The annual 2017 Identity Fraud Study is the nation’s longest-running study of identity fraud, with 69,000 respondents surveyed since 2003.
The 2017 Identity Fraud Study found four significant trends:
Fraud leaps to a record
high incidence - In 2016, 6.15 percent of
consumers became victims of identity fraud, an increase
by more than 2 million victims from the previous year.
The incidence rate jumped by 16 percent from 2015, the
highest incidence since Javelin began tracking identity
fraud. This increase was driven by growth in existing
card fraud, which saw a significant spike in
fraud rises significantly - Driven by closing
opportunities for point-of-sale fraud and the growth of
e- and m-commerce, fraudsters are increasingly moving
online, dramatically increasing the prevalence of CNP
fraud by 40 percent. Meanwhile incidence of fraud at the
point-of-sale (POS) remained essentially unchanged from
2014 and 2015 levels.
bounces back - After reaching a low point in
2014, both account takeover incidence and losses rose
notably in 2016. Total ATO losses reached $2.3 billion,
a 61 percent increase from 2015, while incidence rose 31
percent. Account takeover continues to be one of the
most challenging fraud types for consumers with victims
paying an average of $263 out of pocket costs and
spending a total of 20.7 million hours to resolve it in
2016 – 6 million more than in 2015.
- New-account fraud continues unabated - As EMV cards and terminals continue to permeate the US POS environment, fraudsters shift to fraudulently opening accounts that allow them. At the same time, fraudsters have become better at evading detection, with new-account fraud (NAF) victims being notably more likely to discover fraud through review of their credit report (15 percent) or when they were contacted by a debt collector (13 percent).
New this year, the 2017 Identity Fraud Study identifies and analyzes four consumer personas, Offline Consumers, Social Networkers, e-Commerce Shoppers and Digitally Connected, based on attributes and fraud risks. Significant finding are:
have little online presence, either social networking or
shopping, are exposed to less fraud risk than digitally
connected consumers, but their minimal digital life
brings other risks. With a distrust of both online and
mobile banking, these consumers take more than 40 days
to detect fraud and incur higher fraud amounts than
other fraud victims.
share their social life in digital platforms (like
Facebook, Instagram, Snapchat and other networks, but do
very little e- or m-commerce, face the risks associated
with having their personal information widely available
to fraudsters who can use it to overcome security
measures or socially engineer victims. This manifests in
a 46 percent higher risk of account takeover fraud.
(including m-commerce) expose their financial
information to potential compromise and experience an
elevated risk of existing card fraud. Sixty-two percent
of these ecommerce shoppers made an online purchase
within the past week. While this customer segment
experienced the highest prevalence of fraud of any of
the four segments, they also tended to catch it very
quickly, minimizing the impact. Seventy-eight percent of
fraud victims in this segment detected fraud within one
week of it beginning.
- Digitally Connected Consumers have extensive social network activity, frequently shop online or with mobile devices, and are quick to adopt new digital technologies. Twenty-five percent of these consumers used a P2P payment service in the past week. Digitally connected consumers have a presence on an average of 4.9 social networks, are predominantly female... This also exposes them to greater risks, a 30 percent higher risk of fraud.
“After five years of relatively small growth or even decreases in fraud, this year’s findings drives home that fraudsters never rest and when one areas is closed, they adapt and find new approaches,” said Al Pascual, senior vice president, research director and head of fraud & security, Javelin Strategy & Research. “The rise of information available via data breaches is particularly troublesome for the industry and a boon for fraudsters. To successfully fight fraudsters, the industry needs to close security gaps and continue to improve and consumers must be proactive too.”
fraud is defined as the unauthorized use of another person’s
personal information to achieve illicit financial gain.
Identity fraud can range from simply using a stolen payment
card account, to making a fraudulent purchase, to taking
control of existing accounts or opening new accounts.
In 2016, Javelin conducted an address-based survey of 5,028 U.S. consumers to assess the impact of fraud, uncover where fraudsters are making progress, explore consumers’ actions and behaviors and how it relates to fraud risk levels, and identify segments of consumers most affected by fraud.
Seven Safety Tips to Protect Consumers
recommends that consumers work in partnership with
institutions to help minimize their risk and impact of
identity fraud. The following are seven recommendations for
consumers to follow:
Be smart on social
media – Social media can help you keep
up-to-date on your friends lives, but can also help
fraudsters stay up-to-date too. Reviewing your social
media security settings to make sure that your profile
is only visible to friends and connections is a good
place to start in securing social media from fraudsters.
Do not accept friend requests from people you do not
Protect online shopping
accounts – With fraud moving online, accounts
with online shopping sites are valuable targets.
Enabling two-factor authentication on sites that have
that capability, such as Amazon, can make it
significantly more difficult for fraudsters to take over
your accounts. For sites without two-factor
authentication, use strong passwords or a password
manager to secure accounts.
Exercise good password
habits – Passwords have remained the de facto
first line of defense for most online accounts, which
has motivated criminals to compromise them whenever
possible. Using strong, unique, regularly updated
passwords helps reduce the value to fraudsters of
passwords stolen in a data breach or through malware.
Password managers can provide a convenient way to manage
good password hygiene without resorting to writing them
down, which could also place them at risk of physical
Place a security freeze
– If you are not planning on opening new accounts in the
near future, a freeze on your credit report can prevent
anyone else from opening one in your name. Credit
freezes must be placed with all three credit bureaus and
prevents everyone except for existing creditors and
certain government agencies from accessing your credit
report. While costs vary per state, typically each
bureau costs below $20. Should you need to open an
account requiring a credit check, the freeze can be
lifted through the credit bureaus.
Sign up for account
alerts – A variety of financial service
providers, including depository institutions, credit
card issuers and brokerages, provide their customers
with the option to receive notifications of suspicious
activity. These notifications can often be received
through email or text message, making some notifications
immediate, and some go so far as to allow their
customers to specify the scenarios under which they want
to be notified, so as to reduce false alarms. Consumers
should also consider signing up for identity protection
services which can provide security that is difficult
for them to obtain on your own, such as regularly
monitoring credit reports for suspicious new accounts
and screening for sale of personal information on the
alert for online transactions – As EMV makes
fraud at physical stores more challenging, fraudsters
are moving to target online merchants. Some financial
institutions offer alerts for online transactions. These
can help quickly detect fraud. Since online fraud
enables fraudsters to make many transactions in a very
short period of time, quickly detecting fraud is
essential to preventing greater losses.
- Seek help as soon as fraud is detected – The quicker a financial institution, credit card issuer, wireless carrier or other service provider is notified that fraud has occurred on an account, the sooner these organizations can act to limit the damage. Early notification can also help limit the liability of a victim in some cases, as well as allow more time for law enforcement to catch the fraudsters in the act.