Here you have a complete list of identity theft facts and statistics worldwide, updated to 2022.
Everything you need to know to avoid being the next one!
How did I make it?
By consulting the most renowned identity theft and fraud national and international organizations.
I gathered the latest data (2021-2022, if available) in diverse areas of interest – for example, tendencies, types of attacks, impact, and what we’re doing about it (or should) in different parts of the globe.
I then sorted facts and statistics by thematic: Stolen Data, The Identity Theft Zoo, Risk Groups, Impact, and What Are We Doing?
I’ll explain the main concepts at the beginning of each section.
The last sections are relevant for your security.
Don’t forget to look at them!
Stolen Data
Identity thefts are on the rise, but this isn’t shocking.
COVID-19 pandemic accelerated the digitalization of the world.
We are now more online than ever.
Attackers too!
But why would someone bother stealing your credit card number?
The cold truth is that identity theft attacks are one of the easiest to cash out.
For example, by using your card details for online shopping.
Even worse, these criminals are rarely caught.
Let’s start by analyzing how data is stolen.
1. Phishing Is the Most Common Way Attackers Try to Retrieve Your Data
But how does phishing work?
An attacker sends you an email with harmful components and/or a specially crafted text.
What’s the goal?
To trick you into replying or clicking a malicious link, revealing sensitive information in any case.
Or even retrieving your credentials!
You may think: this can’t happen to me.
But imagine.
You receive an email from an address like the one of your bank, telling you something related to your account.
It has the same formatting as your bank’s emails.
And it’s urgent.
In fact, according to Verizon Data Breach Digest, 90% of all data breaches involve phishing.
The “art” of tricking a victim has a name: Social Engineering.
Phishing is just one example.
There are plenty of books, tools, and techniques.
Other ways an attacker may retrieve your data include:
- Infecting your devices with malware. For example, via a malicious website
- Calling you on the phone, disguising as your boss
- Putting a camera in an ATM
- Even dumpster diving!
2. Fraud and Scams Usually Come By Email (43%) or Phone (28%)
2. Fraud and Scams Usually Come By Email (43%) or Phone (28%)
These are the results found by the European Commission 2020 report.
Online communication channels account for more than 50% of scams, including online advertisements (11%).
Researchers found attack channels differed considerably depending on the target’s characteristics like education and habits.
Attackers managed to reach their victims via online channels for the people who were:
- younger
- higher educated
- frequently online buyers
Those who were less active online reported being reached most by phone — for example, people who were 55+ years old.
3. Formjacking, The New Trend for Stealing Your Data
Formjacking consists of injecting malicious Javascript code on a website’s forms.
It scrapes personal information.
Once a user submits its data, the malicious code collects and transfers it to another server.
This data can be your credit card details.
Symantec detected and blocked 3.7 million formjacking attempts just in 2018, according to its 2019 Internet Security Threat Report.
But the numbers kept rising.
In Q1 2020, Symantec found 7,836 compromised websites.
Around 200 more than the previous quarter.
4. 56 Records Are Compromised Every Second Worldwide!
Or 7 million compromised records per day.
According to the Breach Level Index, over 9.7 billion data records were lost or stolen globally from 2013 to 2020.
That big number is the result of data breaches and cybercrimes.
The average gives the calculated values.
5. The US Is the Country With the Greater Quantity of Stolen Records per Capita. It Surpasses Second Place, South Korea, by More Than 4 Times!
6,219,819,956 recorded cases from 2013 to March 2020.
About 19 records per person.
The US is a highly populated country.
It is one of the most developed in technology, having lots of IT companies providing services worldwide.
That could be one of the reasons for the high nefarious numbers.
Similar is the case for the following countries in the list.
China and India are the second and third in absolute quantity of stolen records.
That makes sense because they also have a big technology industry.
Why didn’t they make it into the top 20 per capita?
The population is one possible reason.
China’s data security laws are deemed to be of the highest priority.
They also enforce a publicly known censorship.
India’s cybersecurity laws are in the other extreme; too lax.
In either extreme, other reasons for the statistic could be:
- Not proper detection of the breaches
- A better protection system
- The non-disclosure of all breaches
6. More Than 11 Billion Records Were Stolen Between 2008 and 2020 Just in the US. That Is More Than 20 Times the US Population!
According to the Identity Theft Resource Center (ITRC), there were 164 million exposed records in 2019.
And data breaches increased by 17% in 2020.
