A solid article in ComputerWorld tells us that data theft is getting worse. In the ongoing struggle between the security mavens and the data thieves, the bad guys are gaining ground. They are getting more shrewd at targeting victims, even buying marketing lists to hone in on the affluent. They are also careful to avoid being caught. They will wait often a year before utilizing purloined information, and often use only parts of a stolen identity so as to keep the victim from canceling all his accounts. Furthermore, the popularity of social networking plays straight into the fraudsters’ hands, making it easy for them to gather information and distribute malware innocuously.
The figures cited are sobering: identity theft up 50% since 2003, 2.5 million credit card numbers stolen online, phising up 20% in the last year, more than 158 million records of US residents exposed, and according to Gartner, the costs of identity theft doubled last year.
Except for one. Despite evidence of growth on both axes – activity and per incident cost – a consulting firm, Javelin Strategy and Research, claims that:
….prevention and awareness by both consumers and businesses helped reduce the number of adult victims of identity fraud in the U.S. from 8.9 million in 2005 to 8.4 million in 2006, and the dollar amount of fraud dropped 12% from $55.7 billion to $49.3 billion.
Now how could anyone defend such a patently ridiculous finding? Simple. If you look at Javelin’s website, it serves the payments and financial services industry. Who has the most to lose from tougher legislation to prevent identity fraud and make insufficiently careful organizations liable for the losses? The payments and financial services industry.
Although this is a baldfaced example of garbage-in, garbage out, industry-serving PR dressed up as research, it’s far from the most extreme. My favorite was the study by the University of Maine that concluded that lobsters really didn’t mind being boiled alive.
Yves Smith 
Posts
August 21, 2007 | written by Bruce Cundiff
Naked capitalism — the emperor has no clothes…no seriously
Saw this blog today (I was a first time visitor), questioning the research methodology for our ID Fraud survey. In the end, I had to laugh…oh the irony.
The kicker in this is that the blogger is inherently questioning our research findings point blank (I especially liked the part where he referred to them as “patently ridiculous”) without any knowledge or understanding of our research methodology.
I’ve got no problem whatsoever discussing, defending, and debating our research. It’s what we do, and it’s what we do well. If someone has a problem with our findings (and people do..no bones about that), they should at least give us the courtesy of actually reviewing the methodology before spouting “patently ridiculous” platitudes and the like. Oh wait…that might take some effort.
I’m likely overreacting, but I take my work seriously. It’s blatantly obvious that the blogger has a preconceived notion about ID Fraud trends, and no amount of rigorously gathered data and analysis behind that data is going to sway that notion.
I guess I can take solace in the fact that said blogger is not in charge of risk an fraud mitigation at my bank (or any bank that I might have invested in…). Otherwise I would have to question the way the bank is handling its ID fraud issues.