Some 15.4 million consumers fell victim to identity fraud in 2016, as the number of fraudulent credit card transactions online surged, according to a new study by Javelin Strategy & Research. The number of consumers victimized climbed 16 percent, to the highest level since the firm began tracking ID fraud in 2003.
In total, fraudsters stole nearly $16 billion, according to the report, or nearly $1 billion more than in 2015.
But here’s a number from the study that isn’t getting as much attention: $0.
That’s the median consumer cost associated with identity fraud. That number has not changed since at least 2011, according to data Javelin shared with me, even as the number of total victims has climbed.
That doesn’t mean all victims get off without losing some cash. Let’s look at the data another way.
The mean, or average, customer cost has fallen by quite a bit since 2012, when the average loss was $382. In 2016, it was $48.
So the average loss associated with identity fraud is less than 50 bucks. That’s real money, but it’s also not anything to fret about too much.
Why consumers don’t lose money
“The vast majority (over 90 percent) of fraud victims pay nothing out of pocket as a result of fraud, largely because of consumer liability protections,” Al Pascual, a senior vice president, research director and head of fraud and security at Javelin, wrote in an emailed response to questions.
Federal law limits consumer liability for credit card fraud to $50, Pascual says. Debit card protections aren’t as good, with a $50 cap in place if the victim reports the fraud within two days. Liability increases to up to $500 if the fraud is reported between 2 and 60 days.
This is the No. 1 reason not to use a debit card for transactions at the register, although Pascual says “most issuers and card networks have established consumer protections above and beyond regulatory requirements with many fraud victims facing zero liability for most fraudulent transactions.”
CARD SEARCH: Spring break is approaching. Time to book a travel credit card for your vacation.
Where the fraud is
As credit experts had predicted, the rise of chip-based credit cards in the U.S. has started to drive thieves online, where card-not-present fraud rose significantly. Fraudsters don’t need your physical card to make fraudulent transactions online or over the phone, they just need your card number. The chip, which protects against counterfeit cards, offers no protection on the internet.
Javelin says this type of fraud jumped 40 percent.
Account takeover fraud – when a crook takes over access to online banking or credit card accounts using phishing or malware scams – increased 61 percent to $2.3 billion. Here, consumers lost on average $263 in out-of-pocket costs and spent 20.7 million hours in total resolving the fraud, Javelin found.
How to protect yourself
There are many ways to help catch fraud – or prevent yourself from becoming a victim (Javelin offers its own tips), but here are three of my favorites:
- Monitor your credit card statements. Better yet, set up notifications on your smartphone to alert you anytime a purchase is made using your credit card. You’ll catch fraud the instance it happens and it requires basically no effort on your part.
- Stop using terrible online passwords. Set up a password manager and let it do the work of creating strong passwords for all the sites you visit.
- Keep your credit off-limits. Freezing your credit can help prevent the bad guys from opening new credit cards in your name.
“To successfully fight fraudsters, the (payments) industry needs to close security gaps and continue to improve, and consumers must be proactive, too,” Pascual says.
CARD SEARCH: Traveling soon? Consider a credit card that charges no foreign transaction fees.