February 22, 2012
After bottoming out in 2010, identity fraud rose nearly 13% last year, according to new findings from Javelin Strategy & Research. Javelin’s findings also associate two hallmarks of the tech-oriented early 21st Century, social networks and smart phones, with a higher risk of identity fraud.
Pleasanton, Calif.-based Javelin surveyed 5,022 consumers, including 818 fraud victims, in October for its latest annual study of ID fraud. Based on their experiences, Javelin estimates 4.90% of U.S. adults were ID-fraud victims in 2011, up 12.6% from 4.35% in 2010, which was the lowest rate since the study began in 2003. In raw numbers, Javelin estimates the number of victims in 2011 at 11.6 million versus 10.2 million in 2010.
Identity fraud is a term for the use of another person’s identity data or documents to commit fraud, which affects payments companies and banks because it very often involves theft from credit card or demand-deposit accounts. It’s a separate crime from identity theft, which is the taking of another person’s identity attributes without permission.
Javelin also found that 67% more people were affected by data breaches in 2011 versus 2010 as measured by the number of consumers receiving letters that a card, financial, or other personal account may have been compromised. Recipients of such letters are 9.5 times more likely to become an ID-fraud victim than those who don’t get such unwelcome news, James Van Dyke, Javelin’s president and founder, tells Digital Transactions News.
The good news in the report was that the amount of fraud came in at an estimated $18 billion, the lowest since the survey began. Javelin attributes that to a higher prevalence of less-severe types of fraud. For example, misuse of an existing credit or debit card account historically results in lower mean fraud losses than new-account fraud, which is the use of a victim’s information to open new, fraudulent card or financial accounts and has consistently produced relatively high mean fraud losses.
Related good news: The average out-of-pocket loss also is trending down: $354 in 2011, off 44% from $637 in 2004. Zero-liability policies at card networks and dedicated fraud teams at financial institutions have helped expedite the resolution process and reduce consumer losses, Javelin says. And the amount of time consumers spend resolving ID fraud has decreased steadily from the 18-hour average in 2004 to an all-time low of 12 hours last year.
But new ID-fraud threats are emerging as membership in social networks and ownership of smart phones grows. The study for the first time examined consumers’ social-media behavior. Javelin found that users of social networks LinkedIn, Google+, Twitter, and Facebook, in that order, were more likely than the average consumer to be a victim of ID fraud. For example, 7% of LinkedIn users reported being ID fraud victims last year, Van Dyke says.
There is no direct proof of causation between social network membership and ID fraud, according to Javelin. Members’ behavior, however, frequently creates opportunities for fraudsters. For example, 68% of people with public social-media profiles give some birthday information, with 45% providing the month, date and year. Sixty-three percent named their high school; 18% shared their phone number and 12% gave a pet’s name. Fraudsters find all of that information useful as they look to authenticate themselves under another person’s name. “People are clearly over-sharing,” says Van Dyke.
Javelin doesn’t have a reason why members of LinkedIn, the favorite social network for business types, have a higher rate of ID-fraud victimization than members of the other major social networks. Fraudsters may be attracted to LinkedIn because its members have higher incomes than other social networks, Van Dyke says. Another possible reason may be that members are “making connections,” the LinkedIn equivalent of “friending” on Facebook, with people they don’t know but later prove to be fraudsters. “You can have conversations with that person that enables them to get to personal information,” says Van Dyke.
Meanwhile, Javelin found that people aren’t doing enough to protect personal data on their smart phones. Some 6.6% of surveyed smart-phone owners claimed to be ID-fraud victims last year, one-third more than the study average. Javelin found that 32% of smart-phone owners don’t upgrade their phone’s operating system to its latest version, which likely would increase security. Some 62% don’t use a password on their home screen, which opens the way for fraudsters to get personal data if the phone is lost or stolen, and 32% save log-in information on the device.
Processor Fiserv Inc., banking firm Wells Fargo & Co., and Intersections Inc., a provider of and risk-management and anti-ID-theft technology, funded the study.
SPECIAL FEATURERead Digital Transactions Online