Many of you have serious reservations about conducting on-line transactions, and often associate identity theft with IT geniuses hacking into computer networks. We really can’t turn a blind eye to technological development and its close connection to the emergence of new techniques for exploiting personal information. However, identity theft transcends the virtual world, and it often hits much closer to home.
A survey conducted by the Office of the Privacy Commissioner shows that one Canadian out of six has been the victim of some form of identity theft. More than 90% of Canadians report that they are concerned about identity theft.
Benoît Dupont, the Canada Research Chair in Security, Identity and Technology at l’Université de Montréal, and his colleague Guillaume Louis have published a report which offers a profile of identity thieves and examines the way they work. The resulting highlights are alarming. “Identity thieves: a common delinquency profile” reports that 1.7 million Canadians were affected by identity theft in 2008, and that 340,000 Quebeckers fell victim to this type of crime the previous year. A report released by the McMaster eBusiness Research Centre in 2008 confirmed these figures and showed that victims spent more than 20 million hours and $150 million resolving problems associated with these crimes (Sproule and Archer, 2008Footnote 1).
The 90% of Canadians who report that they are concerned with identity theft have reason to worry! Dupont and Louis recently produced a profile of what they call “ordinary” offenders. This profile is more frightening than organized crime or the virtual profiles we tend to associate with “identity thieves.”
Not saying that we should underestimate cyberspace in light of this finding; it plays a considerable role nonetheless. More than 45% of cases of identity theft involve Internet use. However, the way “offenders” use the World Wide Web is not as significant as we might think in terms of acquiring the victim’s personal information. On the contrary, it plays a greater role in actually committing fraud. However, at issue here is understanding, first and foremost, how identity thieves acquire information, if not on-line. Who are these identity thieves?
The Université de Montréal research team based its work on 574 news articles collected from January to June 2008, containing 195 instances of identity theft involving 422 offenders. It identified ordinary individuals who use strategies that vary widely in terms of sophistication. The following highlights complete the profile of these ordinary individuals:
[Translation]
“ Women account for nearly 40% of offenders. We believe that this strong presence can be attributed to the absence of violence inherent to this sort of crime and the possibility of committing the crime without help from an accomplice.
Identity thieves are relatively older than other offenders; the average age is 33 years. The oldest offender identified in our database was 67 years old.
Offenders acted alone in the majority of cases (64.6%), which seems to contradict the theory of extensive involvement by organized crime in this type of offence. ”
The approach to committing theft is as ordinary as the thief’s profile. It’s a far cry from hacking into computer networks: 53.4% of incidents involve the theft of wallets and purses, and fraud. The proportion of professionals who use the personal information they collect about their clients, patients, or beneficiaries for their own benefit accounts for 28.3% of identity theft.
But why steal identities? Simply because it’s easy! According to Dupont, identity theft is attractive because of the low risk involved and the ease of carrying on this activity. Fears of increased popularity are fuelled by the economic crisis and the direct profits that can be made (US$26,000 on average). Identity theft has one of the fastest growing crime rates seen in recent years (Finklea, 2009Footnote 2).
An increasing number of measures are taken to give Canadians the tools they need to prevent identity theft and to encourage businesses and government organizations to properly protect the personal information they store.
Nonetheless, in reality, day-to-day vigilance is necessary above all else.