October 24, 2005 4:00 AM PDT
Separating myth from reality in ID theft
- Related Stories
Survey: ID theft hard to shake offJuly 26, 2005
Banks to share ID theft data with FTCJuly 6, 2005
Data leaks denting Web shoppers' confidenceJune 23, 2005
Credit card breach exposes 40 million accountsJune 17, 2005
Laptop theft puts data of 98,000 at riskMarch 29, 2005
Firms seek to reassure e-shoppers over securityFebruary 18, 2005
Study: Security fears daunt online shoppersFebruary 14, 2005
A laptop had been stolen from the University of California at Berkeley in March, and stored on it was personal information on 98,369 graduate students or graduate-school applicants, including Hayes.
The breach--which exposed names, dates of birth, addresses and Social Security numbers--was widely reported in the media, and the school created a special Web site to help individuals who found themselves suddenly vulnerable.
Widespread media reports have given rise to much misinformation and confusion around the issue of identity theft.
Though headlines create the perception of rampant hackings or corporate blunders, few people whose personal information is exposed are ever victimized.
FAQ: Identity fraud uncovered
Calendar: What Congress is up to
More stories on identity theft
In the months since, however, not a single case of stolen identity related to the incident has been reported. The laptop was recovered in September, and police believe that the thief was interested only in the computer, not in the information in its files.
"I have not seen any ramifications," Hayes said.
It is always possible that a crime may yet occur or has simply gone unnoticed. But the Berkeley incident underscores the reality of ID theft, which is often portrayed as a scourge in our increasingly digital society. Though headlines create the perception of rampant hackings or corporate blunders, few people whose personal information is exposed are ever victimized.
Widespread media reports have given rise to much misinformation and confusion around the issue. Many people believe that shopping or banking online increases the risk, for example, though the chances of fraud are far greater in the brick-and-mortar world.
Online and off
Just 12 percent of identity fraud cases last year occurred because the victim was active online, while 63 percent happened as the target used traditional channels, according to a survey by Javelin Strategy & Research, which tracks such data. The information is based on a survey in which 54.1 percent of ID theft victims were able to identify how fraudsters obtained their personal information.
"The most extreme forms of identity fraud are pretty rare," said James Van Dyke, an analyst at Javelin. He identified true ID fraud as those cases in which an individual used another person's name to take out a loan, apply for a credit line or even post bail after an arrest.
Moreover, in those cases when online consumers do fall victim to fraud, they find out faster and suffer much lower financial losses than victims who relied on more traditional means of interaction, such as paper statements from banks--an average per incident of $551 as opposed to $4,543, according to the Javelin survey.
About two-thirds of what is reported as ID theft today is credit card fraud, which cardholders are protected against by federal law, according to Federal Trade Commission data released earlier this year. Legally, the maximum liability for a consumer in credit card fraud is $50, but all major credit card companies have "zero liability" policies.
The FTC study found that most victims were able to solve their problems within a week. And even though credit card fraud is far more prevalent than full-scale identity theft, the aggregate of both categories is relatively small.
To assess the chances of falling victim to such crimes, consider these statistics: In 2003, 10 million U.S. residents were the victim of ID theft, according to the FTC; by comparison, in the same year, 20 million people got into a car crash, according to the Insurance Information Institute.
"Of all data compromises, only about 2 percent of the accounts that are compromised are ever used fraudulently," said Rosetta Jones, a