Vulnerabilities / Threats
2/9/2011
12:50 PM
Connect Directly
RSS
E-Mail
50%
50%

Identity Theft Down 28% In 2010

While overall rates are down, incidents involving friendly fraud as well as costs for consumers are on the rise, according to Javelin Strategy & Research.

Top 10 Security Stories Of 2010
(click image for larger view)
Slideshow: Top 10 Security Stories Of 2010

Good news on the ID theft front: The number of identity fraud incidents, after increasing for two years in a row, fell by 28% from 2009 to 2010. As a result, the amount lost to identity fraud in that timeframe decreased from $56 billion to $37 billion.

Those findings come from a survey of the behavior and financial habits of about 5,000 adults in the United States, including 470 who were victims of identity fraud, conducted by market researcher Javelin Strategy & Research.

According to Javelin, about 8.1 million people -- or 3.5% of the U.S. population -- were ID fraud victims in 2010, down from 11 million people in 2009. Interestingly, in 2010, 14% of identity fraud was committed by someone the victim knew.

While the number of ID theft incidents has recently declined, unfortunately they're also becoming more difficult to detect. In part, that's because "new account" fraud, which is more difficult to spot than fraud involving stolen credit cards, now accounts for 46% of the total dollar value of identity fraud, up from 38% in 2009.

"New account fraud on average takes longer to detect and results in higher mean consumer costs than other types of fraud," according to Javelin. As a result, when consumers had to pay out-of-pocket costs, the average bill was $631 -- the highest level seen since 2007.

Still, the typical ID theft victim doesn't have to pay any costs out of pocket. "Because of the zero-liability fraud protection offered by the majority of banks and card issuers, most victims will have to pay out-of-pocket expenses only to cover their time in resolving fraud, not to reimburse fraudulent charges," the study said.

Resolving ID theft can take time. On average, consumers in 2010 spent 33 hours resolving instances of identify fraud, up from 12 hours in 2009. Resolution times now are nearly back to their 2005 mark of 40 hours.

The report notes that in 2010, 7% of U.S. consumers received a notification that their personal information may have been involved in a data breach. Today, 46 states require businesses to disclose when their customers' data has been involved in a data breach. Unfortunately, consumers who receive these notices are four times more likely to become victims of identity fraud.

Javelin said that when it comes to spotting ID theft, proactivity pays. In 35% of identity fraud cases, victims said that their financial institution or credit card provider notified them of the suspected fraud. But according to the report, "the next two most frequent methods for victims to discover fraud were through their own review of either paper or electronic statements."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3352
Published: 2014-08-30
Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) 2008.3_SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, related to an "iFrame vulnerability," aka Bug ID CSCuh...

CVE-2014-3908
Published: 2014-08-30
The Amazon.com Kindle application before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2010-5110
Published: 2014-08-29
DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file.

CVE-2012-1503
Published: 2014-08-29
Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section.

CVE-2013-5467
Published: 2014-08-29
Monitoring Agent for UNIX Logs 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP04 and Monitoring Server (ms) and Shared Libraries (ax) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP08, 6.2.3 through FP01, and 6.3.0 through FP01 in IBM Tivoli Monitoring (ITM)...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.