In contrast, identity thieves almost never get caught. For instance, from 2003 to 2006 (the years for which I can find trend data), the FBI was able to arrest between only 1,200 and 1,600 identity thieves, and about a third of those cases resulted in convictions, much less jail time. To put this in further perspective, these crimes affected 8.3 million victims, nearly 4 percent of the entire U.S. adult population. This means that one identity thief was convicted for every 20,750 victims.
The conviction rate in 2010 was even worse. According to FBI's 2010 Internet Crime Report, from 303,809 complaints, 1,420 prepared criminal cases resulted in a mere six convictions. That's one jailed cyber criminal for every 50,635 victims, and these are just the cases significant enough to be reported to the FBI.
To sum up: Rob a bank and face a one-in-four or one-in-five chance of doing hard time. Steal someone's identity and your odds of being caught are almost infinitesimal. Consider, too, that identity theft comprises only 9.8 percent of all Internet crime, not including the likes of intellectual property theft. Factor in all Internet crime, and the numbers are likely to be far, far worse -- which is saying a lot.
I don't blame the FBI nor any other law enforcement agency. Discovering and prosecuting cyber crimes is possibly harder than any other area of law enforcement. Rules of evidence requirements, as well as cross-national boundaries, make Internet crime especially difficult to track and prosecute.
As I've preached time and again in this blog, we can fight Internet crime by making the Internet significantly safer. We have the protocols and the tools to make it harder for online crime to exist. We just have to decide to deploy them.
This story, "Why Internet crime goes unpunished," was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes's Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.