Identity Fraud Consumer Report

HowConsumerscanProtectAgainst IdentityFraudstersin2013
February2013
HowConsumerscanProtectAgainstIdentityFraudstersin2013
FORWARD
JavelinStrategyandResearchsHowConsumerscanProtectAgainst IdentityFraudstersin2013providesrecommendationstohelpconsumers prevent,detect,andresolveidentityfraud.Thisreportprovideseasyto followguidelinesforconsumerstoprotectthemselvesagainstthis$21 billioncrimeofidentityfraud.JavelinStrategy&Researchsgoalistoequip consumerswithprovenmethodstoprevent,detect,andresolveidentity fraud. Adeeperanalysisofeconomicindicatorsandidentityfraudtrendsis availableforpurchaseinthefullversionofthe2013IdentityFraudReport, alongwithadetailedbreakdownofhowdifferenteconomicfactors, paymentpurchasingtrends,andsecuritydynamicscorrelatewithchanges inidentityfraud.
Nowinitstenthconsecutiveyear,thecomprehensiveanalysisofidentityfraudtrendsis independentlyproducedbyJavelinStrategy&Research,adivisionofGreenwich Associates.Javelinmaintainscompleteindependenceinitsdatacollection,findings,and analysis;thereportisaproductofJavelinonly. Thisresearchstudyismadepossiblebyoursponsors,IntersectionsandCitigroup.These companiesarededicatedtoconsumerfraudpreventionandeducation.
2013 Identity Fraud Report: Data Breaches Becoming a Treasure Trove for Fraudsters Learn More: https:// www.javelinstrategy. com/brochure/276 The full report consists of:
82 56
pages graphs and
tables.
An overview of
the key findings