7. High Profile Companies Are Also Victims
These companies usually have better security.
Yet, they’re also more targeted by more dangerous attackers.
A misconfiguration in an average company may remain unnoticed, as the hackers will be looking for a bigger prize.
Some examples:
- More than 280 million Microsoft customer records were left unprotected on the web this year.
- In 2020 occurred the biggest personal data leak in Brazilian history. From Serasa Experian, the leading Brazilian credit-scoring bureau. 220 Million people’s data got exposed. That’s almost all the population of the country! Although the authorities didn’t confirm the hack, the data appeared in darknet forums for sale.
8. At Least a Half-Billion Records Were Stolen in 2021 Worldwide
9. The EU Registered a 19% Increase of the Data Breaches Year per Year Since the Application of the General Data Protection Regulation (GDPR)
There were 281,000 data breach notifications from the application of GDPR in 2018 to January 2021, according to DLA Piper.
The law sought to give a framework to protect private information.
It may seem the GDPR didn’t affect the breach’s rising tendency.
But this law is, without doubt, a key step for a more secure world.
Companies will improve their security standards.
The metrics will improve in the future.
10. Germany (77,747), Netherlands (66,527), and UK (30,536) Were the Most Breached Countries
In the statistics per capita for the year 2020, the ranking changes:
- Denmark (155.6)
- Netherlands (150)
- Ireland (127.8)
Greece, Italy, and Croatia reported the fewest number of breaches per capita.
11. Data Breaches Are on the Rise in the US Too: It Is Predicted a New All-Time High by This Year’s End
Data breaches are up 38% in Q2 2021 compared with Q1.
“We are seeing a growing number of phishing attacks, ransomware attacks, and supply chain attacks,” said Eva Velasquez, president and CEO of the Identity Theft Resource Center.
That is pointed to as the reason for the increased numbers.
12. The Most Stolen Data Are Emails and Passwords
The statistic also comes from the Breach Level Index report of all known breaches between 2013-2020.
Attackers may use the stolen data to extort a victim, sell it, or impersonate and commit fraud.
Be careful with the data you share on the internet!
13. Identity Theft Is the Most Common Consequence of a Data Breach. It Occurs More Than Half of the Time!
The last statistics on data breach incidents distribution is from 2018.
The results of this report are similar to previous ones.
Existential data breaches involve sensitive company assets, like intellectual property.
Nuisance attacks are those in which just a username and affiliation were compromised.
14. Around 208 Million People in 10 Countries Have Experienced Identity Theft in the Last Twelve Months
NortonLifeLock research surveyed over 10,000 adults from:
- US
- Australia
- France
- Germany
- India
- Italy
- Japan
- Netherlands
- New Zealand
- UK
A quarter of all the 208 million became victims, suffered material losses and or emotional distress.
You can check here the statistics for each country.
15. There’s a New Identity Theft Victim Every 2 Seconds in the US!
There were close to 1.4 million reports of identity theft in 2020.
What’s more shocking is that it’s a 73% increase compared to 2019.
One of the proposed reasons is the rise in online presence due to pandemics.
16. Identity Scams Were the Most Commonly Reported Scam in the US in 2020, Surpassing the Second Place by Around 3 Times!
Imposter scams involve attackers tricking a victim into sending them money.
It’s similar to what the European Commission defines as Monetary Fraud.
17. 1/3 of US People Had Experienced Identity Theft
These are the findings of the Proofpoint User Risk report.
These numbers are more than three times that of German and French citizens.
And over two times more than the global average!
However, we will see other studies reporting the same or higher rates in Europe.
The report indicates US people are less careful about exposing their personal information.
We could say that every US citizen has likely been a victim of ID theft or know someone who has.
18. One in Three Europeans Have Experienced Identity Theft
The numbers in Europe are higher compared with the Proofpoint User Risk report mentioned in fact #17.
The statistics here come from the European Commission Survey on Scams and Fraud Experiences by Consumers for 2018-2019.
The monetary scam was the most encountered type of fraud in Europe at 39%.
Identity theft ranked second at 33%.
Another 23% of consumers reported buying scams.
Check some example situations to understand better what involves each category:
- Buying Scam
- You ordered free or cheap products or services, but it turned out you were tricked into a costly monthly subscription.
- You bought what you thought was a good deal, but you never received the goods/service, or they turned out to be fake or non-existent.
- You received a fake invoice for products you hadn’t and you were asked to pay the cost.
