Online identity theft is growing at an exponential rate, evidenced by a raft of Australian news reports over the Christmas break.

The bulk of the thefts relate to credit card fraud when online shoppers are lured into “fake” websites. These look like the real thing offering deals that are too good to be true – all aimed at getting shoppers credit card details (number, expiry date, CVV number), phone number, email and delivery address.

Despite recent warnings from ASIC thousands of Australian’s were scammed in highly professional lookalike Google Play sites offering Christmas discounts on popular apps while many also included a malware payload in the download that took control of the Android device.

Also popular were the fake holiday rental and holiday attraction tickets. WA’s Scamnet reports a plethora of fake sites for fake rental properties that attempt to scam two weeks of rent as a deposit, plus bond money. Plus, there were fake sites offering heavily discounted tickets to popular attractions.

Who can resist a cute English Bulldog puppy? Apparently, dozens could not and are out of pocket $2,100 as well as having their credit card details stolen. Not to mention fake dating and lonely-hearts websites, especially those using social media sites to spread the word.

Personally, I received dozens of scam emails allegedly from Microsoft Office, PayPal, eBay, Australian Tax Office, various banks, Australia Post, DHL, and much more urging me to click on the attachment to verify some detail or my service would be stopped.

All this is possible because of a lack of secure identity process to confirm both who you are dealing with and vice versa, that it is you the online merchant is dealing with. Let’s just say the status quo allows organised crime to use card not present, bitcoins and the dark web to perpetrate scams.
According to Javelin Strategy and Research, the cost of online fraud in the U.S. alone hit $16 billion and affected 15.4 million victims in 2016.

“After five years of relatively small growth or even decreases in fraud, this year’s findings drives home that fraudsters never rest and when one area is closed, they adapt and find new approaches,” said Al Pascual, senior vice president, research director and head of fraud and security, Javelin Strategy and Research.“

The rise of information available via data breaches is particularly troublesome for the industry and a boon for fraudsters. To successfully fight fraudsters, the industry needs to close security gaps and continue to improve, and consumers must be proactive too,” he added.

Online identity verification provider  Jumio says, “Establishing the true identity of online customers will be leading security priority among organisations in 2018.”

It says the Equifax breach (the worst data breach in US history involving the theft in September 2017 of US social security numbers), merchants can no longer ask customers for the last four digits of their social security number to verify identity.

Merchants are exploring how to evolve past knowledge-based authentication (KBA) and SMS-based authentication methods to reliably and accurately verify and link a customers’ digital identity with their physical identity.

Jumio says biometrics will play a key role in identity verification, with advanced technologies such as eyeball tracking and facial recognition to replace easily deceived approaches like fingerprint and photo ID.

GadgetGuy’s take

We publish almost any online security-based information as a public service to help draw attention to cybercrime. Over Christmas I met five normally intelligent and online savvy people who suffered identity theft – how many did you meet?