2009 Identity Fraud Survey Report

Latest Javelin Research Shows Identity Fraud Increased 22 Percent, Affecting Nearly Ten Million Americans: But Consumer Costs Fell Sharply by 31 Percent

The 2009 Identity Fraud Survey Report – released today by Javelin Strategy & Research (www.javelinstrategy.com) – confirms that the number of identity fraud victims has increased 22 percent to 9.9 million adults in the United States, while the total annual fraud amount only increased slightly by seven percent to $48 billion over the past year. The report found detection and resolution efforts are working well—consumers and businesses are detecting and resolving fraud more quickly. As a result the mean consumer costs of identity fraud plummeted by 31 percent to $496 per incident in 2008. The study also found that women were 26 percent more likely to be victims of identity fraud than men this past year.

Now in its fifth consecutive year, the comprehensive survey is independently produced by Javelin Strategy & Research. It is the nation’s longest-running study of identity fraud, with 24,000 U.S. respondents over the past five years. Identity fraud is defined as the unauthorized use of another person’s personal information to achieve illicit financial gain. In October 2008, nearly 4,800 telephone interviews with U.S. consumers identified important findings about the impact of fraud while at the same time uncovering both areas of progress and concern for Americans.

“Javelin’s 2009 Identity Fraud Report highlights that fraud is increasing but it is being caught more quickly; consumer costs are declining; and crimes of opportunity, such as information from lost wallets, still comprise the vast majority of incidents,” said James Van Dyke, president and founder of Javelin Strategy & Research. “The good news is research shows consumers have more control than they may think and more of them are actively taking steps to protect themselves. Additionally, the financial industry has made significant strides to resolve fraud incidents for their customers and put stronger controls in place to limit fraud, which is lessening the impact of this crime.”

Other findings in this year’s report reinforce the trend that when the cause of fraud is known by the victim, criminals are frequently obtaining personal information from stolen physical belongings. Stolen ATM/Debit personal identification numbers (PINs) are another possible route to fraudulent activity and California and Illinois continue to be hotbeds of identity fraud activity.

Key Survey Findings:

• Overall Identity Fraud Incidents Increased in the United States—The number of identity fraud incidents increased by 22 percent over 2007, which brings them back up to levels not seen since 2004. One significant factor likely contributing to this rise is economic misfortune. Historically, higher rates of fraud occur when the economy worsens and identity fraud remains substantially lower overall when compared to the 2004 level of $60 billion.
• Cost to Consumers is Down—The mean consumer cost of identity fraud decreased 31 percent from $718 to $496 per incident, its lowest level since 2005. This fraud-reduction-per-incident is attributable to fraud being detected faster, lower fraud amounts and quicker resolution times thanks to industry efforts and consumer education.
• Fraudsters are Moving Much More Quickly—In cases where identity fraud was reported, 71 percent of the fraud incidents began occurring in less than one week from when the data was first stolen, up from 33 percent in 2005. This dramatic increase points to more sophisticated attacks by fraudsters and an increasing number of attacks of opportunity where people or businesses leave data exposed.
• Gender Disparity—Women were 26 percent more likely to be victims of identity fraud than men in 2008. Factors surrounding this new trend include women making more purchases in stores, as well as more women than men having their information breached last year.
• Low-tech Methods Still Most Popular—Lost or stolen wallets, checkbooks and credit and debit cards were still the most likely avenues of fraudsters’ attacks. These avenues totaled 43 percent of all incidents where the method of access was known. By protecting this information, consumers can significantly lower their risks.

In-Depth Analysis: Understanding the Findings

Approximately 1.8 million more adults fell victim to identity fraud in 2008, compared to 2007. This is the first year-over-year increase since Javelin began collecting data in 2004, when 4.25 percent of the overall adult population in the United States was victimized. The greatest increase occurred in fraud on existing card accounts, rather than the crimes which have a more severe impact such as opening new accounts.

Despite the increase in fraud incidents, the total annual fraud amount rose just seven percent to $48 billion, up from $45 billion in the previous report and 20 percent lower than it was in 2004. These figures represent the total amount that criminals were able to obtain illegally. The average fraud amount decreased (by 12 percent) to $4,849.

This decrease is likely attributable to greater consumer awareness of the risks - increased availability of security, controls and consumer education campaigns by banks, card associations and other organizations; and greater access to more sophisticated prevention and detection resources from privacy and security companies. As businesses and consumers continue to work closely together and with consumers more frequently updating anti-spyware and anti-virus software and protecting sensitive data by safely adopting online financial services, such as online banking and bill paying, Javelin Strategy & Research expects the fraud-reduction-per-incident trend to continue downward.

Gender Disparity in Identity Fraud

This year’s Identity Fraud Report found that women were 26 percent more likely to be victims of identity fraud than men. Many factors lead to this disparity. Fraud attacks involving women occur more often via in-person channels, such as stores and restaurants, where there is less consumer control. There is a greater percentage of women making in-person purchases and women were almost three times more likely than men to report their information stolen during an in-person purchase. Additionally, recent merchant data breaches impacted women more than men (12 percent vs. 10 percent).

The study also found disparity in how fraudsters use information obtained from women. Fraud affecting women took significantly longer to begin after the initial compromise of the data: 14 percent of female victims did not experience fraud until more than one year after their data was compromised. For men, this figure was only two percent.

