How not to measure identity fraud
Identity fraud has claimed 4 million victims in the UK, or 7 per cent of the population, according to a survey carried out for National Identity Fraud Prevention Week – which falls this week.
The finding came from a survey of 2,002 people commissioned by Fellowes and carried out by Dynamic Markets Ltd, a market research company based in Abergavenny. Fellowes make shredders, so they have an interest in persuading people that merely throwing away letters or bills isn’t good practice. They collaborated with several Government departments and public bodies in backing the week, including the Home Office, the National Fraud Authority, the Metropolitan and City of London Police, e-crime Scotland and the Royal Mail.
Surveys are a poor way of measuring the impact of crimes that are suffered by a minority of the population. Large losses incurred by a few people as a result of fraud can produce a misleading impression, producing a high “average loss” figure and greatly exaggerating the total amount lost. This is fully explained in an earlier post, but once again the problem seems to have been ignored by the bodies responsible for this press release.
So let’s examine it step by step. The survey was in people over 18, of whom 7 per cent said they had ever suffered identity fraud. This is translated into “over four million” – the correct figure would be about 3.3 million, since there are 47 million people over 18 in the UK. Somebody has used the total population to gross up the percentage, not the population over 18.
It says that among those who complained of identity fraud, the average loss was £1,190. Let’s suppose that 7 per cent of the sample really had suffered identity fraud, though it seems rather high. (A very large survey in the US in 2008, with 56,000 respondents, found a figure of up to 5 per cent.) The 7 per cent figure means that of the 2,002 questioned, there were 140 victims.
The total losses recorded must therefore be £1,190 x 140, that is £166,600. If 18 victims had lost £9,000 each (the highest individual loss figure cited in the press release), it would account for almost all the losses recorded. In that case the average would be based on just 18 respondents, some of whom may have been exaggerating or lying. And, of course, if some claimed to have lost more than £9,000, then the actual number of victims would have been even smaller.
Losses from identity fraud follow a skewed distribution, with a few large losers and the great majority unaffected. When a distribution is skewed, there is a large difference between the mean and median loss. The press release did not cite a median, but in response to a query the PR agency kindly supplied it - £400.
So the mean is almost three times greater than the median, which means that the distribution is very skewed indeed – nearly as skewed as the distribution of wealth in the US, where the top 1 per cent control about a third of the wealth.
Most of the losses in this survey must be concentrated in very few respondents. This is problematical, for two reasons. First, response bias makes it more likely that those who have suffered losses will respond to the survey than those who haven’t; and secondly, because the effect of a few respondents exaggerating or lying could be disproportionately large. Nor is there any chance that these misrepresentations will cancel each other out, because nobody can claim to have lost a negative amount.
If this survey were to be repeated a dozen times, it would almost certainly produce a dozen different answers, varying by a factor of two or more between highest and lowest average loss. No confidence intervals are quoted.
The UK’s Fraud Prevention Service recorded 102,000 cases of identity fraud last year, and 440,000 in the past five years. That’s plenty, but at that rate it would have taken nearly 40 years for 3.3 million people to have suffered from the experience.
So while we should be careful to protect our identities – and certainly shouldn’t follow the example of Oliver Letwin and chuck old letters into a public bin - we shouldn’t necessarily believe everything we read about identity fraud.