Statement of Stuart K. Pratt, Consumer Data Industry Association

The Consumer Data Industry Association (CDIA) is pleased to submit written testimony in connection with a hearing on the misuse of Social Security numbers and we thank Chairman Shaw for holding this hearing.  CDIA has appeared in person before this subcommittee before and we hope our testimony will be helpful to you.[1]

Founded in 1906, the Consumer Data Industry Association (CDIA), formerly known as Associated Credit Bureaus, is the international trade association that represents more than 500 consumer data companies.  CDIA members represent the nation’s leading institutions in credit reporting, mortgage reporting, check verification, fraud prevention, risk management, employment reporting, tenant screening and collection services. 

Consumer reporting agencies are careful stewards of personal information and they adhere to strict procedures outlined in federal and state laws.[2]  The information infrastructure of the consumer reporting system is the backbone of the consumer credit economy.[3] 

Our members have a strong interest in the legitimate and lawful use of all information, including Social Security numbers.  Used properly, SSNs play a substantial role in reducing fraud, enhancing workplace security, promoting public safety, supporting homeland defense, reducing state and federal entitlement fraud, enhancing child support enforcement, and facilitating commerce to a diverse, mobile electronic society. 

Before I specifically address how the SSN is used by our industry and the importance of this number, I have found it helpful to provide a short review of what a consumer reporting agency is, what is contained in a consumer report, and the law that governs our industry.

CONSUMER REPORTING AGENCIES AND CONSUMER REPORTS

Consumer reporting agencies maintain information on individual consumer payment patterns associated with various types of credit obligations on approximately 190 million Americans.  The data compiled by these agencies is used by creditors and others permitted under the strict prescriptions of the FCRA.

Consumer credit histories are derived from, among other sources, the voluntary provision of information about consumer payments on various types of credit accounts or other debts from thousands of data furnishers such as credit grantors, student loan guarantee and child support enforcement agencies. A consumer's file may also include public record items such as a bankruptcy filing, judgment or lien.  Note that these types of data sources often contain SSNs, as well.

For purposes of data accuracy and proper identification, generally our members maintain information such as a consumer's full name, current and previous addresses, Social Security Number (when voluntarily provided by consumers) and places of employment. This data is loaded into the system on a regular basis to ensure the completeness and accuracy of data.[4]

It is interesting to note that the vast majority of data in our members' systems simply confirms what most of you would expect; that consumers pay their bills on time and are responsible, good credit risks. This contrasts with the majority of systems maintained in other countries, such as Japan or Italy, which store only negative data and do not give consumers recognition for the responsible management of their finances.

As important as knowing what we have in our files is also knowing what types of information our members do not maintain in files used to produce consumer reports. Our members do not know what consumers have purchased using credit (e.g., a refrigerator, clothing, etc.) or where they used a particular bank card (e.g., which stores a consumer frequents). They also don't have a record of when consumers have been declined for credit or another benefit based on the use of a consumer report. Medical treatment data isn't a part of the databases and no bank account information is available in a consumer report.

THE FAIR CREDIT REPORTING ACT (FCRA)

In addition to our general discussion of the industry, we believe it is important for your Subcommittee to have a baseline understanding of the law which regulates our industry.

Enacted in 1970, the Fair Credit Reporting Act was significantly amended in the 104th Congress with the passage of the Credit Reporting Reform Act.

Congress, our Association's members, creditors and consumer groups spent over six years working through the modernization of what was the first privacy law enacted in this country (1970). This amendatory process resulted in a complete, current and forwarding-looking statute. The FCRA serves as an example of successfully balancing the rights of the individual with the economic benefits of maintaining a competitive consumer reporting system so necessary to a market-oriented economy.

The FCRA is an effective privacy statute, which protects the consumer by narrowly limiting the appropriate uses of a consumer report (often we call this a credit report) under Section 604 (15 U.S.C. 1681b), entitled “Permissible Purposes of Reports.”

Some of the more common uses of a consumer's file are in the issuance of credit, subsequent account review and collection processes. Reports are also, for example, permitted to be used by child support enforcement agencies when establishing levels of support.

Beyond protecting the privacy of the information contained in consumer reports, the FCRA also provides consumers with certain rights such as the right of access; the right to dispute any inaccurate information and have it corrected or removed; and the right to prosecute any person who accesses their information for an impermissible purpose.  The law also includes a shared liability for data accuracy between consumer reporting agencies and furnishers of information to the system.

SOCIAL SECURITY NUMBER USES

Let me now turn to the question of how our industry uses the SSN.

Under the Fair Credit Reporting Act, our industry has a duty to “…employ reasonable procedures to ensure the maximum possible accuracy…” of the consumer report.  Further, we must design systems that accurately allow our customers to extract only the data requested on a specific individual.

We must accomplish this dual mission of accuracy both in terms of building databases, but also properly identifying files in our systems in the context of a highly mobile society.  Consider the following:

These data clearly speak to the challenge our members face where identifying data often changes. 

