at least one trade line account with incomplete information. The Fed finds this problematic.

A key measure used in credit evaluation—utilization—could not be correctly calculated for about one-third of the open revolving accounts in the sample because the creditor did not report the credit limit. About 70 percent of the consumers in the sample had a missing credit limit on one or more of their revolving accounts. If a credit limit for a credit account is not reported, credit evaluators must either ignore utilization (at least for accounts without limits) or use a substitute measure such as the highest-balance level.

The authors’ evaluation suggests that substituting the highest-balance level for the credit limit generally results in a higher estimate of credit utilization and probably a higher perceived level of credit risk for affected consumers. [Emphasis added] 12


Although industry witnesses will testify to a vast “free flow of information” driving our economy that should not be constrained, more and more firms are choosing to stifle the flow of information themselves — to maintain their current customers as captive customers. When a bank intentionally fails to report a consumer’s complete credit report information to a credit bureau, that consumer is unable to shop around for the best prices and other sellers are unable to market better prices to that consumer. Even the Comptroller of the Currency, Mr. Hawke, has condemned the practice.13 So has the FFIEC:

The Agencies are aware that over the last year some financial institutions have stopped reporting certain items of customer credit information to consumer reporting agencies (credit bureaus). Specifically, certain large credit card issuers are no longer reporting customer credit lines or high credit balances or both. In addition, some lenders, as a general practice, have not reported any loan information on subprime borrowers, including payment records. The Agencies have been advised that the lack of reporting is occurring primarily because of intense competition among lenders for customers.

The Agencies note that both financial institutions and their customers generally have been well served by the long-established, voluntary self-reporting mechanism in place within the industry.14

Yet, rather than enforcing the accuracy provisions of Section 623(a) of the FCRA and requiring furnishers regulated by FFIEC members to provide complete information, the FFIEC guidance merely urges members to take intentionally flawed trade lines into account in their risk analysis.

Accordingly, financial institutions that rely on credit bureau information as a tool in their underwriting and account management functions, whether manual or automated, should have processes in place to effectively identify and compensate for missing data in credit bureau reports and models.15

So, it is clear that the gravest threats to the FCRA and its role in preserving the free flow of information that affects our credit system and economy come not from state actions, but from changing industry practices designed to limit the act’s applicability or coverage. Companies are “gaming” the so-called free flow of information, to create a captive customer base and prevent their own customers from shopping around.

(6)  Does The Credit Reporting System Prevent Identity Theft? No

1996-2002: The Age of Identity Theft: From 1989 through 1996, while Congress considered the strengthening of the FCRA, identity theft was not a significant issue in the debate. While it turns out that the problem was growing, the industry had been keeping it quiet and absorbing the costs of fraud without providing Congress or the FTC with significant information. In 1996, the state PIRGs released the first national report on the problem, “The Consumer X-Files,” documenting the cases of several identity theft victims and attempting to quantify the problem.

In 1997, the state PIRGs released a follow-up, “Return To The Consumer X-Files 16”. In 2000, the state PIRGs and Privacy Rights Clearinghouse released a detailed survey of identity theft victims, “Nowhere To Turn17.” In 2003, CALPIRG released the first analysis of police officer views on identity theft, “Policing Privacy18.” It found that police share consumer groups’ views that creditor practices must be reined in to stop identity theft.

In 1997, victim Bob Hartle pushed state legislation through the Arizona legislature criminalizing identity theft. Hartle urged Senator Jon Kyl (R-AZ) and Rep. John Shadegg (R-AZ) to enact similar legislation federally in 1998. The proposal was backed by PIRG and other consumer groups, by the Secret Service and police associations, and embraced by the industry. But criminalization of identity theft, also adopted by nearly every state, hasn’t solved the problem.

The FTC has recently reported that identity theft was the leading complaint to the agency for the years 2000, 2001 and 2002. The number of cases doubled in 2002, according to the FTC. Based on figures reported to the GAO by the credit bureaus themselves, identity theft may strike as many as 500,000-700,000 consumers annually.

