Australian Institute of Criminology

Skip to content

Discussion

The present study sought to quantify the nature and extent of identity crime and misuse in Australia by obtaining the views of a large sample of Australians aged 15 years and over who resided across all states and territories. These results build on the baseline data collected in the 2013 survey and begin to demonstrate consistent views over time.

Perceptions of misuse of personal information

In relation to how respondents perceived the seriousness of the problem of identity crime and misuse, a large proportion of respondents from the present survey indicated that misuse of personal information was very serious or somewhat serious in terms of harm to the Australian economy. The figure of 96.3% in 2014 is almost identical to the findings of 2013 (96.6%) and reflects the serious nature of the threat. Two-thirds of the respondents (67%) also considered that the risk of someone misusing their personal information would increase over the next 12 months (consistent from 65.2% in 2013).

Although both of these perceptions concerning the seriousness and likelihood of change were higher than similar perceptions reported by Di Marzio Research (2012) and the OAIC (2013), these prior surveys were not directly comparable in terms of sample and questions asked. More recently, a survey conducted by Veda of 1,511 Australians found that 82 percent of respondents reported being concerned about having their personal information stolen. Generation Ys were less likely to worry, with 76 percent stating they were concerned about identity theft, compared with 86 percent of generation Xs and 81 percent of baby boomers (Veda 2015). An earlier study by Veda (2014) found that 89 percent of people were concerned about the security of their personal information when using the internet and more than two-thirds (69%) did not trust social media to protect their information (Veda 2014).

Interestingly, these perceptions do not reflect the actual reported risk of victimisation (see below). Although almost two-thirds of respondents to the AIC’s 2014 survey thought that the risk of someone misusing their personal information would increase over the next 12 months, between the AIC’s surveys in 2013 and 2014 there was almost no change.

Experience of misuse of personal information

The present survey found that 20.4% of respondents reported misuse of personal information at some time during their life, with 8.9 percent reporting misuse of their personal information in the previous 12 months. This finding closely mirrors 2013, when 20.8 percent of respondents reported misuse of personal information at some time during their life, and 9.4 percent reported misuse of their personal information in the previous 12 months.

These findings are somewhat lower than the lifetime prevalence rate of 27 percent of respondents to the NFA’s (2013) survey of identity fraud, but higher than the 8.8 percent of respondents in the United Kingdom who reported experiencing identity fraud in 2012. The present survey’s lifetime prevalence rate of 20.4 percent is also much higher than the 13 percent lifetime rate of identity fraud reported by respondents to the OAIC’s (2013) survey and the 17 percent reported by respondents to Veda’s survey (2015). Rates similar to those in the Veda (2015) study were also present in the US NCVS, with a lifetime prevalence rate of 14 percent and a 12-month prevalence rate of 6.7 percent (Harrell & Langton 2013).

The present survey’s 8.9 percent rate of reported victimisation in the preceding 12 months is also much higher than that reported by the ABS (2012), which found that four percent of respondents had experienced identity fraud in the preceding 12 months, and arguably higher than Di Marzio Research’s (2012: 7) survey finding that seven percent of respondents experienced identity theft ‘in the last 6 months or so’. Veda’s (2015) 5 percent victimisation rate for the past 12 months appears similar to that of the ABS’s (2012) national survey. These variations are most likely due to the different sampling frames used, the data collection techniques employed and the focus of questions asked of respondents.

Losses, costs and consequences resulting from the misuse of personal information

Participants who experienced misuse of their personal information in the 12 months prior to the survey were asked how much they were left out-of-pocket as a result. Out-of-pocket losses were defined as being money paid out, excluding any money that they were able to recover from banks and any costs associated with repairing what occurred.

In 2014, 240 respondents indicated suffering a financial loss ranging between $1 and $200,000. The median loss was $300 and total losses amounted to $858,599. The majority of participants experienced smaller losses. This compares to 2013, when 45.7% (n=210) of survey participants did not suffer a financial loss, while 250 participants experienced losses that when weighted ranged from $1 to $310,000 (with a median loss of $247). As with 2013, in 2014, the distribution of losses is positively skewed, with the majority of participants experiencing smaller losses.

