The latest identity theft and credit card fraud statistics paint a bleak picture. Since 2020, they have been among the most common types of fraud. While reports of identity theft and credit card fraud have dropped, they remained above pre-pandemic levels over the course of 2023.
After doubling between 2019 and 2020, reports of identity theft continued to grow in 2021, and nearly 1.4 million people were impacted. Approximately 1.1 million reports of identity theft were collected by the Federal Trade Commission (FTC) in 2022 and 1 million reports were filed in 2023.
Read on for a full report covering identity theft statistics, how these crimes have evolved, the demographics at the biggest risk, and much more.
Key findings
- Identity theft declines in 2023: There were 1.036 million reports of identity theft in 2023, down from 1.107 million in 2022, and 1.434 million in 2021.
- Credit card fraud remains top concern: Credit card fraud was the most common type of identity theft in 2023 with 426 thousand reports, down from 448 thousand in 2022.
- Government and benefits fraud on the rise: Government documents or benefits fraud increased by 68% in 2023 after declining by 85% in 2022. There were 102,000 reports of government documents or benefits fraud in 2023 compared to 61,000 in 2022.
Identity theft in the United States
The Federal Trade Commission received roughly 1 million reports of identity theft in 2023, down from 1.1 million in 2022.
The identity theft statistics collected by the FTC are based on reports from consumers, so it's likely that there are many cases of identity fraud that go uncounted.
Identity theft reports in the United States
Year | Identity theft reports |
---|---|
2019 | 650,000 |
2020 | 1,389,000 |
2021 | 1,434,000 |
2022 | 1,108,000 |
2023 | 1,037,000 |
The rate of identity theft increased significantly from 2017 to 2021, growing from 371,000 reports to 1.4 million. While reports of identity theft have dropped after peaking in 2021, they remain well above pre-pandemic rates.
According to a report by Javelin Strategy & Research, identity theft cases resulted in losses of $20 billion in 2022, a 15% drop from its 2021 study.
The most common types of identity theft
Identity theft comes in many forms, with credit card fraud being the most common. Roughly 426,000 cases of credit card fraud were reported to the FTC in 2023. That's down 5% from 2022 but still 53% higher than 2019, when 278,000 cases were reported.
Type of identity fraud | Reported cases, 2023 | Percent change in reported cases, 2022 to 2023 |
---|---|---|
Credit Card Fraud | 425,977 | (5%) |
Other Identity Theft | 279,221 | (19%) |
Loan or Lease Fraud | 171,900 | (4%) |
Bank Fraud | 145,206 | (12%) |
Government Documents or Benefits Fraud | 102,115 | 68% |
Employment or Tax-Related Fraud | 92,177 | (12%) |
Phone or Utilities Fraud | 87,402 | 2% |
Government documents or benefits fraud had a resurgence in 2023, with 102,000 cases reported, up 68% from 2022. That type of fraud was the most common type of identity theft in 2021, but plummeted in 2022 as government benefits deployed in response to the COVID-19 pandemic wound down.
Government documents or benefits fraud and phone or utilities fraud were the only types of identity theft to see year-over-year growth in 2023, with the latter receiving 2% more reports.
Other identity theft, which includes schemes involving email and social media, insurance, medical services, online shopping, investing accounts, and more, was the second-most commonly reported type of fraud in 2023.
Within that category, email and social media fraud has been on the rise while medical services fraud has plummeted since the pandemic.
There were 45,000 reported cases of medical services identity theft in 2020 and 43,000 in 2021. In 2023, there were just 14,000 reported cases. Meanwhile, social media and email fraud has nearly doubled from 10,000 cases in 2019 to 19,000 in 2023.
The decline in bank fraud was due to fewer reported cases of new account fraud and fraud involving payment cards, like debit cards and gift cards. Existing bank account fraud grew slightly, with 19,000 cases reported in 2023 compared to 17,000 in 2022.
Credit card fraud in the United States
Credit card fraud was the most common type of identity theft in 2023, with 426,000 reported cases. That's down from 448,000 cases reported in 2022 but well above pre-pandemic levels.
