Caslon Analytics elephant logo title for Identity Crime profile
home | about | site use | resources | publications | timeline |::| Analysphere | Ketupa

overview

identity?

pre-modern

apparitions

conmen

honour

survivors?

cards

resumes

pollution

digital

statistics

costs

responses

insurance

Aust law

other law

fiction

forensics

shadows

true lies

dead souls

gender

race

age

landmarks









related pages icon
related
Guides:

Security &
InfoCrime

Governance

Information
Economy

Consumers
& Trust





related pages icon
related
Profiles:

Forgery &
Forensics

Biometrics

Credit
reporting

Vetting
Services

section heading icon     identity crime statistics

This page considers the extent and significance of identity theft/fraud.

It covers -

section marker     introduction

Figures on the extent, severity and composition of identity crime are problematical. Different estimates and forecasts abound; interpretation of particular statistics varies widely, as does assessment of the effectiveness of some responses.

As one client commented to us, it is thus possible to go statistics shopping for figures that appear to support/disprove a particular argument or - as discussed in the following page of this profile - to substantiate a headline or two.

Chris Hoofnagle's 2007 'Identity Theft: Making the Known Unknowns Known' in 21 Harvard Journal of Law and Technology (2007) commented

There is widespread agreement that identity theft causes financial damage to consumers, lending institutions, retail establishments, and the economy as a whole. Surprisingly, there is little good public information available about the scope of the crime and the actual damages it inflicts. The publicly available data on identity theft come mainly from survey research. Methodologically, these survey polls of the public suffer from being both under and over-inclusive in measuring the problem. As a result, low estimates attribute tens of billions of dollars in costs to the economy and consumers, the highest estimates place losses in the hundreds of billions.

To identify proper interventions and appropriately allocate resources we need comprehensive, hard data on the scope and effect of identity theft. One way to provide concrete data is to require lending institutions to publicly report figures on identity theft. Such public reporting will help identify the relative need for intervention and the likely efficacy of interventions. These disclosures are necessary to provide a sound baseline for investment by businesses and action by regulators. They are also warranted because the public pays the price of identity theft directly when they are the victim, and indirectly through higher fees, interest rates, and because the losses are tax subsidized.

Identity Fraud in Australia, a 2003 report by the Securities Industry Research Centre of Asia-Pacific (SIRCA) for financial intelligence agency AUSTRAC, claimed that identity fraud cost the Australian community $1.1 billion in 2001-02 (with an estimation error of $130 million), with over half of that amount concerned with 'response' activity. The 2003 Australian Institute of Criminology (AIC) and PricewaterhouseCoopers Serious Fraud in Australia & New Zealand study (PDF) estimated overall fraud at around $5.8 billion.

A 2002 US Federal Trade Commission survey calculated the cost of identity crime to business and financial institutions at around $US48 billion, with consumers losing $US5 billion. That survey was based on responses from 4,000 people and has been enshrined in media coverage of ID theft. As the following page notes, however, the 48 billion figure has been disputed and direct losses are likely to be much lower.

Between January and December 2004 the FTC's Consumer Sentinel complaint database received over 635,000 consumer fraud and identity theft complaints, with US consumers reporting losses of over US$547 million. 39% of those complaints concerned identity theft.

The UK Cabinet Office reported estimates that in the private sector around 1-2% of transaction value is lost through fraud, with about 3-5% of all UK fraud involving an identity crime.

