From credit card processing to mobile payment technology, consumers these days have a variety of ways in which to pay for products and services. At the same time, these eclectic purchase methods offer cybercriminals numerous opportunities to steal identities, and in 2017, the crime reached an all-time high, according to the results of a recent study.

Approximately 16.7 million Americans were victimized by fraudsters last year, based on newly released figures from Javelin Strategy & Research. That's the largest number of individuals affected by identity theft since 2003, when the San Francisco research and advisory firm first started recording the statistic.

"Identity theft incidents rose in 2017."

It's not as if business owners aren't aware of the threat posed to themselves and to their clientele. Companies have invested millions of dollars into mounting a successful defense against data hacking. However, those seeking to steal sensitive data are constantly refining their strategies in a bid to outmaneuver the obstacles that lie in their path. Unfortunately, they frequently succeeded in 2017, impacting 1.3 million more U.S. consumers last year than during 2016, the report found.

Al Pascual, Javelin senior vice president of research and point person for fraud and security, indicated that last year was a period that con artists will want to mimic in 2018.

"2017 was a runaway year for fraudsters, and with the amount of valid information they have on consumers, their attacks are just getting more complex," Pascual explained. "Fraudsters are growing more sophisticated in response to industry's efforts to implement better security."

Defenses used frequently insufficient
It may be that the cybersecurity steps business owners are taking aren't quite cutting it, even though they may seem sufficient at first blush. In a survey the Ponemon Institute conducted and IBM sponsored, nearly 8 in 10 organizations felt like the cyberdefensive strategies they'd implemented in the past year made them more resistant to being preyed upon by data thieves. Yet at the same time, more than three-quarters conceded they didn't have a formal cyber incident response program set up. Additionally, close to 50 percent said their cybersecurity plans were run-of-the-mill regular or so ad-hoc as to be tantamount to nothing. 

Ted Julian, IBM vice president of product management, said organizations' belief they're better off today than they were last year may stem from people they've hired who specialize in cybersecurity.

"Roughly 30% of data breaches in 2017 affected credit cards."

Social Security numbers in hackers' crosshairs
The ubiquity with which credit cards are used – in person and online – serves as fertile ground for cybercriminals to strike, which may explain why roughly a third of all consumer data breaches are credit card related, the report found. In 2017, however, more people had their Social Security numbers stolen than their credit cards, impacting 35 percent of respondents in the Javelin Strategy & Research analysis.

David Wagner, chief executive officer for email data protection and detection firm Zix, said hackers exploit any and every opening they can, whether it's directed at consumers or business entities.

"Companies need to re-evaluate and prioritize the security of data that is most critical to their success and growth, whether it be intellectual property they're storing in the network or confidential corporate information they're communicating in email," Wagner told Due, an online invoicing platform.

Wagner added that as important as reliable credit card processing software and other security technologies may be, it can't be the only method by which companies shore up their defenses.  Businesses must also more regularly and thoroughly review their "corporate governance structure," which when done on a more consistent basis, can provide clarity on what security strategies are working and which could use added reinforcement. As far as software is concerned, it's crucial to keep the mechanisms in place up to date, so push notifications informing users of security upgrades should be prioritized as soon as they make themselves known.