About Adam K Levin | Contact | Videos

The Javelin Conundrum: Making Sense of the Latest Identity Theft NumbersData SecurityBlogIdentity Theft


Share
"Dangerous Hacker With Laptop", via abadonian, ThinkStock.

“Dangerous Hacker With Laptop”, via abadonian, ThinkStock.

At first blush one might be cheered by the results of the newly released Javelin Strategy & Research 2010 Identity Fraud Survey Report.

The Good News

Identity fraud incidents decreased in the United States by 28%. That’s three million less victims than reported in their findings in 2009.

The total overall fraud amount dropped from $56 billion to $37 billion in 2010.

The mean loss per consumer dropped from just under $5,000 to just over $4,600.

But should we be dancing in the streets or at least hopping on the couch like Tom Cruise on Oprah? Well, not exactly. This is one of the earlier studies on the subject that will be released in 2011. The Federal Trade Commission, Ponemon, the Identity Theft Resource Center and Pew (to name a few) will be reporting their findings over the next few months.

Consumers were asked to self-report their victimization and disclose the costs they incurred, but the folks at Gartner weren’t necessarily convinced. According to the “Red Tape Chronicles” blog on MSNBC.com, Gartner analyst Avivah Litan argues that the methodology of the Javelin survey has its “pitfalls” and bank data indicates that fraud is actually up. Frankly, the financial services sector has always been pretty guarded when it comes to such disclosures. UC Berkeley’s Professor Chris Hoofnagle has been quite outspoken over the years about their “close to the vest” disclosure policies, and his groundbreaking study tracking the frequency of bank data breaches is absolutely worth a read.

So before we stand on top of a Times Square skyscraper to release the confetti and dump the vat of Gatorade on the winning coach, allow me to assume my Shiva God of Death persona and reflect a bit on the survey’s darker findings.

The Bad News

The mean out of pocket costs due to identity fraud increased by some 63 percent from $387 per incident in 2009 to $631 per incident in 2010. Javelin attributes this to significant increases in new account fraud and “friendly fraud,” both of which percolate for longer periods of time before detection.

The amount of time required by consumers to resolve an identity fraud incident significantly increased in 2010 – jumping from 21 hours to 33 hours (a whopping 39%).

While credit card account compromise is significant but dropping, debit card fraud is markedly rising. This is entirely logical. In recent reports, millions of consumers have forsaken credit cards for debit cards – either due to a new sense of frugality, fear of an uncertain economy or because they have been unceremoniously forced out of the credit card market. Banks have crushed consumer credit card utilization over the past 3 years by closing accounts, lowering credit limits, jacking up rates and hiking fees. Their “reign of terror” has pushed and cajoled Americans into debit cards which have few rewards, generate billions from swipe fees, offer less fraud protection than credit cards and provide a wormhole into individual bank accounts.

Do I see sweat on your brow?

New account fraud, which accounts for $17 billion (put your pinky to the edge of your mouth like Dr. Evil when you say that), is on its way to eclipsing existing account fraud. This means that the low hanging fruit has been picked over and the predators have climbed the tree grabbing a sweeter consumable which is tougher to detect and more complicated to resolve.

Physical change of address is now the means of choice for existing account takeover. So think twice before you elect to not shred and simply toss out pre-approved credit card offers and change of address forms and fail to read mail from institutions and the post office requesting confirmation of your change of residence.

Social networking junkies who have been lost in cyberspace for at least 5 years are twice as likely to be victims of identity theft.

While financial services organizations will happily e-mail or text customers that there may be a problem, only 81% of those institutions provide 24/7 access to the tools necessary to shut down the source of the problem.

While Javelin opines that there was a drop in larger breaches of mega-corporations that expose tens of millions of consumers – who are eight times more likely to face victimization if they receive notice of their inclusion into the identity theft sweepstakes – to the crime (Good Night and Bad Luck, Alberto Gonzalez), fraud experts at Credit.com’s sister company Identity Theft 911 are seeing a greater proliferation of breaches at smaller businesses. These organizations more often than not have neither the security protocols nor resources of the big guys to help them avoid a compromise or, worst case, navigate the comprehensive regulatory, legal and customer service requirements and could well cease to exist in the absence of appropriate insurance combined with professional incident response assistance.

Is that a facial twitch?

The takeaways

Shredders, anti-virus software, firewalls, post boxes, safes, encrypted thumb-drives, strong passwords, zipped lips and lighter fingers on the keyboards should be priorities.

Credit and public records monitoring programs are becoming even more necessary to your life as online visits to your bank and credit card accounts should be to your daily routine.

You need to ask your insurance agent, banker, credit union service representative, or HR Director if they or their institution offer a program either as a perk, policy endorsement or purchase that can stop the pain, limit the personal carnage and restore normalcy if you become a statistic in this nightmarish census.

Assuming $37 billion is the ultimate figure – it is, indeed, daunting and represents that which a sampling of consumers endured over the past year. But what about the experiences of the millions of Americans who were not surveyed, or the economic, psychic and human cost of criminal, medical, synthetic, child and unreported familial identity theft?

Frankly, these results sure feel a lot like last week’s unemployment number. It dropped to 9 percent from 9.8 percent the month before. However, is anyone really convinced that means more people are actually finding work? I think a heck of a lot of folks simply stopped looking.

Likewise, the seemingly downward trend in this latest Javelin survey could give the impression that identity theft is on the wane. Are you really ready to take that to the bank? We are living in the golden age of identity theft. Either willingly through sites like Facebook, unwillingly through data breaches, or unwittingly through theft of mail, dumpster diving, phishing, vishing, skimming or theft of purses and wallets, people are routinely discovering that their sensitive personal information has gone astray.

Originally posted at Credit.com.