Recent news that malware was found and removed from registers at roughly 350 Eddie Bauer stores in August brought back not-so-fond memories of the giant retail data breaches U.S. retailers experienced a few years back. Following the Target breach in late 2013 – in which a reported 70 million cards were compromised – a slew of high-profile breaches followed: Home Depot, Neiman Marcus, Michaels, Staples, Sony, the list went on and on.
Data breaches of this type don’t seem to be in the news as often these days. This leads us to wonder, where are the big breaches happening now?
Businesses are still targets: The Identity Theft Resource Center reported 272 known breaches among U.S. businesses, with a stolen record count of nearly 2.5 million. The hitch: The actual number of records stolen is unknown for the vast majority of these incidents. And, in spite of potentially impactful breaches such as the hack of Oracle MICROS (with more than 300,000 terminals nationwide), we have yet to document a business breach of Target’s magnitude this year.
Healthcare and the government are in the crosshairs: While payment information is still at risk, other types of data have become attractive to thieves. Hacks of healthcare organizations and government personnel files provide fraudsters with personal information such as birthdates and Social Security numbers they can use to “fill in the blanks” on data that’s already on the dark market.
Some targets are political or personal. Earlier this year, a suspected group of Russian-backed hackers made hay with stolen communications from the Democratic National Committee. Now comes news that Russian-backed hackers may have intruded U.S. election systems, exposing the vulnerability of electronic voting. Other high-profile hacks have had taken a more personal – and malicious – tone: the breach at extramarital dating site Ashley Madison, for example, or the recent hack of actress Leslie Jones’ website.
To look at it another way, major breaches no longer seem to be happening everywhere in retail. But they do seem to be happening on a wider scale, everywhere.
New Tactics Emerge
Along with a shift in focus, there is a shift in the way some fraud is being carried out. Among healthcare companies especially, demands for ransom have become almost commonplace. Roughly 38 percent of healthcare companies have been asked to pay a ransom in order to avoid being hacked.
Fraud also moves faster: “When breaches happen now, there can be an increased speed in deploying the information,” says CO-OP Fraud Specialist John Buzzard. “We used to see months and years pass before data was used for fraudulent payments; now the cycle can be as quick as 10 days.”
With hackers broadening their scopes, adding new tactics and increasing their speed, it’s becoming more difficult for card issuers to know where the next flare up will occur. And while the race is on to develop and deploy ever more sophisticated fraud-fighting technology, for now maximizing old-school fraud detection and analytics may be the most critical step credit unions can take.
Beyond these traditional weapons, card controls and alerts add a new dimension to fraud detection and prevention. By placing control in the cardholder’s hands, these apps help double down on halting fraud at the earliest possible stages.
And although high-profile breaches typically occur outside of your purview, it’s good practice to establish and audit your internal operations. For expert tips from CO-OP’s CIO Terrence Griffin, check out this Insight Vault post from earlier this year. It’s impossible to know where the next big breach will happen, but it is possible to prepare.
See how credit unions can stay ahead of mobile payment security challenges with innovative card controls, alerts and more. Download our Security eBook to learn about the measures you can offer members.