Rippleshot Blog

The year 2017 won’t be the last year that’s remembered for producing a record number of data breaches. There’s a good chance the same story will be repeated for years to come. But what everyone can learn from the growing number of incidents is why greater breach prevention and detection is needed more now than ever.

To wrap up the year, we’ve gathered a list of major data breaches that made headlines in 2017, starting with the incident that will continue to make news long into 2018.

With just over a week left in 2017, the year has already set another record number of data breaches — far surpassing 2016’s figures.

The latest data from the ITRC shows that, as of December 20, there have been a total of 1293 breaches, with a total number of records exposed reaching 174,253,442. To put that into context, in all of 2016 there were 1,093 breaches. That figure was a 40 percent hike over the 780 reported breaches in 2015.

Here at Rippleshot we’re all about the power of data. More specifically, the power of data to help issuers make more strategic decisions when it comes to analyzing risk from compromised cards, managing the spread of fraud and implementing more effective reissuance strategies.

In the final weeks of the holiday spending rush, issuers will be working diligently to analyze consumers spending behavior, track fraud patterns, determine where there are gaps in their fraud management, and decide how it all fits into their 2018 strategic planning. This includes how they’ll educate their cardholders how to better protect themselves, and what types of fraud solutions they’ll invest in to better protect their cardholders — and their own bottom line.

To help issuers wrap up the 2017 holiday season plans — and prepare for 2018 — we’ve gathered our three latest guides on the subject to help you stay updated on the latest trends in fraud management.

While most attention at the moment in Washington, D.C., is on the heavily debated tax bill, there’s another proposed bill that could have major implications for businesses hit by a data breach.

A re-introduced bill, the Data Security and Breach Notification Act, proposes harsher sentences for company executives who fail to notify consumers of a breach. The initial terms of the bill calls for jail time for those who are aware of breaches, yet fail to alert consumers in a timely fashion.

"We need a strong federal law in place to hold companies truly accountable for failing to safeguard data or inform consumers when that information has been stolen by hackers," said Sen. Bill Nelson, D-FL, a sponsor of the bill, wrote in a statement. "Congress can either take action now to pass this long overdue bill or continue to kowtow to special interests who stand in the way of this commonsense proposal. When it comes to doing what's best for consumers, the choice is clear."

The early data on holiday spending — coupled with early holiday fraud projections — gives some insight into what issuers might expect as the year 2017 rounds down.

To start, we’ve learned what most already knew: Consumers love to shop online. This year’s Black Friday/Cyber Monday figures confirmed that fact as consumers shelled out $5.03 billion online on Black Friday and Thanksgiving Day (a 16.8% increase from the year prior). Cyber Monday took that figure to the next level, and consumers set another record-high with $6.6 billion in sales. Overall, Cyber Monday processed 17% more purchases than Black Friday.

More online shopping inevitably means more money is being spent on credit cards, but it also means there’s a greater chance of CNP fraud as fraudsters shift their tactics toward targeting online purchases. This is in line with what industry projections show this holiday season.

The holiday shopping season is underway, which means an uptick in consumer spending. What this also means is an increase in card fraud. Whenever shoppers are spending more, fraudsters are quick to follow — which includes taking part in the holiday shopping season themselves. 

Banks and credit unions are less likely to stop authorization on purchases in order to avoid creating extra friction at checkout, and fraudsters have caught onto this habit. More than ever, consumers need to be savvier and know what red flags to look for this holiday season as they partake in the holiday shopping season. Likewise, card issuers need to be equipped with the knowledge (and tools) necessary to combat holiday card fraud. 

Let’s face it. We’re all bombarded every day with too many reports, too many articles and too many studies to keep up with. At Rippleshot, we work hard to sort through all the noise to bring you relevant news, tips, and resources you can really use to make your operation smoother by equipping your teams with tools to learn how to fight fraud faster and more effectively. Catch these 10 resources.

Most financial institutions have recognized the true value of the technology effectiveness behind machine learning: The ability to discover patterns across millions of data points and hundreds of variables faster and more accurately than human beings. For predicting and stopping the use of compromised card details and the spread of card fraud, this technology is a game-changer.

The real obstacle forfinancial institutions boils down to the concept of implementing such a solution. Without in-house data scientists to create models, the IT resources to get the data from their internal systems or from their processors, and the expertise to insure that the data is clean and correct, implementing processes within an organization can seem overwhelming. But it doesn't have to be so complicated.

Across the payment fraud ecosystem, there’s a lot of data about the state of card fraud, why it’s rising and how it’s changing. What’s not always easy to do is track relevant data as it enters the market. After all, data changes as quickly as the speed of fraud evolves.

To help keep issuers up to date with what stats are dominating the market, we’ve gathered data from recent studies across the market to show what threats are most prevalent, what issuers should be tracking and why they need to be detecting and stopping the spread of fraud faster than ever.

Solving ATM fraud has become a 2 billion-dollar question. (The impact of ATM skimming on a global scale). Getting to the bottom of ATM fraud means having a better understanding of how fraudsters think, how quickly they act and what payment channels they are targeting most.

In a recent webinar hosted by the ABA and Rippleshot's Chief Data Scientist Randal Cox, we discussed case studies of actual fraudster behavior and explored patterns of ATM misuse that help financial institutions fully understand the scope of this problem — and why it’s getting worse. [Catch the full webinar here].

October is cybersecurity awareness month — a prime time for banks and credit unions to re-think how they are managing their card fraud detection strategies. Then again, companies should be doing this the other 11 months of the year, too.

Financial institution leaders need to be constantly thinking about how to evolve their card fraud detection management and update their cybersecurity measures - or risk making their organizations increasingly vulnerable. Today, fraud management is more than just reacting to industry alerts. Being reactive, instead of proactive, about cybersecurity, will leave an organization always playing catchup.

Globally, ATM skimming fraud is a $2 billion problem. This is a rapidly-growing issue that’s become a major pain point for banks and credit unions already faced with increased challenges on how to manage their fraud-fighting measures.

Another problem? ATM skimmers are easy to buy online. What used to be something that was only accessible on the dark web can just as easily be bought on a marketplace today. Bottom line? If fraudsters want a skimmer, they can get their hands on one. 

ATM fraud continues to rise at alarming rates. Compromises from ATMs and POS devices rose 21 percent in the first half of 2017, when compared to 2016’s same figures, according to FICO. Compromised cards rose by 39 percent. Keep in mind these figures don’t account for holiday card fraud — a time which banks and credit unions should expect to see a spike.

The Equifax breach that continues to make headlines is a game-changer for the financial services space. The biggest fear, of course, remains the unknown cost impact for banks and credit unions.

Inevetiably, in a breach affecting roughly half the U.S. population, the scope of this incident will be long-lasting. The end results won’t be known for some time since the real threat ahead lies in fraudsters’ ability to create false identities (AKA: synthetic fraud). 

To help combat the fallout from this breach, we've gathered four tips that banks and credit unions should keep in mind as they devise their strategies for keeping up with the spread of fraud (and fraudulent accounts).

The Equifax data breach has created a ripple effect in the financial services ecosystem that’s causing consumers, banks and credit unions to prepare for the storm of fraud likely to occur as a result of the massive breach that’s estimated to impact 143 million consumers and more than 200,000 credit cards.

And that’s just one of the breaches. Equifax confirmed earlier this week that the company suffered another hack in March. It has since been reported that the company said there was no connection between the March incident with the breach that’s been making headlines the past couple weeks.

The massive Equifax data breach that’s making national headlines is estimated to impact nearly half of the U.S. population — or roughly 143 million people. While most of the news centers on the consumer identity theft impact, the real story in the financial services ecosystem is what this hack will cost banks, credit unions and issuers.

Let’s start with the basics. From what’s been publicly reported, there’s been 209,000 credit card numbers and 182,000 documents with personal information breached. These cyber thieves also got away with social security numbers, and a slew of other vital personal information that’s used to open up fraudulent accounts and commit identity theft. Limited personal data was also stolen from some UK and Canada residents.

For banks and credit unions, the real threat lies in the hackers’ ability to open fraudulent accounts, new credit cards and even entire lines of credit. This creates an endless trail of credit card fraud that can exponentially impact the rate of which synthetic fraud (accounts created with a fictitious identity) can spread.