How The Major Breaches In 2018 Showed Us That It’s Time For Consumers To Take Greater Control Of Their Cards

How The Major Breaches In 2018 Showed Us That It’s Time For Consumers To Take Greater Control Of Their Cards

Rachna Ahlawat

co-founder at Ondot Systems

Views 1072

How The Major Breaches In 2018 Showed Us That It’s Time For Consumers To Take Greater Control Of Their Cards

14.11.2018 12:30 pm

A few months ago British Airways became one of the latest big-name brands to suffer a major data breach, as hackers managed to steal card details – something that has this week been reported could have raised up to $12.2m (£9.4m) for Russian hackers on the dark web. Alongside this, Cathay Pacific Airways also recently fell victim to a breach involving 9.4 million passengers, and is now facing a compliance investigation from Hong Kong’s privacy commission.

It’s just another reminder that no organisation is too large or too clever to get caught out by online attackers, as a number of other well-publicised victims of online fraud including Ticketmaster, Dixons Carphone and Equifax also know all too well. While best practice security is always recommended, and increasingly mandated by regulators, there’s no guarantee it will be 100% effective.

So where does that leave consumers? Unfortunately, they are often left to pick up the pieces, forced to cancel cards and endure significant personal distress and frustration. Banks can also find themselves on the receiving end of customer ire as a result — even if they are not to blame for the initial breach. That’s why as an industry we should be looking to put more power back into the hands of consumers over how they use and control their cards.

From breaches to fraud

Details are still continuing to emerge over the BA breach. However, the carrier has claimed that names, email addresses and card details including numbers, expiry dates and CVV numbers were stolen. It is also very specific about the time period where hackers accessed the data: 22:58 BST, 21 August 2018 until 21:45 BST, 5 September 2018. That has led some security experts to speculate that it may have been made possible thanks to a compromise of the airline’s web infrastructure, allowing the hackers to siphon off data as it was entered into the site or mobile app. Similar attacks have been raging around the world, with one prolific threat group running a “digital card-skimming campaign” that has caught out hundreds of major e-commerce sites including Ticketmaster.

Whether it’s via these advanced attacks or more traditional raids on customer card databases like the breach at Dixons Carphone involving nearly six million cards, cyber-criminals are now experts at monetising stolen data. The cybercrime economy is worth an estimated $1.5tr annually, with around $160bn of this coming from trade in stolen data — much of it financial. With those details, criminals can either clone cards for future use or, if they’re of the chip and PIN variety, use the data to conduct CNP fraud.

The impact on consumers, and the banks, can be severe. Soon after, Social media was flooded with angry BA customers complaining about the frustration and inconvenience of having to cancel their cards as a precaution. Most lenders only selectively send replacement cards when there has been a major data breach, forcing customers who want to minimise risk to proactively contact their bank — with all the extra time and effort that entails. If multiple cards are linked to a breached account, as was the case with one BA customer who spoke to the BBC, the negative impact can be many times greater.

Controlling fraud

Breaches will always happen. In fact, they’re likely to ramp up even further in the run up to the festive period. A determined attacker is almost impossible to stop and the economic imperative will continue to draw cyber-criminals into the underground economy in ever greater numbers. Of course, IT security teams should continue to invest in advanced detection and prevention tools, alongside best practice processes for securing systems — especially in light of the GDPR and PCI DSS requirements.

But we should also be looking to put more control into the hands of consumers. Now used by thousands of financial institutions around the world, card control applications offer a simple but effective way to reduce fraud and improve customer satisfaction. Enabling cardholders to control where, when and how each of their cards is used, means they could add extra restrictions to cards suspected of being breached. For example, a user might keep the card switched “off” by default until they want to use it, to minimise the risk of fraud. Other granular restrictions can be added in a couple of clicks, such as: where it can be used; what time of the day; how much can be spent; and what types of transactions are permissible. Detailed transaction alerts complete the picture: offering peace of mind to customers that any unusual activity will be spotted and blocked in real-time.

Card controls are not a silver bullet, but they should be considered an important pillar in an industry-wide response to the escalating challenge of online breaches and fraud.  

Latest blogs

Tom Kellermann Carbon Black

Governance, Risk and Compliance - Enacting Proactive Risk Management

In the highly regulated industries of finance, healthcare and energy, a focus on governance, risk and compliance (GRC) is crucial to effectively combat a cybersecurity breach. Unfortunately, when considering international data sharing, this can Read more »

James Daniels FIME

Key takeaways from MWC Shanghai and Seamless Asia

At the end of last month, two major technology events took place in Asia. The first was Seamless Asia, which focused on the future of finance and commerce. The second, MWC Shanghai, centred around ‘Intelligent Connectivity’ – bringing together Read more »

Henry Balani Encompass Corporation

KYC Solutions Provider Encompass Corporation Comments on FCA Anti-Money Laundering Annual Report 2018/19

From this report, it is clear that the FCA is taking real action across the board when it comes to tackling money laundering. It is important to note the focus on Capital Markets. Given the reputation of London as a major financial centre, this is Read more »

Aditya Arora Teleperformance DIBS

How can financial institutions keep the human touch despite the ever growing wave of automation?

The past decade has welcomed an era of rapidly evolving and innovative technology, launching the race for automation and use of Artificial Intelligence across verticals in order to streamline processes and ease tasks for its employees and customers Read more »

Lina Andolf-Orup Fingerprints

Fingerprint On The Pulse: Biometrics On The Move In More Places Than One

We may be halfway through 2019, but as the year hurtles onwards, it’s important to pause and reflect on the latest and greatest news from Q2. With milestones surpassed – and fading into the distance – coupled with the ongoing adoption of biometrics Read more »

Related Blogs

Matt Hooper IMImobile

Police warn of 63% rise in SIM swap scams - response from industry expert

Now that banking on mobile devices is the norm, SIM swap fraud is becoming a growing concern across the industry. There is serious pressure on banks and mobile operators to address the issue before serious reputational damage is done; with the Read more »

David Gibson Varonis Systems

Yahoo! data breach

The fact that this is the second Yahoo! breach that has been disclosed in the last 3 months just goes to show how deep some of these major data breaches go. Many organisations are breached just as severely as Yahoo!, but may never know as they are Read more »

Magazine
ALL
Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel