$16 Billion Stolen from 12.7 Million Identity Fraud Victims in 2014, According to Javelin Strategy & Research
Students Most Severely Impacted by Fraud
Two-Thirds of Identity Fraud Victims Were Also Notified Data Breach Victims
SAN FRANCISCO, March 3, 2015 – The 2015 Identity Fraud Study, released today by Javelin Strategy & Research (@JavelinStrategy), revealed that 2014 was a mixed year in the fight against identity fraud, with some advances and some setbacks. The study found that fraudsters stole $16 billion from 12.7 million U.S. consumers last year. With a new identity fraud victim every two seconds, there is still significant risk to consumers, particularly students. Encouragingly, new account fraud – when someone opens an account in your name that you are not aware of – hit a record low in 2014, but continues to be one on the most damaging types of fraud. Data breaches were a big headline in 2014, and they had a significant impact on identity fraud. The study found that two-thirds of identity fraud victims in 2014 had previously received a data breach notification in the same year, with many indicating their wariness about shopping at merchants, including big box retailers.
The annual 2015 Identity Fraud Study is a comprehensive analysis of identity fraud trends, independently produced by Javelin Strategy & Research and made possible by LifeLock, Inc., a leading provider of proactive identity theft protection services for consumers, and fraud and risk management solutions for enterprises. Now in its twelfth consecutive year, it is the nation’s longest-running study of identity fraud, with 58,800 respondents surveyed since 2003.
Identity fraud is defined as the unauthorized use of another person’s personal information to achieve illicit financial gain. Identity fraud can range from simply using a stolen payment card account, to making a fraudulent purchase, to taking control of existing accounts or opening new accounts. The 2015 Identity Fraud Study found several significant trends, including:
- Incremental decrease in victims doesn’t tell the whole story – The number of victims of identity fraud decreased by 3 percent from 13.1 million in 2013 to 12.7 million in 2014. But progress has been made with total fraud losses declining to $16 billion in 2014, a decrease of 11 percent from 2013 ($18 billion). This decrease is attributable to the combined efforts of industry, consumers, and monitoring and protection systems that are catching fraud more quickly.
- Students least concerned yet most severely impacted by fraud – Among several demographic segments analyzed, students indicated the least amount of concern about fraud occurring, with more than 64 percent saying they were not very concerned about fraud. Yet, this same group is more likely to perceive significant effects due to the occurrence of fraud (15 percent experiencing moderate or severe impact). Students are also the least likely to detect identity fraud themselves. In fact, 22 percent of students were notified that they were a victim of identity fraud either by a debt collector or when they were denied credit, three times higher than average fraud victims. Students are also four times more likely to be victims of “familiar” fraud, versus all other consumers.
- Fraud victims avoiding retailers – 2014 saw a significant amount of data breaches, most notably from retailers Neiman Marcus, Home Depot, Staples and Michael’s, as well as financial institution JPMorgan Chase. These breaches had a great impact on consumer purchasing decisions, with 28 percent of fraud victims saying they avoided merchants post-fraud. Notably, individuals whose credit or debit cards were breached in the past year were nearly three times more likely to be an identity fraud victim. This highlights the need for increased security, vigilance and quick response by retailers.
- New account fraud going undetected – New account fraud reached record lows in 2014, yet the study showed that victims of new account fraud are three times more likely to take a year or more to discover that their identities were misused compared to other types of fraud, such as existing non-card accounts. This can open the door for fraudsters to be able to use the victim’s identity for illicit behavior for a long period of time, which can result in greater harm to consumers in the form of financial losses, and problems with their credit history and scores. These findings reinforce the need for consumers to actively monitor their identities and accounts.
“Despite the headlines, the occurrence of identity fraud hasn’t changed much over the past year, and it is still a significant problem,” said Al Pascual, director of fraud & security, Javelin Strategy & Research. “Consumers, financial institutions and retailers are all taking aggressive steps, yet we must remain vigilant. The criminals will continue to find new ways to commit fraud, so taking advantage of available technology and services to protect against, detect and resolve identity fraud is a must for all individuals and corporations.”
In October 2014, Javelin Strategy & Research conducted an address-based survey of 5,000 U.S. consumers to assess the impact of fraud, uncover where fraudsters are making progress, explore consumers’ actions and behaviors, and identify segments of consumers most affected by fraud.
Six Safety Tips to Protect Consumers
Javelin Strategy & Research recommends that consumers work in partnership with institutions to help minimize their risk and impact of identity fraud. Following is a six step approach for consumers to follow:
- Secure your mobile device – As consumers transition more of their financial lives to smartphones and tablets, these devices have become high-profile targets for both cybercrooks and thieves alike. To help protect against criminals from getting their hands on valuable personal information, apply software updates (patching known vulnerabilities) as soon as they become available, and take advantage of the security capabilities built into Android and iOS devices, such as protecting the device with a passcode or biometric (such as a fingerprint), and the ability to encrypt and remotely wipe the contents of the device in the event it is stolen.
- Exercise good password habits – Passwords have remained the de facto first line of defense for most online accounts, which has motivated criminals to compromise them whenever possible. Using strong, unique, regularly updated passwords helps reduce the value to fraudsters of passwords stolen in a data breach or through malware. Password managers can provide a convenient way to manage good password hygiene without resorting to writing them down, which could also place them at risk of physical compromise.
- Take advantage of EMV and mobile payments – Data breaches were a massive problem in 2014, with several high-profile businesses being affected. Cyberthieves stole the credit and debit card information of millions of account holders in their effort to fuel the needs of fraudsters. Recently introduced to the U.S., EMV chip cards and mobile payment solutions (such as Apple Pay), can reduce the value of payment data to cyberthieves, as they introduce security factors which make misusing the data much more difficult when compared to traditional magnetic stripe cards.
- Sign up for account alerts – A variety of financial service providers, including depository institutions, credit card issuers and brokerages, provide their customers with the option to receive notifications of suspicious activity. These notifications can often be received through email or text message, making some notifications immediate, and some go so far as to allow their customers to specify the scenarios under which they want to be notified so as to reduce false alarms.
- After a data breach, make sure that any “free monitoring services” fit the crime – Not all data breaches are created equal as different types of data can be used to commit different types of fraud. Be certain that if you are offered some type of identity protection or credit monitoring product after a breach that it is designed to help protect against the types of frauds that the breach has exposed you to. If not, contact the provider and inquire as to whether or not an alternative service is available.
- Seek help as soon as fraud is detected – The more immediate a financial institution, credit card issuer, wireless carrier or other service provider is notified that fraud has occurred on an account, the sooner these organizations can act to limit the damage. Early notification can also help limit the liability of a victim in some cases, as well as allow more time for law enforcement to catch the fraudsters in the act.
Additional Consumer Resources
For a free, easy-to-use identity fraud risk assessment, visit http://www.lifelock.com/risk-calculator/
To take an identity fraud safety quiz, and get additional safety tips, visit www.idsafety.net.
To learn more about how consumers can protect themselves, visit LifeLock’s blog.
To report incidents of suspected fraud or identity theft, visit the FTC online.
To learn how to create more secure passwords, watch this video.
About Javelin Strategy & Research
Javelin Strategy & Research (@JavelinStrategy), a Greenwich Associates LLC company, provides strategic insights into customer transactions, increasing sustainable profits for financial institutions, government, payments companies, merchants and other technology providers. Javelin’s independent insights result from a uniquely rigorous three-dimensional research process that assesses customers, providers, and the transactions ecosystem.
All trademarks are the property of their respective owners.