- Identity Theft
- Someone pretending to be from a legitimate organization, such as a bank, contacted you. You were asked to provide (or confirm) personal information.
- Monetary Fraud
- Someone promised you would receive a good, a service, a rebate, or an investment gain if you transferred or invested money.
- You bought tickets for an event, concert, or travel. But it turned out the tickets weren’t genuine and/or you never received them.
- You received notification of a lottery/competition win. But you were informed you would need to pay a fee or buy a product to collect your prize.
Data breaches are up 38% in Q2 2021 compared with Q1.
“We are seeing a growing number of phishing attacks, ransomware attacks, and supply chain attacks,” said Eva Velasquez, president and CEO of the Identity Theft Resource Center.
That is pointed to as the reason for the increased numbers.
12. The Most Stolen Data Are Emails and Passwords
The statistic also comes from the Breach Level Index report of all known breaches between 2013-2020.
Attackers may use the stolen data to extort a victim, sell it, or impersonate and commit fraud.
Be careful with the data you share on the internet!
13. Identity Theft Is the Most Common Consequence of a Data Breach. It Occurs More Than Half of the Time!
The last statistics on data breach incidents distribution is from 2018.
The results of this report are similar to previous ones.
Existential data breaches involve sensitive company assets, like intellectual property.
Nuisance attacks are those in which just a username and affiliation were compromised.
14. Around 208 Million People in 10 Countries Have Experienced Identity Theft in the Last Twelve Months
NortonLifeLock research surveyed over 10,000 adults from:
- US
- Australia
- France
- Germany
- India
- Italy
- Japan
- Netherlands
- New Zealand
- UK
A quarter of all the 208 million became victims, suffered material losses and or emotional distress.
You can check here the statistics for each country.
15. There’s a New Identity Theft Victim Every 2 Seconds in the US!
There were close to 1.4 million reports of identity theft in 2020.
What’s more shocking is that it’s a 73% increase compared to 2019.
One of the proposed reasons is the rise in online presence due to pandemics.
16. Identity Scams Were the Most Commonly Reported Scam in the US in 2020, Surpassing the Second Place by Around 3 Times!
Imposter scams involve attackers tricking a victim into sending them money.
It’s similar to what the European Commission defines as Monetary Fraud.
17. 1/3 of US People Had Experienced Identity Theft
These are the findings of the Proofpoint User Risk report.
These numbers are more than three times that of German and French citizens.
And over two times more than the global average!
However, we will see other studies reporting the same or higher rates in Europe.
The report indicates US people are less careful about exposing their personal information.
We could say that every US citizen has likely been a victim of ID theft or know someone who has.
18. One in Three Europeans Have Experienced Identity Theft
The numbers in Europe are higher compared with the Proofpoint User Risk report mentioned in fact #17.
The statistics here come from the European Commission Survey on Scams and Fraud Experiences by Consumers for 2018-2019.
The monetary scam was the most encountered type of fraud in Europe at 39%.
Identity theft ranked second at 33%.
Another 23% of consumers reported buying scams.
Check some example situations to understand better what involves each category:
- Buying Scam
- You ordered free or cheap products or services, but it turned out you were tricked into a costly monthly subscription.
- You bought what you thought was a good deal, but you never received the goods/service, or they turned out to be fake or non-existent.
- You received a fake invoice for products you hadn’t and you were asked to pay the cost.
- Identity Theft
- Someone pretending to be from a legitimate organization, such as a bank, contacted you. You were asked to provide (or confirm) personal information.
- Monetary Fraud
- Someone promised you would receive a good, a service, a rebate, or an investment gain if you transferred or invested money.
- You bought tickets for an event, concert, or travel. But it turned out the tickets weren’t genuine and/or you never received them.
- You received notification of a lottery/competition win. But you were informed you would need to pay a fee or buy a product to collect your prize.
19. The UK, Ireland, and Denmark Are the Most Affected Countries in Europe
In these countries, around half of the survey respondents experienced identity theft!
Denmark and Ireland are also in the top 3 for buying scams and monetary fraud.
We can see from the data that Western Europeans fell into scams or fraud more often than people from the east.
20. UK Identity Theft Reaching More Than “Epidemic Levels” in 2020
In 2017, the Cifas fraud prevention organization announced that identity fraud in the UK was reaching “epidemic levels.”
Fraud incidents were occurring at a rate of 500 per day.
The situation was worse in 2020, with an increase of a third.
Notably, 42% of reported offenses sought to obtain a credit card.
