Internet users and other consumers who are worried that their online transactions put them at high risk for someone stealing their personal financial information, may gain some comfort from recent news that 72 percent of the thefts of confidential information, were done off-line. In fact, identity thieves obtained the bank or credit information on their victims from online sources in only 12 percent of the cases.
So if these miscreants are not getting the bulk of stolen financial data from our Internet transactions, how exactly are they going about it? For the most part, they are combing through our trash, and picking through stolen or lost wallets and purses, according to a survey conducted by Javelin Strategy & Research and reported in a Reuters article dated 26 January 2005. The survey consisted of 38 questions, and the results are derived from telephone interviews with 4,000 consumers — an alarming 509 of whom have been victims of identity fraud.
The typical consumer would likely be astonished to learn that the identity thief's identity is often quite familiar to the victim. Specifically, half of all known identity thefts are committed by the victims' friends, family members, and neighbors — thereby giving new meaning to the phrase "Neighborhood Watch".
Furthermore, identity thievery conducted off-line is far more lucrative than that conducted online. In particular, the average identity theft in the former case cost the consumer $15,607, versus only $2320 in the latter case. No reason for the huge disparity was apparently noted in the study.
One possible reason for the sizable difference, is that the typical compromised Internet transaction will only yield the victim's name, credit card number, expiration date, etc. Moreover, most credit cards have limits as to the personal liability of the victim, to say nothing of well-financed anti-fraud departments with powerful computers sifting through each day's credit card purchases. In contrast, the off-line identity thief can pull out of the average person's trash a stack of discarded bank account statements, credit card statements, tax forms, credit cards about to expire, signature examples, and even blank checks.
Not only is the average loss far lower for online transactions, but the odds of the theft being caught or at least stopped are much greater than for off-line identity theft. In those cases where the victim discovered the fraud on the Internet, their average loss was only $551. This compares favorably to those cases where the victim eventually learned of the fraud by receiving mailed statements, in which case it costs them $4543 on average.
The Reuters article made no mention as to whether the survey discussed whether online fraud is expected to grow in the future, in proportion to total fraud. It is quite possible that it will, given how U.S. government agencies, insurance companies, credit card issuers, and other financial institutions are increasingly demanding and then sharing consumers' sensitive information — oftentimes with inadequate security safeguards in place.