Card-Not-Present Fraud Rises Significantly,
Takeover Losses Increased by 61 Percent
Digitally Connected Consumers Have Higher Risk of Identity Fraud
but Offline Consumers Take Longer to Detect Fraud
SAN FRANCISCO–(BUSINESS WIRE)–The 2017
Identity Fraud Study released today by Javelin Strategy & Research (@JavelinStrategy),
revealed that the number of identity fraud victims increased by sixteen
percent (rising to 15.4 million U.S. consumers) in the last year, a
record high since Javelin Strategy & Research began tracking identity
fraud in 2003. The study found that despite the efforts of the industry,
fraudsters successfully adapted to net two million more victims this
year with the amount fraudsters took rising by nearly one billion
dollars to $16 billion.
There was a resurgence in existing card fraud in 2016, which saw an
increase of 40 percent in card-not-present (CNP) fraud. The study also
found that the increase in EMV cards and terminals was a catalyst for
driving fraudsters to shift to fraudulently opening new accounts. On a
positive note, while fraudsters are becoming better at evading
detection, consumers with an online presence are getting better at
detecting fraud quicker, leading to less stolen overall per attempt.
The annual 2017
Identity Fraud Study is a comprehensive analysis of identity fraud
trends, independently produced by Javelin
Strategy & Research and made possible by LifeLock,
Inc., a leading provider of proactive identity theft protection
services for consumers. Now in its fourteenth consecutive year, it is
the nation’s longest-running study of identity fraud, with 69,000
respondents surveyed since 2003.
The 2017 Identity Fraud Study found four significant
Fraud leaps to a record high incidence – In 2016, 6.15 percent
of consumers became victims of identity fraud, an increase by almost 2
million victims from the previous year. The incidence rate jumped by
16 percent from 2015, the highest incidence since Javelin began
tracking identity fraud. This increase was driven by growth in
existing card fraud, which saw a significant spike in card-not-present
Card-not-present (CNP) fraud rises significantly – Driven by
closing opportunities for point-of-sale fraud and the growth of e- and
m-commerce, fraudsters are increasingly moving online, dramatically
increasing the prevalence of CNP fraud by 40 percent. Meanwhile
incidence of fraud at the point-of-sale (POS) remained essentially
unchanged from 2014 and 2015 levels.
Account takeover bounces back – After reaching a low point in
2014, both account takeover incidence and losses rose notably in 2016.
Total ATO losses reached $2.3 billion, a 61 percent increase from
2015, while incidence rose 31 percent. Account takeover continues to
be one of the most challenging fraud types for consumers with victims
paying an average of $263 out of pocket costs and spending a total of
20.7 million hours to resolve it in 2016 – 6 million more than in 2015.
New-account fraud continues unabated – As EMV cards and
terminals continue to permeate the US POS environment, fraudsters
shift to fraudulently opening accounts that allow them. At the same
time, fraudsters have become better at evading detection, with
new-account fraud (NAF) victims being notably more likely to discover
fraud through review of their credit report (15 percent) or when they
were contacted by a debt collector (13 percent).
New this year, the 2017 Identity Fraud Study identifies
and analyzes four consumer personas, Offline Consumers, Social
Networkers, e-Commerce Shoppers and Digitally Connected, based on
attributes and fraud risks. Significant finding are:
Offline Consumers have little online presence, either social
networking or shopping, are exposed to less fraud risk than digitally
connected consumers, but their minimal digital life brings other
risks. With a distrust of both online and mobile banking, these
consumers take more than 40 days to detect fraud and incur higher
fraud amounts than other fraud victims.
Social Networkers share their social life in digital platforms
(like Facebook, Instagram, Snapchat and other networks) but do very
little e- or m-commerce, face the risks associated with having their
personal information widely available to fraudsters who can use it to
overcome security measures or socially engineer victims. This
manifests in a 46 percent higher risk of account takeover fraud.
E-commerce Shoppers (including m-commerce) expose their
financial information to potential compromise and experience an
elevated risk of existing card fraud. Sixty-two percent of these
e-commerce shoppers made an online purchase within the past week.
While this customer segment experienced the highest prevalence of
fraud of any of the four segments, they also tended to catch it very
quickly, minimizing the impact. Seventy-eight percent of fraud victims
in this segment detected fraud within one week of it beginning.
Digitally Connected Consumers have extensive social network
activity, frequently shop online or with mobile devices, and are quick
to adopt new digital technologies. Twenty-five percent of these
consumers used a P2P payment service in the past week. Digitally
connected consumers have a presence on an average of 4.9 social
networks, are predominantly female. This also exposes them to greater
risks, a 30 percent more risk to be a fraud victim.
