It’s the privacy version of a “man bites dog” story. During a year widely acknowledged as the worst in data leak history, when perhaps 1 billion records were stolen by hackers, the number of identity theft victims fell. And the amount of money stolen by identity criminals plummeted — at least according to Javelin Strategy and Research’s annual identity theft survey.
The reduction in number of victims was slight — from 13.1 million to 12.7 million (a 3% decrease). But the dollar damage fell from $18 billion to $16 billion, an 11% reduction that made 2014 the least expensive year for identity theft victims this decade.
Javelin’s findings are not based on actual identity theft complaints; instead, the firm uses a representative sample of 5,000 consumers to estimate the number of ID theft victims each year. It has conducted the survey for 12 years.
Give the seemingly endless parade of news stories about hacked databases, the 2014 finding seems hard to understand. But Al Pascual, Javelin’s director of fraud and security, said all the high-profile stories about data hacking actually focused attention on identity theft, which helped fraud fighters limit the damage. So far, anyway.
“We don’t want people to get a false impression,” he said. “There is still a ton of personal information, a ton of card data out there.”
And to be sure, there’s still a lot of identity theft out there. The Federal Trade Commission released its annual report on consumer gripes this week, and the agency said it received 332,000 formal ID theft complaints. That’s an increase from 2013, but all complaints to the agency increased, and identity theft stayed steady at 13% of the total — suggesting the rate of identity theft was roughly constant, a finding that’s in line with the Javelin report.
Banks, Consumers on Alert
Pascual said an expected surge of successful identity theft crimes never materialized because both banks and consumers were more vigilant this year, thanks to all the publicity around the data thefts.
For example, banks routinely canceled and reissued credit cards on a massive scale after big leaks — in the past, they often used a wait-and-see approach after card data was stolen — and that helped reduce actual fraud losses.
“Look at what happened with Target. You would have thought that would have driven fraud through the roof,” he said. “But there was a serious coordinated response …. Perhaps 2014 will be known as the year our society stood up and said, this is a serious problem.”
Even with that seemingly good news, underlying survey numbers reveal some disturbing trends, Pascual said.
For starters, consumers who said their credit card data had been stolen were three times more likely to say they’d been hit by identity theft last year than the general population. About 14% of consumers who suffered a credit card leak, or roughly one in seven, were ultimately hit by identity theft.
Javelin uses the broadest definition of ID theft — the one used by the Federal Trade Commission, which initially conducted the study — meaning simple credit card account fraud is included as identity theft.
The data also shows that new-account fraud — a much more serious crime, which entails criminals using stolen data to create new credit or lending accounts — remains an often-hidden problem for consumers. New accounts took an average of 130 days to discover, Javelin found, and one in seven victims didn’t spot the new account fraud for more than a year. One way to detect it is by monitoring your credit. You can check two of your credit scores for free every month on Credit.com.
“Compared to other kinds of fraud, it really stands out,” Pascual said.
The Javelin study also examines consumer sentiment toward companies that leak data, and this year’s findings suggest the high-profile hacks really cost large retailers by chasing away customers.
“These breaches had a great impact on consumer purchasing decisions, with 28% of fraud victims saying they avoided merchants post-fraud,” the report says. That’s more than double the number of consumers who said they were avoiding retailers victimized by hackers last year.
Javelin’s 2014 ID theft report was sponsored by LifeLock, which sells identity theft protection services.
More on Identity Theft:
- Identity Theft: What You Need to Know
- How Can You Tell If Your Identity Has Been Stolen?
- What Should I Do If I’m a Victim of Identity Theft?