SAN FRANCISCO (2/10/11)--Before the nation's financial crisis hit, Congress had as a top priority about a dozen data security bills prompted by high profile data breaches. Today, identity theft fraud is down in numbers, losses are lower, and out-of-pocket costs to consumers more than doubled. However, "now is not the time to let up," say analysts of new ID theft research. The research by Javelin Strategy & Research, reported in Wednesday's News Now, noted that ID theft had dropped 28% during 2010, with fewer victims, and the year saw the smallest amount--$37 billion--in losses in eight years. It also pointed out that consumers were paying more out of pocket expenses. The study was sponsored by Fiserv, Intersections Inc. and Wells Fargo & Co. Intersections is a CUNA Strategic Services provider. "The financial services industry, businesses and law enforcement have been working harder than ever to crack down on fraud and to educate consumers about how they can protect themselves," said Steve Cox, president/CEO of the Council of Better Business Bureaus. "This year's study clearly indicates these efforts are having a positive impact, he said. "In order to retain consumer trust and confidence, businesses must continue to take all steps necessary to safeguard data and educate customers about how to protect themselves and respond to incidents," Cox added. "Now is not the time to let up." Before the nation's financial crisis state and federal government tried to legislate data security. In addition to data security bills in several states, about a dozen rival data security bills wound their way through the House and Senate and the six committees with jurisdiction over the issues involved. Although federal lawmakers repeatedly marked the issue as a legislative priority, no consensus was reached and the matter was left pending when the 109th session adjourned. The Credit Union National Association (CUNA) supports legislation that would impose similar but separate data security requirements and enforcement on commercial companies as is currently required of credit unions and other financial institutions under the Gramm-Leach-Bliley Act of 1999. That law requires merchants and other businesses to provide notice of a security breach as early as possible to financial institutions and consumers. It also prohibits the retention by merchants and certain non-financial companies of sensitive, identifying information from plastic card magnetic strips that could be obtained in connection with financial transactions. CUNA also supports requiring that the identity of the merchant or other company responsible for maintaining a database that experiences a data breach be disclosed to credit unions and other financial institutions so they can pass this information on to consumers. New information from the Javelin study indicates that account takeover is one of the most common forms of identity fraud. The two most popular tactics fraudsters use are: adding their name as a registered user on an account, or changing the physical address of the account. In 2010, changing the physical address became the most popular method, with 44% of account takeover incidents conducted this way. Although the study doesn't mention specifically fraud caused by data breaches, information stolen during breaches can be used to set up new fraudulent accounts. New account fraud is the most damaging to consumers, said the study, which found that fraudsters are changing their patterns to make it harder to detect. During 2010, fraud shifted from banking and card accounts to opening of non-bank and non-card accounts--such as health club memberships, and home phone and cable subscriptions--that don't show up on a credit report. The study advised consumers to carefully examine financial statements and consider using a service that monitors public records. New account fraud was also the type of fraud most likely to be perpetrated by "friendly fraudsters" or those known to the victim such as a relative or roommate. This type of fraud accounted for about 30% of new account fraud for which the cause was known, said Javelin. While existing card information would seem to be easy to get from acquaintances, existing card fraud was less than half as common as new account fraud. Cox noted that consumers should "remain vigilant and be careful not to expose personally identifiable information over social networks and to acquaintances."