Tag: identity fraud

Many adult Americans understand the value of monitoring their financial, credit, and online activity for identity theft. With fraudulent online activity on the rise, more and more people in the United States are taking proactive steps to protect themselves against attacks from cyber criminals. However, a lesser-known threat is identity theft against children. How does child identity theft happen? In 2021, 1.25 million victims of identity theft and fraud were children, with each case costing an average of about $1,110 to resolve.[1] Since the credit scores of children are checked much less frequently than those of adults, children are considered easy targets for cyber criminals because the theft can remain undetected for a longer period of time. Children may also inadvertently share their personal information, such as birthdates, addresses, and phone numbers, on their social media channels and other places around the internet. This can make it even easier for hackers to obtain that information and commit identity theft. Why are children at risk? A child’s credit score is usually checked for the first time when they turn 18 years old, as they begin to make more adult decisions such as opening a checking account, applying for a job, or building credit. The time leading up to a child’s 18th birthday can leave them open to the threat of identity theft if the appropriate safety measures are not put into place. This is why it’s crucial for consumers with children to extend their own identity protection to their kids. How can consumers protect children from identity theft Child identity monitoring services can provide alerts of potential theft to parents and help safeguard their children’s identity and credit. These services can include social media, dark web, and social security number monitoring to ensure that children’s personal information is protected and secure across multiple areas of the internet. If a child’s identity is stolen, child monitoring services can also extend to identity theft insurance and identity restoration to help parents recover their child’s identity and minimize the damage. By implementing a child monitoring service, parents can protect the identities of their loved ones and resolve any threats of potential theft as quickly as possible. Click here to learn more [1]Yahoo.com. 2021. Child Identity Fraud Costs Nearly $1 Billion Annually, According to a New Study From Javelin Strategy & Research.

Rewards are among the most appealing features of any credit card. While upfront benefits, like sign-up bonuses and cashback, are most influential in card acquisition, ancillary benefits, like fraud and identity protection, can amplify a card’s overall value.1 Credit card fraud ranked as the second most common form of identity theft in 2021,2 and is expected to become even more frequent as consumers continue to bank and shop online.3 42% of consumers are concerned for the safety of their banking and shopping transactions. With digital identity theft and fraud on the rise, it’s no surprise that safety measures are “very” or “extremely” important to consumers when deciding between different credit cards.4 In response, many card issuers have started to market their security and protection-related benefits more frequently to better capitalize on their cards’ value to consumers. The ways they’ve highlighted these benefits include: A fraud protection campaign From spotlighting their fraud protection benefits in card welcome kits to providing privacy tips on social media, credit card issuers have crafted compelling campaigns to demonstrate their commitment to protecting their customers from fraud and identity theft. In turn, issuers can differentiate their cards from the competition and improve response rates. Reminders about their fraud prevention efforts Issuers have also sent out ongoing reminders outlining the protections their credit cards offer, such as credit monitoring services 5 that notify cardholders of suspicious activity on their credit report. By consistently promoting their efforts to keep their customers’ accounts and data safe, issuers can earn their cardholders’ trust, build loyalty and drive card usage. While benefits like cashback and travel points can help with card acquisition, fraud and identity protection benefits can help drive long-term customer relationships, especially now that card fraud is becoming a growing concern.6 To learn more about how businesses have worked to meet the consumer demand for secure interactions, check out our 2021 Global Identity and Fraud Report. Learn more 1Jonathan O'Connor. "Most Consumers Aren't Aware of Their Credit Cards' Ancillary Benefits. How Does This Impact Card Acquisition and Usage?" TSYS, January 2019 2FTC. "Consumer Sentinel Network" Data Book, 2021 3April Berthene. "Coronavirus pandemic adds $219 billion to US ecommerce sales in 2020-2021" Digital Commerce 360, March 2022 4"Consumers Consider as Many as Six Factors When Choosing Credit Card" PYMTS.com, December 2021 5David McMillin. "Identity theft is a major problem, but these 5 credit card protection programs can help keep you safe" Business Insider, June 2021 6"New FICO Survey Finds Overconfidence Could Put US Consumers at Risk From Scams" Business Wire, February 2022

