About 27.3 million US residents have been victims of
identity theft during the past five years, according to a survey by
the US Federal Trade Commission (FTC), but the agency is unsure how
many of those crimes happened through technological means such as
the internet.
The FTC estimated that 9.9 million US residents have been
victims of identify theft during the past year, with businesses and
financial institutions losing $48bn (£31bn), and consumer victims
reporting $5bn (£3.2bn) in out-of-pocket expenses.
The survey, of more than 4,000 adults in March and April, is the
first comprehensive attempt by the US government to get a handle on
the number of victims and the cost of identity theft.
"It [the results] was considerably higher than I expected," said
Howard Beales, director of the FTC's Bureau of Consumer
Protection.
"In planning this survey, we did the sample as large as we did
because we thought we were going to have a hard time finding
victims. Unfortunately, that's not the case."
The FTC's numbers are higher than most previous estimates of
identity theft. A Gartner survey released in July found seven
million victims of identity theft in the previous year, while the
FTC received about 380,000 complaints about identity theft in
2002.
An internet survey by Privacy and American Business, released in
July, found 33.4 million US victims of identity theft since
1990.
Nearly half of those who said they had been a victim of identity
theft during the past five years did not know how the thief
obtained their information.
Twenty-three per cent said the thief gained their information
through a theft of some kind, but that could range from a credit
card statement stolen from a dustbin to a hacker stealing credit
card numbers from an e-commerce site. Another 13% said the thief
obtained the personal information through a transaction of some
kind, which could include some web transactions.
Although the survey does not break down the causes of identity
theft, Beales said there was nothing in the report to suggest that
transactions on the internet with trusted websites were
dangerous.
"We don't know of any problems that have resulted from consumers
who shared information with a secure website that uses SSL (Secure
Sockets Layer) encryption to transmit information," he said.
"There clearly are hazards on the internet, because consumers
can end up at a site that is not what they think it is."
Consumers should be careful when they get e-mails asking them to
click on a link to update their data at a website. In many cases,
those e-mails are part of a scam sometimes called "phishing". If a
consumer thinks he has a legitimate billing issue that needs to be
fixed, he should go to a site directly instead of clicking on a
link in an e-mail from an unknown sender, Beales recommended.
The FTC defined identity theft as everything from someone trying
to gain government benefits under another person's name to someone
opening a credit card account in another person's name.
About 4.6% of those surveyed said they had been a victim of some
kind of identity theft in the past year, with 3.1% of those
surveyed saying the thieves had got access to existing credit cards
or other accounts.
Another 1.5% of the people surveyed said they had fallen victim
to someone trying to open new accounts in their name.
The average out-of-pocket expense per victim was $500. On
average, the theft netted $4,800 per victim.
When the thieves gained access to existing accounts, 67% of
those accounts were credit cards. Another 19% were current or
savings accounts, 9% were telephone service and 3% were internet
service.
Grant Gross writes for IDG News Service