The Equifax data breach has created a ripple effect in the financial services ecosystem that’s causing consumers, banks and credit unions to prepare for the storm of fraud likely to occur as a result of the massive breach that’s estimated to impact 143 million consumers and more than 200,000 credit cards.
And that’s just one of the breaches. Equifax confirmed earlier this week that the company suffered another hack in March. It has since been reported that the company said there was no connection between the March incident with the breach that’s been making headlines the past couple weeks.
While the true impact of this breach is yet to be known, there are a few ways it has already impacted banks and credit unions. Reputation and customer satisfaction, of course, are just the tip of the breach iceberg. The true impact will be learning how this breach will affect a company's bottom line.
Outside of the PR significance, Equifax may face multiple lawsuits from individual state attorney generals. Although the weight of this massive breach will be felt by Equifax itself, the impact on consumers will certainly create a mess for banks and credit unions to pick up after.
From the reissuing costs of breached cards, to tracking synthetic fraud. the true costs won't be known for some time. Synthetic fraud allows hackers to set up accounts in a person’s name that appear to be authentic, but are in fact fictitious. As Rippleshot Co-Founder Canh Tran detailed in a recent report on the state of card fraud, the construction of new synthetic IDs is based on combining truthful and false information to build a credit file and then open new accounts, which is perpetrated at scale by opening hundreds of new accounts.
How the Equifax breach impacts banks and credit unions boils down to how they are equipped to detect, manage and fight fraud — and the spread of fraudulent purchases and accounts. Detecting fraud faster matters now more than ever. This new breach will cause the rate of fraud to spread faster, and will be more difficult to manage once a customer’s account becomes compromised.
What matters now for banks and credit unions is how they handle the mess that’s likely to follow as a result of the massive droves of personal credentials hacked. Customers don’t care whose fault the breach was; your customers want to know they are protected by their financial institutions. Trust and the ability to respond quickly matters most during the post-breach stages as large as this one.
As for how financial institutions should change their data breach practices after these events, Rippleshot Co-Founder has two pieces of advice: Ask more from your data processor and get faster fraud alerts. Instead of relying on weekly, or monthly reports, fraud alerts should be delivered in near real time with daily data from credit card transactions within your network.
Fraud tools today shouldn’t take 90 days to implement, require complicated platforms, have integration delays with core systems or complex modeling iterations. Solutions need to be fast, efficient, and actionable before the “horses are out of the barn.”
Financial institutions need tools that give them a quick alert on which cards are compromised on a daily basis, and the option to reset PINs immediately — opposed to the two week-period associated with CAMS alerts.
The reason speed matters most when detecting and preventing the spread of fraud is because by the time networks alert banks which cards are comprised, 80 percent of fraud has already occurred.
The monetization of compromised cards has become a sophisticated industry, and the Equifax breach shows the true threat of what happens when highly sensitive personal data gets in the wrong hands (AKA: fraudsters). The end result is payment credentials getting increasingly tangled in the rapidly-growing spread of fraud — causing more vulnerable data to be exposed across the payment ecosystem. Again and again.
With fraudsters having access to social security numbers, addresses, email addresses, dates of birth and even credit card numbers, hackers have the ability to open fraudulent accounts, new credit cards and even entire lines of credit. What banks and credit unions have to worry about are trails of credit card fraud that can exponentially impact the rate of which fraud (particularly synthetic fraud) can spread.
Machine Learning allows banks to thwart off breach threats faster, detect breaches when they occur, and devise a plan of attack for when breaches hit — preventing them from spreading into even bigger problems. For the Equifax breach, this is particularly relevant.
Not only can machine learning technology process billions to trillions of data, analyze millions of variables, it has the ability to learn and improve everyday.
Machine learning can help fraud teams at banks and credit unions be better equipped to get ahead of the problem before it spreads. By eliminating costly, manual processes that are also far less accurate (not to mention far slower), this presents endless benefits for financial organizations. Having the ability to sift through organized data that’s collected using powerful software, instead of relying on a team of data scientists to interpret what accounts have been breached (and which will actually go fraudulent), is the only way to devise sustainable business practices and be fully prepared to fight fraud.
Now, more than ever, in a post-Equifax breach world, the stakes are higher as for how fast fraud can spread, and how many customers it can impact in a short amount of time. Now is the time for banks and credit unions to invest in the right fraud fighting tools in order to halt the spread of fraud before it gets worse.