Digital Transactions Authoritative, insightful and timely information for payments professionals
Ever-clever criminals are expanding their scope in information as well as funds. That’s according to the annual Identity Fraud Study released Tuesday by Javelin Strategy & Research.
“The thing that was most surprising to me was that so many scam victims were also deceived into providing personally identifiable information (PII),” Jennifer Pitt, Javelin senior analyst for fraud and security, tells Digital Transactions News. “In fact, 71% of scam victims were tricked into giving the scammer their personal information.”
That’s a problem because it indicates criminals may intend to commit to the long game, exploiting consumers after the initial scam. And more personally identifiable information can make their activities more difficult to distinguish from legitimate activity.
Email addresses, at 43%, were the most stolen bits of information, followed by phone numbers, 38%, and banking details, 28%. Javelin surveyed 5,023 U.S. adults in October.
Such data could be useful in account-takeover fraud, where criminals are especially adept. Javelin says the largest increase in financial losses in 2024 came in account takeover, at almost $16 billion, up $2.9 billion from 2023.
“Criminals can get more return by taking over existing accounts, which have already undergone initial onboarding and know-your-customer (KYC) checks,” Pitt says. “By gaining unauthorized account access and changing account information, such as the email address and phone number, criminals can use the account longer without detection. Criminals are using these techniques, along with advanced technology, to attack businesses and individuals. Recent years have brought a noticeable increase in data breaches, cyber intrusions, phishing attacks, scams, and deepfake creations, all of which can lead to identity fraud.”
Countering fraud, especially account-takeover fraud, is challenging. As Javelin says in the report, “For now, criminals have pulled ahead in this battle. This is especially true with account-takeover fraud.”
To counter it, Pitt advises a multi-layered approach. “To help reduce account-takeover fraud, banks should partner with cellular-service providers to combat SMS phishing attacks. They should also work with social-media companies to integrate real-time fraud education,” she says.
“To strengthen identity verification and authentication, banks should employ an ongoing, automated KYC solution (dubbed perpetual KYC) that can address compliance concerns, mitigate the risks of fraud and money laundering in real time, and build customer trust,” Pitt says in an email. “It is also well past time for eliminating passwords , which can be easily cracked. The great news is that consumers are open to password alternatives, including fingerprint-based biometrics and one-time passcodes. As fraud tactics become more advanced, banks must also invest in generative-AI-powered deepfake and fraud-detection solutions.”
Other identity-fraud losses by type amounted to less than account-takeover fraud, but all increased over 2023. Existing card-fraud losses reached $11.6 billion in 2024, up from $9.1 billion in 2023. Existing non-card fraud of $9.3 billion was up $1.5 billion from the prior year, and new-account fraud of $6.2 billion increased from $5.3 billion in 2023. Existing card fraud is perpetrated against existing card and non-card accounts, Javelin says. It is done through the use of checking and savings accounts, and loan, insurance, telephone, and utilities accounts, among other accounts.