It’s time for organizations to harness the power artificial intelligence (AI) can bring to digital identity management – quickly and accurately identifying consumers throughout the lifecycle. The rise in crime   The acceleration to digital platforms created a perfect storm of new opportunities for fraudsters. Synthetic identity fraud, stimulus-related fraud, and other types of cybercrime have seen huge upticks within the past year and a half. In fact, the Federal Trade Commission revealed that consumers reported over 360,000 complaints, resulting in more than $580 million in COVID-19-related fraud losses as of October 2021. To protect both themselves and consumers, businesses — especially lenders — will have to find and incorporate new strategies to identify customers, deter fraudsters and mitigate cybercrime. The benefits of AI for digital identity In our latest e-book, we explore the impacts of AI on organizations’ digital identity strategies, including: How changing consumer expectations increased the need for speed The challenges associated with both AI and digital identities The path forward for digital identity and AI How to develop the right strategy Building a solution It’s clear that current digital identity and fraud prevention tools are not enough to stop cybercriminals. To stay ahead of fraudsters and keep consumers happy, businesses need to look to new technologies — ones that can intake and compute large data sets in near-real time for better and faster decisions throughout the customer lifecycle. By using AI, businesses will enjoy a fast and consistent decisioning system that automatically routes questionable identities to additional authentication steps, allowing employees to focus on the riskiest cases and maximizing efficiency. Read our latest e-book to dive into the ways artificial intelligence and digital identity interact, and the benefits a clear identity strategy can have for the entire user journey. Download the e-book

Recently, I shared articles about the problems surrounding third-party and first-party fraud. Now I’d like to explore a hybrid type – synthetic identity fraud – and how it can be the hardest type of fraud to detect. What is synthetic identity fraud? Synthetic identity fraud occurs when a criminal creates a new identity by mixing real and fictitious information. This may include blending real names, addresses, and Social Security numbers with fabricated information to create a single identity.   Once created, fraudsters will use their synthetic identities to apply for credit. They employ a well-researched process to accumulate access to credit. These criminals often know which lenders have more liberal identity verification policies that will forgive data discrepancies and extend credit to people who appear to be new or emerging consumers. With each account that they add, the synthetic identity builds more credibility.   Eventually, the synthetic identity will “bust out,” or max out all available credit before disappearing. Because there is no single person whose identity was stolen or misused there’s no one to track down when this happens, leaving businesses to deal with the fall out.   More confounding for the lenders involved is that each of them sees the same scam through a different lens. For some, these were longer-term reliable customers who went bad. For others, the same borrower was brand new and never made a payment. Synthetic identities don't appear consistently as a new account problem or a portfolio problem or correlate to thick- or thin-filed identities, further complicating the issue.   How does synthetic identity fraud impact me?   As mentioned, when synthetic identities bust out, businesses are stuck footing the bill.   Annual SIF (synthetic identity fraud) charge-offs in the United States alone could be as high as $11 billion. – Steven D’Alfonso, research director, IDC Financial Insights1   Unlike first- and third-party fraud, which deal with true identities and can be tracked back to a single person (or the criminal impersonating them), synthetic identities aren’t linked to an individual. This means that the tools used to identify those types of fraud won’t work on synthetics because there’s no victim to contact (as with third-party fraud), or real customer to contact in order to collect or pursue other remedies.   Solving the synthetic identity fraud problem   Preventing and detecting synthetic identities requires a multi-level solution that includes robust checkpoints throughout the customer lifecycle.   During the application process, lenders must look beyond the credit report. By looking past the individual identity and analyzing its connections and relationships to other individuals and characteristics, lenders can better detect anomalies to pinpoint false identities.   Consistent portfolio review is also necessary. This is best done using a risk management system that continuously monitors for all types of fraudulent activities across multiple use cases and channels. A layered approach can help prevent and detect fraud while still optimizing the customer experience.   With the right tools, data, and analytics, fraud prevention can teach you more about your customers, improving your relationships with them and creating opportunities for growth while minimizing fraud losses.   To wrap up this series, I’ll explore account takeover fraud and how the correct strategy can help you manage all four types of fraud while still optimizing the customer experience. To learn more about the impact of synthetic identities, download our “Preventing Synthetic Identity Fraud” white paper and call us to learn more about innovative solutions you can use to detect and prevent fraud.   Contact us Download whitepaper   1Synthetic Identity Fraud Update: Effects of COVID-19 and a Potential Cure from Experian, IDC Financial Insights, July 2020