New trends Quantitative
cross tabulations
Longitudinal U.S.
identity fraud data from 2003 2012.
Copyright2013JavelinStrategy&Research,adivisionofGreenwichAssociates.Allrightsreserved.ThisreportislicensedforusebyJavelinSubscribersonly.Itisprotected bycopyrightandotherintellectualpropertylaws.Youmaydisplayorprintthecontentavailableforyouruseonly.Youmaynotsell,publish,distribute,retransmitor otherwiseprovideaccesstothecontentofthisreport.
TABLEOFCONTENTS
OVERVIEW................................................................................................................................................................4 IdentityFraudvs.IdentityTheft................................................................................................................ 6 HowCriminalsObtainInformation.......................................................................................................... 10 RECOMMENDATIONSFORCONSUMERS............................................................................................................... 11 CONSUMERPROTECTIONCHECKLIST.................................................................................................................... 12 PREVENTION..........................................................................................................................................................13 HowCanIPreventIdentityFraud?.......................................................................................................... 13 DataBreachNotificationLetters............................................................................................................. 18 WhatShouldIDoIfIReceiveaBreachNotificationLetter?.....................................................18 DETECTION.............................................................................................................................................................20 HowCanIDetectIdentityFraud?............................................................................................................ 20 RESOLUTION..........................................................................................................................................................24 WhatShouldIDoIfIBecomeaVictimofIdentityFraud?......................................................................24 IdentityFraudProtectionSolutions......................................................................................................... 25 ABOUTJAVELIN......................................................................................................................................................27 METHODOLOGY.....................................................................................................................................................27 ADDITIONALRESOURCES.......................................................................................................................................27 GLOSSARYOFTERMS.............................................................................................................................................29
TABLEOFFIGURES
Figure1:OverallIdentityFraudIncidenceRateandTotalFraudAmountbyYear..................................................4 Figure2:FraudIncidencebyDataBreachVictims,NonDataBreachVictims,andAllFraudVictims....................7 Figure3:FraudIncidencebyOwnershipofTechnologyProducts........................................................................... 9 Figure4:HowTheftofPersonalInformationHappens......................................................................................... 10 Figure5:JavelinsPrevention,Detection,andResolutionIdentityFraudModel..................................................11 Figure6:DataBreachesAreatanAllTimeHigh................................................................................................... 18 Figure7:HowtoContacttheThreeCreditBureaus.............................................................................................. 20 Figure8:MethodsofDetection,2012................................................................................................................... 21 Figure9:IdentityFraudProtectionServices.......................................................................................................... 26
OVERVIEW
Forthesecondconsecutiveyear,thenumberofidentityfraudvictimsin theU.S.increased,risingby1millionconsumersin2012toatotalof12.6 millionconsumers.Thismeansthat5.26%ofU.S.adults,ormorethan1in every20consumers,learnedthattheywerevictimsofidentityfraudin 2012. IdentityFraudIsontheRise
Figure1:OverallIdentityFraudIncidenceRateandTotalFraudAmountbyYear
16.0 14.0 12.5 12.0 10.0 8.0 6.0 4.0 $10 2.0 0.0 2005 2006 2007 2008 2009 2010 2011 2012 Millionsofvictims Totaloneyearfraudamount
October 2012, n= varies:4,784 5,249 Base:All Consumers 2013JavelinStrategy& Research
New Account Fraud: the use of a fraud victim's personal information to open fraudulent new accounts in the victims name.
$50 13.9 12.6 11.6 10.6 10.2 $31.4 $28.7 $24.7 $19.9 $18.0 $20.9 $20 $15 $28.9 10.2 $35 $30 $25 $45 $40
11.2
$5 $0
Annualoverallfraudamounts(theamountofmoneystolenbyfraud perpetrators)alsorosein2012,increasingto$20.9billionandreversing improvementsmadein2010and2011.Thisincreaseinfraudamountswas drivenbydramaticjumpsinthetwomostseverefraudtypes:New accountfraud(NAF)andaccounttakeoverfraud(ATF).Traditionally,new accountfraudandaccounttakeoverfraudhavebeenexperiencedbya
BillionsU.S.
$32.0
Account Takeover Fraud: the method of identity fraud in which a fraud operator attempts to gain access to a consumers account by fraudulently adding his or her information to the account.
Millionsofvictims
lowerproportionoffraudvictims,butthesetwotypesoffraud consistentlyproducethehighestaveragefraudamountsandconsumer costs.Sowhiletherearefewervictimsofthesetwotypesoffraud,they feelthestingthemost. Averageconsumercostsroseslightlyto$365in2012,upfrom$354in 2011.Consumercostsareanyoutofpocketexpensessufferedbythe fraudvictim,includingunreimbursedmonetarylosses,andlostwagesasa resultoftimespenttoresolvethefraudaswellasanyrelatedlegalcosts andcreditmonitoringcosts.However,ofthe12.6millionvictimsin2012, 80%didnotsufferanyconsumercosts(medianoutofpocketcoststo consumersof$0)atall.Thesecostswereinsteadabsorbedbybanksand creditcardcompaniesthroughtheirzeroliabilitypoliciesandcoverage, whichshieldconsumersfrommostofthecostsassociatedwithfraud. Consumersalsospentrelativelylittletimeresolvingtheirfraudcases.The averageresolutiontimeremainsunchangedat12hours,butmorethan halfofallvictimsspentthreehoursorlessresolvingfraudincidentswith theirproviders.Theexpansionofzeroliabilitypolicies,security protections,anddedicatedfraudandclaimsteamsatfinancialinstitutions (FIs)andcardissuershaveexpeditedtheresolutionprocessincasesof fraudandhavehelpedlowerconsumerscostsoverthelastdecade.
Zero-Liability Policies: Zeroliability policies are fraud protection programs that banks or credit card providers offer to protect consumers from losses associated with fraud on their payment cards (credit, debit, or prepaid) or other financial accounts.
IDENTITYFRAUDVS.IDENTITYTHEFT
Mostindividualsarefamiliarwiththetermidentitytheft,whichiswidelyusedbymedia, government,andconsumergroups,aswellasnonprofitorganizations.However,itis importanttodistinguishbetweenidentitytheftandidentityfraudbecausethetermshave differentmeanings,althoughJavelinusesidentityfraudmorecommonlythroughoutthe identityfraudsurveyandcorrespondingreports. Identitytheftoccursaftertheexposureofpersonalinformation;typicallysomeones personalinformationistakenbyanotherindividualwithoutexplicitpermission.Identity fraudistheactualmisuseofinformationforfinancialgain;itoccurswhencriminalsuse illegallyobtainedpersonalinformationtomakepurchasesorwithdrawals,createfalse accountsormodifyexistingones,orattempttoobtainservicessuchasemploymentor healthcare.Personallyidentifiableinformation(PII)suchasaSocialSecuritynumber(SSN),a bankorcreditcardaccountnumber,apassword,atelephonecallingcardnumber,a birthdate(month/date/year),aname,oranaddresscanbeusedbycriminalstoprofitata victimsexpense. Byaccessingandusingrelativelybasicinformation,acriminalcantakeoverexistingfinancial accounts(existingcardfraudorexistingnoncardfraud)oruseavictimspersonal informationtocreatenewaccounts(newaccountfraud).Acriminalcancommitidentity fraudnumerousways,including:makinganunauthorizedwithdrawaloffundsfroman account,makingfraudulentpurchaseswithacreditcard,andcreatingnewaccounts(e.g., banking,telephone,utilities,andloans).Allofthemcanhaveadamagingeffectonan individualscredit.Infact,thefirstnotificationthatfraudhasbeencommittedmightbethe appearanceofanunfamiliaraccountonacreditreportoracontactfromadebtcollector.
ConsumerInformationExposedinDataBreachesLeadstoFraud
Consumersshouldpayparticularlycloseattentiontoanynotificationsor letterstheyreceivefromtheirFIs,creditcardproviders,healthcare providersormerchantsregardingabreachinpersonallyidentifiable information.Almost1in4consumerswhoreceivedadatabreach notificationin2012becameafraudvictim.Ofparticularconcernisthat consumerswhowerenotifiedthattheirSocialSecuritynumberswere compromisedinoneofthesedatabreachincidentswere5timesmore likelytobeavictimofidentityfraudthanallotherconsumersand14times morelikelytobecomeavictimofnewaccountfraud.Asdiscussed previously,newaccountfraudvictimssufferaboveaveragefraudlosses andconsumercosts. FraudRateAmongDataBreachVictimsOutpacesFraudRatesAmongAll Consumers
Figure2:FraudIncidencebyDataBreachVictims,NonDataBreachVictims, andAllFraudVictims
25% 22.5% 20% 18.9%
15% 11.8% Allconsumers 10% Nondatabreach victims 5% 4.4% 1.4% 0% 2010 2011 2012
October2010 2012, n= varies337 5,249 Base:Allconsumers,data breach victims,non databreach victims. 2013 JavelinStrategy&Research
4.9% 2.4%
5.3% 2.9%
Databreach victims
Q2.In thepast12 months,haveyou beennotifiedbyabusiness orotherinstitution thatyourpersonalorfinancialinformationhas been lost,stolen,orcompromised inadatabreach?
OnlineRetailShoppingIsBecomingMoreLucrativetoFraudsters
Asonlineshoppingexpands,sotoodoesthemisuseofconsumer informationtocommitonlineretailfraud.Onlineretailfraudoccurswhen aperpetratorusesonlinepaymentcredentials,suchasacreditordebit cardaccountnumber,tomakefraudulentpurchasesonline(knowninthe industryascardnotpresent(CNP)purchases).Onlineretailfraud increasedfrom41%ofallfraudvictimsin2011to45%in2012.Payment cards,suchascreditcardsanddebitcards,represent95%ofthemisused informationinthesecases.OnlineretailfraudthroughCNPtransactionsis theleastexpensivefraudtypeforconsumersin2012,withanaverage consumercostof$326.However,itisalsohighlypervasiveintheU.S., affecting7.5millionAmericans,whothenspendanaverageof11hours resolvingthesecases.Consumersshouldtakethetimetoreviewtheir statementseachmonthforfraudulentchargesandcontacttheirFIsand cardprovidersforusefulonlineauthenticationandsecurityoptions.
Rising online sales lead to increase in online fraud
MalwareAttacksMobileConsumersandPutsThematConstant RiskofFraud
The105millionsmartphoneusersand42milliontabletusersintheU.S. areconstanttargetsforfraudsters,whousemalware,exploitsoftware vulnerabilities,launchphishingandsmishingattacks,andcompromise unsecuredWiFiconnectionstoobtainusersvaluablepersonal information.Tabletusersaremorelikelytobevictimsoffraudthanall consumers(9.6%comparedwith5.3%),whichcanbeattributedbothto tabletusersbeingyoungerandlessriskaversethanolderconsumersand theinherentsecurityvulnerabilitiesthataretypicalofnewtechnologies.
TabletOwnersAre80%MoreLikelyThanAllOtherConsumersto BecomeFraudVictims
Figure3:FraudIncidencebyOwnershipofTechnologyProducts
15% 14% 13% 12% 11% 10% 9% 8% 7% 6% 5% 4% 3% 2% 1% 0%
Fraudincidencerate
9.6%
5.3%
5.6%
6.0%
6.3%
6.5%
Allconsumers
Mobilephone owners
Laptopowners
Desktop computerowners
Smartphone owners
Tabletowners
Q39A: Please indicate which of the following products you personally own and use. Q5: How long ago did you discover that your personal or financial information had been misused?
October 2012,n=varies1,062 to 5,249. Base:Allconsumers, ownersofvariousproducts. 2013JavelinStrategy&Research
Additionally,forthenearly211millionAmericanswhoregularlyuseonline banking,malwareposesanincreasingthreatasanavenuefor compromisingandgainingcontrolofusersaccounts.Fraudstersstole$4.9 billionin2012fromconsumeraccountsthroughaccounttakeover schemes.Malwareposesadirectthreattoconsumers,businesses,andFIs alike,becausethesemaliciousprogramsseektoinfectvariousdevicetypes andcompromisethetypeofconsumerfinancialaccountinformationand credentialsnecessarytocommitfraud.
10
HowCriminalsObtainInformation
Manyidentitytheftsoccurthroughtraditionalmethodssuchasstolen walletsandfamiliarfrauds,inwhichapersonknowntothevictimhas accesstothevictimsstatementsorotherlegaldocuments.Identitytheft occurrencesareoftentheresultofsimplelostorstoleninformationand notnecessarilythroughhackingorelaborateInternetschemes,although onlineandmobilethreatsremainviablesourcesofinformation.Figure4 showssomeofthemanywaysthatidentitytheftcanoccur. IdentityTheftOccursThroughVariousMethods
Figure4:HowTheftofPersonalInformationHappens
ATHOME: Throughinformationleftoutinthe home(oratwork)andstolenbyfamily orfriends
WHILEYOUAREOUT: Bymeansofalostorstolenwalletor purse
Throughdumpsterdivingbycrooks Throughshouldersurfing,inwhich lookingforunshreddedpaperworkthat someoneobtainspersonalinformation containspersonalorfinancial bylookingoveryourshoulder information Throughtheftofyourmailfromyour mailboxordiversionofyourmailbya fraudsterwhochangestheaddressto obtainyouraccountstatements THROUGHABUSINESSYOUUSE: Throughasecuritydatabreach, wherebyabusinessororganizationthat accessesyourpersonalinformation (hospital,school,departmentstore, financialcompany,etc.)hasbeen compromised Throughhackingincidences,suchas Trojanhorses,keyloggersoftware, virusesormalware/spywareona computer Bycardskimming,whensomeone illegallyrecordsanimprintofyour creditordebitcardinformationforlater use BYTRICKERYORPRETENSE: Throughphishingorvishing,inwhich someonepretendstobeabankor trustedcompanyandtricksyouinto providingconfidentialpersonal informationviaemails,callsorSMS/ textmessages Throughsocialnetworkingsiteswhere personalinformationcanbefoundand communicationwithfraudulent individualscanoccur
Throughtheseandothernewandinnovativewaysthatcriminalsareconstantly
2013JavelinStrategy&Research
11
RECOMMENDATIONSFORCONSUMERS
Consumersshouldmonitoraccountsfrequentlyand,ifyouhavenot alreadydoneso,usefinancialalertsforyourbankandfinancialaccounts. Becauseidentitytheftcanoccurbynumerousmethods,youcanprotect yourselfbyadoptingavarietyofbestpracticesandeffectivebehaviors. Javelinrecommendsacomprehensive,threepartapproachtocombat identityfraudeffectively:prevention,detection,andresolution.Thenext sectionprovidesdataoncurrenttrends,stepstopreventfraud,actionsto detectfraudifitoccurs,andwaystoresolvefraudifyoubecomeavictim.
Figure5:JavelinsPrevention,Detection,andResolutionIdentityFraudModel
12
CONSUMERPROTECTIONCHECKLIST
BelowisJavelinsconsumerprotectionchecklist.Thechecklisthighlightstheninemostimportantways toprevent,detect,andresolvefraudinyourfinancialaccounts.Takesometimeandreviewthelist belowtoseehowpreparedyouare.Themoreitemsyoucancheckoffthelist,thegreatersecurityyou haveagainstidentityfraud.Remember,themostefficientwaytocombatfraudisforfinancial institutionsandconsumerstoworktogethertostopcriminals.Togetevenmorecustomized recommendations,visitJavelinsIDSafety.netwebsite,whereweofferan18questionquizthatwill providepersonalizedrecommendationsforyourdailyactivities.
13
PREVENTION
Consumerscanbestpreventidentityfraudbycarefullyprotectingand limitingtheexposureofsensitiveinformation,suchasPINs,bankingand accountnumbers,andSocialSecuritynumbers.Youalsoshouldbeaware ofcommonfraudstertechniques,suchasphishing,vishing,smishing,and otherscams.
HowCanIPreventIdentityFraud?
MobileDeviceSecurity.Mobiledevicesaretreasuretrovesof informationforfraudsters.Thealwaysonfunctionalityof mobiledevicesprovidesfraudsterswithnewavenuesfor stealinginformation.Werecommendthefollowingstepstoprevent identityfraud: Installmobilesoftwareonlyfromtrustedsourcesandofficialapp stores.
Appusersshouldalsoreadthepermissionsrequestedbynew appscarefullyanddeterminewhetherthepermissions coincidewiththeallegedfunctionoftheapp.
Mostsmartphoneusersshouldalsoinstallanantivirus/ antimalwareprogramtomitigateinstancesofmobilemalware.
ApplemaintainsthatnoantivirusisneededforiPhoneusersas longastheOSiskeptuptodate,andnoneisavailableinthe AppleAppStore.
Mobiledevicesareincreasinglyusedtostoreandtransmit personalinformation.Youshoulduseantivirus/antimalware softwaretoguardthatinformationfrommalicious applications.
14
Makesurealloperatingsystemsarethelatestversions.
Updatesareusedtopatchsecurityholesfoundonthe previousversionoftheoperatingsystem.Devicesthat continuetorunonoldoperatingsystemscontinueto experiencethosesecurityvulnerabilities.
Installorenableapasscodelockonyoursmartphone.
Passcodesactasastrongdeterrenttothievesandcangive youthetimeyouneedtoenableyourremotewipingoranti theftsoftware. BeSocial,BeResponsible.SocialmediasiteslikeFacebook, Flickr,Tumblr,LinkedIn,MySpace,Google+,andTwitterare explodinginpopularity,andthegrowingubiquityofthese
1. Social networking sites can provide fraudsters with personal information to access accounts. 2. Use caution when sharing such details on your profile.
siteshasintroducedanewsetofrisksfortheuser.Wearenotsuggesting younotparticipateinsocialmedia,butexamineyourcurrentbehaviors thatexposepersonalinformationthatistypicallyusedbybanksandother companiestoverifyaconsumersidentity. Donotrevealsensitiveorpersonalinformationonsocial networkingsites.
Suchpersonaldetailsarecommonlyusedbybanksandcredit cardcompaniesassecurityquestionstoidentifyanindividual beforeclearingaccesstohisorherfinancialaccounts,credit cardlogins,andmore.
Usecautionwhenusingappsonsocialnetworkingsites.
Verifythattheappdoesnothaveaccesstoanypersonally identifiableinformation.Usersofcertainsocialmediaapps experienceasignificantlyhigherincidenceoffraudthanthe generalpublic.
15
StaySafeOnline.Transitioningyourfinancialactivities awayfrompaperstatementsandontoonlinechannelscan significantlyreducethetimeittakestodetectfraudaswell asreducerisksassociatedwithphysicaldocumentscontainingpersonal information.However,theInternetalsointroducesnewthreatsthatyou shouldtakeintoaccount. Regularlyinstallandupdatefirewall,antivirus,andantispyware softwareonyourcomputerandmobiledevicewhenpossible.
Beawareofthedangersofonlinethreatsandinstallantivirus andantimalwaresoftwareonyourcomputer,smartphones, andtablets,andupdateitalongwithapplications,browsers, andoperatingsystems.
7.4 % consumers who accessed public wi-fi hotspots in the past 12 months became a fraud victim. This is much higher than those that did not (4.6%)
Downloadbrowsersecuritysoftwaretoprotectagainstmanin thebrowserattacks.Installsecuritypatchesandsoftware updatesassoonastheyarereleasedbyverifiedsources.
Useandrecognizesecurewebsites.
Donotprovidecardorpersonalinformationatunsecured sites.
Torecognizethesesites,lookforthepadlocksymbolandan safterthehttpinyourbrowsersaddressbar.Ifthe websitehasanadditionallayerofsecurity(EVSSL),green highlightingwillappearintheaddressbarwhenyouaccess thesiteusingahighsecuritybrowser.
Avoidaccessingwebsitesthatdisplaypersonaloraccount informationusingunsecuredWiFiconnections,suchasthose atcafes,publiclibraries,orairports.Youaremoresecureusing yourmobiledevices3Gor4Gconnectionthanusingapublic hotspot.
EnsurethatyourInternetconnectionathomeandworkis secureorprotectedbyafirewall.
16
TurnoffBluetoothandWiFiwhentheyarenotbeingused.
Do not use: Dictionary words, the name of the website, or the word password. Dont just capitalize the first character; instead, capitalize a random letter. Integrate numbers into your password.
Watchoutforemailandattachmentsfromconvincingimitations ofbanks,cardcompanies,charities,andgovernmentagencies.
Neverresponddirectlytorequestsforpersonaloraccount informationonline,overthephone,inemail,orthroughyour mobiledeviceincludingSMStextmessages.
Instead,useyourbankscontactinfolistedontheirwebsite, onstatements,orthebackofcreditcards.Callthemdirectly.
DonotclickonembeddedlinksinanyemailorSMS.Ifyouget anemailfromyourbankorFI,gotoitsmainwebsiteoruseits dedicateddownloadableapplication.
Followsafepasswordpractices.
Donotuseeasilyguessedpasswords,suchasyourbirthdate, thenameofacloserelative,oryourpetsname.
UsepasswordsforwirelessInternetconnections,anddont accessunsecurewebsitesortypeinPIIusingpublicWiFion mobiledevices,laptops,orcomputers.
Takeadvantageofavailableonlineshoppingandpayment securityfeatureslikeonetimepasswordsandvirtualcreditcard accountnumbers.
Manyofthelargestpaymentnetworksandfinancial institutionsofferenhancedsecuritytoolsformoresecure shoppingonline.ServiceslikeVerifiedbyVisa,MasterCard SecureCode,andCitibanksVirtualAccountNumbersoffer additionallayersofsecuritytoyouronlineshopping experiencegivingimprovedfraudprotection.
Wipecleanelectronicdevices,suchassmartphones,tabletsand computers,beforedisposingof,turningin,orsellingthem.
17
StaySafeOffline.Beingawareofyoursurroundingsand destroyingphysicaldocumentsthatcontainsensitiveinformation areessentialinsafeguardingyouridentity.Takethesesimple precautionstoensurethatyouridentityissafe. Keepsensitiveinformationfrompryingeyes.
Athomeorwork,secureyourpersonalandfinancialrecordsina lockedstoragedeviceorapasswordprotectedfile.
Javelin Data Snack: In 2012, 12% of all identity fraud crimes were committed by someone known to the victim.
Shredpaperdocumentsthatcontainsensitiveinformation beforedisposingofthem.
AvoidprovidingyourfullninedigitSSNwheneverpossible,anddo notcarryyourfinancialcardsanddocumentswithsensitive information.
WhenyourSocialSecuritynumberisrequestedasanidentifier, askifyoucanprovidealternateinformation.
Javelin Data Snack: In 2012, 28% of fraud victims reported having their SSN stolen.
Requestelectronicstatementsanduseonlinebillpaywhenever possible.
Enrollindirectdeposit,anddontputchecksinanunlocked mailbox.
Switchfrompaperstatementstoonlinefinancialaccount management.
Call: 1-888-5-OPTOUT Visit:

