Ahead of my Identity Crime monograph out next year I note the 'Identity crime and misuse in Australia: Results of the 2021 online survey' (Australian Institute of Criminology Statistical Bulletin 37, 2021) by Merran McAlister and Christie Franks.
That Bulletin states
Identity crime is common in Australia and internationally, affecting millions of individuals, businesses and government agencies annually. Identity crime exploits vulnerabilities in personal identification credentials, consumer payment systems and technological advances in computing and communications, generally for financial gain. The United Nations Economic and Social Council (2007: 18) defined identity crime as ‘crime which either targets identification documents, systems or data, or exploits them in the course of committing other crimes’.
In 2018–19, the estimated direct and indirect cost of identity crime in Australia was $3.1b. In 2019 alone, the total losses reported by Australian Institute of Criminology (AIC) online survey respondents was $3.6m (Franks & Smith 2020). Identity crimes are also notoriously under-reported as a result of inhibiting factors such as victim blaming and the complexity of reporting (Franks & Smith 2020). The emotional, physiological and socio-economic impacts faced by victims are often overlooked but can be extreme and prolonged (Emami, Smith & Jorna 2019).
Identity crime is often an enabler for other criminal activities that include credit card fraud; superannuation and other financial frauds against individuals; welfare, tax and other frauds against government agencies; money laundering and financing of organised crime; unauthorised access to sensitive information or facilities for unlawful purposes; and the concealment of activities such as drug trafficking or the production and distribution of child sexual abuse material. Misuse of identity has also been connected with human trafficking and the commission of terrorist acts (Australian Criminal Intelligence Commission 2017; Reichel & Randa 2018). I
The authors note
The definition of identity crime and misuse of personal information used in the survey was: obtaining or using your personal information without your permission to pretend to be you or to carry out a business in your name without your permission, or other types of activities and transactions. This does not include use of your personal information for direct marketing, even if this was done without your permission.
Personal information was defined as including:
- name,
- address,
- date of birth,
- place of birth,
- gender,
- driver’s licence information,
- passport information,
- Medicare information,
- biometric information (e.g. fingerprint),
- signature,
- bank account information,
- credit or debit card information,
- Personal Identification Number (PIN),
- Tax File Number (TFN),
- Shareholder Identification Number (HIN),
- computer and/or other online usernames and passwords,
- student identification number and various other types of personal information.
In March 2021, an online survey comprising 40 questions was administered to a sample of 10,000 Australians by i-Link Research Solutions, a market research company. The survey asked respondents about their experiences of identity crime and misuse in their lifetime and during the 2020 calendar year.
The survey asked respondents about the misuse of various types of personal information. This included (but was not limited to) misuse of an individual’s name, address, date of birth, place of birth, gender, driver licence information, passport information, Medicare information, biometric information (eg fingerprint), signature, bank account information, credit or debit card information, passwords, personal identification numbers (PINs), tax file numbers, shareholder identification numbers, computer or other online usernames and passwords, and student numbers.
This bulletin presents data on the types of personal information misused, how respondents believed their personal information was obtained and how the crimes were detected. The survey also collected information about respondents’ views on whether the risk of identity crime would change over the next 12 months, the seriousness of identity crime, their use of and willingness to use biometric technologies as a security measure and, for victims, whether their behaviour had changed as a result of experiencing misuse of their personal information.
The questions were developed by the AIC in consultation with the Department of Home Affairs, which has highlighted identity crime as part of the portfolio's broader identity, law enforcement and national security strategies highlighted elsewhere in this blog.
The Bulletin states
Prevalence of identity crime
Nineteen percent of respondents reported they had experienced misuse of their personal information at some point in their lifetime and seven percent reported experiencing misuse in 2020. This is a statistically significant decline from the 11 percent victimisation rate occurring in 2019.
So much for some recent alarms about a supposedly exponential ongoing increase in identity offences
Forty-four percent of recent victims (n=326) reported that their personal information had been misused on one occasion, a decline from 48 percent in 2019. Twenty-four percent of respondents (n=178) reported that misuse of their personal information had occurred on two separate occasions. On average, recent victims reported their personal information had been misused on eight separate occasions (SD=59).
Types of personal information misused
Recent victims reported that between one and 23 different types of personal information had been misused. The 2021 survey introduced a question asking respondents about the misuse of mobile phones and email addresses, as the Australian Competition and Consumer Commission (ACCC) identified them as the top methods of obtaining personal information in 2019 (ACCC 2021b). In this survey, telephones/mobile phones and email addresses were not the primary types of personal information misused but both ranked in the top eight.
Forty-six percent of respondents reported misuse of their name, making this the most commonly misused type of personal information (see Table 1). This was not a statistically significant increase from 2019. Addresses and credit/debit cards were also commonly misused.
The misuse of bank account information significantly declined between 2019 and 2020.
How personal information was misused
As in 2019, the most common reason personal information was misused was to obtain money from a bank (39% in 2019 and 41% in 2020; see Table 3). This was followed by misusing personal information to open a new bank account (19%) and to obtain superannuation monies (19%), illustrating the financial motivation for identity crimes. In 2020 the purpose for other misuses was to
- apply for a job 12.1%
- apply for a loan or obtain credit 11.2%
- open a mobile phone account 9.4%
- apply for government benefits 9.0%
- provide false information to police 8.5%
- rent a property 4.6%
- open an online account 2.6%
Notification
55% of recent victims were notified of the misuse of their personal information by a bank or financial institution, a significant increase from the 42% in 2019. There was no statistically significant difference between the proportion of respondents reporting they noticed suspicious transactions on bank statements or accounts in 2020 (33%) and in 2019 (31%). Other awareness was a result of
- receiving credit/payment cards in the mail not applied for 27.3%
- receiving a bill from an unknown business or company 11.4%
- lack of success in applying for credit 11.1%
- notification by police 6.0%
- contacted by debt collectors 5.4%
Behavioural change
The victimisation resulted in individuals
- changing passwords 32.7%
- greater care when using or sharing personal information 30.3%
- reviewing financial statements more carefully 29.3%
- changing banking details 24.1%
- not trusting people as much 22.8%
- using better security for computer and other computerised devices 20.3%
- changing the social media account 14.9%
- shred personal documents before disposing of them 14.6%
- using biometric technologies more frequently 14.2%
- changing email address(es) 14.1%
- changing telephone number 13.2% (one instance where 2020 is up on 2019)
- locking a mailbox 12.1%
- using a registered post box 6.8%
- applying for a credit report 12.3%
- ceasing all social media use 9.6 % (again up)
- redirecting mail when away or moving residence 9.6%
- signing up for a commercial identity theft alert/ protection service 9.2%
- changing the place of residence 8.0% (up from 5%)
- avoiding use of the internet for banking and purchasing goods and services 6.8%