In April 2007, the Council of Australian Governments (COAG) agreed to a National Identity Security Strategy to better protect the identities of Australians. This arose out of evidence emerging at the time that large numbers of Australians experience misuse of their personal information for criminal purposes each year (Cuganesan & Lacey 2003; OAIC 2007). The strategy sought to enhance identification and verification processes throughout Australia and to develop other measures to combat identity crime, including the creation of a national Document Verification Service to verify the authenticity of identity credentials, and the development of reliable, consistent and nationally interoperable biometric security measures by all jurisdictions (AGD 2012).
The strategy also recognised the need to quantify the nature and extent of identity misuse, particularly the victimisation experiences of Australians, and recommended the creation of an identity crime and misuse longitudinal measurement framework that could be used to measure the effectiveness of policy and practice throughout Australia. As part of the measurement framework, large-scale surveys have been conducted to determine respondents’ experiences of victimisation during the preceding 12 months and their views concerning the risk of identity crime in the ensuing 12 months. Specifically, respondents were asked to report:
- their experience of identity crime;
- how their personal information had been obtained and misused;
- any financial loss and other impact they experienced;
- their reporting and response activities;
- whether their behaviour changed in any way as a result of what happened;
- whether they believed that this type of crime would change over the next 12 months;
- how serious they thought identity crime is;
- whether they knew about, or have applied for, an identity crime victim certificate; and
- information about their age, gender, residence, income, language spoken at home, Indigenous background and computer usage.
The surveys will be replicated on an annual basis so that time-series data can be compiled to measure changes in the information gathered from year to year. This report presents the results of the latest survey, undertaken by the Australian Institute of Criminology (AIC) in May 2014. It updates information obtained in an earlier survey, undertaken by the AIC in 2013, and provides an indication of how the current identity crime and misuse environment has changed between the two surveys.
Prior research into identity crime and misuse
The use of stolen, fabricated or manipulated identities to commit or to enable crime has been on the policy agenda of governments and businesses in developed countries for more than two decades (Smith 2011), and interest in the nature and extent of the problem has increased with the creation of new opportunities for misuse that have followed new technological developments (Smith 2014). Sources of information on identity crime are official administrative data collected by law enforcement and regulatory agencies, as well as surveys of individuals and businesses to measure victimisation rates. Part of the problem associated with quantifying the extent and impact of identity crime is the fact that relevant information is present in a diverse range of sources, a number of which do not specifically address ‘identity crime’ as such, but which deal with other aspects such as privacy infringement, data breaches, fraud and theft.
In Australia, the Commonwealth Attorney-General’s Department (AGD) has recently collected all relevant administrative data from Commonwealth, state and territory agencies and made this available for analysis and review in an annual monitoring report prepared by the AIC (Emami & Smith 2015) and a pilot report prepared by the AGD (2014). Crime victimisation surveys have also been undertaken by a number of organisations including the Australian Bureau of Statistics (ABS), consumer protection agencies and industry consultancy firms. Results of prior victimisation surveys have been reviewed by Smith & Hutchings (2014) and Emami & Smith (2015). The scale and impact of these crimes are variable, with issues of definition, low reporting rates and inconsistent data recording practices among agencies that detect or deal with these incidents creating lack of clarity around the true prevalence and cost of the problem.
Nonetheless, it is possible to identify the general scale of the problem by examining the most recent survey evidence that has been compiled in Australia and in other countries. Of course, any comparisons need to take into account the specific details of how information was gathered including the reference periods used (the period that survey respondents were asked to consider when reporting their victimisation experiences), the precise questions asked, particularly relating to the type of conduct involved (misuse of personal information, credit card fraud, identity theft, consumer scams), and, importantly, the samples of respondents used, be they nationally representative groups, such as those used in ABS surveys, or smaller samples derived from self-selected groups of individuals who agree to participate in online research.
