Instances of identity theft and credit card fraud climbed to record levels last year, according to a new study from research firm Javelin Strategy & Research.
The study found that the number of identify fraud cases rose 16 percent in 2016, costing victims a record-setting $16 billion in loses. The firm estimates that around 15.4 million US consumers were affected by fraud -- nearly 2 million more than in 2015.
In an obvious link to the EMV rollout, the study found that card-not-present (CNP) fraud increased 40 percent in 2016. For the most part, EMV addresses the problem of cloned cards in an offline setting, in other words, card counterfeiting and card-present (CP) fraud. However, EMV does not stop fraud for online commerce or other card-not-present transactions.
In pre-EMV days, the most prevalent type of fraud resulted from counterfeit, lost or stolen magnetic-stripe based cards, which became easy marks for hackers looking to break into retail POS systems. (See Target and Home Depot.)
But in nearly every country that has migrated to chip-embedded EMV cards, instances of fraud didn't really go away, they just shifted somewhere else. Overwhelmingly, that somewhere else is the online channel, which holds considerably weaker authentication protocols.
Data from the UK, France and Australia show CNP fraud accounting for a greater portion of overall fraud during and after each country's respective EMV migrations. In the UK, where the EMV liability shift occurred in 2005, CNP fraud increased almost 40 percent over a span of 10 years. In Australia, where EMV standards went into effect in 2008, CNP fraud climbed almost 20 percent in the first two years. Similarly, France saw CNP fraud increase just over 20 percent between 2007 and 2011.
From that perspective, an increase in CNP fraud in the US was a given.
Javelin's study also found that losses associated with account takeovers, which occur when hackers gain access to a person's financial account and make changes to contact and security information, climbed 61 percent to $2.3 billion. New-account fraud, where thieves fraudulently open accounts in someone else's name, also increased.
"After five years of relatively small growth or even decreases in fraud, this year's findings drives home that fraudsters never rest and when one areas is closed, they adapt and find new approaches," said Al Pascual, SVP, research director and head of fraud and security for Javelin. "The rise of information available via data breaches is particularly troublesome for the industry and a boon for fraudsters. To successfully fight fraudsters, the industry needs to close security gaps and continue to improve and consumers must be proactive too."