Card-Not-Present Fraud Rises Significantly, Account Takeover Losses Increased by 61 Percent
Digitally Connected Consumers Have Higher Risk of Identity Fraud but Offline Consumers Take Longer to Detect Fraud
SAN FRANCISCO, February 1, 2017 – The 2017 Identity Fraud Study released today by Javelin Strategy & Research (@JavelinStrategy), revealed that the number of identity fraud victims increased by sixteen percent (rising to 15.4 million U.S. consumers) in the last year, a record high since Javelin Strategy & Research began tracking identity fraud in 2003. The study found that despite the efforts of the industry, fraudsters successfully adapted to net two million more victims this year with the amount fraudsters took rising by nearly one billion dollars to $16 billion.
There was a resurgence in existing card fraud in 2016, which saw an increase of 40 percent in card-not-present (CNP) fraud. The study also found that the increase in EMV cards and terminals was a catalyst for driving fraudsters to shift to fraudulently opening new accounts. On a positive note, while fraudsters are becoming better at evading detection, consumers with an online presence are getting better at detecting fraud quicker, leading to less stolen overall per attempt.
The annual 2017 Identity Fraud Study is a comprehensive analysis of identity fraud trends, independently produced by Javelin Strategy & Research and made possible by LifeLock, Inc., a leading provider of proactive identity theft protection services for consumers. Now in its fourteenth consecutive year, it is the nation's longest-running study of identity fraud, with 69,000 respondents surveyed since 2003.
The 2017 Identity Fraud Study found four significant trends:
- Fraud leaps to a record high incidence – In 2016, 6.15 percent of consumers became victims of identity fraud, an increase by almost 2 million victims from the previous year. The incidence rate jumped by 16 percent from 2015, the highest incidence since Javelin began tracking identity fraud. This increase was driven by growth in existing card fraud, which saw a significant spike in card-not-present transactions.
- Card-not-present (CNP) fraud rises significantly – Driven by closing opportunities for point-of-sale fraud and the growth of e- and m-commerce, fraudsters are increasingly moving online, dramatically increasing the prevalence of CNP fraud by 40 percent. Meanwhile incidence of fraud at the point-of-sale (POS) remained essentially unchanged from 2014 and 2015 levels.
- Account takeover bounces back – After reaching a low point in 2014, both account takeover incidence and losses rose notably in 2016. Total ATO losses reached $2.3 billion, a 61 percent increase from 2015, while incidence rose 31 percent. Account takeover continues to be one of the most challenging fraud types for consumers with victims paying an average of $263 out of pocket costs and spending a total of 20.7 million hours to resolve it in 2016 – 6 million more than in 2015.
- New-account fraud continues unabated – As EMV cards and terminals continue to permeate the US POS environment, fraudsters shift to fraudulently opening accounts that allow them. At the same time, fraudsters have become better at evading detection, with new-account fraud (NAF) victims being notably more likely to discover fraud through review of their credit report (15 percent) or when they were contacted by a debt collector (13 percent).
New this year, the 2017 Identity Fraud Study identifies and analyzes four consumer personas, Offline Consumers, Social Networkers, e-Commerce Shoppers and Digitally Connected, based on attributes and fraud risks. Significant finding are:
- Offline Consumers have little online presence, either social networking or shopping, are exposed to less fraud risk than digitally connected consumers, but their minimal digital life brings other risks. With a distrust of both online and mobile banking, these consumers take more than 40 days to detect fraud and incur higher fraud amounts than other fraud victims.
- Social Networkers share their social life in digital platforms (like Facebook, Instagram, Snapchat and other networks) but do very little e- or m-commerce, face the risks associated with having their personal information widely available to fraudsters who can use it to overcome security measures or socially engineer victims. This manifests in a 46 percent higher risk of account takeover fraud.
- E-commerce Shoppers (including m-commerce) expose their financial information to potential compromise and experience an elevated risk of existing card fraud. Sixty-two percent of these e-commerce shoppers made an online purchase within the past week. While this customer segment experienced the highest prevalence of fraud of any of the four segments, they also tended to catch it very quickly, minimizing the impact. Seventy-eight percent of fraud victims in this segment detected fraud within one week of it beginning.
