STAMFORD, Conn., March 6, 2007 – Approximately 15 million Americans were victimized by some sort of identity-theft related fraud in the 12 months ending in mid-2006, according to a survey by Gartner, Inc. These statistics represent more than a 50 percent increase since 2003 when the Federal Trade Commission (FTC) reported 9.9 million American adult identity theft victims.
According to the Gartner survey of 5,000 online U.S. adults in August 2006, the average loss was $3,257 in 2006, up from $1,408 in 2005. At the same time, the percentage of funds consumers managed to recover dropped from 87 percent in 2005 to 61 percent in 2006.
�Hackers are exploiting Internet auctions, nonregulated money transmittal systems, the ability to impersonate lottery and sweepstake contests, and other types of imaginative scams,� said Avivah Litan, vice president and distinguished analyst at Gartner. �The thieves have also discovered the weakest links in the U.S. payments systems. Typically, the weak links are found among the five or more million businesses that accept electronic payments from consumers, and the consumers themselves.�
Electronic theft of sensitive information is a leading cause of certain types of fraud, including credit card, debit/ATM card and bank account transfer fraud. This is not the case with check forgery and new account fraud, where in-person data theft is the leading cause.
�All sensitive electronic data needs to be protected, but enterprises should be aware that the low hanging fruit for the criminals is electronic card and checking account numbers, as well as user IDs and passwords for online financial accounts,� Ms. Litan said.
The average loss on new account fraud more than doubled from $2,678 in 2005 to $5,962 in 2006. Unauthorized charges to credit cards rose nearly fourfold from an average of $734 in 2005 to $2,550 in 2006. This trend reconciles with a trend cited by various U.S. card issuers who reported large increases in counterfeit card fraud in 2006. Similarly, there were large increases in checking account transfer fraud and �other� noncategorized types of fraud (for example, scams exploiting eBay, PayPal and phone companies).
�Oftentimes, consumers have no idea how criminals hijack their accounts and/or identities,� Ms. Litan said. �They also typically have no clue if one or more of their personal attributes, such as their social security number, is used to piece together a new fictitious identity in a phenomenon typically referred to as synthetic identity fraud.�
Regardless of the method used to steal data to commit new account fraud, the fraud itself can be largely prevented by using identity verification and scoring services.
�Enterprises that store credit card, debit/ATM card and bank account data should expect electronic data breaches and/or hacks, and migrate away from that practice while protecting their systems accordingly until they are able to do so,� Ms. Litan said. �Rule-makers debating identity-theft legislation should consider comprehensive financial protection for consumers who lose money to fraud that goes beyond disparate regulations in place today. Service providers should pay for this protection when data or accounts under their custody are breached.�
More detailed analysis on the security industry will be presented at the upcoming Gartner Symposium/ITxpo 2007: Emerging Trends, April 22-26 at Moscone West in San Francisco. Gartner Symposium/ITxpo is the IT industry’s largest and most-strategic conference, providing business leaders with a look at the future of IT. For more than 10,000 IT professionals from the world’s leading enterprises, Gartner’s annual Symposium/ITxpo events are key components of their annual planning efforts. Attendees rely on Gartner Symposium/ITxpo to gain insight into how their organizations can use technology to address business challenges and improve operational efficiency. For more information, please visit www.gartner.com/us/symposiumwest.com.