Security threats Toolkit

ID Theft: Should you believe the hype?

Tags:
Cybercrime,
Online Banking,
ID Theft,
Phishing

Joris Evers CNET News

Published: 25 Oct 2005 16:10 BST

...victims who relied on more traditional means of interaction, such as paper statements from banks — an average per incident of $551 as opposed to $4,543 (£311 rather than £2,561), according to the Javelin survey.

About two-thirds of what is reported as ID theft in the US today is credit card fraud, against which cardholders are often legally protected, according to US Federal Trade Commission data released earlier this year. In the US the maximum legal liability of a consumer in credit card fraud is $50, but all major credit card companies have "zero liability" policies.

The FTC study found that most victims were able to solve their problems within a week. And even though credit card fraud is far more prevalent than full-scale identity theft, the aggregate of both categories is relatively small.

To assess the chances of falling victim to such crimes, consider these statistics: In 2003, 10 million US residents were the victim of ID theft, according to the FTC; by comparison, in the same year, 20m people got into a car crash, according to the Insurance Information Institute.

"Of all data compromises, only about 2 percent of the accounts that are compromised are ever used fraudulently," said Rosetta Jones, a spokeswoman for credit card company Visa USA. "You really are talking about a very small percentage of accounts that will ultimately result in fraud, which means very few consumers are impacted."

One reason for the persistent worrying over ID theft is the sheer numbers involved in many security lapses. Since February, more than 50m personal records have been exposed in dozens of incidents, according to information compiled by the Privacy Rights Clearinghouse.

The causes of the breaches include hacking, lost data backup tapes, dishonest insiders, lost or stolen computers, and exposure of data because it was not stored securely. But when the number of ID theft victims for this year is tallied, there is not likely to be a clear link with the data breaches, Van Dyke said.

"I would be surprised if we see a strong correlation between some of these massive data breaches and individual fraud loss," the Javelin analyst said.

But not everyone agrees. "Almost half the victims don't know how their identity was stolen. It really is not possible for industry people to state conclusively that security breaches don't lead to identity theft," said Beth Givens, director at the Privacy Rights Clearinghouse. "ID theft is at epidemic proportions."

Pinpointing the problem
Another reason behind exaggerated fears is confusion over the term "identity theft" itself. "It really is a misnomer," Van Dyke said. An identity can't be stolen but can be used fraudulently, he explains; hence, some experts prefer to use the term "identity fraud".

Within the definition of identity fraud, researchers distinguish between "existing account fraud", such as...

For more, click here...