Vulnerabilities / Threats
2/9/2011
12:50 PM
50%
50%

Identity Theft Down 28% In 2010

While overall rates are down, incidents involving friendly fraud as well as costs for consumers are on the rise, according to Javelin Strategy & Research.

Top 10 Security Stories Of 2010
(click image for larger view)
Slideshow: Top 10 Security Stories Of 2010

Good news on the ID theft front: The number of identity fraud incidents, after increasing for two years in a row, fell by 28% from 2009 to 2010. As a result, the amount lost to identity fraud in that timeframe decreased from $56 billion to $37 billion.

Those findings come from a survey of the behavior and financial habits of about 5,000 adults in the United States, including 470 who were victims of identity fraud, conducted by market researcher Javelin Strategy & Research.

According to Javelin, about 8.1 million people -- or 3.5% of the U.S. population -- were ID fraud victims in 2010, down from 11 million people in 2009. Interestingly, in 2010, 14% of identity fraud was committed by someone the victim knew.

While the number of ID theft incidents has recently declined, unfortunately they're also becoming more difficult to detect. In part, that's because "new account" fraud, which is more difficult to spot than fraud involving stolen credit cards, now accounts for 46% of the total dollar value of identity fraud, up from 38% in 2009.

"New account fraud on average takes longer to detect and results in higher mean consumer costs than other types of fraud," according to Javelin. As a result, when consumers had to pay out-of-pocket costs, the average bill was $631 -- the highest level seen since 2007.

Still, the typical ID theft victim doesn't have to pay any costs out of pocket. "Because of the zero-liability fraud protection offered by the majority of banks and card issuers, most victims will have to pay out-of-pocket expenses only to cover their time in resolving fraud, not to reimburse fraudulent charges," the study said.

Resolving ID theft can take time. On average, consumers in 2010 spent 33 hours resolving instances of identify fraud, up from 12 hours in 2009. Resolution times now are nearly back to their 2005 mark of 40 hours.

The report notes that in 2010, 7% of U.S. consumers received a notification that their personal information may have been involved in a data breach. Today, 46 states require businesses to disclose when their customers' data has been involved in a data breach. Unfortunately, consumers who receive these notices are four times more likely to become victims of identity fraud.

Javelin said that when it comes to spotting ID theft, proactivity pays. In 35% of identity fraud cases, victims said that their financial institution or credit card provider notified them of the suspected fraud. But according to the report, "the next two most frequent methods for victims to discover fraud were through their own review of either paper or electronic statements."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7421
Published: 2015-03-02
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644.

CVE-2014-8160
Published: 2015-03-02
net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disall...

CVE-2014-9644
Published: 2015-03-02
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-201...

CVE-2015-0239
Published: 2015-03-02
The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYS...

CVE-2014-8921
Published: 2015-03-01
The IBM Notes Traveler Companion application 1.0 and 1.1 before 201411010515 for Window Phone, as distributed in IBM Notes Traveler 9.0.1, does not properly restrict the number of executions of the automatic configuration option, which makes it easier for remote attackers to capture credentials by c...

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.