Companies Face a Consumer Trust Crisis

Identity fraud is definitely on the rise in the United States, and consumers are losing trust in companies as a result, according to Javelin Strategy & Research’s “2018 Identity Fraud Study” released in early February. 

The number of identity fraud victims in the United States reached 16.7 million in 2017, representing 6.6 percent of all consumers. Those numbers reflect an 8 percent increase in the past year, affecting roughly 1 million more victims than in 2016. That is a record high since Javelin began tracking identity fraud in 2003. 

The study also found that despite industry efforts to prevent identity fraud, fraudsters successfully adapted to net 1.3 million more victims in 2017, while the amount stolen reached $16.8 billion. 

Last year also saw a notable change in how fraud is being committed. While credit card accounts remained the most prevalent targets, fraudsters increasingly opened new intermediary accounts, such as those offered by PayPal, and other internet accounts with e-commerce merchants like Amazon. Although not as easily monetized by themselves, these types of accounts can be used to help fraudsters transfer funds from the existing accounts of their victims. In 2017, 1.5 million people were victims of this type of fraud, up 200 percent from the previous high.

Part of the reason for the prevalence of identity fraud, according to Linda Sherry, director of national priorities at Consumer Action, is that Americans’ privacy rights are dictated by “a spotty patchwork of federal and state laws that are inadequate to ensure that consumers are protected and have a say as to what’s done with their personal information.” These include specific rules or laws about credit-related data, under the Fair Credit Reporting Act (FCRA), medical data under the Health Insurance Portability and Accountability Act (HIPAA), and children’s data under the Children’s Online Privacy Protection Act (COPPA).

And as the number of identity fraud cases increases, so too does the number of corporate data breaches. The Javelin research found that nearly a third (30 percent) of all U.S. consumers were notified of breaches in 2017, up from 12 percent in 2016. For the first time ever, Social Security numbers (35 percent) were compromised more than credit card numbers (30 percent) in breaches.

“2017 was a runaway year for fraudsters, and with the amount of valid information they have on consumers, their attacks are just getting more complex,” says Al Pascual, senior vice president, research director, and head of fraud and security at Javelin Strategy & Research. “Fraudsters are growing more sophisticated in response to industry’s efforts to implement better security.”

While the losses by themselves are staggering, an equally troubling trend is the loss of trust that consumers have turned toward companies. Consumers are now shifting the perceived responsibility for preventing fraud from themselves to other entities, such as their financial institutions or the companies storing their data.

The proportion of consumers who are concerned about fraud rose from 51 percent in 2016 to 69 percent in 2017. Meanwhile, 63 percent of consumers are highly concerned about the threat of breaches, with many unsure that they can effectively protect themselves. 

Cynicism about breach notifications also rose dramatically, with 64 percent of breach victims indicating they believe the breach notifications do little to help protect them and are principally about providing legal cover for the companies whose files were compromised. 

Consumer Action’s Sherry hopes that when the European Union’s new General Data Protection Regulation (GDPR) goes into effect next month, U.S. consumers might see some ripple effect from companies’ push toward compliance. “It’s unlikely that global corporations will create country-specific systems for data protection, retention, correction, and deletion rights—making it possible for the strong EU rules to become the default for consumers in the United States and other countries,” she says.

“As global firms adapt to the EU’s data protection law, we’re hopeful that all consumers will benefit from stricter data security and gain a reasonable measure of control over their personal information that so many others prosper from the EU’s strong regulation,” Sherry says.