My name is Detective Michael Fabozzi. Seated next to me is Sergeant James Doyle. We share a combined 36 years experience in the New York City Police Department. During that time we have patrolled New York City's subways, housing developments and ultimately went on to serve in the NYPD's Detective Bureau. Presently, we are assigned to the Computer Investigations and Technology Unit, which is part of the Special Investigations Division. Investigators in the Special Investigations Division are responsible for the investigation of white-collar crimes, specifically bank and brokerage fraud, credit card fraud, and identity theft. For the past several years, we have been assigned to the Computer Investigations and Technology Unit that has been at the forefront in the area of investigating financial crimes perpetrated through the Internet.

Over the past five years, there has been a significant increase in crimes where criminals compromise personal identification data of victims, in order to commit identity theft. The information that falls into criminal hands includes name, date of birth, Social Security Number, banking account number, and other personal and financial information.

Victims of identity theft, like other crime victims, are made to feel personally violated. This is especially true in light of the vicious cycle of events that typically follows the perpetration of this crime. Imagine for a moment, a recently married couple just starting out in their life together. They work hard and save enough money to make a down payment on their first new home only to be denied a mortgage because of a negative payment history reflected in a credit report--information that they knew nothing about. The trauma this type of fraud causes its innocent victims is unimaginable. Moreover, once the crime is discovered and reported, victims are left to fend for themselves in attempting to clear their credit history and good name.

Our unit has successfully conducted numerous investigations where perpetrators have used the personal information to not only obtain credit cards and personal loans, but also to purchase cars and homes. Although we in law enforcement garner some sense of satisfaction when we make arrests for these crimes, it is not enough when compared to the amount of time and energy a victim spends trying to undo the work of these criminals.

Recently, I was the arresting officer and I am the lead investigator in the Abraham Abdallah case--an investigation that received national and international exposure. Since the matter is still an ongoing investigation, my comments are limited to only that information that has been reported publicly. Abraham Abdallah, a busboy in a local restaurant in Brooklyn, New York was able to successfully obtain personal information such as names, dates of birth, social security numbers, phone numbers, and sometimes bank and brokerage account information by using the Internet and other sources. While working as a busboy, Abdallah stole credit card numbers of various customers and then used those credit cards to order and purchase a variety of items over the Internet.

In addition to ordering merchandise with stolen credit cards, he used the personal identification information of his victims to open up new credit card accounts. He requested that the new cards be mailed to a new address--usually a "mail drop." A mail drop is a P.O. Box or Mail Receiving Agency that receives mail for an individual, such as Mailboxes Etc. New credit card accounts were then opened using these mailbox drops as the address of individuals, including celebrities and even a few prominent, well-known business leaders. Using these new credit card accounts, Abdallah went to the local library where he was able to purchase credit history reports on-line.

Through the use of on-line information providers and other Internet based databases, Abdallah was able to penetrate the banking and brokerage accounts of his victims by using a common trick called "social engineering." Social Engineering is the process whereby an individual misleads another person such as a customer service representative into providing personal information about an individual or account. Once he obtained the account information and perhaps an account's password, he was then able to steal a vast amount of money from the accounts of our nation's wealthiest individuals.

This tale of the busboy cyber thief is a frightening testament to the vulnerability of the entire e-commerce system--a system that has successfully lulled America into believing that encryption and on-line privacy policies have made Internet transactions secure. The holes in our system are everywhere--at restaurants, department stores, merchant counters, doctor's offices, insiders at banks and brokerages, places of employment and at the nation's three major credit reporting bureaus. By finding just a few of holes in the system, Abdallah was on his way to stealing $100 million.

We urge this Committee to take the necessary steps to develop new ways to prevent this type of fraud without sacrificing the privacy rights of the consumers. Specifically, our legislative recommendations are as follows:

• Entities that have access to a consumer's personal identifying information should be strictly accountable as to who they provide such information to and the purpose that the information is being provided.

• Credit reporting agencies should have to notify consumers when inquiries regarding credit histories are made. The consumer should have the ultimate ability to deny such information from being disseminated by the credit-reporting agency.

• Internet service providers and web sites should be mandated to maintain detailed records of their transactions. (Unlike telephone companies that keep detailed records of calls that are invaluable to law enforcement, Internet companies have no set standards as to what records of transactions are kept, thereby providing an impediment to investigating identity theft.)

• The posting of social security numbers on the Internet should be prohibited.

We believe that some of these legislative safeguards, if enacted, can have a significant impact on the crime of identity theft. Thank you for the opportunity to address the subcommittee. We will be happy to answer any questions that you may have.