Vulnerabilities / Threats
2/9/2011
12:50 PM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Identity Theft Down 28% In 2010

While overall rates are down, incidents involving friendly fraud as well as costs for consumers are on the rise, according to Javelin Strategy & Research.

Top 10 Security Stories Of 2010
(click image for larger view)
Slideshow: Top 10 Security Stories Of 2010

Good news on the ID theft front: The number of identity fraud incidents, after increasing for two years in a row, fell by 28% from 2009 to 2010. As a result, the amount lost to identity fraud in that timeframe decreased from $56 billion to $37 billion.

Those findings come from a survey of the behavior and financial habits of about 5,000 adults in the United States, including 470 who were victims of identity fraud, conducted by market researcher Javelin Strategy & Research.

According to Javelin, about 8.1 million people -- or 3.5% of the U.S. population -- were ID fraud victims in 2010, down from 11 million people in 2009. Interestingly, in 2010, 14% of identity fraud was committed by someone the victim knew.

While the number of ID theft incidents has recently declined, unfortunately they're also becoming more difficult to detect. In part, that's because "new account" fraud, which is more difficult to spot than fraud involving stolen credit cards, now accounts for 46% of the total dollar value of identity fraud, up from 38% in 2009.

"New account fraud on average takes longer to detect and results in higher mean consumer costs than other types of fraud," according to Javelin. As a result, when consumers had to pay out-of-pocket costs, the average bill was $631 -- the highest level seen since 2007.

Still, the typical ID theft victim doesn't have to pay any costs out of pocket. "Because of the zero-liability fraud protection offered by the majority of banks and card issuers, most victims will have to pay out-of-pocket expenses only to cover their time in resolving fraud, not to reimburse fraudulent charges," the study said.

Resolving ID theft can take time. On average, consumers in 2010 spent 33 hours resolving instances of identify fraud, up from 12 hours in 2009. Resolution times now are nearly back to their 2005 mark of 40 hours.

The report notes that in 2010, 7% of U.S. consumers received a notification that their personal information may have been involved in a data breach. Today, 46 states require businesses to disclose when their customers' data has been involved in a data breach. Unfortunately, consumers who receive these notices are four times more likely to become victims of identity fraud.

Javelin said that when it comes to spotting ID theft, proactivity pays. In 35% of identity fraud cases, victims said that their financial institution or credit card provider notified them of the suspected fraud. But according to the report, "the next two most frequent methods for victims to discover fraud were through their own review of either paper or electronic statements."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: LOL.
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6212
Published: 2014-04-19
Unspecified vulnerability in HP Database and Middleware Automation 10.0, 10.01, 10.10, and 10.20 before 10.20.100 allows remote authenticated users to obtain sensitive information via unknown vectors.

CVE-2013-6213
Published: 2014-04-19
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833.

CVE-2013-6214
Published: 2014-04-19
Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 9.05, 10.01, and 10.10 allows remote authenticated users to obtain sensitive information via unknown vectors, aka ZDI-CAN-2042.

CVE-2013-6215
Published: 2014-04-19
Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 10.01 and 10.10 allows remote authenticated users to execute arbitrary code via unknown vectors, aka ZDI-CAN-1977.

CVE-2013-6218
Published: 2014-04-19
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors.

Best of the Web