Credit and debit card fraud dropped in 2018, thanks to the emergence of embedded chip cards over the past few years, a new report says.
The report, from Javelin Strategy & Research, says the firm’s annual consumer survey showed identity fraud hit an estimated 5.6 percent of U.S. adults in 2018, a decline from a year earlier.
The results, reflecting a nearly 15 percent reduction year-to-year, were due almost entirely to the decline in credit card and debit card fraud. Financial institutions, merchants, card networks — and those tiny, metallic computer chips that store and protect cardholder data — won plaudits for deterring fraudsters.
Finding new ways to steal
The good news was tempered with a warning from Al Pascual, Javelin’s senior vice president of research: “While the decrease in card fraud rates is undoubtedly good news for victims, fraudsters have turned their attention to opening and taking over accounts.”
That is, bad actors open new accounts in your name — or take over the ones you already have.
Victims have strong protections against liability with credit and debit cards because of federal regulations and card network rules, Javelin says. But if a new account is opened at a financial institution with which the victim had no previous relationship, the illicit conduct may not be noticed until months or years later, making it difficult for a victim to prove he or she did not open the account.
New accounts involve more than credit cards; they may be a cellphone account, a car loan or a mortgage, for example.
Overall, an estimated 14.4 million adults experienced identity fraud in a yearlong period, when fraud losses totaled about $14.7 billion. In 2017, there were an estimated 16.7 million victims — more than ever in a Javelin survey — with losses of $16.8 billion.
The out-of-pocket costs to victims were significantly lower. While some people paid nothing, the average cost to identity victims in 2018 was $117, money that covered unreimbursed transactions, overdraft penalties, late fees and other items. The figure was $102 a year earlier.
Identity fraud is the unauthorized use of your personal information for illicit financial gain.
Javelin, based in Pleasanton, Calif., boasts the country’s longest-running study of identity fraud and says it surveyed 5,000 U.S. adults last year. Overall, it has tapped the experiences of 79,000 people since 2003.
Credit and debit card crimes were once the “bread and butter of fraudsters,” especially after major payment card breaches, Javelin says, but bad actors now appear to be moving to more sophisticated, high-impact schemes.
Among problems highlighted in the Javelin report:
- Fraud involving new accounts opened with a victim’s personal data was the only major type of fraud tracked that rose year-to-year in 2018, when it accounted for an estimated $3.4 billion in losses. Javelin says a “wide variety of loan products were heavily targeted,” including fraudulent car loans, mortgages, student loans and home equity lines of credit.
- "Account takeover” fraud involving mobile phones hit an estimated 679,000 people in 2018, continuing a dramatic rise in each of the past four years. These schemes see fraudsters attempting to lock a legitimate account holder out of an account by, for example, changing the login or contact information. Takeovers of cellphone accounts are worrisome, Pascual says, since fraudsters can intercept one-time passwords and communication from the victim’s financial institution, making it appear to the institution that the user had access to a trusted line of communication and was able to pass a step-up authentication challenge.
- So-called familiar frauds — cases in which a victim’s identity is misused for monetary gain by someone he or she knows, such as a relative, friend or coworker — skyrocketed last year. These often involve the perpetrators fraudulently opening new accounts in the associates’ names.
Incidence of fraud hard to pinpoint
Amid news headlines about scammers’ aggressive exploits, and a barrage of consumer warnings and surveys like this new one, the exact incidence of the frauds and scams can be difficult to pinpoint. A recent report from the Federal Trade Commission, which tracks frauds, scams and identity theft, said the agency received nearly 3 million such reports in 2018 — but not all reports involved a financial loss. The agency’s total in 2018 represented a rise from 2017 (2.875 million reports) but a drop from the peak year, 2015 (nearly 3.079 million reports).
Three firms sponsored Javelin’s research: FIS, a financial-services technology provider; Experian, a financial information services company; and GIACT, a payment-fraud and identity-fraud mitigation company. The survey was conducted Nov. 1-20 and asked respondents about frauds in the prior 12 months.
Tips for consumers
Some tips from Javelin to bolster online security and reduce the risk of identity fraud:
- Turn on two-factor authentication wherever possible. If that's not available, use strong passwords or a password manager to secure accounts.
- Secure your online and mobile devices by using a screen lock, encrypting data stored on the devices, avoiding public Wi-Fi and/or using a virtual private network (VPN) and installing anti-malware software.
- Place a security freeze on credit reports to prevent strangers from opening an account in your name.
- Sign up for account alerts from banks, credit card issuers and brokerages to receive notifications of suspicious activity.