Study: Identity theft keeps climbing

The rate of identity theft-related fraud has risen sharply since 2003, a report from research firm Gartner suggests.

Gartner's study, released Tuesday, shows that from mid-2005 until mid-2006, about 15 million Americans were victims of fraud that stemmed from identity theft, an increase of more than 50 percent from the estimated 9.9 million in 2003.

It should be noted that the 2003 statistics and the mid-2006 statistics came from two different sources--and hence, two different statistical methodologies. The original 9.9 million figure came from the Federal Trade Commission, whereas the 15 million statistic is Gartner's own.

For its study, Gartner surveyed 5,000 U.S. adults who use the Internet. The research firm found that identity theft victims are losing more money and getting less of it back. The average loss of funds in a case of identity theft was $3,257 in 2006, up from $1,408 in 2005. Additionally, the average loss in the opening of a fraudulent new account has more than doubled over that time, from $2,678 to $5,962.

According to Gartner, identity theft victims are also recovering less of the lost cash. In 2005, an average of 87 percent of funds were recovered; in 2006, that had dropped to 61 percent.

Stamford, Conn.-based Gartner attributed the rise in identity theft fraud to increased levels of electronic identity theft.

"Hackers are exploiting Internet auctions, non-regulated money transmittal systems, the ability to impersonate lottery and sweepstake contests, and other types of imaginative scams," Gartner analyst Avivah Litan said in a statement.

However, the supposed rise in identity theft is a controversial claim. Last month, research firm Javelin Strategy & Research released a report that suggested certain identity-theft statistics--the number of fraudulent accounts opened, for example--are actually on the decline.

[HandGlad2]

"Identity theft" is to broad a term

So many crimes now fall into the "identity theft" category that it might as well not exist.

The term is so watered down that simply forging and cashing a check can be considered "identity theft" these days. So it's no wonder that the number of crimes in the category keeps growing.

Another overused term becomes a waste...

[ml_ess]

Not surprised.

At the rate that government institutions and corporate organizations are misplacing personal identifying information (PII), this doesn't come as a surprise at all.
...Not to mention many security offenders never see consequences for lacking protection for sensitive data. So I highly doubt this number will decrease anytime soon. I'm sure hackers won't back down.

[DanStarr]

Statistics 101

How is this a story? You state right at the outset that differ statistical methodologies were used. This tells an person even vaguely knowledgeable in statistics two things: 1. That all comparisons between those methodologies are suspect - that nothing certain can be gained by making such comparisons, and 2. This researcher is more interested in his name in the news than research, otherwise he would have held his findings until he could eliminate this large uncertainty. Leads me to wonder how much we can trust his other "findings." End result: The findings might be true or they might not. We just don't know. We DO know, however, that sexy headlines in the tech world are more important than quality research with trustworthy results.

[wbenton]

It only climbs due to Security Ignorance...

Identity theft is nothing new... and methods to thwart it have been made publicly available for quite some time.

That said... there is nothing but security ignorance involved...

Too many ignorants run our IT infrastructure systems today.

If it weren't for the ignorants... this climb would stop!!!

Good security ain't cheap... cheap security ain't very good.

Outsourcing security is the last thing you really want to do, but with so many nincompoop companies around today... they outsource left and right.

Getting good in-house security is expensive... but it's a necessary expense... not something to be left to those who can afford it.

Every company NEEDS to allot a security budget, but they also need good security as well. Hiring the top dollar guy doesn't necessarily ensure the best protection.

Likewise... there's a lot of expensive (worth nothing) equiment and/or services (including outsourcing) out there...

But security ignorance is security ignorance is security ignorance... and nothing except security expertise can replace that security ignorance.

Either you have it or you don't. If you've got it... hold on to it... if you don't... then you desparately NEED to acquire it.

If you don't have the budget... you'll end up another statistic!!!

The resolve is so simple... but very few really understand it!

FWIW

[ideasware]

Genuine problem

I sympathize with the "Statistics 101" comment -- as a former mathematician, I'm very conscious of this problem in new stories generally.

But in this case, the critique is unwarranted. Gartner has produced data which is very statistically valid -- in fact, better than recent data from the FTC or from Javelin Research. And the data tracks with other known trends -- the tremendous proliferation of large data breaches (80 million IDs last year); the continuing growth and value of the international ID marketplace; the rapid growth of databases containing ID data; and very poor controls over ID verification (to open bank accounts or be employed, for example).

Until people begin to follow basic ID protection practices, and until companies take seriously the need to protect ID data they hold as if it were personal assets (which it is), the problem will get exponentially worse.