I've Been Mugged Blog

I spent some time recently reading the results of the Javelin Research 2010 Identity Fraud Survey (PDF, 453 K bytes). During the past six years, Javelin Research has surveyed about 30,000 adults to track the volume of identity theft and fraud incidents. The latest survey during 2009 included about 5,000 adults in the USA.

For new readers, there is a difference between "identity theft" and "identity fraud." The former is when an unauthorized person accesses your sensitive personal information. The latter is when the criminals use stolen identity information to steal money, obtain credit, or impersonate another person during a crime. Most of the time, I use "identity theft" in this blog to cover both theft and fraud.

How identity theft occurs:

"... among the victims who knew how their data was taken, lost or stolen wallets, checkbooks, or credit cards accounted for nearly two times as many instances of theft as all online attack methods combined."

How identity criminals fraudulently use stolen personal data:

• 42% - make purchases in person
• 42% - make purchases online
• 21% - make purchases via phone or postal mail
• 10% - withdraw money from ATM machines
• 10% - write checks
• 6% - buy prepaid gift cards

This criminal fraud is influenced by the fact that often credit cards are stolen. In 2009, more han 11 million adults were identity fraud victims.

The survey report's authors advise that the most effective way for consumers to protect themselves from identity fraud is to monitor their accounts online for unauthorized purchases. That means checking your bank accounts and phone bills online. If you see unauthorized transactions, notify the bank (or phone company) immediately. If your credit/debit cards and/or checks were stolen, notify your bank immediately.

It will become increasingly important for consumers to monitor their wireless phone bills as phone carriers add payment services to smart phones. About online shopping, the survey report's authors advise consumers to:

"... take additional precautions to protect their payment and personal information. Enrolling in Verified by Visa or MasterCard SecureCode, which allows you to have an additional password when making purchases online, offers consumers greater security. There are also programs such as Trusteer’s Rapport and IDVault offered by financial institutions, which can alert users when they enter a website for the first time, thus creating an additional layer of security to prevent users from entering their information into a fraudulent site."

About social networking sites, such as Facebook, Twitter, and MySpace), the survey warns consumers that identity criminals can harvest your sensitive personal data you share online and then use it against you to:

"... take over accounts or open fraudulent accounts. Users should not store or reveal personal contact information, including phone numbers, Social Security number, date of birth, e‐mail addresses, physical addresses, mother’s maiden name, or other information that could potentially allow a fraudster to obtain sensitive information or hints to passwords."

So if you mention your favorite color on pet online, don't use that color or pet's name as one of your online passwords. It is obvious: don't post your bank accounts online or in an email message. And, don't post online the sensitive personal information of your family and friends.

I have blogged previously about the risks of displaying your birth date on social networking sites, but too many of my online friends continue to display it based on a fear that their friends won't send them birthday wishes. Hello?! Your true friends know your birth date already. And, do you want volume or quality? Unfortunately, fear often outweighs good data security habits.

If you are a victim of identity fraud, it will take time and money to repair your credit and resolve the fraud:

"Out‐of‐pocket costs can include unreimbursed losses, lost wages due to time taken off work, and possible legal fees for those victims attempting to prosecute... Most victims don’t experience any out‐of‐pocket costs, but those who did suffered an average cost of $373. The average time to resolve the fraud for these victims was 21 hours."

Remember, your mileage may vary with credit resolution. Identity fraud involving your stolen Social Security Number or online bank account sign-in credentials is far more complex than a stolen credit card.

The report also listed several tips for consumers to avoid identity theft and identity fraud, which I have covered often in this blog:

• Keep the anti-virus and anti-spyware software on your home computer active and updated. Use anti-phishing software, too.
• Don't disclose sensitive personal data on social networking sites. See the above list of items
• At social networking sites, keep your online profile private. Read the website terms and privacy policies
• Use strong passwords online and not these
• Don't leave financial information and bills lying around the house. Store them in a secure place
• Opt out of pre-approved credit offers sent via postal mail
• Use a secure Internet connection (especially wireless users)
• Be aware of your surroundings. Cover the keyboard at ATM machines. If there are strangers lurking, don't enter your passwords to bank accounts when using your laptop
• If you are a victim of identity fraud, learn about the differences between fraud alerts and security freezes for your credit reports