Last month, Kenneth Blanco, Director of the Financial Crimes Enforcement Network, warned that cybercriminals are stealing data from fintech platforms to create synthetic identities and commit fraud. These actions, in turn, are alleged to be responsible for exploiting fintech platforms’ integration with other financial institutions, putting banks and consumers at risk. According to Blanco, “by using stolen data to create fraudulent accounts on fintech platforms, cybercriminals can exploit the platforms’ integration with various financial services to initiate seemingly legitimate financial activity while creating a degree of separation from traditional fraud detection efforts.” Fintech executives were quick to respond, and while agreeing that synthetic IDs are a problem, they pushed back on the notion that cybercriminals specifically target fintech platforms. Innovation and technology have indeed opened new doors of possibility for financial institutions, however, the question remains as to whether it has also created an opportunity for criminals to implement more sophisticated fraud strategies. Currently, there appears to be little evidence pointing to an acute vulnerability of fintech firms, but one thing can be said for certain: synthetic ID fraud is the fastest-growing financial crime in the United States. Perhaps, in part, because it can be difficult to detect. Synthetic ID is a type of fraud carried out by criminals that have created fictitious identities. Truly savvy fraudsters can make these identities nearly indistinguishable from real ones. According to Kathleen Peters, Experian’s SVP, Head of Fraud and Identity, it typically takes fraudsters 12 to 18 months to create and nurture a synthetic identity before it’s ready to “bust out” – the act of building a credit history with the intent of maxing out all available credit and eventually disappearing. These types of fraud attacks are concerning to any company’s bottom line. Experian’s 2019 Global Fraud and Identity Report further details the financial impact of fraud, noting that 55% of businesses globally reported an increase in fraud-related losses over the past 12 months. Given the significant risk factor, organizations across the board need to make meaningful investments in fraud prevention strategies. In many circumstances, the pace of fraud is so fast that by the time organizations implement solutions, the shelf life may already be old. To stay ahead of fraudsters, companies must be proactive about future-proofing their fraud strategies and toolkits. And the advantage that many fintech companies have is their aptitude for being nimble and propensity for early adoption. Experian can help too. Our Synthetic Fraud Risk Level Indicator helps both fintechs and traditional financial institutions in identifying applicants likely to be associated with a synthetic identity based on a complex set of relationships and account conditions over time. This indicator is now available in our credit report, allowing organizations to reduce exposure to identity fraud through early detection. To learn more about Experian’s Synthetic Fraud Risk Level Indicator click here, or visit experian.com/fintech.

We’re excited to announce Family Account Management: a new feature available for our partners that makes it easy for their subscribers to extend identity protection services to family and friends. Family Account Management allows our partners to offer quick and easy enrollment, enabling new subscribers to opt in to a family plan by inputting family or friends’ email addresses within their portal. Subscribers can invite anyone of the age of 18 to join. Every family has different security needs and preferences. This feature offers plan options that can be configured to match the primary subscriber’s current enrolled services, or customized to include a set of services that best suits each family’s needs. The Consumer Sentinel Network, a division of the Federal Trade Commission, reported over 1.2 million fraud-related complaints in 2015. With identity fraud on the rise, we need to be more vigilant than ever before and take steps to improve our own security and the security of our loved ones. We all have unique identity elements, including birthday, email address, and Social Security number, and monitoring one person’s identity elements won’t minimize risk for other family members. That’s why Family Account Management is so important, allowing subscribers to extend coverage for what matters most – family. “Families are more connected than ever before, but with more ways to stay connected, there are new threats putting families at risk of identity theft,” said Joe Ross, Experian President and Co-Founder. “With Family Account Management, businesses can provide their subscribers with an easy and convenient way to extend identity protection services to their loved ones.” Visit our website for more information on identity protection products you can offer your customers and stay up to date with all Experian news on LinkedIn.

