Gartner Research, a US based research company estimated that 57 million Americans had received spurious e-mail from hackers or cyber-thieves impersonating legitimate services.
They further estimate that nearly 11 million have clicked on the link in a phishing attack email and 3 percent of those attacked remember giving personal information to the thieves.
We are continually warned by banks, PayPal and others to avoid responding to these authentic looking 'lures', but how do we prevent ourselves from swallowing the bait? And even when we know a site is genuine, can we trust the operators with our details?
From Gartner's figures and one's personal experience it is obvious that such attempts at identity theft are undermining the confidence we place in our everyday email and internet transactions.
This has led to greater pressure on services to provide improved security and more involved processes for users to authenticate themselves.
Banks and financial services suffer direct losses from ID theft that cost US banks and card issuers about $1.2 billion last year, according to Gartner. We might add that these losses have to be met in the long run by consumers through fees and charges.
Large organizations have the resources to devise and implement sophisticated security measures to protect the ID of their customers. Where does that leave the 'small' operators, such as the gold exchangers, merchant account operators, online auctions, etc?
Even where sophisticated systems are in place, we may still be vulnerable. Banks constantly warn about replying to hoax emails asking you to verify your details or opening virtual postcards.
Harder to spot are emails that may contain worms or Trojan viruses that can place spyware on your PC which may transmit information or give control to a remote user. Keystroke loggers, for example can record and send your passwords and logins to an invisible thief.
Keeping up to date with firewalls and virus protection programs that YOU install, is obviously an essential step that we can all take to improve our security.
Technology notwithstanding, the ultimate security lies with human actions.
Already we have seen a number of online e-money exchanges develop new procedures whereby we have to send them ID documentation often including photo ID, before we can use their services. Even the act of emailing scanned documents is not 100% secure. If hackers can access email accounts and intercept such transmissions then ID theft can occur without either the sender or receiver being able to prevent it.
This in itself raises further concerns.
In an attempt to make payments to local and international merchants, a customer can be putting himself at risk by passing on sensitive bank and personal ID information to companies who may or may not have suitable safeguards in place to protect that information.
Can you be certain what happens to that information you have given to numerous online companies?
Yes the online webpage is 'encrypted' and you feel it is 'secure', but who has access to that information?
Can that MLM company or money exchanger keep your ID secure? Do they have responsibility to limit access to your information? If so how do they execute that responsibility?
Where are the safeguards? What eventually happens when I send a copy of my bank statement to someone I don't know in Malaysia and that company disappears a few months later? Speaking from personal experience, this happened to me with the demise of a popular investment program. I wonder who now has that information. I have no way of knowing if it has been destroyed or sold on to those constructing fake ID's. There were thousands of members who each gave names addresses, bank account details, passport and licence details. Why were we required to give them this level of information and proof of ID? The reason: Because they were trying to prevent theft and fraud by unscrupulous types. We never heard anymore from the company about our lost funds - no refunds, no apologies and no assurance about the fate of our records!
A cynic might even be forgiven for thinking that some of the gold exchanges which seem to come and go with alarming rapidity, could be nothing more than elaborate fronts for the collection of consumer ID's that could be on-sold who knows where.
If I decide to join similar programs in the future and decide to give them false ID as a form of protection, I have to join the shadowy world of secret offshore accounts complex and costly money transacting. I then leave myself open to the likelihood of increased scrutiny from authorities. I do not believe this is an option for the average person with limited funds.
In their response to organised crime and potential terrorist funding, governments restrict the easy transfer of cash from one place to another.
Understandably, in order to comply with regulations covering the tracking of the movement of money abroad, money exchanges need to be able to identify users and exclude unscrupulous money launderers as far as possible, but without improved internal security measures how can the average user feel safe? The recent demise of such providers as Intgold and Stormpay does nothing to reassure us.
Just to be clear, In general I have no problem with paying online. What should concern us is the (lack of) security of our data once it has been given to a merchant. How well do they store your data? Do they restrict who sees it or copies it? Even the credit card companies outsource, so how can it be secure?
When one considers the sheer volume of material transmitted every day, the probability of several bytes of your information falling into the wrong hands must be considered extremely small.
If sensible precautions are taken at your end and you only deal with people you trust and use large well-established intermediaries to make your payments so you bring a level of protection between you as customer and the seller, you should be able to feel comfortable in your transactions. But you need to beware of how much information you give strangers - just because they ask you for it!
Do you give up driving because people are injured or killed daily in car accidents? No you maintain your vehicle, obey the road rules and keep your wits about you!
Michael Russell Your Independent guide to Identity Theft