Data Breaches Remain a Risk for Merchants and Banks
Data breaches continue to be one of the greatest insider threats that businesses, specifically merchants and banks, have to face. Industrialists found the year 2014 densely concentrated in the data breach events with the Identity Theft Resource Centre reporting a stunning record-breaking count of 786 data breaches throughout the year. This showcased a substantial increase of 27.5% in data breaches from the year 2013, tarnishing the prosperity of some of the biggest businesses in retail in the United States.
There is a significant list of things contributing to this exceeding rise in ecommerce fraud. With the advent of the debit and credit card facility for the masses, came an elephantine rise in prospective crime. Indeed, debit and credit today in the modern world, despite their unparalleled merits, have become the leading causes of diminishing profits for many merchants and banks. Fraudulent and criminal access to the card information and their ability to make unauthorized purchases has surfaced as the most eminent data breach and lapse in security. Once the cardholder learns of the fraudulent transactions processed through the card, they file a chargeback, which ultimately places the merchants and banks in a victimized position.
The EMV technology allowing storage of even more sensitive credit card data on a tiny computer chip within a credit card has brought certain advantages to counter the security and data breaches. EMV technology powered credit cards are much harder to counterfeit, but the magnetic stripes prove unfortunately easy for a fraudulent person to imitate. EMVs tend to eliminate the potential risk of a credit card getting physically copied.
In a rather unfortunate turn of events, we saw 2015 shaping up to be as damaging as its precedent year, reporting an appalling count of 436 data breaches exposing an aggregate of 135 million records in its fresh six months as reported by the Identity Theft Resource Center.
With the news of data breaching making the headlines, the news reports always limelight the severity of damage done to the customer and the breached merchant. According to an expert’s estimation consumers who fall as victims of the data breach lose an average of 20 hours and nearly $770. But the real victims of the entire data breach are the online merchants who are expected to process the unauthorized transactions produced by fraudulent individuals on the internet, who gained access to the card information. This is the result of lack of necessary fraud mitigation steps taken by many consumers after a data breach surfaces. An important survey concludes that an estimate of 32% of data breach victims, when given a data breach notification, ignored it and took no action when their sensitive information was compromised. While a sad average of 28% victims took the liberty to cancel the debit or credit card account affected by the breach. Because of the failure in the execution of sufficient fraud mitigation strategies by many consumers worldwide, online merchants see themselves as the continued victims of unchecked payment and fraud.
This has dangerously heightened the riskfor merchants, especially the ones owning smaller business, with surveys reporting 8% hold their occurrence subject to merchants who process less than one million annual transactions. This serious lapse in security has triggered many security companies to write about small merchants who lack basic awareness concerning cardholder security, while countering a threat landscape. Small merchants’ reliance on their vendor without any prior auditing and negotiation regarding contractual protections drags them down as ecommerce fraud victims.
Banks have also had their fair share of victimization in the face of ecommerce fraud, as a breach of data and security. Some regional and community banks also play a role of issuer banks for the provision of credit and debit cards to their customers. The famous data breach of Target in late 2013 and Home Depot in 2014 serve as two very public examples of such a fraud. With these breaches, banks have to accept losses surfacing as unreimbursed recovery of credit by credit card companies, and have to include these costs in their business expenses. Now these banks are testing the possibility of seeking a recovery of such losses by the promising case laws, joint prosecution, and cooperation agreements. But in the wake of the continuous rise in data breaches, many banks have discovered the contractual reimbursements are far from sufficient to recover the amount of losses of an issuer bank. Target litigation in 2013, is the best epitome of the situation – its loses to issuing Credit Unions and community Banks totaled a startling figure over $200 million.