21. Incidents of Identity Fraud Also Spiked Massively in Canada in 2020
Reports of this offense didn’t even make it to the 2019 top 10 list.
In 2020, identity theft arrived at the second position with 16,970 complaints!
The Canadian Anti Fraud Center is the source.
The Identity Theft Zoo
This brief video is the best I found for giving you a complete panorama of what we are covering next in detail.
What do attackers do with the stolen data?
Identity theft attacks may use different types of leaked data to perform a wide range of actions.
We can sort them by their association with:
- Credit Cards: Criminals use the personal information of others to either use their credit cards or get a new one. Attackers usually cash out by online buying.
- Employment: Criminals steal information to be employed by a specific company.
- Taxes: Stolen data is used to file income tax returns gaining a monetary advantage.
- Phone/Utilities: The aim is to open utility and telecom accounts. By doing this, the fraudster gets access to free memberships for public utilities. The actual invoices are sent to the owner of the personal data.
- Banks: Stolen data is used to open new bank accounts and credit lines. Or even to seize control of a person’s account! This last one is also known as Account Takeover.
- Loan/Leases: For obtaining loans and leases. The criminal won’t have to pay back the debt nor the interest associated with it. The victim will be contacted for debt repayment.
- Government documents/benefits: Let’s share a recent example. Attackers used fraudulent data for getting Covid-19 Stimulus payments in the US.
22. Around 3 of 4 Card Fraud Attacks Involve Remote Purchases
UK Finance organizes payment card fraud losses into five categories:
- Remote purchase (card not present)
- Counterfeit
- Lost and stolen
- Card not received
- Card ID theft
There was a rise in the number of cases of remote purchase fraud in 2020.
And it has driven the overall increase in fraud volumes.
Lost and stolen card fraud losses fell significantly due to the restrictions in movement as a result of the pandemic.
Intelligence suggests remote purchase fraud comes from data theft.
Recent methods involve impersonating trusted organizations, such as the government and the National Health Service (NHS).
An example, asking people to enter their card details to book a COVID-19 vaccine.
23. Fraud Attempts Are Higher During Holidays
Experian’s survey found that around 25% of Americans were victims of identity theft or fraud during the holidays.
Going into detail, this occurred when:
- Using a credit card shopping at a retail store (22%)
- Shopping online during the holidays (21%)
- Shopping on Cyber Monday (15%)
24. Person-to-Person (p2p) Account Theft Frauds up 733% In the Period 2016-2019!
From 2016, more sophisticated and organized criminals shifted focus from counterfeiting credit cards.
The new goal; taking over accounts using as the getaway method real-time P2P.
The source is the 2020 Javelin ID Fraud Study.
How does this particular scheme work?
- The attacker performs an account takeover.
- With the stolen credentials in hand, fraudsters transfer funds with a compromised card loaded into a mobile app.
- Then, they send P2P payments to a mule account.
- Lastly, they cash out somewhere else.
25. Account Takeovers up 72% On 2020
Javelin Strategy & Research provides the following reasons:
- Technological advancements made it easier for criminals to manipulate and socially engineer information.
- It is harder to detect account takeovers without additional security infrastructure.
- Criminals work quickly — 40% of all fraudulent activity associated with an account takeover occurs within a day.
But these numbers hide a bigger one.
Attempted account takeovers rose by 282% between 2019 and 2020!
26. New Account Fraud up 88% In 2020
What is a New Account Fraud?
It describes the transactions made on a bank account opened to commit fraud.
That is done by pretending to be a legitimate customer, usually using stolen data.
Source: Federal Trade Commission (FTC)
27. Students Loan Identity Theft Had Its Highest Increase in 2019
FTC Consumer Sentinel Report indicated an increase of 119% between 2018 and 2019.
The high cost of education in the US could be one of the motivations behind this type of fraud.
28. Government Benefits Identity Theft Increased 2,920% Over 2020!
The statistic is also from the FTC report.
That makes government benefits fraud the top reported type in 2020.
Credit card fraud accounted for over 393,000 reports, putting it at a close second place.
Federal, state, and city governments provided financial help to Americans during the Coronavirus pandemic.
In particular, the program named “Federal Stimulus Payment” asked for data easy to provide… or to fake by impostors.
This way, the attackers made it to steal the identities of the people who most needed help.
But stealing federal stimulus payments is just one of all the COVID-19 scams going around.
