Retailers: Beware the Equifax breach
Through a special arrangement, presented here for discussion is a summary of a current article from the Retail TouchPoints website.
On Sept. 7, Equifax revealed that it had suffered a security breach that could impact as many as 143 million consumers in the U.S., the UK and Canada. Retailers also face considerable risk.
False account creation and account takeovers are the biggest issues retailers will have to tackle in the wake of the breach, which occurred from mid-May through July.
Credit card fraud attempts increased 15 percent year-over-year during August, a period that does not typically see such jumps in activity, according to data from Forter, an e-commerce fraud prevention solution provider.
“The first thing to know is that it’s still not very clear what specific data was actually stolen,” Michael Reitblat, CEO of Forter, told Retail TouchPoints. “We’re still trying to understand whether it’s all the information you could possibly think of in terms of data from a credit bureau — which is extremely bad — or if it’s just partial data. It’s clear that names, Social Security numbers and addresses were all stolen.”
If security question data was stolen, cybercriminals may be able to reset passwords and gain access to store cards because consumers tend to use the same answers to security questions everywhere. New accounts can also be opened with the stolen information. Said Mr. Reitblat, “They can then use someone else’s stolen credit card with that account, or just leverage promotions and identity-based free trials that don’t require a credit card.”
In the short term, retailers should review changes in buyer behavior that occurred during the weeks following the breach to identify any uptick in fake account activity.
Longer-term, retailers should be sure to use dynamic data, rather than static data (such as an unchanging user name or password), for consumer authentication.
Finally, retailers need to maintain consumer trust and confidence in the wake of the breach, even though this one didn’t involve them directly. This latest incident is a reminder that “databases will be breached and consumer information will be out there,” said Mr. Reitblat, so retailers need to operate with that unsettling fact in mind.
DISCUSSION QUESTIONS: In what ways do you see the Equifax breach affecting retail businesses? How can retailers guard against cyber theft resulting from the breach? Are there any lessons from breaches such as this that don’t hit retailers directly?