Earlier this year, credit reporting agency Equifax failed to implement a security update after being made aware of a security flaw in a tool for building web applications. Approximately two months later, an estimated 143 million Americans had sensitive personal data exposed in a data breach.
Among the sensitive data stolen were more than 209,000 credit card numbers that are now making their way to the dark web and the e-commerce marketplace. Besides wondering if their personal data was exposed, e-commerce retailers are also asking how this breach may affect their business and what steps they can take to minimize their fraud risk.
The Potential Impact of the Equifax Breach on e-Commerce Retailers
Some experts are warning e-retailers to prepare for an imminent surge in fraudulent transactions as fraudsters try to maximize purchases before consumers freeze their accounts. Other professionals suggest the cybercriminals buying this sensitive data will wait until the dust settles before they start testing the credit cards, first with small purchases and then with larger transaction values.
Regardless of which scenario proves correct, the threat is the same: Eager fraudsters looking to transform personal data into merchandise and then selling those goods for cash on the resale market opens individuals — and merchants — up to significant financial risks.
It’s no surprise that the more personally identifiable information cybercriminals have access to, the more financial damage they can do. The value of just a credit card number on the dark web is estimated to be $5; that number plus a bank ID and date of birth can raise the asking price to $15. This Equifax breach exposed significant amounts of valuable data, making each individual’s data worth $30 or more on the dark web. And those who purchase this comprehensive “Fullzinfo” stolen data find themselves with the “crown jewels” of identification: Social Security numbers, names, addresses and driver’s license numbers.
With this data, fraudsters can easily create complete — and genuine-looking — identities. These new identities are so legitimate-looking that they easily bypass traditional fraud prevention methods and can be used during an attack on an e-commerce merchant. Because nothing about these transactions raises suspicion, merchants won’t realize they’ve been scammed until the rightful owner of the data files expensive, damaging chargebacks against the retailer.
What e-Commerce Merchants Can Do to Mitigate Their Fraud Risk
While stolen credit card and sensitive personal data have long been — and will continue to be — available on the dark web, merchants must take steps like these to protect their business and their customers.
- Confirm service providers (like shopping carts and fraud protection solutions) comply with current security certifications and regulatory standards.
- Implement solutions that improve the accuracy of identifying fraudulent transactions, reducing the risk of false declines. Merchants shouldn’t try to eliminate risk completely; merchants who attempt to do so often alienate legitimate customers through increased false decline rates.
- Use dynamic data to make transactional decisions. It’s challenging to differentiate between a savvy fraudster and a customer with an extensive shopping history. Simple solutions like CVV numbers are no longer enough on their own to determine the legitimacy of a transaction when the fraudster has such comprehensive access to personal data. Merchants should consider a solution that can research the customer’s account history and online presence and use behavioral analytics to make transactional decisions.
- Adopt a process that uses artificial intelligence to review orders, freeing staff’s valuable time for the manual review of flagged transactions.
- Ignore transaction values. Fraudsters don’t always immediately go for high-value merchandise. Expect them to first attempt low-dollar-amount transactions to test the validity of the credit card. If they have a “live” card, fraudsters will generally begin purchasing items that can be quickly and easily sold in the resale market at close to the purchase price.
- Select a fraud protection solution that offers a 100% guarantee for approved transactions that end up being fraudulent and result in chargebacks.
As fraud becomes a growing business of its own, customers’ sensitive data continues to be regularly compromised. Choosing the right protection solution today to minimize your fraud risk will get you back to growing your business and developing customer relationships, not worrying about the fallout from the next data breach (and there will be a next one). Talk with a ClearSale credit card fraud analyst today to learn how our multilayered solution is a smart, effective approach to protecting against card-not-present fraud.