What to Make of ID Fraud Stats
So everybody focused on the fact that Javelin Research reported that women were more likely to become victims of ID theft-based fraud, but there are some other interesting numbers in the research results.
A lot of people have been speculating over the last six months or so that cybercrime would be increasing based on the lagging worldwide economy, including here in the U.S.
Many of the estimates coming from the malware research community have looked at the rising number of Trojan attacks and the like as proof of this, but Javelin's report truly provides tacit evidence that something may actually be afoot.
Identity fraud incidents increased significantly during '08 in the U.S., leaping by 22 percent over 2007 results, representing the highest levels of such activity seen since 2004, another recession era. Nonetheless, there's still a lot less ID fraud being carried out since it peaked back in those years when cybercrime and malware really started taking off.
"One significant factor likely contributing to this rise is economic misfortune. Historically, higher rates of fraud occur when the economy worsens and identity fraud remains substantially lower overall when compared to the 2004 level of $60 billion," Javelin experts conclude in the report.
At the same time, the company found that the mean cost levied against consumers via identity fraud in 2008 decreased noticeably, falling 31 percent from $718 to $496 per incident, its lowest level since 2005.
Javelin attributed the change to more incidents being detected faster than they used to, and anyone who uses a credit card and travels frequently has probably experienced the new more proactive approach of the card companies' fraud reporting teams. It's good when they call before shutting down the card.
The fraudsters are also are speeding up their efforts, trying to cash in on stolen personal data faster, typically within less than a week, the research firm said. Overall Javelin reported that 71 percent of the ID fraud committed in 2008 began less than one week after the involved data was initially stolen, up from 33 percent in 2005.
"This dramatic increase points to more sophisticated attacks by fraudsters and an increasing number of attacks of opportunity where people or businesses leave data exposed," Javelin experts write.
So, we're told that there are more ID fraud incidents occurring, but that the payday for the perpetrators is diving, even as they get more sophisticated. This smacks of...
Commoditization? Is automation and the use of malware authoring toolkits making the whole process simply a bigger, dumber, yet faster-moving beast? This is an industry after all, and a big one at that. It would appear to be increasingly industrialized, based on these numbers.
Some 43 percent of ID fraud situations are still the result of lost wallets and checks and cards, and that's always interesting to consider with all the chatter of electronic data theft and cybercrime that we're immersed in. I mean, it's almost half, still.
But ID-driven cybercrime only appears to be wrapping its tentacles even further around the entire IT environment, in particular the Web, and growing deep roots around everything, despite all the ongoing efforts to stop it.
Sadly it doesn't seem like that's going to change anytime soon.
And for the record, I'm not going near the higher rate for women thing. Not a chance.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.