Sources of identity theft
Despite the hefty blame – largely perpetuated by the media – placed on the Internet and cyber-crime, online identity theft methods (phishing, hacking and malware) only accounted for 11% of fraud cases in 2008.
Javelin Strategy & Research, 2009 Identity Fraud Survey Report: Consumer Version
Millions of credit card numbers are routinely lost to cyber-criminals from the data breaches that are becoming more and more common. There's even a thriving underground economy in the credit card numbers that are compromised by these data breaches. But what are cyber-criminals doing with these credit card numbers? They must be using them in some profitable way, or they wouldn't be willing to pay for them. A recent report by Javelin Strategy & Research, their 2009 Identity Fraud Survey Report: Consumer Version, has some data that's hard to reconcile with this.
Javelin's survey suggests that most victims of identity theft have their identity stolen in ways that don't cyber-criminals don't use. The results of their survey is shown below. Curiously, their survey shows that the most common way for identity theft to happen is through lost or stolen wallet with data breaches in a distant fourth place.
So how do we find a way to believe both that millions of credit card numbers are being lost in data breaches and that these credit card numbers only account for a small fraction of identity theft? I'd guess that the stolen credit card numbers are being used and people don't even know it. If that's true, that's even more disturbing that the fact that the credit card numbers are being stolen.