In today’s world, credit card fraud and identity theft are major concerns, and we possess the statistical evidence to support this claim.
Given the frequent occurrences of compromised credit cards and data breaches, fraud has become a significant concern for many individuals. While EMV chip cards have improved payment security to some extent, experts predict that fraud, particularly card-not-present fraud, will continue to be a growing problem in the coming years.
When the initial surge of major corporate data breaches was reported in 2014 and 2015, there was hope among Americans that it was a temporary trend. Unfortunately, those hopes were dashed as even more large companies fell victim to cybercriminals. The most recent example was the massive data breach at the credit bureau Equifax in September 2017.
According to the Identity Theft Resource Center (ITRC) and CyberScout, the number of reported data breaches in the U.S. reached 791 by the end of June 2017. This marked a 29 percent increase compared to the same period in 2016, representing the highest number recorded for any half-year period. It is estimated that by the end of 2017, the number of breaches will reach 1,500, reflecting a 37 percent annual increase over the previous record high of 1,093 breaches in 2016.
In 2016, four out of the five largest data breaches ever recorded occurred. These included two breaches affecting 1 billion and 500 million people on Yahoo respectively, a breach affecting 360 million people on MySpace, and a breach affecting 100 million people on LinkedIn. In October 2017, Yahoo revised the number of affected accounts in the 2016 breaches to 3 billion.
By June 2017, 5.8 percent of the reported data breaches were related to the banking, credit, and financial sectors, marking an increase from 3.6 percent in the first half of 2016. The health and medical sectors accounted for 22.6 percent, the government and military sectors 5.6 percent, and education 11.3 percent. The business sector topped the list, accounting for 54.7 percent of all reported data breaches in the first half of 2017.
Card Fraud and Identity Theft:
The Federal Trade Commission’s online database of consumer complaints gathered 13 million complaints between 2012 and 2016, with 3 million reported in 2016 alone. Out of these, 42 percent were fraud-related complaints, while 13 percent were related to identity theft.
Fraud-related complaints totaled nearly 1.3 million, with consumers reporting losses exceeding $744 million. The median amount paid in these fraud complaints was $450. Among the consumers reporting fraud-related complaints, 51 percent disclosed the amount paid.
When it comes to fraud-related complaints, more than half (55 percent) specified the initial contact method. Out of those, 77 percent were contacted by phone, while only 8 percent were initially reached via email. Merely 3 percent were contacted through mail.
Florida had the highest per capita rate of reported fraud, followed by Georgia and Michigan. In terms of identity theft, employment- and tax-related fraud accounted for the majority (34 percent) of complaints, followed by credit card fraud (33 percent). Phone or utilities fraud made up 13 percent, while bank fraud accounted for 12 percent.
Michigan had the highest per capita rate of reported identity theft complaints, followed by Florida and Delaware.
Although EMV chip cards have reduced counterfeit fraud, there has been a rise in “card not present” (CNP) fraud. CNP fraud refers to transactions, such as those made over the phone, internet, or mail order, where the cardholder doesn’t physically present the card to the merchant.
According to a 2017 report by the US Payments Forum, the enhanced security of chip cards has forced criminals to shift their focus to CNP transactions. The United States, with 77 percent of its merchants engaged in e-commerce sales, is particularly vulnerable to CNP fraud.
The Payments Forum report predicts that the implementation of EMV technology will lead to an increase in CNP fraud in the U.S., projecting the amount to rise from $3.1 billion in 2015 to $6.4 billion in 2018.
The Impact of EMV Migration on Fraud:
The significant development in the United States’ credit card fraud landscape over the past few years has been the transition from magnetic stripe readers to EMV smart chip authentication at payment terminals. A major milestone was achieved on October 1, 2015, with the liability shift, which placed the cost of card-present fraud on retailers or card issuers that had not upgraded to the new system.
