UNITED24 - Make a charitable donation in support of Ukraine!

Homeland Security

STATEMENT OF LARRY D. JOHNSON


Special Agent in Charge

Criminal Investigative Division

United States Secret Service


Before the Committee on the Judiciary

Subcommittee on Crime, Terrorism and Homeland Security


U.S. House of Representatives


March 23, 2004




Good afternoon, Mr. Chairman. I would like to thank you, as well as the distinguished Ranking Member, Mr. Scott, and the other members of the subcommittee for providing an opportunity to discuss the subject of identity crime, and the role of the Secret Service in these investigations.


Identity crime is the theft or misuse of an individual’s personal or financial identifiers in order to gain something of value or to facilitate other criminal activity. Types of identity crime include identity theft, credit card fraud, bank fraud, check fraud, false identification fraud, and passport/visa fraud. Equally as important is that identity crimes are used to facilitate and fund violent crimes such as narcotics and weapons trafficking, organized crime, mail theft and fraud, money laundering, immigration fraud, and terrorism. Identity crimes provide the anonymity for criminals to operate undetected and, along with untraceable financing, to fund such criminal endeavors.


It is through our work in the areas of financial and electronic crime that we have developed particular expertise in the investigation of credit card fraud, identity theft, check fraud, cyber crime, false identification fraud, computer intrusions, bank fraud, and telecommunications fraud. Secret Service investigations typically focus on organized criminal groups, both domestic and transnational.


As you are aware, Mr. Chairman, the House and the Senate are each considering legislation that establishes increased penalties for aggravated identity theft - that is, identity theft committed during and in relation to certain specified felonies. H.R. 1731 and S. 153 provide for an additional two years imprisonment for the identity crime, not to be served concurrently to the punishment associated with the other related felony or felonies, and five years imprisonment if at least one of the related felonies is associated with terrorism. Additionally, the legislation prohibits the imposition of probation.


While we are all aware that no legislation can be expected to completely suppress identity theft, these efforts recognize the impact identity theft has on consumers and the need to punish those engaging in criminal activity for personal or financial gain. The Secret Service believes this legislation has merit as an additional tool that law enforcement can utilize in protecting our commercial and financial infrastructures and the citizens of the United States.


In addition to providing the highest level of physical protection to our nation’s leaders, the Secret Service exercises broad investigative jurisdiction over a wide variety of financial crimes. As the original guardian of our Nation’s financial payment systems, the Secret Service has a long history of protecting American consumers and industry from financial fraud. With the passage of legislation in 1982 and 1984, the Secret Service was provided authority for the investigation of access device fraud, including credit and debit card fraud, and parallel authority with other law enforcement agencies in identity crime cases. In recent years, the combination of the information revolution, the effects of globalization and the rise of international terrorism have caused the investigative mission of the Secret Service to evolve dramatically.


After 138 years in the Treasury Department, the Secret Service was transferred in 2003 to the Department of Homeland Security with all of our personnel, resources and investigative jurisdictions and responsibilities. Today, those jurisdictions and responsibilities require us to be involved in the investigation of traditional financial crimes as well as identity crimes and a wide range of electronic and high-tech crimes.


The burgeoning use of the Internet and advanced technology have intensified competition within the financial sector. With lower costs of information-processing, legitimate companies have found it profitable to specialize in data mining, data warehousing and information brokerage. Information collection has become a common byproduct of newly-emerging e-commerce. Internet purchases, credit card sales, and other forms of electronic transactions are being captured, stored, and analyzed by businesses seeking to find the best customers for their products.


All of this has led to a new measure of growth within the direct marketing industry that promotes the buying and selling of personal information. In today’s markets, consumers routinely provide personal and financial identifiers to companies engaged in business on the Internet. They may not realize that the information they provide in credit card applications, loan applications, or with merchants they patronize are valuable commodities in this new age of information trading. Consumers may be even less aware of the illegitimate uses to which this information can be put. This wealth of available personal information creates a target-rich environment for today’s sophisticated criminals, many of whom are organized and operate across international borders. But legitimate business can provide a first line of defense against identity crime by safeguarding the information it collects. Such efforts can significantly limit the opportunities for identity crime, even while not eliminating its occurrence altogether.


