FTC Will Study Experiences of Identity Theft Victims The Federal Trade Commission plans to study the experiences of identity theft victims by conducting a survey of consumers who contacted the FTC after they were victimized. Read Full Story ‘Red Flag’ Regulations Require Financial Institutions & Creditors to Have Identity Theft Prevention Programs Financial institutions and creditors are now required to develop and implement written identity theft prevention programs under the new "Red Flags Rules". Read Full Story FTC Staff Seeks Comments on Credit Freezes: Impact & Effectiveness Federal Trade Commission staff is seeking comments on the impact and effectiveness of credit freezes as part of a multi-pronged approach to combat identity theft. Read Full Story Identity Theft: Fact & Fiction – By Jonathan J. Rusch In Shakespeare's Othello, Iago laments that "he that filches from me my good name/Robs me of that which not enriches him/And makes me poor indeed." Read Full Story
FTC Will Study Experiences of Identity Theft Victims The Federal Trade Commission plans to study the experiences of identity theft victims by conducting a survey of consumers who contacted the FTC after they were victimized. The proposed survey will examine the remedies available to victims under the Fair and Accurate Credit Transactions Act of 2003 (FACT Act). Among other things, the FACT Act gave consumers the right to place fraud alerts on their credit files if they are, or suspect they may become, victims of identity theft; block information on their credit reports that resulted from identity theft; and obtain copies of their credit reports free of charge. The survey will seek information from identity theft victims who contacted the FTC between January 1 and May 30, 2008, and will inquire about their experiences when they contacted one or more credit reporting agencies and when they sought to use their FACT Act rights. The survey results will help guide the FTC’s efforts to enforce the law and educate consumers and the consumer reporting industry about their rights and duties. The study is being carried out pursuant to a recommendation by the President’s Identity Theft Task Force in its Strategic Plan. Information about the Task Force is available at www.idtheft.gov. On June 24, the Commission approved the publication of a Federal Register notice concerning the collection of information for the proposed survey. The Federal Register notice, which was published on July 1 and is required by the Paperwork Reduction Act, will enable the FTC staff to conduct the survey. The FTC invites comments on: (l) whether the proposed collections of information are necessary for the proper performance of the functions of the agency, including whether the information has practical utility; (2) the accuracy of the agency’s estimate of the burden of the proposed collections of information; (3) ways to enhance the quality, utility, and clarity of the information to be collected; and (4) ways to minimize the burden of the collections of information on those who are to respond, including through the use of appropriate automated, electronic, mechanical or other technological collection techniques or other forms of information technology, e.g., permitting electronic submission of responses. The Federal Register notice can be found on the FTC’s Web site as a link to this press release. The Commission is accepting public comments for 60 days after publication. The Commission vote authorizing the publication of the Federal Register notice was 4-0. The staff contacts are Pavneet Singh and Anthony Rodriguez, Bureau of Consumer Protection, 202-326-2252. ‘Red Flag’ Regulations Require Financial Institutions & Creditors to Have Identity Theft Prevention Programs Financial institutions and creditors are now required to develop and implement written identity theft prevention programs under the new "Red Flags Rules." The Red Flags Rules are part of the Fair and Accurate Credit Transactions (FACT) Act of 2003. Under these Rules, financial institutions and creditors with covered accounts must have identity theft prevention programs in place by November 1, 2008, to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft. The Commission staff is launching an outreach effort to explain the Rules in greater detail. It has now published a general alert on what the Rules require, and, in particular, an explanation of which businesses - financial institutions and creditors - are covered by the Rules. "We want financial institutions and creditors to know that they are covered by the Red Flags Rules and to understand what is required of them," said Lydia Parnes, Director of the Bureau of Consumer Protection at the Federal Trade Commission. "We encourage all organizations that have ongoing accounts or relationships with consumers to keep an eye out for red flags that signal identity theft. But this rule does not apply to every business or employer; only those entities that are considered creditors or financial