On Monday, Capital One, one of the biggest banks in the U.S., publicly announced its network security had been breached, exposing the personal information of more than 100 million credit applicants in the U.S. and Canada. While the mainstream media concentrates on how massive data breaches affect the consumers who get their identities, login credentials or payment card information stolen, for the e-commerce community, another breach means more account takeovers. Some of the information exposed in the Capital One attack included names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income.
In its 2018 Fraud Attack Index from earlier this year, antifraud technology provider Forter found that account takeover attacks have increased 31 percent year-over-year. The information stolen in large-scale data breaches is the fuel fraudsters need to commit ATO fraud. Access to a real person’s online account has more value than a stolen credit card.
According to Michael Reitblat, CRO of Forter, “many people reuse account information across websites, so a single stolen password can give fraudsters legitimate-looking access to an individual’s entire online identity.”