January 4, 2018
In recent years, account takeover seemingly has supplanted other forms of fraud as a top concern of fraud departments for businesses that utilize online accounts for their customers. A rash of security breaches targeting PII and username/password combos has added to the sense that merchants must prioritize ATO in their fraud prevention efforts. But, the results of an inquiry investigating the breach at a national retailer first reported in November, along with a recent study, remind merchants that good, old-fashioned payment card fraud is alive and well.
This week, Los Angeles-based fashion retailer Forever 21 said its investigation found that encryption technology that was supposed to protect its POS systems was “not always on.” Malware was installed on some POS devices that gathered the payment card data of customers who transacted at certain Forever 21 locations.
At the same time, a recent report from security company Trustwave suggests that breaches like Forever 21’s targeting payment card information are more common than those that facilitate ATO fraud (e.g. last September’s Equifax intrusion). In its 2017 Global Security Report, Trustwave found that 63 percent of breaches last year targeted payment card fraud and that security professionals were overvaluing PII at the expense of payment card information.