Kount LogoBLog Against FraudKount Logo

Is Your eCommerce Fraud Prevention in Shape for This Summer’s “Breach Party”?

posted on: Wed Jun 01 2016

Is Your eCommerce Fraud Prevention in Shape for This Summer’s “Breach Party”?High-profile breaches continued to flare up in the first part of 2016, likely exposing eCommerce merchants to higher levels of card-not-present fraud this summer:

  • Trump Hotel Collection. Republican presidential candidate Donald Trump’s luxury properties have apparently had a breach of their credit card systems. Again.
  • Hyatt. The hospitality chain said a card breach hit 250 of their Hyatt hotels in 50 countries around the world.
  • Verizon Enterprise Solutions. According to Krebs on Security, the contact information of 1.5 million Verizon Enterprise customers was posted for sale on a hacker marketplace. Ironically, this is the unit of Verizon that helps companies respond to data breaches.
  • Wendy’s. It’s early in the Breach Bingo process, so we don’t know the full extent of the breach at the fast-food chain. But right now, Wendy’s is saying systems at least 300 stores out of 6,500 appear to have been compromised.
  • Noodles & Company. Third party investigators are evaluating reports that some of the restaurant chain’s locations suffered credit card breaches.
  • Equifax Inc. Hackers stole tax and salary info (i.e., Social Security numbers, email addresses, etc.) of Kroger employees. No word yet just how many of the 431,000 employees are affected.
  • Steam. The online video game platform admitted that 77,000 of its gamer accounts are hacked every month. That’s nearly 1 million accounts a year for those of you scoring at home.
  • Government. Sixty-five percent of federal security execs surveyed in a new report say that the government is unable to detect ongoing cyber attacks. So that could mean anywhere from none to 300 million potentially-breached government accounts.
  • LinkedIn. Turns out the 2012 breach that “only” exposed 6.5 million LinkedIn passwords was more like 117 million accounts (only off by 1800%!) and that more than just LinkedIn accounts may be at risk.

All these breaches point to a long, hot summer of higher eCommerce fraud:

  • 29.1% of eCommerce merchants reported that fraud increases following major data breaches.
  • Juniper Research says cybercriminals will move to card-not-present (CNP) transactions with focus on ecommerce, pushing online transaction fraud to $25.6 billion by 2020.

What do you need to do in the next 30 days to get your fraud prevention in shape for this summer's “breach party”?

  1. Make sure you’re using solutions with proven technologies like Device ID/Fingerprinting, Geo-location, Velocity Checks, and AI/Machine Intelligence as a first line of defense. These tools – applied in an automated fashion – screen out most fraudsters quickly and easily.
  2. Capitalize on solutions that provide easy-to-use workflow management and real-time decisioning capabilities to reduce manual reviews so you don’t get overwhelmed and lose orders due to delays caused by manual screening.
  3. Consider on-demand fraud prevention solutions that let you scale rapidly and cost-effectively in response to “fraud surges” without incurring the costly, long-term IT expense associated with DIY solutions (hardware capital expense, software/integration services, support/maintenance contracts, headcount, etc.).
  4. Don’t forget mobile. Mobile is the fastest growing channel in eCommerce, especially for key segments like apparel & accessories, automotive, electronics, and food & beverage. At the same time, mobile is up to 2X more likely to involve fraud. Make sure you have key mobile fraud prevention capabilities in place, like Device ID/Recognition, “True” Geo-location and more.

Mobile Payments & Fraud: 2016 Report