Identity Theft and Credit Card Fraud Statistics for 2023
Image source: Getty Images
The latest identity theft and credit card fraud statistics paint a bleak picture. Since 2020, they have been among the most common types of fraud. While reports of identity theft and credit card fraud have dropped, as of the first half of 2023 they remain above pre-pandemic levels.
After doubling between 2019 and 2020, reports of identity theft continued to grow in 2021 with nearly 1.4 million people being impacted. 1.1 million reports of identity theft were collected by the Federal Trade Commission (FTC) in 2022 and 559,000 reports have been filed to the FTC through the first half of 2023.
Read on for a full report covering identity theft statistics, how these crimes have evolved, the demographics at the biggest risk, and much more.
Key findings
- There were 1.108 million reports of identity theft in 2022. 559,000 instances of identity theft have been reported through the first half of 2023.
- Credit card fraud was the most common type of identity theft in 2022, with 440,666 reports. 219,713 credit card fraud reports have been filed in the first half of 2023.
- Synthetic fraud is the fastest growing form of identity theft. The auto lending industry suffered $1.8 billion in losses due to synthetic fraud in the first half of 2023. The retail and video game industries are targeted most by synthetic fraud.
- Synthetic fraud is on the rise in the auto lending industry
- Those aged 30 to 39 reported the most cases of identity theft.
- Georgia, Louisiana, and Florida were the top three states for identity theft per capita.
- Government documents or benefits fraud declined by 85% in 2022 from 2021, with 57,912 reports filed compared to 396,025 in 2021.
- There were 1,802 data breaches in 2022, a 3% decline from the all-time high set in 2021.
- Over 422 million people were impacted by data breaches in 2022, up 44% from 2021.
Identity theft in the United States
The Federal Trade Commission received 1.1 million reports of identity theft in 2022 and has received 559,000 reports through the first half of 2023. Identity theft was the second-most common type of complaint lodged by consumers, and it accounted for 21% of all the reports received by the FTC.
The identity theft statistics collected by the FTC are based on reports from consumers, so it's likely that there are many cases of identity fraud that go uncounted.
| Year | Identity theft reports (thousands) |
|---|---|
| 2017 | 371 |
| 2018 | 444 |
| 2019 | 650 |
| 2020 | 1,389 |
| 2021 | 1,435 |
| 2022 | 1,108 |
| 2023 (Q1 and Q2) | 559 |
The rate of identity theft increased significantly from 2017 to 2021, from 371,000 reports to 1.4 million. While reports of identity theft dropped from 2021 to 2022, they remain well above pre-pandemic rates.
According to a report by Javelin Strategy & Research, identity theft cases resulted in losses of $20 billion in 2022, a 15% drop from their 2021 study.
The most common types of identity theft
Identity theft comes in many forms. Government documents or benefits fraud was the most common type of identity theft in 2021 but plummeted in 2022, likely as government benefits from the COVID-19 pandemic wound down. Bank fraud and credit card fraud were the only two types of identity theft to grow from 2021 to 2022, with the latter being the most common type of identity theft that year.
| Type of identity fraud | Reported cases, 2022 | Perchange in reported cases |
|---|---|---|
| Credit Card Fraud | 440,666 | 13% |
| Other Identity Theft | 326,505 | -13% |
| Bank Fraud | 156,134 | 25% |
| Loan or Lease Fraud | 153,578 | -22% |
| Employment or Tax-Related Fraud | 103,416 | -7% |
| Phone or Utilities Fraud | 77,316 | -13% |
| Government Documents or Benefits Fraud | 57,912 | -85% |
Bank fraud cases grew 25% in 2022 compared to the previous year, while credit card fraud jumped 13%.
Fraudsters using stolen identity information to open new bank accounts under a victim's name grew by 32% in 2022. Nearly 111,000 Americans reported new account bank fraud in 2022 compared to about 84,000 in 2021, according to the FTC.