Credit card fraud reports by year
Year | Credit card fraud reports |
---|---|
2019 | 277,739 |
2020 | 399,721 |
2021 | 395,391 |
2022 | 448,459 |
2023 | 425,977 |
From 2017 through 2019, credit card fraud was the most common type of identity theft, only to be overtaken by government documents and benefits fraud in 2020 and 2021 (when scammers took advantage of pandemic-era government benefit programs).
Still, there was a 49% increase in reported cases of credit card fraud in 2020 compared to 2019. In 2023, there were 53% more reported cases of credit card fraud than in 2019.
Types of credit card fraud
There are two types of credit card fraud:
- New account: An identity thief uses your information to open a credit card account in your name.
- Existing account: An identity thief uses a credit card that you opened. This is usually done by stealing the credit card information.
New account fraud makes up roughly 90% of all credit card fraud, although existing account fraud is on the rise.
Year | Existing account fraud | New Account fraud |
---|---|---|
2019 | 31,044 | 246,695 |
2020 | 33,988 | 365,733 |
2021 | 32,283 | 363,108 |
2022 | 39,407 | 409,052 |
2023 | 44,855 | 381,122 |
When considering how to avoid credit card fraud, preventing people from acquiring card information probably comes to mind. But the statistics show that it's actually far more likely for someone to open an entirely new account using stolen personal data than for fraud to occur via a stolen credit card.
Why is new account fraud the dominant type of credit card fraud? There are several explanations:
- Existing account fraud has become more difficult. Because of credit card chip technology, the transaction process is more secure and it's harder for criminals to counterfeit credit cards.
- Data breaches have exposed information for hundreds of millions of people. Identity thieves can use this information for new account fraud.
- It's easier to steal money through new account fraud because it's an entirely new account that the consumer doesn't know about. With an existing account, the card issuer or the consumer may notice suspicious activity and lock the card in the event of an account takeover by identity thieves.
It's important to remember that individuals can dispute credit card charges with their credit card issuer if a card or information has been stolen. Creditors can then help remove fraudulent charges, which could impact credit reports down the line.
Fraud detection and prevention plus other consumer protections are huge advantages of using a credit card, of course -- in addition to the opportunity to increase your credit score. The Ascent has a guide for how to apply for a credit card and get approved.
The growth of synthetic account fraud
Identity thieves are always developing new ways to steal money. A relatively new form of identity theft, called synthetic account fraud, is one of the fastest-growing financial crimes in the nation.
Synthetic account fraud involves a combination of real and fabricated information, such as a real Social Security number and a false name. The synthetic identity can be used to apply for credit cards, loans, and government benefits. Perpetrators often spend time building a good credit score with synthetic identities. Then, they max out an identity's credit and abandon its accounts.
Retail and the video game industries are the most common targets for synthetic fraud, according to analysis from TransUnion. In the first half of 2023, 10.6% of retail transactions and 7% of video game transactions were suspected to be fraudulent or attempts at fraud.
Synthetic fraud attempts in the retail industry have grown 183% from the first of half of 2019 to the first half of 2023. Video game fraud rates have fallen during that period, but still remain high. Synthetic fraud involving financial services has grown 382% and fraud in the travel and leisure industry grew 353% -- the fastest and second-fastest growing rates of synthetic fraud attempts.
Synthetic fraud attempts by industry | Suspected fraud attempt rate, first half 2023 | Percent change from first half of 2019 | Suspected fraud attempt rate coming from the U.S., first half 2023 | Top fraud type |
---|---|---|---|---|
Retail | 10.60% | 183% | 1.00% | Promotion abuse |
Video games | 7.00% | (32%) | 0.80% | Gold farming |
Telecommunications | 5.30% | 2% | 1.70% | Credit card fraud |
Gaming (online gambling) | 4.70% | 24% | 3.70% | Promotion abuse |
Financial services | 4.30% | 382% | 4.30% | Identity fraud |
Communities (online dating, forums, etc.) | 4.10% | (16%) | 10.20% | Profile misrepresentation |
Travel and leisure | 2.30% | 353% | 2.80% | Credit card fraud |
Insurance | 1.60% | 61% | 4.50% | Third party application fraud |
Logistics | 0.90% | 14% | 5.70% | Shipping fraud |
Among lenders, auto lenders are most exposed to synthetic fraud, with losses in the first half of 2023 totaling $1.8 billion. That's nearly double that of bank credit cards and 10 times more than retail credit cards and unsecured personal loans.
