Identity fraud in US reaches highest level in three years

Merchants and banks, however, absorbed much of the losses, according to Javelin Strategy and Research

U.S. consumers experienced the highest level of identity theft in three years in 2012, although much of the fraud losses were absorbed by banks and merchants, according to a new survey.

Incidents of identity fraud affected 5.26 percent of U.S. adults last year, according to a survey of 5,249 people by Javelin Strategy and Research. That's up from 4.9 percent in 2011 and 4.35 percent in 2010. The company put the total number of identity victims in 2012 at 12.6 million.

At least half of those victims did not bear the cost of the fraud, Javelin said in its report. Of those who did, the mean cost rose to US$365 in 2012, from $354 in 2011. The bulk of the fraud was absorbed by financial institutions, merchants and other businesses, Javelin said.

One of the largest spikes came in new account fraud, where criminals collect personal data and then open, for example, a new credit card account. New account fraud climbed to 1.22 percent of adults last year, from 0.82 percent in 2011.

More than half of the new account fraud involved applying for general-use and store-branded credit cards, Javelin said.

New account fraud "poses a growing threat to consumer identities and private industry's bottom line -- especially as the total fraud loss has doubled from 2011, to $9.8 billion," Javelin said.

Data breaches were a likely source for Social Security numbers, issued to all U.S. citizens, and a key piece of information often required for opening new accounts. Consumers who knew their SSN had been breached were 14 times more likely to be a victim of new account fraud, Javelin said.

Javelin said it also found a large jump in account takeover incidents, which increased from 0.36 percent in 2011 to 0.60 percent in 2012. Fraudsters likely obtained account details through data breaches or through malicious software attacks.

"By changing consumer contact information, fraudsters can limit the consumer's ability to be notified of fraud while redirecting any newly requested payment cards," the report said. "The misuse of store-branded cards could allow fraud to go undetected longer, as these accounts are less likely to be reviewed or used than general-use credit cards."

The most financially damaging fraud in the account takeover category was ACH (Automated Clearing House) and wire transfer fraud, which had the highest mean fraud figure at $5,138 per incident.

ACH is a widely used but aging system that is used by financial institutions for exchanging details of direct deposits, checks and cash transfers made by businesses and individuals. It is overseen by the National Automated Clearing House Association (NACHA), a nonprofit association.

Javelin's survey was sponsored by CitiGroup, Intersections LLC and Visa, although those companies were not involved in the analysis in order to maintain the project's independence and objectivity, Javelin said.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Tags securityIdentity fraud / theftfraudJavelin Strategy and Research

Comments

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Web Security and Control

Protect your users on the web

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.