It commented that

It is not easy to gauge the amount of identity fraud. But the minimum cost to the economy is in excess of £1.3bn per annum. This compares with the estimated total economic cost of all fraud of at least £13.8bn per annum. This figure is certainly an underestimate, as it only includes those figures that are available, and does not include areas such as Local Government, health services or education where it is known that identity fraud exists, but there is not sufficient data available to estimate the cost

Incidences are uncertain. It has been claimed that 37% of online credit card transactions in the United States involve stolen or forged cards, a figure that appears to be substantially too high (and does not equate to 37% of payments or losses). However it is clear that major lists of numbers are available online (whether for free or for sale) on an illicit basis.

section marker     scoping the problem

Australian Federal Attorney General's Department 2001 Scoping Identity Fraud study commented that

There is widespread agreement by all organisations that identity fraud already represents a significant problem, that is likely to grow further. The lack of statistics on the incidence and cost of identity-related fraud makes the total cost to the community impossible to accurately quantify. Without reliable estimates of the overall cost it becomes more difficult to convince decision-makers that urgent attention is required

The Federal House of Representatives Standing Committee on Economics, Finance & Public Administration (EFPA) in its Numbers on the Run report (PDF) on the ANAO examination of tax file number management commented that anecdotes and estimates suggested that the instance and cost of identity fraud was increasing. However it was "concerned at the lack of figures available on the extent and cost of identity fraud".

Uncertainty is attributable to -

  • definitional disagreements, highlighted in the 2004 Standardisation of definitions of identity crime terms (PDF) from the Australasian Centre for Policing Research and the 2007 Identity Fraud Trends and Patterns: Building a Data-Based Foundation for Proactive Enforcement study (PDF) by Gary Gordon, Donald Rebovich, Kyung-Seok Choo and Judith Gordon of the Utica College Center for Identity Management & Information Protection
  • the unavailability or muddiness of data, highlighted in Russell Smith's 1998 Measuring the Extent of Fraud in Australia paper (PDF)
  • different assessments of the extent to which identity crime is underreported
  • disagreements about the extent to which data losses result in identity theft
  • disagreement about the nature of costs (or merely who carries those costs)

The attribution of costs is explored in the following page of this profile.

section marker     extent and severity in Australia

The extent and severity of identity theft/fraud in Australia - and the balance between online and offline fraud - is unclear.

The EFPA Committee noted above commented that

  • an estimated 25% of reported frauds to the Australian Federal Police involve assumption of false identities (perhaps not surprising, as reporting to the AFP regarding fraud is biased towards welfare/health services fraud rather than corporate crime
    • 'identity kits' (described as "a set of fabricated documents for a false identity") are "increasing in availability, particularly due to the ability of modern technology to generate forged documents of very high quality" and that forged or altered documents of various types are for sale
  • 13% of a sample of birth certificates examined by Westpac bank and the NSW Registry of Births, Deaths & Marriages were found to be defective
  • during 1999 Centrelink detected "about $12 million worth of fraud from identity"

The federal Attorney-General reported in 2005 that the Australian Bankers Association estimated that identity fraud cost the banking industry a mere $25 million per year.

The AusCERT 2005 Australian Computer Crime & Security Survey claimed 9% of respondents reported incidents of online ID theft against their staff, customers or clients, with 5% reporting financial loss as a result of this activity. Between April 2004 and April 2005 AusCERT handled around 700 incidents of online identity theft targeting customers of ISPs and financial and e-commerce institutions in Australia and overseas, with ID theft trojans accounting for around 20% of those incidents.

In 2007 the federal Office of the Privacy Commissioner drew on a telephone survey of a "representative sample" of 1500 Australians in inferring that around 2 million Australians "have had their personal details stolen and used fraudulently by a third party". The OFPC reported that only 17% of Australians trusted "online businesses" to handle their personal information responsibly, compared with 37% for "regular retailers", 73% for government agencies and 91% for health service providers. Nine per cent of the sample claimed to have been a victim of "ID theft"; 17% claimed to know someone who had been a victim. In May of that year Galaxy Research found that 87% of Australians were "concerned about identity theft": 79% were most concerned about financial loss, 67% about "a sense of feeling personally violated", 55% potential "embarrassment if transactions are declined" and 53 "worry about having a poor credit rating".

