Comment Number: EREG-000009
Received: 6/15/2004 8:00:00 AM
Organization: Teachers Federal Credit Union
Commenter: Rosemary Nicholls
State: NY
Agency: Federal Trade Commission
Rule: Identity Theft Proposed Rule
Docket ID: 3084-AA94
No Attachments

Comments:

Pls see attached comment letter.


June 15, 2004

 

Ms. Mary Dunn

Associate General Counsel

CUNA’s Regulatory Advocacy Department

601 Pennsylvania Avenue, NW, 6th Floor – South Bldg.

Washington, D.C.  20004-2601

mdunn@cuna.com

 

Re: Proposed Legislation – FTC Proposal on Definition of ID Theft, ID Theft Report,

                                            Appropriate Proof of Identity, and Duration of Active Duty

                                            Alerts 

 

Dear Ms. Dunn,

 

On behalf of Teachers Federal Credit Union (TFCU), I would like to thank CUNA’s Regulatory Advocacy Department for inviting us to comment on the NCUA Board’s

proposed rule that further defines “identity theft”, “identity theft report” and “appropriate proof of identity”. We applaud CUNA’s Regulatory Advocacy Department’s desire to address important subjects like the aforementioned.

 

In answer to your questions on the proposed rule, Teachers Federal Credit Union would like to offer the following comments:

 

Questions regarding the definition of “identity theft”:

 

q       Does the term need further definition?  No, since the proposed rule will enhance the definition of “Identity Theft”, it seems to be well defined.

 

q       Should the phrase “identifying information” have the same meaning as “means of identification” as used in the U.S. Criminal Code? Yes, the phrase “identifying information” should have the same meaning as “means of identification” as used in the U.S. Criminal Code.

 

q       Should “attempted” identity theft be included in the definition? Yes, attempts to commit frauds should be included in the definition, since fraud attempts may have an adverse affect on a victim’s credit report/score.

 

q       Should the term include the requirement that the person’s identifying information must be used without lawful authority? Yes, the term “identity theft” should include the requirement that the person’s identifying information must be used without legal authorization. As stated, this will help to prevent individuals from conspiring to obtain goods and services without paying for them.  Should the term also include information used without the person’s knowledge?  Yes, since a person who has knowledge of “identity theft” has an opportunity to take preventative measures in order to prevent the illegal use of their identity to obtain goods and services. 

 

Questions regarding the definition of “identity theft report”:

  

q       Does the term need further definition?  Yes, the definition of “identity theft report” needs further definition (see next question).

 

q       Should there be further definition of “appropriate law enforcement agency?” Yes, it is not clear which agencies would be included in the definition of “appropriate law enforcement agency”, other than the United States Postal Inspection Service.

 

q       To deter abuse, criminal penalties are imposed for false filings of these reports. Credit bureaus and information furnishers may also reject the request to block information and continue to furnish information. Will these safeguards deter abuse?  Yes, these safeguards will deter abuse to some degree but it will not prevent the abuse 100%.  Will they be less likely to deter abuse when automated systems generate these reports? Not necessarily, the effectiveness of any automated system is the quality of the input, which relies on human intervention and a sound process. Are there other ways to deter abuse? The utilization of biometric data (such as fingerprints or retina images) would definitely reduce the number of “identity theft” occurrences.

 

Questions regarding the duration of “activity duty alerts”:

 

q       Should the duration be 12 months as proposed? The duration of the “activity duty alert” should be at least 12 months, as proposed. However, the “active duty alert” should be offered to our service members upon their call to duty (as part of their active duty paperwork) in order to let them know that they have the option of activating the “active duty alert” as a preventive measure. They need to be made aware that this option is there for them otherwise we are doing them a disservice. Further, if their tour of duty extends beyond 12 months, the “active duty alert” should be automatically extended another 12 months. This should not be something they have to remember to do, under the circumstances.

 

q       Should there be an alternative duration? What should that be? There should be an alternative duration for career service members who typically will spend more time on “active duty”.  That duration could be a minimum of 24-months.

 

q       What proportion of military personnel will find the 12-month duration too short? I honestly do not know what proportion of our military personnel will find the 12-month duration too short. However, as stated above, consideration should be given to career service members.

 

q       How difficult will it be for military personnel, or their representatives, to extend their active duty alerts if that becomes necessary? Given their circumstances, it may be very difficult to extend their active duty alerts, if that became necessary.

                       

 

Questions regarding the “appropriate proof of identity”:

 

q       Should the FTC set the specific standards, as opposed to the credit bureaus? There needs to be consistency among the standards established and the FTC should set the specific standards.

 

q       Are the examples of information that may be required by credit bureaus appropriate or are they not appropriate? No, the examples of information given are not specific enough (i.e. “other authentication methods”).  What if any, alternative information should be used as examples? Examples consistent with those used in the U.S. Criminal Code “such as name, date of birth, government or official identification numbers (such as Social Security, drivers license or passport), biometric data (such as fingerprints or retina images), unique electronic identification numbers, or numbers and signals that identifies specific telecommunications or instruments.”

 

q       Has the FTC adequately balanced the harm of consumer misidentification with the harm arising from delays or failure to fulfill consumers’ requests that may result from the higher level of scrutiny? Yes, however as stated above, there are some minor issues to be resolved.

 

 

Once again, Teachers Federal Credit Union would like to thank CUNA’s Regulatory Advocacy Department for the opportunity to comment. We would be happy to discuss this matter, if you so desire.

 

Sincerely,

 

Robert G. Allen

President/CEO