This week, Cyber Monday, is upon us, and consumer fraud risks are not going away. Rather, they are rapidly increasing at alarming rates.
According to the Bureau of Justice Statistics, cyber theft claims rose from 500 in 2010 to 5,674 in 2017. We have lost track of how many millions of dollars have gone missing in this way during that time; in turn, thousands of jobs have been lost.
Experts predict we will lose between $2.5 trillion and $3.9 trillion in lost economic output in 2018.
Our stolen data is arguably worse than physical theft. On Cyber Monday alone, millions of people are expected to swipe merchandise from retailers online and in store.
Retailers will not be able to control their data or the activities of people they have purchased it from, meaning that if a consumer passes the code or enters a credit card number on another website, it is not protected by the retailer’s brand protection measures.
Many stores, from big-box stores to small shops, are suspicious of their customers’ behavior. They try to match the unique match of a credit card number to their list of active transactions, then will often conduct background checks to verify that customers are the same person. That can lead them to open up accounts or PIN codes in people’s names, which they never knew existed.
Retailers are also often not prepared for automated thieves. Last month, a group of Russian hackers entered Amazon and went on a multi-day shopping spree, taking advantage of a flaw in Amazon’s checkout process, by creating several accounts and spending millions of dollars in less than 24 hours.
The information they stole is a total loss to them.
Thieves also know where and how to steal the data used to make the transactions. When it comes to payment cards and when to activate a chip in a card to make it less likely to be stolen, there is no definitive rule for good practice.
So why are they stealing in the first place? Consider the person who does not have the technological sophistication or access to use the transactions with a credit card or chip. That person would not be able to store payment information, which makes their identity theft simple to make.
People with the simple physicality of their names and photos – who could not even open a bank account – are worse targets because they can be exposed to online malware. Criminals are also benefiting from avoiding a paper trail by using just their mobile phones or a cloned credit card.
Protecting credit cards from theft is up to the buyer. As President Obama said in his 2013 State of the Union address, “the first step in deterring future theft is to recognize that the one thing you don’t want to do is store too much information on too few devices.” Retailers have sophisticated systems to stop identity theft, and they are all failing to defend their customers’ rights to a safe digital experience.
People need to be more knowledgeable about how their personal information is being used and what other people can access their information.
David Harrington, CEO of Activators, is responsible for protecting credit card data at several major American companies, including Fitbit, Jet.com, Saks Fifth Avenue, Intuit and Quicken. He was previously Chief Information Security Officer at Dell and Product Security Officer at EMC.