In light of the mobility of our society, the Social Security Number plays a very significant role in ensuring data quality.  Our members process 2 billion data elements a month.  These elements are a combination of credit history data and identifying information.  Consider the following very real example. 

Where a consumer has changed a last name due to marriage or divorce and has moved to a new address, which is common in either case, the SSN is the most stable identifying element in the file.  First, it helps us to identify the consumer's file with precision during this life transition where he or she is likely applying for new credit, seeking approval for utilities, and seeking to rent or purchase a new residence.   The consumer expects that the consumer report will be available for all of these necessary transactions and the SSN helps our members to meet this expectation.  Second, the consumer expect his or her file to be accurate and the SSN helps us to maintain the file accurately even when the consumer is in the midst of updating creditors with changes in name and address.

The SSN is also a critical element in producing information products, which are commonly called locator services.  These services are made available, for example, to child support enforcement agencies for purposes of locating non-custodial parents;[5] to pension funds which must locate beneficiaries; to law enforcement for locating criminals or witnesses;[6] to healthcare providers that must locate individuals who have chosen not to pay their bills, to state benefits agencies to reduce public assistance fraud,[7] and for other similar uses. 

Further, the SSN plays a role in fraud prevention products.  Where a consumer makes application for a product or service, information products that help the business to ensure that they are doing business with the right consumer use information products to authenticate or verify the application information.  This is true in both for bricks-and-mortar business and in e-Commerce.

If applicant data does not match, then the business can take additional steps to verify the consumer's identity and thus prevent fraud.

FRAUD PREVENTION AND IDENTITY THEFT

In your press release announcing this hearing, you mention the potential for misuse of the SSN.  Our industry has a history of bringing forward initiatives to address fraud.  These efforts focus on the use of new technologies, and better procedures and education.  CDIA and its members have a long history of being leading innovators of identity fraud solutions.  The attachment provides a short thumbnail of our involvement in identity fraud remediation since 1993.[8] 

CONCLUSION

In conclusion, you can see by our actions that in large part our uses of the SSN are governed under the Fair Credit Reporting Act, one of the most extensive privacy laws in the country.  Beyond law, our members have a history of proactively limiting how SSNs are used outside of the FCRA.  No one particular element of information is the key to identity theft.  The underlying theme in all of this is balance. 

Laws that overreach in attempting to limit use of the SSN are likely to merely take fraud prevention tools out of the hands of legitimate businesses at the expense of consumers.  Ironically, to prevent fraud you must be able to crosscheck information.  To maintain accurate databases, you must be able to maintain a range of identifying elements.  Absent the availability of the SSN, we will be less able to build accurate data bases, to accurately identify records and to help prevent the very crime through the development of fraud prevention and authentication tools. 

Thank you for this opportunity to offer testimony.  CDIA is available to assist your and your committee at any time.


[1] Preventing Identity Theft by Terrorists: Hearing before the House Comm. on Financial Services Subcomm. on Oversight and Investigations and the House Comm. on Ways and Means Subcomm. on Social Security, 107th Cong. (Nov. 8, 2001) (testimony of Stuart K. Pratt, Vice President, Vice President, Associated Credit Bureaus); Use and Misuse of Social Security Numbers: Hearing before the House Comm. on Ways and Means Subcomm. on Social Security, 106th Cong. (May 11, 2000) (testimony of Stuart K. Pratt, , Vice President, Vice President, Associated Credit Bureaus).

[2] All consumer reporting agencies are bound by the Fair Credit Reporting Act (FCRA), 15 U.S.C. § 1681 et seq. and numerous state credit reporting laws.  Among other things, the FCRA requires consumer reporting agencies to maintain reasonable procedures to assure maximum possible accuracy, 15 U.S.C. § 1681e(b) and prohibits data furnishers from furnishing data to consumer reporting agencies if they know the information has an error, § 1681s-2(a).  In addition, a consumer reporting agency is prohibited from furnishing a consumer report to anyone without a “permissible purpose” -   a narrow and statutorily limited list of permitted uses.  § 1681b.

[3] For example, it was recently noted that

Maintaining a reliable and robust national credit reporting system is essential to ensure the continued availability of consumer credit at reasonable costs * * * The ready availability of accurate, up-to-date credit information from consumer reporting agencies benefits both creditors and consumers.  Information from consumer reports gives creditors the ability to make credit decisions quickly and in a fair, safe and sound, and cost-effective manner.  Consumers benefit from access to credit information from different sources, vigorous competition among creditors, quick decisions on credit applications, and reasonable costs for credit.

Fair Credit Reporting Act: How it Functions for Consumers and the Economy: Hearing before the House Comm. on Financial Services Subcomm. on Financial Institutions and Consumer Credit, 108th Cong. (June 4, 2003) (statement of Dolores S. Smith, Director, Division of Consumer and Community Affairs, Board of Governors of the Federal Reserve System).

