Senate Standing Committee on Banking and Financial Institutions

I would like to call this hearing to order. Before we do, before we get started with today's agenda, I do want to express my gratitude for the opportunity to chair this awesome Committee and thank you to staff for helping make this happen as well.

Senators, I do look forward to working with you on issues that are really deeply important to consumers, to small businesses and the financial institutions that we all rely on.

I do think that people are looking for sources of stability right now and I also hope that we can together, that we can work within our issue area to provide just that.

And on that note, we are here today to learn about the growing problem of scams that are responsible for taking billions, yes, that is billions with AB, billions of dollars out of the California, out of California households every year.

So these scams range from something that's relatively small one off events to absolutely devastating, elaborate schemes that are conducted by transnational criminal networks that target the nest eggs of retirees and can result in losses of more than 1 million per victim.

Last session we worked on a Bill to address elder financial abuse which unfortunately did not make it into the law books. So we are coming back this year. We are at the drawing board again this session and I hope we can make some progress in working on the Bill Last year or last session.

I felt strongly that we must focus on prevention where I think that we can bring the fullest benefits or the greatest benefits for, for consumers. As we think about policy making in this particular area, I think it is important to understand what we're up against. And that is why we've called this hearing today.

We will hear from a victim who will describe the sophisticated scam that robbed her of her retirement. We will also hear from law enforcement officials who have pursued investigations and can describe to the scale and sophistication of industrial scam networks.

We will also hear from various industry representatives in telecom, tech and banking who see the threats deployed by criminals and who must be a part of the preventative solutions to combat these threats. And we will hear from legal experts as well as advocates who can help us consider policy solutions to this problem.

We have a healthy agenda this afternoon, so I think it's good that we just get started. And so on the first panel we have Lynn Knox, a resident of Oxnard, joining us via Zoom. After her testimony, we will hear from Special Agent in Charge Sean Bradstreet of the U.S.

secret Service and then Carla Sanchez Adams of the National Consumer Law center providing testimony here in the hearing room. Each witness will have about five minutes to be able to Deliver your testimony and then we will have time for question and answer after all the presenters have have spoken.

So with that if we can, let's get started with Lynn Knox of Oxnard. Please. The floor is yours.

Thank you. I'm Lynn Knox. I'm 72 and I'm a widow. I also live alone. About a year ago, my life changed around completely. I was getting ready to retire, spend time with my family and travel.

I was working in my home computer and suddenly received a pop up message followed by loud sounds and flashing warning me that my computer had been compromised and I needed to contact Microsoft immediately. Using the number on the pop up, I called Microsoft.

I spoke to a representative who told me my computer had been hacked and it looked like I was downloading child pornography, which is felony. She said she could fix it by downloading Ultraviewer and then she could access my computer to remove the malware.

She then said that it looked like my bank accounts had been compromised as well and she would be transferring me to the Citibank fraud Department. Albert called, gave me a badge number and said that criminals were attempting to withdraw money from my savings. He could see all of my accounts and balances.

I would need to safeguard my money doing a duplicate transfer to present the unauthorized withdrawals. He told me criminals are targeting seniors and are using the money to open fraudulent bank accounts overseas so they can finance child pornography.

I was instructed to go immediately to the bank, withdraw my cash and take a picture of my withdrawal slip and send it to Albert. He remained on the phone with me the entire time I was at the bank.

Then I had to come home, package up the cash, put it in a box, label it with my name, my last four digits of my social and a security locker number that he provided. I was also told not to tell anyone about this, even my children, because I was assisting the government in a top secret investigation.

After the cash withdrawals, I received a letter via email from the Federal Reserve System confirming my deposits in the safety locker.

I then depleted my remaining assets, including my 401k, my Ira, trust Fund and personal pension plan over the next 10 weeks, purchasing gold bars from gold dealers and then picking, having packaging them up and having them picked up by couriers who would give me a password and a name.

There were a total of seven transactions in all and the federal income taxes were withheld from each. After each one, I would again receive a letter from the Federal Reserve System for the final gold purchase. I was instructed to meet the courier in a parking lot at a nearby shopping center.

I waited in the parking lot and the courier came to my car, opened my door and I handed him the last of my savings, which he put in a backpack and walked away. I never received a letter from this pickup. So I reached out to the person I'd been dealing with. There was no response.

None of the phone numbers that they had used worked. Only one. It was a garage door company in Texas. When I spoke to them and asked for Jason, they said no one was there by that name and it looked like I might have been scammed. My heart started pounding. I was shaking.

I then called the Citibank Fraud Department and I asked for Albert and gave him a badge number. The representative spoke, said, they don't give out badge numbers. I should immediately go to the bank and close all my accounts. I then went to the Oxnard Police Department.

I filled out an FBI Internet Crime Complaint center report online and an FTC report. I then went to the Social Security office, called the National Fraud Hotline and then finally I went to the District Attorney's office in Ventura. The hardest part from this whole thing was telling my children.

These scammers told me to lie to my kids, my bank, my accountant and my financial advisor. I couldn't sleep or eat for weeks. I cried constantly and was nervous all the time. I was so scared and I felt so very stupid. These criminals fed on my emotions. They are professionals.

I was convinced I was helping the Federal Government. I felt fearful and threatened and I failed to think logically. I am here because this can happen to anyone. I am a college educated professional who with my husband worked hard for more than 50 years to be financially stable and build a future for ourselves and our children.

All these criminals want is to prey on people like me. And their only goal is to separate you from your money. Sadly, only about 10 to 15% of these scams are even reported because the victims are embarrassed. We need to raise awareness and provide more education, especially to our senior citizens.

These scams are only going to increase and get worse. And here's specific things California can do. Banks and financial institutions should be required to annually recommend to their customers to add a trusted contact on their accounts and provide constant information on scams. They should also track withdrawals better and flag accounts where the activity could look suspicious.

Law should require them to put a three day hold on accounts with suspicious activity. Gold dealers should be held to the same fiduciary standards that banks and institutions financial institutions are finally due to the federal Tax Cut and jobs act of 2017. Victims like me are not able to deduct any of the losses caused by these scams.

According to current law, I will be required to pay taxes at the state level when I file my tax return. This is not protecting California residents. The state should adopt a tax law to allow the scam victims to deduct their losses.

I am sharing my story to as many people as I can in the hopes that I can protect others from severe emotional stress and financial impact as I have experienced. This is all I can do as an individual.

I look to you and others in our state government to take immediate steps to provide remedies which will help protect me and the many others in California that are victims of these terrible scams. And I really thank you very much for letting me have a chance to talk.

Lynn Knox, thank you for your testimony and how profoundly real it makes this for all of us. So with that, if you can stay around for a little bit, we'll have some Q and A as soon as we have a couple more testimonies, and we will move on to the next Special Agent Brad. Brad Street.

Many Members, thank you for having me today. Agent in charge with the Secret Service out of the San Francisco. Is that better? Test12.

How's that? Is that better? All right, let me start over again. Thank you, Mr. Chairman and Committee Members, for having me today. My name is Sean Bradstreet. I'm the Special Agent in charge with the Secret Service out of the San Francisco field office, and we cover Northern California.

Before I kind of get going, I just want to thank Lynn Knox for hopping online and talking. You know, it's very difficult to talk to friends and family about this, let alone to talk about it publicly in a public setting. So I really appreciate that.

I'd like to say that, that her case is a nominally, but unfortunately it's not. It's actually all too common. We probably get one to two calls in our office per day with very similar calls or very similar scams that have gone on and that have happened to them.

Our average loss out of our office is probably 400,000 per victim that calls. So some are over a million, some are a little less, but we believe our average is around 400,000. Now, the good news is over the last three years, the Secret Service has seized 607 million, which is great.

Our local office over the last year seized 27 million just in digital assets. And I really appreciate the work our analysts and agents have done to seize this money. So it's not going back overseas. Unfortunately, the issue that we're addressing is much larger, much larger than that. So with that, I just want to show this first graph.

This is something that we just pulled just a few days ago. And you can see with this graph that we just pulled that California has lost about $2.5 billion just in the last year. Now, like Ms.

Knox mentioned, these are probably extremely conservative numbers, and we think the numbers are actually much higher than the 2.5 billion because we believe that there are many others that are unreported. But with. I want to talk a little bit about our adversaries and kind of what we're. We're dealing with.

This is a good picture of Myanmar over in Southeast Asia. And you can. I really want you to focus on the area south of the river there, Morai River. That's all Myanmar. And this is what it looks like now, six years later.

Zero, my gosh.

These are all scam camps, human trafficking camps that have been developed. A lot of the money that Misknox lost went to camps like these. And they are building them at astronomical rates. And I'd like to say you can even see in the middle of this photo here, they're still undergoing construction.

Like, they're still building and they're still expanding. And I. And this is specifically KK Park. And I like to tell you this is one of the largest or this is the only one, but this is only one of many. The region is actually growing exponentially.

You know, in Cambodia, you know, Laos, all throughout that region, we have these scam camps growing. This is also a photo from kind of the ground level on what the camps look like. This is Cambodia. And you can see how vast it is, how they're just not one or two story buildings.

There are multiple hundreds, thousands of human trafficking victims that are being held at these compounds here. This kind of gives you another look at it. This is actually a photo taken from, like, one individual. And you'll see all the cell phones that they have just at their desk that they're communicating with.

So when they're communicating with victims over here in the US You've got one suspect that is dealing with a whole host of victims here at the same time. And they're very well trained, they're very professional at it. They're also growing in the level of sophistication. Like this right here is a fictitious website.

They're all over the place now. They look believable. They got great technology. And it's even hard for me to distinguish between what is a real website and what is a fictitious website. And Lastly, I want to talk to you about the complexity of some of these apps.

So a lot of us were familiar with going to the app stores, you know, whether it's Apple Stores, the Google Store and downloading the apps. There's actually a technique that's called sideloading apps, where you're actually going to a website and actually bringing an app in from outside of the legitimate stores.

And is what happens when people are side loading apps, which is what we're calling them, because they're not coming from the official stores. The criminals let the victims know like, hey, you're going to get a warning that's going to come up on your phone.