Others include:
- Impersonating government agencies, as the Centers for Disease Control
- Fake delivery services
- Donations to fake aid organizations
- Fake Zoom invitations for password stealing
- Bogus Offers for Vaccinations and Home Test Kits
29. Deceased Identities Were Stolen per Year: 2.5 Million (US)
Identity thieves also target the recently departed.
They can retrieve personal information from public obituaries.
Stolen IDs can be used for gaining social security benefits, open a line of credit, and more.
Stealing a dead person’s identity is commonly referred to as “ghosting.”
Ghosting often goes unnoticed for months or years.
ID Analytics conducted the research.
Risk Groups
Have you ever played roulette?
A Cheval is when you bet on two numbers at the same time.
You have a 2/36 chance of winning.
Well, the odds of being a victim of identity theft are higher than winning that.
Yet, statistics show that certain groups are more vulnerable than others.
But beware!
It doesn’t matter if you don’t belong to any risk group.
You should take care in any case.
30. Millennials, The Most Affected Age Group
44% of 2020 US identity fraud reports were from people between the ages of 20 and 29.
13% were from people aged +70.
Equifax reports confirm that young adults are prime targets for fraudsters.
According to Equifax Canada, nearly half of all suspected fraud applications are 18 to 34 years old.
Cifas statistics in the UK also put young adults in first place.
Some specialists point out that this age group needs more education on online protection and safe practices.
However, it makes sense they are more targeted by identity theft attacks.
Their presence online and usage of digital services is higher than all the others age groups.
31. Older People Lose 4x More Money When Victims of ID Theft
Younger adults lose money to fraud more often.
However, the median loss per incident is around 4 times higher for the +70 age group.
Experts say seniors are more vulnerable to scams.
Why?
Because they are often more trusting, have more savings, and monitor their credit and financial accounts less.
32. More Than One in Four Older Adults Have Experienced Identity Theft
33. Children Are Targeted 51 Times More Than Adults!
Carnegie Mellon CyLab analyzed the theft rates from the same security breach population in the US.
10.2% (4,311) of 42,232 minors’ Social Security numbers had loans, property, utility, and other accounts associated with them.
Just 633 of the 347,362 adults had someone else using their Social Security number.
Attackers use child IDs to purchase homes and automobiles, open credit card accounts, secure employment, and obtain driver’s licenses.
According to the Identity Theft Resource Center, 1.3 million children’s records are stolen every year.
Foster children have an even greater risk.
The researchers remark two main reasons why children are targeted: they haven’t credit history, and no one is looking.
In most cases, no one knows a child’s identity has been stolen until they grow up.
When they apply for a student loan for their first apartment, they receive a terrible surprise.
34. Social Media Users Have a 46% Higher Risk of ID Theft
Javelin Strategy found that people who use Facebook, Instagram, and Snapchat were more vulnerable to identity theft.
We can see from the Federal Trade Commission reports that social media as an attack vector is rising year by year.
Social media account takeovers are on the rise too.
However, users are starting to be more careful about sharing personal information in these channels.
We will cover these statistics in the following sections.
35. Military Consumers Are Also Frequently Victims of Identity Theft. And It Is Getting Worse
FTC found these types of identity fraud going up sharply in 2020 for people in the forces:
- Government benefits (1,455%)
- New bank accounts (91%)
- Tax fraud (190%)
- Business/Personal loan (117%)
It’s harder for the military in active duty to track and protect their accounts.
Also, consumers report that creditors often send notices to old addresses.
This way, delaying their ability to act on warning signs, such as bills from unknown creditors or unexpected credit card charges.
36. 73% of Victims of Identity Theft Hold an Advanced Educational Degree
Experian’s analysis found that targets also usually:
- Live in densely populated metro areas with high wealth (+43%)
- Are interested in Tennis (+85%) and Politics (+71%)
The percentages are compared with a general population of credit applicants.
2021 Identity Theft Center Aftermath Findings confirmed this demographic profile.
37. Victims of Identity Theft Usually Fall Victim Again
According to the 2021 Aftermath, the rate of repeated victims is also growing.
21% in 2018, 28% for 2019, and 29% for 2020.
Impact
Losing money is just one of the possible outcomes.
The paperwork after being a victim of a scam demands time and effort.
Your financial image gets damaged.
You won’t feel good, and that can also affect your family and friends.
38. $0.50 per Card Is the Minimum Price of a Stolen Credit Card’s Data on Dark Web Marketplaces
39. US Consumers Lost $3.3 Billion Due to Fraud in 2020
FTC made the study.
