The increase in card-not-present fraud was part of a general increase in fraud, reported Javelin.
"We've been measuring fraud for over a decade and this past year is very significant because we hit a record high as far as the number of victims of identity fraud," said Al Pascual, research director and head of fraud and security at Javelin Strategy & Research.
But there was some good news last year.
While total losses added up to $16 billion, an increase over last year's $15.3 billion, it was still down significantly from a peak of $22 billion in 2012. And the average loss per victim last year was just $1,035, down from $1,165 in 2015 and $1,727 in 2012.
Companies are getting better at protecting against fraud and in detecting it quickly when it does occur, he said, through use of analytics and notifications.
"We have more tools to bring to bear generally," he said.
But the total instances of fraud went up, particularly when it comes to account takeover and card-not-present fraud.
There were 15.4 million victims total last year in the U.S., 6.15 percent of the population, and an increase of 2 million from last year.
Account takeover fraud losses were up 61 percent from 2015, to $2.3 billion in 2016, and incidents rose by 31 percent.
Another area of growth was card-not-present fraud, which was up 40 percent. This was due to the 2015 liability shift, which has caused many merchants to switch to more secure, chip-based card readers at the point of sale.
Criminals with stolen credit card numbers, stymied by new security in physical stores, moved online.
"It's not as though we are getting better, and criminals stand still," Pascual said. "They're finding workarounds."
However, according to Visa, there has been no increase in card-not-present fraud.
"We're not seeing an increase in online only fraud," said Stephanie Ericksen, vice president of risk and authentication products at Visa International.
The credit card company released its own fraud report recently.
"There has been a lot of progress in helping prevent and drive down fraud in the card-not present space," she said. "Tokenization, data analytics, improved risk scores to deter fraud and prevent it -- that is something we made significant investment in and are moving forward to help companies implement them."
The difference between the two reports is because of the different methodologies used, said Visa spokesman Fabricio Migues.
Sign up for CIO Asia eNewsletters.