Bank fraud relating to debit cards, electronic funds transfers, or ACH grew by 12% in 2022 compared to the previous year. Existing account fraud increased by 22%.
Looking at credit card fraud, existing account fraud grew 22% while new account fraud -- the most common type of identity theft in 2022 -- grew 13%.
The largest drop in reported identity theft came in the form of government benefits fraud, which saw a 88% decline from 2021 to 2022. That's likely due to COVID-19 benefits drying up.
The growth of synthetic account fraud
Identity thieves are always developing new ways to steal money. A relatively new form of identity theft, called synthetic account fraud, is one of the fastest-growing financial crimes in the nation.
Synthetic account fraud involves a combination of real and fabricated information, such as a real Social Security number and a false name. The synthetic identity can be used to apply for credit cards, loans, and government benefits. Perpetrators often spend time building a good credit score with synthetic identities. Then, they max out an identity's credit and abandon its accounts.
Retail and the video game industries are the most common targets for synthetic fraud, according to analysis from TransUnion. In the first half of 2023, 10.6% of retail transactions and 7% of video game transactions were suspected to be fraudulent or attempts at fraud.
Synthetic fraud attempts in the retail industry have grown 183% from the first of half of 2019 to the first half of 2023. Video game fraud rates have fallen during that period, but still remain high. Synthetic fraud involving financial services has grown 382% and fraud in the travel and leisure industry grew 353% -- the fastest and second-fastest growing rates of synthetic fraud attempts.
| Synthetic fraud attempts by industry | Suspected fraud attempt rate, first half 2023 | Percent change from first half of 2019 | Suspected fraud attempt rate coming from the U.S., first half 2023 | Top fraud type |
|---|---|---|---|---|
| Retail | 10.60% | 183% | 1.00% | Promotion abuse |
| Video games | 7.00% | -32% | 0.80% | Gold farming |
| Telecommunications | 5.30% | 2% | 1.70% | Credit card fraud |
| Gaming (online gambling) | 4.70% | 24% | 3.70% | Promotion abuse |
| Financial services | 4.30% | 382% | 4.30% | Identity fraud |
| Communities (online dating, forums, etc.) | 4.10% | -16% | 10.20% | Profile misrepresentation |
| Travel and leisure | 2.30% | 353% | 2.80% | Credit card fraud |
| Insurance | 1.60% | 61% | 4.50% | Third party application fraud |
| Logistics | 0.90% | 14% | 5.70% | Shipping fraud |
Among lenders, auto lenders are most exposed to synthetic fraud, with losses in the first half of 2023 totaling $1.8 billion. That's more than double that of bank credit cards and 10 times more than retail credit cards and unsecured personal loans.
| Lender industry | First half, 2023 | First half, 2022 | Percent change |
|---|---|---|---|
| Auto loans | $1.8 billion | $1.3 billion | 38% |
| Bank credit cards | $994 million | $917 million | 8% |
| Retail credit cards | $126 million | $144 million | -13% |
| Unsecured personal loans | $57 million | $57 million | 0% |
Fraudsters target the auto industry because they view it as most profitable, according to Shai Cohen, the senior vice president and head of global fraud solutions at TransUnion. Using a synthetic identity, fraudsters can secure an auto loan for an expensive car, leaving an innocent victim and auto company on the hook.
Identity theft reports by age
| Age | Identity theft reports in 2021 | Identity theft reports in 2022 | Percent change |
|---|---|---|---|
| 19 and Under | 22,833 | 23,953 | 5% |
| 20 - 29 | 191,334 | 179,902 | -6% |
| 30 - 39 | 308,910 | 286,304 | -7% |
| 40 - 49 | 266,269 | 212,455 | -20% |
| 50 - 59 | 206,514 | 139,653 | -32% |
| 60 - 69 | 118,093 | 77,710 | -34% |
| 70 - 79 | 45,068 | 31,361 | -30% |
| 80 and Over | 9,917 | 8,193 | -17% |
Those in the 30-to-39 age range have recorded the most identity theft reports for years.
