Identity-Fraud Victims Are Smartphone, Social Media Users: Report

A Javelin Strategy report found that smartphone owners and social media users are likely to become victims of identity theft.

Social media and mobile devices may be putting consumers at greater risk for identity fraud, according to a Feb. 22 report on identity fraud.

More than 11.6 million adults were a victim of identity fraud in the United States in 2011, an increase of 13 percent since 2010, according to the Javelin Strategy and Research report. About 7 percent of smartphone users were victims of identity fraud, in contrast to the 4.9 percent fraud rate among the general population, according to the 2012 Identify Fraud Report.

Smartphone owners are not protecting their devices, which exposes them to fraud, according to Javelin. Around 62 percent said they don't use a password or a pin code to lock their devices. About 32 percent admitted to saving log-in information on their devices.

"Consumers must be vigilant and in control of their personal data as they adopt new mobile and social technologies in order to not make it easier for fraudsters to perpetrate crimes," said James Van Dyke, president of Javelin Strategy and Research.

Social media and mobile behaviors made users more vulnerable to fraud, according to the report. Users of social networking services, such as LinkedIn, Google+, Facebook and Twitter, had the highest incidence of fraud. Consumers who actively engage with social media and use a smartphone were found to have a disproportionate rate of identity fraud than consumers who do not use in these services.

LinkedIn users were more than twice as likely to have reported being a victim, and users who regularly checked in to services using GPS-enabled location data reported fraud rates that were more than double the average rate among the general population.

In contrast, fraud reports among MySpace users were less than the rate for the general population.

However, while the numbers are interesting, there is no "proof of direct causation" at this time, according to the report.

Significant amounts of personal information that are often used to authenticate users online were freely shared online, Javelin researchers found. Birthdays are one such example, and 68 percent of the people in Javelin's survey shared the date online. About 45 percent shared the birth year, as well. Name of the high school attended and the name of a pet are common security questions for online services. About 63 percent of the respondents listed the high school on their public profiles and 12 percent posted pet names.

These are "prime examples of personal information a company would use to verify your identity," Javelin said.

Javelin also found that victims of data breaches were 9.5 times more likely to be a victim of identity fraud than consumers who had not been affected, compared with 2010. About 15 percent of Americans, or about 36 million people, received at least one data breach notification letter in 2011, Javelin said. These users usually had their credit card or debit card information and Social Security numbers exposed.

"Data breaches are increasingly putting consumers at risk," said Van Dyke.

Javelin defined identity fraud broadly, including any transaction that used a victim's name or information without authorization for financial gain.

Despite the increase of fraud attempts, the amount of money stolen did not change from the previous year, according to the report. Consumers, the financial services industry, law-enforcement authorities and government agencies are stopping fraud earlier and making it more difficult to open fraudulent accounts, Van Dyke said.

"While identity-fraud incidence increased last year, it is becoming less profitable for fraudsters," said Van Dyke.

Improved prevention and detection have resulted in a 44 percent decrease in out-of-pocket costs for consumers as a result of fraud, the report found. The average time it took in 2011 to resolve fraud cases also decreased, to 12 hours.