Inman

Congress to probe identity theft issues

A House of Representatives subcommittee will examine issues surrounding identity theft and assess possible solutions to e-mail phishing scams during a hearing Tuesday in Washington, D.C.

Identity theft, where one individual assumes the identity of another to commit fraud, has continued to increase on the Internet in the last decade. In high-tech forms of identity theft, thieves acquire sensitive personal information about consumers by breaching computer databases or Internet sites.

The Subcommittee on Financial Institutions and Consumer Credit, chaired by Rep. Spencer Bachus, R-Ala., will hold a hearing at 10 a.m. on Tuesday, July 18, in room 2128 Rayburn Building to discuss possible solutions.

One of the proposals to be discussed includes limiting the public’s access to domain name registrant contact information via the Whois database. Financial institutions use Whois data to prevent identity theft and account fraud particularly related to phishing, which occurs when a thief sends an e-mail notice claiming to be from a bank or Internet service provider in order to trick a consumer into giving up personal information over the Internet.

In a typical phishing scheme, an e-mail would direct the consumer to a Web site that mirrors the legitimate business’s site and asks for a credit card number, a bank account number, Social Security number, or other sensitive personal information under the guise that the information is needed for identity or account verification, account continuance, or account restoration. In reality, the e-mail or Web site is controlled by a third party who is attempting to extract information that will be used illegally.

“I am concerned that the adoption of these proposals could compromise the ability of financial institutions to respond to identity theft and phishing attempts; therefore, I hope this hearing will prove successful in shedding light on this critical issue,” Subcommittee Chairman Bachus said.

In May 2006, the Anti-Phishing Working Group reported nearly 12,000 phishing sites, which, on average, remained online for five days. Ninety-two percent of the phishing sites were on financial institutions. These sites hijacked the brand names of 137 companies in an attempt to fraudulently gain access to sensitive consumer information.