More than $21 billion was stolen due to identity fraud in 2012, the highest figure since 2009, according to a new report from Javelin Strategy & Research. The firm also reports that the frequency with which personal information compromised in data breaches is being used to commit fraud has risen.
The firm's 2013 Identity Fraud Report found that there were 12.6 million victims of identity fraud in the United States in the past year. The report also found that nearly one in four data breach letter recipients became a victim of identity fraud; that figure was less than one in five in 2011. Over the past year, companies are responding more quickly which means a consumer’s information is being misused for fewer days than ever before, and the mean cost per victim has been flattening, according to Javelin.
While credit card numbers remain the most popular item used by fraudsters in a data breach, information such as online banking login, user name and password were and Social Security numbers were also used frequently to commit fraud.
According to Javelin, financial institutions and identity protection services are working closely together and that is having a positive impact in mitigating fraud after a data breach. In 33 percent of cases, consumers were notified of the fraud by a bank or card issuer. Email and other proactive alerts can help consumers discover and stop identity fraud more quickly, said Javelin.
Jim Van Dyke, CEO of Javelin Strategy & Research, says the correlation between consumers being notified of data breaches and mitigating subsequent fraud "is stronger than ever before."
For banks, Van Dyke says it is important they provide real-time notification to customers whose personal information may be compromised.
"Everything is moving faster now, fraudsters are acting quicker than ever before and victimizing more consumers," he adds.
Tim Rohrbaugh, VP of Information Security for identity risk management firm Intersections Inc., which contributed to the report, says in many cases banks and retailers are "have gotten very good" at alerting customers quickly in the event of a data breach, but more work must be done to educate consumers on the importance of taking these notifications seriously.
"It appears that many consumers are not reacting, they are either numb to this or have fatalistic view," he says.