Identity Theft and Credit Card Fraud Statistics for 2021
By: Lyle Daly | Updated Aug. 26, 2021

Image source: Getty Images
The latest identity theft and credit card fraud statistics paint a bleak picture. They're two of the most common financial crimes, and each of them saw significant growth in 2020.
Part of the growth was due to the pandemic. There were 323,920 reports of COVID-19 fraud last year, a number that has since grown to over 500,000. That number likely underscores COVID-19's impact, as the pandemic also indirectly led to increases in certain types of fraud and identity theft. Government benefits fraud, in particular, skyrocketed as criminals stole stimulus checks and unemployment benefits.
It was one of the most eventful years on record for identity theft and credit card fraud. Read on for a full report covering how these crimes have evolved, the demographics at the biggest risk, and much more.
Key findings
- There were 1,387,615 reports of identity theft in 2020.
- Government documents or benefits fraud was the most common type of identity theft in 2020 after an increase of 1,663% from 2019.
- Those aged 30 to 39 reported the most cases of identity theft.
- Kansas, Rhode Island, and Illinois were the top three states for identity theft per capita.
- Credit card fraud rose by 44.7% over 2019 levels to 393,207 reports.
- There were 1,108 data breaches in 2020, the lowest total since 2016.
- The number of people affected by data breaches has decreased significantly, from over 2.5 billion in 2016 to just over 300 million in 2020.
Identity theft in the United States
The Federal Trade Commission received nearly 1.4 million reports of identity theft in 2020. Identity theft was the most common type of complaint lodged by consumers, and it accounted for 29.4% of all the reports received by the FTC.
Identity theft reports in the United States
2016 | 2017 | 2018 | 2019 | 2020 |
---|---|---|---|---|
398,356 | 370,916 | 444,344 | 650,523 | 1,387,615 |
Identity theft was already on the rise over the last three years and hit a new high in 2019, but that record was short-lived. The number of reports more than doubled, increasing by 113% from 2019 to 2020.
According to a report by the Aite Group, identity theft cases resulted in losses of $712.4 billion in 2020. That was a 42% increase from 2019, when identity theft caused $502.5 billion in losses.
Note that those identity theft losses are total losses for all parties involved, not just consumers. The FTC reports that consumers lost a total of $3.3 billion to fraud in 2020, which was nearly $1.5 billion more than in 2019.
The most common types of identity theft
Identity theft comes in many forms. Although numbers were up across the board in 2020, certain types of identity theft grew much more than others.
Type of identity theft | Number of reports in 2020 | Change from 2019 |
---|---|---|
Government documents or benefits fraud | 406,375 | 1,663% |
Credit card fraud | 393,207 | 44.7% |
Other identity theft | 353,152 | 63.7% |
Loan or lease fraud | 204,967 | 95.8% |
Employment or tax-related fraud | 113,529 | 149.2% |
Phone or utilities fraud | 99,539 | 19.2% |
Bank fraud | 89,476 | 52.4% |
There was a staggering increase in government documents or benefits fraud in 2020, which went up by more than 1,600% over 2019.
That number gets even larger when we hone in on identity theft that involved applying for/receiving government benefits. There was a 2,920% increase in this specific subtype of fraud, which was the subject of 394,324 reports.
Government benefits include stimulus checks and unemployment insurance payments, both of which were targeted by criminals during the pandemic. The U.S. Department of Labor estimated that thieves stole $26 billion in unemployment benefits.
Based on the massive jump in this type of fraud, it's clear that the COVID-19 pandemic drastically increased identity theft numbers.
The growth of synthetic account fraud
Identity thieves are always developing new ways to steal money. A relatively new form of identity theft, called synthetic account fraud, is one of the fastest-growing financial crimes in the nation.
Synthetic account fraud involves a combination of real and fabricated information, such as a real Social Security number and a false name. The synthetic identity can be used to apply for credit cards, loans, and government benefits. Perpetrators often spend time building a good credit score with synthetic identities. Then, they max out an identity's credit and abandon its accounts.