www.optoutprescreen.com
Optoutofpreapprovedcreditoffers.
To be removed from credit card applications.
18
DATABREACHNOTIFICATIONLETTERS
Organizationstypicallysenddatabreachletterstonotifycustomersaboutthepossibleleak ofpersonallyidentifiableinformation,suchasSocialSecuritynumbers,driverslicense numbers,creditcardnumbers,etc.Theletterwouldalsospecifywhatinformationwas stolenorleakedandthestepsrequiredtoensurefurtherprotectionofcustomersaccounts. In2012,12%ofU.S.adultsreceivedsuchletters.
WhatShouldIDoIfIReceiveaBreachNotificationLetter?
Currently,46states(plustheDistrictofColumbia,Guam,PuertoRico,andtheU.S.Virgin Islands)requirecompaniestonotifyyouifabreachofsecurityoccursattheirplaceof businessandyourpersonalinformationhasbeenplacedatrisk.Receivingthisnotification doesnotnecessarilymeanthatyouwillsufferafraud.However,Javelindatashowsthat consumerswhoreceivedbreachnotificationsin2012hadasubstantiallyhigherriskof identityfraud,almost5timeshigher,thanthosewhodidntreceivethesenotifications.
TakeActiontoProtectYourselfIfYouReceiveaSecurityBreachNotification
Figure6:RecordNumberofDataBreachRecipientsBecameIDFraudVictimsin2012
19
Consumerswhoreceivesecuritybreachnotificationsthereforeneedtotakeactionto protectthemselves.Ifyoureceiveadatabreachletter,takethefollowingsteps: 1. Verifythattheletterislegitimate. 2. Youarestronglyencouragedtotakeadvantageofanyfreeservicesthenotification letteroffers,suchascreditmonitoring. 3. Youshouldalsocallthetollfreenumbersorvisitthewebsiteslistedintheletterto learnmoreaboutthebreach,determineyourlevelofrisk,andidentifytheactions youneedtotaketoprotectyourselffrommoredamage. 4. Differentbreacheshavedifferentlevelsofriskthatrequirespecificactionby consumerstopreventfurtherharm.Theactioncouldbeassimpleaschanging passwordstoemailaccountsthatarelinkedtotheFItocancelingthecreditordebit cardaffectedtochangingsecurityquestionsandanswerstoaffectedaccounts.Or theactioncouldbefarreaching,suchasthefollowing: Monitoringyourfinancialaccounts. Closingaffectedaccounts. Placingafraudalertonyourcreditreportwiththethreeprimarycreditbureaus: Equifax,Experian,andTransUnion(refertoFigure7forcontactdetails).Fraud alertsnotifycreditorsthatapotentialfraudhasoccurredandthattheyshould verifytheapplicantsidentitybeforeextendingcredit.Aninitialalertstaysactive for90days,andanextendedalertforidentityfraudvictimslastssevenyears.A fraudalertwilltriggeracreditreport,whichtheconsumerneedstoreviewfor anysignsoffraud. Placingacreditfreezeonyouraccountwiththethreeprimarycreditbureaus.A creditfreezeisstrongerthanafraudalertbecauseitlocksyourcreditreport downtopreventnewcreditfrombeingextended.
20
DETECTION