institutions are subject to the Red Flags Rules." To learn more, go to www.ftc.gov/bcp/edu/pubs/business/alerts/alt050.shtm The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 1,500 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s Web site provides free information on a variety of consumer topics. FTC Staff Seeks Comments on Credit Freezes: Impact & Effectiveness Federal Trade Commission staff is seeking comments on the impact and effectiveness of credit freezes as part of a multi-pronged approach to combat identity theft. Thirty-nine states and the District of Columbia have enacted laws providing consumers the right to place credit freezes, and each of the three nationwide consumer reporting agencies (CRAs) is offering a commercially-developed credit freeze option. In general, once a consumer initiates a credit freeze with a CRA, the freeze prevents that CRA from releasing a consumer report (i.e., a credit report) about that consumer unless the consumer temporarily lifts or permanently removes the freeze. A credit freeze may help prevent identity thieves from opening new accounts in consumers’ names, because businesses typically will not extend new credit (or provide certain other benefits) without first viewing the consumer’s credit report. In April 2007, the President’s Identity Theft Task Force (“Task Force”) issued a strategic plan to make the federal governments effort’s more effective and efficient in the areas of identity theft awareness, prevention, detection, and prosecution, www.idtheft.gov/reports/StrategicPlan.pdf. As part of its strategic plan, the Task Force recommended that the FTC, with support from the Task Force member agencies, assess the impact and effectiveness of credit freeze laws and report on the results, in order to assist policymakers in considering the appropriateness of a federal credit freeze law. Commission staff invites interested parties to submit written comments on the impact and effectiveness of state credit freeze laws, as well as the credit freeze options offered by the nationwide consumer reporting agencies. Comments must be received on or before February 25, 2008. For detailed information on how to submit comments and the specific questions and topics FTC staff would like addressed in the comments, please see: www.ftc.gov/opa/2008/01/freeze.pdf. Identity Theft: Fact & Fiction – By Jonathan J. Rusch In Shakespeare's Othello, Iago laments that "he that filches from me my good name/Robs me of that which not enriches him/And makes me poor indeed." In the modern world, by contrast, filching someone else's good name through identity theft can significantly enrich the criminal and impoverish the victim. Some federal cases within the last year suggest why identity theft has become one of the fastest-growing forms of white-collar crime: • A man was indicted in Miami on identity theft-related charges relating to his alleged filing of false federal tax returns in the names of 614 Florida prisoners, seeking more than $3 million in fraudulent refunds. • A woman was convicted in Seattle on various identity theft-related offenses involving at least $464,000 of fraud under false identities that the defendant and her co-conspirators had set up. • A man was sentenced in Los Angeles to federal prison for managing an auto theft and identity theft ring, in which conspirators stole biographic and credit information from real people and used the data to buy luxury cars amounting to more than $200,000. • A man pleaded guilty in Seattle to federal identity-theft and fraud charges, after using the names and Social Security numbers of other people to open several credit card accounts and make nearly $200,000 in fraudulent charges across the United States and in Italy. Contrary to some views, identity theft is indeed about numbers and about money. A recent study by Meridian Research makes the projection that by 2006 the financial institution sector alone will lose $8 billion to identity theft. In addition, an estimated 500,000 to 700,000 people a year become victims of identity theft, and Federal Trade Commission data show that nearly 86,000 people filed identity theft complaints in 2001. Many of those people suffer significant financial loss. Furthermore, when terrorists exploit identity theft, the financial and human costs to society as a whole can be catastrophic. Contrary to some views, identity theft is indeed about numbers and about money. What's the proper response to identity theft? In a recent Perspectivescolumn, David Holtzman properly notes that the nature of digital communications has helped to create an environment that facilitates identity theft. At the same time, he asserts that identity theft legislation will not effectively contain the problem, in part because "it's too difficult to enforce, let alone prove, for legal action to be an effective deterrent" and because "the basic ammo to load the judicial guns (for enforcement actions)--such as clear guidelines on identity – is not at hand." In