Javelin Strategy & Research have released their 2013 Identity Fraud Report with some startling results the scariest being “one in four consumers who receive a data breach letter will become the victim of identity fraud.”
This means the days when a breached organisation would try to keep a breach quiet with the hope that it would go away have gone because the odds are far too high to ignore financial impacts that follow Identity Theft.
This past year was one where there were both successes and setbacks for consumers, institutions and fraudsters,” said Jim Van Dyke, CEO of Javelin Strategy & Research, in a prepared statement. “Consumers and institutions are now starting to act as partners detecting and stopping fraud faster than ever before. But fraudsters are acting quicker than ever before and victimizing more consumers. Consumers must take data breach notifications more seriously and maintain vigilance to safeguard personal information, especially Social Security numbers
Key findings from the study include:
– $21 billion was stolen in 2012. Higher than in recent years but considerably lower than the $47 billion in 2004
– Almost 1 in 4 consumers who received a breach notification letter became a victim of identity fraud.
This underscores the need for consumers to take all notifications seriously. Not all breaches are created equal. The study found consumers who had their Social Security number compromised in a data breach were 5 times more likely to be a fraud victim than an average consumer
– The stolen information was misused for a variety of fraud types, for example credit cards, loans and mobile phone bills and on average was misused for an average of 48 days during 2012 which is down from 55 days in 2011 and 95 days in 2010.
More than 50% of victims were actively detecting fraud using financial alerts, credit monitoring or identity protection services and by monitoring their account
– 15% of all fraud victims changed their online behavior and avoid smaller merchants
While credit card numbers remain the most popular item revealed in a data breach, in reality other information can be more useful to fraudsters. Personal information such as online banking login, username and password were compromised in 10% of incidents and 16% of incidents included Social Security numbers
It’s not just online fraud or data breaches. More than 1.5 million consumers were victims of familiar fraud, which is fraud when victims know the fraudster. Lower income consumers were more likely to be victims of familiar fraud. The information most likely to be taken via familiar fraud includes name, Social Security number, address and checking account numbers
Javelin have produced some guidance for consumers called the “Seven Safety Tips to Protect Consumers”
Javelin Strategy & Research recommends that consumers work in partnership with institutions to minimize their risk and impact of identity fraud by following a three-step approach: Prevention, Detection and Resolution™.
1. Keep personal data private—Secure your personal and financial records behind a password or in a locked storage device whether at home, at work and on your mobile device. Familiar fraud is a serious issue with 12 percent of fraud victims knowing the perpetrator personally. Other ways to secure information include: not mailing checks to pay bills, shredding documents, monitoring your accounts weekly, and protecting your computer and mobile device with updated security software. Use a trusted and secure Internet connection (not a public Wi-Fi hotspot) when transmitting personal or financial information, and direct deposit payroll checks.
2. Look for security features—When paying online be sure you have a secure connection. Two ways you can denote a secure connection are to look for “https” and not just http at the start of the merchant’s web address or a bright green box and padlock graphic in the address bar of most browsers. Check for either one of these before entering personal or payment information.
3. Think before you share—Before providing any sensitive information, question who is asking for the information. Why do they need it? How is the information being used? Do not provide the information if you are unsure about the legitimacy of the request. Be careful when clicking on links that then take you to a page asking for personal information. If an organization asks you for your Social Security number to validate your identity, request another question.
4. Be Proactive—There are many different levels of identity theft protection and consumers should work in partnership with institutions on identity theft prevention. By setting up alerts that can be sent via e-mail and to a mobile device and monitoring accounts online at bank and credit card websites, consumers can take a more proactive role in detecting identity fraud and stopping misuse. In 2012, 50 percent of fraud was first detected by the victims.
5. Enlist others—There are a wide array of services available to consumers who want extra protection and peace of mind including payment transaction alerts, credit monitoring, credit report fraud alerts, credit freezes and database scanning. 3 out of every 5 identity fraud victims did not know the source of their fraud, but many services will now provide alerts directly to a consumer’s smartphone. Some services can be obtained for a fee and others at no cost to the consumers who are victims of a data breach. These services can monitor credit reports, public records and online activity for signs of fraudulent use of personal information.
6. Take any data breach notification seriously—If you receive a data breach notification, take it very seriously as you are at a much higher risk according to the 2013 Identity Fraud Report. If you receive an offer from your financial institution or retailer for a free monitoring service after a breach, you should take advantage of the offer, closely monitor your accounts and put a fraud alert on your credit report.
7. Don’t wait. Report problems immediately—If you suspect or uncover fraud, contact your bank, credit union, wireless provider or protection services provider to take advantage of resolution services, loss protections and methods to secure your accounts. A fast response can enhance the likelihood that losses are reduced, and law enforcement can pursue fraudsters so they experience consequences for their actions.