June 16, 2024

Recent figures pertaining to identity theft and credit card fraud reveal a distressing landscape. They have been witnessing a steep rise since 2020, ranking among the most prevalent types of deceit. Even though the instances of identity theft and credit card fraud have slightly lowered, they remain significantly higher than pre-pandemic statistics throughout 2023.

The year 2019 to 2020 witnessed a two-fold rise in identity theft reports. This upsurge continued into 2021 as almost 1.4 million people found themselves victims of identity theft. In 2022, the Federal Trade Commission (FTC) collected approximately 1.1 million identity theft-related reports; this number came to a round-off figure of 1 million in 2023.

This article includes comprehensive information covering identity theft statistics, variations of these crimes over time, demographics at highest risk and more.

Primary Observations

  • Identity theft receded in 2023 with 1.036 million reports, lowering from 1.107 million in 2022 and 1.434 million in 2021.
  • Cases pertaining to credit card fraud retain priority with 426 thousand reports in 2023, a reduction from 448 thousand in 2022.
  • Government documents or benefits fraud escalated by 68% in 2023 following an 85% reduction in 2022. Reports relating to government documents or benefits fraud amounted to 102,000 in 2023, in comparison to 61,000 in 2022.

Identity Theft in America

The Federal Trade Commission received reports of nearly 1 million identity theft cases in 2023, a slight fall from 1.1 million cases in 2022.

The Federal Trade Commission collates identity theft data based on reports from consumers, indicating possible under-reporting and unaccounted cases of identity fraud.

Identity Theft Reports in America

Year

Identity theft reports

2019

650,000

2020

1,389,000

2021

1,434,000

2022

1,108,000

2023

1,037,000

Data source: Federal Trade Commission (2024).

There was a significant rise in the identity theft rate from 2017 through 2021, with the number of reports increasing from 371,000 to 1.4 million. Despite a slight reduction in identity theft since its peak in 2021, the figures remain shockingly high compared to pre-pandemic times.

Javelin Strategy & Research Report suggests that identity theft accounted for an economic loss of $20 billion in 2022, marking a 15% reduction from the previous year.

Prominent Forms of Identity Theft

Identity theft reveals a wide range of tactics; of which, credit card fraud prevails as the most rampant. The FTC recorded approximately 426,000 instances of credit card scams in 2023, a 5% decline from the previous year but a stark 53% elevation from 2019, with reported cases amounting to 278,000.

Type of identity fraud

Reported cases, 2023

Percent change in reported cases, 2022 to 2023

Credit Card Fraud

425,977

(5%)

Other Identity Theft

279,221

(19%)

Loan or Lease Fraud

171,900

(4%)

Bank Fraud

145,206

(12%)

Government Documents or Benefits Fraud

102,115

68%

Employment or Tax-Related Fraud

92,177

(12%)

Phone or Utilities Fraud

87,402

2%

Data source: Federal Trade Commission (2024). Not all identity theft figures indicate the specific type or subtype of the crime.

Government document or benefit fraud experienced a revival in 2023 with 102,000 reported cases, a 68% surge from 2022. This type of fraud was the most widespread form of identity theft in 2021, but significantly declined in 2022 with the culmination of government benefit schemes introduced during the COVID-19 pandemic.

Government document or benefit fraud and phone/utility fraud were the only identity theft types to witness yearly growth in 2023, with the latter recording a 2% increase in reported instances.

A line chart indicating variations in type-specific identity theft reports over time.

Other identity theft types, including schemes linked to email and social media, insurance, medical services, online shopping, investment accounts and more made up the second most common category of fraud in 2023.

Within this frame of classification, reported cases related to email and social media fraud have been continually increasing, while medical service fraud demonstrated a decline since COVID-19.

There were 45,000 and 43,000 reported cases of medical services identity theft in 2020 and 2021 respectively. By 2023, the figure plummeted to merely 14,000 reported cases. Conversely, social media and email fraud nearly doubled – moving from 10,000 in 2019 to 19,000 in 2023.

A line chart signifying time-specific variations in identity theft reports based on type.

Lesser reports concerning new account fraud and payment card-related (debit card and gift card) fraud contributed to the decrease in bank fraud. However, existing bank account fraud witnessed a slight rise with 19,000 cases reported in 2023 as against 17,000 in 2022.

Credit Card Fraud in the U.S.

In 2023, credit card fraud dominated as the most frequent type of identity theft with 426,000 reported instances. This figure represents a decrease from 448,000 cases reported in 2022; however, it remains significantly higher than pre-pandemic figures.

Year-Specific Credit Card Fraud Reports

Year

Credit card fraud reports

2019

277,739

2020

399,721

2021

395,391

2022

448,459

2023

425,977

Data source: Federal Trade Commission (2024).

