Nearly 12 million Americans were victims of identity theft in 2011, an increase of 13 percent over 2010, according to a report released on Wednesday by the research firm Javelin Strategy & Research.
The rise in the use of smartphones and social media by incautious consumers fueled the increase in identity fraud, and 2011 was a year of several big data breaches too, Javelin said.
With the rise in credit card monitoring and more sophisticated policing by credit card companies, identity thieves are increasingly targeting users of smartphones and social media, where consumers have a tendency to be less cautious, experts say.
"The message is not that people should let their guard down," Javelin founder and President Jim Van Dyke said. "The challenge that we have is that criminals often change faster than everyday consumers or businesses."
The number of people whose information was accessed in a data breach increased by 67 percent in 2011, largely due to some very high-profile thefts, such as the attacks on Sony Corp's PlayStation network in April.
Someone whose personal information is taken in a data breach is 9.5 times more likely to become a victim of identity fraud, Javelin found.
One heartening finding was that dollar losses by consumers remained stable last year despite the increase in the number of victims. Credit card issuers' policies on fraudulent transactions -- a $50 limit on losses, which is often waived -- and quicker detection has limited out-of-pocket costs to consumers, said Van Dyke.
For the past nine years, Javelin has been analyzing data and survey information about identity fraud, usually defined as the opening of new accounts in the name of a victim.
For every advancement made on the protection side, consumers remain vulnerable due to the resourcefulness of crooks.
"They're doing more and more crime in order to get the same return," said Mike Urban, who analyzes fraud patterns for Fiserv Inc, a consulting company that helps financial institutions defend against crime and other risks. "It's pushing the criminals to work even harder."
In 2011, some of the biggest data thefts ever recorded took place. In the attacks on the PlayStation network, hackers obtained the personal information of tens of millions of users and the credit card numbers of some.
Also last year, hackers stole millions of names and email addresses from Epsilon, the marketing division of Alliance Data Systems Corp. That firm sends email marketing information on behalf of major banks, retailers and hotels, among others. Citigroup Inc also reported a large data theft.
About 7 percent of all smartphone users fell victim to identity fraud in 2011, according to Javelin. Smartphone users were about a third more likely to become victims than non-users. Javelin found 62 percent of smartphone users do not use password protection for their home screens; this allows anyone who finds or takes their phones to have access to the contents.
Fiserv's Urban said downloaded apps are often a problem, too. The lure of a free game, particularly one not vetted through a company-operated site such as Apple Inc's iTunes, can result in users having programs that collect and distribute their personal information.
Javelin also found that many social media users reveal too much personal information, including their birth dates, where they went to high school, their phone number and other information used to verify identity.
"You don't leave your money lying on a table," said Urban. "You don't want to leave your important information out there."
Here are some tips from Javelin to avoid becoming an identity fraud victim and mitigating losses:
- Password protect your home and mobile devices. Avoid exposing personal information that can be used by someone else for identity verification.
- Be careful about the apps you download. Only download through a service that monitors the apps, such as iTunes.
- Share information carefully when you are on a public wifi network.
- Monitor your credit cards by checking their use online or reading the statements carefully. Quickly report to your credit card issuer if you see any suspicious transactions.
- Take data breach notifications seriously. If your data has been accessed, consider subscribing to a credit-monitoring service, which is often is offered for free for a year by the company that had been breached.
(The author is a Reuters contributor. The opinions expressed are his own. Editing by Linda Stern, Chelsea Emery and John Wallace)