Consumers say the volume of identity theft crimes plummeted sharply last year, according to a survey released Tuesday by Javelin Strategy & Research. The number of victims fell from an estimated 11 million in 2009 to 8.1 million in 2010, Javelin found in its eighth annual survey of consumers, by far the largest drop in the history of the survey.
The decline reverses a two-year trend of increased ID theft incidents. And it means Americans' odds of being hit by the crime fell sharply. In 2009, 4.8 percent of U.S. adults were victims, compared to 3.5 percent in 2010. Total annual reported fraud fell from $56 billion to $37 billion, the lowest amount in the survey's eight years, Javelin says.
But the data from the survey isn't all good. ID theft victims faced much stiffer consequences last year, the survey found. The average out-of-pocket loss suffered by identity theft victims jumped from $387 to $631 per incident. Meanwhile, the hassle factor also increased. Consumers said they spent an average of 59 hours recovering from a bout of "new account" ID theft in 2010, up from 41 hours the previous year.
Meanwhile, the survey suggests Facebook and Twitter users should pay close attention to their credit reports. Consumers who've used social media tools for at least five years are twice as likely to be hit with ID theft as others, the survey found.
The survey results don't prove that overall identity-based fraud is on the wane. The annual telephone survey asks consumers to self-report their incidents and costs, a method that has pitfalls, says Gartner analyst Avivah Litan. Despite the Javelin results, bank data indicate fraud is actually up in many categories, she said.
Still, Javelin CEO James Van Dyke stands by the survey, and says the identity fraud rate seems to be tightly correlated to the health of the U.S. economy. The two-year spike in ID fraud paralleled the onset of the U.S. recession, increased unemployment and decreased retail sales.
"In simple terms, when people can't buy as much, they are more motivated to commit identity theft," he said.
The rate of ID theft found in the survey for 2010 -- 3.5 percent -- is almost identical to the 2007 rate -- 3.6 percent --- suggesting the past two years were an anomaly.
"If you took the ugly last two years away, you would see a perfect straight-line decline," he said.
Credit card fraud down, debit card fraud up
The steepest drop in Javelin's study comes from simple credit card fraud, which fell from 65 percent of total cases in 2009 to 57 percent in 2010, suggesting some bank fraud controls are successful. But debit card fraud, which can be more troubling for consumers because of a lower level of guaranteed protection, jumped from 26 percent of the total to 36 percent.
This year's overall drop is dramatic even using the state of the economy – which is it is enjoying no such dramatic turnaround -- as an explanation.
Van Dyke thinks the overall drop in fraud could also be attributed to a decrease in the rate of large data breaches. Consumers who receive a notice indicating their personal information has been lost or stolen from a company they've done business with are eight times more likely to be ID theft victims, he said.
"In the past few years, we've had incidents like the TJ Maxx hacker," referring to Albert Gonzalez, who was convicted of stealing nearly 90 million credit card numbers. "Now we've seen a decrease in the volume of reported breeches."
Consumers suffered more significant financial losses, and spent more time cleaning up the mess, because criminals are committing more sophisticated identity crimes, Van Dyke suggested. Adding to their headaches, financial institutions that are struggling to find profits are cutting back on customer service, the study found, making it harder for consumers to shut off potentially compromised accounts. Only 81 percent of financial institutions have a tool that allows consumers to suspend their accounts 24 hours per day, seven days per week, down from 100 percent in 2009.
Despite the positive survey results, Van Dyke said this is no time for banks to pat themselves on the back.
"Something very good has been accomplished," he said. "Technologies are working. A lot of good stuff is going on behind the scenes. But the last thing we want to do is say is, 'It's all great now.' "
Litan, the Gartner analyst, would say just the opposite.
"It really depends on the category as to whether or not it's gone down," she said. "It's clear that debit card fraud is up substantially in 2010 across all categories measured."
Getting a true picture of fraud losses is a bit like the blind man and the elephant problem -- consumers, banks and merchants all have separate views of the issue, and separate data to contribute. Banks and merchants, meanwhile, tend to keep their fraud loss data close to the vest. But industry data that Litan has seen suggest the picture is far from rosy.
Counterfeit fraud -- where a criminal uses stolen data to fashion a counterfeit credit or debit card -- is up dramatically, she said. Some examples from data she's collected: ATM losses per active card went up about 13 percent from 2009 to 2010; mail order/telephone order fraud climbed nearly 28 percent, and signature debit card losses per card rose approximately 36 percent.
While conceding that credit card fraud could be down, debit card data from banks made her skeptical of the $19 billion overall fraud drop reported by Javelin's consumers.
"Fraud data doesn't move that dramatically," she said.
Other Javelin findings worth noting:
* In 2010, 11 states showed increases in fraud over 2009: Alabama, Alaska, Arizona, Florida, Kansas, Michigan, Nebraska, New Jersey, North Carolina, Utah and West Virginia. Six states showed decreases: California, Colorado, Missouri, Oklahoma, Vermont and Washington
* Friendly fraud -- identity fraud committed by people known to the victim, such as a relative or roommate - grew 7 percent in 2010. And friendly fraud hits the poor harder; it's more likely to affect consumers earning $50,000 or less annually.
* "Change in physical address" was the No. 1 method of account takeover reported by victims.
The Javelin research is sponsored by Fiserv, Intersections Inc. and Wells Fargo & Co.
RED TAPE WRESTLING TIPS
Prior Javelin research has shown that many consumers who receive, "We're sorry we've lost your data," notices don't bother to activate free credit monitoring offers that arrive with them. Given that such notices increase consumers' potential for becoming a victim by 800 percent, Van Dyke says consumers should take advantage of such offers.
And given the increase in debit card fraud, consumers should make sure they understand their bank's policies on refunds. While many banks extend credit-card-like protections to debit cards -- namely, a waiver of $50 liability and instant refunds -- not all do. It's important to know whether yours does before an incident occurs.
"Banks can be very different under the hood, and consumers should shop around," Van Dyke said.