As the world continues its relentless march toward all things digital, data is increasingly exposed. Each individual consumer’s’ personal information now resides on dozens, if not hundreds of servers across the globe. With that fact comes a somewhat obvious result: an increase in identity theft.
Data theft is a big business. According to Javelin Strategy, the number of identity theft victims in the US rose to 15.4 million in 2016. The cost of all of that lost data amounts to $16 billion. Javelin Research finds this to be smaller than in previous years. By comparison, 2012 was the highest at a loss value of $21.8 billion.
Nevertheless, a smaller loss value is only a small reprieve amidst the wave of cybercrime now reaching every corner of the globe.
For 2016 and 2017, identity theft statistics have taken center stage among the many stats and facts encompassing the entire realm of cybercrime. While ransomware gains more attention, identity theft remains much easier to pull off and monetize. Social security numbers, credit card numbers and other personal identity factors can be stolen and sold on the dark web, or used by criminals for quick and easy profit gain.
The following identity theft statistics are categorized to help get a better feel of how and why this threat continues to be a problem for consumers, businesses, and governments worldwide.
Related: Cyber security statistics
Increasing risks, exposures, and loss values
As data from the 2017 Identity Fraud Study by Javelin Strategy and Research has shown, identity theft isn’t going away. Cybercriminals are still finding a relative ease-of-access to consumer data. Javelin Strategy, in particular, discovered that fraudsters notched over 2 million more victims to their belts in 2016 over their 2015 numbers. The numbers reveal that contrary to efforts to stem the tide of data theft, thieves are learning new ways to bypass protections, while consumers are facing even more risks and exposures to data theft.
- Americans are significantly more likely to be victims of identity theft than anyone else. Over 791 million identities were stolen in the US in 2016. France was far behind in second place with 85 million identities stolen. (Source: Symantec)
- 143 million Americans faced an increased risk of identity theft after a major Equifax hack stole millions of Social Security Numbers, birthdays, addresses, and even some drivers license numbers. (Source: The Motley Fool)
- A key area that saw lots of new activity is account takeovers, which increased 61% over 2015, totaling 1.4 million incidents. Account takeovers occur when thieves gain to access someone’s accounts and change the contact and security information. (Source: Javelin Strategy and Research)
- Account takeovers (ATO) resulted in $2.3 billion in losses. (Source: Javelin Strategy and Research)
- Outside of account takeover, those with active social media presence have a 30 percent higher risk of becoming fraud victims due to increased exposure. (Source: Javelin Strategy and Research)
- Social media such as Facebook, Instagram, and Snapchat face a 46 percent higher risk of account takeover and fraud than those not active on social networks. (Source: Javelin Strategy and Research)
- According to the Identity Theft Resource Center, 1.3 million children’s records are stolen every year. (Source: Identity Theft Resource Center)
- A surprising 13% of those who reported identity theft to law enforcement did not want a police report taken. (Source: FTC)
- Most identity theft complaints (61%) are from those between the ages of 30 and 59. (Source: FTC)
- The total number of those reporting identity thefts increased over 37% from 2014 to 2016. (Source: FTC)
- Despite the verified increase in data protection it provides, 75 percent of consumers fail to use a VPN to protect their WiFi connections. (Source: Symantec)
- Symantec also notes that 87 percent of consumers have left their personal information exposed while accessing emails, bank accounts or financial information, another issue that could be mitigated through the use of a VPN. (Source: Symantec)
- The lack of personal WiFi protections coincides with the fact that 60% of consumers feel as though their personal information is safe when using public WiFi. (Source: Symantec)
- A 2017 report from the Australian Payments Network revealed that people over the age of 55 are common targets for phone and email scams, and are increasingly targets of scams conducted over social media. (Source: Australian Payments Network)
- The Consumer Sentinel Network (CSN), which collects data from the FTC and local law enforcement agencies across the U.S., found that identity theft represented 13 percent of the more than 3 million criminal complaints recorded in the system. This number was just behind imposter scams (slightly more than 13%) and debt collection complaints (28 percent). (Source: FTC)
- “Theft of data” continued to be responsible for the most stolen identities in 2016 and the chief cause of data breaches (nearly 92 percent). (Source: Symantec)
