Insights Report Brochure 2013 IDENTITY FRAUD REPORT: Data Breaches Becoming a Treasure Trove for Fraudsters February 2013 T +1 925 225 9100 · F +1 925 225 9101 · 4301 Hacienda Dr. · Pleasanton, CA 94588 USA · [email protected] · www.javelinstrategy.com
company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Insights Report Brochure
2013 IDENTITY FRAUD REPORT: Data Breaches Becoming a Treasure Trove for Fraudsters
February 2013
T +1 925 225 9100 · F +1 925 225 9101 · 4301 Hacienda Dr. · Pleasanton, CA 94588 USA · [email protected] · www.javelinstrategy.com
Insights Report Brochure
T +1 925 225 9100 · F +1 925 225 9101 · 4301 Hacienda Dr. · Pleasanton, CA 94588 USA · [email protected] · www.javelinstrategy.com
2013 IDENTITY FRAUD REPORT: Data Breaches Becoming a Treasure Trove for Fraudsters
2
A J : Javelin Strategy & Research, a division of
Greenwich Associates, provides strategic
insights into customer transac ons,
increasing sustainable profits for financial
ins tu ons, government, payments
companies, merchants and other technology
providers.
A : Alphonse Pascual, Senior Analyst, Security, Risk and Fraud Sarah Miller, Analyst, Security, Risk and Fraud R : Lorie Cur s, Research Associate James Jarzab, Research Specialist Aleia Van Dyke, Analyst Daniel Van Dyke, Research Associate Paul Wangsvick, Research Specialist C : Jim Van Dyke, CEO Mary Monahan, Execu ve Vice President and Research Director P D : February 2013
P : $3,000 ‐ Department license
$5,500 ‐ Enterprise license
L : 82 pages
56 charts/graphs
O
Iden ty fraud incidence increased in 2012 for the second
consecu ve year, affec ng 5.26% of U.S. adults. This increase
was driven by drama c jumps in the two most severe fraud
types, new account fraud (NAF) and account takeover fraud
(ATF). Javelin’s “2013 Iden ty Fraud Report” provides a
comprehensive analysis of fraud trends in the context of a
changing technological and regulatory environment in order to
inform consumers, financial ins tu ons, and businesses on the
most effec ve means of fraud preven on, detec on, and
resolu on. This year, Javelin conducted a thorough explora on
of the rela onship between the compromise of personal
informa on in a data breach and fraud incidence. This report
also expounds current trends in online retail fraud and familiar
fraud, and implicates key factors in vic ms’ suscep bility and
responses to fraud. “2013 Iden fy Fraud Report” data was
gathered by a survey of a representa ve sample of 5,249 U.S.
adults, including 857 consumers who were fraud vic ms in the
past six years. This report has been issued as a longitudinal
update to the Javelin 2005, 2006, 2007, 2008, 2009, 2010, 2011
and 2012 iden ty fraud reports, and the Federal Trade
Commission’s “2003 Iden ty The Survey” report.
The survey was made possible in part by Ci Group Inc.,
Intersec ons LLC, and Visa Inc. To preserve the project’s
independence and objec vity, the sponsors of this project were
not involved in the tabula on, analysis, or repor ng of final
Execu ve Summary ........................................................................................................................................................ 7
Major Findings .................................................................................................................................................. 7
Recommenda ons ........................................................................................................................................................ 11
Consumer Recommenda ons for Preven on, Detec on and Resolu on™ of Iden ty Fraud ....................... 11
Recommenda ons for Financial Ins tu ons.................................................................................................. 13
Recommenda ons for Merchants ................................................................................................................. 15
New Account Fraud ...................................................................................................................................................... 21
Compromising Iden es ................................................................................................................................ 22
Fraudsters Prefer New Card Accounts ........................................................................................................... 23
Exis ng Account Fraud ................................................................................................................................................. 24
Exis ng Card Fraud ....................................................................................................................................................... 25
Payment Card Data Targeted Through Mul ple Vectors ............................................................................... 26
Addressing Fraud A empts ............................................................................................................................ 28
The Effect of EMV ........................................................................................................................................... 28
Exis ng Non‐Card Fraud ............................................................................................................................................... 30
Data Breaches: Precursors to Fraud ............................................................................................................................. 42
Mobile Consumers Are Vulnerable Targets .................................................................................................................. 47
Social Media ................................................................................................................................................................. 50
Risky Prac ces on Social Networking ............................................................................................................. 50
Methods of Detec on .................................................................................................................................................. 52
Means of Detec on by Fraud Type ................................................................................................................ 52
Insights Report Brochure
T +1 925 225 9100 · F +1 925 225 9101 · 4301 Hacienda Dr. · Pleasanton, CA 94588 USA · [email protected] · www.javelinstrategy.com
2013 IDENTITY FRAUD REPORT: Data Breaches Becoming a Treasure Trove for Fraudsters
7
Table of Contents