Globally, during Q4 2016, 52.4 percent of card-present transactions used EMV technology. In the U.S., however, only 18.61 percent of card-present transactions utilized EMV chips for authentication during the same period. Nevertheless, this number is steadily increasing.
An analysis of Mastercard fraud reports from a collection of large chip-enabled U.S. merchants reveals that in January 2016, counterfeit fraud decreased by 27 percent in terms of overall U.S. dollar volume compared to January 2015, before the liability shift.
Impacts on Fraud Victims:
The “Identity Theft: The Aftermath 2016” report by the Identity Theft Resource Center highlighted that nearly 20 percent of Americans surveyed in 2015 had fallen victim to some form of criminal identity theft. Among these victims, 9.2 percent reported that their identities were used to commit financial crimes leading to arrest warrants.
The repercussions of criminal identity theft are significant. Among the victims, 55 percent missed work, 44 percent lost employment opportunities, 60.7 percent borrowed money, and 29.5 percent sought government assistance such as welfare or food stamps. Moreover, 33.3 percent reduced their use of online accounts, 34.3 percent closed existing financial accounts, 3.5 percent obtained bank loans, and 8.1 percent resorted to payday loans.
In 2015, 60 percent of respondents reported being victims of new account fraud, with 38.5 percent stating that new credit card accounts were opened in their names and 19.1 percent indicating new checking or savings accounts were opened. Additionally, 46 percent reported fraudulent activity on existing accounts, with 25.7 percent mentioning charges made to existing credit cards and 21.4 percent noting transactions on existing checking or savings accounts.
Of those who experienced fraud on existing accounts, 22.4 percent changed credit card companies.
When asked about their emotional state following the fraud incidents, the majority of respondents (69 percent) expressed fear regarding their personal financial security. Furthermore, 23 percent reported fearing for their physical safety, and 8 percent stated feeling suicidal.
Concerns and Actions Taken by Individuals:
Due to the increasing number of security breaches, Americans are becoming more concerned about identity theft, often resulting in payment fraud. However, aside from expressing concern, many Americans find themselves unable to take significant action.
According to Experian’s Identity Theft Survey, 84 percent of respondents expressed concern about the security of their personal information online. However, 64 percent considered securing their online information to be too much of a hassle. Additionally, 53 percent of respondents found it challenging to stay on top of their financial transactions.
In response to the massive Equifax data breach, a CreditCards.com survey conducted in 2017 found that 26 percent of respondents reviewed their credit scores or credit reports within two weeks of the incident. However, the survey also revealed that 21 percent of respondents had never checked their credit reports or scores, even in the aftermath of the breach that exposed the personal information of nearly 146 million Americans.
Among those who did check their credit reports or scores following the breach, the highest percentage (33 percent) belonged to older millennials (27- to 36-year-olds).
Cyber and Privacy Insurance
Cybersecurity insurance, also known as cyber insurance or cyber risk insurance, is a type of insurance coverage that helps protect businesses and organizations from financial losses resulting from cyber attacks and data breaches. It provides coverage for various aspects, including legal fees, customer notification costs, data recovery expenses, and potential lawsuits. Cybersecurity insurance helps businesses mitigate the financial risks associated with cyber incidents, providing them with financial support and resources to recover from an attack. By transferring some of the financial burden to the insurance company, organizations can focus on strengthening their cybersecurity measures and protecting sensitive data.
In conclusion, as the threat landscape continues to evolve, cyber insurance has become an essential component of comprehensive risk management strategies. The increasing frequency and sophistication of cyber attacks make it crucial for businesses to have appropriate measures in place to mitigate potential damages. Cybersecurity insurance acts as a safety net, providing financial protection and resources to organizations when they face cyber threats. However, it should not be seen as a substitute for robust cybersecurity practices. Organizations must invest in proactive cybersecurity measures, employee training, and incident response plans alongside cyber insurance to effectively safeguard against cyber risks. By combining strong security measures with the support of cyber insurance, businesses can enhance their resilience and protect themselves from the potentially devastating consequences of cyber attacks.