If some of the numbers being cited about identity theft are to be believed, it's just a matter of time before some unseen cyberhustler steals...

Share story

BOSTON — If some of the numbers being cited about identity theft are to be believed, it’s just a matter of time before some unseen cyberhustler steals your name, empties your bank account and wrecks your financial reputation. You can almost hear the maniacal laughter.

By some measures, one in five Americans has been hit. Another common statistic is that 10 million people fall victim every year.

Making matters even scarier, new laws in California and other states have forced companies to essentially tell all consumers when their personal data have been compromised — even if the files have not been maliciously used.

In response, Congress is considering bills to restrict the flow of personal information. And identity-theft-monitoring services have sprung up that can cost consumers well over $100 a year.

Most Read Stories

Unlimited Digital Access. $1 for 4 weeks.

But while it’s important to be vigilant against this potentially devastating crime, it also appears identity theft is too broadly defined and often misunderstood.

As a result, some experts say, lawmakers and companies might be misdirecting their anti-fraud energies. Overly fearful consumers could be unnecessarily avoiding doing business on the Web.

Too often overlooked, many analysts argue, are savvy “synthetic” fraud schemes that frequently don’t directly victimize individual consumers. In such schemes, criminals invent fictitious identities and use them to ring up phony charges. By some estimates, this accounts for three-quarters of the money stolen by identity crooks.

“There’s a lot of fraud that is not being identified as fraud, not being measured accurately,” said Anne Wallace, executive director of the Identity Theft Assistance Center, an industry-funded group that helps victims resolve fraud problems for free. “It’s written off as bad debt. It’s bad debt because the guy didn’t exist.”

To understand the risks we really face, it’s worth analyzing the statistics.

Multiple surveys have found that around 20 percent of Americans say they have been beset by identity theft. But what exactly is identity theft?

The Identity Theft and Assumption Deterrence Act of 1998 defines it as the illegal use of someone’s “means of identification” — including a credit card. So if you lose your card and someone else uses it to buy a candy bar, technically you have been the victim of identity theft.

Of course, misuse of lost, stolen or surreptitiously copied credit cards is a serious matter. But it shouldn’t force anyone to hide in a cave.

Federal law caps our personal liability at $50, and even that amount is often waived. That’s why surveys have found that about two-thirds of people classified as identity-theft victims pay nothing out of their own pockets.

The more pernicious versions of identity theft, in which fraudsters use someone else’s name to open lines of credit or obtain government documents, are much rarer.

Consider a February survey for insurer Chubb of 1,866 people nationwide. Nearly 21 percent said they had been an identity-theft victim in the previous year.

But when the questioners asked about specific circumstances — and broadened the time frame beyond just the previous year — the percentages diminished. About 12 percent said a collection agency had demanded payment for purchases they hadn’t made. Some 8 percent said fraudulent checks had been drawn against their accounts.

In both cases, the survey didn’t ask whether a faulty memory or a family member — rather than a criminal — turned out to be to be the culprit.

So what about the claim that 10 million Americans are hit every year, a number often used to pitch credit-monitoring services? That statistic, which would amount to about one in 22 adults, also might not be what it seems.

The figure arose in a 2003 report by Synovate commissioned by the Federal Trade Commission. A 2005 update by Synovate put the figure closer to 9 million.

Both totals include misuse of existing credit cards.

Subtracting that, the identity-theft numbers were still high but not as frightful: The FTC report determined that fraudsters had opened new accounts or committed similar misdeeds in the names of 3.2 million Americans in the previous year.

The average victim lost $1,180 and wasted 60 hours trying to resolve the problem. Clearly, it’s no picnic.

But there was one intriguing nugget deep in the report.

Some 38 percent of identity-theft victims said they hadn’t bothered to notify anyone — not the police, not their credit-card company, not a credit bureau. Even when fraud losses purportedly exceeded $5,000, the kept-it-to-myself rate was 19 percent.

Perhaps some decide that raising a stink over a wrongful charge isn’t worth the trouble. Even so, the finding made the validity of the data seem questionable to Fred Cate, an Indiana University law professor who specializes in privacy and security issues.

“That’s not identity theft,” he said. “I’m just confident if you saw a charge that wasn’t yours, you’d contact somebody.”