Unwrapping Holiday Fraud: Tips and Trends for Staying Safe This Holiday Season

Jumio Reveals What Businesses and Consumers Need to Know to Thwart Cyber Criminals

PALO ALTO, Calif. – December 10, 2015 While the holiday season brings excitement for many – with family gatherings, time off work, and copious amounts of food – this busy time of year can also bring some unwanted risks, (and not just sticker shock on holiday gifts). Unfortunately, increased retail activity and spending during this time kicks cyber criminals into high gear. Both businesses and consumers should be extra vigilant and monitor their accounts carefully over the coming weeks to avoid falling victim to criminal tactics and scams.

Read on for advice and trends announced today from Jumio, the fast growing online and mobile ID authentication company, on how to protect yourself or your business from those who want to take what’s yours.

Consumer Advice:

Be cautious with travel documents. Many consumers aren’t aware of the amount of personal information that’s contained on paper air travel boarding passes, and may carelessly toss them out without shredding them. Make sure to properly dispose of your boarding passes as you would with any other document containing sensitive information. These passes don’t just have your flight number and boarding time – the QR codes can give criminals access to all the information listed in your airline account. This means hackers may have access to your personal information (including home address, birthday, and credit card information), as well as access to all future flights tied to your frequent flyer account. These details also may make it easier for a cyber criminal to reset the PIN number used as protection on your frequent flyer account, or use that PIN to hack into other accounts. To avoid having criminals get their hands on your documents, travel safer and faster with mobile boarding passes, which are being offered by nearly all major airlines. For international travel, mobile passport scanning, available through major airlines such as United Airlines and Easyjet with Jumio’s ID scanning technology, allows consumers to not only check in ahead of time using their airline’s app, but also keeps their boarding pass information secure prior to and after travel is completed.

Keep quiet. People tend to want to share their upcoming travel plans or vacation selfies with friends on social media. If your account isn’t set to private however, or if you accept friend requests from people you’ve never met in real life, you’re opening yourself up to additional risk during your travels. In addition to a heightened risk of a potential home robbery (one study shows 75 percent of criminals used social media to target victims), criminals may take advantage of arrangements you’ve made with your credit card companies to not flag transactions made in different locations due to your travel. If a criminal knows what area you’re traveling to, they can rack up purchases in that location while your credit card company won’t flag them as suspicious – they are expecting unusual activity in the region because of your advanced notice of vacation. Cyber criminals might also target your friends and family, pretending to be you and claiming that you’re in serious trouble on vacation and need to be wired money in order to get home safely. Save the vacation photos and updates until after you’re back home.

Sharing isn’t always caring. More and more consumers are using sharing economy services to find a great place to stay or to get from one place to another. These marketplaces depend on community trust and safety and that’s why leading providers such as Airbnb, Shuddle, and Turo (formerly RelayRides), among others make security a top priority. Make sure only to do business with sharing economy companies that take trust and safety seriously and implement measures for both buyers and sellers. One such example is Airbnb’s Verified ID program which, among other measures, uses Jumio’s technology to authenticate the IDs of new customers whether host or renter. Also, make sure any drivers/hosts you encounter match the picture and name given to you by the company. Finally, exercise caution when renting out your own place. Only use services that provide several levels of security to verify that the person on the other end of the screen is who they claim to be, reducing the risk of theft or damages while you’re away.

Business Trends:

ID verification must become more consumer friendly in online and mobile environments. With the amount of large-scale data breaches seen across a variety of industries in the past year, there’s a wealth of personal information cyber criminals can easily exploit to steal identities. To address this concern, businesses and organizations have increasingly added ID authentication to their processes, including the IRS, who’s incorporating this layer of security to prevent criminals from using stolen identities and protect next year’s tax returns from fraud. If you’re a company that’s verifying identification to complete a process, such as opening a financial account, make sure the experience is user-friendly. Tedious authentication processes, such as faxing documents or knowledge-based authentication quizzes, are too time consuming for today’s fast moving consumers. The new approach to solving this problem uses the consumer’s device camera to capture and authenticate their actual ID, be it driver license or passport, in a process that’s seamlessly integrated into your app or website. This ensures that the consumers you’re transacting with are who they say they are, while also maintaining speed and efficiency. This not only helps businesses save time and money compared to traditional methods, but also delivers their customers a better overall user experience.

2nd factor authentication gains greater traction. While 2nd factor authentication (the process of adding a second layer of protection such as SMS or a pin to your basic log-in) is not new, it’s becoming more commonplace and being adopted by larger businesses to increase security among both their employees and customers. Many establishments realize relying on username and password alone isn’t enough. Last fall, one major Wall Street bank’s data breach serves as a reminder that large-scale data breaches can be caused by cyber criminals taking advantage of systems that don’t have an extra means of authentication in place. In this instance, the problem was sourced to the exploitation of log-in credentials that were used to gain access to the wider system. Most recently, Amazon has added the option of 2nd factor authentication to its sign-in process, becoming one of the first major retailers to offer this service to customers. Whether it’s passcodes, biometrics, ID verification scanning, or facial recognition, businesses have a number of options that can be added without that greatly improve security with modest impact on the consumer experience.

Password reset is a security vulnerability that is being exploited on an increasing basis. Security around password retrieval has historically been weak: when a consumer forgets their password, they can easily reset it with a temporary password or a link sent to their email. But, often times a cyber criminal is at the receiving end of that inbox and will takeover an unassuming consumer’s account. Businesses are starting to take notice and adopt additional measures to protect consumers from cyber criminals exploiting this vulnerability. To combat this, major online services have been adding identity verification methods to validate the user before ever sending a link to reset their log-ins.

It’s up to businesses to educate and take extra precautions to protect not only their customers, but also themselves, just as consumers should only do business with trusted retailers that display adequate security measures. Just a few simple steps can provide those essential additional layers of protection during the busy holiday retail surge.


About Jumio
Jumio is a leading identity authentication company that helps businesses reduce fraud and increase revenue while providing a fast, seamless customer experience. The company utilizes proprietary computer vision technology to reduce customer sign-up and checkout friction and verify credentials issued from over 130 countries in real-time web and mobile transactions. Jumio’s products are leveraged by a wide range of clients; from the leading internet companies to start-ups, Fortune 500 and FTSE 350 organizations in the financial services, sharing economy, retail, travel and online gaming sectors. Jumio is backed by top tier investors including Andreessen Horowitz, Citi Ventures and Facebook Co-Founder Eduardo Saverin. Headquartered in Palo Alto, California, Jumio operates globally, with offices in the US and Europe, and has been the recipient of numerous awards for innovation from leading industry associations.