Vulnerabilities / Threats
2/9/2011
12:50 PM
Connect Directly
RSS
E-Mail
50%
50%

Identity Theft Down 28% In 2010

While overall rates are down, incidents involving friendly fraud as well as costs for consumers are on the rise, according to Javelin Strategy & Research.

Top 10 Security Stories Of 2010
(click image for larger view)
Slideshow: Top 10 Security Stories Of 2010

Good news on the ID theft front: The number of identity fraud incidents, after increasing for two years in a row, fell by 28% from 2009 to 2010. As a result, the amount lost to identity fraud in that timeframe decreased from $56 billion to $37 billion.

Those findings come from a survey of the behavior and financial habits of about 5,000 adults in the United States, including 470 who were victims of identity fraud, conducted by market researcher Javelin Strategy & Research.

According to Javelin, about 8.1 million people -- or 3.5% of the U.S. population -- were ID fraud victims in 2010, down from 11 million people in 2009. Interestingly, in 2010, 14% of identity fraud was committed by someone the victim knew.

While the number of ID theft incidents has recently declined, unfortunately they're also becoming more difficult to detect. In part, that's because "new account" fraud, which is more difficult to spot than fraud involving stolen credit cards, now accounts for 46% of the total dollar value of identity fraud, up from 38% in 2009.

"New account fraud on average takes longer to detect and results in higher mean consumer costs than other types of fraud," according to Javelin. As a result, when consumers had to pay out-of-pocket costs, the average bill was $631 -- the highest level seen since 2007.

Still, the typical ID theft victim doesn't have to pay any costs out of pocket. "Because of the zero-liability fraud protection offered by the majority of banks and card issuers, most victims will have to pay out-of-pocket expenses only to cover their time in resolving fraud, not to reimburse fraudulent charges," the study said.

Resolving ID theft can take time. On average, consumers in 2010 spent 33 hours resolving instances of identify fraud, up from 12 hours in 2009. Resolution times now are nearly back to their 2005 mark of 40 hours.

The report notes that in 2010, 7% of U.S. consumers received a notification that their personal information may have been involved in a data breach. Today, 46 states require businesses to disclose when their customers' data has been involved in a data breach. Unfortunately, consumers who receive these notices are four times more likely to become victims of identity fraud.

Javelin said that when it comes to spotting ID theft, proactivity pays. In 35% of identity fraud cases, victims said that their financial institution or credit card provider notified them of the suspected fraud. But according to the report, "the next two most frequent methods for victims to discover fraud were through their own review of either paper or electronic statements."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1544
Published: 2014-07-23
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger cer...

CVE-2014-1547
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1548
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1549
Published: 2014-07-23
The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and applica...

CVE-2014-1550
Published: 2014-07-23
Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio control-message ordering.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.