Identity theft is on the rise again, says a new industry-sponsored study, reversing a promising two-year trend.
Some 12.6 million Americans were victimized by ID theft in 2012, the second-highest total since the Federal Trade Commission began counting victims in 2003 and roughly 1 million more than 2011, according to the survey by Javelin Strategy and Research. The record – 13.9 million victims – was set in 2009.
The criminals made off with $3 billion more than in 2011, as well. Overall, slightly more than 1 in 20 consumers -- 5.26 percent -- were victims last year, the survey found.
A large portion of the increase was driven by "dramatic jumps" in more-serious forms of ID theft, such as new account fraud, where a criminal uses a victim's personal information to open new credit cards or other kinds of loans. New account fraud jumped 50 percent last year, according to the report, with the total fraud loss doubling year over year to just under $10 billion
"I don't think (the data) shows that banks are losing control," said Jim Van Dyke, author of the study, when asked about the significance of the new data. "But it's really wise to look at where we haven't gotten anything under control, and that's new account fraud."
The news comes amid a cascade of hacker stories this week, giving the impression computer criminals are gaining the upper hand on many fronts. Agents working on behalf of the Chinese army have successfully attacked dozens of U.S. companies, according to a report issued Tuesday by U.S. security firm Mandiant. Large U.S. media companies have also fought off Chinese hackers, and not always successfully, according to several reports. Burger King and Jeep suffered embarrassing Twitter account takeovers. And both Twitter and Facebook have had to announce in recent weeks that they had been hacked.
Javelin's data is based on telephone surveys of U.S. adults, with consumers self-reporting details of their ID theft to survey takers and results extrapolated from their answers. The precision of such data can be questioned, but Javelin has used the same techniques for eight years, making year-to-year observations informative. The same technique was used by the FTC in 2003 when it initially reported the size of the identity theft problem as required by Congress.
The survey was sponsored by CitiGroup, Visa, and Intersections LLC, which provides identity theft prevention services to consumers. Van Dyke says the sponsors were not involved in tabulation, analysis or reporting of the results.
Bank security analyst Avivah Litan of the security consultant firm Gartner, who has run her own ID theft victim surveys in the past, said the Javelin survey's results are consistent with what she's heard from bank security officials.
"Even in an age of cyberespionage and advanced targeted attacks, good old-fashioned consumer identity theft continues to escalate," Litan said. "It's highly unfortunate that even after all this time and effort by banks regulators high tech entrepreneurs and law enforcement that the bad guys are still coming out ahead. It's high time that we put more intelligent efforts into winning this cyberwar, whether it’s against amateur identity thieves or foreign infiltrators."
Other interesting findings from the Javelin report:
*Consumers who received "breach" notifications from companies indicating their personal data had been compromised were much more likely than others to be victims of ID theft. And that trend is rising. In 2011, 1 in 5 recipients were victims; and last year, the likelihood increased to 1 in 4.
*Fraud victims living below the poverty line were more than twice as likely to know their imposter personally -- so-called "familiar fraud" -- than wealthier consumers. The survey found that 29 percent of poor victims knew their imposter vs. 12 percent of those living above the poverty line.
*It's important to note that despite the rise in new account fraud, simple credit card fraud still accounts for about two-thirds of all ID theft. Those victims had a relatively easy time fixing the problem, reporting an average of 11 hours of disruption. On the other hand, 51 percent of victims of "account-takeover fraud," which allows criminals to withdraw funds from existing checking accounts and run similar schemes, said their lives were "severely impacted" and they spent an average of 37 hours resolving their frauds.
Van Dyke also pointed out there are hidden victims in ID theft, in addition to banks and consumers who lose money. Among consumers who were victims of fraud, 15 percent said they reacted by avoiding online retailers, and half of that group specifically avoided small retailers. Only 8 percent of that group said they avoided large merchants after a fraud.
"Small online merchants are really being singled out," he said. In other words, they are hit both by fraud, and by lost sales due to the impression of risk created by fraud. "Consumers are very sympathetic to small merchants, but when you see this lack of trust play out, it underscores how significant the problem is and how important it is that we deal with it.”
* Follow Bob Sullivan on Facebook.
* Follow Bob Sullivan on Twitter
More from Red Tape Chronicles:
First published February 19 2013, 10:00 PM