A 2017 analysis by Auriemma Group pegged annual synthetic fraud losses at $6 billion. Synthetic fraud was also a common scheme when the federal government launched its Paycheck Protection Program (PPP). Criminals would use synthetic identities to borrow loans intended for small businesses that were struggling during the pandemic.
Identity theft reports by age
Age | Identity theft reports in 2019 | Identity theft reports in 2020 | Change |
---|---|---|---|
19 and under | 14,211 | 23,651 | 66.4% |
20 to 29 | 110,769 | 190,916 | 72.4% |
30 to 39 | 170,255 | 306,090 | 79.8% |
40 to 49 | 122,752 | 302,678 | 146.6% |
50 to 59 | 77,350 | 244,183 | 215.7% |
60 to 69 | 44,679 | 123,112 | 175.5% |
70 to 79 | 17,161 | 39,009 | 127.3% |
80 and over | 5,687 | 9,915 | 74.3% |
Total | 562,864 | 1,239,554 | 120.2% |
Those in the 30-to-39 age range have consistently recorded the most identity theft reports, but that could be changing. Every group from 40 through 79 had their number of reports more than double from 2019 to 2020. For Americans between the ages of 50 and 59, identity theft reports more than tripled.
One potential reason why identity theft went up so much more in those age groups is because they were more frequent targets of government benefits fraud. Here's a look at the most common types of identity theft for each age group:
Age | Most common type of identity theft | Number of reports | Percentage of age's total identity theft reports |
---|---|---|---|
19 and under | Employment or tax-related fraud | 13,561 | 57.3% |
20 to 29 | Credit card fraud | 65,779 | 34.5% |
30 to 39 | Credit card fraud | 110,952 | 36.2% |
40 to 49 | Government documents or benefits fraud | 115,533 | 38.2% |
50 to 59 | Government documents or benefits fraud | 127,823 | 52.3% |
60 to 69 | Government documents or benefits fraud | 63,071 | 51.2% |
70 to 79 | Government documents or benefits fraud | 16,497 | 42.3% |
80 and over | Government documents or benefits fraud | 2,806 | 28.3% |
Identity theft by state
Here are the states with the most identity theft reports in 2020:
- California: 147,382
- Illinois: 135,038
- Texas: 134,788
- Florida: 101,367
- Georgia: 69,487
Population sizes play a large role in which states have the most identity theft reports. To get an accurate idea of where identity theft is most prevalent, we can look at each state's number of reports per 100,000 residents.
States ranked by identity theft reports in 2020 per capita
Rank | State | Identity theft reports per 100K population in 2020 | Total number of reports in 2020 |
---|---|---|---|
1 | Kansas | 1,483 | 43,211 |
2 | Rhode Island | 1,191 | 12,621 |
3 | Illinois | 1,066 | 135,038 |
4 | Nevada | 740 | 22,801 |
5 | Washington | 712 | 54,247 |
6 | Massachusetts | 661 | 45,575 |
7 | Georgia | 654 | 69,487 |
8 | Arkansas | 579 | 17,470 |
9 | Maine | 534 | 7,183 |
10 | Louisiana | 473 | 21,976 |
11 | Florida | 472 | 101,367 |
12 | Texas | 465 | 134,788 |
13 | Delaware | 449 | 4,374 |
14 | Arizona | 380 | 27,661 |
15 | California | 373 | 147,382 |
16 | South Carolina | 373 | 19,193 |
17 | Mississippi | 371 | 11,048 |
18 | New Jersey | 362 | 32,125 |
19 | Colorado | 361 | 20,762 |
20 | Alabama | 354 | 17,376 |
21 | Oklahoma | 349 | 13,797 |
22 | New York | 345 | 67,202 |
23 | Maryland | 343 | 20,718 |
24 | Utah | 292 | 9,366 |
25 | North Carolina | 288 | 30,176 |
26 | Tennessee | 281 | 19,182 |
27 | Hawaii | 271 | 3,835 |
28 | Pennsylvania | 265 | 33,886 |
29 | Indiana | 257 | 17,306 |
30 | Michigan | 244 | 24,370 |
31 | Montana | 228 | 2,439 |
32 | Missouri | 222 | 13,653 |
33 | Ohio | 222 | 25,893 |
34 | Connecticut | 191 | 6,821 |
35 | Virginia | 183 | 15,632 |
36 | Oregon | 176 | 7,432 |
37 | New Hampshire | 169 | 2,301 |
38 | North Dakota | 166 | 1,266 |
39 | New Mexico | 165 | 3,454 |
40 | Wisconsin | 154 | 8,986 |
41 | Wyoming | 151 | 875 |
42 | West Virginia | 148 | 2,646 |
43 | Minnesota | 146 | 8,246 |
44 | Idaho | 132 | 2,353 |
45 | Vermont | 130 | 810 |
46 | Kentucky | 127 | 5,693 |
47 | Alaska | 127 | 926 |
48 | Nebraska | 113 | 2,182 |
49 | Iowa | 96 | 3,022 |
50 | South Dakota | 72 | 637 |
Every state saw its identity theft numbers go up, but some of the increases are hard to believe.