All age groups other than those 19 and younger saw a decline in identity theft reports in 2022 compared to 2021. Americans 19 and younger experienced a 5% increase.
Here's a look at the most common types of identity fraud for each age group:
| Age | Most common type of identity theft | Number of reports | Percentage of age's total identity theft reports 2021 |
|---|---|---|---|
| 19 and under | Employment or tax-related fraud | 16,901 | 66% |
| 20 to 29 | Credit card fraud | 71,574 | 33% |
| 30 to 39 | Credit card fraud | 121,157 | 35% |
| 40 to 49 | Credit card fraud | 90,576 | 35% |
| 50 to 59 | Credit card fraud | 57,954 | 35% |
| 60 to 69 | Credit card fraud | 29,140 | 32% |
| 70 to 79 | Credit card fraud | 10,801 | 30% |
| 80 and over | Credit card fraud | 2,560 | 27% |
Identity theft by state
Here are the states with the most identity theft reports in 2021:
- California: 125,121
- Texas: 113,740
- Florida: 111,183
- New York: 60,830
- Georgia: 60,332
Population sizes play a large role in which states have the most identity theft reports. To get an accurate idea of where identity theft is most prevalent, we can look at each state's number of reports per 100,000 residents.
States ranked by identity theft reports per capita, 2021
| State | Reports per 100K people | Total number of reports |
|---|---|---|
| Georgia | 568 | 60,332 |
| Louisiana | 535 | 24,897 |
| Florida | 521 | 111,183 |
| Delaware | 477 | 4,680 |
| Nevada | 401 | 12,282 |
| Texas | 394 | 113,740 |
| Pennsylvania | 363 | 47,146 |
| Alabama | 355 | 17,764 |
| South Carolina | 352 | 17,903 |
| Mississippi | 346 | 10,261 |
| Maryland | 337 | 20,737 |
| Illinois | 332 | 42,553 |
| California | 317 | 125,151 |
| New Jersey | 311 | 28,695 |
| North Carolina | 305 | 31,609 |
| New York | 302 | 60,830 |
| Arizona | 265 | 18,787 |
| Ohio | 263 | 30,935 |
| Virginia | 258 | 22,178 |
| Tennessee | 235 | 16,113 |
| Connecticut | 226 | 8,131 |
| Massachusetts | 222 | 15,518 |
| Rhode Island | 222 | 2,421 |
| Michigan | 216 | 21,760 |
| Missouri | 197 | 12,087 |
| Kansas | 193 | 5,647 |
| Colorado | 186 | 10,658 |
| Indiana | 184 | 12,424 |
| Arkansas | 173 | 5,187 |
| Utah | 171 | 5,519 |
| Washington | 156 | 11,864 |
| Oklahoma | 154 | 6,068 |
| New Mexico | 151 | 3,188 |
| Oregon | 150 | 6,294 |
| West Virginia | 148 | 2,659 |
| Wisconsin | 142 | 8,319 |
| New Hampshire | 138 | 1,894 |
| Minnesota | 128 | 7,263 |
| Hawaii | 126 | 1,826 |
| Idaho | 123 | 2,222 |
| Kentucky | 119 | 5,336 |
| North Dakota | 109 | 846 |
| Alaska | 104 | 767 |
| Montana | 104 | 1,123 |
| Nebraska | 103 | 2,019 |
| Maine | 101 | 1,377 |
| Iowa | 97 | 3,098 |
| Wyoming | 95 | 550 |
| Vermont | 88 | 565 |
| South Dakota | 76 | 670 |
Fourteen states saw identity theft per 100,000 residents increase from 2021 to 2022, although none were significant. Not all identity theft reports filed to the FTC contain location information, so the data set is not 100% accurate.
If you want to delve even deeper into specific locations, you can look at which metropolitan areas are hotspots for identity theft.
