Hackers Loved SSNs More Than Card Numbers in 2017

Who says you can’t teach an old criminal new tricks?

Hackers who used to amuse themselves stealing credit cards have raised the level of their identity theft game such that 2017 was a record year — 16.7 million Americans were victimized last year, a jump of eight percent from 2016. That fraud run saw $16.8 billion successfully lifted in 2017, the highest amount in four years.

But last year’s twist was that data breaches were after social security numbers more often than credit card numbers — though that imbalance (35 percent to 30 percent) was largely driven by one massive breach, the Equifax breach last fall.

Al Pascual, Javelin’s research director and head of fraud and security, expects 2018 to be another record year.

“They’re smarter now. They have all the data they need to commit fraud and they know exactly how to use it,” Pascual told NBC News. “They’re getting more sophisticated faster than we can respond — and that’s the big problem.”

There isn’t no good news — EMV cards seem to have been effective at tackling a lot of PoS fraud.

But that has largely pushed crooks to the web, where physical control of a card is not necessary.

Card-not-present fraud (CNP) is now 81 percent more likely than point-of-sale fraud (POS), the greatest gap Javelin has ever observed.

Also having a record breaking year — powered by all those stolen social security numbers — was new account fraud, which rocketed up 70 percent in 2017. Account takeover surged 120 percent to hit $5.1 billion last year.

“Consumers are clearly concerned and they no longer feel that they can be successful in protecting themselves — and that’s problematic,” Javelin’s Pascual told NBC News. “Consumers play a very central role in protecting their own identities. It seems like a lot of them feel pretty helpless, and they’ve shifted the perceived responsibility for preventing fraud from themselves to other entities, such as their financial institution.”