Unfortunately, identity theft can happen to anyone and has far-reaching consequences for its victims. According to the US Department of Justice (DOJ)’s most recent study, 17.6 million people in the US experience some form of identity theft each year. This includes activities such as fraudulent credit card transactions or personal information being used to open unauthorized accounts. The most obvious consequence that identity theft victims encounter is financial loss, which comes in two forms: direct and indirect. Direct financial loss refers to the amount of money stolen or misused by the identity theft offender. Indirect financial loss includes any outside costs associated with identity theft, like legal fees or overdraft charges. The DOJ’s study found that victims experienced a combined average loss of $1,343. In total, identity theft victims lost a whopping $15.4 billion in 2014. Beyond money lost, identity theft can negatively impact credit scores. While credit card companies detect a majority of credit card fraud cases, the rest can go undetected for extended periods of time. A criminal’s delinquent payments, cash loans, or even foreclosures slowly manifest into weakened credit scores. Victims often only discover the problem when they are denied for a loan or credit card application. Last year, Experian found that these types of fraud take the longest time to resolve. Identity theft doesn’t just impact victims financially; it also often takes a significant emotional toll. A survey from the Identity Theft Research Center found that 69 percent felt fear for their personal financial security, and 65 percent felt rage or anger. And, almost 40 percent reported some sleep disruption. These feelings increased over time when victims were unable to settle the issue on their own, according to the report, which can result in problem as work or school, and add stress to relationships with friends and family. Thankfully, consumers are getting smarter about the best ways to protect their information, like using monitoring services or following security best practices. How are you protecting yourself against identity theft? Learn more about our Identity Protection Services

A recent Experian study reveals that tax filing, document collection and refund processing are done online more often, yet only 6% of consumers file taxes on a computer with up-to-date antivirus software. 79% filed their most recent tax return online, up from 73% in 2011 18% scan and save their tax documents electronically, up from 6% in 2011 More than 75% of respondents have used EFT for tax refunds As electronic filing continues to grow, identity theft is likely to increase. While consumers should take steps to protect themselves, businesses also need to employ identity theft protection solutions to safeguard consumer information. >> Identify and prevent fraud

According to a recent Experian Marketing Services study, 36% of companies interact with customers in five or more channels.

It may seem like April is far away, but tax season in fact launches next Tuesday, January 19. And whether you’re a business or an individual, you’ll want to know if you’re eligible for any tax benefits. Thanks to a recent announcement from the Internal Revenue Service (IRS), identity theft protection will now be considered a non-taxable benefit – a nod to the rising importance of the service for all consumers in today’s security landscape. The IRS will treat identity theft protection as a non-taxable, non-reportable benefit—for any employee or company, regardless of whether they’ve experienced a data breach, or whether the identity theft protection is provided by an employer to employees or by a business to its customers. Previously, only employees or customers who were in the aftermath of a data breach could treat identity theft monitoring as a non-taxable event. But after that announcement just four months ago, several businesses suggested a data breach was not a remote risk, but rather, “inevitable.” What does this mean for companies? They can now deduct any cost of offering identity theft protection to their employees or customers. The IRS defines identity theft protection services as: Credit report and monitoring services Identity theft insurance policies Identity restoration services Other similar services It’s important to note that these don’t need to be reported on either W-2 or 1099-MISC forms. However, this new policy won’t apply to cash given to employees or customers in place of identity protection services. Perhaps the change in defining what qualifies was spurred by the IRS’s need to provide identity theft protection last summer, as its online database of past-filed returns and other documents was hacked. That breach affected over 300,000 individuals. Whatever the reason, the announcement means this is a perfect time to sign up for identity theft monitoring services. You can do so through an employer or directly with a retailer. Particularly for individuals, the ability to receive tax benefits while knowing your personally identifiable information is safe and secure is a great feeling. For existing subscribers, upgrading to premium services may now be a more viable option. Does your company offer identity theft protection and monitoring as an employee benefit? If not, would this announcement change their minds? Visit our website for more information on identity protection products you can offer your customers. Learn more

