This is cache of http://securosis.com/2008/06/09/new-identity-theft-stats/. Cache is the snapshot of article that we took when we index feed.
To see original page click here.
We are not affiliated with the authors of this article and not responsible for its content.
New Identity Theft Stats
2008-06-09 17:30:24 by rmogull in securosis.com
 

One of my biggest annoyances in the industry is the lack of good metrics to make informed decisions, and the overuse of crappy metrics (like ROI) that drive poor decisions. Of those metrics that wistfully dance with rainbows, unicorns, and pony-unicorns in my happiest dreams, those that correlate real world fraud with real world incidents stand alone on the peak of the rainbow bridge to metrics nirvana. I’ve written about our need for fraud statistics, not breach statistics, but often feel like I’m just banging my head against the hard, thick walls of big money.

Thanks to Debix, today there’s a bit of rainbow light at the end of the tunnel (have I killed that analogy yet? Really? Even with the unicorns?). As many of you know, since they sponsored a contest here at Securosis, Debix is one of those identity theft prevention companies. They place and maintain the locks on your account with the credit agencies, and route all new account requests through their call center for eventual routing to you for approval (or not).

Today they released some very interesting statistics. Since they route everything through their call center, they closely track new account fraud attempts on their client base. Many of their clients are enrolled as a protective measure after a data breach, so for those customers they an also track at least of the breach origins (nothing says that’s the only time they’ve been a victim). Some of this information is based on my briefing with them, and is not available in the report.

  • According to this report from the Identity Theft Resource Center, new credit account fraud is 57% of financial identity theft.
  • Many of the 259,761 accounts included in the study were the result of major incidents involving lost backup tapes.
  • There were 30,618 authorization attempts for new credit lines.
  • Of those, 380 were fraudulent (and stopped).
  • There were 4 incidents of new account creation that circumvented the Debix control (all detailed in the report).

This gives us a bit of meat to work with. The fraud rate is about 1.25% of new accounts, which is about the average. Since most of the participants were exposed due to lost backup tapes, it shows that either those losses are not resulting in increased fraud, or that the bad guys are holding onto the information for greater than the (public) 1 year of protection.

Debix also added a new feature recently that might lead to more interesting results. When you decline to open a new account, you have the option to immediately route your case to a private investigator on their staff, who collects the information and engages law enforcement. While I doubt we’ll get hard numbers out of that, we might get some good anecdotes on the fraud origins.

On our call Debix committed to providing more statistics down the road (all anonymized of course). We gave them a few suggestions, including some ways to add controls to their analysis, and I’m really looking forward to seeing what numbers pop out in the coming years. Ideally we’ll see more stats like this coming out of the credit agencies and financial institutions, but I’m not holding my breath.

(Full disclosure: I have no business relationship with Debix, but am currently enrolled with them with a free press/pundit account).

 
Tags: real world fraud, fraud, account fraud attempts, account, account creation, fraud origins, account requests, fraud statistics, free presspundit account
 
 
 
 
 
TOP SEARCH
Expand / MinimizeClose Widget
  •  
RECENT SEARCH
Expand / Minimize
  •  
RELATED VIDEO
Expand / Minimize
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia