08.08.18

As data breaches increase in frequency and severity, technology will become an increasingly important line of defence

Data breaches cause fear, commotion, financial loss and reputational damage. Undoing the harm they can cause is an extremely lengthy and expensive process, both for the organisation at the epicentre and the individuals and businesses which had data exposed. This month, credit reference agency Equifax is learning this the hard way.

Equifax holds records on over 880 million individuals’ and more than 88 million businesses’ financial history, which will be checked by organisations such as banks and retailers when applying for products such as certain bank accounts, loans and mortgages. The information is compiled into a credit report, which is rich with personal identifiable information.

On the 29th July, Equifax learned that criminals had “gained access to certain files”. It’s currently unclear how many individuals were affected globally, but current estimates state that the figure could include 143 million people in the USA alone. Among the exposed data, more than 200,000 customers’ credit card details were leaked. The unauthorised access took place between May and July 2017. The breach was disclosed in an official statement on the 7th September.

What can the hackers do with the data?

Leaked information in this case included names, social security numbers of US customers, addresses and dates of birth. In many cases, this information is sufficient for a criminal  to commit identity fraud. Data like this has significant value on the black market. What’s more, driver’s licence numbers, account and card details were leaked.

In the months before Equifax learned about the breach, criminals had enough details to spend money belonging to consumers and businesses and take over their existing accounts. They would also be able to access new lending products under the guise of an innocent, legitimate customer.

How can technology help?

For those concerned about credit card fraud, virtual cards might be the answer to secure corporate payments. Generated at the point of sale, virtual cards (provided by technology companies like Conferma, and made available through corporate payment and expense services such as American Express Global Business Travel) are processed like traditional plastic cards but with a key difference.  These cards can be programmed to be valid within a particular time frame only, to cover a set amount or to pay a pre-approved supplier. Simply put, if a hacker stole virtual card details, they wouldn’t be able to use them.

With so many credit card details leaked, it’s likely that there will be a flurry of chargebacks for purchases made on stolen cards. While most of these will be legitimate, consumers may use the situation to make false claims to dispute transactions they have knowingly made. Merchants stand to lose a significant amount, but solutions are available to mitigate the risks and manage disputes quickly, such as those offered by The Chargeback Company.

For individuals wishing to take Equifax to task, a friendly chatbot can help sue the company for up to $25,000. “Welcome,” it says, supportively. “I am a bot to automatically sue Equifax.” The bot, called DoNotPay, was created to help fight parking tickets, and now it promises to make paperwork stress free for customers wishing to file action with warm greetings to all who may use it.

While the extent of damage caused by the Equifax breach is yet to become clear, it is increasingly important to galvanise against data leaks. Companies collecting and storing data need to be diligent, updating security protocols and using secure passwords to lock away sensitive information. While that’s the case, hackers will still get in from time to time. As the frequency and severity of cyber attacks like these continues to increase, technology will  become increasingly  central in the battle against breaches .