An August 2007 Newspoll (1,202 people) found Australians were "more concerned about the misuse of their personal information than national security in relation to war or terrorism", although it is unclear whether that concern was reflected in action to manage their personal data.

section marker     overseas figures

Javelin Strategy & Research in its 2005 Identity Fraud Survey Report claimed that 9.3 million people in the US were victims of identity fraud in 2004 and that the annual cost of identity fraud was US$52.6 billion (US$47.6 billion to businesses, US$5 billion in consumer out-of-pocket expenses). Supposedly 3.25 million people a year found that someone had used their name to open an account, obtain medical care or rent accomodation, with existing accounts of a further 6 million people being compromised.

In the UK the Association for Payment Clearing Services reported that direct fraud losses from online phishing scams in that country reached £12m in 2004. Overall credit card fraud losses in the UK during 2004 were estimated to be £504.8 million, up 20% on 2003. Three years later the Office of Fair Trading claimed that one in 10 UK adults had been a victim of "mass marketing fraud" during their lifetime, having provided money to a scammer after being approached by email, letter or telephone. The total cost was estimated at over £3.5 billion per year.

The UK Cabinet Office questioned some ID theft hyperbole, commenting that

when seen in percentage terms, some of these figures suggest that the extent of the problem is not that widespread:

  • the figure of 1,484 detected fraudulent passport applications represents 0.03% of total passport applications (with 5.3 million passports issued). Within the attempted frauds 301 used deceased identities, 1,003 used another person's identity or documents and 110 used a fictitious identity;
  • 13 false identities from a sample of 4,921 National Health Service optical cases (0.26%) and 14 false identities from a sample of 6,400 prescription cases (0.22%)
  • 3,231 driving tests terminated prematurely because of doubts over the driver's identity (the figure represents approximately 0.23% of the total number of tests)
  • 18,500 referrals to the Financial Services Authority under the money laundering regulations;
  • a mere 564 cases involving identity fraud identified by the Benefits Agency's Security Investigation Service;
  • the number of entry documents at UK ports of arrival in 2000 detected as being counterfeit were just 0.006% of the total

In June 2007 the UK Driving Standards Agency accordingly reported that it was investigating 1,200 suspected incidents of impostors sitting theory and road tests.

In February 2006 the UK Home Office reported that the annual cost of ID fraud had reached £1.7 billion. That figure was immediately questioned by Apacs, the entity that represents payment organisations such as banks and credit firms.

It claimed that the cost had been seriously overestimated and that its own figures had been misrepresented. Apacs commented that the report featured £395 million as the annual cost of money laundering but noted admission by the Home Office that the figure was "for illustrative purposes" only and that "no figures are currently available on the proportion of money laundering that relies on identity fraud". The report claimed that Apacs put the cost of ID fraud linked to plastic cards at £504 million per year; Apacs responded that the figure was under £37 million, with £504 million representing total losses rather just identity fraud on cards.

In March 2006 the US Bureau of Justice Statistics for the federal Justice Department, drawing on interviews with members of 42,000 randomly selected households over the last half of 2004, claimed that 3.6 million US households were victims of identity theft during that period - in contrast to a Federal Trade Commission study that estimated 9.3 million victims. It estimated the identity theft-related loss to households at US$3.2 billion.

The DOJ said that identity theft most frequently affected households headed by people age 18 to 24, those in urban or suburban areas, and those with incomes of at least US$75,000. The DOJ defined identity theft as unauthorised use of a credit card, of an existing account such as a mobile phone or bank account, or misuse of personal information to open a new account, get a loan or commit some other crime.

Of the 3.6 million households, an estimated 1.7 million (1.5% of all US households) discovered unauthorised use of credit cards during the six-month period. Some 900,000 households experienced theft from other types of existing accounts. 540,000 households said personal information of someone in the home had been misused to open new accounts, get loans or commit other crimes. The FTC had estimated some 10.1 million people experienced identity theft in 2003 and 9.3 million in 2004.

The DOJ figure was noted by observers such as Fred Cate, who commented that if the US$48 billion FTC figure was correct "we'd have a banking crisis on our hands", as it would wipe out 50% of the US banking sector's US$103 billion profits in 2005. Skeptics have claimed that losses attributable to "identity theft and related fraud" may be around US$1.1 billion, although that sum is restricted to bank losses rather than consumers and other businesses.

