Feeds

Pollster says ID fraud less costly than we thought

Most attacks relatively trivial

The essential guide to IT transformation

Here’s a riddle for you: what’s the cost of identity theft and so-called “cybercrime” in Australia on an annual basis? If you answer “I don’t know”, you’re probably as close as most people.

The latest data to be lobbed into the discussion is here, from Essential Research. Of its survey respondents – 995, the study had the same sample as its latest political poll – 10 percent of Australians have experienced online fraud of some kind, sixteen percent have had their credit card stolen, and just one percent have experienced identity “theft”.

The average self-reported loss from some kind of computer crime was $310, with 23 percent of respondents reporting loss between $100 and $500.

Unfortunately, the methodology doesn’t give us quite enough to extrapolate the data to the national level, for a few reasons: it’s impossible to state the overlap between the key financial attacks (credit card theft and identity theft); and the study didn’t differentiate between online and offline attacks (for example, the credit card might have been in a stolen wallet).

Unlike Crikey’s Bernard Keane’s analysis, I’m not going to bump the figure up to take into account multiple events happening to one person. However, I am going to treat each incident as distinct – in other words, I won’t try to de-duplicate the data on the assumption that one attack put someone into two categories (for example, identity theft leading to online fraud).

The cumulative total of all computer-related crimes, according to the Essential data, is a little over $AU2.8 billion – and that’s not constrained by a time period (the research didn’t say “in the last twelve months”), if the data is extrapolated only to Australia’s 15.9 million adults (ABS 2011 census).

The really notable datum in the research is “identity theft”, which was reported by just one percent of respondents and would extrapolate out to around $AU37 million. Even if identity theft, online fraud and computer fraud are taken together, the value is only $AU1.4 billion.

Even without singling out the inflated values claimed by computer security firms like Norton or Symantec, this result seems to suggest that even moderately-disinterested data sources overstate the case. The ABS, for example, put the number at $AU1.4 billion for 2010-2011. Its figure for ID theft was lower than Essential’s, at 0.3 percent, in line with lower credit card fraud (3.7 percent) and scam victims (2.9 percent) – but the ABS reported a considerably higher per-incident loss (average $AU2,000).

Yet last year, Suncorp’s preferred number for ID theft alone was $AU3 billion annually, while Austrac believed the figure was $AU1 billion back in 2003.

What are we to make of all this?

Well: the biggest problem with Essential’s research is the small sample size – but that only means there’s a margin of error a little over 3 percent.

There is, however, one major gap in the Essential data: it looks at the cost to the responding individuals, and does not include the charge-back costs borne by the credit industry, for fraudulent transactions that have to be reversed. I don’t call this an “omission” on Essential’s part – but it does mean that the data isn’t sufficient to draw an economy-wide conclusion. ®

Next gen security for virtualised datacentres

More from The Register

next story
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
Germany 'accidentally' snooped on John Kerry and Hillary Clinton
Dragnet surveillance picks up EVERYTHING, USA, m'kay?
Linux kernel devs made to finger their dongles before contributing code
Two-factor auth enabled for Kernel.org repositories
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.