First, identity theft is a fast growing crime and criminalization is only part of the solution. Identity theft criminalization does not appear to have slowed the growth of identity theft. Creditors (banks, mortgage companies, department stores, etc) and credit bureaus (Experian, Equifax and Trans Union) must improve both their credit granting practices – to reduce the incidence of identity theft — and their treatment of identity theft victims – to make it easier for these victims to clear their good names and re-enter the financial world. Legislation is necessary to coerce these recalcitrant firms, which generally consider a “few” mistakes and a few lawsuit settlements the cost of doing business while they ignore the real costs, both tangible and intangible, to victims. Unless banks, department stores and credit bureaus are forced by law to help prevent identity theft, they will continue in their sloppy credit-granting practices, they will continue to dismiss the problem of identity theft with their public relations campaigns19 and they will continue to reject the massive impact identity theft has on its consumer victims.

Second, misuse, over-use and easy access to Social Security Numbers helps drive the identity theft epidemic. Fundamentally, this nation needs to wean the private sector of its over-reliance on Social Security Numbers (SSN) as unique identifiers and database keys. Creditors issue credit based on a match between an applicant’s SSN and a credit bureau SSN, with no additional verification in many cases that the applicant is actually the consumer whose credit bureau file is accessed.

Types of Identity Theft: Experts divide financial identity theft into two main categories. “True name” fraud occurs when someone uses pieces of a consumer’s personal identifying information, usually a Social Security number (SSN), to open new accounts in his or her name. Thieves can obtain this information in a variety of ways, from going through a consumer’s garbage looking for financial receipts with account numbers and SSNs, to obtaining SSNs in the workplace, to hacking into computer Internet sites, or buying SSNs online.

“Account takeover” occurs when thieves gain access to a person’s existing accounts and make fraudulent charges. Regardless of the types of fraud committed or the amount of money taken fraudulently, victims indicate that stress, emotional trauma, time lost, and damaged credit reputation — not the financial aspect of the fraud — are the most difficult problems they face. One victim from Nevada explained to us, “this is an extremely excruciating and violating experience, and clearly the most difficult obstacle I have ever dealt with.”

(7)  Results of the PIRG/Privacy Rights Clearinghouse Survey of Identity Theft Victims

In the spring of 2000, CALPIRG and Privacy Rights Clearinghouse sent surveys to victims who had recently contact our offices, and published a report based on the findings, entitled “Nowhere To Turn: Victims Speak Out on Identity Theft.20” The report followed up on CALPIRG’s groundbreaking identity theft reports21 released in 1996 and 1997, and on the pioneering work of the Privacy Rights Clearinghouse in assisting victims and drawing attention to their plight. Both organizations have also worked with victims to find ways that they can help themselves, because until the Federal Trade Commission established its clearinghouse, there was no government agency that made identity theft solutions its priority.22

The data pinpoint the failure of law enforcement, government, and the credit industry to address the root causes of identity theft. By not changing their procedures, these stakeholders have both helped perpetuate identity theft and have made it difficult for victims to resolve their cases expeditiously. Although each identity theft case is different, we have been able to identify patterns and trends in the victims’ responses. The survey data also verify that the stories in the news on identity theft are not extreme cases in which an unlucky victim has had an unusually bad experience. As one victim from California stated, “It was as terrible as all the books and articles say it is.”

Forty-five percent (45%) of the victims consider their cases to be solved; and it took them an average of nearly two years, or 23 months, to resolve them. Victims (55%) in the survey whose cases were open, or unsolved, reported that their cases have already been open an average of 44 months, or almost 4 years.

Three-fourths, or 76%, of respondents were victims of “true name fraud.” Victims reported that thieves opened an average of six new fraudulent accounts; the number ranged from 1 to 30 new accounts.