fact, law enforcement has both the ammunition and the firepower to combat identity theft effectively. Under a 1998 federal criminal statute, for example, federal prosecutors can go after any knowing and unauthorized use or transfer of someone else's "means of identification," where the criminal intends to commit, or even aid and abet, any unlawful activity that constitutes a federal offense or a state or local felony. The statute also clearly defines the term "means of identification" to include nearly every conceivable way we use to identify ourselves in everyday life: names, dates of birth, Social Security numbers, driver's license numbers, credit card numbers, codes, account numbers, and even unique biometric data, to name just a few. Violations are punishable by up to 15 years imprisonment (25 years, if the crime is committed to facilitate international terrorism), and Congress is already considering a bill, S. 2541, to broaden its scope and increase identity theft sentences. At least 47 states also have legislation relating to identity theft, according to the Federal Trade Commission. In fact, law enforcement has both the ammunition and the firepower to combat identity theft effectively. Nor have prosecutors been shy about using these laws to go after identity theft. For example, in May 2002 Attorney General John Ashcroft announced a nationwide "sweep" of federal identity theft cases, in which 73 criminal prosecutions were brought against 135 individuals in 24 districts. The crimes alleged to be associated with these identity theft cases ranged from traditional fraud to the murder of a homeless man, where the criminal, already under indictment for counterfeiting, sought to fake his own death to avoid prosecution. So where's the real problem in controlling identity theft? Certainly no legislation by itself can effectively contain the identity theft problem, any more than the mere existence of laws against securities fraud, environmental pollution or public corruption can effectively contain those problems. The effectiveness of any law in controlling crime depends not only on public acceptance of the norms reflected in that law, but also on general recognition--by individuals, government and private sector entities--of how identity theft works and what roles they each need to play in identifying and reporting violations of that law. That kind of general recognition, however, is still sorely lacking. Many well-educated and experienced professionals still need to learn some of the most basic facts about identity theft, such as: • Identity theft can happen to anyone. Unlike other types of fraud, which depend on victims communicating directly with fraudsters, identity theft can start whenever a criminal gets unauthorized access to someone else's means of identification, regardless of whether the victim is aware of that access. • Identity theft can harm victims for long periods of time before it is detected. In one case, two defendants allegedly used the names and Social Security numbers of recently deceased individuals that they found on various Web sites to get credit cards and credit accounts in the victims' names. They then used their real names and the victims' names to order credit reports so they could track the accounts they had fraudulently set up. • Identity theft must be reported to law enforcement as soon as it's discovered. When people find that they've become identity theft victims, they need to report the crime promptly to law enforcement agencies, through the Federal Trade Commission's toll-free number (1-877-ID-THEFT) or online complaint form. Prompt reporting helps law enforcement to open investigations and pursue leads before the trail grows cold. Identity theft, in short, isn't a problem that affects just the "wired generation," or that stems just from Internet access. People of all ages, whether technophiles or technophobes, need to become proactive in watching out for identity theft. High-tech measures such as authentication technology, antivirus software and firewalls are fine for reducing the risks of unauthorized people getting improper access to PCs at home or work. But low-tech measures, like closely checking your credit-card bills every month and getting and reviewing a copy of your credit report at least once a year, also need to be part of everyconsumer's plan to reduce the risk of identity theft. (The Justice Department has an online quiz about identity theft that can help you figure out how else to reduce that risk.) Ultimately, the real challenges of identity theft come from figuring out how to combine enforcement and prevention resources most effectively. The right combination could eliminate identity theft as a significant threat to both personal and homeland security. Biography: Jonathan J. Rusch is special counsel for fraud prevention, Fraud Section, Criminal Division, U.S. Department of Justice, and an adjunct professor at the Georgetown University Law Center. The views expressed are solely his own.