Identity fraud reaches record levels as criminals adapt methods
The number of identity fraud victims in the U.S. rose by 1.3 million, or 8 percent, to a record high 16.7 million people in 2017, according to the “2018 Identity Fraud Study” from Javelin Strategy & Research.
The study shows identity fraud continuing to move online and increase in complexity, resulting in $16.8 billion dollars stolen last year. The shift away from physical stores is attributed to growing adoption of EMV-embedded chip cards and terminals by the study, while increasingly complex attacks often include using consumer’s compromised accounts to open new, fraudulent ones.
Account takeovers tripled over the past year, reaching a four-year high, and causing an average of $290 and 16 hours for consumers to resolve.
“No one should be surprised that identity fraud has hit an all-time high and Account Takeover (ATO) has tripled. The Javelin report reveals the economic pain behind the carnage. These losses are a direct result of the record number of massive data breaches and the thousands more small ones that go unreported, combined with businesses being slow to adopt new security technologies,” comments John Gunn, CMO, VASCO Data Security. “Protecting data and stopping Account Takeover has become relatively easy with digital identity verification, biometric authentication, behavior analysis, and mobile device security. The cost for the newest security technology has come way down and implementation is now fast and easy. Consumers need to become activists and tell their service providers to enable adequate security or lose their business.”
Credit cards remained the top target for new account fraud, but fraudsters opened significantly more intermediary accounts than previously, such as with payment providers like PayPal or ecommerce merchants like Amazon. Card Not Present transactions are 81percent more likely to be fraudulent than point-of-sale ones, the highest gap observed by Javelin. For the first time in the study’s 15 years, Social Security numbers were compromised more often than credit card numbers in breaches, 35 to 30 percent, according to the study.
“This key study demonstrates that personal information is under siege, and protecting sensitive data with legacy methods alone is impossible in the age of mega breaches,” says Robert Capps, Vice President of Business Development for NuData Security.
The study also found that 63 percent of consumers are “very” or “extremely” concerned about the threat of data breaches, but many report they are unsure of their ability to protect themselves.
“Data breaches are hard to avoid, but companies can implement technologies to help customers and their business prevent fraud in their environment after a data breach,” Capps says. “Mere reliance on passwords and usernames is – at this point – not enough to protect from online threats. Companies can leverage technologies that don’t rely on personally identifiable information and also look at the user’s inherent behavior. Passive biometrics technology builds unique profiles of the individual that can’t be replicated by a bad actor. This technology can protect customers and businesses from growing threats such as synthetic identities and account takeover.”
On a positive note, the number of U.S. consumers notified of a breach rose from 12 percent in 2016 to 30 percent last year, but most consumers (64 percent) believe notifications do little to help protect them, and are carried out more for legal protection of the breached company. The overall number of consumers who are concerned about fraud rose from 51 percent in 2016 to 69 percent last year.
Javelin recommends use two-factor authentication whenever possible, secure their devices, freeze their credit reports, sign up for account alerts everywhere, and take steps to prevent unauthorized online transactions.