Data Theft Victims Face Three Times Higher Risk of Fraud, Report Finds

While the overall damage from data breaches declined last year, consumers whose information was stolen during a compromise were three times more likely to be identity-fraud victims, according to a report by Javelin Strategy.

Data Theft Victims 2

The number of U.S. consumers affected by identity fraud declined in 2014, but consumers whose information was inadvertently disclosed in a data breach were three times more likely to be impacted by fraud, according to a study released on March 3 by business-analysis firm Javelin Strategy & Research.

Identity fraudsters abused an estimated 12.7 million U.S. consumers' identities in 2014, causing $16 billion in damage, the analyst firm estimated from interviewing 5,000 U.S. consumers. Oddly enough, those results were an improvement over the previous year.

In 2013, the number of U.S. consumers impacted by fraud peaked at 13.1 million, and fraudsters caused an estimated $18 billion the total damages, down from a peak of $21 billion the previous year. In addition, new-account fraud—the most damaging type of identity fraud—fell to a new low, the firm stated.

"Consumers, financial institutions and retailers are all taking aggressive steps, yet we must remain vigilant," Al Pascual, director of fraud and security for Javelin Strategy & Research, said in a statement giving details of the report. "The criminals will continue to find new ways to commit fraud, so taking advantage of available technology and services to protect against, detect and resolve identity fraud is a must for all individuals and corporations."

The report, in its twelveth year, is the first time that the overall picture of identity fraud appears to be getting brighter. Real-time analytics, better security and naming-and-shaming the organizations hit by breaches have helped to bring fraud down, but there is much more that needs to be done, the analysis firm stated. The unrelenting pace of major breaches and the impact that breaches have on the fraud rate could mean that fraud losses increase in 2015.

More than a quarter of fraud victims plan to avoid retailers that were hit by breaches that resulted in the exposure of their personal financial data, Javelin said. As new technologies and the adoption of chip-and-PIN technology make some forms of credit fraud more difficult, criminals will adapt by focusing more on new-account fraud, which does not require credit-card information.

"The general composition of identity fraud schemes will change over the next few years as criminals move from existing card fraud to establishing fraudulent new accounts," Pascual said in an email interview. "We saw the same type of activity in the UK after EMV was broadly adopted, because EMV largely prevents card counterfeiting, so criminals changed their M.O.'s."

In particular, students need to learn more quickly of the dangers of identity fraud, according to the Javelin report. While nearly two-thirds of students interviewed for the report were not concerned about identity fraud, nearly 15 percent had an incident with moderate or severe impact.

Javelin recommends that consumers use strong passwords and not reuse their passwords across different services. In addition, consumers should adopt chip-and-PIN and mobile-payment technology as soon as it comes online. Also, people should monitor their accounts and use any credit services offered, provided they protect against likely fraud, following a breach.

Finally, consumers should start focusing on securing their mobile devices. As more transactions flow through the devices, they will increasingly become a focus of criminals and online attackers, the report stated.

Robert Lemos

Robert Lemos

Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's...