The average total fraudulent charges made on the new and existing accounts of those surveyed was $18,000, with reported charges ranging from $250 up to $200,000. The most common amount of fraudulent charges reported was $6,000.

Victims spent an average of 175 hours actively trying to resolve the problems caused by their identity theft. Seven respondents estimated that they spent between 500 and 1500 hours on the problem.

Victims reported spending between $30 and $2,000 on costs related to their identity theft, not including lawyers’ fees. The average loss was $808, but most victims estimated spending around $100 in out-of-pocket costs.

Victims most frequently reported discovering their identity theft in two ways: denial of either credit or a loan due to a negative credit report caused by the fraudulent accounts (30%) and contact by a creditor or debt collection agency demanding payment (29%).

Victims surveyed reported learning about the theft an average of 14 months after it occurred, and in one case it took 10 years to find out.

In one-third (32%) of the cases, victims had no idea how the identity theft had happened. Forty- four percent (44%) of all the victims had an idea how it could have happened, but did not know who the thief was. But in 17% of the cases, someone the victim knew — either a relative, business associate, or other acquaintance — stole his or her identity.

Despite the placement of a fraud alert on a victim’s credit report, almost half (46%) of the respondents’ financial fraud recurred on each credit report.23

All but one of the respondents contacted the police about their cases, and 76% of those felt that the police were unhelpful. Law enforcement agents issued a police report less than three-fourths of the time, and assigned a detective to the victims’ cases less than half of the time. Despite the high rate of dissatisfaction with law enforcement assistance, 21% of the victims reported that their identity thieves had been arrested, often on unrelated charges.

Thirty-nine percent (39%) of the victims reported contacting the postal inspector about their cases, and only 28% (7 out of 25) of those respondents found the post office helpful. Only four of the respondents reported that the postal inspector placed a statement of fraud on their name and address.

Forty-five percent (45%) of the respondents reported that their cases involved their drivers’ licenses. For example, the license had been stolen and used as identification, or the thief had obtained a license with his or her picture but containing the victim’s information. Fifty-six percent (56%) of the respondents contacted the Department of Motor Vehicles, and only 35% of those found the DMV helpful.

Forty-nine percent (49%) of the respondents contacted an attorney to help solve their cases. Forty-four percent (44%) of those people found their attorney to be somewhat helpful. Many consumers contacted attorneys at public interest law firms and received advice for free.

Attorneys’ fees ranged from $800 to $40,000.

Respondents reported that the most common problem stemming from their identity theft was lost time (78% of consumers identified this problem). Forty-two percent (42%) of consumers reported long-term negative impacts on their credit reports, and 36% reported having been denied credit or a loan due to the fraud. Twelve percent (12%) of the respondents noted as a related problem that there was a criminal investigation of them or a warrant issued for their arrest due to the identity theft.

Financial Identity Theft Only Part of the Problem: Increasingly, thieves are also committing other crimes using the names generated from identity fraud. According to the survey, thieves committed various other types of fraud with the respondents’ information, including renting apartments, establishing phone service, obtaining employment, failing to pay taxes, and subscribing to online porn sites. In 15% of the cases, the thief actually committed a crime and provided the victim’s information when he or she was arrested. A growing problem for victims is that thieves who have rented apartments or purchased homes using fraudulent identities are filing for bankruptcy in the victim’s name, with the intention of seeking a mandatory stay against eviction or foreclosure. The false public record bankruptcies are difficult for victims to remove.

