The study found 12.6 million victims of identity fraud in the United States in the past year, which equates to 1 victim every 3 seconds. The report also found that nearly 1 in 4 data breach letter recipients became a victim of identity fraud, with breaches involving Social Security numbers to be the most damaging. Over the past year, companies are responding more quickly which means a consumer’s information is being misused for fewer days than ever before, and the mean cost per victim has been flattening.
The study found several significant identity fraud trends:
Identity fraud incidents and amount stolen increased - The number of identity fraud incidents increased by one million more consumers over the past year, and the dollar amount stolen increased to $21 billion, a three-year high but still significantly lower than the all-time high of $47 billion in 2004. This equates to 1 incident of identity fraud every 3 seconds.
1 in 4 data breach notification recipients became a victim of identity fraud - This year, almost 1 in 4 consumers that received a data breach letter became a victim of identity fraud, which is the highest rate since 2010. This underscores the need for consumers to take all notifications seriously. Not all breaches are created equal. The study found consumers who had their Social Security number compromised in a data breach were 5 times more likely to be a fraud victim than an average consumer.
Fraudsters misuse information fewer days than before - Consumer information was misused for an average of 48 days in 2012, down from 55 days in 2011 and 95 days in 2010. Misuse time was down for all types of fraud including fraud on cards, loans, bank accounts, mobile phone bills and other types of fraud due to consumer and industry action. More than 50 percent of victims were actively detecting fraud using financial alerts, credit monitoring or identity protection services and by monitoring their accounts.
Small retailers are losing out - Fraud victims are more selective where they shop after an incident, and small businesses were the most dramatically impacted. The study found that 15 percent of all fraud victims decided to change behaviors and avoid smaller online merchants. This is a much greater percentage than those that avoid gaming sites or larger retailers.
Fraud incidents and the amount stolen continued its upward trend. Approximately one million more adults were victimized by identity fraud in 2012, compared to 2011. This is the second highest number of victims since the study started.
Data breaches continued to play a significant role in identity fraud. Organizations alert their customers when their information was compromised and sent a letter (i.e. “data breach letter”). Receiving this letter does not define a consumer as a victim of fraud. Yet the survey found 1 in 4 data breach notification recipients became a victim of identity fraud in 2012, compared to less than 1 in 5 in 2011.
The personal information lost in data breaches are frequently used to commit fraud. While credit card numbers remain the most popular item revealed in a data breach, in reality other information can be more useful to fraudsters. Personal information such as online banking login, user name and password were compromised in 10 percent of incidents and 16 percent of incidents included Social Security numbers.
Recipients need to take data breach letters seriously and protect themselves by enrolling in identity protection services and taking other steps.
It’s not just online fraud or data breaches. More than 1.5 million consumers were victims of familiar fraud, which is fraud when victims know the fraudster. Lower income consumers were more likely to be victims of familiar fraud. The information most likely to be taken via familiar fraud includes name, Social Security number, address and checking account numbers.
Encouragingly, consumers, financial institutions and identity protection services are working closely together and that is having a positive impact. In 33 percent of cases, consumers were notified of the fraud by a bank or card issuer.
Email and other proactive alerts can help consumers discover and stop identity fraud more quickly. Consumers must retain vigilance as 50 percent found the fraud themselves by monitoring their bank accounts, statements, credit scores and purchasing identity protection services. When reported in a timely manner, costs can be kept down.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.