Javelin Research and Strategy’s 2018 Identity Fraud Study is out, underscoring the ever-advancing efforts of organized bad actors and the enormous challenges that consumers and organizations face in protecting sensitive personal data. Javelin offers five safety tips to protect consumers, and highlights four major trends:
- Record high incidence of identity fraud – In 2017, 6.64 percent of consumers became victims of identity fraud, an increase of almost one million victims from the previous year. This increase was driven by growth in both existing non-card fraud and account takeover (ATO).
- Account takeover grew significantly – Account takeover tripled over the past year, reaching a four-year high. Total ATO losses reached $5.1 billion, a 120 percent increase from 2016. Account takeover continues to be one of the most challenging fraud types for consumers with victims paying an average of $290 in out-of-pocket costs and spending 16 hours on average to resolve. This translates to more than 62.2 million hours of time consumers lost in 2017. That is enough time for more than three million people to binge watch the first and second season of Stranger Things.
- Online shopping presents the greatest fraud opportunity – EMV is driving more fraudsters to seek online channels for fraud. Card Not Present Fraud is now 81 percent more likely than point of sale fraud, the greatest gap Javelin has observed.
- Fraudsters are getting more sophisticated – Fraudsters are getting more sophisticated in their attacks, and using more complex and difficult to detect monetization schemes. One and a half million victims of existing account fraud had an intermediary account opened in their name first. This is 200 percent greater than the previous high.
IT security experts commented below.
John Gunn, CMO at VASCO Data Security:
“No one should be surprised that identity fraud has hit an all-time high and Account Takeover (ATO) has tripled. The Javelin report reveals the economic pain behind the carnage. These losses are a direct result of the record number of massive data breaches and the thousands more small ones that go unreported, combined with businesses being slow to adopt new security technologies.
“Protecting data and stopping Account Takeover has become relatively easy with digital identity verification, biometric authentication, behavior analysis, and mobile device security. The cost for the newest security technology has come way down and implementation is now fast and easy. Consumers need to become activists and tell their service providers to enable adequate security or lose their business.”
Robert Capps, Vice President, Business Development at NuData Security:
“This key study demonstrates that personal information is under siege, and protecting sensitive data with legacy methods alone is impossible in the age of mega breaches.
“It’s interesting to see the shift in fraud on Javelin Strategy & Research’s report: credit cards were once the most sought-after piece of information, and now Social Security numbers are on the top of the podium.
“This is closely linked to a move towards fraud schemes that don’t depend on active credit cards anymore to make a profit. Instead, other types of fraud that include new account creation and synthetic identities are gaining muscle and are used to transfer stolen funds.
“Data breaches are hard to avoid, but companies can implement technologies to help customers and their business prevent fraud in their environment after a data breach.
“Mere reliance on passwords and usernames is – at this point – not enough to protect from online threats. Companies can leverage technologies that don’t rely on personally identifiable information and also look at the user’s inherent behavior. Passive biometrics technology builds unique profiles of the individual that can’t be replicated by a bad actor. This technology can protect customers and businesses from growing threats such as synthetic identities and account takeover.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.