Credit card fraud and identity theft are big worries these days, and we’ve got the statistics to back it up
With compromised credit cards and data breaches often in the news in the past couple of years, fraud is top of mind with many people. Though EMV chip cards have made some payments safer, experts predict fraud – specifically card-not-present fraud – will remain a growing problem for years to come.
When the first surge of major corporate data breaches was reported in 2014 and 2015, many Americans hoped it was a just a brief trend. Those hopes faded as even more large companies became the target of cybercriminals, with the most recent being the massive data breach at the credit bureau Equifax in September 2017.
Tracking by the Identity Theft Resource Center (ITRC) and CyberScout shows that there were 791 data breaches reported in the U.S. by the end of June 2017. This is a 29 percent increase over the same period in 2016, and the highest number recorded for any half-year period.1
At this rate, the ITRC estimates that the number of breaches will reach 1,500 by the end of 2017, representing a 37 percent annual increase over the record high of 1,093 breaches in 2016.1
Four out of five of the largest data breaches ever recorded occurred in 2016. These included two Yahoo breaches, which affected 1 billion people and 500 million people, respectively, a MySpace breach, which affected 360 million and a LinkedIn breach, which affected 100 million. 2
In October 2017, Yahoo revised the number of accounts affected in the 2016 breaches to 3 billion.
Of the 2017 data breaches (through June), 5.8 percent occurred in the banking, credit, and financial sectors, a jump from 3.6 percent in the first half of 2016. The health and medical sectors accounted for 22.6 percent, the government and military sectors 5.6 percent, and education 11.3 percent. Topping the list is the business sector, accounting for 54.7 percent of all reported data breaches in the first half of 2017.1
Card fraud and identity theft
The Federal Trade Commission’s online database of consumer complaints has compiled 13 million complaints from 2012 to 2016, with 3 million in 2016 alone. Of those, 42 percent were fraud related, and 13 percent were identity theft complaints.8
Almost 1.3 million complaints were fraud-related. Consumers reported paying over $744 million in those fraud complaints; the median amount paid was $450. Fifty-one percent of the consumers who reported a fraud-related complaint also reported an amount paid. 8
More than half (55 percent) of the fraud-related complaints listed a method of initial contact, and of those, 77 percent were contacted by phone, while only 8 percent were first reached by email. Only 3 percent were contacted by mail.8
Florida had the highest per capita rate of reported fraud, followed by Georgia and Michigan.8
When it comes to identity theft, employment- and tax-related fraud was the most common, accounting for 34 percent of complaints, while 33 percent was credit card fraud. Phone or utilities fraud accounted for 13 percent, and bank fraud was another 12 percent.8
Michigan is the state with the highest per capita rate of reported identity theft complaints, followed by Florida and Delaware. 8
While EMV chip cards have cut counterfeit fraud, “card not present” (CNP) fraud is rising. CNP fraud includes telephone, internet and mail order transactions in which the cardholder does not physically present the card to the merchant.
According to a 2017 report by the US Payments Forum, the increased security of chip cards forced criminals to shift the focus of their activities to CNP transactions.6
The United States is especially vulnerable to CNP fraud, as it leads the world with the highest percentage of e-commerce sales, with 77 percent of U.S. merchants selling online.6
The Payments Forum report includes a prediction that the EMV implementation is projected to lead to an increase of CNP fraud in the U.S. from $3.1 billion in 2015 to $6.4 billion in 2018.6
How the EMV migration has changed the face of fraud
When it comes to credit card fraud, the big development in the United States over the last few years has been the move from magnetic stripe readers to EMV smart chip authentication at payment terminals. The technology migration passed a major milestone on Oct. 1, 2015, when a liability shift occurred that placed the cost of card-present fraud on the retailer or card issuer that hadn’t upgraded to the new system.
Globally, in Q4 2016, 52.4 percent of card-present transactions were EMV transactions. In the U.S., only 18.61 percent of card-present transactions used EMV chips for authentication in the same period, but that number is quickly rising.4
A quick look at the immediate effect of the EMV migration shows that counterfeit fraud decreased by 27 percent in terms of overall U.S. dollar volume in January 2016 compared to January 2015, before the liability shift.5 That figure is based on Mastercard fraud reports from a compilation of large chip-enabled U.S. merchants.
