The Clearsale Blog

What Retailers Should Know About the Equifax Breach

What Retailers Should Know About the Equifax Breach

Earlier this year, credit reporting agency Equifax failed to implement a security update after being made aware of a security flaw in a tool for building web applications. Approximately two months later, an estimated 143 million Americans had sensitive personal data exposed in a data breach.

Among the sensitive data stolen were more than 209,000 credit card numbers that are now making their way to the dark web and the e-commerce marketplace. Besides wondering if their personal data was exposed, e-commerce retailers are also asking how this breach may affect their business and what steps they can take to minimize their fraud risk.

The Potential Impact of the Equifax Breach on e-Commerce Retailers

Some experts are warning e-retailers to prepare for an imminent surge in fraudulent transactions as fraudsters try to maximize purchases before consumers freeze their accounts. Other professionals suggest the cybercriminals buying this sensitive data will wait until the dust settles before they start testing the credit cards, first with small purchases and then with larger transaction values.

Regardless of which scenario proves correct, the threat is the same: Eager fraudsters looking to transform personal data into merchandise and then selling those goods for cash on the resale market opens individuals — and merchants — up to significant financial risks.

It’s no surprise that the more personally identifiable information cybercriminals have access to, the more financial damage they can do. The value of just a credit card number on the dark web is estimated to be $5; that number plus a bank ID and date of birth can raise the asking price to $15. This Equifax breach exposed significant amounts of valuable data, making each individual’s data worth $30 or more on the dark web. And those who purchase this comprehensive “Fullzinfo” stolen data find themselves with the “crown jewels” of identification: Social Security numbers, names, addresses and driver’s license numbers.

With this data, fraudsters can easily create complete — and genuine-looking — identities. These new identities are so legitimate-looking that they easily bypass traditional fraud prevention methods and can be used during an attack on an e-commerce merchant. Because nothing about these transactions raises suspicion, merchants won’t realize they’ve been scammed until the rightful owner of the data files expensive, damaging chargebacks against the retailer.

Is a Fraud Managed Services Solution Right for Your Business?

What e-Commerce Merchants Can Do to Mitigate Their Fraud Risk

While stolen credit card and sensitive personal data have long been — and will continue to be — available on the dark web, merchants must take steps like these to protect their business and their customers.

  • Confirm service providers (like shopping carts and fraud protection solutions) comply with current security certifications and regulatory standards.
  • Implement solutions that improve the accuracy of identifying fraudulent transactions, reducing the risk of false declines. Merchants shouldn’t try to eliminate risk completely; merchants who attempt to do so often alienate legitimate customers through increased false decline rates.
  • Use dynamic data to make transactional decisions. It’s challenging to differentiate between a savvy fraudster and a customer with an extensive shopping history. Simple solutions like CVV numbers are no longer enough on their own to determine the legitimacy of a transaction when the fraudster has such comprehensive access to personal data. Merchants should consider a solution that can research the customer’s account history and online presence and use behavioral analytics to make transactional decisions.
  • Adopt a process that uses artificial intelligence to review orders, freeing staff’s valuable time for the manual review of flagged transactions.
  • Ignore transaction values. Fraudsters don’t always immediately go for high-value merchandise. Expect them to first attempt low-dollar-amount transactions to test the validity of the credit card. If they have a “live” card, fraudsters will generally begin purchasing items that can be quickly and easily sold in the resale market at close to the purchase price.
  • Select a fraud protection solution that offers a 100% guarantee for approved transactions that end up being fraudulent and result in chargebacks.

As fraud becomes a growing business of its own, customers’ sensitive data continues to be regularly compromised. Choosing the right protection solution today to minimize your fraud risk will get you back to growing your business and developing customer relationships, not worrying about the fallout from the next data breach (and there will be a next one). Talk with a ClearSale credit card fraud analyst today to learn how our multilayered solution is a smart, effective approach to protecting against card-not-present fraud.

Nova call-to-action

You may also like

Retailers have got COVID-19 problems, but fraud shouldn’t be one

Retailers have got COVID-19 problems, but fraud shouldn’t be one

Earlier this year, credit reporting agency Equifax failed to implement a security update after being made aware of a security flaw in a tool for building web applications. Approximately two months..

Headless Commerce: What, Why and How

Headless Commerce: What, Why and How

Earlier this year, credit reporting agency Equifax failed to implement a security update after being made aware of a security flaw in a tool for building web applications. Approximately two months..

How Machine Learning Can Improve Fraud Risk Assessment

How Machine Learning Can Improve Fraud Risk Assessment

Earlier this year, credit reporting agency Equifax failed to implement a security update after being made aware of a security flaw in a tool for building web applications. Approximately two months..

CLEARSALE ON ECOMMERCE FRAUD & COVID-19

CLEARSALE ON ECOMMERCE FRAUD & COVID-19

Earlier this year, credit reporting agency Equifax failed to implement a security update after being made aware of a security flaw in a tool for building web applications. Approximately two months..

Why M&A Due Diligence Should Include Cybersecurity and Fraud Prevention

Why M&A Due Diligence Should Include Cybersecurity and Fraud Prevention

Earlier this year, credit reporting agency Equifax failed to implement a security update after being made aware of a security flaw in a tool for building web applications. Approximately two months..

Country Profile: The Guide to E-Commerce in Mexico

Country Profile: The Guide to E-Commerce in Mexico

Earlier this year, credit reporting agency Equifax failed to implement a security update after being made aware of a security flaw in a tool for building web applications. Approximately two months..

4 Reasons to Move Your Brick-and-Mortar Business Online

4 Reasons to Move Your Brick-and-Mortar Business Online

Earlier this year, credit reporting agency Equifax failed to implement a security update after being made aware of a security flaw in a tool for building web applications. Approximately two months..

How to Optimize Your Google Product Feed

How to Optimize Your Google Product Feed

Earlier this year, credit reporting agency Equifax failed to implement a security update after being made aware of a security flaw in a tool for building web applications. Approximately two months..

Why Ad Fraud Is a Bigger Threat Than We Thought

Why Ad Fraud Is a Bigger Threat Than We Thought

Earlier this year, credit reporting agency Equifax failed to implement a security update after being made aware of a security flaw in a tool for building web applications. Approximately two months..

Want to write
for our blog?

Please review our writers' guidelines
https://www2.clear.sale/press/clearsale-guest-blog-guidelines
and then email guestwriter@clear.sale with your pitch!

Subscribe to our blog