According to statistics compiled by the Federal Trade Commission for calendar year 2003, 42% of the 516,740 victim complaints reported involved at least one type of identity crime. The complaints were broken down as follows (note that some complaints involved more than one of the listed activities):


·   33% of complaints involved credit card fraud - i.e., someone either opened up a credit card account in the victim’s name or “took over” the victim’s existing credit card account;

 

·   21% of complaints involved the activation of telephone, cellular, or other utility service in the victim’s name;

 

·   17% of complaints involved bank accounts that had been opened in the victim’s name, and/or fraudulent checks had been negotiated in the victim’s name;

 

·   11% of complaints involved employment-related fraud;

 

·   8% of complaints involved government documents/benefits fraud;

 

·   6% of complaints involved consumer loans or mortgages that were obtained in the victim’s name; and

 

·   19% of complaints involved some type of miscellaneous fraud, such as medical,

       bankruptcy and securities fraud.


Although financial crimes are often referred to as “white collar” by some, this characterization can be misleading. The perpetrators of such crimes are increasingly diverse and today include both domestic and international organized criminal groups, street gangs, convicted felons and terrorists.


These criminals seek the personal identifiers generally required to obtain goods and services on credit such as social security numbers, names, and dates of birth. Identity crimes also involve the theft or misuse of an individual's financial identifiers such as credit card numbers, bank account numbers and personal identification numbers.


The methods of identity criminals vary. “Low tech” identity criminals obtain personal and financial identifiers by going through commercial and residential trash, a practice known as “dumpster diving.” The theft of wallets, purses and mail is also widespread practice employed by both individuals and organized groups.


With the proliferation of computers and increased use of the Internet, “high tech” identity criminals can obtain information from company databases and web sites. In some cases, the information obtained is in the public domain while in others it is proprietary and is obtained by means of a computer intrusion.


The method that may be most difficult to prevent is theft by a collusive employee. Individuals or groups who wish to obtain personal or financial identifiers for a large-scale fraud ring will often pay or extort an employee who has access to this information through their employment at workplaces such as a utility billing center, financial institution, medical office, or government agency. The collusive employee will access the proprietary data base, copy or download the information, and remove it from the workplace either electronically or simply by walking it out.


Once the criminal has obtained the proprietary information, it can be exploited by creating false “breeder documents” such as a birth certificate or social security card. These documents are then used to obtain genuine, albeit false, identification such as a driver’s license and passport. Now the criminal is ready to use the illegally obtained personal identification to apply for credit cards, consumer loans or to establish bank accounts, leading to the laundering of stolen or counterfeit checks or to conduct a check-kiting scheme. Our own investigations have frequently involved the targeting of organized criminal groups that are engaged in financial crimes on both a national and international scale. Many of these groups are prolific in their use of stolen financial and personal identifiers to further their other criminal activity.


It has been our experience that the criminal groups involved in these types of crimes routinely operate in a multi-jurisdictional environment. This has created problems for local law enforcement agencies that generally act as the first responders. By working closely with other federal, state, and local law enforcement, as well as international police agencies, we are able to provide a comprehensive network of intelligence sharing, resource sharing, and technical expertise that bridges jurisdictional boundaries. This partnership approach to law enforcement is exemplified by our financial and electronic crime task forces located throughout the country. These task forces primarily target suspects and organized criminal enterprises engaged in financial and electronic criminal activity that fall within the investigative jurisdiction of the Secret Service.


Members of these task forces, which include representatives from local and state law enforcement, prosecutors’ offices, private industry and academia, pool their resources and expertise in a collaborative effort to detect and prevent electronic crimes. The value of this crime fighting and crime prevention model has been recognized by this subcommittee and by Congress as a whole, directing the Secret Service (pursuant to the USA PATRIOT Act of 2001) to expand our electronic crime task forces to cities and regions across the country. Recently, four new Electronic Crimes Task Forces (ECTFs) were established in Dallas, Houston, Columbia (S.C.) and Cleveland, and additional task forces will be added this year.


The Secret Service is actively involved with a number of government-sponsored initiatives. At the request of the Attorney General, the Secret Service joined an interagency identity theft subcommittee that was established by the Department of Justice. This group, which is comprised of federal, state, and local law enforcement agencies, regulatory agencies, and professional organizations, meets regularly to discuss and coordinate investigative and prosecutorial strategies as well as consumer education programs.


In a joint effort with the Department of Justice, the U.S. Postal Inspection Service, the Federal Trade Commission (FTC) and the International Association of Chiefs of Police (IACP), we are hosting Identity Crime Training Seminars for law enforcement officers. In the last two years we have held seminars for officers in Chicago, Dallas, San Francisco, Las Vegas, Des Moines, Washington D.C., Phoenix, New York, Seattle, San Antonio, Providence and Orlando. In the coming months, we have training seminars scheduled in Raleigh, Buffalo and Denver. These training seminars are focused on providing local and state law enforcement officers with tools and resources that they can immediately put into use in their investigations of identity crime. Additionally, officers are provided resources that they can pass on to members of their community who are victims of identity crime.