How fraud victims are affected
The Identity Theft Resource Center’s report, “Identity Theft: The Aftermath 2016” found that nearly 20 percent of Americans surveyed were the victim of some kind of criminal identity theft in 2015. Of those, 9.2 percent said their identity was used to commit a financial crime that resulted in an arrest warrant.9
The effects of this criminal identity theft are staggering. Fifty-five percent of victims missed time from work, and 44 percent said they lost out on an employment opportunity. Additionally, 60.7 percent had to borrow money, and 29.5 percent had to request government assistance, such as welfare or food stamps.9
Additionally, as a result of criminal identity theft, victims tapered their use of online accounts (33.3 percent), had to close existing financial accounts (34.3 percent), took out a bank loan (3.5 percent) and even took out payday loans (8.1 percent).9
In 2015, 60 percent of respondents reported they were victims of new account fraud, which occurs when a criminal opens a new account in the name of the victim. Of those, 38.5 percent reported new credit card accounts were opened in their names, while 19.1 percent reported new checking or savings accounts were opened.
Nearly half, 46 percent, of respondents reported fraudulent activity on existing accounts. Of those, 25.7 percent said charges were made to an existing credit card, 21.4 percent said transactions were made using an existing checking or savings account, 15.9 percent said transactions were made using an existing debit account, 10.5 percent said transactions were made on an existing loan or line of credit, and 18.5 percent said transactions were made using another type of financial account, such as PayPal.9
Of those who experienced fraud on existing accounts, 22.4 percent said they changed credit card companies following the fraud.9
When asked how being a fraud victim made them feel, most respondents (69 percent) said they felt fear regarding their personal financial security. Twenty-three percent said they now feared for their physical safety, and 8 percent reported feeling suicidal. 9
| Emotions and feelings following identity theft||2015||2014||2013||2009||2008||2007|
|Denial or disbelief||43%||44%||42%||49%||31%||34%|
|Frustration or annoyance||81%||79%||81%|
|Rage or anger||58%||62%||65%||78%||65%||80%|
|Feelings of betrayal||44%||52%||50%||49%||60%||48%|
|Feelings of guilt or that you caused this to happen or did something wrong||24%||22%||21%||24%||22%||27%|
|Shame or embarrassment||28%||30%||29%||27%||24%||29%|
|Fear regarding my personal financial security||69%||66%||69%||57%||52%||56%|
|Fear for financial security of family members||43%||36%||31%||33%||32%||33%|
|Fear for my physical safety||23%||20%||18%||16%||14%||14%|
|Loss of ability to trust||51%||44%||46%||29%||31%||28%|
|Sense of powerlessness or helplessness||54%||54%||50%||63%||63%||57%|
|None of these apply||5%||8%||3%|
Concerned, and sometimes taking action, about fraud
With the rise in security breaches, Americans are increasingly concerned about identity theft, which often leads to payment fraud. But other than being concerned, Americans find themselves largely unable to do anything about it.
According to Experian’s Identity Theft Survey, 84 percent of respondents said they were concerned about the security of their personal information online, yet 64 percent said it was “too much of a hassle to worry about taking steps to secure their online information.”7
Moreover, 53 percent of those surveyed said they believe that staying on top of their financial transactions was a challenge.7
A major data breach, though, can lead at least some Americans to take action.
A 2017 CreditCards.com survey in the wake of the massive Equifax data breach found that 26 percent of respondents reviewed their credit scores or credit reports within two weeks of the breach.3
However, the survey also found that even in the wake of the breach that exposed the information of nearly 146 million Americans (such as names, Social Security numbers and addresses), 21 percent have never checked their credit reports or credit scores.3
Of those who did check their credit reports or credit scores in the wake of the Equifax breach, older millennials (27- to 36-year-olds) did so in a higher percentage (33 percent) than any other age group.3
- Identity Theft Resource Center “At Mid-Year, U.S. Data Breaches Increase at Record Pace” July 2017
- USA Today “Top hacks and data breaches” December 2016
- CreditCards.Com poll: “1 in 4 Americans checked their credit after Equifax breach” September 2017
- EMVCo Worldwide EVM Deployment Statistics
- NACS “Mastercard reports decline in counterfeit fraud” May 2016
- US Payments Forum “CNP Fraud around the world” March 2017
- Experian “Protecting your Financial Future with IdentityWorks” May 2017
- Federal Trade Commission “Consumer Sentinel Network Data Book January-December 2016” March 2017
- Identity Theft Resource Center “Identity Theft: The Aftermath 2016”