The ripple effect of consumer data breaches
The number of those affected by high-profile consumer data breaches in the past few years is staggering; 50 million Facebook users were stung in 2018, whilst British Airways revealed back in October 2018 that over 185,000 passengers may have had data stolen in a breach. Itโs evident that hackers are becoming more and more sophisticated and are now able to steal data at an alarming pace.
As hackersโ skills strengthen, it seems no one is safe. Even companies that pride themselves on cyber security are at risk: take the Equifax data breach in 2017 for example which affected approximately 148 million people. Worryingly, those that are trusted with the most sensitive data are just as vulnerable.
Within the retail space, the repercussions of consumer data breaches are just as far-reaching and with e-commerce fraud reportedly up 30%, itโs time for retailers to pay attention to the bigger picture. One attack on a single retailer negatively impacts all merchants in one way or another โ they are all victims. Itโs tempting for retailers to breathe a sigh of relief when a data breach happens to somebody elseโs business, but theyโre mistaken because stolen data is everybodyโs problem. The original breach has a long-lasting ripple effect across the business landscape.
The knock-on effect of one data breach is astounding. Stolen information quickly finds its way to the Dark Web where fraudsters buy credit card details, email addresses and passwords at the click of a mouse, and a surge of fraudulent activity ensues.
Credit card numbers can be used to purchase goods online using an unsuspecting consumersโ details and further retailers are stung as the consumer eventually becomes aware of the fraudulent transaction and files a chargeback to recoup their money. Beyond that, the relationship between retailer and customer is severely damaged, sometimes beyond repair.
When stolen names and email addresses are purchased on the Dark Web, fraudsters are all set to go phishing. They can send a well-crafted and familiar email that appears to be from where the consumer does business. The email directs the consumer to a fake site, where the consumer enters their details and unwittingly grants the fraudster full access to their account. Again, the original breach impacts more retailers.
When it comes to leaked passwords, cyber criminals can not only takeover the consumerโs account on the original site that was breached but they are likely to also have access to the consumersโ other accounts. Itโs a well-known fact that consumers tend to use the same password over a multiple of sites โ in fact, a recent Signifyd consumer survey found that more than half of consumers use the same login information for multiple retailer accounts, which increases their vulnerability of account takeover.
Account takeover is difficult to detect and therefore one of the most malicious and fast-growing forms of fraud. When a fraudster takes control of a consumerโs account and goes on a shopping spree, it often looks completely legitimate.
Finally, criminals who have pilfered names and addresses are able to steal identities and open credit accounts with retail sites. This fraudulent activity is extremely difficult for retailers to detect as it simply appears to be a real customer in good standing who is then offered a credit line that he or she never has to pay back.
You may wonder how these hypothetical scenarios play out in the real world but Business Insider highlighted the scale of the issue when they reported that over 80% of people logging into retailersโ e-commerce sites are hackers using stolen information. So, what can retailers do?
Vigilance will help, of course. Whether itโs employing more people to review orders for fraud or by turning to technology to identify fraudulent activity. However, itโs not enough to review anti-fraud strategy and consider it job done. Hackers are becoming more sophisticated daily and anti-fraud measures therefore need to adapt and match the criminalsโ pace. Retailers may think theyโve won the war against cyber fraud but really, itโs an ongoing battle.
Itโs clear that data breaches have a widespread impact and retailers canโt rest on their laurels; they need to prioritise the constant improvement of fraud protection and view it as an investment for customer experience. Research by Signifyd found that consumers blame retailers for data breaches and fraudulent charges on their accounts, regardless of where the fault truly lies. Consumers are now more unforgiving and the old adage โthe customer is always rightโ has never been more pertinent.
Itโs up to retailers to better protect themselves and learn from othersโ mistakes. Itโs not just about protecting the data – which of course is essential โ itโs also about understanding the ripple effect that data breaches have on the fraud threat facing every retailer, and how that threat affects consumer sentiment long after a breach has occurred.
By Stefan Nandzik, vice president of corporate communications at Signifyd