Risk
2/26/2009
01:52 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

FTC Report: Identity Theft Remains Consumers' No. 1 Fraud Complaint

Number of identity theft complaints rose 20 percent from 2007 to 2008

Identity theft remains the top category of fraud affecting consumers, and it jumped considerably last year, according to the Federal Trade Commission's annual consumer complaint report released today.

The FTC's Consumer Sentinel Network Complaint Data Book report for 2008 shows the number of identity theft complaints up around 20 percent from 2007, from 259,266 in '07 to 313,982 in '08. Identity theft represents 26 percent of all consumer fraud complaints, followed by third-party and creditor debt collection (9 percent), shop-at-home and catalog sales (4 percent), and Internet services (4 percent) and other forms of fraud.

The FTC's Consumer Sentinel Network is a database used by law enforcement to log consumer fraud complaints.

The marked increase in identity theft complaints is significant in that the number of these reports had stayed mostly flat from 2006 to 2007, says Tom Rusin, president of Affinion Security Center, which provides personal data security services for consumers and businesses. Rusin says the jump may be due to several factors, including the high number of enterprise breaches last year, as well as fallout from the financial crisis. "As banks consolidate today, consumers expect to get more information [electronically] from their bank," Rusin says. "That's an opportunity for identity thieves to do phishing attacks."

Rusin says the report also highlights how, contrary to popular belief, identity theft isn't just about bank card fraud; while 20 percent of the ID theft cases reported last year were bank card fraud, around 30 percent originated from document fraud, such as Social Security Number theft and employment fraud. Many people don't realize that document fraud is also ID theft, Rusin says.

The FTC report also shows what bad guys do with stolen identities. While 20 percent was pure credit card fraud, government documents or benefits fraud accounted for 15 percent, employment fraud for 15 percent, and phone or utilities, 13 percent.

"[Around] 40 percent of identity theft had nothing to do with bank or credit cards," Rusin notes. "It was stealing personal information, for working here illegally, fraudulent tax returns, [etc.]," he says.

Agewise, 20- to 39-year-olds still bear the brunt of identity theft fraud, with around 49 percent of complaints from this demographic, according to the FTC report -- a trend that has been consistent during the past three years. Interestingly, 65 percent of identity theft victims last year did not contact the police. "This just shows that most people don't know where to turn," Rusin says.

And Arizona is still the No. 1 state for identity theft complaints, with 149 per 100,000 people, followed by California, Florida, and Texas. These states typically house a wealth of assets, Rusin says, which makes them attractive for identity thieves.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5485
Published: 2014-09-30
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.

CVE-2012-5486
Published: 2014-09-30
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

CVE-2012-5487
Published: 2014-09-30
The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.

CVE-2012-5488
Published: 2014-09-30
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.

CVE-2012-5489
Published: 2014-09-30
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
In our next Dark Reading Radio broadcast, we’ll take a close look at some of the latest research and practices in application security.