identity fraud cost $52 billion

By Jeff Domansky

The fraud landscape shifted dramatically as criminals boldly increased the hijacking of victims’ online lives with the cost of fraud jumping to $52 billion according to the 2022 Identity Fraud Study: The Virtual Battleground by Javelin Strategy & Research.

identity theft

Traditional identity fraud jumped 79%, costing more than 15 million victims over $24 billion in 2021, the Javelin report said. The study also found losses from identity fraud scams, in which fraudsters convince victims to divulge personal information, added another $28 billion in impact. Taken together, identity fraud losses totaled $52 billion and affected 42 million US adults last year.

Bots, malware and phishing attacks

“Criminals reverted to pre-pandemic tactics in 2021 by focusing on virtual attack vectors such as bots, malware and a variety of identity fraud scams,” said John Buzzard, Javelin’s lead fraud and security analyst and author of the report. “Further, the 2021 data has shown criminals will change strategies to evade detection and maximize the amount of information they can extract from victims.”

malware and identity fraud

Data showed considerable increases in account takeover fraud and new account fraud in which hackers steal victims’ personal information to steal billions of dollars. The findings include:

  • New account fraud up 109%, enabling criminals with consumer personal information to open multiple unauthorized merchant accounts and credit cards
  • Account takeover losses increased 90% as criminals highjacked victims’ online lives
  • Fraud affecting existing credit cards rose 69%, while fraud on existing non-card accounts, including checking, savings, insurance or utilities, jumped 73%.

The average loss per victim from traditional ID fraud grew from $201 to $1,551, while identity fraud scams claimed $1,029 per victim. 

New-to-digital consumers hit hard

Raj Dasgupta, Director of Fraud Strategy at BioCatch, a co-sponsor of Javelin’s 19th annual fraud study, said credit card and merchant accounts like Walmart and Amazon were hard-hit, in addition to new-to-digital consumers.

credit card theft

“With the COVID-19 pandemic pushing more and more consumers, even the elderly, to transact online, there are more opportunities than before for fraudsters to phish or SMiSh credentials from unsuspecting users” Dasgupta told PaymentsNEXT.  

“Once fraudsters have access to either card accounts or merchant accounts like Amazon or Walmart, they can inflict considerable damage making purchases with stolen cards or newly replaced plastics after taking over an account or simply using the stored payment cards in a merchant account,” he said.

Banks & FIs must do better

Dasgupta said both human and non-human fraud farms have become well-oiled machines for opening up new accounts with banks.

“They are very familiar with the account opening process of the target banks and will use specifically curated stolen information to pass through all the traditional PII and device-based controls that banks have today. A key component that needs to be added to the banks’ tech stack is behavioral biometrics. Behavior captures how the data is entered on a new account form and how the user navigates through it,” he said.

Biometrics offers a critical layer of defense against human fraudsters using stolen or fake data and bots filling out forms with recognizable non-human behavior patterns.

“Mule” accounts make fraud prevention difficult

fraud prevention

Over the last year and a half, he noted a significant rise in mule accounts, originating with real, stolen or fake data that passes traditional ID verification screens. 

“With ample funds available from government stimulus packages and unemployment benefits, fraudsters claimed these benefits and deposited their ill-gotten gains into the fraudulently opened accounts. While they laundered the money, banks were left holding the bag with outgoing funds ultimately proving to be more than the incoming fund amounts,” Dasgupta added.

With large sums of stimulus and support money available and inadequate controls to detect such fraudulent activity, the per-incidence and per-victim losses spiked dramatically.

BioCatch identifies five persona types to look out for when detecting mule accounts. In addition to actual credential theft victims, fraudsters include some consumers willing to sell their genuine information or participate by chasing “easy money” opportunities. These fraudsters require deeper fraud detection strategies to prevent growing losses.

The Javelin 2022 Identity Fraud Study: The Virtual Battleground is available for download here.

Recent PaymentsNEXT news:

Contactless Payment Trends We’re Watching Now for 2022
Why fintech is a fundamental addition to Community Banks