CreditBureauInformation
Figure7:HowtoContacttheThreeCreditBureaus
Credit Bureau Order credit Report fraud Web address
EQUIFAX 8006851111 8887660008 www.equifax.com
EXPERIAN 8883973742 8883973742 www.experian.com
TRANSUNION 8008884213 8006807289 www.transunion.com
Mailing address
EquifaxConsumer FraudDivision P.O.Box105281 Atlanta,GA30374
ExperianConsumer Assistance P.O.Box9532 Allen,TX75013
TransUnionVictim AssistanceDept. P.O.Box6790 Fullerton,CA92834
Note:Toorderafreeannualcreditreportfromanyorallagencies,contact www.annualcreditreport.comorcalltollfreeat8773228228.
Itiscriticalthatconsumersdetectfraudasearlyaspossibletominimize potentiallossesandfraudresolutiontime.Fasterdetectionresultsinlower outofpocketexpenses,whichincludeunreimbursedlosses,legalfees, andlostwages.Thesoonerfraudisdetected,theeasieritistoresolveand thelessthecriminalisabletosteal.
HowCanIDetectIdentityFraud?
Javelinresearchhasconsistentlyshownthatconsumerscanbevery successfulatdetectingidentityfraudrelatingtotheiraccounts.Themost efficientwaytocombatfraudisforconsumersandinstitutions(banks, governmentagenciessuchastheFederalTradeCommission,andother
21
organizationsdedicatedtofightingfraud)toworktogether.Consumers mustbeproactiveintheirapproachtoprotectthemselvesagainstfraud andshouldworkwithinstitutionstosafeguardtheiridentity.
SelfDetectionvs.ExternalFraudDetection
FinancialaccountprotectionisasharedresponsibilitybetweenFIsand customers.In2012,frauddetectionwasalmostequallysplitbetween fraudvictimsandexternalsources(e.g.,FIsandlawenforcement).While 50%ofvictimswereabletoselfdetectfraudbyregularlymonitoringtheir accounts,creditreports,orenrollinginidentityprotectionservices,33%of consumersreliedontheirbanksorcreditcardproviders.Thelattergroup realizedtheyhadbeendefraudedonlywhentheywerenotifiedbythese externalsources. ConsumersAreEquallyRelyingonSelfDetectiontoDiscoverFraudon TheirAccounts
Figure8:MethodsofDetection,2012
SelfDetection
50%
Bymonitoring accounts through the Internet,ATM, orother electronic means Monitored account through paper statements Balance shrank/credit overdrawn Reviewedcreditreport Usinga creditmonitoring or identity protection service
Notifiedby BankorCredit CardProvider 33%
Other 17%
Q22:Howdid youfirstdiscoveryouwere avictim ofidentitytheft? Wasit ...?
October2012, n= 827 Base:Allfraudvictims. Surveybase:n=5,249 2013 JavelinStrategy&Research
22
Itisimportanttonotethatselfdetectionisstillthemosteffectivewayto detectfraud.CertaintypesoffraudaremoredifficultforFIstodetectand canleadtolongerdetectiontimesandhigherconsumercostsforvictims. Forexample,incasesoffamiliarfraud(instancesoffraudwherethevictim personallyknowstheperpetrator)only10%ofvictimsreportedbeing informedbybanksorcreditcardcompaniesthatfraudulentactivitieshad occurredontheiraccounts,comparedto33%ofvictimsofothertypesof fraud.Thesecasesareoftendifficulttodetectbyexternalsecuritysystems becausetheperpetratorisusuallyfamiliarwiththevictimsbehaviorsand/ orlivesintheclosegeographicalarea.Itisintheconsumersinterestfor themtoplayanactiveroleinmanagingtheirfinancialsecurityandkeeping aclosewatchontheirfinancialactivity. Javelinrecommendsdoingthefollowingtodetectfraudearly: Signupforemailandmobilealertsthroughyourprimarybank, creditcardcompany,and/orserviceprovider.
Free reports are available at

