Print | E-mail

 

Identity Theft Research Review: Extent and Patterns of Identity Theft

The Federal Trade Commission (FTC) provides the best available estimates of the extent and distribution of identity theft from its victimization surveys and database of consumer complaints. A recent estimate, produced by a study modeled after the FTC's original 2003 methodology, suggests that 9.3 million adults were victims of some form of identity theft in 2004. [1] This may represent a leveling-off from the FTC's previous finding of 9.91 million in 2003. [2]

Although the incidence of identity theft differs by State, region, and, to some extent, age, the available data suggest that all persons, regardless of social or economic background, are potentially vulnerable, especially to those types of identity theft that occur when an offender steals a complete database of credit card information.

Evidence also indicates that individuals are more likely to be victimized by those who have easy access to their personal information (see exhibit 1). These identity thieves may include family members and relatives (who know or have access to identifying information such as date of birth, mother's maiden name, and Social Security number) or those with whom they live in close contact, such as fellow residents of college dormitories or military barracks.

Exhibit 1. How personal information is obtained

Note: Figures add up to more than 100% because one victim may report multiple methods. Shows only victims who reported to the FTC how their information was stolen during 1999 to 2001, about 20.5% of all victims who reported during that period.

Source: U.S. General Accounting Office, Identity Theft: Prevalence and Cost Appear to Be Growing, March 2002, GAO-02-363:27.

Identity thieves have developed various techniques to exploit the opportunities of the information age; however, most of the ways that offenders steal identities are relatively unsophisticated—stealing wallets or purses, stealing mail, rummaging through residential trashcans or business dumpsters, obtaining credit reports by posing as someone authorized to do so such as a landlord or employer, bribing employees of businesses, agencies, or service organizations to obtain personal information, and many other nontechnological means.

Offenders use the identities to open new credit card, phone, or bank accounts, file for bankruptcy, take over insurance policies and make false claims, obtain auto loans or mortgages, file fraudulent tax returns, etc.

There are many data and measurement issues concerning identity theft. The crime is likely underreported, both by individuals and by agencies and businesses. Discovery may occur many months or even years after the fraud was committed. In 2004, 61 percent of identity theft victims did not report the crime to the police. [3]

A recent study found that identity theft crimes are committed more frequently offline than online, and that victims who accessed their accounts online discovered their victimization significantly faster than those who relied on paper bill or statement monitoring. [4] As a result, the researchers recommend that individuals use Internet account management to reduce risk. The conclusion that online account monitoring is safer is problematic, however, and requires further investigation. The risk posed by online activities may increase, as their volume increases and more offenders become skilled at capitalizing upon them.

For the best sources of data (and sources used in this report), see Other Resources.

Extent of the problem: Unknown. Estimates range from three quarters of a million victims annually to more than 9 million as noted above. The source of any estimate should be scrutinized because of the many problems associated with collecting this data. As a result of the myriad of factors that affect estimates and until the issues are clearly delineated and properly recorded and resolved, the true extent of identity theft will remain unknown.