Credit card fraud remained the leading type of identity theft from 2017 to 2019, only to be surpassed by government document and benefits fraud during 2020-21 (when fraudsters capitalized on government benefit programs during the pandemic).

However, 2020 witnessed a 49% surge in credit card fraud reports compared to 2019. In 2023, the number of credit card fraud reports is 53% higher than the 2019 figures.

Forms of Credit Card Fraud

Two kinds of credit card fraud exist:

  • New account: In this type of fraud, the identity thief uses your details to open a fresh credit card account in your name.
  • Existing account: Here, the fraudster utilises a credit card previously opened by you, usually achieved by stealing credit card information.

New account fraud constitutes nearly 90% of all credit card fraud, although existing account fraud is witnessing an upward trend.

Year

ExistingNew account fraud is the predominant form of credit card fraud for several reasons:

  • Established account fraud is becoming increasingly challenging due to the development of credit card chip technology, which has made transactions more secure and counterfeiting of credit cards more difficult for criminals.
  • Data breaches have revealed the information of hundreds of millions of people. This information can be utilized by identity thieves to commit new account fraud.
  • Stealing money through new account fraud is easier because it involves a completely new account unknown to the consumer. With an existing account, suspicious activity might be flagged either by the card issuer or the consumer, resulting in the card being blocked should identity thieves take over the account.

It’s crucial to keep in mind that individuals can challenge credit card charges with their credit card issuer if their card or information is stolen. The issuers can then assist in eliminating fraudulent charges, which could have ramifications for credit reports in the future.

Fraud detection and prevention, along with other consumer protections, are significant benefits of utilizing a credit card. They also provide an opportunity to boost your credit score. The Ascent offers a guide on how to apply for and get approved for a credit card.

Synthetic Account Fraud Expansion

Identity thieves continue to invent new means of stealing money. A relatively newer form of identity theft, known as synthetic account fraud, is among the fastest-growing financial crimes in the country.

Synthetic account fraud blends real and fake information, such as a genuine Social Security number coupled with a fraudulent name. The concocted identity can be used to apply for credit cards, loans, and government benefits. Often, criminals spend time establishing a good credit score using these synthetic identities, max out the credit associated with the identity, and then abandon the accounts.

Retail and video game sectors are the most frequent targets of synthetic fraud, according to a study by TransUnion. In the first half of 2023, retail transactions were suspected of being fraudulent or fraud attempts 10.6% of the time, while video game transactions faced similar suspicions 7% of the time.

Synthetic fraud attempts in the retail industry surged by 183% from the first half of 2019 to the first half of 2023. Although the rate of video game fraud declined during that period, it remains high. Synthetic fraud involving financial services increased 382%, and the travel and leisure sector saw a 353% rise, making them the fastest and second-fastest-growing sources of synthetic fraud attempts.

Synthetic fraud attempts by industry

Suspected fraud attempt rate, first half 2023

Percent change from first half of 2019

Suspected fraud attempt rate coming from the U.S., first half 2023

Top fraud type

Retail

10.60%

183%

1.00%

Promotion abuse

Video games

7.00%

(32%)

0.80%

Gold farming

Telecommunications

5.30%

2%

1.70%

Credit card fraud

Gaming (online gambling)

4.70%

24%

3.70%

Promotion abuse

Financial services

4.30%

382%

4.30%

Identity fraud

Communities (online dating, forums, etc.)

4.10%

(16%)

10.20%

Profile misrepresentation

Travel and leisure

2.30%

353%

2.80%

Credit card fraud

Insurance

1.60%

61%

4.50%

Third party application fraud

Logistics

0.90%

14%

5.70%

Shipping fraud

Data source: TransUnion (2023).

Auto lenders reported the most significant losses to synthetic fraud among lending companies, totaling approximately $1.8 billion in the first half of 2023. This figure is nearly double that of bank credit cards and 10 times higher than that of retail credit cards and unsecured personal loans.

Lender industry

First half 2023

First half 2022

Percent change

Auto loans

$1.8 billion

$1.3 billion

38%

Bank credit cards

$994 million

$917 million

8%

Retail credit cards

$126 million

$144 million

(13%)

Unsecured personal loans

$57 million

$57 million

0%

Data source: TransUnion (2023).

The auto industry is often targeted by fraudsters who view it as most profitable, says Shai Cohen, TransUnion’s global fraud solutions’ senior vice president and head. Using a synthetic identity, fraudsters can acquire an auto loan for a high-end car, leaving an unsuspecting victim and the car company to deal with the fallout.