Top metropolitan areas for identity theft
| Metropolitan Area | Reports per 100K Population | # of Reports |
|---|---|---|
| Tuscaloosa, Alabama Metropolitan Statistical Area | 1,064 | 2,829 |
| Baton Rouge, Louisiana Metropolitan Statistical Area | 962 | 8,346 |
| Miami-Fort Lauderdale-Pompano Beach, Florida Metropolitan Statistical Area | 871 | 53,177 |
| Lafayette, Louisiana Metropolitan Statistical Area | 796 | 3,819 |
| Atlanta-Sandy Springs-Alpharetta, Georgia Metropolitan Statistical Area | 766 | 46,188 |
| Sumter, South Carolina Metropolitan Statistical Area | 647 | 888 |
| Houston-The Woodlands-Sugar Land, Texas Metropolitan Statistical Area | 644 | 45,393 |
| Savannah, Georgia Metropolitan Statistical Area | 590 | 2,368 |
| Orlando-Kissimmee-Sanford, Florida Metropolitan Statistical Area | 583 | 15,338 |
| Philadelphia-Camden-Wilmington, Pennsylvania-New Jersey-Delaware-Maryland Metropolitan Statistical Area | 556 | 34,553 |
| Montgomery, Alabama Metropolitan Statistical Area | 548 | 2,108 |
| Columbia, South Carolina Metropolitan Statistical Area | 539 | 4,453 |
| Columbus, Georgia-Alabama Metropolitan Statistical Area | 527 | 1,717 |
| Lakeland-Winter Haven, Florida Metropolitan Statistical Area | 523 | 3,731 |
| Tallahassee, Florida Metropolitan Statistical Area | 522 | 1,998 |
| Memphis, Tennessee-Mississippi-Arkansas Metropolitan Statistical Area | 516 | 6,891 |
| Las Vegas-Henderson-Paradise, Nevada Metropolitan Statistical Area | 486 | 10,842 |
| Los Angeles-Long Beach-Anaheim, California Metropolitan Statistical Area | 483 | 63,723 |
| New Orleans-Metairie, Louisiana Metropolitan Statistical Area | 481 | 6,109 |
| LaGrange, Georgia-Alabama Micropolitan Statistical Area | 480 | 501 |
| Killeen-Temple, Texas Metropolitan Statistical Area | 472 | 2,209 |
| Gadsden, Alabama Metropolitan Statistical Area | 455 | 471 |
| Dallas-Fort Worth-Arlington, Texas Metropolitan Statistical Area | 450 | 33,974 |
| Charlotte-Concord-Gastonia, North Carolina-South Carolina Metropolitan Statistical Area | 450 | 11,803 |
| Albany, Georgia Metropolitan Statistical Area | 436 | 651 |
Credit card fraud in the United States
Credit card fraud was the most common type of identity theft in 2022 and through the first half of 2023.
From 2017 through 2019, credit card fraud was the most common type of identity theft, only to be overtaken by government documents and benefits fraud in 2020 and 2021 when scammers took advantage of pandemic-era government benefit programs.
Credit card fraud reports by year
| Year | Credit card fraud reports |
|---|---|
| 2019 | 271,708 |
| 2020 | 393,440 |
| 2021 | 389,777 |
| 2022 | 440,666 |
| 2023 (Q1 & Q2) | 219,713 |
Credit card fraud has been consistently rising with just a 1% decline blip in 2021. That came after a 45% increase from 2019 to 2020 and a 72% increase from 2018 to 2019, and was followed by a 13% increase in 2022. Based on reports from the first half of 2023, credit card fraud looks to be on pace with 2022.
Types of credit card fraud
There are two types of credit card fraud:
- New account: An identity thief uses your information to open a credit card account in your name.
- Existing account: An identity thief uses a credit card that you opened. This is usually done by stealing the credit card information.
Here are the number of fraud reports for each of these and how much they changed from 2021 to 2022:
| Type of credit card fraud | Number of reports in 2021 | Change from 2020 |
|---|---|---|
| New account | 409,033 | 13% |
| Existing account | 39,398 | 22% |
Both new account fraud and existing account fraud increased in 2022, in line with credit card fraud growing overall.
When you think of ways to avoid credit card fraud, preventing people from getting your card information probably comes to mind. But the statistics show us that it's actually far more likely for someone to open an entirely new account using your personal data than for fraud to occur via a stolen credit card.
Why has there been a shift to new account fraud? There are several explanations that likely play a part:
- Existing account fraud has become more difficult. Because of credit card chip technology, the transaction process is more secure and it's harder for criminals to counterfeit credit cards.
- Data breaches have exposed information for hundreds of millions of people. Identity thieves can use this information for new account fraud.
- It's easier to steal money through new account fraud, since it's an entirely new account that the consumer doesn't know about. With an existing account, the card issuer or the consumer may notice suspicious activity and lock the card in the event of an account takeover by identity thieves.
It's important to remember that you can dispute credit card charges with your credit card issuer if your card or information has been stolen. Your creditor can then help remove fraudulent charges, which could impact your credit report down the line.
Fraud detection and prevention plus other consumer protections are huge advantages of using a credit card, of course -- in addition to the opportunity to increase your credit score. The Ascent has a guide on how to apply for a credit card and get approved.
Data breaches
Data breaches are one of the ways criminals commit identity theft and credit card fraud. The hackers who steal information through data breaches often sell it on the dark web. Buyers then use the information for various types of fraud.
According to Nationwide, 58% of consumers are concerned about being a victim of cybercrime, but 69% don't have cyber insurance.
Cyber insurance can limit costs stemming from cybercrime and reduce the amount of time it takes to recover from cyberattacks.
The most cited reasons for consumers to not have cyber insurance are lack of knowledge about cyber insurance, not knowing cyber insurance is available to them, and thinking that coverage is too expensive, per Nationwide.
Obtaining cyber insurance may be wise. Sixty-nine percent of consumers don't feel prepared to recover from a cyberattack and 68% haven't thought about how they would respond, Nationwide found.
Data breaches by year
| Year | Number of data breaches | Number of individuals impacted |
|---|---|---|
| 2016 | 1,104 | 2,541,581,891 |
| 2017 | 1,631 | 2,081,515,330 |
| 2018 | 1,280 | 2,231,245,353 |
| 2019 | 1,362 | 887,286,658 |
| 2020 | 1,108 | 300,562,519 |
| 2021 | 1,862 | 293,927,708 |
| 2022 | 1,802 | 422,143,312 |
The number of data breaches in 2022 was nearly unchanged from 2021, but the number of individuals impacted was 44% higher. That's due to a massive data breach of the social media platform X, which at the time of the breach in 2022 was still called Twitter, that exposed the email addresses of roughly 200 million users.
The Identity Theft Resource Center reports that cybercriminals are simply less interested in stealing massive amounts of consumers' personal information. They prefer to target businesses because of the larger payouts, and their methods of choice are phishing and ransomware. Here's how these online identity theft attacks work:
- Phishing is when a cybercriminal pretends to be a trusted entity so the target will click a link in an email, text message, or chat message.
- Ransomware is a type of malware that threatens to release sensitive data if the target doesn't pay a ransom.
According to Coveware, the average ransomware payout was $740,144 as of the second quarter of 2023, up 126% from the previous quarter. The median ransomware payout, however, was $190,424, up 20% percent from the second quarter of 2023. Coveware attributes the increase to cybercriminals making higher demands and a lower number of victims paying, with those that did pay paying more than in previous periods.
It's important not to get the wrong idea from this data. As we've seen from the identity theft and credit card fraud statistics, those crimes still occur and are on the rise. The risk of having your personal information exposed in a data breach is out there, even if businesses are the bigger target now.
Causes of data breaches
| Breach type | 2020 | 2021 | 2022 |
|---|---|---|---|
| Cyberattacks | 878 | 1,613 | 1,595 |
| Human and system errors | 152 | 179 | 152 |
| Physical attacks | 78 | 51 | 46 |
| Unknown | N/A | 12 | 10 |
| Total | 1,108 | 1,855 | 1,803 |
There were three root causes of the 1,803 data breaches in 2021:
- Cyberattacks: Includes phishing, ransomware, malware, and unsecured cloud environments.
- Human and system errors: Includes failure to configure cloud security, email or letter correspondence, and lost devices and documents.
- Physical attacks: Includes device theft, document theft, improper disposal, and skimming devices.
Cyberattacks are by far the most common cause of data breaches and impact the largest number of people overall. Human and system errors don't happen nearly as often, but when they do, they impact more people on average. A cyberattack in 2021 impacted an average 117,000 people, whereas each human and system error impacted about 586,000 people.
Types of data compromised
| Type of data compromised | Number of breaches containing data in 2021 | Number of breaches containing data in 2022 |
|---|---|---|
| Name | 1,603 | 1,560 |
| Full Social Security number | 1,136 | 1,143 |
| Date of birth | 686 | 633 |
| Current home address | 681 | 565 |
| Medical history/condition/treatment/diagnosis | 464 | 465 |
| Driver's license/State ID number | 447 | 499 |
| Bank account number | 402 | 443 |
| Medical insurance account number | 361 | 370 |
| Phone number | 218 | N/A |
| Payment card full number | 211 | N/A |
| Undisclosed records | N/A | 226 |
| Medical provider account/record number | N/A | 196 |
There were dozens of different types of data compromised in 2022's data breaches. The table above includes the numbers for the types of data that are often used for identity theft.
Most data breaches included people's names, and over half of them included full Social Security numbers. Fortunately, fewer than 20% of data breaches contained bank account or payment card information.
A turbulent year for identity theft and credit card fraud
Reported identity theft declined in 2022, but after a two-year hiatus during the pandemic, credit card fraud once again is the most common type of identity theft.
Aside from credit card fraud and bank fraud, all other major types of identity fraud declined in 2022. Government documents or benefits fraud plummeted 85% as pandemic-era programs ended.
Data breaches fell in 2022, but impacted 128 million more people in 2021 in large part due to a massive breach of X, formerly known as Twitter.
While identity theft isn't as commonplace as it was during the height of the pandemic in late 2020 and early 2021, reports still remain above what was recorded in 2019.
To prevent identity theft, the FTC recommends securing personal information whether it be in physical form or online and being vigilant when someone asks for your Social Security number or other sensitive personal information.
Sources
- Auriemma Group (2017). "Auriemma's 2017 Annual Letter."
- Coveware (2023). "Ransom Monetization Rates Fall to Record Low Despite Jump In Average Ransom Payments."
- Federal Trade Commission (2020). "Consumer Sentinel Network Data Book 2019."
- Federal Trade Commission (2021). "Consumer Sentinel Network Data Book 2020."
- Federal Trade Commission (2022). "Consumer Sentinel Network Data Book 2021."
- Federal Trade Commission (2021). "COVID-19 and Stimulus Reports."
- Federal Trade Commission (2023). "Identity Theft Reports."
- Identity Theft Resource Center (2023). "2022 Annual Data Breach Report."
- Nationwide (2022). "Despite rising concern, Americans leave themselves vulnerable to cyberattacks."
- TransUnion (2023). "TransUnion Analysis Finds Synthetic Identity Fraud Growing to Record Levels."
Our Research Experts
Jack Caporal is the Research lead for The Motley Fool and The Motley Fool Ascent. He is an expert in business, personal finance and economic trends.
Lyle is a writer specializing in credit cards, travel rewards programs, and banking. His work has also appeared on MSN Money, USA Today, and Yahoo! Finance.
We're firm believers in the Golden Rule, which is why editorial opinions are ours alone and have not been previously reviewed, approved, or endorsed by included advertisers. The Ascent does not cover all offers on the market. Editorial content from The Ascent is separate from The Motley Fool editorial content and is created by a different analyst team.