Risk
2/26/2009
01:52 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

FTC Report: Identity Theft Remains Consumers' No. 1 Fraud Complaint

Number of identity theft complaints rose 20 percent from 2007 to 2008

Identity theft remains the top category of fraud affecting consumers, and it jumped considerably last year, according to the Federal Trade Commission's annual consumer complaint report released today.

The FTC's Consumer Sentinel Network Complaint Data Book report for 2008 shows the number of identity theft complaints up around 20 percent from 2007, from 259,266 in '07 to 313,982 in '08. Identity theft represents 26 percent of all consumer fraud complaints, followed by third-party and creditor debt collection (9 percent), shop-at-home and catalog sales (4 percent), and Internet services (4 percent) and other forms of fraud.

The FTC's Consumer Sentinel Network is a database used by law enforcement to log consumer fraud complaints.

The marked increase in identity theft complaints is significant in that the number of these reports had stayed mostly flat from 2006 to 2007, says Tom Rusin, president of Affinion Security Center, which provides personal data security services for consumers and businesses. Rusin says the jump may be due to several factors, including the high number of enterprise breaches last year, as well as fallout from the financial crisis. "As banks consolidate today, consumers expect to get more information [electronically] from their bank," Rusin says. "That's an opportunity for identity thieves to do phishing attacks."

Rusin says the report also highlights how, contrary to popular belief, identity theft isn't just about bank card fraud; while 20 percent of the ID theft cases reported last year were bank card fraud, around 30 percent originated from document fraud, such as Social Security Number theft and employment fraud. Many people don't realize that document fraud is also ID theft, Rusin says.

The FTC report also shows what bad guys do with stolen identities. While 20 percent was pure credit card fraud, government documents or benefits fraud accounted for 15 percent, employment fraud for 15 percent, and phone or utilities, 13 percent.

"[Around] 40 percent of identity theft had nothing to do with bank or credit cards," Rusin notes. "It was stealing personal information, for working here illegally, fraudulent tax returns, [etc.]," he says.

Agewise, 20- to 39-year-olds still bear the brunt of identity theft fraud, with around 49 percent of complaints from this demographic, according to the FTC report -- a trend that has been consistent during the past three years. Interestingly, 65 percent of identity theft victims last year did not contact the police. "This just shows that most people don't know where to turn," Rusin says.

And Arizona is still the No. 1 state for identity theft complaints, with 149 per 100,000 people, followed by California, Florida, and Texas. These states typically house a wealth of assets, Rusin says, which makes them attractive for identity thieves.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message

Kelly Jackson Higgins is Senior Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0607
Published: 2014-07-24
Unrestricted file upload vulnerability in Attachmate Verastream Process Designer (VPD) before R6 SP1 Hotfix 1 allows remote attackers to execute arbitrary code by uploading and launching an executable file.

CVE-2014-1419
Published: 2014-07-24
Race condition in the power policy functions in policy-funcs in acpi-support before 0.142 allows local users to gain privileges via unspecified vectors.

CVE-2014-2360
Published: 2014-07-24
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage.

CVE-2014-2361
Published: 2014-07-24
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mode.

CVE-2014-2362
Published: 2014-07-24
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.