“After five years of relatively small growth or even decreases in fraud,
this year’s findings drives home that fraudsters never rest and when one
areas is closed, they adapt and find new approaches,” said Al Pascual,
senior vice president, research director and head of fraud & security,
Javelin Strategy & Research. “The rise of information available via data
breaches is particularly troublesome for the industry and a boon for
fraudsters. To successfully fight fraudsters, the industry needs to
close security gaps and continue to improve and consumers must be
Identity fraud is defined as the unauthorized use of another person’s
personal information to achieve illicit financial gain. Identity fraud
can range from simply using a stolen payment card account, to making a
fraudulent purchase, to taking control of existing accounts or opening
In 2016, Javelin conducted an address-based survey of 5,028 U.S.
consumers to assess the impact of fraud, uncover where fraudsters are
making progress, explore consumers’ actions and behaviors and how it
relates to fraud risk levels, and identify segments of consumers most
affected by fraud.
Seven Safety Tips to Protect Consumers
Javelin recommends that consumers work in partnership with institutions
to help minimize their risk and impact of identity fraud. The following
are seven recommendations for consumers to follow:
1. Be smart on social media – Social media can help you keep
up-to-date on your friends lives, but can also help fraudsters stay
up-to-date too. Reviewing your social media security settings to make
sure that your profile is only visible to friends and connections is a
good place to start in securing social media from fraudsters. Do not
accept friend requests from people you do not know.
2. Protect online shopping accounts – With fraud moving online,
accounts with online shopping sites are valuable targets. Enabling
two-factor authentication on sites that have that capability, such as
Amazon, can make it significantly more difficult for fraudsters to take
over your accounts. For sites without two-factor authentication, use
strong passwords or a password manager to secure accounts.
3. Exercise good password habits – Passwords have remained the de
facto first line of defense for most online accounts, which has
motivated criminals to compromise them whenever possible. Using strong,
unique, regularly updated passwords helps reduce the value to fraudsters
of passwords stolen in a data breach or through malware. Password
managers can provide a convenient way to manage good password hygiene
without resorting to writing them down, which could also place them at
risk of physical compromise.
4. Place a security freeze – If you are not planning on
opening new accounts in the near future, a freeze on your credit report
can prevent anyone else from opening one in your name. Credit freezes
must be placed with all three credit bureaus and prevents everyone
except for existing creditors and certain government agencies from
accessing your credit report. While costs vary per state, typically each
bureau costs below $20. Should you need to open an account requiring a
credit check, the freeze can be lifted through the credit bureaus.
5. Sign up for account alerts – A variety of financial service
providers, including depository institutions, credit card issuers and
brokerages, provide their customers with the option to receive
notifications of suspicious activity. These notifications can often be
received through email or text message, making some notifications
immediate, and some go so far as to allow their customers to specify the
scenarios under which they want to be notified, so as to reduce false
alarms. Consumers should also consider signing up for identity
protection services which can provide security that is difficult for
them to obtain on your own, such as regularly monitoring credit reports
for suspicious new accounts and screening for sale of personal
information on the dark web.
6. Be alert for online transactions – As EMV makes fraud at
physical stores more challenging, fraudsters are moving to target online
merchants. Some financial institutions offer alerts for online
transactions. These can help quickly detect fraud. Since online fraud
enables fraudsters to make many transactions in a very short period of
time, quickly detecting fraud is essential to preventing greater losses.
7. Seek help as soon as fraud is detected – The quicker a
financial institution, credit card issuer, wireless carrier or other
service provider is notified that fraud has occurred on an account, the
sooner these organizations can act to limit the damage. Early
notification can also help limit the liability of a victim in some
cases, as well as allow more time for law enforcement to catch the
fraudsters in the act.
Additional Consumer Resources
For a free, easy-to-use identity fraud risk assessment, visit http://www.lifelock.com/risk-calculator
To learn more about how consumers can protect themselves, visit
LifeLock’s blog: https://www.lifelockunlocked.com
To report incidents of suspected fraud or identity theft, visit the FTC
About Javelin Strategy & Research
Strategy & Research (@JavelinStrategy), a Greenwich Associates LLC
company is a research-based advisory firm that advises its clients to
make smarter business decisions in a digital financial world. Our
analysts offer unbiased, actionable insights and
unearth opportunities that help financial institutions,
government entities, payment companies, merchants, and other technology
providers sustainably increase profits.
All trademarks are the property of their respective owners.