Operation Direct Action (ODA), an initiative led by the Secret Service, targets organized criminal groups that are committing large scale financial fraud, specifically credit card "bust out" schemes, which may impact our nation's financial infrastructure. A credit card “bust out” scheme is a type of fraud where a criminal obtains multiple credit card accounts and manipulates the lines of credit that are established with each card. The criminal makes payments with convenience checks issued by another card or with non-sufficient funds checks drawn on one of his or her many bank accounts. The criminal is taking advantage of the lag time that will occur between when his accounts will be credited with the payment and when the issuing banks determine that the checks were bad.


While our task forces do not focus exclusively on identity crime, we recognize that stolen identifiers are often a central component of other electronic or financial crimes. Consequently, our task forces devote considerable time and resources to the issue of identity crime.


Another important component of the Secret Service’s preventative and investigative efforts has been to increase awareness of issues related to financial crime investigations in general, and of identity crime specifically, both in the law enforcement community and the general public. The Secret Service has tried to educate consumers and provide training to law enforcement personnel through a variety of partnerships and initiatives.


For example, criminals increasingly employ technology as a means of communication, a tool for theft and extortion, and a repository for incriminating information. As a result, the investigation of all types of criminal activity, including identity crime, now routinely involves the seizure and analysis of electronic evidence. In fact, so critical was the need for basic training in this regard that the Secret Service joined forces with the IACP and the National Institute for Justice to create the “Best Practices Guide to Searching and Seizing Electronic Evidence” which is designed for the first responder, line officer and detective alike. This guide assists law enforcement officers in recognizing, protecting, seizing and searching electronic devices in accordance with applicable statutes and policies.

 

We have also worked with these same partners in producing the interactive, computer-based training program known as “Forward Edge,” which takes the next step in training officers to conduct electronic crime investigations. Forward Edge is a CD-ROM that incorporates virtual reality features as it presents three different investigative scenarios to the trainee. It also provides investigative options and technical support to develop the case. Copies of state computer crime laws for each of the fifty states as well as corresponding sample affidavits are also part of the training program and are immediately accessible for instant implementation.


Thus far, we have distributed over 300,000 “Best Practices Guides” to local and federal law enforcement officers and have distributed, free of charge, over 20,000 Forward Edge training CDs.


In addition, we have just completed the Identity Crime Video/CD-ROM which contains over 50 investigative and victim assistance resources that local and state law enforcement officers can use when combating identity crime. This CD-ROM also contains a short identity crime video that can be shown to police officers at their roll call meetings which discusses why identity crime is important, what other departments are doing to combat identity crime, and what tools and resources are available to officers. The Identity Crime CD-ROM is an interactive resource guide that was made in collaboration with the U.S. Postal Inspection Service, the FTC and the IACP. To date, over 40,000 Identity Crime CD-ROMs have been distributed to law enforcement departments and agencies across the United States.


The Secret Service has also assigned a special agent to the FTC as a liaison to support all aspects of the Commission’s program to encourage the use of the Identity Theft Data Clearinghouse as a law enforcement tool. The FTC has done an excellent job of providing people with the information and assistance they need in order to take the steps necessary to correct their credit records, as well as undertaking a variety of “consumer awareness” initiatives regarding identity theft.


It is important to recognize that public education efforts can only go so far in combating the growth of identity crime. Because social security numbers, in conjunction with other personal and financial identifiers, are used for such a wide variety of record keeping and credit related applications, even a consumer who takes appropriate precautions to safeguard such information is not immune from becoming a victim.


Mr. Chairman, it is apparent that identity crime must be combated on all fronts, from the officer who receives a victim’s complaint, to the detective or Special Agent investigating an organized identity theft ring. The Secret Service has already undertaken a number of initiatives aimed at increasing awareness and providing the training necessary to address these issues, but those of us in the law enforcement and consumer protection communities need to continue to reach out to an even larger audience. We need to continue to approach these investigations with a coordinated effort - this is central to providing a consistent level of vigilance and addressing investigations that are multi-jurisdictional while avoiding duplication of effort. With the support of this subcommittee, the Secret Service will continue to work to protect the nation’s consumers from identity theft criminals.


Mr. Chairman, this concludes my prepared statement. Thank you again for this opportunity to testify on behalf of the Secret Service. I will be pleased to answer any questions at this time.



NEWSLETTER
Join the GlobalSecurity.org mailing list