GUEST ESSAY: U.S. ‘chip’ adoption reduces card scams — but drives up new account fraud

Identity theft and fraud hit an all-time high in 2017, according to the 2018 Identity Fraud Study released last week by Javelin Strategy & Research.

Among Javelin’s key findings fraudsters claimed 1.3 million more victims in 2017, with $16.8 billion stolen. That’s a record high since 2003 when the firm first began tracking identity theft and fraud.

Related article: How a 19-year-old ran a bogus credit card empire

The retail and the financial services industry have put great effort and resources into stopping identity theft crimes. However, the complexity of fraud continues to rise, and there has been a shift towards other prevalent types of identity fraud taking place online, such as identity theft and new account fraud.

Javelin’s findings tell us that with the adoption of embedded chip cards now widespread in the U.S., criminals have begun to shift their fraud operations away from physical stores, favoring online transactions, new account fraud, and identity theft. While credit card information remained the most targeted for new account fraud, there has been significant growth in the opening of new intermediary accounts. Payment services are increasingly being targeted by fraudsters.


For the first time ever, Social Security numbers (35%) were compromised more often in breaches than credit card numbers (30%). These trends demonstrate that personal information is under siege, and protecting sensitive data with legacy methods is futile in the age of mega breaches.

The shift towards Social Security numbers replacing credit cards as the most sought-after piece of stolen data tells us something about the intent and direction of future fraud. This data is closely linked to fraud schemes that don’t depend on active credit cards to make a profit. Instead, other types of fraud that include new account creation and synthetic identities are gaining muscle and are being used to gain access to assets of value.

Data breaches are hard to avoid, but companies can implement technologies to help customers and their business prevent fraud in their environment after a data breach.

Mere reliance on passwords and usernames is – at this point – not enough to protect from online threats. Companies can leverage technologies that don’t rely solely on personally identifiable information, and that look at the user’s inherent behavior. Passive biometrics technology builds unique profiles of the individual that can’t be replicated by a bad actor. This technology can protect customers and businesses from growing threats such as synthetic identities and account takeover.”

About the essayist: Robert Capps is the Vice President of Business Development at NuData Security, a Mastercard company.

*** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by bacohido. Read the original post at: