Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

2/1/2017
08:05 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Identity Fraud Rose 16% In 2016

Javelin report finds that fraud increased to 15.4 million consumers in the US - the highest ever.

Identity fraudsters had a banner year in 2016, underscoring the need for consumers to consider protection services, stronger forms of authentication, and increased vigilance on security issues.

The number of identity fraud victims increased 16% in 2016, rising to 15.4 million consumers in the US, according to Javelin Strategy & Research's 2017 Identity Fraud Study, conducted on behalf of LifeLock. That's a record high since Javelin began tracking identity fraud in 2004.

Al Pascual, senior vice president, research director and head of fraud and security at Javelin, says the study also found that the criminals adapted to all the latest prevention techniques to net 2 million more victims in 2016 – an increase of $1 billion, to $16 billion. The rise of available information via data breaches has been a boon to the criminals, he says.

"To successfully fight the fraudsters, the industry needs to close security gaps, continue to improve, and consumers must be more proactive," he notes.

Randy Vanderhoof, executive director of the Smart Card Alliance, agrees that consumers must become more vigilant than think about changing their habits.

"What I tell people is to dedicate a credit card for online shopping and a credit card for purchases at physical stores. It’s much easier to track the fraud that way," Vanderhoof explains. "People also need to be aware that if they use a debit card in the store, there is more of a risk because if they are subject to fraud, the money comes right out of their checking account. With credit cards, there are some more protections."

The report, which was based on address-based surveys of 5,028 US consumers, also found:

  • Card not present (CNP) fraud rose significantly. EMV chip and pin cards have closed off opportunities for point-of-sale fraud, so the criminals have moved online. CNP fraud increased by 40% last year. In fact, 3.42% of all consumers had their cards abused by this type of fraud.
  • Account takeover bounces back. After reaching a low point in 2014, both account takeover incidents (where a criminal takes control of an account) and losses rose notably last year. Total account takeover losses increased 61%, to $2.3 billion, and incidents were up 31%. During 2016, victims paid an average of $263 in out-of-pocket costs and spent 20.7 million hours to resolve this type of fraud - 6 million more hours than in 2015.
  • Account takeover on mobile phone became nearly twice as prevalent in only one year. Mobile phone accounts represented 12% of all takeovers in 2016, up from 7% in 2015. Cybercriminals sought to monetize mobile accounts and leverage them to compromise the mobile-based alerting and authentication solutions that financial institutions, issuers, and other businesses rely on to prevent fraud. 
  • New account fraud (NAF) continues unabated. In NAF, a fraudster takes a person’s information and opens up a new account in the victim’s name. NAF increased from 0.62% in 2015, to 0.74% of consumers last year. Fraudulent credit cards proved most attractive, rising 21% for new fraudulent accounts opened in 2015, to 30% last year.

"New account fraud is often the most damaging type of fraud because the criminals get your social security numbers and other personal information and open up accounts in your name," says Stephen Coggeshall, chief analytics and science officer at ID Analytics and LifeLock. "Very often the victim is not aware that the fraud took place for several days."

According to the study, NAF was detected 17 days more slowly in 2016 than it was the year before. Most victims find out either when they check their credit report or when a creditor or collector contacts them. By the time the account has gone delinquent, the fraud has matured and the fraudster has more the likely gone on to another scheme.

The report also distinguishes between different types of consumers. For example, consumers with little online presence face less risk, but can take more than 40 days to detect fraud and incur higher fraud amounts than most other fraud victims.

On the other hand, while e-commerce shoppers experience the highest amount of fraud, they also tend to catch it very quickly, minimizing the impact. A full 78% of ecommerce fraud victims detected fraud inside of one week.   

Related Content:

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Browsers to Enforce Shorter Certificate Life Spans: What Businesses Should Know
Kelly Sheridan, Staff Editor, Dark Reading,  7/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-12441
PUBLISHED: 2020-08-06
Denial-of-Service (DoS) in Ivanti Service Manager HEAT Remote Control 7.4 due to a buffer overflow in the protocol parser of the ‘HEATRemoteService’ agent. The DoS can be triggered by sending a specially crafted network packet.
CVE-2020-13793
PUBLISHED: 2020-08-06
Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a static, hard-coded encryption key.
CVE-2020-16207
PUBLISHED: 2020-08-06
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by opening specially crafted project files that may overflow the heap, which may allow remote code execution, disclosure/modification of information, or cause the appli...
CVE-2020-16211
PUBLISHED: 2020-08-06
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. An out-of-bounds read vulnerability may be exploited by processing specially crafted project files, which may allow an attacker to read information.
CVE-2020-16213
PUBLISHED: 2020-08-06
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, which may allow remote code execution, disclosure/modification of information, or ...