Online Vs. Offline Identify Theft-Who Cares?
If the subject weren’t so serious, the argument would be hysterical.
The argument is typified HERE in an article about The 2005 Identity Fraud Survey Report, a joint effort of the Better Business Bureau and Javelin Strategy & Research:
New research shows that identity theft is more prevalent offline than online
“Our numbers show that fears about online identity fraud may be out of proportion to the relative risk, causing consumers to ignore the most glaring issues,” says James Van Dyke, Javelin’s founder and principal analyst. “Indeed, most instances of identity fraud occur through traditional channels and are paper-based, not Internet-based.”
The updated research project - supported by CheckFree, Visa and Wells Fargo & Company and based on 4,000 telephone interviews with consumers - makes four key points:
- The most frequently reported source of information used to commit fraud was a lost or stolen wallet or checkbook. Computer crimes accounted for just 11.6 percent of all known-cause identity fraud in 2004; and half of these digitally-driven crimes stem from spyware, software the computer user unknowingly installs to make ads pop-up when the consumer is online. Consumers can protect their financial data by using updated spyware, virus and firewall protection software and not responding to bogus “phishing” emails that request personal data.
- Among cases where the perpetrator’s identity is known, half of all identity fraud is committed by a friend, family member, relative, neighbor or in-home employee - someone known by the victim.
- A wide variety of metrics confirm that identity fraud problems are NOT worsening, with the total number of victims in decline.
— The annual dollar volume of identity fraud is highly similar to 2003 figures (adjusted for inflation) at $52.6 billion.
— The number of identity fraud victims dropped from 10.1 million to 9.3 million in 2004 versus 2003.
— The median value of identity fraud crimes remained unchanged at $750; however most identity fraud victims incurred no out-of-pocket costs.
— The average time to resolve an identity fraud crime dropped by 15%- from 33 hours in 2003 to 28 hours in 2004.- The majority of identity fraud crimes are self-detected. This reinforces the benefits of activity monitoring through electronic review of transactions, statements, and credit reports allowing consumers to check their account activities quickly and efficiently - without waiting for a paper bill or statement.
The author makes a very good point that being online and checking your accounts frequently will likely help you minimize your losses if an ID theft occurs because you’ll probably detect it earlier. Fine.
But the article, as do most that deal with ID theft, fails to distinguish between HOW identity thieves steal your information (yes, mostly using “offline” methods) versus what they do once they have your information. Once they have it, they’re very likely to open accounts and conduct business online, where the fraudulent nature of what they are doing is not normally detectable with today’s controls (actually, the lack thereof).
According to the logic of the report, if someone steals my wallet and uses my Social Security Number and other identifying information to go online and opens up a credit card with a $5,000 limit, and then burns through the credit line buying stuff online, the whole thing is considered an “offline” event, even though all of the actual stealing (the financial loss to the victim) occurred online! The nearly-effortless ability of people to do business online once they have my information is part of the whole problem of ONLINE security.
To me, it’s really a distinction without a difference. Our personal information is too available (and yes, a lot of times it’s our own fault because we’re careless), but it’s also too easily used once obtained. I just wish the report’s authors and their banking-system underwriters weren’t so disingenuous about how and where actual ID-theft losses take place.
