Identity fraud enters a new era of complexity
The number of identity fraud victims increased by eight percent (rising to 16.7 million U.S. consumers) in the last year, a record high since Javelin Strategy & Research began tracking identity fraud in 2003.
The 2018 Identity Fraud Study found that despite industry efforts to prevent identity fraud, fraudsters successfully adapted to net 1.3 million more victims in 2017, with the amount stolen rising to $16.8 billion. With the adoption of EMV cards and terminals, the types of identity fraud continued to shift online and away from physical stores. The complexity of fraud is also on the rise as criminals are opening more new accounts as a means of compromising accounts consumers already have.
How fraud is being committed
This last year saw a notable change in how fraud is being committed. While credit card accounts remained the most prevalent targets for new account fraud, there was significant growth in the opening of new intermediary accounts, such as email payments (e.g. PayPal) and other internet accounts (e.g. e-commerce merchants such as Amazon) by fraudsters. Although not as easily monetized alone, these account types are invaluable in helping fraudsters transfer funds from the existing accounts of their victims.
The study also found three significant changes in data breaches in 2017. Nearly a third (30 percent) of U.S. consumers were notified of a breach in the past year, up from 12 percent in 2016. For the first time ever, Social Security numbers (35 percent) were compromised more than credit card numbers (30 percent) in breaches.
Data breaches are causing consumers to lose trust in institutions. These trends combined to cause consumers to shift the perceived responsibility for preventing fraud from themselves to other entities, such as their financial institution or the companies storing their data.
“Fraudsters are growing more sophisticated in response to industry’s efforts to implement better security. Fortunately, there are a variety of digital tools that consumers can leverage to stay better informed on the status of their identities and accounts, and to ultimately stay better protected,” said Al Pascual, senior VP, research director and head of fraud & security, Javelin Strategy & Research.
Record high incidence of identity fraud – In 2017, 6.64 percent of consumers became victims of identity fraud, an increase of almost one million victims from the previous year. This increase was driven by growth in both existing non-card fraud and account takeover (ATO).
Account takeover grew significantly – Account takeover tripled over the past year, reaching a four-year high. Total ATO losses reached $5.1 billion, a 120 percent increase from 2016. Account takeover continues to be one of the most challenging fraud types for consumers with victims paying an average of $290 in out-of-pocket costs and spending 16 hours on average to resolve. This translates to more than 62.2 million hours of time consumers lost in 2017. That is enough time for more than three million people to binge watch the first and second season of Stranger Things.
Online shopping presents the greatest fraud opportunity – EMV is driving more fraudsters to seek online channels for fraud. Card Not Present Fraud is now 81 percent more likely than point of sale fraud, the greatest gap Javelin has observed.
Fraudsters are getting more sophisticated – Fraudsters are getting more sophisticated in their attacks, and using more complex and difficult to detect monetization schemes. One and a half million victims of existing account fraud had an intermediary account opened in their name first. This is 200 percent greater than the previous high.