Identity Fraud Consumer Report

7/22/2019 Identity Fraud Consumer Report

1/32

HowConsumerscanProtectAgainst

IdentityFraudstersin2013

February2013


2/32

Copyright2013JavelinStrategy&Research,adivisionofGreenwichAssociates. Allrightsreserved.ThisreportislicensedforusebyJavelinSubscribersonly.Itisprotec

bycopyrightandotherintellectualpropertylaws.Youmaydisplayorprintthecontentavailableforyouruseonly.Youmaynotsell,publish,distribute,retransmitor

otherwiseprovide

access

to

the

content

of

this

report.

2HowConsumerscanProtectAgainstIdentityFraudstersin2013

FORWARD

JavelinStrategy

and

Researchs

HowConsumerscanProtectAgainst

IdentityFraudstersin2013providesrecommendationstohelpconsumersprevent,detect,andresolveidentityfraud. Thisreportprovideseasyto

followguidelinesforconsumerstoprotectthemselvesagainstthis$21

billioncrimeofidentityfraud.JavelinStrategy&Researchsgoalistoequip

consumerswithprovenmethodstoprevent,detect,andresolveidentity

fraud.

Adeeper

analysis

of

economic

indicators

and

identity

fraud

trends

is

availableforpurchaseinthefullversionofthe2013IdentityFraudReport,alongwithadetailedbreakdownofhowdifferenteconomicfactors,

paymentpurchasingtrends,andsecuritydynamicscorrelatewithchanges

inidentityfraud.

Nowinitstenthconsecutiveyear,thecomprehensiveanalysisofidentityfraudtrendsis

independentlyproducedbyJavelinStrategy&Research,adivisionofGreenwich

Associates.Javelinmaintainscompleteindependenceinitsdatacollection,findings,and

analysis;thereportisaproductofJavelinonly.

Thisresearchstudyismadepossiblebyoursponsors,IntersectionsandCitigroup.These

companiesarededicatedtoconsumerfraudpreventionandeducation.

2 13 Identity FraudReport:Data BreachesBecoming a TreasureTrove for FraudstersLearn More:https://www.javelinstrategy.com/brochure/276The full report

consists of:

8 pages 56graphs and

tables.

An overview of

the key findings

New trends

Quantitative

cross tabulations

Longitudinal U.S.

identity fraud

data from 2003 -

2012.


3/32



otherwiseprovide

access

to

the

content

of

this

report.


TABLEOFCONTENTS

OVERVIEW

................................................................................................................................................................

4

IdentityFraudvs.IdentityTheft................................................................................................................6

HowCriminalsObtainInformation..........................................................................................................10

RECOMMENDATIONSFORCONSUMERS...............................................................................................................11

CONSUMERPROTECTIONCHECKLIST....................................................................................................................12

PREVENTION..........................................................................................................................................................13

HowCanIPreventIdentityFraud?..........................................................................................................13

DataBreachNotificationLetters.............................................................................................................18

WhatShouldIDoIfIReceiveaBreachNotificationLetter?.....................................................18

DETECTION.............................................................................................................................................................20

HowCanIDetectIdentityFraud?............................................................................................................20

RESOLUTION..........................................................................................................................................................24

WhatShouldIDoIfIBecomeaVictimofIdentityFraud?......................................................................24

IdentityFraudProtectionSolutions.........................................................................................................25

ABOUTJAVELIN......................................................................................................................................................27

METHODOLOGY.....................................................................................................................................................27

ADDITIONALRESOURCES.......................................................................................................................................27

GLOSSARYOF

TERMS

.............................................................................................................................................

29

TABLEOFFIGURES

Figure1:OverallIdentityFraudIncidenceRateandTotalFraudAmountbyYear..................................................4

Figure2:FraudIncidencebyDataBreachVictims,NonDataBreachVictims,andAllFraudVictims....................7

Figure3:FraudIncidencebyOwnershipofTechnologyProducts...........................................................................9

Figure4:HowTheftofPersonalInformationHappens.........................................................................................10

Figure5:

Javelins

Prevention,

Detection,

and

Resolution

Identity

Fraud

Model

..................................................

11

Figure6:DataBreachesAreatanAllTimeHigh...................................................................................................18

Figure7:HowtoContacttheThreeCreditBureaus..............................................................................................20

Figure8:MethodsofDetection,2012...................................................................................................................21

Figure9:IdentityFraudProtectionServices..........................................................................................................26


4/32



otherwiseprovide

access

to

the

content

of

this

report.


OVERVIEW

Forthe

second

consecutive

year,

the

number

of

identity

fraud

victims

in

theU.S.increased,risingby1millionconsumersin2012toatotalof12.6

millionconsumers.Thismeansthat5.26%ofU.S.adults,ormorethan1in

every20consumers,learnedthattheywerevictimsofidentityfraudin

2012.

Annualoverallfraudamounts(theamountofmoneystolenbyfraud

perpetrators)alsorosein2012,increasingto$20.9billionandreversing

improvementsmadein2010and2011.Thisincreaseinfraudamountswas

drivenbydramaticjumpsinthetwomostseverefraudtypes:New

accountfraud(NAF)andaccounttakeoverfraud(ATF). Traditionally,new

accountfraudandaccounttakeoverfraudhavebeenexperiencedbya

New AccountFraud: the use of afraud victim'spersonalinformation toopen fraudulentnew accounts inthe victims name.

Account TakeoverFraud: the methodof identity fraud inwhich a fraudoperator attemptsto gain access to aconsumersaccount byfraudulentlyadding his or herinformation to theaccount.

IdentityFraudIsontheRise

Figure1:OverallIdentityFraudIncidenceRateandTotalFraudAmountbyYear

11.210.6

10.2

12.5

13.9

10.2

11.6

12.6

$32.0

$28.7

$24.7

$28.9

$31.4

$19.9$18.0

$20.9

$0

$5

$10

$15

$20

$25

$30

$35

$40

$45

$50

0.0

2.0

4.0

6.0

8.0

10.0

12.0

14.0

16.0

2005 2006 2007 2008 2009 2010 2011 2012

BillionsU.S.

Millionsofvictims

Millionsofv ictims Totaloneyearfraudamount

October2012,n=varies:4,7845,249

Base:All Consumers2013JavelinStrategy&Research


5/32



otherwiseprovide

access

to

the

content

of

this

report.


lowerproportionoffraudvictims,butthesetwotypesoffraud

consistentlyproducethehighestaveragefraudamountsandconsumer

costs.So

while

there

are

fewer

victims

of

these

two

types

of

fraud,

they

feelthestingthemost.

Averageconsumercostsroseslightlyto$365in2012,upfrom$354in

2011.Consumercostsareanyoutofpocketexpensessufferedbythe

fraudvictim,includingunreimbursedmonetarylosses,andlostwagesasa

resultoftimespenttoresolvethefraudaswellasanyrelatedlegalcosts

andcreditmonitoringcosts.However,ofthe12.6millionvictimsin2012,

80%didnotsufferanyconsumercosts(medianoutofpocketcoststo

consumersof$0)atall.Thesecostswereinsteadabsorbedbybanksand

creditcardcompaniesthroughtheirzeroliabilitypoliciesandcoverage,

whichshieldconsumersfrommostofthecostsassociatedwithfraud.

Consumersalsospentrelativelylittletimeresolvingtheirfraudcases.The

averageresolutiontimeremainsunchangedat12hours,butmorethan

halfofallvictimsspentthreehoursorlessresolvingfraudincidentswith

their

providers.

The

expansion

of

zero

liability

policies,

security

protections,anddedicatedfraudandclaimsteamsatfinancialinstitutions

(FIs)andcardissuershaveexpeditedtheresolutionprocessincasesof

fraudandhavehelpedlowerconsumerscostsoverthelastdecade.

Zero LiabilityPolicies: Zero-liability policiesare fraudprotectionprograms thatbanks or creditcard providersoffer to protectconsumers fromlosses associatedwith fraud on theirpayment cards

(credit, debit, orprepaid) or otherfinancial accounts.


6/32



otherwiseprovide

access

to

the

content

of

this

report.


IDENTITYFRAUDVS.IDENTITYTHEFT

Mostindividualsarefamiliarwiththetermidentitytheft,whichiswidelyusedbymedia,

government,andconsumergroups,aswellasnonprofitorganizations.However,itis

importanttodistinguishbetweenidentitytheftandidentityfraudbecausethetermshave

differentmeanings,althoughJavelinusesidentityfraudmorecommonlythroughoutthe

identityfraudsurveyandcorrespondingreports.

Identitytheftoccursaftertheexposureofpersonalinformation;typicallysomeones

personalinformation

is

taken

by

another

individual

without

explicit

permission.

Identity

fraudistheactualmisuseofinformationforfinancialgain;itoccurswhencriminalsuse

illegallyobtainedpersonalinformationtomakepurchasesorwithdrawals,createfalse

accountsormodifyexistingones,orattempttoobtainservicessuchasemploymentor

healthcare.Personallyidentifiableinformation(PII)suchasaSocialSecuritynumber(SSN),a

bankorcreditcardaccountnumber,apassword,atelephonecallingcardnumber,a

birthdate(month/date/year), aname,oranaddresscanbeusedbycriminalstoprofitata

victimsexpense.

Byaccessingandusingrelativelybasicinformation,acriminalcantakeoverexistingfinancial

accounts(existingcardfraudorexistingnoncardfraud)oruseavictimspersonal

informationtocreatenewaccounts(newaccountfraud).Acriminalcancommitidentity

fraudnumerousways,including:makinganunauthorizedwithdrawaloffundsfroman

account,makingfraudulentpurchaseswithacreditcard,andcreatingnewaccounts(e.g.,

banking,telephone,utilities,andloans).Allofthemcanhaveadamagingeffectonan

individualscredit.Infact,thefirstnotificationthatfraudhasbeencommittedmightbethe

appearanceofanunfamiliaraccountonacreditreportoracontactfromadebtcollector.


7/32



otherwiseprovide

access

to

the

content

of

this

report.


ConsumerInformationExposedinDataBreachesLeadstoFraud

Consumersshouldpayparticularlycloseattentiontoanynotificationsor

letterstheyreceivefromtheirFIs,creditcardproviders,healthcare

providersormerchantsregardingabreachinpersonallyidentifiable

information.Almost1in4consumerswhoreceivedadatabreach

notificationin2012becameafraudvictim.Ofparticularconcernisthat

consumerswhowerenotifiedthattheirSocialSecuritynumberswere

compromisedinoneofthesedatabreachincidentswere5timesmore

likelytobeavictimofidentityfraudthanallotherconsumersand14times

morelikely

to

become

avictim

of

new

account

fraud.

As

discussed

previously,newaccountfraudvictimssufferaboveaveragefraudlosses

andconsumercosts.

FraudRateAmongDataBreachVictimsOutpacesFraudRatesAmongAll

Consumers

Figure2:FraudIncidencebyDataBreachVictims,NonDataBreachVictims,

andAllFraudVictims

4.4% 4.9% 5.3%

1.4%2.4% 2.9%

11.8%

18.9%

22.5%

0%

5%

10%

15%

20%

25%

2010 2011 2012

Allconsumers

Nondatabreachvictims

Databreachvictims

Q2.Inthepast12months,haveyoubeennotifiedbyabusiness

orotherinstitutionthatyourpersonalorfinancialinformationhas

beenlost,stolen,orcompromised inadatabreach?

October20102012, n=varies337 5,249

Base:Allconsumers,data breach

victims,non databreachvictims.

2013JavelinStrategy&Research


8/32



otherwiseprovide

access

to

the

content

of

this

report.


OnlineRetailShoppingIsBecomingMoreLucrativetoFraudsters

Asonlineshoppingexpands,sotoodoesthemisuseofconsumer

informationtocommitonlineretailfraud.Onlineretailfraudoccurswhen

aperpetratorusesonlinepaymentcredentials,suchasacreditordebit

cardaccountnumber,tomakefraudulentpurchasesonline(knowninthe

industryascardnotpresent(CNP)purchases).Onlineretailfraud

increasedfrom41%ofallfraudvictimsin2011to45%in2012.Payment

cards,suchascreditcardsanddebitcards,represent95%ofthemisused

informationinthesecases.OnlineretailfraudthroughCNPtransactionsis

theleast

expensive

fraud

type

for

consumers

in

2012,

with

an

average

consumercostof$326.However,itisalsohighlypervasiveintheU.S.,

affecting7.5millionAmericans,whothenspendanaverageof11hours

resolvingthesecases.Consumersshouldtakethetimetoreviewtheir

statementseachmonthforfraudulentchargesandcontacttheirFIsand

cardprovidersforusefulonlineauthenticationandsecurityoptions.

MalwareAttacksMobileConsumersandPutsThematConstant

Riskof

Fraud

The105millionsmartphoneusersand42milliontabletusersintheU.S.

areconstanttargetsforfraudsters,whousemalware,exploitsoftware

vulnerabilities,launchphishingandsmishingattacks,andcompromise

unsecuredWiFiconnectionstoobtainusersvaluablepersonal

information.Tabletusersaremorelikelytobevictimsoffraudthanall

consumers(9.6%comparedwith5.3%),whichcanbeattributedbothto

tabletusersbeingyoungerandlessriskaversethanolderconsumersand

theinherentsecurityvulnerabilitiesthataretypicalofnewtechnologies.

