April was the harshest month for credit card application fraud: Report
Fraudsters hit U.S. banks and merchants hardest with bogus credit card applications in April, while most consumers were in full pandemic lockdown, according to new data from the fraud-detection firm Socure.
From the moment stay-at-home orders went into effect in March, fraudsters launched a barrage of attacks, attempting to open bogus credit card accounts using stolen personal information and synthetic identities, Socure found in its study.
Attempts to fraudulently apply for credit lines rose 93% from March 1 through April 30, when the pace of attacks peaked, Socure said in a Thursday press release.
Criminals also tried to hack the Paycheck Protection Program throughout the spring, with attempts to fake credentials for small-business loans up 65% between April 30 and June 22, Socure’s data suggested.
Fraudulent money-transfer attempts also rose 43% between March 15 and the end of June, the study indicated.
Sudden shelter-in-place orders meant consumers were abruptly forced to conduct everyday business online and fraudsters tried to camouflage their tricks within a wave of legitimate activations of new and dormant credit lines, Socure said.
"Fraudsters used variations of stolen credentials, attempting to spoof devices and IPs to look like the real consumer and with so many typical detection patterns changing all at once — stimulus and PPP payments, unemployment spiking, people working from home — bad guys had a lot of opportunities," said Johnny Ayers, Socure's co-founder and senior vice president of sales.
Ayers speculated that one reason attempts by fraudsters to open fake credit card accounts began to slow around May 1 is that card issuers by that time had trimmed credit offers and availability in response to the pandemic.
"Card issuers have reduced their risk appetite and made it substantially harder to obtain a new credit card or loan," Ayers said.
Socure, which is based in New York, gathered its data from by analyzing suspicious transactions it flagged and blocked between March and June of 2020.