Means of Detec on Among Exis ng Debit and Credit Card Fraud Vic ms .................................................... 54
Effect of Common Fraud Detec on Types on FI Fraud Vic m Reten on ...................................................... 55
Length of Fraudulent Ac vity Before Detec on by Detec on Methods ........................................................ 56
Detec ng Familiar Fraud: Perpetrators Represent Camouflaged Threat ..................................................................... 56
Fraud Resolu on Rates Reach All‐Time High................................................................................................................ 58
Resolu on by Fraud Type ............................................................................................................................................. 59
Exis ng Card Fraud Resolu on Is Quicker Because the Process Is Streamlined ............................................ 60
Exis ng Non‐Card Fraud Resolu on ............................................................................................................... 61
New Account Fraud Resolu on ...................................................................................................................... 62
Account Takeover Fraud Resolu on .............................................................................................................. 63
Severity of Fraud and Resolu on Ac ons ..................................................................................................................... 64
Lower‐Income Consumers Are More Severely Affected by Fraud ................................................................. 64
Low‐Income Consumers Know the Perpetrators and Take Legal Ac on ....................................................... 66
Fraud Severity and Responses to Fraud ......................................................................................................... 68
Demographic Determinants of Resolu on Ac on ........................................................................................................ 69
Consumer Responses to Fraud Depend on Age ............................................................................................. 69
2012 Survey Data Collec on ......................................................................................................................................... 74
Margin of Error ............................................................................................................................................................. 76
Contribu ng Organiza ons .......................................................................................................................................... 76
RELATED RESEARCH .................................................................................................................................................................... 80
T +1 925 225 9100 · F +1 925 225 9101 · 4301 Hacienda Dr. · Pleasanton, CA 94588 USA · [email protected] · www.javelinstrategy.com
2013 IDENTITY FRAUD REPORT: Data Breaches Becoming a Treasure Trove for Fraudsters
8
Figure 1: Overall Iden ty Fraud Incidence Rate and Total Fraud Amount by Year ....................................................................... 7
Figure 2: Breakdown of Iden ty Crime Types ............................................................................................................................. 17
Figure 3: Overall Measures of the Impact of Iden ty Fraud, 2004–2012.................................................................................... 18
Figure 4: Iden ty Fraud Overview: Exis ng Account Fraud ......................................................................................................... 18
Figure 5: Iden ty Fraud Overview: Exis ng Card Fraud .............................................................................................................. 19
Figure 6: Iden ty Fraud Overview: Exis ng Non‐Card Fraud ...................................................................................................... 19
Figure 7: Iden ty Fraud Overview: New Account Fraud ............................................................................................................. 20
Figure 9: New Account Fraud Incidence and Total Fraud Amount by Year ................................................................................. 21
Figure 10: Types of New Fraudulent Accounts Opened .............................................................................................................. 23
Figure 11: Exis ng Account Fraud Incidence and Total Fraud Amount by Year .......................................................................... 24
Figure 12: Exis ng Card Fraud Incidence and Total Fraud Amount by Year ................................................................................ 25
Figure 13: Type of Exis ng Card Misused by Age ........................................................................................................................ 26
Figure 14: Type of Personal Informa on Compromised in a Data Breach .................................................................................. 27
Figure 15: Road Map for EMV Migra on And Shi ing Liability ................................................................................................... 29
Figure 16: Exis ng Non‐Card Fraud Incidence and Total Fraud Amount by Year ........................................................................ 30
Figure 17: Consumer Out‐of‐Pocket Costs As a Percent of Fraud Losses .................................................................................... 31
Figure 18: Account Takeover Fraud Incidence and Total Fraud Amount by Year ....................................................................... 32
Figure 19: Informa on Changed on Accounts Taken Over .......................................................................................................... 33
Figure 20: Recent Use of Security So ware ................................................................................................................................ 34
Figure 21: Types of Accounts Taken Over ................................................................................................................................... 35
Figure 22: Type of Card Account Misused Among Account Takeover Vic ms and All Fraud Vic ms ......................................... 36
Figure 23: Key Fraud Metrics among Familiar Fraud and Non Familiar Fraud Vic ms ................................................................ 37