In addition to these losses, banks and other organisations reimbursed respondents for losses they had suffered, resulting in an additional loss to those banks and other organisations. When the data were weighted, the mean amount reimbursed or recovered was $15,317, and the median amount reimbursed or recovered was $50. While the total recovered losses in 2014 ($3,831,440) were significantly higher than in 2013 ($858,599), this was skewed by a single reported recovery totalling $2m.

Finally, some participants experienced other consequences, the most frequent of which were being refused credit (14.9%, up from 14.1% in 2013), experiencing mental or emotional stress requiring counselling or other treatment (11.9%, up from 10.7% in 2013) and being wrongly accused of a crime (5.2%, down from 5.5% in 2013). In 2014, some victims were denied access to their credit cards, bank accounts and utility accounts, and one victim said that police ‘came to arrest me’. Though there are small variations, 2014 results largely reflect those seen in the 2013 survey.

These financial and other impacts are somewhat different from other Australian data. The ABS (2012) found that one in three victims (33.2%) of credit card fraud had lost money, even after receiving reimbursement from banks and other organisations, with 15.2 percent of victims losing $100 or less, 9.1 percent losing between $101 and $500, 4.2 percent losing between $501 and $1,000, and 4.8 percent losing more than $1,000. It was also found that just more than one-quarter (26.9%) of all victims of identity theft in the five years prior to interview had incurred financial losses as a result of the incident(s), with 24.1 percent losing $10,000 or less and 2.8 percent losing more than $10,000.

In 2013–14, the Australian Payments Clearing Association reported a total of 6.1 billion transactions involving a credit or debit card in Australia. Of these transactions, 1,543,197 were fraudulent—worth approximately $304m (APCA 2014: 7). Not all of this would fall within the definition of out-of-pocket losses arising from misuse of personal information within the terms of the present research.

In the United Kingdom, however, identity fraud was estimated by the NFA (2013) to cost UK adults £3.3b during 2012, with those who actually lost money (2.7 million individuals) losing an average of £1,203 each (the equivalent of A$2,169).

In the United States, identity theft victims reported a total of US$24.7b in direct and indirect losses attributed to all incidents of identity theft experienced in 2012. The US National Crime Victimization Survey (NCVS) found that 68 percent of identity theft victims reported a combined direct and indirect financial loss associated with the most recent incident, with a mean loss of US$1,769 and a median loss of US$300. In addition to any direct financial loss, six percent of all identity theft victims reported indirect losses associated with the most recent incident of identity theft. Victims who suffered an indirect loss of at least US$1 reported an average indirect loss of US$4,168, with a median loss of US$30. With the exception of victims of personal information fraud, identity theft victims who reported indirect financial loss had a median indirect loss of US$100 or less. At the time of the interview, 14 percent of victims had experienced personal out-of-pocket financial losses of US$1 or more. Of those victims who suffered an out-of-pocket financial loss, 49 percent had total losses of US$99 or less, while approximately 18 percent reported out-of-pocket expenses of between US$100 and US$249. An additional 16 percent reported out-of-pocket expenses of US$1,000 or more.

About 36 percent of identity theft victims reported moderate or severe emotional distress as a result of the incident, although the level of emotional distress varied by type of identity theft. Thirty-two percent of victims of personal information fraud reported that they found the incident severely distressing, compared with five percent of credit card fraud victims. Twenty-two percent of victims of new account fraud reported that the crime was severely distressing. At the time of the interview, 86 percent of identity theft victims had resolved any problems associated with the incident and, of these, the majority spent a day or less clearing up the problems, while about 29 percent spent a month or more (Harrell & Langton 2013). Comparing these results with those obtained in the present Australian survey, it appears that median losses were similar to those in the United States, while the proportion experiencing emotional harm was higher in the United States (although definitions of harm differed).

