More than 12.6 million U.S. consumers fell victim to identity fraud last year, incurring costs of more than $21 billion -- a three-year high, according to a study published Wednesday.

According to Javelin Strategy and Research's 2013 Identity Fraud Report, there were more incidents of identity fraud in 2012 than in any other year of the past decade except one. And incident of identity fraud occurs once every three seconds in the U.S. alone, the study says.

New account fraud -- in which a criminal uses stolen identity information to open an account at a store or bank -- represents the largest growth segment in the fraud study, according to Jim Van Dyke, CEO at Javelin.

"The problem with new account fraud is that it's a huge blind spot for most consumers," Van Dyke says. "When an account is opened in your name, you're not going to see it on your credit card or in your bank account. Most people don't know it's happening."

But there are warning signs that consumers should pay attention to, Javelin says. For example, people who receive a breach notification letter from a company are four times more likely to experience identity fraud than those who don't, the study says.

"Those letters require consumer action, but a lot of people don't react," says Tim Rohrbaugh, director of information security at identity fraud protection service Intersections Inc., a sponsor of the study. "If you get a message from your Internet service provider that there's malware on your computer or your password has been compromised, you need to remove the malware or change your password. If a company tells you your information is at risk, you need to act."

Consumer information was misused for an average of 48 days in 2012, down from 55 days in 2011 and 95 days in 2010, Javelin says. Misuse time was down for all types of fraud, including fraud on cards, loans, bank accounts, mobile phone bills and other types of fraud, due to consumer and industry action. More than 50 percent of victims were actively detecting fraud using financial alerts, credit monitoring or identity protection services, and by monitoring their accounts.

Fraud victims are more selective where they shop after an incident, and small businesses were the most dramatically impacted, Javelin says. The study found that 15 percent of all fraud victims decided to change behaviors and avoid smaller online merchants -- a much greater percentage than those that avoid gaming sites or larger retailers following a fraud incident.

Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.