The 2018 Identity Fraud Study released by San Francisco-based Javelin Strategy & Research, revealed identity fraud victims increased by 8% (rising to 16.7 million U.S. consumers) in the last year.
The online survey of 5,000 U.S. consumers found despite industry efforts to prevent identity fraud, fraudsters effectively altered course to net 1.3 million more victims in 2017, with the amount stolen rising to $16.8 billion. The rising ID theft trend caused consumers to shift the perceived responsibility for preventing fraud from themselves to other entities, such as their financial institution or the companies storing their data.
With the evolution to EMV cards and terminal, the types of identity fraud continued to swing away from brick-and-mortars to online opportunities.
Crooks are starting more new accounts as a means of compromising accounts consumers already have. While credit card accounts persisted as the predominant marks for new account fraud, there was substantial growth in the opening of intermediary accounts, such as email payments (e.g. PayPal) and other internet accounts (e.g. e-commerce merchants such as Amazon) by fraudsters. Although not as effortlessly monetized, these account types help fraudsters transfer funds from their victims’ existing accounts, according to Javelin.
Helped by massive and headline grabbing data breaches, such the Equifax incident, which exposed sensitive information of some 145.5 million Americans, the proportion of consumers concerned about fraud rose from 51% in 2016 to 69% in 2017. Rightly so, Javelin noted for the first time ever comprised Social Security accounts (35%) outnumbered credit card accounts (30%) in breaches.
Breaches rank at the top of identity-related threats facing consumers according to those surveyed. Javelin found 63% of consumers report that they are very or extremely concerned about the threat of breaches, but many are unsure they have the ability to effectively protect themselves. Coinciding with that finding, cynicism about breach notifications rose dramatically as well, with 64% of breach victims indicating they believe breach notifications do little to help protect them and are principally about providing legal cover for the breached company.
The study found four significant trends:
- Record high incidence of identity fraud. In 2017, 6.64% of consumers became victims of identity fraud, an increase of almost one million victims from the previous year. Non-card fraud and account takeover drove this increase.
- Account takeover grew significantly, tripling over the past year, reaching a four-year high. Total ATO losses reached $5.1 billion, a 120% increase from 2016. Account takeover continues to be one of the most challenging fraud types for consumers with victims paying an average of $290 in out-of-pocket costs and spending 16 hours on average to resolve.
- With EMV driving more fraudsters to seek online channels for fraud, card not present fraud is now 81% more likely than point of sale fraud.
- Fraudsters are getting more sophisticated in their attacks, and using more complex and difficult to detect monetization schemes. One and a half million victims of existing account fraud had an intermediary account opened in their name first.
“2017 was a runaway year for fraudsters, and with the amount of valid information they have on consumers, their attacks are just getting more complex,” Al Pascual, senior vice president, research director and head of fraud & security, Javelin Strategy & Research, said. “Fraudsters are growing more sophisticated in response to industry’s efforts to implement better security. Fortunately, there are a variety of digital tools that consumers can leverage to stay better informed on the status of their identities and accounts, and to ultimately stay better protected.”