AnnualCreditReport.com
or by calling 1-877-322-8228.
SetupemailandSMStextnotificationsthroughFIssothat theywillalertyoutosuspiciousactivityandchangestoyour accountsorpersonalinformation.
Youcanchooseamongawidearrayofalertofferingsforthe onesthatapplytoyourbankingbehaviorsandpractices, therebyincreasingyouridentityfraudprotection.Contactyour bank,creditcardprovider,orserviceproviderandaskfor informationaboutaccountalerts.
By contacting a different one of the three credit bureaus every four months, you can stagger your free reports to review your credit three times a year at no charge.
Themostcommonmethodthatfraudstersusetotakeover accountsischangingthephysicaladdress,sosetupanaddress changealertwheneverpossible.
Monitoryourcreditreportonaregularbasis.
Reviewandconfirmthatalltheaccountslistedbelongtoyou andthatnounauthorizedchargeshavebeenmadeor unknownaccountsorcreditlineshavebeenopened.
23
Optionalfeebasedservices,suchasmoreextensive monitoringofcreditinformation,personalidentityrecords, andSocialSecuritynumbers,provideextrasecurityand convenienceforthosewhodontwanttopersonallymonitor theirinformation.Whenchoosinganidentityprotection service,selectaproviderthatcoversbothpersonal informationandcreditmonitoring.3
Reviewfinancialstatementspromptly.
Checkaccountbalancesatleastweeklythroughonline banking,mobilebanking,phone,orATM.Regularlymonitorall financialaccountselectronically,includingbanking,biller,and creditcard.
Confirmthatalltransactionsareauthorizedandthatno suspiciousactivityhasoccurredorunapprovedchangeshave beenmadetoyouraccounts.
FormoreinformationaboutthespecificservicesofferedbysomeofthetopIDprotectionproducts,pleasereferto Javelins2012IdentityProtectionServicesScorecard:HowtoDeliverCustomerandMarketValueinaRegulated$4B Market.
24
RESOLUTION
WhatShouldIDoIfIBecomeaVictimofIdentityFraud?
Ifyoubecomeavictimofidentitytheftorfraud,dontpanic.Whenit comestoyourfinancialaccounts,FIsandcreditcardprovidersare preparedtohelpyouresolvetheidentitytheft.MostFIshaveateam dedicatedtoresolvingidentityfraudandguidingvictimsthroughthe process.Withtechnologicaladvancements,identityfraudresolutionhas improved. Byfollowingthefewsimplestepsbelow,youcanhelpensurethatyour fraudcaseishandledquicklyandpainlessly.Theseactionscanserveasa checklist/resourceguideifyoubecomeavictim. Immediatelycontactyourbankandcreditcardcompanies.
Javelin Data Snack: The average amount of time required to resolve a case of identity fraud has steadily decreased, from 18 hours in 2004 to 12 hours in 2012.
Reportproblemsandworkwithyourbank,creditunion,or identityprotectionserviceprovidertotakeadvantageof resolutionservicesandreimbursementpolicies.
IfyourFIprovidesfraudresolutionspecialists,askfortheir assistancetoensurethefraudisresolved.
Notifytheappropriateinstitutionsassoonaspossibleif physicaldocumentssuchasacheckbook,wallet,debitcard,or creditcardarelostorstolen,ifunauthorizedorsuspicious accountactivityoccurs,ifchangesaremadetopersonal information(e.g.,physicaladdress,emailaddress,registered users,loginorpassword),orifpaperstatementsareturned off.
Dependingoneachindividualcase,anFImaycloseyour account,cancelyourdebitorcreditcards,andtakeother necessaryprecautions.Itwillalsoassistyouinsettingupnew accountsandwillissuenewdebitandcreditcards.
25
EducateyourselfonyourFIsandissuerszeroliability protectionsondebitcardsandATMwithdrawalsbecausethey varyamongproviders.
Reportalllostorstolencardsorfraudulenttransactions immediatelybecausethetimingofyourreportmayaffectthe amountthatyouareliableforunderthelaw.
ContacttheFederalTradeCommission. Placeafraudalertonyourcreditreport.
To report incidents of suspected fraud or identity theft, visit the FTC online at http:// www.consumer.ft c.gov/features/ feature-0014identity-theft or call 1-877-IDTHEFT (1-877-438-4338).
Ifyourpersonalinformationhasbeencompromisedorifyou havebeenavictimoffraud,immediatelycontactthethree primarycreditreportingagencies:Equifax,Experian,and TransUnion(refertoFigure7forcontactinformation)toplace afraudalert.Theseagenciesprovidecreditmonitoring servicesaswellasadditionalproductsandservices.
Fileapolicereport.
Iffraudhasoccurred,contactyourlocalpolicedepartmentto fileanidentityfraudreport.Makesuretosaveacopyforyour personalrecords.
ConsiderenrollinginahighqualityIDprotectionservice.
VictimswhofindthattheirdriverslicensenumbersorSSNs havebeencompromisedshouldconsiderenrollinginID protectionservicesthatmonitorcreditreportsaswellasnon creditrelateddatabasesforunauthorizeduseofstolen information.
IdentityFraudProtectionSolutions
Specificservicesareavailableforconsumerswhowantextraprotection againstnewaccountsfraudthetypeoffraudinwhichacriminalusesa victimsSocialSecuritynumberandotherpersonallyidentifiable informationtocreateafraudulentaccountinthevictimsname(e.g.,
26
creditcard,cellphone,orutilities)andothertypesoffraud.Identity protectionservicessuchascreditmonitoringandpersonalinformation monitoringcanbepurchasedforafee.Javelinadvisesconsumerswho purchasefeebasedservicestolookforthefirmsBBBrating.These servicescanprovidepeaceofmindandconvenienceforconsumerswho wantextraprotection. CreditMonitoringandPersonalInformationMonitoringServices

