When Hurricane Sandy slammed into New Jersey in October of 2012, it became the second-costliest hurricane in U.S. history. One disaster-modeling firm estimated the insured losses alone at $20 billion.
While it generates fewer headlines, identity theft also wreaks havoc on its victims’ lives—their credit and finances, their sense of security and privacy, and their ownership over who they are. In the United States, annual losses from identity fraud are estimated to total $20.9 billion according to the research firm Javelin Strategy. This is a Hurricane Sandy-sized hit to the economy every year.
For more than a decade, identity theft has topped the list of consumer complaints to the Federal Trade Commission. One in every 20 U.S. adults -- 12.6 million Americans -- was affected by identity fraud in 2012. Every three seconds, someone falls victim to identity theft. Federal and state governments, along with the business community, have done much to address the problem. For example, federal agencies’ use of Social Security Numbers - one of the key pieces of information sought by identity thieves - has decreased significantly. Thanks to federal legislation, victims can now obtain restitution for the time spent recovering from identity theft. Beefed up enforcement efforts have brought to justice thousands of identity thieves over the past decade.
These encouraging signs, however, come with an enormous caveat: identity fraud still plagues Americans daily, and much more remains to be done. Regulators, law enforcement, and consumers should resist the temptation to declare current identity theft rates an acceptable status quo. Indeed, there are several factors to suggest that we are on the cusp of a resurgence in identity theft.
First, with the Internet becoming ever more essential to commerce, there is now more sensitive information for hackers and fraudsters to compromise. Thus, the raw fuel for identity theft –stolen credit card numbers, social security numbers, and other important personal data – is more widely available than ever. Since 2005, the non-profit Privacy Rights Clearinghouse has recorded more than 4,000 data breaches: more than one per day for nine straight years. One conservative estimate put the number of records compromised over the past decade at 1.1 billion. Recent reports indicate that due to a glut of stolen identities, cyber-thieves have cut the price of a U.S. identity to a mere $25.
Second, identity thieves themselves are becoming craftier and more ambitious. Modern identity theft rings are finely tuned moneymaking criminal enterprises. Numerous black markets for stolen personal data exist online. Some even advertise 24/7 help desk support! Thanks to the openness of the Internet, these criminals are often beyond the reach of U.S. law enforcement.
Finally, the uses for stolen identities are changing. Once, credit card and bank fraud were the preferred choice for monetizing stolen identities. Today, the hottest target for identity thieves is actually Uncle Sam. The use of compromised identities to obtain tax refunds fraudulently has grown and was the source of nearly half of all consumer identity theft complaints last year. Medical identity theft, in which stolen personal information is used to obtain health care services, is also a growing concern among consumer advocates.
The changing nature of identity theft demands a rethinking of federal policy. For starters, Congress should pass a long-stalled national standard for data breach notification, modeled on state laws that have been proven effective. Given the cross-border nature of much of identity theft, another key goal of U.S. foreign policy should involve enhancing international cooperation between law enforcement agencies. Lawmakers should explore ways to limit consumer liability for losses stemming from identity theft. Consumer protections in the credit and debit card space may offer a roadmap for such reforms.
It is imperative that stakeholders in the fight against fraud keep their eyes on the ball. Americans are increasingly aware of the risks as more of our friends and loved ones fall victim. While much has been accomplished, we are still far from safe and must remain ever vigilant.
Breyault is the vice president of Public Policy, Telecommunications and Fraud at the non-profit National Consumers League and director of the Fraud.org consumer education campaign. The continuing fight against identity theft will be examined at the “State of ID Theft” conference on December 12, 2013 in Washington, DC. For more information,click here.