Number of Identity Fraud Victims Rose to 13.1 Million, but Fraud Decreased to $18 Billion
Dramatic Increase in Account Takeover
Data Breaches Become Even More Damaging
Fraudsters use Stolen Information with eBay, PayPal, Amazon and other Internet Accounts
SAN FRANCISCO, February 5, 2014 – The 2014 Identity Fraud Study released today by Javelin Strategy & Research (@JavelinStrategy), reports an increase of more than 500,000 fraud victims to 13.1 million people in 2013, the second highest number since the study began. Account takeover fraud hit a new record in incidence for the second year in a row and accounted for 28 percent of all identity fraud. Additionally, fraudsters increasingly turned to eBay, PayPal and Amazon with the stolen information to make purchases. In 2013, data breaches became more damaging, with one in three people who received a data breach notification letter becoming an identity fraud victim. Encouragingly, the amount criminals stole decreased by $3 billion to $18 billion, reflecting more aggressive actions from financial institutions, identity theft protection providers and consumers.
Javelin Strategy & Research Report, made possible by Intersections Inc.
Now in its eleventh consecutive year, the comprehensive analysis of identity fraud trends is independently produced by Javelin Strategy & Research, and made possible by Intersections Inc., a company dedicated to consumer fraud prevention and education. It is the nation’s longest-running study of identity fraud, with 53,800 respondents surveyed over the past 11 years.
Identity fraud is defined as the unauthorized use of another person’s personal information to achieve illicit financial gain. Identity fraud can range from simply using a stolen payment card account, to making a fraudulent purchase, to taking control of existing accounts or opening new accounts, including mobile phone or utility services. In October 2013, Javelin Strategy & Research conducted an address-based survey of 5,634 U.S. consumers to identify important findings about the impact of fraud, uncover areas of progress and identify areas in which consumers must exercise continued vigilance.
“There were significant strides forward in 2013 in the fight against identity fraud. Even though the incidence of fraud increased, the amount stolen significantly decreased,” said Al Pascual, Senior Analyst of Security, Risk & Fraud, of Javelin Strategy & Research. “Consumers and businesses cannot let up the effort. Our study found that criminals are adapting their approach to focus on account takeover and they are effective at using the information they secure from data breaches. Any complacency will provide fraudsters renewed opportunities.”
The study found several significant identity fraud trends:
- More victims, less stolen – The number of identity fraud incidents increased by 500,000 consumers over the past year, while the dollar amount stolen decreased to $18 billion, significantly lower than the all-time high of $48 billion in 2004. Those between 35-44 were at greatest risk. When successful, fraudsters are now more than three times as likely to use the money stolen to buy prepaid or gift cards to make fraudulent purchases.
- Types of fraud changed – account takeover rose dramatically – Criminals are changing behavior to exploit vulnerabilities. Most tellingly, account takeover hit a new record in incidence for the second year in a row and accounted for 28 percent of identity fraud losses. Account takeovers for utilities and mobile phone fraud nearly tripled, as fraudsters add new properties to victims’ utility accounts and run up unauthorized charges using “premium” texting services. Consumers that are a victim of account takeover tend to start paying bills online to improve security.
- Data breaches are the greatest risk factor for identity fraud – In 2013, one in three consumers who received notification of a data breach became a victim of fraud. This is up from one in four in 2012. Forty-six percent of consumers with breached debit cards in 2013 became fraud victims in the same year, compared to only 16 percent of consumers with a Social Security number breached.
- Identity fraud is more than just credit card fraud – Specifically, non-card fraud saw a rapid rise in 2013. The number of non-card fraud victims nearly tripled and it accounted for $5 billion in fraud. This fraud includes: compromised lines of credit, Internet accounts (e.g., eBay, Amazon) and email payment accounts such as PayPal.
Six Safety Tips to Protect Consumers
Javelin Strategy & Research recommends that consumers work in partnership with institutions to minimize their risk and impact of identity fraud by following a three-step approach: Prevention, Detection and Resolution™.
- Keep personal data private – Secure your personal and financial records behind a password or in a locked storage device at home, at work and on your mobile device. Other ways to secure information include: not mailing checks to pay bills, shredding documents, monitoring your accounts weekly, and protecting your computer and mobile device with updated security software. Use a trusted and secure Internet connection (not a public Wi-Fi hotspot) when transmitting personal or financial information, change your password frequently and direct deposit payroll checks.
- Opt-in to two-factor authentication wherever it is offered - Some financial institutions, alternative payment providers and other service providers offer the option of adding a layer of security to your account beyond the basic username and password. By enrolling in this service, you will be notified each time someone tries to access your account, allowing you to block out fraudsters and address the issue in real-time.
- Just say no to SSN authentication - Eighty percent of the top 25 banks and 96 percent of top credit card issuers will allow account access using your Social Security Number (SSN) as an authenticator. Since SSNs can’t be changed, they are valuable to fraudsters. To limit exposure, request that your financial institution place a note on your account that you will never provide your SSN when requested as a form of authentication. That way, they will know never to ask since anyone who attempts to access your account with this information is a fraudster.
4. Be proactive and enlist others – There are many different levels of identity theft protection and consumers should work in partnership with institutions on identity theft prevention. By setting up alerts that can be sent via e-mail and to a mobile device and monitoring accounts online at bank and credit card websites, consumers can take a more proactive role in detecting identity fraud and stopping misuse. Additionally, there is a wide array of services available to consumers who want extra protection and peace of mind including payment transaction alerts, credit monitoring, credit report fraud alerts, credit freezes and database scanning.
5. Take any data breach notification seriously – If you receive a data breach notification, take it very seriously as you are at a much higher risk. If you receive an offer from your financial institution or retailer for a free monitoring service after a breach, you should take advantage of the offer, closely monitor your accounts and put a fraud alert on your credit report.
6. Don’t wait. Report problems immediately – If you suspect or uncover fraud, contact your bank, credit union, wireless provider or protection services provider to take advantage of resolution services, loss protections and methods to secure your accounts. A fast response can enhance the likelihood that losses are reduced, and law enforcement can pursue fraudsters so they experience consequences for their actions.
About Javelin Strategy & Research
Javelin Strategy & Research, a Greenwich Associates LLC company, provides strategic insights into customer transactions, increasing sustainable profits for financial institutions, government, payments companies, merchants and other technology providers. Javelin's independent insights result from a uniquely rigorous three-dimensional research process that assesses customers, providers, and the transactions ecosystem.
All trademarks are the property of their respective owners.