Figure9:IdentityFraudProtectionServices
SERVICE Creditmonitoring DESCRIPTION
Apaidsubscriptionservicethatmonitorsyourcreditforsuspicious
activityorchangestoyourcreditfile(e.g.,creditinquiries, employmentchanges,newaccountsoraddresschanges) Intendedtodetectpotentialidentityfraud
Personalinformation monitoring
Scanspublicrecords,thirdpartydatabasesandInternetsitesto
detectexposureofyourpersonalinformation(creditcard numbers,SocialSecuritynumbers,etc.) Intendedtodetectpotentialidentitytheft
Consider placing a security freeze on your credit report. If you have been a victim of fraud related to an opening of a new account more than once and you are not actively applying for credit, you may want to place a security freeze on your credit report at each of the three reporting agencies.
Fraudalert
Amessagethatisplacedonyourcreditreport,requiringlenders
andcreditorstoconfirmyouridentitybeforeissuinganewlineof credit Intendedtopreventnewaccountsfraud
Creditfreeze
Freezesyourcreditfileatthecreditreportingagencies,whichare
thenprohibitedfromissuingyourcredithistorytoanylender, creditor,orothers Intendedtopreventnewaccountsfraud 2013JavelinStrategy&Research
27
ABOUTJAVELIN
JavelinStrategy&Research,adivisionofGreenwichAssociates,provides strategicinsightsintocustomertransactions,increasingsustainableprofits andcreatingefficienciesforfinancialinstitutions,governmentagencies, paymentscompanies,merchants,andothertechnologyproviders.Javelins independentinsightsresultfromauniquelyrigorousthreedimensional researchprocessthatassessescustomers,providers,andthetransactions ecosystem. Authors: Contributors: PublicationDate: Editor JamesJarzab,ResearchSpecialist AlPascual,SecurityRiskandFraudSeniorAnalyst SarahMiller,SecurityRiskandFraudAnalyst MaryMonahan,ExecutiveVicePresidentand ResearchDirector JamesVanDyke,PresidentandFounder February2013 ChuckErvin
Additional Resources The 2013 Identity Fraud Reports sponsors Intersections and Citigroup also make safety recommendations: Intersections http:// www.identityguar d.com/what-isidentity-theft/ Citigroup https:// online.citibank.co m/US/JRS/pands/ detail.do? ID=SecurityCenter
ABOUTTHEMETHODOLOGY
Since2003,Javelinhascollecteddatafromapproximately5,000adults eachyeartomeasuretheoverallimpactofidentityfraudonconsumers.In 2012,5,249adults,including1,186fraudvictims,answeredquestions regardingtheirdailyfinancialpracticesandbehaviorstohelpdetermine thecausesofandprovideimportantdetailsaboutsuchfraud.Javelins identityfraudstudyreachesanaudienceof63millionandisafactual resourcefortheFederalTradeCommission(FTC).
28
GLOSSARYOFTERMS
accounttakeoverfraud Methodofidentityfraudinwhichafraudoperatorattemptstogain accesstoaconsumersaccountbyfraudulentlyaddinghisorher informationtotheaccount(e.g.,changingaccountmailingaddress, addinghimselforherselfasaregistereduser,ormakingother alterations). Transactioninwhichthecardisnotpresent;carddataismanually entered.Thisincludespurchasesmadeonline,byphone,orthrough themail.
cardnotpresent(CNP)
casualsocialnetworkactivity Socialnetworkuserswhoindicatedthattheysometimesusethe users indicatedsocialnetworkingactivityoroftenusetheindicatedsocial networkingactivity. cloud ThecloudisametaphorfortheInternet.Withthecloud,software servicesanddataarenothostedlocallybutgloballyandare accessibleremotelybybrowser.Amazon,Google,andRackspace,for example,offerlargecloudnetworksthatareleasedtovarious businesses. Outofpocketcostsincurredbythevictimtoresolveafraudcase, includingpostage,copying,notarizingofdocuments,andlegalfees; costsmayalsoincludepaymentofanyfraudulentdebtstoavoid furtherproblems. Securityfreezeplacedonaconsumerscreditfiletopreventthefile frombeingsharedwithcreditors,thusforestallingnewaccounts frombeingopenedintheconsumersname. Servicethatscrutinizesaconsumerscreditfileforsuspiciousactivity orchangesonhisorhercreditreportsuchascreditinquiries, delinquencies,negativebillinginformation,employmentchanges, andaddresschanges.Monitoringisparticularlyhelpfulindetecting newaccountfraudafteritoccurs.Themosteffectivecredit monitoringcompanieswillmonitorallthreecreditbureausbecause manylenderswillcontactonlyone. Unauthorizeddisclosureofinformationthatcompromisesthe security,privacy,orintegrityofpersonallyidentifiabledata. ActofpassivelycompromisingaPCbydownloadingamaliciousfile whilethevictimviewsthecontentofawebsite.
consumercostoroutof pocketcost
creditfreeze
creditmonitoring
databreach drivebydownload
29
existingaccountfraud existingcardaccountfraud
Identityfraudperpetratedagainsteitherorbothexistingcardand existingnoncardaccounts. Identityfraudperpetratedthroughuseofexistingcreditordebit cardsand/ortheiraccountnumbers.Thisfraudtypecanalsobe referredtoasexistingcardfraudorECF. Identityfraudperpetratedthroughuseofexistingcheckingand savingsaccountsorexistingloan,insurance,telephone,andutilities accountsorotheraccounts.Thisfraudtypecanalsobereferredtoas existingnoncardfraudorENCF. Methodsofdetectingfraudinwhichanexternalresourceisthefirst todiscoverthefraud.Examplesofexternaldetectionmethods includediscoveringfraudthroughnotificationsfromthebank,law enforcement,ordebtcollectors. Totalamountoffundsthefraudoperatorobtainedillegally;these mayresultinactuallossestovariousbusinessesandorganizations and,insomecases,totheconsumer. Socialnetworkuserswhoindicatedthattheyalwaysusethe indicatedsocialnetworkingactivityoroftenusetheindicatedsocial networkingactivity. Fraudcommittedbysomeonewhoknowsthefraudvictim personally,suchasafamilymember,coworker,orfriend.Familiar fraudismoredamaging(hardertodetectandlongertoresolve) becausetheperpetratorstendtobeawareofthevictimshabitsand knowhowtohidethefraud.Also,victimstendnottoreportfamiliar fraudtoauthorities. Unauthorizeduseofsomeportionofanotherspersonalinformation toachieveillicitfinancialgain.Identityfraudcanoccurwithout identitytheft(forexample,byrelativeswhoaregivenaccessto personalinformationorbytheuseofrandomlygeneratedpayment cardnumbers). Unauthorizedaccesstopersonalinformation;identitytheftcanoccur withoutidentityfraud,suchasthroughlargescaledatabreaches. Spywarethatcapturesandrecordsuserkeystrokesonacomputer andisusedbyfraudsterstoobtainpasswords,PINs,logins,andother sensitiveinformation.
existingnoncardaccount fraud
externaldetectionmethods
fraudamount
frequentsocialnetworking activityusers familiarfraud
identityfraud
identitytheft keylogger
30
mailorder/telephoneorder (MOTO) malware
Ordersplacedthroughmailortelephonechannels(atypeofcardnot presenttransaction). Malicioussoftwaredesignedtoaccessacomputeroroperating systemwithouttheknowledgeorconsentoftheuser.Some examplesofmalwarearecomputerviruses,worms,Trojanhorses, spyware,maliciousadware,androotkits.Malwareisdamagingcode orprogrammingthatgathersinformationwithoutpermission. Attackinwhichaperpetratorisabletoread,insertinto,andmodify, atwill,messagesbetweentheInternetbrowserandaserverwithout eitherpartysknowingthatthelinkbetweenthemhasbeen compromised. Attackinwhichaperpetratorisabletoread,insertinto,andmodify, atwill,messagesbetweentwopartieswithouteitherpartysknowing thatthelinkbetweenthemhasbeencompromised.MITBattacksare asubsetofMITMattacksinwhichthebrowserisexploitedtotrick thelegitimatepartiesintorevealingsensitiveinformation. MethodbywhichtheFIandthecustomeridentifyeachotherby providingandidentifyingsharedsecrets. Identityfraudperpetratedthroughuseofthevictim'spersonal informationtoopenfraudulentnewaccounts. Servicethatkeepsaneyeonaconsumerspersonallyidentifiable informationbymonitoringchannels,includingonlinesurveillance, publicrecordsanddatabases,Internetsites,andcardingforums (undergroundsiteswherestolencreditcardnumbersareboughtand sold).Thirdpartysolutionsthatofferthisserviceprovideadditional valuebecausetheycanmoreholisticallypreventanddetectidentity fraud,includingmedicalandhealthinsurancefraud. Methodof"fishing"forInternetuserspasswordsandfinancialor personalinformationbyluringthemtoafakewebsitethroughan authenticlookingemailthatimpersonatesatrustedparty.Phishing emailscouldattempttoimpersonateanFI,issuer,merchant,or biller. Userdefinedcontrolsthatallowuserstomanagethevisibilityof variouspartsoftheirsocialmediaprofiles,includingwhohasaccess tospecificinformation.
maninthebrowser(MITB)
maninthemiddle(MITM)
mutualauthentication newaccountsfraud personalinformation monitoring
phishing
privacysettings
31
selfdetectionmethods
Methodsofdetectingfraudinwhichtheconsumeristhefirstto discoverthefraud.Examplesofselfdetectionincludediscovering fraudthroughelectronicorpapermonitoringorreportingacardlost orstolen. Victimswhoreportthattheyhavesufferedasignificantlynegative effectbecausetheyhavebeenfraudvictims.Consumersratethe impacta4or5onascalewhere1representslittleornoeffectand 5representsasevereeffect. Amobiledevicewithphone,keyboard,webaccess,andapps(e.g., Android,iPhone,WindowsMobile,BlackBerry,etc.) Aformofcriminalactivity,usingtechniquessimilartophishing,in whichafraudsterusesSMSmessagestomobiledevicestolure victimsintorevealingpersonalinformation.Similartophishing,it couldattempttoimpersonateanFI,issuer,merchant,orbillerand canincludeafraudulentURLlinktoafakedwebsiteorphone numbertoafakeautomatedvoiceresponsesystem. Amediumforconsumerstointeractwithoneanotheronline.Users areresponsibleforgeneratingcontentandcanpostandedit conversations,pictures,andmedia.Someofthemostpopularsocial mediasitesareFacebook,MySpace,LinkedIn,Twitter,FourSquare, Yelp,andYouTube. Programthatappearstobeausefulfile(e.g.,amusicfileorsoftware upgrade)fromalegitimatesource,trickingthevictimintoopeningit; onceactivated,theTrojanhorseallowsintruderstoaccessprivate information. Reviewandreleasealertsareuserdefinednotificationsthatalertthe consumerwhenthetransactionisstillpending.Thetransactionthat triggeredthealertremainspendinguntiltheconsumercanverifyor denyitwithinthealert. Reviewandrespondalertsnotifyconsumersafteratransactionhas beencompletedbutallowstheconsumertorespondwithinthealert ifheorshewantstotakecertainaction.Thiscouldincludereporting thetransactionasfraudulentortransferringfundsfromoneaccount toanother.
severelyimpacted
smartphone smishing
socialnetworking
Trojanhorse
twowayactionablealerts: reviewandrelease
twowayactionablealerts: reviewandrespond
32
WiFihotspots
LocationthatoffersInternetaccessoverawirelesslocalarea network.Thesehotspotscanbesetupinpublicvenueswhereusers canconnectusinglaptops,smartphones,tablets,andotherInternet accessingdevices. DesignedtoreplaceWEPbyusingstrongerencryption.Extensionsof WPAandWPA2includeTemporalKeyIntegrityProtocol(TKIP)and presharedkey(PSK,alsoknownaspersonal)mode.Bothrequirethe additionofapassphrasethatisusedintheprocessofencryptingthe datapacket.
WiFiProtectedAccess (WPA)