Kansas had the most identity theft reports per capita after ranking 39th in this category just a year ago. It went from 78 reports per 100,000 residents to 1,483, an increase of over 1,800%. Second-place Rhode Island saw its number of identity theft reports increase by about 1,000%.
South Dakota had the fewest reports overall. It also had the lowest number of reports per capita for the second year in a row.
If you want to delve even deeper into specific locations, you can look at which metropolitan areas are hotspots for identity theft.
Top metropolitan areas for identity theft
Rank | Metropolitan area | Identity theft reports per 100K population in 2020 | Total number of reports in 2020 |
---|---|---|---|
1 | Topeka, KS | 1,925 | 4,465 |
2 | Lawrence, KS | 1,717 | 2,099 |
3 | Wichita, KS | 1,395 | 8,929 |
4 | Manhattan, KS | 1,207 | 1,573 |
5 | Tuscaloosa, AL | 1,195 | 3,011 |
6 | Little Rock-North Little Rock-Conway, AR | 1,156 | 8,579 |
7 | Chicago-Naperville-Elgin, IL-IN-WI | 1,145 | 108,287 |
8 | Bloomington, IL | 1,042 | 1,788 |
9 | Springfield, IL | 994 | 2,056 |
10 | Providence-Warwick, RI-MA | 970 | 15,751 |
11 | Peoria, IL | 935 | 3,746 |
12 | Sumter, SC | 916 | 1,286 |
13 | Memphis, TN-MS-AR | 902 | 12,136 |
14 | Atlanta-Sandy Springs-Alpharetta, GA | 896 | 53,964 |
15 | Seattle-Tacoma-Bellevue, WA | 879 | 34,968 |
16 | Champaign-Urbana, IL | 870 | 1,966 |
17 | Decatur, IL | 824 | 857 |
18 | Miami-Fort Lauderdale-Pompano Beach, FL | 816 | 50,341 |
19 | Kankakee, IL | 815 | 895 |
20 | Kansas City, MO-KS | 806 | 17,400 |
21 | Las Vegas-Henderson-Paradise, NV | 803 | 18,206 |
22 | Rockford, IL | 738 | 2,480 |
23 | Houston-The Woodlands-Sugar Land, TX | 724 | 51,165 |
24 | Shreveport-Bossier City, LA | 713 | 2,816 |
25 | Olympia-Lacey-Tumwater, WA | 711 | 2,066 |
26 | Portland-South Portland, ME | 691 | 3,722 |
27 | Tallahassee, FL | 686 | 2,655 |
28 | Killeen-Temple, TX | 680 | 3,131 |
29 | Boston-Cambridge-Newton, MA-NH | 678 | 33,030 |
30 | Warner Robins, GA | 677 | 1,256 |
31 | Florence, SC | 668 | 1,369 |
32 | Bremerton-Silverdale-Port Orchard, WA | 637 | 1,730 |
33 | Ottawa, IL | 633 | 931 |
34 | Carbondale-Marion, IL | 631 | 857 |
35 | Reno, NV | 609 | 2,895 |
36 | Augusta-Waterville, ME | 598 | 731 |
37 | Dallas-Fort Worth-Arlington, TX | 597 | 45,242 |
38 | Bellingham, WA | 591 | 1,354 |
39 | Macon-Bibb County, GA | 590 | 1,357 |
40 | Columbus, GA-AL | 588 | 1,887 |
41 | Columbia, SC | 587 | 4,918 |
42 | Wenatchee, WA | 585 | 706 |
43 | Spokane-Spokane Valley, WA | 579 | 3,294 |
44 | Lafayette, LA | 573 | 2,805 |
45 | Los Angeles-Long Beach-Anaheim, CA | 568 | 75,066 |
46 | Pinehurst-Southern Pines, NC | 557 | 562 |
47 | Worcester, MA-CT | 537 | 5,087 |
48 | Baton Rouge, LA | 527 | 4,506 |
49 | Bangor, ME | 521 | 792 |
50 | Yakima, WA | 516 | 1,294 |
Credit card fraud in the United States
From 2017 through 2019, credit card fraud was the most common type of identity theft. It was supplanted by government benefits fraud this year, but it still ranked second, and credit cards were a popular target for fraudsters.
