Comments:

June 17, 2004

Federal Trade Commission

Office of the Secretary

Washington, DC 20580

RE:            Comment on FACTA Identity Theft Rule

Matter Number: R411011

Dear Mr. Secretary:

I am writing on behalf of Wilshire Credit Corporation, a nationwide mortgage loan servicer. Wilshire has seen an unfortunate rise in the number of identity theft cases involving substantial mortgage loan balances. Conversely, we have also seen a rise in the number of false claims of identity theft in attempts to repair damaged credit and to evade responsibility for legitimate debt. We applaud the Commission’s attempt to balance the need to protect the true victims of identity theft with the rights of the credit industry to recover legitimate debt by preventing abuse of the protections afforded under the FACT Act.

Definition of Identity Theft

Wilshire supports the Commission’s intent to provide additional definition to the meaning of identity theft. Under §603.2 (a), the Commission intends to define the term as a fraud committed or attempted using the identifying information of another person without lawful authority. It would be helpful if the term lawful authority were also defined.

For example, loans may be executed using a Power of Attorney. While a Power of Attorney may constitute lawful authority, do other forms of written or verbal permission constitute lawful authority? An increasingly common mortgage scheme is where a consumer is persuaded to let somebody use their name and credit history in exchange for cash in order to secure financing for another party who would not otherwise qualify. In the mortgage industry, these ‘borrowers” are referred to as “straw buyers”. We are concerned that under the current definition, this situation could constitute identity theft even though forgery was not committed. These straw buyers are claiming identity theft in order to have the loan removed from their credit file once they realize that they have been left responsible for a loan they received no benefit from and have no intention of paying.

We believe the definition of identity theft should also include an element of forgery of the victim’s signature on either an unlawful Power of Attorney or forgery on the underlining debt and security instruments. If the alleged victim of this kind of fraud scheme knowingly and willingly signed a Power of Attorney or the underlining debt and security instruments in exchange for cash or the promise of a future gain from the sale of the property, we do not believe this constitutes true identity theft.

Definition of Identity Theft Report

Wilshire supports the Commission’s intent to deter possible misuse of identity theft reports but has concerns about the proposed definition that appears to be in conflict with the language in Section 151 (e) (2) of the FACT Act. Specifically, subsection (2) states:

`(2) VERIFICATION OF IDENTITY AND CLAIM- Before a business entity provides any information under paragraph (1), unless the business entity, at its discretion, otherwise has a high degree of

confidence that it knows the identity of the victim making a request under paragraph (1), the victim shall provide to the business entity--

`(A) as proof of positive identification of the victim, at the election of the business entity--

`(i) the presentation of a government-issued identification card;

`(ii) personally identifying information of the same type as was provided to the business entity by the unauthorized person; or

`(iii) personally identifying information that the business entity typically requests from new applicants or for new transactions, at the time of the victim's request for information, including any documentation described in clauses (i) and (ii); and

`(B) as proof of a claim of identity theft, at the election of the business entity--

`(i) a copy of a police report evidencing the claim of the victim of identity theft; and

`(ii) a properly completed--

`(I) copy of a standardized affidavit of identity theft developed and made available by the Commission; or

`(II) an affidavit of fact that is acceptable to the business entity for that purpose.

We respectfully point out in section 151 (B) the term “and” not “or” is used when referring the to documentation that a business entity can require to substantiate a victim’s claim. The current proposal defines an identity theft report that means a report with as much specificity as the consumer can provide, that is an official report filed with a law enforcement agency and that may include additional information or documentation that a furnisher or reporting agency can reasonably request but only if requested within five business days.

The proposed definition does not include the Act’s language concerning a standard affidavit or an affidavit of fact that is acceptable to the business entity except in the case where the victim provides a report generated by an automated system. The proposed definition appears to be in conflict with the language of Section 151 of the Act. The Act does not limit the business entity from requiring an affidavit only in those instances where an official report is from an automated system nor does the Act put in place a timeframe in which the business entity must request additional information

Not only do we find the information requested in the FTC’s standard affidavit extremely useful to determine the facts of the case, but the signature of the alleged victim obtained on the affidavit or on some other signed statement of fact is critical to conduct a signature comparison to help identify situations where the borrower may be misusing the Act’s protections. In many instances, the report forms that are used by local or state law enforcement agencies do not contain a signature of the alleged victim.

Wilshire recommends that the proposed definition of an identity theft report more should more closely resemble the language provided for in the Act to specifically state that a report includes a copy of a police report evidencing the claim of the victim and a properly completed standardized affidavit of identity theft or a signed statement of fact that is acceptable to the business entity. We further recommend that the condition to require an affidavit only in the case where an official report is from an automated system be removed from the rule.

Thank you for the opportunity to comment on the proposed rule.

Sincerely,

Robbie Frye, CRCM

VP Compliance