2 million more fraud victims in 2016 than year previous: report
Consumers are becoming increasingly connected through a medley of devices, including mobile, and a new report confirms the fear that digitally connected consumers are more at risk for identity fraud but users are detecting it earlier.
The 2017 Identity Fraud Study was a joint venture between Javelin Strategy & Research, which provides advisory services for the financial industry, and LifeLock, an identity theft company, and it revealed that the number of identity fraud victims increased by sixteen percent (rising to 15.4 million U.S. consumers) in the last year, a record high the firm began tracking identity fraud in 2003. Much of the increase in fraud was due to an increase in targeting of card-not-present transactions, which surged 40 percent and primarily occurs within ecommerce and mcommerce.
“One of the key findings this year was that account takeover increased,” said Dr. Stephen Coggeshall, chief analytics and science officer at LifeLock. “This is when a fraudster takes over one of your financial accounts by assuming your identity to get access to your checking, savings or other credit-based account.
“We’ve seen this type of fraud impact the mobile space, and here’s how it works,” he said. “To cut down on fraud, many banks are now requiring stronger identity authentication processes, including asking their customers to use multi-factor authentication.
“One way to do this is to use an out-of-band channel, such as your mobile phone, and typically a customer receives a PIN texted to their mobile that they then enter in online. We’re seeing fraudsters add themselves to a victim’s mobile account to intercept the PIN and then take over the victim’s financial account after authenticating. At this point, the fraudster would steal money or use the account to make illegal money transfers.”
And while the above findings are alarming, there is a bit of a silver lining for the connected consumer: the study found that while fraudsters are becoming better at evading detection, consumers with an online presence are getting better at detecting fraud quicker, leading to less stolen overall per attempt.
On the other hand, consumers with little online presence, either social networking or shopping, are exposed to less fraud risk than digitally connected consumers, but tend to suffer heavier consequences when fraud actually does happen. Due to distrust of both online and mobile banking, these consumers take more than 40 days to detect fraud and incur higher fraud amounts than other fraud victims.
Account takeover instances also rose last year. Total account takeover losses reached $2.3 billion, a 61 percent increase from 2015, while incidence rose 31 percent.
The report also dedicates a section to analyze four “consumer personas” and the risk of each in a precarious online environment.
At the opposite side of offline consumers — the ones who distrust mobile banking — are digitally connected consumers, who have extensive social network activity, frequently shop online or with mobile devices, and are quick to adopt new digital technologies. According to the report, 25 percent of these consumers used a P2P payment service in the past week.
Digitally connected consumers have a presence on an average of 4.9 social networks, are predominantly female. This also exposes them to greater risks, a 30 percent more risk for fraud.
Social networkers tend to share their social life in digital platforms like Facebook and Snapchat but do very little mcommerce face the risks associated with having their personal information widely available to fraudsters who can use it to overcome security measures or socially engineer victims. This manifests in a 46 percent higher risk of account takeover fraud.
And ecommerce shoppers expose their financial information to potential compromise and experience an elevated risk of existing card fraud. Sixty-two percent of these e-commerce shoppers made an online purchase within the past week.
While this customer segment experienced the highest prevalence of fraud of any of the four segments, they also tended to catch it very quickly, minimizing the impact; 78 percent of fraud victims in this segment detected fraud within one week of it beginning.
The study should be illuminating to anyone who spends an appreciable amount of time mobile shopping or sharing on social media, and may suggest that consumer habits and vendor infrastructures may be outpacing security best practices. The maxim was certainly relevant late last year when it was revealed that Yahoo was victim to the largest hack in history, a compromise of 1 billion user accounts (see story).
Consumers are slowly becoming privy to the perils of heedless online behavior. A recent study commissioned by American Express revealed that 78 percent of consumers are willing to undertake auxiliary measures, such as two-factor authentication, to ensure online security (see story).
“On your own, there’s not much you can do to prevent this type of fraud, but there are services that help stop it,” Dr. Coggeshall said. “At ID Analytics, we work in the background to help shut down this type of mobile fraud before it happens.
“And at LifeLock, we’re working to alert customers within our network to potentially fraudulent activity. We also help to resolve fraud on behalf of our members if it happens to them.”