6 Things Online Businesses Need to Know About the Equifax Data Breach

19 Oct, 2017 / Comments: Comments Off on 6 Things Online Businesses Need to Know About the Equifax Data Breach / By

In early September, 2017, Equifax announced that it had been breached, and the personal information of over 143 million Americans (along with individuals in Canada and the United Kingdom) had been compromised. The breach began in mid-May and went on for three months. Information including names, addresses, social security numbers, credit card numbers and more were exposed. It’s not just consumers who are at risk. Businesses are at risk as well. Even if your business has not yet been affected by the recent data breach, it can still happen. Online businesses may end up feeling the effects just as much as individuals. Here are 6 things you need to know.


1.  The Dangers of the Equifax Breach

There have been data breaches in the past but what makes the Equifax breach so dangerous is that this particular company collects and hangs on to some rather sensitive information. With access to all of this information, hackers have a greater ability to bypass several levels of verification. They can take over not only credit cards and bank accounts, but access medical records and employee accounts as well. While online businesses may not be the first place that hackers will turn to (especially with the ability to access more lucrative accounts), you are still at serious risk for being taken advantage of by fraudulent individuals.


2.  All Online Businesses are at Risk

You might be tempted to think that just because other online businesses have been affected by the breach and you haven’t yet, that you are safe. Unfortunately, no online business is safe. Personal information that has been compromised can be placed on the dark web, where sites are located on an encrypted server that can’t be found by regular search engines such as Google. Hackers tend not to waste time using valuable personal information where ever they can. This means that they can easily make their way to your website.


3.  Be on the Lookout for Account Takeovers (ATOs)

The flood of new personal information that is now out there is likely to cause an increase in account takeovers, or ATOs. Hackers take the personal information of current (legitimate) customers and use their stored payment methods to make purchases on your website or drain money from their accounts. There are several signs that you can be on the lookout including logging in from different devices or locations, several failed login attempts, using older browsers or operating systems, changing multiple settings (shipping addresses, passwords, etc.), buying more than normal, or using proxies or VPN setups. It is important to bear in mind that one of these actions may not indicate fraudulent activity. Your customer may have gotten a new device and is now logging in for the first time. You will need to look at all of the user’s activities to more accurately detect an account takeover.


4.  Watch for Fraudulent New Accounts

ATOs are not the only way that hackers wreak havoc. They can also take personal information and create new accounts. It is also possible for them to take different pieces of information from several accounts to create a completely new identity. This is known as synthetic identity theft. Be sure to monitor any new account activity. Be on the lookout for a spike in new accounts that don’t coincide with a specific season or sale. Accounts may be set up faster than normal. This is often because hackers follow a “script” to create their new accounts, shortening the time it takes to sign up. You should also pay attention to the IP address. Multiple new accounts from the same IP address is a major red flag that it’s the same person setting up numerous accounts.


5.  Encourage Good Practices

One of the main reasons that people experience ATOs is because they have poor online security habits. A good number of individuals reuse the same passwords for several sites. This makes it extremely easy for hackers to gain access to all of their accounts. Encourage your customers to practice good safety practices. These may include such things as utilizing a password manager or using two-factor authentication on their accounts.


6.  Focus on Maintaining Trust

You want to be cautious in a time like this. In order to maintain the trust of your customers, you have to take action to protect their information. By not taking any action, you run the risk of losing the trust of your customers. You also don’t want to be so cautious that you turn away legitimate customers by forcing them through too many security checks. The fight against fraudulent activity is a delicate balancing act, but one that is essential for protecting you and your customers.


An event like the Equifax data breach can be frightening for everyone, including online business owners. Just because you haven’t felt the effects yet does not mean that you are safe. Being proactive can help you to protect yourself and your users from the effects of account takeovers, fraudulent new accounts and more. This is in everyone’s best interests and can help you to maintain the trust of your customers in this very turbulent time.


William Mahnic
William Mahnic is a Finance Professor at Case Western University and has spent more than 20 years in the finance industry before becoming a professor. Mahnic has appeared as a commentator on both TV and radio talk shows including NPR, Crain's Cleveland Business, WKYC 3 and The Washington Post. He has been interviewed in BusinessWeek, Wall Street Journal and The Los Angeles Times.

Comments are closed.