Fraud perpetrators already appear to be using personal identification data compromised in the recently-acknowledged massive data breach of Equifax in attempts to commit crimes, according to a New York Post report quoting Liron Damri, co-founder and COO of fraud prevention specialist at Forter.
Damri told the newspaper that Forter detected a 15% increase in fraud attempts during August, a period during which such jumps in activity are not typically seen. Equifax has acknowledged that the data breach was discovered on July 29.
The data breach, which lasted from at least mid-May through July, potentially affected 143 million Americans whose Social Security numbers, driver’s license numbers, birth dates and addresses were compromised, along with credit card numbers of about 209,000 consumers, according to Equifax. Forter did not respond to Retail Dive's request for more details.
It is worth noting that Forter witnessed similar spikes in fraud attempts following two major retailer security incidents — the costly Target data breach in 2013 and the Home Depot data breach the following year, Forter told the Post.
This time, the company attacked was a credit bureau, not a retailer, but there is nothing about this incident that a retailer should find reassuring. As with several retailer data breaches that have occurred in recent years, Equifax did a poor job of letting the affected consumers know about the breach, what Equifax was doing about it and what actions consumers themselves should take.
That sort of weak response is getting increasingly troubling, as it sends a message to consumers that their welfare is not the central concern of the hacked party. It's fair to wonder if consumers becoming more afraid of fraud will start changing their retail buying habits. Consumers could start cutting back on credit card purchases or choosing not to save their card numbers and other personal data on retailer websites or in digital wallets. That kind of hesitation could in turn negatively affect shopping practices, as the need to input data with every purchase would increase checkout friction and give consumers more chances to abandon shopping carts.
One survey last year showed that about 20% of shoppers would avoid shopping at a particular retailer if that retailer experienced a data breach. The percentage is bound to surge higher with every high-profile data breach.
This all sounds like pretty bad news, but there is a silver lining: Retailers, credit card companies and credit bureaus are starting to have much more effective cyber security protection technology and fraud-fighting tools at their disposal. This includes artificial intelligence tools that could spot fraud even sooner.
While this data breach could end up costing Equifax hundreds of millions of dollars, the bigger loss in the long term could be its reputation — not just because it didn't protect consumers from this breach in the first place, but also because it didn't respond clearly, nor thoroughly, nor with consumers' best interests in mind. While that will hurt Equifax, it could also hurt retailers and brands that see subdued shopping and spending activity in the wake of the incident.