Equifax breach forces businesses to face an expanding 'dark web'

Online businesses everywhere are going to be dealing with the effects of the recent Equifax breach.

It’s a tough truth to swallow, but these large-scale data breaches have become a fact of life, and it’s not just the breached business that pays the price. As fraudsters mine the valuable data that’s been compromised, all e-commerce sites and financial institutions need to be on alert.

Last year, 48% of online businesses saw an increase in account takeover (ATO), according to the Sift Science Fraud-Fighting Trends report. And the Equifax breach is likely to exacerbate this trend, potentially flooding the dark web with names, addresses, Social Security numbers and other personal information that fraudsters can leverage to gain access to a legitimate user’s account. They then make purchases with a stored payment method or drain value from the user’s account.

Some of the signals that could point to an ATO include login attempts from different devices and locations; switching to older browsers and operating systems; buying more than usual, or higher-priced items; changing settings, shipping address or passwords; multiple failed login attempts; and suspicious device configurations, like proxy or VPN setups.

Keep in mind that taken individually, each of these signs may be normal behavior for a particular user. It’s only when you apply behavioral analysis on a large scale, looking at all of a user’s activity and all activity of users across the network, that you can accurately detect ATO.

Fraudsters can also take all of the different pieces of personal data leaked in the Equifax breach to steal someone’s identity and create new accounts. They may also pick and choose pieces from various people’s accounts, like a birthday, Social Security number and name, and mix them together to create an entirely new ID.

To keep tabs on fake accounts, you can monitor new sign-ups to look for risky patterns, like a sudden spike in new accounts that can’t be attributed to a specific promotion or seasonal trend. If the average time it takes a new user to sign up suddenly gets much faster, that may point to fraudsters using a script to quickly create accounts. And seeing multiple new accounts coming from the same IP address or device is a red flag for a single person creating many accounts.

Even if a breach doesn’t happen on your site, any downstream fraud attacks still happen on your watch. If you don’t invest in protecting your users from the devastating effects of ATO, identity theft and fraud, you will soon lose their trust. Trust is earned in drops, but lost in buckets.

At the same time, e-commerce businesses and financial institutions should make sure they aren’t overly cautious to the point where they’re rejecting good customers and denying legitimate accounts. Preventing fraud is a delicate balancing act, and the right technology, which looks at a range of data points to make an accurate prediction about what is and isn’t fraudulent, can help you strike the right balance.