Organised cybercrime rings have spearheaded a sharp increase in identity theft, which has skyrocketed nearly 50 per cent in three years, according to a new Gartner survey.Meanwhile, the average loss per incident jumped 131 per cent, from $1,408 in 2005 to $3,257 last year, according to the poll, which surveyed 5,000 adults in the United States. Unauthorised charges placed to credit cards rose four times their 2005 average to $2,550 in 2006.
According to the study announced Tuesday, about 15 million Americans "were victimised by some sort of identity-theft related fraud" in the 12 months ending in the middle of 2006. This was up roughly 50 per cent compared to the Federal Trade Commission’s findings in 2003 that 9.9 million American adults suffered identity theft.
"One of the key trends that came out of this survey is that data breaches didn’t really exist to the scale they existed three to four years ago," Gartner analyst Avivah Litan told SCMagazine.com today. "A group of criminals out of Eastern Europe started these external hacks that led to these big breaches. They discovered weaknesses in the retailers’ payment systems."
Thieves also are employing phishing schemes and conducting online auction scams to steal identities, Litan said.
The survey shows that new account fraud, in which criminals use stolen identities to open accounts, more than doubled, from $2,678 in 2005 to $5,962 last year.
Litan said organisations, particularly those that store the personal information of customers, should recognise the shifting threat landscape and "expect" to be hacked.
"Security should no longer be treated as a basement background function," she said. "It really does take some commitment from the executive suites."
Meanwhile, software companies such as Microsoft and Cisco should focus efforts on building more secure products before they hit the market, and internet service providers (ISPs) should at least check the health of a user’s machine when they are logging onto the web.
A more far-reaching goal is that some sort of internet "identity layer" can be formed in which mutual authentication becomes the norm when users sign on to the web, she added.
"It’s not good news," Litan said of the survey. "I guess the only comfort is that the US is not alone. The same reports are coming out of Europe."