Washington (CNN) -- A key Senate chairman says Congress needs to pass legislation to protect customers from unauthorized third-party charges on their phone bills because the telephone industry has failed to prevent the practice.

Sen. Jay Rockefeller, D-West Virginia, said a one-year study by the Commerce, Science and Transportation Committee shows about $2 billion a year in "mystery fees" show up on the landline phone bills of Americans, a problem known as cramming.

In a Wednesday hearing, Rockefeller asked an industry representative why major companies like AT&T haven't stopped unauthorized third-party charges from going onto their customers' phone bills.

"It's illegal, it's wrong, it's scamming," Rockefeller said. "Why haven't you cleaned up your act?"

"The industry has taken significant steps," replied Walter McCormick, president and CEO of the U.S. Telecom Association. "Even the report that you issued today indicates that there has been improvement, but it remains a very, very significant, very pervasive problem."

Phone companies such as AT&T, Verizon and Qwest do not have a process to determine if the charges were authorized by their customers.

The third-party billing system was a result of the AT&T divestiture when the FCC required companies to bill and collect for companies that provided long-distance or specialized services, McCormick said. It's no longer legally required, but many people like the single invoice system, he said.

The Commerce Committee's report says phone companies receive a small fee -- often just a dollar or two -- for allowing charges from third-party vendors to appear on their bills. But due to the large number of customers the charges eventually add up.

AT&T, Verizon and Qwest made $650 million during the past five years, according to the report.

The state of Illinois has brought a number of lawsuits to fight cramming. Attorney General Lisa Madigan told the panel people are unaware their phone numbers can be charged almost like a credit card and her investigations indicate customers are not even getting services in return.

"My office has yet to see a legitimate third-party charge on a bill," said Madigan, who added most customers don't detect the charges on their bills.

When third-party vendors are contacted they claim the charges were authorized by customers and they often say they have audio recordings of the customer giving the OK, Madigan said.

However, when her office obtained audio recordings, the voices turned out not to belong to the consumers who were billed, she said. She called for federal and state laws banning the billing practice.

A Georgia woman who handles accounts for 32 quick-service restaurants told the committee about her personal experience involving cramming.

Susan Eppley said she found noticeable differences in the AT&T bills for the various restaurants and that she called AT&T. According to Eppley, an AT&T representative explained the charges were from third-party vendors and that "customers were responsible for blocking such third-party charges."

Eppley said she called the third-party company and was told Eppley's company had OK'd the charges and there was an audio recording to back that up. Eppley asked to hear it but the company never provided the audio recording.

Ultimately, the company refunded all the money it had charged the restaurants.

Eppley said she spent about 15 hours resolving the issues and also setting up blocks on accounts to prevent future cramming. She said she was particularly upset the bonuses of restaurant employees could be adversely affected if their stores did not meet their financial targets.

Rockefeller praised Eppley, calling her a bulldog for her determined efforts.

David Spofford, founder of a communications expense management company in Virginia called Xigo, also testified before the committee.

A review of three years' worth of bills for about 200 clients showed 40,000 instances of cramming, Spofford said.

The average charge was $18 a month, he said. Many businesses would not expend the manpower necessary to find the unauthorized charges and stop them, he said.

His company has identified several major third-party billing consolidators, Spofford said, but they bill under about 600 names, which he theorized was a method to avoid detection.

According to Spofford, the descriptions for the services include voicemail, directory services and web hosting. He said in 99% of the cases the services had not been authorized and the customers were not receiving the services.

Sen. Claire McCaskill, D-Missouri, expressed shock companies were able to bill to a phone number without proving they have authorization from the account holder.

McCaskill said phone companies should follow the example of credit card companies and add identifying PIN numbers to all customer accounts.

McCormick, the industry representative, said he would discuss the PIN idea with members of his association.