Identity fraud losses in 2020 reached a total of $56 billion (USD). This figure represents a combined total of $13 billion for traditional identity fraud (down 21% from 2019) and $43 billion for identity fraud scams. This inordinate growth can be attributed to criminals increasingly targeting consumers directly with scams to gain easy access to a treasure trove of personally identifiable information (PII) that enables them to take over a consumer’s identity. It is important to make a distinction between the two emerging types of identity fraud of attack vectors that criminals used in 2020 and will likely continue to use. 

 

IDENTITY FRAUD TACTICS DIVERGE

 

 

 

KEY FINDINGS

 

The key findings of the annual report reveal a significant increase in identity fraud scams and loan fraud. Identity fraud has quickly evolved through unique societal changes related to innovation, the worldwide Covid-19 pandemic, and criminal tactics that focus on both corporate and consumer targets.

 

Javelin has been carefully evaluating the shifts in criminal behavior over the course of several years. Scams are easy to orchestrate and present a unique opportunity for criminals to bypass the fraud detection technology implemented by financial service providers to prevent criminals from gaining unauthorized access to consumer accounts. By targeting consumers directly, the criminals once again find their path of least resistance. Particularly during 2020, where everyone interacted almost exclusively via phone, text, email, and via social media platforms, vulnerable consumers were easy and abundant targets. 

 

A noteworthy characteristic of identity fraud that originates from scams is the fact that consumers recall the moment they interacted with a criminal’s text, call, or email.

 

 

 

 

 

 

 

 

 

 

 

 

FREQUENTLY ASKED QUESTIONS

 

How is identity theft different than identity fraud?

 

Identity theft is defined by Javelin as unauthorized access of personal information. It can occur without identity fraud, such as through large-scale data breaches. Once the theft is coupled with illicit financial gain, then Javelin considers it identity fraud.

 

What steps can consumers take to protect themselves from current fraud threats?

 

Consumers can take active steps to prevent identity fraud from impacting their lives. Changing existing behaviors in how people use payments and make purchases will help in keeping their financial lives healthy. The following are recommendations for consumers to follow:

  • Use digital wallets to manage in store and online payments. The technology encrypts and tokenizes data so if it is stolen it is useless information to the criminals.
  • Consumers need to adopt a zero trust contact policy.  The only acceptable action when receiving unexpected contact with a potential imposter is to exhibit zero trust.  The new mantra? “Hang up and call your financial institution”.
  • Turn on two-factor authentication wherever possible – but guard the one-time passcodes closely by not divulging them via text or phone call.  For sites without two-factor authentication, use strong passwords or a password manager to secure highly complex and varying passwords on accounts.
  • Secure your devices –Consumers should secure online and mobile devices by instituting a screen lock, encrypting data stored on the devices, avoiding public Wi-Fi and/or using a VPN, and installing anti-malware.  Anti-malware protection is essential for all devices. 
  • Place a security freeze on credit reports – Placing a freeze on your credit reports can prevent anyone else from opening one in your name and there is no cost to initiate. Should you need to open an account requiring a credit inquiry, the freeze can easily be lifted for up to 90 days or more through the credit bureaus websites and or smartphone apps. 
  • Sign up for account alerts everywhere – A variety of financial service providers, including banks, credit card issuers and brokerages, provide their customers with the option to receive notifications of suspicious activity – as do businesses in other industries, such as email and social media providers.
  • Keep your contact information updated with  your financial services provider –Remember:  You cannot receive a fraud alert if your new cellphone number hasn’t been updated.

 

What are the most important things consumers can do to protect themselves from identity fraud?

 

There are a variety of digital tools that consumers can leverage to stay informed about the status of their accounts (like account alerts).  The easiest method of detecting anomalous account activity is to simply review account activity on a daily or weekly basis.  It is essential for consumers to report unusual transactions to their service providers as soon as possible to avoid additional losses or penalties in resolving suspected fraud activity.

 

Consumers are always encouraged to visit the Federal Trade Commission website if they wish to self-educate or file ID theft reports. To report incidents of suspected fraud or identity theft, visit the FTC online at http://www.ftc.gov/faq/consumer-protection/report-identity-theft 

 

If consumers become victims, what should they do?

 

Consumers who think they are a victim of theft should take the following suggested actions:

  • If any existing accounts were misused, notify your account providers.
  • Ask your financial services provider or business partner if they require a police report or signed affidavit in order to process a fraud claim. Make sure that you save a copy of all documentation for your records and make every attempt to maintain a record of each action you take to mitigate the problem complete with dates, times and out-of-pocket costs.
  • Place an “alert” at all three credit bureaus (Equifax, Experian and TransUnion) and take the time to enable a credit freeze at each credit bureau.  Close any unauthorized accounts immediately. Request a free copy of your credit report directly from the credit bureau.  Every US consumer is entitled to one free annual credit report.
  • Consider enrolling in monitoring/alert services to track any changes to your credit, addresses or public records, and be vigilant. Public record information will not show up on a credit report and can be used to commit fraud. Check our sponsors’ websites for fraud prevention information and solutions.
  • Start fresh with new payment card numbers, user logins and passwords.  Focus on user logins and passwords that are not specific to your name or personal information.  Passwords should be complex and a minimum of 8 characters or more.
  • Maximize the effectiveness of every communication with your financial institutions. It is important to ask how long you have to resolve fraudulent claims. Understanding what items your financial institution covers as “zero liability” may change from year to year so it’s important to determine the scope of what you may be responsible for. Cooperation and timely disposition of accurate documentation is essential to a faster resolution of ID fraud.