Credit card fraud reports by year
2016 | 2017 | 2018 | 2019 | 2020 |
---|---|---|---|---|
124,522 | 133,100 | 157,743 | 271,927 | 393,207 |
Although credit card fraud has been consistently rising, some years see much larger increases than others. The number of reports went up by 44.7% in 2020. In prior years, that would have been a significant amount. But compared to other types of identity theft, credit card fraud had the second-smallest increase.
Types of credit card fraud
There are two types of credit card fraud:
- New account: An identity thief uses your information to open a credit card account in your name.
- Existing account: An identity thief uses a credit card that you opened. This is usually done by stealing the credit card information.
Here are the number of fraud reports for each of these and how much they changed from 2019 to 2020:
Type of credit card fraud | Number of reports in 2020 | Change from 2019 |
---|---|---|
New account | 365,597 | 48% |
Existing account | 33,852 | 9% |
New account fraud has seen significant growth in recent years. It previously increased by 24% in 2018 and 88% in 2019.
Existing account fraud, on the other hand, hasn't moved much over that same timeframe. It declined by 6% in 2018 and 4% in 2019.
When you think of how to avoid credit card fraud, preventing people from getting your card information probably comes to mind. But the statistics show us that it's actually far more likely for someone to open an entirely new account using your personal data.
Why has there been this huge shift to new account fraud? There are several explanations that likely play a part:
- Existing account fraud has become more difficult. Because of credit card chip technology, the transaction process is more secure and it's harder for criminals to counterfeit credit cards.
- Data breaches have exposed information for hundreds of millions of people. Identity thieves can use this information for new account fraud.
- It's easier to steal money through new account fraud, since it's an entirely new account that the consumer doesn't know about. With an existing account, the card issuer or the consumer may notice suspicious activity and lock the card.
Data breaches
Data breaches are one of the ways criminals commit identity theft and credit card fraud. The hackers who steal information through data breaches often sell it on the dark web. Buyers then use the information for various types of fraud.
Data breaches by year
Year | Number of data breaches | Number of individuals impacted |
---|---|---|
2016 | 1,104 | 2,541,581,891 |
2017 | 1,631 | 2,081,515,330 |
2018 | 1,280 | 2,231,245,353 |
2019 | 1,362 | 887,286,658 |
2020 | 1,108 | 300,562,519 |
Both the number of data breaches and the number of individuals affected have been declining. The number of data breaches dropped by 19% in 2020, and the number of individuals affected fell by 66%. While this sounds like good news, it's not necessarily a sign that security is improving.