This amount of loss represents an increase of 80% compared to 2019.
But numbers could be higher.
Javelin Strategy & Research 2021 Identity Fraud Study indicates $56 billion total losses.
Consumers and businesses combined.
Another study performed by Aite Group says even higher numbers.
$502.5 billion losses for identity theft in 2019, increasing 42% to $712.4 billion in 2020.
Forecasting another increase in 2021 to $721.3 billion.
Most of it related to the US COVID Stimulus payment.
You can check the data updated to date here.
41. Victims Lose $311 per Fraud on Average
That is the average fraud loss, according to 2020 FTC reports.
The median loss was 320% in 2019.
42. It Usually Takes More Than 100 Hours to Deal With the Impacts of an Identity Theft
Based on Aite Group’s online survey of 8,653 US consumers in December 2020.
30% of all the respondents had to spend this time.
Other respondents:
- Between 11 to 40 hours (18%)
- Between 3 to 10 hours (17%)
We can see several complaints in Reddit forums.
People have waited for months, and yet their bureaucratic problems aren’t solved.
43. Most People Under 40 Say They Would Have No Idea What to Do if Their Identity Was Stolen
The statistic comes from the 2021 Norton Cyber Safety Insights Report; 62% of respondents in this age group responded that.
Including all age groups, we see a more confident overall population; the average of no-idea-what-to-do is 37%.
In a different study performed by Equifax in Canada, we can see a similar statistic.
60% of millennials say they wouldn’t know what to do.
44. Identity Theft Impacts Your Emotional Health
In 2018, the Identity Theft Resource Center made one of the first studies on the topic titled “The Aftermath: The Non-Economic Impacts of Identity Theft.”
Logically, people will feel bad after suffering identity theft.
But emotional impacts can go even further:
- 77.3% of victims reported increased stress
- 54.5% experienced more fatigue and decreased energy
- Over 45% of victims felt they couldn’t trust family members
- 55% noted newly-developed trust issues with friends
- 66% experienced fear regarding their financial security
- 53% felt a sense of powerlessness or helplessness
- 7% reported feeling suicidal
Later studies by the same institution show improvement in some metrics, probably due to the sad fact that people are more used to this situation.
45. 40% Of Victims Couldn’t Pay Their Usual Monthly Bills in 2021
The Pandemic doesn’t make things easier for victims of identity theft.
46. 26% Of Victims Needed to Borrow Money From Family or Friends
The statistic is also from the 2018 Aftermath study.
Other dire consequences:
- 22% had to take time off work
- 15.3% of respondents had to sell possessions
- 6.7% obtained a payday loan
What Are We Doing?
We will probably never get rid of all identity theft occurring in the world.
But there is a lot of room for improvement.
From the states and businesses side, for example, with laws and security policies.
And from the user side, informing ourselves and acting according to the best security practices.
47. EUR272.5 Million Worth Fines Have Been Imposed in the EU Following Data Protection Laws
The fines seek to punish companies for not properly securing people’s data.
The mentioned law is the GDPR.
It’s interesting to note that the countries penalizing more are in the group of the less breached.
Check fact #10.
The highest GDPR fine was EUR50 million by France on Google.
For alleged infringements of GDPR’s transparency principle and lack of valid consent.
48. Counterfeit Credit Card Fraud Declined 75% After New EMV Chip Technology Deployment in the US
The study by Visa Inc. shows counterfeit credit card fraud dropping from December 2015 to March 2018.
EMV chip technology generates a unique code each time it’s used in a transaction at a POS.
Attackers can still produce counterfeit cards, but without this code, they are useless.
That doesn’t protect against all kinds of attacks.
For example, against fraudulent online transactions or if cards are used in non-compliant hardware.
Still, it’s a great improvement.
49. Credit Card Fraud Down Again in Australia in 2020
The Australia Payments Network reports spending on payment cards is up, and card fraud is down for the second consecutive year.
By type of scam:
- Counterfeit/skimming fraud fell by 14.2%
- Lost and stolen card fraud fell by 37%
- Card-not-present fraud (CNP) fell by 7.28%
CNP represents mainly online transactions.
This didn’t happen by chance.
EMV technology has been in place since 2014.
Also, the CNP Fraud Mitigation Framework took effect in July 2019.
It’s an industry initiative targeting online card fraud using a range of fraud detection and prevention measures.
