While there are many advantages to living in a digital world, the connected life also has its drawbacks. One of the biggest disadvantages is that it gives fraudsters numerous opportunities to gain access to our personal identification. Last year alone, 15.4 million consumers were the victims of identity theft, a 17.5% increase from the previous year. With this information, thieves can open new accounts in our names, steal from our existing accounts, and use it as a veil of authenticity during the commission of scams.
Fraud and identity theft have become a fact of life in today's world. This year, when the Global Fraud Index was released, one statistic stood out more than any other: Account takeover fraud skyrocketed by more than 45% year over year in 2017's second quarter and cost merchants a whopping $3.3 billion in that three-month period. While exact figures are extremely difficult to come by, other studies confirm the overall trend. Javelin Strategy's 2017 Identity Fraud Study, released in February, reported account takeover incidents increased by 31% in 2016 with consumer losses reaching $2.3 billion, a 61% increase from the previous year.
As an economic-crimes detective, I see the financial pain and emotional stress this type of crime causes firsthand. And while this type of fraud has always been rampant, my own experience confirms the research results: This type of fraud isn't going away and only seems to be growing more common.
What is account takeover fraud?
Account takeover fraud occurs when criminals gain access to victims' bank or credit card accounts and then make unauthorized transactions on the account. While this encompasses credit card fraud, when someone uses your credit card number to make a purchase, more insidious versions of this crime go deeper. After all, consumers enjoy far-reaching protection against permanent monetary loss when they are victims of simple credit card fraud, but bad cases of account takeover fraud can involve far more.
I've seen cases where suspects gain access to a victim's banking account and promptly change the account holder's phone number, physical and email address, and online password. The legitimate account holders are effectively locked out of their own accounts, ensuring that they will no longer even receive texts or emails alerting them to the suspicious activity.
How account takeovers happen
Consumer information can be stolen in a variety of ways; some of the most common methods of stealing data include malware, phishing, and data breaches. Indeed, it seems hardly a month goes by without another data breach at a major corporation where millions of consumers' payment information was stored. Earlier this fall, the data breach at Equifax was nearly unprecedented in scope and breadth, affecting 143 million Americans.
Phishing and malware attacks are also on the rise. Symantec estimates that 54.3% of all email is spam and that there are nearly 1.6 million blocked Web attacks each day. In June, the company stated that phishing attacks increased to about one out of every 1,975 emails. With massive, high-profile data breaches making the news and phishing and malware attacks rising, the increase in account takeovers doesn't seem poised to slow down anytime soon.
What you can do to protect yourself
There is no silver bullet to stop fraud. With these types of attacks on the rise, it's almost inevitably just a matter of time before we're all victimized. We can, however, take definitive steps that will decrease our exposure to being targeted and mitigate the severity of the incidents when they take place.
1. Develop strong and unique passwords across all of your accounts. When most of us hear of a data breach that might directly affect us, we immediately fear the theft of our personal identification, including our name, address, date of birth, and Social Security number. What many of us fail to consider is whether we've used a password for that account that we used elsewhere.
Unless one is unusually savvy with memorizing odd word combinations or develops a highly sophisticated system, using unique, strong passwords (using letters, numbers, and symbols) across every single site where an account is kept is almost impossible. That's why I strongly suggest using software or websites that are designed to do this very thing. Doing so saves people the headache of performing this Herculean task on their own. Although most of these cost money, some will run their program across one device for free. A few things to look for when researching these services include two-factor authentication, automatic password capture, form-filling capabilities with multiple form-filling identities, and secure sharing.
2. Always pay with a credit card. Frank Abagnale Jr., the former conman turned security consultant made famous by the movie Catch Me If You Can, tells clients he removes 99.9% of all fraud risk by using credit cards. Why? Because consumers are limited to $50 of liability when credit card fraud is reported in a timely manner. That's far more legal protection than any other payment method offers. Likewise, consumers are in a position of strength because they're never without the money in their banking accounts; they're merely arguing over how much money they owe their credit card company.
3. Avoid writing personal checks whenever possible. Think about the most damaging information that could be leaked to potential thieves and fraudsters and then consider what's printed on the front of your personal checks: your name, address, banking institution, routing number, and bank account number. That's a treasure trove of information for anyone wishing to defraud you. For this reason, if at all possible, only write checks to trusted friends or family members. Otherwise, run to the ATM for a quick cash withdrawal if you can't pay with a credit card, or use a digital payment service such as PayPal or Venmo.
4. Monitor your accounts closely. Finally, make sure you keep tabs on all of your accounts -- checking, savings, brokerage, credit card -- and immediately report any suspicious activity. Regularly make sure your account contact information is up to date and correct. Even watch out for small charges that almost seem inconsequential at first. Many times, fraudsters will use the account for small transactions first to ensure the information they have is working.
Account-takeover fraud can be draining affairs -- both financially and emotionally. But people who take these steps stand to be affected much less if they're victimized.