The sharp rise in fraud experienced by merchants that accept card-not-present transactions rests on three pillars: more and more online transactions, the migration to EMV in the U.S. and an increase in the amount of stolen information available to fraudsters. And, according to a report released this week by the non-profit Identity Theft Resource Center (ITRC) and security firm CyberScout, the third pillar shows no signs of crumbling. Through the first half of 2017, the U.S. experienced a record number of data breaches. As of June 30, 791 data breaches occurred in the U.S., 29 percent more than the same time last year. If the record pace continues, the total for 2017 could surpass 1,500 breaches, 37 percent more than the 1,093 that happened last year.
While securing data is a top concern for e-commerce businesses, the fraud that can result from the unprecedented amount of available stolen data is a bigger threat on a daily basis. The ITRC report does not detail the type of information that was stolen in the reported breaches and focuses mainly on the recent trend of holding data for ransom. But for online merchants, breaches of payment card information still accounts for the biggest percentage of hacks, leading to a wide variety of fraud attacks. Breaches of personal information also affect CNP merchants, with fraudsters increasingly turning to account takeover, account creation and synthetic fraud—all types that can leverage personal information to attack e- and m-commerce businesses.