Risk
2/26/2009
01:52 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

FTC Report: Identity Theft Remains Consumers' No. 1 Fraud Complaint

Number of identity theft complaints rose 20 percent from 2007 to 2008

Identity theft remains the top category of fraud affecting consumers, and it jumped considerably last year, according to the Federal Trade Commission's annual consumer complaint report released today.

The FTC's Consumer Sentinel Network Complaint Data Book report for 2008 shows the number of identity theft complaints up around 20 percent from 2007, from 259,266 in '07 to 313,982 in '08. Identity theft represents 26 percent of all consumer fraud complaints, followed by third-party and creditor debt collection (9 percent), shop-at-home and catalog sales (4 percent), and Internet services (4 percent) and other forms of fraud.

The FTC's Consumer Sentinel Network is a database used by law enforcement to log consumer fraud complaints.

The marked increase in identity theft complaints is significant in that the number of these reports had stayed mostly flat from 2006 to 2007, says Tom Rusin, president of Affinion Security Center, which provides personal data security services for consumers and businesses. Rusin says the jump may be due to several factors, including the high number of enterprise breaches last year, as well as fallout from the financial crisis. "As banks consolidate today, consumers expect to get more information [electronically] from their bank," Rusin says. "That's an opportunity for identity thieves to do phishing attacks."

Rusin says the report also highlights how, contrary to popular belief, identity theft isn't just about bank card fraud; while 20 percent of the ID theft cases reported last year were bank card fraud, around 30 percent originated from document fraud, such as Social Security Number theft and employment fraud. Many people don't realize that document fraud is also ID theft, Rusin says.

The FTC report also shows what bad guys do with stolen identities. While 20 percent was pure credit card fraud, government documents or benefits fraud accounted for 15 percent, employment fraud for 15 percent, and phone or utilities, 13 percent.

"[Around] 40 percent of identity theft had nothing to do with bank or credit cards," Rusin notes. "It was stealing personal information, for working here illegally, fraudulent tax returns, [etc.]," he says.

Agewise, 20- to 39-year-olds still bear the brunt of identity theft fraud, with around 49 percent of complaints from this demographic, according to the FTC report -- a trend that has been consistent during the past three years. Interestingly, 65 percent of identity theft victims last year did not contact the police. "This just shows that most people don't know where to turn," Rusin says.

And Arizona is still the No. 1 state for identity theft complaints, with 149 per 100,000 people, followed by California, Florida, and Texas. These states typically house a wealth of assets, Rusin says, which makes them attractive for identity thieves.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-0334
Published: 2014-10-31
Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.

CVE-2014-2334
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.

CVE-2014-2335
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.

CVE-2014-2336
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335.

CVE-2014-3366
Published: 2014-10-31
SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.