Banks, merchants, employers and other businesses are investing more in innovative technologies to combat identification theft, from fingerprint authentication to retina scanning. Yet high-tech frauds continue, and criminals are changing their tactics.
The weak link? In many cases, consumers are letting their guards down, especially when dealing through email, texting and other social channels with people they assume are friends or good acquaintances but might not be.
Identity theft criminals stole $52 billion last year, according to a new report from Javelin Strategy & Research, which extrapolated the number from a survey of 5,000 consumers. Some 42 million people were victimized.
And while consumers didn’t absorb all or even most of those financial losses — as with most fraudulent credit card purchases — they still paid a toll in terms of stress, time and the hassle of clearing up these problems, averaging nine hours to resolve ID-theft financial issues.
“That’s an entire workday,” said John Buzzard, lead analyst for fraud and security at Javelin. “It’s an excruciating experience for consumers.”
Businesses are taking the lead and will unveil more high-tech defenses. But consumers also can take precautions to lower their chances of becoming victims. Vigilance and common sense weigh heavily.
It’s not just about passwords
Passwords are a highly important tool to keep crooks out of online accounts and something over which consumers exert a lot of control. Yet many people still don’t prepare well here. They use simple, short passwords that are easier to unscramble, and they don’t change their passwords periodically or use unique ones.
“Having the same or similar passwords for multiple accounts is still a problem,” said Kathy Stokes, director of fraud prevention at AARP, speaking at a recent webinar hosted by Javelin.
Nor do many consumers make use of account alerts on large transactions or other potentially suspicious activity. And some don’t make use of credit freezes, even after their accounts were breached.
Going forward, businesses and government agencies will make use of more sophisticated defenses as barriers. According to Javelin, these include voice recognition, retina scanning, fingerprint scans, facial recognition and knowledge-based authentication, where a customer or user must provide additional personal information to log in.
But these defenses aren’t enough, and consumers will need to play a role, too.
Money is not the only risk
Although many victims focus on the monetary losses following an identity theft, it goes beyond that. Digital account takeovers are more common. These involve the loss of personal email accounts, access to mobile phones, payment accounts and other social media tools like Facebook, along with the personal information and contacts contained in those places.
“Consumers increasingly are losing access to their digital lives,” said Buzzard. “It’s really invasive and scary.”
In Javelin’s latest annual fraud survey, 67% of consumers who were fraud victims also reported that they had their digital accounts taken over by criminals. That’s up from 12% of general fraud victims who reported digital takeovers in 2015.
Criminals can use the personal information and contacts gleaned from payment apps and social media accounts in various ways, from opening new loans in the victim’s name to phishing the person’s friends or family members for money or information.
An account takeover is “usually not a singular event,” said Jason Steed, a vice president at Equifax, which provides credit reporting and other services, also speaking at the Javelin webinar. “Once that information is out there, the criminals usually mine it.”
Personal contact with criminals
Research conducted by Javelin has noted a shift in ID theft behavior in recent years.
Before, people usually got victimized impersonally and often by chance, such as from the loss of account numbers and passwords divulged through a corporate data breach. But increasingly, people might fall prey through a text message, email, phone call or even personal meeting in which they are duped into revealing personal information, without realizing they’re dealing with a scam artist.
“Criminals are reaching out, going straight out to consumers to ensnare them,” Buzzard said. In many cases, he said, victims can remember the exact moment or situation when they interacted with the person who turned out to be a criminal.
Online dating scams are an example of this. These are situations where victims assume they’re dealing with a potential love interest who turns out to be a criminal hiding behind a fake profile embellished with photos of attractive men or women they may have lifted off the internet.
“Whenever you introduce a social aspect … it lowers the threat awareness of the consumer, Steed said.
Where to go in a pinch
It’s no fun to find yourself a victim in an identity theft scam. Trying to figure out what to do next can be a problem, especially if you also have lost your wallet, cell phone or credit cards. A website run by the federal government is a good place to turn.
Identitytheft.gov, operated by the Federal Trade Commission, provides a list of action items to follow if it happens to you.
Under the section “What to do if your info is lost or stolen,” the site provides tips for dealing with lost or stolen Social Security numbers, passwords, credit or debit cards, other bank account information or driver’s licenses. There also are suggestions for handling the theft of a child’s personal information.
Remedies include placing a freeze on your credit accounts, obtaining a new driver’s license and checking your personal information for inaccuracies, such as accounts opened by crooks in your name, at annualcreditreport.com.
Reach the reporter at firstname.lastname@example.org.
Support local journalism. Subscribe to azcentral.com today.