Stop the growth of identity theft
People’s “personally identifiable information” (PII) is extremely valuable; this is why criminal syndicates work together: to steal PII in data breaches (identity theft). It is the fuel necessary for the growth of identity theft; without it, criminals would have a hard time stealing money from people’s existing financial accounts (account takeover) and new fraudulent accounts (fraud on opening a new account) by impersonating other people.
For more than a decade, identity theft has been a growing business. According to one estimate, the criminal identity theft market grew by 42% from USD 502.5 billion in 2019 to USD 712.4 billion in 2020, driven by identity theft unemployed during the COVID-19 pandemic. Post-pandemic identity fraud losses should be USD 635.4 billion by 2023.
The theft, sale, and purchase of stolen credit card numbers, along with corresponding account holder names, CVV numbers, and expiration dates, is also a growing business. Criminals use stolen cardholder PII in e-commerce to commit card-not-present (CNP) fraud. Juniper Research estimates that retailers will lose approximately $130 billion over a five-year period from 2018 to 2023.
As a former federal prosecutor and victim of identity theft, I believe the financial services industry needs to re-examine several factors that contribute to the growth of identity theft:
1. industry acceptance of identity theft;
2. lack of published industry data on identity theft and the effectiveness of identity theft solutions;
3. Continued use of static PII for new account openings.
Living with identity theft
To date, financial institutions, lenders, payment companies and other financial service providers have agreed to live with identity theft as a “cost of doing business” because they suffer no financial loss. . They have shifted the blame for identity theft to consumers as an expense recovered through rising prices and interest rates for financial products and services. Only consumers and businesses have been, and continue to be, burdened with losses from identity fraud.
Additionally, major US Credit Reporting Agencies (CRA) have made identity fraud a business. Instead of implementing technologies and business practices to prevent identity fraud, CRAs have developed a commercial market to sell consumers and businesses “identity theft protection services” that simply provide monthly paying subscribers notification and assistance in addressing identity fraud. It is a market that is expected to reach 24.9 billion USD in 2028, growing from $8.9 billion in 2020. Similar to losses from identity fraud, consumers and businesses are once again burdened with the cost of repairing the damage caused by identity fraud.
The financial services industry should stop making customers live and pay for losses related to identity fraud and monitoring identity fraud. Instead, it should implement identity fraud solutions that have at least a 1:1 ROI, because a 1:1 ROI or better will prevent those funds from being misappropriated from trade. email to criminals. In addition, credit monitoring should be free for all consumers, without requiring them to provide more personal data to credit rating agencies.
Show us identity fraud data
For decades, the financial industry has not published the annual number and type (i.e. new account, account takeover) of attempted and successful identity fraud incidents and total year-over-year identity fraud losses. In addition, the major credit reporting agencies (CRA) do not publish statistics on criminal impostor credit reports and IDcredit synthetic profiles in their databases. The “known unknowns” in the financial industry have made it extremely difficult to understand the full scope of identity fraud, develop effective identity fraud solutions, and measure their effectiveness over time.
Estimates of the extent and growth of identity theft extrapolated from consumer surveys are poor substitutes for actual data from the financial services industry. In fact, consumer surveys are useless for quantifying the growth or decline of identity fraud from year to year, and the effectiveness of various identity fraud solutions.
The financial services industry needs to be transparent about identity fraud and the effectiveness of the various solutions implemented by financial institutions and other financial service providers. Equally important, data should be shared with regulators, law enforcement agencies, and within industry to develop best practices to prevent the growth of identity fraud.
Enhance static PIIs with dynamic PIIs
Endless data breaches are the main source of stolen personal information being offered for sale on the Internet. According to the non-profit organization Identity Theft Resource Center (ITRC), there were 1,291 publicly reported data breaches from January to September 2021, surpassing last year’s total of 1,108 data breaches.
Static PIIs should be insufficient on their own to open new bank accounts and new accounts for loans and lines of credit. Financial services companies need to supplement traditional static PII with dynamic PII, such as behavioral biometrics and device identification.
Help victims of identity theft
Financial institutions, lenders, payment companies and credit reporting agencies must assume their role as fiduciaries. They must help consumers protect their identity and personal data from global criminals using the best available technologies and practices. Members of the financial services industry should provide direct support to victims of identity fraud or, at the very least, support an established and reputable non-profit organization dedicated to helping victims and potential victims of identity fraud criminals. identity, such as the non-profit organization Identity Theft Resource Center (ITRC).
This editorial is part of the E-Commerce Fraud Prevention Report 2021/2022, the ultimate source of knowledge that dives into the evolution of the payment fraud ecosystem, revealing the most effective security methods to that companies win the battle against bad actors.
About Tom O’Malley
Tom O’Mallley is a former federal prosecutor specializing in hacking and identity theft cases, and a victim of a data breach. He retired after a 37-year career as a prosecutor helping people protect themselves from victims of identity fraud as a result of data breaches.
About Frozen Pii
pii frozen, LLC, operates a public service website, FrozenPii.com, dedicated to making identity fraud protection free and easy for consumers. Frozen Pii contains verified information and links to help people protect their credit reports, federal identity, and personal data files from criminals.