Identity theft hit a record high in 2017. And if that's not disturbing enough on its own, the latest data on ID crimes found that the crooks are becoming increasingly sophisticated, gaining toeholds into poorly secured accounts as a way to access more important segments of the victim's financial life, according to a just-released annual survey.
"In the past, criminals would get and sell bits and pieces of your personal information," said Al Pascual, senior vice president, research director and head of fraud and security at Javelin Strategy & Research. "Now they have everything -- your name, address, Social Security number -- and they're taking over multiple accounts at a time."
Javelin's latest survey, released today, found that some 16.7 million individuals were affected by ID theft in 2017, the most ever.
Notably, credit card issuers have widely adopted sophisticated chip-card technology, but that hasn't stopped the thieves. Instead, they've shifted to online transactions and got more savvy, opening new accounts as a means of compromising those consumers already have.
For instance, cybercriminals might pull a consumer's passwords and other personal information from a poorly secured cell phone account and then use the purloined information to open PayPal (PYPL) and Amazon (AMZN) accounts. Roughly 1 million victims had such "intermediary accounts" opened in their names before their existing accounts were compromised, according to Javelin. Account takeover fraud tripled over the past year, reaching a four-year high.
"You could have set up a text alert when orders are made on your account, but the criminal has taken over your cell phone notifications, so you're no wiser until you get a bill and find out that somebody has ordered $3,000 worth of goods from Amazon in your name," Pascual said.
"Card not present" fraud -- the type of transaction you'd do online -- is now 81 percent more likely than frauds perpetrated in person, according to Javelin.
Nearly a third (30 percent) of U.S. consumers were notified of a breach in the past year, up from 12 percent in 2016. For the first time ever, Social Security numbers (35 percent) were compromised more than credit card numbers (30 percent) in breaches.
How can you protect yourself?
Use two-factor authentication: Banks and brokers commonly ask you to verify your identity by receiving a text message or email when you use a new device to sign in. Now, many online merchants offer the same, but consumers generally must opt in.
Encrypt and password protect: Malware doesn't infect only your computer. Now that an increasing amount of commerce is conducted via phone and other mobile devices, new viruses aim at them. Treat your mobile devices with the same care that you use to guard your desktop or laptop. Secure them with passwords, security software and encrypt any stored data.
Freeze or lock: If you're not planning to apply for new credit anytime soon, consider freezing your credit reports with the three major bureaus. This will halt any new credit being opened in your name. The downside is that freezing credit reports can cost up to about $10 at each credit bureau, and if you want to apply for a loan, you would have to lift the freeze first.
Another option: Equifax (EFX) has introduced a free "lock and alert" service, which allows you to lock your credit file, releasing it with a swipe on your phone when you want to apply for credit. Notably, placing a free fraud alert on your file, with any credit bureau, works much the same way, except you normally unfreeze your file by providing a contact phone number that a potential credit grantor can call.
Say "yes" to alerts: An increasing number of companies allow consumers to put alerts on their accounts when transactions exceed a certain dollar amount, which could allow you to spot fraud before it got out of control.
Unfortunately, these measures aren't foolproof, Pascual said. So consumers also need to regularly monitor their accounts and notify the authorities whenever something is amiss.
"There is no 100 percent-sure security," he said. "The more quickly you can detect fraud, the lower the losses tend to be."