Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

3/4/2009
11:26 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Gartner: Nearly 8 Percent Of U.S. Adults Lost Money To Financial Fraud In '08

Data breaches were major cause of consumer losses, followed by physical theft and phishing attacks

A new report released today by Gartner sheds light on the financial impact of fraud on consumers: Last year, 7.5 percent of U.S. adults lost money to financial fraud -- most of them due to data breaches.

Gartner's report comes during National Consumer Protection Week, which is aimed at raising awareness about fraud and abuse, as well as on the heels of the Federal Trade Commission's annual consumer complaint report, which found identity theft remains the No. 1 type of fraud affecting consumers. Identity theft rose 20 percent from 2007 to 2008, according to the FTC.

Gartner, which surveyed 5,000 adults in the U.S. for its report, says it's no surprise that data breaches were the top cause of financial fraud last year. All told, 657 breaches were recorded in 2008 -- an increase of 47 percent from 2007, according to the Identity Theft Resource Center. Nearly 20 percent of the respondents in Gartner's survey attributed their financial losses to data breaches, 16 percent to theft of purses or wallets, 13 percent to phishing attacks, 9 percent to Internet auction fraud, 8 percent to someone they knew having access to their information, and 7 percent to theft of personal mail or papers. More than 20 percent weren't sure how their data was stolen.

On average, victims lost the most money per incident from fraud associated with new financial accounts ($1,097), credit cards ($929), and brokerages ($900).

Those who were hit by brokerage, credit card, and debit/ATM card fraud were more likely to recover their lost money: Brokerage fraud victims recovered all of their losses, while credit card victims recovered 86 percent of their losses, and debit/ATM victims, 77 percent of their losses.

New-account fraud, check forgery, and checking/savings account transfer fraud victims, however, didn't fare so well. New-account fraud victims got only 42 percent of their money back; check forgery victims, 48 percent; and victims of fraudulent transfers, about 54 percent of their money.

Why the disparity in recovery? Gartner points out that payment card transactions come with more consumer protections, such as the Fair Credit Reporting Act and Regulation E. But the main reason new-account and check-forgery victims didn't get their money back was because most didn't bother trying.

"The leading reason consumers did not recover funds in the case of credit and debit card fraud is that they fell for a scam and believed there was no one from which to recover the stolen credit or funds. In most cases, card-issuing banks will still give consumers their money back and will charge the fraud to the acquiring (merchant) bank," the Gartner report says.

The FTC's annual report, meanwhile, showed that credit card fraud complaints went down, from 25 percent in 2006 to 20 percent last year, and new-account fraud -- where a criminal uses stolen personal information to open a new credit card account -- had dropped 13 percent, says Stuart K. Pratt, president and CEO of the Consumer Data Industry Association. "If there is any good news in the Federal Trade Commission's annual report, it's that credit card fraud complaints are down for the sixth consecutive year. This is the category of identity theft most closely associated with the crime," Pratt says.

New-account fraud often has long-term consequences, however: According to Gartner, the credit ratings of 35 percent of new-account victims were hurt by the fraud, and only a little more than half of them were able to remedy that. It took 20 percent of them more than a year to restore their good credit, and three to five years for 9 percent of them.

Victims don't often report their financial fraud, either. Less than one-third reported their cases to law enforcement, and 5 percent did so with the FTC. But people hit by financial fraud were more likely to change ecommerce, payment, and shopping habits, and those hit by electronic banking fraud were five times more likely to change banks than other consumers -- all due to security concerns.

Overall, victims of fraud were twice as likely to change their consumer behaviors for security reasons. Nearly 40 percent of all consumers (victims or not) had altered their buying behaviors due to security concerns, and 71 percent of fraud victims had, according to the report.

And nearly 30 percent of victims of online checking/savings account transfer fraud changed banks afterward.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Where Are the 'Great Exits' in the Data Security Market?
Dave Cole, Cofounder and CEO, Open Raven,  10/13/2020
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
US Counterintelligence Director & Fmr. Europol Leader Talk Election Security
Kelly Sheridan, Staff Editor, Dark Reading,  10/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4564
PUBLISHED: 2020-10-20
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 and IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea...
CVE-2020-4748
PUBLISHED: 2020-10-20
IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188517.
CVE-2020-4749
PUBLISHED: 2020-10-20
IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link ...
CVE-2020-4755
PUBLISHED: 2020-10-20
IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188595.
CVE-2020-4756
PUBLISHED: 2020-10-20
IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on the device with invalid arguments that could crash the keneral and cause a denial of service. IBM X-For...