A warning does come up, you know, Iphone, Google, they, they put those warnings up there and they're like, zero, that's because they don't want you to have VIP access. Go ahead and accept that. They kind of already, you know, let the victim know exactly what's going to be coming up before they even see it on their screens.

But we actually sent some of these side loaded apps back to our center and did some reverse engineering and we found out that these apps actually provide a lot of capability into the phone.

They have read write capabilities, they can turn on cameras, turn on and off the microphones, they have read write capabilities, they can kind of see the different apps and how they're moving around on their phone.

And when you go to actually kill the app or you think you're shutting it off, it's still kind of running in the background. So the amount of information that your suspects have on the victims is real and it's legit.

And they do unfortunately a very good job as far as finding out what's going on and what you're doing when you're not communicating with them. So let me talk to you a little bit. What we see, generally speaking at the scam level. So like Mrs.

Knox mentioned, like, hey, they meet on a social networking platform, they build a little bit of trust, they say, hey, I can help you with your issues. Whether it's a parent that has cancer, whether it's a romance scam, investment scam, it doesn't really matter. All very similar.

And then they send them to these websites, these bogus websites, they convince them to download these inside, load these apps. So like, we're all used to looking at our banking information on our phones. What we see on our phones we take as being truthful and real.

We see that in our credit card statements, our bank statements, the stock markets, they really have no reason. They believe they're At a legitimate website, they believe they've downloaded legitimate apps. And what they're seeing is you. So when they Invest, we'll say, $10,000, they actually will send a picture of that, that they've actually deposited the $10,000.

Otherwise the scammers don't really know. And then they go in on the background and they populate to $10,000. And as it doubles and triples over the coming weeks or months, they have no reason but to believe that their money has doubled or tripled over the next few weeks or months.

So they keep adding more and more money in there. And unfortunately, when they actually get to the point where they withdraw the money, they have it all set up like, hey, they've got to pay taxes on it first.

Then there's an export tax, then there's a customs tax, and people are taking out additional loans to pay what they think is going to get their money. And the scam keeps going until they get to the point where there just is no more money to be had.

And that's when it's kind of up and they feel like they've. They've been had. So I just wanted to share with the Committee exactly what we're seeing in our office here in Northern California. It's. It's devastating what's going on to the victims throughout our state.

And we definitely need a lot of help from our state and local law enforcement partners, along with the help from the telecommunications and technology, to really put a hold on this and cut back on how much these cam camps are expanding. But thank you for your time.

Thank you so very much, Special Agent Bradstreet, for the detail you provided in your testimony. And we will go to our third panelist, Carla Sanchez Adams, with National Consumer Law Center.

Chair Grayson. Excuse me. And Members of the Committee, thank you for the opportunity to testify today about the gravity of the problem of payment fraud and the gaps in our existing consumer protection laws, which often leave fraud victims without recourse. Payment fraud is rampant.

And even though it is widely accepted that fraud often goes unreported, I've included some material from the Federal Trade Commission in your packets. The FTC received over 1.8 million fraud reports in just the first three quarters of 2024. The total amount of dollars reported lost for that same period was over $8.6 billion, though Mr.

Bradstreet's data shows 2.5 billion lost by Californians. FTC reports $1.1 billion lost by Californians, with the most common type of fraud occurring through imposter. Scams, evidenced by Ms. Knox's testimony. Again, this corroborates the fact that usually fraud is unreported or underreported. Unsurprisingly, 60 to 69 year olds filed the most fraud reports and lost the most money.

Now, fraud occurs across all payment types, even older forms of payment. Things like bank to bank wire transfers that used to have to be done in person can now be done online or through a mobile app. Check deposits can now be done through remote deposit capture.

And fraudsters exploit the ease of these newer payment technologies, spoofing numbers of real financial institutions via text or phone call, utilizing deepfakes, or taking over accounts through malware breaches. They also use the tactics described by Ms. Knox and Mr. Bradstreet, manipulative psychological practices, and even physical violence. Now, payment fraud can be sorted into two buckets.

Unauthorized and fraudulently induced. The unauthorized bucket fits all transactions initiated by a fraudster without the victim's authority. The fraudulently induced bucket fits transactions initiated by the victim, but only in response to a fraudulent scheme involving deception or manipulation by a fraudster. That's what generally people term as scams.

Though fraud victims are plagued by both types of payment fraud, the relief they receive varies greatly depending on the type using the same FTC data. The most reported method of payment fraud was credit card followed by P2P app.

But in terms of dollars lost, bank transfers, which include bank to bank wire transfers, led with over 1.5 billion lost and crypto payments came in second with over 1 billion lost.

Currently, if you're the victim of payment fraud, your only hope of getting your money back is if it happened as an unauthorized electronic Fund transfer or or unauthorized use of a credit card. And that's because of the strong federal protections under the Electronic Fund Transfer act and the Truth and Lending Act.

But even if the fraud fits within this unauthorized bucket, if the transaction happened by bank to bank wire transfer, forged or altered check or crypto, it will be an uphill battle for the victim to get their money back. Because state law offers much weaker protection.

And if their fraud story lands them in the fraudulently induced bucket or the scams, they'll likely hear too bad. So sad. Because there are no clear protections under either federal or state law.

If the payment method utilized to perpetrate the fraud is an unauthorized bank to bank wire transfer, a fraud victim's bank will often notify the victim they're still responsible for the fraudulent payment.

California's UCC currently allows liability to be pushed back onto the victim if A bank utilized a quote unquote commercially reasonable security procedure, usually found in the fine print of the account agreement and often consisting only of multi factor authentication or use of a one time passcode. The victim's only recourse then is to pursue legal action.

But because the UCC currently does not allow recovery of attorneys fees or damages beyond the amount lost plus interest, the victim will have to pay even more money to hire an attorney and risk getting little to no money back from the fraud.

And let's say the fraud victim was manipulated into sending a bank to bank wire transfer, but realized merely minutes after initiating the transfer that it was a scam. Though the victim victim couldn't dispute the transfer as unauthorized, they could try to cancel the payment. But state law doesn't help here either.

Even when a victim calls their bank or goes in person to a bank branch to cancel the payment order, they're given the runaround or told their bank can't help them. And that's because the UCC gives banks discretion to cancel a payment order and practically wire transfer. Payment orders are largely automated.

They go out in a large batch transfer at the end of the banking day. So even if a bank employee wanted to help, they may not have the authority or the ability to cancel the payment.

If the fraudulent payment method is through an altered or forged check, such as when it's stolen in the mail, then a fraud victim does have recourse, but only if it's timely reported.

California's UCC gives victims up to a year to report the fraud, but bank account agreements can change that period and usually shorten it to only 30 days. In many cases where the check amount is not changed but only the pay is altered, the fraud victim may not even learn of the alteration until the intended payee informs them.

Usually after the 30 days has passed, fraud victims are then left holding the bag. I won't spend much time talking about crypto fraud, but the bottom line is fraud victims currently have very little recourse here either. Though some states have passed legislation to refund fraudulently induced payments deposited at a crypto kiosk.

Though I painted a pretty bleak picture here, there are steps we can collectively take to keep the impact of fraud on innocent victims and even financial institutions to a minimum and to incentivize more effective use of innovation to prevent payment fraud.

First, we absolutely cannot push the entire burden of dealing with payment fraud onto victims, hoping consumer education will solve it. Second, we need to update antiquated laws that offer little to no protection to fraud victims.

The UCC was originally written in the 1950s, before any of the technological advances that now allow faster electronic payments and thus faster fraud. Third, financial institutions receiving fraud payments should bear more responsibility.

If the receiving institution is allowing a fraudster to open accounts and receive fraudulent payments, it only makes sense they bear some of the cost in reimbursing victims of fraud.

Currently the US there's no mandate that the receiving financial institution who allowed the fraudster money Mule to open an account and receive the fraudulent payment to reimburse the defrauded victim or the victim's institution, unless the payment was by forged or altered check.

So again, it just makes sense that they need to be doing more on their end to making sure that their customers aren't committing fraud now. Fourth, any attempts to combat fraud must also be coupled with policies and procedures that protect innocent victims who do not engage in payment fraud.

Many fraud victims who report unauthorized transfers from their accounts actually have their own accounts frozen and closed without explanation. Fraud victims should not be penalized when they utilize the protections afforded to them under the law. Fifth, institutions that design and run the payment systems need to take more responsibility for making these systems safe.

It's in their financial interest to do so. For example, 48 state financial regulators, including California, took action against Block, who manages Cash App. They agreed to pay an 80 million fine and undertake corrective actions for violations of the Bank Secrecy act, which is designed to stop criminals from using the platform.

Finally, we need to obtain a more robust and holistic picture about fraud. How it's happening through what payment systems and who is doing it. At the state level, regulators and supervisors should be gathering data from the entities they regulate, crypto companies, payment apps, financial institutions.

We need to know how much fraud is reported by their customers, how those disputes are resolved, and where the money is going. And we need this information to be shared publicly through supervisory Highlights. Thank you and I'm happy to take any questions.

Thank you so much, Carla Sanchez Adams, for your very informative testimony and we will turn to questions. I would like to turn to my colleagues on the Committee to see if they have any questions. Yes, or statements. Senator Richardson.

Bradstreet Given the present trends. How do you see the scan landscape. Changing over the next five to 10. Years, and where do you see some of the biggest gaps?

So thank you, Senator, for that question. You know, at this, at this current rate, with how much money that they're stealing from citizens within the United States, I just seen it growing exponentially, you know, here in the near future, unless we do some drastic measures.

You know, with that being said, you know, there are many more communication platforms out there that they're communicating with, and there's also a lot of encryption platforms that we don't have a lot of insight to.

So that makes it very difficult for us to take and, you know, use our law enforcement tools to find out exactly what's going on between the victims and the suspects.

And this question would be for Ms. Sanchez Adams or Agent Bradstreet. I'm working on a Bill that has to do with more of the digital wallet. So the PayPals, the Venmos, the Zelles, I strongly was not doing Zelle, and everybody wants you to pay them by Zelle. So I finally opened a Zelle account.

But it's interesting, it doesn't appear that there are the same warnings and fraud protections with the more digital payments versus what some of the banks have had to establish. Do you. Have you found that to be true?