Rising onlinesales lead toincrease in onlinefraud


9/32



otherwiseprovide

access

to

the

content

of

this

report.


Additionally,forthenearly211millionAmericanswhoregularlyuseonline

banking,malwareposesanincreasingthreatasanavenuefor

compromisingand

gaining

control

of

users

accounts.

Fraudsters

stole

$4.9

billionin2012fromconsumeraccountsthroughaccounttakeover

schemes.Malwareposesadirectthreattoconsumers,businesses,andFIs

alike,becausethesemaliciousprogramsseektoinfectvariousdevicetypes

andcompromisethetypeofconsumerfinancialaccountinformationand

credentialsnecessarytocommitfraud.

TabletOwnersAre80%MoreLikelyThanAllOtherConsumersto

BecomeFraudVictims

Figure3:

Fraud

Incidence

by

Ownership

of

Technology

Products

5.3% 5.6% 6.0% 6.3%

6.5%

9.6%

0%

1%

2%

3%

4%

5%

6%

7%

8%

9%

10%

11%

12%

13%

14%

15%

Allconsumers Mobilephoneowners

Laptopo wner s D esk to pcomputerowners Smartphoneowners Tabletowners

Fraud

incidence

rate

October 2012,n=varies1,062 to 5,249.Base:Allconsumers,ownersofvariousproducts.

2013JavelinStrategy&ResearchQ39A: Please indicate which of the following products you personally own and use. Q5:How long ago did you discover that your personal or financial information had beenmisused?


10/32



otherwiseprovide

access

to

the

content

of

this

report.


HowCriminalsObtainInformation

Manyidentitytheftsoccurthroughtraditionalmethodssuchasstolen

walletsandfamiliarfrauds,inwhichapersonknowntothevictimhas

accesstothevictimsstatementsorotherlegaldocuments.Identitytheft

occurrencesareoftentheresultofsimplelostorstoleninformationand

notnecessarilythroughhackingorelaborateInternetschemes,although

onlineandmobilethreatsremainviablesourcesofinformation.Figure4

showssomeofthemanywaysthatidentitytheftcanoccur.

Identity

Theft

Occurs

Through

Various

Methods

Figure4:HowTheftofPersonalInformationHappens

ATHOME: WHILEYOUAREOUT:

Throughinformationleftoutinthe

home(oratwork)andstolenbyfamily

orfriends

Bymeansofalostorstolenwalletor

purse

Throughdumpsterdivingbycrooks

lookingforunshreddedpaperworkthat

containspersonalorfinancial

information

Throughshouldersurfing,inwhich

someoneobtainspersonalinformation

bylookingoveryourshoulder

Throughtheftofyourmailfromyour

mailboxordiversionofyourmailbya

fraudsterwhochangestheaddressto

obtainyouraccountstatements

Bycardskimming,whensomeone

illegallyrecordsanimprintofyour

creditordebitcardinformationforlater

use

THROUGHABUSINESSYOUUSE: BYTRICKERYORPRETENSE:

Throughasecuritydatabreach,

wherebyabusinessororganizationthat

accessesyourpersonalinformation

(hospital,school,departmentstore,

financialcompany,etc.)hasbeen

compromised

Throughphishingorvishing,inwhich

someonepretendstobeabankor

trustedcompanyandtricksyouinto

providingconfidentialpersonal

informationviaemails,callsorSMS/

textmessages

Throughhacking

incidences,

such

as

Trojanhorses,keyloggersoftware,

virusesormalware/spywareona

computer

Throughsocial

networking

sites

where

personalinformationcanbefoundand

communicationwithfraudulent

individualscanoccur

Throughtheseandothernewandinnovativewaysthatcriminalsareconstantly



11/32



otherwiseprovide

access

to

the

content

of

this

report.


RECOMMENDATIONSFORCONSUMERS

Consumers

should

monitor

accounts

frequently

and,

if

you

have

not

alreadydoneso,usefinancialalertsforyourbankandfinancialaccounts.

Becauseidentitytheftcanoccurbynumerousmethods,youcanprotect

yourselfbyadoptingavarietyofbestpracticesandeffectivebehaviors.

Javelinrecommendsacomprehensive,threepartapproachtocombat

identityfraudeffectively:prevention,detection,andresolution.Thenext

sectionprovidesdataoncurrenttrends,stepstopreventfraud,actionsto

detectfraud

ifit

occurs,

and

ways

to

resolve

fraud

ifyou

become

avictim.

Figure5:JavelinsPrevention,Detection,andResolutionIdentityFraudModel



12/32



otherwiseprovide

access

to

the

content

of

this

report.


CONSUMERPROTECTIONCHECKLIST

BelowisJavelinsconsumerprotectionchecklist.Thechecklisthighlightstheninemostimportantways

toprevent,

detect,

and

resolve

fraud

in

your

financial

accounts.

Take

some

time

and

review

the

list

belowtoseehowpreparedyouare.Themoreitemsyoucancheckoffthelist,thegreatersecurityyou

haveagainstidentityfraud.Remember,themostefficientwaytocombatfraudisforfinancial

institutionsandconsumerstoworktogethertostopcriminals.Togetevenmorecustomized

recommendations, visitJavelinsIDSafety.netwebsite,whereweofferan18questionquizthatwill

providepersonalizedrecommendationsforyourdailyactivities.


13/32



otherwiseprovide

access

to

the

content

of

this

report.


PREVENTION

Consumerscan

best

prevent

identity

fraud

by

carefully

protecting

and

limitingtheexposureofsensitiveinformation,suchasPINs,bankingand

accountnumbers,andSocialSecuritynumbers.Youalsoshouldbeaware

ofcommonfraudstertechniques,suchasphishing,vishing,smishing,and

otherscams.

HowCanIPreventIdentityFraud?

MobileDeviceSecurity.Mobiledevicesaretreasuretrovesof

informationforfraudsters.Thealwaysonfunctionalityof

mobiledevicesprovidesfraudsterswithnewavenuesfor

stealinginformation.Werecommendthefollowingstepstoprevent

identityfraud:

Installmobilesoftwareonlyfromtrustedsourcesandofficialapp

stores.

Appusersshouldalsoreadthepermissionsrequestedbynew

appscarefullyanddeterminewhetherthepermissions

coincidewiththeallegedfunctionoftheapp.

Mostsmartphoneusersshouldalsoinstallanantivirus/

antimalwareprogramtomitigateinstancesofmobilemalware.

ApplemaintainsthatnoantivirusisneededforiPhoneusersas

longastheOSiskeptuptodate,andnoneisavailableinthe

AppleAppStore.

Mobile

devices

are

increasingly

used

to

store

and

transmit

personalinformation.Youshoulduseantivirus/antimalware

softwaretoguardthatinformationfrommalicious

applications.


14/32



otherwiseprovide

access

to

the

content

of

this

report.


Makesurealloperatingsystemsarethelatestversions.

Updatesareusedtopatchsecurityholesfoundonthe

previousversion

of

the

operating

system.

Devices

that

continuetorunonoldoperatingsystemscontinueto

experiencethosesecurityvulnerabilities.

Installorenableapasscodelockonyoursmartphone.

Passcodesactasastrongdeterrenttothievesandcangive

youthetimeyouneedtoenableyourremotewipingoranti

theftsoftware.

BeSocial,

Be

Responsible.

Social

media

sites

like

Facebook,

Flickr,Tumblr,LinkedIn,MySpace,Google+,andTwitterare

explodinginpopularity,andthegrowingubiquityofthese

siteshasintroducedanewsetofrisksfortheuser.Wearenotsuggesting

younotparticipateinsocialmedia,butexamineyourcurrentbehaviors

thatexposepersonalinformationthatistypicallyusedbybanksandother

companiestoverifyaconsumersidentity.

Donotrevealsensitiveorpersonalinformationonsocial

networkingsites.

Suchpersonaldetailsarecommonlyusedbybanksandcredit

cardcompaniesassecurityquestionstoidentifyanindividual

beforeclearingaccesstohisorherfinancialaccounts,credit

cardlogins,andmore.

Usecautionwhenusingappsonsocialnetworkingsites.

Verifythattheappdoesnothaveaccesstoanypersonally

identifiableinformation.Usersofcertainsocialmediaapps

experienceasignificantlyhigherincidenceoffraudthanthe

generalpublic.

1. Socialnetworking

sites canprovidefraudsters withpersonalinformation toaccessaccounts.

2. Use cautionwhen sharingsuch details onyour profile.


15/32



otherwiseprovide

access

to

the

content

of

this

report.


StaySafeOnline.Transitioningyourfinancialactivities

awayfrompaperstatementsandontoonlinechannelscan

significantlyreduce

the

time

it

takes

to

detect

fraud

as

well

asreducerisksassociatedwithphysicaldocumentscontainingpersonal

information.However,theInternetalsointroducesnewthreatsthatyou

shouldtakeintoaccount.

Regularlyinstallandupdatefirewall,antivirus,andantispyware

softwareonyourcomputerandmobiledevicewhenpossible.

Beawareofthedangersofonlinethreatsandinstallantivirus

andantimalwaresoftwareonyourcomputer,smartphones,

andtablets,andupdateitalongwithapplications,browsers,

andoperatingsystems.

Downloadbrowsersecuritysoftwaretoprotectagainstmanin

thebrowserattacks.Installsecuritypatchesandsoftware

updatesassoonastheyarereleasedbyverifiedsources.

Useandrecognizesecurewebsites.

Donotprovidecardorpersonalinformationatunsecured

sites.

Torecognizethesesites,lookforthepadlocksymbolandan

safterthehttpinyourbrowsersaddressbar.Ifthe

websitehasanadditionallayerofsecurity(EVSSL),green

highlightingwillappearintheaddressbarwhenyouaccess

thesiteusingahighsecuritybrowser.

Avoidaccessingwebsitesthatdisplaypersonaloraccount

informationusingunsecuredWiFiconnections,suchasthose

atcafes,publiclibraries,orairports.Youaremoresecureusing

yourmobile

devices

3G

or

4G

connection

than

using

apublic

hotspot.

EnsurethatyourInternetconnectionathomeandworkis

secureorprotectedbyafirewall.

7.4 % consumerswho accessedpublic wi-fihotspots in thepast 12 monthsbecame a fraudvictim. This is

much higher thanthose that did not(4.6%)


16/32



otherwiseprovide

access

to

the

content

of

this

report.


TurnoffBluetoothandWiFiwhentheyarenotbeingused.

Watchoutforemailandattachmentsfromconvincingimitations

ofbanks,

card

companies,

charities,

and

government

agencies.

Neverresponddirectlytorequestsforpersonaloraccount

informationonline,overthephone,inemail,orthroughyour

mobiledeviceincludingSMStextmessages.

Instead,useyourbankscontactinfolistedontheirwebsite,

onstatements,orthebackofcreditcards.Callthemdirectly.

DonotclickonembeddedlinksinanyemailorSMS.Ifyouget

anemailfromyourbankorFI,gotoitsmainwebsiteoruseits

dedicateddownloadable

application.

Followsafepasswordpractices.

Donotuseeasilyguessedpasswords,suchasyourbirthdate,

thenameofacloserelative,oryourpetsname.

UsepasswordsforwirelessInternetconnections,anddont

accessunsecurewebsitesortypeinPIIusingpublicWiFion

mobiledevices,laptops,orcomputers.

Takeadvantageofavailableonlineshoppingandpayment

securityfeatureslikeonetimepasswordsandvirtualcreditcard

accountnumbers.

Manyofthelargestpaymentnetworksandfinancial

institutionsofferenhancedsecuritytoolsformoresecure

shoppingonline.ServiceslikeVerifiedbyVisa,MasterCard

SecureCode,andCitibanksVirtualAccountNumbersoffer

additionallayersofsecuritytoyouronlineshopping

experiencegivingimprovedfraudprotection.

Wipeclean

electronic

devices,

such

as

smartphones,

tablets

and

computers,beforedisposingof,turningin,orsellingthem.

Do not use: Dictionary

words, the name of the

website, or the word

password.

Dont just capitalizethe first character;instead, capitalize arandom letter.

Integrate numbersinto your password.


17/32



otherwiseprovide

access

to

the

content

of

this

report.


StaySafeOffline.Beingawareofyoursurroundingsand

destroyingphysicaldocumentsthatcontainsensitiveinformation

areessential

in

safeguarding

your

identity.

Take

these

simple

precautionstoensurethatyouridentityissafe.

Keepsensitiveinformationfrompryingeyes.

Athomeorwork,secureyourpersonalandfinancialrecordsina

lockedstoragedeviceorapasswordprotectedfile.

Shredpaperdocumentsthatcontainsensitiveinformation

beforedisposingofthem.

Avoidproviding

your

full

nine

digit

SSN

whenever

possible,

and

do

notcarryyourfinancialcardsanddocumentswithsensitive

information.

WhenyourSocialSecuritynumberisrequestedasanidentifier,

askifyoucanprovidealternateinformation.

Requestelectronicstatementsanduseonlinebillpaywhenever

possible.

Enrollindirectdeposit,anddontputchecksinanunlocked

mailbox.

Switchfrompaperstatementstoonlinefinancialaccount

management.

Optoutofpreapprovedcreditoffers.

Javelin Data Snack:In 2012, 12% of allidentity fraud crimeswere committed bysomeone known to thevictim.

Javelin Data Snack:In 2012, 28% of fraudvictims reported havingtheir SSN stolen.

Call:1-888-5-OPTOUT

Visit:www.optoutprescreen.com

To be removed fromcredit card applications.


18/32



otherwiseprovide

access

to

the

content

of

this

report.


DATABREACHNOTIFICATIONLETTERS

Organizationstypicallysenddatabreachletterstonotifycustomersaboutthepossibleleak

ofpersonallyidentifiableinformation,suchasSocialSecuritynumbers,driverslicense

numbers,creditcardnumbers,etc.Theletterwouldalsospecifywhatinformationwas

stolenorleakedandthestepsrequiredtoensurefurtherprotectionofcustomersaccounts.

In2012,12%ofU.S.adultsreceivedsuchletters.

WhatShouldIDoIfIReceiveaBreachNotificationLetter?

Currently,

46

states

(plus

the

District

of

Columbia,

Guam,

Puerto

Rico,

and

the

U.S.

Virgin

Islands)requirecompaniestonotifyyouifabreachofsecurityoccursattheirplaceof

businessandyourpersonalinformationhasbeenplacedatrisk.Receivingthisnotification

doesnotnecessarilymeanthatyouwillsufferafraud.However,Javelindatashowsthat

consumerswhoreceivedbreachnotificationsin2012hadasubstantiallyhigherriskof

identityfraud,almost5timeshigher,thanthosewhodidntreceivethesenotifications.

TakeActiontoProtectYourselfIfYouReceiveaSecurityBreachNotification

Figure6:RecordNumberofDataBreachRecipientsBecameIDFraudVictimsin2012



19/32



otherwiseprovide

access

to

the

content

of

this

report.


Consumerswhoreceivesecuritybreachnotificationsthereforeneedtotakeactionto

protectthemselves.Ifyoureceiveadatabreachletter,takethefollowingsteps:

1. Verifythattheletterislegitimate.

2. Youarestronglyencouragedtotakeadvantageofanyfreeservicesthenotification

letteroffers,suchascreditmonitoring.

3. Youshouldalsocallthetollfreenumbersorvisitthewebsiteslistedintheletterto

learnmoreaboutthebreach,determineyourlevelofrisk,andidentifytheactions

youneedtotaketoprotectyourselffrommoredamage.

4. Differentbreacheshavedifferentlevelsofriskthatrequirespecificactionby

consumersto

prevent

further

harm.

The

action

could

be

as

simple

as

changing

passwordstoemailaccountsthatarelinkedtotheFItocancelingthecreditordebit

cardaffectedtochangingsecurityquestionsandanswerstoaffectedaccounts.Or

theactioncouldbefarreaching,suchasthefollowing:

Monitoringyourfinancialaccounts.

Closingaffectedaccounts.

Placingafraudalertonyourcreditreportwiththethreeprimarycreditbureaus:

Equifax,Experian,andTransUnion(refertoFigure7forcontactdetails).Fraud

alertsnotify

creditors

that

apotential

fraud

has

occurred

and

that

they

should

verifytheapplicantsidentitybeforeextendingcredit.Aninitialalertstaysactive

for90days,andanextendedalertforidentityfraudvictimslastssevenyears.A

fraudalertwilltriggeracreditreport,whichtheconsumerneedstoreviewfor

anysignsoffraud.

Placingacreditfreezeonyouraccountwiththethreeprimarycreditbureaus.A

creditfreezeisstrongerthanafraudalertbecauseitlocksyourcreditreport

downtopreventnewcreditfrombeingextended.


20/32



otherwiseprovide

access

to

the

content

of

this

report.


DETECTION

Itiscriticalthatconsumersdetectfraudasearlyaspossibletominimize

potentiallossesandfraudresolutiontime.Fasterdetectionresultsinlower

outofpocketexpenses,whichincludeunreimbursedlosses,legalfees,

andlostwages.Thesoonerfraudisdetected,theeasieritistoresolveand

thelessthecriminalisabletosteal.

HowCanIDetectIdentityFraud?

Javelinresearchhasconsistentlyshownthatconsumerscanbevery

successfulatdetectingidentityfraudrelatingtotheiraccounts.Themost

efficientwaytocombatfraudisforconsumersandinstitutions(banks,

governmentagenciessuchastheFederalTradeCommission,andother

CreditBureauInformation

Figure7:HowtoContacttheThreeCreditBureaus

Credit

BureauEQUIFAX EXPERIAN TRANSUNION

Order

credit8006851111 8883973742 8008884213

Report

fraud8887660008 8883973742 8006807289

Web

addresswww.equifax.com www.experian.com www.transunion.com

Mailing

address

EquifaxConsumer

FraudDivision

P.O.Box105281

Atlanta,GA30374

ExperianConsumer

Assistance

P.O.Box9532

Allen,TX75013

TransUnionVictim

AssistanceDept.

P.O.Box6790

Fullerton,CA92834

2013

Javelin

Strategy

&

Research

Note:Toorderafreeannualcreditreportfromanyorallagencies,contact

www.annualcreditreport.comorcalltollfreeat8773228228.


21/32



otherwiseprovide

access

to

the

content

of

this

report.


organizationsdedicatedtofightingfraud)toworktogether.Consumers

mustbeproactiveintheirapproachtoprotectthemselvesagainstfraud

andshould

work

with

institutions

to

safeguard

their

identity.

SelfDetectionvs.ExternalFraudDetection

Financialaccountprotectionisasharedresponsibility betweenFIsand

customers.In2012,frauddetectionwasalmostequallysplitbetween

fraudvictimsandexternalsources(e.g.,FIsandlawenforcement).While

50%ofvictimswereabletoselfdetectfraudbyregularlymonitoringtheir

accounts,

credit

reports,

or

enrolling

in

identity

protection

services,

33%

of

consumersreliedontheirbanksorcreditcardproviders.Thelattergroup

realizedtheyhadbeendefraudedonlywhentheywerenotifiedbythese

externalsources.

ConsumersAreEquallyRelyingonSelfDetectiontoDiscoverFraudon

TheirAccounts

Figure8:MethodsofDetection,2012

Notifiedby

BankorCredit

CardProvider

33%

Other

17%

Bymonitoringaccounts through

theInternet,ATM, orother

electronicmeans

Monitoredaccount through

paperstatements

Balanceshrank/credit

overdrawn

Reviewed

credit

report

Usingacreditmonitoring or

identityprotectionservice

Q22:Howdid youfirstdiscoveryouwereavictimofidentitytheft?

Wasit...?

October2012,n=827

Base:Allfraudvictims.

Surveybase:n=5,249


SelfDetection

50%


22/32



otherwiseprovide

access

to

the

content

of

this

report.


Itisimportanttonotethatselfdetectionisstillthemosteffectivewayto

detectfraud.CertaintypesoffraudaremoredifficultforFIstodetectand

canlead

to

longer

detection

times

and

higher

consumer

costs

for

victims.

