10:10 AM
Connect Directly

Identity Fraud at a Three-Year High

A report from Javelin Strategy & Research finds that more than $21 billion was stolen due to identity fraud in 2012.

More than $21 billion was stolen due to identity fraud in 2012, the highest figure since 2009, according to a new report from Javelin Strategy & Research. The firm also reports that the frequency with which personal information compromised in data breaches is being used to commit fraud has risen.

The firm's 2013 Identity Fraud Report found that there were 12.6 million victims of identity fraud in the United States in the past year. The report also found that nearly one in four data breach letter recipients became a victim of identity fraud; that figure was less than one in five in 2011. Over the past year, companies are responding more quickly which means a consumer’s information is being misused for fewer days than ever before, and the mean cost per victim has been flattening, according to Javelin.

While credit card numbers remain the most popular item used by fraudsters in a data breach, information such as online banking login, user name and password were and Social Security numbers were also used frequently to commit fraud.

According to Javelin, financial institutions and identity protection services are working closely together and that is having a positive impact in mitigating fraud after a data breach. In 33 percent of cases, consumers were notified of the fraud by a bank or card issuer. Email and other proactive alerts can help consumers discover and stop identity fraud more quickly, said Javelin.

Jim Van Dyke, CEO of Javelin Strategy & Research, says the correlation between consumers being notified of data breaches and mitigating subsequent fraud "is stronger than ever before."

For banks, Van Dyke says it is important they provide real-time notification to customers whose personal information may be compromised.

"Everything is moving faster now, fraudsters are acting quicker than ever before and victimizing more consumers," he adds.

Tim Rohrbaugh, VP of Information Security for identity risk management firm Intersections Inc., which contributed to the report, says in many cases banks and retailers are "have gotten very good" at alerting customers quickly in the event of a data breach, but more work must be done to educate consumers on the importance of taking these notifications seriously.

"It appears that many consumers are not reacting, they are either numb to this or have fatalistic view," he says.

[Related: Speed Is the Key to Beating New Account Fraud]

Bryan Yurcan is associate editor for Bank Systems and Technology. He has worked in various editorial capacities for newspapers and magazines for the past 8 years. After beginning his career as a municipal and courts reporter for daily newspapers in upstate New York, Bryan has ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Greg MacSweeney
Greg MacSweeney,
User Rank: Author
2/22/2013 | 4:31:56 PM
re: Identity Fraud at a Three-Year High
$21 billion? Wow. Unfortunately, consumers don't like security. Customers create "weak" passwords, dislike 2-factor authentication (it's too cumbersome), and resist many things that make online transactions more secure. Banks have learned that they can only push customers so much when it comes to security.
Melanie Rodier
Melanie Rodier,
User Rank: Apprentice
2/21/2013 | 4:38:31 PM
re: Identity Fraud at a Three-Year High
I agree that banks must do more to educate customers on what they should do when there is a data breach. The common thought is that it's all in the hands of the bank, and that once information is stolen, there is little if nothing a customer can do except alert their bank if they notice that their account has been misused. Banks need to issue consumers with a clear action plan in the case of a data breach alert.
User Rank: Apprentice
2/20/2013 | 6:25:21 PM
re: Identity Fraud at a Three-Year High
Nice to hear that financial institutions are doing a pretty good job of informing customers, but it's not clear who's winning the battle at this point, between the institutions and the fraudsters. Twenty-one billion dollars is a lot of dosh.
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This is a secure windows pc.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.