Identity Fraud Consumer Report

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Identity Fraud Consumer Report

Uploaded by

Copyright:

Available Formats

HowConsumerscanProtectAgainst IdentityFraudstersin2013

pages graphs and

the key findings

identity fraud data from 2003 2012.

25% 22.5% 20% 18.9%

Q2.In thepast12 months,haveyou beennotifiedbyabusiness orotherinstitution thatyourpersonalorfinancialinformationhas been lost,stolen,orcompromised inadatabreach?

Rising online sales lead to increase in online fraud

15% 14% 13% 12% 11% 10% 9% 8% 7% 6% 5% 4% 3% 2% 1% 0%

October 2012,n=varies1,062 to 5,249. Base:Allconsumers, ownersofvariousproducts. 2013JavelinStrategy&Research

ATHOME: Throughinformationleftoutinthe home(oratwork)andstolenbyfamily orfriends

WHILEYOUAREOUT: Bymeansofalostorstolenwalletor purse

Appusersshouldalsoreadthepermissionsrequestedbynew appscarefullyanddeterminewhetherthepermissions coincidewiththeallegedfunctionoftheapp.

ApplemaintainsthatnoantivirusisneededforiPhoneusersas longastheOSiskeptuptodate,andnoneisavailableinthe AppleAppStore.

Mobiledevicesareincreasinglyusedtostoreandtransmit personalinformation.Youshoulduseantivirus/antimalware softwaretoguardthatinformationfrommalicious applications.

Updatesareusedtopatchsecurityholesfoundonthe previousversionoftheoperatingsystem.Devicesthat continuetorunonoldoperatingsystemscontinueto experiencethosesecurityvulnerabilities.