[4]Note that there are in fact a number of major credit reporting systems in this country. Within CDIA’s membership the three most often recognized systems would be Equifax, Atlanta, Georgia; Experian, Costa Mesa, California; and TransUnion, Chicago, Illinois. These systems not only manage their own data, but provide data processing services for the hundreds of local independently-owned automated credit bureaus in the Association's membership.

[5] The U.S. Department of Health and Human Services noted that “[r]outine transfer of child support payment information to credit bureaus…is essential because these obligations may constitute a superior lean on a creditor’s income.”  A Guide About Child Support Enforcement for Credit Grantors, U.S. Department of Health and Human Services, Family Support Administration.  November 1988.  In addition The Association for Children for Enforcement of Support reports that public record information provided through commercial vendors helped locate over 75 percent of the “deadbeat parents” they sought.  Information Privacy Act, Hearings before the Comm. on Banking and Financial Services, House of Representatives, 105th Cong., 2d Sess. (July 28, 1998) (statement of Robert Glass).

[6] Then-FBI Director Louis Freeh testified before Congress in 1999 and noted that in 1998, his agency made more than 53,000 inquiries to commercial on-line databases “to obtain public source information regarding individuals, businesses, and organizations that are subjects of investigations.”  This information, according to Director Freeh, “assisted in the arrests of 393 fugitives, the identification of more than $37 million in seizable assets, the locating of 1,966 individuals wanted by law enforcement, and the locating of 3,209 witnesses wanted for questioning.”   Hearing before the Senate Comm. on Appropriations Subcomm. for the Departments of Commerce, Justice, and State, and the Judiciary and Related Agencies, March 24, 1999 (Statement of Louis J. Freeh, Director of the Federal Bureau of Investigation).

[7] Consider the following examples:

[8] While we agree that identity fraud is a significant problem, we also hope the committee will consider any legislation in the context of the most accurate and reliable data on the scope of the problem.  One witness has suggested that the number of identity fraud victims could be between 700,000 – 1.8 million per year.  Misuse of Social Security Numbers: Hearing before the House Comm. on Ways and Means Subcomm. on Social Security, 108th Cong. (July 10, 2003) (statement of Steve Edwards, Special Agent in Charge, Financial Investigations Unit, Georgia Bureau of Investigations; State Coordinator, U.S. Department of the Treasury, Financial Crimes Enforcement Network; and Vice Chairman of the Board of Directors, National White Collar Crime Center)CDIA feels that the best review of the level of identity fraud victimization is closer to 60,000 to 92,000 per year, General Accounting Office, Identity Theft: Prevalence and Cost Appear to be Growing, GAO-02-363 (March 2002), 4, or 162,000 per year.  FTC Reports: Figures and Trends on Identity Theft, January 2002 – December 2002.  The GAO figures were developed based on interviews with three national consumer reporting agencies.  Consumer reporting agencies are probably the best source understanding the scope of identity fraud victimization as victims are mostly likely to contact consumer reporting agencies as a first response. 


Consumer Reporting Agency Responses to Identity Fraud

  • “Another collaborative effort with tremendous promise is your new police report initiative...I appreciate that certain consumer-based initiatives require you to balance accuracy issues - knowing that the consumer’s report contains all relevant credit information, including derogatory reports - against customer service.  From my perspective, your police report initiative strikes just the right balance.”  J. Howard Beales, III, Director of the FTC’s Bureau of Consumer Protection, before the Consumer Data Industry Association.  Jan. 17, 2002. 
  • Most calls are prevention related.  CDIA members report a majority of consumers who contact fraud units are taking preventative steps and are not reporting a crime.
  • Victims are learning of the fraud earlier.  According to an FTC report in June 2001, 42% of victims learn about the crime within 30 days or less, a full 10% less than than in the prior report.  CDIA estimates another 35% lean of the crime within one to six months and 7% learn of the crime in six months to a year.
  • Victimization of the elderly is dropping.  In 2001, the FTC estimated that 6.3% of identity fraud victims were over 65, a 5% decrease from 2000.

About CDIA

Founded in 1906, the Consumer Data Industry Association (CDIA), formerly known as Associated Credit Bureaus (ACB), is the international trade association that represents more than 400 consumer data companies.  CDIA members represent the nation’s leading institutions in credit reporting, mortgage reporting, check verification, fraud prevention, risk management, employment reporting, tenant screening and collection services. 

For more information about CDIA, its members, or identity fraud or other issues, please visit us at www.cdiaonline.org or contact us at 202-371-0910.


 
Special Features
President Signs Medicare Rx Bill Into Law
President George W. Bush signs H. R. 1, the Medicare Prescription Drug, Improvement and Modernization Act of 2003 on Dec. 8, 2003.
 
Internship Opportunities
Committee on Ways and Means Internship Opportunities
 
Committee ScheduleWhat's NewAbout the CommitteeNewsLegislationHearing ArchivesPublicationsSubcommitteesLinksContact
Committee on Ways & Means
U.S. House of Representatives | 1102 Longworth House Office Building | Washington D.C. 20515
Phone: (202) 225-3625 | Fax: (202) 225-2610
Privacy Statement
Home
Adobe Acrobat Reader