Data breaches don't always lead to fraud…
"Data breach" has come to refer to any situation where some unencrypted customer information has been compromised. This means a stolen laptop with account numbers stored in it or a tape that's been temporarily misplaced by a courier service can constitute a security breach – at least according to some state laws. And some of these laws require that customers be notified of such instances – even if the lost tape can only be read by a large piece of specialized equipment and even if no fraudulent transactions show up on any accounts.
The result of too many breach notifications can be customer confusion and an inability to distinguish frivolous alerts from notifications triggered by more serious events. The banking industry is concerned about this. Notifications were originally intended to help consumers get an early start on spotting fraud or preventing identity theft after a breach occurred. If notifications are sent too frequently or when there is little likelihood for fraud to be committed, consumers can become immune to the notices and not take action to protect themselves.
…and they rarely lead to identity theft
Even if a credit card account number does fall into a fraudster's hands, the most likely result is not identity theft but rather plain-old-vanilla account fraud.
Account fraud is nothing new. For decades, banks have worked to prevent or quickly detect fraud in all its forms – from counterfeit checks to unauthorized credit card transactions. In all cases, customers who report unauthorized transactions either have the charges dropped or, for deposit accounts, are given provisional credit while an investigation is conducted. If fraud has occurred or is likely to, banks will close the account, eat the loss and reissue the card. This is typically the end of the matter for the customer.
Identity theft, however, is much more distressing and harder to resolve. This is when the fraudster opens new accounts in someone else's name by using that person's stolen personal financial information. Generally, these thieves need much more than a consumer's name and credit card number to open a new account.