4iQ, an identity theft intelligence company, warned that online cases of fraud during the holidays have accelerated. The company rolled out a free holiday season trial of a watch service which scans the data lakes of e-commerce businesses for signs of breach activity and other security vulnerabilities, according to a press release.
A study revealed that consumer re-use of passwords is a persistent problem heightening the threat of identity theft, with almost half of surveyed consumers in the U.S. admitting to re-using passwords across multiple websites, and about three-quarters them saying they don't change their passwords unless prompted or forced to do so.
"In 2017, we saw a 182% increase in identity records discovered by our team compared with the year prior, and by June this year, the number of total exposed consumer records had nearly doubled from 12.4 million to about 22.5 million." said Julio Casal, 4iQ founder and CTO, in a statement. "Last year's holiday season was acknowledged industry-wide as the worst ever in terms of account takeover, and we can only expect this year will top that."
For chief information security officers in retail and e-commerce, identity theft can be seen as both a result and potential symptom of broader security breach activity. While they are trying to build high walls to keep all the attackers out, they might find the consumer credentials already in their systems may be fraudulent or at least highly vulnerable.
A recent study from LogMeIn found that many retailers don't have stringent password requirements on their e-commerce sites. Retailers could make it more difficult to breach consumer credentials on their sites by requiring more complicated passwords, two-factor authentication and other protective measures.
However, consumers need to do their part, too, by creating unique passwords for different sites, and occasionally changing their passwords. There have been consumer education efforts about this challenge, not only from the retail sector but also from financial services. However, 4iQ's study found that many consumers haven't listened, which increases the likelihood that their credentials will end up on the dark web.