FEATURE ARTICLE

Mark Pribish

Record High 16.7 Million Identity Fraud Victims in 2017

By Mark Pribish
Vice President and ID Theft Practice Leader

According to the Javelin Strategy & Research 2018 Identity Fraud Study (please see here), "the number of identity fraud victims increased by eight percent (rising to 16.7 million U.S. consumers) in the last year, a record high since Javelin Strategy & Research began tracking identity fraud in 2003. The study found that despite industry efforts to prevent identity fraud, fraudsters successfully adapted to net 1.3 million more victims in 2017, with the amount stolen rising to $16.8 billion."

Javelin Strategy & Research Study Image

The Javelin Strategy & Research Study also found three significant changes in data breaches including:

  • Nearly a third (30 percent) of US consumers were notified of a breach in the past year, up from 12 percent in 2016.
  • For the first time ever, Social Security numbers (35 percent) were compromised more than credit card numbers (30 percent) in breaches.
  • With EMV (embedded chip cards) driving more fraudsters to seek online channels for fraud, card not present fraud is now 81% more likely than point of sale fraud.

Another trend is that ID theft criminals are increasingly opening accounts that are harder for consumers to detect because they aren't added to credit reports.

For example, while credit card accounts remained the most prevalent targets for new account fraud, there was significant growth in the opening of new intermediary accounts, such as email payments (e.g. PayPal, Venmo) and other internet accounts (e.g. e-commerce merchants such as Amazon, Wal-Mart) by fraudsters. Although not as easily monetized alone, these account types help ID theft criminals transfer funds from the existing accounts of their victims, as payment sources are often linked to these accounts.

Javelin Strategy & Research provided these recommendations for consumers:

  • Turn on two-factor authentication wherever possible – Enabling two-factor authentication on sites that have that capability, where a separate action must be taken beyond providing a user name and password to access an account, can make it significantly more difficult for fraudsters to take over your accounts. For sites without two-factor authentication, use strong passwords or a password manager to secure accounts.
  • Secure your devices – With consumers increasingly relying on their digital devices to obtain goods and services, making purchases and sharing personal information, criminals have shifted their focus to these devices for the access they can provide to accounts and the information they store or transmit. Secure online and mobile devices by instituting a screen lock, encrypting data stored on the devices, avoiding public Wi-Fi and/or using a VPN, and installing anti-malware.
  • Place a security freeze – If you are not planning on opening new accounts in the near future, a freeze on your credit report can prevent anyone else from opening one in your name – which is especially important if you have been a victim of data breach that has exposed sensitive personally identifiable information. Credit freezes must be placed with all three credit bureaus and prevents everyone except for existing creditors and certain government agencies from accessing your credit report. While costs vary per state, typically each bureau costs below $20. Should you need to open an account requiring a credit check, the freeze can be lifted through the credit bureaus.
  • Sign up for account alerts everywhere – A variety of financial service providers, including depository institutions, credit card issuers and brokerages, provide their customers with the option to receive notifications of suspicious activity – as do businesses in other industries, such as email and social media providers. These notifications can often be received through email or text message, making some notifications immediate, and some go so far as to allow their customers to specify the scenarios under which they want to be notified, so as to reduce false alarms.
  • Protect yourself from unauthorized online transactions – As EMV makes fraud at physical stores more challenging, fraudsters are moving to target online merchants. Some financial institutions offer alerts for online transactions, the ability to institute limits on online transactions, or even advanced controls through 3-D Secure (e.g., Verified by Visa, SecureCode from Mastercard, etc.). These can help quickly detect and even prevent online fraud from occurring.

With ID Theft victim counts at historically high levels, through increasingly difficult to detect means, you should seriously consider taking the steps Javelin outlines above.

Sincerely,
Mark

To learn more about these threats and how to protect yourself and your family from Identity Theft, you can read my past newsletters at the Merchants Identity Theft Educational Website at www.idtheftedu.com.



SCAM CENTRAL

Scam Alert: BBB Issues Alert About Cell Phone Porting Scams

By Sean Rose. February 6, 2018

Did you know that with a few easy steps someone could steal your phone number and phone service? A new type of scam has been happening across the country and is a new way for scammers to steal your hard earned money, and even your identity. The scariest part is that this type of scam, called porting or port-out scamming, is that it can help scammers get past added security measures on personal and financial accounts and logins.

To put it another way, think of how many times you have set up an email address, social networking, or logged onto your bank account online or had to change your password. How many times did you have to verify your identity by being sent a code via text message? Now what if you weren't the only one who was reading that message? This new type of scam absolutely could bypass that layer of security and has a huge potential for your identity to be stolen faster than you think. Luckily you can protect yourself and your Better Business Bureau® is here to help you identify and protect yourself.

What is a cell phone porting or port-out scam?

A scammer finds out your name and phone number and then attempts to gather as much personal identifiable information (PII) as possible about you. PII includes name, address, Social Security number (Social Insurance number in Canada), date of birth, and other information that can be used for identity theft. They then will contact your mobile provider, impersonating you, and inform them that your phone was stolen and request the number be "ported" with another provider and device. In some cases, if they were really brave and in a retail location and/or online, they might even try to buy a new phone which could make a sales representative incentivized to quickly fulfill their request and forgo some formal verification procedures.

The scariest part? Once they have your number ported to a new device they can then start accessing and gaining entry to accounts that require additional authorization in terms of a code texted directly to your phone for security verification. Those added security measures are usually in place on accounts provided by email providers, social networks, tax preparation software, and even financial institutions.

BBB offers these tips to help protect yourself from this specific type of scam:

  • Inquire with your wireless provider about port-out authorization. Every major wireless has some sort of additional security for accounts or for port-out authorization that customers can set up, like a unique pin, or add verification question, which will make it more difficult for someone to port-out your phone. Contact your mobile provider and speak to them specifically about porting and/or port out security on your account.
  • Watch out for unexpected "Emergency Calls Only" status. Call your mobile phone company if your phone suddenly switches to "emergency call service only" or something similar. That's what happens when your phone number has been transferred to another phone.
  • Be vigilant in about communications you receive. Watch out for phishing attempts, alert messages from financial institutions, texts in response to two-factor authorization requests.

For more tips on how to protect your personal information and guard yourself against identity theft click here.

If you've fallen victim to this type of scam, alert your mobile provider, financial institutions and take the standard steps to combat identity theft. Also, BBB encourages you to file a report on BBB ScamTracker and be a hero to your community by warning others.

Courtesy of the Better Business Bureau - for more information visit: http://www.bbb.org/phoenix/news-events/.

To learn more about scams, go to BBB Scam Tips (bbb.org/scamtips). To report a scam, go to BBB Scam Tracker (bbb.org/scamtracker).

If you believe your identity has been stolen, call 866.SMART68 today!