Mistaken identity-theft figures

Is Gartner right: 7 million Americans fell victim to identity theft over the past year?

Something is wrong here.

Gartner last week reported that 3.4% of 2,445 U.S. adults surveyed by mail claimed to have been the victim of identity theft within the past 12 months.

Identity theft is among the most frightening of non-violent crimes, not only because of the financial toll it exacts but also the endless hurdles victims must clear to restore their good names. The crime predates the Internet and need not involve computers, of course, but stands today as perhaps the most powerful drag on the growth of e-commerce.

If the Gartner survey accurately reflects the prevalence of this crime, it means some 7 million Americans were victimized between June 2002 and June 2003, an almost 80% increase over the previous year’s Gartner survey.

But here’s the good news: It’s virtually inconceivable – at least to me – that these figures accurately reflect reality. In fact, it appears unlikely they’re even in the ballpark.

It’s important to understand that Gartner is not talking about simple credit card fraud: “With identity theft, a thief takes over a consumer’s entire identity by stealing critical private information, such as the Social Security number, driver’s license number, address, credit card number or bank account number,” Gartner says. “The thief can then use the stolen information to obtain illegal loans or credit lines to buy goods and services under the stolen name.”

Gartner’s data would have us believe that 3.4% of U.S. adults – again, 7 million people – were so victimized in just one year.

However, the Federal Trade Commission’s clearinghouse for identity-theft information reports having logged about 162,000 such complaints last year from various sources. The FTC site states upfront that this is not an all-inclusive count, but it would have to be considered completely irrelevant – as in accounting for only 1 in every 43 such crimes – if the Gartner survey reflects reality.

According to figures from the National Crime Victimization Survey posted on the Justice Department’s Web site, “In 2001, U.S. residents age 12 or older experienced approximately 24.2 million crimes” of all types. About 5.7 million were violent, so let’s back them out of the total, along with a few million for the 12-to-18 crowd that Gartner isn’t counting. (We’re also looking at 2001 numbers, but they ought not to have increased dramatically since they are overall crime figures.)

If you take both the Justice Department and Gartner numbers at face value it means that roughly half of all non-violent crime is identity theft.

Anyone buy that?

“The survey methodology and question set were sound,” says Avivah Litan, the Gartner analyst who authored the report. “The numbers are an accurate reflection of those who believe they have been victimized by identity theft in the past 12 months.”

Perhaps there’s an answer to the puzzle in the word “believe.” Maybe people didn’t read or properly comprehend the definition of identity theft, and, in particular, appreciate the distinction between it and credit card fraud. Maybe people didn’t note the “past 12 months” caveat.

Who knows? If everyone could understand and correctly answer every question put to them, there would be no need for the SATs.

But here’s the truly scary prospect: What if the Gartner numbers are correct?

In that case, virtually every one of us – or one of our family members – stands a solid statistical chance of falling victim to this crime within a few short years.

In other words, if the Gartner data reflects reality, you can pretty much kiss e-commerce goodbye.

And don’t forget the frequency with which perception becomes reality: The Gartner figures circulated worldwide in news reports last week. To the extent they create an erroneous impression, the damage already has been done.

Got a take of your own? The address is buzz@nww.com.