Figure 24: Personal Acquaintance With the Perpetrator by Annual Household Income ............................................................ 38
Figure 25: Severity of Effec ve Fraud by Familiar Fraud Vic ms, All Fraud Vic ms.................................................................... 39
Figure 26: Type of PII Compromised Among Familiar Fraud Vic ms, All Fraud Vic ms .............................................................. 40
Figure 27: Fraud Incidence by Data Breach Vic ms, Non‐Data‐Breach Vic ms and All Fraud Vic ms ....................................... 42
Figure 28: Incidence of Fraud Types by Type of Informa on Breached ...................................................................................... 43
Figure 29: Means of Misuse of Fraud Vic ms’ Informa on 2010–2012 ..................................................................................... 44
Figure 31: Type of Exis ng Card Misused for Fraudulent Online vs. In‐Person Purchases .......................................................... 46
Figure 32: Mobile Consumers’ Percep ons of the Riskiness of Behaviors .................................................................................. 47
Figure 33: How Recently Mobile Consumers Have Downloaded Apps to their Mobile Device .................................................. 48
Figure 34: Fraud Incidence by Ownership of Tech Products ....................................................................................................... 49
Figure 35: Incidence Rate by Social Networking Ac vity, 2012 ................................................................................................... 51
Table of Figures
Insights Report Brochure
T +1 925 225 9100 · F +1 925 225 9101 · 4301 Hacienda Dr. · Pleasanton, CA 94588 USA · [email protected] · www.javelinstrategy.com
2013 IDENTITY FRAUD REPORT: Data Breaches Becoming a Treasure Trove for Fraudsters
9
Figure 36: Means of Fraud Detec on by Fraud Type .................................................................................................................. 52
Figure 37: Means of Fraud Detec on by Credit and Debit Card Vic ms ..................................................................................... 53
Figure 38: Fraud Vic ms Who Switched Their FI or Credit Card Provider by Detec on Method................................................ 54
Figure 39: Mean Detec on Time by Fraud Detec on Method.................................................................................................... 55
Figure 40: Detec on Times for All Fraud Vic ms vs. Familiar Fraud Vic ms .............................................................................. 56
Figure 41: Means of Discovery of Fraud by All Fraud Vic ms vs. Familiar Fraud Vic ms ........................................................... 57
Figure 42: Percent of Fraud Vic ms Who Have Completely Resolved Their Fraud ..................................................................... 58
Figure 43: Percent of Vic ms Who Have Resolved Their Fraud by Fraud Type, 2011 and 2012 ................................................. 59
Figure 44: Number of Organiza ons Contacted for Assistance by Fraud Type ........................................................................... 60
Figure 45: Resolu on Time by Fraud Type .................................................................................................................................. 61
Figure 46: Organiza ons Contacted by Fraud Type ..................................................................................................................... 62
Figure 47: Severity of Effect of Fraud by Fraud Type ................................................................................................................... 63
Figure 48: Fraud Amounts and Consumer Costs As a Percent of Annual Household Income ..................................................... 64
Figure 49: Severity of Effect of Fraud by Annual Household Income .......................................................................................... 65
Figure 50: Agencies Contacted by Familiar Fraud Vic ms and All Fraud Vic ms ........................................................................ 66
Figure 51: Legal Ac ons Taken by Familiar Fraud Vic ms and All Fraud Vic ms ........................................................................ 67
Figure 52: Responses to Fraud by Fraud Amount and Resolu on Hours .................................................................................... 68
Figure 53: Organiza ons Contacted by Severity of Fraud ........................................................................................................... 69
Figure 54: Fraud Vic ms’ Responses to Fraud by Age ................................................................................................................. 70
Figure 55: Vic ms’ Ac ons as a Result of Fraud by Year ............................................................................................................. 72
Figure 56: Types of Merchants Fraud Vic ms Avoid ................................................................................................................... 73
Table of Figures
Insights Report Brochure
T +1 925 225 9100 · F +1 925 225 9101 · 4301 Hacienda Dr. · Pleasanton, CA 94588 USA · [email protected] · www.javelinstrategy.com
2013 IDENTITY FRAUD REPORT: Data Breaches Becoming a Treasure Trove for Fraudsters
Increase in Fraud Rate Among Data Breach Vic ms Outpaces Increase in Overall Fraud Rate
Figure 27: Fraud Incidence by Data Breach Vic ms, Non‐Data‐Breach Vic ms and All Fraud Vic ms
D B : P F The most essen al of tools required to commit iden ty fraud is the
iden ty itself. In the past, this informa on was obtained a variety
of ways that have included roo ng through vic ms’ trash, stealing
records from their health care provider’s office, or manipula ng
vic ms through social engineering. Advancement comes to crime,
as it does to most things in which a profit can be made, and data
breaches have become the means de rigueur for pilfering
voluminous amounts of consumer informa on with far less risk
than previous methods. The type of PII secured during these
breaches lend themselves to commi ng par cular types of fraud,
and criminals are using the breached informa on to do just that —
breaches beget fraud. Protec ng against a breach and responding
properly in its wake are necessary steps in the ba le against this
insidious criminal prac ce.
