Active Online Users 4X More Likely to Be ID Theft Victims: Study

It stands to reason that people who spend a lot of time on the internet are at greater risk of identity theft than those who do not. But how much greater? A study released Monday quantifies it.

The analysis by ID Analytics, a subsidiary of Lifelock, found that consumers who have a high degree of online exposure are four times more likely to fall victim to identity theft than the general population.

The company, which maintains data on millions of identity theft victims, pulled out profiles of a few thousand known victims as well as 100,000 random people. It built a model to predict who among the 100,000 had their identities stolen, based on patterns observed in the known victims.

Using an online aggregator, ID Analytics gathered all the information it could find on those 100,000 people on websites, social media sites, blogs, and public records. ID Analytics counted the number of times a person's name, address, and phone number appeared on social websites and public records, and how many variations of that information popped up. Those the model predicted were at highest risk had many social media profiles online and appeared on several websites of any kind. The correlation makes sense, since the more places one's personal data appears on the Internet, the more places from which it can be swiped.

"What was surprising to us was the sheer number of addresses out there," said Stephen Coggeshall, chief analytics and science officer at ID Analytics. "The more addresses and historical addresses we found for you, the more likelihood you were a victim."

While some of this is outside consumers' control, "consumers should give careful thought to how much they're deliberately putting out there and they should explore the extent to which they're out there even without their actions--public records and that sort of thing," Coggeshall said. "There are methods people can use to reduce their exposure online."

Lifelock, of course, is one; the company provides identity fraud protection services for consumers and businesses. But there are many others, including Identity Guard, Identity Force, Trusted ID and myFICO.

Coggeshall recommended being careful about what you post online, using reputable sites like LinkedIn and consolidating to a smaller number of social media profiles.

The most sensitive data fields, the research found, are Social Security number and date of birth.

"That is one that frequently is inadvertently revealed on social sites, where people will say 'happy birthday' on your Facebook page, for instance," Coggeshall said.

Consumers increasingly prioritize convenience over security and privacy, which will likely lead to rising amounts of fraud in the coming years, Coggeshall said.

"Think about how often you read user agreements when you download an app," he said. "Nobody reads those things, which spell out how your data is going to be used. People say they want privacy and security, but irrationally give up all that for simple convenience."

For reprint and licensing requests for this article, click here.
Bank technology Cyber security
MORE FROM AMERICAN BANKER