Forexample,incasesoffamiliarfraud(instancesoffraudwherethevictim

personallyknowstheperpetrator)only10%ofvictimsreportedbeing

informedbybanksorcreditcardcompaniesthatfraudulentactivitieshad

occurredontheiraccounts,comparedto33%ofvictimsofothertypesof

fraud.Thesecasesareoftendifficulttodetectbyexternalsecuritysystems

becausetheperpetratorisusuallyfamiliarwiththevictimsbehaviorsand/

orlivesintheclosegeographicalarea.Itisintheconsumersinterestfor

themtoplayanactiveroleinmanagingtheirfinancialsecurityandkeeping

aclosewatchontheirfinancialactivity.

Javelinrecommendsdoingthefollowingtodetectfraudearly:

Signupforemailandmobilealertsthroughyourprimarybank,

creditcardcompany,and/orserviceprovider.

SetupemailandSMStextnotificationsthroughFIssothat

theywillalertyoutosuspiciousactivityandchangestoyour

accountsor

personal

information.

Youcanchooseamongawidearrayofalertofferingsforthe

onesthatapplytoyourbankingbehaviorsandpractices,

therebyincreasingyouridentityfraudprotection.Contactyour

bank,creditcardprovider,orserviceproviderandaskfor

informationaboutaccountalerts.

Themostcommonmethodthatfraudstersusetotakeover

accountsischangingthephysicaladdress,sosetupanaddress

change

alert

whenever

possible.

Monitoryourcreditreportonaregularbasis.

Reviewandconfirmthatalltheaccountslistedbelongtoyou

andthatnounauthorizedchargeshavebeenmadeor

unknownaccountsorcreditlineshavebeenopened.

Free reports areavailable at

AnnualCreditReport.comor by calling1-877-322-8228.

By contacting adifferent one ofthe three credit

bureaus every fourmonths, you canstagger your freereports to reviewyour credit threetimes a year at nocharge.


23/32



otherwiseprovide

access

to

the

content

of

this

report.


Optionalfeebasedservices,suchasmoreextensive

monitoringofcreditinformation,personalidentityrecords,

andSocial

Security

numbers,

provide

extra

security

and

convenienceforthosewhodontwanttopersonallymonitor

theirinformation.Whenchoosinganidentityprotection

service,selectaproviderthatcoversbothpersonal

informationandcreditmonitoring.3

Reviewfinancialstatementspromptly.

Checkaccountbalancesatleastweeklythroughonline

banking,mobilebanking,phone,orATM.Regularlymonitorall

financialaccountselectronically,includingbanking,biller,and

creditcard.

Confirmthatalltransactionsareauthorizedandthatno

suspiciousactivityhasoccurredorunapprovedchangeshave

beenmadetoyouraccounts.

3FormoreinformationaboutthespecificservicesofferedbysomeofthetopIDprotectionproducts,pleasereferto

Javelins2012IdentityProtectionServicesScorecard:HowtoDeliverCustomerandMarketValueinaRegulated$4BMarket.


24/32



otherwiseprovide

access

to

the

content

of

this

report.


RESOLUTION

WhatShould

IDo

If

IBecome

aVictim

of

Identity

Fraud?

Ifyoubecomeavictimofidentitytheftorfraud,dontpanic.Whenit

comestoyourfinancialaccounts,FIsandcreditcardprovidersare

preparedtohelpyouresolvetheidentitytheft.MostFIshaveateam

dedicatedtoresolvingidentityfraudandguidingvictimsthroughthe

process.Withtechnologicaladvancements,identityfraudresolutionhas

improved.

Byfollowingthefewsimplestepsbelow,youcanhelpensurethatyour

fraudcaseishandledquicklyandpainlessly.Theseactionscanserveasa

checklist/resourceguideifyoubecomeavictim.

Immediatelycontactyourbankandcreditcardcompanies.

Reportproblemsandworkwithyourbank,creditunion,or

identityprotectionserviceprovidertotakeadvantageof

resolutionservicesandreimbursementpolicies.

Ifyour

FI

provides

fraud

resolution

specialists,

ask

for

their

assistancetoensurethefraudisresolved.

Notifytheappropriateinstitutionsassoonaspossibleif

physicaldocumentssuchasacheckbook,wallet,debitcard,or

creditcardarelostorstolen,ifunauthorizedorsuspicious

accountactivityoccurs,ifchangesaremadetopersonal

information(e.g.,physicaladdress,emailaddress,registered

users,loginorpassword),orifpaperstatementsareturned

off.

Dependingoneachindividualcase,anFImaycloseyour

account,cancelyourdebitorcreditcards,andtakeother

necessaryprecautions.Itwillalsoassistyouinsettingupnew

accountsandwillissuenewdebitandcreditcards.

Javelin Data Snack:The average amount

of time required toresolve a case ofidentity fraud hassteadily decreased,from 18 hours in2004 to 12 hours in2012.


25/32



otherwiseprovide

access

to

the

content

of

this

report.


EducateyourselfonyourFIsandissuerszeroliability

protectionsondebitcardsandATMwithdrawalsbecausethey

varyamong

providers.

Reportalllostorstolencardsorfraudulenttransactions

immediatelybecausethetimingofyourreportmayaffectthe

amountthatyouareliableforunderthelaw.

ContacttheFederalTradeCommission.

Placeafraudalertonyourcreditreport.

Ifyourpersonalinformationhasbeencompromisedorifyou

havebeenavictimoffraud,immediatelycontactthethree

primarycredit

reporting

agencies:

Equifax,

Experian,

and

TransUnion(refertoFigure7forcontactinformation)toplace

afraudalert.Theseagenciesprovidecreditmonitoring

servicesaswellasadditionalproductsandservices.

Fileapolicereport.

Iffraudhasoccurred,contactyourlocalpolicedepartmentto

fileanidentityfraudreport.Makesuretosaveacopyforyour

personalrecords.

ConsiderenrollinginahighqualityIDprotectionservice.

VictimswhofindthattheirdriverslicensenumbersorSSNs

havebeencompromisedshouldconsiderenrollinginID

protectionservicesthatmonitorcreditreportsaswellasnon

creditrelateddatabasesforunauthorizeduseofstolen

information.

IdentityFraudProtectionSolutions

Specificservices

are

available

for

consumers

who

want

extra

protection

againstnewaccountsfraudthetypeoffraudinwhichacriminalusesa

victimsSocialSecuritynumberandotherpersonallyidentifiable

informationtocreateafraudulentaccountinthevictimsname(e.g.,

To report incidentsof suspected fraud

or identity theft,visit the FTC onlineat http://www.consumer.ftc.gov/features/feature-0014-identity-theftorcall 1-877-IDTHEFT(1-877-438-4338).


26/32



otherwiseprovide

access

to

the

content

of

this

report.


creditcard,cellphone,orutilities)andothertypesoffraud.Identity

protectionservicessuchascreditmonitoringandpersonalinformation

monitoringcan

be

purchased

for

afee.

Javelin

advises

consumers

who

purchasefeebasedservicestolookforthefirmsBBBrating.These

servicescanprovidepeaceofmindandconvenienceforconsumerswho

wantextraprotection.

Consider placinga security freezeon your creditreport.If you have been avictim of fraudrelated to anopening of a newaccount more thanonce and you arenot activelyapplying for credit,you may want to

place a securityfreeze on yourcredit report ateach of the threereportingagencies.

SERVICE DESCRIPTION

Creditmonitoring

Apaid

subscription

service

that

monitors

your

credit

for

suspicious

activityorchangestoyourcreditfile(e.g.,creditinquiries,

employmentchanges,newaccountsoraddresschanges)

Intendedtodetectpotentialidentityfraud

Personalinformation

monitoring Scanspublicrecords,thirdpartydatabasesandInternetsitesto

detectexposureofyourpersonalinformation(creditcard

numbers,SocialSecuritynumbers,etc.)

Intendedtodetectpotentialidentitytheft

Fraudalert Amessagethatisplacedonyourcreditreport,requiringlenders

andcreditorstoconfirmyouridentitybeforeissuinganewlineof

credit

Intendedtopreventnewaccountsfraud

Creditfreeze Freezesyourcreditfileatthecreditreportingagencies,whichare

thenprohibitedfromissuingyourcredithistorytoanylender,

creditor,orothers

Intendedtopreventnewaccountsfraud


CreditMonitoringandPersonalInformationMonitoringServices

Figure9:IdentityFraudProtectionServices


27/32



otherwiseprovide

access

to

the

content

of

this

report.


ABOUTJAVELIN

JavelinStrategy

&

Research,

adivision

of

Greenwich

Associates,

provides

strategicinsightsintocustomertransactions,increasingsustainableprofits

andcreatingefficienciesforfinancialinstitutions,governmentagencies,

paymentscompanies,merchants,andothertechnologyproviders.Javelins

independentinsightsresultfromauniquelyrigorousthreedimensional

researchprocessthatassessescustomers,providers,andthetransactions

ecosystem.

Authors: JamesJarzab,ResearchSpecialistAlPascual,SecurityRiskandFraudSeniorAnalyst

SarahMiller,SecurityRiskandFraudAnalyst

Contributors: MaryMonahan,ExecutiveVicePresidentand

ResearchDirector

JamesVanDyke,PresidentandFounder

PublicationDate: February2013

Editor ChuckErvin

ABOUTTHEMETHODOLOGY

Since2003,Javelinhascollecteddatafromapproximately5,000adults

eachyeartomeasuretheoverallimpactofidentityfraudonconsumers.In

2012,5,249adults,including1,186fraudvictims,answeredquestions

regardingtheirdailyfinancialpracticesandbehaviorstohelpdetermine

thecauses

of

and

provide

important

details

about

such

fraud.

Javelins

identityfraudstudyreachesanaudienceof63millionandisafactual

resourcefortheFederalTradeCommission(FTC).

AdditionalResourcesThe 2013 IdentityFraud Reportssponsors Intersections andCitigroup alsomake safetyrecommendations:

Intersectionshttp://

www.identityguard.com/what-is-identity-theft/

Citigrouphttps://online.citibank.com/US/JRS/pands/detail.do?ID=SecurityCenter


28/32



otherwiseprovide

access

to

the

content

of

this

report.


GLOSSARYOFTERMS

accounttakeoverfraud Methodofidentityfraudinwhichafraudoperatorattemptstogain

accesstoaconsumersaccountbyfraudulently addinghisorher

informationtotheaccount(e.g.,changingaccountmailingaddress,

addinghimselforherselfasaregistereduser,ormakingother

alterations).

cardnotpresent(CNP) Transactioninwhichthecardisnotpresent;carddataismanually

entered.Thisincludespurchasesmadeonline,byphone,orthrough

themail.

casualsocialnetworkactivity

users

Socialnetworkuserswhoindicatedthattheysometimesusethe

indicatedsocial

networking

activity

or

often

use

the

indicated

social

networkingactivity.

cloud ThecloudisametaphorfortheInternet.Withthecloud,software

servicesanddataarenothostedlocallybutgloballyandare

accessibleremotelybybrowser.Amazon,Google,andRackspace,for

example,offerlargecloudnetworksthatareleasedtovarious

businesses.

consumercostoroutof

pocketcost

Outofpocketcostsincurredbythevictimtoresolveafraudcase,

includingpostage,copying,notarizingofdocuments,andlegalfees;

costsmayalsoincludepaymentofanyfraudulentdebtstoavoid

furtherproblems.

creditfreeze Securityfreezeplacedonaconsumerscreditfiletopreventthefile

frombeingsharedwithcreditors,thusforestallingnewaccounts

frombeingopenedintheconsumersname.

creditmonitoring Servicethatscrutinizesaconsumerscreditfileforsuspiciousactivity

orchangesonhisorhercreditreportsuchascreditinquiries,

delinquencies,negativebillinginformation,employmentchanges,

andaddresschanges.Monitoringisparticularly helpfulindetecting

newaccountfraudafteritoccurs.Themosteffectivecredit

monitoringcompanieswillmonitorallthreecreditbureausbecause

manylenders

will

contact

only

one.

databreach Unauthorizeddisclosureofinformationthatcompromisesthe

security,privacy,orintegrityofpersonallyidentifiabledata.

drivebydownload ActofpassivelycompromisingaPCbydownloadingamaliciousfile

whilethevictimviewsthecontentofawebsite.


29/32



otherwiseprovide

access

to

the

content

of

this

report.


existingaccountfraud Identityfraudperpetratedagainsteitherorbothexistingcardand

existingnoncardaccounts.

existingcard

account

fraud

Identity

fraud

perpetrated

through

use

of

existing

credit

or

debit

cardsand/ortheiraccountnumbers.Thisfraudtypecanalsobe

referredtoasexistingcardfraudorECF.

existingnoncardaccount

fraud

Identityfraudperpetratedthroughuseofexistingcheckingand

savingsaccountsorexistingloan,insurance,telephone,andutilities

accountsorotheraccounts.Thisfraudtypecanalsobereferredtoas

existingnoncardfraudorENCF.

externaldetectionmethods Methodsofdetectingfraudinwhichanexternalresourceisthefirst

todiscoverthefraud.Examplesofexternaldetectionmethods

includediscoveringfraudthroughnotificationsfromthebank,law

enforcement,or

debt

collectors.

fraudamount Totalamountoffundsthefraudoperatorobtainedillegally;these

mayresultinactuallossestovariousbusinessesandorganizations

and,insomecases,totheconsumer.

frequentsocialnetworking

activityusers

Socialnetworkuserswhoindicatedthattheyalwaysusethe

indicatedsocialnetworkingactivityoroftenusetheindicatedsocial

networkingactivity.

familiarfraud Fraudcommittedbysomeonewhoknowsthefraudvictim

personally,suchasafamilymember,coworker,orfriend.Familiar

fraudis

more

damaging

(harder

to

detect

and

longer

to

resolve)

becausetheperpetratorstendtobeawareofthevictimshabitsand

knowhowtohidethefraud.Also,victimstendnottoreportfamiliar

fraudtoauthorities.

identityfraud Unauthorizeduseofsomeportionofanotherspersonalinformation

toachieveillicitfinancialgain.Identityfraudcanoccurwithout

identitytheft(forexample,byrelativeswhoaregivenaccessto

personalinformationorbytheuseofrandomlygeneratedpayment

cardnumbers).

identitytheft Unauthorizedaccesstopersonalinformation;identitytheftcanoccur

withoutidentityfraud,suchasthroughlargescaledatabreaches.

keylogger Spywarethatcapturesandrecordsuserkeystrokesonacomputer

andisusedbyfraudsterstoobtainpasswords,PINs,logins,andother

sensitiveinformation.


30/32



otherwiseprovide

access

to

the

content

of

this

report.


mailorder/telephoneorder

(MOTO)

Ordersplacedthroughmailortelephonechannels(atypeofcardnot

presenttransaction).

malware

Malicioussoftware

designed

to

access

acomputer

or

operating

systemwithouttheknowledgeorconsentoftheuser.Some

examplesofmalwarearecomputerviruses,worms,Trojanhorses,

spyware,maliciousadware,androotkits.Malwareisdamagingcode

orprogrammingthatgathersinformationwithoutpermission.

maninthebrowser(MITB) Attackinwhichaperpetratorisabletoread,insertinto,andmodify,

atwill,messagesbetweentheInternetbrowserandaserverwithout

eitherpartysknowingthatthelinkbetweenthemhasbeen

compromised.

man

in

the

middle

(MITM)

Attack

in

which

a

perpetrator

is

able

to

read,

insert

into,

and

modify,

atwill,messagesbetweentwopartieswithouteitherpartysknowing

thatthelinkbetweenthemhasbeencompromised.MITBattacksare

asubsetofMITMattacksinwhichthebrowserisexploitedtotrick

thelegitimatepartiesintorevealingsensitiveinformation.

mutualauthentication MethodbywhichtheFIandthecustomeridentifyeachotherby

providingandidentifyingsharedsecrets.

newaccountsfraud Identityfraudperpetratedthroughuseofthevictim'spersonal

informationtoopenfraudulentnewaccounts.

personal

information

monitoring Service

that

keeps

an

eye

on

a

consumers

personally

identifiable

informationbymonitoringchannels,includingonlinesurveillance,

publicrecordsanddatabases,Internetsites,andcardingforums

(undergroundsiteswherestolencreditcardnumbersareboughtand

sold).Thirdpartysolutionsthatofferthisserviceprovideadditional

valuebecausetheycanmoreholisticallypreventanddetectidentity

fraud,includingmedicalandhealthinsurancefraud.

phishing Methodof"fishing"forInternetuserspasswordsandfinancialor

personalinformationbyluringthemtoafakewebsitethroughan

authenticlookingemailthatimpersonatesatrustedparty.Phishing

emailscouldattempttoimpersonateanFI,issuer,merchant,or

biller.

privacysettings Userdefinedcontrolsthatallowuserstomanagethevisibilityof

variouspartsoftheirsocialmediaprofiles,includingwhohasaccess

tospecificinformation.


31/32



otherwiseprovide

access

to

the

content

of

this

report.


selfdetectionmethods Methodsofdetectingfraudinwhichtheconsumeristhefirstto

discoverthefraud.Examplesofselfdetectionincludediscovering

fraudthroughelectronicorpapermonitoringorreportingacardlost

orstolen.

severelyimpacted Victimswhoreportthattheyhavesufferedasignificantlynegative

effectbecausetheyhavebeenfraudvictims.Consumersratethe

impacta4or5onascalewhere1representslittleornoeffectand

5representsasevereeffect.

smartphone Amobiledevicewithphone,keyboard,webaccess,andapps(e.g.,

Android,iPhone,WindowsMobile,BlackBerry,etc.)

smishing Aformofcriminalactivity,usingtechniquessimilartophishing,in

which

a

fraudster

uses

SMS

messages

to

mobile

devices

to

lure

victimsintorevealingpersonalinformation.Similartophishing,it

couldattempttoimpersonateanFI,issuer,merchant,orbillerand

canincludeafraudulentURLlinktoafakedwebsiteorphone

numbertoafakeautomatedvoiceresponsesystem.

socialnetworking Amediumforconsumerstointeractwithoneanotheronline.Users

areresponsibleforgeneratingcontentandcanpostandedit

conversations,pictures,andmedia.Someofthemostpopularsocial

mediasitesareFacebook,MySpace,LinkedIn,Twitter,FourSquare,

Yelp,andYouTube.

Trojanhorse

Program

that

appears

to

be

auseful

file

(e.g.,

amusic

file

or

software

upgrade)fromalegitimatesource,trickingthevictimintoopeningit;

onceactivated,theTrojanhorseallowsintruderstoaccessprivate

information.

twowayactionablealerts:

reviewandrelease

Reviewandreleasealertsareuserdefinednotificationsthatalertthe

consumerwhenthetransactionisstillpending.Thetransactionthat

triggeredthealertremainspendinguntiltheconsumercanverifyor

denyitwithinthealert.

twowayactionablealerts:

reviewandrespond

Reviewandrespondalertsnotifyconsumersafteratransactionhas

beencompletedbutallowstheconsumertorespondwithinthealert

ifhe

or

she

wants

to

take

certain

action.

This

could

include

reporting

thetransactionasfraudulentortransferringfundsfromoneaccount

toanother.


32/32


WiFihotspots LocationthatoffersInternetaccessoverawirelesslocalarea

network.Thesehotspotscanbesetupinpublicvenueswhereusers

canconnectusinglaptops,smartphones,tablets,andotherInternet

accessingdevices.

WiFiProtectedAccess

(WPA)

DesignedtoreplaceWEPbyusingstrongerencryption.Extensionsof

WPAandWPA2includeTemporalKeyIntegrityProtocol(TKIP)and

presharedkey(PSK,alsoknownaspersonal)mode.Bothrequirethe

additionofapassphrasethatisusedintheprocessofencryptingthe

datapacket.

Identity Fraud Consumer Report

Documents

Transcript of Identity Fraud Consumer Report