Lender industry | First half, 2023 | First half, 2022 | Percent change |
---|---|---|---|
Auto loans | $1.8 billion | $1.3 billion | 38% |
Bank credit cards | $994 million | $917 million | 8% |
Retail credit cards | $126 million | $144 million | (13%) |
Unsecured personal loans | $57 million | $57 million | 0% |
Fraudsters target the auto industry because they view it as most profitable, according to Shai Cohen, the senior vice president and head of global fraud solutions at TransUnion. Using a synthetic identity, fraudsters can secure an auto loan for an expensive car, leaving an innocent victim and auto company on the hook.
Identity theft reports by age
Age | Identity theft reports in 2023 | Percent of total reports |
---|---|---|
19 and Under | 24,008 | 2% |
20 - 29 | 203,135 | 18% |
30 - 39 | 333,102 | 30% |
40 - 49 | 239,313 | 22% |
50 - 59 | 160,963 | 15% |
60 - 69 | 91,785 | 8% |
70 - 79 | 37,021 | 3% |
80 and Over | 10,368 | 1% |
Those in the 30-to-39 age range have recorded the most identity theft reports for years, including in 2023.
The youngest and oldest Americans report the fewest cases of identity theft. That doesn't necessarily mean they are less susceptible to identity theft -- instead it may suggest that they simply opt not to report, aren't aware that they can, or don't know how.
Here's a look at the most common types of identity fraud for each age group:
Age | Most common type of identity theft | Number of reports | Percentage of age's total identity theft reports, 2022 |
---|---|---|---|
19 and under | Employment or tax-related fraud | 13,774 | 57% |
20 to 29 | Credit card fraud | 71,900 | 35% |
30 to 39 | Credit card fraud | 122,246 | 37% |
40 to 49 | Credit card fraud | 84,604 | 35% |
50 to 59 | Credit card fraud | 53,438 | 33% |
60 to 69 | Credit card fraud | 27,974 | 30% |
70 to 79 | Credit card fraud | 10,899 | 28% |
80 and over | Credit card fraud | 2,852 | 28% |
Identity theft by state
These are the states with the most identity theft reports in 2023:
- California: 119,929
- Texas: 101,002
- Florida: 93,547
- New York: 51,484
- Georgia: 48,606
Population sizes play a large role in which states have the most identity theft reports. Looking at each state's number of reports per 100,000 residents provides a clearer picture of where identity theft is more prevalent.
States ranked by identity theft reports per capita, 2023
Eighteen states saw identity theft per 100,000 residents increase from 2022 to 2023:
- Connecticut: +69.9%
- Massachusetts: +58.1%
- Iowa: +45.4%
- Nebraska: +33.0%
- Maine: +24.8%
- South Dakota: +23.7%
- Montana: +21.2%
- Colorado: +19.4%
- Oregon: +18.0%
- Ohio: +11.8%
- Wyoming: +11.6%
- Minnesota: +10.9%
- Vermont: +10.2%
- Alaska: +9.6%
- Michigan: +8.8%
- North Dakota: +8.3%
- Washington: +5.8%
- Nevada: +0.7%
Not all identity theft reports filed to the FTC contain location information.
Top metropolitan areas for identity theft
The greater Miami metropolitan area and Atlanta metro posted the highest reported cases of identity theft per capita -- no surprise, given that they are in states that also have the highest identity theft reports per 100,000 residents.
There are some metro areas that place higher per capita in terms of identity theft than where their state ranks. Examples include Tuscaloosa and Montgomery in Alabama, Philadelphia, Los Angeles, and a number of metro areas in the Carolinas that cover Charlotte, Columbia, and Charleston.