50. Fraud Losses Related to UK Cards Also Fell 7% In 2020
The losses totaled £574.2 million in 2020 and £620.6 million in 2019.
Banks and card companies could also stop worth £983 million card fraud attempts.
That’s a parameter growing from 2019.
UK Finance says banks are using a system described as a global digital identity tool.
Some characteristics of this system:
- It analyses billions of real-time transactions across many countries. That is coupled with additional data like device, geographical, behavioral, and threat intelligence input.
- Uses tracking technology for identifying money mule accounts.
- Enforces all payment providers to use multi-factor authentication since 2019.
- Uses technology that allows banks to identify the different sound tones that every phone has and the environment where they are. That is done to combat fraudulent phone calls.
- Uses software that monitors how consumers type and swipe on their devices. Or how they hold it in terms of grip. All of this when logged into banking apps.
These statistics go in line with the 2021 Experian Report.
It says 80% of UK businesses have a digital online identity strategy for customer recognition on average.
26% more since the start of the pandemic.
51. Small Businesses Often Store Private Information That Could Be Exposed
According to a CSID survey, 52% of small businesses didn’t invest in cyber risk mitigation.
They said they believed they weren’t storing any private information.
Yet, 68% store at least email addresses.
The lack of money and human resources complicate the situation more.
According to this 2019 research by Ponemon Institute, nearly 77% of businesses claimed not having the personnel to secure their records and systems properly.
Around 55% indicate they lack the budget to invest in better protection.
On the other side, big companies allocate a big budget to security but get hacked too (fact #7).
52. 87% Of Consumers Exposed Their Personal Information When Using Public Wi-Fi
The statistics are from Norton Wi-Fi Risk Report.
People access email, bank accounts, or financial information on untrusted networks.
And without any protection.
That is due to misinformation:
- 60% feel their personal information is safe when using public Wi-Fi
- 53% can’t tell the difference between a secure and an insecure public network
This potential risk is easy to prevent by using a Virtual Private Network (VPN).
Yet, 75% stated not using one.
53. 38% Of Consumers Are Limiting More Their Information on Social Media
Statistics by 2021 NortonLifeLock.
Also, 48% are creating stronger passwords.
54. 62% Of UK Consumers Say Online Security Is Their Top Priority
Experian 2021 Report also found consumers are:
- Acknowledging different methods for authentication more secure than a password
- Disposed to abandon an online transaction if needing to wait more than 30 seconds for security checks
55. 79% Of Users Admit Sharing Their Passwords
That exposes people more to identity theft.
The survey by The Zebra found more worrying statistics:
- 39% of consumers use the same password for every service!
- Just 13% were worried about identity fraud
Re-using passwords in different services is risky.
An attacker compromising one of your accounts would have access to all.
Trying your leaked password in all your services is a popular attack technique nowadays.
Its name is Credentials Stuffing.
56. 80% Of Europeans Who Experienced Fraud Don’t Report It to an Official Authority
Understandably, people may feel powerless after an identity theft scam.
But not informing the authorities makes it more difficult to prevent future attacks.
Or even to catch the criminals.
Why aren’t people reporting it?
The main reasons given were:
- 34% said because there was no or little financial/emotional harm
- 23% felt it wouldn’t make a difference
- 13% didn’t know whom to report
Making things worse, 2021 Aftermath statistics show 40% of people having problems when going to report.
For example, they found:
- Authorities asking to provide proof of what happened
- Officials simply not taking the report
- Officials asking to report it to other jurisdictions or organization
57. 37% Of People Discover They Fell Victims of Identity Theft in Less Than a Week. Around 28% Discover It in More Than a Year
That is an improvement from last year’s reports.
However, the 2021 Aftermath study still shows most people needing months to find out they were victims of identity theft.
And, for example, as we have seen before, account takeovers plus cash out can occur in less than one day.
58. Most People Discover Identity Theft by Checking Their Bank Account Details
The most usual ways people found out their identities were stolen, according to the 2021 ITRC Aftermath:
- Checking credit report (42%)
- Noticing fraudulent charges in their account (41%)
- Receiving a not owed bill (35.9%)
- Receiving a contact by credit card or bank institution about suspicious activity (26.9%)
- Receiving a contact by a collection agency or similar about late or unpaid bills (24.4%)
59. 23% Of Fraud Victims Don’t Get Reimbursed for Their Losses
Javelin found that this percent didn’t get their money back in 2018.
