I came across an interesting piece on identity theft by Andrew Patrick today.

In his blog on identity theft, he quotes a study on identity theft by Copes, H., and Vieraitis, L.M. (2009)¹ which claims,

"Despite public perceptions of identity theft being a high-tech, computer driven crime, it is rather mundane and requires few technical skills.

"Identity thieves do not need to know how to hack into large, secure databases. They can simply dig through garbage or pay insiders for information.

"No particular group has a monopoly on the skills needed to be a capable identity thief."

Andrew also points out in his blog that,

"They were able to find 297 inmates, from which they sampled 59 inmates in 14 prisons across the country.

"The convicts agreed to do detailed interviews, in private, to talk about themselves and their crimes, and the results are reported in a recent issue of Criminal Justice Review."

There are a couple of things that are worth pointing out about this study:

1. 297 inmates is a very small sample set that is hardly statistically significant by most any measure.
   
   According to the FTC's report on identity theft [.pdf], since the FTC began the Consumer Sentinel Network (CSN) in 1997 through December 2008, there were more than 7.2 million complaints of identity theft.
   
   Let's see: 7,200,000 - 297 = 7,199,703
   
   Sorry, but 297 is just too small of a sample size.
   1. That's just in the U.S.
   2. That only includes complaints filed with the FTC, not cases where the consumer took action but didn't file a complaint with the FTC.
   3. That does not include cases where the consumer never noticed the theft.
2. The 297 inmates were the ones that were caught.
   
   It's worth considering that perhaps that they weren't technology-based identity thieves, but rather ones committing their crimes in the real world lead them to be caught in the first place.
   
   Put another way: if they'd been in Indiana stealing someone's identity in California they would have never been caught, as the identity thieves were who caught in JC Penny's trying to use (ironically enough) JC Penny's employee Michelle McCambridge's identity.
3. As pointed out by the Internet Danger Report The identity thieves who never get caught are the professionals who deal in them on a wholesale basis.

My point here is that while a large portion of identity theft is definitely committed in the real world, as individuals and organizations involved in computer, information, and personal security, it's disingenuous if not naive of us to lead consumers to believe there is no threat to them online.

That's just not true.

What is true is that identity theft sucks. Clearly.

It's smart to always shred any documents that might have some of your personal information, no matter how seemingly insignificant, before disposing of them.

Installing and running firewall antivirus software is, like shredding your paper files, definitely a best-practice to keep your identity safe from the crackers, identity thieves, and other cyber criminals who want to steal from you.

Furthermore, there's little question that the threats online are real and that there are steps we can all take to keep these threats at bay and keep ourselves safe online.

That said, ignoring the threat and treating it like it's a problem somehow not related to the Internet is really illogical.

If there are simple steps for PC protection, why not take them?

---

¹Copes, H., and Vieraitis, L.M. (2009) Understanding identity theft: Offenders’ accounts of their lives and crimes. Criminal Justice Review, 34(3), 329-349