Banks let them open accounts in your name. The Internal Revenue Service gives them your tax refund. They dip into databases linked to credit bureaus, snagging your bank account, routing and Social Security numbers, which are sold off like packs of gum in an ever-growing black market that generates billions of dollars. The modern con artist’s prying eyes look beyond the wallet in your back pocket to hijack your financial identity.
In 2013, there was a new victim of identity fraud every two seconds, according to Javelin Strategy and Research. Fraud complaints increased more than sixfold from 2001 to 2013, according to a Federal Trade Commission report released in February. As consumers bank, shop and connect in social networks online, data breaches have become an unwelcome reality.
Scarier still: The institutions that are supposed to keep your information secure are the same ones fraudsters can sneak past. More than 867 million records have been stolen from businesses, government agencies, nonprofits, medical providers and educational institutions since 2005 — and 30% of those were leaked in the last year and a half, according to the Privacy Rights Clearinghouse. Victims this year alone include government agencies like the California Department of Motor Vehicles and the city of Detroit, large corporations including food company J.M. Smucker, as well as small businesses like an Ohio gas station and a Malibu wine shop.
Once a crook has one piece of your personal data, it’s much easier to get a lot more of it. Nearly all of the top credit card issuers and 80% of the top 25 banks allow someone to access your account if they have the correct Social Security number, according to Javelin. Every year, the U.S. hands billions of dollars to fraudsters requesting tax refunds that belong to someone else. That total reached about $3.6 billion in 2011, according to the Treasury Inspector General for Tax Administration. Attorneys general in Connecticut and Illinois are probing Experian, one of the three major credit bureaus, after a Vietnamese man pled guilty to selling the information of hundreds of thousands of Americans, which he accessed through one of its subsidiaries. Experian has said that it did not control the compromised database and that its credit data wasn’t affected.
To be sure, when it comes to security, “financial institutions represent, perhaps, the most protected business segment in the private sector,” according to a report released last month by the SANS Institute, an Internet security company. The survey of nearly 300 technology security professionals, from across banking, insurance, health care and government agencies, also found that 49% of respondents plan to invest more heavily in information technology security over the next two years.
Banks run continual tests on their security systems to find and patch weaknesses, though fake credentials can sometimes slip through, says David Pommerehn, senior counsel at the Consumer Bankers Association, a trade group comprising more than 50 retail banks including Chase, Bank of America and Citigroup.
“Criminals have moved from the street corner, committing crimes like prostitution and selling drugs, to committing white-collar crimes, committing fraud,” says Al Pascual, senior analyst for security, risk and fraud at Javelin. “The information they need to commit these crimes is plentiful and cheap.”
2. “I work with you — and sometimes for you.”
The typical organization loses an estimated 5% of annual revenue to its own employees — a global total of $3.5 trillion. Not because of wages, but because of fraud, according to a 2012 report by the Association of Certified Fraud Examiners. That means money lost to inflated expense reports, bribery, extortion, payroll schemes like adding ghost employees, or outright looting of cash. The median loss is about $140,000, according to the ACFE report. Do you own a small business? Those take a bigger hit, about $7,000 more. More than one-fifth of work-related fraud cases end up costing at least $1 million.
Still, companies are building up teams of fraud-hunters to fight back, hiring for risk, compliance and anti-money laundering roles. The ACFE counted more 70,000 members this year, a 40% increase since 2008, the year the financial crisis unfolded, as businesses seek more risk and compliance experts.
Employee fraud doesn’t end at the office. Americans spend $275 billion annually on home improvement repairs — fixing roofs and plumbing, remodeling, building fences, and so on, according to a Harvard university study. Can you trust the handyman? Maybe not. The National Center for the Prevention of Home Improvement Fraud estimates homeowners are scammed out of at least collective $17 billion annually due to prepayment for work that never gets done, overbilling and unscrupulous contracts, among other cases.
The anti-home improvement fraud nonprofit visits about 50 cities nationwide each year to teach people how to protect themselves from contractor scams, for example, warning not to provide more than 10% of the compensation upfront.
“One of the worst cases that we heard was of a homeowner who gave the contractor $240,000, signed the check over to the contractor, and never heard from the contractor again,” says Phae Moore, the group’s executive director. “Once the guy has taken off with your money, there’s not a whole lot anybody can do for you.”
