Many consumers and businesses worry about online retailers and their security measures for payment and personal data, but the data breaches in 2016 also indicated that it is not always an online transaction that can involve fraud.
Here are some of the largest data breaches of 2016 that illustrate the threat of online fraud:
- The University of Central Florida had a data breach that affected approximately 63,000 current and former students, faculty, and staff and included Social Security numbers, first and last names, and student/employee ID numbers.
- The Internal Revenue Service discovered that over 700,000 American taxpayers had their personal information compromised through its “Get Transcript” system that was hacked by a Russian-based criminal operation
- Snapchat current and former employees, totaling 700, had sensitive information stolen that included names, Social Security numbers, and payroll data.
- 21stCentury Oncology admitted that up to 2 million patients may have had personal information stolen, including patient names, Social Security numbers, and other sensitive information.
- Yahoo! Is probably one of the largest data breaches ever recorded with information stolen from over 500 million accounts, including e-mail addresses, passwords, full user names, dates of birth and telephone numbers. Later on, it was revealed that another breach could have actually meant that over one billion records were breached.
- Weebly had to tell its more than 43 million users that their information could have been compromised, including usernames, passwords, e-mail addresses, and IP information.
And, this is just a small sampling of some of the larger instances. There are hundreds more than have been uncovered over the last few year. In fact, Risk Based Security (RBS) noted in its 2016 Data Breach Trends report that sixe of the 2016 breaches are now on the Top 10 List of All Time Largest Breaches. The same report noted that the number of records exposed went from 822 million in 2015 to over 4.2 billion in 2016.
While the largest data breaches had been those within retail operations like Target and Home Depot, fraudsters have moved to online targets, finding ways to hone their targets to be much more effective thanks to the vulnerabilities that exist within company’s online systems. These attacks are working despite using somewhat older hacking methods, including hacking and phishing as well as viruses.
Then there are the online retailers suffering from rising fraud. The Global Fraud Index, a PYMNTS and Forter collaboration found that online fraud attacks grew by 11% primarily in areas like digital goods, including downloadable games, songs, and movies. Behind these attacks are botnets, which have been employed more often by increasingly sophisticated criminals.
Other findings from The Global Fraud Attack Index™ for the second quarter of 2016 showed that there were 27 attacks for every 1,000 transactions conducted during the fourth quarter of 2015, which is 215% increase the first quarter of 2015.
Although we want to leave the door to opportunity open for online business to attract where customers prefer to often buy, we have to shut the door to the data that is involved in these transactions. However, some companies still have not learned, having multiple data breaches like Yahoo has experienced in the last couple of years.
Additionally, online retailers do not realize that many fraudsters have found even more vulnerabilities in mobile commerce that clearly are not being as secured as other transaction channels. Plus, all that data that was stolen from brick-and-mortar retailers is now being sold online and used for online purchases.
More high-risk businesses are appearing online, which have become the target for fraudsters who see an easy hit for chargebacks and similar fraud strategies.
To stop this online fraud and data hacking, more attention and diligence has to be added to the online business security equation. This means putting legacy systems out to pasture that involve manual processes and immediately migrating to new technology that comes with enhanced security mechanisms.
Other technology must be added, including leveraging behavioral analytics, which is based on machine learning and utilizes thousands of data points to analyze these online transactions in real time. There are also multiple technology tactics that can add barriers for the growing mobile fraud.
This includes device fingerprints for uniquely identifying computers and mobile devices like tablets and smartphones that are based on attributes, such as the browser version or screen dimensions.
Authentication measures can be added like geolocation, two-factor authentication with one-time passwords, preselected security questions, and dynamic security questions that tie to a customer’s shopping history.
When it comes to online fraud, you can never rest or stop paying attention to the methods used by criminals or the available security technology and measures that you need to invest in to maintain the security of your customers’ data and the reputation of your business.
BluePay is pleased to bring you this valuable information from our partner, Due, makers of a free digital wallet that allows users to easily make and accept payments online.