Identity-as-a-service firm Jumio released its annual look at identity fraud occurring between Black Friday and Cyber Monday (registration required for report download), and the results contain a major surprise: New account creation fraud during the busiest holiday shopping weekends is down when compared to 2018.

There are a number of things the drop during the holiday shopping season could mean, but regardless of when fraudulent accounts are being created one truth remains: Overall new account fraud has increased 28% since 2018, maintaining the steady increase Jumio has tracked since 2014 despite a Black Friday weekend drop.

SEE: How to become a cybersecurity pro: A cheat sheet (free PDF) (TechRepublic)

How new account creation fraud happens

New account creation fraud is classified as the creation of an account using someone else’s personal details.

New account creation fraud, along with “account takeovers and identity theft have all experienced double-digit increases in 2019,” which the report said could be due to the high number of large-scale data breaches that occurred in 2019.

Facebook, Verifications.io, Elasticsearch Cloud Storage, First American Financial, and others each leaked hundreds of millions of email addresses, passwords, and other forms of personally identifying information.

SEE: Macy’s holiday breach highlights retailer’s need for encryption and scrutiny of third-party systems (TechRepublic)

With all of the personal data finding its way to the dark web, it’s easy for cybercriminals to get ahold of the information they need to imitate someone else. To make matters worse, the report states, “traditional methods of identity verification, including credit bureau pings and knowledge-based verification, do not assess whether the person supplying the identity information is the actual person they are purporting to be.”

Emerging markets have been particularly hard hit by new account creation fraud, as have the cryptocurrency and online gaming/gambling industries.

What you can do to protect your personal data, and how businesses can prevent fraud

The average person that uses online services is, unfortunately, at the mercy of the cybersecurity habits of the companies that host their data. If your bank, favorite social media platform, online gaming network, or other service is hacked there isn’t much you can do to stop your personal data from being stolen.

Jumio does mention the growth of biometric identity verification that requires photographs, legitimate government issued IDs, and other non-knowledge based information. However, if your personal data is stolen, and a criminal uses it to create an account somewhere that only uses knowledge-based identity verification there isn’t much you can do to prevent it.

Also see: 8 tips for avoiding phishing, malware, scams, and hacks while holiday shopping online (TechRepublic)

“Many of the holiday fraud losses stem from fake accounts that are quietly and secretly created off-season, and then used during high-traffic days, where they can fly under the radar,” the report said. The onus is on businesses to protect their user’s data, and changing identity verification methods to require personal information other than knowledge is essential.

With more and more personal information available for sale in the dark corners of the internet, identity verification has to step up: The average person is at the mercy of the companies they do business with. Breaches can and will occur, which means the organizations where fraudulent accounts are registered is where the buck has to stop.

Shopping online with credit card for christmas holiday. Laptop with gifts on table on cyan blue background
Makidotvn, Getty Images/iStockphoto