We're working on legislation right now, but I'm just curious if either of you have seen that to be an area of vulnerability.

Yeah, I would say specifically from our office, I'd say 90% of our calls now are crypto related. So we probably get a lot more of the complex cases that are coming in. Maybe it's because the state and locals don't have a lot of the tracing software that we have as far as the cryptocurrency.

But I would say one of the big difficulties with that when they're using cryptocurrency is how quickly it moves and how there's just that time delay by the time we hear from the victim and the money is moving just exponentially so quickly.

You know, at the banking industry, when they're going through the automated clearinghouse, we get a little more time to like, freeze or maybe recall the wires. With cryptocurrency, we just don't have that as far.

Far as, like the payment apps that you're referring to, we don't see a lot coming in through, like the block, the PayPal, the Venmos, and we don't get a lot of that that comes in through our office.

So I'll respond on that point. I will say that we do get a lot of stories about problems with the payment apps and specifically cash app and Venmo which are, and PayPal are separate than Zelle. So Zelle is owned by early warning systems and the banks.

And Zelle is actually been trying to do more to address fraud and to do consumer education. But the platforms, the payment platforms or apps are very different because they're close circuit or closed systems, closed loop.

So they have the visibility into both the accounts that exist that are sending the fraud payments and the accounts that exist that are receiving the fraud payments versus with Zelle, I can send it from my Chase bank account to you in a Wells Fargo account and Zelle wouldn't be able to see both of those accounts.

So we agree that more needs to be done, especially with those platforms that can see everything and stop everything and because they have the ability to do more and to have more flags to put more road bumps. So I would support any Bill that you would introduce.

Thank you, Senator Limone.

Thank you. And I'd like to just, you know, this is for Ms. Knox and I'm looking around. Ms. Knox. Yeah, can she see me? Okay. Hi.

I can't see you, but I'm, but I'm on.

Well, so Ms. Knox, I want to just acknowledge, you know, you've shared an experience with us and it's a really, you know, it's, it's a, it's a very unfortunate, tragic and problematic experience. So I want to thank you for sharing that you're a resident of the district that I represent.

I also see that in the binder there is some, you know, we have a picture tab for, yes, you know, about what exactly was lost. And that is very meaningful for anyone. And as I think of your experience and reflect on the fact that it's not just an experience that's isolated to you.

I mean, we just heard that this is repeated, that 90% of the calls that are coming in are related to different confusion to the fraud that people are feeling and experiencing. Was there ever a moment in this process for you where you thought to yourself, wow, the system didn't work for me.

I'm surprised that it didn't work for me. And if so, can you help us understand what that moment was like so that those of us that are thinking about the systems in place to give you certainty that the financial products that are out there are ones that are not taking right advantage of you?

And I want to be clear. There are so many that don't right where it is not right where there are products that you don't find this frequency of concern. But what part of the system didn't Work for you.

I'm glad you asked that question, Senators, because when it first started happening, I even questioned like, okay, I'm going to go withdraw this money. I had to go to two banks to get the money because either bank didn't have the first withdrawal was like 37,000, $35,000. Neither bank had 35,000 in cash.

So I went to one and then they sent me to the other bank and it was like, then I thought, well, I'll go to the other bank. And they're going to probably wonder what happened at the first bank. It's all Citibank. And there was no one teller asked me, what is it?

What are you, zero, what are you using the money for? And I was, as I said in my talk, the, the guy that was from the Fraud Department had me on the phone the whole time. He never hung up. He said, I'm going to stay on the phone with you. Here's what you're going to say.

And if they ask you where the money is, you're saying that you're going to remodel your house and one of the contractors would like to be paid cash so he can give you a discount. They always fed me the information. So I had earbuds in my, in my ear. Okay. The other thing is, I thought, well, when.

Why didn't the banks notice that I was going from one bank to the next? And also a couple days later I went to a third bank that was like a 45 minute drive for me. And I don't know if they see it on the screen or I would think that shows some suspicious activity right there.

I kind of feel like not all the tellers asked me about the money one was brave enough to do. So I look back and think if they had seen, if they had sent me a little note over the counter that said, are you being asked to withdraw this money?

Are you on the phone with somebody right now or something? I don't know if they can't probably do that, but if there had been a trusted Member on my account, which there is now, then that person would have been called. So I feel like there's got to be another way where they can monitor that a little better.

And how many transactions you can only withdraw, like what, $500 out of an ATM every day. So how can you do this? Not sure if that answers you, but.

It does, actually, it does. And I think of other policy areas where we do have elements in place where we are asking victims of something right to.

This is a trusted number I mean, there are practices in place in different policy areas and certainly I think again, I want to recognize that your experience is the experience we're hearing today, but is reflective of so many things.

We hear from constituents throughout the state about what fraud looks like and feels like and the moments of, you know, vulnerability that, you know, victims are experiencing. So this is helpful. Thank you for sharing this with us.

Thank you for, you know, there is nothing we can say that will make this feel better, but know that what you've gone through is something that we are learning from in order to do better. And you know, my heart goes out to you for everything that has happened to you. And you know, for Mr.

Bradstreet, I just wonder if having heard her response and the fact that you've said like this is the bulk of what you're hearing and you're doing, I mean, what does the landscape look like for the next five or 10 years? Does this get better?

Certainly the more we know, the more we hear from constituents, the more we hear from consumers in this state, the more evidence we have to identify what a trend is. And once we know, hey, these aren't isolated.

Here's the trends you study the trend you figure out, are there things to do with the hope that over the next 510 years, if that trend is not what we want it to be, we can redirect and fix. Help me understand how you see this.

You know, over the next five or 10 years, will we have a better grasp on it or will now that the ways that our consumers are frauded be something that concerns you in an even deeper way? Because we can't keep up with existing trends, let alone predict future trends.

Yeah, I think we get a difficult challenge ahead of us. You know, with the current trends that are going on, I still continue to see it increase unless we make some really major changes. And it's just not something that's a law enforcement issue.

I think it takes the law enforcement side, I think it takes the telecommunication sides because a lot of this communication is happening over their networks. You know, the technology side, it's really got to be an all of government, state, private sector focus to be able to address some of this.

But unfortunately they've got such a good base over there right now and, and they've got so much money that they've already stolen that they're just growing exponentially. And it's really the criminal enterprise is almost like a business enterprise. Like they've got psychologists over there, they got the IT support over there.

Like they got all, all the issues, you know, if we block off one scam, it's almost like a balloon. You, you smush the air on one side, it just balloons on another. Like they're able to. To move and keep. Keep attacking us. So we do have a difficult time task.

And that's why I really appreciate Senator Grayson, you know, putting that Committee together and, you know, hopefully we can take and address this.

Thank you for that. Still, you know, definitely leaves us with concerns that, you know, we need to think about. And thank you, Chair Grayson. I feel like you have led in this space and you're continuing to lead in this space, and I really appreciate that. We're still looking at this. Thank you.

Thank you, Senator. And look forward to partnering with all of the Committee Members as we address this this year. Ms. Sanchez, Adams, last year within Congress, we saw some interest about fraud or around fraud and scams with at least a couple of Committee hearings specifically on the topic. Is there any hope for bipartisan action or do you.

Or do states need to take the lead on their own?

Yeah. Thank you for that question. You know, one of the challenges, as everyone has identified, is that it is multifaceted. The problem of fraud is not just in the financial sector sector, it's also in the technological and telecom sector. And so the approaches that the Federal Government can and should take are also varied.

So there's various committees, there's various regulatory agencies, and the Last Administration had been moving forward, and now we see that there's some retraction of steps that were taken to try to protect consumers and to prevent fraud from happening. So I do think that states need to take more action in that vaccine.

Right now, the main thing is trying to push crypto payments into the financial sector and trying to allow more financial technology companies to innovate without a regard for fraud. We've spoken with many of the Committee chairs, and they think the current law can address it.

Clearly, we don't agree, and I don't think that people who continue to be victimized agree with that statement. So there is a need for states to do more. The challenge, of course, comes with what states can do legally and how they regulate and oversee some entities that may not be subject to state law. For example, the telecoms.

I agree 100% with the statement that most of the fraud starts on their platforms. So you get a phone call and telecoms can actually block a lot of those scam numbers. They just don't. And also through Facebook Marketplace, through other platforms. And so more needs to be done on that side as well.

Thank you very much and thank you to all the panelists for this first panel. Hence is why we are here to dig deeper and to find some approaches to solutions where we can deal with this in a better way and prevent more cases like we witnessed with Ms. Knox, at least to the best of our ability.

We will now move to the second panel. We will hear first from two witnesses via Zoom, Josh Berkhu of US Telecom and then Sean Farrell from Microsoft. After those two, we will bring it back to the hearing room where we will hear from Dylan Hoffman on behalf of TechNet and Darius Kingsley of Jp Morgan Chase.

With that we will begin again with Zoom. Panelists have five minutes each to make your presentation and then we will go to question and answer. Mr. Berkuth, the floor is yours.

Thank you Senator Grayson, and to the Committee for the Opportunity to join this important conversation. I'm Josh Berkuth and serve as Senior Vice President policy at U.S. telecom, the broadband Association. I also serve as Executive Director of the Industry Traceback Group, or ITG. U.S.

telecom established the ITG over a decade ago to combat illegal robocalls, both illegal telemarketing and scams. Today, under the Federal TRACE Act, the ITG is designated as the official consortium to trace unlawful robocalls. We are proud to support the Fcc, ftc, DOJ, State Attorneys General and other government efforts with our Traceback data.

Traceback was one of several initiatives the telecommunications industry launched in close collaboration with government agencies around 2015-2016 with the benefit of FCC guidance about when providers can block calls. Voice providers also deployed analytics based blocking and are blocking billions of calls, as well as labeling tools and other measures such as the Stir Shake and Call Authentication Framework.

These efforts have worked and it's far harder today to launch millions of unlawfully spoofed robocalls than it was a decade ago. And when calls slip through, we now have better tools to warn customers, disrupt bad actors and assist law enforcement. Scam robocalls still happen, but they are down 50% from their peak a few years ago.

