All told, 4 percent of Americans were affected by identity fraud in 2005, a statistic that is slowly shrinking, though the value of the each fraud incident is growing, Van Dyke said. The total losses attributed to identity fraud has held steady the past three years. Bank customers in the U.S. are not the most frequent targets of the most common form of online identity theft, phishing attacks. Statistics from anti-malware vendor McAfee Inc. show that more than half of all recent phishing attacks involve e-mails masquerading as VolksBank, a German bank, with another quarter targeting customers of UK bank, Barclays PLC.

eBay Inc., through its namesake auction site as well as its PayPal financial site, is impersonated 14 percent the time by phishing e-mails. Fraudulent e-mails pretend to be from Bank of America Corp. and Nationwide Bank 3 percent and 1.5 percent of the time, respectively. Van Dyke also argued that U.S. financial institutions, by and large, are taking the right steps to protect themselves and customers from identity fraud.

According to a report released this month, more than half of the 24 leading U.S. financial institutions surveyed met Javelin's criteria for good policies for detecting identity fraud. That's up from a third who won praise for their efforts in 2005.

Policies that "deputize the customer" such as letting customers set e-mail or phone alerts when their account status or personal information changes, or allowing them to opt out of paper statements sent by mail, aid in customer self-detection and reduce proven risks, Van Dyke said.

Bank of America Corp. was ranked the safest bank, followed closely by JP Morgan Chase & Co. Washington Mutual, according to Javelin's "Banking Identity Safety Scorecard."