Sign in to search Gartner Research
Approximately 15 million Americans were victimized by some sort of identity-theft related fraud in the 12 months ending in mid-2006, according to a survey by Gartner, Inc. These statistics represent more than a 50 percent increase since 2003 when the Federal Trade Commission (FTC) reported 9.9 million American adult identity theft victims.
According to the Gartner survey of 5,000 online U.S. adults in August 2006, the average loss was $3,257 in 2006, up from $1,408 in 2005. At the same time, the percentage of funds consumers managed to recover dropped from 87 percent in 2005 to 61 percent in 2006.
“Hackers are exploiting Internet auctions, nonregulated money transmittal systems, the ability to impersonate lottery and sweepstake contests, and other types of imaginative scams,” said Avivah Litan, vice president and distinguished analyst at Gartner. “The thieves have also discovered the weakest links in the U.S. payments systems. Typically, the weak links are found among the five or more million businesses that accept electronic payments from consumers, and the consumers themselves.”
Electronic theft of sensitive information is a leading cause of certain types of fraud, including credit card, debit/ATM card and bank account transfer fraud. This is not the case with check forgery and new account fraud, where in-person data theft is the leading cause.
“All sensitive electronic data needs to be protected, but enterprises should be aware that the low hanging fruit for the criminals is electronic card and checking account numbers, as well as user IDs and passwords for online financial accounts,” Ms. Litan said.
The average loss on new account fraud more than doubled from $2,678 in 2005 to $5,962 in 2006. Unauthorized charges to credit cards rose nearly fourfold from an average of $734 in 2005 to $2,550 in 2006. This trend reconciles with a trend cited by various U.S. card issuers who reported large increases in counterfeit card fraud in 2006. Similarly, there were large increases in checking account transfer fraud and “other” noncategorized types of fraud (for example, scams exploiting eBay, PayPal and phone companies).
“Oftentimes, consumers have no idea how criminals hijack their accounts and/or identities,” Ms. Litan said. “They also typically have no clue if one or more of their personal attributes, such as their social security number, is used to piece together a new fictitious identity in a phenomenon typically referred to as synthetic identity fraud.”
Regardless of the method used to steal data to commit new account fraud, the fraud itself can be largely prevented by using identity verification and scoring services.
“Enterprises that store credit card, debit/ATM card and bank account data should expect electronic data breaches and/or hacks, and migrate away from that practice while protecting their systems accordingly until they are able to do so,” Ms. Litan said. “Rule-makers debating identity-theft legislation should consider comprehensive financial protection for consumers who lose money to fraud that goes beyond disparate regulations in place today. Service providers should pay for this protection when data or accounts under their custody are breached.”
More detailed analysis on the security industry will be presented at the upcoming Gartner Symposium/ITxpo 2007: Emerging Trends, April 22-26 at Moscone West in San Francisco. Gartner Symposium/ITxpo is the IT industry's largest and most-strategic conference, providing business leaders with a look at the future of IT. For more than 10,000 IT professionals from the world's leading enterprises, Gartner's annual Symposium/ITxpo events are key components of their annual planning efforts. Attendees rely on Gartner Symposium/ITxpo to gain insight into how their organizations can use technology to address business challenges and improve operational efficiency. For more information, please visit www.gartner.com/us/symposiumwest.com. Members of the media can register by contacting GartnerEvents@text100.com.
Gartner, Inc. (NYSE: IT) is the world's leading information technology research and advisory company. Gartner delivers the technology-related insight necessary for its clients to make the right decisions, every day. From CIOs and senior IT leaders in corporations and government agencies, to business leaders in high-tech and telecom enterprises and professional services firms, to technology investors, Gartner is the valuable partner in over 13,000 distinct organizations. Through the resources of Gartner Research, Gartner Executive Programs, Gartner Consulting and Gartner Events, Gartner works with every client to research, analyze and interpret the business of IT within the context of their individual role. Founded in 1979, Gartner is headquartered in Stamford, Connecticut, U.S.A., and has 5,500 associates, including 1,400 research analysts and consultants, and clients in 85 countries. For more information, visit www.gartner.com.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.