March 27, 2018
Last week, e-commerce travel site Orbitz acknowledged a security breach that may have compromised payment card and other personal information of up to 880,000 consumers. The company said it uncovered the intrusion on March 1 and that the attack involves a legacy platform used by direct customers and partners that exposed data between January 1, 2016 and December 22, 2017.
The company said it determined that the personal information accessed may have included full name, payment card information, date of birth, phone number, email address, physical and/or billing address and gender.
Data security breaches of all kinds and sizes continue to feed fraudsters with the information they need to commit profit-sapping fraud that targets e-commerce merchants. Intrusions such as the one that victimized Orbitz yield information that can be used at the account level (e.g., account takeover, account creation and synthetic fraud) and the transactions level (e.g., clean fraud, card testing, and triangulation). Education and collaboration continue to be the merchant’s primary weapon against fraudsters. At the upcoming CNP Expo in May, merchants from all verticals and solution providers with technology to address their needs will gather in Orlando, Fla. to share information that can help in the ongoing struggle to protect the bottom line.