The most recent estimate of the total economic impact of identity crime in Australia in 2014, undertaken as part of the National Identity Security Strategy’s Measurement Framework, was approximately $2.4b. This comprises: the costs of preventing and responding to identity crime (approximately $350m); the cost of identity crime as a percentage of Commonwealth fraud ($28.5m); the cost of identity crime to individuals ($434.9m); the cost of identity crime as a percentage of serious fraud ($148.5m); and the cost of identity crime as a percentage of police-recorded fraud (approximately $1.4b) (Emami & Smith 2015). The losses identified by victims in the present survey form just one element of this total impact.

Reporting the misuse of personal information

As with prior research in Australia and overseas, among survey respondents, reporting of misuse of identity was relatively low.

Of those who experienced misuse of their personal information, 45 (10.1%) did not report in any way. This is a small escalation from the previous year, when only 8.9 percent did not report this misuse. A further 216 respondents (48.5%) told a friend or family member (compared with 53.5% in 2013), while 47 (10.5%) told a government agency or a business organisation (compared with 7.8% in the previous year). Finally, 138 (31%) told a friend or family member as well as a government agency or business organisation—a result almost identical to the previous year.

These results are similar to those found in the AIC’s Online Consumer Fraud Survey 2013 (Jorna 2015). Respondents to this survey, which covered all types of consumer fraud including identity misuse, indicated that they most often reported to family and friends (51% of those victimised) followed by reports to the ACCC’s SCAMwatch website (41.2%). Overall in 2013, 11 percent failed to report their scam victimisation to anyone, which is similar to the 10.1 percent who failed to report in the AIC’s current identity crime survey. Similar to the 2014 identity crime survey results, in 2013, the most common reasons provided for not reporting scams were ‘unsure of which agency to contact’ (39.7% of the total sample), ‘I didn’t think anything would be done’ (31.4%) and ‘not worth the effort’ (26.9%) (Jorna 2015).

Respondents to the present survey were also asked to specify which government agency or business organisation they had reported to and how satisfied they were with the outcome. The majority of reports resulted in a very satisfactory or satisfactory outcome. Participants were most satisfied with responses provided by financial institutions (77.5% were either satisfied or very satisfied), followed by utility companies (74.3% were either satisfied or very satisfied). The lowest levels of satisfaction were in relation to reports to consumer protection agencies.

The findings in the current 2014 identity crime survey with respect to reporting behaviour are very similar to those reported in the NCVS in the United States in 2012 (Harrell & Langton 2013). Arguably, further efforts are needed to improve reporting rates, particularly to government agencies responsible for handling consumer complaints, by coordinating their activities and publicising avenues for reporting. The results of the current survey found that more than one-third of respondents simply did not know to whom a report should be made.

Behavioural changes resulting from the misuse of personal information

Participants were asked to indicate if, and how, their behaviour had changed as a direct result of having their personal information misused. Almost all (91.6%) indicated that they had changed their behaviour in some way—a result similar to that found in 2013 (94.1%). Some respondents even indicated that they had changed their place of residence (n=13 in 2014).

The top-five behavioural changes were the same as in 2013. These included changing passwords (56.1%), reviewing financial statements more carefully (39.6%), being more careful when using or sharing personal information (38.6%), changing banking details (34%) and not trusting people as much (32.1%). Once again, a minority (8.4%) of participants who experienced misuse of their personal information in the previous 12 months indicated that this did not result in any behavioural change.

In its Personal Fraud Survey 2007, the ABS (2008) asked respondents to indicate how their behaviour had changed as a result of the most recent incident of various types of personal fraud victimisation. In relation to identity theft, 24.5 percent of respondents said that they were more aware or careful; 8.8 percent said they experienced reduced wellbeing; 3.9 percent had changed their internet service provider, email address, payment method, credit card details or internet security; 6.7 percent had stopped engaging, ignored or no longer dealt with that organisation or person; 3.4 percent made changes to contact details or physical or home security; and 3.2 percent indicated other behavioural changes (owing to high relative standard error rates, some of these findings were unreliable). In total, 47 percent of respondents had changed their behaviour in some way following identity theft victimisation (the same percentage who indicated changed behaviour following card fraud).

