New ID Fraud Scams Create Imperative for Online Retailers & Big Tech

April 20, 2021
Author: Tracy Kitten
New ID Fraud Scams Create Imperative for Online Retailers & Big Tech

There is an alarming new trend in financial scams and all direct-to-consumer (DTC) brands and tech companies have a new call to action when it comes to protecting consumers.

Criminals have shifted their tactics to target consumers directly to steal their personally identifiable information. With traditional fraud, consumers often have no idea how their identities were stolen. With scams, they can often tell, upon reflection, the exact moment when they interacted with a criminal via email, phone or text. This is according to new data from the 2021 Identity Fraud Study released by Javelin Strategy & Research, part of the Escalent family.

By now, many of us have gotten the robo-call from “the IRS” requesting an immediate call back to discuss an important tax issue. Or, maybe it was a call from an “Amazon customer service agent,” or a strange text message asking you to log into an account. Identity fraud can now entail direct interaction with individuals where a criminal poses as a legitimate entity, instructing people to buy gift cards to resolve an issue or threatening to cut off a service if demands are not met. It can also entail tracking and targeting individuals based on the trail of personal information consumers share online.

All consumers are vulnerable to these scams, whether it’s through payment products meant to enhance convenience, remote operations, additional logins or simply more time online. Now more than ever, consumers need to be vigilant and businesses can help by educating their customers on how to avoid identity fraud.

Scam Tactics and Triggers

How to Help Your Customers Avoid ID Fraud: Passwords and Education

Pet names, children’s birthdates and favorite foods can all be password clues. Once a criminal cracks an individual’s password code, they often hit the jackpot. Consumers frequently use the same password up to 14 times across various platforms. Criminals know this and exploit it fully.

Sharing too many details on social media platforms is doubly problematic. As an example, many people share their Covid-19 vaccination cards—seems innocent enough but consider how much information is on that little card. It is easy for people to forget how much information they are giving away when they post these kinds of details. Social media companies have an opportunity to protect their users—and build loyalty—by providing guidelines for avoiding areas of vulnerability, such as:

  • If your post includes information such as a birthday or any identifying codes or numbers, leave those details out. This goes for your kids and loved ones, too.
  • If you want to post vacation photos, wait until you get home.
  • Check your privacy settings to ensure that you are only sharing with people you know.
  • Change your password often, make it complicated and don’t reuse old passwords.

Equally important are the implications for companies that interact with consumers and their wallets. Companies like Amazon, Uber, Lyft, Instacart, Venmo, Stripe and Paypal must understand emerging trends in ID fraud. Criminals are getting better at hacking systems and gathering details about when and where credit card charges are being made. This gives them a treasure trove of details to appear legitimate when they pose as a financial institution and ask for confirmation of an account number or social security number via text, email or phone.

In short, criminals are building dossiers to steal the identities of unsuspecting victims. As a starting point, one of the best things direct-to-consumer (DTC) brands can do is educate their customers about the risks of oversharing on social media and provide clear, simple steps their customers can take to protect themselves from criminals.

Where Tech Fits In: Going Beyond Passwords and Education

The growing acceptance of digital channels presents the perfect opportunity to increase consumer awareness of the security benefits of combining safer transactional habits with stronger forms of authentication. Cutting-edge technology, often deployed via the cloud, needs to leverage machine learning, biometrics and voice authentication to take fraud detection and prevention to the next level.

Biometrics, including voice authentication and facial scanning, are poised to transform the fraud management landscape and help DTC companies move beyond notoriously inadequate passwords. Consumers are increasingly willing to incorporate new fraud protections into their daily routines. For example, fingerprint scanning and facial recognition are growing in popularity with consumers.

Protecting customers from fraud requires a delicate balance between being so overly zealous that every transaction is questioned or halted and being so overly permissive that criminals are able to sneak in. The tech industry needs to start playing a larger role in helping other organizations exercise more effective vigilance. We expect that these innovations will continue to transform the fraud management landscape.

Want to know more? Visit the Javelin website for more information on the 2021 Identity Fraud Study: Shifting Angles.

Tracy Kitten
Director, Fraud & Security, Javelin Strategy & Research

Tracy Kitten is a recognized fraud and cybersecurity subject matter expert within the financial services community. A veteran journalist who covered fraud, payments, financial technology and cybersecurity for the last 16 years, Tracy has watched attacks and cyberthreats evolve, having spoken with countless industry experts, practitioners and sometimes even hackers to anticipate what’s coming next. As the Director of Fraud and Security at Javelin Strategy & Research--part of the Escalent family--Tracy brings her years of experience to help the practice and its clients grow and strengthen their resiliency. Previously, Tracy served as Director of Security Information Services at FS-ISAC, the Financial Services Information Sharing and Analysis Center – an industry consortium dedicated to reducing cyber-risk in the global financial system. Before FS-ISAC, Tracy served as Executive Editor at BankInfoSecurity and Senior Editor at ATM Marketplace. She has presented about financial cybersecurity risk and fraud at numerous industry trade events, including those hosted by ATMIA, RSA, the PCI Council and the Federal Reserve. Tracy holds a bachelor's degree in history, with a minor in English, from the University of Kentucky.