In May 2008 Interac, the Canadian financial network operator, estimated 2007 losses from debit card skimming at C$106.8 million, up from C$94.6 million in 2006 and C$44 million in 2003.

section marker     benchmarks

What are the dimensions of fraud? The answer is not clear.

The federal Attorney-General's Department report on The Changing Nature of Fraud in Australia estimated that two-thirds of fraud offences in the private sector are unreported; other sources suggest that much corporate fraud simply is not detected.

The KPMG 2002 Fraud Survey, based on responses from 361 Australian and New Zealand public and private sector organisations claimed -

  • respondents lost a total of $273 million to fraudulent conduct in the survey period
  • an increase in the involvement of criminal gangs in external fraudulent attacks on financial institutions by using stolen cheques and falsified identification, including drivers' licences;
  • an increase in the incidence of international criminals coming into Australia and New Zealand, committing major fraud and then leaving with the proceeds of their crimes
  • development of "ever more ingenious methods for manipulating cheques and other negotiable instruments" including the removal or alteration of payee and amount.
  • 44,654 instances of fraud were reported (approximately 50% of these were credit card fraud against banks, involving the use of stolen credit cards or fraudulently manufactured credit card numbers)
  • over $30 million was lost through fraud in offshore operations, a 100% increase over the loss reported in a 1999 survey

The 2003 AIC and PWC Serious Fraud in Australia & New Zealand study, based on 155 cases involving law enforcement agencies, claimed that -

  • the most common type of fraud involved obtaining finance or credit by deception (21%), followed by fraud involving cheques (15%)
  • most cases involved fraud perpetrated against organisations rather than individuals, in particular the financial services sector (36%)
  • false documents were used in 69% of cases.
  • Identity fraud was evident in 36% of cases, with "stolen identities" being used in 13% of files and false identities in approximately 25% of files.
  • recorded losses were $260.5 million, with some $13.5 million recovered at the time of sentencing and the total 'actual loss suffered' coming to $143.9 million.
  • proceeds of crime were disposed of primarily through purchase of luxury goods and services, gambling and personal living expenses, attributed to "greed" as the "most prevalent motivation of offenders (27% of offenders) followed by gambling (16%)".

The 2005 AusCERT survey noted that the most common IT security incidents detected by its respondents were "insider abuse of internet access, email or computer system resources (reported by 68% in 2005, compared to 69% in 2004 and 62% in 2003). 66% of respondents reported financial loss from electronic attack; 65% reported financial loss from incidents of physical computer crime; 30% reported financial loss from one or more incidents of insider misuse or abuse of access or resources and 59% experienced losses due to stolen laptops in 2005.

section marker     studies

In addition to the Australian Scoping Identity Fraud document and 2008 ABS report noted above official studies include

  • UK Cabinet Office Identity Fraud - A Study (PDF)
  • US Federal Trade Commission 2004 National and state trends in fraud and identity theft, January-December 2003 (PDF) and 2003 Identity Theft Survey Report (PDF)
  • Russell Smith's 2003 Examining Legislative & Regulatory Controls on Identity Fraud in Australia (PDF) and Addressing Identity-related Fraud in the Retail Financial Services Sector (PDF)
  • 2003 Identity Theft Resource Centre survey (PDF)
  • US Department of Justice and Canada Department of Solicitor-General 2003 Special Report for business on identity theft (PDF)
  • US General Accounting Office 1998 Identity fraud: information on prevalence, cost, and internet impact is limited (PDF), 2002 Identity theft: greater awareness and use of existing data are needed (PDF) and 2002 Identity fraud: prevalence and links to alien illegal activities (PDF)

 



   next page  (costs)

 

 


this site
the web

Google

version of October 2007
© Bruce Arnold 1997-2026
caslon.com.au | caslon analytics