Analyst: Online ID fraud overhyped, problem is offline

25.10.2006
Despite incidents such as the US$22 million in losses suffered by E-Trade Financial Corp. and TD Ameritrade Holding Corp. from online identity fraudsters, the problem of online identity threft is vastly overhyped when compared to its more prevalent offline equivalent, according to one analyst group.

The two leading online stock brokerages have admitted in recent days that overseas hackers used software to steal personal customer data to access and create trading accounts as part of a stock fraud scheme.

While keylogging software, phishing e-mails that impersonate official bank messages and hackers who break into customer databases may dominate headlines, more than 90 percent of identity fraud starts off conventionally with stolen bank statements, misplaced passwords or other similar means, according to Javelin Strategy & Research.

"An insignificant portion of identity fraud actually starts with the Internet," said James Van Dyke, president of Javelin, who points out how many firms still rely on simple security questions such as one's mother's maiden name. "The Internet always grabs the headlines, but it is individuals who are close to the victims, such as family and friends, that are doing most of it."

The Pleasanton, Calif. research firm has polled 5,000 consumers by telephone for the past three years. Extrapolating from that sample, Javelin estimates that identity fraud in all its forms resulted in US$56.6 billion in losses last year.

While fraudsters often use the Internet to access existing bank, phone or brokerage accounts or to create new ones using stolen details, in only one out of 10 of those incidents did the actual theft of the personal data take place through e-mail, the Web or somewhere else on the Internet, according to Javelin. "No matter how you slice the data, it's really hard to arrive at a scenario where the Internet could be the source of the majority of identity fraud," Van Dyke said.