The Identity Theft Resource Center reports that cybercriminals are simply less interested in stealing massive amounts of consumers' personal information. They prefer to target businesses because of the larger payouts, and their methods of choice are phishing and ransomware. Here's how these cyberattacks work:
- Phishing is when a cybercriminal pretends to be a trusted entity so the target will click a link in an email, text message, or chat message.
- Ransomware is a type of malware that threatens to release sensitive data if the target doesn't pay a ransom.
According to Coveware, the average ransomware payout was $233,817 as of the third quarter of 2020. It was less than $10,000 in the third quarter of 2018.
Scamming $233,000 from individual consumers could take years. By going after a bigger fish in a business, cybercriminals can make much more money in a short period of time.
It's important not to get the wrong idea from this data. As we've seen from the identity theft and credit card fraud statistics, those crimes still occur and are on the rise. The risk of having your information exposed in a data breach is out there, even if businesses are the bigger target now.
Causes of data breaches in 2020
Cause of data breaches in 2020 | Number of events | Number of individuals impacted |
---|---|---|
Cyberattacks | 878 | 169,575,338 |
Human and system errors | 152 | 130,043,536 |
Physical attacks | 78 | 943,645 |
There were three root causes of the 1,108 data breaches in 2020:
- Cyberattacks: Includes phishing, ransomware, malware, and non-secured cloud environments.
- Human and system errors: Includes failure to configure cloud security, email or letter correspondence, and lost devices and documents.
- Physical attacks: Includes device theft, document theft, improper disposal, and skimming devices.
Cyberattacks are by far the most common cause of data breaches and impact the largest number of people overall. Human and system errors don't happen nearly as often, but when they do, they impact more people on average. A cyberattack in 2020 impacted an average of under 200,000 people, whereas each human and system error impacted over 850,000.
Types of data compromised in 2020
Type of data compromised | Number of breaches containing data in 2020 |
---|---|
Name | 973 |
Full Social Security number | 556 |
Date of birth | 428 |
Current home address | 425 |
Bank account number | 211 |
Payment card full number | 180 |
Payment cardholder name | 154 |
Payment card expiration date | 153 |
There were dozens of different types of data compromised in 2020's data breaches. The table above includes the numbers for the types of data that are often used for identity theft.
Most data breaches included people's names, and a little over half of them included full Social Security numbers. Fortunately, fewer than 20% of data breaches contained bank account or payment card information.
A turbulent year for identity theft and credit card fraud
From a fraud perspective, 2020 may be the worst year on record. Identity theft numbers soared, and government benefits fraud ran rampant during the pandemic. Even though credit card fraud increased far less than other types of identity theft, there were still over 120,000 more reports than the prior year.
Data breaches dropped and affected far less consumers than in years past. But that positive news comes with the caveat that criminals are focusing more of their attention on businesses.
It's possible that what happened in 2020 is a one-off. There aren't as many government benefits available as the first year of the COVID-19 pandemic, which could lead to a large decline in government benefits fraud. This may be a gradual process, though, and we won't know for sure until we see the statistics for 2021.
Sources
- Aite Group (2021). "U.S. Identity Theft: The Stark Reality."
- Auriemma Group (2017). "Auriemma's 2017 Annual Letter."
- Coveware (2021). "Ransomware Payments Decline in Q4 2020."
- Federal Trade Commission (2020). "Consumer Sentinel Network Data Book 2019."
- Federal Trade Commission (2021). "Consumer Sentinel Network Data Book 2020."
- Federal Trade Commission (2021). "COVID-19 and Stimulus Reports."
- Identity Theft Resource Center (2019). "2018 End-of-Year Data Breach Report."
- Identity Theft Resource Center (2021). "2020 Annual Data Breach Report."
Recent Research
We're firm believers in the Golden Rule, which is why editorial opinions are ours alone and have not been previously reviewed, approved, or endorsed by included advertisers. The Ascent does not cover all offers on the market. Editorial content from The Ascent is separate from The Motley Fool editorial content and is created by a different analyst team. The Motley Fool has a Disclosure Policy. The Author and/or The Motley Fool may have an interest in companies mentioned.