September 8, 2017
Mike Cassidy
Mike is lead storyteller at Signifyd. A former journalist, he covers e-commerce and the way automation is changing digital commerce. He's a retail geek. And, as a White Sox fan, he's resilient.

How to Avoid E-commerce Fraud in the Wake of the Equifax Breach

The numbers that tell the story of Equifax’s data breach are beyond stunning, but the nauseating truth is that the figures tell only the beginning of the story:

  • As many as 143 million Americans’ Social Security numbers, birth dates and home addresses stolen, according to the company.
  • Nearly 210,000 credit card numbers snatched by hackers who now possess the crown jewels of e-commerce fraud.

And that’s where the next chapter starts. As consumers race to shore up protection of their personal accounts after news of the breach broke this week, e-commerce retailers will be bracing for a surge in fraudulent orders powered by the gusher of information released by the latest mega-breach.

“These guys never sleep,” Signfyd’s Vice President of Risk Products Vahe Amirbekian said of the networks of data thieves and fraudsters thriving in the information age. “If they could steal from Equifax, and we can assume that Equifax did a lot to protect the data, then that testifies once again to the level of persistence and sophistication of the guys you’re dealing with.”

Indeed, among the many reasons that the Equifax breach was so mind-boggling is the fact that the company itself is in the business of confirming the true identities of consumers seeking credit. If ever there were a central repository of all that is known about anyone, Equifax and its competing credit bureaus, are it.

Think about it: 143 million Social Security numbers. If every resident of the United States had a Social Security number, that would mean that the criminals behind the Equifax breach now have 44 percent of the country’s numbers.

Fraudsters now have access to enough credit card accounts to give one to every resident of Rochester, N.Y. And merchants who sell online can expect to be hearing from many of them soon, if they haven’t already.

“There will be a wave of fraudulent transactions using these credit cards,” says Amirbekian, who’s worked for years in risk and e-commerce fraud prevention, including at eBay and PayPal. “If you stole a credit card, your clock is ticking. You want to use it as soon as possible. You don’t want to sit on it. The longer you sit on it, the less valuable it becomes.”

And while the prospect of an increase in e-commerce fraud  is enough to keep online merchants up at night, Amirbekian points out that the e-commerce fraud prevention steps retailers need to take are no different from what they should have be doing all along. In a sense, just as an earthquake prompts Californians to assemble the earthquake kits they should have assembled long ago, a data attack, like the one this week, should prompt merchants to redouble their vigilance.

“This is yet another reminder that fraud is a professional business,” he says. “It is becoming increasingly hard, if not untenable, for individual merchants to stay on top of things, because you’re dealing with professional fraud rings. Fraud is not about to go away.”

Fraud, of course, is already big business. In the first quarter of the year alone, merchants lost $48.2 billion to e-commerce fraud in the eight industry segments that Signifyd and PYMNTS.com studied in the Global Fraud Index.

The specter of fraud further constricts profits for merchants by prompting them to decline orders that look suspicious, but in reality have been placed by legitimate customers.

5 tips on how to prevent e-commerce fraud after the Equifax data breach

So, what to do? First, take a look the list of tips accompanying this post. And yes, be more vigilant. Don’t be fooled by the order value. Fraudsters won’t necessarily go for high-priced items, certainly not initially, when they are testing the viability of their newly stolen credit accounts.

And to underscore Amirbekian’s point, remember that this is not kids’ stuff. Those who traffic in stolen financial information and work full-time at defrauding merchants are as serious as they are sophisticated. They work in adjacent and interdependent industries, Amirbekian explains.

“The people who stole these accounts, will probably not use the cards themselves,” he says. “They probably will sell it. Credit cards will surface on the black market and they will be used by some other rings specializing in monetization of stolen cards.”

Indeed, Digital Shadows earlier this summer published “Inside Online Carding Courses Designed for Cybercriminals,” a report detailing courses for cyber-crooks and pointing to hundreds of sites that sell stolen credit card information and other vendors that provide tools to help validate the cards.

“You have to just tackle this whether you want to or not,” Amirbekian says of the ongoing fraud assault. “It requires constant attention, deep expertise and systematic counter-measures.” 

After all, deep expertise is exactly what the fraudsters have developed.

Photo by iStock.

Mike Cassidy is Signifyd’s lead storyteller. Contact him at mike.cassidy@signifyd.com; follow him on Twitter at @mikecassidy.

 

 

Sales Questions

Contact us and our sales team will respond shortly.

×

Eliminate fraud and accept more orders with Signifyd

Accept more orders with Signifyd's 100% financial guarantee against fraud. Get started today.

×

Request Your Free Trial

Please enter your contact information below.

×

Contact Us

Submit this form to learn more about our partner program.

×

Guaranteed Fraud Protection

Protect Your Orders with a 100% Financial Guarantee from Signifyd.

×

Start your free 14-day trial

Install our app on Bigcommerce or Shopify to start your trial
On another platform? Request your free trial below:
Request Trial
×

Login

Enter your login info:

×

Signifyd’s Reimbursement Policy

What’s Covered

We cover chargebacks connected with fraud or unauthorized charges, often due to:

  • Stolen account information (account takeover)

  • Stolen financial information

What’s Not Covered

We do not cover chargebacks due to errors made by the merchant, card processor, or shipper, like:

  • Item not received, not as described, or defective/broken

  • Refund not processed

  • Duplicate charges

As long as the chargeback meets the above criteria, we'll cover it and reimburse the full chargeback amount, plus any associated fees.

×
×