Dangerous Identity Theft Threat
August 07, 2015 governmentgrants.info Staff
This past weekend, The New York Times' TheUpshot released an article detailing the most dangerous aspect of identity theft: The fact that laypersons typically underestimate how serious the problem is. The article stated that the consequences of most cases of identity theft have been blown out of proportion, and that only a small percentage of victims actually suffer financial losses.
TheUpshot's main argument source appears to be the 2015 Identity Fraud Report, which utilizes data from 2014 and was published by Javelin Strategy and Research. The report showed a significant rise in account takeovers, wherein an identity thief manages to get past authentication on someone's credit account and change information. However, the report also found that money lost due to identity fraud had decreased.
Anyone who would think that the Javelin report is minimizing the danger to consumers from data breaches must not be reading it correctly. Furthermore, suggesting that the danger is overblown is both oversimplified and hazardous to consumers. TheUpshot's article places too much focus on account takeovers from data breaches of big companies like Target. At the same time, it fails to give adequate attention to the real and lasting impacts of more damaging kinds of identity theft, like those carried out using Social Security numbers, and other big-name data breaches like Premera, Anthem and the Office of Personnel Management, which have exposed millions of files with that information.
It Doesn't Just Affect the Banks
TheUpshot's article belittles the costs of data breaches to consumers other than irritation and lost time, since, in their words, "numerous laws protect customers from being held financially liable for hackers' actions." The article also stated, "banks and companies have to bear the financial burden. However, even those losses have been diminishing as information security experts develop new and better ways to prevent unauthorized database access from turning into identity theft."
First, if it's at all possible, banks will not bear the full brunt of the financial burden. Instead, it's passed onto the company who initiated the problem as penalties and fines. In some instances, it's not even a certainty that the company is at fault. It's notoriously difficult for small businesses to challenge credit card companies over these issues. When these incidents occur, it can either drive them out of business or force them to increase prices. Of course, those price hikes then have an impact on customers.
In addition, another recent report stated that the costs to businesses of data intrusions have not been falling, contrary to TheUpshot's article. On May 27, The Ponemon Institute and IBM both stated that the price of each breached record had jumped by 12 percent over the year before, going from $145 to $154, and that the complete financial losses of a data breach rose by 23 percent to a staggering $3.79 million.
It's necessary to reiterate that while it's popular, if misguided, to say that large corporations like Home Depot or Target are more than capable of affording the costs of a data breach, that isn't true of small businesses. Big companies aren't the only ones hit by breaches.
Five Percent Is A Lot
According to TheUpshot's article, "More problematic cases of identity theft, wherein new accounts are opened using the victim's name, only comprise five percent of the complete number Javelin provides."
At first glance, five percent doesn't seem like much, but that's only because there's no context. According to Brent Montgomery, Fraud Operations Manager for IDT911, "while we don't have any information that shows the exact number of breaches that result in identity theft, five percent is still a big number."
According to the Javelin report, there were 12.7 million victims of fraud in 2014. Even a mere five percent of those cases is 635,000 victims, which is hardly insignificant.
Montgomery also sheds some light on the bigger picture: "Breaches occur every day, and identity thieves can piece together information from several breaches and obtain everything they need to carry out the fraud."
TheUpstart ignores the fact that identity theft scams are comprised of information that was likely collected from vast numbers of corporate and individual breaches, many of which are sold on a black market. Indeed, scams going on now could be drawing on information obtained during a breach several years ago, particularly since Social Security numbers don't expire.
Another serious issue with using the Javelin report is that the information is only an estimate taken from a tiny sample of the population. On the other hand, the Federal Trade Commission's Consumer Sentinel Network Data Book from January through December of 2014 contains hundreds of thousands of consumer reports. This is important because on the thirteenth page, you'll notice a higher rate of new accounts being made (12.5 percent) than fraud on accounts that already exist (4.9 percent).
Very Serious Identity Theft Threats Exist
Although occurrences of new fraudulent accounts, and in some cases, takeovers of existing ones, can appear on a credit report, other kinds of identity theft aren't as obvious until they've done extensive damage. It's more important to consider what happens to consumers when their most sensitive information ends up in criminals' hands. TheUpshot's article neglects to mention tax fraud, which is becoming more common and is long and arduous to resolve. In this overly-optimistic take on the situation, attention to medical identity theft is also strangely missing. This isn't just extremely hard to detect and fix. It can also prove life-threatening.
The point is that while it's simple to dismiss experts on identity theft as being biased and therefore dishonest, it's grossly irresponsible to belittle the very serious risks people face when their sensitive data has been exposed during data breaches. These dangers are real, and their consequences can last a lifetime.