In the United States, the NCVS found that a greater percentage of victims (96%) than non-victims (84%) had engaged in at least one preventive action, and that about 12 percent of victims who took preventive action did so in response to experiencing identity theft in the past year. Overall, the two most common preventive actions in 2012 were checking bank or credit statements (75%) and shredding or destroying documents containing personal information (67%). A higher percentage of victims than non-victims engaged in both of these preventive actions; however, about 13% of victims began shredding or destroying documents containing personal information as a result of experiencing identity theft during the previous 12 months and 26% began checking bank or credit statements as a result of the victimisation. Less than 10 percent of victims purchased identity theft protection (4%) or insurance (6%) or used an identity theft security program on the computer (6%) after experiencing identity theft, while about one-quarter of victims checked financial accounts or changed passwords on these accounts as a result of the victimisation (Harrell & Langton 2013).

The most serious occasion of misuse of personal information in the previous 12 months

Participants who experienced misuse of their personal information within the previous 12 months were asked further questions about the most serious occasion on which misuse had occurred during this time. The most serious occasion was defined as the occasion that resulted in the largest financial or other harm to the participant.

In 2014, the top-three types of personal information that had been misused were credit and debit card information (51.8%), name (36.7%) and bank account information (24.6%). These were the same top-three categories identified in 2013. These results were similar to those reported in Di Marzio Research’s (2012) survey, in which the most prevalent way in which identity theft or misuse had occurred was loss of credit card or debit card, which was reported by 35 percent of respondents. Similarly, in the United States, the NCVS found that the majority of identity theft incidents (85%) involved the fraudulent use of existing account information, such as credit card or bank account information, and that among identity theft victims, existing bank (37%) or credit card accounts (40%) were the most common types of misused information (Harrell & Langton 2013). This is not surprising given that in 2013–14, Australians undertook 6.1 billion transactions involving a credit or debit card, with 1.5 million of these being fraudulent (APCA 2014).

Participants were asked how they believed their personal information had been obtained on the most serious occasion in the previous 12 months. The top-five ways were from theft or hacking of a computer or other computerised device (20.2%), from an online banking transaction (15.1%), by email (12.9%—down from 18.3% in 2013), from information placed on a website other than social media (such as online shopping) (13.5%) and from information lost or stolen from a business or other organisation (i.e. a data breach) (10%). Notably, the category of details obtained via an ATM or EFTPOS transaction was down from 11 percent in 2013 to 6.4 percent in 2014. Di Marzio Research’s (2012) survey also found a high incidence of identity theft and misuse taking place through internet viruses and scams (31% and 27% respectively). In the United States, the NCVS found that approximately one-third (32%) of identity theft victims knew how the offender had obtained their information, and of the 5.3 million victims who knew how the identity theft occurred, the most common way offenders obtained information (43%) was to steal it during a purchase or other transaction (Harrell & Langton 2013).

Participants were asked how they believed their personal information had been misused on the most serious occasion in the previous 12 months. The two top reasons were the same as reported in 2013—namely, to purchase something (35.8%) and to obtain money from a bank account (excluding superannuation) (24.8%). In 2014, the third most prevalent way in which information had been misused was to file a fraudulent tax return (5.6%), while the misuse of information to apply for a loan or to obtain credit declined by 3.1 percent between 2013 and 2014. Di Marzio’s (2012) earlier survey found that 59 percent of respondents believed that their identity information had been used to purchase goods or services and a further 31 percent believed that it had been used to obtain finance, credit or a loan.

Participants who indicated that their personal information had been misused to purchase something were asked to specify what was purchased. The most commonly purchased items included were consumer electrical goods (n=21), airfares and travel (n=16), fashion items (n=15) and for gambling (n=7), the last two of which were more prevalent in 2014 than in 2013.

