In 2010, identity theft and fraud claimed fewer victims than in any other period since Javelin began conducting surveys in 2003; At $37 billion, identity fraud decreased sharply in 2010, after increasing for two years.
Approximately 8.1 million Americans, or 3.5% of the total U.S. population, learned that they were victims of identity fraud in 2010.
Average (mean) consumer costs in 2010 were at $631, their highest level since 2007
The average time to resolve identity fraud in 2010 rose to 33 hours, up 12 hours from 2009
Resolution times are now at their highest point since 2005 when they were at 40 hours.
New account fraud is now responsible for almost half of the total dollar amount lost to identity fraud (46% in 2010 vs. only 38% in 2009).
New account fraud on average takes longer to detect and results in higher mean consumer costs than other types of fraud.
About half of identity frauds are detected by consumers, and half are detected by third parties (45% vs. 55%).
Currently, 46 states require companies to notify you if a breach of security occurs at their place of business and your personal information has been placed at risk. Each year, many consumers receive “breach notification” letters; in 2010, 7% of U.S. consumers received these notifications.
In 2010, 14% of all identity fraud crimes were committed by someone known to the victim.
In 2010, Javelin surveyed 5,004 adults and found that among the 470 fraud victims, 29% reported having their SSN stolen.
Notification by financial institutions and credit card issuers was an especially prevalent and successful detection method in 2010; 35% of victims reported that their bank or card provider notified them of fraud on their accounts.
Financial institutions continue to lead in detecting and informing fraud victims, effectively monitoring accounts on the back end and quickly alerting customers when they detect suspicious activity.
45% of identity frauds are discovered by consumers and 55% are detected by third parties.
A civil suit was filed 5%
A conviction was made 7%
A prosecution was made 7%
An arrest was made 11%
A police report was filed 38%
No legal actions were taken 57%
Hacking accounted for the largest number of ID theft breaches in 2011 year-to-date. Almost 37% of breaches between January 1st and April 5th were due to malicious attacks on computer systems. This is more than double the amount of targeted attacks reflected in 2010, 17.1%.
An estimated 11.7 million persons, representing 5% of persons age 16 or older in the United States, experienced at least one attempted or successful incident of identity theft during a within 2-year period.
Unauthorized use or attempted use of an existing credit card account, the most prevalent type of identity theft, was experienced by about 6.2 million victims (53% of all victims).
Although the total financial cost of identity theft was nearly $17.3 billion over a 2-year period, less than a quarter (23%) of victims suffered an out-of-pocket financial loss from the victimization.
About 42% of victims spent one day or less resolving any financial or credit problems related to the identity theft.
Two in 10 victims of identity theft rated the experience as severely distressing.
Approximately 7.9 million households, about 6.6% of all households in the United States, discovered that at least one member had been a victim of identity theft.
Number of households with at least one member who experienced one or more types of identity theft increased 23% from 2005.
Over 30% of households victimized by identity theft reported that the perpetrator obtained $500 or more in money, goods, or services from the theft.
Last year, 8.1 million adults were hit by identity theft.
The average victim spent $631 and 33 hours to clear up his/her financial life. The biggest targets: those ages 25 to 34, who experienced the highest rate of identity theft.
When asked about password protecting their mobile devices:
• 44 percent who do not lock their mobile devices said that using a password is “too cumbersome”
• 30 percent who do not lock their mobile devices said they “are not worried about the risk”
• 50 percent of respondents use banking, financial or stock trading apps on their smartphones or tablets
• 35 percent have applications connected to online shopping or auction accounts
• 77 percent said they use social networking applications such as Facebook or LinkedIn
• 97 percent reported that they have email applications running on their mobile device
• Only 33 percent said they make a point of logging into an application every time they use it
• Two thirds said they try to leave applications perpetually logged in unless they are required by the application to log in every time
People surveyed overwhelmingly reported frustration when it comes to typing usernames and passwords on the soft keyboards of smartphones and tablets:
• More than 30 percent reported that they “often forget or mistype on the small keyboards”
• Nearly 60 percent of respondents stated that they “wish there was an easier form of authentication for mobile applications”
3/4 of victims do not know the source of the crime. Those who do, the breakdown is:
• computer-related identity crime (21.6%).
• Lost/stolen wallet, checkbook or credit card accounts for 15.1%
• Corrupt businesses or employees also at (11.6%)
• And breaches of consumer data accounted for 4.7% of the cases
WHO IS BEHIND DATA BREACHES?
Driven largely by organized groups, the majority of breaches and almost all data stolen (98%) in 2009 was still the work of criminals outside the victim organization.
• 70% resulted from external agents
• 48% were caused by insiders
• 11% implicated business partners
• 27% involved multiple parties
HOW DO BREACHES OCCUR?
Misuse sits atop the list of threat actions leading to breaches.
Hacking and Malware ranked #2 and #3 and were responsible for over 95% of all data comprised.
Cases involving the use of social tactics more than doubled and physical attacks like theft, tampering, and surveillance ticked up several notches.
• 48% involved privilege misuse
• 40% resulted from hacking
• 38% utilized malware
• 28% employed social tactics
• 15% comprised physical attacks
• 98% of all data breached came from servers
• 85% of attacks were not considered highly difficult
• 61% were discovered by a third party
• 86% of victims had evidence of the breach in their log files
• 96% of breaches were avoidable through simple or intermediate controls
The US Federal Trade Commission received 250,854 complaints about identity theft during 2010
The Commission’s identity theft statistics show that Florida had the highest per capita rate of reported ID theft, with Arizona and California following close behind.
Other major issues in the 1.34 million complaints received by the Commission last year include debt collection scams, fraudulent data collection and “imposter scams”.
Women were 26 percent more likely to be victims of identity fraud than men in 2008.
Credit and debit card fraud is the No. 1 fear of Americans in the midst of the global financial crisis. Concern about fraud supersedes that of terrorism, computer and health viruses and personal safety.
South Dakota has the fewest identity theft complaints per 100,000 people in the nationNorth Dakota (35.7), Iowa (44.9), Montana (46.5) and Wyoming (46.9) rounded out the bottom five.
Brownsville-Harlingen, Texas, is the metropolitan area with the largest number of ID theft complaints per 100,000 people
One-third of health care organizations, including physician practices, insurers and pharmacies, have reported catching a patient using the identity of someone else to obtain services. Fourteen percent said the breach occurred at a health care office, and 10% said employees at a health care organization’s office had stolen the data.
Sources: http://www.unisyssecurityindex.com/ , http://www.ftc.gov/