When it comes to identity theft, most people think they are especially vulnerable when they are working on their computers, or when fraudsters hack into big databases and steal credit card numbers.

In fact, consumers are far more likely to be victimized if their wallet, chequebook or credit card is lost or stolen, says a new study released Monday by Javelin Strategy & Research.

The research group, which is based in San Francisco, also found that as financial institutions and retailers have improved their in-store and online security, ID thieves have turned to more-traditional channels of theft, especially the telephones and the mail.

While the incidence of ID fraud through in-store and online purchases declined in the latest U.S. survey, conducted last October, from a similar study in 2006, the portion of fraud stemming from mail or telephone purchases jumped to 40 per cent from three per cent.

Javelin's study covered incidents ranging from a one-time misuse of someone's credit card number to the takeover of a person's account or creation of new accounts in a person's name.

Consumers too trusting on phone: study

James Van Dyke, president of Javelin, said in an interview many people are too trusting on the phone.

"In a typical situation, unsuspecting consumers receive phone calls from parties claiming to represent non-profit organizations, billing institutions or other financial institutions," Van Dyke said.

"Far too many of these consumers provide the callers with personal information, such as social security numbers, bank account numbers and credit card numbers."

With that information, criminals can open accounts in the victim's name, empty existing bank accounts, even buy cars or homes. While the Javelin study found overall ID theft is falling, it also found the cost for consumers to resolve the resulting fraud is rising.

The latest study indicated 8.1 million Americans were victims of ID fraud in 2007, down from 8.4 million a year earlier and 10.1 million in 2003. The total cost of ID fraud also dropped, to $45 billion US in the latest study from $51 billion a year earlier and $56 billion in 2003.

Van Dyke attributed the drop to a variety of defensive steps by consumers and institutions, including "greater consumer vigilance and awareness, improvements in systems and practices by companies that manager personal information … and consumers more frequently updating spyware and antivirus software."

But the average cost for a consumer to resolve the problem rose to $691 US in 2007 from $554 a year earlier.

The reason, the report said, is "due to growing sophistication in criminal fraud techniques, particularly in new accounts fraud," resulting in more high-value cases.

Wallet theft, phone purchases leading causes of ID theft

The biggest sources of personal identification information for thieves included: 33 per cent from the loss or theft of a wallet, cheque or credit card; 23 per cent from in-store, mail or telephone purchases; 17 per cent from misappropriation of information by friends, relatives or in-home employees; eight per cent from computer viruses, spyware or hackers; seven per cent from data breaches and six per cent from stolen paper mail.

Ironically, the increase in phone fraud may be the result of better phone technology. So-called voice over internet protocol, or VoIP, has made it possible for criminals halfway around the globe to make inexpensive calls and mask where they are originating from, Van Dyke said.

And fraudsters often take the information they steal from individuals and use it to open wireless phone accounts, he added.