No fying consumers of a breach has become common prac ce in
an effort to keep consumers informed, and in some instances as
necessitated by law. These no fica ons are generated by the
organiza on that suffered the data breach or by the FI associated
with the account informa on that was breached. In keeping with
the trend of the past few years, consumers who were no fied that
they were vic ms of a data breach in 2012 were significantly more
likely to be vic ms of fraud than they were in 2011, with a fraud
incidence rate of 22.5% (see Figure 27) compared with 5.3% of all
consumers.
4.4% 4.9% 5.3%
1.4%2.4% 2.9%
11.8%
18.9%
22.5%
0%
5%
10%
15%
20%
25%
2010 2011 2012
All consumers
Non data breach victims
Data breach victims
Q2. In the last 12 months, have you been notified by a business or other institution that your personal or financial information has been lost, stolen or compromised in a data breach?
October 2010 ‐ 2012, n = varies 337 ‐ 5,249Base: All consumers, data breach victims, non data breach victims.
Tablet Owners More Than 80% More Likely Than All Other Consumers to Become Fraud Vic ms
Figure 34: Fraud Incidence by Ownership of Tech Products
The number of mobile malware programs is growing at a rapid
pace (see Account Takeover sec on, pg. 32, but consumers have
the means to mi gate these threats. The successful malware that
takes advantage of weaknesses in mobile device opera ng systems
or other apps can be mi gated by installing the latest so ware
patches and keeping opera ng systems up to date. Security
so ware, which 64% of smartphone owners have displayed a
willingness to use,43 can proac vely stop malware from being
installed and eliminate any malware already on the device.
When a mobile network data connec on is either unavailable or
inconvenient, consumers may choose to use public Wi‐Fi hotspots
as an alterna ve, but not all hotspots are created equal in terms of
security. While only 40% of mobile consumers consider such
ac vity risky (see Figure 32) public Wi‐Fi hotspots can provide
fraudsters with a backdoor to transmissions carrying sensi ve
consumer data. Airports, hotels, and coffee shops are loca ons
that frequently offer Wi‐Fi hotspots as a convenience. Consumers
could mistakenly connect to hotspots that appear to be legi mate
as they bear names similar to other business in the same loca on
or they have names such as “Free Wi‐Fi” but are in fact controlled
by fraudsters. Once the consumer’s device is connected, any
transmi ed data is intercepted and may later be misused to
commit iden ty fraud. Such a scenario could be responsible for a
fraud incidence rate among public Wi‐Fi users that is 45% higher
than for those who have not used public hotspots.
Among technology product owners, tablet owners are most likely to suffer from iden ty fraud compared with all other consumers (see Figure 34), though this is likely a func on of mul ple factors.
5.3% 5.6%6.0% 6.3% 6.5%
9.6%
0%
1%
2%
3%
4%
5%
6%
7%
8%
9%
10%
11%
12%
13%
14%
15%
All consumers Mobile phone owners
Laptop owners Desktop computer owners
Smartphone owners
Tablet owners
Fraud incidence rate
October 2012, n = varies 1,062 to 5,249.Base: All consumers, owners of various products.
Q39A: Please indicate which of the following products do you personally own and use. Q5: How long ago did you DISCOVER that your personal or financial information had been misused?
Insights Report Brochure
T +1 925 225 9100 · F +1 925 225 9101 · 4301 Hacienda Dr. · Pleasanton, CA 94588 USA · [email protected] · www.javelinstrategy.com
2013 IDENTITY FRAUD REPORT: Data Breaches Becoming a Treasure Trove for Fraudsters
13
Amazon MasterCard
Companies Mentioned
American Express McAfee
Apple Microsoft
Discover PayPal
EBay Target
Europay Trend Micro
Facebook Visa
Global Payments Wal‐Mart
Google Zappo’s
Macy’s
Insights Report Brochure
T +1 925 225 9100 · F +1 925 225 9101 · 4301 Hacienda Dr. · Pleasanton, CA 94588 USA · [email protected] · www.javelinstrategy.com
2013 IDENTITY FRAUD REPORT: Data Breaches Becoming a Treasure Trove for Fraudsters
Note: Reports are provided in electronic PDF form only. Javelin reports are subject to standard terms and condi ons, as described on our web site. Javelin will contact you in the future to provide our free research newsle er or other mailings. If you do not wish to receive our newsle er or other mailings, you may advise us of this. Your contact informa on will not be sold to other organiza ons.