Is Identity Theft Decreasing?
I was somewhat relieved when I saw a headline the other day proclaiming that a comprehensive study had shown identity theft was in steady decline. After all, no matter how careful you are about shredding, installing firewalls on your home computer or using different passwords, in the end there's little you can do to stop rings of overseas hackers or the loss of a government or company laptop that happens to have the personal information of millions of people on it.
Alas, the study in question, a telephone survey of 5,000 people by Javelin Strategy & Research, and sponsored by Visa, Wells Fargo and CheckFree, has some potential flaws that undermine some of its major conclusions.
To sum up those conclusions:
* 500,000 fewer people said they were victims of identity theft, with 3.7 percent of people saying they were victims in the previous 12 months, compared with 4.7 in 2003.
* Losses due to identity theft fraud are down in the U.S. by an estimated 12 percent compared with last year to $49.3 billion, from $55.7 billion.
* Young adults are at greatest risk of identity fraud because they're less likely to take precautions such as shredding mail or other documents with personal info.
* Lower-income Americans are least likely to be victims of identity fraud, with only 2.8 percent reporting cases, while Americans with incomes of $150,000 per year are the "most likely" to be victimized with 7.3 percent reporting abuses.
Now this last item had me scratching my head. How can a group of people be the "most likely" to be anything if only 7.3 percent of them say so?
There are other issues like this with the report, which in full disclosure, I must say I didn't review in its entirety because it costs $2500 a pop. However, others have taken it to task, just as they did a previous Javelin study that found roughly half of identity theft victims personally knew the perpetrators. The most thorough and convincing dissection of the study and Javelin's other work was done by Chris Hoofnagle of the Electronic Privacy Information Center.
Here are some bones Chris has to pick with Javelin:
* The new study doesn't take into account "synthetic identity fraud" where identities are created using pieces of many people's personal info. According to ID Analytics, in 2003, 88 percent of fraudulent new accounts were opened using synthetic identities. Only 26 percent of identity fraud losses were attributed to straight up, traditional identity theft.
* Identity theft is not necessarily a crime committed by people you know. Hoofnagle cites a study of 1,037 verified instances of identity theft, which found that 47 percent of imposters stole information from individuals by stealing mail and trash, purse snatching, and stealing information from friends and relatives, while 51 percent of impostors obtained information by stealing it from businesses. Even the Federal Trade Commission took issue with a Wall Street Journal story titled "Culprit is likely friend or relative" that relied on Javelin research, saying it was misleading because 74 percent of people surveyed said they didn't know who had stolen their identity.
* Finally, Chris takes issue with Javelin extrapolating the responses of a minority to the entire population.
Why does any of this matter? The concern among privacy watchdogs seems to be that the report will be taken as proof that businesses are doing an adequate job of protecting consumers' personal info and that the onus is on consumers to do a better job of protecting themselves. Their biggest point is that businesses remain the major source of personal consumer info for identity thieves and no amount of shredding and paid monitoring services can make up for the need to hold companies accountable for data breaches. It's an argument they're likely to make with House Financial Services Committee Chairman Barney Frank (D-Mass.), who is talking about exempting companies from disclosing data breaches so long as they secure data with encryption or other technology.
What do you say? Should businesses be required do more to protect their customers' personal information?
Please email us to report offensive comments.
Posted by: Radioactive Sushi | February 6, 2007 11:52 AM
Posted by: Anonymous | February 6, 2007 1:43 PM
Posted by: Here we go again | February 6, 2007 4:01 PM
Posted by: Chris | February 6, 2007 4:35 PM
Posted by: Xenia von Wedel | February 6, 2007 6:24 PM
Posted by: Anonymous | February 6, 2007 6:56 PM
Posted by: Frank | February 7, 2007 8:07 AM
Posted by: Chris | February 7, 2007 8:25 AM
Posted by: Chris | February 7, 2007 8:29 AM
Posted by: Frank | February 7, 2007 8:54 AM
Posted by: DC | February 7, 2007 2:31 PM
Posted by: Ed | February 8, 2007 3:54 PM
The comments to this entry are closed.