What retailers need to know in the wake of the Equifax breach
By Jason Tan, CEO of Sift Science
Online businesses everywhere are going to be dealing with the effects of the recent Equifax breach. It's a tough truth to swallow, but these large-scale data breaches have become a fact of life — and it's not just the breached business that pays the price. As fraudsters mine the valuable data that's been compromised, all ecommerce sites and financial institutions need to be on alert.
Keep an eye out for signs of account takeover
Last year, 48 percent of online businesses saw an increase in account takeover (ATO), according to aSift Science Fraud-Fighting Trendsreport. And the Equifax breach is likely to exacerbate this trend, potentially flooding the dark web with names, addresses, social security numbers, and other personal information that fraudsters can leverage to gain access to a legitimate user's account. They then make purchases with a stored payment method or drain value from the user's account.
Some of the signals that could point to an ATO:
- Login attempts from different devices and locations.
- Switching to older browsers and operating systems.
- Buying more than usual, or higher priced items.
- Changing settings, shipping address, or passwords.
- Multiple failed login attempts.
- Suspicious device configurations, like proxy or VPN setups.
Keep in mind that taken individually, each of these signs may be normal behavior for a particular user. It's only when you apply behavioral analysis on a large scale, looking at all of a user's activity and all activity of users across the network, that you can accurately detect ATO.
Monitor for fake accounts and synthetic identity fraud
Fraudsters can also take all of the different pieces of personal data leaked in the Equifax breach to steal someone's identity and create new accounts. They may also pick and choose pieces from various people's accounts — like a birthday, Social Security number, and name — and mix them together to create an entirely new ID.
To keep tabs on fake accounts, you can monitor new signups to look for risky patterns, like a sudden spike in new accounts that can't be attributed to a specific promotion or seasonal trend. If the average time it takes a new user to sign up suddenly gets much faster, that may point to fraudsters using a script to quickly create accounts. And seeing multiple new accounts coming from the same IP address or device is a red flag for a single person creating many accounts.
Stay focused on maintaining user trust
Even if a breach doesn't happen on your site, any downstream fraud attacks still happen on your watch. If you don't invest in protecting your users from the devastating effects of ATO, identity theft, and fraud, you will soon lose their trust. Trust is earned in drops, but lost in buckets.
At the same time, ecommerce businesses and financial institutions should make sure they aren't overly cautious to the point where they're rejecting good customers and denying legitimate accounts. Preventing fraud is a delicate balancing act, and the right technology — which looks at a range of data points to make an accurate prediction about what is and isn't fraudulent — can help you strike the right balance.