Computer Crime Research Center


Most ID theft begins at home

Date: January 30, 2005
By: Al Swanson

WASHINGTON -- It's a frightening prospect: Cyber hackers roaming the World Wide Web collecting credit card numbers and personal financial information of total strangers -- but it turns out most identity theft begins closer to home.

More than 9.3 million people were victimized by identity theft last year -- one in every 23 consumers -- and surprisingly the 2005 Identity Fraud Survey released by the Better Business Bureau found half of identity thieves caught in 2004 were family members, friends, in-home employees or neighbors of their victims.

A lost or purloined purse or wallet, stolen or discarded mail was far more likely to provide the information used to steal someone's identity than Internet fraud.

"Our numbers show that fear about online identity fraud may be out of proportion to the relative risk, causing consumers to ignore the most glaring issues," said James Van Dyke, founder and principal analyst of Javelin Strategy &Research, which conducted the study. "Indeed, most instances of identity fraud occur through traditional channels and are paper-based not Internet-based."

The San Francisco-based financial services and market-research firm conducted telephone interviews with 4,000 consumers for the 2005 survey. About 500 had been victims of identity theft.

Among the findings:

Consumers who access accounts online can detect identity theft earlier than people who rely on monthly paper credit card and bank statements. They also reduce access to personal information on paper bills, which can be used to obtain credit card information and account numbers.

Average losses of victims of identity theft who discovered the crime by monitoring online accounts was $551 compared to an average loss of $4,543 for ID theft detected from paper statements.

The most frequent source of information used to commit fraud was a lost or stolen wallet or checkbook. Computer crimes were 11.6 percent of all known cases of identity fraud. Half of those were from spyware, surreptitiously installed software that monitors keystrokes on a computer that can be transmitted in something as innocent as pop-up ads.

Consumers should install virus and firewall protection software to combat spyware but must keep the software up to date to fend off ever-changing modes of attack.

Consumers also should not respond to "phishing" -- bogus e-mail messages that request personal data -- direct people to bogus Web sites or install spyware downloads at the click of a mouse.

Losses from identity theft actually appear to be leveling off.

The survey estimated identity theft cost $52.6 billion last year, a median of $750 for each reported case of identity fraud. Losses were estimated at $51.4 billion in 2003.

More than 9 million people were victimized in 2004 compared to 10.1 million estimated by the Federal Trade Commission in 2003, and time is money.

Victims who noticed something amiss and alerted banks and credit card companies of possible fraud quickly experienced the smallest losses. The average time to clean up personal records after an ID-fraud crime dropped from 33 hours in 2003 to 28 hours in 2004. Unreported cases of identity theft where thieves obtain credit or sell property using someone else's identity take much longer to resolve.

People aged 25-34 were more likely to be victimized by thieves creating new accounts or taking out loans under their names. New-account fraud also was the costliest crime with an average loss of $12,646 compared to $5,803 for existing credit card account fraud.

The ID thief knew the victim in 15 percent of new-account fraud, but most victims of identity theft never find out who took their good name.

Employees stole information used in identity theft in nearly 9 percent of cases. Stolen mail provided the information in 8 percent of cases, spyware 5 percent, 2.6 percent from trash, 2.2 percent from computer viruses and 1.7 percent from "phishing."

The mean loss from cyber thieves obtaining information by posing as legitimate businesses was $2,320, but the mean loss from identity theft by untrustworthy family members or friends was $15,607, the survey found.

"I was surprised that with all the emphasis on the scariness and mystery of the Internet, it diverted attention away from the primary causes of identity theft," Ken Hunter, president and chief executive officer of the Better Business Bureau, told the Chicago Sun-Times. "We feel comfortable in our homes and leave things lying around. We shouldn't do that."

The BBB says consumers can reduce the threat of identity theft by preventing access to personal information.

-- Shred paperwork, statements, credit reports and even those credit card offers that come in the mail, and don't carry your Social Security Card in a wallet or purse or give out the number over the telephone.

-- Use online banking to replace paper checks, statements and bills.

-- Sign up for automatic deposit.

-- Get your mail promptly and mail bills with checks at the post office.

-- Keep passwords secret and change them frequently.

-- Wipe sensitive data off a hard drive before discarding an old computer.

-- Ignore e-mail messages with Internet links and type the full address.

-- Review bank and credit card statements frequently to detect unauthorized activity.

-- Contact financial providers if you don't get a timely statement.

-- Use e-mail-based account alerts to monitor transfers, payments, low balances and withdrawals.

-- Review your credit report at least once a year through Equifax, Experian or TransUnion, the nationwide credit bureaus.

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo