THIEVES Take to the Phones
& Tactics Grow More Sophisticated
One challenge for financial institutions in creating a Red Flag compliance plan is keeping up with the ever-evolving tactics of identity thieves. Therefore, compliance programs must be updated periodically, refl ecting the unfortunate fact that these criminals are always looking for new ways to steal.
Javelin Strategy & Research, a leading provider of quantitative research focused exclusively on financial services topics, has been conducting annual surveys on identity theft trends since 2003. The 2008 survey was conducted via telephone with 5,075 adults in the U.S., a representative sample. Based on the results, certain trends are apparent that financial institutions should be aware of:
- The cost per crime is up: While the number of fraud victims has been declining steadily since 2003, the mean consumer cost per victim (those out-of-pocket expenses incurred by the victim in order to resolve a fraud case) rose from $554 in 2007 to $691 in 2008, an increase of approximately 25 percent. This is likely due to the growing sophistication in fraud techniques, particularly in new accounts fraud, resulting in a greater incidence of high-value and tough-to-resolve crimes.
- Thieves are moving to unprotected “traditional” channels: The incidence of theft via mail order or telephone order (MOTO) transactions soared from a mere three percent of transactions in 2007 to a whopping 40 percent in 2008. This is called vishing (voice phishing), in which the criminal, posing as a financial institution representative, uses the phone (and possibly e-mail) to prompt victims to provide personal data under the guise of resolving an account problem. This upsurge in use of the telephone refl ects fraudsters’ preference for less protected channels given the financial industry’s strong focus on online security.
- Cross-channel fraud is a growing trend: After personal information is stolen via telephone, the identity thief then uses it to commit fraud online. Fraudulent “card-not-present” online purchases rose from 21 percent last year to 28 percent this year.
- New fraudulent telephone accounts surpass new fraudulent credit cards: Fraudulent phone accounts surged by 13 percentage points, to 32 percent, surpassing the credit card category (traditionally the most abused) as thieves’ new channel of choice. This is perhaps due to the growing consumer use of credit monitoring services. Financial institutions need to address the telephone as an area of exposure, especially as more account holders begin using cell phones for banking activities. Also showing increases in the past year were fraudulent new store-branded credit cards (up from 21 percent to 29 percent) and fraudulent new loans (up from 11 percent to 21 percent).
- Average resolution time increases: This year the average number of hours taken to resolve fraud increased. Particularly notable was the growth in new account fraud from 40 to 49 hours, or nearly 23 percent. Resolution time for existing card fraud increased by one hour and all existing account fraud grew by two hours, while existing non-card fraud resolution time decreased by two hours.
- “Friendly” fraud remains a problem: Thefts by friends, family and in-home employees generate the highest-mean frauds ($13.5K) and comprise a hefty 17 percent of consumer-based thefts. Similarly, information seized the old-fashioned way—via physical means such as a lost or stolen wallet—is (at 33 percent) by far still the most common way to get personal data.
Javelin recommends that financial institutions be direct and clear in communicating with account holders about security. Banks and credit unions stand to benefit by partnering with customers to fight fraud collectively, and by recognizing that consumers feel a sense of ownership over their financial safety. Internally, financial institutions must involve all key functional areas in fighting fraud, according to Javelin. This includes risk and fraud specialists, customer service, and marketing and product managers of both back-end security capabilities and customer-facing points. It’s important to take a holistic view of all risk and fraud investments by assessing the cost and return on investment of each solution through a set of standard, fact-based criteria.
For more information about this report, “The 2008 Identity Fraud Survey Report,” or other Javelin reports, please visit www.javelinstrategy.com/research, or e-mail Javelin at firstname.lastname@example.org or call (925)225-9100x30. For more information about the company, go to www.javelinstrategy.com. To register for Harland Clarke’s free identity theft class, contact your account executive or go to www.harlandclarke.com/security and click the Identity Theft Awareness link.