We know that the number of data breaches has risen substantially over the past year, as has the number of compromised records. So it isn’t surprising that 2016 saw a record number of identity fraud cases.
The 2017 Identity Fraud Study conducted by Javelin Strategy & Research found 15.4 million consumers were affected by identity fraud last year, an increase of 16 percent. This is despite the switch from our old credit card system to the chip cards. Why? According to the study, fraudsters are targeting e-commerce sites, or Card Not Present (CNP) accounts, more than ever, with this type of fraud rising by 40 percent. Also, as Dark Reading reported:
Al Pascual, senior vice president, research director and head of fraud and security at Javelin, says the study also found that the criminals adapted to all the latest prevention techniques to net 2 million more victims in 2016 – an increase of $1 billion, to $16 billion. The rise of available information via data breaches has been a boon to the criminals, he says.
This research and Pascual’s comment highlight two important issues. First – and this is something we already knew – cybercriminals are way ahead of the rest of us when it comes to security. They are adapting more quickly than companies are. Granted, they don’t have the hurdles to cross like security and IT professionals do – budgets to keep up with the latest security and prevention technologies and decision makers who are slow to approve new security tools, for example.
Second, the switch to chip cards didn’t magically eliminate all the security problems with credit card use, as The Consumerist pointed out:
Almost half of the instances of card fraud involved chip-enabled card accounts that were used online or at brick-and-mortar stores that don’t have chip-enabled payment terminals. About 64 percent of merchants with physical stores are still using card-readers that only read the magnetic stripe, according to the study.
And, as a ZDNet story reminded, while the EMV roll out was supposed to improve credit card security, it was never going to make credit-card transactions 100 percent fraud free:
But in nearly every country that has migrated to chip-embedded EMV cards, instances of fraud didn't really go away, they just shifted somewhere else. Overwhelmingly, that somewhere else is the online channel, which holds considerably weaker authentication protocols.
It all seems to go back to online transactions, doesn’t it? For consumers, the recommendation is to have a single dedicated credit card for online purchases, but should the onus of security be on the consumer? I’ll be interested to see how e-commerce addresses the rise in identity fraud involving CNP transactions, especially in light of the rise of data breaches and compromised records.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba