For years, American consumers have waited for safer credit cards with embedded chips that make them more difficult to clone, and which can require a unique PIN or a signature to use. Now that these cards are finally in widespread use, and retailers are begrudgingly shifting over to new card-readers, why is identity fraud still on the rise?
There were more cases of identity fraud in 2016 than at any other point in 13 years, The Wall Street Journal reports, citing a report from consulting firm Javelin Strategy & Research and identity-theft-protection firm LifeLock Inc.: About 15.4 million consumers were victims of identity fraud in 2016, adding up to $16 billion in total losses.
The number of victims increased 18% from 2015 and constitutes the highest number since Javelin started keeping track of such fraud in 2003. It’s worth noting, however, the amount stolen from those victims was at its lowest point in the past six years.
How is this happening? Blame your online shopping habit, for one: most of the increase in identity fraud can be attributed to fraudulent online purchases, with a 15% rise in such cases, the study found. That’s prompted an uptick in “existing-card fraud,” which is when criminals make working copies of your debit or credit card.
Almost half of the instances of card fraud involved chip-enabled card accounts that were used online or at brick-and-mortar stores that don’t have chip-enabled payment terminals. About 64% of merchants with physical stores are still using card-readers that only read the magnetic stripe, according to the study.
The problem is that there’s no way to take advantage of a chip’s security when you’re buying online. Instead, most e-commerce merchants rely on the usual information like credit card number, expiration date, and security codes printed on the cards.
To combat this, some financial institutions, credit-card networks, and technology companies are working on safer ways to share payment details online. One example is “tokenization,” which generates a unique code for each transaction that must be approved, instead of cardholders’ account numbers.
For example, Mastercard announced this week that the company is boosting spending in 2017 to push customers to its Masterpass digital wallet, which uses tokenization.
As for whether that will help, well, it’s always a bit of a game of whack-a-mole where fraud is concerned, the experts say.
“Fraud is kind of like squeezing Jell-O,” said Stephen Coggeshall, chief analytics and science officer at LifeLock. “Stop it one place, and it migrates to somewhere else.”