A new report on identity theft underscores why consumers should pay special attention to notices they receive about data security breaches like the one that hit millions of Target shoppers over the holidays.
The report, by California-based Javelin Strategy & Research, found nearly one in three people who got a data breach notification last year became a victim of fraud. That was up from nearly one in four in 2012 and one in five in 2011.
Types of fraud ranged from using a stolen credit or debit card account to stealing lines of credit to opening new accounts under the victim's name, including mobile phone and utility service accounts, the report said.
"A number of prolific data breaches in the past year have driven down the price of stolen credentials, offering criminals a cheap and lower-risk means to commit [fraud]," the research firm said.
People who receive a data breach letter should attempt to limit damage by monitoring their accounts daily and signing up for any free credit monitoring services offered, the report said. They also should consider putting a fraud alert on their credit report, which signals lenders and others to take special precautions before extending credit in their name.
The Javelin report found there was a new identity fraud victim every two seconds in 2013, for an estimated total of 13.1 million victims -- up nearly 500,000 from a year earlier.
On the plus side, the dollar amount stolen fell last year to $18 billion from $21 billion in 2012. That was significantly lower than the all-time high of $48 billion in 2004. Javelin began the annual study in 2003.
Tablet and smartphone owners expose themselves to unique threats, the report said. Less than half use security software, leaving them open to malicious downloads.
The study also found that many people make themselves vulnerable to attack because they use passwords that are easy to crack. Strong passwords contain a combination of upper and lower-case letters, numbers and symbols.
People should change passwords regularly and avoid using the same one across multiple sites to limit exposure in the event that an account is compromised, the report said.
"Consumers are vulnerable to a number of methods used by fraudsters to compromise passwords, from simple shoulder-surfing and guesswork to more involved efforts against a user's system or that of an online site," the study said. Shoulder-surfing refers to looking over someone's shoulder or watching from nearby as a code is being typed in.
Personal wireless Internet connections are especially vulnerable, the report said, and should always have unique passwords.
And, as for those password security questions, choose them carefully.
"Fraudsters can research your personal details, such as your mother's maiden name or your place of birth, and use them to access your passwords," the report said.
Javelin suggested selecting security questions that are difficult to guess or simply using an answer that has no relation to the question.
Top tips for cutting risk of ID theft
1. Keep personal data private. Secure personal and financial records behind strong passwords that you change frequently, or in a locked storage device. Shred documents, monitor accounts and protect computer and mobile devices with updated security software. Don't use unencrypted public Wi-Fi when transmitting personal financial information.
2. Opt-in for two-factor authentication when offered. Some banks and other payment providers offer another layer of security beyond username and password. When enrolled, you will be notified if someone tries to access your account.
3. Don't use Social Security numbers for authentication. Most big banks and credit card issuers allow you to access accounts using your Social Security Number. Because SSNs can't be changed, they are valuable to fraudsters. Avoid revealing your full nine-digit number to anyone unless absolutely necessary.
4. Take data breach notifications seriously. If you receive such notice, you are at higher risk for fraud. Take advantage of any free credit monitoring services offered in response to the breach, closely monitor your accounts for suspicious transactions and consider placing a fraud alert on your credit report. The alert is a red flag for lenders and others to take special precautions to ensure your identity before extending credit.
5. Report problems immediately. If you suspect fraud, act fast to notify your bank, credit union, wireless provider or protection service provider. Responding quickly can reduce losses.
Source: Javelin Strategy & Research
Patricia Sabatini: firstname.lastname@example.org or 412-263-3066.