Cloud

2/1/2017
08:05 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Identity Fraud Rose 16% In 2016

Javelin report finds that fraud increased to 15.4 million consumers in the US - the highest ever.

Identity fraudsters had a banner year in 2016, underscoring the need for consumers to consider protection services, stronger forms of authentication, and increased vigilance on security issues.

The number of identity fraud victims increased 16% in 2016, rising to 15.4 million consumers in the US, according to Javelin Strategy & Research's 2017 Identity Fraud Study, conducted on behalf of LifeLock. That's a record high since Javelin began tracking identity fraud in 2004.

Al Pascual, senior vice president, research director and head of fraud and security at Javelin, says the study also found that the criminals adapted to all the latest prevention techniques to net 2 million more victims in 2016 – an increase of $1 billion, to $16 billion. The rise of available information via data breaches has been a boon to the criminals, he says.

"To successfully fight the fraudsters, the industry needs to close security gaps, continue to improve, and consumers must be more proactive," he notes.

Randy Vanderhoof, executive director of the Smart Card Alliance, agrees that consumers must become more vigilant than think about changing their habits.

"What I tell people is to dedicate a credit card for online shopping and a credit card for purchases at physical stores. It’s much easier to track the fraud that way," Vanderhoof explains. "People also need to be aware that if they use a debit card in the store, there is more of a risk because if they are subject to fraud, the money comes right out of their checking account. With credit cards, there are some more protections."

The report, which was based on address-based surveys of 5,028 US consumers, also found:

  • Card not present (CNP) fraud rose significantly. EMV chip and pin cards have closed off opportunities for point-of-sale fraud, so the criminals have moved online. CNP fraud increased by 40% last year. In fact, 3.42% of all consumers had their cards abused by this type of fraud.
  • Account takeover bounces back. After reaching a low point in 2014, both account takeover incidents (where a criminal takes control of an account) and losses rose notably last year. Total account takeover losses increased 61%, to $2.3 billion, and incidents were up 31%. During 2016, victims paid an average of $263 in out-of-pocket costs and spent 20.7 million hours to resolve this type of fraud - 6 million more hours than in 2015.
  • Account takeover on mobile phone became nearly twice as prevalent in only one year. Mobile phone accounts represented 12% of all takeovers in 2016, up from 7% in 2015. Cybercriminals sought to monetize mobile accounts and leverage them to compromise the mobile-based alerting and authentication solutions that financial institutions, issuers, and other businesses rely on to prevent fraud. 
  • New account fraud (NAF) continues unabated. In NAF, a fraudster takes a person’s information and opens up a new account in the victim’s name. NAF increased from 0.62% in 2015, to 0.74% of consumers last year. Fraudulent credit cards proved most attractive, rising 21% for new fraudulent accounts opened in 2015, to 30% last year.

"New account fraud is often the most damaging type of fraud because the criminals get your social security numbers and other personal information and open up accounts in your name," says Stephen Coggeshall, chief analytics and science officer at ID Analytics and LifeLock. "Very often the victim is not aware that the fraud took place for several days."

According to the study, NAF was detected 17 days more slowly in 2016 than it was the year before. Most victims find out either when they check their credit report or when a creditor or collector contacts them. By the time the account has gone delinquent, the fraud has matured and the fraudster has more the likely gone on to another scheme.

The report also distinguishes between different types of consumers. For example, consumers with little online presence face less risk, but can take more than 40 days to detect fraud and incur higher fraud amounts than most other fraud victims.

On the other hand, while e-commerce shoppers experience the highest amount of fraud, they also tend to catch it very quickly, minimizing the impact. A full 78% of ecommerce fraud victims detected fraud inside of one week.   

Related Content:

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17300
PUBLISHED: 2018-09-21
Stored XSS exists in CuppaCMS through 2018-09-03 via an administrator/#/component/table_manager/view/cu_menus section name.
CVE-2018-17301
PUBLISHED: 2018-09-21
Reflected XSS exists in client/res/templates/global-search/name-field.tpl in EspoCRM 5.3.6 via /#Account in the search panel.
CVE-2018-17302
PUBLISHED: 2018-09-21
Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a /#Email/view saved draft message.
CVE-2018-17292
PUBLISHED: 2018-09-21
An issue was discovered in WAVM before 2018-09-16. The loadModule function in Include/Inline/CLI.h lacks checking of the file length before a file magic comparison, allowing attackers to cause a Denial of Service (application crash caused by out-of-bounds read) by crafting a file that has fewer than...
CVE-2018-17293
PUBLISHED: 2018-09-21
An issue was discovered in WAVM before 2018-09-16. The run function in Programs/wavm/wavm.cpp does not check whether there is Emscripten memory to store the command-line arguments passed by the input WebAssembly file's main function, which allows attackers to cause a denial of service (application c...