(8)  Solution: Improve the FCRA 

In addition to allowing state preemption to sunset, PIRG’s key recommendations to prevent identity theft and credit reporting errors are the following: (1) Require credit bureaus to provide free credit reports annually on request, as six states already do (Colorado, Georgia, Massachusetts, Maryland, New Jersey, Vermont). Add disclosure of credit scores to credit reports and ban insurance uses of credit scoring. (2) Provide victims, as well as other consumers, with the right to block access to their credit reports. (3) Require matching of at least four points of identity, such as exact name and exact address, date of birth, account number and former address, instead of only on Social Security number between credit reports and credit applications. (4) Improve address-change verification. (5) Close the “credit header” loophole that allows Social Security numbers to be sold on the information marketplace, including over the Internet. (6) Take Social Security Numbers out of general circulation. (7) Make it easier to sue credit bureaus and creditors. (8) Improve the pre-screening opt-out.

Some of these solutions are discussed in detail above.

The Hooley/LaTourette identity theft proposal, HR 2035, includes a number of these provisions, including the laudable free credit report, address change verification and fraud flag protections. Unfortunately, like-several state enacted identity theft reforms and several Senate proposals, it

also includes an unacceptable safe harbor for reseller credit bureaus. Resellers should not be treated differently than other credit bureaus24.

Get The Social Security Number Out Of Circulation: Several important provisions were included in HR 2036 in the last Congress (Shaw). The bill included a strict anti-coercion clause giving consumers the right to say no to most businesses demanding their Social Security Numbers. The bill included limits on public display of SSNs which will make it harder for identity thieves to obtain the key to a consumer’s financial life. The bill closed the so-called “credit header loophole” that has been narrowed by the DC Circuit decision upholding the FTC’s consent decree against Trans Union and its decision upholding the GLB regulations.2

Closing the credit header loophole will reduce access to Social Security Numbers. It will not shut the door completely on their use. Military IDs, insurance and Medicare IDs, college IDs and drivers’ licenses often routinely display Social Security Numbers. Businesses use the SSN as their database key for the same reason Mallory climbed Everest: “Because it is there.” Of course, they have less justification than Mallory did. He was an explorer, creditors and credit bureaus are merely lazy and sloppy. Unless legislation such as the Shaw proposal is enacted, SSNs will continue to be easily available and routinely abused by identity thieves.

Make It Easier To Sue Credit Bureaus and Creditors: In November 2001, the Supreme Court raised the bar for identity theft victims, by shortening the FCRA’s statute of limitations to sue credit bureaus to only two years after an error is made, in the case TRW vs. Andrews.26 The FCRA also unduly restricts a consumer’s right to sue creditors that make mistakes, restricting most enforcement to agencies.

Bi-partisan legislation, HR 3368, introduced by Reps. Schakowsky and Chairman Bachus in the last Congress would reinstate the previous rule of two years from date of discovery of the error by the consumer. A defective proposal, S. 22, in this Congress, would only extend the statute of limitations for identity theft victims, not for all consumers. That is unacceptable.

Consumers should also be able to obtain minimum damages for all violations of the FCRA, so that they don’t have to prove actual damages. The actual damages requirement is a difficult hurdle in many cases.

Require creditors to warn consumers of negative information: Last year, Rep. Gary Ackerman, a member of the House Financial Services Committee, pointed out during a markup that he will pay thousands of dollars in excess interest on a mortgage due to failing to qualify for a low-interest loan as the result of a 3-year-old error on his credit report. We expect Rep. Ackerman to offer a laudable proposal that would require creditors to clearly warn consumers when negative information is being sent to credit bureaus.

Free credit reports and credit scores: Transparency is critical. Consumers shouldn’t have to wait for credit denial to look at their credit reports, which can be sold into commerce without consent and may contain serious errors

The credit bureaus will likely make a claim that they shouldn’t have to give away their product for free. Their real customers are businesses. Consumers should have the right to audit their own records, for free. Instead, the industry has aggressively marketed credit reporting subscription services, warning consumers: “you could be an identity theft victim. Join now for $99/year.” That’s a deplorable form of protection racket, when the bureaus are both responsible for identity theft and are charging you a fee to look at your report

With credit scores being used for most credit decisions, credit scores should also be incorporated into reports. Credit scores should be banned for insurance uses.27

An additional problem of transparency is that consumers see a different credit report than subscribers do. Often, a consumer report is based on 5 pieces of identifying information and is more likely to be accurate than the subscriber report which resulted in a credit denial. It is much more likely to contain merged information about other consumers, since it is based on a less precise matching algorithm. Consumers should see the same report the subscriber used to deny them.