However, as some of the discussion today has already addressed, the criminal actors involved evolve. Instead of blasting out millions of fake Social Security robocalls, they are now targeting individuals with live calls using stolen data or as part of multi channel attacks.

Instead of using shady overseas voiceover Internet protocol Internet based phone providers to make calls, they set up shell companies purportedly based in the US and disproportionately in Wyoming.

And as the work of TRACE back in law enforcement cracked down on those channels, they Turn to simboxes located here to make calls and texts from abroad for every new defense, whether technical measures or regulations, criminals find their workarounds.

While some of the tools, structures and mechanisms we built for robocall work well for these new scam calls, including our traceback efforts effort, others do not and consumers as we've heard today, continue to be harmed. Despite this daunting challenge, I always remain optimistic. Increasingly, the telecom, financial services and tech sectors are working together.

At the itg, we built partnerships with major financial institutions and tech companies and we understand that these partnerships have led directly to reduced fraud losses as well as to enforcement. Broader efforts like the Aspen Task Force working to establish a national strategy to prevent scams and fraud complement these purging partnerships.

As a steering Committee Member and co lead of the Information Sharing Working Group, I see real potential in elevating the conversation on stopping scams. I often joke that robocalls, even legal ones, get political and policy attention, but really harmful scams that don't rely on a robocall do not.

That needs to change and this hearing honestly is a really great start to that. Some other things I think we need one I do think we need a national strategy and central government coordinator to lead this fight against scams.

2 We need to ensure that policies including privacy regulation and other liability risks do not inadvertently inhibit the information sharing across companies and sectors that we see can work in this area and can help. And finally, stronger cross border enforcement is essential.

As we've heard already today, these are sophisticated and organized transnational criminal networks, not just loan hackers in a garage. As we block one scam pathway, they pivot to another. We need real deterrence from our law enforcement partners. For now I think we should focus on scaling what's working.

Stopping scams is a constant battle, but by building on existing collaboration, ensuring strong enforcement, we can make a difference. Thank you again for allowing me to participate in this really important discussion.

Thank you Mr. Berkey for your testimony and we will go to Sean Farrell with Microsoft.

Hey everyone. Thank you to the Chairman and the Committee for Having us here today. I had more prepared remarks but I think this is actually just will be more beneficial as a conversation and so one I want to thank Ms. Knox for coming forward how important that is. Quick background on myself.

I've been with Microsoft Digital Crimes Unit which I'll talk a little bit about here in a moment for a little over two years. Prior to that I spent time at AWS and Amazon combating fraud with global teams conducting threat intelligence things like that.

And I started my career with the FBI where I worked for 13 years in counterterrorism and as an attorney in our Cyber Law Unit.

The, the threats we face are, are significant in the scam space and growing in complexity and there are many challenges, I think some of which have already been highlighted here and what we can do as both an industry and I, I think 1.0 I want to hit on is the importance of public private partnerships. And Ms.

Knox, I'm going to offer to you my personal interest in following up and if you're interested in talking more about your case, I'd love to learn more about what happened. If there's anything our team can do.

For folks who may not be familiar, the Digital Crimes Unit, we're kind of uniquely situated within, I think industry writ large where our mission and our focus is actually serving as the external enforcement arm for Microsoft and our overall efforts to combat both cyber criminal and nation state threats.

And what I mean by that is our team actively works with law enforcement. We're very fortunate that at our Cybercrime Center In Redmond, Washington we have liaison representatives from U.S. secret Service, the FBI, DHS, Homeland Security who actually sit with us. And we work collaboratively to combat a host of cyber threats.

So focus areas including scams, ransomware, nation state attacks, whatever that flavor may be. And we're very fortunate to have those partnerships and something we need to leverage even more moving forward. And I think it's important for folks. Every year Microsoft puts out our digital defense report.

And just to give you an idea of the scope and scale of these threats across all types of scams and other violations, Microsoft, we receive about 78 trillion with a T security signals per day from our cloud endpoint software tools that we're analyzing that then feed into our threat intelligence teams and partners.

And we're actively tracking more than 1500 unique threats on a daily basis. That includes more than 600 nation state threat groups, 300 cybercrime groups and 200 groups in caves and influence operations. And so the scope and scale of the problem is immense.

And I think for us collectively we need to think about how are we doing our best to prevent these cyber threats all up.

And so there are best practices that we're constantly evangelizing for, for multi factor authentication, zero trust, some of these policy things that like I think don't honestly maybe resonate with everybody on their day to day basis. We need to make things as simple as possible for folks to protect themselves.

But then the second part is, and it was interesting Hearing from the Secret Service representative earlier is we know where a lot of these groups are located and conducting their activities from that are forcing and conducting these scams.

And so our team, we've had a lot of success over the years working especially in India with the Central Bureau of Investigation as well as our partners at the FBI to disrupt call centers that are located there.

The explosion, as was demonstrated earlier of these groups in tougher operating environments where we don't have strong law enforcement or diplomatic relationships, such as Myanmar, Cambodia, where these actors are still acting generally with impunity, presents challenges because it's not that we don't know where they are, it's like what can we actually do about it?

And so for us, from a Microsoft standpoint, one we want to make sure that we're enabling our customers and our partners to protect themselves. And so just this January we released a new scareware prevention capability through the Edge browser that actually will help flag and hopefully prevent more of the type of pop up scams that Ms.

Knox unfortunately fell victim to. But then I truly believe, as somebody who's come from law enforcement and work in the space now unfortunate to do this, is how do we actually raise the cost of doing business for these bad actors? And so I think for us the challenge is one, where do we meet?

Where are we sharing information? We have actually started some scalable information sharing through an organization that some of you on this call are probably familiar with, the National Cyber Forensics Training alliance, which is headquartered in Pittsburgh, Pennsylvania. The FBI is resident there. We're actually sharing information from the IC3 reports which Ms. Knox actually referenced to help identify.

Are there patterns? Are there things that we can pivot off of as both industry and law enforcement to help identify who are the ringleaders behind this activity? Where is this funnel up to? And then where can we actually introduce both private sector and public sector deterrence and impact and try to take down some of these groups.

And so I think for us, and I'd love to talk more with the Committee and everyone else is understanding, I think when we're thinking about this from a state level, I think what we need to do for everyone is make it simpler and make sure folks understand where and how do I report this activity?

Do we make sure that it gets pushed to a place where it's centralized? Because I think right now the current landscape is a little confusing. You can report directly to Microsoft, you can report to IC3, you can report to the FTC. As Ms. Knox said, is that information all getting to one place?

Where law enforcement and private sector can collaborate on it and then identify what can we do with that. The last thing I'll say is I think there are still complications based on the current regulatory framework framework in the United States with what our partners in the financial sector are able to share as it relates to this.

We have there's a law, the Cybersecurity Information sharing Act of 2015, which is actually up for renewal this year and is actually maybe an important pivot here for folks to think about is that enables sharing of certain cybersecurity threat information.

However, in the financial sector, I think there's still a hesitancy to say that CISA 2015 covers certain types of information that maybe we could share between the tech sector and the financial sector that may further enable us to combat these kind of crimes. And that's, that's not casting a spurs in the r in the financial sector.

I just recognizing the banking sector financial sector is more heavily regulated and has tougher and more complicated information sharing regulatory framework that may prevent us to be able to share information robustly as possible to combat these kind of threats. So again, thank you for your time. Ms. Knox. Offer my, my personal promise.

If you'd like to talk more about your case, I'm happy to do that. But thank you again for having me today.

Thank you.

Thank you Mr. Farrell. And we will move to Dylan Hoffman with TechNet. Please proceed.

The floor is yours.

Thank you, Mr. Chair and Senators. Dylan Hoffman here today from Shaw, Yoder, Antwee, Smelter, Lang, on behalf of TechNet. TechNet represents a broad range of companies within the technology and innovation economy, many of whom are impacted by these financial crimes.

But relevant for today's discussion going to be speaking more generally from the perspective of social media and online platforms. So first and foremost, like many here today, the safety and security of the people that are on our platforms is paramount for our companies.

We have every incentive to try to thwart these financial crimes, given the immense damage that it does to victims, but also more generally to user trust.

Scams obviously degrade the experience for both users, but also anyone else who uses our platforms, including advertisers and our Members work constantly to improve their detection and enforcement against scam content and behavior while helping their users spot and avoid suspicious activity.

And it's been noted by several other panelists as well, so I won't retread some of the same ground. But obviously these are incredibly sophisticated criminal organizations that we are trying to deal with. It's an incredible challenge not only for one industry, but one platform to try to handle on their own.

And so we're constantly trying to evolve our own tactics as sort of the bad guys are typically a step ahead and trying to keep up in a fast moving, adversarial sort of cyberspace. So what are online platforms trying to do to combat these cyber crimes?

So generally, social media platforms and other online platforms employ a number of sophisticated automated systems in order to try to flag and monitor and identify suspicious account activity. They key in on the activity of the account rather than the information that is shared.

Because it's often easier to flag and identify if an account is, say, one IP address is creating hundreds or thousands of dummy accounts, or if they're sending thousands of messages to multiple different countries, we can pick up on that really easily and start to identify, okay, we think there's some suspicious activity here that will get that account flagged, which then will.

Any sort of user account that interacts with that account will get a flag to say, hey, this may be we've identified some suspicious activity, exercise caution when interacting with it. So we're trying to push that information out to our users.

But if we're reasonably certain that that account is up to no good, we'll remove that account, we'll block access and things of that nature, and then obviously refer that to law enforcement partners.

The other thing, as I mentioned, is sort of user education, not only sort of as it's happening interactions with suspicious accounts but also more generally we want our users to be aware that people are trying to abuse our platforms and them. And so we've done. Platforms have had multiple different user education programs.

Most recently a couple of platforms had sort of cyber, sorry, romance scam informations around Valentine's Day. Sort of trying to push that information out there that hey, here's what you should be looking for, here's what to be aware of so that we're trying to prevent people from falling victim in the first place.

Platforms have also tried to make it much easier for them to, for users to report systems suspicious activity so that it can get into our systems and we can start handling it, identifying larger patterns of behavior for these accounts and like I said, try to enforce from our end before then removing out to law enforcement.

