Feeds

Pollster says ID fraud less costly than we thought

Most attacks relatively trivial

Securing Web Applications Made Simple and Scalable

Here’s a riddle for you: what’s the cost of identity theft and so-called “cybercrime” in Australia on an annual basis? If you answer “I don’t know”, you’re probably as close as most people.

The latest data to be lobbed into the discussion is here, from Essential Research. Of its survey respondents – 995, the study had the same sample as its latest political poll – 10 percent of Australians have experienced online fraud of some kind, sixteen percent have had their credit card stolen, and just one percent have experienced identity “theft”.

The average self-reported loss from some kind of computer crime was $310, with 23 percent of respondents reporting loss between $100 and $500.

Unfortunately, the methodology doesn’t give us quite enough to extrapolate the data to the national level, for a few reasons: it’s impossible to state the overlap between the key financial attacks (credit card theft and identity theft); and the study didn’t differentiate between online and offline attacks (for example, the credit card might have been in a stolen wallet).

Unlike Crikey’s Bernard Keane’s analysis, I’m not going to bump the figure up to take into account multiple events happening to one person. However, I am going to treat each incident as distinct – in other words, I won’t try to de-duplicate the data on the assumption that one attack put someone into two categories (for example, identity theft leading to online fraud).

The cumulative total of all computer-related crimes, according to the Essential data, is a little over $AU2.8 billion – and that’s not constrained by a time period (the research didn’t say “in the last twelve months”), if the data is extrapolated only to Australia’s 15.9 million adults (ABS 2011 census).

The really notable datum in the research is “identity theft”, which was reported by just one percent of respondents and would extrapolate out to around $AU37 million. Even if identity theft, online fraud and computer fraud are taken together, the value is only $AU1.4 billion.

Even without singling out the inflated values claimed by computer security firms like Norton or Symantec, this result seems to suggest that even moderately-disinterested data sources overstate the case. The ABS, for example, put the number at $AU1.4 billion for 2010-2011. Its figure for ID theft was lower than Essential’s, at 0.3 percent, in line with lower credit card fraud (3.7 percent) and scam victims (2.9 percent) – but the ABS reported a considerably higher per-incident loss (average $AU2,000).

Yet last year, Suncorp’s preferred number for ID theft alone was $AU3 billion annually, while Austrac believed the figure was $AU1 billion back in 2003.

What are we to make of all this?

Well: the biggest problem with Essential’s research is the small sample size – but that only means there’s a margin of error a little over 3 percent.

There is, however, one major gap in the Essential data: it looks at the cost to the responding individuals, and does not include the charge-back costs borne by the credit industry, for fraudulent transactions that have to be reversed. I don’t call this an “omission” on Essential’s part – but it does mean that the data isn’t sufficient to draw an economy-wide conclusion. ®

The smart choice: opportunity from uncertainty

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.