A solid article in ComputerWorld tells us that data theft is getting worse. In the ongoing struggle between the security mavens and the data thieves, the bad guys are gaining ground. They are getting more shrewd at targeting victims, even buying marketing lists to hone in on the affluent. They are also careful to avoid being caught. They will wait often a year before utilizing purloined information, and often use only parts of a stolen identity so as to keep the victim from canceling all his accounts. Furthermore, the popularity of social networking plays straight into the fraudsters’ hands, making it easy for them to gather information and distribute malware innocuously.
The figures cited are sobering: identity theft up 50% since 2003, 2.5 million credit card numbers stolen online, phising up 20% in the last year, more than 158 million records of US residents exposed, and according to Gartner, the costs of identity theft doubled last year.
Except for one. Despite evidence of growth on both axes – activity and per incident cost – a consulting firm, Javelin Strategy and Research, claims that:
….prevention and awareness by both consumers and businesses helped reduce the number of adult victims of identity fraud in the U.S. from 8.9 million in 2005 to 8.4 million in 2006, and the dollar amount of fraud dropped 12% from $55.7 billion to $49.3 billion.
Now how could anyone defend such a patently ridiculous finding? Simple. If you look at Javelin’s website, it serves the payments and financial services industry. Who has the most to lose from tougher legislation to prevent identity fraud and make insufficiently careful organizations liable for the losses? The payments and financial services industry.
Although this is a baldfaced example of garbage-in, garbage out, industry-serving PR dressed up as research, it’s far from the most extreme. My favorite was the study by the University of Maine that concluded that lobsters really didn’t mind being boiled alive.