Did you know that privacy policies do not guarantee that your information will be kept private? Most companies use privacy policies to inform customers about how their personal information may be used, i.e. sold, shared, exchanged, not necessarily guaranteeing absolute confidentiality. In today’s increasingly digital world where exchanging personal information – your name, email address, home address, etc. – for access to websites, coupons and the like has become the norm. And, it can be difficult for consumers to understand the value of their personal information. Today is the eighth annual Data Privacy Day, an international awareness effort spearheaded by the National Cyber Security Alliance (NCSA) that encourages all Internet users to consider the privacy implications of their online actions and motivate all companies to make privacy and data protection a greater priority. Since most consumers aren’t fully aware of the implications of sharing personal information, we’re taking a deeper look at what can happen when personal information is shared online. Companies that collect don’t always protect When you share personal information with a company online, that company is responsible for protecting your information. Even data that is seemingly harmless is extremely valuable to cyber criminals, like your email address or your mother’s maiden name for a password reset. When you share this valuable, personal information with a company online be sure to read the company’s privacy policy fine print in order to be certain that your information is not being shared publicly or with outside companies. In some instances, even reading the company’s fine print cannot keep your information safe. Millions were affected last year due to retail and medical data breaches, proving it difficult for companies to protect your data no matter how secure it may seem. Once cyber criminals have their hands on your personal information, you may be surprised at what they can do with it. Cyber criminals patch together your digital profile Bits and pieces of personal information stolen from companies can help cyber criminals patch together a complete picture of your digital identity. They can then use your digital identity to access more important information like your financial records from retail sites that have your credit card information stored. Many consumers leave a trail of personal information on the Internet, leading cyber criminals to steal your identity and your financial information. How to make a difference during Data Privacy Day Here are some tips on how you can increase your privacy online from the NCSA: Think of your personal information like money – value it and protect it. You are often paying for “free” services with your personal information. Before you willingly provide your information to a service, make sure it is a business you trust to handle your information with care. Manage your browser cookies to maximize your privacy and prevent unwanted tracking. Demand that businesses be honest about how they collect, use and share personal information. Be cautious about who you “friend” and communicate with online. Visit our website for more information on identity protection products you can offer your customers.

You’ve heard of the websites that can locate sex offenders near you. Maybe you’ve even used them to scope out your neighborhood. But are those websites giving you the full picture? What if some sex offenders are flying under the radar? According to a recently released study from Utica College, more than 16 percent of sex offenders attempt to avoid mandatory monitoring by manipulating their identity. They use multiple aliases, use various personal identifying information such as social security numbers or date of birth, steal identity information from family members, manipulate their name, use family or friends’ addresses, alter their physical appearance or move to states with less stringent laws. Finding ways to slide under the radar means registered sex offenders could live near schools and playgrounds, or even gain unapproved employment. In one case, 29-year-old Neil Rodreick enrolled in at least four schools in Arizona, posing as a 12-year-old boy. He was finally caught when one school was unable to verify the information on his paperwork. A parallel study conducted by Utica demonstrated that awareness of identity manipulation of sex offenders is low. Of 223 law enforcement agencies surveyed in 46 states, only five percent knew of an identity manipulation case within their jurisdiction. Close to half (40 percent) of respondents said that they had zero cases, indicating that some may not even be aware of this issue. Clearly, additional monitoring is needed. Experian offers sex offender monitoring that conducts an in-depth search of sex offender registries in all 50 states, Washington D.C., Puerto Rico and Guam to help find and identify sex offenders. It also provides notifications when a sex offender is living in or moves to a customer’s neighborhood, or if a sex offender registers under a different name using a customer’s address. Monitoring identity and credit information is also another way to stay aware of sex offenders using one’s personal credentials. Do you feel that current sex offender tracking is working? Are there other tools or systems states should be using to track them? Visit our website for more information on identity protection products you can offer your customers.

