Why Is Identity Theft So Common and So Profitable?

Identity theft occurs when an individual’s personal or financial information is used without permission to commit fraud or other crimes. This can involve stealing a person’s name, Social Security number, or credit card details. Perpetrators leverage this stolen data for illicit financial gain. This article explores why identity theft has become both prevalent and highly profitable for criminals.

Factors Making Identity Theft Widespread

The widespread nature of identity theft is deeply rooted in the pervasive digitization of daily life. As financial transactions and personal interactions increasingly occur online, vast amounts of sensitive personal data are generated and stored digitally. This shift has made personal information, such as names, addresses, and financial details, more accessible to malicious actors. This digital dependency has led to a surge in online fraud and cybercrimes.

Increased reliance on digital platforms has significantly expanded the “attack surface” available to criminals. Each online account and digital transaction represents a potential vulnerability. Criminals can exploit one compromised piece of data, such as an email and password combination, to gain unauthorized access to multiple accounts. This interconnectedness means a breach in one service can compromise a user’s security across many others.

Large-scale data breaches from organizations serve as a significant source of stolen credentials and personal information for criminals. These breaches occur when unauthorized individuals gain access to databases containing sensitive data. For instance, the United States saw a 15% increase in data breaches between 2022 and 2023, exposing billions of records and fueling the surge in identity theft cases. Such incidents provide vast quantities of compromised data, which criminals leverage to commit widespread identity fraud.

Beyond large-scale breaches, social engineering tactics and malware play a substantial role in the commonness of identity theft. Social engineering involves manipulating individuals into divulging confidential information or performing actions that compromise their security. Common tactics include phishing emails, where scammers impersonate trusted entities to trick victims into revealing sensitive data, and pretexting, which involves creating fabricated scenarios to extract personal details. Malware, such as keyloggers and spyware, can be secretly installed on devices, allowing criminals to monitor keystrokes, track online activity, and steal sensitive information. These methods enable thieves to obtain the necessary information to commit identity theft.

Diverse Avenues for Financial Gain

Identity theft proves highly profitable for criminals through various direct monetization strategies. One prevalent method is credit card fraud, with over 323,000 reported cases in the first half of 2025, marking a 51% increase year-over-year. This fraud involves using stolen credit card numbers for unauthorized purchases, costing Americans over $6.2 billion in fraudulent credit and debit card charges annually. Fraudsters may also use existing card details or create counterfeit cards for purchases.

New account fraud represents another significant avenue for financial gain, with criminals using stolen personal information to open new credit lines, loans, or bank accounts in victims’ names. This tactic accounts for approximately 90% of all credit card fraud, and in 2024, 13.5% of all new digital account openings were suspected fraudulent. Losses from new account fraud reached an estimated $5.3 billion in 2023. A growing trend is synthetic identity fraud, where criminals combine real and fabricated information to create fictitious identities, used to secure credit and loans before disappearing.

Account takeovers involve criminals gaining unauthorized access to existing financial accounts, such as bank accounts or online payment systems. Once access is gained, funds can be transferred or further fraudulent activities initiated. In 2024, nearly 29% of U.S. adults, approximately 77 million people, experienced an account takeover. U.S. merchants alone lost an estimated $25.6 billion to account takeovers in 2020, with projections indicating these losses could reach $91 billion by 2028.

Identity thieves also profit through tax fraud and government benefit fraud. Tax fraud involves filing fraudulent tax returns using stolen Social Security numbers and other personal data to claim refunds. The IRS identified approximately 940,000 fraudulent tax returns, totaling $6.5 billion in associated fraudulent refunds linked to identity theft. Criminals also exploit government benefit programs by using stolen identities to claim benefits. There was a 3,000% increase in identity theft complaints related to government benefits in 2020.

A primary method of monetizing stolen identities is selling credentials and personal information on dark web marketplaces. These underground markets offer a diverse array of stolen data, with prices varying based on the type and completeness. For instance, a full identity profile, often called “Fullz” (including Social Security numbers and birth dates), can be purchased for $20 to $100. Credit card details sell for $10 to $240, while online banking login credentials can fetch between $30 and $4,255.

Systemic Advantages for Criminals

The operational landscape of identity theft offers systemic advantages to criminals. The speed and anonymity inherent in digital transactions are primary factors. Cybercriminals execute fraudulent schemes rapidly, transferring stolen funds or opening new accounts almost instantaneously. This makes real-time detection and intervention challenging for financial institutions. Perpetrators operate without revealing their true identities, complicating efforts to identify and apprehend them.

The global and cross-border nature of cybercrime creates significant jurisdictional hurdles for law enforcement agencies. Identity theft often involves perpetrators, victims, and digital infrastructure spread across multiple countries. Different legal systems and varying levels of international cooperation can impede investigations and prosecutions. The absence of a universally harmonized legal framework allows criminals to exploit jurisdictional loopholes, moving operations to regions where the risk of capture is minimal.

These factors contribute to a perceived low risk of capture and prosecution for identity theft schemes. The sheer volume of digital transactions, coupled with sophisticated methods criminals use to obscure their tracks, can overwhelm investigative resources. This low apprehension rate incentivizes engagement in identity theft, as potential rewards often outweigh perceived consequences. The complex, international nature of these crimes means that even when a perpetrator is identified, bringing them to justice can be a protracted and difficult process.

Another significant advantage for criminals is the inherent difficulty in tracing digital footprints. Cybercriminals employ advanced techniques like encryption, virtual private networks (VPNs), and anonymous cryptocurrencies to mask their online presence. This obfuscation makes it challenging for forensic experts and law enforcement to identify perpetrators and gather sufficient evidence for prosecution. The constantly evolving methods used by criminals require continuous adaptation from cybersecurity professionals.