Stolen Wallets, Not Hacks, Cause the Most ID Theft? Debunked: Via Threat Level

A new report from Javelin Research is getting attention for its extraordinary claim that data breaches are responsible for only a tiny minority of identity theft cases, compared to lost wallets and other low-tech exposures. But a closer look at Javalin’s numbers casts serious doubt on the company’s conclusions.

The stat that’s getting the most buzz in Javelin’s 2009 Identity Fraud Survey Report (.pdf) comes from identity theft victims’ responses to the survey question, “How was your information obtained?”  Only 11%  of the respondents said it was lost in an online transaction, and another 11% said it was stolen in a data breach. Some 43% blamed a lost or stolen wallet. Here’s Javelin's chart.

"Despite the hefty blame  -- largely perpetuated by the media -- placed on the Internet and cyber-crime, online identity theft methods (phishing, hacking and malware) only accounted for 11% of fraud cases in 2008. The truth is, most known cases of fraud occur through traditional methods, when a criminal has direct, physical access to the victim’s information," claims the report.

Damn you media! It’s time to stop this incessant hyping of the data breaches that have compromised information on hundreds of millions of consumers. Obviously, stolen wallets are the real epidemic. 

But the 11% stat crumbles on even a casual inspection. That’s because it's from a sub-sample of victims  who know how their information  was stolen. The fine print reveals that the vast majority --  65% of identity theft victims surveyed -- have no idea how their data was lost, and so they weren’t included in the chart.

If one were to add them back in, the chart would look like this.

What does Javelin think is in that giant black slice of pie? Garbage theft? Psychics gone bad? Or might it have something to do with the hackers and cashers who keep getting caught with magstripe encoders, stolen credit card data and Hefty bags filled with cash stuffed in their closets?

One thing is certain: that 65% includes nobody who was mugged, pick-pocketed or lost their wallet. Those consumers know exactly how their information was stolen. So however you slice it, they represent a small minority of identity theft victims -– not the majority Javelin claims.

I’d bet that 65% includes most victims of reported data breaches.
It unquestionably cabins most victims of skimming attacks, and every single victim of an unreported or undetected data breach.

Read Original Article ( Via Threat Level. )