Had your ID stolen? No need to panic

Having your credit card details stolen or your personal details exposed online may not be quite such a disaster after all, according to new analysis by US fraud experts.

Analysis firm, ID Analytics has looked at data breaches at four separate companies, covering approximately half a million identities, and found that even in the most dangerous type of “identity-level” breaches, where names and Social Security numbers were stolen, the risk of falling victim to fraud was as low as around 1 in 1000.

According to News.com, ID Analytics found that fraudsters had an even harder time with stolen credit card details.

That's because the cards are usually quickly canceled and because piecing together an identity based on the information on the card is hard work. Not one of the card breaches it studied resulted in a subsequent identity takeover.

The reason it seems fraud rates are actually so low comes down to a simple matter of time. Whilst fraudsters may lack many of the characteristics you’d associate with decent human beings, they still need to eat and sleep like the rest of us.

According to ID Analytics:

As an example, it takes approximately five minutes to fill out a credit application. At this rate, it would take a fraudster working full-time – averaging 6.5 hours day, five days a week, 50 weeks a year – over 50 years to fully utilize a breached file consisting of one million consumer identities. If the criminal outsourced the work at a rate of $10 an hour in an effort to use a breached file of the same size in one year, it would cost that criminal about $830,000.

In effect, the bigger breach, the less chance you have of becoming a victim of identity theft fraud . Whilst it is encouraging news lets hope it doesn’t encourage an attitude of complacency amongst businesses and consumers.

That’s why ID Analytic’s suggestion that consumer’s should not always be notified when data breaches have occurred – as is the law in California – because it will create unnecessary alarm is more controversial.

Unless a data breach is going to hit a company’s bottom line, whether through damage to the brand image, or the cost of the notification process itself, then there is going to be little incentive for them to improve their security processes.

For my part, I’ll still keep looking out for those phishing emails, keep my anti-virus and spyware software up-to-date, and use my judgement when paying by credit card online.