RSSStudy: ID Theft from Data Breaches Rare
By Ed Oswald | Published December 9, 2005, 12:12 PM
Detailed analysis of four separate data breaches involving a half-million identities indicates that misuse of the information could be lower than what some may expect. Identity risk management firm ID Analytics announced the results of the findings on Thursday.
Research suggests the level of the breach and how the data was lost contribute to the risk factor. For example, the firm separated the incidents into two categories, "identity-level," where names and social security numbers were stolen, and "account-level," where account numbers were stolen, occasionally tied to accountholders.
The study found that identity-level breaches pose the greatest risk. However, even here less than 1 in 1,000 identities were used for fraudulent purposes.
Fraud experts with the firm surmised that the reason for the low rate of misuse is likely due to the amount of time it takes to actually commit identity theft. Credit applications take an average of five minutes to fill out, and in order to fully utilize a file with one million identities it could take a half-century to do so, researchers say.
ID Analytics also suggested that notification of breaches seemed to slow use of that data for the purposes of identity theft. In any case, the firm says the study will help companies figure out how to best deal with the problem, and who is most at risk.
"The risk to consumers and businesses varies considerably based on the type and scope of the data breach, which is why we think assessing the degree of risk for a given breach is critical to determining the best next steps," said Mike Cook, ID Analytics' co-founder and vice president of product.
"The good news is not only that we have technology that can measure the risk of a breach, but that we can actually distinguish which sets of breached data are actively being used to commit fraud."
It's becoming more accepted that the internet/online shopping isn't the big culprit in ID/CC theft. I first heard this on NPR and then on 20/20 not too long ago. Think of it - if your CC# is stolen/misused, the first thing you think of is some internet transaction you made. Well, why not think about the hundreds of times you've used your card to buy gas, groceries or food at a restaurant? After all, at a restaurant you give your CC to the waiter and he disappears for 10 minutes! What happens during that time? ALOT COULD happen - he could have a cardreader in the back, or just simply write down all the information on the card. Theft is probably alot more complicated than this, but I have more confidence in shopping online (on my own PC mind you) than handing my CC to a stranger.
Score: 0
|While I haven't had my identity used (yet) when stolen, my credit card number sure were. I've had CCs stolen three times from venders with on-line servers. Why go to all the trouble setting up new cards and credit lines, when the victim's are waiting for use.
Score: 0
|Finally some good news about this for a change. I'm still only sparingly using the web for buying things, and only when the website allows me to disable cookies on it when I make the purchase.
Score: 0
|