Participants were asked how they became aware of the misuse of their personal information on the most serious occasion in the previous 12 months. The clear top ways included receiving notification from a bank or financial institution and/or credit card company (38.9%, down from 43.4% in 2013) and noticing suspicious transactions in a bank statement or account, which produced an identical result to the previous year (33.3%). This was similar to the results of the NCVS in the United States, which found that among victims who experienced the unauthorised use of an existing account, 45 percent discovered the identity theft when a financial institution contacted them about suspicious activity on their account. By comparison, 15 percent of victims who experienced the misuse of personal information to open a new account or for other fraudulent purposes discovered the incident when a financial institution contacted them. Victims of these other types of identity theft were more likely than victims of existing account misuse to discover the incident when another type of company or agency contacted them (21%) or after they received an unpaid bill (13%). Twenty percent of victims of existing account misuse discovered the incident because of fraudulent charges on their account, compared with eight percent of victims of other types of identity theft (Harrell & Langton 2013). In the AIC’s identity crime surveys, by way of comparison, between 2013 and 2014, there was a 6.1 percentage point decline in individuals becoming aware of misuse after receiving from an organisation a bill for which they were not responsible.

Participants were asked how much they were left out-of-pocket due to the misuse of personal information for the most serious occasion in the past 12 months (excluding any money they were able to recover from banks and any costs associated with repairing what occurred). No out-of-pocket losses were experienced by 222 participants (49.8%), up from 43.5% in 2013. The remaining participants experienced losses ranging from $1 to $200,000. The mean out-of-pocket loss was $3,687 and the median loss was $200.

Participants who had been reimbursed by banks or other organisations, or recovered their losses in other ways, for the most serious occasion recovered between $1 and $60,000. The mean amount recovered was $1,318 for the most serious occasion in the past 12 months. The total recovered was $321,653, which was 40.8 percent less than the $543,514 recovered in 2013, although these amounts could have related to losses suffered in previous years.

Characteristics of those who experienced misuse of personal information in the previous 12 months

The demographic and behavioural characteristics of those who experienced misuse of personal information in the previous 12 months were explored in more detail using statistical analysis. Prior research in Australia and overseas has generally presented only simple descriptive statistics without statistically testing the presence and power of relationships between variables. As such, it was not generally possible to compare the statistical test results obtained in the present study with some of the findings from previous studies.

Previous studies

Di Marzio Research’s (2012) survey found statistically significant relationships at the 95 percent confidence level for victimisation (‘over the past six months or so’) and gender, age categories and state of residence. Significant relationships were also found for a number of types of victimisation and perceptions of risk, although statistical test results were not reported for all variables.

The survey conducted by the OAIC (2013) found that men (14%) and women (11%) were equally likely to be victimised, victimisation rates were lower for people aged under 25 (2%) and over 65 (9%), and victimisation rates increased with household income (7% of those living in households earning less than $25,000 versus 15% of those living in households earning more than $100,000). The OAIC (2013) survey also found that people who were least likely to be the victims of identity fraud and theft were those most concerned about the possibility of it happening to them. It was also found that younger Australians were the least likely to think that they may become the victim of identity theft and fraud in the next 12 months, and that Australians living in Western Australia were most likely to have been a victim of identity theft (18%) or knew someone who was (40%).

In the United States, the NCVS found that a similar percentage of males and females (7%) had experienced identity theft in 2012, and that across all types of identity theft, prevalence rates did not vary significantly by sex. After accounting for whether a person owned a credit card and bank account, prevalence rates for existing credit card and existing banking account misuse did not vary by sex. In terms of age, it was found that persons aged 16 to 17 years (less than 1%) were the least likely to experience identity theft, followed by persons aged 18 to 24 years (5%) and 65 years and above (5%). After accounting for credit card ownership, persons aged 16 to 24 were the least likely to experience the misuse of an existing account, while persons aged 65 years and above had a prevalence rate similar to persons aged 25 to 34 years. Among those who had a bank account, persons aged 16 to 17 years and 65 years and above were the least likely to experience bank account fraud. Overall, persons in the highest income category (those with an annual household income of US$75,000 or more) had a higher prevalence of identity theft than persons in other income brackets. After accounting for credit card ownership, persons in the highest income bracket had the highest rate of existing credit card account misuse. Among persons who had a bank account, there were no significant differences in the prevalence of identity theft across income categories, with the exception of the unknown category (Harrell & Langton 2013).

