While still down from high levels in 2009, identity fraud rose for the second straight year in 2012, according to the latest annual ID-fraud study from Javelin Strategy & Research.
Javelin estimates that 5.26% of U.S. consumers were ID-fraud victims last year, up from 4.90% in 2011 and the recent low of 4.35% in 2010 after hitting 6.00% in 2009. Based on data reported by representative sample of 5,249 consumers, the study estimates 12.6 million Americans became ID-fraud victims last year, up 9% from 11.6 million the year before. Javelin estimates Americans lost $20.9 billion to ID fraud in 2012, an increase of 16% from $18.0 billion in 2011 but still down from $31.4 billion in 2009.
Pleasanton, Calif.-based Javelin also reports that one in four consumers whose personal or financial data were exposed in data breaches became ID-fraud victims last year, up from one in five in 2011. “Identity fraud is up in both quantity of victims and amount of losses,” Javelin chief executive Jim Van Dyke tells Digital Transactions News. “If someone is notified of a data breach, they’re more likely to be a victim.”
In its report, Javelin attributed 2012’s increases to “dramatic jumps” in the two most severe types of fraud, new-account fraud and account-takeover fraud. In the former, a fraudster typically opens a credit card using another person’s identity, while in the latter the criminal masquerades as a legitimate account holder.
The rise in new-account fraud can be partially explained by an increase in marketing by financial institutions as the economy slowly recovers, according to Tim Rohrbaugh, vice president of information security at Intersections Inc., a Chantilly, Va.-based identity risk-management firm that helped fund the study. But another reason for the increase is that despite recent improvements in properly identifying customers, “there’s still some weaknesses in ID verification” by financial institutions. Rohrbaugh adds that the problem is worse for credit card issuers than banks that typically meet new demand-deposit account holders face-to-face.
Both types of fraud become much easier to carry out when the fraudster obtains another person’s Social Security number. The study says consumers who had their Social Security number compromised in a data breach were five times more likely to be a fraud victim than an average consumer.
The report wasn’t all bad. Fraudsters misused consumer information for an average of 48 days in 2012, down from 55 days in 2011 and 95 days in 2010. Credit for some of the reduction goes to the more than 50% of victims who detected fraud by monitoring their payment card and other financial accounts and using financial alerts, credit-report monitoring or identity-protection services, according to Javelin. In 33% of the fraud cases, a bank or card issuer notified the consumer. No matter how good a bank’s or card issuer’s analytical systems, consumers “are really the ones we need to rely on, to look across all accounts,” says Rohrbaugh.
In addition, while the mean fraud amount per victim increased by $110 to $1,653 in 2012, the median amount fell from $472 in 2011 to $350. The disparity between the mean and median indicates some consumers suffered very large losses but the typical victim’s losses fell.
The mean fraud-related cost actually borne by consumers increased 3% to $365 from $354 in 2011, but relatively few paid out of pocket. The median consumer cost remained at $0 because of the zero-liability policies of banks and general-purpose card networks.
Javelin found that 15% of all fraud victims changed behavior and avoided shopping at small online merchants, a much higher percentage than for those avoiding online gaming or larger retailers. While other studies have shown that most data breaches occur at small retailers, Javelin’s research did not produce evidence that fraud victims knew the source of the data breach that compromised their personal information, according to Van Dyke. Still, consumers perceive that “small merchants lack some of the sophistication” of their larger brethren, and many also don’t communicate well with customers after a data breach, he says.
The Federal Trade Commission founded the national ID-fraud survey and Javelin took it over a decade ago. In addition to Intersections, Citigroup Inc. and Visa Inc. helped fund the 2013 study. To maintain objectivity, the sponsors had no role in gathering or analyzing the data, Javelin says.