Risky behavior is to blame for most security threats. And according to a new survey from Javelin Strategy & Research, increased use of mobile and social networking sites, such as LinkedIn, is feeding incidents of identity theft and fraud.
See Also: Proactive Malware Hunting
Identity fraud increased 13 percent from 2010 to 2011, Javelin found. More than 11.6 million U.S. adults last year reported being victims of some type of ID fraud, and Javelin says consumers' social media and mobile behaviors is contributing to fraud.
68 percent share birthday information, including 45 percent who share the month, date and year of their births.
"Consumers are taking more responsibility for security," says Javelin president and founder James Van Dyke. "But more needs to be done."
I had the chance to sit down with Van Dyke at RSA Conference 2012, and we discussed the results of this study at length.
Socially, humans are easily engineered, and fraudsters are always perfecting their techniques, coming up with better ways to fool consumers. In the end, it's not so difficult. Consumers unwittingly cough up personal details all the time, and fraudsters are all too quick to use that information to their advantage.
Despite warnings that social networks are used for information-gathering, consumers still share too much. Javelin found that among those with public profiles, 68 percent share birthday information, including 45 percent who share the month, date and year of their births; 63 percent share their high school names; 18 percent share their phone numbers; and 12 percent share their pet's names. This is exactly the kind of information that fraudsters can use either to open new financial accounts, or to crack passwords and answer challenge questions on existing accounts.
Increased use of mobile technology also has fueled fraud. Javelin says 7 percent of smart-phone owners reported being victims of ID fraud last year, a rate that's one-third higher than non-owners. Lax user behavior is likely to blame: 32 percent of smart-phone owners do not regularly update their phones' operating systems; 62 percent do not use passwords on their home screens; and 32 percent save login information on the device.
The survey, now in its ninth year, included more than 5,000 respondents. Since its inception, the survey has gathered ID fraud information from nearly 43,000 U.S. consumers.
"Consumers, the financial services industry, law enforcement and government agencies are stopping fraud earlier and making new account fraud more difficult to perpetrate," Van Dyke says. But consumers play the leading role. They have to be mindful of controlling their personal data when they adopt new technology or engage in social-networking circles.
"We found that the more [income] you make, the more likely you are to be targeted. And you're more likely to get hit on LinkedIn than Facebook," Van Dyke says.
Javelin found that the rate of fictitious connections on LinkedIn continues to rise, and executives whose salaries exceed $100,000 are more likely to be targeted. "LinkedIn is not talking about this, which is disturbing," Van Dyke says. "Something needs to be investigated here, because the trends are pretty alarming."
It's not all bad news. Financial losses linked to ID fraud have decreased, primarily because of steps banks and credit unions have taken to strengthen user authentication and better determine and identify credit risks. Consumers, because of more education from financial institutions, also are more closely monitoring personal accounts. That monitoring also has helped to reduce fraud losses.
But Javelin found banks and credit unions can do more, and they have an opportunity to enhance services and meet a growing consumer demand for more security.
"Consumers say they would rather buy a security solution or service from their bank, and this could be an opportunity," Van Dyke says. "Banks could increase their revenue and income if they offered security services. It's a win-win, but we see few banks taking full advantage."
Security and mobile payments are two services consumers want to buy from their banks. But Van Dyke is right when he says few financial institutions are today taking full advantage.
I hope 2012 reveals a shift in thinking and a new way, on the parts of banks and credit unions, to view revenue-generating opportunities. It's time to curb not just the losses, but the incidents, of identity fraud.