Traditional Sources of ID Fraud Hit Harder Than Online Channels

For all the publicity phishing has received in the past year as a rapidly growing and particularly insidious form of electronic fraud, it figures as a source of information in identity-fraud cases only 1.7% of the time when the method behind the crime is known. Indeed, online channels as a whole account for just under 12% of cases where victims know how their personal information was compromised, even though 75% of all households now use the Internet, with 65% of these checking bank and credit union balances. By contrast, physical-world sources remain the most productive avenues for identity fraud, showing up in 68.2% of cases where the source of the data is known. Of these, lost and stolen wallets alone figure in 28.8% of cases, and friends and acquaintances holding access to the data account for another 11.4%. This is according to data released today by Javelin Strategy & Research, a Pleasanton, Calif.-based research firm, in cooperation with the Better Business Bureau. The results of the survey, which canvassed some 4,000 U.S adults last fall and yielded interviews with more than 500 people victimized in the previous 12-month period, underscore the severity of the crime but also emphasize traditional forms of identity fraud, rather than online channels, as the most common and causing the highest losses. Total losses to identity fraud amounted to $52.6 billion last year, according to the survey, embracing some 9.3 million victims, or 4.25% of the adult population. These numbers vary little from those found in a similar survey released by the Federal Trade Commission in 2003. Indeed, though the earlier study estimated the number of victims at 10.1 million, the authors of the current study caution against reading anything into the apparent 8% decline. “The drop in the number of victims did not meet the statistical-significance test,” James Van Dyke, founder and principal analyst at Javelin, said during a conference call held to announce the findings. “We need to be quite cautious about that.” But while the incidence of the fraud is apparently unchanged, authorities and victims are becoming more adept at detecting and resolving it. The study says the total time between each incident and its resolution dropped 21% to 260.4 million hours from the figure in the FTC survey. Not only are traditional sources of data more commonly used by fraudsters, the losses attributable to frauds committed with such sources are usually much higher than those sustained when online channels serve as the source, according to the current survey. For example, while the mean loss from phishing incidents is $2,320, the average loss in cases where identity has been stolen by family members or friends is $15,607, according to the study. In phishing frauds, criminals send e-mails carrying faked logos of well-known banks and other institutions in an effort to gull a few recipients into giving up key personal information, such as PINs and account numbers. Even as mundane a source as statements stolen from the mail carry a staggering yield for fraudsters compared to online channels, with a $9,243 average loss. At the same time, consumers who review their statements online enjoy far better protection from identity fraud compared to those who receive paper statements. The mean loss to frauds detected via online statement review was $551 in the survey; that detected via paper statements, $4,543, or eight times as much. The survey attributes the lower loss rate in part to faster detection time. It says the mean time to detection in cases of paper statements, with their typical 30-day cycles, is 114 days, whereas that for online review is only 18 days. The survey, which incorporated many of the same questions as those posed in the 2003 FTC study while adding several new ones, was sponsored by CheckFree Corp., Visa U.S.A. Inc., and Well Fargo & Co.