1 in 4 Data Breach Letter Recipients Became Identity Fraud Victims
Fraudsters Misuse Information For Fewer Days
Small Online Retailers Being Impacted Disproportionately
SAN FRANCISCO, February 20, 2013 – The 2013 Identity Fraud Report released today by Javelin Strategy & Research, reports that in 2012 identity fraud incidents increased by more than one million victims and fraudsters stole nearly $21 billion, the highest amount since 2009. The study found 12.6 million victims of identity fraud in the United States in the past year, which equates to 1 victim every 3 seconds. The report also found that nearly 1 in 4 data breach letter recipients became a victim of identity fraud, with breaches involving Social Security numbers to be the most damaging. Over the past year, companies are responding more quickly which means a consumer’s information is being misused for fewer days than ever before, and the mean cost per victim has been flattening.
Identity Fraud Rate Rose in 2012
Javelin Strategy & Research Report, made possible by Citi and Intersections Inc.
Now in its tenth consecutive year, the comprehensive analysis of identity fraud trends is independently produced byJavelin Strategy & Research, and made possible by Citi and Intersections Inc., companies dedicated to consumer fraud prevention and education. It is the nation’s longest-running study of identity fraud, with 48,200 respondents surveyed over the past 10 years.
Identity fraud is defined as the unauthorized use of another person’s personal information to achieve illicit financial gain. Identity fraud can range from simply using a stolen payment card account, to making a fraudulent purchase, to taking control of existing accounts or opening new accounts, including mobile phone or utility services. In October 2012, Javelin Strategy & Research conducted an address-based survey of 5,249 U.S. consumers to identify important findings about the impact of fraud, uncover areas of progress and identify areas in which consumers must exercise continued vigilance.
“This past year was one where there were both successes and setbacks for consumers, institutions and fraudsters,” said Jim Van Dyke, CEO of Javelin Strategy & Research. “Consumers and institutions are now starting to act as partners—detecting and stopping fraud faster than ever before. But fraudsters are acting quicker than ever before and victimizing more consumers. Consumers must take data breach notifications more seriously and maintain vigilance to safeguard personal information, especially Social Security numbers.”
The study found several significant identity fraud trends:
- Identity fraud incidents and amount stolen increased—The number of identity fraud incidents increased by one million more consumers over the past year, and the dollar amount stolen increased to $21 billion, a three-year high but still significantly lower than the all-time high of $47 billion in 2004. This equates to 1 incident of identity fraud every 3 seconds.
- 1 in 4 data breach notification recipients became a victim of identity fraud—This year, almost 1 in 4 consumers that received a data breach letter became a victim of identity fraud, which is the highest rate since 2010. This underscores the need for consumers to take all notifications seriously. Not all breaches are created equal. The study found consumers who had their Social Security number compromised in a data breach were 5 times more likely to be a fraud victim than an average consumer.
- Fraudsters misuse information fewer days than before—Consumer information was misused for an average of 48 days in 2012, down from 55 days in 2011 and 95 days in 2010. Misuse time was down for all types of fraud including fraud on cards, loans, bank accounts, mobile phone bills and other types of fraud due to consumer and industry action. More than 50 percent of victims were actively detecting fraud using financial alerts, credit monitoring or identity protection services and by monitoring their accounts.
- Small retailers are losing out—Fraud victims are more selective where they shop after an incident, and small businesses were the most dramatically impacted. The study found that 15 percent of all fraud victims decided to change behaviors and avoid smaller online merchants. This is a much greater percentage than those that avoid gaming sites or larger retailers.
Understanding the Findings
Fraud incidents and the amount stolen continued its upward trend. Approximately one million more adults were victimized by identity fraud in 2012, compared to 2011. This is the second highest number of victims since the study started.
Data breaches continued to play a significant role in identity fraud. Organizations alert their customers when their information was compromised and sent a letter (i.e. “data breach letter”). Receiving this letter does not define a consumer as a victim of fraud. Yet the survey found 1 in 4 data breach notification recipients became a victim of identity fraud in 2012, compared to less than 1 in 5 in 2011.
