• Products
    Digital Trust & Safety Suite

    Expand with confidence, and fight many types of fraud and abuse

    Payment Protection

    Reduce risk and grow revenue

    Content Integrity

    Protect users from spam and scams

    Account Defense

    Stop account takeover attacks

    Latest Product Releases & Enhancements
    Sift Connect
    PSD2 Solution
  • Why Sift
    The Sift Way

    Technology, Community, Partnership

    Commerce Platform Partners

    Low-code integrations for leading commerce platforms

  • Customers
    See case studies by industry

    Sift works for companies across e-commerce, travel, on-demand, and more.

    Featured Customers

    Harry’s

    85% reduction in chargebacks

    Poshmark

    70% less spam content

    Turo

    100% of ATO blocked

  • Resources
    Blog

    Digital Trust & Safety news

    Demos

    Walk-throughs of how Sift works

    Ebooks

    Guides, research, and more

    Infographics

    Data brought to life by design

    One Pagers

    Product and use case info

    Podcasts

    Stories from the fraud front lines

    Videos

    Testimonials and brand stories

    Virtual Events

    Virtual expo and online events

    Webinars

    Insights from industry experts

  • About
    Search Careers

    Make the internet a safer place â€” Grow your career.

    Our Company

    Learn how Sift helps companies grow securely

    Contact Us

    Want to get in touch? We'd love to hear from you

    Partner with Us

    Join the leader in Digital Trust & Safety

  • Request a demo
  • Sign in
Products
  • Digital Trust & Safety Suite
  • Payment Protection
  • Content Integrity
  • Account Defense
  • Latest Releases
  • Sift Connect
  • PSD2 Solution
Why Sift
  • Salesforce
  • Magento
  • Shopify
Customers
Resources
  • Blog
  • Demos
  • Ebooks
  • Infographics
  • One Pagers
  • Podcasts
  • Videos
  • Virtual Events
  • Webinars
About
  • Search Careers
  • Our Company
  • Contact Us
  • Engineering Blog
Request a Demo Sign In
  • Blog Home
  • Digital Trust & Safety
< prev / next >
Share this article on LinkedIn
Tweet this article
Share this article on Facebook
SOCIALICON
Share this article via email

A post-Equifax world: What online businesses need to know

By Jason Tan  / 

12 Oct 2017

This article was first published on Entrepreneur.com in a slightly different format. 

Has your business felt the impact of the recent Equifax breach yet? If not, you may soon. The well-publicized breach compromised the personal information of over 143 million Americans. And the reality is that breaches of this magnitude have a huge effect on other businesses too. Even companies that have never been breached have a huge challenge on their hands. Equifax is just the latest in a long string of data breaches that end up causing ripples for all online businesses for months – or even years – to come.

Photo by Mateusz Dach from Pexels

Here’s what you need to know:

Data breaches affect all companies that do business online

When another company is breached, you may not think it affects your own. But the downstream consequences can be extremely damaging to you and your users. When personal information gets hacked or leaked onto the dark web, fraudsters get busy scouring the internet for sites where they can use this valuable data to their advantage. One of those sites could easily be yours.

Fraudsters are flocking to account takeovers and identity theft

Gone are the days when criminals focused on credit card fraud. Fraudsters are monetizing different types of data easily available on the dark web. For example, TrendMicro found that Uber, Facebook, Netflix, and Paypal accounts are worth more on the black market than credit card details. And personally identifiable information (like social security numbers and birth dates) was selling for $1-$3.30, compared with $0.22 for a bundle of credit card data.

Any time the dark web is flooded with a new batch of names, addresses, Social Security numbers, and other personal information, account takeovers (ATOs) go up. And the huge breaches of the past few years (Yahoo, Dropbox, etc.) have been taking their toll. Nearly half of online businesses saw an increase in ATO in 2016, according to the Sift Science Fraud-Fighting Trends report.

Keep an eye out for signs of ATO

So, how do you know if an account has been compromised? You can start by looking out for clues, like a user who logs in from different devices and locations, suddenly changes to an older browser or operating system, or has many failed login attempts. A fraudster may also update their settings, shipping address, or password all at once. And suspicious users are known to use proxies or VPN setups.

It’s important to know that each of these signals, taken on its own, may not indicate that an account’s been compromised. There are plenty of legitimate reasons for updating settings, or logging in from a new device. Maybe they just bought the new iPhone! It’s important to look at a range of data points holistically to identify account takeover.

Watch out for fraudulent new accounts

Another way that fraudsters wreak havoc with compromised data from the Equifax breach is by stealing someone’s identity and creating new accounts. Or they might piece together different bits of information (think birth dates, names, and Social Security numbers) from a variety of accounts to create an entirely new identity (also known as “synthetic identity theft”).

Patterns that could potentially point to fraudulent accounts on your site include multiple new signups originating from the same IP address or device, or a sudden increase in new account openings that aren’t related to any promotions or seasonal trends. Also, you can monitor the average length of time it takes someone to sign up on your site. If that length of time suddenly gets faster, it could mean fraudsters are using scripts to quickly open accounts.

Encourage your users to practice good online security hygiene

Unfortunately, one of the reasons ATO is on the rise is due to users’ poor online security habits. As many as 59% of people reuse passwords across multiple sites, which makes it easy for fraudsters with leaked credentials to gain access to their other online accounts.

Some steps that users can take to protect themselves include using a password manager and setting up two-factor authentication across all of their key accounts. People can enter their email address on the website haveibeenpwned to see whether it has already been part of a known data breach.

Be cautious – but don’t overreact

Although you need to take precautions to safeguard your users, make sure these measures aren’t getting in the way of legitimate customers. You can’t ask every visitor to your site to enter a security code, fill out a Captcha form, or otherwise try to prove their identity. Fighting fraud is a balancing act, and you don’t want to spoil your customers’ experience by creating too many security roadblocks. And you definitely don’t want to accidentally turn good users away.

At the heart of every healthy customer relationship is trust. You don’t want the side effects of another company’s security nightmare to become your own, eroding your users’ trust in your company. Although massive data breaches have become a fact of life, you can proactively protect your users from the disastrous effects of ATO, identity theft, and fraud. It’s in their best interest – and yours.

Related

account takeoverATOdata breachesEquifax

Jason Tan

Jason Tan is the Founder and Executive Chairman of Sift. Fueled by a passion for building great products and amazing teams, he's also held leadership and engineering roles at BuzzLabs, Optify, and Zillow.

  • < prev
  • Blog Home
  • next >
Company
  • About Us
  • Careers
  • Contact Us
  • News & Press
  • Partner with us
  • Blog
Support
  • Help Center
  • Contact Support
  • System Status
  • Trust & Safety EDU
  • Fraud Management
Developers
  • Overview
  • APIs
  • Client Libraries
  • Integration Guides
  • Tutorials
  • Engineering Blog
Social

Don't miss a thing

Our newsletter delivers industry trends, insights, and more.

You're on the list.

You can unsubscribe at any time. Please see our Website Privacy Notice.

If you are using a screen reader and are having problems using this website, please email support@sift.com for assistance.

© 2021 Sift All Rights Reserved Privacy & Terms

Your information will be used to contact you about our service and subscribe you to our direct marketing communications. You can, of course, unsubscribe at any time. Please see our Website Privacy Notice.