For First Time Ever More Social Security Numbers Stolen than Credit Card Numbers
The EMV Effect Shifts Fraud Online: 81 percent More Likely Online Than At Point of Sale
SAN FRANCISCO, February 6, 2018
– The 2018 Identity Fraud Study
released today by Javelin Strategy & Research, revealed that the number of identity fraud victims increased by eight percent (rising to 16.7 million U.S. consumers) in the last year, a record high since Javelin Strategy & Research began tracking identity fraud in 2003. The study found that despite industry efforts to prevent identity fraud, fraudsters successfully adapted to net 1.3 million more victims in 2017, with the amount stolen rising to $16.8 billion. With the adoption of EMV (embedded chip) cards and terminals, the types of identity fraud continued to shift online and away from physical stores. The complexity of fraud is also on the rise as criminals are opening more new accounts as a means of compromising accounts consumers already have.
This last year saw a notable change in how fraud is being committed. While credit card accounts remained the most prevalent targets for new account fraud, there was significant growth in the opening of new intermediary accounts, such as email payments (e.g. PayPal) and other internet accounts (e.g. e-commerce merchants such as Amazon) by fraudsters. Although not as easily monetized alone, these account types are invaluable in helping fraudsters transfer funds from the existing accounts of their victims.
The study also found three significant changes in data breaches in 2017. Nearly a third (30 percent) of US consumers were notified of a breach in the past year, up from 12 percent in 2016. For the first time ever, Social Security numbers (35 percent) were compromised more than credit card numbers (30 percent) in breaches. Finally, data breaches are causing consumers to lose trust in institutions. These trends combined to cause consumers to shift the perceived responsibility for preventing fraud from themselves to other entities, such as their financial institution or the companies storing their data.
“2017 was a runaway year for fraudsters, and with the amount of valid information they have on consumers, their attacks are just getting more complex,” said Al Pascual
, senior vice president, research director and head of fraud & security, Javelin Strategy & Research. “Fraudsters are growing more sophisticated in response to industry’s efforts to implement better security. Fortunately, there are a variety of digital tools that consumers can leverage to stay better informed on the status of their identities and accounts, and to ultimately stay better protected.”
The annual 2018 Identity Fraud Study
is a comprehensive analysis of identity fraud trends, independently produced by Javelin Strategy & Research and made possible by Identity Guard, a provider of identity risk management and privacy protection services for consumers and businesses. The study is in its fifteenth consecutive year, and is the nation’s longest-running study of identity fraud, with 74,000 respondents surveyed since 2003.
The 2018 Identity Fraud Study found four significant trends:
- Record high incidence of identity fraud – In 2017, 6.64 percent of consumers became victims of identity fraud, an increase of almost one million victims from the previous year. This increase was driven by growth in both existing non-card fraud and account takeover (ATO).
- Account takeover grew significantly – Account takeover tripled over the past year, reaching a four-year high. Total ATO losses reached $5.1 billion, a 120 percent increase from 2016. Account takeover continues to be one of the most challenging fraud types for consumers with victims paying an average of $290 in out-of-pocket costs and spending 16 hours on average to resolve. This translates to more than 62.2 million hours of time consumers lost in 2017. That is enough time for more than three million people to binge watch the first and second season of Stranger Things.
- Online shopping presents the greatest fraud opportunity – EMV is driving more fraudsters to seek online channels for fraud. Card Not Present Fraud is now 81 percent more likely than point of sale fraud, the greatest gap Javelin has observed.
- Fraudsters are getting more sophisticated – Fraudsters are getting more sophisticated in their attacks, and using more complex and difficult to detect monetization schemes. One and a half million victims of existing account fraud had an intermediary account opened in their name first. This is 200 percent greater than the previous high.
New this year, the 2018 Identity Fraud Study examined the impact the relentless news about data breaches is having on consumers. With rising fraud incidence and extensive media coverage of the Equifax breach, the proportion of consumers who are concerned about fraud rose from 51 percent in 2016 to 69 percent in 2017. Breaches rank at the top of identity-related threats facing consumers according to those surveyed. Javelin found 63 percent of consumers report that they are ‘very’ or ‘extremely’ concerned about the threat of breaches, but many are unsure that they have the ability to effectively protect themselves. Cynicism about breach notifications rose dramatically, with 64 percent of breach victims indicating they believe that breach notifications do little to help protect them and are principally about providing legal cover for the breached company. All of this combined, caused consumers to shift the perceived responsibility for preventing fraud from themselves to other entities, such as their FI or the companies storing their data.
Identity fraud is defined as the unauthorized use of another person’s personal information to achieve illicit financial gain. Identity fraud can range from simply using a stolen payment card account, to making a fraudulent purchase, to taking control of existing accounts or opening new accounts.
In 2017, Javelin conducted a nationally representative online survey of 5,000 U.S. consumers to assess the impact of fraud, uncover where fraudsters are making progress, explore consumers’ actions and behaviors and how it relates to fraud risk levels, and identify segments of consumers most affected by fraud.
Five Safety Tips to Protect Consumers
Javelin believes that consumers who exercise good online security habits can minimize their risk and impact of identity fraud. The following are five recommendations for consumers to follow:
- Turn on two-factor authentication wherever possible – Enabling two-factor authentication on sites that have that capability, where a separate action must be taken beyond providing a user name and password to access an account, can make it significantly more difficult for fraudsters to take over your accounts. For sites without two-factor authentication, use strong passwords or a password manager to secure accounts.
- Secure your devices – With consumers increasingly relying on their digital devices to obtain goods and services, making purchases and sharing personal information, criminals have shifted their focus to these devices for the access they can provide to accounts and the information they store or transmit. Secure online and mobile devices by instituting a screen lock, encrypting data stored on the devices, avoiding public Wi-Fi and/or using a VPN, and installing anti-malware.
- Place a security freeze – If you are not planning on opening new accounts in the near future, a freeze on your credit report can prevent anyone else from opening one in your name – which is especially important if you have been a victim of data breach that has exposed sensitive personally identifiable information. Credit freezes must be placed with all three credit bureaus and prevents everyone except for existing creditors and certain government agencies from accessing your credit report. While costs vary per state, typically each bureau costs below $20. Should you need to open an account requiring a credit check, the freeze can be lifted through the credit bureaus.
- Sign up for account alerts everywhere – A variety of financial service providers, including depository institutions, credit card issuers and brokerages, provide their customers with the option to receive notifications of suspicious activity – as do businesses in other industries, such as email and social media providers. These notifications can often be received through email or text message, making some notifications immediate, and some go so far as to allow their customers to specify the scenarios under which they want to be notified, so as to reduce false alarms.
- Protect yourself from unauthorized online transactions – As EMV makes fraud at physical stores more challenging, fraudsters are moving to target online merchants. Some financial institutions offer alerts for online transactions, the ability to institute limits on online transactions, or even advanced controls through 3-D Secure (e.g., Verified by Visa, SecureCode from Mastercard, etc.). These can help quickly detect and even prevent online fraud from occurring.
Additional Consumer Resources
To report incidents of suspected fraud or identity theft, visit the FTC online at:
About Javelin Strategy & Research