Javelin Strategy & Research has released their “2011 Identity Fraud Survey” (which actually covers ID theft in 2010). Their survey has found that there was a “notable decline in identity fraud” last year. There were 3 million fewer victims over 2009 (when 8.1 million people were affected) and fraud totals fell to $37 billion from $56 billion. Is this due to better data security like the use of data encryption software like AlertBoot? Or is it something else?
Steering Towards Better Data Security
Identity fraud exploded in the past decade. Laws and regulations to counter them followed, albeit slowly and cautiously. There was the pioneering California data breach notification act which was quickly followed by the rest of the US and then the world over.
Newspapers and blogs pointed out the potential risks of on-line activity, ranging from banking, to filing taxes, social networking sites, replying to spam, and myriad other actions.
More recently, many countries, states, professional organizations, and overseeing agencies have begun issuing monetary penalties when adequate data security is not practiced. Security, in this case, ranges from tools (encryption software, firewalls, chains and locks, secure file cabinets, etc.) to official company policies (e.g., what can and cannot be done on computers) to monitoring activities (e.g., performing audits and following up on the findings).
And, last but not least, stories about police and other law agencies actively pursuing ID fraud criminals are trickling in.
In light of the above, Javelin’s findings is not a surprise, although the precipitous decline in the figures is striking. Yet, it’s not unexpected:
[There was a] significant drop in reported data breaches according to industry reports: 404 in 2010 with 26 million records exposed, compared to 604 in 2009 with 221 million records exposed. [net-security.org]
That’s a 33% decline in reported breach incidents, and a 88% reduction in records exposed.
Maybe It’s Something Else
Could it be that there is something else at work here, though? I was trolling over on slashdot.org, and someone pointed out that banks were not extending credit anymore. Of course, he meant that many (if not all of them) still are, just not at the obscene rate they used to. It only makes sense that totals will decline if banks have cut back on lending or are being more rigorous on who they lend to.
There are also indications that more people than ever are poring over their financial statements and putting credit freezes, making it harder for fraud to take place. (Javelin’s survey also points to the same.)
My own opinion is that the decline in fraud is a confluence of the above and other factors. We’ll have to wait to see if the pattern repeats itself in 2011 and in 2012. If it does become established as a pattern, it would mean that society as a whole has finally come to grips with ID theft and fraud.
On the other hand, just like regular crime, it will never be eliminated and become a cyclical thing: we can expect massive data breaches in the future, like the TJX or Heartland Payment Systems incidents. Plus, people will become less rigorous about checking financial statements once ID fraud significantly ebbs away.
Related Articles and Sites: