Sift Logo Several blue dots forming a sphere to the left of the word Sift in italic font.
  • Products

    Digital Trust & Safety Suite

    Fight fraud without sacrificing growth

    Learn more →

    Passwordless
    Authentication

    Account
    Defense

    Content
    Integrity

    Payment
    Protection

    Dispute
    Management

    Sift
    Connect

    PSD2
    Solution

    New Releases & Enhancements

  • Partners

    Sift Partner
    Program

    Join the leader in Digital Trust & Safety

    Learn more →

    Commerce platform partners


  • Industries

    One solution, many applications

    Learn how Sift can work for your industry

    Learn more →

    Featured industries


    Fintech

    Retail

    Food & Beverage

  • Customers

    See case studies by industry

    Sift works across every use case and region

    Learn more →

    Featured customers


  • Resources

    Explore our resources

    Access trends, guides, and insights from Sift

    Learn more →

    Blog

    Ebooks

    One Pagers

    Demos

    Videos

    Webinars

    Infographics

    Podcasts

    Trust & Safety University

  • Fraud Center
  • Company

    Why leaders choose Sift

    Technology, community, and partnership

    Learn more →

    Our mission: Help everyone trust the internet


    About

    Careers

    News & Press

Request a demo
Products
  • Digital Trust & Safety Suite
  • Passwordless Authentication
  • Account Defense
  • Content Integrity
  • Payment Protection
  • Dispute Management
  • Sift Connect
  • PSD2 Solution
  • New Releases & Enchancements
Why Sift
  • Salesforce
  • Magento
  • Shopify
Industries
  • Fintech
  • Retail
  • Food & Beverage
Customers
Resources
  • Blog
  • Ebooks
  • One Pagers
  • Demos
  • Videos
  • Webinars
  • Infographics
  • Podcasts
  • Trust and Safety University
Fraud Center
About
  • Search Careers
  • Our Company
  • Contact Us
  • Engineering Blog
Request a DemoSign In
  • Blog Home
  • Digital Trust & Safety
< prev / next >
Share this article on LinkedIn
Tweet this article
Share this article on Facebook
SOCIALICON
Share this article via email

A post-Equifax world: What online businesses need to know

By Jason Tan  / 

12 Oct 2017

This article was first published on Entrepreneur.com in a slightly different format. 

Has your business felt the impact of the recent Equifax breach yet? If not, you may soon. The well-publicized breach compromised the personal information of over 143 million Americans. And the reality is that breaches of this magnitude have a huge effect on other businesses too. Even companies that have never been breached have a huge challenge on their hands. Equifax is just the latest in a long string of data breaches that end up causing ripples for all online businesses for months – or even years – to come.

Photo by Mateusz Dach from Pexels

Here’s what you need to know:

Data breaches affect all companies that do business online

When another company is breached, you may not think it affects your own. But the downstream consequences can be extremely damaging to you and your users. When personal information gets hacked or leaked onto the dark web, fraudsters get busy scouring the internet for sites where they can use this valuable data to their advantage. One of those sites could easily be yours.

Fraudsters are flocking to account takeovers and identity theft

Gone are the days when criminals focused on credit card fraud. Fraudsters are monetizing different types of data easily available on the dark web. For example, TrendMicro found that Uber, Facebook, Netflix, and Paypal accounts are worth more on the black market than credit card details. And personally identifiable information (like social security numbers and birth dates) was selling for $1-$3.30, compared with $0.22 for a bundle of credit card data.

Any time the dark web is flooded with a new batch of names, addresses, Social Security numbers, and other personal information, account takeovers (ATOs) go up. And the huge breaches of the past few years (Yahoo, Dropbox, etc.) have been taking their toll. Nearly half of online businesses saw an increase in ATO in 2016, according to the Sift Science Fraud-Fighting Trends report.

Keep an eye out for signs of ATO

So, how do you know if an account has been compromised? You can start by looking out for clues, like a user who logs in from different devices and locations, suddenly changes to an older browser or operating system, or has many failed login attempts. A fraudster may also update their settings, shipping address, or password all at once. And suspicious users are known to use proxies or VPN setups.

It’s important to know that each of these signals, taken on its own, may not indicate that an account’s been compromised. There are plenty of legitimate reasons for updating settings, or logging in from a new device. Maybe they just bought the new iPhone! It’s important to look at a range of data points holistically to identify account takeover.

Watch out for fraudulent new accounts

Another way that fraudsters wreak havoc with compromised data from the Equifax breach is by stealing someone’s identity and creating new accounts. Or they might piece together different bits of information (think birth dates, names, and Social Security numbers) from a variety of accounts to create an entirely new identity (also known as “synthetic identity theft”).

Patterns that could potentially point to fraudulent accounts on your site include multiple new signups originating from the same IP address or device, or a sudden increase in new account openings that aren’t related to any promotions or seasonal trends. Also, you can monitor the average length of time it takes someone to sign up on your site. If that length of time suddenly gets faster, it could mean fraudsters are using scripts to quickly open accounts.

Encourage your users to practice good online security hygiene

Unfortunately, one of the reasons ATO is on the rise is due to users’ poor online security habits. As many as 59% of people reuse passwords across multiple sites, which makes it easy for fraudsters with leaked credentials to gain access to their other online accounts.

Some steps that users can take to protect themselves include using a password manager and setting up two-factor authentication across all of their key accounts. People can enter their email address on the website haveibeenpwned to see whether it has already been part of a known data breach.

Be cautious – but don’t overreact

Although you need to take precautions to safeguard your users, make sure these measures aren’t getting in the way of legitimate customers. You can’t ask every visitor to your site to enter a security code, fill out a Captcha form, or otherwise try to prove their identity. Fighting fraud is a balancing act, and you don’t want to spoil your customers’ experience by creating too many security roadblocks. And you definitely don’t want to accidentally turn good users away.

At the heart of every healthy customer relationship is trust. You don’t want the side effects of another company’s security nightmare to become your own, eroding your users’ trust in your company. Although massive data breaches have become a fact of life, you can proactively protect your users from the disastrous effects of ATO, identity theft, and fraud. It’s in their best interest – and yours.

Related

account takeoverATOdata breachesEquifax

Jason Tan

Jason Tan is the Founder and Executive Chairman of Sift. Fueled by a passion for building great products and amazing teams, he's also held leadership and engineering roles at BuzzLabs, Optify, and Zillow.

  • < prev
  • Blog Home
  • next >
Company
  • About Us
  • Careers
  • Contact Us
  • News & Press
  • Partner with us
  • Blog
Support
  • Help Center
  • Contact Support
  • System Status
  • Trust & Safety University
  • Fraud Management
Developers
  • Overview
  • APIs
  • Client Libraries
  • Integration Guides
  • Tutorials
  • Engineering Blog
Social

Don't miss a thing

Our newsletter delivers industry trends, insights, and more.

You're on the list.

You can unsubscribe at any time. Please see our Website Privacy Notice.

If you are using a screen reader and are having problems using this website, please email support@sift.com for assistance.

© 2022 Sift All Rights Reserved Privacy & Terms

Your information will be used to contact you about our service and subscribe you to our direct marketing communications. You can, of course, unsubscribe at any time. Please see our Website Privacy Notice.