For every new incident of identity theft, data loss, or online fraud, it seems as if a study has been commissioned to verify if this is a first-class threat or an exaggerated nuisance.
Depending on what you read, credit card fraud is a minor inconvenience, but cybercrime is a bigger cash crop than all illegal drugs combined.
That last statement came from Valerie McNiven, former security specialist for the World Bank and currently advising the U.S. Treasury Department on combating cybercrime. While addressing a conference on Internet security on Nov. 29th, she claimed that Internet-related crimes such as "phishing" and hacking netted over $105 billion in profits in 2004.
Major media outlets picked up on McNiven's remarks and reported them largely uncritically. But are they accurate?
A September report to the United Nations stated that the global drug trade generated $322 billion worldwide for 2004.
It's obviously difficult to effectively track profits from criminal enterprises, but if the $4 billion profit California marijuana growers enjoy is any indication, drug sales are still far and away a top-shelf source of income.
A study released on Nov. 8th by ID Analytics, a San Diego firm that specializes in fraud detection and risk management, claimed that in a compiled study of four data breaches totaling 500,000 victims, only 1 of every 1,100 customers actually had their data stolen.
The firm's co-founder, Mike Cook, claimed that alerting customers to every potential breach of their data was costly and unnecessary. Cook said that thieves actually focus on small breaches of a few hundred names, and that the larger the breach, the less likely it was that individual data records are at risk.
"If you're in a breach of 100, 200 or 250 names, there's a pretty high probability that your identity is going to be used," Cook said.
Perhaps not coincidentally, ID Analytics recently announced partnership endeavors with Visa and the Equifax credit bureau. Equifax is employing the company's "ID Score" identity verification assessment, while Visa is using a customized version of the system for authorizing its transactions.
The "ID Score" system utilizes "an empirically-derived risk assessment score that determines the likelihood of whether applicants are who they claim they are," similar to credit scores, auto insurance scores, and rental screening scores.
Given that creditors and businesses stand to lose serious profits as consumers shy away from credit and online shopping, it's not unreasonable to assume the industry will do all it can to minimize the threat of identity theft or fraud.
It's also highly lucrative to sell customers "ID theft protection" such as fraud alerts. But as in the case of the "spam charges" that hit thousands of Visa and Mastercard users recently, all the fraud protection alerts didn't stop the thieves in question from making potentially huge amounts of money in a nearly undetectable fashion.
Yet another study claims that Americans are woefully unprotected from online threats. A study commissioned by America Online and the National Cyber Security Alliance (NCSA) found that 8 of 10 home personal computers lack the basic security protections needed for Web surfing, such as a firewall, antivirus software, or a spyware detector.
The study also found that, "Nearly a quarter of online people in the United States have found themselves the target of the online con artists, and roughly one in five knows a friend or family member who has been duped."
The NCSA is a nonprofit institution that combines federal agencies such as the Department of Homeland Security (DHS) and companies such as Microsoft, eBay, and Symantec. The stated goal of the NCSA is to "[provide] tools and resources to empower home users, small businesses, and schools, colleges, and universities to stay safe online."
Perhaps not surprisingly, many of the NCSA's charter members have had their own problems with data theft and online fraud, not to mention error.
eBay had to halt an auction of a "vulnerability" in Microsoft's Excel spreadsheet program. The vulnerability could compromise the safety of a PC if utilized.
The Transportation Security Administration (TSA), a subsidiary agency of DHS, recently admitted to having mistakenly placed the names of 30,000 airline passengers on a watch list for potential terrorists.
It's essential that consumers employ smarts and skepticism when it comes to online shopping and credit card scams.
It is just as essential to not assume that studies commissioned for a particular topic are objective, that the outcome isn't engineered, or that the agencies who called for the study are infallible.
The smart Web surfer is the one who takes customer surveys the same way they use their personal information -- very carefully.