- Digitally Connected Consumers have extensive social network activity, frequently shop online or with mobile devices, and are quick to adopt new digital technologies. Twenty-five percent of these consumers used a P2P payment service in the past week. Digitally connected consumers have a presence on an average of 4.9 social networks, are predominantly female. This also exposes them to greater risks, a 30 percent more risk to be a fraud victim.
"After five years of relatively small growth or even decreases in fraud, this year's findings drives home that fraudsters never rest and when one areas is closed, they adapt and find new approaches," said Al Pascual, senior vice president, research director and head of fraud & security, Javelin Strategy & Research. "The rise of information available via data breaches is particularly troublesome for the industry and a boon for fraudsters. To successfully fight fraudsters, the industry needs to close security gaps and continue to improve and consumers must be proactive too."
Identity fraud is defined as the unauthorized use of another person's personal information to achieve illicit financial gain. Identity fraud can range from simply using a stolen payment card account, to making a fraudulent purchase, to taking control of existing accounts or opening new accounts.
In 2016, Javelin conducted an address-based survey of 5,028 U.S. consumers to assess the impact of fraud, uncover where fraudsters are making progress, explore consumers' actions and behaviors and how it relates to fraud risk levels, and identify segments of consumers most affected by fraud.
Seven Safety Tips to Protect Consumers
Javelin recommends that consumers work in partnership with institutions to help minimize their risk and impact of identity fraud. The following are seven recommendations for consumers to follow:
- Be smart on social media – Social media can help you keep up-to-date on your friends lives, but can also help fraudsters stay up-to-date too. Reviewing your social media security settings to make sure that your profile is only visible to friends and connections is a good place to start in securing social media from fraudsters. Do not accept friend requests from people you do not know.
- Protect online shopping accounts – With fraud moving online, accounts with online shopping sites are valuable targets. Enabling two-factor authentication on sites that have that capability, such as Amazon, can make it significantly more difficult for fraudsters to take over your accounts. For sites without two-factor authentication, use strong passwords or a password manager to secure accounts.
- Exercise good password habits – Passwords have remained the de facto first line of defense for most online accounts, which has motivated criminals to compromise them whenever possible. Using strong, unique, regularly updated passwords helps reduce the value to fraudsters of passwords stolen in a data breach or through malware. Password managers can provide a convenient way to manage good password hygiene without resorting to writing them down, which could also place them at risk of physical compromise.
- Place a security freeze – If you are not planning on opening new accounts in the near future, a freeze on your credit report can prevent anyone else from opening one in your name. Credit freezes must be placed with all three credit bureaus and prevents everyone except for existing creditors and certain government agencies from accessing your credit report. While costs vary per state, typically each bureau costs below $20. Should you need to open an account requiring a credit check, the freeze can be lifted through the credit bureaus.
- Sign up for account alerts – A variety of financial service providers, including depository institutions, credit card issuers and brokerages, provide their customers with the option to receive notifications of suspicious activity. These notifications can often be received through email or text message, making some notifications immediate, and some go so far as to allow their customers to specify the scenarios under which they want to be notified, so as to reduce false alarms. Consumers should also consider signing up for identity protection services which can provide security that is difficult for them to obtain on your own, such as regularly monitoring credit reports for suspicious new accounts and screening for sale of personal information on the dark web.
- Be alert for online transactions – As EMV makes fraud at physical stores more challenging, fraudsters are moving to target online merchants. Some financial institutions offer alerts for online transactions. These can help quickly detect fraud. Since online fraud enables fraudsters to make many transactions in a very short period of time, quickly detecting fraud is essential to preventing greater losses.
- Seek help as soon as fraud is detected – The quicker a financial institution, credit card issuer, wireless carrier or other service provider is notified that fraud has occurred on an account, the sooner these organizations can act to limit the damage. Early notification can also help limit the liability of a victim in some cases, as well as allow more time for law enforcement to catch the fraudsters in the act.
About Javelin Strategy & Research
Javelin Strategy & Research (@JavelinStrategy), a Greenwich Associates LLC company is a research-based advisory firm that advises its clients to make smarter business decisions in a digital financial world. Our analysts offer unbiased, actionable insights and unearth opportunities that help financial institutions, government entities, payment companies, merchants, and other technology providers sustainably increase profits.