A new workshop report from the Identity Theft Prevention and Identity Management Standards Panel (IDSP) addresses various facets of how research companies measure identity theft. The report finds that disparities exist in the way that terms are defined in statute versus in practice—terms such as identity theft, identity fraud and data breach.
This potentially causes confusion in the marketplace and creates impediments to fixing the underlying problems. The publication also reviews research studies and methodologies for studying identity theft and makes best practice recommendations for how research companies should measure and report on the issues.
Administered by the American National Standards Institute, the IDSP is an initiative where the private and public sectors come together to discuss the standards and guidelines needed to fight identity theft and fraud. The IDSP convened this workshop because of a concern that controversies about research methodologies make it difficult to accurately measure how well the marketplace is doing in combating identity crime, posing a challenge to industry, law enforcement and consumers.
The panel formed different groups which examined area of the project. Brian Zimmer, president of the Coalition for a Secure Driver’s License, led a group that compared how key identity theft and fraud terms are defined in statute and in research surveys. “We concluded that definitions vary depending upon the communities of interests and type of fraud involved,” said Zimmer. “Harmonizing terminology is a challenge because the various interests are not necessarily communicating with each other.”
The group recommends that practitioners stay abreast of changes in the law and that definitions always be sourced. The report stops short of recommending the establishment of standard definitions across industries.
Rick Kam, president of ID Experts, led a team that cataloged 166 research studies on identity theft and data breach trends, identity theft protection services, and information security solutions. “Our group observed some contradictory results in research findings attributable to differences in terminology, research methodology, and even potential bias in research sponsorship,” said Kam. “We also noted a number of gaps in existing research such as the effects of identity theft versus identity fraud, breach correlation to identity theft, and the effectiveness of identity theft protection services and information security solutions.”
The group offers some observations on what makes a study useful, such as disclosing research methodology, sources of funding, and potential limitations of the methodology, and clearly identifying the intended audience and the problem it is addressing.
James Van Dyke, founder and president of Javelin Strategy & Research, led a group examining methodologies. “Public findings of research do not always provide enough detail on the quality or appropriateness of methodology and definitions to encourage appropriate decision making,” said Van Dyke. “Our group recommends publication of a lexicon of significant terms and a methodology statement as a best practice when identity crime research is publicized or intended to shape public policy.”
The group outlines specific elements that a methodology statement should include: the name of the research organization, sponsor and partners, target population, sample source/size, date research published, dates of data collection, time period being reported on, method of data collection, question formulation, a description of additional statistics methods used, and a statement regarding unknowns and impartiality.
The workshop report is freely available for download here.