Men are more likely to use tools that help detect fraud more quickly, such as email or mobile alerts. Currently, it takes women on average almost twice as long to catch fraud as men. That gap could narrow if everyone takes advantage of the fraud detection tools available to them.

Understanding Fraudsters’ Avenues of Attack

Lost or stolen wallets, checkbooks and credit cards are still the most likely avenues for fraudsters to gain personal information – totaling 43 percent of incidents where the source was known. This is up significantly from 33 percent of the incidents in the previous year. In 2008, online access, such as using virus-afflicted computers at home or at work, accounted for only 11 percent of the total fraud. Combined with the increased speed of misuse, this trend points to more attacks of opportunity, when a fraudster takes advantage of personal information to which they suddenly have access, such as a lost wallet or watching someone enter their ATM PIN.

It isn’t just strangers perpetrating fraud. More than 10 percent of victims knew their fraud perpetrator. When victims knew their perpetrator, those cases went undetected more than two months longer and cost the victims over twice as much.

While Social Security numbers, names and addresses still made up the majority of the ways in which identity fraud was perpetrated, for the first time the Javelin Strategy & Research survey studied the threat posed by ATM and debit card compromises. One in four victims experienced a PIN compromise on either their ATM/debit or credit cards. This translates into at least 2.7 million PIN compromises.

More consumers are turning to receiving electronic statements and bills. This has likely resulted in the dramatic decline in the use of stolen mail for identity fraud, which now stands as only three percent of the incidents.

Working together to protect and educate consumers

“This year’s Javelin Report clearly demonstrates the results that are achieved when businesses work closely with consumers to find fraud quickly and resolve issues effectively,” said Steve Cole, president and CEO, Council of Better Business Bureaus. “In order to retain consumer trust and confidence, businesses must remain vigilant in safeguarding data and continue to educate customers on how to protect themselves and respond to incidents.”

The survey is supported by the Better Business Bureau and co-sponsored by Intersections, Inc., and Wells Fargo & Company, organizations committed to educating and helping consumers reduce their risk of identity fraud.

Six Safety Tips to Protect Consumers

1. Be Vigilant—Monitor your accounts regularly online at bank and credit card websites, ATMs or by phone and set up alerts that can be sent both online and to a mobile device. Americans who monitor their accounts frequently are most likely to uncover suspicious or unauthorized activity. The survey found that those victims who took more than six months to detect the fraud saw four times higher average costs. Meanwhile, too many cases of fraud are detected via slower methods, such as when consumers review credit histories, paper statements or are contacted by a debt collector.

2. Keep Personal Data Private—Do not provide sensitive financial information over the Internet or phone, including Social Security Numbers, passwords, personal identification numbers (PINs) or account numbers, unless you initiated the interaction to a verified and trusted location, such as the number or web address on the back of a credit card, debit card or statement.

3. Online is Safer Than Offline When Consumers Use Available Security Controls—Consumers should install and regularly update anti-virus and anti-spyware software, and keep operating systems and browsers updated. Once online access is secure, consumers should move financial transactions online to eliminate many of the most common avenues fraudsters use to obtain personal information and gain more control compared to traditional channels. Moving online includes turning off paper invoices, statements and checks, including paychecks, and replacing them with electronic versions. Avoid mailing checks to pay bills or deposit funds in your banking account. Instead, pay bills online and use remote deposit check imaging services.

4. Be Aware of Those Around You—Be mindful of your environment and others who may be in proximity of overhearing sensitive financial or personal information or watching you text. This includes purchases over the phone or use of your Social Security Number for identification.

5. Ensure Credit and Debit Cards are Protected—Obtain credit and debit cards from financial institutions that provide zero liability if a card is ever lost, stolen or used without authorization. Nearly all financial institutions automatically protect you against any unauthorized transactions made at merchants, over the phone, on the Internet or at the ATM.

6. Learn About Identity Protection Services—There are additional services for those consumers who want extra protection and peace of mind. These include credit monitoring, fraud alerts, credit freezes and database scanning, some of which can be obtained for a fee and others at no cost. At a minimum, consumers should review their credit report no less than once per year, either for free at AnnualCreditReport.com or through many financial institutions’ websites.

For Additional Educational Tips, Consumers Should Visit:

• Intersections Inc.

  http://www.identityguard.com/aboutidentitytheft/landing.aspx

• Wells Fargo

  www.wellsfargo.com/privacy_security/fraud_prevention/

• Better Business Bureau

  www.us.bbb.org

To take an identity fraud safety quiz and download a free consumer version of Javelin’s identity fraud report, visit www.idsafety.net. For more information, tips and facts, consumers can also go to Preventing Identity Fraud on Facebook.

About Javelin Strategy & Research

Javelin is the leading independent provider of quantitative and qualitative research focused exclusively on financial services topics. Based on the most rigorous statistical methodologies, Javelin conducts in-depth primary research studies to pinpoint dynamic risks and opportunities. Javelin helps its clients achieve their initiatives through three service offerings, including syndicated research subscriptions, custom research projects and strategic consulting. Javelin’s client list includes some of the largest banks, credit unions, card issuers, and technology enterprises in the financial services industry.

For more information on this project or other Javelin studies, visit www.javelinstrategy.com/research or contact Kathleen McCabe at k.mccabe@javelinstrategy.com.

All trademarks are the property of their respective owners