And lastly, it was brought up by another panelist. I think the technology industry and many others have learned lessons from trying to address other types of online crimes that information sharing is incredibly important. And up until this point it's been a lot of one off and informal.

We're very pleased to see more formal groups and organizations that are trying to stand up this particularly around financial crimes. But so often it's traditionally been platform to platform or platform to law enforcement and that clearly is not enough.

And, and so we sort of echo similar calls for a national strategy having a sort of unitary sort of convening space for folks from all sides of this problem to come together, share information, share what's working, what's not, and try to get to the root of the problem.

So want to echo calls for that as well, but want to leave you with, you know, our platforms understand that they have a responsibility here as well, want to be part of the solution.

They've invested an incredible amount of resources to try to combat illicit activity and conduct on their platforms like financial scams into both their teams, but also their technology.

And so very much looking forward to this conversation and being a part of it and really appreciate the Senator and your attention today and for having us be a part of the conversation.

Thank you so much for your testimony. Dylan Hoffman with TechNet and we will now go to Darius Kingsley with JPMorgan Chase, please.

Great, thank you. It sounds like it's on. Perfect. Okay, good. So, hi everyone. Senator Grayson, Senate Committee on Banking and Financial Institutions. Thank you for having me here today to talk about this important topic. My name is Darius Kingsley. I'm the head of consumer banking practices at JPMorgan Chase.

And I focus on our elder and vulnerable customers and the rising threat of fraud and scams.

And I'm here to just tell you a little bit about what we're doing, which APM Chase is doing, doing how we view it, and then also talk to you a bit about the Aspen Institute work that we've embarked on in partnership with other industry and non banking Members.

Fraud and scams, as you've all heard and know, has been a persistent blight on society since the earliest days of commerce and have been a persistent public and governmental concern in this country for a very long time. It affects today all payment methods, everything from cash, gift cards, cryptocurrency, wires, checks and person to person P2P payments.

Today, however, criminals, including foreign actors, as you heard from Agent Bradstreet earlier, have fully embraced this modern technology to scale up these crimes to new levels and over an extended period of time.

They're selling products that do not exist on Social Media Marketplaces, perpetuating romance scams on online dating sites and offering non existent jobs with an ask for an upfront payment.

They are spoofing legitimate businesses and trusted institutions phone numbers on caller IDs, pretending for example to be your bank or utility or the government or the IRS on the other side of the phone and causing data breaches at large companies.

These financial fraud and scams are becoming increasingly complex, posing a unique national security threat to Americans public safety and financial health and threatening the trust and safety of our economy and quite frankly the US financial system. Even in this difficult environment, American banks stand out for their increased security measures.

We have regulatory and moral obligations to do our part in keeping our financial system and those who count on it safe from financial fraud and scams, implementing advanced technologies and rigorous protocols to protect consumers and combat financial fraud.

Each year JPMorgan Chase proactively identifies nation state and cybercriminal threats, stopping last year more than 14 billion in fraud attempts at Chase. We know our brand is trusted by our customers, particularly our elder customers. We know the value of leveraging our branch network to talk to customers one on one about trust and security.

We require for example all of our branch bankers to take AARP bank safe training every year, ensuring they're prepared to talk to customers through potential scams and to help our bankers in those discussions with customers who might not believe they're in the middle of a scam. We have a scam and fraud flyer.

We have scam and fraud flyers in each of our branches that bankers can use. I showed some Members of this Committee that last year which they can use to try to help break the spell because often people don't believe it when they hear it from their friends or family Members or see it in Google.

But we hope sometimes they believe it when they see it on a flyer and they have a banker talk to them face to face.

We've also built protections into our risk models and our products and our Global Security team are empowered to follow up with at risk customers to personally talk them through suspicious transactions in an effort to prevent scams.

We also work closely with law enforcement to assist their investigations and establish an internal working group to enhance collaboration and ensure we can remove wrongdoers.

While America's banks are at the forefront of making it harder for scammers to perpetuate their crime, we as a country, the government, law enforcement, banks, social media companies, Telcos and many others must collaborate to stop this criminal activity. No one can do this alone. Now is the moment for a coordinated national response.

And that's why we're honored to be part of the Aspen Institute's National Task Force on Fraud and Scam Prevention, which brings together a network of over 100 organizations to develop a unified national strategy to prevent those fraud and scams.

Besides JPMorgan Chase, participants include other financial institutions, tech and telco companies, consumer groups, Federal Government agencies such as FinCEN and the FBI. The Aspen task Force is approaching the problem from multiple angles with four expert working groups and a Strategic Communications Council working together to develop a unified national strategy.

Those four task force subgroups are first, the definition of success working group that we'll use to estimate the size of the problem and and set clearly defined goals for fraud and scam reduction.

As you heard earlier, many fraud and scams go unreported because consumers know there's either no way to reclaim the money in most cases, or they're very often deeply embarrassed. Even so, we know there's been a 15 fold increase in losses reported to the FBI between 2014 and 2023.

Due to those unreported losses, it's difficult to estimate the full scope of the problem and assess the effectiveness prevention strategies. So better estimates of the scope of the problem and a clearly defined goal for fraud and scam reduction can become a rallying cry. This working group attempts to do just that.

Second, the Information Sharing Working Group aims to propose a set of guiding principles to coordinate knowledge sharing across industry boundaries. This is increasingly important due to the cross platform nature of modern frauds and scams, which direct victims to new channels to gain access to their funds.

Each time a transaction is prevented by an organization trying to protect them. Victims identified in the midst of a scam at one organization are frequently able to complete the transaction at a different organization mere hours later after being coached by the scammer on what to say to avoid suspicion.

Information sharing efforts, as we heard earlier, if successful, allow us to identify and remove bad actors from platforms, stopping the crime long before a consumer enters the bank. The third working group is the Law Enforcement Engagement Working Group. It will recommend government actions or policy changes that improve law enforcement's ability to disrupt scams.

You also heard from Agent Bradstreet earlier again that the information sharing between banks and other companies and law enforcement could be improved.

We understand that the law enforcement also has limited resources to catch bad actors and investigate fraud and scams, particularly those with a lower monetary value, but they still must play the important primary role in crime prevention. Victims are often unsure how to report crimes due to impersonation of trusted organizations by scammers.

Making reporting scams easier for consumers will help law enforcement get involved sooner and increase resources. Training and coordination among law enforcement agencies will enable them to hold perpetrators accountable and prevent future crimes.

Finally, the Consumer Awareness Warning and Intervention Group aims to identify actions that industries can adopt to reduce fraud risk to consumers and align on a national consumer awareness strategy. There are many challenges to increasing consumer education, including the instinct for consumers to dismiss warnings thinking that they'll never be the victim of a scam.

The reality is that one in six households reported being a victim of a scam over the past year year. Without continued engagement and education, consumers are susceptible to new types of scams. Ensuring a coordinated messaging strategy across industries and the government will help everyone stay aware and hopefully remove some of the shame felt by victims of scams.

The initial goal of this Aspen Task Force is to release a unified national strategy by the end of 2025, which will include ideas for how the private sector, law enforcement and the Federal Government can work together to fight this criminal activity at the source.

Helping to protect consumers and ensuring continued trust in organizations is one of our top priorities at Chase, and we look forward to staying in touch with you as the task force recommendations continue to develop. Thank you for having me here today.

Mr. Kingsley with JPMorgan Chase. Thank you for helping us to know better what you and Chase are doing as far as a stakeholder in the in the industry to address the problem. But as you detailed, it can't be just one single leg of the stool. It's going to take multiple partners coming together.

I would like to turn to my colleagues on the Committee to see if you have any questions. Senator Limon?

I don't have any questions. I just have a statement and I think it's really important to acknowledge that we are in a situation where there are great concerns. However, it is also, I think, my belief that we don't want to have these concerns. We don't want to have these problems.

And so industry alike and consumer groups alike, they're, you know, we want this solved. So I appreciate the conversation and certainly I know through the legislative process we have had, you know, several bills that aim to address this, that create a public discussion about what the right way is, what, you know, to try to address it.

And I know some of those bills have been pretty difficult. But I also think that it creates, you know, public review, public discussion, public engagement, public input are all key to trying to address this.

So I suspect that we will also continue to see bills this legislative cycle that address this and hope that our industry partners can be at the table and help us get to a yes on some of the things that move forward.

Because I believe both industry and consumer groups do not want to be in a state where consumer fraud is driving conversations and doing harm, questioning the trust that we have in financial products.

So, you know, I just want to make sure to share that and look forward to the ongoing discussions and know that there will be bills that will generate some of that discussion.

Thank you. Senator Limon, Any other questions? I do want to. Mr. Berkou, is there a possible, is there a way currently through technology where we can notify people that a call or a text is being, is originated from overseas?

It would be great, but unfortunately there really isn't a way because the provider, your provider doesn't know that that call or tax originate from overseas. And that's for a few different reasons, just the way the network works.

When we see this in traceback, the illegal calls sometimes hit 5678910 providers or more on the way to the customer. So just handed off transit provider, Transit provider. So all your provider knows is for sure is who they got that call from. So they, they wouldn't know.

The other thing though that we've seen too is there's been a lot of enforcement focus at the FCC, at the FTC, the state AGs as well, what we call the point of entry or gateway provider that the first provider that brings that call into the country, that illegal call.

And so what we've seen from that is a cottage industry of new shell company providers that are purportedly based in the US So they're enabling calls from overseas entities, but they're a registered LLC. I mentioned, I think about 20 or 30% of our tracebacks showed that the entities were registered in Wyoming, really disproportionately in Wyoming.

So that, that's another challenge. And then the last thing we're seeing again as there's been progress making it harder for those calls to get through is we've seen the rise of symbols for both calls and text. And that's, that's where there's someone in the US who has a device, has a bunch of devices.

People from abroad are originating those calls from the US network. So the calls are, they might be at a station, at a call center abroad, but to the carrier, that call is actually coming from the US Network. The promises. I agree completely with what Sean said earlier about making it more costly. That's a real challenge.