- According to a CSID survey, 52% of small businesses don’t invest in cyber risk mitigation, believing that they don’t store any private information. However, 68% at a minimum store email addresses, which is one potential entry vector for hackers. (Source: CSID
- CSID also found that 31% of surveyed small businesses are not taking any active measures to mitigate cyber risks such as data breaches and hacking. (Source: CSID)
- According to Equifax Canada, Millennials are the top target for fraudsters. Nearly half of all suspected fraud applications are for those between the ages of 18 and 34. (Source: Equifax)
- An Experian survey discovered that half of all American adults believe that identity thieves are not interested in people with poor credit. (Source: Experian)
- 43% of surveyed adults in the U.S. admit to shopping online over public WiFi. (Source: Experian)
- 33% of surveyed adults in the U.S. admit to sharing their account names and passwords with others. (Source: Experian)
- Cifas announced that identity fraud in the UK is reaching “epidemic levels” with fraud incidents occurring at a rate of 500 per day. (Source: Cifas)
Credit cards and Social Security Numbers are still top targets for thieves
Credit card fraud is nothing new. Yet the introduction of the credit card a half-century ago quickly became an opportunity for thieves. Still, it wasn’t until the introduction of e-commerce in the mid-1990s that stealing credit card information became far too easy. Now, rates of what is known as “card-present” fraud (where a fraudster is using a physical copy of the skimmed card) are going down, thanks in no small part to the introduction of the EMV chip. However, CNP or “card-not-present” fraud events may soon rise dramatically.
Alongside the ongoing threat of Social Security Number theft, it’s easy to see why identity theft as a whole is not going anywhere. The following statistics and facts reveal why both credit card and Social Security Number theft are still problems.
- In Australia, 2016 data revealed that proprietary debit card fraud resulted in AU $23.7 million in losses, an increase of AU $0.8 million over 2015. Counterfeiting/skimming as well as lost and stolen card fraud also increased. (Source: Australian Payments Network)
- Internationally, CNP fraud rose by 7 percent, resulting in $242.1 million in losses. (Source: Australian Payments Network)
- In Australia, CNP fraud accounted for 78% of all fraud on Australian cards in 2016. (Source: Australian Payments Network)
- Credit and debit cards exposure to fraud increased in the first half of 2017, rising 12.6 percent. Several high-profile data breaches heavily contributed to this increase. (Source: Identity Theft Resource Center)
- Cybercriminals strived to steal Social Security Numbers more than ever. Sixty percent of breaches during the first half of 2017 involving the exposure of SSNs. (Source: Identity Theft Resource Center)
- According to FICO, the EMV switchover in the U.S. is likely to lead to a 300% increase in credit card application fraud as criminals attempt to bypass the chip system. (Source: FICO).
- Credit cards account for most instances of identity theft. (Source: Fortune
- There was a resurgence in existing card fraud in 2016. The year saw an increase of 40 percent in card-not-present (CNP) fraud. (Source: Javelin Strategy and Research)
- Credit card fraud now represents the second-most reported type of identity theft in the U.S. at 33% of all fraud reports. (Source: FTC)
- Consumers lost over $96 million due to credit card fraud in 2016. (Source: FTC)
- Most identity theft (particularly from lost Social Security Numbers) targets tax or wage-related fraud—34 percent of all identity theft complaints. (Source: FTC)
- Over 25 percent of identity theft complaints relate to new accounts opened in an individual’s name. Only 7 percent relate to existing credit card accounts. (Source: FTC)
- A surprising 13 percent of those who reported identity theft to law enforcement did not want a police report taken. (Source: FTC)
- 40 percent of all data stolen from data breaches in 2016 was Personal Financial Information. This was a 6 percentage point increase over 2015. (Source: Symantec)
Identity theft statistics reveal the problem is not going away
Identity theft is increasingly a 21st-century problem. As more data moves off of physical paper and onto Internet-connected servers, the chances of that data getting stolen increases as well. While “malicious outsiders” remain active in stealing data (and by extension, loss of credit card numbers and Social Security Numbers), consumers share a good part of the blame for their lost data. Nevertheless, there are some positives that have emerged in response.
Thankfully, Consumers are getting slightly better at detecting fraud attempts. Javelin Strategy and Research found that online shoppers tended to be quick at identifying fraud attempts. Surprisingly, 78 percent of fraud victims were able to detect fraud within a week’s time.
Still, identity theft prevention appears to be on the rise despite savvier consumers. Data breaches show no signs of decreasing. And unfortunately, consumers still appear to be less than proactive when it comes to securing their private information.