Yes, there will be some tax and banking fraud as a result of the gargantuan data breach at Equifax. The biggest impact, however, will be felt by enterprises that rely on credit reporting bureaus to verify the identity of people they are doing business with.Think employment verification, social services verification, and other forms of identity verification that rely on credit reports. These services depend on the idea that only the individual knows all the details used to verify identity, but that assumption requires ignoring the sheer amount of personally identifiable information (PII) that has been exposed over the past few years. Among the Office of Personnel Management, Anthem, and scores of other data breaches at universities, retailers, enterprises, and healthcare organizations over the last two years, a lot of PII is available for criminals to use.\u201cArmed with stolen, up-to-date PII data, criminals can more easily impersonate their target victim in order to get into their account,\u201d Gartner distinguished analyst Avivah Litan wrote on the Gartner Research blog.As previously reported, unknown attackers exploited a vulnerability in an Equifax web application and accessed personal information for up to 143 million individuals, including Social Security numbers, personal names and addresses, and in some cases driver\u2019s license numbers. The attackers had unauthorized access from mid-May to July of this year, Equifax said in its statement disclosing the breach. The bulk of the attention so far has focused on the potential for identity theft and criminals opening new accounts using victim information, but Litan said she does not expect to see massive fraud as a result of the data theft.\u201cBased on what I\u2019ve seen in the past, I would estimate that less than 5 percent of Americans will have new loans, bank accounts, credit cards and other financial accounts taken out by a criminal in their name over their lifetime,\u201d Litan said. What\u2019s more likely is that stolen information will be used to take over existing accounts, such as banking, brokerage, phone service, and retirement accounts. Call centers and online systems rely on these pieces of information to verify identity when conducting high-risk transactions, such as moving money across accounts or changing the information associated with the account.\u201cIt makes no sense to solely rely on static personally identifiable information to identify an individual a business is engaged with when there is a greater than 50 percent chance that data is in criminal hands,\u201d Litan said.The digital ecosystem relies on a complex web of trust, and a weakness in one of the players can impact everyone else. The United States consumer credit system is heavily reliant on the credit bureaus to act as a \u201cbackstop for digital identities,\u201d said Patrick Harding, CTO of identity management provider Ping Identity. With the information in the wrong hands, one of the main authentication systems organizations\u2014especially those in the financial services industry\u2014depend on breaks down because they can no longer trust the results.\u201cThis particular data breach will impact a utilized authentication stack that many organizations and federal agencies use to combat their own forms of fraud,\u201d said Adam Meyer, chief security strategist of threat intelligence company SurfWatch Labs.If criminals have all the information they need to pass identity verification checks, what good is this authentication system?Security and fraud experts like Litan have been warning organizations to stop relying on static personal data for identity verification in favor of dynamic identity data for a while now. For example, Threatmetrix uses crowdsourcing and machine learning to establish the user\u2019s identity based on the user\u2019s dynamic behavior and attributes.\u201cBased on conversations with Gartner clients, including tax authorities, my estimate is that over half of Americans have already had their identities compromised before this latest hack, and their records are already resident in criminal databases,\u201d Litan said.[Related: What business can learn from the Equifax data breach]While individuals should be worried about financial and phone service account takeovers, tax refund fraud, Social Security and other government-benefit fraud, Litan said there were other things to worry about, such as nuclear war or an attack against the power grid. \u201cI fully understand that my stolen personal data is much more likely being used to further those goals, than it is to help some criminal get a new fake mortgage,\u201d Litan added.