An indication of the range of victimisation rates reported by survey respondents in response to questions about identity misuse that occurred during the 12 months preceding survey administration is shown in Figure 1. Lifetime victimisation rates from a range of surveys are shown in Figure 2. The differences relate principally to the type of conduct being examined as well as the period over which victimisation occurred. In relation to victimisation that occurred during the preceding 12 months, rates reported in surveys after 2011 vary between 4 and 9 percent for misuse of personal information and identity theft. Higher rates exist for consumer scams of all types, some of which might not involve misuse of personal information. The AIC’s consumer scam surveys have also involved self-selected online participants with generally smaller sample sizes than most of the other surveys. In relation to lifetime victimisation, rates have varied between 13 and 27 percent for misuse of personal information and identity theft.
Note: The AGD surveys asked respondents about their victimisation in the previous six months, whereas the reference period in the other surveys was 12 months
Sources: ABS 2007 survey (ABS 2008); ABS 2010–11 survey (ABS 2012); AGD 2011 survey (Di Marzio Research 2011); AGD 2012 survey (Di Marzio Research 2012); Veda (2015); US NCVS for 2012 (Harrell & Langton 2013); AIC 2014 survey (Smith & Hutchings 2014); AIC 2015 survey (Smith, Brown & Harris-Hogan 2015); UK NFA (2013); AIC 2012 Scams survey (Jorna & Hutchings 2013); AIC 2013 Scams survey (Jorna 2015).
In relation to the economic cost of identity crime, estimates for Australia as a whole have varied from $1.1b (with an estimation error of $130m) for the period 2001–02, 38 percent of which was attributable to actual losses incurred by victims ($420m) (Cuganesan & Lacey 2003), to the latest estimate of $2.4b for the entire economic impact of identity crime and misuse in 2013–14, including prevention and response costs by government and business organisations. The direct and indirect costs of identity crime alone amounted to $2b of this (Emami & Smith 2015).
Other Australian sources have identified losses associated with consumer scams reported by victims of $846,170 in total for 2012 (Jorna & Hutchings 2013), $1,110,106 (with outliers removed) for 2013 (Jorna 2015), and $89.1m in financial losses from 91,927 scam-related contacts received by the Australian Competition and Consumer Commission (ACCC) from consumers and small businesses in 2013 (ACCC 2014).
In the United Kingdom, the NFA (2013) estimated that identity fraud cost adult victims £3.3b during 2012, with an average loss of £1,203 per victim.
In the United States, the Bureau of Justice Statistics Identity Theft survey covering the 12 months prior to interviews conducted from July 2011 to June 2012 found direct and indirect losses of US$24.7b, with a mean loss of US$1,769 and a median loss of US$300 (Harrell & Langton 2013).
Sources: US NCVS for 2012 (Harrell & Langton 2013); Veda (2015); AIC ID survey for 2014 (Smith & Hutchings 2014); AIC ID 2015 survey (Smith, Brown & Harris-Hogan (2015); OAIC (2013); NFA (2013).
Explanations for these different estimates in the cost of identity crime relate to the extent and representativeness of those included in the research samples, the definitions of identity crime and misuse employed, and the scope of the costs included—be they direct losses, indirect costs or more general economic impacts that include prevention and response costs. It is clear, however, that many individuals and organisations suffer substantial losses as a result of their victimisation and that there are considerable economic and intangible harms suffered by the communities affected each year.
To explore the extent of the problem in Australia over time, the AGD has commissioned the AIC to conduct annual surveys of a large sample of Australians drawn from a national online panel. More rigorous, representative research is being undertaken by the ABS through the personal fraud questions in its National Crime Victimisation Survey that forms part of the Multipurpose Household Survey. Although ABS data will provide the best evidence of national prevalence trends for personal fraud, the smaller-scale research conducted by the AIC reported in this and other publications continues to provide timely, detailed information on the nature of identity crime experienced by a large sample of Australians who have agreed to participate in the online market research surveys that have been undertaken.