Release Date: December 23, 1996
For immediate release
The Federal Reserve Board today requested public comment on issues to be addressed in a proposed consumer information study required by the Economic Growth and Regulatory Paperwork Reduction Act of 1996.
Comment is requested by January 31, 1997.
The study will determine the public availability of sensitive identifying information about consumers (such as social security numbers, mothers' maiden names, prior addresses, and dates of birth), the possibility that such information could be used for financial fraud, and the potential for fraud or risk of loss, if any, to insured depository institutions.
The Board's notice is attached.
FEDERAL RESERVE SYSTEM [Docket No. R-0953] Fair Credit Reporting
AGENCY: Board of Governors of the Federal Reserve System (Board)
ACTION: Notice; request for comments.
SUMMARY: The Board solicits comment on issues to be addressed in a study concerning the public availability and use of social security numbers and other sensitive identifying information about consumers. The Board's study is required by the Economic Growth and Regulatory Paperwork Reduction Act of 1996.
DATES: Comments must be received on or before January 31, 1997.
ADDRESS: Comments should refer to Docket No. R-0953, and may be mailed to William W. Wiles, Secretary, Board of Governors of the Federal Reserve System, 20th Street and Constitution Avenue, N.W., Washington, DC 20551. Comments also may be delivered to Room B-2222 of the Eccles Building between 8:45 a.m. and 5:15 p.m. weekdays, or to the guard station in the Eccles Building courtyard on 20th Street, N.W. (between Constitution Avenue and C Street) at any time. Comments may be inspected in Room MP-500 of the Martin Building between 9:00 a.m. and 5:00 p.m. weekdays, except as provided in 12 CFR 261.8 of the Board's rules regarding the availability of information.
FOR FURTHER INFORMATION CONTACT: Jane Jensen Gell or Sheilah Goodman, Staff Attorneys, Division of Consumer and Community Affairs, at (202) 452-2412 or (202) 452-3667; for users of Telecommunications Device for the Deaf (TDD) only, please contact Dorothea Thompson at (202) 452-3544.
I. Background On September 30, 1996, the President signed into law the Economic Growth and Paperwork Reduction Act of 1996 ( Pub. L. No. 104-208, 110 Stat. 3009) (the 1996 Act). The 1996 Act amends several consumer credit laws, including the Fair Credit Reporting Act (FCRA). An amendment to the FCRA directs the Board of Governors of the Federal Reserve System (Board), in consultation with the Federal Trade Commission (the Commission) and the federal financial regulatory agencies, to conduct a study to determine the availability to the public of sensitive identifying information about consumers, the possibility that such information could be used for financial fraud, and the potential for fraud or risk of loss, if any, to insured depository institutions. By March 31, 1997, the Board must report the results of the study to the Congress, including any suggestions for legislative change. The Board solicits the comment of interested parties on these issues. The comments received will be used in the Board's study. Because of the short time frame the Congress gave the Board to study this matter, all comments must be received by January 31, 1997.
II. Availability of Sensitive Consumer Information The Congress became concerned about the availability of sensitive identifying information about consumers after a widely-publicized incident in which a large database service offered personal information for sale--including individuals' social security numbers-- from one of its electronic databases. After a few days, the service discontinued the practice of making social security numbers available but continued to permit users to search for information by social security number. At about the same time, members of Congress learned of situations in which such identifying information was being used for financial fraud. In addition, testimony at a recent Federal Trade Commission hearing highlighted how easy it is to obtain identifying information about a consumer and to use that information to fraudulently receive credit in the consumer's name--without the knowledge of the consumer or the credit granting institution. This practice is often referred to as "identity theft." Armed with such information, criminals can request and receive credit or negotiate checks in the consumer's name, with devastating results for the consumer.
Sometimes identity theft begins with the use of publicly available information. A government employee who participated in the Commission hearings related such an incident. General information about this witness was listed in a publicly-available government directory. Using that information, an unknown individual was able to obtain a copy of the employee's college transcript, which showed his social security number. The individual was able subsequently to get a copy of the employee's birth certificate using the social security number. The thief then had all he needed to "assume" the employee's identity and use the information to commit fraud.
III. Request for Comment In response to concerns about the availability of identifying information about consumers, and anecdotal evidence suggesting an increase in identity theft and financial fraud, the Congress has directed the Board to conduct a study regarding the availability to the public of sensitive information used to identify consumers. The Board is to determine whether there are organizations "engaged in the business of making sensitive consumer identification information, including social security numbers, mothers' maiden names, prior addresses, and dates of birth, available to the general public." To help make this determination, the Board solicits comment on the following issues:
1.What is or should be considered sensitive consumer information for purposes of the study?
2.What information is currently used, or might be used in the future, to identify individuals, and what types of public or private organizations, repositories, or databases make such information available to certain entities or to the general public?
3.How is the information obtained (for example, by phone, through the mail, or on the Internet), what costs are associated with obtaining the information, what are the specific uses for which the information is obtained, and does the furnisher place any restrictions on the distribution or use of this information on the purchaser? If so, how does the furnisher ensure that use of the data is limited to its intended purposes?
4.Is the compilation, sale, and use of sensitive identifying information about consumers subject to industry guidelines or regulations, and if not, what guidelines, or regulatory and legal requirements might be appropriate?
If sensitive information about consumers is available, the Board must determine whether the availability of the information creates "undue potential for fraud and risk of loss to insured depository institutions." In order to make this assessment, the Board seeks comment on the following issues:
5.How is sensitive identifying information about consumers used for financial fraud (for example, to obtain a credit card in another person's name)?
6.What types of identifying information about consumers are most meaningful in granting and verifying credit, and how can consumers, financial institutions, and others control the fraudulent use of this information?
7.What magnitude of financial loss do institutions attribute to fraudulent use of consumer information?
Finally, if the Board determines that additional laws are needed to lessen the risks of fraud and loss to the banking system, the Board is directed to make legislative recommendations to the Congress. Accordingly, the Board is seeking comment on the following issues:
8.What, if any, legislative changes should be considered to help protect sensitive identifying information about consumers?
9.What, if any, legislative changes should be considered to limit the use of such information and reduce the risk of fraud or other loss to the banking system?
IV. Form of Comment Letters Comment letters should refer to Docket No. R- 0953, and, when possible, should use a standard courier typeface with a type size of 10 or 12 characters per inch. This will enable the Board to convert the text to machine-readable form through electronic scanning, and will facilitate automated retrieval of comments for review. Also, if accompanied by an original document in paper form, comments may be submitted on 3 ¸ inch or 5 ¹ inch computer diskettes in any IBM-compatible DOS-based format.
By order of the Board of Governors of the Federal Reserve System, December 17, 1996.
William W. Wiles
Secretary of the Board