U.S. consumers experienced the highest level of identity theft in three years in 2012, although much of the fraud losses were absorbed by banks and merchants, according to a new survey.
Incidents of identity fraud affected 5.26 percent of U.S. adults last year, according to a survey of 5,249 people by Javelin Strategy and Research. That's up from 4.9 percent in 2011 and 4.35 percent in 2010. The company put the total number of identity victims in 2012 at 12.6 million.
[ Also on IfnoWorld: Beware! Identity thieves are targeting your tax refund. | Find out how to block the viruses, worms, and other malware that threaten your business, with hands-on advice from expert contributors in InfoWorld's "Malware Deep Dive" PDF guide. | Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]
At least half of those victims did not bear the cost of the fraud, Javelin said in its report. Of those who did, the mean cost rose to US$365 in 2012, from $354 in 2011. The bulk of the fraud was absorbed by financial institutions, merchants and other businesses, Javelin said.
One of the largest spikes came in new account fraud, where criminals collect personal data and then open, for example, a new credit card account. New account fraud climbed to 1.22 percent of adults last year, from 0.82 percent in 2011.
More than half of the new account fraud involved applying for general-use and store-branded credit cards, Javelin said.
New account fraud "poses a growing threat to consumer identities and private industry's bottom line -- especially as the total fraud loss has doubled from 2011, to $9.8 billion," Javelin said.
Data breaches were a likely source for Social Security numbers, issued to all U.S. citizens, and a key piece of information often required for opening new accounts. Consumers who knew their SSN had been breached were 14 times more likely to be a victim of new account fraud, Javelin said.
Javelin said it also found a large jump in account takeover incidents, which increased from 0.36 percent in 2011 to 0.60 percent in 2012. Fraudsters likely obtained account details through data breaches or through malicious software attacks.
"By changing consumer contact information, fraudsters can limit the consumer's ability to be notified of fraud while redirecting any newly requested payment cards," the report said. "The misuse of store-branded cards could allow fraud to go undetected longer, as these accounts are less likely to be reviewed or used than general-use credit cards."
The most financially damaging fraud in the account takeover category was ACH (Automated Clearing House) and wire transfer fraud, which had the highest mean fraud figure at $5,138 per incident.
ACH is a widely used but aging system that is used by financial institutions for exchanging details of direct deposits, checks and cash transfers made by businesses and individuals. It is overseen by the National Automated Clearing House Association (NACHA), a nonprofit association.
Javelin's survey was sponsored by CitiGroup, Intersections LLC and Visa, although those companies were not involved in the analysis in order to maintain the project's independence and objectivity, Javelin said.
Send news tips and comments to firstname.lastname@example.org. Follow me on Twitter: @jeremy_kirk