The Checkout

Some Surprising Findings About Identity Theft

True or False? Internet use increases the risk of identity theft.

True or False? Consumers bear the brunt of financial losses from ID fraud.

True or False? Seniors are the most frequent target of ID fraudsters.

All are false, according to a recent survey by the Better Business Bureau and Javelin Strategy and Research, a consulting firm for the financial services industry.

The survey of 5,000 Americans is full of a number of surprising findings that challenge many of the assumptions we all have about identity theft.

First off, most of the compromised data is not taken through the Internet. In fact, the traditional offline channels, such as lost or stolen wallets, checkbooks or credit cards, continue to be the primary source of ID theft. What's more, almost half of all identity theft is perpetrated by someone the victim knows: friends, neighbors, family members, in-home employees, etc. And with nearly 70 percent of consumers shredding documents, trash also is not a great source of compromised data, the survey says.

Second, the average fraud amount per case is now $6,383, up from $5,249 two years ago. But the average out-of-pocket cost for consumer is down to $422, compared to $657 last year. That means businesses are bearing the bulk of the costs. Even so, consumers are spending a lot more time trying to resolve ID fraud: 40 hours, up from 33 in 2003

Third, 25 to 34 year olds, not seniors, are the most susceptible targets, most likely because they conduct more transactions and are therefore at the greatest risk, according to Javelin founder James Van Dyke. In fact, the 65 and older crowd are the least victimized of all the age groups surveyed. But the 35-44 year olds have the highest average fraud amount--$9,435.

As a percent of the U.S. adult population, the study shows the number of fraud victims has dropped from 4.7 percent to 4 percent between 2003 and 2006.

Van Dyke says that instead of being afraid of the Internet, consumers should rely on it more to deter ID theft. Specifically, he recommends that we stop all paper statements and instead monitor our accounts online--and do so weekly to detect fraud quickly.

As the survey noted, consumers detect almost half the fraud cases, with 11 percent of the victims caught by monitoring credit reports. You know what that means. If you haven't reviewed at least one of your credit reports lately, do so now. I've said it before and I'm sure I'll say it again. You're entitled to a free report annually from each of the three major credit bureaus. So check yours today.

By  |  February 28, 2006; 6:00 AM ET Consumer News
Previous: Paying Taxes with Plastic May Not Be Rewarding | Next: A Blow to the 'Wal-Mart Shopping Spree' Scam


Please email us to report offensive comments.

The survey is done by an organization that is tied up with the financial services industry, an industry that has a vested interested in having the public trust business done on the internet.

The results they publish may be deceitful and self-serving.

Posted by: billofright | February 28, 2006 12:18 PM

You say that we should check our accounts "weekly to detect fraud quickly," but I'm wondering if that's enough.

An article in the NY Times yesterday said "Individual victims of fraudulent transfers are typically limited to $50 in liability under the Federal Reserve's Regulation E, so long as they report the crime quickly enough - within two days."

So is weekly enough, or are we really expected to check our bank balance every other day? Please give us some more info about what we should do. I'm starting to wonder if I should just keep my money in a shoebox under my bed...

Posted by: Oregonian | February 28, 2006 12:19 PM

"[T]he average fraud amount per case is now $6,383, up from $5,249 two years ago. But the average out-of-pocket cost for consumer is down to $422, compared to $657 last year. That means businesses are bearing the bulk of the costs."
Of course businesses would never pass these costs onto the consumer?! NO! That's why things like bank fees and service charges are starting to go through the roof.
Please! Be realistic!

Posted by: tommer | February 28, 2006 12:42 PM

"What's more, almost half of all identity theft is perpetrated by someone the victim knows: friends, neighbors, family members, in-home employees, etc."

I'd be curious to know what the dollar weighted % of ID theft is by source. I'd bet that ID theft sourced to a bank or doctor's office security breach has higher actual dollar amount of loss.

Posted by: HateIDTheft | February 28, 2006 2:31 PM

A few points on this column:

1- Some of the information presented in Caroline Mayer's column is right, but not the claim that half of identity theft cases are perpetrated by someone the victim knows. In the survey discussed in the article, only 36% of identity theft victims could even identify the person who misused their information. In this subset of cases where the victim KNOWS who stole his/her identity, half are by someone he/she knows.

2- Similarly wrong is the claim that “most of the compromised data is not taken through the Internet. In fact, the traditional offline channels, such as lost or stolen wallets, checkbooks or credit cards, continue to be the primary source of ID theft.”

According to the press release presenting the data discussed in Mayer's column, only 47% of victims could identify the source of the data compromise. Of this subset of cases, offline channels of theft caused about 90% of them, which is 42% of cases overall. It is NOT fair to extrapolate from the known source cases to the half of the cases for which the cause remains unknown. In fact, one would expect online sources to be disproportionately represented in the "I haven’t a clue how my data was stolen" category, given the frequency of online security breaches and hacking.

3- One finding from this study to highlight is that businesses bear most of the financial burden for identity theft. This is the primary reason why consumers should be allowed to place security freezes on their credit reports for free, rather than paying fees, as the financial service industry advocates. Businesses should pay the cost of preventing fraud by paying pennies more for each credit report they request; after all, having consumers use security freezes will save businesses a lot of money in the long run.