AIC identity crime survey findings

A statistically significant relationship was found between experiencing misuse of personal information in the previous 12 months and Indigenous status (Indigenous was defined as those who identified as Aboriginal, Torres Strait Islander or both Aboriginal and Torres Strait Islander). These results indicate that those who identified as Indigenous were more likely than others to experience misuse of their personal information.

A significant relationship was also found between individual gross income category and experience of misuse of personal information in the previous 12 months. Those in the lowest income category ($18,200 and under) were less likely to experience misuse of their personal information and those earning $37,001 and above were more likely to experience misuse.

A significant relationship was also found between perceptions of the seriousness of misuse of personal information and experiencing misuse of personal information in the previous 12 months, with those who had experienced misuse of personal information in the previous 12 months being more likely than expected to perceive that risks would increase in future.

Only one significant relationship was found in 2014 between place of normal residence and the place from which personal information had been obtained for respondents who had experienced misuse of their personal information in the previous 12 months. It was found that respondents located in a capital city were significantly more likely than those who were not in a capital city to have had their personal information obtained from the theft of their mail. This differed from the findings in 2013, when it was found that respondents located outside a capital city were significantly more likely than those in a capital city to have had their personal information lost or stolen from a business or other organisation (i.e. a data breach) and also that respondents located outside a capital city were significantly more likely than those in a capital city to have had their personal information obtained from a website other than social media (eg during online shopping).

Further analyses were undertaken to test the relationship between the characteristics of respondents who reported a financial loss and the amount they reported. No significant relationship was found between the amount of financial loss and gender, location, language, Indigenous status or individual gross income.

There was, however, a significant relationship between respondents’ age categories and the amount of financial loss. Further analysis of the relationship between age, gender and amount of financial loss showed that gender was not statistically significant when controlling for age.

A significant positive relationship was also found between financial loss and the number of hours spent dealing with the consequences of identity misuse, as well as the amount of money spent. This meant that the higher the financial loss, the more time and money were spent dealing with the consequences—as one might expect—and this confirms the same finding observed in 2013.

Variables that were found in 2014 not to have a significant relationship with misuse of personal information in the previous 12 months included place of normal residence, age group, gender, the number of hours spent on a computer or computerised device and language spoken at home. In 2013, a significant relationship was found between financial loss and language spoken at home, with those who spoke English having lost significantly more than those who spoke a language other than English at home, but this was not confirmed in the 2014 findings.

Conclusions

Misuse of personal information and identity crime continue to be of concern for government policymakers, business security analysts and academic researchers, as evidence continues to accrue of the extent and impact of the problem globally. The present report adds to this developing body of knowledge by documenting the nature and extent of criminal misuse of personal information among a large sample of Australians surveyed in May 2014. Information was obtained concerning their perceptions of the risks they face of misuse of personal information and the extent to which they have suffered victimisation. The results indicate that identity crime continues to affect many Australians, with substantial financial and other impacts occurring each year.

The risk environment

The 2014 survey found a similarly high level of concern among respondents to that identified in the 2013 survey regarding misuse of personal information. In both 2013 and 2014, more than two-thirds of respondents believed that misuse would increase over the next year. This level of concern is, however, at odds with the actual reported incidence of victimisation, with less than one-quarter of respondents reporting lifetime experience of victimisation and approximately 9 percent reporting misuse in the 12 months prior to the 2014 survey. Although these levels of victimisation differ from previous Australian and overseas research, there is a need to publicise the results of the present survey so that perceptions more accurately reflect the actual levels of victimisation experienced in Australia.

