Reuters has a good story today on the rate of recorded incidents of ID fraud:

Thanks to signs of a burgeoning economic recovery, identity theft declined dramatically in 2010, but unlucky victims were forced to pay more out-of-pocket when defrauded, according to a survey by Javelin Strategy & Research released Tuesday.

The number of identity fraud victims decreased by 28 percent last year, bringing the total number of victims down to 2007 levels. Total annual fraud also decreased from $56 billion to $37 billion — the smallest dollar amount in the past eight years the study has been conducted.

The reason? Researchers found an almost-perfect inverse relation between the state of the economy and identity fraud. “The fraud incidence rate (has) almost a perfect inverse correlation to retail sales,”  says James Van ***, president and founder of Javelin. “As criminals have less money to spend on stuff, they are more likely to turn into identity criminals.”

image

The decline is also attributed to fewer reported data breaches — just seven percent of U.S. consumers received notice their personal information was exposed to a data breach last year. Researchers note increasingly stringent creditworthiness guidelines from financial institutions also helped the decline in identity fraud, along with, an increase in online and mobile monitoring of financial accounts and an increase in the use of protection services.

This is an interesting trend.  The incidence of fraud seems to start in 2007 and peak in 2009 which is right when the recession was in its maximum.  The idea behind this is that economic conditions often are conditions where crime flourishes, and there is some truth to that assessment.  However, I am unaware of any statistics that identify these types of correlations between cyber crime and economic activity.

In the spam world, we definitely saw spam drop in 2010 and especially after Christmas, although it picked up again in early January.  But even if these statistics are true, what could account for this drop in fraud?  Here are some thoughts and theories: (not having to do with improving economic conditions):

  • Cyber fraud where attackers steal your information due to electronic theft is down because of better anti-abuse technologies.  You may hate Microsoft but the fact is that Windows 7 (and Windows Vista, upon which security was modeled) has reported far, far less vulnerabilities than its predecessor Windows XP.  As more consumers upgrade out of XP and onto 7, the vulnerability landscape to steal credentials has decreased.  It is more difficult to steal passwords when antimalware vendors and more secure software makes it more difficult.

    Yet the problem here with this theory is that it does not account for the reality that strains of malware are on the increase, and massively on the increase.  If more secure software was making things better then why do we keep seeing more and more infections and new strains of malware every day?  It must be profitable if people keep making them, which means that they keep on being successful at stealing what they need to steal.

  • But on the other hand, maybe cyber criminals are moving onto other types of fraud like click fraud which doesn’t require stealing credentials, it just means that they need to manipulate the system in order to make money.  Rather than impersonate someone else, they cut out the middle man in order to increase their income.

  • And finally, maybe cyber fraud is only a small proportion of total overall fraud.  If normal fraud constitutes 85% of all all fraud (for example) and it decreased by 20%, and cyber fraud is 15% but increased by 50%, then that results in an overall drop in fraud by 10% even though one segment is growing faster.  Thus, conventional types of fraud may be masking the up and coming players.

Anyhow, those are my random thoughts on the subject.