News of a data breach is like finding out your wallet just got stolen. Important, confidential information and likely, money is suddenly at risk. But these days, news of a data breach is becoming all too common. From Yahoo’s breach of one billion accounts reported in 2016, to Blue Cross Blue Shield/Anthem’s data breach affecting 80 million customers, to Verizon’s data breach of up to 14 million subscribers. So it’s easy to brush off the recent Equifax breach as just another hack—but it’s not. That’s because the depth of the data that the hackers acquired is unprecedented. Reported by the Wall Street Journal as the largest social security number breach in history, the hackers also acquired names, addresses, birth dates, credit card numbers, and confidential documents affecting approximately 143 million U.S. consumers.
This breached data is then used by criminal hackers to carefully curate profiles built to perform account takeover and create synthetic identities. Synthetic fraud is a growing problem in that criminal rings are able to reverse engineer the process that many online merchants have in place to verify identity. Those hackers then create “new” identities, sometimes even based on a deceased person or a child’s social security number. Criminal hackers pull together data that is approximate enough to real information to pass muster on identity checks and are then able to take advantage of merchants without any consequence.
Think of it like buying a used car—it may look fine from the outside, but who knows if it’s really just been cobbled together?
It’s important to understand how these stolen identity credentials will be utilized to attempt fraud against your site. Implementing multiple layers of defense and linking all the data elements, including names, email, phone, address, and IP to a suspicious transaction are key to avoiding fraud.
For example, many retail companies currently rely heavily on email verification; however savvy criminals can easily send emails that appear legitimate or even use an aged email to sneak by an identity verification process. To truly defend against data breaches, it’s critical to do more robust linkage analysis between a name, address, phone, and business information to avoid fraud while still preserving credible transactions.
The massive size and depth of the recent Equifax breach is certainly in the headlines, but it’s also top-of-mind for many consumers. Case in point: the ID Theft Resource Center, which provides non-profit resources and support to victims of identity fraud, has recently received their highest call volume in the company’s history. President and CEO Eva Casey Velasquez notes that this latest breach should clue businesses to take action with multi-factor authentication processes without worrying about inconveniencing customers. “We are encouraging businesses to be fearless in their security,” she said. “At the end of the day, it is your customer base that you are helping. But I could also make a business case that in the end, the reputational damage you suffer if it’s improperly handled could be the end of a business.”
Now with tools like Identity Check, identity verification is even easier to use because you can write the rules around transactions that exceed a certain threshold or for certain products or SKUs that you know are risky. Plus, it can be integrated with the largest fraud platforms or accessed through Whitepages’ API and web portal. The robust identity verification intelligence is a great solution for any eCommerce, online lending, or financial tech company, especially at a time when multi-factor verification is critical to protection against cyber fraud.
Whitepages CEO, Rob Eleveld, points out that while a lot of public focus has been on the litigation aspect of the Equifax breach, businesses would be wise to instead take real action to defend themselves and their consumers now. “The reality is that litigation is going to take a long time and savvy businesses need to focus on how to protect themselves now,” he said.
Learn more about a multi-layered approach to identity verification here.