News, Developments, and Insights

high-tech technology background with eyes on computer display

Identity Theft

study by Javelin Strategy & Research finds that identity theft declined by 11.5% in 2006:

According to the study, 8.4 million adult Americans, or one in 27, learned last year that criminals committed fraud with personal data such as credit card or Social Security numbers. That’s down from 8.9 million in 2005 and 10.1 million in 2003.

Adults under 25, African-Americans, and people who make more than $150,000 were among the groups most likely to suffer fraud, the study said. The youngest adults were also among the least likely to take steps to stop it, the study said.

Consumers on average spent $535 to clear up a fraud, though more than half spent nothing, the study said. Many businesses excuse customers from liability for certain frauds.

Results were based on a phone survey last fall of 5,006 people, including 469 who said they were fraud victims.

The survey was sponsored by Wells Fargo & Co., the fifth-largest U.S. bank; Visa, the credit card association; and CheckFree Corp., which makes bill paying software.

What is probably intended by the study is to stave off legislatures from calling for greater regulation of the identity theft problem. After all, the problem is declining. Self-regulation must be working. Or is it?

Chris Hoofnagle (senior staff attorney, Samuelson Clinic at Berkeley Law School) disputes the study:

2007 brings another identity theft survey from Javelin Strategy. As usual, it strives to conclude that identity theft is on the decline and that most identity theft is the result of information being stolen from the victim. Both conclusions are dead wrong. Why?

Javelin’s study doesn’t detect “synthetic identity fraud.” Public polling on identity theft completely misses the biggest modern fraud issue–synthetic identity theft. In synthetic cases, the impostor creates an entirely new identity using information from many different victims. Since this synthetic identity is based on some real information, and sometimes upon artfully created credit histories, it can be used to apply for new credit accounts. This harms consumers because it creates subfiles at the CRAs, and the real owner of the SSN is sometimes targeted by collections efforts. . . .

According to ID Analytics, in 2003, 88% of fraudulent new accounts were opened with synthetic identities. In addition, 73% of dollar losses were due to synthetic theft, with only 26% being attributed to traditional, true name identity theft. These frauds go completely unmeasured by public polling, but cost the consumers and the economy billions in higher fees.

Moreover, Javelin’s study attributes most identity theft to people connected to the victim. But Hoofnagle writes:

Javelin’s conclusions on how identity theft occurs (through connections to the victim) contradicts all the existing literature, which attributes the problem largely to insiders. . . .

In a study of 1,037 verified instances of identity theft, Collins and Hoffman found that 47% of impostors stole information from individuals by stealing mail and trash, purse snatching, and stealing information from friends and relatives. 51% of impostors obtained information by stealing it from businesses.

Originally Posted at Concurring Opinions

* * * *

This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics. Professor Solove also posts at his blog at LinkedIn. His blog has more than 1 million followers.

Professor Solove is the organizer, along with Paul Schwartz, of the Privacy + Security Forum and International Privacy + Security Forum, annual events designed for seasoned professionals.

If you are interested in privacy and data security issues, there are many great ways Professor Solove can help you stay informed:
LinkedIn Influencer blog

TeachPrivacy Ad Privacy Training Security Training 01