Smartphones and social media are still relatively new frontiers for consumer banking, and they pose new risks.
Younger customers, who are more confident about posting personal details and among the heaviest smartphone users, are particularly at risk.
But while the incidence of identity theft is increasing, cost to consumers has stayed about steady, according to Javelin Strategy & Research's 2012 identity fraud report.
"We know the risks are still prevalent, but when you look at improved response time and reduced cost for consumers, as well as increased consumer awareness, the banks … have done a good job with education," says Robert Dudacek, senior vice president for Wells Fargo & Co. insurance.
Two things that have helped customers stop fraud earlier are more frequent online account monitoring and alerts sent to mobile phones, Dudacek says.
Javelin surveyed 5,000 consumers 18 years old and older in October. Wells Fargo was one of the study's sponsors.
Incidents of identity theft increased 4.9%, in 2011 compared to 4.35% a year earlier. The cost of fraud per incident decreased 20% to $1513, though the cost to consumers increased only about 2% to $354, compared to $346 a year earlier.
There were 11.6 million adults who experienced fraud in 2011, compared to 10.2 million adults in 2010. The total fraud cost was $18 billion in 2011, a decrease of 10% from a year earlier.
Javelin found that social media users need stronger security education. Nearly 70% of consumers with public profiles posted birthdays with months and years. More than 60% posted the names of their high schools, and over half posted their email addresses. All of this information could be exploited by fraudsters.
"When we dug deeper, we found that people are over-sharing specific bits of personal information," Jim Van Dyke, president and founder of Javelin, says.
The most active social media and smartphone users, 18 to 24 year olds, take about twice as long to detect fraud as other groups, Dudacek says. That may be related to their having a false sense of security around social media and electronic channels, he says.
Nearly 90% of bank risk executives said they think that mobile banking will create the next big wave of financial services fraud, says Julie Conroy McNelley, a senior analyst at Aite Group. McNelley surveyed 24 financial institutions in November.
In particular, younger users don't distinguish between the lax security on Facebook and their bank accounts.
"This group is much more tied to smartphones, and they have an expectation of immediacy with their services, and financial services institutions are innovating and trying to come up with solutions that react to this," McNelley says.
Slightly more than a third of smartphone owners use a security password to protect their phones, according to Javelin's study. A third store login credentials on their devices and 16% had installed software that could remotely wipe data in their phones.
However, nearly 70% update their operating systems when updates become available. These updates commonly include security fixes.
Consumers were also victims of numerous data breaches in recent years. Fifteen percent of consumers reported receiving data breach letters in 2011, compared to 9% a year earlier.
"Four years ago if you received a data breach notification letter, you were three times more likely [to become] a fraud victim, the following year it was four times more likely, and last year it was six times," Van Dyke says.
This year that group is nearly 10 times more likely to fall victim to fraud, Van Dyke says.
Generally speaking, Javelin's data correlates with what other fraud and security analysts say they have seen on the retail side, though not for small businesses and larger corporations.
More than 12% of small businesses had funds stolen from their accounts, according to a September survey by Gartner Inc. of 210 small-business owners, with about 63% saying the funds had been stolen through electronic funds transfer. The average amount stolen was $3,400.
"Business accounts have a lot more money and facilities to get money out, like payroll and wires and near real-time wires and more ACH functionality," says Avivah Litan, a vice president and distinguished analyst at Gartner.