The study, published on Monday, reviewed data from 517 cases resolved by the U.S. Secret Service between 2001 and 2006. The analysis found that nearly 60 percent of the 933 offenders implicated in the cases did not know their victims and more than 70 percent of the thieves had no prior criminal record. While most reports of identity theft focus on individuals, the analysis found that financial institutions are slightly more likely to be a victim.

The review is the first time that the federal agency has allowed the public analysis of its cases, said Gary R. Gordon, a professor of economic crime at Utica College and an author of the study.

"It challenges some of the conventional wisdom about how we have thought of identity theft," said Gordon, who is also the executive director of the school's Center for Identify Management and Information Protection (CIMIP). "This is the first time we have been able to view identity theft from the detection phase all the way to the arrest and conviction phase -- who the offenders are, what they did, how they did it and who they victimized."

Identity theft has become the financial crime of the 21st century. The crime has made up approximately a third of all complaints -- the largest proportion -- to the U.S. Federal Trade Commission and other government agencies since 2004. The U.S. Secret Service has cracked down on a number of identity-fraud rings this year, including the arrest of former security consult Max Ray "Max Vision" Butler in September.

Gordon and his colleagues used a strict definition of identity theft, requiring that the criminal assume a person's identity to classify the crime as identity theft. The hack of retail giant TJX Companies' transaction processing servers, which led to the leak of 46.5 million credit- and debit-card accounts and massive fraud, did not necessarily lead to identity theft, for example.

The review of U.S. Secret Service cases found that, while slightly more identity theft cases were generated in the Northeastern United States, the offenses were fairly evenly spread throughout the country. The average loss claimed by the victims totaled $31,356, with the largest loss totally $13 million. Women made up a significant percentage of offenders -- a third -- compared to other types of crimes, and 71 percent of offenders had not previously been charged with a crime.

Despite anecdotal reports that have linked drug habits with identity theft, the study only found that 2.2 percent of offenders cited procuring drugs as the reason for their crimes. Arguments that terrorists use identity theft to fund their violent activities also failed to make the grade. Not a single case mentioned the issue, Gordon said.

"We had that as a possible reason (for perpetrating the crime), and didn't find any cases," he said.

"I get a lot of data on identity theft that I don't publish it because I know how incomplete it is," Litan said. "There is no mandate for companies to report identity fraud, so we don't know what is happening at the banks and the eBays and the Amazons out there."

The U.S. Secret Service study found that about 60 percent of identity theft is committed by people not known to the victim. Litan's best guess followed closely to that: Data thieves and external attackers account for about 70 percent of the cybercrime affecting businesses with insiders accounting for the remaining 30 percent, she said.

However, companies fraud detection systems are too overwhelmed, in some cases, to accurately flag cases of fraud. Thieves that steal a large number of credit-card numbers and use the data to steal $10 from each card can generally stay below the radar, she said.

"Cybercrime is on the way up, and it's being perpetrated by very sophisticated by computer thieves," Litan said.

Because the Secret Service selects the cases that it wants to get involved in, the Utica College study is likely skewed toward crimes that affect more people or caused more damage, said James Van Dyke, founder and president of Javelin Strategy & Research, which releases an annual consumer survey on identity fraud.

Yet, the Federal Trade Commission's Consumer Sentinel report on consumer complaints, the Javelin survey of consumers and the Utica study all compliment each other, said Van Dyke.

"These are very complimentary studies," he said. "They are each a different lens on what we know to be a $49.3 billion problem."

If you have tips or insights on this topic, please contact SecurityFocus.