Reports on identity theft by age

Age

Identity theft reports in 2023

Percent of total reports

19 and below

24,008

2%

20 – 29

203,135

18%

30 – 39

333,102

30%

40 – 49

239,313

22%

50 – 59

160,963

15%

60 – 69

91,785

8%

70 – 79

37,021

3%

80 and up

10,368

1%

Data source: Federal Trade Commission (2024). Not all identity theft reports include the victim’s age.

In recent years, including in 2023, the age group 30-to-39 has reported the highest number of identity theft incidents.

The youngest and oldest American populations report the fewest instances of identity theft. However, this doesn’t necessarily imply they are less prone to identity theft. Instead, it could indicate they’re either unaware they can report, unable to report, or simply choose not to.

Here’s an examination of the most prevalent types of identity fraud by age group:

Age

Most frequent type of identity theft

Number of reports

Percentage of age’s total identity theft reports, 2022

19 and under

Employment or tax-related fraud

13,774

57%

20 to 29

Credit card fraud

71,900

35%

30 to 39

Credit card fraud

122,246

37%

40 to 49

Credit card fraud

84,604

35%

50 to 59

Credit card fraud

53,438

33%

60 to 69

Credit card fraud

27,974

30%

70 to 79

Credit card fraud

10,899

28%

80 and over

Credit card fraud

2,852

28%

Data source: Federal Trade Commission (2024). Not all identity theft reports include the victim’s age or type of theft.

Identity theft by geographical location

Here are states with the most reported instances of identity theft in 2023:

  • California: 119,929
  • Texas: 101,002
  • Florida: 93,547
  • New York: 51,484
  • Georgia: 48,606
  • The number of identity theft reports by state is heavily influenced by population sizes. Thus, breaking down the number of reports per 100,000 residents for each state gives a clearer view of identity theft prevalence.

    Identity theft reports per capita by state, 2023

    A table and map showing identity theft by state.

    Eighteen states experienced increases in identity theft reports per 100,000 people from 2022 to 2023:

    • Connecticut: +69.9%
    • Massachusetts: +58.1%
    • Iowa: +45.4%
    • Nebraska: +33.0%
    • Maine: +24.8%
    • South Dakota: +23.7%
    • Montana: +21.2%
    • Colorado: +19.
    • Alaska: +9.6%
    • Michigan: +8.8%
    • North Dakota: +8.3%
    • Washington: +5.8%
    • Nevada: +0.7%

    Not all identity theft complaints filed with the FTC provide location details.

    Leading metropolitan areas for identity theft

    The greater Miami and Atlanta metropolitan regions recorded the greatest number of identity theft cases per capita, unsurprising since they belong to the states with the highest per 100,000 resident identity theft instances.

    Some metropolitan regions rank higher per capita in identity theft cases compared to their overall state ranking, such as Tuscaloosa and Montgomery in Alabama, Philadelphia, Los Angeles, and multiple metro regions in the Carolinas that include Charlotte, Columbia, and Charleston.

    Metropolitan Area

    Reports per 100K population

    Number of Reports

    Miami-Fort Lauderdale-Pompano Beach, Florida Metropolitan Statistical Area

    729

    44,489

    Atlanta-Sandy Springs-Alpharetta, Georgia Metropolitan Statistical Area

    604

    36,395

    Tuscaloosa, Alabama Metropolitan Statistical Area

    497

    1,321

    Houston-The Woodlands-Sugar Land, Texas Metropolitan Statistical Area

    488

    34,414

    Las Vegas-Henderson-Paradise, Nevada Metropolitan Statistical Area

    488

    10,889

    Savannah, Georgia Metropolitan Statistical Area

    483

    1,940

    Philadelphia-Camden-Wilmington, Pennsylvania-New Jersey-Delaware-Maryland Metropolitan Statistical Area

    467

    29,038

    Hartford-East Hartford-Middletown, Connecticut Metropolitan Statistical Area

    465

    5,644

    Los Angeles-Long Beach-Anaheim, California Metropolitan Statistical Area

    458

    60,428

    Orlando-Kissimmee-Sanford, Florida Metropolitan Statistical Area

    446

    11,747

    Dallas-Fort Worth-Arlington, Texas Metropolitan Statistical Area

    439

    33,078

    Killeen-Temple, Texas Metropolitan Statistical Area

    427

    1,997

    LaGrange, Georgia-Alabama Micropolitan Statistical Area

    400

    417

    Cleveland-Elyria, Ohio Metropolitan Statistical Area

    398

    8,289

    Macon-Bibb County, Georgia Metropolitan Statistical Area

    394

    919

    Lakeland-Winter Haven, Florida Metropolitan Statistical Area

    392

    2,799

    Columbus, Ohio Metropolitan Statistical Area

    384

    8,154

    Charlotte-Concord-Gastonia, North Carolina-South Carolina Metropolitan Statistical Area

    378

    9,927

    Florence, South Carolina Metropolitan Statistical Area

    369

    740

    Memphis, Tennessee-Mississippi-Arkansas Metropolitan Statistical Area

    368

    4,912

    Bridgeport-Stamford-Norwalk, Connecticut Metropolitan Statistical Area

    365

    3,491

    Boston-Cambridge-Newton, Massachusetts-New Hampshire Metropolitan Statistical Area

    363

    17,842

    Montgomery, Alabama Metropolitan Statistical Area

    361

    1,390

    Charleston-North Charleston, South Carolina Metropolitan Statistical Area

    356

    2,809

    Columbia, South Carolina Metropolitan Statistical Area

    354

    2,925

    Data source: Federal Trade Commission (2024).

