Card Breaches Pose Greatest Fraud Risk Exposure of Debit Data is Biggest Threat
Card Breaches Pose Greatest Fraud Risk
Al Pascual and Joe Vacca
A new identity fraud study shows that consumers who are victims of a payment card breach are at greater risk of fraud than victims of other types of breaches, says Al Pascual of Javelin.

In 2013, one in three U.S. consumers who had been notified that their personally identifiable information was exposed in any type of breach wound up becoming victims of identity fraud, according to Javelin's 2014 Identity Fraud Report. The report defines identity fraud as fraud that results from the theft of PII, not just from identity theft.

And consumers who have their debit card data breached are at greatest risk. According to Javelin, some 46 percent of consumers who had their debit cards breached last year become fraud victims within the same calendar year, compared to only 16 percent of consumers who had a Social Security number breached, says Pascual, senior analyst of security, risk and fraud at Javelin, a consultancy.

"There's a strong relationship between breaches and fraud," Pascual says in an interview with Information Security Media Group. "The data is truly compelling. Consumers are getting these [breach] notifications and they are suffering fraud at a greater rate than ever before. If you are a card data breach victim [of any kind], there's over a 40 percent chance that you will suffer fraud."

Consumer Frustration

Consumers are frustrated that that they have no control over card data breaches at retailers, says Joe Vacca, president of partner solutions for Intersections Inc., a consumer fraud prevention and education firm that helped Javelin collect data for its report, based on a survey of 5,000 consumers."When you think about Target and other breaches, there is nothing they could do to prevent it," Vacca says during the interview.

Nevertheless, consumers can take a number of steps to better protect their identities and their accounts, Vacca says. "If customers use one password for multiple accounts, their risk will increase," he says. "The more you leverage the same password across multiple accounts, the more likely you are to be a victim of fraud."

There is a direct link between duplicated or weak passwords and account takeover fraud, especially outside of banking environments, Pascual adds. "Takeovers of checking and savings accounts have actually dipped, but takeovers of utilities and mobile phones [accounts] have jumped," he says.

During this interview, Pascual and Vacca discuss:

  • Why fraudsters are less focused on stealing Social Security numbers;
  • Why card fraud has outpaced new-account fraud; and
  • How to empower consumers to prevent fraud.

Pascual leads Javelin's security, risk and fraud practice. He began his career with the bank HSBC, where he performed enhanced due diligence investigations of high-risk loans. He later joined Goldman Sachs' fixed income, currency and commodities division, serving on its mortgage fraud investigations team. Then he joined Fidelity National Information Services, now FIS Global, to oversee investigations of organized payment fraud groups.

Vacca joined Intersections in 2000. He previously worked in management positions at EduCap and Wells Fargo.

Around the Network