Identity crime impact and harms

In terms of harms caused by misuse of personal information, the survey found that approximately half of those who had experienced misuse suffered out-of-pocket financial losses totalling more than $850,000, which was 16 percent less than losses reported in 2013. Total losses, however, vary considerably from year to year, particularly when large losses occur in individual cases. Although such losses relate only to the misuse experienced by those who responded to the survey, this level of financial impact is high. In addition, respondents identified a range of other non-pecuniary impacts including being refused credit, experiencing mental or emotional stress requiring counselling or other treatment, and being wrongly accused of a crime. In addition, some victims were denied access to their credit cards, bank accounts and utility accounts, and one victim said that police ‘came to arrest me’. The experience of victimisation also resulted in more than 90 percent of respondents changing their behaviour in some way, including changing passwords, losing trust in people and even changing their place of residence. Such impacts can have important consequences for personal wellbeing as well as confidence in the online marketplace. Ideally, potential victims of crimes of this nature need to be supported in dealing with the consequences of their victimisation and, more importantly, in avoiding victimisation in the first place and re-victimisation.

Responses

As occurs with other types of fraud, for this the levels of reporting to official agencies, including law enforcement agencies, continued to be low, although respondents were generally satisfied with the outcomes when they reported to some government agencies and financial institutions. There was a small (1.2%) increase in those who failed to make any reports between 2013 and 2014, while overall there was an increase in reporting to government and business. Of concern is the 35 percent of respondents who said that they did not know how or where to report the matter, which increased from the 21 percent who gave this reason for non-reporting in 2013. Future survey results could see an improvement in respondents reporting identity crime following the implementation of the Australian Online Crime Reporting Network (ACORN) in late 2014.

Incident and victim characteristics

The present research also explored the circumstances of the most serious occasion on which misuse had occurred during the previous year. It was found that personal information was most often misused in connection with online commercial transactions, particularly card fraud. Online banking, social media and card-based transactions were thought to have been most often the source of misuse, with stolen information most often used for commercial purchases. There were few changes of this kind reported between 2013 and 2014, although personal information obtained from an ATM or EFTPOS transaction declined by almost five percentage points between 2013 and 2014.

In terms of the characteristics of victims, a number of statistically significant relationships were evident in the data. Those who identified as Indigenous were more likely than others to experience misuse of their personal information, while those in the lowest income category ($18,200 and under) were less likely to experience misuse, and those earning $37,001 and above were more likely to experience misuse. Those who resided in a capital city were significantly more likely than those who did not to have their personal information obtained from the theft of their mail, while age category and the amount of financial loss were associated. Finally, it was found that the higher the financial loss, the more time and money were spent dealing with the consequences of misuse. Variables that were found in 2014 not to have a significant relationship with misuse of personal information in the previous 12 months included place of normal residence, age group, gender, the number of hours spent on a computer or computerised device and language spoken at home.

Further research would be required to understand fully the reasons for these relationships. Smith & Jorna (2011) have explored some of the vulnerabilities to fraud of those living in regional and remote communities, including their lower levels of income and financial literacy, as well as their increased reliance on online services owing to face-to-face transactions being less available. Other areas to explore could include the possibility that people living in rural areas might have higher levels of trust when using online transactions than those in cities, while at the same time having less knowledge of the security weaknesses of the technologies they use. Or perhaps it might also be the case that rural, remote and Indigenous respondents were more willing to report the circumstances of their victimisation, perhaps being less concerned about embarrassment when reporting. Some of these findings might also be an artefact of the survey sampling frame and methodology used. As suggested in 2013, qualitative research through the use of in-depth interviewing would help to understand and explain the findings presented in this report in more depth.

The results of this survey confirm the findings of the AIC’s survey in 2013 that misuse of personal information remains an enduring form of criminal activity in Australia. Although in many respects the findings in 2014 confirm those obtained in 2013, there are a number of subtle changes that may be indicative of improvement, and also deterioration, in the identity crime risk environment in Australia that warrant further attention.