Identity fraudsters had a banner year in 2016, underscoring the need for consumers to consider protection services, stronger forms of authentication, and increased vigilance on security issues.
The number of identity fraud victims increased 16% in 2016, rising to 15.4 million consumers in the US, according to Javelin Strategy & Research's 2017 Identity Fraud Study, conducted on behalf of LifeLock. That's a record high since Javelin began tracking identity fraud in 2004.
Al Pascual, senior vice president, research director and head of fraud and security at Javelin, says the study also found that the criminals adapted to all the latest prevention techniques to net 2 million more victims in 2016 – an increase of $1 billion, to $16 billion. The rise of available information via data breaches has been a boon to the criminals, he says.
"To successfully fight the fraudsters, the industry needs to close security gaps, continue to improve, and consumers must be more proactive," he notes.
Randy Vanderhoof, executive director of the Smart Card Alliance, agrees that consumers must become more vigilant than think about changing their habits.
"What I tell people is to dedicate a credit card for online shopping and a credit card for purchases at physical stores. It’s much easier to track the fraud that way," Vanderhoof explains. "People also need to be aware that if they use a debit card in the store, there is more of a risk because if they are subject to fraud, the money comes right out of their checking account. With credit cards, there are some more protections."
The report, which was based on address-based surveys of 5,028 US consumers, also found:
- Card not present (CNP) fraud rose significantly. EMV chip and pin cards have closed off opportunities for point-of-sale fraud, so the criminals have moved online. CNP fraud increased by 40% last year. In fact, 3.42% of all consumers had their cards abused by this type of fraud.
- Account takeover bounces back. After reaching a low point in 2014, both account takeover incidents (where a criminal takes control of an account) and losses rose notably last year. Total account takeover losses increased 61%, to $2.3 billion, and incidents were up 31%. During 2016, victims paid an average of $263 in out-of-pocket costs and spent 20.7 million hours to resolve this type of fraud - 6 million more hours than in 2015.
- Account takeover on mobile phone became nearly twice as prevalent in only one year. Mobile phone accounts represented 12% of all takeovers in 2016, up from 7% in 2015. Cybercriminals sought to monetize mobile accounts and leverage them to compromise the mobile-based alerting and authentication solutions that financial institutions, issuers, and other businesses rely on to prevent fraud.
- New account fraud (NAF) continues unabated. In NAF, a fraudster takes a person’s information and opens up a new account in the victim’s name. NAF increased from 0.62% in 2015, to 0.74% of consumers last year. Fraudulent credit cards proved most attractive, rising 21% for new fraudulent accounts opened in 2015, to 30% last year.
"New account fraud is often the most damaging type of fraud because the criminals get your social security numbers and other personal information and open up accounts in your name," says Stephen Coggeshall, chief analytics and science officer at ID Analytics and LifeLock. "Very often the victim is not aware that the fraud took place for several days."
According to the study, NAF was detected 17 days more slowly in 2016 than it was the year before. Most victims find out either when they check their credit report or when a creditor or collector contacts them. By the time the account has gone delinquent, the fraud has matured and the fraudster has more the likely gone on to another scheme.
The report also distinguishes between different types of consumers. For example, consumers with little online presence face less risk, but can take more than 40 days to detect fraud and incur higher fraud amounts than most other fraud victims.
On the other hand, while e-commerce shoppers experience the highest amount of fraud, they also tend to catch it very quickly, minimizing the impact. A full 78% of ecommerce fraud victims detected fraud inside of one week.