The number is three times higher than in 2016.
60. Cyber Insurance Market Continues Growing, +21% Expected for 2021
According to Finaria.
About cyber insurance claims: 75% involve clauses related to breach incident response and crisis management.
The Hiscox Cyber Readiness Report 2019 showed 41% of firms from Europe and the United States had already adopted cyber insurance.
61. Only 3 in Every 1000 Cybercrimes Reported Lead To an Arrest
Third Way think tank researched about the matter in 2018.
Even worse, as we mentioned, most cybercrimes aren’t reported.
Counting that, the numbers are even lower: under 0.05% (5 in every 10,000).
In contrast, nearly 45% of violent crime and 16% of property crime suspects are arrested.
We can conclude: identity thieves are more likely to walk away unpunished from their crimes.
Prevent Identity Theft
Attackers are not taking a rest, and you shouldn’t either!
My grandmother used to say, “prevention is better than cure.”
Here is a list of best practices and tips to have in mind to remain safe:
- Limit the information you share on Social Media. Especially your financial details!
- Don’t share your passwords. Nor have them written or displayed visibly on your desk.
- Don’t reuse your passwords. It exposes you to credentials stuffing.
- Use a Password Manager. Human-generated passwords tend to be easy to predict or hard to remember if too complex!
- Use Multi-Factor Authentication. That will prevent an attacker from taking over your account if it gets your password!
- Prefer biometric authentication methods.
- Check that your personally identifiable information and/or credentials don’t appear in data breaches. Here you can find if your email or phone number has been leaked and in which breaches.
- Be careful where you click when browsing. Big tags displaying “Click Here” and promising access to incredible things usually lead to malware.
- Try to access only secure HTTPS encrypted websites. You will recognize them by the closed lock icon:
- Are you unsure if a website is trustworthy? Check here.
- Use a VPN or don’t input your personal information when using Public WiFi.
- Be skeptical about the emails you receive. If an email from your bank arrives, confirm the address really belongs to your bank service.
- Check the identity of who is calling you. For example, you receive a call from an unknown number saying it’s your bank. Don’t provide any details. Check their number on their official website, and call them back there.
- Monitor your credit reports and transactions.
- Beware of any strange signs in ATMs. Like strange small objects, uncommon things on the keyboard, anything! If you detect something unusual, don’t use it. Also, choose ATMs in visible locations, preferably the ones protected inside a building.
- For your children:
- Teach them about online behavior. For example, to politely refuse if someone asks for personal information.
- Check if your children have a credit report.
- Keep their documents in a safe place.
- Don’t share your children’s personal information unless necessary.
- Don’t share birthdays and addresses in obituaries. That will protect your deceased loved ones.
- Consider using Identity Theft protection services. They may provide, for example, automated credit status checking.
- Ask for help. If you aren’t sure about something, get another opinion from a trusted friend or family member, or do some research.
What to Do if You Are a Victim
If you happen to fall victim to identity theft, it’s important you know how to remediate the situation.
Take the following recommendations into account:
- Place a Freeze or Fraud Alert in your Credit reports.
- Report all lost or stolen documents to the organizations that issued them; passports, driving licenses, credit cards, and checkbooks.
- Report it to the police. This report will act as a declaration of your innocence and help start an investigation.
- Contact the proper authorities depending on the kind of stolen data and your location.
In the US:
- Submit a report about the theft to the Federal Trade Commission’s website. Or call the FTC’s toll-free hotline at 1-877-IDTHEFT (438-4338).
- Contact the Identity Theft Resource Center (ITRC) for free assistance. Call toll-free 888-400-5530 or check their Help Center.
- If you are the victim of medical ID theft, notify your insurer and medical providers, get copies of your medical files and ask to have them corrected. You can also consider filing a health privacy complaint with the US Department of Health & Human Services online or calling 1-800-368-1019.
- If you are a victim of Tax ID theft, you can contact the IRS Identity Protection Specialized Unit at 800-908-4490.
In Canada:
- Contact the Canadian Anti-Fraud Center (CAFC). They provide advice and assistance to victims. Call 1-888-495-8501 or visit their website.
In the UK:
- Contact CIFAS, the UK’s Fraud Prevention Service, to apply for protective registration.
In EU:
- You can report it to EUROPOL.
Wrap Up
Identity thefts aren’t ending soon.
But by informing ourselves and being attentive, we can create a safer world.
Thank you for reading!
Share this article with friends and family to protect your loved ones.
