A few weeks have passed, and the Equifax data breach has been discussed extensively in just about every news outlet. This is an instance where saturated news coverage and never ending analysis is well warranted, with 143 million Americans waiting for the other shoe to drop.
I will take a look at this through the lens of online businesses managing card-not-present fraud. CNP fraud solutions can enhance business value or deplete it, depending on the effectiveness of the solution and fraud environment it is up against. The Equifax breach puts a challenging wrinkle in the CNP fraud landscape, with many online businesses at risk of losing significant value.
The Poor Get Poorer:
When carrying out fraud attacks there are two things fraudsters need most: ample targets and data, both in quantity and variety. Let’s take a look at the latter. There have been so many breaches, that compromised data seems like par for the course. However, this breach stands out from the pack. Both in the amount of data that was compromised and the variety. This was not a name or a birthday, or even a combo, like acquiring a name/credit card. This was Social Security numbers, names, birth dates, addresses, credit cards, and even drivers license numbers. This will fuel more than payment fraud. This will run the gamut: from account takeovers, fraud account openings, and identity fraud to every flavor of scam and abuse you can think of. It is being covered like a different kind of breach because the threat is much greater.
Which brings us to the second component, plenty of targets. Online businesses and ecommerce solve that pretty quickly. All online companies are fair game, but businesses with sub-par fraud solutions that rely on legacy technology and inefficient operations will be picked apart quickly. Fraudsters are adept at finding soft spots and weak defenses. They will stick with a particular target and/or attack method until it is clamped down. Like most humans, they want to maximize value for the time they invest and will not burn valuable resources on little return. Therefore, they follow the path of least resistance. The Equifax breach is a not so friendly reminder of the volatile CNP fraud climate, with large data breaches fanning the flames of an already healthy fire.
Not My Problem:
Sometimes the easy thing to do is blame Amazon. So, I am going to do just that. Not for the breach… but for the usual crime they are saddled with. Amazon whipped up a mix of customer centric, no hassle, efficient, cheap, on-demand ecommerce the likes of which nobody had seen before. Shockingly, people liked this. Amazon transformed not just customer experience but customer expectations. Fraud mitigation is one of many things that does not justify inconveniencing a consumer’s shopping experience.
But come on. With the crazy difficult CNP fraud battle, there has to be some understanding from consumers, right? Considering the massive Equifax data breach, there is sure to be a bit of leeway with customer friction, correct? Sadly, no. Consumers don’t care. If you cite the Equifax data breach as a reason you were over-cautious and canceled young Bobby’s Xbox, all you will be met with is an angry parent. We live in a world where no matter the circumstances, consumers expect not to be inconvenienced. Amazon is not the bad guy. They are just the big guy. The big guy who successfully created the experience to which consumers are addicted, and it’s every company’s job to keep pace.
Effective fraud solutions do just that – they match Amazon’s value. These solutions mitigate fraud under the worst circumstances, while maintaining an experience their customers love. The Equifax breach will be a good test to see what CNP fraud solutions stand strong and which begin to bleed sales and lifetime customers.
One obvious blow is the impact to the Equifax brand. In addition to a credit bureau, Equifax has it’s own suite of anti-fraud technology and solutions. While a breach leaves no company sitting pretty, Equifax’s active presence in fraud prevention adds insult to injury. An insult that is felt strongest in it’s brand equity.
Moving past Equifax, the brand equity of other online companies will be damaged as well. As discussed earlier, when fraudsters get their hands on the right combination of data they can deploy more sophisticated attacks. Account takeovers and opening fraudulent accounts are two examples that have significant impact on brand equity. This type of fraud is an absolute nightmare for consumers. Even though the source of the data breach may be Equifax, the account takeover occurred with Company X. Consumers link the inconvenience and poor security to Company X. Company X will be the one who loses trust, the consumer and value in their brand.
Fraudsters also use compromised data to carry out scams and abuse. Content abuse is a good example. Marketplaces and communities rely on the flow of honest, credible information. Spam, fake reviews, and other malicious content can lead to a terrible user experience and tarnish a company’s brand. As loyal marketplace customers abandon the site, they impact the platform’s growth and profitability. This is just one example of the many forms of abuse that will impact a variety of online verticals.
Everyone knows the Equifax breach has far reaching effects. Consumers scramble to check their financial records, protect their information, freeze their credit file and come to grips with the fact there’s not much more that can be done. It’s a helpless feeling to say the least. However, It’s important to remember that online businesses downstream from the breach also have a tough road ahead. They are bracing for a barrage of fraud attacks that leak value at every turn. On a positive note, sometimes this is just the incentive businesses need to ensure they find the right layers of fraud protection for their business. There’s no time like the present to batten down the hatches and march forward with the confidence your business is protected by solutions that align best to your company’s needs.