In 2013, data breaches became more damaging, with one in three people who received a data breach notification letter becoming an identity fraud victim. Encouragingly, the amount criminals stole decreased by $3 billion to $18 billion, reflecting more aggressive actions from financial institutions, identity theft protection providers and consumers.
Identity fraud is defined as the unauthorized use of another person’s personal information to achieve illicit financial gain. Identity fraud can range from simply using a stolen payment card account, to making a fraudulent purchase, to taking control of existing accounts or opening new accounts, including mobile phone or utility services.
In October 2013, Javelin Strategy & Research conducted an address-based survey of 5,634 U.S. consumers to identify important findings about the impact of fraud, uncover areas of progress and identify areas in which consumers must exercise continued vigilance.
More victims, less stolen - The number of identity fraud incidents increased by 500,000 consumers over the past year, while the dollar amount stolen decreased to $18 billion, significantly lower than the all-time high of $48 billion in 2004. Those between 35-44 were at greatest risk. When successful, fraudsters are now more than three times as likely to use the money stolen to buy prepaid or gift cards to make fraudulent purchases.
Types of fraud changed - account takeover rose dramatically — Criminals are changing behavior to exploit vulnerabilities. Most tellingly, account takeover hit a new record in incidence for the second year in a row and accounted for 28 percent of identity fraud losses. Account takeovers for utilities and mobile phone fraud nearly tripled, as fraudsters add new properties to victims’ utility accounts and run up unauthorized charges using “premium” texting services. Consumers that are a victim of account takeover tend to start paying bills online to improve security.
Data breaches are the greatest risk factor for identity fraud - In 2013, one in three consumers who received notification of a data breach became a victim of fraud. This is up from one in four in 2012. Forty-six percent of consumers with breached debit card in 2013 became fraud victims in the same year, compared to only 16 percent of consumers with a Social Security number breached.
Identity fraud is more than just credit card fraud - Specifically, non-card fraud saw a rapid rise in 2013. The number of non-card fraud victims nearly tripled and it accounted for $5 billion in fraud. This fraud includes: compromised lines of credit, Internet accounts (e.g., eBay, Amazon) and email payment accounts such as PayPal.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.