December 17, 2018
Retails’ Nightmare Before Christmas
With the stresses of Black Friday and Cyber Monday shopping…
It seems every month we hear about a new massive data breach. According to CNN and Risk Based Security, more than 149 billion consumer records have been compromised in data breaches this year alone. This is evidence that attackers are continuing to ramp up their efforts to steal sensitive data.
This is bad news for more than just consumers and the breached company.
These breaches may arm aggressive fraud rings with data needed to pass legacy security solutions, especially in the weakly protected call center. Call centers too often rely on Personally Identifiable Information (PII) such as SSN, date of birth, or card numbers to authenticate callers and grant access to accounts. But this information is almost worthless once it is made available on the black market following a breach. Fraudsters could purchase it and use it to perform account takeover attacks through the call center.
Brian Krebs detailed how one of these cross-industry attacks worked in 2008, when fraudsters used data stolen from a large retailer data breach to change PIN numbers on bank accounts and make fraudulent ATM withdrawals.
Enterprises should not only work to stop breaches of their own data, but realize that data breaches at other enterprises, even in other industries, may put their own security at risk.
Next generation multi-factor solutions, that do not rely on PII, are needed to help deter the long-term fraud that results from massive data breaches. By relying on multiple layers of security, enterprises can increase their chances of detecting and reducing what is sure to be a wave of new fraud attempts.
To learn more, view a recording of our recent webinar, “The Data Breach Butterfly Effect.”