The Clearsale Blog

The Capital One Breach and Account Takeover Fraud: What Merchants Must Know

The Capital One Breach and Account Takeover Fraud: What Merchants Must Know

Another day, another security breach. This time the target was Capital One, one of the largest banks in the United States. The immediate victims were more than 106 million customers in the United States and Canada.

Most articles about this security breach focus on what consumers must do to protect their data in light of the breach. Very few address what these breaches mean for e-commerce merchants. Notably, one of the biggest issues with this breach is the dramatically higher amount of consumer data now available on the dark net.


With this new information available for easy purchase by fraudsters, e-commerce retailers must be more alert than ever to the signs and risks of account takeover fraud.

Here’s what merchants need to know about the latest breach and how they can protect themselves against the account takeover attacks that are likely to follow.

What Happened With Capital One?

In July 2019, 106 million Capital One customers in the United States and Canada were the victims of a massive data breach that compromised their Social Security numbers, credit scores and limits, payment history, credit card transaction data, and other personal information. While the breach likely occurred as early as mid-March, it wasn’t discovered until July 19.

The hacker allegedly gained unauthorized access to a cloud-based server and accessed personal data on not just Capital One credit card holders, but also anyone who had applied for any of the bank’s products. While Capital One said it was unlikely the stolen data was used for fraudulent purposes, the company is still offering free credit monitoring and identity protection to those affected by the breach.

When data breaches occur, account takeover fraud is almost certain to follow. For example, after Equifax announced the compromise of more than 143 million records in September 2017, there was an almost immediate 53% increase in account takeover fraud.

What Is Account Takeover Fraud?

Account takeover fraud occurs when a fraudster uses pieces of a victim’s identity, like their Social Security number or email address, to access and take over the victim’s account. While checking and savings accounts are often most at risk, fraudsters can also compromise online shopping, brokerage and loyalty accounts.

Unfortunately, it’s becoming easier than ever for fraudsters to get that sensitive information using methods such as:

  • Data breaches. Each breach gives hackers a virtually unlimited supply of personal information — including names, credit card and account numbers, and usernames and passwords — to compromise.
  • Unsecured wireless networks. Considering logging on to unsecured Wi-Fi? Fraudsters can capture their victim’s keystrokes as they log in to sensitive accounts.
  • Social engineering. Have you ever completed a Facebook questionnaire one of your friends posted? Customers may unwittingly share password-specific information — like their elementary school, hometown and best friend’s name — as they answer these questions. Hackers can use these details to answer the knowledge-based authentication questions required for changing account data.

Once hackers have the data they need, they’re free to change phone numbers, email addresses and other key account data, which effectively locks a customer out of their own account. That means these unsuspecting customers are often in the dark about how their bank accounts are being drained or new credit cards are being opened in their name.

How Merchants Can Prevent Account Takeover Fraud

But customers aren’t the only victims of account takeover. Online merchants can also be negatively affected by account takeover through increased false declines, additional checkout friction, and damage to brand reputation.

In all, account takeover fraud cost merchants and customers an estimated $5.1 billion worldwide in 2018, a 120% increase from 2017. It’s therefore critical that merchants implement new ways of protecting themselves and their customers. While no precaution is 100% foolproof, here are a few ways merchants can reduce their risk of being a victim.

Encourage Password Security

Help shoppers set up secure passwords on your website by allowing only passwords that use a combination of upper- and lowercase letters, numbers, and special characters. Just as important, encourage shoppers to use a unique password for each of their accounts and change them regularly. Hackers are less likely to be successful at compromising accounts if a customer is regularly changing passwords and not using the same one for each of their accounts.

Add Multifactor Authorization

Merchants can also offer multifactor authorization for customer accounts and encourage customers to use it. If they do, even if a hacker has the password to access a customer’s account, the hacker still needs full access to the customer’s mobile device or email to get the second code.

Be Cautious With Stored Payment Methods

While storing payment data can simplify the customer experience, it also puts customers at increased risk if your e-commerce website is compromised. Add security measures that require customers to re-enter credit card information if your system notices any changes to passwords, devices or browsers, or shipping or billing information.

Implement a Robust Fraud Prevention Program

When merchants have a plan in place to thoroughly screen transactions, they’ll be better able to not only prevent fraud losses but to also reduce false declines.

A fraud prevention solution that uses a variety of order-screening tools, is customized to the fraud profile of each sales channel, and combines human analysis and artificial intelligence can help catch fraudulent transactions before they’re processed.  By manually reviewing all suspicious orders instead of relying on automatic rejections, merchants can avoid high false decline rates and uncover account takeover fraud attempts.

A managed services solution may be just the approach your business needs to take to protect against the costly losses associated with account takeover fraud. Download our free eBook, “Is a Fraud Managed Services Solution Right for Your Business,” to learn more. If you still have questions after reading it, just contact one of ClearSale’s fraud experts. They’ll be happy to help you explore your options.

Is a Fraud Managed Services Solution Right for Your Business?

You may also like

[Industry Focus] Fraud Risk Profile for Nutraceutical and Drug Retailers

[Industry Focus] Fraud Risk Profile for Nutraceutical and Drug Retailers

As people become more conscious of what they’re putting into their bodies, there’s been an increased demand for high-quality supplements and healthful food and beverages. The result has been a..

3 Ways Tech Can Benefit Remote Teams

3 Ways Tech Can Benefit Remote Teams

Ecommerce businesses are used to an ever-evolving digital connection between them and their customers. But 2020’s COVID-19 pandemic has resulted in that digital connection making its way into the..

Shopping Habits by Gender: What’s Changed in 2020

Shopping Habits by Gender: What’s Changed in 2020

Do men hate shopping online? Are women more worried about fraud?

How Management Should Contribute to Fraud Protection

How Management Should Contribute to Fraud Protection

As companies grow, management often delegates business-critical tasks—marketing, technology, fraud prevention—to different departments. While it might seem to be an efficient way to get things..

“I Don’t Need Fraud Protection — My Business Isn’t at Risk!”

“I Don’t Need Fraud Protection — My Business Isn’t at Risk!”

As an e-commerce merchant, you know the risk of fraud, false declines and chargebacks. But maybe you think it won’t happen to you because you’re a relatively new — or small — e-commerce merchant,..

How Backtesting Can Improve Fraud Prevention

How Backtesting Can Improve Fraud Prevention

They say hindsight is 20/20, and that’s especially true for e-commerce merchants looking to increase their approval rates and decrease fraudulent transactions. It’s easy to look back at..

Is Fraud Risk Scaring You Away From International Shipping?

Is Fraud Risk Scaring You Away From International Shipping?

With cross-border shopping estimated to make up 20% of e-commerce in 2022, many merchants are right to consider expanding into other countries. So what’s stopping them from pulling the trigger?

Preparing Your E-Commerce Store for the Holiday Season

Preparing Your E-Commerce Store for the Holiday Season

It might still be summer on the calendar, but the holiday shopping season is just around the corner.  Are you ready?

Impact Analysis: Declined Transactions vs. Fraudulent Transactions

Impact Analysis: Declined Transactions vs. Fraudulent Transactions

Selling products and services online offers great opportunities for merchants, but it’s not without risk. Savvy cybercriminals use stolen personal data to defraud merchants, and sometimes, a..

Want to write
for our blog?

Please review our writers' guidelines
https://www2.clear.sale/press/clearsale-guest-blog-guidelines
and then email guestwriter@clear.sale with your pitch!

Subscribe to our blog