The personal information lost in data breaches are frequently used to commit fraud. While credit card numbers remain the most popular item revealed in a data breach, in reality other information can be more useful to fraudsters. Personal information such as online banking login, user name and password were compromised in 10 percent of incidents and 16 percent of incidents included Social Security numbers. Recipients need to take data breach letters seriously and protect themselves by enrolling in identity protection services and taking other steps.
It’s not just online fraud or data breaches. More than 1.5 million consumers were victims of familiar fraud, which is fraud when victims know the fraudster. Lower income consumers were more likely to be victims of familiar fraud. The information most likely to be taken via familiar fraud includes name, Social Security number, address and checking account numbers.
Encouragingly, consumers, financial institutions and identity protection services are working closely together and that is having a positive impact. In 33 percent of cases, consumers were notified of the fraud by a bank or card issuer. Email and other proactive alerts can help consumers discover and stop identity fraud more quickly. Consumers must retain vigilance as 50 percent found the fraud themselves by monitoring their bank accounts, statements, credit scores and purchasing identity protection services. When reported in a timely manner, costs can be kept down.
Seven Safety Tips to Protect Consumers
Javelin Strategy & Research recommends that consumers work in partnership with institutions to minimize their risk and impact of identity fraud by following a three-step approach: Prevention, Detection and Resolution™.
- Keep personal data private—Secure your personal and financial records behind a password or in a locked storage device whether at home, at work and on your mobile device. Familiar fraud is a serious issue with 12 percent of fraud victims knowing the perpetrator personally. Other ways to secure information include: not mailing checks to pay bills, shredding documents, monitoring your accounts weekly, and protecting your computer and mobile device with updated security software. Use a trusted and secure Internet connection (not a public Wi-Fi hotspot) when transmitting personal or financial information, and direct deposit payroll checks.
- Look for security features—When paying online be sure you have a secure connection. Two ways you can denote a secure connection are to look for “https” and not just http at the start of the merchant’s web address or a bright green box and padlock graphic in the address bar of most browsers. Check for either one of these before entering personal or payment information.
- Think before you share—Before providing any sensitive information, question who is asking for the information. Why do they need it? How is the information being used? Do not provide the information if you are unsure about the legitimacy of the request. Be careful when clicking on links that then take you to a page asking for personal information. If an organization asks you for your Social Security number to validate your identity, request another question.
4. Be Proactive—There are many different levels of identity theft protection and consumers should work in partnership with institutions on identity theft prevention. By setting up alerts that can be sent via e-mail and to a mobile device and monitoring accounts online at bank and credit card websites, consumers can take a more proactive role in detecting identity fraud and stopping misuse. In 2012, 50 percent of fraud was first detected by the victims.
5. Enlist others—There are a wide array of services available to consumers who want extra protection and peace of mind including payment transaction alerts, credit monitoring, credit report fraud alerts, credit freezes and database scanning. 3 out of every 5 identity fraud victims did not know the source of their fraud, but many services will now provide alerts directly to a consumer’s smartphone. Some services can be obtained for a fee and others at no cost to the consumers who are victims of a data breach. These services can monitor credit reports, public records and online activity for signs of fraudulent use of personal information.
6. Take any data breach notification seriously—If you receive a data breach notification, take it very seriously as you are at a much higher risk according to the 2013 Identity Fraud Report. If you receive an offer from your financial institution or retailer for a free monitoring service after a breach, you should take advantage of the offer, closely monitor your accounts and put a fraud alert on your credit report.
7. Don’t wait. Report problems immediately—If you suspect or uncover fraud, contact your bank, credit union, wireless provider or protection services provider to take advantage of resolution services, loss protections and methods to secure your accounts. A fast response can enhance the likelihood that losses are reduced, and law enforcement can pursue fraudsters so they experience consequences for their actions.
For Additional Educational Tips, Consumers Should Visit:
About Javelin Strategy & Research
Javelin Strategy & Research, a division of Greenwich Associates, provides strategic insights into customer transactions, increasing sustainable profits for financial institutions, government, payments companies, merchants and other technology providers. Javelin’s independent insights result from a uniquely rigorous three-dimensional research process that assesses customers, providers, and the transactions ecosystem.
For more information on this project or other research studies by Javelin Strategy & Research, visit www.javelinstrategy.com/research.
All trademarks are the property of their respective owners.