Data breaches have been dominating headlines recently--and with good reason.

A new identity fraud victim was hit every two seconds in America in 2013, with the number of victims climbing to 13.1 million over the year, according to Javelin Strategy & Research’s 2014 Identity Fraud Study. This is an uptick of more than 500,000 victims in 2012.

Just this week, the fallout of the breaches at both Target (TGT) and Neiman Marcus continued to unravel with corporate officials testifying on Capitol Hill and how many stores were hit.

Javelin’s report has been conducted for the past 11 years, and this report draws on responses from 5,634 consumers to identify the impacts of fraud nationwide.

While the number of victims increased year over year,  the amount of defrauded money decreased by $3 billion to $18 billion compared to 2012. Al Pascual of Javelin Strategy & Research, points to advancements in the financial industry that has made it better at detecting new instances of fraud is behind the drop in compromised funds as criminals have a harder time creating new fraudulent accounts.

“In 2012, we had a big spike in new fraud with a high average fraud amount,” he says. “But in 2013, that was pushed down with criminals shifting into existing card fraud.”

This shift means we will see more breaches like those that hit Target and Neiman, he adds. And as individuals continue migrating their financial lives online, identity thieves and scammers will focus more attention targeting online banks and payment sites like Paypal.

“They will go where the money is. The behavior we exhibit using passwords is exacerbating the issue as well.”

The more passwords a consumer has for different online accounts, the less likely they are to change them, he says, which is good news for scammers. Consumers with less than 10 online accounts usually use different passwords for each account. But when the amount of online accounts climbs higher to 20, the survey shows people are more likely to use the same password for multiple accounts.

“This is driving a lot of fraud diversification,” he says. The study finds fraudsters are increasingly turning to eBay (EBAY), Amazon (NASDAQ: AMZN) and Paypal with stolen information to make purchases.

One in every three people who is notified of being a potential fraud victim becomes one, Javelin reports, with 46% of consumers who had cards breached becoming fraud victims that same year. This is up from one in four in 2012.

Account takeovers to commit fraud have hit a record in incidence, with 28% of fraud losses.

While it’s clear identity scams and data breaches are on the rise, the financial industry is scrambling to figure out how to better protect consumers.  

There’s been much talk of bringing chip-based, or EMV cards to the U.S., but little action from major banks and retailers, likely because of the cost associated with installing terminals to read the cards.

Pascual says change is clearly necessary, and expects a major shift over the next five years.

“Consumers pay the bill—we suffer the fraud, pay increased costs. But we still need to depend on businesses to make the changes for us,” he says. “The checkout counter is really a crap shoot, it’s become Russian roulette. You have no idea if that retailer has been breached.”

More cooperation between the financial industry and retailers will be necessary to spark change.

“They are really antagonistic toward one another and I don’t expect them to be holding hands and singing ‘Kumbaya’ anytime soon,” Pascual says. “We need time. And pressure from Capitol Hill.”

Follow Kate Rogers on Twitter at @KateRogersNews