For the 12th year in a row, identity theft complaints top the list of consumer complaints [PDF] received by the Federal Trade Commission. 15% of more than 1.8 million total complaints filed in 2011 involved identity theft.
Javelin Strategy & Research estimates that nearly 12 million Americans were victims of identity theft in 2011—a 13% increase over 2010. Interestingly, but not surprisingly, Javelin attributes this increase to the proliferation of smartphones and the popularity of social media, in addition to several major data breaches resulting in tens of millions of records being leaked.
Websites like Facebook certainly provide a great deal of data that can be used to help criminals crack knowledge-based passwords, and websites like LinkedIn make it easy for criminals to gather additional intelligence in order to conduct social engineering scams. Meanwhile, smartphones have become the keys to many of our digital lives now that we use them for social media, online shopping, and online banking. Smartphone users are even more likely to be victimized if they neglect to password-protect their devices, which are often lost or stolen.
Access to so much sensitive data has allowed criminals to take over existing credit accounts and quickly turn that data into cash. The most popular strategies are for fraudsters to add their own names as registered account users, or changing the physical address for a stolen account.
Account takeover or hijacking could be detected and prevented if online banking and shopping websites integrate a real-time device reputation check at the point where profile or account information is being updated. The power of this check raises red flags when certain business rules are triggered, such as exceeding a business’s predetermined threshold. Examples might be when an account is being accessed from a brand new country, or too many different devices are accessing an account, or even when the device making account updates has exceeded the number of accounts that it is associated with at that bank or retailer. By customizing and weighting real-time business rules to prevent bad actors from accessing your customer accounts, this early detection might mean the difference in keeping a good client’s account safe, keeping that good customer’s business, and keeping bad actors out.