In 2022, 40 million people lost a total of $43 billion in identity fraud and scams. Although certain types of fraud are rampant, that is not true of all forms. New-account fraud declined by 42%, and there were 2 million fewer U.S. victims of identity fraud scams in 2022 as compared with the year before.
During a recent Javelin Strategy & Research webinar, “2023 Identity Fraud Study: The Butterfly Effect,” John Buzzard, Javelin’s Lead Fraud and Security Analyst, joined with other leaders in fraud prevention to delve into systemic identity fraud in the United States. Rounding out the forum were Kathy Stokes, Director of Fraud Prevention Services at AARP; Ben Erdel, General Manager of Identity Theft Protection at Equifax; and Jeff Robbins, Director of Enterprise Fraud Controls at FIS. They unpacked Javelin’s extensive research into fraud and scams.
Identity Fraud: A Primer
Identity fraud is becoming more common and harder to prevent because criminals have more ways to access someone’s personal information. Because personal data can be bought and sold on the dark web, criminals are just a click away from getting access to people’s private details.
“There’s a full profile of me that sits out there today where somebody can go and purchase it,” Robbins said. “More than likely, they can get my address some other key attributes, and perhaps even the last 20 passwords I had across multiple websites that were all hacked. And all those fraudsters are going to go to my other websites and see if I’m foolish enough to reuse passwords.”
Historically, it was mostly financial institutions that were targeted for fraud and had to be monitored. Now, social media accounts and unemployment claims are monitored to protect individuals’ identities.
“Identity fraud and identity scams have always been around,” Erdel said. “What has changed is the scale and the entry points to consumers. What we’ve seen in the identity theft protection spaces is it’s beyond just financial institutions.”
How Bad is Fraud?
Financial institutions and consumers must deal with different types of fraud. With identity fraud, for example, a victim’s information has been stolen. A scam, however, is different and involves criminal manipulation that has a financial impact.
In 2022, 15.4 million victims of identity fraud suffered $20 billion in losses. The number of victims was up less than 1% from the year before. Identity fraud scams affected 25 million people and resulted in $23 billion in losses. At this point, identity fraud scams have become an even bigger problem than traditional identity fraud, in terms of victim numbers. However, scam losses declined by 17% from 2021, so enhanced security is playing a role in reducing fraud.
“When we look at the victim counts for traditional identity fraud, there was barely a 1% increase in 2023,” Buzzard said. “When we move over, though, into the scam category, things are a little bit different. There, the number of people affected declined by 2 million. But it still leaves us with $43 billion total in financial impact and 40 million consumers out there that potentially have been victims.”
One positive surprise in the identity fraud category is the decline in new-account fraud, which occurs when criminals use stolen information to open new accounts.
In 2022, there was a 42% decline in losses, to $3.2 billion.
“We reported (in 2022) a 109% year-over-year increase for new-account fraud,” Buzzard said. “It’s no wonder that everybody had their marching orders from their boss to focus on this, get the numbers down, do the best possible effort to see some declines. And we really delivered here in this particular way.”
Credit card accounts are still a favored choice to be targeted by criminals. Checking accounts and savings accounts? Not so much. All have been improved with better security protocols.
“With new-account fraud, practitioners have deployed things that during the pandemic they weren’t embracing before—identity-proofing and document verification,” Buzzard said. “It’s the combination of that selfie snap and the validation of the document before opening these accounts. A lot of that went out the window a couple of years ago with the pandemic and is now coming back.”
Account Takeover Fraud
Another key type of identity fraud is account takeover fraud, which amounted to $11 billion in losses. This type of fraud is a particularly pesky variety.
“If fraudsters can insert themselves into the validation process of the fraud alerts that banks and credit unions send out, it can be very devastating,” Robbins said.
A fraudster successfully impersonating a victim can change an email address and the phone number on file. Their processor might catch fraud happening in real time and put out alerts, but the criminal can intercede and say the authorization is legitimate.
Isolation can also contribute to people’s susceptibility to scams.
“If you do not have that trusted buddy companion relative, a sounding board, someone at the watercooler in the morning that you say, ‘I had the strangest thing happen to me. Last night, somebody called me on the phone and pretended to be Cathy,’ that kind of interaction is really meaningful,” Buzzard said.
“I can’t reach through this interface and get you to feel less isolated. But I think we could all agree that we can take the stigma out of being victimized. Part of feeling isolated, even emotionally, is when you’re just so darn ashamed that you were scammed.”
If scams were a function of aging and cognitive decline, fraud would mostly be committed against old people. But that is not the case.
“FTC data show that younger people experience fraud and fraud losses way more than older adults,” Stokes said. “But they contribute less to total fraud amounts, because when an older adult is the victim, they lose so much more.”
Fraud won’t go away any time soon, but businesses can take steps to help combat the issue.
Companies should mandate multifactor authorization—and lean on opt-in functionality. It improves security so much that it’s worth whatever annoyance it causes customers.
Developing a risk factor blueprint to curtail identity fraud is also crucial, as is further investment in a technology base, which should leverage data from public sources.
Finally, companies need to have better consumer outreach. What most identity scam victims don’t know, but should, is that scam victims tend to know their perpetrators. Better knowledge about security practices and how to avoid being a victim can put consumers in a stronger position to avoid becoming victims in the first place.