Posted by: U.S. PIRG | February 28, 2006 3:57 PM

She's right - check your credit report BUT only check one of the three agencies every 4 months.

They basically cover the same items, but since we're only entitiled to check a credit agency once a year - by checking with one of the 3, every 4 months, is the best way to stay current with your credit score and any problems.

Posted by: Dennis Burdick | February 28, 2006 6:16 PM

As an advocate for victims of this crime, I know that the costs to the victim should not be ignored or minimized, no matter the source of the theft.

Financially, yes, business may bear the greatest actual dollar loss, but their losses are offset by the money they earn through the legitimate business they conduct.

Proportionately the greatest loss is to the consumer. Many victims experience lower credit scores, which lead to increased interest rates, car insurance rates and even loss of existing credit lines. Some victims suffer for years with recurring bad debt on their credit reports due to someone else's misdeeds. Putting a value on those losses is difficult, if not impossible.

In light of the findings of this study, it makes sense that business should support security freeze laws that are being proposed in several states (Maryland will introduce a bill in March). Giving consumers the ability to freeze reports before they become victims will go a long way toward reducing the number of identity theft victims in the future, and increase the bottom line for businesses.

Posted by: ITRC - North Atlantic Coast | February 28, 2006 6:30 PM

Speaking from experience: I have been a victim of identity theft 4 different times. Each case of ID theft was years apart. Each was committed by someone known to me. Each was more sophisticated than the last. Each time I was able to "walk away" with no liability on my part.

The first time it happened, someone purchased an automobile and had someone else pose as me to co-sign for the loan. When they couldn't pay for the "auto" the loan company came after me because they had me down as the co-signer for the loan. The truth unfolded in front of the judge - the loan officer said that I was not the person that co-signed and it was determined that it was not my signature.

The second time someone emptied out an old bank account (there was only $11) and the bank gave me the money back. I closed the account. I had left only $11 in the account because it was too easy to make withdrawals from the account and I thought that one day someone might try it because they never asked for ID or verified that the person making the withdrawal was the account holder.

The third time someone opened up a Visa account using a different address and charged over $2500 on the card. Lawyers came after me. The person that did this was a younger relative and although had some personal information, did not have all of it. They made up some of the personal information. I proved that it was not my information and not my signature on the transactions.

The fourth time: one of my checks was taken from my checkbook (by a relative). Since it was only one check, I thought that I forgot to make an entry in the check register. The relative used my checking account number and routing number to make checks. They used my checks to pay their bills. I caught it early, was able to get the police involved, and ended the whole thing. Only one check went through, it was for a $473 payment to Verizon. I was able to get my money back.

I now use the Internet to do my banking, I have found that it is safer for me.

Posted by: DTBF | March 1, 2006 12:54 PM

Take a careful look at how identity theft is defined in this survery versus how the Federal Trade Commission defines it or the relatively new Aggravated Identity Theft statute (found under 18 U.S.C.A. § 1028A). When you change the definition of the crime, the numbers certainly change dramatically.

Posted by: An ID Theft Prosecutor | March 1, 2006 5:10 PM

The person must really need help if they can't wait on the money to come in to buy from Wal-Mart so they think that they have to steal.

Posted by: Stupid people | April 19, 2006 10:31 AM

don't do drugs.

Posted by: Linsday-Katherine | April 27, 2006 2:59 PM

Great article, that was interesting

Posted by: make money online | April 27, 2006 8:58 PM

The End of Identity Theft; Can you post this on your Blog?

Motioncodes is a new science that has actually been around for thousands of years. For a moment, think about how you distinguish one person from another. What is recognized and stored in memory? How is this information gathered? What sets us apart to make us unique? Answer - people subconsciously signaling their behavioral codes (state of mind) through body language. Without realizing it, we reveal who we are and our intentions. The progression of motioncodes: from the cave drawings of our distant ancestors to paintings, photography, to film, and finally computers-allows us to quickly and remotely (via any surveillance camera) digitize and store human body movements that are unique to everyone-just like fingerprints. Those movements are converted to a 6 digit 'rotation number' which is different for everyone on Earth and cannot be deciphered. Passers-by would be analyzed for matching information to establish and verify identity and pinpoint their whereabouts. Probable crimes, terrorism and identity theft can be monitored 24/7 and as result crime would be impossible to commit. Eventually security and law enforcement would be replaced by robots. However, in the U.S. there are millions of people that make a living from fighting crime: police, lawyers, prison guards, private security and the media. Many of these people would lose their jobs. Obviously, the CRIMINALS and the CRIME FIGHTERS would try to stop the new crime prevention technology. We submitted motioncodes to the government, security agencies, and the media and with no surprise, we have received no response! What to do? We are going directly to the public and forming a membership organization 'The Preventech Foundation' to influence these CRIME FIGHTERS to introduce motioncodes crime prevention technology and replace the present archaic methods. The implementation procedure - motioncode chip can be put instantly in any surveillance camera. That is all it takes to be protected by the National Prevention Network. Please contact us and we will send you the details about the preventive devices and systems

Posted by: Edward Romanoff | September 18, 2006 8:52 PM

The comments to this entry are closed.


© 2010 The Washington Post Company