    Security breaches

    Data breaches serve as conduits for criminals to execute identity theft and credit card scams. Information stolen through data breaches often end up on the dark web, where it is bought and subsequently utilised in a range of fraudulent activities.

    Nationwide reports that 58% of consumers express concerns about falling victim to cybercrime, yet 69% do not possess cyber insurance.

    Cyber insurance can mitigate costs resulting from cybercrime and expedite the recovery process following cyberattacks.

    Many consumers lack cyber insurance due to lack of knowledge, unawareness of its availability, or consideration of its cost, according to Nationwide.

    It may be prudent to acquire cyber insurance, as sixty-nine percent of consumers do not feel equipped to recover from a cyberattack, and 68% have not given thought to their response plan, as Nationwide found.

    Yearly data breaches

    Data breaches in 2023 surged to 3,205 from 1,801 in 2022, though the count of affected individuals fell by 17%, from 422 million to 352 million, as reported by The Identity Theft Resource Center.

    Year

    Number of data compromises

    Number of individuals impacted

    2016

    1,104

    2,541,581,891

    2017

    1,631

    2,081,515,330

    2018

    1,280

    2,231,245,353

    2019

    1,362

    887,286,658

    2020

    1,108

    300,562,519

    2021

    1,860

    300,607,163

    2022

    1,801

    422,212,090

    2023

    3,205

    352,027,892

    Data source: Identity Theft Resource Center (2024)

    You might wonder why the data compromises increased while affected individuals decreased. The Identity Theft Resource Center explains that cybercriminals have directed their efforts towards gaining specific personal information that aids in identity theft, fraud, and scams, rather than broader attacks.

    Most data breaches are precipitated by cyberattacks, predominantly through phishing, ransomware, and malware. Below is a summary of each:

    • Phishing occurs when a fraudster masquerades as a trusted entity, persuading the victim to click on a link embedded in an email, text message, or chat conversation.
    • Ransomware is a form of malware that threatens to publicise sensitive data unless a ransom is paid by the victim.
    • Other malware variants, which can typically be unknowingly downloaded through deceptive ads or links, can log computer usage and keystrokes, and filch personal data.

    Root causes of data breaches

    Breach type

    2020

    2021

    2022

    2023

    Cyberattacks

    878

    1,613

    1,595

    2365

    Human and system errors

    152

    179

    152

    729

    Physical attacks

    78

    51

    46

    53

    Supply chain attacks

    242

    Unknown

    12

    10

    Data source: Identity Theft Resource Center (2024).

    The over 3,000 data breaches in 2023 can attributed to these four main causes:

    • Cyberattacks: Comprises phishing, ransomware, malware, and insecure cloud environments.
    • Human and system faults: Includes insecure cloud configurations, email or letter correspondences, lost devices and documents.
    • Physical attacks: Involves theft of devices/documents, improper disposal, and skimming devices.
    • Supply chain attacks: Happens when a threat actor compromises a smaller vendor to gain access to data held by a larger company.

    Cyberattacks are by far the primary cause of data breaches, affecting the most significant number of individuals. Human and system errors are less frequent, but on average affect more people when they do occur. In 2021, an average cyberattack affected around 117,000 people, while each human and system fault affected approximately 586,000 people.

    Kinds of data jeopardised

    Type of data compromised

    Number of breaches containing data in 2021

    Number of breaches containing data in 2022

    Name

    1,603

    1,560

    Full Social Security number

    1,136

    1,143

    Date of birth

    686

    633

    Current home address

    681

    565

    Medical history/condition/treatment/diagnosis

    464

    465

    Driver’s license/State ID number

    447

    499

    Bank account number

    402

    443

    Medical insurance account number

    361

    370

    Phone number

    218

    N/A

    Payment card full number

    211

    N/A

    Undisclosed records

    N/A

    226

    Medical provider account/record number

    N/A

    196

    Data source: Identity Theft Resource Center (2023).

    In 2022’s data breaches, a myriad of data types were compromised. The table above lists those data types typically exploited in identity theft cases.

    Tags: