Christmas keeps on coming for online fraudsters as yet another data breach came to light today. After Target’s lost of up to 110m cards over the Christmas season, was followed by millions of cards from over 70 Neiman Marcus stores, the online economy was flooded with fake credit card information.
Today, South Korea has suspended three firms after they were responsible for the loss of the private data of 60 million credit cards. (That’s in a nation of 50 million people where 1 in every 2 financial transactions are done by card)
And in the United States, another breech has come to light where millions of cards were lost in a data breech by the company who process credit cards for some of the USA's most popular hotel chains.
Let’s ignore for a second that some of these breeches occurred across 2013 and are only coming to public attention now. The guilty parties react (with typical PR gusto) to these attacks by reassuring members of the public that they’re protected, offering free ‘identity protection or monitoring’ for affected customers. Its like offering a discount on fire extinguishers right before a meteor strike - you might not actually be hit by a meteor but you can be damn sure you’ll feel its effects. You might be lucky and your card might not be the victim of fraud, but lets not pretend that this wont affect you in terms of increased costs.
Let's face the realities of the situation and the wider ranging effects of these incidents.
1. It’s unprecedented.
Never since credit cards were first introduced has the information behind so many cards flooded the internet. Normal fraud prevention tactics like stolen card lists etc are useless as the producers of such lists can’t keep up. The credit card system simply wasn’t designed to deal with this many fake cards out there and we’re likely to see a tightening up on security initiatives like Verified by Visa and 3D secure, which regardless of security are pure commerce killers in terms of driving customers away.
2. Unlimited availability.
With such a volume of stolen cards out there, its not even hard to find them any more. Whatever false impression you have of fraudsters being a bunch of geeky criminals operating from the bedrooms is so far from the truth. Its hard to accurately explain the sophistication behind the services now selling these cards in the murky part of the underground internet. Imagine Ebay except with the latest cutting edge technologies and you might come close. A card with a $10,000 limit, can be yours for far less than $100. You can sign up for subscription services where they send you X amount of credit card numbers per day. Some ‘wholesalers’ of cards even provide customer service and money back guarantees.
3. Its going to get very expensive, especially for cardholders.
The huge losses that are being experienced by card issuers are mounting up and they’re only going to get worse. Just like insurance companies after natural disasters, the card providers are only going to bury so much of this loss. The rest they’ll recoup in two ways - pushing the costs back onto the online merchants, resulting in increased prices for goods, and be pushing up the fees associated with credit cards. If they losses continue, you may see card providers rebooking at the blanket liability protection that they offer.
Are you ready?
As an online merchant, any day, any transaction could come from one of the nearly 250 million stolen credit cards that have flooded the market in recent months. Target's breech alone could result in $400m of losses for unrelated merchants. Are you ready and equipped to prevent this? What measures have you in place to protect your business and your cash-flow?
At Trustev, we believe that basing fraud prevention on the method of payment such as the credit card information is just plain dumb. The only way to always avoid fraud is to know exactly who you’re doing business with and thats what we focus on. Delivering a real time confirmation of your customer’s identity so you can be sure that the individual using a card is exactly who they say they are.
Fraud is a serious business, its time to start treating it that way.