Furnisher completeness standards: While we recognize that the Congress is unlikely to require furnishers to report to credit bureaus, we believe that the committee should examine whether minimum “completeness” standards are necessary to correct the problems identified by the federal financial agencies due to incomplete reporting. If Congress is not going to change the “voluntary” requirement for reporting, it should at least make completeness part of accuracy. This is especially important if companies are using “account reviews” to raise consumer’s interest rates, based on negative items or changes in credit scores. What about the consumers who are victims of errors, identity theft or this gaming of the system? The Congress should consider severe restrictions on account reviews, which do not appear to be in any way being used for any legitimate, risk-related use, but merely to pump profits up.

Adverse Action Notices: Adverse action notices under the FCRA are important. The notices provide consumers a trigger that warns them of their other substantive rights. Yet, not all firms may be providing adverse action notices. The FTC has recently enforced an action against the Internet loan company Quicken28, but we believe that the problem is more serious and affects thousands of consumers in the mortgage market, where brokers, lenders and secondary market players may be failing to provide adverse action notices. According to the Washington Post:

Yet all too often, mortgage industry critics charge, today’s lightning-quick electronic underwriting systems leave applicants in the dark when they’re being charged higher rates or fees because of credit report negatives. Richard F. Le Febvre, president of AAA American Credit Bureau Inc. of Flagstaff, Ariz., says he has seen hundreds of cases in which borrowers were overcharged for home loans because of erroneous credit file information, without ever receiving adverse action notices 29.


We appreciate the opportunity to provide our views on the Fair Credit Reporting Act. We look forward to working with you in the future on these and other solutions to the problems consumers face in dealing with creditors, furnishers and identity theft. In this testimony, we have attempted to emphasize issues that were not being covered by some of the other pro-consumer witnesses. I concur with the recommendations made by National Consumer Law Center, the Vermont Office of the Attorney General, the National Association of Consumer Advocates and the National Fair Housing Alliance.

As we indicated above, the FCRA is an important privacy and consumer protection law. It provides consumers with substantive rights. We hope that a future hearing in this series will examine the effect of the growing use of affiliate sharing under GLB for profiling and credit decision-making. If credit decisions are made on the basis of affiliate-shared information, consumers do not have the same bundle of rights as they would under FCRA. As internal creditor databases increase in size and predicative value, either credit decisions or other profiling decisions (whether to even offer a consumer a certain class of product, for example) may more and more be made under the GLB regime. These adverse actions will not result in triggering the same disclosures and rights that consumers obtain under the FCRA. These changes in the marketplace, which are already occurring, mean that consumers may not have the same credit rights in the future. We would be happy to discuss these significant matters further.


1 “Surprise Jumps in Credit Rates Bring Scrutiny,” by Jennifer Bayot, The New York Times, 29 May 2003, Page 1.

2 “Credit Score Accuracy and Implications for Consumers”, December 17, 2002, Consumer Federation of America and the National Credit Reporting Association http://www.consumerfed.org/121702CFA_NCRA_Credit_Score_Report_Final.pdf

3 This is a partial list. Beth Givens of the Privacy Rights Clearinghouse has prepared a summary (5 pages) of all California identity theft related laws.

4 See for example, “Financial Privacy — The Economics of Opt-In vs Opt-out. (Updated 16 Apr 2003) by CRS’s Loretta Nott. It repeats a mischaracterization of GLB that I believe has been made in other CRS reports. The third sentence states: “A consumer’s financial information may be shared among the (affiliates of the same corporate) group as long as the person has been notified and has the opportunity to decline, or “opt-out.” The paragraph goes on to wrongly say that the Johnson S 660/Tiberi HR 1766 proposals are intended, among other things, to “maintain the opt-out policy for affiliate information sharing.”

