Identity thieves lie somewhere in the lower half of the
continuum between the low end smash and grab purse-snatchers and the high-end
credit card database heists. Identity theft is “the misuse of another
individual’s personal information to commit fraud.”[1] To pull off identity theft, the criminal
usually needs a person’s name, address, Social Security Number, and date of
birth. That information is resident in thousands of databases held by
employers, government agencies, health care organizations, and educational and
financial institutions. And hackers want them because they can use the
information to apply for credit in the name of other people. Not quite as
direct as stealing payment card information, but still pretty good.
In 2006, 8.4 million individuals in the U.S. were victims
of identity fraud with related losses totaling $49.3 billion, according to estimates
published by Javelin Strategy and Research.[2] Since 2001, identity theft has been the most
common consumer complaint registered to the Federal Trade Commission.
Why is
identity theft such a popular crime among fraudsters? Because it is low risk,
low cost, and highly profitable. In 2005 8.3 million U.S. adults were victims
of identity theft – 3.7% of the American adult population. In 10% of the cases
thieves made off with at least $6,000.[3] Of the 512 cases handled by the Secret Service between 2001 and 2006, the
median loss was $31,356. Of the cases,
the highest loss was over $13 million.[3] Compare this with the average take in a bank
robbery of under $5000, a much riskier crime.[5]
As with credit cards, many fraudsters use the information
they have stolen to commit fraud themselves. Others, primarily those who have
compromised large identity databases such as ChoicePoint in 2005, offer the
stolen identities for sale on-line for others to use in identity theft schemes.
Numerous online forums provide markets for sellers and buyers of identities.
The screenshot below is a listing from moneytalkforum.com. In this
screenshot the seller provides a ‘sample’ of his goods for sale. Clearly, this
“Benjamin’s” identity is completely p0wned.
1) The Presidents Identity Theft Task Force: Combating Identity Theft – A
Strategic Plan, page 2, April 2007
2) 2007 Identity Fraud Survey Report, Javelin Strategy and Research
3) Federal Trade Commission – Identity Theft Survey Report, November 2007,
Synovate
4) Identity Fraud Trends and Patterns: Building a Data-Based Foundation for
Proactive Enforcement – October 2007