Identity Theft Resource Center Part 2

Opinion
Aug 31, 20093 mins

The Aftermath 2008

Identity theft (IDT) is a major problem worldwide. The Identity Theft Resource Center (ITRC) provides excellent resources to help information assurance (IA) professionals and the public keep informed about current IDT developments and countermeasures. In my first column about the organization, I reviewed some of the many resources freely made available to the public by the ITRC.

Slideshow: Worst moments in network security history

Today I’m pointing to the report entitled, “Identity Theft: The Aftermath 2008.” The PDF is 43 pages long and has a great deal of useful data for researchers and information assurance (IA) professionals.

The Executive Summary (p 2 ff) sets an excellent tone by warning that “This study reflects only the experiences of confirmed identity theft victims who worked with the ITRC in 2008. It is not a national census study of all victims of identity theft. Responses were given at the time victims responded to the survey and may not fully represent the entire experience of the individual. Thus, certain measures of victimization represent conservative estimates since the assessment was limited to the ending date of the study.”

I wish other studies were as careful in stating the limits of their data collection!

Some of the highlights from this sixth annual study:

• 75% of the respondents reported that the IDT involved only financial fraud; 5% involved criminal fraud only.

• About two-thirds of the people responding to questions about medical IDT stated that the imposters obtained medical services using their identity. Including other metrics of abuse, it looks as though a large number of imposters may be using stolen identities for medical help.

• More people are taking proactive measures to discover IDT before they are surprised. In 2007, around four-fifths of the respondents were unprepared; in 2008 it was only about one-third. Similarly, only about one in 12 respondents were taking proactive measures (e.g., checking their credit records) whereas in 2008 the number had jumped to almost one in two.

• “For the past six years, opening new lines of credit has remained the most frequently occurring financial crime. In 2008, 67% of the victims were in this category. Charges on stolen credit cards and debit cards without a PIN also ranked high on the list. This is more than double any preceding year. As predicted by ITRC, check fraud grew to 17% in 2008, increasing from the 12% in 2007. Criminals also took out various types of loans using personal identifying information. Mortgages and second mortgages (33%), car loans (22%), personal loans (32%) and business loans (8%) were among those types of loans reported.”

• Out-of-pocket expenses to victims averaged more than $700 in 2008 for damages to existing accounts.

• “In 2008, the average loss in goods and services to businesses, as reported by survey respondents, was $90,107 compared to $48,941 in 2007. This study only includes respondents who contacted the ITRC in 2007 and is not necessarily indicative of a national business loss average.”

Well done, ITRC. Keep up the good work.

* *ADVERTISEMENT * *

Join me online for three courses in October and November 2009 under the auspices of Security University. We will be meeting via conference call on Saturdays and Sundays for six hours each day and then for three hours in the evenings of Monday through Thursday. The courses are “Introduction to IA for Non-Technical Managers“; “Management of IA“; and “Cyberlaw for IA Professionals.” Each course will have the lectures and discussions recorded and available for download – and there will be a dedicated discussion group online for participants to discuss points and questions. See you online!