Credit card identity theft complaints exploded in 2019, according to a report by the Federal Trade Commission. Why has credit card fraud increased, and what are criminals doing with consumers’ stolen information?
Credit card new account fraud jumped by 88% from 2018 to 2019, according to the FTC’s Consumer Sentinel Network Data Book.
Almost 272,000 credit card identity theft complaints were filed with the FTC last year, and more than 90% of cases involved new account credit card fraud. In 2015, only 75,000 credit card identity theft cases were reported to the FTC.
The largest number of credit card identity theft victims in 2019 were between the ages of 30 and 39, according to the report. They accounted for about 75,000 of the cases reported to the FTC.
Why has credit card fraud increased?
Experts blame the surge in credit card new account fraud on the unending string of data breaches, which have exposed the personal information of millions of consumers.
Individuals’ “identity credentials get out there in the world in massive numbers,” says Eva Velasquez, president and CEO of the Identity Theft Resource Center. “That’s absolutely feeding into the new account problem.”
Last year alone saw almost 1,500 data breaches, exposing nearly 165 million personal records, according to the ITRC. Many of the data breaches, such as those involving hospitals and school districts, didn’t attract much media attention compared to major data breaches at retailers in previous years, Velasquez says.
The information stolen in data breaches can include details such as the victim’s name, address, Social Security number, date of birth, credit card information, email address and password.
Problems also arise because consumers follow malicious links or fall for phishing scams and inadvertently let cyberthieves install malware on their computers so the crooks can get a consumer’s personal and financial information, says John Buzzard, lead fraud and security analyst for the advisory firm Javelin Strategy & Research.
How your information is used
Personal information is typically sold on the dark web.
“The barrier to entry for cybercriminals can be pretty low on the dark web,” says Edan Cohen, cyberthreat intelligence specialist at the cybersecurity company Sixgill.
A 2017 report by Experian found Social Security numbers for sale for as little as $1. A driver’s license cost $20. Credit and debit cards sold for between $5 and $30.
“When you combine public and private personally identifiable information and payment card data together, it’s easy for criminals to make fraudulent applications” for credit cards, Buzzard says.
Many businesses use a person’s name, address, date of birth and Social Security number as a means of identifying that individual, says John Breyault, vice president of public policy at the National Consumers League. “Far too many businesses just rely on that.”
Because that information is often compromised on the dark web, “the controls that companies have in place to verify someone’s identity before creating accounts are increasingly being exploited by criminals,” Breyault says. “That creates the potential for new account fraud.
“Criminals are getting more sophisticated and businesses aren’t keeping up,” he adds.
You might fear your information has specifically been targeted by cybercriminals, but Cohen says, “you’re personally not a target. You’re part of a larger group.”
How consumers learn of identity theft
Because fraudsters who open up new credit card accounts in someone else’s name typically have the bills sent to another address, a person often has no idea they’ve become a victim of cybercriminals.
Often they won’t find out about the new accounts in their name until they start to receive collection notices or phone calls from debt collectors, Velasquez says.
A victim also might learn of the fraudulent accounts if they try to open up a legitimate account and aren’t able to qualify because their credit card balances are too high, she says.
In other cases, a young person might undergo a background check if they are applying for a new job or trying to rent an apartment, and learn that they have bad credit due to the fraudulent accounts, Velasquez says.
How to respond if you’re the victim of identity theft
If you find out you’re a victim of identity theft due to new account fraud, you can receive free assistance and information on how to respond from the ITRC.
You should report the identity theft to your local police department, and you can also file an identity theft report with the FTC at IdentityTheft.gov. The FTC will help you develop a recovery plan.
Along with contacting the credit card company where the new accounts were set up, Velasquez suggests contacting the three main credit reporting agencies, Experian, Equifax and TransUnion, to establish a credit freeze.
No new accounts can be established in your name until you lift the freeze. As of 2018, it no longer costs anything to establish or lift a credit freeze.
If you’ve been the victim of a data breach, you should sign up for free credit monitoring services if they are offered to you, Breyault says.
How to protect yourself from identity theft
- Cohen recommends using different passwords for all your accounts – a data breach might reveal the password to your credit card or other financial accounts.
- You can also protect yourself by paying with mobile wallet services such as Samsung Pay, Apple Pay and Google Pay, which encrypt payments, Buzzard says.
- He also recommends setting up malware and virus protection on your computer and mobile devices.
Taking such measures can help you protect yourself from falling victim to new credit card account fraud.