According to a study by Javelin Strategy & Research, the number of identity fraud victims jumped to 13.1 million in 2013. That’s an increase of 500,000 from 2012 and the second highest number of victims since Javelin began conducting its annual study in 2004.
Data breaches continue to be one of the main sources of fraud, with one in three people who received notifications of a data breach discovering their identities were used for fraudulent means, Javelin found.
It appears growth in our online shopping habits and a preference to use plastic over cash has increased our vulnerability to identity theft.
Data breaches like those from Target and Home Depot – which disclosed up to 56 million cards may have been exposed in a five-month attack on its payment terminals – have been growing in size over the past year and occurring at bigger retailers, says Al Pascual, senior analyst of security, risk, and fraud at Javelin.
Fraudulent transactions are showing up across the country, as criminals use the stolen credit card information to buy prepaid cards, goods, and services. In some cases, customer bank accounts have been drained of cash. According to the Javelin study, attackers have moved on from simple credit card theft toward opening new accounts in the victim’s name; turning to eBay, PayPal, and Amazon with the stolen information; and making purchases online, at a higher rate than the previous year, Javelin says.
According to Visa and MasterCard, thieves steal account numbers, cardholder names, and card expiration dates, which can enable them to produce counterfeit cards. While you may not be responsible for fraudulent charges, you do need to pay attention and notify your financial institution when unauthorized purchases appear.
To help protect yourself from fraud, Javelin recommends: create strong passwords; don’t use the same password for every account; lock electronic devices, like computers and cell phones; change passwords frequently; monitor bank accounts, credit card statements and investment accounts regularly; shred personal documents; install security software on your computer and phone; and avoid public Wi-Fi connections.
If you think you may have shopped at one of the stores which were hacked, or feel you may be at risk, request new debit and credit cards. Financial institutions issued new cards after the Target breach and banks have already notified victims of the Home Depot breach that new cards have been mailed out.
Another way to fight fraud is to check your bank accounts often. If you notice suspicious activity, contact your financial institution immediately – the sooner you do, the better chance you have of getting your money back. If you receive a data breach notification, place a fraud alert on your credit report, so lenders take extra precautions to make sure anyone applying for credit under your name is actually you.
Carefully review your credit card statements every month for any unauthorized charges. Keep an eye on small charges. If small charges go through undetected, thieves often charge larger amounts later. Thieves may also be content taking small amounts out of many accounts scoring a big payday. Quickly report any unusual activity to your card issuer.
Thieves are getting brazen, with many pretending to represent a bank to “verify” your information. Never give your personal information or account information to anyone over the phone. So, be careful when opening email. Thieves have gotten very good at duplicating logos and verbiage to make it sound like it is coming from the bank or PayPal. If you received any type of email asking you to “verify” your account by submitting your information, call the bank or organization, immediately, and report it.
Lastly, take advantage of the free credit monitoring service you’re offered from a retailer which was hit with a data breach. Target, for example, is offering customers free credit monitoring for one year and recently extended the offer to all its customers.
Now that you know how to protect yourself, it’s time you understand how thieves work. Jumio, a company which allows customers to make mobile payments and verify their identities online or by phone, has come out with The Fraudsters’ Playbook.
The report outlines the most common ways people steal identities. Jumio collaborated with some reformed identity thieves, as well as professional criminologists and law enforcement agents.
- Setting up fake Wi-Fi networks: Fraudsters steal identities anywhere that offers free public Wi-Fi access, like cafes, airports, libraries, and hotels. An identity thief simply sets up a separate Wi-Fi network with the same name as the real one, and you may mistakenly log on. Using malware, the thief accesses your computer and hacks into your email and bank accounts. At that point, say goodbye to your identity.
- Posing as Census workers: Some fraudsters go door-to-door pretending to be Census workers collecting information. They ask for your name, address, date of birth, or email address. If you seem especially gullible, they may go even further and ask for more information.
One con cited in Jumio’s report, said he would target houses with nice cars parked outside. Others call or email victims asking for personal information to “verify a purchase” or “confirm account information.”
Mining social media profiles: People who don’t have privacy settings on their social media profiles are prime targets. Identity thieves will locate profiles with the most public information and send them pointed offers based on it – like to a favorite restaurant or retailer they have listed on their profiles or have visited recently. If they’re lucky, this can rope in victims and convince them to supply financial information, like their credit card number.
Advertising bogus discounts: You’d think by now people would know not to give their financial information to someone over the phone who they’ve never met. But the trick still works. An identity thief pretends to be calling from a local business and offers you discounts on your next purchase. Then he says to receive the discount, you need to make a small payment and provide your personal information. Woo hoo! He just got everything he needs to steal your identity – and money.
Buying bank account information: There’s an underground market for identity theft called “carding sites”, where identity thieves sell credit or debit card information to other criminals for around $100 to $200 each, Jumio found.
Card numbers often flood into the marketplace after big data breaches at online retailers and banks. Buyers will even use tactics to find cards with the highest credit limits or the biggest balances – often looking for certain account numbers which signal a card was opened a long time ago, since older cardholders are more likely to have bigger lines of credit.
This blog and website are for informational, educational and discussion purposes only, and the owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. Summit Brokerage Services, Inc., Summit Financial Group Inc., and any of their affiliated entities and principals are not a law firms or an accounting firms, or substitutes for an attorney or accountant. Although topics may be discussed on this blog that may involve legal, accounting, or investment issues, nothing on this blog shall be deemed to constitute the practice of law, legal advice, investment advice, and/or tax advice. Summit Brokerage Services, Inc., and its affiliates do not, and cannot provide any kind of advice, explanation, opinion, or recommendation about possible legal rights, remedies, defenses, options, selection of forms or strategies. The content on this blog is “as is” and carries no warranties. You should consult an experienced professional regarding tax consequences of specific transactions.
No reader should act in reliance on anything discussed in this blog without prior consultation with a licensed professional who is qualified to evaluate the reader’s individual facts and circumstances and offer an informed professional opinion with respect thereto. If any reader takes action or makes decisions based solely on the information on this blog without prior consultation with a qualified, licensed professional, the reader does so at his or her own risk and agrees that Summit shall have no liability resulting from such unilateral action or decisions by the reader.
Summit makes every effort to provide accurate and truthful information in its posts on this blog, but in no way expressly or impliedly warrants or guarantees the accuracy of its postings and/or the information posted here by others. All information is believed to be from reliable sources, however we make no representation as to its completeness or accuracy.