Passcodesactasastrongdeterrenttothievesandcangive youthetimeyouneedtoenableyourremotewipingoranti theftsoftware. BeSocial,BeResponsible.SocialmediasiteslikeFacebook, Flickr,Tumblr,LinkedIn,MySpace,Google+,andTwitterare explodinginpopularity,andthegrowingubiquityofthese

siteshasintroducedanewsetofrisksfortheuser.Wearenotsuggesting younotparticipateinsocialmedia,butexamineyourcurrentbehaviors thatexposepersonalinformationthatistypicallyusedbybanksandother companiestoverifyaconsumersidentity. Donotrevealsensitiveorpersonalinformationonsocial networkingsites.

Suchpersonaldetailsarecommonlyusedbybanksandcredit cardcompaniesassecurityquestionstoidentifyanindividual beforeclearingaccesstohisorherfinancialaccounts,credit cardlogins,andmore.

Verifythattheappdoesnothaveaccesstoanypersonally identifiableinformation.Usersofcertainsocialmediaapps experienceasignificantlyhigherincidenceoffraudthanthe generalpublic.

Beawareofthedangersofonlinethreatsandinstallantivirus andantimalwaresoftwareonyourcomputer,smartphones, andtablets,andupdateitalongwithapplications,browsers, andoperatingsystems.

Downloadbrowsersecuritysoftwaretoprotectagainstmanin thebrowserattacks.Installsecuritypatchesandsoftware updatesassoonastheyarereleasedbyverifiedsources.

Torecognizethesesites,lookforthepadlocksymbolandan safterthehttpinyourbrowsersaddressbar.Ifthe websitehasanadditionallayerofsecurity(EVSSL),green highlightingwillappearintheaddressbarwhenyouaccess thesiteusingahighsecuritybrowser.

Avoidaccessingwebsitesthatdisplaypersonaloraccount informationusingunsecuredWiFiconnections,suchasthose atcafes,publiclibraries,orairports.Youaremoresecureusing yourmobiledevices3Gor4Gconnectionthanusingapublic hotspot.

Neverresponddirectlytorequestsforpersonaloraccount informationonline,overthephone,inemail,orthroughyour mobiledeviceincludingSMStextmessages.

DonotclickonembeddedlinksinanyemailorSMS.Ifyouget anemailfromyourbankorFI,gotoitsmainwebsiteoruseits dedicateddownloadableapplication.

UsepasswordsforwirelessInternetconnections,anddont accessunsecurewebsitesortypeinPIIusingpublicWiFion mobiledevices,laptops,orcomputers.

Takeadvantageofavailableonlineshoppingandpayment securityfeatureslikeonetimepasswordsandvirtualcreditcard accountnumbers.

Manyofthelargestpaymentnetworksandfinancial institutionsofferenhancedsecuritytoolsformoresecure shoppingonline.ServiceslikeVerifiedbyVisa,MasterCard SecureCode,andCitibanksVirtualAccountNumbersoffer additionallayersofsecuritytoyouronlineshopping experiencegivingimprovedfraudprotection.

StaySafeOffline.Beingawareofyoursurroundingsand destroyingphysicaldocumentsthatcontainsensitiveinformation areessentialinsafeguardingyouridentity.Takethesesimple precautionstoensurethatyouridentityissafe. Keepsensitiveinformationfrompryingeyes.

AvoidprovidingyourfullninedigitSSNwheneverpossible,anddo notcarryyourfinancialcardsanddocumentswithsensitive information.

Call: 1-888-5-OPTOUT Visit:

To be removed from credit card applications.

Credit Bureau Order credit Report fraud Web address

EQUIFAX 8006851111 8887660008 www.equifax.com

EXPERIAN 8883973742 8883973742 www.experian.com

TRANSUNION 8008884213 8006807289 www.transunion.com

EquifaxConsumer FraudDivision P.O.Box105281 Atlanta,GA30374

ExperianConsumer Assistance P.O.Box9532 Allen,TX75013

TransUnionVictim AssistanceDept. P.O.Box6790 Fullerton,CA92834

Itiscriticalthatconsumersdetectfraudasearlyaspossibletominimize potentiallossesandfraudresolutiontime.Fasterdetectionresultsinlower outofpocketexpenses,whichincludeunreimbursedlosses,legalfees, andlostwages.Thesoonerfraudisdetected,theeasieritistoresolveand thelessthecriminalisabletosteal.

organizationsdedicatedtofightingfraud)toworktogether.Consumers mustbeproactiveintheirapproachtoprotectthemselvesagainstfraud andshouldworkwithinstitutionstosafeguardtheiridentity.

Notifiedby BankorCredit CardProvider 33%

Q22:Howdid youfirstdiscoveryouwere avictim ofidentitytheft? Wasit ...?

October2012, n= 827 Base:Allfraudvictims. Surveybase:n=5,249 2013 JavelinStrategy&Research

Free reports are available at

SetupemailandSMStextnotificationsthroughFIssothat theywillalertyoutosuspiciousactivityandchangestoyour accountsorpersonalinformation.

Youcanchooseamongawidearrayofalertofferingsforthe onesthatapplytoyourbankingbehaviorsandpractices, therebyincreasingyouridentityfraudprotection.Contactyour bank,creditcardprovider,orserviceproviderandaskfor informationaboutaccountalerts.

Themostcommonmethodthatfraudstersusetotakeover accountsischangingthephysicaladdress,sosetupanaddress changealertwheneverpossible.

Reviewandconfirmthatalltheaccountslistedbelongtoyou andthatnounauthorizedchargeshavebeenmadeor unknownaccountsorcreditlineshavebeenopened.

Checkaccountbalancesatleastweeklythroughonline banking,mobilebanking,phone,orATM.Regularlymonitorall financialaccountselectronically,includingbanking,biller,and creditcard.

Confirmthatalltransactionsareauthorizedandthatno suspiciousactivityhasoccurredorunapprovedchangeshave beenmadetoyouraccounts.

FormoreinformationaboutthespecificservicesofferedbysomeofthetopIDprotectionproducts,pleasereferto Javelins2012IdentityProtectionServicesScorecard:HowtoDeliverCustomerandMarketValueinaRegulated$4B Market.

Reportproblemsandworkwithyourbank,creditunion,or identityprotectionserviceprovidertotakeadvantageof resolutionservicesandreimbursementpolicies.

Dependingoneachindividualcase,anFImaycloseyour account,cancelyourdebitorcreditcards,andtakeother necessaryprecautions.Itwillalsoassistyouinsettingupnew accountsandwillissuenewdebitandcreditcards.

EducateyourselfonyourFIsandissuerszeroliability protectionsondebitcardsandATMwithdrawalsbecausethey varyamongproviders.

Reportalllostorstolencardsorfraudulenttransactions immediatelybecausethetimingofyourreportmayaffectthe amountthatyouareliableforunderthelaw.

Iffraudhasoccurred,contactyourlocalpolicedepartmentto fileanidentityfraudreport.Makesuretosaveacopyforyour personalrecords.

VictimswhofindthattheirdriverslicensenumbersorSSNs havebeencompromisedshouldconsiderenrollinginID protectionservicesthatmonitorcreditreportsaswellasnon creditrelateddatabasesforunauthorizeduseofstolen information.

frequentsocialnetworking activityusers familiarfraud

mailorder/telephoneorder (MOTO) malware

mutualauthentication newaccountsfraud personalinformation monitoring

You might also like