The FBI says crime has steadily decreased since the 1990s — everything from murders and rapes to robberies and stolen vehicles.
“The possibility arises that the crime drop is a consequence, in part, of an incremental shift of criminal behavior out from under police surveillance or auspices, and into the online realm,” they wrote in a recent academic article, The Dark Figure of Online Property Crime: Is Cyberspace Hiding a Crime Wave?
The research team — Maria Tcherni of the University of New Haven, and Andrew Lucas Blaize Davies, Giza Lopes and Alan Lizotte, all from the University at Albany — tried to measure something the FBI doesn’t: cybercrime. The phrase covers online property crime, credit card fraud, and identity theft.
“Contemporary understanding of the apparent ‘fall’ in crime, based on traditional methods of crime measurement, may be limited in its scope,” the researchers say. “We cannot afford to overlook crime committed online.”
And yet, we are — a lot of it. Because it’s really difficult to measure.
Counting cybercrime is harder because people don’t report it
If you get robbed, you call the police. They file a report, asking whether you’ve seen anyone suspicious around, whether your house was locked, and the dollar amount of all possessions stolen. That crime gets recorded in the FBI’s Uniform Crime Report.
But if your identity gets stolen because you used your credit card at Home Depot last year, you may not even know it — and even if you do, that doesn’t get included in these crime stats. Yet.
“To help increase our ability to understand cybercrime, the FBI is adding a few offenses to the NIBRS data collection. Identity theft and computer invasion are expected to be added to the collection next year upon the FBI director’s approval,” says Stephen G. Fischer, a spokesperson for the FBI’s Criminal Justice Information Services.
NIBRS, or the National Incident-Based Reporting System, is one way that the FBI collects crime data. It’s used by individual law enforcement officers to log specific types of crimes which can then be grouped by region and state. However, it’s a bit limited in covering the extent of the crime.
“NIBRS has a data field where law enforcement agencies can indicate the offender used a computer in the offense,” Fischer says, but that’s as far as they go right now.
Recording losses is harder, too
The problem with counting cybercrime losses is that they aren’t always cut and dry. You can figure out how much an iPad is worth — but what about your Social Security number? There’s no easy way to do that, and the researchers point out some identity theft victims never suffer any direct financial loss.
“It is hard to say anything definite without efforts by the government agencies and law enforcement to track it in the same way they track other types of crime,” the researchers say. “What we did learn was that property crime committed online already results in significantly higher monetary losses than ‘traditional’ offline property crimes,” the researchers say. While there have been few studies about the losses, the best guess seems to be about $16 billion per year.
It’s also difficult to measure the loss of intellectual property, and that’s partially why this type of crime is so harmful. According to the researchers, 81 percent of American adults and 95 percent of teens access the Internet, providing plenty of opportunity for thieves to strike.
Another complication is the fact that organizations don’t always report losses they may have incurred, for fear of losing customer trust and investment. (After Target’s data breach in 2013, the store’s earnings fell by almost half in just a year.)
One way to keep track would be to force corporations to report breach losses with new laws, the researchers say.
“There is still no mechanism to compel corporations to disclose their losses resulting from such cyber attacks, and efforts by government and law enforcement to begin counting cyber crime directly are limited so far,” according to the researchers.
What you can do to stay safe
We don’t need the FBI to tell us identity theft is a growing crime. Here are some basic tips for protecting yourself…
- If you shop online, make sure it’s on a secure website. How can you tell? The URL should start with https://.
- Change your passwords at least every few months. Hint: It should not be “Chewy123.“
- Never include your license number, Social Security number, or bank and credit card numbers in an email. If someone asks for this information, it could be a phishing scam. Even if not, anyone who breaks into your email can grab it.
- Don’t shop or bank on a public Wi-Fi connection like you might find at work, a library, or a coffee shop.
We have plenty more advice on avoiding and dealing with identity theft in our Solution Center.