Feeds

Pollster says ID fraud less costly than we thought

Most attacks relatively trivial

Protecting against web application threats using SSL

Here’s a riddle for you: what’s the cost of identity theft and so-called “cybercrime” in Australia on an annual basis? If you answer “I don’t know”, you’re probably as close as most people.

The latest data to be lobbed into the discussion is here, from Essential Research. Of its survey respondents – 995, the study had the same sample as its latest political poll – 10 percent of Australians have experienced online fraud of some kind, sixteen percent have had their credit card stolen, and just one percent have experienced identity “theft”.

The average self-reported loss from some kind of computer crime was $310, with 23 percent of respondents reporting loss between $100 and $500.

Unfortunately, the methodology doesn’t give us quite enough to extrapolate the data to the national level, for a few reasons: it’s impossible to state the overlap between the key financial attacks (credit card theft and identity theft); and the study didn’t differentiate between online and offline attacks (for example, the credit card might have been in a stolen wallet).

Unlike Crikey’s Bernard Keane’s analysis, I’m not going to bump the figure up to take into account multiple events happening to one person. However, I am going to treat each incident as distinct – in other words, I won’t try to de-duplicate the data on the assumption that one attack put someone into two categories (for example, identity theft leading to online fraud).

The cumulative total of all computer-related crimes, according to the Essential data, is a little over $AU2.8 billion – and that’s not constrained by a time period (the research didn’t say “in the last twelve months”), if the data is extrapolated only to Australia’s 15.9 million adults (ABS 2011 census).

The really notable datum in the research is “identity theft”, which was reported by just one percent of respondents and would extrapolate out to around $AU37 million. Even if identity theft, online fraud and computer fraud are taken together, the value is only $AU1.4 billion.

Even without singling out the inflated values claimed by computer security firms like Norton or Symantec, this result seems to suggest that even moderately-disinterested data sources overstate the case. The ABS, for example, put the number at $AU1.4 billion for 2010-2011. Its figure for ID theft was lower than Essential’s, at 0.3 percent, in line with lower credit card fraud (3.7 percent) and scam victims (2.9 percent) – but the ABS reported a considerably higher per-incident loss (average $AU2,000).

Yet last year, Suncorp’s preferred number for ID theft alone was $AU3 billion annually, while Austrac believed the figure was $AU1 billion back in 2003.

What are we to make of all this?

Well: the biggest problem with Essential’s research is the small sample size – but that only means there’s a margin of error a little over 3 percent.

There is, however, one major gap in the Essential data: it looks at the cost to the responding individuals, and does not include the charge-back costs borne by the credit industry, for fraudulent transactions that have to be reversed. I don’t call this an “omission” on Essential’s part – but it does mean that the data isn’t sufficient to draw an economy-wide conclusion. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.