5 Ideally, consumer groups believe that all privacy legislation enacted by either the states or Congress should be based on Fair Information Practices, which were originally proposed by a Health, Education and Welfare (HEW) task force and then embodied into the 1974 Privacy Act and into the 1980 Organization for Economic Cooperation and Development (OECD) guidelines. The 1974 Privacy Act applies to government uses of information.5 Consumer and privacy groups generally view the following as among the key elements of Fair Information Practices:

  • Collection Limitation Principle: There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject.
  • Data Quality Principle: Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date.
  • Purpose Specification Principle: The purposes for which personal data are collected should be specified not later than at the time of data collection and the subsequent use limited to the fulfillment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of
  • Use Limitation Principle: Personal data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with the Purpose Specification Principle except: a) with the consent of the data subject; or b) by the authority of
  • Security Safeguards Principle: Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification or disclosure of
  • Openness Principle: There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data
  • Individual Participation Principle: An individual should have the right: a) to obtain from a data controller, or otherwise, confirmation of whether or not the data controller has data relating to him; b) to have communicated to him, data relating to him within a reasonable time; at a charge, if any, that is not excessive; in a reasonable manner; and in a form that is readily intelligible to him; c) to be given reasons if a request made under subparagraphs (a) and

(b) is denied, and to be able to challenge such denial; and d) to challenge data relating to him and, if the challenge is successful to have the data erased, rectified, completed or amended.

  • Accountability Principle: A data controller should be accountable for complying with measures which give effect to the principles stated

6 See the FTC’s brief in Nelson vs Chase Mortgage at <http://www.ftc.gov/ogc/briefs/nelsont.pdf>. The 9th Circuit U.S. Court of Appeals decision of 1 March 2002 in Nelson vs. Chase Manhattan Mortgage is available at http://www.ca9.uscourts.gov as Case # 00-15946.

7 See http://financialservices.house.gov/media/pdf/050803jr.pdf

8 In 2000, the FTC did impose a total of $2.5 million in fines on the Big Thee repositories for failing to have enough staff to answer he phones.

9 The following bulleted facts are from a Consumer Federation of America summary fact sheet on the report. “Credit Score Accuracy and Implications for Consumers”, December 17, 2002, Consumer Federation of America and the National Credit Reporting Association http://www.consumerfed.org/121702CFA_NCRA_Credit_Score_Report_Final.pdf

10 “Credit Score Accuracy and Implications for Consumers”, December 17, 2002, Consumer Federation of America and the National Credit Reporting Association http://www.consumerfed.org/121702CFA_NCRA_Credit_Score_Report_Final.pdf

11 See “An Overview of Consumer Data and Credit Reporting,” Avery et al, February 2003, Pages 47-73, Federal Reserve Bulletin http://www.federalreserve.gov/pubs/bulletin/2003/0203lead.pdf

12 See page 71, “An Overview of Consumer Data and Credit Reporting,” Avery et al, February 2003, Pages 47-73, Federal Reserve Bulletin http://www.federalreserve.gov/pubs/bulletin/2003/0203lead.pdf

13 See speech by Comptroller of the Currency John Hawke at http://www.occ.treas.gov/ftp/release/99-51.txt

7 June 1999: “Some lenders appear to have stopped reporting information about subprime borrowers to protect against their best customers being picked off by competitors. Many of those borrowers were lured into high-rate loans as a way to repair credit histories.” According to U.S. PIRG’s sources in the lending industry, this practice continues.

14 See advisory letter of18 January 2000 at http://www.ffiec.gov/press/pr011800a.htm 15 See advisory letter of18 January 2000 at http://www.ffiec.gov/press/pr011800a.htm 16 See http://www.pirg.org/reports/consumer/xfiles/index.htm

17 See http://calpirg.org/CA.asp?id2=3683&id3=CA&

18 See http://www.pirg.org/alerts/route.asp?id2=9791

19 See, for example, the recent opinion piece by Oscar Marquis in the American Banker, 17 May 2002, claiming that estimates of identity theft over-state the problem. Marquis was until recently the long-time general counsel for the Trans Union credit bureau. He has recently joined Hunton and Williams, a law and lobbying firm that is one of numerous financial-industry affiliated organizations that are publishing “reports” and other polemics in opposition to strict privacy protection laws. See, for a rebuttal to these industry-funded materials, “Privacy, Consumers, and Costs,” March 2002, by Robert Gellman. Available at http://www.epic.org/reports/dmfprivacy.html

20 The full report, “Nowhere To Turn,” by CALPIRG and the Privacy Rights Clearinghouse, May 2000, is available at <http://www.pirg.org/calpirg/consumer/privacy/idtheft2000/>

21 “Theft of Identity: The Consumer X-Files”, CALPIRG and US PIRG, 1996 and “Theft of Identity II: Return to the Consumer X-Files”, CALPIRG and US PIRG, 1997. See http://www.pirg.org/reports/consumer/xfiles/index.htm

22 In 1999 the Federal Trade Commission established a clearinghouse to assist victims of identity theft and document their cases in a database. This endeavor is a result of a new federal law, “The Identity Theft and Assumption Deterrence Act of 1998” (18 USC 1028), implemented in 1999. The FTC maintains a toll-free telephone number for victims, 877-IDTHEFT, as well as a web site, www.consumer.gov/idtheft.

23 When a “fraud alert” is placed on a victim’s credit file, the credit bureau reports to credit issuers that the subject of the report is a victim of fraud. The creditor is supposed to contact the victim at the phone number provided in the fraud alert in order to determine if it is an imposter or the rightful individual applying for credit. Obviously, if the credit bureau does not adequately report the presence of an alert, which often happens when only a credit score is reported, or if the credit grantor fails to detect the fraud alert, which is a common experience of victims, the imposter is able to obtain additional lines of credit in the victim’s name. Consumer and identity theft experts believe that one way that credit bureaus under-state the magnitude of the identity theft problem is by only calculating the results of consumers who place a 7-year or “permanent” fraud flag on their credit reports. Most consumers are quite unaware that there is even an option to insert a permanent fraud flag and are not routinely offered the chance when they call the credit bureaus and “speak” to their “voice-mail-jail” computer response systems.

24 The FTC’s enforcement position, as evidenced by the First American Credco consent decree and settlement order, is that resellers must comply with the FCRA http://www.ftc.gov/opa/1998/10/credco.htm We agree.

25 See PIRG’s financial privacy pages for a detailed discussion http://www.pirg.org/consumer/banks/action/privacy.htm

26 See TRW vs. Andrews, 13 Nov 2002, No. 00-1045, http://a257.g.akamaitech.net/7/257/2422/13nov20011040/www.supremecourtus.gov/opinions/01pdf/00-1045.pdf See the amicus brief of U.S. PIRG and other consumer groups, filed in support of identity theft victim Adelaide Andrews, at http://www.pirg.org/consumer/andrews6.htm

27 The committee held a hearing on credit scoring disclosure 3 years ago.

http://financialservices.house.gov/banking/92100toc.htm Since then, action on credit scoring issues has largely shifted to the states. California has allowed scores to be disclosed to consumers. Numerous states have sought to regulate or ban the use of scores for insurance purposes.

28 See FTC consent order, “In the Matter of Quicken Loans”, Docket #9304, 30 December 2002, http://www.ftc.gov/opa/2002/12/quicken.htm

29 “FTC Policing Accuracy of Credit Files, “The Washington Post, by Kenneth R. Harney, Saturday, 11 January 2003; Page H01