It is more expensive than the measure they were using a few years ago. And now there is actually a door in the US Knock on and potential law enforcement response domestically. And there has been some success in raiding some of those in box farms here.

So a follow up to that from a social media lens, and this would be for Mr. Hoffman with tech Net.

Are there not ways to, and you touched on this in your talking points, but are there not ways to flag accounts that have the markers of being engaged in nefarious activities and what really does prevent platforms from doing more to warn users, especially when we believe they might be engaging with bad actors?

Yeah, there are several ways that our platforms try to proactively do that. And as I mentioned before, it's really picking up on some of the activity of the account in order to start to flag it.

I think some of the difficulties come in in terms of trying to identify whether this account or other user is from an overseas account is just going back to the sophistication of these organizations. They're doing everything they can to avoid our systems and detection. Oftentimes they're just as adept and experts in our systems as we are.

And so they know what is sort of triggering that flag, how to get around it and avoid it. And that's a big thing that we're running into is that constant evolution of trying to stay a step ahead on that.

But to your point, platforms are figuring out ways to not only flag and identify what we think is suspicious activity, but provide that information at that time when another user interacts with that account to say, hey, stop and take a second.

You know this, this account has been flagged for suspicious activity or may have originated overseas or what have you in terms of what is the most useful information for that user to know when they're interacting with that activity. But I think the big challenge is how sophisticated the organizations are.

So what would be interesting to know, Mr. Farrell, from Microsoft, because Microsoft is global. I mean, they're in multiple countries. So have, have. Are you aware of, Mr.

Farrell, of any other jurisdictions globally where they have adapted and adopted policies, or they have certain measures in place that would be helpful here in California or even in the US I don't think there's a.

Model internationally that's honestly better than, I think what we. I think it really comes down to.

I think there are things we could leverage more effectively that already exist here in the US this gets back to what I mentioned earlier, where, if you're talking about sharing cyber threat indicators and other information that's kind of been already identified through legislation, the CISA 2015 act, where we think about this as scam and it's like a specific niche, when in reality it's online conduct, what information can we share legally?

So that's what I worry about is in house counsel for Microsoft, what are we allowed to share legally with who? And then we have our own policy considerations, and then where do we share it at scale? Right. I think to me, it's a little bit.

If it's like we're working, as I mentioned earlier, through the ncfta, I don't know, and I'm not saying we need like another national cyber center or cyber scam center, but I think they're just. Maybe it's more of a carrot and a stick thing is like, who's doing it, why, and what purpose? And how do we measure success?

Because we all recognize this is a threat and a problem. I think we're doing it on an ad hoc basis. Like, if I have an issue come up and it deals with, you know, bank of America or Jp Morgan, like, we have contacts, we have, we have friends and colleagues we work with.

There's not one central place where we're sending that information. We don't have, I think, agreement on what is the extent of what we can share, for what purpose, and maybe even just getting that sort of, like, blessed from a policy perspective, when I think the legal parameters already exist to share probably more than we are.

I think it's that incentivizing that. And then for me, the biggest thing too is I don't like information sharing, just to share information. People can pass stuff all they want. But, like, what are we what are we actually striving towards?

And so whatever that looks like, we've got like the Aspen Institute, like, that effort, I think is great. I think that's good. And I think working backwards and saying, like, what are we trying to accomplish? Who's going to be involved? Where are we going to do it? I think we have.

I think we have the ability to do it. It's just getting everyone aligned and doing it and recognizing are we doing in the same place for the same purpose.

Thank you for that. And if we're not careful, we actually forget about talking about the actual customer, who, especially in the States here, can be rather autonomous. And so, Mr. Kingsley, could you describe. It's you. You have that person. We think they might be a victim of fraud. We might take some measures.

But then you also have that person that's wanting to do a large transaction that is perfectly legitimate, that may have the same signals as one of fraud. And how do you distinguish and then try to balance and make sure that you protect but also provide good customer service at the same time?

Yeah, that's right. I think that is the tension, is how you balance that. I mean, the reality is the vast majority of all the transactions that happen over our networks are legitimate. People come in and do unusual transactions all the time.

People come in and do large cash withdrawals that they never normally do because they're going to pay a contractor for renovating their bathroom and they want to pay in cash. They make unusual wires because they're paying their granddaughter's tuition at college. There are lots of valid reasons why people come in and do these unusual transactions.

And so you can talk to customers. You can ask them if they've been coached. You can ask them questions about the purpose of the payment, where they got the wire instructions from. But at the end of the day, people's attitudes are that it's my money and I should be able to do what they want with it.

And given that in the vast majority of cases it is for legitimate reasons, it's sometimes hard to know which ones to say no to. And, you know, we do make mistakes sometimes, and people get really upset when it's a legitimate transaction and you delay it or you deny it.

And people have lost out on business deals, on closings, on land sales. So I think this is the tension that we all struggle with.

Thank you for making it real. And with that, thank you to the Panelists of Panel 2 for your testimonies and answers, and we appreciate you coming today. We are going to move to our third and final panel, we will hear first from Deputy District Attorney Scott Perello, who will be actually in person right here in the room.

And then we will then go to Zoom for our last two panelists, Ken Westbrook of the Stop Scams Aliance and Ken Pala, a retired Director at MUFG Union Bank. So, Mr. Perello, whenever you are ready, the floor is yours.

Thank you. Good afternoon, Chairman and other Members of the Senate Banking and Financial Institutions Committee. Scams impact Californians of all ages. There's no question about it. Today I am here on behalf of the hundreds of thousands of older Californians who are begging all of us to do more and to do it urgently.

Elder victims of fraud cannot recover financially and emotionally like younger victims. And so the impact on elder victims is far greater. I can tell you with confidence, and we've heard a lot of national figures here today, that in 2023, California seniors lost over $1 billion to transnational criminal organizations.

$1.0 billion of life savings, retirement funds, college funds, money taken from California's economy. We're under attack and we're losing this fight. But I'm here today with an optimistic tone. I'm so grateful, Chairman, for your invitation and to be here for this call for action. The action plan for today broadly seems clear.

California has the most victims of elder fraud and the highest amount of losses. This is the most prevalent crime impacting our citizens here in California. California should be leading this fight. The bold goal of this initiative should be to end scams, period. I'm a career elder abuse prosecutor from the San Diego District Attorney's Office.

Under the leadership of our elected District Attorney, Summer Steffen, and in partnership with our local San Diego FBI office, I've been working on law enforcement's cutting edge. The tip of the spear in our nation's fight against elder fraud. The first of its kind. San Diego Elder Justice Task Force, or ejtf. Our mission is simple.

For too long, all of us, all of us, have been failing to protect consumers, especially older ones. When these crime victims lose their life savings and they call for help, they are told repeatedly, I'm sorry, there's nothing that we can do. I know in this chamber, people have family Members who have suffered this humiliation.

Well, in San Diego, we decided that we were going to roll up our sleeves and find a better answer. We were going to find out what we could do, and we've taken great strides. The first thing that we learned was not all the bad guys are overseas and they're not all high tech.

There are thousands of criminal actors Here in California and throughout the United States that law enforcement can investigate, put handcuffs on and prosecute. The Elder Justice Task Force consists of dedicated investigators, prosecutors, detectives, special agents, analysts, social workers coming from the San Diego District Attorney's office, the FBI, Adult Protective Services, the U.S.

attorney's office, our local law enforcement agencies like San Diego Police Department and the San Diego Sheriff's Department, and our local fusion center, the Law Enforcement Coordination Center. The LECC plays a pivotal role as a clearinghouse for all of our local law enforcement agencies to submit their crime reports.

To help connect the dots in these investigations, we are disrupting the elder fraud and money laundering networks that are here operating in California and throughout the United States. We're tracking every dollar of reported fraud in our county.

We're investigating, arresting and prosecuting both locally at the District Attorney's office and then turning the larger scale investigations to the U.S. attorney's office in, in San Diego. And having successful prosecutions, we're recovering millions of dollars of fraudulent funds sent over wires.

Whether a criminal investigation is going on or not, we are the only county in the United States, to our knowledge, that is tracking each and every fraud report collected by local police, then coupling that with FBI's IC3 reports.

And then the big revelation we had several years ago was to get the Adult Protective Services referrals because often that's where your unreported cases are. Because APS is getting mandated reports from banks, the suspicious activity reports. By layering those three sources on top of each other, we are tallying the accurate amount of fraud for our county.

This active review of reports every day. In addition, our daily interaction with victims who have just fallen victim like Ms. Knox enables us to be in a leadership position because the power is in knowing what scam are the scammers using today. The scammers are very sophisticated and they change their strategies and tactics weekly and monthly.

And so doing prevention from information from a year ago is not going to help the victim that walks into the bank today. And so there's power in that information. When I started this work six years ago, I assumed like so many others that someone was in charge of this problem.

We had assumed that someone was working on these cases. Unfortunately, now that I'm in the inside, I see that I was wrong. The cavalry is not coming. We are working less than 1% of the intake. To give you an idea, despite our success in San Diego, the time to act is now.

The most prevalent scam impacting over 70% of our victims here in California is the exact scenario that Ms. Knox testified about. It starts with a pop up ad appearing to be from Microsoft. The person thinks their computer is hacked. Then they're convinced their banking information is compromised. After they agree to accept remote access software onto their device.

And then they are told to wire money to go put money into crypto or Bitcoin ATM machines with increasing frequency. They are told to package up large amounts of cash and gold and either ship that money or wait for a courier who is going to be sent to their front door of their residence.

The couriers are also coming from California. An overwhelming majority of our couriers are coming from the Los Angeles, San Gabriel Valley and Monterey Park area. Hundreds of these couriers are being dispatched from Los Angeles throughout the state. We are routinely arresting these couriers as they show up on the front doorstep of our elder victims in San Diego.

And when we start investigating them, we learn that the same couriers are showing up on ring doorbells in Ventura County, in Placer County, in Santa Barbara and Riverside. Statewide, coordination is needed. Counties throughout California are hearing about our Elder Justice Task Force and they want to duplicate it.

We're in regular communication with colleagues from around the state, from prosecutor's offices, law enforcement, nonprofits, advocates, adult protective services. They're desperate to duplicate what we've done, but they are struggling to take those first steps to get the resources needed.