Metropolitan Area | Reports per 100K population | Number of Reports |
---|---|---|
Miami-Fort Lauderdale-Pompano Beach, Florida Metropolitan Statistical Area | 729 | 44,489 |
Atlanta-Sandy Springs-Alpharetta, Georgia Metropolitan Statistical Area | 604 | 36,395 |
Tuscaloosa, Alabama Metropolitan Statistical Area | 497 | 1,321 |
Houston-The Woodlands-Sugar Land, Texas Metropolitan Statistical Area | 488 | 34,414 |
Las Vegas-Henderson-Paradise, Nevada Metropolitan Statistical Area | 488 | 10,889 |
Savannah, Georgia Metropolitan Statistical Area | 483 | 1,940 |
Philadelphia-Camden-Wilmington, Pennsylvania-New Jersey-Delaware-Maryland Metropolitan Statistical Area | 467 | 29,038 |
Hartford-East Hartford-Middletown, Connecticut Metropolitan Statistical Area | 465 | 5,644 |
Los Angeles-Long Beach-Anaheim, California Metropolitan Statistical Area | 458 | 60,428 |
Orlando-Kissimmee-Sanford, Florida Metropolitan Statistical Area | 446 | 11,747 |
Dallas-Fort Worth-Arlington, Texas Metropolitan Statistical Area | 439 | 33,078 |
Killeen-Temple, Texas Metropolitan Statistical Area | 427 | 1,997 |
LaGrange, Georgia-Alabama Micropolitan Statistical Area | 400 | 417 |
Cleveland-Elyria, Ohio Metropolitan Statistical Area | 398 | 8,289 |
Macon-Bibb County, Georgia Metropolitan Statistical Area | 394 | 919 |
Lakeland-Winter Haven, Florida Metropolitan Statistical Area | 392 | 2,799 |
Columbus, Ohio Metropolitan Statistical Area | 384 | 8,154 |
Charlotte-Concord-Gastonia, North Carolina-South Carolina Metropolitan Statistical Area | 378 | 9,927 |
Florence, South Carolina Metropolitan Statistical Area | 369 | 740 |
Memphis, Tennessee-Mississippi-Arkansas Metropolitan Statistical Area | 368 | 4,912 |
Bridgeport-Stamford-Norwalk, Connecticut Metropolitan Statistical Area | 365 | 3,491 |
Boston-Cambridge-Newton, Massachusetts-New Hampshire Metropolitan Statistical Area | 363 | 17,842 |
Montgomery, Alabama Metropolitan Statistical Area | 361 | 1,390 |
Charleston-North Charleston, South Carolina Metropolitan Statistical Area | 356 | 2,809 |
Columbia, South Carolina Metropolitan Statistical Area | 354 | 2,925 |
Data breaches
Data breaches are one of the ways criminals commit identity theft and credit card fraud. The hackers who steal information through data breaches often sell it on the dark web. Buyers then use the information for various types of fraud.
According to Nationwide, 58% of consumers are concerned about being a victim of cybercrime, but 69% don't have cyber insurance.
Cyber insurance can limit costs stemming from cybercrime and reduce the amount of time it takes to recover from cyberattacks.
The most cited reasons for consumers to not have cyber insurance are lack of knowledge about cyber insurance, not knowing cyber insurance is available to them, and thinking that coverage is too expensive, per Nationwide.
Obtaining cyber insurance may be wise. Sixty-nine percent of consumers don't feel prepared to recover from a cyberattack and 68% haven't thought about how they would respond, Nationwide found.
Data breaches by year
The number of data compromises jumped in 2023 to 3,205 from 1,801 in 2022, however the number of individuals impacted fell by 17%, from 422 million to 352 million, according to The Identity Theft Resource Center.
Year | Number of data compromises | Number of individuals impacted |
---|---|---|
2016 | 1,104 | 2,541,581,891 |
2017 | 1,631 | 2,081,515,330 |
2018 | 1,280 | 2,231,245,353 |
2019 | 1,362 | 887,286,658 |
2020 | 1,108 | 300,562,519 |
2021 | 1,860 | 300,607,163 |
2022 | 1,801 | 422,212,090 |
2023 | 3,205 | 352,027,892 |
Why have there been more data compromises but fewer individuals impacted? The Identity Theft Resource Center reports that cybercriminals aim to acquire specific personal information that can be used for identity theft, fraud, and scams instead of more sprawling attacks.
