Organized cybercrime rings have spearheaded a sharp increase in identity theft, which has skyrocketed nearly 50 percent in three years, according to a just-released Gartner survey.
Meanwhile, the average loss per incident jumped 131 percent, from $1,408 in 2005 to $3,257 last year, according to the poll, which surveyed 5,000 adults in the United States. Unauthorized charges placed to credit cards rose four times their 2005 average to $2,550 in 2006.
According to the study announced Tuesday, about 15 million Americans "were victimized by some sort of identity-theft related fraud" in the 12 months ending in the middle of 2006. This was up roughly 50 percent compared to the Federal Trade Commission’s findings in 2003 that 9.9 million American adults suffered identity theft.
"One of the key trends that came out of this survey is that data breaches didn’t really exist to the scale they existed three to four years ago," Gartner analyst Avivah Litan told SCMagazine.com today. "A group of criminals out of Eastern Europe started these external hacks that led to these big breaches. They discovered weaknesses in the retailers’ payment systems."
Thieves also are employing phishing schemes and conducting online auction scams to steal identities, Litan said.
The survey shows that new account fraud, in which criminals use stolen identities to open accounts, more than doubled, from $2,678 in 2005 to $5,962 last year.
Litan said organizations, particularly those that store the personal information of customers, should recognize the shifting threat landscape and "expect" to be hacked.
"Security should no longer be treated as a basement background function," she said. "It really does take some commitment from the executive suites."
Meanwhile, software companies such as Microsoft and Cisco should focus efforts on building more secure products before they hit the market, and internet service providers (ISPs) should at least check the health of a user’s machine when they are logging onto the web.
A more far-reaching goal is that some sort of internet "identity layer" can be formed in which mutual authentication becomes the norm when users sign on to the web, she added.
"It’s not good news," Litan said of the survey. "I guess the only comfort is that the U.S. is not alone. The same reports are coming out of Europe."
Click here to email reporter Dan Kaplan.