October 24, 2005 4:00 AM PDT
Separating myth from reality in ID theft
- Related Stories
Survey: ID theft hard to shake offJuly 26, 2005
Banks to share ID theft data with FTCJuly 6, 2005
Data leaks denting Web shoppers' confidenceJune 23, 2005
Credit card breach exposes 40 million accountsJune 17, 2005
Laptop theft puts data of 98,000 at riskMarch 29, 2005
Firms seek to reassure e-shoppers over securityFebruary 18, 2005
Study: Security fears daunt online shoppersFebruary 14, 2005
(continued from previous page)
spokeswoman for credit card company Visa USA. "You really are talking about a very small percentage of accounts that will ultimately result in fraud, which means very few consumers are impacted."
One reason for the persistent worrying over ID theft is the sheer numbers involved in many security lapses. Since February, more than 50 million personal records have been exposed in dozens of incidents, according to information compiled by the Privacy Rights Clearinghouse.
The causes of the breaches include hacking, lost data backup tapes, dishonest insiders, lost or stolen computers, and exposure of data because it was not stored securely. But when the number of ID theft victims for this year is tallied, there won't likely be a clear link with the data breaches, Van Dyke said.
"I would be surprised if we see a strong correlation between some of these massive data breaches and individual fraud loss," the Javelin analyst said.
But not everyone agrees. "Almost half the victims don't know how their identity was stolen. It really is not possible for industry people to state conclusively that security breaches don't lead to identity theft," said Beth Givens, director at the Privacy Rights Clearinghouse. "ID theft is at epidemic proportions."
Pinpointing the problem
Another reason behind exaggerated fears is confusion over the term "identity theft" itself. "It really is a misnomer," Van Dyke said. An identity can't be stolen but can be used fraudulently, he explains; hence, experts prefer to use the term "identity fraud."
Within the definition of identity fraud, researchers distinguish between "existing account fraud," such as credit card fraud, and "new account fraud," where new accounts are established in the victim's name.
"I don't believe the incidents of true identity theft are as high as the general public might think," said Cheryl Charles, a senior director at BITS, a business strategy and technology group in the Financial Services Roundtable, which represents 100 of the largest U.S. financial institutions.
"The online environment is really pretty safe. Most identity fraud tends to occur in the paper environment," she said.
Having data fall off a truck does not typically result in a crime that costs someone money. "Even though the loss of data is a concern, it doesn't mean it will lead to actual identity theft," Charles said. "Just having access to the information does not mean somebody could succeed in committing identity fraud."
Perception, however, is reality for many people. So despite evidence of relative safety, nearly 80 percent of U.S. residents fear identity fraud, and that angst is keeping nearly half of registered U.S. voters from conducting business online, according to two separate surveys published over the summer.
And when ID fraud does occur, the consequences can be costly. In 2004, Javelin's research found that the average loss due to identity fraud was $5,686 per victim and in the more serious category of "new account fraud," $12,646.
Several years ago, identity fraud was labeled by the FTC as the fastest-growing crime in the United States. In a 2003 survey, the agency said 10.1 million U.S. residents had suffered from it in the previous 12 months, with $51.4 billion lost. In a follow-up study a year later, Javelin identified 9.3 million victims with $52.6 billion in losses.
Anecdotal evidence for 2005 shows that the numbers will stay flat, Van Dyke said. "The good news is that identity fraud is no longer the