It's time for California to seize on San Diego's momentum and become the national leader fighting fraud and actually bending the curve away from these year over year increases. We're not going to educate ourselves out of this problem, nor can we arrest and prosecute our way out of it.

The only way to really impact these scams is to focus upstream of the scam to prevent these bad guys from contacting our victims. However, the value in creating Elder Justice Task Force collaboratives throughout the state in different counties is it brings together a community within each of our counties. It's a meeting place, a forum for ideas.

Literally, it's a brainstorm. It's like a startup company. It's very dynamic and we're looking at the threats as they change every day and brainstorming on what we can do.

It provides a foundation in each of our community to take on any initiative, whether it's investigating and prosecuting people, whether it's targeting, outreach and education efforts, or partnering with banks and retailers. All of that comes from, from the Elder Justice Task Force community that everyone in the community, all the stakeholders will tap into.

Many people ask what they can do to start, how can they get started? I agree with the prior speakers, creating uniformity in reporting process and systems is essential. We're missing too many of the reports, which is why we came up with our intake system of coupling local law enforcement, IC3 and APS reports.

I'm happy to report in response to the prior discussion that actually what just launched this year out of the NCFTA in Pittsburgh is a National Elder Fraud Coordination center which is actually created by the former FBI supervisor that started our San Diego Elder Justice Task Force, the nefcc that brings together law enforcement, public and private partnership.

They're already partnered with aarp, Walmart, Amazon and Google and they're co locating with NCFTA in Pittsburgh. Because of the roots and because of the amount of victims and loss, there's no reason for us to recreate the wheel.

One idea is to bring some brick and mortar here to California as a base for the National Elder Fraud Coordination Center. Right at this moment, countless Californians are being scammed throughout the state right now. They received a pop up ad this morning or several weeks ago.

They're on the verge of having their entire being destroyed, frantically going from bank to bank terrorized like we heard Ms. Knox was doing. I couldn't be prouder to join all of you in this fight to protect them. Thank you.

Thank you Mr. Pirello. And your passion earned you a few extra minutes in your testimony and it was awesome. Thank you so very, very much for your testimony. We will now go to Ken Westbrook with Stop Scams Alliance.

Hello, my name is Ken Westbrook. My mom lived in Riverside County when she was scammed in 2023 with a tech support scam, the Microsoft pop up scam. Just like Ms. Knox happened. My mantu was told by the FBI, I'm sorry, there's nothing we can do.

So that's what led me to create the Stop Scams alliance, which is a nonprofit dedicated to stemming the absolute tsunami of scams that are afflicting American consumers. My perspective is that of a longtime analyst of national security issues and a specialist in information technology and information management.

I served for 33 years as an analyst and Executive at the Central Intelligence Agency. Later on I was on the adjunct faculty of Georgetown University. And I'd like to speak to you today about prevention, how to stop scams as far upstream as possible before they hit the consumer, before they hit the bank.

The Federal Government in my view, is not yet focused on prevention. So California has the opportunity to lead the nation. Observation 1 Let me just start off with setting the stage of where these, if you're going to stop scams at the source. You have to know where they're coming from.

In number one, in recent years, there's been a steep rise in scams by transnational criminal gangs. The skyrocketing growth of scams is a danger to US Society and is increasingly a national security threat. Number two, the number of victims is absolutely staggering.

Stop Scams alliance sponsored a poll with Gallup which revealed that 21 million Americans were scammed in the past year. That's roughly the population of Florida or the population of New York State, or about half the population of California. In other words, more than 57,000 people are being scammed each day in this country.

Number three, the losses to our country are absolutely staggering. We heard earlier in this hearing figures of 1 billion, 2 billion, 10 billion. But that does not account for the underreported losses the FTC has done. Now, two reports where they adjust for underreporting, and what they come up with is the total of $158 billion.

158-billion, according to the FTC. And at the individual level, of course, too many people are losing their life savings, their homes, or even their lives to suicide. Number four, the perpetrators are mainly transnational crime gangs. I do accept Scott Perillo's point that there are many mules here which should be rounded off and sent to prison.

But the kingpins are largely overseas and the United States. It's no exaggeration to say we are under attack. We. When scammers in Southeast Asia begin their work each day, they are led in a chant by a Chinese crime Boss. And the chant goes like this. Cripple the economies of the US And Europe.

That's according to a former scammer who escaped from one of the compounds and who was interviewed by the Economist magazine. The FBI points to many countries that are harboring scam compounds. We heard earlier from Mr. Bradstreet about Myanmar and Southeast Asia.

But the problem is the scam model is so lucrative, it's now spreading around the world like cancer. Compounds are now being found in the Middle East, in Africa, South America. Call centers are in India, Nigeria, Ivory Coast, the Philippines and other countries, according to the FBI.

So it's increasingly harder for us to find the bad guys and arrest them. Number five, the attacks are escalating. The dollars stolen from our citizens are being used by overseas criminals to fuel more and more ever more sophisticated cyber attacks on our country. And the growing use of AI is going to make it a lot worse.

It's going to turbocharge the scams Number six. The attacks are mostly cyber enabled. The tools used by modern day scammers include spoofed emails, spoof texts, spoof phone calls, malicious websites, fake investment websites, malicious ads, pop ups, and remote access software like Cause, the tech support scam that targets seniors like my mom and Ms. Knox.

So how do we fight back? What do we do about a transnational crime threat that is mainly cyber enabled? Traditionally, we have thought in terms of increasing education of consumers and increasing law enforcement. Both of these approaches are good and we definitely should do more of both.

But every expert I've spoken to agrees that these approaches are not sufficient. So we talked about a little bit about information sharing. Let me tell you how to approach that. Perhaps the criminals collaborate by sharing information, so we must pool our information to combat them. Here's a specific proposal.

It would be a game changer if financial institutions in the US were able to report fraud to a central repository accessible by law enforcement authorities and financial institutions. This approach would provide much more complete information than our current process of relying on reports from victims who may be confused about where to report.

And it's no wonder why, because there's so many places to report. The repository could contain details such as IP addresses, device information, sender receiver information, amounts, et cetera. And this type of reporting would capture much more fraud than the current SARS system, which is limited to fraud, amounts over $5,000 and requires a known subject to be known.

Such a repository would provide near real time insights on trends which would allow us to more quickly follow up and squash them. Nine countries, by the way, now have national anti scam centers that centralize information and they are finding great benefit in this. The US unfortunately is not one of these countries yet.

We must also emphasize prevention of scams at the source. Scams start far upstream in the fraud cycle and as Benjamin Franklin famously said, an ounce of prevention is worth a pound of cure. What does scam prevention actually look like? Let's look at Australia scams. In Australia.

The Australian government reports that scam losses had declined 13% between 2022 and 2023, in contrast to an ever escalating rate in the United States. So what are they doing to make the difference? Number one is they block malicious URLs at scale. @ the government level, the Australian government says the quick removal.

This is a quote now the quick removal of harmful websites is one of the most effective ways to stop financial criminals from harming Australians. Both the Australian and British government take down malicious websites at scale.

Australia has taken down over 10,000 in the last year and a half, the British GCHQ, which is the equivalent of our NSA, has shut down hundreds of thousands of malicious websites since 2020. Our process in the US pales in comparison because we're doing it piecemeal.

Onesie twosie the Australians also block fake investment websites like the ones that the Secret Service agent showed you early on the fake bitcoin website.

Well, Australia has seen a 35% decrease in investment scams between 2023 and 2024 because they empowered their version of the SEC, which is called the Australian securities and Investment Commission, to remove the fake investment websites. They removed 20 a day. They remove.

They've removed over 7,000 so far and that's caused a significant decline in investment scams in Australia. They also Australia stops fake financial ads. Australia and other countries also have teamed up with Google and Meta to authenticate financial ads.

To place a financial ad in Australia or the Uk, Google and Meta require the advertiser to be on a government sponsored allow list, which makes it really hard for a bad guy to place a fake financial ad.

And Google as a result has said that there's been a pronounced decline in reports of ads promoting financial scams in those countries. Also Australia and 18 other countries, by the way, block international calls that spoof a domestic number. So this is a call purportedly from India that's pretending to be calling from Los Angeles or Seattle.

In Australia, that call would be blocked. So to summarize, other countries are bending the curve by using cybersecurity principles like authentication, like block lists, like allow lists to help keep their population safe. So what could California do to emulate the success of Australia?

Number one, I would suggest to you that you could develop a comprehensive strategy to stop scams at the source and appoint someone to lead it. Number two, measuring the extent of fraud in surveys and information reported from financial institutions would provide much better data than the victim self reporting that we now rely on because.

Because good policy requires good data. Number three, we've heard about centralizing fraud reporting and that is critical. Victims should be able to easily report a scam in progress or that they have been scammed and it is not easy today. Number four, increased sharing of data on scams within California with other states and also with the Federal Government.

I would note that many states share information on scams that they collect with the ftc. California is not one of them. California's AG does not provide information to the ftc. Also, our laws need to encourage sharing of information rather than discouraging it as they do today.

Number five, I would suggest that you could work with tech and telecom companies and federal regulatory bodies to block fraudulent investment websites, fraudulent financial ads, malicious ads, spoo phone calls and text messages. We have the technology. We just need the will.

Number six, mount a focused government industry effort to combat the tech support scam that we heard from Ms. Knox a few minutes ago. These scams are cyber enabled and they can be defeated with American technology. In fact, Microsoft, as was earlier mentioned, now has a capability in their Edge browser to do so.

What if American technology were to engage to increase that, we would be able to turn the tide. And number seven, I think we need to boost law enforcement resources, enhance statewide education campaigns and boost victim support services.

The good news here, I think, is that California and the United States can turn the tide by prioritizing this new national security threat and partnering with industry to take targeted actions to stop scams at the source. Thank you for the opportunity to speak with you today.

Thank you so much, Mr. Westbrook, especially for your thorough testimony. I think you answered almost all my questions in your testimony right off the bat, so I really appreciate your testimony. And we will go to the final panelist, Ken Pallott with retired Union bank Director and you are up and ready to go.

