Exclusive Q&A: How The Equifax Security Breach Will Impact Retail Businesses

On Sept. 7, Equifax revealed that it had suffered a security breach that could impact as many as 143 million consumers in the U.S., the UK and Canada. But consumers aren’t the only ones that could be affected by the breach, which occurred from mid-May through July 2017 — retailers also are facing a considerable risk.

In an exclusive Q&A, Michael Reitblat, CEO of Forter, an e-Commerce fraud prevention solution provider, notes that false account creation and account takeovers are the biggest issues retailers will have to tackle in the wake of the breach.

Reitblat shared insights into how the breach will impact retailers, and what merchants should do to help mitigate the effects:

  • In the short term, retailers should review changes in buyer behavior that occurred during the weeks following the breach, to identify any uptick in fake account activity.

  • Longer-term, retailers should be sure to use dynamic data, rather than static data (such as an unchanging user name or password), for consumer authentication.

  • Finally, retailers need to maintain consumer trust and confidence in the wake of the breach, even though this one didn’t involve them directly. This latest incident is a reminder that “databases will be breached, and consumer information will be out there,” said Reitblat, so retailers need to operate with that unsettling fact in mind.

Retail TouchPoints (RTP): How are retailers being immediately affected by the Equifax breach?

Michael Reitblat: The first thing to know is that it’s still not very clear what specific data was actually stolen. We’re still trying to understand whether it’s all the information you could possibly think of in terms of data from a credit bureau — which is extremely bad — or if it’s just partial data. It’s clear that names, Social Security numbers and addresses were all stolen.

If you look at it from a retailer perspective, the first thing they should expect is a lot of false account creation and account takeovers. Credit card numbers were stolen, but that’s not the main issue here. The issue is that fraudsters have the full name, address, Social Security numbers, and access to a lot of security questions consumers might have had with the credit bureau to authenticate themselves. People usually use the same questions everywhere, so fraudsters can use them to gain access and reset passwords on retail accounts and transact using that.

We already see a substantial spike in account takeover activity happening in the data from retailers we are working with.

RTP: What exactly are cybercriminals doing when they take over an account?

Reitblat: Let’s say you open up an account with Macy’s. You’ll usually have a credit card stored there and be able to transact quicker without typing in all of your details. If I try to get access to your account — I don’t have your password through [the stolen data],…