How real is the threat of ID theft when holiday shopping online?

Last issue I talked about Sun’s recent announcement of plans to release all of its identity products as freely downloadable software. The news reminded me of a recent conversation I’d had with Sun’s VP of Identity (I DO love that title!), Sara Gates. It was, in fact, an extended conversation – beginning in e-mail, continued on the phone, then rounded out on our respective Weblogs.

The discussions revolved around a recent Harris Poll survey, commissioned by Sun, that explored people’s attitudes towards identity theft, identity fraud and data breaches.

News stories written about the poll (such as “Fear of identity theft bad for business, survey finds” by Network World affiliate IDG News Service) used data from a Sun press release (augmented, usually, by a telephone interview). That’s how I was approached. But I then asked for a copy of the Harris Interactive report, which was provided.

In the press release, after preliminary explanatory information, the first results were listed as:

* 34% of American adults have either been a victim of identity theft or know someone who has been victimized.

* 44% of Americans think that victims of identity theft were careless with their personal information.

* 83% of American adults think people are more susceptible to identity theft around the holiday season.

* Yet, nearly two thirds of Americans plan to shop online this holiday season – with 14% planning to do more than half of their holiday shopping online.

That “yet” implies to me that the “identity theft” talked about was something that occurred online or because of online activity. Yet the Harris report shows that interviewers were told to “define ‘ID theft’ as someone using your personal information without your permission to commit fraud or other crimes, regardless of whether they obtained your information online, by telephone, in the mail or by any other means.” As we saw in the infamous FTC survey on identity theft of a couple of years ago (“What is identity theft?”) people who found a phone call on their telephone bill which they didn’t remember often characterize themselves as victims of identity theft.

The Harris poll also asked about data theft/breach issues and, as the IDG News Service story reported, “Half of the respondents said they were likely to switch financial institutions if they found out that their personal data stored by the bank had been compromised.” But the interviewer was told to “define ‘compromised’ as lost, stolen or shared without your consent.”

The IDG News Service article was well titled: “Fear of identity theft bad for business.” Because it’s the fear not actual thefts that’s causing people to avoid using online services.

Data breaches are a security concern, just as are stolen laptops (some of which hold identity data). But, so far, none have been shown to lead to identity fraud. There are few if any cases in which identity data was deliberately stolen in an online transaction. Yet the general press has been full of stories based on this survey, all reporting on people’s fear that online shopping can lead to identity theft.

It seems that we in the identity industry, those charged with either protecting identity data or providing the tools to do so, have more to fear from radio, TV and news reporters and their tabloid journalism about “identity theft” than we do from the thieves themselves.

I don’t mean to minimize the care we should all take with identity data, but simply want to point out to you that these topics will come up and you should be prepared to pour a bit of cold water on the unwarranted fears that arise. Happy shopping!