Most data breaches occur via cyberattack, with phishing, ransomware, and malware being the most common tactics. Here's how each works:
- Phishing is when a cybercriminal pretends to be a trusted entity so the target will click a link in an email, text message, or chat message.
- Ransomware is a type of malware that threatens to release sensitive data if the target doesn't pay a ransom.
- Other types of malware -- which can be inadvertently downloaded through fraudulent ads or other links -- can monitor computer activity and keystrokes, and steal personal information.
Causes of data breaches
Breach type | 2020 | 2021 | 2022 | 2023 |
---|---|---|---|---|
Cyberattacks | 878 | 1,613 | 1,595 | 2365 |
Human and system errors | 152 | 179 | 152 | 729 |
Physical attacks | 78 | 51 | 46 | 53 |
Supply chain attacks | - | - | - | 242 |
Unknown | - | 12 | 10 | - |
There were four root causes of the over 3,000 data breaches in 2023:
- Cyberattacks: Includes phishing, ransomware, malware, and unsecured cloud environments.
- Human and system errors: Includes failure to configure cloud security, email or letter correspondence, and lost devices and documents.
- Physical attacks: Includes device theft, document theft, improper disposal, and skimming devices.
- Supply chain attacks: Occurs when the attacker compromises a smaller vendor to access information held by a larger company.
Cyberattacks are by far the most common cause of data breaches and impact the largest number of people overall. Human and system errors don't happen nearly as often, but when they do, they impact more people on average. A cyberattack in 2021 impacted an average 117,000 people, whereas each human and system error impacted about 586,000 people.
Types of data compromised
Type of data compromised | Number of breaches containing data in 2021 | Number of breaches containing data in 2022 |
---|---|---|
Name | 1,603 | 1,560 |
Full Social Security number | 1,136 | 1,143 |
Date of birth | 686 | 633 |
Current home address | 681 | 565 |
Medical history/condition/treatment/diagnosis | 464 | 465 |
Driver's license/State ID number | 447 | 499 |
Bank account number | 402 | 443 |
Medical insurance account number | 361 | 370 |
Phone number | 218 | N/A |
Payment card full number | 211 | N/A |
Undisclosed records | N/A | 226 |
Medical provider account/record number | N/A | 196 |
There were dozens of different types of data compromised in 2022's data breaches. The table above includes the numbers for the types of data that are often used for identity theft.
Most data breaches included people's names, and over half of them included full Social Security numbers. Fortunately, fewer than 20% of data breaches contained bank account or payment card information.
A turbulent year for identity theft and credit card fraud
Reported identity theft declined in 2023, but cases still remain significantly higher than pre-pandemic.
Aside from government documents or benefits fraud, all other major types of identity theft fell in 2023. The resurgence in identity theft related to government documents and benefits is concerning and individuals should remain vigilant when asked to share personal information with those who present themselves as a government official.
Data compromises hit a record high in 2023, but impacted fewer people as cybercriminals change their tactics and continue to take aim at personal information instead of undertaking sweeping attacks.
While identity theft isn't as commonplace as it was during the height of the pandemic in late 2020 and early 2021, reports still remain above what was recorded in 2019.
To prevent identity theft, the FTC recommends securing personal information, whether it be in physical form or online, and being vigilant when someone asks for your Social Security number or other sensitive personal information.
Sources
- Federal Trade Commission (2024). "Identity Theft Reports."
- Identity Theft Resource Center (2024). "2023 Annual Data Breach Report."
- Nationwide (2022). "Despite rising concern, Americans leave themselves vulnerable to cyberattacks."
- TransUnion (2023). "TransUnion Analysis Finds Synthetic Identity Fraud Growing to Record Levels."
Our Research Experts
We're firm believers in the Golden Rule, which is why editorial opinions are ours alone and have not been previously reviewed, approved, or endorsed by included advertisers. The Ascent, a Motley Fool service, does not cover all offers on the market. The Ascent has a dedicated team of editors and analysts focused on personal finance, and they follow the same set of publishing standards and editorial integrity while maintaining professional separation from the analysts and editors on other Motley Fool brands.