In January 2021, a cybercrime intelligence CTO discovered a database of leaked Facebook data that had been hacked two years prior. The database contains more than 533 million verified Facebook records from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India.
The hacked data includes users’ phone numbers associated with IDs and full names, locations, birthdays, bios, and some email addresses. For cybercriminals, this is a treasure trove of information they can use to impersonate or scam the users in the database. And because it’s been posted on a low-level hacking forum that is both unlimited and ungated, anyone with basic technical skills will be able to access the data.
The bad news? It’s very possible one of your existing or potential customers’ data has been compromised. But, short of looking each of them up in recently published utilities, you won’t know for sure. And while a recent ClearSale Consumer Behavior study reported that some consumers can be forgiving about fraud, your business could still be at risk.
In the study, all respondents indicated that transaction security was an important factor for their purchasing decisions, placing a high value on a merchant having fraud protection practices in place.
What’s interesting, though, is the same consumers didn’t seem to appreciate the value of data privacy – a key factor in preventing data breaches – as much as fraud protection. This may indicate a disconnect in understanding the link between their compromised data and online fraud.
Data breaches like this one, where payment data isn’t compromised, naturally have less of an impact on ecommerce than a bank data breach.
That doesn’t mean you’re in the clear, though: Customers often use the same login credentials (or at least the same passwords) across accounts, whether it’s social media, bank accounts, or ecommerce accounts.
Fraudsters program bots to use those credentials for account takeovers (ATOs), one of the most common types of ecommerce fraud. They can impersonate legitimate account-holders using those bots to replicate legitimate user behavior, change passwords, and redirect all communications away from legitimate users.
From there, the sky’s the limit. When banks and credit card companies call or text “account holders” to notify them of these changes, everything checks out. And in the meantime, fraudsters are ordering as much merchandise as they can, and may even sell the account data to other fraudsters so they can get in on the action.
So, how do you keep your customer data safe?
The tricky thing is that hacks can take different forms. You might have your customer database locked down tighter than Fort Knox…but then a hacker gains access to your main page and launches a redirection attack, causing visitors and customers to click on legitimate-looking (but malicious) login links—resulting in your customers unwittingly giving their login credentials to cybercriminals. Hackers may also create and approve ads using your Ads Manager to promote malicious content, costing you thousands before you can take action.
If this all feels like a giant game of Whack-a-Mole, you’re not alone. Plus, a successful hack can cost you time, money, and the trust of your customers.
To protect your online business, you’ll need to put some measures in place.
First and foremost, create a clear plan with instructions to follow in the event of a security incident. This will protect all stakeholders – customers, employees, investors, etc.
Ideally, plan for a few different levels of severity, including the worst case scenario. If that worst case never happens, great. But if it does, you’ll be very relieved to not have to come up with a plan on the fly.
Keep in mind that your plan will need to include reporting any hacks to the Federal government if a recently proposed executive order is signed, which requires reporting by all companies, especially those in the public sector. The increase in data breaches and online fraud has been noticed and is being addressed at the highest levels.
A breach on another ecommerce site can affect yours since people use the same e-mail and password for multiple accounts. When you hear about a breach, be on the alert for a spike in orders and consider ramping up your manual screening.
Make sure to protect your social media business page from hacking by following these steps:
With the technological advancements and criminal ingenuity we see today, data breaches will continue to happen and create more opportunity for online fraud.
The good news is you don’t have to fight this battle alone.
Your best bet to protect your ecommerce store is to work with a partner that not only has the experience to detect fraud and identify fraudulent patterns, but who also stays on top of global intelligence about fraudsters and hackers.
ClearSale’s solutions are used by online merchants around the world, giving us a unique view of the industry and a massive database of transactions that can be used to detect fraudulent patterns long before any single merchant could identify them happening to their online store. For assistance in protecting your ecommerce business, reach out to us for more information.