You can hear me now?

Okay, so my name is Ken Paula. I am a Californian. From 2005-2019 I managed online security for MUFG Union Bank. Since then I'm consulting for banks and fraud control vendors and writing an online bank fraud and consumer financial scams around the world.

We can't hear you.

Yes.

Consumer scam losses in the United States are estimated by the FTC at well over 150 billion per year. This creates a banking safety and soundness issue. This is true because most of this money is taken from bank accounts and. Delivered to scammers via the bank payment.

Rails, Bank Credit unions and Fintechs have a role to play in helping to reduce consumer financial scams. Yes, so do telcos and digital platforms where most scams begin. But I believe the banks should start by leading the way to add controls to help reduce consumer scams. So what is the bank action plan?

What is it that the banks can do? The first step is for banks to take a 90 day period and track. Their customer scam losses. We've heard several people talk about getting the facts. This is one way to do it for banks.

This will help frame the problem for the bank and validate the severity of scam losses its customers are experiencing. Next is to get Executive support to create a scam prevention strategy. I have a graphic that portrays what a bank scam prevention strategy could look like and it's part of the attachments that you have.

In this graphic I use the concept of boom. Left of boom and right of boom. Boom is when the victim sends the money to the scammer. Left of boom is what can be done to prevent money movement. And right of boom is what happens after the money has been sent to the scammer.

So let's start with the left of boom first. As I mentioned, banks should take at least 90 days and track their customer scam losses. Tracking scams will be an ongoing activity for banks. Next, create a scam prevention strategy. Use the bank's scam statistics to generate support at the bank Executive level to proceed with the scam strategy.

The scam strategy should cover what you see on the chart. One of the next steps is to educate the bank staff on how to interact with scam victims. The education must cover the psychological influence of the scammer on the victim. The bank needs an effective customer education program. As the next item, the education needs.

To take into account the psychological aspect of of these schemes. Next is the implementation of Scan controls. There are a number of good and effective scam controls that have been rolled out in the UK, Australia, Singapore and also to some degree in the United States.

Some examples are confirmation of payee behavioral biometrics is the customer phone in session and transaction anomaly detection. Another set of controls is around money. Mule account detection and mitigation and account opening controls. Eradicating money mules is essential to stopping these scams. Next, let's talk about the boom. The customer does the transaction.

An online transaction may be executed by the customer or the customer walks into the branch requesting a wire or cash withdrawal. The online transaction should offer a real time warning to the customer about a suspicious transaction.

If the customer ignores the warning then the fraud team may be alerted and must contact the customer or the teller, maybe with the help from the fraud team needs to talk with the customer on the right of boom. The bank needs to attempt to recover the funds from another bank.

The bank should also advise the customer to report the loss to the police. The Federal Trade Commission and the FBI's IC3 reporting system. What I'll walk you through is a basic scam prevention strategy with the minimum activities for this strategy. What are other countries doing?

We can look to three countries, the UK, Australia and Singapore to see how government regulation is leading the way to help stop scams. First in the UK, the UK has mandated that banks have scam strategies, scam. Controls, money mule controls and in October. Of 2024 mandatory scam reimbursement.

UK scam losses had an 11% drop in the first six months of 2024 as compared with the same period in 2023. And you can see the attached timeline for the events that created the UK plan and that's in Appendix one. Australia just passed the Scam Prevention Framework.

Legislation that requires banks, Telcos and digital platforms to have scam controls and if. Not meeting the regulation and be liable for severe financial penalties and possible consumer scam reimbursement. There are also voluntary scam control codes for banks, Telcos and digital platforms and the government set up the National Anti Scam Center in 2023.

In 2023 the combined scam losses reported. Were 2.74 billion, a 13% decrease in. Loss from 2022 and preliminary 2024 numbers. Science scam losses continue to drop. You can see the timeline of events that created the Australian plan in Appendix 2.

Singapore has focused on scam controls for banks plus requires banks and telcos to work to eliminate phishing attacks. Reimbursement by banks and telcos may be. Applicable in the case of phishing losses under the Shared Responsibility Framework Legislation Closing.

In closing, this is a banking safety and soundness issue and banks need to voluntarily take action to help prevent scams or be regulated by the government. To do so, I would like to see the Consumer Financial Protection Bureau or the Federal Financial Institution Examination Council, the. FFIEC introduce online security guidance similar to.

What I have presented today along with the ability to share fraud and scam data. As many of the participants today have mentioned, this guidance could be similar to the FFIEC online security guidance of 2005 and 2011 of which I have attached references without regulation. I hope bank, Credit Union and FinTech CEOs see this need for a scam.

Prevention strategy and lead the change themselves to protect their customers. Much of what I presented today comes from a white paper I wrote for the Global Anti Scam alliance last month and I also add that as a reference for your further reading. And I want to thank you very much for allowing me to present today.

It was our honor to have you present Mr. Paula and would like to go to Committee for a question. Yes, Senator Vice Chair Niello, thank you.

Not a question statement. A lot of the testimony has been with regard to elder abuse.

I know this is going to come as a shock to everybody here but I am an elder but I suspect that if everybody in experiencing a pop up ad or trolling on the Internet or receiving a text or a phone call, if everybody were to practice two simple rules wouldn't be perfect but I suspect we would cut down on the need for enforcement tremendously.

And that is suspect everything and trust nothing. I get email messages from my investment firm to check on something and they give me a link. It's perfectly legitimate. I don't even use that. I go back to the Internet, I call up the website.

But if, and I don't know how we get there but if everybody were to practice suspect everything and trust nothing, I suspect there'd be a lot less abuse that you would have to follow up on. And I will apologize. I arrived late and I'm gonna, I have a meeting at 3:30 so I, I have to take off.

Thank you very much.

Can I, can I share a quick anecdote? It may be helpful and I, I think that's, it's good feedback and it makes sense logically. You may but I, I had a partner on my team when I worked at a different company who trained fraud investigator, analyst, lived and breathed this stuff on a daily basis.

They received the call indicating that their son had been involved in a law enforcement action of some sort. I can't Remember traffic accident or something. And it quickly pivoted to you need to come and then you need to send us this money to get your son or daughter out of trouble.

It's like, I think there, there's, there's definitely an education aspect to this that we should support and figure out what it is. I just want to make sure people understand that, like there are folks who I've worked with and I, I think like Ms. Knox as well, who fall victim to these things.

It's not just a common sense like, like I, I don't trust things on the Internet because we live on the Internet. We, we, we are actively involved in communications, what, whatever it is. And so, yeah, I just want to make it clear it's, it's more than that.

And, and I think that we want to make sure that that's understood is that, yes, education, key pillar, whatever we can do to do that and drive home that message of you shouldn't be trusting these crazy things you're getting.

But these schemes are emotionally and otherwise sophisticated enough that they trick people who are trained practitioners operating in this space. So I just want to share that.

I appreciate your, I appreciate your response on that. Senator Niello, Vice Chair.

Yeah, there are a few people in the world more clever than criminals. Unfortunately, that's one thing that is very difficult to practice. What I said, I have a loved one and you need to come down here, you need to give me money. A family should have a code word.

And you say to that person, ask my grandson or whoever it is what the code word is. And if you don't get the code word, you hang up the phone. So there's little things that can be done that can cut down on this significantly and agree in that education, but it's not perfect. Nothing is perfect.

There's still going to be violations, but with some simple ways practices, we can cut down on your workload quite a bit.

Thank you, Vice Chair, for your insight on that. And I do want to, if I may take just one more minute before we close everything out here, Mr. Perillo. And by the way, Mr. Westbrook, you gave, you concluded with a seven item list on what, what can be done. I really appreciate that.

So feel free to weigh in if you feel you need to. But Mr.

Perello, in, in that enforcement that you, you spoke about trying to solve the scam epidemic that we're facing and you've worked on these cases, are there some, any policies or laws of the State of California specific that you feel need to be changed in order to Drive better policy outcomes because we really know that the best outcome is prevention.

And not that I want to put you out of business, but I don't think we have that problem. You're going to be here for a while. What can we do to become more preventative oriented?

The foremost idea is resources. That's the problem we're facing. Even our incredible team of hardworking people on our task force, a majority of them are working on the task force as a collateral responsibility.

I would proffer that there is not a single person in law enforcement anywhere in the country, believe it or not, that is working on this issue full time. And so just within local jurisdictions, if the State of California can contribute, we need funding for dedicated investigators, analysts through the Department of Social Services.

We need adult protective services workers they're scrapping with in their spare time to try to dedicate themselves to this without having dedicated people working on this cause. Despite, like I said, it's the most prevalent crime impacting all of us. Yet there are no dedicated resources.

And I appreciate that. And I also appreciate, Mr. Westbrook, your testimony and how you brought this real to more than just the loss of money, but in some cases actually suicide and the loss of life. So when you described it as being attacked, we truly are under attack. And this is a very real epidemic.

So I do want to thank all the panelists who have provided testimony today. It's been very enriching and has really lit aspiration up even more to go after it harder. We will now turn to public comment. If there is anyone that wants to offer public comment, please come forward. We will limit public comment to 1 minute each.

I have the first taker. Please state your name and one minute for comment.

Thank you. Senator Grayson, Carol Sewell from the California Elder Justice Coalition.

I just wanted to point out quickly that the comments that Vice Chair Niello just made actually are very common and lead to victim blaming, which is one of the reasons that people don't report and one of the reasons that so many people fall into such dire circumstances. There are no services for these victims.

There are things for younger adults. There are things for teenagers. There's nothing to help an older adult pick up and rebuild their life. That's why we specifically focus on this population. The dollar amounts that they possess, their vulnerability, great amounts of isolation.

And we can't forget the demographics that in the next 20 years that population will double, which means that this crime will double unless we can stop it. So thank you.

Thank you very much for your comment. Any other public comment seeing none for those who have more extensive feedback, please be sure to get contact information from the Committee consultant after the hearing.

Our office really does want to hear from you, and we are happy to accept your written comments or to schedule time to meet with you as well. Having said that, it appears that we have finished our informational hearing, so the Banking and Financial Institutions informational hearing is finished and now adjourned. Thank you.

Thank you.