The number of debit cards compromised at US ATMs increased 10% in 2017, according to a new FICO study reported on by PYMNTS. Meanwhile, card readers were compromised at 8% more US ATMs, restaurants, and merchants.
The rate of debit fraud growth is decelerating, but it’s still a huge threat. Last year’s 10% increase is notably lower than the 70% increase in debit fraud between 2015 and 2016. This slowdown is likely largely attributable to a rise in the number of EMV-enabled debit cards — there were nearly 273 million Visa chip-enabled debit cards in 2017, up from 67 million in 2015 — which use tokenization to encrypt customer data, making them less susceptible to hacks from fraudsters.
Although card skimming, which was responsible for most ATM and debit fraud at the point-of-sale (POS), remains a $2 billion problem, fraudsters might be moving onto other tools and focusing less on skimmers, slowing the rate of growth.
But that puts the onus on firms to continue to prevent fraud.
- Fraudsters will move onto new methods. Fraudsters have been focusing on new methods like “jackpotting” — an attack in which criminals use a combination of malware and hardware to force ATMs to spit out large piles of cash — that disable the ATM rather than the card. That ultimately protects cardholders, but results in a loss for ATM manufacturers.
- So other, newer channels will remain vulnerable to fraud. E-commerce, for example, may become a more popular target among fraudsters, as attacks are carried out remotely. Card issuers, ATM makers, and POS terminal manufacturers must continue to develop fraud prevention and reconciliation solutions. And merchants that haven’t done so already should invest in POS hardware that accepts chip card payments. Addressing customer concern is imperative for all firms; if they don’t, they’ll risk experiencing fraud and losing business to players with better security measures.
Over the past five years, the world has seen a seemingly unending series of high-profile data breaches, defined as incidents in which unauthorized parties access and retrieve sensitive, secure, or private data.
Major incidents, like the 2013 Yahoo breach, which impacted all 3 million of the tech giant’s customers, and the more recent Equifax breach, which exposed the information of at least 143 million US adults, has kept this risk, and these threats, at the forefront for both businesses and consumers. And businesses have good reason to be concerned — of organizations breached, 22% lost customers, 29% lost revenue, and 23% lost business opportunities.
This threat isn’t going anywhere. Each of the past five years has seen, on average, 1,704 security incidents, impacting nearly 2 billion records. And hackers could be getting more efficient, using new technological tools to extract more data in fewer breach attempts. That’s making the security threat an industry-agnostic for any business holding sensitive data — at this point, virtually all companies — and therefore a necessity for firms to address proactively and prepare to react to.
The majority of breaches come from the outside, when a malicious actor is usually seeking access to records for financial gain, and tend to leverage malware or other software and hardware-related tools to access records. But they can come internally, as well as from accidents perpetrated by employees, like lost or stolen records or devices.
That means that firms need to have a broad-ranging plan in place, focusing on preventing breaches, detecting them quickly, and resolving and responding to them in the best possible way. That involves understanding protectable assets, ensuring compliance, and training employees, but also protecting data, investing in software to understand what normal and abnormal performance looks like, training employees, and building a response plan to mitigate as much damage as possible when the inevitable does occur.
Business Insider Intelligence, Business Insider’s premium research service, has put together a detailed report on the data breach threat, who and what companies need to protect themselves from, and how they can most effectively do so from a technological and organizational perspective.
Here are some key takeaways from the report:
- The breach threat isn’t going anywhere. The number of overall breaches isn’t consistent — it soared from 2013 to 2016, but ticked down slightly last year — but hackers might be becoming better at obtaining more records with less work, which magnifies risk.
- The majority of breaches come from the outside, and leverage software and hardware attacks, like malware, web app attacks, point-of-service (POS) intrusion, and card skimmers.
- Firms need to build a strong front door to prevent as many breaches as possible, but they also need to develop institutional knowledge to detect a breach quickly, and plan for how to resolve and respond to it in order to limit damage — both financial and subjective — as effectively as possible.
In full, the report:
- Explains the scope of the breach threat, by industry and year, and identifies the top attacks.
- Identifies leading perpetrators and causes of breaches.
- Addresses strategies to cope with the threat in three key areas: prevention, detection, and resolution and response.
- Issues recommendations from both a technological and organizational perspective in each of these categories so that companies can avoid the fallout that a data breach can bring.