Digital Identity Blog

Thought leadership for cybersecurity, fraud and digital channel professionals

More Than 11.6 Million Americans Victims of Identity Fraud: Mobile…Social Media…Data Breaches… Put Consumers at Risk.

By ThreatMetrix
ThreatMetrix®, The Digital Identity Company®, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying more than 20 billion annual transactions supporting 30,000 websites and 4,000 customers globally through the ThreatMetrix Digital Identity Network®, ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches.
Follow ThreatMetrix ThreatMetrix's Most Recent Posts:

The nation’s longest-running study of identity fraud, with 42,951 respondents surveyed over the past nine years, reported that upwards of 11.6 million adults, became victims of identity fraud in the United States in 2011. That’s an increase of 13 percent over the previous year.

Javelin Strategy & Research, which provides quantitative and qualitative research focused on the global financial services industry, just released a study, “The 2012 Identity Fraud Report: Social Media and Mobile Forming the New Fraud Frontier,” which found that social media and mobile behaviors could be putting consumers at greater risk for identity fraud.

A Javelin press release explained that in October 2011 the company conducted an address-based survey of 5,022 U.S. consumers to identify the impact of fraud, uncover areas of progress, and determine where consumers should be especially alert.

James Van Dyke, Javelin’s president, noted, “The study found specific opportunities for improvement. Consumers must be vigilant and in control of their personal data as they adopt new mobile and social technologies in order to not make it easier for fraudsters to perpetrate crimes. Our survey found data breaches are increasingly putting consumers at risk. Consumers and organizations should always carefully and actively monitor accounts, but they should pay particular attention after an incident.”

The study showed these trends:

Identity Fraud Incidents Increased, Amount Stolen Remained Steady—The number of identity fraud incidents increased by 13 percent over the past year, but the dollar amount stolen remained steady. Additionally, consumer out-of-pocket costs have decreased by 44 percent since 2004, likely due to the improved prevention and detection tools that have come available as well as fraud alerts leading to reduced detection time

Social Behaviors Put Consumers at Risk—For the first time, Javelin examined. social media and mobile phone behaviors and identified certain social and mobile behaviors that had higher incidence rates of fraud than all consumers. LinkedIn, Google+, Twitter and Facebook users had the highest incidence of fraud although there is no proof of direct causation. The survey found that despite warnings that social networks are a great resource for fraudsters, consumers are still sharing a significant amount of personal information frequently used to authenticate a consumer’s identity. Surprisingly those with public profiles (those visible to everyone) were more likely to expose this personal information. Specifically, 68 percent of people with public social media profiles shared their birthday information (with 45 percent sharing month, date and year); 63 percent shared their high school name; 18 percent shared their phone number; and 12 percent shared their pet’s name—¬all are prime examples of personal information a company would use to verify your identity.

Smartphone Owners Experience Greater Incidence of Fraud—The survey found seven percent of smartphone owners were victims of identity fraud. This is a 1/3rd higher incidence rate compared to the general public. Part of this increase may be attributable to consumer behavior: 32 percent of smartphone owners do not update to a new operating system when it becomes available; 62 percent do not use a password on their home screen—enabling anyone to access their information if the phone is lost; and 32 percent save login information on their device

Data Breaches Increasing and More Damaging — One likely contributing factor to the fraud increase was the 67 percent increase in the number of Americans impacted by data breaches compared to 2010. Javelin Strategy & Research found victims of data breaches are 9.5 times more likely to be a victim of identity fraud than consumers who did not receive such a data breach letter.

The survey found a key factor in the increase in identity fraud was the rising number of data breaches. Fully 36 million people or about 15 percent of Americans were notified of a data breach where their credit card or debit numbers or Social Security numbers were compromised, making this group 9.5 times more likely to become victims of identity fraud.

The survey also found that among social networks, LinkedIn users and those who regularly checked-in with GPS-enabled information were more than twice as likely to have reported being victims.

Javelin also passed along this advice:

1. Keep Personal Data Private—At home, at work and on your mobile devices, secure your personal and financial records in a locked storage device or behind a password. Of those consumers who knew how the crimes were committed, nine percent of all identity fraud crimes were committed by someone previously known to the victim in 2011. Avoid mailing checks to pay bills or to deposit funds in your banking account. Use online bill payment on a secure Internet access (not a public Wi-Fi hotspot) instead and direct deposit payroll checks.

2. Be Social, Be Responsible—While social networks are popular, be careful about publicly exposing personal information that is typically used for authentication (full birth date, high school name). This applies to all social networks.

3. Use Mobile Devices Responsibly—Mobile devices are a treasure trove of information for fraudsters. The “always on” functionality of mobile devices provides fraudsters with new avenues for securing information. Be sure of the applications you download, the data you share over public Wi-Fi and where you leave your devices.

4. Ask Questions— Before providing any information on mobile phones, social media sites and transactions sites, question who is asking for the information? Why do they need it? How is the information being used? If volunteering information, ask yourself if you have more to gain or more to lose by sharing personal and unnecessary details.

5. Take Control—In 2011, 43 percent of fraud was first detected by the victims. By monitoring accounts online at bank and credit card websites, and setting up alerts that can be sent via e-mail and to a mobile device, consumers can more quickly detect if they are a victim of identity fraud and stop it early.

6. Learn About Methods to Protect Your Identity—There is a wide array of services available to consumers who want extra protection and peace of mind. These include credit monitoring, fraud alerts, credit freezes and database scanning. Some services can be obtained for a fee and others at no cost. These services can detect potentially fraudulent information from credit reports, public records, and online activity that are difficult to track on your own.

7. Report Problems Immediately—Work with your bank, credit union or protection services provider to take advantage of resolution services, loss protections and methods to secure your accounts. A fast response can enhance the likelihood that losses are reduced, and law enforcement can pursue fraudsters so they experience consequences for their actions.

8. Take Any Data Breach Notification Seriously—If you receive a data breach notification, take it very seriously as you are at much higher risk according to the 2012 Identity Fraud Report: Social Media and Mobile Forming the New Fraud Frontier. If you receive an offer from your financial institution or retailer for a free monitoring service after a breach, you should take advantage of the offer or closely monitor your accounts directly.

By ThreatMetrix Posted