But card issuers and consumers are taking proactive steps to mitigate their risk of fraud in the wake of a data breach, says Pascual, an analyst at Javelin Strategy & Research and lead researcher for "2013 Identity Fraud Report: Data Breaches Becoming a Treasure Trove for Fraudsters."
The annual study has surveyed 48,200 respondents over the last 10 years and is the longest-running independent analysis of U.S. identity fraud.
Among the highlights of the latest study: In 33 percent of cases noted by Javelin, consumers said they were notified of fraud by their banking institutions or card issuers, allowing them to stop fraudulent transactions sooner, he says.
That timely notification and identification is becoming increasingly critical. While banking institutions are improving their abilities to detect fraud linked to data breaches, fraudsters are shortening the window of time they wait before using payment data and consumer information after a compromise, Pascual adds.
"The correlation of being notified of a data breach and actually suffering a certain type of fraud is very, very strong," he says. "If you receive notification that your credit card number has been breached, the incidence rate for that particular population is 28 percent, when we talk about existing credit card fraud. For all consumers, it's only 3.1 percent. That's almost nine times greater. It's a pretty strong indicator that if you lose a credit card [in a breach], there's better than a one-in-four chance that you are going to become a victim of existing card fraud."
Those compromises are having an adverse impact on consumers' view of small retailers. Javelin finds that fraud victims are more selective about where they shop after their cards have been compromised, Pascual says. The study finds that 15 percent of all fraud victims decided to change behaviors and avoid smaller online merchants after a breach.
But it's not just credit card leaks that resulted in big losses for consumers, he says. Javelin also finds that compromised Social Security numbers from a breach make exposed consumers five times more likely to become victims of fraud when compared with an average consumer.
Pascual points to the breach of the South Carolina Revenue Department, which was reported last October and linked to the exposure of 3.6 million Social Security numbers and 387,000 credit cards. According to Javelin's estimates, 587,000 cases of new account fraud affecting South Carolina residents exposed are likely to result from that breach.
"Social Security numbers are the easiest ways to open new accounts, and that has impact on all types of fraud," he says.
During this interview, conducted at RSA Conference 2013, Pascual discusses:
- The affect credit card breaches have on card issuers, online retailers and consumers;
- How card-fraud trends in the United Kingdom can teach lessons for U.S. issuers and retailers;
- Why losses and compromises linked to digital breaches will garner more attention in 2013 and beyond.
Pascual leads Javelin's security, risk and fraud practice. He began his career with HSBC during the height of the mortgage boom. While working in HSBC's borrower verification department, Pascual performed enhanced due diligence investigations of high-risk loans. He later joined Goldman Sachs' fixed income, currency and commodities division, serving on its mortgage fraud investigations team. Later he joined Fidelity National Information Services, now FIS Global, to oversee data driven investigations of organized payment fraud groups in the U.S. Pascual is a member of the Association of Certified Fraud Examiners and the International Association of Financial Crimes Investigators.