Last year, identity fraud rose to record levels in the US, affecting about seven per cent of American consumers – one million more than in 2016. According to the 2018 Identity Fraud Study, published this week by Javelin Strategy & Research, this increase was driven by growth in both existing non-card fraud and account takeover (ATO).

The study found that ATO tripled during 2017, with losses of US$5.1 billion, a massive 120 per cent increase on 2016. The study noted: “Account takeover continues to be one of the most challenging fraud types for consumers with victims paying an average of US$290 in out-of-pocket costs and spending 16 hours on average to resolve.

However, most fraud takes place in the online shopping space, with fraudsters being able to use stolen EMV card details to obtain goods through e-commerce websites. This card-not-present (CNP) fraud is now far more common (81 per cent more likely) than fraudulent use of cards in person (at the point of sale), according to the study.

The research also highlighted how fraud is becoming more sophisticated, with more complex methods used to gain profits, such as criminals opening up an intermediary account in the name of the victim – this happened to 1.5 million identity fraud victims in 2017, a twofold increase on the previous high, according to the research.

Five actions to protect against your account from fraud

Identity fraud and identity theft is a serious issue not just for consumers but also for the businesses that hold customer identity and account data (the majority of business that sell online to their customers) and for the financial organisations that also hold client financial account and identity data. The report highlights the following five actions, which are aimed at consumers but some of the steps could also apply to businesses wanting to safeguard their business accounts:

1. Use two-factor authentication wherever possible – i.e., not just a username and password – so that it's significantly more difficult for fraudsters to take over an account (whether an e-commerce customer account or a bank account).
2. Secure all online devices (used for personal or business purposes) that have access and store passwords to apps that pay for goods and services. This means using a screen lock, encrypting data stored on the devices, avoiding public wifi and/or using a VPN, and installing anti-malware.
3. Communicate with your financial service providers to ensure a security freeze is in place to stop new accounts being opened in your name.
4. Set up account alerts with all your financial service providers, so you receive notifications of suspicious activity on all accounts immediately by email or text message (ensure all alerts are received in a trusted format - see Email fraud comes at a high cost: who’s to blame?).
5. Consumers should request – and e-commerce retailers should provide – alerts as well as set limits for online transactions on e-commerce platforms, to tackle EMV/CNP fraud.