Breach, Data Security, Incident Response, TDR

Gartner analyst: identity theft a bigger problem than FTC study indicates

A Federal Trade Commission (FTC) report, which indicates that identity theft among Americans decreased during 2005, is flawed, according to a Gartner analyst who reported significantly different findings earlier this year.

The FTC report, which found that 8.3 million adults, or 3.7 percent of Americans over the age of 18, were victimized by ID theft in 2005, drew immediate skepticism from security experts, including AvivahLitan, a Gartner senior analyst and vice president.

Litan authored aFebruary report concluding that 15 million Americans were victimized by somesort of identity theft-related fraud in the 12-month period endingAugust 2006. Those figures represent a more than-50 percent increasesince 2003.

But the FTC report, which surveyed 2,917 people between March 27 and June 11, 2006, showed a dramatic decrease from the 10 million the FTC reported in 2003.

"Both the FTC and Gartner conducted consumer surveys on identity theft in roughly the same time frame, using the same survey firm but different instruments, and we received vastly different numbers," Litan told, explaining that the FTC's survey was phone-based, while Gartner's was conducted online. "Consumer surveys have proven to be unreliable methods for gathering absolute numbers on identity theft, although they are useful in ascertaining fraud trends.”

Litan added that different survey methodologies – phone-based, mail-based or web-based – used by the same firms have yielded drastically different results, even when the polls are conducted during the same time frame.

"Further consumer surveys give an incomplete picture of identity theft losses, since they do not include fraud that occurs when thieves simply make up fictitious identities in order to steal money,” she said.

Gartner's study concluded that the average loss per incident jumped 131 percent -- from $1,408 in 2005 to $3,257 last year -- while unauthorized charges placed to credit cards rose four times their 2005 average to $2,550 per incident in 2006. The report surveyed 5,000 adults in the United States.

Joel Winston, director of the FTC's Division of Privacy and Identity Protection, defended the agency's statistics, saying, "Synovate [the company both the FTC and Gartner relied on for their surveys] makes clear in its report to the FTC that the data is sensitive to the methodology used and the size and composition of the sample. For example, a relatively small number of survey respondents can have a large effect on the results."

"This is true for all of the other surveys of this type," he said. "It is not surprising that different surveys produce different results, although there is no statistically significant difference in the prevalent numbers between the 2003 and 2005 Synovate/FTC surveys. The bottom line, however, is that identity theft remains a big problem, victimizing millions of Americans each year."

Meanwhile, a report from the Ponemon Institute, a policy research firm, indicates that data breaches cost companies $197 per lost customer record in 2007, up from $182 in 2006. The largest cost increase was seen in lost business opportunity, including losses related to customer "churn" and acquisition, which rose from $96 in 2006 to $128 in 2007, according to the report, sponsored by security vendors PGP and Vontu and conducted by Ponemon.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.