BILL ANALYSIS

 

 

                                                                                                                                           H.B. 1098

                                                                                                                                          By: McCall

                                                                                                                           Regulated Industries

                                                                                                           Committee Report (Amended)

 

BACKGROUND AND PURPOSE

 

Phishing is a form of online identity theft that uses "spoofed" emails designed to lure recipients to visit fraudulent websites that try to induce users to give over personal identifying and financial information such as credit card numbers, social security numbers, bank account numbers, and passwords.

 

Phishing attacks have reached 57 million Americans and are able to convince up to 5% of recipients to respond to these emails.  Phishing is one of the fastest growing classes of internet-related identity theft scams and causes short-term and long-term damage to both individuals and financial institutions. These scams cost consumers and businesses up to $2 billion just last year alone.

 

H.B. 1098 attempts to address this situation by creating an express offense which prohibits the solicitation of an individual’s identifying information via a web page, domain name, or e-mail by  persons representing they are an online business who have not been approved to do so by the business they are representing.  H.B. 1098 also establishes both civil and criminal penalties.

 

RULEMAKING AUTHORITY

 

It is the committee's opinion that this bill does not expressly grant any additional rulemaking authority to a state officer, department, agency, or institution.

 

ANALYSIS

 

H.B. 1098 amends Title 4 of the Business and Commerce Code by creating Chapter 48: Internet Fraud.  This bill prohibits the creation or usage of a web page or domain name that represents itself as a legitimate online business, without the express consent of the owner, in order to induce another to provide personal identifying information.

 

H.B. 1098 prohibits the transmission of email that falsely represents itself as being sent by a legitimate business, refers the recipient to a website that represents itself as a legitimate business, and induces the recipient to provide personal identifying information.

 

This bill creates a civil cause of action against an offender and allows an internet service provider and an owner of a web page or trademark to recover damages.  In addition, H.B. 1098 gives the Attorney General a right of action to recover civil penalties.  Injunctive relief may also be sought.

 

H.B. 1098 also creates a criminal penalty for an offense committed under this section.

 

EFFECTIVE DATE

 

This Act is effective September 1, 2005.

 

EXPLANATION OF AMENDMENTS

 

Committee Amendment Number 1 reduces the amount of the civil fine for multiple violations from $500,000 to $100,000.