Customers see a data breach and the loss of their personal data as a threat to their security and finances, and with good reason. Identity theft occurs every four seconds in the United States, according to figures from the Federal Trade Commission. As consumers become savvier about protecting their personal data, they expect companies to do the same. And to go the extra mile for them if a data breach occurs. That means providing protection through extended fraud resolution that holds up under scrutiny. Protection that offers peace of mind, not just in the interim but years down the line. The stronger the level of protection you provide to individuals affected in a breach, the stronger their brand loyalty. Just like with any product, consumers can tell the difference between valid protection products that work and ones that just don’t. Experian® Data Breach Resolution takes care to provide the former, protection that works for your customers or employees affected in a breach and that reflects positively on you, as the company providing the protection. Experian’s ProtectMyID® Elite or ProtectMyID Alert provides industry-leading identity protection and, now, extended fraud resolution care. ExtendCARE™ now comes standard with every ProtectMyID data breach redemption membership, at no additional cost to you or the member. With ExtendCARE, the identity theft resolution portion of ProtectMyID remains active even when the full membership isn’t. ExtendCARE allows members to receive personalized assistance, not just advice, from an Identity Theft Resolution Agent. This high level of assistance is available any time identity theft occurs after individuals redeem their ProtectMyID memberships. Extended fraud resolution from a global leader like Experian can put consumers’ minds at ease following a breach. If we can help you with pre-breach planning or data breach resolution, reach out to us via our contact form on our contact page.

Our guest blogger this week is Tom Bowers, Managing Director, Security Constructs LLC – a security architecture, data leakage prevention and global enterprise information consulting firm. The rash of large-scale data breaches in the news this year begs many questions, one of which is this: how do hackers select their victims? The answer: research. Hackers do their homework; in fact, an actual hack typically takes place only after many hours of first studying the target. Here’s an inside look at a hacker in action: Using search queries through such resources as Google and job sites, the hacker creates an initial map of the target’s vulnerabilities.  For example, job sites can offer a wealth of information such as hardware and software platform usage, including specific versions and its use within the enterprise. The hacker fills out the map with a complete intelligence database on your company, perhaps using public sources such as government databases, financial filings and court records. Attackers want to understand such details as how much you spend on security each year, other breaches you’ve suffered, and whether you’re using LDAP or federated authentication systems. The hacker tries to identify the person in charge of your security efforts.  As they research your Chief Security Officer or Chief Intelligence Security Officer (who they report to, conferences attended, talks given, media interviews, etc.) hackers can get a sense of whether this person is a political player or a security architect, and can infer the target’s philosophical stance on security and where they’re spending time and attention within the enterprise. Next, hackers look for business partners, strategic customers and suppliers used by the target.  Sometimes it may be easier to attack a smaller business partner than the target itself.  Once again, this information comes from basic search engine queries; attackers use job sites and corporate career sites to build a basic map of the target’s network. Once assembled, all of this information offers a list of potential and likely egress points within the target. While there is little you can do to prevent hackers from researching your company, you can reduce the threat this poses by conducting the same research yourself.  Though the process is a bit tedious to learn, it is free to use; you are simply conducting competitive intelligence upon your own enterprise.  By reviewing your own information, you can draw similar conclusions to the attackers, allowing you to strengthen those areas of your business that may be at risk. For example, if you want to understand which of your web portals may be exposed to hackers, use the following search term in Google: “site:yourcompanyname.com – www.yourcompanyname.com” This query specifies that you want to see everything on your site except WWW sites.  Web portals do not typically start with WWW and this query will show “eportal.yourcompanyname, ecomm.yourcompanyname.” Portals are a great place to start as they usually contain associated user names and passwords;   this means that a database is storing these credentials, which is a potential goldmine for attackers.  You can set up a Google Alert to constantly watch for new portals; simply type in your query, select how often you want updates, and Google will send you an alert every time a new portal shows up in its results. Knowledge is power.  The more you know about your own business, the better you can protect it from becoming prey to hacker-hawks circling in cyberspace. Download our free Data Breach Response Guide