The FTC released an update to their landmark 2003 Identity Theft survey yesterday, once again stirring up the question “are identity crimes really dropping or not?” and “exactly what studies on identity crimes can I really trust?”. We’re seeing the usual suspects that always reach the knee-jerk conclusion that “more technology must always lead to more crime”, despite research showing that technology is simply a tool that can be used for good or bad (and therefore, the financial and technology industry has a clear obligation to give more tools to consumers!). But the fact is, the FTC produces valuable and rigorous research, so what do we know now that we didn’t know before yesterday’s release?

Before I dive in, let’s be clear: the FTC’s study is about what they call “identity theft” which is codified by law enforcement as any crime where a person impersonates another for material gain. Javelin uses the term “identity fraud” in the same way, and neither the FTC nor Javelin mix simple exposure of data with potential transactional fraud. (I emphasize this because Bankers regularly ream me out for using a single label for both fraud in existing card accounts and establishment of new accounts, but such a complaint needs to be directed to congress rather than Javelin!) Neither Javelin’s study nor this FTC one is about “merchant fraud”, where a dishonest seller misrepresents themselves or their products to some unfortunate buyer (merchant fraud is included in the FTC’s excellent Consumer Sentinel report, which is also the very best source of regional geographic fraud data available).

That the results of the FTC’s study are remarkably similar to Javelin’s is no surprise, because the methodology we use for our annual victim surveys was intentionally designed around their original solid work. We both use phone polling methods to reach approximately 5,000 per survey, then focus on the nationally-representative subset of victims from among those we reach. (There are a couple of minor evolutionary differences between our two surveys which we’re happy to discuss with any subscriber or reporter.)

The results are remarkably similar:
-Number of US victims? FTC: 8.3mm, Javelin: 8.4mm
-Percent of victims: FTC: 3.7%, Javelin: 3.74%
-When you look at categories such as mean or media fraud amounts or consumer (out of pocket) cost, FTC and Javelin figures once again mirror one another, with primary differences in the numbers attributed to differing units of measure (for example, we report on victim losses in terms of mean and median, while they choose to show that victims suffered no personal cost in more than half of cases while 10% of victims encountered losses of $1,200 or more).

Summary: we know for certain that identity fraud is definitely dropping, but it can never drop fast enough. We speak with certainty that the crime is dropping because results from nationally-representatives surveys of over 27,000 individuals (counting all the FTC and Javelin phone surveys together) show this to be true. All other available sources of information is from less-reliable methods: web surveys (which are simply an inappropriate cost-cutting method for a crime that affects low-income people differently), compilations of data from only victims that filed a police report (which will always include only the worst crimes), aggregated data from selected institutions or merchants, and measures of data breaches or electronic crime attempts (which represent potential rather than actual fraud). Our annual study is primarily made possible by three co-sponsoring companies (CheckFree, Visa and Wells Fargo) as well as individual report purchasers, and by contract we design, field, analyze and report on each annual project independently, with zero interference or involvement from any outside commercial firm. We’re proud of the fact that our customers include a diversity of firms in the technology, security, and financial services industries, and each has a very different stake in the ground with regards to what the data tells us about the changing nature of identity fraud in the US.

Bottom line, the latest FTC study parallels our findings showing that:
-Identity fraud is dropping (but not by much)
-Individuals have much control over potential crimes (but financial providers and technology vendors need to enable them with the right tools and education…see Javelin’s Scorecards)
-Identity crimes come from a wide array of methods (high tech and low tech) and criminals both “close” and distant

Bottom line, identity fraud remains as a big problem, and rigorous data says there’s some very clear, high-payoff steps that can be implemented to prevent, detect and resolve the $49.3B identity fraud problem. To really turn the tide we need improved joint efforts between companies, government, and individuals, and improved monitoring of personal affairs. Technology is the two-edged sword that can create or empower individuals, all dependent on better tools and better education. Let’s get moving!