By Roy Urrico
Finopotamus aims to highlight white papers, surveys and reports that provide a glimpse as to what is taking place and/or impacting credit unions and other organizations in the financial services industry.
The Identity Theft Resource Center (ITRC), a national nonprofit organization established to support identity crime victims, recently released its 2022 Trends in Identity Report, supported by IdentityIQ. The report revealed a similar number of identity crimes — such as compromise, theft and misuse — as in 2021. In 2022, for example, there were 14,817 ID crime cases as compared to 14,947 in 2021, a decrease of less than 1%.
The second annual study breaks down trends in identity in 2022 and the first quarter of 2023. based on contacts from nearly 15,000 reports to the ITRC of identity compromises, misuse or abuse from individuals across the country.
“In the year since the Identity Theft Resource Center published our first Trends in Identity report, the identity crime landscape has changed. Some of the changes have been dramatic, like the shift away from transparency in data breach notices,” said Eva Velasquez, president and CEO of the ITRC.
She added, “But, one thing has not changed: There are too many victims of identity compromise and misuse and too few resources to help them.”
Breaking Down Identity Crime
ITRC advisors open three types of cases when contacted by a victim: identity misuse (actual and attempted), identity compromise or prevention.
Misuse refers to evidence that a person’s identity information was — or is — actively misused by criminals. The ITRC also tracks attempts to misuse identity information. Compromise refers to the exposure of personal information and at misuse risk, but where no abuse occurred. Prevention denotes a request for information.
Some ITRC findings include:
· Identity misuse, in general, was primarily due to account takeover or new account creation in 2022. Forty-six percent of misuse cases reported were non-governmental and non-financial accounts; 40% affected financial accounts of which 44% involved credit card accounts and 33% banking accounts.
· Most reported identity misuse utilized existing account takeovers (61% 3,637 victims).
· Second to account takeover was misuse related to new account creation (32%, 1,889 victims). This type of misuse impacted 70% of state accounts, 52% of financial accounts, 38% of federal accounts, and 12% of non-government/non-financial accounts.
· Fifty-five percent (8,199) of identity crime cases targeted compromised credentials. Forty percent 5,961 of reported cases resulted from credential misuse, and 1% (220) of reported cases came from victims receiving notifications about attempted but unsuccessful misuse of their credentials.
· Of all new accounts created by identity criminals in 2022, 62% were financial accounts, 17% were non-government/non-financial accounts, 14% were state accounts, and 7% were federal accounts.
· A Google Voice scam (61%, 4,081 victims) was the top reported scam.
Complexity of ID Crimes Grows
For more than two decades, Velasquez explained that the ITRC did not publish findings gleaned from the identity crime victims and concerned consumers who contacted the organization each day. “As the complexity and sheer volume of identity crimes grew over time, so did our belief that we needed to share the trends we saw in their earliest stages.”
In 2021, the ITRC said it highlighted the dramatic growth in social media account takeover. “What started as a handful of reports of being locked out of Facebook or Instagram accounts in 2021 quickly grew into a trend that ITRC research determined in 2022 had far-reaching financial impacts on individuals and small businesses,” Velasquez noted.
In the 2021 Trends in Identity Report, ITRC noticed identity thieves exploiting social media to offer money-earning opportunities. “In 2022, thieves started to shift their tactics. Misusing information stolen through data compromises more often,” said Velasquez. Most concerning was the increase in reports of Social Security number misuse to gain employment and by individuals committing crimes.
Cybercriminals also target driver’s license accounts to help commit identity fraud. Victims contacting the ITRC shared how identity thieves misused their stolen driver’s license information to obtain auto loans, and open new bank and cell phone accounts, among other criminal actions.
Criminals Move On to 2023
While the trends report focused mainly on 2022 statistics, it takes note of current trends. Specifically, the following information was aggregated in the first quarter of 2023:
· The number of overall contacts grew in the first quarter 2023 compared to the same period in 2022.
· The number of victims who contacted the ITRC for assistance regarding multiple compromised accounts grew, while the number of people reporting just one compromised account dropped by 10 percentage points.
· More victims contacted the ITRC due to the compromise of personal information than misuse by nearly 20 percentage points.
· People requesting preventative information surged.
