PaymentsJournal
SUBSCRIBE
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
No Result
View All Result

The Equifax Breach: Scary for Consumers, Business as Usual for Merchants

Ephraim Rinsky by Ephraim Rinsky
September 29, 2017
in Industry Opinions
0
Another Love-Hate Merchant-Credit Card Fight Advances - PaymentsJournal

Card payment with chip and pin machine in shop

1
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

PII (Personally Identifying Information) of 140 million Americans potentially compromised! The information from more than 200 thousand credit cards stolen! The numbers from the Equifax breach are staggering and terrifying. Surely they’ll lead to rampant, immediate fraud, and eCommerce merchants should batten down the hatches.

Not quite. Despite the fear mongering, we urge eCommerce retailers to stay calm. Overreacting to this breach is likely to cause more problems than it solves.

While the scope of the fallout for individuals remains to be seen, we at Riskified believe the effects of the breach will be relatively minor for eCommerce merchants and fraud-review teams. At this point in time, we’re near the date where chargebacks from this period would have ‘matured,’ meaning that fraudulent purchases made with this stolen data would have been reported as chargebacks, and we would be feeling the impact. But it isn’t happening. We are yet to see unusual rates of fraud for July and August. Even if we had observed an uptick in fraud, it’s doubtful that it would be due to the Equifax breach. Here’s why:

The hackers didn’t actually get much credit card data

 Two-hundred thousand might sound like a big number, but historically this is drop in the bucket. To put it in perspective: Target’s 2013 breach led to 41 million stolen credit cards. Home Depot’s breach in 2014 lost 50 – 60 million compromised cards.

This doesn’t mean individuals should breath a sigh of relief. For the affected card holders, this situation presents an inconvenience at best (calling their banks and replacing their cards) and a financial loss at worst (failing to report a fraudulent purchase). Some experts are even cautioning people to freeze their credit as a precaution.

But this breach is unlikely to change the fraud landscape for merchants. There were already plenty of stolen cards available for purchase on the dark web, and this doesn’t represent a particularly significant increase.

Even if Equifax’s very bad day increases the number of CNP attacks, review processes that were previously effective at detecting CNP fraud should perform just as well today. Changing your review process to be more risk averse is only likely to cause more problems – like turning away good customers.

Stolen PII and CNP fraud aren’t particularly correlated

 This is a big breach and a serious amount of data, but it isn’t likely to lead to CNP fraud. Insurance companies, banks, credit card companies and more should all be on alert. With this data, fraudsters may be able to steal identities and open accounts, but that’s an important point: identity theft is a time- and effort-intensive type of fraud. Fraudsters who go to this trouble are after a big score, and stealing from your sneaker shop or online travel agency probably isn’t it.

In one more piece of reassuring news, Riskified was most concerned about merchants selling gold or digital gift cards after the breach, as they can be an early indicator. We work with a number of merchants in those categories, and we haven’t seen anything to show that there’s been a spike in the rate of CNP fraud attacks.

Even when fraudsters get creative, merchants have recourse

 Some merchants have worried that information from the Equifax breach could be used to open new credit cards in somebody else’s name, or to change card details (like billing addresses) in order to fix mismatches that would otherwise be giveaways of fraud.

This is definitely a troubling thought. But, in practice, fraudsters would have a tough time pulling this off. For starters, banks are aware that PII is an increasingly unreliable way of verifying identity, and are leaning on more effective measures, like voice recognition.

But even if fraudsters are able to create phony cards, many existing systems should still catch them. Smart fraud-detection models look at much more than just the data on the card. Behavioral analytics, which measures how customers interact with a merchant’s site, can sniff out fraud without any credit card information. And machine learning and linking systems, like the ones Riskified uses, look across shops and weigh factors including how frequently a shopper has changed credit cards, how many credit cards are in a person’s name, distance between a new billing address and old, billing address match to directories such as Whitepages, IP address, proxy use and more.

It’s a scary story, but merchants needn’t be afraid. If what you were doing before was working, keep doing it. There will almost certainly be breaches in the future that more directly impact CNP fraud rates. We’ll cross that bridge when we come to it. Until then, keep selling.

Tags: Card Not PresentData BreachEquifaxFraud Risk and AnalyticsMerchants
1
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

    Analyst Coverage, Payments Data, and News Delivered Daily

    Sign up for the PaymentsJournal Newsletter to get exclusive insight and data from Mercator Advisory Group analysts and industry professionals.

    Must Reads

    item clearing

    As Check Volumes Decrease, Financial Institutions Need to Consider Alternative Clearing Options

    March 29, 2023
    payments friction

    Too Much Payments Friction Can Lead to Customer Chafing

    March 28, 2023
    online fraud

    Understanding the Cost of Online Fraud and How to Prevent It

    March 27, 2023
    live shopping, ebay

    Q&A: eBay Exec on Live Shopping and the Future of Payments

    March 24, 2023
    AI and Biometrics in Regulatory Compliance in Finance

    The Importance of AI and Biometrics in Regulatory Compliance in Finance

    March 23, 2023
    Everyone Benefits from the Real-Time Payment Networks  

    Everyone Benefits from the Real-Time Payment Networks  

    March 22, 2023
    commercial payments

    Optimizing Commercial Payments in the Digital Age

    March 21, 2023
    cross-border payments

    Cross-Border Payments: Fighting
    E-Commerce Fraud Using Data

    March 20, 2023

    Linkedin-in Twitter

    Advertise With Us | About Us | Terms of Use | Privacy Policy | Subscribe
    ©2023 PaymentsJournal.com

    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    Menu
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    • Industry Opinions
    • Recent News
    • Resources
    Menu
    • Industry Opinions
    • Recent News
    • Resources
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Industry Opinions
    • Faster Payments
    • News
    • Jobs
    • Events
    No Result
    View All Result

      Register to download the Ekata eBook