Measuring Identity Theft (Version 2.0)
Author(s): Chris Jay Hoofnagle
Abstract: There is no reliable way for consumers, regulators, and businesses to assess the relative rates of identity fraud at major financial institutions. This lack of information prevents a consumer market for bank safety from emerging. As part of a multiple strategy approach to obtaining more actionable data on identity theft, the Freedom of Information Act was used to obtain complaint data submitted by victims in 2006 and 2007 to the Federal Trade Commission. This complaint data identifies the institution where impostors established fraudulent accounts or affected existing accounts in the name of the victim. The data were aggregated and used to create comparative fraud ranks at leading banks.
This analysis faces several challenges that are described in the methods section. This version incorporates and is substantially improved by comments provided on versions 1.0 and 1.5 of this report, incorporates new data from 2007, and shifts focus from identity theft at top banks to events at all types of companies.
In 2007, fraud events where the victim could identify the institution associated with the incident, were concentrated among a relatively small number of companies. Just ten companies accounted for 30% of events. Verizon was identified by victims more than any other company as being targeted by impostors to commit fraud. AFNI, a collections agency, was next in total number of events. Bank of America improved dramatically over its 2006 numbers, while ING Bank and American Express remained top performers among large institutions.
Keywords: privacy, security, identity theft, reporting